From 53b98c2797292b46521372d0eb25295a3e240743 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 28 Dec 2017 17:21:22 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- libvirt/libvirt-guests.conf | 6 ++++-- libvirt/libvirtd.conf | 14 ++----------- libvirt/qemu.conf | 42 +++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 14 deletions(-) diff --git a/libvirt/libvirt-guests.conf b/libvirt/libvirt-guests.conf index accd4f53..2da172b0 100644 --- a/libvirt/libvirt-guests.conf +++ b/libvirt/libvirt-guests.conf @@ -31,8 +31,10 @@ # value suitable for your guests. #ON_SHUTDOWN=suspend -# If set to non-zero, shutdown will suspend guests concurrently. Number of -# guests on shutdown at any time will not exceed number set in this variable. +# Number of guests will be shutdown concurrently, taking effect when +# "ON_SHUTDOWN" is set to "shutdown". If Set to 0, guests will be shutdown one +# after another. Number of guests on shutdown at any time will not exceed number +# set in this variable. #PARALLEL_SHUTDOWN=0 # Number of seconds we're willing to wait for a guest to shut down. If parallel diff --git a/libvirt/libvirtd.conf b/libvirt/libvirtd.conf index e83e9a1c..8a1b3a92 100644 --- a/libvirt/libvirtd.conf +++ b/libvirt/libvirtd.conf @@ -301,20 +301,10 @@ # (notably domainDestroy) can be executed in this pool. #prio_workers = 5 -# Total global limit on concurrent RPC calls. Should be -# at least as large as max_workers. Beyond this, RPC requests -# will be read into memory and queued. This directly impacts -# memory usage, currently each request requires 256 KB of -# memory. So by default up to 5 MB of memory is used -# -# XXX this isn't actually enforced yet, only the per-client -# limit is used so far -#max_requests = 20 - # Limit on concurrent requests from a single client # connection. To avoid one client monopolizing the server -# this should be a small fraction of the global max_requests -# and max_workers parameter +# this should be a small fraction of the global max_workers +# parameter. #max_client_requests = 5 # Same processing controls, but this time for the admin interface. diff --git a/libvirt/qemu.conf b/libvirt/qemu.conf index 1d81472d..2e8370a5 100644 --- a/libvirt/qemu.conf +++ b/libvirt/qemu.conf @@ -13,6 +13,14 @@ # # dh-params.pem - the DH params configuration file # +# If the directory does not exist or contain the necessary files, QEMU +# domains will fail to start if they are configured to use TLS. +# +# In order to overwrite the default path alter the following. This path +# definition will be used as the default path for other *_tls_x509_cert_dir +# configuration settings if their default path does not exist or is not +# specifically set. +# #default_tls_x509_cert_dir = "/etc/pki/qemu" @@ -250,6 +258,40 @@ #chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" +# Enable use of TLS encryption for all VxHS network block devices that +# don't specifically disable. +# +# When the VxHS network block device server is set up appropriately, +# x509 certificates are required for authentication between the clients +# (qemu processes) and the remote VxHS server. +# +# It is necessary to setup CA and issue the client certificate before +# enabling this. +# +#vxhs_tls = 1 + + +# In order to override the default TLS certificate location for VxHS +# backed storage, supply a valid path to the certificate directory. +# This is used to authenticate the VxHS block device clients to the VxHS +# server. +# +# If the provided path does not exist then the default_tls_x509_cert_dir +# path will be used. +# +# VxHS block device clients expect the client certificate and key to be +# present in the certificate directory along with the CA master certificate. +# If using the default environment, default_tls_x509_verify must be configured. +# Since this is only a client the server-key.pem certificate is not needed. +# Thus a VxHS directory must contain the following: +# +# ca-cert.pem - the CA master certificate +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +#vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs" + + # In order to override the default TLS certificate location for migration # certificates, supply a valid path to the certificate directory. If the # provided path does not exist then the default_tls_x509_cert_dir path -- 2.39.5