From: fbrehm Date: Mon, 12 Mar 2012 16:30:06 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=1e5ffeb760cc3ce51f1e3a00d55a1bfb7b1ceafd;p=config%2Fsamara%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index d94a0e5..4dc20f4 100755 --- a/.etckeeper +++ b/.etckeeper @@ -219,6 +219,7 @@ maybe chmod 0644 './chromium/default' maybe chmod 0644 './colordiffrc' maybe chmod 0644 './colordiffrc-lightbg' maybe chmod 0755 './conf.d' +maybe chmod 0644 './conf.d/._cfg0000_libvirtd' maybe chmod 0644 './conf.d/acpid' maybe chmod 0644 './conf.d/alsasound' maybe chmod 0644 './conf.d/apache2' @@ -928,6 +929,7 @@ maybe chmod 0644 './imlib/im_palette-tiny.pal' maybe chmod 0644 './imlib/im_palette.pal' maybe chmod 0644 './imlib/imrc' maybe chmod 0755 './init.d' +maybe chmod 0755 './init.d/._cfg0000_libvirtd' maybe chmod 0755 './init.d/NetworkManager' maybe chmod 0755 './init.d/acpid' maybe chmod 0755 './init.d/aiccu' @@ -1086,10 +1088,12 @@ maybe chmod 0755 './lftp' maybe chmod 0644 './lftp/lftp.conf' maybe chmod 0640 './libaudit.conf' maybe chmod 0755 './libvirt' +maybe chmod 0644 './libvirt/._cfg0000_lxc.conf' maybe chmod 0644 './libvirt/libvirt.conf' maybe chmod 0644 './libvirt/libvirtd.conf' maybe chmod 0644 './libvirt/lxc.conf' maybe chmod 0755 './libvirt/nwfilter' +maybe chmod 0644 './libvirt/nwfilter/._cfg0000_no-ip-spoofing.xml' maybe chmod 0644 './libvirt/nwfilter/allow-arp.xml' maybe chmod 0644 './libvirt/nwfilter/allow-dhcp-server.xml' maybe chmod 0644 './libvirt/nwfilter/allow-dhcp.xml' @@ -1622,6 +1626,7 @@ maybe chmod 0440 './sudoers.d/ppd' maybe chmod 0644 './sysctl.conf' maybe chmod 0755 './sysctl.d' maybe chmod 0644 './sysctl.d/libvirtd' +maybe chmod 0644 './sysctl.d/libvirtd.conf' maybe chmod 0755 './syslog-ng' maybe chmod 0644 './syslog-ng/modules.conf' maybe chmod 0755 './syslog-ng/patterndb.d' diff --git a/conf.d/._cfg0000_libvirtd b/conf.d/._cfg0000_libvirtd new file mode 100644 index 0000000..d2634bd --- /dev/null +++ b/conf.d/._cfg0000_libvirtd @@ -0,0 +1,37 @@ +# /etc/conf.d/libvirtd + +# LIBVIRTD_OPTS +# You may want to add '--listen' to have libvirtd listen for tcp/ip connections +# if you want to use libvirt for remote control +# Please consult 'libvirtd --help' for more options +#LIBVIRTD_OPTS="--listen" + +# LIBVIRTD_KVM_SHUTDOWN +# Valid options: +# * shutdown - Sends an ACPI shutdown (think when you tap the power button +# on your machine and it begins a graceful shutdown). If your +# VM ignores this, it will have the power yanked out from under +# it in LIBVIRTD_KVM_SHUTDOWN_MAXWAIT seconds. +# * managedsave - Performs a state save external to the VM. qemu-kvm will stop +# stop the CPU and save off all state to a separate file. When +# the machine is started again, it will resume like nothing ever +# happened. This is guarenteed to always successfully stop your +# machine and restart it. However it may take some time to finish. +# * none - No attempts will be made to stop any VMs. If you are restarting your +# machine the qemu-kvm process will be simply killed, which may result +# in your VMs having disk corruption. +LIBVIRTD_KVM_SHUTDOWN="managedsave" + +# LIBVIRTD_KVM_SHUTDOWN_MAXWAIT +# Timeout in seconds until stopping libvirtd and "pulling the plug" on the +# remaining VM's still in a running state +#LIBVIRTD_KVM_SHUTDOWN_MAXWAIT="500" + +# LIBVIRTD_KVM_NET_SHUTDOWN +# If libvirtd created networks for you (e.g. NATed networks) then this init +# script will shut them down for you if this is set to 'yes'. Otherwise, +# the networks will be left running once libvirt is shutdown. For this +# option to be useful you must have enabled the 'virt-network' USE flag and +# have had libvirt create a NATed network for you. +# Valid values: 'yes' or 'no' +#LIBVIRTD_KVM_NET_SHUTDOWN="yes" diff --git a/init.d/._cfg0000_libvirtd b/init.d/._cfg0000_libvirtd new file mode 100755 index 0000000..402617f --- /dev/null +++ b/init.d/._cfg0000_libvirtd @@ -0,0 +1,129 @@ +#!/sbin/runscript + +description="Virtual Machine Management daemon (libvirt)" +extra_started_commands="reload" +extra_stopped_commands="halt" +description_halt="Stops the libvirt daemon without stopping your VMs" +description_reload="Restarts the libvirt daemon without stopping your VMs" + +depend() { + need net + after ntp-client ntpd nfs iscsid nfsmount portmap rpc.statd iptables ip6tables ebtables ceph corosync sanlock cgconfig +} + +libvirtd_virsh() { + local mode=$1 + shift + + # Silence errors because virsh always throws an error about + # not finding the hypervisor version when connecting to libvirtd + LC_ALL=C virsh -c ${mode}:///system "$@" 2>/dev/null +} + +libvirtd_dom_list() { + # Make sure that it wouldn't be confused if the domain name + # contains the word running. + libvirtd_virsh $1 list | awk '$3 == "running" { print $1 }' +} + +libvirtd_dom_count() { + # Make sure that it wouldn't be confused if the domain name + # contains the word running. + libvirtd_virsh $1 list | awk 'BEGIN { count = 0 } \ + $3 == "running" { count++ } \ + END { print count }' +} + +libvirtd_net_list() { + # The purpose of the awk is to avoid networks with 'active' in the name + libvirtd_virsh $1 net-list | awk '$2 == "active" { print $1 }' +} + +libvirtd_net_count() { + # The purpose of the awk is to avoid networks with 'active' in the name + libvirtd_virsh $1 net-list | awk 'BEGIN { count = 0 } \ + $2 == "active" { count++ } \ + END { print count }' +} + + +start() { + ebegin "Starting libvirtd" + start-stop-daemon --start \ + --env KRB5_KTNAME=/etc/libvirt/krb5.tab \ + --exec /usr/sbin/libvirtd -- -d ${LIBVIRTD_OPTS} + eend $? +} + +stop() { + local counter= + local vm_name= + local net_name= + local dom_id= + + ebegin "Stopping libvirtd" + # try to shutdown all (KVM/Qemu) domains + if [ "${LIBVIRTD_KVM_SHUTDOWN}" != "none" ] \ + && [ "$(libvirtd_dom_count qemu)" != "0" ] ; then + + einfo " Shutting down domain(s):" + for dom_id in $(libvirtd_dom_list qemu) ; do + vm_name="$(libvirtd_virsh qemu domname ${dom_id} | head -n 1)" + einfo " ${vm_name}" + libvirtd_virsh qemu ${LIBVIRTD_KVM_SHUTDOWN} ${dom_id} > /dev/null + done + + if [ -n "${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" ] ; then + counter="${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" + else + counter=500 + fi + + if [ "${LIBVIRTD_KVM_SHUTDOWN}" = "shutdown" ]; then + einfo " Waiting ${counter} seconds while domains shutdown ..." + DOM_COUNT="$(libvirtd_dom_count qemu)" + while [ ${DOM_COUNT} -gt 0 ] && [ ${counter} -gt 0 ] ; do + DOM_COUNT="$(libvirtd_dom_count qemu)" + sleep 1 + counter=$((${counter} - 1)) + echo -n "." + done + fi + + if [ "$(libvirtd_dom_count qemu)" != "0" ] ; then + eerror " !!! Some guests are still running, stopping anyway" + fi + + fi + + if [ "${LIBVIRTD_KVM_NET_SHUTDOWN}" != "no" ] \ + && [ "$(libvirtd_net_count qemu)" != "0" ]; then + + einfo " Shutting down network(s):" + for net_name in $(libvirtd_net_list qemu); do + einfo " ${net_name}" + libvirtd_virsh qemu net-destroy ${net_name} > /dev/null + done + + if [ "$(libvirtd_net_count qemu)" != "0" ]; then + eerror " !!! Some networks are still active, stopping anyway" + fi + fi + + # Now actually stop the daemon + start-stop-daemon --stop --quiet --exec \ + /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid + eend $? +} + +halt() { + ebegin "Stopping libvirtd without shutting down your VMs" + start-stop-daemon --stop --quiet --exec \ + /usr/sbin/libvirtd --pidfile=/var/run/libvirtd.pid + eend $? +} + +reload() { + halt + start +} diff --git a/libvirt/._cfg0000_lxc.conf b/libvirt/._cfg0000_lxc.conf new file mode 100644 index 0000000..09dc95f --- /dev/null +++ b/libvirt/._cfg0000_lxc.conf @@ -0,0 +1,31 @@ +# Master configuration file for the LXC driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# By default, log messages generated by the lxc controller go to the +# container logfile. It is also possible to accumulate log messages +# from all lxc controllers along with libvirtd's log outputs. In this +# case, the lxc controller will honor either LIBVIRT_LOG_OUTPUTS or +# log_outputs from libvirtd.conf. +# +# This is disabled by default, uncomment below to enable it. +# +# log_with_libvirtd = 1 + + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead. +# +# security_driver = "selinux" + +# If set to non-zero, then the default security labeling +# will make guests confined. If set to zero, then guests +# will be unconfined by default. Defaults to 0. +# security_default_confined = 1 + +# If set to non-zero, then attempts to create unconfined +# guests will be blocked. Defaults to 0. +# security_require_confined = 1 diff --git a/libvirt/nwfilter/._cfg0000_no-ip-spoofing.xml b/libvirt/nwfilter/._cfg0000_no-ip-spoofing.xml new file mode 100644 index 0000000..f8c9573 --- /dev/null +++ b/libvirt/nwfilter/._cfg0000_no-ip-spoofing.xml @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/sysctl.d/libvirtd.conf b/sysctl.d/libvirtd.conf new file mode 100644 index 0000000..275482c --- /dev/null +++ b/sysctl.d/libvirtd.conf @@ -0,0 +1,8 @@ +# The kernel allocates aio memory on demand, and this number limits the +# number of parallel aio requests; the only drawback of a larger limit is +# that a malicious guest could issue parallel requests to cause the kernel +# to set aside memory. Set this number at least as large as +# 128 * (number of virtual disks on the host) +# Libvirt uses a default of 1M requests to allow 8k disks, with at most +# 64M of kernel memory if all disks hit an aio request at the same time. +fs.aio-max-nr = 1048576