| 192 |
- |
1 |
# Master libvirt daemon configuration file
|
|
|
2 |
#
|
|
|
3 |
|
|
|
4 |
#################################################################
|
|
|
5 |
#
|
|
|
6 |
# Network connectivity controls
|
|
|
7 |
#
|
|
|
8 |
|
|
|
9 |
# Flag listening for secure TLS connections on the public TCP/IP port.
|
|
|
10 |
# NB, must pass the --listen flag to the libvirtd process for this to
|
|
|
11 |
# have any effect.
|
|
|
12 |
#
|
|
|
13 |
# This setting is not required or honoured if using systemd socket
|
|
|
14 |
# activation.
|
|
|
15 |
#
|
|
|
16 |
# It is necessary to setup a CA and issue server certificates before
|
|
|
17 |
# using this capability.
|
|
|
18 |
#
|
|
|
19 |
# This is enabled by default, uncomment this to disable it
|
|
|
20 |
#listen_tls = 0
|
|
|
21 |
|
|
|
22 |
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
|
|
23 |
# NB, must pass the --listen flag to the libvirtd process for this to
|
|
|
24 |
# have any effect.
|
|
|
25 |
#
|
|
|
26 |
# This setting is not required or honoured if using systemd socket
|
|
|
27 |
# activation.
|
|
|
28 |
#
|
|
|
29 |
# Using the TCP socket requires SASL authentication by default. Only
|
|
|
30 |
# SASL mechanisms which support data encryption are allowed. This is
|
|
|
31 |
# DIGEST_MD5 and GSSAPI (Kerberos5)
|
|
|
32 |
#
|
|
|
33 |
# This is disabled by default, uncomment this to enable it.
|
|
|
34 |
#listen_tcp = 1
|
|
|
35 |
|
|
|
36 |
|
|
|
37 |
|
|
|
38 |
# Override the port for accepting secure TLS connections
|
|
|
39 |
# This can be a port number, or service name
|
|
|
40 |
#
|
|
|
41 |
# This setting is not required or honoured if using systemd socket
|
|
|
42 |
# activation with systemd version >= 227
|
|
|
43 |
#
|
|
|
44 |
#tls_port = "16514"
|
|
|
45 |
|
|
|
46 |
# Override the port for accepting insecure TCP connections
|
|
|
47 |
# This can be a port number, or service name
|
|
|
48 |
#
|
|
|
49 |
# This setting is not required or honoured if using systemd socket
|
|
|
50 |
# activation with systemd version >= 227
|
|
|
51 |
#
|
|
|
52 |
#tcp_port = "16509"
|
|
|
53 |
|
|
|
54 |
|
|
|
55 |
# Override the default configuration which binds to all network
|
|
|
56 |
# interfaces. This can be a numeric IPv4/6 address, or hostname
|
|
|
57 |
#
|
|
|
58 |
# This setting is not required or honoured if using systemd socket
|
|
|
59 |
# activation.
|
|
|
60 |
#
|
|
|
61 |
# If the libvirtd service is started in parallel with network
|
|
|
62 |
# startup (e.g. with systemd), binding to addresses other than
|
|
|
63 |
# the wildcards (0.0.0.0/::) might not be available yet.
|
|
|
64 |
#
|
|
|
65 |
#listen_addr = "192.168.0.1"
|
|
|
66 |
|
|
|
67 |
|
|
|
68 |
#################################################################
|
|
|
69 |
#
|
|
|
70 |
# UNIX socket access controls
|
|
|
71 |
#
|
|
|
72 |
|
|
|
73 |
# Set the UNIX domain socket group ownership. This can be used to
|
|
|
74 |
# allow a 'trusted' set of users access to management capabilities
|
|
|
75 |
# without becoming root.
|
|
|
76 |
#
|
|
|
77 |
# This setting is not required or honoured if using systemd socket
|
|
|
78 |
# activation.
|
|
|
79 |
#
|
|
|
80 |
# This is restricted to 'root' by default.
|
|
|
81 |
#unix_sock_group = "libvirt"
|
|
|
82 |
|
|
|
83 |
# Set the UNIX socket permissions for the R/O socket. This is used
|
|
|
84 |
# for monitoring VM status only
|
|
|
85 |
#
|
|
|
86 |
# This setting is not required or honoured if using systemd socket
|
|
|
87 |
# activation.
|
|
|
88 |
#
|
|
|
89 |
# Default allows any user. If setting group ownership, you may want to
|
|
|
90 |
# restrict this too.
|
|
|
91 |
#unix_sock_ro_perms = "0777"
|
|
|
92 |
|
|
|
93 |
# Set the UNIX socket permissions for the R/W socket. This is used
|
|
|
94 |
# for full management of VMs
|
|
|
95 |
#
|
|
|
96 |
# This setting is not required or honoured if using systemd socket
|
|
|
97 |
# activation.
|
|
|
98 |
#
|
|
|
99 |
# Default allows only root. If PolicyKit is enabled on the socket,
|
|
|
100 |
# the default will change to allow everyone (eg, 0777)
|
|
|
101 |
#
|
|
|
102 |
# If not using PolicyKit and setting group ownership for access
|
|
|
103 |
# control, then you may want to relax this too.
|
|
|
104 |
#unix_sock_rw_perms = "0770"
|
|
|
105 |
|
|
|
106 |
# Set the UNIX socket permissions for the admin interface socket.
|
|
|
107 |
#
|
|
|
108 |
# This setting is not required or honoured if using systemd socket
|
|
|
109 |
# activation.
|
|
|
110 |
#
|
|
|
111 |
# Default allows only owner (root), do not change it unless you are
|
|
|
112 |
# sure to whom you are exposing the access to.
|
|
|
113 |
#unix_sock_admin_perms = "0700"
|
|
|
114 |
|
|
|
115 |
# Set the name of the directory in which sockets will be found/created.
|
|
|
116 |
#
|
|
|
117 |
# This setting is not required or honoured if using systemd socket
|
|
|
118 |
# activation with systemd version >= 227
|
|
|
119 |
#
|
|
|
120 |
#unix_sock_dir = "/run/libvirt"
|
|
|
121 |
|
|
|
122 |
|
|
|
123 |
|
|
|
124 |
#################################################################
|
|
|
125 |
#
|
|
|
126 |
# Authentication.
|
|
|
127 |
#
|
|
|
128 |
# - none: do not perform auth checks. If you can connect to the
|
|
|
129 |
# socket you are allowed. This is suitable if there are
|
|
|
130 |
# restrictions on connecting to the socket (eg, UNIX
|
|
|
131 |
# socket permissions), or if there is a lower layer in
|
|
|
132 |
# the network providing auth (eg, TLS/x509 certificates)
|
|
|
133 |
#
|
|
|
134 |
# - sasl: use SASL infrastructure. The actual auth scheme is then
|
|
|
135 |
# controlled from /etc/sasl2/libvirt.conf. For the TCP
|
|
|
136 |
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
|
|
|
137 |
# For non-TCP or TLS sockets, any scheme is allowed.
|
|
|
138 |
#
|
|
|
139 |
# - polkit: use PolicyKit to authenticate. This is only suitable
|
|
|
140 |
# for use on the UNIX sockets. The default policy will
|
|
|
141 |
# require a user to supply their own password to gain
|
|
|
142 |
# full read/write access (aka sudo like), while anyone
|
|
|
143 |
# is allowed read/only access.
|
|
|
144 |
#
|
|
|
145 |
# Set an authentication scheme for UNIX read-only sockets
|
|
|
146 |
# By default socket permissions allow anyone to connect
|
|
|
147 |
#
|
|
|
148 |
# To restrict monitoring of domains you may wish to enable
|
|
|
149 |
# an authentication mechanism here
|
|
|
150 |
#auth_unix_ro = "none"
|
|
|
151 |
|
|
|
152 |
# Set an authentication scheme for UNIX read-write sockets
|
|
|
153 |
# By default socket permissions only allow root. If PolicyKit
|
|
|
154 |
# support was compiled into libvirt, the default will be to
|
|
|
155 |
# use 'polkit' auth.
|
|
|
156 |
#
|
|
|
157 |
# If the unix_sock_rw_perms are changed you may wish to enable
|
|
|
158 |
# an authentication mechanism here
|
|
|
159 |
#auth_unix_rw = "none"
|
|
|
160 |
|
|
|
161 |
# Change the authentication scheme for TCP sockets.
|
|
|
162 |
#
|
|
|
163 |
# If you don't enable SASL, then all TCP traffic is cleartext.
|
|
|
164 |
# Don't do this outside of a dev/test scenario. For real world
|
|
|
165 |
# use, always enable SASL and use the GSSAPI or DIGEST-MD5
|
|
|
166 |
# mechanism in /etc/sasl2/libvirt.conf
|
|
|
167 |
#auth_tcp = "sasl"
|
|
|
168 |
|
|
|
169 |
# Change the authentication scheme for TLS sockets.
|
|
|
170 |
#
|
|
|
171 |
# TLS sockets already have encryption provided by the TLS
|
|
|
172 |
# layer, and limited authentication is done by certificates
|
|
|
173 |
#
|
|
|
174 |
# It is possible to make use of any SASL authentication
|
|
|
175 |
# mechanism as well, by using 'sasl' for this option
|
|
|
176 |
#auth_tls = "none"
|
|
|
177 |
|
|
|
178 |
|
|
|
179 |
# Change the API access control scheme
|
|
|
180 |
#
|
|
|
181 |
# By default an authenticated user is allowed access
|
|
|
182 |
# to all APIs. Access drivers can place restrictions
|
|
|
183 |
# on this. By default the 'nop' driver is enabled,
|
|
|
184 |
# meaning no access control checks are done once a
|
|
|
185 |
# client has authenticated with libvirtd
|
|
|
186 |
#
|
|
|
187 |
#access_drivers = [ "polkit" ]
|
|
|
188 |
|
|
|
189 |
#################################################################
|
|
|
190 |
#
|
|
|
191 |
# TLS x509 certificate configuration
|
|
|
192 |
#
|
|
|
193 |
|
|
|
194 |
# Use of TLS requires that x509 certificates be issued. The default locations
|
|
|
195 |
# for the certificate files is as follows:
|
|
|
196 |
#
|
|
|
197 |
# /etc/pki/CA/cacert.pem - The CA master certificate
|
|
|
198 |
# /etc/pki/libvirt/servercert.pem - The server certificate signed by cacert.pem
|
|
|
199 |
# /etc/pki/libvirt/private/serverkey.pem - The server private key
|
|
|
200 |
#
|
|
|
201 |
# It is possible to override the default locations by altering the 'key_file',
|
|
|
202 |
# 'cert_file', and 'ca_file' values and uncommenting them below.
|
|
|
203 |
#
|
|
|
204 |
# NB, overriding the default of one location requires uncommenting and
|
|
|
205 |
# possibly additionally overriding the other settings.
|
|
|
206 |
#
|
|
|
207 |
|
|
|
208 |
# Override the default server key file path
|
|
|
209 |
#
|
|
|
210 |
#key_file = "/etc/pki/libvirt/private/serverkey.pem"
|
|
|
211 |
|
|
|
212 |
# Override the default server certificate file path
|
|
|
213 |
#
|
|
|
214 |
#cert_file = "/etc/pki/libvirt/servercert.pem"
|
|
|
215 |
|
|
|
216 |
# Override the default CA certificate path
|
|
|
217 |
#
|
|
|
218 |
#ca_file = "/etc/pki/CA/cacert.pem"
|
|
|
219 |
|
|
|
220 |
# Specify a certificate revocation list.
|
|
|
221 |
#
|
|
|
222 |
# Defaults to not using a CRL, uncomment to enable it
|
|
|
223 |
#crl_file = "/etc/pki/CA/crl.pem"
|
|
|
224 |
|
|
|
225 |
|
|
|
226 |
|
|
|
227 |
#################################################################
|
|
|
228 |
#
|
|
|
229 |
# Authorization controls
|
|
|
230 |
#
|
|
|
231 |
|
|
|
232 |
|
|
|
233 |
# Flag to disable verification of our own server certificates
|
|
|
234 |
#
|
|
|
235 |
# When libvirtd starts it performs some sanity checks against
|
|
|
236 |
# its own certificates.
|
|
|
237 |
#
|
|
|
238 |
# Default is to always run sanity checks. Uncommenting this
|
|
|
239 |
# will disable sanity checks which is not a good idea
|
|
|
240 |
#tls_no_sanity_certificate = 1
|
|
|
241 |
|
|
|
242 |
# Flag to disable verification of client certificates
|
|
|
243 |
#
|
|
|
244 |
# Client certificate verification is the primary authentication mechanism.
|
|
|
245 |
# Any client which does not present a certificate signed by the CA
|
|
|
246 |
# will be rejected.
|
|
|
247 |
#
|
|
|
248 |
# Default is to always verify. Uncommenting this will disable
|
|
|
249 |
# verification - make sure an IP whitelist is set
|
|
|
250 |
#tls_no_verify_certificate = 1
|
|
|
251 |
|
|
|
252 |
|
|
|
253 |
# A whitelist of allowed x509 Distinguished Names
|
|
|
254 |
# This list may contain wildcards such as
|
|
|
255 |
#
|
|
|
256 |
# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
|
|
|
257 |
#
|
|
|
258 |
# See the g_pattern_match function for the format of the wildcards:
|
|
|
259 |
#
|
|
|
260 |
# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
|
|
|
261 |
#
|
|
|
262 |
# NB If this is an empty list, no client can connect, so comment out
|
|
|
263 |
# entirely rather than using empty list to disable these checks
|
|
|
264 |
#
|
|
|
265 |
# By default, no DN's are checked
|
|
|
266 |
#tls_allowed_dn_list = ["DN1", "DN2"]
|
|
|
267 |
|
|
|
268 |
|
|
|
269 |
# Override the compile time default TLS priority string. The
|
|
|
270 |
# default is usually "NORMAL" unless overridden at build time.
|
|
|
271 |
# Only set this is it is desired for libvirt to deviate from
|
|
|
272 |
# the global default settings.
|
|
|
273 |
#
|
|
|
274 |
#tls_priority="NORMAL"
|
|
|
275 |
|
|
|
276 |
|
|
|
277 |
# A whitelist of allowed SASL usernames. The format for username
|
|
|
278 |
# depends on the SASL authentication mechanism. Kerberos usernames
|
|
|
279 |
# look like username@REALM
|
|
|
280 |
#
|
|
|
281 |
# This list may contain wildcards such as
|
|
|
282 |
#
|
|
|
283 |
# "*@EXAMPLE.COM"
|
|
|
284 |
#
|
|
|
285 |
# See the g_pattern_match function for the format of the wildcards.
|
|
|
286 |
#
|
|
|
287 |
# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
|
|
|
288 |
#
|
|
|
289 |
# NB If this is an empty list, no client can connect, so comment out
|
|
|
290 |
# entirely rather than using empty list to disable these checks
|
|
|
291 |
#
|
|
|
292 |
# By default, no Username's are checked
|
|
|
293 |
#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
|
|
|
294 |
|
|
|
295 |
|
|
|
296 |
#################################################################
|
|
|
297 |
#
|
|
|
298 |
# Processing controls
|
|
|
299 |
#
|
|
|
300 |
|
|
|
301 |
# The maximum number of concurrent client connections to allow
|
|
|
302 |
# over all sockets combined.
|
|
|
303 |
#max_clients = 5000
|
|
|
304 |
|
|
|
305 |
# The maximum length of queue of connections waiting to be
|
|
|
306 |
# accepted by the daemon. Note, that some protocols supporting
|
|
|
307 |
# retransmission may obey this so that a later reattempt at
|
|
|
308 |
# connection succeeds.
|
|
|
309 |
#max_queued_clients = 1000
|
|
|
310 |
|
|
|
311 |
# The maximum length of queue of accepted but not yet
|
|
|
312 |
# authenticated clients. The default value is 20. Set this to
|
|
|
313 |
# zero to turn this feature off.
|
|
|
314 |
#max_anonymous_clients = 20
|
|
|
315 |
|
|
|
316 |
# The minimum limit sets the number of workers to start up
|
|
|
317 |
# initially. If the number of active clients exceeds this,
|
|
|
318 |
# then more threads are spawned, up to max_workers limit.
|
|
|
319 |
# Typically you'd want max_workers to equal maximum number
|
|
|
320 |
# of clients allowed
|
|
|
321 |
#min_workers = 5
|
|
|
322 |
#max_workers = 20
|
|
|
323 |
|
|
|
324 |
|
|
|
325 |
# The number of priority workers. If all workers from above
|
|
|
326 |
# pool are stuck, some calls marked as high priority
|
|
|
327 |
# (notably domainDestroy) can be executed in this pool.
|
|
|
328 |
#prio_workers = 5
|
|
|
329 |
|
|
|
330 |
# Limit on concurrent requests from a single client
|
|
|
331 |
# connection. To avoid one client monopolizing the server
|
|
|
332 |
# this should be a small fraction of the global max_workers
|
|
|
333 |
# parameter.
|
|
|
334 |
#max_client_requests = 5
|
|
|
335 |
|
|
|
336 |
# Same processing controls, but this time for the admin interface.
|
|
|
337 |
# For description of each option, be so kind to scroll few lines
|
|
|
338 |
# upwards.
|
|
|
339 |
|
|
|
340 |
#admin_min_workers = 1
|
|
|
341 |
#admin_max_workers = 5
|
|
|
342 |
#admin_max_clients = 5
|
|
|
343 |
#admin_max_queued_clients = 5
|
|
|
344 |
#admin_max_client_requests = 5
|
|
|
345 |
|
|
|
346 |
#################################################################
|
|
|
347 |
#
|
|
|
348 |
# Logging controls
|
|
|
349 |
#
|
|
|
350 |
|
|
|
351 |
# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
|
|
|
352 |
# basically 1 will log everything possible
|
|
|
353 |
#
|
|
|
354 |
# WARNING: USE OF THIS IS STRONGLY DISCOURAGED.
|
|
|
355 |
#
|
|
|
356 |
# WARNING: It outputs too much information to practically read.
|
|
|
357 |
# WARNING: The "log_filters" setting is recommended instead.
|
|
|
358 |
#
|
|
|
359 |
# WARNING: Journald applies rate limiting of messages and so libvirt
|
|
|
360 |
# WARNING: will limit "log_level" to only allow values 3 or 4 if
|
|
|
361 |
# WARNING: journald is the current output.
|
|
|
362 |
#
|
|
|
363 |
# WARNING: USE OF THIS IS STRONGLY DISCOURAGED.
|
|
|
364 |
#log_level = 3
|
|
|
365 |
|
|
|
366 |
# Logging filters:
|
|
|
367 |
# A filter allows to select a different logging level for a given category
|
|
|
368 |
# of logs. The format for a filter is:
|
|
|
369 |
#
|
|
|
370 |
# level:match
|
|
|
371 |
#
|
|
|
372 |
# where 'match' is a string which is matched against the category
|
|
|
373 |
# given in the VIR_LOG_INIT() at the top of each libvirt source
|
|
|
374 |
# file, e.g., "remote", "qemu", or "util.json". The 'match' in the
|
|
|
375 |
# filter matches using shell wildcard syntax (see 'man glob(7)').
|
|
|
376 |
# The 'match' is always treated as a substring match. IOW a match
|
|
|
377 |
# string 'foo' is equivalent to '*foo*'.
|
|
|
378 |
#
|
|
|
379 |
# 'level' is the minimal level where matching messages should
|
|
|
380 |
# be logged:
|
|
|
381 |
#
|
|
|
382 |
# 1: DEBUG
|
|
|
383 |
# 2: INFO
|
|
|
384 |
# 3: WARNING
|
|
|
385 |
# 4: ERROR
|
|
|
386 |
#
|
|
|
387 |
# Multiple filters can be defined in a single @log_filters, they just need
|
|
|
388 |
# to be separated by spaces. Note that libvirt performs "first" match, i.e.
|
|
|
389 |
# if there are concurrent filters, the first one that matches will be applied,
|
|
|
390 |
# given the order in @log_filters.
|
|
|
391 |
#
|
|
|
392 |
# A typical need is to capture information from a hypervisor driver,
|
|
|
393 |
# public API entrypoints and some of the utility code. Some utility
|
|
|
394 |
# code is very verbose and is generally not desired. Taking the QEMU
|
|
|
395 |
# hypervisor as an example, a suitable filter string for debugging
|
|
|
396 |
# might be to turn off object, json & event logging, but enable the
|
|
|
397 |
# rest of the util code:
|
|
|
398 |
#
|
|
|
399 |
#log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"
|
|
|
400 |
|
|
|
401 |
# Logging outputs:
|
|
|
402 |
# An output is one of the places to save logging information
|
|
|
403 |
# The format for an output can be:
|
|
|
404 |
# level:stderr
|
|
|
405 |
# output goes to stderr
|
|
|
406 |
# level:syslog:name
|
|
|
407 |
# use syslog for the output and use the given name as the ident
|
|
|
408 |
# level:file:file_path
|
|
|
409 |
# output to a file, with the given filepath
|
|
|
410 |
# level:journald
|
|
|
411 |
# output to journald logging system
|
|
|
412 |
# In all cases 'level' is the minimal priority, acting as a filter
|
|
|
413 |
# 1: DEBUG
|
|
|
414 |
# 2: INFO
|
|
|
415 |
# 3: WARNING
|
|
|
416 |
# 4: ERROR
|
|
|
417 |
#
|
|
|
418 |
# Multiple outputs can be defined, they just need to be separated by spaces.
|
|
|
419 |
# e.g. to log all warnings and errors to syslog under the libvirtd ident:
|
|
|
420 |
#log_outputs="3:syslog:libvirtd"
|
|
|
421 |
|
|
|
422 |
|
|
|
423 |
##################################################################
|
|
|
424 |
#
|
|
|
425 |
# Auditing
|
|
|
426 |
#
|
|
|
427 |
# This setting allows usage of the auditing subsystem to be altered:
|
|
|
428 |
#
|
|
|
429 |
# audit_level == 0 -> disable all auditing
|
|
|
430 |
# audit_level == 1 -> enable auditing, only if enabled on host (default)
|
|
|
431 |
# audit_level == 2 -> enable auditing, and exit if disabled on host
|
|
|
432 |
#
|
|
|
433 |
#audit_level = 2
|
|
|
434 |
#
|
|
|
435 |
# If set to 1, then audit messages will also be sent
|
|
|
436 |
# via libvirt logging infrastructure. Defaults to 0
|
|
|
437 |
#
|
|
|
438 |
#audit_logging = 1
|
|
|
439 |
|
|
|
440 |
###################################################################
|
|
|
441 |
# UUID of the host:
|
|
|
442 |
# Host UUID is read from one of the sources specified in host_uuid_source.
|
|
|
443 |
#
|
|
|
444 |
# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'
|
|
|
445 |
# - 'machine-id': fetch the UUID from /etc/machine-id
|
|
|
446 |
#
|
|
|
447 |
# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide
|
|
|
448 |
# a valid UUID a temporary UUID will be generated.
|
|
|
449 |
#
|
|
|
450 |
# Another option is to specify host UUID in host_uuid.
|
|
|
451 |
#
|
|
|
452 |
# Keep the format of the example UUID below. UUID must not have all digits
|
|
|
453 |
# be the same.
|
|
|
454 |
|
|
|
455 |
# NB This default all-zeros UUID will not work. Replace
|
|
|
456 |
# it with the output of the 'uuidgen' command and then
|
|
|
457 |
# uncomment this entry
|
|
|
458 |
#host_uuid = "00000000-0000-0000-0000-000000000000"
|
|
|
459 |
#host_uuid_source = "smbios"
|
|
|
460 |
|
|
|
461 |
###################################################################
|
|
|
462 |
# Keepalive protocol:
|
|
|
463 |
# This allows libvirtd to detect broken client connections or even
|
|
|
464 |
# dead clients. A keepalive message is sent to a client after
|
|
|
465 |
# keepalive_interval seconds of inactivity to check if the client is
|
|
|
466 |
# still responding; keepalive_count is a maximum number of keepalive
|
|
|
467 |
# messages that are allowed to be sent to the client without getting
|
|
|
468 |
# any response before the connection is considered broken. In other
|
|
|
469 |
# words, the connection is automatically closed approximately after
|
|
|
470 |
# keepalive_interval * (keepalive_count + 1) seconds since the last
|
|
|
471 |
# message received from the client. If keepalive_interval is set to
|
|
|
472 |
# -1, libvirtd will never send keepalive requests; however clients
|
|
|
473 |
# can still send them and the daemon will send responses. When
|
|
|
474 |
# keepalive_count is set to 0, connections will be automatically
|
|
|
475 |
# closed after keepalive_interval seconds of inactivity without
|
|
|
476 |
# sending any keepalive messages.
|
|
|
477 |
#
|
|
|
478 |
#keepalive_interval = 5
|
|
|
479 |
#keepalive_count = 5
|
|
|
480 |
|
|
|
481 |
#
|
|
|
482 |
# These configuration options are no longer used. There is no way to
|
|
|
483 |
# restrict such clients from connecting since they first need to
|
|
|
484 |
# connect in order to ask for keepalive.
|
|
|
485 |
#
|
|
|
486 |
#keepalive_required = 1
|
|
|
487 |
#admin_keepalive_required = 1
|
|
|
488 |
|
|
|
489 |
# Keepalive settings for the admin interface
|
|
|
490 |
#admin_keepalive_interval = 5
|
|
|
491 |
#admin_keepalive_count = 5
|
|
|
492 |
|
|
|
493 |
###################################################################
|
|
|
494 |
# Open vSwitch:
|
|
|
495 |
# This allows to specify a timeout for openvswitch calls made by
|
|
|
496 |
# libvirt. The ovs-vsctl utility is used for the configuration and
|
|
|
497 |
# its timeout option is set by default to 5 seconds to avoid
|
|
|
498 |
# potential infinite waits blocking libvirt.
|
|
|
499 |
#
|
|
|
500 |
#ovs_timeout = 5
|