As the title says, I am curious if these are necessary because after enabling libvirtd and rebooting, when I check status libvirtd, I see that these 2 processes are not running, and the rest of libvirt is running. Kvm virtual machines work fine, but is tls and tcp not functional for them? Should I enable them both, or leave as is? Thanks.
quoting from: libvirt: Libvirt Daemons
libvirtd-tcp.socket - the unit file corresponding to the TCP 16509 port for non-TLS remote access. This socket should not be configured to start on boot until the administrator has configured a suitable authentication mechanism.
libvirtd-tls.socket - the unit file corresponding to the TCP 16509 port for TLS remote access. This socket should not be configured to start on boot until the administrator has deployed x509 certificates and optionally configured a suitable authentication mechanism.
NB, some distros will use /etc/default instead of /etc/sysconfig.
The socket unit files are newly introduced in 5.6.0. On newly installed hosts the UNIX socket units should be enabled by default. When upgrading an existing host from a previous version of libvirt, the socket unit files will be masked if libvirtd is currently configured to use the --listen argument, since the --listen argument is mutually exclusive with use of socket activation.
When systemd socket activation is used a number of configuration settings in libvirtd.conf are no longer honoured. Instead these settings must be controlled via the system unit files
listen_tcp - TCP socket usage is enabled by starting the libvirtd-tcp.socket unit file.
listen_tls - TLS socket usage is enabled by starting the libvirtd-tls.socket unit file.
/end quote
Does this help? (fyi, libvirt 5.6. was introduced in Fedora 31) The question you need to ask yourself is if you need remote tcp/tls connections to libvirt. Assuming you don’t, leave the sockets disabled.
2 Likes
Thank you for your detailed reply. I don’t need remote access to libvirt (outside the computer it is running on), so I will leave them off.