From 0bbb91fc8b0cafb597b990bb801718d082ffb09a Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Fri, 1 Sep 2023 15:42:26 -0400
Subject: [PATCH] Add override custom libvirtd.service unit

This has no functional change on Buster, but on Bullseye this overrides
the stupid socket-based activation shenanigans that the default unit
tries to do, as well as the breaking replacement of the
/etc/default/libvirt variable names.
---
 roles/pvc/tasks/libvirt/main.yml              | 17 +++++--
 .../pvc/templates/libvirt/libvirtd.service.j2 | 44 +++++++++++++++++++
 2 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 roles/pvc/templates/libvirt/libvirtd.service.j2

diff --git a/roles/pvc/tasks/libvirt/main.yml b/roles/pvc/tasks/libvirt/main.yml
index b5eb78c..d39fdd6 100644
--- a/roles/pvc/tasks/libvirt/main.yml
+++ b/roles/pvc/tasks/libvirt/main.yml
@@ -49,17 +49,28 @@
     replace: 'libvirtd_opts="--listen"'
   notify: restart libvirtd
 
-- name: enable services
+- name: install systemd unit file (override default on Bullseye)
+  template:
+    src: libvirt/libvirtd.service.j2
+    dest: /etc/systemd/system/libvirtd.service
+  register: systemd
+
+- name: reload systemd to apply changes
+  command: systemctl daemon-reload
+  when: systemd.changed
+
+- name: start and enable services (not managed by PVC)
   service:
     name: "{{ item }}"
-    enabled: yes
     state: started
+    enabled: yes
   with_items:
     - vhostmd
 
-- name: disable PVC-managed services
+- name: start but disable services (managed by PVC)
   service:
     name: "{{ item }}"
+    state: started
     enabled: no
   with_items:
     - libvirtd
diff --git a/roles/pvc/templates/libvirt/libvirtd.service.j2 b/roles/pvc/templates/libvirt/libvirtd.service.j2
new file mode 100644
index 0000000..bb90151
--- /dev/null
+++ b/roles/pvc/templates/libvirt/libvirtd.service.j2
@@ -0,0 +1,44 @@
+# NB we don't use socket activation. When libvirtd starts it will
+# spawn any virtual machines registered for autostart. We want this
+# to occur on every boot, regardless of whether any client connects
+# to a socket. Thus socket activation doesn't have any benefit
+
+[Unit]
+Description=Virtualization daemon
+Requires=virtlogd.socket
+Requires=virtlockd.socket
+Wants=systemd-machined.service
+Before=libvirt-guests.service
+After=network.target
+After=dbus.service
+After=iscsid.service
+After=apparmor.service
+After=local-fs.target
+After=remote-fs.target
+After=systemd-logind.service
+After=systemd-machined.service
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/default/libvirtd
+ExecStart=/usr/sbin/libvirtd $libvirtd_opts
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
+# eg if we want to support 4096 guests, we'll typically need 8192 FDs
+# If changing this, also consider virtlogd.service & virtlockd.service
+# limits which are also related to number of guests
+LimitNOFILE=8192
+# The cgroups pids controller can limit the number of tasks started by
+# the daemon, which can limit the number of domains for some hypervisors.
+# A conservative default of 8 tasks per guest results in a TasksMax of
+# 32k to support 4096 guests.
+TasksMax=32768
+
+[Install]
+WantedBy=multi-user.target
+Also=virtlockd.socket
+Also=virtlogd.socket