When libvirtd restarts it will attempt to reconnect to existing
LXC containers. If it loads a XML state file for the container
the container will appear running. If we fail to read the PID
file, or fail to connect to the LXC monitor, we should be killing
off the guest, but if the VMs cgroup does not exist any more,
cleanup will get skipped. Reading the PID file is also pointless
since the PID is in the XML statefile
In lxcReconnectVM we do not need to read the PID file. If part
of the reconnect process fails we need to run the VM terminate
code as a safety net.
In lxcVMTerminate, if we can't obtain the VM cgroup, we know
the process has died, but we must still run lxcVMCleanup to
clear out the virDomainObjPtr live state
* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart
Osier Yang [Sat, 16 Jul 2011 03:24:49 +0000 (11:24 +0800)]
qemu: Fix a regression of attaching device
The regression is introduced by Commit da1eba6b, the new
codes with this commit doesn't reset "ret" to "-1" when
it fails on parsing the device XML (live device attachment)
This patch changes the codes to reset the "ret" and "-1",
and also changes the codes so that it don't modify "ret"
for condition checking.
Eric Blake [Thu, 7 Jul 2011 17:57:43 +0000 (11:57 -0600)]
build: add syntax check for proper flags use
Enforce the recent flags cleanups - we want to use 'unsigned int flags'
in any of our APIs (except where backwards compatibility is important,
in the public migration APIs), and that all flags are checked for
validity (except when there are stub functions that completely
ignore the flags argument).
There are a few minor tweaks done here to avoid false positives:
signed arguments passed to open() are renamed oflags, and flags
arguments that are legitimately ignored are renamed flags_unused.
Eric Blake [Wed, 6 Jul 2011 22:14:33 +0000 (16:14 -0600)]
esx: reject unknown flags
Silently ignored flags get in the way of new features that
use those flags.
Regarding ESX migration flags - right now, ESX silently enforces
VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
other flags. This patch does not change the implied bits (it permits
but does not require them), but enforces only the supported bits.
If further cleanup is needed to be more particular about migration
flags, that should be a separate patch.
Eric Blake [Fri, 15 Jul 2011 17:23:17 +0000 (11:23 -0600)]
virsh: improve option handling
The documentation for vshCommandOptString claims that it returns
-1 on a missing required argument, but in reality, that error
message was unreachable (it was buried inside an if clause that
is true only if the argument was present). The code was so hairy
that I decided a rewrite would make it easier to understand,
and actually return the error values we want.
Meanwhile, our construction guarantees that all vshCmdOpt have
a non-null def member, so there are some redundant checks that
can be trimmed.
* tools/virsh.c (vshCommandOpt): Alter signature.
(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
(vshCommandOptString, vshCommandOptLongLong)
(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
(vshCommandOptArgv): Remove dead condition.
Eric Blake [Fri, 15 Jul 2011 19:03:20 +0000 (13:03 -0600)]
flags: fix domain_conf migration regression
Commit 461e0f1a broke migration, because there was a code path
that tried to enable an internal flag while still going through
the public function. Split the internal flag into a separate
callback, and validate that flags do not overlap.
* src/conf/domain_conf.c (virDomainDefFormat): Split...
(virDomainDefFormatInternal): ...to separate the flag check.
(virDomainObjFormat): Adjust caller.
Dave Allan [Fri, 15 Jul 2011 18:33:17 +0000 (14:33 -0400)]
website: Point main page links to libvirt driver pages
The "libvirt supports:" section on the main page of libvirt.org
contains a list of hypervisors with links that point to the sites of
the underlying virt technologies. The entry for KVM points to
http://www.linux-kvm.org/, for example. People coming to libvirt.org
for the first time are likely to know about those sites, and they're
probably interested in how libvirt manages those technologies. This
patch points those links to the libvirt driver pages instead. It also
consolidates KVM and QEMU as there is only one libvirt driver page for
them. Finally, it adds a line about networking support.
v2: incorporate Eric's feedback adding project links to driver pages.
website: Add project links to KVM/QEMU driver page
website: Add project links to Xen driver page
website: Add project links to LXC driver page
website: Add project links to OpenVZ driver page
website: Add project links to UML driver page
website: Add project links to Virtualbox driver page
website: Add project links to ESX driver page
website: Add project links to VMware driver page
Eric Blake [Thu, 14 Jul 2011 21:46:49 +0000 (15:46 -0600)]
flags: fix qemu migration regression
Commit f548480b broke migration v3 on qemu, because the driver
passed flags on through to qemu_migration even though
qemu_migration wasn't using those flags.
* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
* src/qemu/qemu_driver.c: Simplify all migration callbacks.
* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.
Eric Blake [Wed, 13 Jul 2011 22:24:38 +0000 (16:24 -0600)]
flags: use common dumpxml flags check
The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
auditing the drivers found other places where flags was being used
but not validated. In particular, domainGetXMLDesc had issues with
clients accepting a different set of flags than the common
virDomainDefFormat helper function.
If the server succesfully validates the client cert, it will send
back a single byte, under TLS. If it fails, it will close the
connection. In this case, we were just reporting the standard
I/O error. The original RPC code had a special case hack for the
GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
a more useful error message
* src/rpc/virnetclient.c: Return ENOMSG if we get
GNUTLS_E_UNEXPECTED_PACKET_LENGTH
* src/rpc/virnettlscontext.c: Report cert failure if we
see ENOMSG
Dave Allan [Fri, 15 Jul 2011 13:47:12 +0000 (09:47 -0400)]
Fix error code for storage operations
Many volume operations will fail if the volume in question is being
allocated. These operations were returning VIR_ERR_INTERNAL_ERROR
when they should be returning VIR_ERR_OPERATION_INVALID.
setvcpus: add "--current" option to "virsh setvcpus"
This patch adds the --current option to "virsh setvcpus"
command. Currently "virsh setvcpus" command supports
"--live" and "--config" , but "--current" option.
From view of consistency, it's reasonable to support
"--current" option too.
When --current is specified, it affects a "current"
domain.
Eric Blake [Tue, 12 Jul 2011 18:07:01 +0000 (12:07 -0600)]
fdstream: avoid child process leak on error
By requesting the pid in virCommandRunAsync, fdstream was claiming
that it would manually wait for the process. But on the failure
path, the child process was being leaked.
Eric Blake [Tue, 12 Jul 2011 16:42:41 +0000 (10:42 -0600)]
command: introduce virPidWait, virPidAbort
When using virCommandRunAsync and saving the pid for later, it
is useful to be able to reap that pid in the same way that it
would have been auto-reaped by virCommand if we had passed
NULL for the pid argument in the first place.
* src/util/command.c (virPidWait, virPidAbort): New functions,
created from...
(virCommandWait, virCommandAbort): ...bodies of these.
(includes): Drop duplicate <stdlib.h>. Ensure that our pid_t
assumptions hold.
(virCommandRunAsync): Improve documentation.
* src/util/command.h (virPidWait, virPidAbort): New prototypes.
* src/libvirt_private.syms: Export them.
* docs/internals/command.html.in: Document them.
update apparmor security driver for new udev paths
In the Ubuntu development release we recently got a new udev that
moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
This change in udev requires updating the apparmor security driver in
libvirt[1].
Attached is a patch that:
* adjusts src/security/virt-aa-helper.c to allow both
LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
to /run/ anyway, so there is no additional access (remember that
apparmor resolves symlinks, which is why this is still required even
if /var/run points to /run).
* adjusts example/apparmor/libvirt-qemu paths for /dev/shm
build: disable some drivers when building without libvirt daemon
We disable some drivers when building without libvirtd in configure,
but we do not do the same thing in libvirt.spec. It may break rpm
building without libvirtd.
Michal Privoznik [Thu, 14 Jul 2011 10:53:45 +0000 (12:53 +0200)]
storage: Avoid memory leak on metadata fetching
Getting metadata on storage allocates a memory (path) which need to
be freed after use otherwise it gets leaked. This means after use of
virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
must call virStorageFileFreeMetadata to free it. This function frees
structure internals and structure itself.
qemu: Don't overwrite errors by closefd in error paths
When qemuMonitorCloseFileHandle is called in error path, we need to
preserve the original error since a possible further error when running
closefd monitor command is not very useful to users.
qemu: Save domain status ASAP after creating qemu process
When creating new qemu process we saved domain status XML only after the
process was fully setup and running. In case libvirtd was killed before
the whole process finished, once libvirtd started again it didn't know
anything about the new process and we end up with an orphaned qemu
process. Let's save the domain status XML as soon as we know the PID so
that libvirtd can kill the process on restart.
Eric Blake [Fri, 8 Jul 2011 21:58:28 +0000 (15:58 -0600)]
build: avoid ATTRIBUTE_UNUSED in headers
The compiler might optimize based on our declaration that something
is unused. Putting that declaration in the header risks getting
out of sync with the actual implementation, so it belongs better
only in the .c files. We were mostly compliant, and a new syntax
check will help us in the future.
* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
attribute already present in .c file.
* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
* src/util/virterror_internal.h (virReportErrorHelper): Parameters
are actually used by .c file.
* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
(xenFormatSxpr): Adjust caller.
* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
(xenDaemonUpdateDeviceFlags): Likewise.
Suggested by Daniel Veillard.
The last patch breaks make check for two reasons. First, it reverses the
condition but leaves default level unchanged, so instead of not printing
anything but errors before the patch it now prints all debug messages by
default. Second, you forgot to change -d5 option passed to virsh in
tests/virsh-optparse to -d0; the script wants to see all debug messages.
Supriya Kannery [Thu, 30 Jun 2011 08:22:32 +0000 (13:52 +0530)]
virsh: Make "DEBUG" loglevel the superset
Aligning loglevel values of virsh to that of libvirt.
"DEBUG"=0 loglevel, when specified through commandline or
env variable, should log all the messages. "ERROR=4"
should log only error messages.
util: Avoid duplicating virFileOpenAsNoFork in virFileOpenAs
In 2f4d2496a88055a8343b3efca618522da8715d92 I didn't notice that one
part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
rather includes a copy of the code from there.
Eric Blake [Thu, 7 Jul 2011 18:04:41 +0000 (12:04 -0600)]
node_device: avoid implicit int
'unsigned a' and 'unsigned int a' are synonyms, but we generally
always spell out the 'int' in that case. Fixing this will avoid
a false positive in the next syntax-check commit.
* src/conf/node_device_conf.h (pci_config_address)
(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.
Eric Blake [Wed, 6 Jul 2011 23:09:40 +0000 (17:09 -0600)]
xenapi: reject unknown flags
* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
Reject unknown flags.
(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
to XML generation.
Eric Blake [Wed, 6 Jul 2011 22:33:53 +0000 (16:33 -0600)]
lxc: reject unknown flags
* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
(lxcDomainGetMemoryParameters): Reject unknown flags.
* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
cflags to reflect that it is not tied to libvirt.
Eric Blake [Fri, 8 Jul 2011 15:18:48 +0000 (09:18 -0600)]
maint: print flags in hex during debug
Continuation of commit 313ac7fd, and enforce things with a syntax
check.
Technically, virNetServerClientCalculateHandleMode is not printing
a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
however, these bits are < 8, so there is no different in the
output, and that was the easiest way to silence the new syntax check.
Eric Blake [Tue, 12 Jul 2011 22:47:01 +0000 (16:47 -0600)]
util: honor anchored names when searching for executables
I got bit in a debugging session on an uninstalled libvirtd; the
code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
instead of my just-built version. So I set a breakpoint and altered
the binary name to be "./src/libvirt_iohelper", and it still failed
because I don't have "." on my PATH.
According to POSIX, execvp only searches PATH if the name does
not contain a slash. Since we are trying to mimic that behavior,
an anchored name should be relative to the current working dir.
This tightens existing behavior, but most callers already pass
an absolute name or a name with no slashes, so it probably won't
be noticeable.
* src/util/util.c (virFindFileInPath): Anchored relative names do
not invoke a PATH search.
Ensure signal handler propagates fatal signals to default handler
When replacing the default SEGV/ABORT/BUS signal handlers you
can't rely on the process being terminated after your custom
handler runs. It is neccessary to manually restore the default
handler and then re-raise the signal
* src/rpc/virnetserver.c: Restore default handler and raise
signal
When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
correct method for leaving and unlocking the monitor is
qemuDomainObjExitMonitorWithDriver.
Most of the code in these two functions is supposed to be identical but
currently it isn't (which is natural since the code is duplicated).
Let's move common parts of these functions into qemuMigrationPrepareAny.
This also fixes qemuMigrationPrepareTunnel which didn't store received
lockState in the domain object.
Jiri Denemark [Mon, 6 Jun 2011 08:30:54 +0000 (10:30 +0200)]
qemu: Add support for job phase
Asynchronous jobs may take long time to finish and may consist of
several phases which we need to now about to help with recovery/rollback
after libvirtd restarts.
Jiri Denemark [Thu, 30 Jun 2011 09:23:50 +0000 (11:23 +0200)]
qemu: Allow all query commands to be run during long jobs
Query commands are safe to be called during long running jobs (such as
migration). This patch makes them all work without the need to
special-case every single one of them.
The patch introduces new job.asyncCond condition and associated
job.asyncJob which are dedicated to asynchronous (from qemu monitor
point of view) jobs that can take arbitrarily long time to finish while
qemu monitor is still usable for other commands.
The existing job.active (and job.cond condition) is used all other
synchronous jobs (including the commands run during async job).
Locking schema is changed to use these two conditions. While asyncJob is
active, only allowed set of synchronous jobs is allowed (the set can be
different according to a particular asyncJob) so any method that
communicates to qemu monitor needs to check if it is allowed to be
executed during current asyncJob (if any). Once the check passes, the
method needs to normally acquire job.cond to ensure no other command is
running. Since domain object lock is released during that time, asyncJob
could have been started in the meantime so the method needs to recheck
the first condition. Then, normal jobs set job.active and asynchronous
jobs set job.asyncJob and optionally change the list of allowed job
groups.
Since asynchronous jobs only set job.asyncJob, other allowed commands
can still be run when domain object is unlocked (when communicating to
remote libvirtd or sleeping). To protect its own internal synchronous
commands, the asynchronous job needs to start a special nested job
before entering qemu monitor. The nested job doesn't check asyncJob, it
only acquires job.cond and sets job.active to block other jobs.
EnterMonitor and ExitMonitor methods are very similar to their
*WithDriver variants; consolidate them into EnterMonitorInternal and
ExitMonitorInternal to avoid (mainly future) code duplication.
Incrementally running 'make syntax-check' on a tree previously
built after commit 62dee6f but before 44036460 fails sc_po_check
(because the generated qemu_dispatch.h gained translatable strings).
This is a followup to commit addaa537 for that scenario.
* cfg.mk (sc_po_check): Add another prereq.
($(srcdir)/daemon/qemu_dispatch.h): Add rule.
Since a host can run several different virtualization types at
the same time, audit messages should allow domains to be identified.
Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages
* src/conf/domain_audit.c: Identify virt type of guest
Implement code to attach to external QEMU instances.
Given a PID, the QEMU driver reads /proc/$PID/cmdline and
/proc/$PID/environ to get the configuration. This is fed
into the ARGV->XML convertor to build an XML configuration
for the process.
/proc/$PID/exe is resolved to identify the full command
binary path
After checking for name/uuid uniqueness, an attempt is
made to connect to the monitor socket. If successful
then 'info status' and 'info kvm' are issued to determine
whether the CPUs are running and if KVM is enabled.
* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
qemuProcessAttach to connect to the monitor of an
existing QEMU process
Add monitor API for checking whether KVM is enabled
When attaching to an external QEMU process, it is neccessary
to check if the process is using KVM or not. This can be done
using a monitor command
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
API for checking if KVM is enabled
Define remote wire protocol & impls for virDomainQemuAttach
This tweaks the RPC generator to cope with some naming
conventions used for the QEMU specific APIs
* daemon/remote.c: Server side dispatcher
* src/remote/remote_driver.c: Client side dispatcher
* src/remote/qemu_protocol.x: Wire protocol definition
* src/rpc/gendispatch.pl: Use '$structprefix' in method
names, fix QEMU flags and fix dispatcher method names
Define a QEMU specific API to attach to a running QEMU process
Introduce a new API in libvirt-qemu.so
virDomainPtr virDomainQemuAttach(virConnectPtr domain,
unsigned long long pid,
unsigned int flags);
This allows libvirtd to attach to an existing, externally
launched QEMU process. This is useful for QEMU developers who
prefer to launch QEMU themselves for debugging/devel reasons,
but still want the benefit of libvirt based tools like
virt-top, virt-viewer, etc
projects / libvirt.git / log