Cole Robinson [Fri, 19 Nov 2010 18:36:29 +0000 (13:36 -0500)]
Make state driver device hotplug/update actually transient
The current semantics of non-persistent hotplug/update are confusing: the
changes will persist as long as the in memory domain definition isn't
overwritten. This means hotplug changes stay around until the domain is
redefined or libvirtd is restarted.
Call virDomainObjSetDefTransient at VM startup, so that we properly discard
hotplug changes when the VM is shutdown.
Cole Robinson [Fri, 19 Nov 2010 18:34:19 +0000 (13:34 -0500)]
domain_conf: Add virDomainObjSetDefTransient
This function sets the running domain definition as transient, by reparsing
the persistent config and assigning it to newDef. This ensures that any
changes made to the running definition and not the persistent config are
discarded when the VM is shutdown.
Stefan Berger [Sat, 20 Nov 2010 01:41:25 +0000 (20:41 -0500)]
nwfilter: re-order lock grabbed by IP addr. learn thread
The IP address learning thread was causing a deadlock when it instantiated a filter while a filter update/change was ongoing. The reason for this was the ordering of locks due to the following calls
Adam Litke [Fri, 19 Nov 2010 16:18:15 +0000 (10:18 -0600)]
Allow probing of image formats without version information
Disk image formats that wish to opt-out of version validation are supposed to
set versionOffset to -1 in their fileTypeInfo entry.
By unconditionally returning False for these formats,
virStorageFileMatchesVersion() incorrectly reports a version mismatch when the
test was actually skipped. The correct behavior is to return True so these
formats can be successfully probed using the magic bytes alone.
Eric Blake [Wed, 17 Nov 2010 23:41:31 +0000 (16:41 -0700)]
maint: tighten strncmp syntax check
Using 'int ret = strcmp(a, b)' in a qsort function is a valid use of
str[n]cmp that should _not_ be turned to STREQ, but it was falling
foul of our specific syntax-check. Meanwhile, gnulib's maint.mk
already has a tighter bound for strcmp, so we can copy that regex and
just check for strncmp, which results in fewer false positives that
require exceptions.
Eric Blake [Fri, 13 Aug 2010 22:19:54 +0000 (16:19 -0600)]
daemon: use safer memory growth macros
* daemon/libvirtd.h (qemud_server): Change types of members
tracking array sizes, and add allocation trackers.
* daemon/event.c (virEventLoop): Likewise.
(virEventAddHandleImpl, virEventAddTimeoutImpl)
(virEventCleanupTimeouts, virEventCleanupHandles): Use
VIR_RESIZE_N instead of VIR_REALLOC_N. Tweak debug messages to
match type changes.
* daemon/libvirtd.c (qemudDispatchServer, qemudRunLoop): Likewise.
Daniel Veillard [Thu, 18 Nov 2010 16:55:14 +0000 (17:55 +0100)]
Fix a failure to restore SELinux label for character devices
The code in SELinuxRestoreSecurityChardevLabel() was trying to
use SELinuxSetFilecon directly for devices or file types while
it should really use SELinuxRestoreSecurityFileLabel encapsulating
routine, which avoid various problems like resolving symlinks,
making sure he file exists and work around NFS problems
Eric Blake [Wed, 17 Nov 2010 17:38:59 +0000 (10:38 -0700)]
build: fix autobuild failures on gcov upgrade
Last time I ran ./autobuild.sh was on F13; and upgrading to F14
exposed these leftovers due to a newer gcov than what was in the stale
files, in the form of spurious messages that break 'make check':
Eric Blake [Tue, 16 Nov 2010 19:29:09 +0000 (12:29 -0700)]
maint: update to latest gnulib
Allows bootstrap to work on FreeBSD, where gzip doesn't have a '.'
in its version; and silences false positives in the new
'make syntax-check' rule.
* .gnulib: Update to latest.
* bootstrap: Synchronize to upstream.
* .x-sc_bindtextdomain: New exemptions.
* Makefile.am (syntax_check_exceptions): Ship new file.
* .gitignore: Regenerate per latest bootstrap, anchor entries that
are only in the root directory, and consolidate entries from other
generated .gitignore files.
* build-aux/.gitignore, m4/.gitignore, po/.gitignore: Remove from
version control, since bootstrap generates them.
Eric Blake [Tue, 16 Nov 2010 19:01:37 +0000 (12:01 -0700)]
maint: improve i18n on non-Linux
Per the gettext developer:
http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html
http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html
gettext() doesn't work correctly on all platforms unless you have
called setlocale(). Furthermore, gnulib's gettext.h has provisions
for setting up a default locale, which is the preferred method for
libraries to use gettext without having to call textdomain() and
override the main program's default domain (virInitialize already
calls bindtextdomain(), but this is insufficient without the
setlocale() added in this patch; and a redundant bindtextdomain()
in this patch doesn't hurt, but serves as a good example for other
packages that need to bind a second translation domain).
This patch is needed to silence a new gnulib 'make syntax-check'
rule in the next patch.
Stefan Berger [Wed, 17 Nov 2010 15:19:13 +0000 (10:19 -0500)]
replace last instances of close()
I am replacing the last instances of close() I found with VIR_CLOSE() / VIR_FORCE_CLOSE respectively.
The first part patches virsh, which I missed out on previously.
The 2nd patch I had left out intentionally to look at it more carefully:
The 'closed' variable could be easily removed since it wasn't used anywhere else. The possible race condition that could result from the filedescriptor being closed and not set to -1 (and possibly let us write into 'something' totally different if the fd was allocated by another thread) seems to be prevented by the qemuMonitorLock() already placed around the code that reads from or writes to the fd. So the change of this code as shown in the patch should not have any side-effects.
Stefan Berger [Wed, 17 Nov 2010 02:18:21 +0000 (21:18 -0500)]
nwfilter: also purge ip(6)tables rules before detecting IP address
Rather than only cleaning any remaining ebtables rules, also clean those applied to iptables and ip6tables when detecting the IP address of an interface. Previous applied iptables rules may hinder DHCP packets.
Stefan Berger [Wed, 17 Nov 2010 02:13:29 +0000 (21:13 -0500)]
deprecate fclose() and introduce VIR_{FORCE_}FCLOSE()
Similarly to deprecating close(), I am now deprecating fclose() and
introduce VIR_FORCE_FCLOSE() and VIR_FCLOSE(). Also, fdopen() is replaced with
VIR_FDOPEN().
Most of the files are opened in read-only mode, so usage of
VIR_FORCE_CLOSE() seemed appropriate. Others that are opened in write
mode already had the fclose()< 0 check and I converted those to
VIR_FCLOSE()< 0.
I did not find occurrences of possible double-closed files on the way.
Osier Yang [Tue, 16 Nov 2010 15:39:26 +0000 (23:39 +0800)]
qemu: record timestamp in qemu domain log
Currently only support domain start and shutdown, for domain start,
record timestamp before the qemu command line, and for domain shutdown,
just say it's shutting down with timestamp.
* src/qemu/qemu_driver.c (qemudStartVMDaemon, qemudShutdownVMDaemon
introduced two macros - START_POSTFIX, SHUTDOWN_POSTFIX)
Eric Blake [Sat, 13 Nov 2010 21:48:02 +0000 (14:48 -0700)]
nwfilter: use /bin/sh rather than requiring bash
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesWriteToTempFile): Use /bin/sh.
(bash_cmd_path): Delete.
(ebiptablesDriverInit, ebiptablesDriverShutdown): No need to
search for bash.
(CMD_EXEC): Prefer $() over ``, since we can assume POSIX.
(iptablesSetupVirtInPost): Use portable 'test' syntax.
(iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.
Stefan Berger [Mon, 15 Nov 2010 18:58:55 +0000 (13:58 -0500)]
macvtap: convert send / recv function to use libnl
In a second step I am converting the netlink send/receive functions to
use libnl.
I tested this with 802.1Qbg profiles and my test server and did not see
a regression.
Caveat: The online documentation of libnl talks about nl_socket_alloc()
but the header file provides nl_handle_alloc() -- this could be a hint
to a possible problem between libnl versions...
Matthias Bolte [Sat, 13 Nov 2010 15:34:57 +0000 (16:34 +0100)]
Use python discovered through env instead of hardcoding a path
This is more flexible regarding the location of the python binary
but doesn't allow to pass the -u flag. The -i flag can be passed
from inside the script using the PYTHONINSPECT env variable.
This fixes a problem with the esx_vi_generator.py on FreeBSD.
Matthias Bolte [Fri, 12 Nov 2010 12:58:16 +0000 (13:58 +0100)]
phyp: Don't do a flags check in the storage driver
This makes the storage driver fail when the connection is
opened with the VIR_CONNECT_RO flag, resulting in a read-only
connection with no storage driver.
Stefan Berger [Fri, 12 Nov 2010 12:14:01 +0000 (07:14 -0500)]
macvtap: convert nl msg construction to use libnl
In a first step I am converting the netlink message construction in
macvtap code to use libnl. It's pretty much a 1:1 conversion except that
now the message needs to be allocated and deallocated.
Laine Stump [Thu, 11 Nov 2010 20:29:01 +0000 (15:29 -0500)]
Do a better job of validating IP and MAC addresses in network.rng
IP addresses and MAC addresses had been defined in the RNG simply as
<text/> meaning that, according to the RNG, any string could go in
there. Of course the C parsing code does a much better job of
validating, but we may as well have this describing the contents
accurately (even though it's currently only used during "make check").
Laine Stump [Thu, 11 Nov 2010 19:48:51 +0000 (14:48 -0500)]
Put network.rng contents inside <grammar> for uniformity with other RNGs
All the other RNG files in libvirt are enclosed within <grammar>. This
commit makes the syntactical changes necessary to make network.rng fit
that pattern. (This is the first step in adding some data type
definitions to network.rng for more exact validation of IP and MAC
addresses).
Formatting changes (indentation) will be done in a subsequent commit,
so that actual changes to the code won't be obscured by whitespace.
Jamie Strandboge [Thu, 11 Nov 2010 21:59:50 +0000 (14:59 -0700)]
virt-aa-helper should require <uuid> in XML
When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which
is unnecessary and can lead to crashes if /dev/urandom isn't available
because virRandomInitialize() is not called within virt-aa-helper. This patch
adds verify_xpath_context() and updates caps_mockup() to use it.
Laine Stump [Wed, 10 Nov 2010 19:39:43 +0000 (14:39 -0500)]
ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs
If virDomainAttachDevice() was called with an image that was located
on a root-squashed NFS server, and in a directory that was unreadable
by root on the machine running libvirtd, the attach would fail due to
an attempt to change the selinux label of the image with EACCES (which
isn't covered as an ignore case in SELinuxSetFilecon())
NFS doesn't support SELinux labelling anyway, so we mimic the failure
handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
just ignores the errors if the target is on an NFS filesystem (in
SELinuxSetSecurityAllLabel() only, though.)
This can be seen as a follow-on to commit 347d266c51705f4987fa5ce2a0ecb314ed8745ce, which ignores file open
failures of files on NFS that occur directly in
virDomainDiskDefForeachPath() (also necessary), but does not ignore
failures in functions that are called from there (eg
SELinuxSetSecurityFileLabel()).
The event watches need to be removed before the event loop
terminates, otherwise they cause a dangling reference to
be held on the virStreamPtr, which in turns holds a reference
on virConnectPtr, which in turn causes errors like
"Failed to disconnect from the hypervisor"
* tools/console.c: Remove watches before event loop quits
* tools/virsh.c: Print out dangling reference count
When closing open streams after a client quits, the event
callback was not removed. This mean that poll() was using
a closed FD and returning POLLNVAL in a busy-wait loop.
This re-writes the 'virsh console' command so that it uses
the new streams API. This lets it run remotely and/or as a
non-root user. This requires that virsh be linked against
the simple event loop from libvirtd in daemon/event.c
As an added bonus, it can now connect to any console device,
not just the first one.
* tools/Makefile.am: Link to event.c
* tools/console.c, tools/console.h: Rewrite to use the
virDomainOpenConsole() APIs with streams
* tools/virsh.c: Support choosing the console name
via --devname $NAME
Convert daemon/events.c to use virMutex and virThread
The code currently uses pthreads APIs directly. This is not
portable to Win32 threads. Switch it over to use the portability
APIs. Also add a wrapper for pipe() which is subtely different
on Win32
* daemon/event.c: Switch to use virMutex & virThread.
This provides an implementation of the virDomainOpenConsole
API with the QEMU driver. For the streams code, this reuses
most of the code previously added for the tunnelled migration
streams since it is generic.
* src/qemu/qemu_driver.c: Support virDomainOpenConsole
Add a generic internal API for handling any FD based stream
To avoid the need for duplicating implementations of virStream
drivers, provide a generic implementation that can handle any
FD based stream. This code is copied from the existing impl
in the QEMU driver, with the locking moved into the stream
impl, and addition of a read callback
The FD stream code will refuse to operate on regular files or
block devices, since those can't report EAGAIN properly when
they would block on I/O
* include/libvirt/virterror.h, include/libvirt/virterror.h: Add
VIR_FROM_STREAM error domain
* src/qemu/qemu_driver.c: Remove code obsoleted by the new
generic streams driver.
* src/fdstream.h, src/fdstream.c, src/fdstream.c,
src/libvirt_private.syms: Generic reusable FD based streams
To enable virsh console (or equivalent) to be used remotely
it is necessary to provide remote access to the /dev/pts/XXX
pseudo-TTY associated with the console/serial/parallel device
in the guest. The virStream API provide a bi-directional I/O
stream capability that can be used for this purpose. This
patch thus introduces a virDomainOpenConsole API that uses
the stream APIs.
* src/libvirt.c, src/libvirt_public.syms,
include/libvirt/libvirt.h.in, src/driver.h: Define the
new virDomainOpenConsole API
* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
src/remote/remote_driver.c, src/test/test_driver.c,
src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub
API entry point
Support callbacks on virStream APIs in remote driver client
The current remote driver code for streams only supports
blocking I/O mode. This is fine for the usage with migration
but is a problem for more general use cases, in particular
bi-directional streams.
This adds supported for the stream callbacks and non-blocking
I/O. with the minor caveat is that it doesn't actually do
non-blocking I/O for sending stream data, only receiving it.
A future patch will try to do non-blocking sends, but this is
quite tricky to get right.
* src/remote/remote_driver.c: Allow non-blocking I/O for
streams and support callbacks
The /dev/console device inside the container must NOT map
to the real /dev/console device node, since this allows the
container control over the current host console. A fun side
effect of this is that starting a container containing a
real Fedora OS will kill off your X server.
Remove the /dev/console node, and replace it with a symlink
to the primary console TTY
* src/lxc/lxc_container.c: Replace /dev/console with a
symlink to /dev/pty/0
* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
ACL
Eric Blake [Tue, 9 Nov 2010 20:44:47 +0000 (13:44 -0700)]
virsh: supply long option for -V
* tools/virsh.c (vshParseArgv): Use NULL instead of 0 for pointer,
and symbolic names for has_arg. Give --version an optional arg.
(vshUsage): Document this.
* tools/virsh.pod: Likewise.
Regression of forcing 0700 permissions (which breaks guest startup
because the qemu user can't see /var/lib/libvirt/*.monitor) was
introduced in commit 66823690e, as part of libvirt 0.8.2.
* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
since libvirt depends on libvirt-client.
(%files client): Guarantee 755 permissions on
%(_localstatedir}/lib/libvirt, since the qemu user must be able to
do pathname resolution to a subdirectory.
Adam Litke [Wed, 3 Nov 2010 15:50:11 +0000 (10:50 -0500)]
Allow non-file disk backingStores
I am trying to use a qcow image with libvirt where the backing 'file' is a
qemu-nbd server. Unfortunately virDomainDiskDefForeachPath() assumes that
backingStore is always a real file so something like 'nbd:0:3333' is rejected
because a file with that name cannot be accessed. Note that I am not worried
about directly using nbd images. That would require a new disk type with XML
markup, etc. I only want it to be permitted as a backingStore
The following patch implements danpb's suggestion:
> I think I'm inclined to push the logic for skipping NBD one stage higher.
> I'd rather expect virStorageFileGetMetadata() to return all backing
> stores, even if not files. The virDomainDiskDefForeachPath() method
> should definitely ignore non-file backing stores though.
>
> So what I'm thinking is to extend the virStorageFileMetadata struct and
> just add a 'bool isFile' field to it. Default this field to true, unless
> you see the prefix of nbd: in which case set it to false. The
> virDomainDiskDefForeachPath() method can then skip over any backing
> store with isFile == false
Signed-off-by: Adam Litke <agl@us.ibm.com> Cc: Daniel P. Berrange <berrange@redhat.com>
Matthias Bolte [Tue, 9 Nov 2010 22:38:12 +0000 (23:38 +0100)]
xencapstest: Don't fail when Xen is installed
xencapstest calls xenHypervisorMakeCapabilitiesInternal with conn == NULL
which calls xenDaemonNodeGetTopology with conn == NULL when a recent
enough Xen was detected (sys_interface_version >= SYS_IFACE_MIN_VERS_NUMA).
But xenDaemonNodeGetTopology insists in having conn != NULL and fails,
because it expects to be able to talk to an actual xend.
We cannot do that in a 'make check' test. Therefore, only call the xend
subdriver function when conn isn't NULL.
Stefan Berger [Tue, 9 Nov 2010 20:48:48 +0000 (15:48 -0500)]
bye to close(), welcome to VIR_(FORCE_)CLOSE()
Using automated replacement with sed and editing I have now replaced all
occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of
course. Some replacements were straight forward, others I needed to pay
attention. I hope I payed attention in all the right places... Please
have a look. This should have at least solved one more double-close
error.
* docs/schemas/domain.rng: Fix merge error which left SPICE channel
elements under VNC schema.
* tests/qemuhelptest.c: Add SPICE flag to kvm-83 test
* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add
<memballoon> element
Any non-specified channel uses the default, which allows both
secure & insecure usage
* src/conf/domain_conf.c, src/conf/domain_conf.h,
src/libvirt_private.syms: Add XML syntax for specifying per
channel security options for spice.
* src/qemu/qemu_conf.c: Configure channel security with spice
* src/conf/domain_conf.h: Pull passwd out into separate struct
virDomainGraphicsAuthDef to allow sharing between VNC & SPICE
* src/conf/domain_conf.c: Add parsing/formatting of new passwdValidTo
argument
* src/opennebula/one_conf.c, src/qemu/qemu_conf.c, src/qemu/qemu_driver.c,
src/xen/xend_internal.c, src/xen/xm_internal.c: Update for changed
struct containing VNC password
Add SPICE support for QEMU driver configuration file
In common with VNC, the QEMU driver configuration file is used
specify the host level TLS certificate location and a default
password / listen address
* src/qemu/qemu.conf: Add spice_listen, spice_tls,
spice_tls_x509_cert_dir & spice_password config params
* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Parsing of
spice config parameters and updating -spice arg generation
to use them
* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-rhel6.args,
tests/qemuxml2argvtest.c: Expand test case to cover driver
level configuration
projects / libvirt.git / log