Eric Blake [Wed, 5 Sep 2012 19:10:18 +0000 (13:10 -0600)]
build: avoid check-symfile on non-Linux
I tested both OpenBSD and cygwin; both failed 'make check' with:
GEN check-symfile
Can't return outside a subroutine at ./check-symfile.pl line 13.
Perl requires 'exit 77' instead of 'return 77' in that context,
but even with that tweak, the build still fails, since the exit
code of 77 is only special to explicit TESTS=foo listings, and
not to make-only dependency rules where we are not going through
automake's test framework.
* src/check-symfile.pl: Kill bogus platform check...
* src/Makefile.am (check-symfile): ...and replace with an automake
conditional.
Laine Stump [Tue, 4 Sep 2012 19:26:29 +0000 (15:26 -0400)]
network: prevent infinite hang if ovs-vswitchd isn't running
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=852984
If a network or interface is configured to use Open vSwitch, but
ovs-vswitchd (the Open vSwitch database service) isn't running, the
ovs-vsctl add-port/del-port commands will hang indefinitely rather
than returning an error. There is a --nowait option, but that appears
to have no effect on add-port and del-port commands, so instead we add
a --timeout=5 to the commands - they will retry for up to 5 seconds,
then fail if there is no response.
Laine Stump [Tue, 4 Sep 2012 17:05:54 +0000 (13:05 -0400)]
build: require netcf-0.2.2 when installing on Fedora18+
A previous patch forced libnl-3 and netcf-0.2.2 (which itself requires
libnl-3) when *building* for Fedora 18+ (and RHEL 7+), but the
install-time Requires: for netcf has always been implicit due to
libvirtd linking with libnetcf.so. However, the since the API of netcf
didn't change when it was rebuilt to use libnl-3, the internal library
version didn't change either, making it possible (from rpm's point of
view) to upgrade libvirt without upgrading netcf (in reality, that
leads to a segfault - see
https://bugzilla.redhat.com/show_bug.cgi?id=853381).
The solution is to put an explicit Requires: line in libvirt's
specfile for fedora >= 18 and rhel >= 7.
Eric Blake [Wed, 5 Sep 2012 17:40:31 +0000 (11:40 -0600)]
build: avoid warnings from gcc 4.2.1
OpenBSD ships with gcc 4.2.1, which annoyingly treats all format
strings as though they were also attribute((nonnull)). The two
concepts are orthogonal, though, as evidenced by the number of
spurious warnings it generates on uses where we know that
virReportError specifically handles NULL instead of a format
string; worse, since we now force -Werror on git builds, it
prevents development builds on OpenBSD.
I hate to do this, as it disables ALL format checking on older
gcc, and therefore misses out on some useful checks (code that
happened to compile on Linux may still have type mismatches
when compiled on other platforms, as evidenced by the number
of times I have fixed formatting mismatches for uid_t as found
by warnings on Cygwin), but I don't see any other way to keep
-Werror alive and still compile on OpenBSD.
A more invasive change would be to make virReportError() mark
its format attribute as nonnull, and fix (a lot of) fallout;
we may end up doing that anyways as part of danpb's error
refactoring improvements, but not today.
* src/internal.h (ATTRIBUTE_FMT_PRINTF): Use preferred spellings.
* m4/virt-compile-warnings.m4 (-Wformat): Disable on older gcc.
This is another fix for the emulator-pin series. When going through
the cputune pinning settings, the current code is trying to pin all
the CPUs, even when not all of them are specified. This causes error
in the subsequent function which, of course, cannot find the cpu to
pin. Since it's enough to pass the correct VCPU ID to the function,
the fix is trivial.
Eric Blake [Tue, 4 Sep 2012 23:40:04 +0000 (17:40 -0600)]
maint: avoid doubled name in syntax check failures
Based on the similar gnulib commit 96ad9077. The use of
$(_sc_search_regexp) already injects $(ME) into any output
messages, so a failure of these rules would look like this,
pre-patch:
maint.mk: maint.mk: use virStrToLong_*, not strtol variants
* cfg.mk (sc_prohibit_strncmp, sc_prohibit_strtol)
(sc_libvirt_unmarked_diagnostics): Drop redundant $(ME).
Eric Blake [Tue, 4 Sep 2012 23:35:27 +0000 (17:35 -0600)]
build: use re-entrant functions in virsh
Yesterday's commit 15d2c9f pointed out that virsh was still using
localtime(), which is not thread-safe, even though virsh is
definitely multi-threaded. Even if we only ever triggered it from
one thread, it's better safe than sorry for maintenance purposes.
The libvirt storage driver uses librbd.so for its functionality.
RPM will automatically add a dependency on the library, so there
is no need to have an explicit dependency on the ceph RPM itself.
This allows newer Fedora distros to avoid pulling in the huge
ceph RPM, in favour of just having the libraries installed
qemu: Do not require auth scheme in graphics events
Only VNC_{{DIS,}CONNECTED,INITIALIZED} and SPICE_INITIALIZED events are
documented to support server/auth field and even there it is marked as
optional. Emit "" auth scheme in case QEMU didn't send it.
Paul Eggert [Tue, 4 Sep 2012 17:03:41 +0000 (10:03 -0700)]
Pass a correct pointer type to localtime_r(3).
On 09/04/2012 08:20 AM, Eric Blake wrote:
> tv_sec is required by POSIX to be
> of type time_t; so this is a bug in the OpenBSD header
> [for declaring it as long]
Most likely this problem arose because of the patch I pushed
in gnulib commit e07d7c40f3ca5ec410cf5aa6fa03cfe51e712039.
Previously, gnulib required timeval's tv_sec to be
the same size as time_t. But now, it requires only that
tv_sec be big enough to hold a time_t.
This patch was needed for Emacs. Without the patch, gnulib
replaced struct timeval on OpenBSD, and this messed up
utimens.c, and Emacs wouldn't build.
Alternatively, gnulib could substitute its own struct timeval
for the system's, wrapping every struct timeval-using function
(gettimeofday, futimesat, futimes, lutimes, etc. That'd be
more work, though. And it would introduce some performance
issues with gettimeofday, which is supposed to be fast.
I've been trying to get away from using struct timeval,
and to use the higher-resolution struct timespec instead,
so messing with these obsolescent interfaces has been
lower priority for me. But if someone wants to take the
more-ambitious approach that'd be fine, I expect.
For this particular case, though, how about if we avoid
the problem entirely? libvirt doesn't need to use struct
timeval here at all. It makes libvirt smaller and probably
faster, and it ports to OpenBSD without messing with gnulib.
Eric Blake [Tue, 4 Sep 2012 16:57:25 +0000 (10:57 -0600)]
build: use correct libraries for clock_gettime
On OpenBSD, clock_gettime() exists in libc rather than librt, and
blindly linking with -lrt made the build fail. Gnulib already
did the work for determining which libraries to use, so we should
reuse that work rather than doing it ourselves.
After discussion with DB we decided to rename the new iolimit
element as it creates the impression it would be there to
limit (i.e. throttle) I/O instead of specifying immutable
characteristics of a block device.
This is also backed by the fact that the term I/O Limits has
vanished from newer storage admin documentation.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
When reboot using qemu guest agent was requested, qemu driver kept
waiting for SHUTDOWN event from qemu. However, such event is never
emitted during guest reboot and qemu driver would keep waiting forever.
Fix mingw64 build by using intptr_t for int->void* casts
The viratomictest.c was casting from an int to a void* via a
long. This works on Linux or Mingw32, but fails on Mingw64
due to a pointer/integer size mis-match. Replacing 'long'
with 'intptr_t' ensures matching type sizes
This patch adds support for running qemu guests with the required
parameters to forcefully enable or disable BIOS advertising of S3 and
S4 states. The support for this is added to capabilities and there is
also a qemu command parameter parsing implemented.
There is a new <pm/> element implemented that can control what ACPI
sleeping states will be advertised by BIOS and allowed to be switched
to by libvirt. The default keeps defaults on hypervisor, otherwise
forces chosen setting.
The documentation of the pm element is added as well.
Eric Blake [Fri, 31 Aug 2012 17:07:19 +0000 (10:07 -0700)]
python: don't mask libvirt errors
A user reported this crash when using python bindings:
File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 134, in trigger
hook.trigger(event)
File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 33, in trigger
self.handlers[event]()
File "/home/nox/workspace/NOX/hooks/volatility.py", line 81, in memory_dump
for block in Memory(self.ctx):
File "/home/see/workspace/NOX/src/NOX/lib/libtools.py", line 179, in next
libvirt.VIR_MEMORY_PHYSICAL)
File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1759, in memoryPeek
ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
SystemError: error return without exception set
In the python bindings, returning NULL makes python think an
exception was thrown, while returning the None object lets the
wrappers know that a libvirt error exists.
Reported by Nox DaFox, fix suggested by Dan Berrange.
* python/libvirt-override.c (libvirt_virDomainBlockPeek)
(libvirt_virDomainMemoryPeek): Return python's None object, so
wrapper knows to check libvirt error.
Implementation of iolimits for the qemu driver with
capability probing for block size attribute and
command line generation for block sizes.
Including testcase for qemuxml2argvtest.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
Introducing a new iolimits element allowing to override certain
properties of a guest block device like the physical and logical
block size.
This can be useful for platforms with 'non-standard' disk formats
like S390 DASD with its 4K block size.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
Eric Blake [Tue, 28 Aug 2012 18:11:45 +0000 (11:11 -0700)]
command: shell-quote when logging commands
Without this patch, logged command executions can be ambiguous if
the command contained any shell metacharacters. This has caused
more than one person to attempt to patch clients to add unnecessary
quoting, without realizing that the command itself was run with
correct args, and only the logged output was ambiguous.
Peter Krempa [Fri, 24 Aug 2012 10:39:53 +0000 (12:39 +0200)]
virsh: Improve checking for connection when running commands
Almost each virsh command uses the function vshConnectionUsability
before doing anything, to check if the connection is "alive". Commands
that don't need an conection are already conveniently marked with
VSH_CMD_FLAG_NOCONNECT. We can automaticaly check for the connection
before calling any remote command so we don't forget to do so.
This patch also upgrades the connection check to use virConnectIsAlive
along with the current approach.
After fixing the last review comments on remote port searching (commit a14b4aea512d6c3a42af56207a65ef10ac4a12a1), the commit right after that
wasn't modified accordingly, therefore two values weren't changed as
they should and the configurable ports don't work as expected.
This simple commit changes last two values missed and fixes the issue.
Osier Yang [Fri, 31 Aug 2012 13:44:21 +0000 (21:44 +0800)]
util: Update the inconsistent and outdated comments
The codes were updated to allow to reset the device as long as
there is no devices/functions behind the same bus. However, the
comments were kept without touched.
Marcelo Cerri [Fri, 31 Aug 2012 11:40:41 +0000 (13:40 +0200)]
conf: Avoid formatting auto-generated DAC labels
To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.
Marcelo Cerri [Fri, 31 Aug 2012 11:40:40 +0000 (13:40 +0200)]
conf: Fix parsing of seclabels without model
With this patch libvirt tries to assign a model to a single seclabel
when model is missing. Libvirt will look up at host's capabilities and
assign the first model to seclabel.
This patch fixes:
1. The problem with existing guests that have a seclabel defined in its XML.
2. A XML parse error when a guest is restored.
Jiri Denemark [Wed, 29 Aug 2012 14:08:59 +0000 (16:08 +0200)]
qemu: Don't ignore CPU tuning config if required cgroups are missing
When domain XML contains any of the elements for setting up CPU
scheduling parameters (period, quota, emulator_period, or
emulator_quota) we need cpu cgroup to enforce the configuration.
However, the existing code would just ignore silently such settings if
either cgroups were not available at all cpu cgroup was not available.
Moreover, APIs for manipulating CPU scheduler parameters were already
failing if cpu cgroup was not available. This patch makes cpu cgroup
mandatory for all domains that use CPU scheduling elements in their XML.
Guannan Ren [Fri, 31 Aug 2012 08:45:02 +0000 (16:45 +0800)]
cgroup: fix libvirtd crash caused by messed memory
The variable max_id is initialized again in the step of
getting cpu mapping variable map2. But in the next for loop
we still expect original value of max_id, the bug will
crash libvirtd when using on NUMA machine with big number
of cpus.
Stefan Berger [Thu, 30 Aug 2012 18:29:50 +0000 (14:29 -0400)]
nwfilter: accept broadcasted DHCP replies in DHCP snooping code
Some DHCP servers send their DHCP replies to the broadcast MAC address
rather than to the MAC address of the VM. The existing DHCP snooping
code assumes that the reply always goes to the MAC address of the VM
thus filtering the traffic of some DHCP servers' replies.
The below patch adapts the code to
1) filter DHCP replies by comparing the MAC address in the reply against
the MAC address of the VM (held in the snoop request)
2) adapts the pcap filter for traffic towards the VM to accept DHCP replies
sent to any MAC address; for further filtering we rely on 1)
3) creates initial rules that are active while waiting for DHCP replies;
these rules now accept DHCP replies to the VM's MAC address or to the
MAC broadcast address
Kyle Mestery [Thu, 30 Aug 2012 20:38:06 +0000 (16:38 -0400)]
Fix adding ports to OVS bridges without VLAN tags
The introduction of the new VLAN code, along with the fix
from 5e465df6be8bcb00f0b4bff831e91f4042fae272, caused the
addition of OVS ports to fail with the following message:
ovs-vsctl: 00002|vsctl|ERR|: missing column name
This fix takes into account the VLAN arguments are optional,
and correctly sets up the command line to run the "ovs-vsctl"
command to add ports to the OVS bridge.
Signed-off-by: Kyle Mestery <kmestery@cisco.com> CC: Eric Blake <eblake@redhat.com>
Jim Fehlig [Thu, 30 Aug 2012 18:53:02 +0000 (12:53 -0600)]
Fix xen driver following changes to make it stateful
Recent work to improve support for loadable driver modules introduced
a regression in the xen driver. The legacy xen driver is now a
stateful, libvirtd driver but was not being registered when building
without driver modules.
A slight behavior change was also noted in the xen drivers when
built as driver modules. Previously, explicitly specifying a
connection URI was not necessary, but now
Compiled against library: libvirt 0.10.0
Using library: libvirt 0.10.0
Using API: QEMU 0.10.0
error: failed to get the hypervisor version
error: internal error Cannot find suitable emulator for x86_64
The xen drivers need to be registered before the qemu driver since
the qemu driver will return success with a null connection URI.
This ordering is safe since the xen drivers will decline when not
running the xen kernel.
Nishank Trivedi [Thu, 30 Aug 2012 19:27:27 +0000 (15:27 -0400)]
Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
If a 8021.Qbh network device supports SRIOV and its VF is being used
in pci passthrough mode, when the guest is shutdown or destroyed, the
PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
finds out the PF for provided hostdev (which is VF) and passes it to
virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
to virNetDevSetOnline() where the interface is brought down by clearing
IFF_UP flag.
Bringing down a PF, when only VF is being brought down is not expected
behavior. This patch adds a check so that virNetDevSetOnline() is called
only for PF and not if device is a VF.
Stefan Berger [Thu, 30 Aug 2012 17:51:27 +0000 (13:51 -0400)]
nwfilter: loop generated too many rules
The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
Peter Krempa [Thu, 30 Aug 2012 13:38:37 +0000 (15:38 +0200)]
vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
definition doesn't fit into the array. The list is an array of pointers
but the function definition didn't support returning the changed pointer
to the caller if it was realloced. This caused segfaults if realloc
would change the base pointer.
Peter Krempa [Thu, 30 Aug 2012 13:31:54 +0000 (15:31 +0200)]
qemu: Fix possible infinite loop and segfault on error path.
virDomainVcpuPinDefCopy when the control flow reaches out of memory
cleanup code, the flow would end in a infinite loop as the loop variable
wasn't decremented.
Also a dereference of NULL pointers was possible if allocation of the
Vcpu pinning definiton structure failed.
Peter Krempa [Thu, 30 Aug 2012 08:58:09 +0000 (10:58 +0200)]
qemu: Clean up security driver initialisation and config file
Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
code (hasDAC can't be efectively set to true, because
virSecurityManagerNew fails to load the "dac" driver).
This patch also enhances the condition for adding the default
auto-detected security manager if the manager array is allocated but
empty.
Also the configuration file for qemu driver still contains reference to
the DAC driver that can't be enabled manualy.
Jiri Denemark [Thu, 30 Aug 2012 12:40:01 +0000 (14:40 +0200)]
qemu: Revert to blocking behavior of qemuAgentCommand
Before commit 05447e3af44ec153314ff97cd611330d9b4b5730, qemuAgentCommand
blocked until it got a reply or appropriate event. When new parameter
was added to qemuAgentCommand in the above commit, all existing callers
of it were updated in a wrong way changing them from blocking to
5-seconds timeout.
The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
be non-NULL unless there is at least one tag. The factthat such a vlan
info pointer was receveid pointed out that a caller was passing the
wrong pointer. Instead of sending &net->vlan, the result of
virDomainNetGetActualVlan(net) should be sent - that function will
look for vlan info in net->data.network.actual->vlan, and in cany case
return NULL instead of a pointer if the vlan info it finds has no
tags.
Aside from causing the crash, sending a hardcoded &net->vlan has the
effect of ignoring vlan info from a <network> or <portgroup> config.
Kyle Mestery [Wed, 29 Aug 2012 18:44:36 +0000 (14:44 -0400)]
Fix a crash when using Open vSwitch virtual ports
Fixup buffer usage when handling VLANs. Also fix the logic
used to determine if the virNetDevVlanPtr is valid or not.
Fixes crashes in the latest code when using Open vSwitch
virtualports.
If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.
This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.
The desired semantics are:
- security_driver not set
-> probe for selinux/apparmour/nop
-> auto-add DAC driver
- security_driver set to a string
-> add that one driver
-> auto-add DAC driver
- security_driver set to a list
-> add all drivers in list
-> auto-add DAC driver
It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Peter Krempa [Wed, 29 Aug 2012 12:19:39 +0000 (14:19 +0200)]
qemu: Refactor initialisation of security drivers.
The security driver loading code in qemu has a flaw that causes it to
register the DAC security driver twice. This causes problems (machines
unable to start) as the two DAC drivers clash together.
This patch refactors the code to allow loading the DAC driver even if
its specified in configuration (it can't be registered as a common
security driver), and does not add the driver twice.
Jiri Denemark [Wed, 29 Aug 2012 13:30:34 +0000 (15:30 +0200)]
qemu: Fix starting domains with no cpu cgroup
If cgroups are enabled in general but cpu cgroup is disabled in
qemu.conf or not mounted at all, libvirt would refuse to start any
domain even though scheduler parameters are not set in domain XML.
This patch makes cpu cgroup mandatory only for domains that actually
want to use it.
Peter Krempa [Tue, 28 Aug 2012 16:29:38 +0000 (18:29 +0200)]
security_dac: Don't return uninitialised value when parsing seclabels
When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.
With this patch, default values (from qemu driver configuration)
are used if the label is not found.
Peter Krempa [Tue, 28 Aug 2012 14:51:05 +0000 (16:51 +0200)]
util: Fix error message when getpwuid_r fails to find the user
getpwuid_r returns success but sets the return structure to NULL when it
fails to deliver data about the requested uid. In our helper code this
created following strange error messages:
" ... cannot getpwuid_r(1234): Success"
This patch creates a more helpful message:
" ... getpwuid_r failed to retrieve data for uid '1234'"
Michal Privoznik [Tue, 28 Aug 2012 10:01:50 +0000 (12:01 +0200)]
build: define 'inline' iff HAVE_LIBNL1
Previous commit 0b4b53bb80 defined 'inline' to prevent broken build on
systems with libnl1 headers. However, it broke build on systems with
libnl3 headers. Therefore we must make that fix conditional.
Eric Blake [Mon, 27 Aug 2012 21:00:59 +0000 (15:00 -0600)]
build: work with older libnl1 headers
Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
assumed the old gcc semantics of 'extern inline' as a C89 extension:
the function will _always_ be inline if it is used, and that
it may be declared extern inline in headers without a definition,
as long as the definition occurs before any use. But when C99
added 'extern inline' as a mandatory feature of the language, with
slightly different semantics than gcc (the function MUST have
external linkage, and the inline definition MUST be present
alongside any declaration, where the compiler can then choose
which of the two versions to use), this rendered the use of
'inline' in libnl's header obsolete. Most distros already solved
this by removing 'inline' (the resulting 'extern' is correct,
regardless of gcc semantics), and libnl-3 does not have the
problem (where it has switched to 'static inline' instead, again
with the definition present, and again, our hack will result in
plain 'static' with no ill effects). But for the case of building
out of the box, we hack around the broken Ubuntu header.
Michal Privoznik [Mon, 27 Aug 2012 15:40:33 +0000 (17:40 +0200)]
qemu: Fix define logic
With current flow in qemudDomainDefine we might lose data
when updating an existing domain. We parse given XML and
overwrite the configuration. Then we try to save the new
config. However, this step may fail and we don't perform any
roll back. In fact, we remove the domain from the list of
domains held up by qemu driver. This is okay as long as the
domain was brand new one.
Michal Privoznik [Mon, 27 Aug 2012 10:24:59 +0000 (12:24 +0200)]
Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code
Currently, when guest agent is configured but not responsive
(e.g. due to appropriate service not running in the guest)
we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
we need to introduce new error code to reflect this case.
Ján Tomko [Mon, 27 Aug 2012 12:51:28 +0000 (14:51 +0200)]
conf: prevent NULL pointer access in virSecurityLabelDefsParseXML
When checking for seclabels without security models, def->nseclabels is
already set to n. In the case of an error def->seclabels is freed but
nseclabels is left untouched. This leads to a segmentation fault when
def is freed in virDomainDefParseXML.
Michal Privoznik [Mon, 27 Aug 2012 08:35:02 +0000 (10:35 +0200)]
qemu: Switch to unified func name
With the latest patches libvirt supports qemu agent monitor
passthrough. However, function in qemu driver is called
qemuDrvDomainAgentCommand. s/Drv// as used in all other names.
qemu: fix regression with spice tls port allocation
In my quest for reusing variables I failed to edit one variable when
fixing details between two patch versions. That results in a failure
to start qemu with autoport and spice tls, because qemu is trying to
bind two sockets to the same port.
The comment mentioning that we cannot control each vcpu when there is
not VCPU<-> PID mapping available is true, however, this isn't
necessarily an error, because this can be caused by old QEMU without
support for "query-cpus" command as well as a software emulated
machines that don't create more than one process.
Laine Stump [Fri, 24 Aug 2012 21:57:42 +0000 (17:57 -0400)]
specfile: require libnl3 for Fedora >= 18 and RHEL >= 7
Everything is ready in both netcf and libvirt to switch over to libnl3
in future releases of both Fedora and RHEL. This needs to be done more
or less simultaneously in both packages, though, because you can't mix
libnl1.1 and libnl3 in the same process (e.g. libvirtd using
libnl-3.so and libnetcf.so, while libnetcf.so uses libnl.so)
This patch does two things when fedora >= 18 || rhel >= 7):
1) requires libnl3-devel
2) requires netcf-devel-0.2.2 or greater
(the idea is that a similar patch is going into netcf's specfile, so
that when a build of netcf is done on F18 or later (or RHEL7 or later)
netcf will be guaranteed to be built with libnl3 rather than
libnl-1.1)
Laine Stump [Sat, 25 Aug 2012 18:09:55 +0000 (14:09 -0400)]
build: add LIBNL_CFLAGS to build of libvirt_lxc
When libvirt_lxc is built, it uses the utility library and #includes
virnetdev.h, which #includes virnetlink.h, which includes
<netlink/msg.h>.
Normally, the netlink include directory would be just off
/usr/include, so that wouldn't create a problem, but on Fedora and
RHEL systems using libnl3, the libnl includes have been moved into
/usr/include/libnl3 (to allow concurrent installation of libnl-1.1).
All other binaries that need it have added $(LIBNL_CFLAGS) to their
CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
that have only libnl3-devel installed. This was previously unnoticed
because everyone was building with libnl headers in
/usr/include/netlink (even on systems with the headers in
/usr/include/libnl3/netlink, many people (like me) usually also have
the libnl1.1 headers in /usr/include/netlink).
This patch adds the necessary CFLAGS for libvirt_lxc.
Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
binary, because it never directly calls libnl functions, but only
calls them indirectly through the util library, which it's already
linking against.
Eric Blake [Mon, 13 Aug 2012 22:59:57 +0000 (16:59 -0600)]
snapshot: rename an enum
The name 'virDomainDiskSnapshot' didn't fit in with our normal
conventions of using a prefix hinting that it is related to a
virDomainSnapshotPtr. Also, a future patch will reuse the
enum for declaring where the VM memory is stored.
Eric Blake [Tue, 14 Aug 2012 00:09:12 +0000 (18:09 -0600)]
snapshot: split snapshot conf code into own file
This has several benefits:
1. Future snapshot-related code has a definite place to go (and I
_will_ be adding some)
2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
classification, which has been underutilized (previously only in
libvirt.c)
* src/conf/domain_conf.h, domain_conf.c: Split...
* src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
* src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
* po/POTFILES.in: Mark new file for translation.
* src/vbox/vbox_tmpl.c: Update caller.
* src/esx/esx_driver.c: Likewise.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_domain.h: Likewise.
Eric Blake [Tue, 14 Aug 2012 06:22:39 +0000 (00:22 -0600)]
snapshot: make virDomainSnapshotObjList opaque
We were failing to react to allocation failure when initializing
a snapshot object list. Changing things to store a pointer
instead of a complete object adds one more possible point of
allocation failure, but at the same time, will make it easier to
react to failure now, as well as making it easier for a future
patch to split all virDomainSnapshotPtr handling into a separate
file, as I continue to add even more snapshot code.
Luckily, there was only one client outside of domain_conf.c that
was actually peeking inside the object, and a new wrapper function
was easy.
Philipp Hahn [Fri, 24 Aug 2012 12:58:52 +0000 (14:58 +0200)]
xen-xs: fix uuid of renamed domain
When the XenStore tdb lives persistently and is not cleared between host
reboots, Xend (version 3.4 and 4.1) re-creates the domain information
located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
hg265950e3df69 to fix a problem when locally migrating a domain to the
host itself.)
When doing so a version number is added to the UUID separated by one
dash, which confuses xenStoreDomainIntroduced(): It iterates over all
domains and tries to lookup all inactive domains using
xenStoreDomainGetUUID(), which fails if the running domain is renamed:
virUUIDParse() fails to parse the versioned UUID and the domain is
flagged as missing. When this happens the function delays .2s and
re-tries 20 times again, multiplied by the number of renamed VMs.
14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again
Michal Privoznik [Fri, 24 Aug 2012 10:36:03 +0000 (12:36 +0200)]
security: Add DAC to security_drivers
Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
fails to initialize as DAC driver is not found because it is missing
in our security drivers array.
Laine Stump [Fri, 24 Aug 2012 05:38:19 +0000 (01:38 -0400)]
nwfilter: don't log error if firewalld is disabled, improve diagnostics
The original patch to support firewalld in nwfilter wasn't personally
checking the exit status of firewall-cmd, but was instead sending NULL
in the *exitstatus arg, which meant that virCommandWait would log an
error just for the exit status being non-0 (and a "more scary than
useful" error at that).
We don't want to treat this as an error, though, just as a reason to
use standard (ip|eb)tables commands instead of firewall-cmd.
This patch modifies the virCommandRun in the nwfilter code to request
status back from the caller. This avoids virCommandWait logging an
error message, and allows the caller to do as it likes after examining
the status.
The VIR_DEBUG() logged when firewalld is enabled has also been
reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
added in the case that firewalld is *not* found+enabled.
request an exit status from virCommandRun (thus assuring that
virCommandRun won't log any errors just due to a non-0 exit status),
but then fail to examine that exit status. This could result in the
functions believing that the call to "vzlist" was successful, even
though it may have encountered an error.
projects / people / liuw / libxenctrl-split / libvirt.git / log