(with a slight name change to use "...begin" rather than
"...start"). This implements transactional changes to the host network
config. When a transaction is begun with ncf_change_begin(), all other
netcf APIs will continue to work as they always have, but a snapshot
of the existing config will be taken, allowing reversion (rollback,
using ncf_change_rollback()) to the exact state of config at the time
ncf_change_begin() was called. Alternately, if it's determined that
the new changes are acceptable, ncf_change_commit() can be called,
which will eliminate the snapshot and make the changes permanent.
As a failsafe measure, if neither ncf_change_commit() or
ncf_change_rollback() is called by the next time the system reboots,
the netcf-transaction initscript will be automatically called to
rollback the changes.
Hu Tao [Fri, 27 May 2011 07:35:11 +0000 (15:35 +0800)]
Add new flags for setting memory parameters
The new flags allow to pick current state, config or the live
parameter, with current being the existing API default (0).
This also hooks this to --config, --live, --current parameters for
the memtune virsh command
* include/libvirt/libvirt.h.in: defines the new flags
* tools/virsh.c: adds support at virsh level
* tools/virsh.pod: updates virsh documentation
qemu : support persistent add/delete network interface
This patch allows to modify interfaces of domain(qemu)
* src/conf/domain_conf.c src/conf/domain_conf.h src/libvirt_private.syms:
(virDomainNetInsert) : Insert a network device to domain definition.
(virDomainNetIndexByMac) : Returns an index of net device in array.
(virDomainNetRemoveByMac): Remove a NIC of passed MAC address.
* src/qemu/qemu_driver.c
(qemuDomainAttachDeviceConfig): add codes for NIC.
(qemuDomainDetachDeviceConfig): add codes for NIC.
Matthias Bolte [Thu, 26 May 2011 15:40:51 +0000 (17:40 +0200)]
esx: Fix regression in absolute file name handling
Before commit 145d6cb05c45f4 (in August 2010) absolute file names
in VMX and domain XML configs were handled correctly. But this got
lost during the refactoring. The test cases didn't highlight this
problem because they have their own set of file name handling
functions. The actual ones require a real connection to an ESX
server. Also the test case functions always worked correctly.
Fix the regression and add a new in-the-wild VMX file that contains
such a problematic absolute path. Even though this test case won't
protect against new regressions.
commit f0443765 which replaced openvz_readline to getline(3)
broke OpenVZ driver as it changed semantics of EOF-handling
when parsing OpenVZ configuration.
There're several other issues reported with current OpenVZ driver:
#1: unclear error message when parsing "CPUS=" line
#2: openvz driver goes into crashing loop
#3: "NETIF=" line in configuration is not parsed correctly
#4: aborts even when optional parameter is missing
#5: there's a potential memory leak
This updated patch to fix #[145]. This patch does not fix #[23]
as I haven't verified these yet, but this at least got me to run
OpenVZ on libvirt once again.
qemu: allow blkstat/blkinfo calls during migration
Originally most of libvirt domain-specific calls were blocking
during a migration.
A new mechanism to allow specific calls (blkstat/blkinfo) to be
executed in such condition has been implemented.
In the long term it'd be desirable to get a more general
solution to mark further APIs as migration safe, without needing
special case code.
* src/qemu/qemu_migration.c: add some additional job signal
flags for doing blkstat/blkinfo during a migration
* src/qemu/qemu_domain.c: add a condition variable that can be
used to efficiently wait for the migration code to clear the
signal flag
* src/qemu/qemu_driver.c: execute blkstat/blkinfo using the
job signal flags during migration
Markus Groß [Thu, 26 May 2011 15:27:06 +0000 (23:27 +0800)]
Add disk attach/detach support to libxl driver
Based on the device attach/detach code from the QEMU driver,
but using the new functions to create the structures associated.
* src/libxl/libxl_driver.c: implements domainAttachDevice,
domainAttachDeviceFlags, domainDetachDevice, domainDetachDeviceFlags
and domainUpdateDeviceFlags
Markus Groß [Thu, 26 May 2011 15:09:01 +0000 (23:09 +0800)]
Refactored libxl datastructure instantiation
Create 3 new function refactored from previous list ones and
exports them internally to the driver
* src/libxl/libxl_conf.c src/libxl/libxl_conf.h: create libxlMakeDisk,
libxlMakeNic libxlMakeVfb out of the exsting static List functions
and exports them
Markus Groß [Thu, 26 May 2011 14:28:23 +0000 (22:28 +0800)]
Fix modifying disk devices in qemu driver
When modifying the disk devices of a live domain and the domain
configuration, the function qemuDomainAttachDeviceConfig
first sets dev->data->disk to NULL. Later qemuDomainAttachDeviceLive
accesses dev->data.disk and causes a segfault.
* src/qemu/qemu_driver.c: fix qemuDomainModifyDeviceFlags() accordingly
Eric Blake [Wed, 11 May 2011 20:26:06 +0000 (14:26 -0600)]
build: fix 'make dist' for ./configure --without-remote
Anything generated that must end up in the tarball must either
have unconditional rules for generation (remote_protocol.c) or
must live in libvirt.git for the case where the person running
'make dist' has disabled the configure options that control the
rebuild of the generated file (remote_protocol-structs).
* src/Makefile.am (remote_protocol-structs): Add a dependency and
document why it must live in git.
($(srcdir)/remote/%_protocol.c, $(srcdir)/remote/%_protocol.c):
Unconditionally generate.
Currently, qemu silently clips any JSON integer in the range
0x8000000000000000 - 0xffffffffffffffff (all numbers in this range
will be clipped to 0x7fffffffffffffff == LLONG_MAX).
To avoid this, pass these as signed 64 bit integers in the QMP
request.
Matthias Bolte [Sat, 21 May 2011 14:20:44 +0000 (16:20 +0200)]
Fix sign mismatches between public API, driver API and XDR protocol
In most cases this affects flags parameters that are unsigned in the
public and driver API but signed in the XDR protocol. Switch the
XDR protocol to unsigned for those.
A counterexample is virNWFilterGetXMLDesc. Its flags parameter is signed
in the public API and XDR protocol, but unsigned in the driver API.
Matthias Bolte [Sat, 21 May 2011 09:16:07 +0000 (11:16 +0200)]
remote generator: Make call-by-reference handling stricter
Several functions return values by reference parameters. This is realized
by passing the members of remote_CALL_ret by reference to the called
function.
The position of this parameters in the function signature follows some
patterns with some exceptions. This patterns and exceptions are hardcoded
in the generator.
Add an insert@<offset> annotation to the remote_CALL_ret struct members
for functions that return lists to remove some of the hardcoded patterns
and exceptions.
Fix the signature of virDomainMigrateFinish3 for error reporting
The current virDomainMigrateFinish3 method signature attempts to
distinguish two types of errors, by allowing return with ret== 0,
but ddomain == NULL, to indicate a failure to start the guest.
This is flawed, because when ret == 0, there is no way for the
virErrorPtr details to be sent back to the client.
Change the signature of virDomainMigrateFinish3 so it simply
returns a virDomainPtr, in the same way as virDomainMigrateFinish2
The disk locking code will protect against the only possible
failure mode this doesn't account for (loosing conenctivity to
libvirtd after Finish3 starts the CPUs, but before the client
sees the reply for Finish3).
* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Change
virDomainMigrateFinish3 to return a virDomainPtr instead of int
* src/remote/remote_driver.c, src/remote/remote_protocol.x,
daemon/remote.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c:
Update for API change
When doing migration, if an error occurs in Perform, it must not
be overwritten during Finish/Confirm steps. If an error occurs
in Finish, it must not be overwritten in Confirm.
Previous commit a9d12c2444e43a0d3e5135eb15b4b62a7c011427 added
code to qemudDomainMigrateFinish2 to preserve the error. This
is not the right place, because it is not applicable in non-p2p
migration. The src/libvirt.c virDomainMigrateV2/3 methods need
code to preserve errors for non-p2p migration, while the
doPeer2PeerMigrate2 and doPeer2PeerMigrate3 methods contain
code to preverse errors for p2p migration.
Remove the bogus error preservation from qemudDomainMigrateFinish2
and qemudDomainMigrateFinish3.
Fix virDomainMigrateV3 and doPeer2PeerMigrate3 so that they
preserve any error hit during the Finish3 step, before invoking
Confirm3.
Finally if qemuMigrationFinish fails to resume the CPUs, it must
preserve the error before tearing down the VM, so that VM cleanup
doesn't overwrite it.
* src/libvirt.c: Preserve error before invoking Confirm3
* src/qemu/qemu_driver.c: Remove bogus error preservation
code in qemudDomainMigrateFinish2/qemudDomainMigrateFinish3
* src/qemu/qemu_migration.c: Preserve error before invoking Confirm3
and after resume fails in qemuMigrationFinish.
* src/libvirt.c: Add further debug lines in helper APIs for
migration
* src/qemu/qemu_migration.c: Add debug lines for all internal
migration API parameters
Fix error propagation in finish method for v3 migration
Even when failing to start CPUs, the finish method was returning
a success result. Fix this so that the QEMU process is killed
off when finish fails under v3 protocol. Also rename the
killOnFinish boolean to 'v3proto' to make it clearer that this
is a tunable based on the migration protocol version
* src/qemu/qemu_driver.c: Update for API change
* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Kill
VM in qemuMigrationFinish if failing to start CPUs
The SPICE seamless migration process requires data to be passed
back from the target host, to the source host via a cookie.
The cookie includes the target host's hostname, but this was not
stored, merely validated. This patch explicitly records the
remote hostname after parsing the cookie, and uses it when
initiating the SPICE migration
Fix resume on destination when doing non-live tunnelled migration
Before running perform in peer-2-peer migration, the current
guest state must be recorded, so that non-live migration can
currently unpause a running guest on completion.
* src/qemu/qemu_migration.c: Move check for offline guest
to fix non-live migration
There are two pieces of information which are desirable for
migration, which cannot be supplied by applications
- The explicit QEMU migration URI, while using Peer2Peer
migration
- An override for the target VM XML
This introduces two new public APIs to support these extra
parameters. There is no need for extra wire protocool changes,
since this is supported by the v3 migration enhancements
* include/libvirt/libvirt.h.in,
src/libvirt.c, src/libvirt_public.syms: Add virDomainMigrate2
and virDomainMigrateToURI2
Add a second URI parameter to virDomainMigratePerform3 method
The virDomainMigratePerform3 currently has a single URI parameter
whose meaning varies. It is either
- A QEMU migration URI (normal migration)
- A libvirtd connection URI (peer2peer migration)
Unfortunately when using peer2peer migration, without also
using tunnelled migration, it is possible that both URIs are
required.
This adds a second URI parameter to the virDomainMigratePerform3
method, to cope with this scenario. Each parameter how has a fixed
meaning.
NB, there is no way to actually take advantage of this yet,
since virDomainMigrate/virDomainMigrateToURI do not have any
way to provide the 2 separate URIs
* daemon/remote.c, src/remote/remote_driver.c,
src/remote/remote_protocol.x, src/remote_protocol-structs: Add
the second URI parameter to perform3 message
* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Add
the second URI parameter to Perform3 method
* src/libvirt_internal.h, src/qemu/qemu_migration.c,
src/qemu/qemu_migration.h: Update to handle URIs correctly
Extend v3 migration protocol to allow app supplied XML for target
This extends the v3 migration protocol such that the
virDomainMigrateBegin3 and virDomainMigratePerform3
methods accept an application supplied XML config for
the target VM.
If the 'xmlin' parameter is NULL, then Begin3 uses the
current guest XML as normal. A driver implementing the
Begin3 method should either reject all non-NULL 'xmlin'
parameters, or strictly validate that the app supplied
XML does not change guest ABI.
The Perform3 method also needed the xmlin parameter to
cope with the Peer2Peer migration sequence.
NB it is not yet possible to use this capability since
neither of the public virDomainMigrate/virDomainMigrateToURI
methods have a way to pass in XML.
Matthias Bolte [Wed, 25 May 2011 13:52:34 +0000 (15:52 +0200)]
esx: Report an error when auth pointer is missing instead of declining
Otherwise an attempt to use virConnectOpen or virConnectOpenAuth without
auth pointer results in the driver declining the URI and libvirt falling
back to the remote driver for an esx:// URI.
Jim Fehlig [Mon, 23 May 2011 22:06:00 +0000 (16:06 -0600)]
Fix initialization of current vcpus in libxl driver
The cur_vcpus member of struct libxl_domain_build_info was incorrectly
initialized to the number of vcpus, when it should have been interpreted
as a bitmap, where bit X corresponds to online/offline status of vcpuX.
To complicate matters, cur_vcpus is an int, so only 32 vcpus can be
set online. Add a check to ensure vcpus does not exceed this limit.
V2: Eric Blake noted a compilation pitfal when '1 << 32' on an int.
Account for vcpus == 32.
Michal Privoznik [Tue, 24 May 2011 12:36:08 +0000 (14:36 +0200)]
qemu: Don't change ownership of file when appending to it
Saving domain to previously created file changes also its ownership.
This is certainly not what users want if some conditions are met:
it is a regular, local file and dynamic_ownership is off.
Laine Stump [Mon, 23 May 2011 17:38:32 +0000 (13:38 -0400)]
qemu: fix typo in name - should be VHOST_NET, not VNET_HOST
NB: the enum that uses the string vnet-host (now changed to vhost-net)
is used in XML, but fortunately that hasn't been in an official
release yet, so it can still be fixed.
Fix QEMU -vnc arg generation with raw IPv6 addresses
Since -vnc uses ':' to separate the address from the port, raw
IPv6 addresses need to be escaped like [addr]:port
* src/qemu/qemu_command.c: Escape raw IPv6 addresses with []
* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml: Tweak
to test Ipv6 escaping
* docs/schemas/domain.rng: Allow Ipv6 addresses, or hostnames
in <graphics> listen attributes
The qemuMigrationConfirm method shouldn't deal with final VM
cleanup, since it can be called from the peer2peer migration,
which expects to still use the 'vm' object afterwards.
Push the cleanup code out of qemuMigrationConfirm, into its
caller, qemuDomainMigrateConfirm3
* src/qemu/qemu_driver.c: Add VM cleanup code to
qemuDomainMigrateConfirm3
* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
job handling cleanup from qemuMigrationConfirm
Jiri Denemark [Sun, 22 May 2011 14:05:07 +0000 (17:05 +0300)]
Replace all remaining setgid/setuid calls with virSetUIDGID
Two additional places need initgroups call to properly work in an
environment where the UID is allowed to open/create stuff through its
supplementary groups.
Michal Privoznik [Mon, 23 May 2011 12:41:00 +0000 (14:41 +0200)]
python: Don't free must-not-free variables
py_str() function call PyString_AsString(). As written in documentation,
the caller must not free the returned value, because it points to some
internal structures.
Alon Levy [Mon, 23 May 2011 15:16:42 +0000 (18:16 +0300)]
spice: support streaming-video parameter
This adds a streaming-video=filter|all|off attribute. It is used to change
the behavior of video stream detection in spice, the default is filter (the
default for libvirt is not to specify it - the actual default is defined in
libspice-server.so).
The capabilities code only sets the flag to allow use of vhost-net if
kvm is detected (set if the help string contains "(qemu-kvm-" or
"(kvm-"), but actually vhost-net is available in some qemu builds that
don't have kvm in their name, so just checking for ",vhost=" is enough.
Doug Goldstein [Fri, 20 May 2011 20:18:09 +0000 (15:18 -0500)]
Use per-user TLS certificates when possible
When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.
Eric Blake [Thu, 12 May 2011 15:29:51 +0000 (09:29 -0600)]
build: require newer gettext
Now that RHEL 5.6 ships with gettext 0.17, we can get out of the
stone age and use the newer gettext capabilities and improved
macros for certain configure tests.
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
(MKINSTALLDIRS): Delete hack that is no longer needed.
* bootstrap.conf (buildreq): Check for minimum gettext version.
Based on a report by Wen Congyang.
Don't generate cookies with v2 migration protocol.
The v2 migration protocol had a limit on cookie length that was
too small to be useful for QEMU. Avoid generating cookies with
v2 protocol, so that old libvirtd can still reliably migrate a
guest to new libvirtd uses v2 protocol.
* src/qemu/qemu_driver.c: Avoid migration cookies with v2
migration
Fix QEMU migration cookie crash for guests with no graphics
When generating a cookie for a guest with no data, the
QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
graphics data was added. Avoid setting the flag unless
it was needed, also add a safety check for mig->graphics
being non-NULL
* src/qemu/qemu_migration.c: Avoid cookie crash for guest
with no graphics
Ensure p2p and direct migration use the new v3 protocol if available
The internal virDomainMigratePeer2Peer and virDomainMigrateDirect
helper methods were not checking whether the target supports the
v3 migration protocol.
* src/libvirt.c: Use v3 migration protocol for p2p/direct
migration if available.
Blank out the 'listenAddr' parameter if empty string
Some bogus apps are generating a VNC/SPICE/RFB listen attribute
with no content. This then causes a failure with the graphics
migration cookie parsing. Blank out the 'listenAddr' parameter
after parsing domain XML if it is the empty string, so the host
default takes over
* src/qemu/qemu_migration.c: Blank out listenAddr parameter
if empty
Eric Blake [Wed, 11 May 2011 22:48:35 +0000 (16:48 -0600)]
remote: remove special case for getting version
The on-the-wire protocol is identical; XDR guarantees that
both 'hyper' and 'unsigned hyper' are transmitted as 8 bytes.
* src/remote/remote_protocol.x (remote_get_version_ret)
(remote_get_lib_version_ret): Match public API.
* daemon/remote_generator.pl: Drop special case.
* src/remote_protocol-structs: Reflect updated type.
Eric Blake [Thu, 12 May 2011 01:41:46 +0000 (19:41 -0600)]
build: silence clang false positive
Clang couldn't quite see that the same condition of
(flags & VIR_DOMAIN_MEM_CONFIG) is used twice, such that
the second block is guaranteed that def was assigned in
the first block.
* src/libxl/libxl_driver.c (libxlDomainSetMemoryFlags): Add a hint
for clang.
Eric Blake [Mon, 14 Mar 2011 20:30:24 +0000 (14:30 -0600)]
virsh: optimize creation of default connection
Ramon de Carvalho Valle reported a problem with:
virsh connect qemu:///system
as a non-root user. The real root problem appears to be a regression
in libvirtd being auto-started on the default qemu:///session URI;
however, the symptom points to an independent flaw in virsh - we
shouldn't be wasting efforts on making a connection if we aren't going
to be using that connection. Fixing virsh avoids Ramon's issue, while
I work in the meantime to fix the real libvirtd regression.
This patch looks big, but that's because 'gcc -Wmissing-field-initializers'
gets triggered by './autobuild.sh --enable-compile-warnings=error', so I
had to add 0 initialization to everyone (rather than my preference of
just adding the non-zero flags to virshCmds and to cmdConnect).
Meanwhile, if you use 'virsh -c URI', the connection must succeed; this
patch _only_ optimizes the default connection to be deferred to a later
point where we know if a particular command to be run needs a connection.
* tools/virsh.c (VSH_CMD_FLAG_NOCONNECT): New flag.
(vshCmdDef): Add new flags field.
(vshCommandRun): Honor new flag.
(domManagementCmds, domMonitoringCmds, storagePoolCmds)
(storageVolCmds, networkCmds, nodedevCmds, ifaceCmds)
(nwfilterCmds, secretCmds, virshCmds, snapshotCmds)
(hostAndHypervisorCmds): Populate new field.
(vshReconnect): Don't warn on initial connection.
Matthias Bolte [Wed, 18 May 2011 08:52:57 +0000 (10:52 +0200)]
Clarify the semantic of virDomainGetSchedulerParameters arguments
params and nparams are essential and cannot be NULL. Check this in
libvirt.c and remove redundant checks from the drivers (e.g. xend).
Instead of enforcing that nparams must point to exact same value as
returned by virDomainGetSchedulerType relax this to a lower bound
check. This is what some drivers (e.g. xen hypervisor and esx)
already did. Other drivers (e.g. xend) didn't check nparams at all
and assumed that there is enough space in params.
Unify the behavior in all drivers to a lower bound check and update
nparams to the number of valid values in params on success.
Matthias Bolte [Wed, 18 May 2011 07:55:32 +0000 (09:55 +0200)]
Clarify semantic of nparams argument of virDomainGetSchedulerType
Some drivers assumed it can be NULL (e.g. qemu and lxc) and check it
before assigning to it, other drivers assumed it must be non-NULL
(e.g. test and esx) and just assigned to it.
Unify this to nparams being optional and document it.
Cole Robinson [Thu, 12 May 2011 21:22:29 +0000 (17:22 -0400)]
Fix messages using VIR_ERR_XML_ERROR
This error code has existed since the dawn of time, yet the messages it
generates are almost universally busted. Here's a small sampling:
src/conf/domain_conf.c:4889 : XML description for missing root element is not well formed or invalid
src/conf/domain_conf.c:4951 : XML description for unknown device type is not well formed or invalid
src/conf/domain_conf.c:5460 : XML description for maximum vcpus must be an integer is not well formed or invalid
src/conf/domain_conf.c:5468 : XML description for invalid maxvcpus %(count)lu is not well formed or invalid
Fix up the error code to instead be
XML error: <msg>
Adjust the few locations that were using the original correctly (or shouldn't
have been using the error code at all).
v2:
Fix wording of error code without a passed argument
Eric Blake [Tue, 17 May 2011 17:44:53 +0000 (11:44 -0600)]
libvirt.h: consolidate typed parameter handling
The new type is identical to the three old types that it replaces,
and by creating a common type, this allows future patches to share
common code that manipulates typed parameters.
This change is backwards-compatible in API (recompilation works
without any edits) and ABI (an older client that has not been
recompiled uses the same layout) for code using only public
names; only code using private names (those beginning with _)
will have to adapt.
* include/libvirt/libvirt.h.in (virTypedParameterType)
(VIR_TYPED_PARAM_FIELD_LENGTH, _virTypedParameter): New enum,
macro, and type.
(virSchedParameter, virBlkioParameter, virMemoryParameter):
Rewrite in terms of a common type, while keeping all old public
names for backwards compatibility.
(struct _virSchedParameter, struct _virBlkioParameter)
(struct _virMemoryParameter): Delete - these are private names.
* python/generator.py (enum): Cope with the refactoring.
Add support for 'passthru' mode for direct network interfaces
starting with kernel 2.6.38 macvtap supports a 'passthru' mode for
attaching virtual functions of a SRIOV capable network card directly to a VM.
This patch adds the capability to configure such a device.
Eric Blake [Mon, 16 May 2011 19:27:42 +0000 (13:27 -0600)]
build: drop unused <sys/syslimits.h> header
<sys/syslimits.h> is not standardized, so portable programs should
not need to rely on it. If there really is something that we need
where <sys/syslimits.h> provided the limit but <limits.h> did not,
then that would be a candidate for fixing in gnulib. But this patch
did not turn up any compilation failures on Linux.
* src/internal.h (includes): Drop unused header.
* daemon/libvirtd.h (includes): Likewise.
* configure.ac (AC_CHECK_HEADERS): Likewise.
Based on a report by Matthias Bolte.
Eric Blake [Mon, 16 May 2011 21:37:15 +0000 (15:37 -0600)]
build: tolerate unlimited group size
POSIX allows sysconf(_SC_GETPW_R_SIZE_MAX) to return -1 if there
is no fixed limit, and requires ERANGE errors to track real size.
Model our behavior after the example in POSIX itself:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html
Also, on error for get*_r functions, errno is undefined, and the
real error was the return value.
* src/util/util.c (virGetUserEnt, virGetUserID, virGetGroupID)
(virSetUIDGID): Cope with sysconf failure or too small buffer.
Reported by Matthias Bolte.
projects / libvirt.git / log