Adam Litke [Fri, 22 Jul 2011 05:41:55 +0000 (13:41 +0800)]
Enable the virDomainBlockPull API in virsh
Define two new virsh commands:
* blockpull: Initiate a blockPull for the given disk
* blockjob: Retrieve progress info, modify speed, and cancel active block jobs
Share print_job_progress() with the migration code.
Adam Litke [Fri, 22 Jul 2011 05:39:37 +0000 (13:39 +0800)]
Implement virDomainBlockPull for the qemu driver
The virDomainBlockPull* family of commands are enabled by the
following HMP/QMP commands: 'block_stream', 'block_job_cancel',
'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
streaming by using the proper qemu monitor commands.
* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
Adam Litke [Fri, 22 Jul 2011 05:31:16 +0000 (13:31 +0800)]
Add virDomainBlockPull support to the remote driver
The generator can handle everything except virDomainGetBlockJobInfo().
* src/remote/remote_protocol.x: provide defines for the new entry points
* src/remote/remote_driver.c daemon/remote.c: implement the client and
server side for virDomainGetBlockJobInfo.
* src/remote_protocol-structs: structure definitions for protocol verification
* src/rpc/gendispatch.pl: Permit some unsigned long parameters
Adam Litke [Fri, 22 Jul 2011 05:18:06 +0000 (13:18 +0800)]
Add new API virDomainBlockPull* to headers
Set up the types for the block pull functions and insert them into the
virDriver structure definition. Symbols are exported in this patch to
prevent
documentation compile failures.
* include/libvirt/libvirt.h.in: new API
* src/driver.h: add the new entry to the driver structure
* python/generator.py: fix compiler errors, the actual python bindings
* are
implemented later
* src/libvirt_public.syms: export symbols
* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
* API
Eric Blake [Wed, 20 Jul 2011 04:29:26 +0000 (22:29 -0600)]
save: new API to manipulate save file images
Modifying the xml on either save or restore only gets you so
far - you have to remember to 'virsh dumpxml dom' just prior
to the 'virsh save' in order to have an xml file worth modifying
that won't be rejected due to abi breaks. To make this more
powerful, we need a way to grab the xml embedded within a state
file, and from there, it's not much harder to also support
modifying a state file in-place.
Also, virDomainGetXMLDesc didn't document its flags.
* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New prototypes.
* src/libvirt.c (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New API.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
(virDrvDomainSaveImgeDefineXML): New driver callbacks.
Eric Blake [Thu, 14 Jul 2011 23:22:53 +0000 (17:22 -0600)]
save: support bypass-cache flag in libvirt-guests init script
libvirt-guests is a perfect use case for bypassing the file system
cache - lots of filesystem traffic done at system shutdown, where
caching is pointless, and startup, where reading large files only
once just gets in the way. Make this a configurable option in the
init script, but defaulting to existing behavior.
* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.
Eric Blake [Tue, 19 Jul 2011 21:54:48 +0000 (15:54 -0600)]
save: support bypass-cache flag in qemu.conf
When auto-dumping a domain on crash events, or autostarting a domain
with managed save state, let the user configure whether to imply
the bypass cache flag.
* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
Document new variables.
* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
Honor them.
Eric Blake [Mon, 11 Jul 2011 21:26:33 +0000 (15:26 -0600)]
save: add virFileDirectFd wrapper type
O_DIRECT has stringent requirements. Rather than make lots of changes
at each site that wants to use O_DIRECT, it is easier to offload
the work through a helper process that mirrors the I/O between a
pipe and the actual direct fd, so that the other end of the pipe
no longer has to worry about constraints.
Plus, if the kernel ever gains better posix_fadvise support, then we
only have to touch a single file to let all callers benefit from a
more efficient way to avoid file system caching.
* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
* src/util/virdirect.c: Implement new wrapper object.
* src/libvirt_private.syms (virfile.h): Export new symbols.
* cfg.mk (useless_free_options): Add to list.
* po/POTFILES.in: Add new translations.
Eric Blake [Tue, 12 Jul 2011 14:35:05 +0000 (08:35 -0600)]
save: let iohelper work on O_DIRECT fds
Required for a coming patch where iohelper will operate on O_DIRECT
fds. There, the user-space memory must be aligned to file system
boundaries (at least 512, but using page-aligned works better, and
some file systems prefer 64k). Made tougher by the fact that
VIR_ALLOC won't work on void *, but posix_memalign won't work on
char * and isn't available everywhere.
This patch makes some simplifying assumptions - namely, output
to an O_DIRECT fd will only be attempted on an empty seekable
file (hence, no need to worry about preserving existing data
on a partial block, and ftruncate will work to undo the effects
of having to round up the size of the last block written), and
input from an O_DIRECT fd will only be attempted on a complete
seekable file with the only possible short read at EOF.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
* src/util/iohelper.c (runIO): Use aligned memory, and handle
quirks of O_DIRECT on last write.
Eric Blake [Tue, 12 Jul 2011 15:17:52 +0000 (09:17 -0600)]
save: let iohelper handle inherited fd
Rather than making the iohelper subject to a race in reopening
the file, it is nicer to pass an already-open fd by inheritance.
The old synopsis form must continue to work - if someone updates
their libvirt package and installs a new libvirt_iohelper but
without restarting the old libvirtd daemon, then the daemon can
still make calls using the old syntax but the new iohelper.
* src/util/iohelper.c (runIO): Split code for open...
(prepare): ...to new function.
(usage): Update synopsis.
(main): Allow alternate calling form.
* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.
Eric Blake [Sat, 9 Jul 2011 02:55:29 +0000 (20:55 -0600)]
save: wire up trivial save/restore flags implementations
For all hypervisors that support save and restore, the new API
now performs the same functions as the old.
VBox is excluded from this list, because its existing domainsave
is broken (there is no corresponding domainrestore, and there
is no control over the filename used in the save). A later
patch should change vbox to use its implementation for
managedsave, and teach start to use managedsave results.
Eric Blake [Thu, 21 Jul 2011 18:13:59 +0000 (12:13 -0600)]
error: add new error type for reflecting partial API support
VIR_ERR_INVALID_ARG implies that an argument cannot possibly
be correct, given the current state of the API.
VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
wrong, but arguments aren't configuration.
VIR_ERR_NO_SUPPORT implies that a function is completely
unimplemented.
But in the case of a function that is partially implemented,
yet the full power of the API is not available for that
driver, none of the above messages make sense. Hence a new
error message, implying that the argument is known to comply
with the current state of the API, and that while the driver
supports aspects of the function, it does not support that
particular use of the argument.
A good use case for this is a driver that supports
virDomainSaveFlags, but not the dxml argument of that API.
It might be feasible to also use this new error for all functions
that check flags, and which accept fewer flags than what is possible
in the public API. But doing so would get complicated, since
neither libvirt.c nor the remote driver may do flag filtering,
and every other driver would have to do a two-part check, first
using virCheckFlags on all public flags (which gives
VIR_ERR_INVALID_ARG for an impossible flag), followed by a
particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
possible public flag but unsupported by this driver).
* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
error.
* src/util/virterror.c (virErrorMsg): Give it a message.
Suggested by Daniel P. Berrange.
Eric Blake [Thu, 21 Jul 2011 19:41:15 +0000 (13:41 -0600)]
build: fix bugs with destroyFlags patches
Build failure on xenapi_driver from compiler warnings (flags was unused).
Build failure on xen (incorrect number of arguments). And in fixing
that, I obeyed the comments of struct xenUnifiedDriver that state
that we want to minimize the number of callback functions in that
struct, not add to it.
Laine Stump [Mon, 4 Jul 2011 06:27:12 +0000 (02:27 -0400)]
network: internal API functions to manage assignment of physdev to guest
The network driver needs to assign physical devices for use by modes
that use macvtap, keeping track of which physical devices are in use
(and how many instances, when the devices can be shared). Three calls
are added:
networkAllocateActualDevice - finds a physical device for use by the
domain, and sets up the virDomainActualNetDef accordingly.
networkNotifyActualDevice - assumes that the domain was already
running, but libvirtd was restarted, and needs to be notified by each
already-running domain about what interfaces they are using.
networkReleaseActualDevice - decrements the usage count of the
allocated physical device, and frees the virDomainActualNetDef to
avoid later accidentally using the device.
bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
functions are all #defined to be "0" in the .h file (effectively
becoming a NOP) to prevent link errors.
qemu_(command|driver|hotplug|process).c - add calls to the above APIs
in the appropriate places.
tests/Makefile.am - we need to include libvirt_driver_network.la
whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
symbols (in functions that are never called by the test
programs...)
Laine Stump [Wed, 20 Jul 2011 04:06:45 +0000 (00:06 -0400)]
qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
This is the one function outside of domain_conf.c that plays around
with (even modifying) the internals of the virDomainNetDef, and thus
can't be fixed up simply by replacing direct accesses to the fields of
the struct with the GetActual*() access functions.
In this case, we need to check if the defined type is "network", and
if it is *then* check the actual type; if the actual type is "bridge",
then we can at least put the bridgename in a place where it can be
used; otherwise (if type isn't "bridge"), we behave exactly as we used
to - just null out *everything*.
Laine Stump [Mon, 4 Jul 2011 01:57:45 +0000 (21:57 -0400)]
qemu: use virDomainNetGetActual*() functions where appropriate
The qemu driver accesses fields in the virDomainNetDef directly, but
with the advent of the virDomainActualNetDef, some pieces of
information may be found in a different place (the ActualNetDef) if
the network connection is of type='network' and that network is of
forward type='bridge|private|vepa|passthrough'. The previous patch
added functions to mask this difference from callers - they hide the
decision making process and just pick the value from the proper place.
This patch uses those functions in the qemu driver as a first step in
making qemu work with the new network types. At this point, the
virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
function will return exactly what the def->X that's being replaced
would have returned (ie bisecting is not compromised).
There is one place (in qemu_driver.c) where the internal details of
the NetDef are directly manipulated by the code, so the GetActual
functions cannot be used there without extra additional code; that
file will be treated in a separate patch.
Laine Stump [Thu, 30 Jun 2011 21:05:07 +0000 (17:05 -0400)]
network: separate Start/Shutdown functions for new network types
Previously all networks were composed of bridge devices created and
managed by libvirt, and the same operations needed to be done for all
of them when they were started and stopped (create and start the
bridge device, configure its MAC address and IP address, add iptables
rules). The new network types are (for now at least) managed outside
of libvirt, and the network object is used only to contain information
about the network, which is then used as each individual guest
connects itself.
This means that when starting/stopping one of these new networks, we
really want to do nothing, aside from marking the network as
active/inactive.
This has been setup as toplevel Start/Shutdown functions that do the
small bit of common stuff, then have a switch statement to execute
network type-specific start/shutdown code, then do a bit more common
code. The type-specific functions called for the new host bridge and
macvtap based types are currently empty.
In the future these functions may actually do something, and we will
surely add more functions that are similarly patterned. Once
everything has settled, we can make a table of "sub-driver" function
pointers for each network type, and store a pointer to that table in
the network object, then we can replace the switch statements with
calls to functions in the table.
The final step in this will be to add a new table (and corresponding
new functions) for new network types as they are added.
The first of these takes the place of the dev attribute that is
normally in <forward> - when defining a network you can specify
either one, and on output both will be present. If you specify
both on input, they must match.
2) In addition to forward modes of 'nat' and 'route', these new modes
are supported:
private, passthrough, vepa - when this network is referenced by a
domain's interface, it will have the same effect as if the
interface had been defined as type='direct', e.g.:
where ${mode} is one of the three new modes, and ${dev} is an interface
selected from the list given in <forward>.
bridge - if a <forward> dev (or multiple devs) is defined, and
forward mode is 'bridge' this is just like the modes 'private',
'passthrough', and 'vepa' above. If there is no forward dev
specified but a bridge name is given (e.g. "<bridge
name='br0'/>"), then guest interfaces using this network will use
libvirt's "host bridge" mode, equivalent to this:
3) A network can have multiple <portgroup> elements, which may be
selected by the guest interface definition (by adding
"portgroup='${name}'" in the <source> element along with the
network name). Currently a portgroup can only contain a
virtportprofile, but the intent is that other configuration items
may be put there int the future (e.g. bandwidth config). When
building a guest's interface, if the <interface> XML itself has no
virtportprofile, and if the requested network has a portgroup with
a name matching the name given in the <interface> (or if one of the
network's portgroups is marked with the "default='yes'" attribute),
the virtportprofile from that portgroup will be used by the
interface.
4) A network can have a virtportprofile defined at the top level,
which will be used by a guest interface when connecting in one of
the 'direct' modes if the guest interface XML itself hasn't
specified any virtportprofile, and if there are also no matching
portgroups on the network.
Laine Stump [Sun, 26 Jun 2011 08:09:00 +0000 (04:09 -0400)]
conf: support abstracted interface info in domain interface XML
the domain XML <interface> element is updated in the following ways:
1) <virtualportprofile> can be specified when source type='network'
(previously it was only valid for source type='direct')
2) A new attribute "portgroup" has been added to the <source>
element. When source type='network' (the only time portgroup is
recognized), extra configuration information will be taken from the
<portgroup> element of the given name in the network definition.
3) Each virDomainNetDef now also potentially has a
virDomainActualNetDef which is a private object (never
exported/imported via the public API, and not defined in the RNG) that
is used to maintain information about the physical device that was
actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.
The virDomainActualNetDef will only be parsed/formatted if the
parse/format function is called with the
VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
saving/loading a running domain's state info to the stateDir).
Laine Stump [Mon, 18 Jul 2011 22:44:38 +0000 (18:44 -0400)]
conf: virDomainNetDef points to (rather than contains) virtPortProfile
The virtPortProfile in the domain interface struct is now a separately
allocated object *pointed to by* (rather than contained in) the main
virDomainNetDef object. This is done to make it easier to figure out
when a virtualPortProfile has/hasn't been specified in a particular
config.
Laine Stump [Wed, 29 Jun 2011 04:38:10 +0000 (00:38 -0400)]
conf: put virtPortProfile struct / functions in a common location
virtPortProfiles are currently only used in the domain XML, but will
soon also be used in the network XML. To prepare for that change, this
patch moves the structure definition into util/network.h and the parse
and format functions into util/network.c (I decided that this was a
better choice than macvtap.h/c for something that needed to always be
available on all platforms).
Eric Blake [Wed, 6 Jul 2011 18:10:11 +0000 (12:10 -0600)]
save: new public API to bypass file system cache on save/restore
In order to choose whether to use O_DIRECT when saving a domain image
to a file, we need a new flag. But virDomainSave was implemented
before our policy of all new APIs having a flag argument. Likewise
for virDomainRestore when restoring from a file.
The new flag name is chosen as CACHE_BYPASS so as not to preclude
a future solution that uses posix_fadvise once the Linux kernel has
a smarter implementation of that interface.
* include/libvirt/libvirt.h.in (virDomainCreateFlags)
(virDomainCoreDumpFlags): Add a flag.
(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
New driver callbacks.
Eric Blake [Tue, 12 Jul 2011 20:56:03 +0000 (14:56 -0600)]
command: avoid leaking fds across fork
Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
as possible in the parent, and only relax fds to inherited after
forking, to avoid leaking an fd created in one thread to a fork
run in another thread. This gets us closer to that ideal, by
making virCommand automatically clear FD_CLOEXEC on fds intended
for the child, as well as avoiding a window of time with non-cloexec
pipes created for capturing output.
* src/util/command.c (virExecWithHook): Use CLOEXEC in parent. In
child, guarantee that all fds to pass to child are inheritable.
(getDevNull): Use CLOEXEC.
(prepareStdFd): New helper function.
(virCommandRun, virCommandRequireHandshake): Use pipe2.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.
Eric Blake [Thu, 14 Jul 2011 19:47:25 +0000 (13:47 -0600)]
command: move all docs into .c file
We already have a precedent of function documentation in C files,
where it is closer to the implementation (witness libvirt.h vs.
libvirt.c); maintaining docs in both files risks docs going stale.
While I was at it, I used consistent doxygen style on all comments.
* src/util/command.h: Remove duplicate docs, and move unique
documentation...
* src/util/command.c: ...here.
Suggested by Matthias Bolte.
rpc: Make the dispatch generator handle 'void name(void)' style procedures
The only 'void name(void)' style procedure in the protocol is 'close' that
is handled special, but also programming errors like a missing _args or
_ret suffix on the structs in the .x files can create such a situation by
accident. Making the generator aware of this avoids bogus errors from the
generator such as:
Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.
Also this allows to get rid of the -c option and the special case code for
the 'close' procedure, as the generator handles it now correctly.
Eric Blake [Wed, 20 Jul 2011 23:07:59 +0000 (17:07 -0600)]
error: preserve errno when saving last error
It is common to see the sequence:
virErrorPtr save_err = virSaveLastError();
// do cleanup
virSetError(save_err);
virFreeError(save_err);
on cleanup paths. But for functions where it is desirable to
return the errno that caused failure, this sequence can clobber
that errno. virFreeError was already safe; this makes the other
two functions in the sequence safe as well, assuming all goes
well (on OOM, errno will be clobbered, but then again, save_err
won't reflect the real error that happened, so you are no longer
preserving the real situation - that's life with OOM).
Commit 8665f85523f0451c changed generated.stamp to $(GENERATE).stamp,
but missed one instance in the CLEANFILES list. This can break the
build in case the generated code is deleted but the .stamp file stays
around and therefore the code isn't regenerated.
qemu: Implement cfs_period and cfs_quota's modification
This patch implements cfs_period and cfs_quota's modification.
We can use the command 'virsh schedinfo' to query or modify cfs_period and
cfs_quota.
If you query period or quota from config file, the value 0 means it does not set
in the config file.
If you set period or quota to config file, the value 0 means that delete current
setting from config file.
If you modify period or quota while vm is running, the value 0 means that use
current value.
Lai Jiangshan [Thu, 21 Jul 2011 07:32:34 +0000 (15:32 +0800)]
util: add virtkeycode module
Add virtkey lib for usage-improvment and keycode translating.
Add 4 internal API for the aim
const char *virKeycodeSetTypeToString(int codeset);
int virKeycodeSetTypeFromString(const char *name);
int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
int virKeycodeValueTranslate(virKeycodeSet from_codeset,
virKeycodeSet to_offset,
int key_value);
* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
* src/Makefile.am: add new virtkeycode module and rule to generate
virkeymaps.h
* src/util/virkeycode.c src/util/virkeycode.h: new module
* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
out of keymaps.csv
* src/libvirt_private.syms: extend private symbols for new module
* .gitignore: add generated virkeymaps.h
Lai Jiangshan [Thu, 21 Jul 2011 07:02:52 +0000 (15:02 +0800)]
util: Add keymaps.csv
Should keep it as the same as:
http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv
All master keymaps are defined in a CSV file. THis covers
Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
the XT encoding used by the Linux KBD driver, USB keycodes,
Win32 keycodes, the XT encoding used by Xorg on Cygwin,
the XT encoding used by Xorg on Linux with kbd driver.
* src/Makefile.am: added to EXTRA_DIST
* src/util/keymaps.csv: new file
rpc: Pass through DISPLAY so ssh can launch askpass
Though we prefer users to have SSH keys setup, virt-manager users still
depend on remote SSH connections to launch a password dialog. This fixes
launch ssh-askpass
Michal Privoznik [Wed, 20 Jul 2011 15:03:17 +0000 (17:03 +0200)]
sysinfo: Don't try to run dmidecode on archs missing it
DMI table is Intel & Intel-compatible specific. Therefore other
architectures miss dmidecode command. So we always fail in searching
for that command on non-Intel architectures.
If a key purpose or usage field is marked as non-critical in the
certificate, then a data mismatch is not (ordinarily) a cause for
rejecting the connection
If key usage or purpose data is not present in the cert, the
RFC recommends that access be allowed. Also fix checking of
key usage to include requirements for client/server certs,
and fix key purpose checking to treat data as a list of bits
Osier Yang [Wed, 20 Jul 2011 03:12:46 +0000 (11:12 +0800)]
undefine: Extend virsh undefine to support the new flag
If the domain has managed save image, and --managed-save is
not specified, then it fails with an error telling the user
that a managed save image still exists.
If the domain has managed save image, and --managed-save is
specified, it invokes virDomainUndefineFlags. If
virDomainUndefineFlags fails, then it tries to remove the managed
save image using virDomainManagedSaveRemove first, with
invoking virDomainUndefine following. (For compatibility between
new virsh with this patch and older libvirt without this patch).
Similarly if the domain has no managed save image. See the codes for
detail.
NOTE: Have not removing the codes checking if the domain is running
in function "cmdUndefine", it will go along with qemu driver's fix
(allow to undefine a running domain).
Osier Yang [Wed, 20 Jul 2011 03:05:20 +0000 (11:05 +0800)]
undefine: Implement internal API for libxl driver
* src/libxl/libxl_driver.c: New callback for libxl_driver,
new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
as a wrapper of libxlDomainUndefineFlags.
Osier Yang [Wed, 20 Jul 2011 02:59:54 +0000 (10:59 +0800)]
undefine: Define the new API
This introduces a new API virDomainUndefineFlags to control the
domain undefine process, as the existing API virDomainUndefine
doesn't support flags.
Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
If the domain has a managed save image, including
VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
file, and omitting the flag will cause undefine process to fail.
This patch also changes the behavior of virDomainUndefine, if the
domain has a managed save image, the undefine will be refused.
Gnutls requires that certificates have basic constraints present
to be used as a CA certificate. OpenSSL doesn't add this data
by default, so add a sanity check to catch this situation. Also
validate that the key usage and key purpose constraints contain
correct data
* src/rpc/virnettlscontext.c: Add sanity checking of certificate
constraints
Add some basic sanity checking of certificates before use
If the libvirt daemon or libvirt client is configured with bogus
certificates, it is very unhelpful to only find out about this
when a TLS connection is actually attempted. Not least because
the error messages you get back for failures are incredibly
obscure.
This adds some basic sanity checking of certificates at the
time the virNetTLSContext object is created. This is at libvirt
startup, or when creating a virNetClient instance.
This checks that the certificate expiry/start dates are valid
and that the certificate is actually signed by the CA that is
loaded.
Starting/ending jobs when closing the connection may reset any
error which was reported earlier in p2p migration. We must
save the original error before doing so. This means we can also
just call virConnectClose as normal, instead of virUnrefConnect
* src/qemu/qemu_migration.c: Preserve errors in p2p migration
Since the I/O callback registered against virNetSocket will
hold a reference on the virNetClient, we can't rely on the
virNetClientFree to be able to close the network connection.
The last reference will only go away when the event callback
fires (likely due to EOF from the server).
This is sub-optimal and can potentially cause a leak of the
virNetClient object if the server were to not explicitly
close the socket itself
* src/remote/remote_driver.c: Explicitly close the client
object when disconnecting
* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
virNetClientClose method
Use a virFreeCallback on virNetSocket to ensure safe release
When unregistering an I/O callback from a virNetSocket object,
there is still a chance that an event may come in on the callback.
In this case it is possible that the virNetSocket might have been
freed already. Make use of a virFreeCallback when registering
the I/O callbacks and hold a reference for the entire time the
callback is set.
* src/rpc/virnetsocket.c: Register a free function for the
file handle watch
* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
a free function for the socket I/O watches
Add mutex locking and reference counting to virNetSocket
Remove the need for a virNetSocket object to be protected by
locks from the object using it, by introducing its own native
locking and reference counting
Eric Blake [Tue, 19 Jul 2011 13:34:34 +0000 (07:34 -0600)]
build: detect doc generation failure
Commit 8665f85 introduced a slight regression in doc generation,
since make only quits a rule on the first failed command ending
with a newline rather than a semicolon.
Unregister event callback if a fatal error occurs during dispatch
If we get an I/O error in the async event callback for an RPC
client, we might not have consumed all pending data off the
wire. This could result in the callback being immediately
invoked again. At which point the same I/O might occur. And
we're invoked again. And again...And again...
Unregistering the async event callback if an error occurs is
a good safety net. The real error will be seen when the next
RPC method is invoked
* src/rpc/virnetclient.c: Unregister event callback on error
Quieten build & ensure API build scripts exit with non-zero status
The current API build scripts will continue and exit with a zero
status even if they find problems. This has been the cause of many
build problems, or hidden build errors, in the past. Change the
scripts so they always exit with a non-zero status for any problems
they do not understand. Also turn off all debug output by default
so they respect $(AM_V_GEN)
* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
* docs/apibuild.py, python/generator.py: Exit with non-zero status
if problems are found. Also be silent, not outputting any debug
messages.
* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
* python/Makefile.am: Tweak rule
Osier Yang [Tue, 19 Jul 2011 06:24:57 +0000 (14:24 +0800)]
virsh: Extend virsh dominfo to display if managed save image exists
* tools/virsh.c: new column "Managed save" for "cmdDominfo".
* tools/virsh.pod: Update document of "managedsave" to tell one can
use "dominfo" to query whether a domain has any managed save image.
Eric Blake [Mon, 18 Jul 2011 19:10:29 +0000 (13:10 -0600)]
virsh: make migrate --tunnelled imply --p2p
We can make the virsh migrate UI friendlier by supplying the
missing bit automatically instead of erroring out when requesting
--tunnelled without --p2p.
* tools/virsh.c (doMigrate): Make --p2p optional when using
--tunnelled.
* tools/virsh.pod (migrate): Tweak wording accordingly.
Eric Blake [Wed, 13 Jul 2011 21:31:56 +0000 (15:31 -0600)]
libvirt: do not mix internal flags into public API
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits. This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag. In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.
In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API. In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.
Alex Jia [Sun, 17 Jul 2011 15:29:07 +0000 (23:29 +0800)]
virsh: avoid double free of domain
* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
less than 0, codes will free domain and jump to cleanup section, however,
cleanup will free domain again.
Detected in valgrind run:
==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
==21297==
==21297== 1 errors in context 1 of 20:
==21297== Invalid read of size 4
==21297== at 0x40E209B: virDomainFree (libvirt.c:2096)
==21297== by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297== Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297== at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297== by 0x406814D: virFree (memory.c:310)
==21297== by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297== by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297== by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297== by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297==
==21297==
==21297== 1 errors in context 2 of 20:
==21297== Invalid read of size 4
==21297== at 0x40E1FE6: virDomainFree (libvirt.c:2092)
==21297== by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
==21297== Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297== at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297== by 0x406814D: virFree (memory.c:310)
==21297== by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297== by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297== by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297== by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297== by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297== by 0x806B967: main (virsh.c:14487)
* how to reproduce?
% valgrind -v --leak-check=full virsh blkiotune guestname --weight -1
Eric Blake [Thu, 14 Jul 2011 17:36:21 +0000 (11:36 -0600)]
docs: improve virsh man page synopses
"optional" is not a very good meta-syntactic construct in our man
page. I scrubbed this, and additionally improved some documentation
on mutually exclusive options. For example,
[[--live] [--config] | [--current]]
implies a set of optional flags, where within the set you can have
either --current or a choice of 0, 1, or both --live and --config.
* tools/virsh.pod: Use "[name]" rather than "optional name" for
optional arguments.
When libvirtd restarts it will attempt to reconnect to existing
LXC containers. If it loads a XML state file for the container
the container will appear running. If we fail to read the PID
file, or fail to connect to the LXC monitor, we should be killing
off the guest, but if the VMs cgroup does not exist any more,
cleanup will get skipped. Reading the PID file is also pointless
since the PID is in the XML statefile
In lxcReconnectVM we do not need to read the PID file. If part
of the reconnect process fails we need to run the VM terminate
code as a safety net.
In lxcVMTerminate, if we can't obtain the VM cgroup, we know
the process has died, but we must still run lxcVMCleanup to
clear out the virDomainObjPtr live state
* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart
projects / libvirt.git / log