Eric Blake [Mon, 20 Aug 2012 21:43:25 +0000 (15:43 -0600)]
virsh: split out virsh-network.c
Another relatively easy file split.
* tools/virsh-network.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-network.c: Likewise.
(vshCommandOptNetworkBy): Update signature.
Eric Blake [Mon, 20 Aug 2012 20:30:53 +0000 (14:30 -0600)]
virsh: split out virsh-interface.c
Another relatively easy split, since helper functions were fixed
in the previous patch.
* tools/virsh-interface.h: New file.
* tools/Makefile.am (virsh_SOURCES): Build it.
* tools/virsh.c: Use new header.
* tools/virsh-interface.c: Likewise.
(vshCommandOptInterfaceBy): Check flags.
Eric Blake [Mon, 20 Aug 2012 20:29:27 +0000 (14:29 -0600)]
virsh: declare more common functions
In preparation for splitting virsh-interface.c, I found these
functions need to be declared in virsh.h, as well as one that
belongs more properly in virsh-domain.h. Also, since we
use the VSH_BY* flags in more than one function, I improved
how they are used.
Marcelo Cerri [Wed, 15 Aug 2012 22:10:38 +0000 (19:10 -0300)]
Support for multiple default security drivers in QEMU config
This patch updates the key "security_driver" in QEMU config to suport
both a sigle default driver or a list of default drivers. This ensures
that it will remain compatible with older versions of the config file.
Marcelo Cerri [Wed, 15 Aug 2012 22:10:37 +0000 (19:10 -0300)]
Update security layer to handle many security labels
These changes make the security drivers able to find and handle the
correct security label information when more than one label is
available. They also update the DAC driver to be used as an usual
security driver.
Marcelo Cerri [Wed, 15 Aug 2012 22:10:36 +0000 (19:10 -0300)]
Multiple security drivers in XML data
This patch updates the domain and capability XML parser and formatter to
support more than one "seclabel" element for each domain and device. The
RNG schema and the tests related to this are also updated by this patch.
Marcelo Cerri [Wed, 15 Aug 2012 22:10:35 +0000 (19:10 -0300)]
Internal refactory of data structures
This patch updates the structures that store information about each
domain and each hypervisor to support multiple security labels and
drivers. It also updates all the remaining code to use the new fields.
This is a fix for the object label generation. It uses a new flag for
virSecuritySELinuxGenNewContext that specifies whether the context is
for an object. If so the context role remains unchanged.
Without this fix it is not possible to start domains with image file or
block device backed storage when selinux is enabled.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
Eric Blake [Mon, 20 Aug 2012 14:26:58 +0000 (08:26 -0600)]
maint: prohibit translations in testsuite
Nothing in the testsuite or examples directory should be translated,
as it is not part of the normally installed binary. We already
meet this rule, but enforcing it will make it easier to remember.
Add support for creating sockets & RPC servers from a pre-opened fd
In order to support systemd socket based activation, it needs to
be possible to create virNetSocketPtr and virNetServerServicePtr
instance from a pre-opened file descriptor
In preparation for adding further constructors, refactor
the virNetServerClientNew method to move most of the code
into a common virNetServerClientNewInternal helper API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Refactor the way new clients are registered with the server
Currently the virNetServerDispatchNewClient both creates the
virNetServerClientPtr instance and registers it with the
virNetServerPtr internal state. Split the client registration
code out into a separate virNetServerAddClient method to
allow future reuse from other contexts
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Eric Blake [Sat, 18 Aug 2012 04:35:13 +0000 (22:35 -0600)]
virsh: kill some double underscores
C99 says that __foo naming is reserved for the compiler. Besides,
we had several different styles in use; this consolidates things
to set up the typedefs up front then declare the types with
consistent naming.
* tools/virsh.h: Use consistent struct naming.
* tools/virsh.c (_vshCommandParser): Likewise.
Eric Blake [Sat, 18 Aug 2012 04:00:42 +0000 (22:00 -0600)]
virsh: split out virsh-domain.c
The virsh-domain.c file was pretty self-contained; the only
entry point was the table of command definitions. The bulk
of this patch is making more functions in virsh.c reusable.
A later patch will clean up poor naming choices.
* tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
* tools/virsh-domain.h: New file.
* tools/virsh.h (virshReportError, vshResetLibvirtError)
(vshAskReedit, vshStreamSink): Declare.
* tools/virsh.c: Switch from using .c to .h.
(virshReportError, vshResetLibvirtError, vshAskReedit)
(vshStreamSink, prettyCapacity): Export.
(vshCatchInt): Move...
* tools/virsh-domain.c: ...into sole user. Use header.
Eric Blake [Sat, 18 Aug 2012 03:16:04 +0000 (21:16 -0600)]
virsh: split out virsh.h
Having one .c file include another does not give any compilation
benefits; move towards modular .o files by first splitting out
reused declarations into a new virsh.h. This patch doesn't try
very hard to see which functions are used or not, to make it
easier to review the file split. Future patches can further trim
the header to be smaller.
* tools/Makefile.am (virsh_SOURCES): List new file, and prepare
for others.
* tools/virsh.c: Split declarations...
* tools/virsh.h: ...into new file, and make several functions
non-static.
* tools/virsh-domain-monitor.c (vshGetDomainDescription): Make
non-static.
Shradha Shah [Thu, 16 Aug 2012 15:42:48 +0000 (16:42 +0100)]
qemu: support netdevs from <forward mode='hostdev'> networks
For network devices allocated from a network with <forward
mode='hostdev'>, there is a need to add the newly minted hostdev to
the hostdevs array.
In this case we also need to call qemuPrepareHostDevices just for this
one device, as the standard call to initialize all the hostdevs that
were defined directly in the domain's configuration has already been
made by the time we allocate a device from a libvirt network, and thus
have something that needs initializing.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Shradha Shah [Thu, 16 Aug 2012 15:42:14 +0000 (16:42 +0100)]
conf: add function virDevicePCIAddressEqual
This function is needed by the network driver in a later commit.
It is useful in functions like networkNotifyActualDevice and
networkReleaseActualDevice
Shradha Shah [Thu, 16 Aug 2012 15:41:58 +0000 (16:41 +0100)]
network: return netdev name or pci addr of the VF in actualDevice
The network pool should be able to keep track of both network device
names and PCI addresses, and return the appropriate one in the
actualDevice when networkAllocateActualDevice is called.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Shradha Shah [Thu, 16 Aug 2012 15:41:41 +0000 (16:41 +0100)]
conf: parser/formatter/rng for <forward mode='hostdev'>
This patch introduces the new forward mode='hostdev' along with
attribute managed. Includes updates to the network RNG and new xml
parser/formatter code.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Shradha Shah [Thu, 16 Aug 2012 15:41:24 +0000 (16:41 +0100)]
network: helper function to create interface pool from PF
Existing code that creates a list of forwardIfs from a single PF
was moved to the new utility function networkCreateInterfacePool.
No functional change.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Shradha Shah [Thu, 16 Aug 2012 15:41:06 +0000 (16:41 +0100)]
conf: move DevicePCIAddress functions to separate file
Move the functions the parse/format, and validate PCI addresses to
their own file so they can be conveniently used in other places
besides device_conf.c
Refactoring existing code without causing any functional changes to
prepare for new code.
This patch makes the code reusable.
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Jiri Denemark [Fri, 17 Aug 2012 12:06:13 +0000 (14:06 +0200)]
conf: Fix ABI stability check for spicevmc channel
Change device type of a virtio channel from/to spicevmc is not a user
visible change. However, spicevmc channels use different default target
name than other virtio channels. To maintain ABI stability during this
change target name must be explicitly specified (and equal) in both
configurations.
Kyle Mestery [Fri, 17 Aug 2012 04:04:54 +0000 (00:04 -0400)]
network: add support for setting VLANs on Open vSwitch ports
Add the ability to support VLAN tags for Open vSwitch virtual port
types. To accomplish this, modify virNetDevOpenvswitchAddPort and
virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr
argument. When adding the port to the OVS bridge, setup either a
single VLAN or a trunk port based on the configuration from the
virNetDevVlanPtr.
Osier Yang [Fri, 17 Aug 2012 07:34:52 +0000 (15:34 +0800)]
qemu: Set swap_hard_limit before hard_limit
Setting hard_limit larger than previous swap_hard_limit must fail,
it's not that good if one wants to change the swap_hard_limit
and hard_limit together. E.g.
This patch reorder the limits setting to set the swap_hard_limit
first, hard_limit then, and soft_limit last if it's greater than
current swap_hard_limit. And soft_limit first, hard_limit then,
swap_hard_limit last, if not.
Eric Blake [Thu, 16 Aug 2012 22:18:44 +0000 (16:18 -0600)]
build: fix syntax check during 'make distcheck'
'make distcheck' was failing because a syntax check file,
.sc-start-sc_vulnerable_makefile_CVE-2012-3386, got left
behind. I traced it to the 'distdir' rule depending on a
shortcut syntax-check name rather than the full rule name
normally used during 'local-check' from maint.mk.
* cfg.mk (distdir): Depend on full rule, not shorthand name.
Eric Blake [Thu, 16 Aug 2012 19:57:34 +0000 (13:57 -0600)]
build: ship stamp files
'make distcheck' fails because the generated ESX and HyperV files
are (intentionally) marked read-only, but since the stamp file was
missing, make assumes they need to be rebuilt. Shipping the stamp
file solves the problem.
Laine Stump [Wed, 15 Aug 2012 07:13:36 +0000 (03:13 -0400)]
qemu: support setting vlan tag for <interface type='hostdev'>
The underlying function to set the vlan tag of an SR-IOV network
device was already in place (although an extra patch to save/restore
the original vlan tag was needed), and recent patches added the
ability to configure a vlan tag. This patch just ties those two
together.
An SR-IOV device doesn't support vlan trunking, so if anyone tries to
configure more than a single tag, or set the trunk flag, and error is
logged.
Laine Stump [Thu, 16 Aug 2012 04:06:39 +0000 (00:06 -0400)]
util: properly save/restore original vlan tag for VFs
When a network device that is a VF of an SR-IOV card was assigned to a
guest using <interface type='hostdev'>, only the MAC address was being
saved/restored, but the VLAN tag was left untouched. Up to now we
haven't actually used vlan tags on SR-IOV devices, so the guest would
have used whatever was set, and left it the same at the end.
The patch following this one will hook up the <vlan> element from the
interface config, so save/restore of the device state needs to also
include the vlan tag.
MAC address is being saved as a simple ASCII string in a file named
for the device under /var/run. The VLAN tag is now just added at the
end of that file, after a newline. It might be nicer if the file was
XML (in case it ever gets more complicated) but at the moment there's
nothing else on the horizon, and this makes backward compatibility
easier.
Osier Yang [Thu, 16 Aug 2012 03:35:04 +0000 (11:35 +0800)]
qemu: Ensure the cpuset is formatted as expected before passing to cgroup
The parameter value for cpuset could be in special format like
"0-10,^7", which is not recognized by cgroup. This patch is to
ensure the cpuset is formatted as expected before passing it to
cgroup. As a side effect, after the patch, it parses the cpuset
early before cgroup setting, to avoid the rollback if cpuset
parsing fails afterwards.
Fix WIN32 conditional for disabling console command
The '#endif' for a WIN32 conditional was placed one function
too high, leaving the impl of the console command enabled
and referencing functions that were disabled
Eric Blake [Tue, 14 Aug 2012 20:11:35 +0000 (14:11 -0600)]
build: avoid warnings on older gcc
A previous patch (c606671a) pulled in a newer version of
stat-time.h from gnulib, which causes some warnings in older gcc:
CC libvirt_driver_storage_la-storage_backend.lo
cc1: warnings being treated as errors
In file included from ../../src/storage/storage_backend.c:59:
../../gnulib/lib/stat-time.h:55: error: no previous prototype for 'get_stat_atime_ns' [-Wmissing-prototypes]
Upstream gnulib argues that these warnings are stupid (and I agree;
see <http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113>), and has
used a modern gcc feature (#pragma GCC diagnostic push) to avoid the
warning. But we still aim to compile on RHEL 6.3, with gcc 4.4.6
(not to mention even older platforms like RHEL 5), and therefore
the warning trips up our default of development with -Werror.
It took me a while to figure out how to make our set of warnings
smaller on older gcc without losing the benefit of the warnings
when using newer gcc (such as the one on Fedora 17), but this
should do the trick.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Avoid
warnings that gnulib can't silence on older gcc.
Laine Stump [Mon, 13 Aug 2012 02:46:27 +0000 (22:46 -0400)]
network: make network driver vlan-aware
The network driver now looks for the vlan element in network and
portgroup objects, and logs an error at network define time if a vlan
is requested for a network type that doesn't support it. (Currently
vlan configuration is only supported for openvswitch networks, and
networks used to do hostdev assignment of SR-IOV VFs.)
At runtime, the three potential sources of vlan information are
examined in this order: interface, chosen portgroup, network, and the
first that is non-empty is used. Another check for valid network type
is made at this time, since the interface may have requested a vlan (a
legal thing to have in the interface config, since it's not known
until runtime if the chosen network will actually support it).
Since we must also check for domains requesting vlans for unsupported
connection types even if they are type='network', and since
networkAllocateActualDevice() is being called in exactly the correct
places, and has all of the necessary information to check, I slightly
modified the logic of that function so that interfaces that aren't
type='network' don't just return immediately. Instead, they also
perform all the same validation for supported features. Because of
this, it's not necessary to make this identical check in the other
three places that would normally require it: 1) qemu domain startup,
2) qemu device hotplug, 3) lxc domain startup.
This can be seen as a first step in consolidating network-related
functionality into the network driver, rather than having copies of
the same code spread around in multiple places; this will make it
easier to split the network parts off into a separate daemon, as we've
discussed recently.
Laine Stump [Sun, 12 Aug 2012 07:51:30 +0000 (03:51 -0400)]
conf: add <vlan> element to network and domain interface elements
The following config elements now support a <vlan> subelements:
within a domain: <interface>, and the <actual> subelement of <interface>
within a network: the toplevel, as well as any <portgroup>
Each vlan element must have one or more <tag id='n'/> subelements. If
there is more than one tag, it is assumed that vlan trunking is being
requested. If trunking is required with only a single tag, the
attribute "trunk='yes'" should be added to the toplevel <vlan>
element.
IMPORTANT NOTE: As of this patch there is no backend support for the
vlan element for *any* network device type. When support is added in
later patches, it will only be for those select network types that
support setting up a vlan on the host side, without the guest's
involvement. (For example, it will be possible to configure a vlan for
a guest connected to an openvswitch bridge, but it won't be possible
to do that for one that is connected to a standard Linux host bridge.)
Laine Stump [Sat, 11 Aug 2012 17:44:27 +0000 (13:44 -0400)]
util: add virNetDevVlanType
To allow for the possibility of vlan "trunks", which have more than
one vlan tag associated with them, we need a vlan struct. Since it
will be used by multiple files in src/util, src/conf, src/network, and
src/qemu, it must be defined in src/util. Unfortunately there isn't
currently a common file for simple netdev data definitions, so I
created a new file.
Laine Stump [Sun, 12 Aug 2012 16:01:32 +0000 (12:01 -0400)]
schema: fix some problems in network/interface schemas
<portgroup> allows a <bandwidth> element, but the schema didn't have
this. Since this makes for multiple elements in portgroup, they must
be interleaved.
<interface type='bridge'> needs to allow <virtualport> elements
for openvswitch, but the schema didn't allow this.
Laine Stump [Wed, 15 Aug 2012 15:45:26 +0000 (11:45 -0400)]
util: include memory.h even if WITH_VIRTUALPORT isn't defined
This caused compilation of virnetdevvportprofile.c to fail on systems
without IFLA support in netlink (these are netlink commands used to
configure the VF's of SR-IOV network devices).
Doug Goldstein [Mon, 13 Aug 2012 04:44:49 +0000 (23:44 -0500)]
Update paths in man page to reflect libvirtd code
Updated the paths in the man page to reflect what the code in libvirtd
does. In addition broke out the FILES section into two subsections for
files used when run as root and files used when run as non-root.
Provided information about the defaults that libvirtd uses when running
as non-root and when XDG_CONFIG_HOME and XDG_RUNTIME_DIR are not set in
the environment.
Doug Goldstein [Mon, 13 Aug 2012 04:44:48 +0000 (23:44 -0500)]
Replace unset REMOTE_PID_FILE with proper value
REMOTE_PID_FILE is no longer used in the source or the build process but
the man page still used it resulting in no file name being displayed.
The same value that the libvirtd daemon code uses is now used in the man
page.
Doug Goldstein [Mon, 13 Aug 2012 04:44:47 +0000 (23:44 -0500)]
Fix man page file paths to real paths
Currently the man page has paths that start with @sysconfdir@,
@localstatedir@ and @remote_pid_file@. The sed command attempts to
replace these during the build but unfortunately pod2man gets to the
files first and escapes the @ character resulting in the sed not
working. This removes the @ character and makes the paths correct.
Currently there is a hook function that is invoked when a
new client connection comes in, which allows an app to
setup private data. This setup will make it difficult to
serialize client state during process re-exec(). Change to
a model where the app registers a callback when creating
the virNetServerPtr instance, which is used to allocate
the client private data immediately during virNetClientPtr
construction.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Allow sync IO and keepalives to be skipped in RPC client setup
Currently the virNetClientPtr constructor will always register
the async IO event handler and the keepalive objects. In the
case of the lock manager, there will be no event loop available
nor keepalive support required. Split this setup out of the
constructor and into separate methods.
The remote driver will enable async IO and keepalives, while
the LXC driver will only enable async IO
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Change interaction when accepting new RPC client connections
Currently the virNetServerServicePtr is responsible for
creating the virNetServerClientPtr instance when accepting
a new connection. Change this so that the virNetServerServicePtr
merely gives virNetServerPtr a virNetSocketPtr instance. The
virNetServerPtr can then create the virNetServerClientPtr
as it desires
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Add APIs for virThreadPoolPtr to query some config params
It is desirable to be able to query the config params of
the thread pool, in order to save the server state. Add
virThreadPoolGetMinWorkers, virThreadPoolGetMaxWorkers
and virThreadPoolGetPriorityWorkers APIs.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
While the QEMU monitor/agent do not want JSON strings pretty
printed, other parts of libvirt might. Instead of hardcoding
QEMU's desired behaviour in virJSONValueToString(), add a
boolean flag to control pretty printing
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Change function signature for creating new lock manager instances
To allow a virLockManagerPtr to be created directly from a
driver table struct, replace the virLockManagerPluginPtr parameter
with a virLockDriverPtr parameter.
* src/locking/domain_lock.c, src/locking/lock_manager.c,
src/locking/lock_manager.h: Replace plugin param with
a driver in virLockManagerNew
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Dmitry Guryanov [Mon, 13 Aug 2012 15:50:12 +0000 (19:50 +0400)]
parallels: change URI to parallels:///system
Let's change URI to parallels:///system. Parallels Server supports
creating VMs from non-privileged accounts, but it's not main usage
scenario and it may be forbidden in the future.
Also containers, which will be supported by the driver, can be managed
only by root, so /system path is more suitable for this driver.
Osier Yang [Tue, 14 Aug 2012 07:21:44 +0000 (15:21 +0800)]
virsh: Add helper to avoid the strcase check for virsh-*.c
* tools/virsh.c: New macro vshStrcasecmp
* tools/virsh-domain-monitor.c: Use vshStrcasecmp instead of
strcasecmp
* tools/virsh-snapshot.c: Likewise
* cfg.mk: Only avoid doing strcase checking for virsh.c
Laine Stump [Tue, 14 Aug 2012 15:03:38 +0000 (11:03 -0400)]
conf: log error when encountering multiple filterrefs in interface
Each interface has a single pointer to a filterref object. That
filterref can itself point to multiple other filterrefs, but at the
toplevel there is only one.
The parser had previously just silently overwritten earlier filterrefs
when a new one was encountered, so the interface was left with
whichever was the last filterref in the xml, ignoring all the
others. This patch logs an error when it sees more than one filterref.
Laine Stump [Mon, 6 Aug 2012 20:17:58 +0000 (16:17 -0400)]
network: add connections counter to networks
Just as each physical device used by a network has a connections
counter, now each network has a connections counter which is
incremented once for each guest interface that connects using this
network.
The count is output in the live network XML, like this:
<network connections='20'>
...
</network>
It is read-only, and for informational purposes only - it isn't used
internally anywhere by libvirt.
Laine Stump [Mon, 6 Aug 2012 17:45:57 +0000 (13:45 -0400)]
network: change cleanup: to success/cleanup/error: in network*() functions
A later patch will be adding a counter that will be
incremented/decremented each time an guest interface starts/stops
using a particular network. For this to work, all types of networks
need to go through a common return sequence rather than returning
early. To setup for this, a new success: label is added (when
necessary), a new error: label is added which does any cleanup
necessary only for error returns and then does goto cleanup, and early
returns are changed to goto error if it's a failure, or goto success
if it's successful. This way the intent of all the gotos is
unambiguous, and a successful return path never encounters the
"error:" label.
Laine Stump [Sun, 5 Aug 2012 06:59:55 +0000 (02:59 -0400)]
conf: output forward device connections count in network XML
It may be useful for management applications to know which physical
network devices are in use by guests. This information is already
available in the network objects, but wasn't output in the XML. This
patch outputs it when the INACTIVE flag isn't set (and if it's non-0).
Laine Stump [Sun, 5 Aug 2012 06:45:04 +0000 (02:45 -0400)]
conf: rename interface "usageCount" to "connections"
I want to include this count in the xml output of networks, but
calling it "connections" in the XML sounds better than "usageCount", and it
would be better if the name in the XML matched the variable name.
In a few places, usageCount was being initialized to 0, but this is
unnecessary, because VIR_ALLOC_N zero-fills everything anyway.
Laine Stump [Sun, 5 Aug 2012 06:32:49 +0000 (02:32 -0400)]
conf: use a unique data type for PF array in virDomainNetDef
This array was originally defined using the existing
virNetworkForwardIfDef, but that struct has a UsageCount field that
isn't used in the case of PFs. This patch just copies that struct and
removes UsageCount. It ends up being a struct with a single field, but
I left it as a struct in case we need to add other fields to it in the
future.
Eric Blake [Tue, 14 Aug 2012 17:36:38 +0000 (11:36 -0600)]
random: link with -lm when needed
Use of ldexp() requires -lm on some platforms; use gnulib to determine
this for our makefile. Also, optimize virRandomInt() for the case
of a power-of-two limit (actually rather common, given that Daniel
has a pending patch to replace virRandomBits(10) with code that will
default to virRandomInt(1024) on default SELinux settings).
* .gnulib: Update to latest, for ldexp.
* bootstrap.conf (gnulib_modules): Import ldexp.
* src/Makefile.am (libvirt_util_la_CFLAGS): Link with -lm when
needed.
* src/util/virrandom.c (virRandomInt): Optimize powers of 2.
Laine Stump [Thu, 2 Aug 2012 18:10:00 +0000 (14:10 -0400)]
network: merge relevant virtualports rather than choosing one
One of the original ideas behind allowing a <virtualport> in an
interface definition as well as in the <network> definition *and*one
or more <portgroup>s within the network, was that guest-specific
parameteres (like instanceid and interfaceid) could be given in the
interface's virtualport, and more general things (portid, managerid,
etc) could be given in the network and/or portgroup, with all the bits
brought together at guest startup time and combined into a single
virtualport to be used by the guest. This was somehow overlooked in
the implementation, though - it simply picks the "most specific"
virtualport, and uses the entire thing, with no attempt to merge in
details from the others.
This patch uses virNetDevVPortProfileMerge3() to combine the three
possible virtualports into one, then uses
virNetDevVPortProfileCheck*() to verify that the resulting virtualport
type is appropriate for the type of network, and that all the required
attributes for that type are present.
An example of usage is this: assuming a <network> definitions on host
ABC of:
Laine Stump [Tue, 31 Jul 2012 18:36:51 +0000 (14:36 -0400)]
conf: support partially-specified <virtualport> in parser and formatter
Until now, all attributes in a <virtualport> parameter list that were
acceptable for a particular type, were also required. There were no
optional attributes.
One of the aims of supporting <virtualport> in libvirt's virtual
networks and portgroups is to allow specifying the group-wide
parameters in the network's virtualport, and merge that with the
interface's virtualport, which will have the instance-specific info
(i.e. the interfaceid or instanceid).
Additionally, the guest's interface XML shouldn't need to know what
type of network connection will be used prior to runtime - it could be
openvswitch, 802.1Qbh, 802.1Qbg, or none of the above - but should
still be able to specify instance-specific info just in case it turns
out to be applicable.
Finally, up to now, the parser for virtualport has always generated a
random instanceid/interfaceid when appropriate, making it impossible
to leave it blank (which is what's required for virtualports within a
network/portprofile definition).
This patch modifies the parser and formatter of the <virtualport>
element in the following ways:
* because most of the attributes in a virNetDevVPortProfile are fixed
size binary data with no reserved values, there is no way to embed a
"this value wasn't specified" sentinel into the existing data. To
solve this problem, the new *_specified fields in the
virNetDevVPortProfile object that were added in a previous patch of
this series are now set when the corresponding attribute is present
during the parse.
* allow parsing/formatting a <virtualport> that has no type set. In
this case, all fields are settable, but all are also optional.
* add a GENERATE_MISSING_DEFAULTS flag to the parser - if this flag is
set and an instanceid/interfaceid is expected but not provided, a
random one will be generated. This was previously the default
behavior, but is now done only for virtualports inside an
<interface> definition, not for those in <network> or <portgroup>.
* add a REQUIRE_ALL_ATTRIBUTES flag to the parser - if this flag is
set the parser will call the new
virNetDevVPortProfileCheckComplete() functions at the end of the
parser to check for any missing attributes (based on type), and
return failure if anything is missing. This used to be default
behavior. Now it is only used for the virtualport defined inside an
interface's <actual> element (by the time you've figured out the
contents of <actual>, you should have all the necessary data to fill
in the entire virtualport)
* add a REQUIRE_TYPE flag to the parser - if this flag is set, the
parser will return an error if the virtualport has no type
attribute. This also was previously the default behavior, but isn't
needed in the case of the virtualport for a type='network' interface
(i.e. the exact type isn't yet known), or the virtualport of a
portgroup (i.e. the portgroup just has modifiers for the network's
virtualport, which *does* require a type) - in those cases, the
check will be done at domain startup, once the final virtualport is
assembled (this is handled in the next patch).
Laine Stump [Wed, 1 Aug 2012 07:28:28 +0000 (03:28 -0400)]
conf: simplify Buffer Indentation in virDomainNetDefFormat
This function has several calls to increase the buffer indent by 6,
then decrease it again, then increase, then decrease. Additionally,
there were several printfs that had 6 spaces at the beginning of the
line.
virDomainActualNetDefFormat, which is called by virDomainNetDefFormat,
had similar ugliness.
This patch changes both functions to just increase the indent at the
beginning, decrease it at (well, just before*) the end, and remove all
of the occurences of 6/8 spaces at the beginning of lines.
*The indent had to be reset before the end of the function because
virDomainDeviceInfoFormat assumes a 0 indent and is called from many
other places, and I didn't want to do an overhaul of every caller of
that function. A separate patch to switch all of domain_conf.c would
be a useful exercise, but my current goal is unrelated to that, so
I'll leave it for another day.
Laine Stump [Mon, 30 Jul 2012 04:47:44 +0000 (00:47 -0400)]
conf: make error returns from virDomainActualNetDefFormat consistent
There was an error: label that simply did "return ret", but ret was
defaulted to -1, and was never used other than setting it manually to
0 just before a non-error return. Aside from this, some of the error
return paths used "goto error" and others used "return ret".
This patch removes ret and the error: label, and makes all error
returns just consistently do "return -1".
Laine Stump [Mon, 30 Jul 2012 06:03:25 +0000 (02:03 -0400)]
conf: move virtPortProfile out of unions in virDomainNetDef
virtPortProfile is now used by 4 different types of network devices
(NETWORK, BRIDGE, DIRECT, and HOSTDEV), and it's getting cumbersome to
replicate so much code in 4 different places just because each type
has the virtPortProfile in a slightly different place. This patch puts
a single virtPortProfile in a common place (outside the type-specific
union) in both virDomainNetDef and virDomainActualNetDef, and adjusts
the parse and format code (and the few other places where it is used)
accordingly.
Note that when a <virtualport> element is found, the parse functions
verify that the interface is of a type that supports one, otherwise an
error is generated (CONFIG_UNSUPPORTED in the case of <interface>, and
INTERNAL in the case of <actual>, since the contents of <actual> are
always generated by libvirt itself).
Laine Stump [Sat, 4 Aug 2012 07:09:47 +0000 (03:09 -0400)]
util: utility functions for virNetDevVPortProfile
This patch adds three utility functions that operate on
virNetDevVPortProfile objects.
* virNetDevVPortProfileCheckComplete() - verifies that all attributes
required for the type of the given virtport are specified.
* virNetDevVPortProfileCheckNoExtras() - verifies that there are no
attributes specified which are inappropriate for the type of the
given virtport.
* virNetDevVPortProfileMerge3() - merges 3 virtports into a single,
newly allocated virtport. If any attributes are specified in
more than one of the three sources, and do not exactly match,
an error is logged and the function fails.
These new functions depend on new fields in the virNetDevVPortProfile
object that keep track of whether or not each attribute was
specified. Since the higher level parse function doesn't yet set those
fields, these functions are not actually usable yet (but that's okay,
because they also aren't yet used - all of that functionality comes in
a later patch.)
Note that these three functions return 0 on success and -1 on
failure. This may seem odd for the first two Check functions, since
they could also easily return true/false, but since they actually log
an error when the requested condition isn't met (and should result in
a failure of the calling function), I thought 0/-1 was more
appropriate.
Laine Stump [Wed, 25 Jul 2012 01:14:41 +0000 (21:14 -0400)]
util: eliminate union in virNetDevVPortProfile
virNetDevVPortProfile has (had) a type field that can be set to one of
several values, and a union of several structs, one for each
type. When a domain's interface object is of type "network", the
domain config may not know beforehand which type of virtualport is
going to be provided in the actual device handed down from the network
driver at runtime, but may want to set some values in the virtualport
that may or may not be used, depending on the type. To support this
usage, this patch replaces the union of structs with toplevel fields
in the struct, making it possible for all of the fields to be set at
the same time.
Laine Stump [Thu, 2 Aug 2012 18:06:58 +0000 (14:06 -0400)]
util: make return value of virUUIDFormat and virMacAddrFormat useful
Both of these functions returned void, but it's convenient for them to
return a const char* of the char* that is passed in. This was you can
call the function and use the result in the same expression/arg.
Pull code which finds a free MCS label out into its own method
The code for picking a MCS label is about to get significantly
more complicated, so it deserves to be in a standlone method,
instead of a switch/case body.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Honour current user and role in SELinux label generation
When generating an SELinux context for a VM from the template
"system_u:system_r:svirt_t:s0", copy the role + user from the
current process instead of the template context. So if the
current process is
Ideally the /etc/selinux/targeted/contexts/virtual_domain_context
file would have just shown the 'svirt_t' type, and not the full
context, but that can't be changed now for compatibility reasons.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Fix error reporting in virSecuritySELinuxGenNewContext
The virSecuritySELinuxGenNewContext method was not reporting any
errors, leaving it up to the caller to report a generic error.
In addition it could potentially trigger a strdup(NULL) in an
OOM scenario. Move all error reporting into the
virSecuritySELinuxGenNewContext method where accurate info
can be provided
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Use VIR_ERR_CONFIG_UNSUPPORTED if requested security driver is disabled
There is currently no way to distinguish the case that a requested
security driver was disabled, from the case where no security driver
was available. Use VIR_ERR_CONFIG_UNSUPPORTED as the error when an
explicitly requested security driver was disabled
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Add virRandom() API to generate numbers with non-power-of-2 limit
The current virRandomBits() API is only usable if the caller wants
a random number in the range [0, n-1) where n is a power of two.
This adds a virRandom() API which generates a double in the
range [0.0,1.0) with 48 bits of entropy. It then also adds a
virRandomInt(uint32_t max) API which generates an unsigned
in the range [0,@max)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
will cause us to accidentally break soname when we change the
major version number to a non-zero value !
Given CURRENT:REVISION:AGE, libtool will generate
libvirt.so.($CURRENT-$AGE).$AGE.$REVISION
We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
soon as MAJOR changes to non-zero, we get libvirt.so.1
as the soname, eg 1.3.9 would create libvirt.so.1.3.9
Looks natural but is not ABI compatible with libvirt.so.0.x.y
The fix is to set CURRENT to always be exactly the same
as AGE. We want to have the major version reflected in
the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
2.51.3 would create libvirt.so.0.2051.3
Osier Yang [Fri, 3 Aug 2012 15:48:05 +0000 (23:48 +0800)]
Destroy virdomainlist.[ch]
As the consensus in:
https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
this patch is to destroy conf/virdomainlist.[ch], folding the
helpers into conf/domain_conf.[ch].
* src/Makefile.am:
- Various indention fixes incidentally
- Add macro DATATYPES_SOURCES (datatypes.[ch])
- Link datatypes.[ch] for libvirt_lxc
* src/conf/domain_conf.c:
- Move all the stuffs from virdomainlist.c into it
- Use virUnrefDomain and virUnrefDomainSnapshot instead of
virDomainFree and virDomainSnapshotFree, which are defined
in libvirt.c, and we don't want to link to it.
- Remove "if" before "free" the object, as virObjectUnref
is in the list "useless_free_options".
* src/conf/domain_conf.h:
- Move all the stuffs from virdomainlist.h into it
- s/LIST_FILTER/LIST_DOMAINS_FILTER/
* src/libxl/libxl_driver.c:
- s/LIST_FILTER/LIST_DOMAINS_FILTER/
- no (include "virdomainlist.h")
libvirt creates invalid commands if wrong locale is selected. For
example with locale that uses comma as a decimal point, JSON commands
created with decimal numbers are invalid because comma separates the
entries in JSON. Fortunately even when decimal point is affected,
thousands grouping is not, because for grouping to be enabled with
*printf, there has to be an apostrophe flag specified (and supported).
This patch adds specific internal function for converting doubles to
strings with C locale.
Asad Saeed [Mon, 13 Aug 2012 20:21:10 +0000 (13:21 -0700)]
sanlock: don't unlink lockspace if registration fails
This is a patch for bug 847848
If registering an existing lockspace with the sanlock daemon
returns an error, libvirt should not proceed to unlink the lockspace.
projects / libvirt.git / log