Eric Blake [Tue, 26 Jul 2011 20:22:55 +0000 (14:22 -0600)]
build: support warnings on RHEL 5
Without this, a configure built by autoconf 2.59 was broken when
trying to detect which compiler warning flags were supported.
* .gnulib: Update to latest, for warnings.m4 fix.
* bootstrap.conf: Add fclose explicitly, to match recent gnulib
implicit dependency changes.
* src/qemu/qemu_conf.c (includes): Drop unused include.
* src/uml/uml_conf.c (include): Likewise.
Reported by Daniel P. Berrange.
Michal Privoznik [Tue, 26 Jul 2011 12:42:37 +0000 (14:42 +0200)]
bandwidth: Integrate bandwidth into portgroups
Every DomainNetDef has a bandwidth, as does every portgroup.
Whenever a DomainNetDef of type NETWORK is about to be used, a call is
made to networkAllocateActualDevice(). This function chooses the "best"
bandwidth object and places it in the DomainActualNetDef.
From that point on, whenever some code needs to use the bandwidth data
for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
which will always return the "best" info as determined in the
previous step.
Dave Allan [Tue, 26 Jul 2011 03:20:49 +0000 (23:20 -0400)]
Fix incorrect implication about list options
The description of the list command seemed to suggest that it could
take a set of domains as an argument, which is not correct in the
current HEAD. If virsh list is intended to take a list of domains,
then this patch should be NAK'd and a bug opened against virsh list.
Reported by hachi on #virt
v2:
Change language to include transient domains
Osier pointed out that transient domains are not defined, so what I
had originally proposed wasn't quite correct.
When an incoming RPC message is ready for processing,
virNetServerClientDispatchRead()
will invoke the 'dispatchFunc' callback. This is set to
virNetServerDispatchNewMessage
This function puts the message + client in a queue for processing by the thread
pool. The thread pool worker function is
virNetServerHandleJob
The first thing this does is acquire an extra reference on the 'client'.
Unfortunately, between the time the message+client are put on the thread pool
queue, and the time the worker runs, the client object may have had its last
reference removed.
We clearly need to add the reference to the client object before putting the
client on the processing queue
* src/rpc/virnetserverclient.c: Add a reference to the client when
invoking the dispatch function
* src/rpc/virnetserver.c: Don't acquire a reference to the client
when in the worker thread
The cpu bandwidth is applied at the vcpu group level. We should apply it
at the vm group level too, because the vm may do heavy I/O, and it will affect
the other vm.
We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
that max(child_quota) <= parent_quota when we modify cpu bandwidth.
The virNetSASLContext, virNetSASLSession, virNetTLSContext and
virNetTLSSession classes previously relied in their owners
(virNetClient / virNetServer / virNetServerClient) to provide
locking protection for concurrent usage. When virNetSocket
gained its own locking code, this invalidated the implicit
safety the SASL/TLS modules relied on. Thus we need to give
them all explicit locking of their own via new mutexes.
* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
a mutex per object
When setting up a server socket, we must skip EADDRINUSE errors
from bind, since the IPv6 socket bind may have already bound to
the IPv4 socket too. If we don't manage to bind to any sockets
at all though, we should then report the EADDRINUSE error as
normal.
This fixes the case where libvirtd would not exit if some other
program was listening on its TCP/TLS ports.
Eric Blake [Mon, 18 Jul 2011 22:01:48 +0000 (16:01 -0600)]
virsh: make vcpucount use --current consistently
Rename the existing --current flag to the new name --active,
while adding a new flag --current to expose the new
VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.
For backwards compability, the output does not change (even
though the label "current" no longer matches the spelling of
the option that would trigger that number in isolation), and
we accept "--current --live" as an undocumented synonym for
"--active --live" to avoid breaking any existing clients.
* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
* tools/virsh.pod (vcpucount): Document this.
Eric Blake [Fri, 15 Jul 2011 23:35:47 +0000 (17:35 -0600)]
vcpu: teach getVcpusFlags about current
Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
so should virDomainGetVcpusFlags.
Unfortunately, the virsh counterpart 'virsh vcpucount' has already
commandeered --current for a different meaning, so teaching virsh
to expose this in the next patch will require a bit of care.
Laine Stump [Mon, 25 Jul 2011 18:11:38 +0000 (14:11 -0400)]
util: change virFile*Pid functions to return < 0 on failure
Although most functions in libvirt return 0 on success and < 0 on
failure, there are a few functions lingering around that return errno
(a positive value) on failure, and sometimes code calling those
functions incorrectly assumes the <0 standard. I noticed one of these
the other day when auditing networkStartDhcpDaemon after Guido Gunther
found a place where success was improperly returned on failure (that
patch has been acked and is pending a push). The problem was that it
expected the return value from virFileReadPid to be < 0 on failure,
but it was actually positive (it was also neglected to set the return
code in this case, similar to the bug found by Guido).
This all led to the fact that *all* of the virFile*Pid functions in
util.c are returning errno on failure. This patch remedies that
problem by changing them all to return -errno on failure, and makes
any necessary changes to callers of the functions. (In the meantime, I
also properly set the return code on failure of virFileReadPid in
networkStartDhcpDaemon).
With older GNUTLS the gnutls_x509_privkey_import function is
unable to import our private key. Instead we must use the
alternative gnutls_x509_privkey_import_pkcs8() (as certtool
does).
* virnettlscontexttest.c: Fix import of private key with
older gnutls. Also add missing newlines to key
commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the
semantics of the 'expire_offset' field in the test case struct
so that instead of being an absolute timestamp, it was a delta
relative to the current time. This broke the test cases which
were testing expiry of certificates, by putting the expiry
time into the future, instead of in the past.
Fix this by changing the expiry values to be negative, so that
the delta goes into the past again.
python: add Python binding for virDomainGetVcpuPinInfo API
This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
* python/generator.py: add it to generator skip list
* python/libvirt-override-api.xml: provide an override description
* python/libvirt-override.c: provide an override binding implementation
python: add Python binding for virDomainPinVcpusFlags API
This patch adds the Python bindings for virDomainPinVcpuFlags API.
* python/generator.py: add it to the generator skip list
* python/libvirt-override-api.xml: provide override description
* python/libvirt-override.c: provide override bindings implementation
python: add Python binding for virDomainGetSchedulerParametersFlags API
This patch adds the Python bindings for
virDomainGetSchedulerParametersFlags API.
* python/libvirt-override-api.xml: provide and override description
* python/libvirt-override.c: implement the bindings
Michal Privoznik [Fri, 22 Jul 2011 14:07:25 +0000 (16:07 +0200)]
bandwidth: Add parsing and free functions
These functions parse given XML node and return pointer to the
output. Unknown elements are silently ignored. Attributes must
be integer and must fit in unsigned long long.
Free function frees elements of virBandwidth structure.
Leaving any element out means not to shape traffic in that
direction.
The units for average and peak (rate) are in kilobytes per second,
for burst (size) are just in kilobytes.
This element can be inserted into domain's 'interface' and
'network'.
Laine Stump [Thu, 7 Jul 2011 04:24:08 +0000 (00:24 -0400)]
network: provide internal API to return IP of a network
The new listenNetwork attribute needs to learn an IP address based on a
named network. This patch provides a function networkGetNetworkAddress
which provides that.
Some networks have an IP address explicitly in their configuration
(ie, those with a forward type of "none", "route", or "nat"). For
those, we can just return the IP address from the config.
The rest will have a physical device associated with them (either via
<bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
of interfaces inside the network's <forward> element) and we will need
to ask the kernel for a current IP address of that device (via the
newly added ifaceGetIPAddress)
If networkGetNetworkAddress encounters an error while trying to learn
the address for a network, it will return -1. In the case that libvirt
has been compiled without the network driver, the call is a macro
which reduces to -2. This allows differentiating between a failure of
the network driver, and its complete absence.
Laine Stump [Thu, 7 Jul 2011 04:15:08 +0000 (00:15 -0400)]
util: add an ifaceGetIPAddress to the interface utilities
This function uses ioctl(SIOCGIFADDR), which limits it to returning
the first IPv4 address of an interface, but that's what we want right
now (the place we're going to use the address only accepts one).
Eric Blake [Fri, 22 Jul 2011 17:59:37 +0000 (11:59 -0600)]
tests: fix compilation failures
Even though gnutls is a hard-req for libvirt, and gnutls depends
on libtasn1, that does not mean that you have to have the libtasn1
development files installed. Skip the test rather than failing
compilation in that case.
With newer gcc, the test consumed too much stack space. Move
things to static storage to fix that.
* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
(HAVE_LIBTASN1): New automake conditional.
* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
* tests/virnettlscontexttest.c: Skip test if headers not present.
(struct testTLSCertReq): Alter time members.
(testTLSGenerateCert): Reflect the change.
(mymain): Reduce stack usage.
Honour filesystem readonly flag & make special FS readonly
A container should not be allowed to modify stuff in /sys
or /proc/sys so make them readonly. Make /selinux readonly
so that containers think that selinux is disabled.
Honour the readonly flag when mounting container filesystems
from the guest XML config
* src/lxc/lxc_container.c: Support readonly mounts
Even in non-virtual root filesystem mode we should be mounting
more than just a new /proc. Refactor lxcContainerMountBasicFS
so that it does everything except for /dev and /dev/pts moving
that into lxcContainerMountDevFS. Pass in a source prefix
to lxcContainerMountBasicFS() so it can be used in both shared
root and private root modes.
* src/lxc/lxc_container.c: Unify mounting code for special
filesystems
Pull code for doing a bind mount into separate method
The bind mount setup is about to get more complicated.
To avoid having to deal with several copies, pull it
out into a separate lxcContainerMountFSBind method.
Also pull out the iteration over container filesystems,
so that it will be easier to drop in support for non-bind
mount filesystems
* src/lxc/lxc_container.c: Pull bind mount code out into
lxcContainerMountFSBind
When libvirtd starts it it will sanity check its own certs,
and before libvirt clients connect to a remote server they
will sanity check their own certs. This patch allows such
sanity checking to be skipped. There is no strong reason to
need to do this, other than to bypass possible libvirt bugs
in sanity checking, or for testing purposes.
libvirt.conf gains tls_no_sanity_certificate parameter to
go along with tls_no_verify_certificate. The remote driver
client URIs gain a no_sanity URI parameter
* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
allow cert sanity checks to be skipped
* src/remote/remote_driver.c: Add no_sanity parameter to
skip cert checks
* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
Add new parameter for skipping sanity checks independantly
of skipping session cert validation checks
build: Use $(PYTHON) instead of python for the keycode map generator
Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
as executable and switch the shebang line from /bin/python to the
commonly use /usr/bin/python.
Laine Stump [Fri, 22 Jul 2011 02:48:32 +0000 (22:48 -0400)]
util: make interface.c functions consistently return < 0 on error
All of the functions in util/interface.c were returning 0 on success,
but some returned -1 on error, and some returned a positive value
(usually the value of errno, but sometimes just 1). Libvirt's standard
is to return < 0 on error (in the case of functions that need to
return errno, -errno is returned.
This patch modifies all functions in interface.c to consistently
return < 0 on error, and makes changes to callers of those functions
where necessary.
There is some commonality between the code for sanity checking
certs when initializing libvirt and the code for validating
certs during a live TLS session handshake. This patchset splits
up the sanity checking function into several smaller functions
each doing a specific type of check. The cert validation code
is then updated to also call into these functions
Remove call to deprecated gnutls_certificate_type_set_priority (again)
The gnutls_certificate_type_set_priority method is deprecated.
Since we already set the default gnutls priority, it was not
serving any useful purpose and can be removed
Ensure that libvirtd shuts down if initialization fails
If the virStateInitialize call fails we must shutdown libvirtd
since drivers will not be available. Just free'ing the virNetServer
is not sufficient, we must send a SIGTERM to ourselves so that
we interrupt the event loop and trigger a orderly shutdown
* daemon/libvirtd.c: Kill ourselves if state init fails
* src/rpc/virnetserver.c: Add some debugging to event loop
Adam Litke [Fri, 22 Jul 2011 05:57:42 +0000 (13:57 +0800)]
Asynchronous event for BlockJob completion
When an operation started by virDomainBlockPull completes (either with
success or with failure), raise an event to indicate the final status.
This API allow users to avoid polling on virDomainGetBlockJobInfo if
they would prefer to use an event mechanism.
* daemon/remote.c: Dispatch events to client
* include/libvirt/libvirt.h.in: Define event ID and callback signature
* src/conf/domain_event.c, src/conf/domain_event.h,
src/libvirt_private.syms: Extend API to handle the new event
* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
for block_stream completion and emit a libvirt block pull event
* src/remote/remote_driver.c: Receive and dispatch events to application
* src/remote/remote_protocol.x: Wire protocol definition for the event
* src/remote_protocol-structs: structure definitions for protocol verification
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
from QEMU monitor
Adam Litke [Fri, 22 Jul 2011 05:41:55 +0000 (13:41 +0800)]
Enable the virDomainBlockPull API in virsh
Define two new virsh commands:
* blockpull: Initiate a blockPull for the given disk
* blockjob: Retrieve progress info, modify speed, and cancel active block jobs
Share print_job_progress() with the migration code.
Adam Litke [Fri, 22 Jul 2011 05:39:37 +0000 (13:39 +0800)]
Implement virDomainBlockPull for the qemu driver
The virDomainBlockPull* family of commands are enabled by the
following HMP/QMP commands: 'block_stream', 'block_job_cancel',
'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
streaming by using the proper qemu monitor commands.
* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
Adam Litke [Fri, 22 Jul 2011 05:31:16 +0000 (13:31 +0800)]
Add virDomainBlockPull support to the remote driver
The generator can handle everything except virDomainGetBlockJobInfo().
* src/remote/remote_protocol.x: provide defines for the new entry points
* src/remote/remote_driver.c daemon/remote.c: implement the client and
server side for virDomainGetBlockJobInfo.
* src/remote_protocol-structs: structure definitions for protocol verification
* src/rpc/gendispatch.pl: Permit some unsigned long parameters
Adam Litke [Fri, 22 Jul 2011 05:18:06 +0000 (13:18 +0800)]
Add new API virDomainBlockPull* to headers
Set up the types for the block pull functions and insert them into the
virDriver structure definition. Symbols are exported in this patch to
prevent
documentation compile failures.
* include/libvirt/libvirt.h.in: new API
* src/driver.h: add the new entry to the driver structure
* python/generator.py: fix compiler errors, the actual python bindings
* are
implemented later
* src/libvirt_public.syms: export symbols
* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
* API
Eric Blake [Wed, 20 Jul 2011 04:29:26 +0000 (22:29 -0600)]
save: new API to manipulate save file images
Modifying the xml on either save or restore only gets you so
far - you have to remember to 'virsh dumpxml dom' just prior
to the 'virsh save' in order to have an xml file worth modifying
that won't be rejected due to abi breaks. To make this more
powerful, we need a way to grab the xml embedded within a state
file, and from there, it's not much harder to also support
modifying a state file in-place.
Also, virDomainGetXMLDesc didn't document its flags.
* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New prototypes.
* src/libvirt.c (virDomainSaveImageGetXMLDesc)
(virDomainSaveImageDefineXML): New API.
* src/libvirt_public.syms: Export them.
* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
(virDrvDomainSaveImgeDefineXML): New driver callbacks.
Eric Blake [Thu, 14 Jul 2011 23:22:53 +0000 (17:22 -0600)]
save: support bypass-cache flag in libvirt-guests init script
libvirt-guests is a perfect use case for bypassing the file system
cache - lots of filesystem traffic done at system shutdown, where
caching is pointless, and startup, where reading large files only
once just gets in the way. Make this a configurable option in the
init script, but defaulting to existing behavior.
* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.
Eric Blake [Tue, 19 Jul 2011 21:54:48 +0000 (15:54 -0600)]
save: support bypass-cache flag in qemu.conf
When auto-dumping a domain on crash events, or autostarting a domain
with managed save state, let the user configure whether to imply
the bypass cache flag.
* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
Document new variables.
* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
Honor them.
Eric Blake [Mon, 11 Jul 2011 21:26:33 +0000 (15:26 -0600)]
save: add virFileDirectFd wrapper type
O_DIRECT has stringent requirements. Rather than make lots of changes
at each site that wants to use O_DIRECT, it is easier to offload
the work through a helper process that mirrors the I/O between a
pipe and the actual direct fd, so that the other end of the pipe
no longer has to worry about constraints.
Plus, if the kernel ever gains better posix_fadvise support, then we
only have to touch a single file to let all callers benefit from a
more efficient way to avoid file system caching.
* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
* src/util/virdirect.c: Implement new wrapper object.
* src/libvirt_private.syms (virfile.h): Export new symbols.
* cfg.mk (useless_free_options): Add to list.
* po/POTFILES.in: Add new translations.
Eric Blake [Tue, 12 Jul 2011 14:35:05 +0000 (08:35 -0600)]
save: let iohelper work on O_DIRECT fds
Required for a coming patch where iohelper will operate on O_DIRECT
fds. There, the user-space memory must be aligned to file system
boundaries (at least 512, but using page-aligned works better, and
some file systems prefer 64k). Made tougher by the fact that
VIR_ALLOC won't work on void *, but posix_memalign won't work on
char * and isn't available everywhere.
This patch makes some simplifying assumptions - namely, output
to an O_DIRECT fd will only be attempted on an empty seekable
file (hence, no need to worry about preserving existing data
on a partial block, and ftruncate will work to undo the effects
of having to round up the size of the last block written), and
input from an O_DIRECT fd will only be attempted on a complete
seekable file with the only possible short read at EOF.
* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
* src/util/iohelper.c (runIO): Use aligned memory, and handle
quirks of O_DIRECT on last write.
Eric Blake [Tue, 12 Jul 2011 15:17:52 +0000 (09:17 -0600)]
save: let iohelper handle inherited fd
Rather than making the iohelper subject to a race in reopening
the file, it is nicer to pass an already-open fd by inheritance.
The old synopsis form must continue to work - if someone updates
their libvirt package and installs a new libvirt_iohelper but
without restarting the old libvirtd daemon, then the daemon can
still make calls using the old syntax but the new iohelper.
* src/util/iohelper.c (runIO): Split code for open...
(prepare): ...to new function.
(usage): Update synopsis.
(main): Allow alternate calling form.
* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.
Eric Blake [Sat, 9 Jul 2011 02:55:29 +0000 (20:55 -0600)]
save: wire up trivial save/restore flags implementations
For all hypervisors that support save and restore, the new API
now performs the same functions as the old.
VBox is excluded from this list, because its existing domainsave
is broken (there is no corresponding domainrestore, and there
is no control over the filename used in the save). A later
patch should change vbox to use its implementation for
managedsave, and teach start to use managedsave results.
Eric Blake [Thu, 21 Jul 2011 18:13:59 +0000 (12:13 -0600)]
error: add new error type for reflecting partial API support
VIR_ERR_INVALID_ARG implies that an argument cannot possibly
be correct, given the current state of the API.
VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
wrong, but arguments aren't configuration.
VIR_ERR_NO_SUPPORT implies that a function is completely
unimplemented.
But in the case of a function that is partially implemented,
yet the full power of the API is not available for that
driver, none of the above messages make sense. Hence a new
error message, implying that the argument is known to comply
with the current state of the API, and that while the driver
supports aspects of the function, it does not support that
particular use of the argument.
A good use case for this is a driver that supports
virDomainSaveFlags, but not the dxml argument of that API.
It might be feasible to also use this new error for all functions
that check flags, and which accept fewer flags than what is possible
in the public API. But doing so would get complicated, since
neither libvirt.c nor the remote driver may do flag filtering,
and every other driver would have to do a two-part check, first
using virCheckFlags on all public flags (which gives
VIR_ERR_INVALID_ARG for an impossible flag), followed by a
particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
possible public flag but unsupported by this driver).
* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
error.
* src/util/virterror.c (virErrorMsg): Give it a message.
Suggested by Daniel P. Berrange.
Eric Blake [Thu, 21 Jul 2011 19:41:15 +0000 (13:41 -0600)]
build: fix bugs with destroyFlags patches
Build failure on xenapi_driver from compiler warnings (flags was unused).
Build failure on xen (incorrect number of arguments). And in fixing
that, I obeyed the comments of struct xenUnifiedDriver that state
that we want to minimize the number of callback functions in that
struct, not add to it.
Laine Stump [Mon, 4 Jul 2011 06:27:12 +0000 (02:27 -0400)]
network: internal API functions to manage assignment of physdev to guest
The network driver needs to assign physical devices for use by modes
that use macvtap, keeping track of which physical devices are in use
(and how many instances, when the devices can be shared). Three calls
are added:
networkAllocateActualDevice - finds a physical device for use by the
domain, and sets up the virDomainActualNetDef accordingly.
networkNotifyActualDevice - assumes that the domain was already
running, but libvirtd was restarted, and needs to be notified by each
already-running domain about what interfaces they are using.
networkReleaseActualDevice - decrements the usage count of the
allocated physical device, and frees the virDomainActualNetDef to
avoid later accidentally using the device.
bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
functions are all #defined to be "0" in the .h file (effectively
becoming a NOP) to prevent link errors.
qemu_(command|driver|hotplug|process).c - add calls to the above APIs
in the appropriate places.
tests/Makefile.am - we need to include libvirt_driver_network.la
whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
symbols (in functions that are never called by the test
programs...)
Laine Stump [Wed, 20 Jul 2011 04:06:45 +0000 (00:06 -0400)]
qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
This is the one function outside of domain_conf.c that plays around
with (even modifying) the internals of the virDomainNetDef, and thus
can't be fixed up simply by replacing direct accesses to the fields of
the struct with the GetActual*() access functions.
In this case, we need to check if the defined type is "network", and
if it is *then* check the actual type; if the actual type is "bridge",
then we can at least put the bridgename in a place where it can be
used; otherwise (if type isn't "bridge"), we behave exactly as we used
to - just null out *everything*.
Laine Stump [Mon, 4 Jul 2011 01:57:45 +0000 (21:57 -0400)]
qemu: use virDomainNetGetActual*() functions where appropriate
The qemu driver accesses fields in the virDomainNetDef directly, but
with the advent of the virDomainActualNetDef, some pieces of
information may be found in a different place (the ActualNetDef) if
the network connection is of type='network' and that network is of
forward type='bridge|private|vepa|passthrough'. The previous patch
added functions to mask this difference from callers - they hide the
decision making process and just pick the value from the proper place.
This patch uses those functions in the qemu driver as a first step in
making qemu work with the new network types. At this point, the
virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
function will return exactly what the def->X that's being replaced
would have returned (ie bisecting is not compromised).
There is one place (in qemu_driver.c) where the internal details of
the NetDef are directly manipulated by the code, so the GetActual
functions cannot be used there without extra additional code; that
file will be treated in a separate patch.
Laine Stump [Thu, 30 Jun 2011 21:05:07 +0000 (17:05 -0400)]
network: separate Start/Shutdown functions for new network types
Previously all networks were composed of bridge devices created and
managed by libvirt, and the same operations needed to be done for all
of them when they were started and stopped (create and start the
bridge device, configure its MAC address and IP address, add iptables
rules). The new network types are (for now at least) managed outside
of libvirt, and the network object is used only to contain information
about the network, which is then used as each individual guest
connects itself.
This means that when starting/stopping one of these new networks, we
really want to do nothing, aside from marking the network as
active/inactive.
This has been setup as toplevel Start/Shutdown functions that do the
small bit of common stuff, then have a switch statement to execute
network type-specific start/shutdown code, then do a bit more common
code. The type-specific functions called for the new host bridge and
macvtap based types are currently empty.
In the future these functions may actually do something, and we will
surely add more functions that are similarly patterned. Once
everything has settled, we can make a table of "sub-driver" function
pointers for each network type, and store a pointer to that table in
the network object, then we can replace the switch statements with
calls to functions in the table.
The final step in this will be to add a new table (and corresponding
new functions) for new network types as they are added.
The first of these takes the place of the dev attribute that is
normally in <forward> - when defining a network you can specify
either one, and on output both will be present. If you specify
both on input, they must match.
2) In addition to forward modes of 'nat' and 'route', these new modes
are supported:
private, passthrough, vepa - when this network is referenced by a
domain's interface, it will have the same effect as if the
interface had been defined as type='direct', e.g.:
where ${mode} is one of the three new modes, and ${dev} is an interface
selected from the list given in <forward>.
bridge - if a <forward> dev (or multiple devs) is defined, and
forward mode is 'bridge' this is just like the modes 'private',
'passthrough', and 'vepa' above. If there is no forward dev
specified but a bridge name is given (e.g. "<bridge
name='br0'/>"), then guest interfaces using this network will use
libvirt's "host bridge" mode, equivalent to this:
3) A network can have multiple <portgroup> elements, which may be
selected by the guest interface definition (by adding
"portgroup='${name}'" in the <source> element along with the
network name). Currently a portgroup can only contain a
virtportprofile, but the intent is that other configuration items
may be put there int the future (e.g. bandwidth config). When
building a guest's interface, if the <interface> XML itself has no
virtportprofile, and if the requested network has a portgroup with
a name matching the name given in the <interface> (or if one of the
network's portgroups is marked with the "default='yes'" attribute),
the virtportprofile from that portgroup will be used by the
interface.
4) A network can have a virtportprofile defined at the top level,
which will be used by a guest interface when connecting in one of
the 'direct' modes if the guest interface XML itself hasn't
specified any virtportprofile, and if there are also no matching
portgroups on the network.
Laine Stump [Sun, 26 Jun 2011 08:09:00 +0000 (04:09 -0400)]
conf: support abstracted interface info in domain interface XML
the domain XML <interface> element is updated in the following ways:
1) <virtualportprofile> can be specified when source type='network'
(previously it was only valid for source type='direct')
2) A new attribute "portgroup" has been added to the <source>
element. When source type='network' (the only time portgroup is
recognized), extra configuration information will be taken from the
<portgroup> element of the given name in the network definition.
3) Each virDomainNetDef now also potentially has a
virDomainActualNetDef which is a private object (never
exported/imported via the public API, and not defined in the RNG) that
is used to maintain information about the physical device that was
actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.
The virDomainActualNetDef will only be parsed/formatted if the
parse/format function is called with the
VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
saving/loading a running domain's state info to the stateDir).
Laine Stump [Mon, 18 Jul 2011 22:44:38 +0000 (18:44 -0400)]
conf: virDomainNetDef points to (rather than contains) virtPortProfile
The virtPortProfile in the domain interface struct is now a separately
allocated object *pointed to by* (rather than contained in) the main
virDomainNetDef object. This is done to make it easier to figure out
when a virtualPortProfile has/hasn't been specified in a particular
config.
Laine Stump [Wed, 29 Jun 2011 04:38:10 +0000 (00:38 -0400)]
conf: put virtPortProfile struct / functions in a common location
virtPortProfiles are currently only used in the domain XML, but will
soon also be used in the network XML. To prepare for that change, this
patch moves the structure definition into util/network.h and the parse
and format functions into util/network.c (I decided that this was a
better choice than macvtap.h/c for something that needed to always be
available on all platforms).
projects / people / liuw / libxenctrl-split / libvirt.git / log