Doug Goldstein [Mon, 13 Aug 2012 04:44:49 +0000 (23:44 -0500)]
Update paths in man page to reflect libvirtd code
Updated the paths in the man page to reflect what the code in libvirtd
does. In addition broke out the FILES section into two subsections for
files used when run as root and files used when run as non-root.
Provided information about the defaults that libvirtd uses when running
as non-root and when XDG_CONFIG_HOME and XDG_RUNTIME_DIR are not set in
the environment.
Doug Goldstein [Mon, 13 Aug 2012 04:44:48 +0000 (23:44 -0500)]
Replace unset REMOTE_PID_FILE with proper value
REMOTE_PID_FILE is no longer used in the source or the build process but
the man page still used it resulting in no file name being displayed.
The same value that the libvirtd daemon code uses is now used in the man
page.
Doug Goldstein [Mon, 13 Aug 2012 04:44:47 +0000 (23:44 -0500)]
Fix man page file paths to real paths
Currently the man page has paths that start with @sysconfdir@,
@localstatedir@ and @remote_pid_file@. The sed command attempts to
replace these during the build but unfortunately pod2man gets to the
files first and escapes the @ character resulting in the sed not
working. This removes the @ character and makes the paths correct.
Currently there is a hook function that is invoked when a
new client connection comes in, which allows an app to
setup private data. This setup will make it difficult to
serialize client state during process re-exec(). Change to
a model where the app registers a callback when creating
the virNetServerPtr instance, which is used to allocate
the client private data immediately during virNetClientPtr
construction.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Allow sync IO and keepalives to be skipped in RPC client setup
Currently the virNetClientPtr constructor will always register
the async IO event handler and the keepalive objects. In the
case of the lock manager, there will be no event loop available
nor keepalive support required. Split this setup out of the
constructor and into separate methods.
The remote driver will enable async IO and keepalives, while
the LXC driver will only enable async IO
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Change interaction when accepting new RPC client connections
Currently the virNetServerServicePtr is responsible for
creating the virNetServerClientPtr instance when accepting
a new connection. Change this so that the virNetServerServicePtr
merely gives virNetServerPtr a virNetSocketPtr instance. The
virNetServerPtr can then create the virNetServerClientPtr
as it desires
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Add APIs for virThreadPoolPtr to query some config params
It is desirable to be able to query the config params of
the thread pool, in order to save the server state. Add
virThreadPoolGetMinWorkers, virThreadPoolGetMaxWorkers
and virThreadPoolGetPriorityWorkers APIs.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
While the QEMU monitor/agent do not want JSON strings pretty
printed, other parts of libvirt might. Instead of hardcoding
QEMU's desired behaviour in virJSONValueToString(), add a
boolean flag to control pretty printing
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Change function signature for creating new lock manager instances
To allow a virLockManagerPtr to be created directly from a
driver table struct, replace the virLockManagerPluginPtr parameter
with a virLockDriverPtr parameter.
* src/locking/domain_lock.c, src/locking/lock_manager.c,
src/locking/lock_manager.h: Replace plugin param with
a driver in virLockManagerNew
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Dmitry Guryanov [Mon, 13 Aug 2012 15:50:12 +0000 (19:50 +0400)]
parallels: change URI to parallels:///system
Let's change URI to parallels:///system. Parallels Server supports
creating VMs from non-privileged accounts, but it's not main usage
scenario and it may be forbidden in the future.
Also containers, which will be supported by the driver, can be managed
only by root, so /system path is more suitable for this driver.
Osier Yang [Tue, 14 Aug 2012 07:21:44 +0000 (15:21 +0800)]
virsh: Add helper to avoid the strcase check for virsh-*.c
* tools/virsh.c: New macro vshStrcasecmp
* tools/virsh-domain-monitor.c: Use vshStrcasecmp instead of
strcasecmp
* tools/virsh-snapshot.c: Likewise
* cfg.mk: Only avoid doing strcase checking for virsh.c
Laine Stump [Tue, 14 Aug 2012 15:03:38 +0000 (11:03 -0400)]
conf: log error when encountering multiple filterrefs in interface
Each interface has a single pointer to a filterref object. That
filterref can itself point to multiple other filterrefs, but at the
toplevel there is only one.
The parser had previously just silently overwritten earlier filterrefs
when a new one was encountered, so the interface was left with
whichever was the last filterref in the xml, ignoring all the
others. This patch logs an error when it sees more than one filterref.
Laine Stump [Mon, 6 Aug 2012 20:17:58 +0000 (16:17 -0400)]
network: add connections counter to networks
Just as each physical device used by a network has a connections
counter, now each network has a connections counter which is
incremented once for each guest interface that connects using this
network.
The count is output in the live network XML, like this:
<network connections='20'>
...
</network>
It is read-only, and for informational purposes only - it isn't used
internally anywhere by libvirt.
Laine Stump [Mon, 6 Aug 2012 17:45:57 +0000 (13:45 -0400)]
network: change cleanup: to success/cleanup/error: in network*() functions
A later patch will be adding a counter that will be
incremented/decremented each time an guest interface starts/stops
using a particular network. For this to work, all types of networks
need to go through a common return sequence rather than returning
early. To setup for this, a new success: label is added (when
necessary), a new error: label is added which does any cleanup
necessary only for error returns and then does goto cleanup, and early
returns are changed to goto error if it's a failure, or goto success
if it's successful. This way the intent of all the gotos is
unambiguous, and a successful return path never encounters the
"error:" label.
Laine Stump [Sun, 5 Aug 2012 06:59:55 +0000 (02:59 -0400)]
conf: output forward device connections count in network XML
It may be useful for management applications to know which physical
network devices are in use by guests. This information is already
available in the network objects, but wasn't output in the XML. This
patch outputs it when the INACTIVE flag isn't set (and if it's non-0).
Laine Stump [Sun, 5 Aug 2012 06:45:04 +0000 (02:45 -0400)]
conf: rename interface "usageCount" to "connections"
I want to include this count in the xml output of networks, but
calling it "connections" in the XML sounds better than "usageCount", and it
would be better if the name in the XML matched the variable name.
In a few places, usageCount was being initialized to 0, but this is
unnecessary, because VIR_ALLOC_N zero-fills everything anyway.
Laine Stump [Sun, 5 Aug 2012 06:32:49 +0000 (02:32 -0400)]
conf: use a unique data type for PF array in virDomainNetDef
This array was originally defined using the existing
virNetworkForwardIfDef, but that struct has a UsageCount field that
isn't used in the case of PFs. This patch just copies that struct and
removes UsageCount. It ends up being a struct with a single field, but
I left it as a struct in case we need to add other fields to it in the
future.
Eric Blake [Tue, 14 Aug 2012 17:36:38 +0000 (11:36 -0600)]
random: link with -lm when needed
Use of ldexp() requires -lm on some platforms; use gnulib to determine
this for our makefile. Also, optimize virRandomInt() for the case
of a power-of-two limit (actually rather common, given that Daniel
has a pending patch to replace virRandomBits(10) with code that will
default to virRandomInt(1024) on default SELinux settings).
* .gnulib: Update to latest, for ldexp.
* bootstrap.conf (gnulib_modules): Import ldexp.
* src/Makefile.am (libvirt_util_la_CFLAGS): Link with -lm when
needed.
* src/util/virrandom.c (virRandomInt): Optimize powers of 2.
Laine Stump [Thu, 2 Aug 2012 18:10:00 +0000 (14:10 -0400)]
network: merge relevant virtualports rather than choosing one
One of the original ideas behind allowing a <virtualport> in an
interface definition as well as in the <network> definition *and*one
or more <portgroup>s within the network, was that guest-specific
parameteres (like instanceid and interfaceid) could be given in the
interface's virtualport, and more general things (portid, managerid,
etc) could be given in the network and/or portgroup, with all the bits
brought together at guest startup time and combined into a single
virtualport to be used by the guest. This was somehow overlooked in
the implementation, though - it simply picks the "most specific"
virtualport, and uses the entire thing, with no attempt to merge in
details from the others.
This patch uses virNetDevVPortProfileMerge3() to combine the three
possible virtualports into one, then uses
virNetDevVPortProfileCheck*() to verify that the resulting virtualport
type is appropriate for the type of network, and that all the required
attributes for that type are present.
An example of usage is this: assuming a <network> definitions on host
ABC of:
Laine Stump [Tue, 31 Jul 2012 18:36:51 +0000 (14:36 -0400)]
conf: support partially-specified <virtualport> in parser and formatter
Until now, all attributes in a <virtualport> parameter list that were
acceptable for a particular type, were also required. There were no
optional attributes.
One of the aims of supporting <virtualport> in libvirt's virtual
networks and portgroups is to allow specifying the group-wide
parameters in the network's virtualport, and merge that with the
interface's virtualport, which will have the instance-specific info
(i.e. the interfaceid or instanceid).
Additionally, the guest's interface XML shouldn't need to know what
type of network connection will be used prior to runtime - it could be
openvswitch, 802.1Qbh, 802.1Qbg, or none of the above - but should
still be able to specify instance-specific info just in case it turns
out to be applicable.
Finally, up to now, the parser for virtualport has always generated a
random instanceid/interfaceid when appropriate, making it impossible
to leave it blank (which is what's required for virtualports within a
network/portprofile definition).
This patch modifies the parser and formatter of the <virtualport>
element in the following ways:
* because most of the attributes in a virNetDevVPortProfile are fixed
size binary data with no reserved values, there is no way to embed a
"this value wasn't specified" sentinel into the existing data. To
solve this problem, the new *_specified fields in the
virNetDevVPortProfile object that were added in a previous patch of
this series are now set when the corresponding attribute is present
during the parse.
* allow parsing/formatting a <virtualport> that has no type set. In
this case, all fields are settable, but all are also optional.
* add a GENERATE_MISSING_DEFAULTS flag to the parser - if this flag is
set and an instanceid/interfaceid is expected but not provided, a
random one will be generated. This was previously the default
behavior, but is now done only for virtualports inside an
<interface> definition, not for those in <network> or <portgroup>.
* add a REQUIRE_ALL_ATTRIBUTES flag to the parser - if this flag is
set the parser will call the new
virNetDevVPortProfileCheckComplete() functions at the end of the
parser to check for any missing attributes (based on type), and
return failure if anything is missing. This used to be default
behavior. Now it is only used for the virtualport defined inside an
interface's <actual> element (by the time you've figured out the
contents of <actual>, you should have all the necessary data to fill
in the entire virtualport)
* add a REQUIRE_TYPE flag to the parser - if this flag is set, the
parser will return an error if the virtualport has no type
attribute. This also was previously the default behavior, but isn't
needed in the case of the virtualport for a type='network' interface
(i.e. the exact type isn't yet known), or the virtualport of a
portgroup (i.e. the portgroup just has modifiers for the network's
virtualport, which *does* require a type) - in those cases, the
check will be done at domain startup, once the final virtualport is
assembled (this is handled in the next patch).
Laine Stump [Wed, 1 Aug 2012 07:28:28 +0000 (03:28 -0400)]
conf: simplify Buffer Indentation in virDomainNetDefFormat
This function has several calls to increase the buffer indent by 6,
then decrease it again, then increase, then decrease. Additionally,
there were several printfs that had 6 spaces at the beginning of the
line.
virDomainActualNetDefFormat, which is called by virDomainNetDefFormat,
had similar ugliness.
This patch changes both functions to just increase the indent at the
beginning, decrease it at (well, just before*) the end, and remove all
of the occurences of 6/8 spaces at the beginning of lines.
*The indent had to be reset before the end of the function because
virDomainDeviceInfoFormat assumes a 0 indent and is called from many
other places, and I didn't want to do an overhaul of every caller of
that function. A separate patch to switch all of domain_conf.c would
be a useful exercise, but my current goal is unrelated to that, so
I'll leave it for another day.
Laine Stump [Mon, 30 Jul 2012 04:47:44 +0000 (00:47 -0400)]
conf: make error returns from virDomainActualNetDefFormat consistent
There was an error: label that simply did "return ret", but ret was
defaulted to -1, and was never used other than setting it manually to
0 just before a non-error return. Aside from this, some of the error
return paths used "goto error" and others used "return ret".
This patch removes ret and the error: label, and makes all error
returns just consistently do "return -1".
Laine Stump [Mon, 30 Jul 2012 06:03:25 +0000 (02:03 -0400)]
conf: move virtPortProfile out of unions in virDomainNetDef
virtPortProfile is now used by 4 different types of network devices
(NETWORK, BRIDGE, DIRECT, and HOSTDEV), and it's getting cumbersome to
replicate so much code in 4 different places just because each type
has the virtPortProfile in a slightly different place. This patch puts
a single virtPortProfile in a common place (outside the type-specific
union) in both virDomainNetDef and virDomainActualNetDef, and adjusts
the parse and format code (and the few other places where it is used)
accordingly.
Note that when a <virtualport> element is found, the parse functions
verify that the interface is of a type that supports one, otherwise an
error is generated (CONFIG_UNSUPPORTED in the case of <interface>, and
INTERNAL in the case of <actual>, since the contents of <actual> are
always generated by libvirt itself).
Laine Stump [Sat, 4 Aug 2012 07:09:47 +0000 (03:09 -0400)]
util: utility functions for virNetDevVPortProfile
This patch adds three utility functions that operate on
virNetDevVPortProfile objects.
* virNetDevVPortProfileCheckComplete() - verifies that all attributes
required for the type of the given virtport are specified.
* virNetDevVPortProfileCheckNoExtras() - verifies that there are no
attributes specified which are inappropriate for the type of the
given virtport.
* virNetDevVPortProfileMerge3() - merges 3 virtports into a single,
newly allocated virtport. If any attributes are specified in
more than one of the three sources, and do not exactly match,
an error is logged and the function fails.
These new functions depend on new fields in the virNetDevVPortProfile
object that keep track of whether or not each attribute was
specified. Since the higher level parse function doesn't yet set those
fields, these functions are not actually usable yet (but that's okay,
because they also aren't yet used - all of that functionality comes in
a later patch.)
Note that these three functions return 0 on success and -1 on
failure. This may seem odd for the first two Check functions, since
they could also easily return true/false, but since they actually log
an error when the requested condition isn't met (and should result in
a failure of the calling function), I thought 0/-1 was more
appropriate.
Laine Stump [Wed, 25 Jul 2012 01:14:41 +0000 (21:14 -0400)]
util: eliminate union in virNetDevVPortProfile
virNetDevVPortProfile has (had) a type field that can be set to one of
several values, and a union of several structs, one for each
type. When a domain's interface object is of type "network", the
domain config may not know beforehand which type of virtualport is
going to be provided in the actual device handed down from the network
driver at runtime, but may want to set some values in the virtualport
that may or may not be used, depending on the type. To support this
usage, this patch replaces the union of structs with toplevel fields
in the struct, making it possible for all of the fields to be set at
the same time.
Laine Stump [Thu, 2 Aug 2012 18:06:58 +0000 (14:06 -0400)]
util: make return value of virUUIDFormat and virMacAddrFormat useful
Both of these functions returned void, but it's convenient for them to
return a const char* of the char* that is passed in. This was you can
call the function and use the result in the same expression/arg.
Pull code which finds a free MCS label out into its own method
The code for picking a MCS label is about to get significantly
more complicated, so it deserves to be in a standlone method,
instead of a switch/case body.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Honour current user and role in SELinux label generation
When generating an SELinux context for a VM from the template
"system_u:system_r:svirt_t:s0", copy the role + user from the
current process instead of the template context. So if the
current process is
Ideally the /etc/selinux/targeted/contexts/virtual_domain_context
file would have just shown the 'svirt_t' type, and not the full
context, but that can't be changed now for compatibility reasons.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Fix error reporting in virSecuritySELinuxGenNewContext
The virSecuritySELinuxGenNewContext method was not reporting any
errors, leaving it up to the caller to report a generic error.
In addition it could potentially trigger a strdup(NULL) in an
OOM scenario. Move all error reporting into the
virSecuritySELinuxGenNewContext method where accurate info
can be provided
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Use VIR_ERR_CONFIG_UNSUPPORTED if requested security driver is disabled
There is currently no way to distinguish the case that a requested
security driver was disabled, from the case where no security driver
was available. Use VIR_ERR_CONFIG_UNSUPPORTED as the error when an
explicitly requested security driver was disabled
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Add virRandom() API to generate numbers with non-power-of-2 limit
The current virRandomBits() API is only usable if the caller wants
a random number in the range [0, n-1) where n is a power of two.
This adds a virRandom() API which generates a double in the
range [0.0,1.0) with 48 bits of entropy. It then also adds a
virRandomInt(uint32_t max) API which generates an unsigned
in the range [0,@max)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
will cause us to accidentally break soname when we change the
major version number to a non-zero value !
Given CURRENT:REVISION:AGE, libtool will generate
libvirt.so.($CURRENT-$AGE).$AGE.$REVISION
We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
soon as MAJOR changes to non-zero, we get libvirt.so.1
as the soname, eg 1.3.9 would create libvirt.so.1.3.9
Looks natural but is not ABI compatible with libvirt.so.0.x.y
The fix is to set CURRENT to always be exactly the same
as AGE. We want to have the major version reflected in
the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
2.51.3 would create libvirt.so.0.2051.3
Osier Yang [Fri, 3 Aug 2012 15:48:05 +0000 (23:48 +0800)]
Destroy virdomainlist.[ch]
As the consensus in:
https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
this patch is to destroy conf/virdomainlist.[ch], folding the
helpers into conf/domain_conf.[ch].
* src/Makefile.am:
- Various indention fixes incidentally
- Add macro DATATYPES_SOURCES (datatypes.[ch])
- Link datatypes.[ch] for libvirt_lxc
* src/conf/domain_conf.c:
- Move all the stuffs from virdomainlist.c into it
- Use virUnrefDomain and virUnrefDomainSnapshot instead of
virDomainFree and virDomainSnapshotFree, which are defined
in libvirt.c, and we don't want to link to it.
- Remove "if" before "free" the object, as virObjectUnref
is in the list "useless_free_options".
* src/conf/domain_conf.h:
- Move all the stuffs from virdomainlist.h into it
- s/LIST_FILTER/LIST_DOMAINS_FILTER/
* src/libxl/libxl_driver.c:
- s/LIST_FILTER/LIST_DOMAINS_FILTER/
- no (include "virdomainlist.h")
libvirt creates invalid commands if wrong locale is selected. For
example with locale that uses comma as a decimal point, JSON commands
created with decimal numbers are invalid because comma separates the
entries in JSON. Fortunately even when decimal point is affected,
thousands grouping is not, because for grouping to be enabled with
*printf, there has to be an apostrophe flag specified (and supported).
This patch adds specific internal function for converting doubles to
strings with C locale.
Asad Saeed [Mon, 13 Aug 2012 20:21:10 +0000 (13:21 -0700)]
sanlock: don't unlink lockspace if registration fails
This is a patch for bug 847848
If registering an existing lockspace with the sanlock daemon
returns an error, libvirt should not proceed to unlink the lockspace.
Cole Robinson [Sat, 11 Aug 2012 18:45:45 +0000 (14:45 -0400)]
virsh: Convert '<cmd> --help' to 'help <cmd>'
Often times I find myself halfway through typing a long command when
I want to see 'help' output. I instinctively append '--help' to the
command I'm typing, only to get an error:
This patch makes --help work in a pretty hacky way. One missing piece
here is that --help isn't listed as an option in the actual 'help <cmd>'
output, but maybe this can be a starting point for someone.
Cole Robinson [Sat, 11 Aug 2012 19:00:46 +0000 (15:00 -0400)]
virsh.c: Fix compiler warning
For some reason I only get this after applying subsequent upcoming
patches that touch virsh, but don't seem to actually cause the warning.
virsh.c: In function ‘vshCommandParse’:
virsh.c:2014:46: error: ‘opt_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors
Frido Roose [Mon, 13 Aug 2012 10:54:38 +0000 (12:54 +0200)]
Release only specific sanlock resource
This is a patch for bug 826704
All sanlock resources get released when hot-dettaching a disk from the domain
because virLockManagerSanlockRelease uses the wrong function parameters/flags.
With the patch only the resources that should be released are cleaned up.
Peter Krempa [Thu, 9 Aug 2012 13:12:12 +0000 (15:12 +0200)]
virterror: Add error message for unsupported operations.
This patch introduces a new error code VIR_ERR_OPERATION_UNSUPPORTED to
mark error messages regarding operations that failed due to lack of
support on the hypervisor or other than libvirt issues.
The code is first used in reporting error if qemu does not support block
IO tuning variables yielding error message:
error: Unable to get block I/O throttle parameters
error: Operation not supported: block_io_throttle field
'total_bytes_sec' missing in qemu's output
instead of:
error: Unable to get block I/O throttle parameters
error: internal error cannot read total_bytes_sec
Laine Stump [Fri, 10 Aug 2012 21:14:21 +0000 (17:14 -0400)]
build: fix binary location in stap files --with-driver-modules
libvirt_qemu_probes.stp stopped working after switching to a build
that used --with-driver-modules. This was because the symbols listed
int libvirt_qemu_probes.stp are no longer in $(bindir)/libvirtd, but
are now in $(libdir)/connection-driver/libvirt_driver_qemu.so.
This patch enhances dtrace2systemtap.pl (which generates the .stp
files from .d files) to look for a new "module" setting in the
comments of the .d file (similar to the existing "binary" setting),
and to look for a --with-modules option. If the --with-modules option
is set *and* a "module" setting is present in the .d file, the process
name for the stap line is set to
$libdir/$module
If either of these isn't true, it reverts to the old behavior.
src/Makefile.am was also modified to add the --with-modules option
when the build calls for it, and src/libvirt_qemu_probes.d has added a
"module" line pointing to the correct .so file for the qemu driver.
List:
- some old libvir/libvirt rename leftovers (the only problem can be
if somebody parses 'virsh version' output really badly)
- remove pointless tags specified in some pages that are not used
This patch makes search.php autogenerated from search.php.in, thus
removing hardcoded menus, footer etc. and the search.php is added to
.gitignore.
There is new rule added for *.php files (to make it bit less
hardcoded) that takes *.php.code.in and injects it inside the
generated *.php (xslt was not happy about php code in the source xml).
docs: fix 404 page when fetched from different location
Error 404 page had relative paths specified for both the image and
stylesheets which caused a problem when requested URL included a
subfolder (e.g. http://libvirt.org/asdf/asdf ). This patch corrects
this behaviour by modifying href_base to '/' (for style-sheets) and
changing the src of the image (to be '/' always).
Laine Stump [Thu, 9 Aug 2012 06:18:23 +0000 (02:18 -0400)]
nwfilter: fix crash during filter define when lxc driver failed startup
The meat of this patch is just moving the calls to
virNWFilterRegisterCallbackDriver from each hypervisor's "register"
function into its "initialize" function. The rest is just code
movement to allow that, and a new virNWFilterUnRegisterCallbackDriver
function to undo what the register function does.
The long explanation:
There is an array in nwfilter called callbackDrvArray that has
pointers to a table of functions for each hypervisor driver that are
called by nwfilter. One of those function pointers is to a function
that will lock the hypervisor driver. Entries are added to the table
by calling each driver's "register" function, which happens quite
early in libvirtd's startup.
Sometime later, each driver's "initialize" function is called. This
function allocates a driver object and stores a pointer to it in a
static variable that was previously initialized to NULL. (and here's
the important part...) If the "initialize" function fails, the driver
object is freed, and that pointer set back to NULL (but the entry in
nwfilter's callbackDrvArray is still there).
When the "lock the driver" function mentioned above is called, it
assumes that the driver was successfully loaded, so it blindly tries
to call virMutexLock on "driver->lock".
BUT, if the initialize never happened, or if it failed, "driver" is
NULL. And it just happens that "lock" is always the first field in
driver so it is also NULL.
Boom.
To fix this, the call to virNWFilterRegisterCallbackDriver for each
driver shouldn't be called until the end of its (*already guaranteed
successful*) "initialize" function, not during its "register" function
(which is currently the case). This implies that there should also be
a virNWFilterUnregisterCallbackDriver() function that is called in a
driver's "shutdown" function (although in practice, that function is
currently never called).
Matthias Bolte [Sun, 5 Aug 2012 20:11:50 +0000 (22:11 +0200)]
esx: Implement network driver
An ESX server has one or more PhysicalNics that represent the actual
hardware NICs. Those can be listed via the interface driver.
A libvirt virtual network is mapped to a HostVirtualSwitch. On the
physical side a HostVirtualSwitch can be connected to PhysicalNics.
On the virtual side a HostVirtualSwitch has HostPortGroups that are
mapped to libvirt virtual network's portgroups. Typically there is
HostPortGroups named 'VM Network' that is used to connect virtual
machines to a HostVirtualSwitch. A second HostPortGroup typically
named 'Management Network' is used to connect the hypervisor itself
to the HostVirtualSwitch. This one is not mapped to a libvirt virtual
network's portgroup. There can be more HostPortGroups than those
typical two on a HostVirtualSwitch.
The virtual counterparts of the PhysicalNic is the HostVirtualNic for
the hypervisor and the VirtualEthernetCard for the virtual machines
that are grouped into HostPortGroups.
The currently implemented network driver can list, define and undefine
HostVirtualSwitches including HostPortGroups for virtual machines.
Existing HostVirtualSwitches cannot be edited yet. This will be added
in a followup patch.
Matthias Bolte [Sat, 4 Aug 2012 17:56:17 +0000 (19:56 +0200)]
esx: Fix dynamic deep copy
The static deep copy allocates storage for the copy. The dynamic
version injected the dynamic dispatch after the allocation. This
triggered the invalid argument check in the dynamically dispatched
deep copy call. The deep copy function expects its dest parameter
to be a pointer to a NULL-pointer. This expectation wasn't met due
to the dispatching deep copy doing the allocation before the call.
Fix this by dynamically dispatching to the correct type before the
allocation.
Stefan Berger [Thu, 9 Aug 2012 20:17:13 +0000 (16:17 -0400)]
nwfilter: remove target table before renaming it
Remove the target table before renaming a table to it, i.e.,
remove table B before renaming A to B. This makes the
renaming more robust against unconnected left-over tables.
Add APIs for obtaining the unique ID of LVM & SCSI volumes
Both LVM volumes and SCSI LUNs have a globally unique
identifier associated with them. It is useful to be able
to query this identifier to then perform disk locking,
rather than try to figure out a stable pathname.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Jiri Denemark [Thu, 2 Aug 2012 10:11:20 +0000 (12:11 +0200)]
qemu: Fix debug message in p2p migration
When entering "confirm" phase, we are interested in the value of
cancelled rather then ret variable which was interesting before "finish"
phase and didn't change since then.
Jiri Denemark [Fri, 3 Aug 2012 16:34:06 +0000 (18:34 +0200)]
qemu: Migrate at unlimited speed by default
Previously, qemu did not respond to monitor commands during migration if
the limit was too high. This prevented us from raising the limit
earlier. The qemu issue seems to be fixed (according to my testing) and
we may remove the 32Mb/s limit.
Peter Krempa [Thu, 9 Aug 2012 07:58:05 +0000 (09:58 +0200)]
qemu: Refactor parsing of block device IO tuning parameters.
This patch refactors the JSON parsing function that extracts the block
IO tuning parameters from qemu's output. The most impacting change
concerns the error message that is returned if the reply from qemu does
not contain the needed data. The data for IO parameter tuning were added
in qemu 1.1 and the previous error message was confusing.
This patch also breaks long lines and extracts a multiple time used code
pattern to a macro.
Peter Krempa [Tue, 17 Jul 2012 12:25:34 +0000 (14:25 +0200)]
remote: Clean up coding style and refactor remote connection opening
Remove spaces before function calls and some other coding nits in some
parts of the remote driver and refactor getting of URI argument
components into variables used by libvirt later on.
Peter Feiner [Wed, 8 Aug 2012 20:59:41 +0000 (16:59 -0400)]
Fix errno check, prevent spurious errors under heavy load
From man poll(2), poll does not set errno=EAGAIN on interrupt, however
it does set errno=EINTR. Have libvirt retry on the appropriate errno.
Under heavy load, a program of mine kept getting libvirt errors 'poll on
socket failed: Interrupted system call'. The signals were SIGCHLD from
processes forked by threads unrelated to those using libvirt.
Guannan Ren [Wed, 8 Aug 2012 07:06:33 +0000 (15:06 +0800)]
qemu: add two qemu caps for lsi and virtio-scsi SCSI controllers
Rename qemuDefaultScsiControllerModel to qemuCheckScsiControllerModel.
When scsi model is given explicitly in XML(model > 0) checking if the
underlying QEMU supports it or not first, raise an error on checking
failure.
When the model is not given(mode <= 0), return LSI by default, if
the QEMU doesn't support it, raise an error.
Guannan Ren [Wed, 8 Aug 2012 06:25:24 +0000 (14:25 +0800)]
qemu: add capabilities flags related to scsi controller
QEMU_CAPS_SCSI_LSI
set the flag when "lsi53c895a", bus PCI, alias "lsi" in
the output of "qemu -device ?"
-device lsi in qemu command line
QEMU_CAPS_VIRTIO_SCSI_PCI
set the flag when "name "virtio-scsi-pci", bus PCI" in
the output of qemu devices query.
-device virtio-scsi-pci in qemu command line
If a caller to virCommandRun doesn't ask for the exitstatus of the
program it's running, the virCommand functions assume that they should
log an error message and return failure if the exit code isn't
0. However, only the commandline and exit status are logged, while
potentially useful information sent by the program to stderr is
discarded.
Fortunately, virCommandRun is already checking if the caller had asked
for stderr to be saved and, if not, sets things up to save it in
*cmd->errbuf. This makes it fairly simple for virCommandWait to
include *cmd->errbuf in the error log (there are still other callers
that don't setup errbuf, and even virCommandRun won't set it up if the
command is being daemonized, so we have to check that it's non-zero).
Occasionally some test cases will (accidentally) try to spawn
libvirtd. Set the LIBVIRT_AUTOSTART=0 environment variable to
ensure the remote driver never tries autostart.
Don't check the 'connect' command in virsh-all test
The 'virsh-all' test case will invoke each virsh command with
no args. With the 'connect' command this causes virsh to try
to connect to the default URI, which in turn tries to spawn
libvirtd. This is not something we want todo in the test suite,
so skip the 'connect' command.
Switch virDomainObjPtr to use the virObject APIs for reference
counting. The main change is that virObjectUnref does not return
the reference count, merely a bool indicating whether the object
still has any refs left. Checking the return value is also not
mandatory.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The code is significantly simplified, since the mutex in the
virConnectPtr object now only needs to be held when accessing
the per-connection virError object instance. All other operations
are completely lock free.
* src/datatypes.c, src/datatypes.h, src/libvirt.c: Convert
public datatypes to use virObject
* src/conf/domain_event.c, src/phyp/phyp_driver.c,
src/qemu/qemu_command.c, src/qemu/qemu_migration.c,
src/qemu/qemu_process.c, src/storage/storage_driver.c,
src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
tests/qemuxml2argvtest.c, tests/qemuxmlnstest.c,
tests/sexpr2xmltest.c, tests/xmconfigtest.c: Convert
to use virObjectUnref/virObjectRef
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This introduces a fairly basic reference counted virObject type
and an associated virClass type, that use atomic operations for
ref counting.
In a global initializer (recommended to be invoked using the
virOnceInit API), a virClass type must be allocated for each
object type. This requires a class name, a "dispose" callback
which will be invoked to free memory associated with the object's
fields, and the size in bytes of the object struct.
There is no need to reset fields to 'NULL' or '0' in the
dispose callback, since the entire object will be memset
to 0, and the klass pointer & magic integer fields will
be poisoned with 0xDEADBEEF before being free()d
When creating an instance of an object, one needs simply
pass the virClassPtr eg
Richa Marwaha [Fri, 3 Aug 2012 20:33:07 +0000 (16:33 -0400)]
apparmor: QEMU bridge helper policy updates
This patch provides AppArmor policy updates for the QEMU bridge helper.
The QEMU bridge helper is a SUID executable exec'd by QEMU that drops
capabilities to CAP_NET_ADMIN and adds a tap device to a network bridge.
Richa Marwaha [Fri, 3 Aug 2012 20:33:06 +0000 (16:33 -0400)]
Add -netdev bridge support
This patch adds the support to run the QEMU network helper
under unprivileged user. It also adds the support for
attach-interface option in virsh to run under unprivileged
user.
Eric Blake [Fri, 3 Aug 2012 23:15:00 +0000 (17:15 -0600)]
virrandom: make virRandomInitialize an automatic one-shot
All callers used the same initialization seed (well, the new
viratomictest forgot to look at getpid()); so we might as well
make this value automatic. And while it may feel like we are
giving up functionality, I documented how to get it back in the
unlikely case that you actually need to debug with a fixed
pseudo-random sequence. I left that crippled by default, so
that a stray environment variable doesn't cause a lack of
randomness to become a security issue.
* src/util/virrandom.c (virRandomInitialize): Rename...
(virRandomOnceInit): ...and make static, with one-shot call.
Document how to do fixed-seed debugging.
* src/util/virrandom.h (virRandomInitialize): Drop prototype.
* src/libvirt_private.syms (virrandom.h): Don't export it.
* src/libvirt.c (virInitialize): Adjust caller.
* src/lxc/lxc_controller.c (main): Likewise.
* src/security/virt-aa-helper.c (main): Likewise.
* src/util/iohelper.c (main): Likewise.
* tests/seclabeltest.c (main): Likewise.
* tests/testutils.c (virtTestMain): Likewise.
* tests/viratomictest.c (mymain): Likewise.
Eric Blake [Fri, 3 Aug 2012 19:16:42 +0000 (13:16 -0600)]
build: drop conditional use of mdns code
Commit 1f6f723 missed a step. At first I was worried that scrubbing
the conditionals would lead to a runtime failure when compiled without
avahi, but my testing makes it appear that the runtime error will only
occur if the .conf files in /etc request mdns advertisement; and the
old behavior was to silently ignore the request, so this is actually
a better behavior of only failing when the config requests the
impossible.
* src/rpc/virnetserver.c: Drop HAVE_AVAHI conditionals; all
callers already passed NULL if mdns_adv was not configured.
Michal Privoznik [Tue, 17 Jul 2012 16:38:47 +0000 (18:38 +0200)]
qemu: Set reasonable RSS limit on domain startup
If there's a memory leak in qemu or qemu is exploited the host's
system will sooner or later start trashing instead of killing
the bad process. This however has impact on performance and other
guests as well. Therefore we should set a reasonable RSS limit
even when user hasn't set any. It's better to be secure by default.
projects / libvirt.git / log