提交 29226bee 编写于 作者: M Martin Kletzander

qemu: configurable remote display port boundaries

The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to
find free port when starting domains. As this was hard-coded to the
same ports as default VNC servers, there were races with these other
programs. This patch includes the possibility to change the default
starting port as well as the maximum port (mostly for completeness) in
qemu config file.

Support for two new config options in qemu.conf is added:
 - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and
   must be >= than this value)
 - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and
   must be <= than this value)
上级 a14b4aea
...@@ -39,6 +39,9 @@ module Libvirtd_qemu = ...@@ -39,6 +39,9 @@ module Libvirtd_qemu =
| str_entry "spice_tls_x509_cert_dir" | str_entry "spice_tls_x509_cert_dir"
| str_entry "spice_password" | str_entry "spice_password"
let remote_display_entry = int_entry "remote_display_port_min"
| int_entry "remote_display_port_max"
let security_entry = str_entry "security_driver" let security_entry = str_entry "security_driver"
| bool_entry "security_default_confined" | bool_entry "security_default_confined"
| bool_entry "security_require_confined" | bool_entry "security_require_confined"
...@@ -72,6 +75,7 @@ module Libvirtd_qemu = ...@@ -72,6 +75,7 @@ module Libvirtd_qemu =
(* Each enty in the config is one of the following three ... *) (* Each enty in the config is one of the following three ... *)
let entry = vnc_entry let entry = vnc_entry
| spice_entry | spice_entry
| remote_display_entry
| security_entry | security_entry
| save_entry | save_entry
| process_entry | process_entry
......
...@@ -140,6 +140,20 @@ ...@@ -140,6 +140,20 @@
#spice_password = "XYZ12345" #spice_password = "XYZ12345"
# Override the port for creating both VNC and SPICE sessions (min).
# This defaults to 5900 and increases for consecutive sessions
# or when ports are occupied, until it hits the maximum.
#
# Minimum must be greater than or equal to 5900 as lower number would
# result into negative vnc display number.
#
# Maximum must be less than 65536, because higher numbers do not make
# sense as a port number.
#
#remote_display_port_min = 5900
#remote_display_port_max = 65535
# The default security driver is SELinux. If SELinux is disabled # The default security driver is SELinux. If SELinux is disabled
# on the host, then the security driver will automatically disable # on the host, then the security driver will automatically disable
# itself. If you wish to disable QEMU SELinux security driver while # itself. If you wish to disable QEMU SELinux security driver while
......
...@@ -37,6 +37,13 @@ ...@@ -37,6 +37,13 @@
# define QEMU_VIRTIO_SERIAL_PREFIX "virtio-serial" # define QEMU_VIRTIO_SERIAL_PREFIX "virtio-serial"
# define QEMU_FSDEV_HOST_PREFIX "fsdev-" # define QEMU_FSDEV_HOST_PREFIX "fsdev-"
/* These are only defaults, they can be changed now in qemu.conf and
* explicitely specified port is checked against these two (makes
* sense to limit the values).
*
* This limitation is mentioned in qemu.conf, so bear in mind that the
* configuration file should reflect any changes made to these values.
*/
# define QEMU_REMOTE_PORT_MIN 5900 # define QEMU_REMOTE_PORT_MIN 5900
# define QEMU_REMOTE_PORT_MAX 65535 # define QEMU_REMOTE_PORT_MAX 65535
......
/* /*
* qemu_conf.c: QEMU configuration management * qemu_conf.c: QEMU configuration management
* *
* Copyright (C) 2006-2011 Red Hat, Inc. * Copyright (C) 2006-2012 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange * Copyright (C) 2006 Daniel P. Berrange
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
#include "virterror_internal.h" #include "virterror_internal.h"
#include "qemu_conf.h" #include "qemu_conf.h"
#include "qemu_command.h"
#include "qemu_capabilities.h" #include "qemu_capabilities.h"
#include "qemu_bridge_filter.h" #include "qemu_bridge_filter.h"
#include "uuid.h" #include "uuid.h"
...@@ -89,6 +90,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, ...@@ -89,6 +90,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
virReportOOMError(); virReportOOMError();
return -1; return -1;
} }
driver->remotePortMin = QEMU_REMOTE_PORT_MIN;
driver->remotePortMax = QEMU_REMOTE_PORT_MAX;
if (!(driver->vncTLSx509certdir = strdup(SYSCONFDIR "/pki/libvirt-vnc"))) { if (!(driver->vncTLSx509certdir = strdup(SYSCONFDIR "/pki/libvirt-vnc"))) {
virReportOOMError(); virReportOOMError();
return -1; return -1;
...@@ -295,6 +300,47 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, ...@@ -295,6 +300,47 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
} }
} }
p = virConfGetValue (conf, "remote_display_port_min");
CHECK_TYPE ("remote_display_port_min", VIR_CONF_LONG);
if (p) {
if (p->l < QEMU_REMOTE_PORT_MIN) {
/* if the port is too low, we can't get the display name
* to tell to vnc (usually subtract 5900, e.g. localhost:1
* for port 5901) */
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: remote_display_port_min: port must be greater than or equal to %d"),
filename, QEMU_REMOTE_PORT_MIN);
virConfFree(conf);
return -1;
}
driver->remotePortMin = p->l;
}
p = virConfGetValue (conf, "remote_display_port_max");
CHECK_TYPE ("remote_display_port_max", VIR_CONF_LONG);
if (p) {
if (p->l > QEMU_REMOTE_PORT_MAX ||
p->l < driver->remotePortMin) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: remote_display_port_max: port must be between the minimal port and %d"),
filename, QEMU_REMOTE_PORT_MAX);
virConfFree(conf);
return -1;
}
/* increasing the value by 1 makes all the loops going through
the bitmap (i = remotePortMin; i < remotePortMax; i++), work as
expected. */
driver->remotePortMax = p->l + 1;
}
if (driver->remotePortMin > driver->remotePortMax) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: remote_display_port_min: min port must not be greater than max port"),
filename);
virConfFree(conf);
return -1;
}
p = virConfGetValue (conf, "user"); p = virConfGetValue (conf, "user");
CHECK_TYPE ("user", VIR_CONF_STRING); CHECK_TYPE ("user", VIR_CONF_STRING);
if (!(user = strdup(p && p->str ? p->str : QEMU_USER))) { if (!(user = strdup(p && p->str ? p->str : QEMU_USER))) {
......
...@@ -95,6 +95,8 @@ struct qemud_driver { ...@@ -95,6 +95,8 @@ struct qemud_driver {
char *spiceTLSx509certdir; char *spiceTLSx509certdir;
char *spiceListen; char *spiceListen;
char *spicePassword; char *spicePassword;
int remotePortMin;
int remotePortMax;
char *hugetlbfs_mount; char *hugetlbfs_mount;
char *hugepage_path; char *hugepage_path;
......
...@@ -590,11 +590,6 @@ qemudStartup(int privileged) { ...@@ -590,11 +590,6 @@ qemudStartup(int privileged) {
if (!qemu_driver->domainEventState) if (!qemu_driver->domainEventState)
goto error; goto error;
/* Allocate bitmap for vnc port reservation */
if ((qemu_driver->reservedRemotePorts =
virBitmapAlloc(QEMU_REMOTE_PORT_MAX - QEMU_REMOTE_PORT_MIN)) == NULL)
goto out_of_memory;
/* read the host sysinfo */ /* read the host sysinfo */
if (privileged) if (privileged)
qemu_driver->hostsysinfo = virSysinfoRead(); qemu_driver->hostsysinfo = virSysinfoRead();
...@@ -720,6 +715,13 @@ qemudStartup(int privileged) { ...@@ -720,6 +715,13 @@ qemudStartup(int privileged) {
} }
VIR_FREE(driverConf); VIR_FREE(driverConf);
/* Allocate bitmap for remote display port reservations. We cannot
* do this before the config is loaded properly, since the port
* numbers are configurable now */
if ((qemu_driver->reservedRemotePorts =
virBitmapAlloc(qemu_driver->remotePortMax - qemu_driver->remotePortMin)) == NULL)
goto out_of_memory;
/* We should always at least have the 'nop' manager, so /* We should always at least have the 'nop' manager, so
* NULLs here are a fatal error * NULLs here are a fatal error
*/ */
......
...@@ -2454,15 +2454,15 @@ static int qemuProcessNextFreePort(struct qemud_driver *driver, ...@@ -2454,15 +2454,15 @@ static int qemuProcessNextFreePort(struct qemud_driver *driver,
{ {
int i; int i;
for (i = startPort ; i < QEMU_REMOTE_PORT_MAX; i++) { for (i = startPort ; i < driver->remotePortMax; i++) {
int fd; int fd;
int reuse = 1; int reuse = 1;
struct sockaddr_in addr; struct sockaddr_in addr;
bool used = false; bool used = false;
if (virBitmapGetBit(driver->reservedRemotePorts, if (virBitmapGetBit(driver->reservedRemotePorts,
i - QEMU_REMOTE_PORT_MIN, &used) < 0) i - driver->remotePortMin, &used) < 0)
VIR_DEBUG("virBitmapGetBit failed on bit %d", i - QEMU_REMOTE_PORT_MIN); VIR_DEBUG("virBitmapGetBit failed on bit %d", i - driver->remotePortMin);
if (used) if (used)
continue; continue;
...@@ -2484,9 +2484,9 @@ static int qemuProcessNextFreePort(struct qemud_driver *driver, ...@@ -2484,9 +2484,9 @@ static int qemuProcessNextFreePort(struct qemud_driver *driver,
VIR_FORCE_CLOSE(fd); VIR_FORCE_CLOSE(fd);
/* Add port to bitmap of reserved ports */ /* Add port to bitmap of reserved ports */
if (virBitmapSetBit(driver->reservedRemotePorts, if (virBitmapSetBit(driver->reservedRemotePorts,
i - QEMU_REMOTE_PORT_MIN) < 0) { i - driver->remotePortMin) < 0) {
VIR_DEBUG("virBitmapSetBit failed on bit %d", VIR_DEBUG("virBitmapSetBit failed on bit %d",
i - QEMU_REMOTE_PORT_MIN); i - driver->remotePortMin);
} }
return i; return i;
} }
...@@ -2507,11 +2507,11 @@ static void ...@@ -2507,11 +2507,11 @@ static void
qemuProcessReturnPort(struct qemud_driver *driver, qemuProcessReturnPort(struct qemud_driver *driver,
int port) int port)
{ {
if (port < QEMU_REMOTE_PORT_MIN) if (port < driver->remotePortMin)
return; return;
if (virBitmapClearBit(driver->reservedRemotePorts, if (virBitmapClearBit(driver->reservedRemotePorts,
port - QEMU_REMOTE_PORT_MIN) < 0) port - driver->remotePortMin) < 0)
VIR_DEBUG("Could not mark port %d as unused", port); VIR_DEBUG("Could not mark port %d as unused", port);
} }
......
...@@ -15,6 +15,8 @@ module Test_libvirtd_qemu = ...@@ -15,6 +15,8 @@ module Test_libvirtd_qemu =
{ "spice_tls" = "1" } { "spice_tls" = "1" }
{ "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" } { "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
{ "spice_password" = "XYZ12345" } { "spice_password" = "XYZ12345" }
{ "remote_display_port_min" = "5900" }
{ "remote_display_port_max" = "65535" }
{ "security_driver" = "selinux" } { "security_driver" = "selinux" }
{ "security_default_confined" = "1" } { "security_default_confined" = "1" }
{ "security_require_confined" = "1" } { "security_require_confined" = "1" }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册