- 24 10月, 2012 4 次提交
-
-
由 Kyle Mestery 提交于
Transport Open vSwitch per-port data during live migration by using the utility functions virNetDevOpenvswitchGetMigrateData() and virNetDevOpenvswitchSetMigrateData(). Signed-off-by: NKyle Mestery <kmestery@cisco.com>
-
由 Kyle Mestery 提交于
Add utility functions for Open vSwitch to both save per-port data before a live migration, and restore the per-port data after a live migration. Signed-off-by: NKyle Mestery <kmestery@cisco.com>
-
由 Kyle Mestery 提交于
Add the ability for the Qemu V3 migration protocol to include transporting network configuration. A generic framework is proposed with this patch to allow for the transfer of opaque data. Signed-off-by: NKyle Mestery <kmestery@cisco.com> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Jim Fehlig 提交于
In commit 371ddc98, I mistakenly added the check for sysctl version 9 after setting the hypercall version to 1, which will fail with error : xenHypervisorDoV1Op:967 : Unable to issue hypervisor ioctl 3166208: Function not implemented This check should be included along with the others that use hypercall version 2.
-
- 23 10月, 2012 13 次提交
-
-
由 Cole Robinson 提交于
When restoring selinux labels after a VM is stopped, any non-standard path that doesn't have a default selinux label causes the process to stop and exit early. This isn't really an error condition IMO. Of course the selinux API could be erroring for some other reason but hopefully that's rare enough to not need explicit handling. Common example here is storing disk images in a non-standard location like under /mnt.
-
由 Eric Blake 提交于
Reported by Michal Privoznik. * src/security/security_dac.c (virSecurityDACGenLabel): Use correct format.
-
由 Ján Tomko 提交于
We put a comment containing "virsh edit <domain_name>" at the start of the XML. W3C recommendation forbids the use of "--" in comments [1] and libvirt can't parse it either. This patch omits the domain name if it contains a double hyphen. [1] http://www.w3.org/TR/REC-xml/#sec-comments
-
由 Ján Tomko 提交于
Rename the 'wait' parameter to 'loop'. This silences the warning: storage/storage_backend.c:1348:34: error: declaration of 'wait' shadows a global declaration [-Werror=shadow] and fixes the build with -Werror. -- Note: loop is pool backwards.
-
由 Christophe Fergeau 提交于
When using --without-$name --without-secdriver-$name with $name being selinux or apparmor, configure will fail saying that AppArmor/SELinux development package must be installed. This is caused by a small bug in --with-secdriver-$name handling in configure.ac which treats --without-secdriver-$name when $name as if the user had requested to enable $name when $name couldn't be detected on the system. This commit also makes sure the detection checks for disabled secdrivers do not needlessly get run, especially as this could cause an error as well in --with-$name --without-secdriver-$name situations.
-
由 Eric Blake 提交于
* .gnulib: Update to latest, prior to freeze.
-
由 Eric Blake 提交于
The snapshot code when reusing an existing file had hard-to-read logic, as well as a missing sanity check: REUSE_EXT should require the destination to already be present. * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare): Require destination on REUSE_EXT, rename variable for legibility.
-
由 Eric Blake 提交于
Fixes a build failure on cygwin: cc1: warnings being treated as errors security/security_dac.c: In function 'virSecurityDACSetProcessLabel': security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 7 has type 'uid_t' [-Wformat] security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 8 has type 'gid_t' [-Wformat] * src/security/security_dac.c (virSecurityDACSetProcessLabel) (virSecurityDACGenLabel): Use proper casts.
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
virStorageVolLookupByPath is an API call that virt-manager uses quite a bit when dealing with storage. This call use BackendStablePath which has several usleep() heuristics that can be tripped up and hang virt-manager for a while. Current example: an empty mpath pool pointing to /dev/mapper makes _any_ calls to virStorageVolLookupByPath take 5 seconds. The sleep heuristics are actually only needed in certain cases when we are waiting for new storage to appear, so let's skip the timeout steps when calling from LookupByPath.
-
由 Cole Robinson 提交于
If building on a 64bit host, rename the affected tapsets to <name>-64.stp. This is similar to what the python package does in fedora. https://bugzilla.redhat.com/show_bug.cgi?id=831425
-
由 Cole Robinson 提交于
We were just installing them in the top level html directory, which broke navigation and overwrote other pages. https://bugzilla.redhat.com/show_bug.cgi?id=837825
-
由 Cole Robinson 提交于
Since the option doesn't exist. Fixes booting with cpu mode='host-model' and qemu 1.2.0
-
- 22 10月, 2012 12 次提交
-
-
由 Doug Goldstein 提交于
Currently it's assumed that qemu always supports VNC, however it is definitely possible to compile qemu without VNC support so we should at the very least check for it and handle that correctly.
-
由 Doug Goldstein 提交于
Several tests assume that VNC is always available and include it in their configs and the expected command line. The tests have nothing to do with graphics display so they shouldn't rely on VNC.
-
由 Eric Blake 提交于
Yet another instance of where using plain open() mishandles files that live on root-squash NFS, and where improving the API can improve the chance of a successful probe. * src/util/storage_file.h (virStorageFileProbeFormat): Alter signature. * src/util/storage_file.c (virStorageFileProbeFormat): Use better method for opening file. * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller. * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget): Likewise.
-
由 Osier Yang 提交于
'snaps' is used after free()'ed.
-
由 Ján Tomko 提交于
In v2 migration protocol, XML is obtained by calling domainGetXMLDesc. This includes the default USB controller in XML, which breaks migration to older libvirt (before 0.9.2). Commit 409b5f54 qemu: Emit compatible XML when migrating a domain only fixed this for v3 migration. This patch uses the new VIR_DOMAIN_XML_MIGRATABLE flag (detected by VIR_DRV_FEATURE_XML_MIGRATABLE) to obtain XML without the default controller, enabling backward v2 migration.
-
由 Michal Privoznik 提交于
As we switched to setting capabilities based on QMP communication, qemu seamless-migration capability was not set. In the -help output this knob is called seamless-migration=[on|off]. The equivalent in QMP world is SPICE_MIGRATE_COMPLETED event (qemu upstream commit 2fdd16e2).
-
由 Osier Yang 提交于
-
由 Osier Yang 提交于
"nodeinfo" is not used in these two functions, and it's waste of goto in qemuProcessSetEmulatorAffinites
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
On F17 at least, every time libvirtd starts we get this in syslog: libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory This comes from cyrus-sasl, and happens regardless of whether the gssapi plugin is requested, which is what actually uses /etc/libvirt/krb5.tab. While cyrus-sasl shouldn't complain, we can easily make it shut up by commenting out the keytab value by default. Also update the keytab comment to the more modern one from qemu's sasl config file.
-
- 21 10月, 2012 2 次提交
-
-
由 Laine Stump 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483 virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three allow network definitions to contain multiple <portgroup> elements with default='yes'. Only a single default portgroup should be allowed for each network. This patch updates networkValidate() (called by both virNetworkCreate() and virNetworkDefine()) and virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not allow multiple default portgroups.
-
由 Laine Stump 提交于
This fixes the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=868389 Previously, the dnsmasq hosts file (used for static dhcp entries, and addnhosts file (used for additional dns host entries) were only created/referenced on the dnsmasq commandline if there was something to put in them at the time the network was started. Once we can update a network definition while it's active (which is now possible with virNetworkUpdate), this is no longer a valid strategy - if there were 0 dhcp static hosts (resulting in no reference to the hosts file on the commandline), then one was later added, the commandline wouldn't have linked dnsmasq up to the file, so even though we create it, dnsmasq doesn't pay any attention. The solution is to just always create these files and reference them on the dnsmasq commandline (almost always, anyway). That way dnsmasq can notice when a new entry is added at runtime (a SIGHUP is sent to dnsmasq by virNetworkUdpate whenever a host entry is added or removed) The exception to this is that the dhcp static hosts file isn't created if there are no lease ranges *and* no static hosts. This is because in this case dnsmasq won't be setup to listen for dhcp requests anyway - in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq will need to be restarted anyway (to get it listening on the dhcp port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there are no dhcp ranges) we need to restart dnsmasq so that it will stop listening on port 67. These special situations are handled in the bridge driver's networkUpdate() by checking for ((bool) nranges||nhosts) both before and after the update, and triggering a dnsmasq restart if the before and after don't match.
-
- 20 10月, 2012 9 次提交
-
-
由 Laine Stump 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=866364 pointed out a crash due to virNetworkObjAssignDef free'ing network->newDef without NULLing it afterward. A fix for this is in upstream commit b7e92024. While the NULLing of newDef was a legitimate fix, newDef should have already been empty (NULL) anyway (as indicated in the comment that was deleted by that commit). The reason that newDef had a non-NULL value (i.e. the root cause) was that networkStartNetwork() had failed after populating network->newDef, but then neglected to free/NULL newDef in the cleanup. (A bit of background here: network->newDef should contain the persistent config of a network when a network is active (and of course only when it is persisten), and NULL at all other times. There is also a network->def which should contain the persistent definition of the network when it is inactive, and the current live state at all other times. The idea is that you can make changes to network->newDef which will take effect the next time the network is restarted, but won't mess with the current state of the network (virDomainObj has a similar pair of virDomainDefs that behave in the same fashion). Personally I think there should be a network->live and network->config, and the location of the persistent config should *always* be in network->config, but that's for a later cleanup). Since I love things to be symmetric, I created a new function called virNetworkObjUnsetDefTransient(), which reverses the effects of virNetworkObjSetDefTransient(). I don't really like the name of the new function, but then I also didn't really like the name of the old one either (it's just named that way to match a similar function in the domain conf code).
-
由 Eric Blake 提交于
Gcc with optimization warns: ../../src/qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': ../../src/qemu/qemu_driver.c:12813:46: error: 'disk' may be used uninitialized in this function [-Werror=maybe-uninitialized] ../../src/qemu/qemu_driver.c:12698:25: note: 'disk' was declared here cc1: all warnings being treated as errors so obviously I had only been testing with optimization off. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Guard cleanup.
-
由 Eric Blake 提交于
I finally have all the pieces in place to perform a block-commit with SELinux enforcing. There's still missing cleanup work when the commit completes, but doing that requires tracking both the backing chain and the base and top files within that chain in domain XML across libvirtd restarts. Furthermore, from a security standpoint, once you have granted access, you must assume any damage that can be done will be done; later revoking access is nice to minimize the window of damage, but less important as it does not affect the fact that damage can be done in the first place. Therefore, deferring the revoke efforts until we have better XML tracking of what chain operations are in effect, including across a libvirtd restart, is reasonable. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Label disks as needed. (qemuDomainPrepareDiskChainElement): Cast away const.
-
由 Eric Blake 提交于
Previously, snapshot code did its own permission granting (lock manager, cgroup device controller, and security manager labeling) inline. But now that we are adding block-commit and block-copy which also have to change permissions, it's better to reuse common code for the task. While snapshot should fall back to no access if read-write access failed, block-commit will want to fall back to read-only access. The common code doesn't know whether failure to grant read-write access should revert to no access (snapshot, block-copy) or read-only access (block-commit). This code can also be used to revoke access to unused files after block-pull. It might be nice to clean things up in a future patch by adding new functions to the lock manager, cgroup manager, and security manager that takes a single file name and applies context of a disk to that file, rather than the current semantics of applying context to the entire chain already associated to a disk. That way, we could avoid the games this patch plays of temporarily swapping out the disk->src and related fields of the disk. But that would involve more code changes, so this patch really is the smallest hack for doing the necessary work; besides, this patch is more or less code motion (the hack was already employed by the snapshot creation code, we are just making it reusable). * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateSingleDiskActive) (qemuDomainSnapshotUndoSingleDiskActive): Refactor labeling hacks... (qemuDomainPrepareDiskChainElement): ...into new function.
-
由 Eric Blake 提交于
Now that we can crawl the chain of backing files, we can do argument validation and implement the 'shallow' flag. In testing this, I discovered that it can be handy to pass the shallow flag and an explicit base, as a means of validating that the base is indeed the file we expected. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Crawl through chain to implement shallow flag. * src/libvirt.c (virDomainBlockCommit): Relax API.
-
由 Eric Blake 提交于
This is the bare minimum to kick off a block commit. In particular, flags support is missing (shallow requires us to crawl the backing chain to determine the file name to pass to the qemu monitor command; delete requires us to track what needs to be deleted at the time the completion event fires). Also, we are relying on qemu to do error checking (such as validating 'top' and 'base' as being members of the backing chain), including the fact that the current qemu code does not support committing the active layer (although it is still planned to add that before qemu 1.3). Since the active layer won't change, we have it easy and do not have to alter the domain XML. Additionally, this will fail if SELinux is enforcing, because we fail to grant qemu proper read/write access to the files it will modify. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): New function. (qemuDriver): Register it.
-
由 Eric Blake 提交于
qemu 1.3 will be adding a 'block-commit' monitor command, per qemu.git commit ed61fc1. It matches nicely to the libvirt API virDomainBlockCommit. * src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCK_COMMIT): New bit. * src/qemu/qemu_capabilities.c (qemuCapsProbeQMPCommands): Set it. * src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): New prototype. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit): Likewise. * src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Implement it. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit): Likewise. (qemuMonitorJSONHandleBlockJobImpl) (qemuMonitorJSONGetBlockJobInfoOne): Handle new event type.
-
由 Eric Blake 提交于
Minor cleanup made possible by previous simplifications. * src/qemu/qemu_cgroup.h (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup): Alter signature. * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup, qemuSetupCgroup): Update all uses. * src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice) (qemuDomainDetachDiskDevice): Likewise. * src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive) (qemuDomainChangeDiskMediaLive) (qemuDomainSnapshotCreateSingleDiskActive) (qemuDomainSnapshotUndoSingleDiskActive): Likewise.
-
由 Eric Blake 提交于
We used to walk the backing file chain at least twice per disk, once to set up cgroup device whitelisting, and once to set up security labeling. Rather than walk the chain every iteration, which possibly includes calls to fork() in order to open root-squashed NFS files, we can exploit the cache of the previous patch. * src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter signature. * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller to supply backing chain via disk, if recursion is desired. * src/security/security_dac.c (virSecurityDACSetSecurityImageLabel): Adjust caller. * src/security/security_selinux.c (virSecuritySELinuxSetSecurityImageLabel): Likewise. * src/security/virt-aa-helper.c (get_files): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup): Likewise. (qemuSetupCgroup): Pre-populate chain.
-