1. 25 7月, 2011 11 次提交
    • W
      driver.h: Fix two driver documentation mistakes · 2fdf2173
      Wieland Hoffmann 提交于
      2fdf2173
    • M
      bandwidth: Add domain schema and xml2xml tests · 2b9efcb3
      Michal Privoznik 提交于
      2b9efcb3
    • M
      bandwidth: Add test cases for network · e5f1f9de
      Michal Privoznik 提交于
      e5f1f9de
    • M
      bandwidth: Implement functions to enable and disable QoS · 90074ecf
      Michal Privoznik 提交于
      These function executes 'tc' with appropriate arguments to set
      desired QoS setting on interface or bridge during its creation.
      90074ecf
    • M
      bandwidth: Create format functions · aaa98b08
      Michal Privoznik 提交于
      aaa98b08
    • M
      bandwidth: Add parsing and free functions · e2ed67a8
      Michal Privoznik 提交于
      These functions parse given XML node and return pointer to the
      output. Unknown elements are silently ignored. Attributes must
      be integer and must fit in unsigned long long.
      
      Free function frees elements of virBandwidth structure.
      e2ed67a8
    • M
      bandwidth: Declare internal structures · 73731882
      Michal Privoznik 提交于
      73731882
    • M
      bandwidth: Define schema and create documentation · a8923162
      Michal Privoznik 提交于
      Define new 'bandwidth' element with possible child element 'inbound'
      and 'outbound' addressing incoming and outgoing traffic respectively:
      
      <bandwidth>
        <inbound average='1000' peak='2000' burst='5120'/>
        <outbound average='500'/>
      </bandwidth>
      
      Leaving any element out means not to shape traffic in that
      direction.
      The units for average and peak (rate) are in kilobytes per second,
      for burst (size) are just in kilobytes.
      This element can be inserted into domain's 'interface' and
      'network'.
      a8923162
    • L
      network: provide internal API to return IP of a network · 239322cb
      Laine Stump 提交于
      The new listenNetwork attribute needs to learn an IP address based on a
      named network. This patch provides a function networkGetNetworkAddress
      which provides that.
      
      Some networks have an IP address explicitly in their configuration
      (ie, those with a forward type of "none", "route", or "nat"). For
      those, we can just return the IP address from the config.
      
      The rest will have a physical device associated with them (either via
      <bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
      of interfaces inside the network's <forward> element) and we will need
      to ask the kernel for a current IP address of that device (via the
      newly added ifaceGetIPAddress)
      
      If networkGetNetworkAddress encounters an error while trying to learn
      the address for a network, it will return -1. In the case that libvirt
      has been compiled without the network driver, the call is a macro
      which reduces to -2. This allows differentiating between a failure of
      the network driver, and its complete absence.
      239322cb
    • L
      util: add an ifaceGetIPAddress to the interface utilities · c5d1592e
      Laine Stump 提交于
      This function uses ioctl(SIOCGIFADDR), which limits it to returning
      the first IPv4 address of an interface, but that's what we want right
      now (the place we're going to use the address only accepts one).
      c5d1592e
    • E
      tests: fix compilation failures · 5283ea9b
      Eric Blake 提交于
      Even though gnutls is a hard-req for libvirt, and gnutls depends
      on libtasn1, that does not mean that you have to have the libtasn1
      development files installed.  Skip the test rather than failing
      compilation in that case.
      
      With newer gcc, the test consumed too much stack space.  Move
      things to static storage to fix that.
      
      * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
      (HAVE_LIBTASN1): New automake conditional.
      * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
      (virnettlscontexttest_LDADD): Allow compilation without libtasn1.
      * tests/virnettlscontexttest.c: Skip test if headers not present.
      (struct testTLSCertReq): Alter time members.
      (testTLSGenerateCert): Reflect the change.
      (mymain): Reduce stack usage.
      5283ea9b
  2. 22 7月, 2011 29 次提交
    • D
      Pre-create /var/lib/libvirt/sanlock directory · c198d916
      Daniel P. Berrange 提交于
      The sanlock plugin for libvirt expects the directory
      /var/lib/libvirt/sanlock to exist. Create this and add
      it to the RPM
      
      * libvirt.spec.in: Add /var/lib/libvirt/sanlock
      * src/Makefile.am: Create /var/lib/libvirt/sanlock
      c198d916
    • D
      Honour filesystem readonly flag & make special FS readonly · b3ad9b9b
      Daniel P. Berrange 提交于
      A container should not be allowed to modify stuff in /sys
      or /proc/sys so make them readonly. Make /selinux readonly
      so that containers think that selinux is disabled.
      
      Honour the readonly flag when mounting container filesystems
      from the guest XML config
      
      * src/lxc/lxc_container.c: Support readonly mounts
      b3ad9b9b
    • D
      Refactor mounting of special filesystems · 6d37888e
      Daniel P. Berrange 提交于
      Even in non-virtual root filesystem mode we should be mounting
      more than just a new /proc. Refactor lxcContainerMountBasicFS
      so that it does everything except for /dev and /dev/pts moving
      that into lxcContainerMountDevFS. Pass in a source prefix
      to lxcContainerMountBasicFS() so it can be used in both shared
      root and private root modes.
      
      * src/lxc/lxc_container.c: Unify mounting code for special
        filesystems
      6d37888e
    • D
      Pull code for doing a bind mount into separate method · 66a00e61
      Daniel P. Berrange 提交于
      The bind mount setup is about to get more complicated.
      To avoid having to deal with several copies, pull it
      out into a separate lxcContainerMountFSBind method.
      
      Also pull out the iteration over container filesystems,
      so that it will be easier to drop in support for non-bind
      mount filesystems
      
      * src/lxc/lxc_container.c: Pull bind mount code out into
        lxcContainerMountFSBind
      66a00e61
    • D
      ed12c9ca
    • D
      Add a test case for certificate validation · bd789dff
      Daniel P. Berrange 提交于
      This test case checks certification validation rules for
      
       - Basic constraints
       - Key purpose
       - Key usage
       - Start/expiry times
      
      It checks initial context creation sanity checks, and live
      session validation
      bd789dff
    • D
      Allow certificate sanity checking to be disabled · 07f9b6f0
      Daniel P. Berrange 提交于
      When libvirtd starts it it will sanity check its own certs,
      and before libvirt clients connect to a remote server they
      will sanity check their own certs. This patch allows such
      sanity checking to be skipped. There is no strong reason to
      need to do this, other than to bypass possible libvirt bugs
      in sanity checking, or for testing purposes.
      
      libvirt.conf gains tls_no_sanity_certificate parameter to
      go along with tls_no_verify_certificate. The remote driver
      client URIs gain a no_sanity URI parameter
      
      * daemon/test_libvirtd.aug, daemon/libvirtd.conf,
        daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
        allow cert sanity checks to be skipped
      * src/remote/remote_driver.c: Add no_sanity parameter to
        skip cert checks
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
        Add new parameter for skipping sanity checks independantly
        of skipping session cert validation checks
      07f9b6f0
    • M
      build: Use $(PYTHON) instead of python for the keycode map generator · 1a80a4e0
      Matthias Bolte 提交于
      Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
      as executable and switch the shebang line from /bin/python to the
      commonly use /usr/bin/python.
      1a80a4e0
    • M
      xenapi: Fix double-freeing the session in xenapiClose · 379efa10
      Matthias Bolte 提交于
      xen_session_logout already frees the whole session object.
      Don't call xenSessionFree on a freed session object.
      
      Reported by Sharmila Radhakrishnan.
      379efa10
    • O
      remote/ssh: optional "keyfile" parameter. · 6b01c83a
      Oskari Saarenmaa 提交于
      New optional parameter "keyfile" for ssh transport allows the user to select
      the private key to be used to authenticate to the remote host.
      6b01c83a
    • L
      util: make interface.c functions consistently return < 0 on error · f7e18208
      Laine Stump 提交于
      All of the functions in util/interface.c were returning 0 on success,
      but some returned -1 on error, and some returned a positive value
      (usually the value of errno, but sometimes just 1). Libvirt's standard
      is to return < 0 on error (in the case of functions that need to
      return errno, -errno is returned.
      
      This patch modifies all functions in interface.c to consistently
      return < 0 on error, and makes changes to callers of those functions
      where necessary.
      f7e18208
    • D
      Refactor the certification validation code · 637711cb
      Daniel P. Berrange 提交于
      There is some commonality between the code for sanity checking
      certs when initializing libvirt and the code for validating
      certs during a live TLS session handshake. This patchset splits
      up the sanity checking function into several smaller functions
      each doing a specific type of check. The cert validation code
      is then updated to also call into these functions
      
      * src/rpc/virnettlscontext.c: Refactor cert validation code
      637711cb
    • D
      Remove call to deprecated gnutls_certificate_type_set_priority (again) · 3b8061c7
      Daniel P. Berrange 提交于
      The gnutls_certificate_type_set_priority method is deprecated.
      Since we already set the default gnutls priority, it was not
      serving any useful purpose and can be removed
      
      * src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
        call
      3b8061c7
    • D
      Ensure that libvirtd shuts down if initialization fails · 92509413
      Daniel P. Berrange 提交于
      If the virStateInitialize call fails we must shutdown libvirtd
      since drivers will not be available. Just free'ing the virNetServer
      is not sufficient, we must send a SIGTERM to ourselves so that
      we interrupt the event loop and trigger a orderly shutdown
      
      * daemon/libvirtd.c: Kill ourselves if state init fails
      * src/rpc/virnetserver.c: Add some debugging to event loop
      92509413
    • A
      Asynchronous event for BlockJob completion · d489b046
      Adam Litke 提交于
      When an operation started by virDomainBlockPull completes (either with
      success or with failure), raise an event to indicate the final status.
      This API allow users to avoid polling on virDomainGetBlockJobInfo if
      they would prefer to use an event mechanism.
      
      * daemon/remote.c: Dispatch events to client
      * include/libvirt/libvirt.h.in: Define event ID and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle the new event
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for block_stream completion and emit a libvirt block pull event
      * src/remote/remote_driver.c: Receive and dispatch events to application
      * src/remote/remote_protocol.x: Wire protocol definition for the event
      * src/remote_protocol-structs: structure definitions for protocol verification
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
        from QEMU monitor
      d489b046
    • A
      Enable virDomainBlockPull in the python API · f50750b2
      Adam Litke 提交于
      virDomainGetBlockJobInfo requires manual override since it returns a
      custom type.
      
      * python/generator.py: reenable bindings for this entry point
      * python/libvirt-override-api.xml python/libvirt-override.c:
        manual overrides
      f50750b2
    • A
      Enable the virDomainBlockPull API in virsh · b31abc6f
      Adam Litke 提交于
      Define two new virsh commands:
       * blockpull: Initiate a blockPull for the given disk
       * blockjob: Retrieve progress info, modify speed, and cancel active block jobs
      
      Share print_job_progress() with the migration code.
      
      * tools/virsh.c: implement the new commands
      b31abc6f
    • A
      Implement virDomainBlockPull for the qemu driver · b976165c
      Adam Litke 提交于
      The virDomainBlockPull* family of commands are enabled by the
      following HMP/QMP commands: 'block_stream', 'block_job_cancel',
       'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
      
      * src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
        streaming by using the proper qemu monitor commands.
      * src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
      b976165c
    • A
      Add virDomainBlockPull support to the remote driver · 4daeefac
      Adam Litke 提交于
      The generator can handle everything except virDomainGetBlockJobInfo().
      
      * src/remote/remote_protocol.x: provide defines for the new entry points
      * src/remote/remote_driver.c daemon/remote.c: implement the client and
        server side for virDomainGetBlockJobInfo.
      * src/remote_protocol-structs: structure definitions for protocol verification
      * src/rpc/gendispatch.pl: Permit some unsigned long parameters
      4daeefac
    • A
      virDomainBlockPull: Implement the main entry points · 72082a05
      Adam Litke 提交于
      * src/libvirt.c: implement the main entry points
      72082a05
    • A
      Add new API virDomainBlockPull* to headers · 152e8103
      Adam Litke 提交于
      Set up the types for the block pull functions and insert them into the
      virDriver structure definition.  Symbols are exported in this patch to
      prevent
      documentation compile failures.
      
      * include/libvirt/libvirt.h.in: new API
      * src/driver.h: add the new entry to the driver structure
      * python/generator.py: fix compiler errors, the actual python bindings
      * are
        implemented later
      * src/libvirt_public.syms: export symbols
      * docs/apibuild.py: Extend 'unsigned long' parameter exception to this
      * API
      152e8103
    • E
      save: add virsh commands for manipulating save files · bfb485ce
      Eric Blake 提交于
      Now you can edit a saved state file even if you forgot to grab
      a dumpxml file prior to saving a domain.  Plus, in-place editing
      feels so much nicer.
      
      * tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
      (cmdSaveImageEdit): New commands.
      * tools/virsh.pod (save-image-dumpxml, save-image-define)
      (save-image-edit): Document them.
      bfb485ce
    • E
      save: wire up remote protocol · 0696beca
      Eric Blake 提交于
      * src/remote/remote_driver.c (remote_driver): Add new callbacks.
      * src/remote/remote_protocol.x (remote_procedure): New RPCs.
      (remote_domain_save_image_get_xml_desc_args)
      (remote_domain_save_image_get_xml_desc_ret)
      (remote_domain_save_image_define_xml_args): New structs.
      * src/remote_protocol-structs: Update.
      0696beca
    • E
      save: new API to manipulate save file images · d2a929d4
      Eric Blake 提交于
      Modifying the xml on either save or restore only gets you so
      far - you have to remember to 'virsh dumpxml dom' just prior
      to the 'virsh save' in order to have an xml file worth modifying
      that won't be rejected due to abi breaks.  To make this more
      powerful, we need a way to grab the xml embedded within a state
      file, and from there, it's not much harder to also support
      modifying a state file in-place.
      
      Also, virDomainGetXMLDesc didn't document its flags.
      
      * include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
      (virDomainSaveImageDefineXML): New prototypes.
      * src/libvirt.c (virDomainSaveImageGetXMLDesc)
      (virDomainSaveImageDefineXML): New API.
      * src/libvirt_public.syms: Export them.
      * src/driver.h (virDrvDomainSaveImageGetXMLDesc)
      (virDrvDomainSaveImgeDefineXML): New driver callbacks.
      d2a929d4
    • E
      save: support bypass-cache flag in libvirt-guests init script · 28d18250
      Eric Blake 提交于
      libvirt-guests is a perfect use case for bypassing the file system
      cache - lots of filesystem traffic done at system shutdown, where
      caching is pointless, and startup, where reading large files only
      once just gets in the way.  Make this a configurable option in the
      init script, but defaulting to existing behavior.
      
      * tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
      * tools/libvirt-guests.init.sh (start, suspend_guest): Use it.
      28d18250
    • E
      save: support bypass-cache flag in qemu.conf · a9f9545e
      Eric Blake 提交于
      When auto-dumping a domain on crash events, or autostarting a domain
      with managed save state, let the user configure whether to imply
      the bypass cache flag.
      
      * src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
      Document new variables.
      * src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
      * src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
      * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
      * src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
      Honor them.
      a9f9545e
    • E
      save: support BYPASS_CACHE during qemu save/restore · 58e668d2
      Eric Blake 提交于
      Wire together the previous patches to support file system cache
      bypass during API save/restore requests in qemu.
      
      * src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
      (qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
      (qemuDomainObjStart): Add parameter.
      (qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
      (processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
      (qemuDomainRestoreFlags): Update callers.
      58e668d2
    • E
      save: add virFileDirectFd wrapper type · 519a1c43
      Eric Blake 提交于
      O_DIRECT has stringent requirements.  Rather than make lots of changes
      at each site that wants to use O_DIRECT, it is easier to offload
      the work through a helper process that mirrors the I/O between a
      pipe and the actual direct fd, so that the other end of the pipe
      no longer has to worry about constraints.
      
      Plus, if the kernel ever gains better posix_fadvise support, then we
      only have to touch a single file to let all callers benefit from a
      more efficient way to avoid file system caching.
      
      * src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
      (virFileDirectFdClose, virFileDirectFdFree): New prototypes.
      * src/util/virdirect.c: Implement new wrapper object.
      * src/libvirt_private.syms (virfile.h): Export new symbols.
      * cfg.mk (useless_free_options): Add to list.
      * po/POTFILES.in: Add new translations.
      519a1c43
    • E
      save: let iohelper work on O_DIRECT fds · 12291656
      Eric Blake 提交于
      Required for a coming patch where iohelper will operate on O_DIRECT
      fds.  There, the user-space memory must be aligned to file system
      boundaries (at least 512, but using page-aligned works better, and
      some file systems prefer 64k).  Made tougher by the fact that
      VIR_ALLOC won't work on void *, but posix_memalign won't work on
      char * and isn't available everywhere.
      
      This patch makes some simplifying assumptions - namely, output
      to an O_DIRECT fd will only be attempted on an empty seekable
      file (hence, no need to worry about preserving existing data
      on a partial block, and ftruncate will work to undo the effects
      of having to round up the size of the last block written), and
      input from an O_DIRECT fd will only be attempted on a complete
      seekable file with the only possible short read at EOF.
      
      * configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
      * src/util/iohelper.c (runIO): Use aligned memory, and handle
      quirks of O_DIRECT on last write.
      12291656