1. 17 12月, 2012 1 次提交
  2. 15 12月, 2012 4 次提交
    • E
      build: minor build fixes for BSD · 70743dae
      Eric Blake 提交于
      Noticed these while building on FreeBSD.
      
      * src/qemu/qemu_monitor.c (qemuMonitorBlockInfoLookup): Rename
      variable to avoid 'devname' collision.
      * src/qemu/qemu_driver.c (qemuDomainInterfaceStats): Mark unused
      variable.
      70743dae
    • R
      Socket identity support for FreeBSD. · 0c94357f
      Roman Bogorodskiy 提交于
      This adds an implementation of virNetSocketGetUNIXIdentity()
      using LOCAL_PEERCRED socket option and xucred struct, defined
      in <sys/ucred.h> on systems that have it.
      0c94357f
    • L
      network: fix (non)update of dnsmasq config during virDomainUpdateDeviceFlags · e3802e13
      Laine Stump 提交于
      A forgotten "!" in recently-modified code at the top of
      networkRefreshDaemon() meant an improper early return, which led to 1)
      dnsmasq config files not being updated from the newly modified config,
      and 2) dnsmasq not being sent a SIGHUP so that it could learn about
      the changes to the config.
      
      virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of
      the requested type, and if there are no IP elements, then dnsmasq
      shouldn't be running, so we can return early. Otherwise we should
      rewrite the config files and send a SIGHUP.
      e3802e13
    • G
      Require SANLK_INQ_WAIT for inq_lockspace support · 238dba0f
      Guido Günther 提交于
      since compilation breaks otherwise with older libsanlock.
      238dba0f
  3. 14 12月, 2012 13 次提交
    • E
      docs: fix some typos in examples · 9821f8f6
      Eric Blake 提交于
      As detected in https://bugzilla.redhat.com/show_bug.cgi?id=887187
      
      * docs/formatdomain.html.in: Fix XML typos.
      9821f8f6
    • M
      sanlock: Re-add lockspace unconditionally · 11cfa288
      Michal Privoznik 提交于
      Currently, if sanlock is already registering a lockspace other
      libvirtd instances (from other hosts) obtain -EINPROGRESS. On
      sufficiently new sanlock, sanlock_inq_lockspace() is called,
      which suspend execution until lockspace state is changed. With
      current libvirt implementation, we fail to retry adding the
      lockspace again but continue in error path. Therefore we produce
      meaningless error message:
      
      virLockManagerSanlockSetupLockspace:363 : Unable to add lockspace
      /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Success
      qemudLoadDriverConfig:558 : Failed to load lock manager sanlock
      
      We should try to re-add the lockspace after its state change to
      be sure it was added successfully. In fact, with sufficiently new
      sanlock we can just avoid dummy usleep() which is used if there's
      no inquire API.
      11cfa288
    • E
      install: fix virtlockd installation · 8d59a025
      Eric Blake 提交于
      The virtlockd daemon scripts were lousy, when compared to their
      counterparts in daemon/Makefile.am.  In particular, when init
      scripts were selected, this resulted in 'make distcheck' failing
      due to failure to clean up src/virtlockd.init.
      
      * src/Makefile.am (install-systemd): Fix dependencies.  Use MKDIR_P.
      (uninstall-systemd): Remove empty directory.  Use fewer processes.
      (install-init, install-sysconfig): Use MKDIR_P.
      (uninstall-init): Remove correct file, and also empty directory.
      (uninstall-sysconfig): Remove empty directory.
      (DISTCLEANFILES): Clean up trivially built sources.
      8d59a025
    • M
      docs: Fix location of libvirt.conf and auth.conf · c86f53d5
      Michał Łomnicki 提交于
      For a unprivileged user libvirt.conf and auth.conf are looked up in
      $XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.
      c86f53d5
    • L
      qemu: don't fail update netdev on bridge detach failure · 9cf8734e
      Laine Stump 提交于
      When a network device's bridge connection is changed by
      virDomainUpdateDevice, libvirt first removes the netdev's tap from its
      old bridge, then adds it to the new bridge. Sometimes, due to a
      network being destroyed while a guest device is still attached, the
      tap may already be "removed" from the old bridge (or the old bridge
      may not even exist any more); the existing code was needlessly failing
      the update when this happened, making it impossible to recover from
      the situation without completely detaching (i.e. removing) the netdev
      from the guest and re-attaching.
      
      Instead of failing the entire operation when removal of the tap from
      the old bridge fails, this patch changes qemuDomainChangeNetBridge to
      just log a warning and continue, allowing a reasonable recover from
      the situation.
      
      (you'll appreciate this change if you ever accidentally destroy a
      network while your guests are still using it).
      9cf8734e
    • J
      spec: Include lockd files in libvirt-daemon package · b4f20d07
      Jiri Denemark 提交于
      b4f20d07
    • J
      build: Install both qemu-lockd.conf and qemu-sanlock.conf · 2e59e120
      Jiri Denemark 提交于
      With sanlock enabled, only one of those files was installed.
      2e59e120
    • E
      build: use fewer cat processes · c0a8056e
      Eric Blake 提交于
      * src/Makefile.am (libvirt.syms): Let cat loop for us.
      c0a8056e
    • J
      selinux: fix NULL dereference in GetSecurityMountOptions · b28fb61f
      Ján Tomko 提交于
      In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
      is set to NULL, then dereferenced while printing the debug message.
      b28fb61f
    • J
      build: Distribute more files · 912a4e9c
      Jiri Denemark 提交于
      912a4e9c
    • J
      809473ba
    • L
      network: prevent dnsmasq from listening on localhost · d66eb786
      Laine Stump 提交于
      This patch resolves the problem reported in:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=886663
      
      The source of the problem was the fix for CVE 2011-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      which was originally committed upstream in commit
      753ff83a. That commit improperly
      removed the "--except-interface lo" from dnsmasq commandlines when
      --bind-dynamic was used (based on comments in the latter bug).
      
      It turns out that the problem reported in the CVE could be eliminated
      without removing "--except-interface lo", and removing it actually
      caused each instance of dnsmasq to listen on localhost on port 53,
      which created a new problem:
      
      If another instance of dnsmasq using "bind-interfaces" (instead of
      "bind-dynamic") had already been started (or if another instance
      started later used "bind-dynamic"), this wouldn't have any immediately
      visible ill effects, but if you tried to start another dnsmasq
      instance using "bind-interfaces" *after* starting any libvirt
      networks, the new dnsmasq would fail to start, because there was
      already another process listening on port 53.
      
      (Subsequent to the CVE fix, another patch changed the network driver
      to put dnsmasq options in a conf file rather than directly on the
      dnsmasq commandline, but preserved the same options.)
      
      This patch changes the network driver to *always* add
      "except-interface=lo" to dnsmasq conf files, regardless of whether we use
      bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
      are listening on localhost (and the CVE is still fixed).
      
      The actual code change is miniscule, but must be propogated through all
      of the test files as well.
      d66eb786
    • J
      build: Fix VPATH build · d0d3e92d
      Jiri Denemark 提交于
      $(srcdir) is already part of $$file since commit f1f9a7ac.
      d0d3e92d
  4. 13 12月, 2012 22 次提交
    • J
      virsh: use vshReconnect for non-default connections too · 8d0e7eb4
      Ján Tomko 提交于
      For non-default connections (specified by the environment variable or
      the command line option) we call virConnectOpenAuth without registering
      the vshCatchDisconnect callback.
      
      This calls vshReconnect instead which takes care of it.
      8d0e7eb4
    • J
      virsh: don't lie about reconnection in vshReconnect · d94b501b
      Ján Tomko 提交于
      Since we (ab)use vshReconnect for the default URI connection, if it
      fails it might print 'Failed to reconnect to the hypervisor' even if we
      were never connected before.
      
      This changes it to only mention reconnection on the first try after
      getting disconnected.
      d94b501b
    • D
      Add support for locking based on SCSI volume ID · 64f0e145
      Daniel P. Berrange 提交于
      64f0e145
    • D
      Add support for locking based on LVM volume uuid · 565d040f
      Daniel P. Berrange 提交于
      565d040f
    • D
      Add ability to maintain disk leases indirectly · f14fdae3
      Daniel P. Berrange 提交于
      The default lockd driver behavour is to acquire leases
      directly on the disk files. This introduces an alternative
      mode, where leases are acquire indirectly on a file that
      is based on a SHA256 hash of the disk filename.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f14fdae3
    • D
      Add a virtlockd client as a lock driver impl · eb8268a4
      Daniel P. Berrange 提交于
      This adds a 'lockd' lock driver which is just a client which
      talks to the lockd daemon to perform all locking. This will
      be the default lock driver for any hypervisor which needs one.
      
      * src/Makefile.am: Add lockd.so plugin
      * src/locking/lock_driver_lockd.c: Lockd driver impl
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      eb8268a4
    • D
      Add support for re-exec() of virtlockd upon SIGUSR1 · f234dc93
      Daniel P. Berrange 提交于
      The virtlockd daemon maintains file locks on behalf of libvirtd
      and any VMs it is running. These file locks must be held for as
      long as any VM is running. If virtlockd itself ever quits, then
      it is expected that a node would be fenced/rebooted. Thus to
      allow for software upgrads on live systemd, virtlockd needs the
      ability to re-exec() itself.
      
      Upon receipt of SIGUSR1, virtlockd will save its current live
      state out to a file /var/run/virtlockd-restart-exec.json
      It then re-exec()'s itself with exactly the same argv as it
      originally had, and loads the state file, reconstructing any
      objects as appropriate.
      
      The state file contains information about all locks held and
      all network services and clients currently active. An example
      state document is
      
       {
          "server": {
              "min_workers": 1,
              "max_workers": 20,
              "priority_workers": 0,
              "max_clients": 20,
              "keepaliveInterval": 4294967295,
              "keepaliveCount": 0,
              "keepaliveRequired": false,
              "services": [
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_client_max": 1,
                      "socks": [
                          {
                              "fd": 6,
                              "errfd": -1,
                              "pid": 0,
                              "isClient": false
                          }
                      ]
                  }
              ],
              "clients": [
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_max": 1,
                      "sock": {
                          "fd": 9,
                          "errfd": -1,
                          "pid": 0,
                          "isClient": true
                      },
                      "privateData": {
                          "restricted": true,
                          "ownerPid": 1722,
                          "ownerId": 6,
                          "ownerName": "f18x86_64",
                          "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
                      }
                  },
                  {
                      "auth": 0,
                      "readonly": false,
                      "nrequests_max": 1,
                      "sock": {
                          "fd": 10,
                          "errfd": -1,
                          "pid": 0,
                          "isClient": true
                      },
                      "privateData": {
                          "restricted": true,
                          "ownerPid": 1784,
                          "ownerId": 7,
                          "ownerName": "f16x86_64",
                          "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
                      }
                  }
              ]
          },
          "defaultLockspace": {
              "resources": [
                  {
                      "name": "/var/lib/libvirt/images/f16x86_64.raw",
                      "path": "/var/lib/libvirt/images/f16x86_64.raw",
                      "fd": 14,
                      "lockHeld": true,
                      "flags": 0,
                      "owners": [
                          1784
                      ]
                  },
                  {
                      "name": "/var/lib/libvirt/images/shared.img",
                      "path": "/var/lib/libvirt/images/shared.img",
                      "fd": 12,
                      "lockHeld": true,
                      "flags": 1,
                      "owners": [
                          1722,
                          1784
                      ]
                  },
                  {
                      "name": "/var/lib/libvirt/images/f18x86_64.img",
                      "path": "/var/lib/libvirt/images/f18x86_64.img",
                      "fd": 11,
                      "lockHeld": true,
                      "flags": 0,
                      "owners": [
                          1722
                      ]
                  }
              ]
          },
          "lockspaces": [
      
          ],
          "magic": "30199"
       }
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f234dc93
    • D
      Enable systemd socket activation with virtlockd · 74c0353e
      Daniel P. Berrange 提交于
      This enhancement virtlockd so that it can receive a pre-opened
      UNIX domain socket from systemd at launch time, and adds the
      systemd service/socket unit files
      
      * daemon/libvirtd.service.in: Require virtlockd to be running
      * libvirt.spec.in: Add virtlockd systemd files
      * src/Makefile.am: Install systemd files
      * src/locking/lock_daemon.c: Support socket activation
      * src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
        systemd unit files
      * src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
        Add virNetServerServiceNewFD() method
      * src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
        method
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      74c0353e
    • D
      Implement dispatch functions for lock protocol in virtlockd · 0e49b839
      Daniel P. Berrange 提交于
      Introduce a lock_daemon_dispatch.c file which implements the
      server side dispatcher the RPC APIs previously defined in the
      lock protocol.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0e49b839
    • D
      Define a wire protocol for talking to the virtlockd daemon · ad39fd83
      Daniel P. Berrange 提交于
      The virtlockd daemon will be responsible for managing locks
      on virtual machines. Communication will be via the standard
      RPC infrastructure. This provides the XDR protocol definition
      
      * src/locking/lock_protocol.x: Wire protocol for virtlockd
      * src/Makefile.am: Include lock_protocol.[ch] in virtlockd
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ad39fd83
    • D
      Introduce basic infrastructure for virtlockd daemon · c57e3d89
      Daniel P. Berrange 提交于
      The virtlockd daemon will maintain locks on behalf of libvirtd.
      There are two reasons for it to be separate
      
       - Avoid risk of other libvirtd threads accidentally
         releasing fcntl() locks by opening + closing a file
         that is locked
       - Ensure locks can be preserved across libvirtd restarts.
         virtlockd will need to be able to re-exec itself while
         maintaining locks. This is simpler to achieve if its
         sole job is maintaining locks
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c57e3d89
    • D
      Refactor creation of lock manager plugins · f199f75e
      Daniel P. Berrange 提交于
      Refactor virLockManagerPluginNew() so that the caller does
      not need to pass in the config file path itself - just the
      config directory and driver name.
      
      Fix QEMU to actually pass in a config file when creating the
      default lock manager plugin, rather than NULL.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f199f75e
    • D
      Fix error reporting when fetching SCSI/LVM keys · 41ac222e
      Daniel P. Berrange 提交于
      The current  virStorageFileGet{LVM,SCSI}Key methods return
      the key as the return value. Unfortunately it is desirable
      for "NULL" to be a valid return value, as well as an error
      indicator. Thus the returned key must instead be provided
      as an out-parameter.
      
      When we invoke lvs or scsi_id to extract ID for block devices,
      we don't want virCommandWait logging errors messages. Thus we
      must explicitly check 'status != 0', rather than letting
      virCommandWait do it.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      41ac222e
    • J
      Support network boot for HVM guests in libxl · f6b5ed5e
      Jim Fehlig 提交于
      The libxl driver ignored boot devices in the domain config,
      preventing PXE booting HVM domains.  This patch accounts for
      user-specified boot devices when building the libxl domain
      configuration.
      f6b5ed5e
    • D
      Fix probing of QED file format · 32bef82a
      Daniel P. Berrange 提交于
      The QED file format is non-versioned, so although the magic
      value matched, libvirt rejected it due to lack of a version
      number to compare against. We need to distinguish this case
      by allowing a value of '-2' to indicate a non-versioned file
      where only the magic is required to match
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      32bef82a
    • D
      24643c78
    • D
      Log warning if storage magic matches, but version does not · dfba3704
      Daniel P. Berrange 提交于
      To help us detect when new storage file versions come into
      existance log a warning if the storage file magic matches,
      but the version does not
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      dfba3704
    • D
      Fix memory leak in QEMU QMP capabilities initialization · f6bd0a88
      Daniel P. Berrange 提交于
      The qemuCapsInitQMP method never frees the QEMU 'package'
      version string.
      f6bd0a88
    • D
      Change virCgroupGetAppRoot stub on non-Linux to avoid unused param warning · cc5c7f98
      Daniel P. Berrange 提交于
      Fully stub out the virCgroupGetAppRoot method as done with other
      methods in the file, rather than just the body. This lets us
      annotate the unused parameter to avoid a warning
      cc5c7f98
    • E
      network: match xml warning message · 7339bc4c
      Eric Blake 提交于
      I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
      it was intended to match the wording in src/util/xml.c.
      
      * src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
      * tests/networkxml2confdata/*.conf: Update accordingly.
      7339bc4c
    • R
      Qemu FreeBSD: fix compilation · 9a2f36ec
      Roman Bogorodskiy 提交于
      * Autotools changes:
        - Don't assume Qemu is Linux-only
        - Check Linux headers only on Linux
        - Disable firewalld on FreeBSD
      * Initctl:
        Initctl seem to present only on Linux, so stub it on other platforms
      * Raw I/O: Linux-only as well
      * Headers cleanup
      9a2f36ec
    • R
      Drop mntent.h include. · b467e932
      Roman Bogorodskiy 提交于
      It's no longer used and also causes build fail on FreeBSD.
      b467e932