- 27 4月, 2014 6 次提交
-
-
由 Laine Stump 提交于
The check for a network being active during interface attach was being done individually in several places (by both the lxc driver and the qemu driver), but those places were too specific, leading to it *not* being checked when allocating a connection/device from a macvtap or hostdev network. This patch puts a single check in networkAllocateActualDevice(), which is always called before the any network interface is attached to any type of domain. It also removes all the other now-redundant checks from the lxc and qemu drivers. NB: the following patches are prerequisites for this patch, in the case that it is backported to any branch: 440beeb7 network: fix virNetworkObjAssignDef and persistence 8aaa5b68 network: create statedir during driver initialization b9e95491 network: change location of network state xml files 411c5486 network: set macvtap/hostdev networks active if their state file exists This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=880483
-
由 Laine Stump 提交于
libvirt attempts to determine at startup time which networks are already active, and set their active flags. Previously it has done this by assuming that all networks are inactive, then setting the active flag if the network has a bridge device associated with it and that bridge device exists. This is not useful for macvtap and hostdev based networks, since they do not use a bridge device. Of course the reason that such a check had to be done was that the presence of a status file in the network "stateDir" couldn't be trusted as an indicator of whether or not a network was active. This was due to the network driver mistakenly using /var/lib/libvirt/network to store the status files, rather than /var/run/libvirt/network (similar to what is done by every other libvirt driver that stores status xml for its objects). The difference is that /var/run is cleared out when the host reboots, so you can be assured that the state file you are seeing isn't just left over from a previous boot of the host. Now that the network driver has been switched to using /var/run/libvirt/network for status, we can also modify it to assume that any network with an existing status file is by definition active - we do this when reading the status file. To fine tune the results, networkFindActiveConfigs() is changed to networkUpdateAllState(), and only sets active = 0 if the conditions for particular network types are *not* met. The result is that during the first run of libvirtd after the host boots, there are no status files, so no networks are active. Any time libvirtd is restarted, any network with a status file will be marked as active (unless the network uses a bridge device and that device for some reason doesn't exist).
-
由 Laine Stump 提交于
For some reason these have been stored in /var/lib, although other drivers (e.g. qemu and lxc) store their state files in /var/run. It's much nicer to store state files in /var/run because it is automatically cleared out when the system reboots. We can then use existence of the state file as a convenient indicator of whether or not a particular network is active. Since changing the location of the state files by itself will cause problems in the case of a *live* upgrade from an older libvirt that uses /var/lib (because current status of active networks will be lost), the network driver initialization has been modified to migrate any network state files from /var/lib to /var/run. This will not help those trying to *downgrade*, but in practice this will only be problematic in two cases 1) If there are networks with network-wide bandwidth limits configured *and in use* by a guest during a downgrade to "old" libvirt. In this case, the class ID's used for that network's tc rules, as well as the currently in-use bandwidth "floor" will be forgotten. 2) If someone does this: 1) upgrade libvirt, 2) downgrade libvirt, 3) modify running state of network (e.g. add a static dhcp host, etc), 4) upgrade. In this case, the modifications to the running network will be lost (but not any persistent changes to the network's config).
-
由 Laine Stump 提交于
This directory should be created when the network driver is first started up, not just when a dhcp daemon is run. This hasn't posed a problem in the past, because the directory has always been pre-existing.
-
由 Laine Stump 提交于
Experimentation showed that if virNetworkCreateXML() was called for a network that was already defined, and then the network was subsequently shutdown, the network would continue to be persistent after the shutdown (expected/desired), but the original config would be lost in favor of the transient config sent in with virNetworkCreateXML() (which would then be the new persistent config) (obviously unexpected/not desired). To fix this, virNetworkObjAssignDef() has been changed to 1) properly save/free network->def and network->newDef for all the various combinations of live/active/persistent, including some combinations that were previously considered to be an error but didn't need to be (e.g. setting a "live" config for a network that isn't yet active but soon will be - that was previously considered an error, even though in practice it can be very useful). 2) automatically set the persistent flag whenever a new non-live config is assigned to the network (and clear it when the non-live config is set to NULL). the libvirt network driver no longer directly manipulates network->persistent, but instead relies entirely on virNetworkObjAssignDef() to do the right thing automatically. After this patch, the following sequence will behave as expected: virNetworkDefineXML(X) virNetworkCreateXML(X') (same name but some config different) virNetworkDestroy(X) At the end of these calls, the network config will remain as it was after the initial virNetworkDefine(), whereas previously it would take on the changes given during virNetworkCreateXML(). Another effect of this tighter coupling between a) setting a !live def and b) setting/clearing the "persistent" flag, is that future patches which change the details of network lifecycle management (e.g. upcoming patches to fix detection of "active" networks when libvirtd is restarted) will find it much more difficult to break persistence functionality.
-
由 Dwight Engen 提交于
This fixes the following make rpm warning: warning: Installed (but unpackaged) file(s) found: /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0 /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0.0.0 introduced in comit 8d559864Signed-off-by: NDwight Engen <dwight.engen@oracle.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 4月, 2014 2 次提交
-
-
由 Ian Campbell 提交于
Currently the driver only exposes the ability to connect to the serial console of a Xen guest, which doesn't work for a PV guest. Since for an HVM guest the serial devices are duplicated as consoles it is sufficient to just use the console devices unconditionally. Tested with the following bit of config XML: <domain type='xen'> ... <devices> <console type='pty'> <target type='xen'/> </console> </devices> </domain> I have observed and tested this on ARM but I believe it also applies to x86 PV guests. Signed-off-by: NIan Campbell <ian.campbell@citrix.com> Cc: Jim Fehlig <jfehlig@suse.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Cc: Clark Laughlin <clark.laughlin@linaro.org>
-
由 Dwight Engen 提交于
Signed-off-by: NDwight Engen <dwight.engen@oracle.com>
-
- 25 4月, 2014 32 次提交
-
-
由 Daniel P. Berrange 提交于
dlfcn.h does not exist on Win32 so must only be used conditionally Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Create a nwfilterxml2firewalltest to exercise the ebiptables_driver.applyNewRules method with a variety of different XML input files. The XML input files are taken from the libvirt-tck nwfilter tests. While the nwfilter tests verify the final state of the iptables chains, this test verifies the set of commands invoked to create the chains. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Remove all the left over code related to the direct invocation of firewall-cmd/iptables/ip6tables/ebtables. This is all handled by the virFirewallPtr APIs now. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Conver the ebiptablesDriverProbeStateMatch initialization check to use the virFirewall APIs for querying iptables version. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyNewRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyDropAllRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyDHCPOnlyRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyBasicRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesTearNewRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesRemoveBasicRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesTearOldRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesAllTeardown method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the virebtables.{c,h} files to use the new virFirewall APIs for changing ebtables rules. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Using the virCommand dry run capability, capture iptables rules created by various network XML documents. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The networkCheckRouteCollision, networkAddFirewallRules and networkRemoveFirewallRules APIs all take a virNetworkObjPtr instance, but only ever access the 'def' member. It thus simplifies testing if the APIs are changed to just take a virNetworkDefPtr instead Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update the iptablesXXXX methods so that instead of directly executing iptables commands, they populate rules in an instance of virFirewallPtr. The bridge driver can thus construct the ruleset and then invoke it in one operation having rollback handled automatically. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The network and nwfilter drivers both have a need to update firewall rules. The currently share no code for interacting with iptables / firewalld. The nwfilter driver is fairly tied to the concept of creating shell scripts to execute which makes it very hard to port to talk to firewalld via DBus APIs. This patch introduces a virFirewallPtr object which is able to represent a complete sequence of rule changes, with the ability to have multiple transactional checkpoints with rollbacks. By formally separating the definition of the rules to be applied from the mechanism used to apply them, it is also possible to write a firewall engine that uses firewalld DBus APIs natively instead of via the slow firewalld-cmd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When a VM fails to launch due to error creating nwfilter rules, we must avoid overwriting the original error when tearing down the partially created rules. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The nwfilter ebiptables driver will build up commands to run in two phases. The first phase contains all of the command, except for the '-A' part. Instead it has a '%c' placeholder, along with a '%s' placeholder for a position arg. The second phase than substitutes these placeholders. The only values ever used for these substitutions though is '-A' and '', so it is entirely pointless. Remove the second phase entirely, since it will make it harder to convert to the new firewall APIs Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The current nwfilter tech driver API has a 'createRuleInstance' method which populates virNWFilterRuleInstPtr with a command line string containing variable placeholders. The 'applyNewRules' method then expands the variables and executes the commands. This split of responsibility won't work when switching to the virFirewallPtr APIs, since we can't just build up command line strings. This patch this merges the functionality of 'createRuleInstance' into the applyNewRules method. The virNWFilterRuleInstPtr struct is changed from holding an array of opaque pointers, into holding generic metadata about the rules to be processed. In essence this is the result of taking a linked set of virNWFilterDefPtr's and flattening the tree to get a list of virNWFilterRuleDefPtr's. At the same time we must keep track of any nested virNWFilterObjPtr instances, so that the locks are held for the duration of the 'applyNewRules' method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Later refactoring will change use of the virNWFilterRuleInstPtr struct. Prepare for this by pushing use of the virNWFilterRuleInstPtr parameter out of the ebtablesCreateRuleInstance and iptablesCreateRuleInstance methods. Instead they simply string(s) with the constructed rule data. The ebiptablesCreateRuleInstance method will make use of the virNWFilterRuleInstPtr struct instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods to avoid having to write a giant switch statements with many cases. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'displayRuleInstance' callback in the nwfilter tech driver is never invoked, so can be deleted. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'removeRules' callback in the nwfilter tech driver is never invoked, so can be deleted. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virNWFilterHashTable struct contains a virHashTable and then a 'char **names' field which keeps a copy of all the hash keys. Presumably this was intended to record the ordering of the hash keys. No code ever uses this and the ordering is mangled whenever a variable is removed from the hash, because the last element in the list is copied into the middle of the list when shrinking the array. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'virDomainNetType' is unused in every impl of the virNWFilterRuleCreateInstance driver method. Remove it from the code to avoid the dependancy on the external enum. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virNWFilterTechDriver struct is nothing to do with the nwfilter XML configuration. It stores data specific to the driver implementation so should be in a header in the driver directory instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
If virNWFilterVarValueCreateSimple fails with OOM, then 'val' will be leaked by virNWFilterVarValueCreateSimpleCopyValue Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jiri Denemark 提交于
Commit c4206d7c fixed the overflow for running domains. However, we need a similar check when setting migration speed on inactive domains. At first look, it may seem the check in c4206d7c is now redundant but qemuDomainMigrateSetMaxSpeed is not the only caller of qemuMonitorSetMigrationSpeed so we need to check the bandwidth in both places. https://bugzilla.redhat.com/show_bug.cgi?id=1083483Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace use of cpuMapOverride with virFileFindResource to locate CPU map from build dir. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace virDriverModuleInitialize with virFileFindResource usage. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace virLockManagerSetPluginDir with virFileFindResource usage. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-