1. 27 2月, 2012 1 次提交
    • P
      util: Add helpers for safe domain console operations · 3f4238d7
      Peter Krempa 提交于
      This patch adds a set of functions used in creating console streams for
      domains using PTYs and ensures mutually exclusive access to the PTYs.
      
      If mutually exclusive access is not used, two clients may open the same
      console, which results in corruption on both clients as both of them
      race to read data from the PTY.
      
      Two approaches are used to ensure this:
      1) Internal data structure holding open PTYs.
              This is used internally and enables the user to forcibly
              terminate another console connection eg. when somebody leaves
              the console open on another host.
      
      2) UUCP style lock files:
              This uses UUCP lock files according to the  FHS
              ( http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLOCKLOCKFILES )
              to check if other programs (like minicom) are not using the pty
              device of the console.
      
              This feature is disabled by default and may be enabled using
              configure parameter
              --with-console-lock-files=/path/to/lock/file/directory
              or --with-console-lock-files=auto (which tries to infer the
              location from OS used (currently only linux).
      
              On usual linux systems, normal users may not write to the
              /var/lock directory containing the locks. This poses problems
              while in session mode. If the current user has no access to the
              lockfile directory, check for presence of the file is still
              done, but no lock file is created. This does NOT result in an
              error.
      3f4238d7
  2. 16 2月, 2012 1 次提交
    • A
      network: support Open vSwitch · df810046
      Ansis Atteka 提交于
      This patch allows libvirt to add interfaces to already
      existing Open vSwitch bridges. The following syntax in
      domain XML file can be used:
      
          <interface type='bridge'>
            <mac address='52:54:00:d0:3f:f2'/>
            <source bridge='ovsbr'/>
            <virtualport type='openvswitch'>
              <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/>
            </virtualport>
            <address type='pci' domain='0x0000' bus='0x00'
                                slot='0x03' function='0x0'/>
          </interface>
      
      or if libvirt should auto-generate the interfaceid use
      following syntax:
      
          <interface type='bridge'>
            <mac address='52:54:00:d0:3f:f2'/>
            <source bridge='ovsbr'/>
            <virtualport type='openvswitch'>
            </virtualport>
            <address type='pci' domain='0x0000' bus='0x00'
                                slot='0x03' function='0x0'/>
          </interface>
      
      It is also possible to pass an optional profileid. To do that
      use following syntax:
      
         <interface type='bridge'>
           <source bridge='ovsbr'/>
           <mac address='00:55:1a:65:a2:8d'/>
           <virtualport type='openvswitch'>
             <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'
                         profileid='test-profile'/>
           </virtualport>
         </interface>
      
      To create Open vSwitch bridge install Open vSwitch and
      run the following command:
      
          ovs-vsctl add-br ovsbr
      df810046
  3. 10 2月, 2012 1 次提交
    • O
      npiv: Auto-generate WWN if it's not specified · 7c90026d
      Osier Yang 提交于
      The auto-generated WWN comply with the new addressing schema of WWN:
      
      <quote>
      the first nibble is either hex 5 or 6 followed by a 3-byte vendor
      identifier and 36 bits for a vendor-specified serial number.
      </quote>
      
      We choose hex 5 for the first nibble. And for the 3-bytes vendor ID,
      we uses the OUI according to underlying hypervisor type, (invoking
      virConnectGetType to get the virt type). e.g. If virConnectGetType
      returns "QEMU", we use Qumranet's OUI (00:1A:4A), if returns
      ESX|VMWARE, we use VMWARE's OUI (00:05:69). Currently it only
      supports qemu|xen|libxl|xenapi|hyperv|esx|vmware drivers. The last
      36 bits are auto-generated.
      7c90026d
  4. 04 2月, 2012 1 次提交
  5. 03 2月, 2012 1 次提交
    • D
      Add two new security label types · b170eb99
      Daniel P. Berrange 提交于
      Curently security labels can be of type 'dynamic' or 'static'.
      If no security label is given, then 'dynamic' is assumed. The
      current code takes advantage of this default, and avoids even
      saving <seclabel> elements with type='dynamic' to disk. This
      means if you temporarily change security driver, the guests
      can all still start.
      
      With the introduction of sVirt to LXC though, there needs to be
      a new default of 'none' to allow unconfined LXC containers.
      
      This patch introduces two new security label types
      
       - default:  the host configuration decides whether to run the
                   guest with type 'none' or 'dynamic' at guest start
       - none:     the guest will run unconfined by security policy
      
      The 'none' label type will obviously be undesirable for some
      deployments, so a new qemu.conf option allows a host admin to
      mandate confined guests. It is also possible to turn off default
      confinement
      
        security_default_confined = 1|0  (default == 1)
        security_require_confined = 1|0  (default == 0)
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
        seclabel types
      * src/security/security_manager.c, src/security/security_manager.h:
        Set default sec label types
      * src/security/security_selinux.c: Handle 'none' seclabel type
      * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
        src/qemu/libvirtd_qemu.aug: New security config options
      * src/qemu/qemu_driver.c: Tell security driver about default
        config
      b170eb99
  6. 28 1月, 2012 1 次提交
    • D
      Add a virt-host-validate command to sanity check HV config · 54a38915
      Daniel P. Berrange 提交于
      To assist people in verifying that their host is operating in an
      optimal manner, provide a 'virt-host-validate' command. For each
      type of hypervisor, it will check any pre-requisites, or other
      good recommendations and report what's working & what is not.
      
      eg
      
        # virt-host-validate
        QEMU: Checking for device /dev/kvm                                         : FAIL (Check that the 'kvm-intel' or 'kvm-amd' modules are loaded & the BIOS has enabled virtualization)
        QEMU: Checking for device /dev/vhost                                       : WARN (Load the 'vhost_net' module to improve performance of virtio networking)
        QEMU: Checking for device /dev/net/tun                                     : PASS
         LXC: Checking for Linux >= 2.6.26                                         : PASS
      
      This warns people if they have vmx/svm, but don't have /dev/kvm. It
      also warns about missing /dev/vhost net.
      54a38915
  7. 26 1月, 2012 1 次提交
  8. 24 1月, 2012 1 次提交
    • D
      QEMU guest agent support · c160ce33
      Daniel P. Berrange 提交于
      There is now a standard QEMU guest agent that can be installed
      and given a virtio serial channel
      
          <channel type='unix'>
            <source mode='bind' path='/var/lib/libvirt/qemu/f16x86_64.agent'/>
            <target type='virtio' name='org.qemu.guest_agent.0'/>
          </channel>
      
      The protocol that runs over the guest agent is JSON based and
      very similar to the JSON monitor. We can't use exactly the same
      code because there are some odd differences in the way messages
      and errors are structured. The qemu_agent.c file is based on
      a combination and simplification of qemu_monitor.c and
      qemu_monitor_json.c
      
      * src/qemu/qemu_agent.c, src/qemu/qemu_agent.h: Support for
        talking to the agent for shutdown
      * src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add thread
        helpers for talking to the agent
      * src/qemu/qemu_process.c: Connect to agent whenever starting
        a guest
      * src/qemu/qemu_monitor_json.c: Make variable static
      c160ce33
  9. 20 1月, 2012 1 次提交
    • E
      util: add new file for virTypedParameter utils · 61ca98b0
      Eric Blake 提交于
      Preparation for another patch that refactors common patterns
      into the new file for fewer lines of code overall.
      
      * src/util/util.h (virTypedParameterArrayClear): Move...
      * src/util/virtypedparam.h: ...to new file.
      (virTypedParameterArrayValidate, virTypedParameterAssign): New
      prototypes.
      * src/util/util.c (virTypedParameterArrayClear): Likewise.
      * src/util/virtypedparam.c: New file.
      * po/POTFILES.in: Mark file for translation.
      * src/Makefile.am (UTIL_SOURCES): Build it.
      * src/libvirt_private.syms (util.h): Split...
      (virtypedparam.h): to new section.
      (virkeycode.h): Sort.
      * daemon/remote.c: Adjust callers.
      * tools/virsh.c: Likewise.
      61ca98b0
  10. 30 11月, 2011 1 次提交
    • D
      Add internal APIs for dealing with time · 3ec12898
      Daniel P. Berrange 提交于
      The logging APIs need to be able to generate formatted timestamps
      using only async signal safe functions. This rules out using
      gmtime/localtime/malloc/gettimeday(!) and much more.
      
      Introduce a new internal API which is async signal safe.
      
        virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
                            where available, otherwise falls back to the unsafe
                            gettimeofday
      
        virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
        virTimeFieldsThenRaw into a broken out set of fields. No localtime()
                             replacement is provided, because converting to
                             local time is not practical with only async signal
                             safe APIs.
      
        virTimeStringNowRaw  replacements for strftime() which print a timestamp
        virTimeStringThenRaw into a string, using a pre-determined format, with
                             a fixed size buffer (VIR_TIME_STRING_BUFLEN)
      
      For each of these there is also a version without the Raw postfix
      which raises a full libvirt error. These versions are not async
      signal safe
      
      * src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
      * src/libvirt_private.syms: New APis
      * configure.ac: Check for clock_gettime in -lrt
      * tests/virtimetest.c, tests/Makefile.am: Test new APIs
      3ec12898
  11. 29 11月, 2011 1 次提交
    • S
      Implement the core API to suspend/resume the host · 4ddb37c3
      Srivatsa S. Bhat 提交于
      Add the core functions that implement the functionality of the API.
      Suspend is done by using an asynchronous mechanism so that we can return
      the status to the caller before the host gets suspended. This asynchronous
      operation is achieved by suspending the host in a separate thread of
      execution. However, returning the status to the caller is only best-effort,
      but not guaranteed.
      
      To resume the host, an RTC alarm is set up (based on how long we want to
      suspend) before suspending the host. When this alarm fires, the host
      gets woken up.
      
      Suspend-to-RAM operation on a host running Linux can take upto more than 20
      seconds, depending on the load of the system. (Freezing of tasks, an operation
      preceding any suspend operation, is given up after a 20 second timeout).
      And Suspend-to-Disk can take even more time, considering the time required
      for compaction, creating the memory image and writing it to disk etc.
      So, we do not allow the user to specify a suspend duration of less than 60
      seconds, to be on the safer side, since we don't want to prematurely declare
      failure when we only had to wait for some more time.
      4ddb37c3
  12. 24 11月, 2011 1 次提交
  13. 19 11月, 2011 4 次提交
    • E
      build: fix accidental POTFILES.in regression · cda8bd1a
      Eric Blake 提交于
      The original patch for commit 4789fb2e considered renaming a file,
      then backed out the name change, but forgot to back out the POTFILES.in
      change, resulting in 'make syntax-check' failure.
      cda8bd1a
    • D
      Add support for systemd init service · 4789fb2e
      Daniel P. Berrange 提交于
      This patch adds support for a systemd init service for libvirtd
      and libvirt-guests. The libvirtd.service is *not* written to use
      socket activation, since we want libvirtd to start on boot so it
      can do guest auto-start.
      
      The libvirt-guests.service is pretty lame, just exec'ing the
      original init script for now. Ideally we would factor out the
      functionality, into some shared tool.
      
      Instead of
      
        ./configure --with-init-script=redhat
      
      You can now do
      
        ./configure --with-init-script=systemd
      
      Or better still:
      
        ./configure --with-init-script=systemd+redhat
      
      We can also now support install of the upstart init script
      
      * configure.ac: Add systemd, and systemd+redhat options to
        --with-init-script option
      * daemon/Makefile.am: Install systemd services
      * daemon/libvirtd.sysconf: Add note about unused env variable
        with systemd
      * daemon/libvirtd.service.in: libvirtd systemd service unit
      * libvirt.spec.in: Add scripts to installing systemd services
        and migrating from legacy init scripts
      * tools/Makefile.am: Install systemd services
      * tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
      * tools/libvirt-guests.service.in: systemd service unit
      4789fb2e
    • D
      Move ifaceMacvtapLinkDump and ifaceGetNthParent functions · 91904106
      Daniel P. Berrange 提交于
      Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
      into virnetdevvportprofile.c since they are specific to that
      code. This avoids polluting the headers with the Linux specific
      netlink data types
      
      * src/util/interface.c, src/util/interface.h: Move
        ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
        remaining file
      * src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
        and ifaceGetNthParent functions
      * src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
        src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
        Remove include of interface.h
      91904106
    • D
      Rename and split the macvtap.c file · 896104c9
      Daniel P. Berrange 提交于
      Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
      functionality. Move the port profile association code out into
      virnetdevvportprofile.c. Make the APIs available unconditionally
      to callers
      
      * src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
      * src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
      * src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
        Pull in vport association code
      * src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
        src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
        paths & remove conditional compilation
      896104c9
  14. 15 11月, 2011 2 次提交
    • D
      Rename the LXC veth management APIs and delete duplicated APIs · 29b242ad
      Daniel P. Berrange 提交于
      The src/lxc/veth.c file contains APIs for managing veth devices,
      but some of the APIs duplicate stuff from src/util/virnetdev.h.
      Delete thed duplicate APIs and rename the remaining ones to
      follow virNetDevVethXXXX
      
      * src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
      * src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
        src/lxc/lxc_driver.c: Update for API renaming
      29b242ad
    • D
      Split src/util/network.{c,h} into 5 pieces · d3406045
      Daniel P. Berrange 提交于
      The src/util/network.c file is a dumping ground for many different
      APIs. Split it up into 5 pieces, along functional lines
      
       - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
       - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
       - src/util/virsocketaddr.c: virSocketAddr and APIs
       - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
         for virNetDevBandwidth
       - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
         for virNetDevVPortProfile
      
      * src/util/network.c, src/util/network.h: Split into 5 pieces
      * src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
        src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
        src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
        src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
        src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
      * daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
        src/conf/domain_conf.h, src/conf/network_conf.c,
        src/conf/network_conf.h, src/conf/nwfilter_conf.h,
        src/esx/esx_util.h, src/network/bridge_driver.c,
        src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
        src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
        src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
        src/util/virnetdev.h, src/util/virnetdevtap.c,
        tools/virsh.c: Update include files
      d3406045
  15. 10 11月, 2011 2 次提交
    • D
      Split bridge.h into three separate files · e49c9bf2
      Daniel P. Berrange 提交于
      Following the renaming of the bridge management APIs, we can now
      split the source file into 3 corresponding pieces
      
       * src/util/virnetdev.c: APIs for any type of network interface
       * src/util/virnetdevbridge.c: APIs for bridge interfaces
       * src/util/virnetdevtap.c: APIs for TAP interfaces
      
      * src/util/virnetdev.c, src/util/virnetdev.h,
        src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
        src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
        from bridge.{c,h}
      * src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
      * src/lxc/lxc_driver.c, src/network/bridge_driver.c,
        src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
        src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
        src/uml/uml_driver.c: Update #include directives
      e49c9bf2
    • D
      Make all brXXX APIs raise errors, instead of returning errnos · 4f4fd8f7
      Daniel P. Berrange 提交于
      Currently every caller of the brXXX APIs has to store the returned
      errno value and then raise an error message. This results in
      inconsistent error messages across drivers, additional burden on
      the callers and makes the error reporting inaccurate since it is
      hard to distinguish different scenarios from 1 errno value.
      
      * src/util/bridge.c: Raise errors instead of returning errnos
      * src/lxc/lxc_driver.c, src/network/bridge_driver.c,
        src/qemu/qemu_command.c, src/uml/uml_conf.c,
        src/uml/uml_driver.c: Remove error reporting code
      4f4fd8f7
  16. 26 8月, 2011 3 次提交
    • M
      hyperv: Add basic driver for Microsoft Hyper-V · 5e3b0f8b
      Matthias Bolte 提交于
      Domain listing, basic information retrieval and domain life cycle
      management is implemented. But currently the domain XML output
      lacks the complete devices section.
      
      The driver uses OpenWSMAN to directly communicate with a Hyper-V
      server over its WS-Management interface exposed via Microsoft WinRM.
      
      The driver is based on the work of Michael Sievers. This started in
      the same master program project group at the University of Paderborn
      as the ESX driver.
      
      See Michael's blog for details: http://hyperv4libvirt.wordpress.com/
      5e3b0f8b
    • M
      hyperv: Add OpenWSMAN based client for the Hyper-V WMI API · e224b6f8
      Matthias Bolte 提交于
      Add a generator script to generate the structs and serialization
      information for OpenWSMAN.
      
      openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
      There are also disabled sections that would use ws_serializer_free_mem
      but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
      this have been posted upstream.
      e224b6f8
    • M
      hyperv: Add driver skeleton · 4d6e6f4a
      Matthias Bolte 提交于
      4d6e6f4a
  17. 13 8月, 2011 1 次提交
    • D
      Add some APIs which use locking for crashsafe pidfile handling · e1da464d
      Daniel P. Berrange 提交于
      In daemons using pidfiles to protect against concurrent
      execution there is a possibility that a crash may leave a stale
      pidfile on disk, which then prevents later restart of the daemon.
      
      To avoid this problem, introduce a pair of APIs which make
      use of virFileLock to ensure crash-safe & race condition-safe
      pidfile acquisition & releae
      
      * src/libvirt_private.syms, src/util/virpidfile.c,
        src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease
      e1da464d
  18. 22 7月, 2011 1 次提交
    • E
      save: add virFileDirectFd wrapper type · 519a1c43
      Eric Blake 提交于
      O_DIRECT has stringent requirements.  Rather than make lots of changes
      at each site that wants to use O_DIRECT, it is easier to offload
      the work through a helper process that mirrors the I/O between a
      pipe and the actual direct fd, so that the other end of the pipe
      no longer has to worry about constraints.
      
      Plus, if the kernel ever gains better posix_fadvise support, then we
      only have to touch a single file to let all callers benefit from a
      more efficient way to avoid file system caching.
      
      * src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
      (virFileDirectFdClose, virFileDirectFdFree): New prototypes.
      * src/util/virdirect.c: Implement new wrapper object.
      * src/libvirt_private.syms (virfile.h): Export new symbols.
      * cfg.mk (useless_free_options): Add to list.
      * po/POTFILES.in: Add new translations.
      519a1c43
  19. 12 7月, 2011 2 次提交
    • D
      Define remote wire protocol & impls for virDomainQemuAttach · 44036460
      Daniel P. Berrange 提交于
      This tweaks the RPC generator to cope with some naming
      conventions used for the QEMU specific APIs
      
      * daemon/remote.c: Server side dispatcher
      * src/remote/remote_driver.c: Client side dispatcher
      * src/remote/qemu_protocol.x: Wire protocol definition
      * src/rpc/gendispatch.pl: Use '$structprefix' in method
        names, fix QEMU flags and fix dispatcher method names
      44036460
    • E
      maint: rename virtaudit to match file contents · 2ceb35e1
      Eric Blake 提交于
      * src/util/virtaudit.[ch]: Rename...
      * src/util/viraudit.[ch]: ...to match virAudit* API.
      * src/Makefile.am (UTIL_SOURCES): Reflect rename.
      * daemon/libvirtd.c: Likewise.
      * po/POTFILES.in: Likewise.
      * src/libvirt_private.syms: Likewise.
      * src/qemu/qemu_audit.c: Likewise.
      2ceb35e1
  20. 29 6月, 2011 3 次提交
    • E
      build: update translated files · 8f338921
      Eric Blake 提交于
      The last patch was incomplete.  The translated strings merely
      moved between generated file names, rather than disappearing.
      
      * cfg.mk (generated_files): Update generated file names.
      * po/POTFILES.in: Add remote_dispatch.h
      8f338921
    • J
      build: Don't expect translatable strings in a dead file · ec918adf
      Jiri Denemark 提交于
      daemon/remote_dispatch_bodies.h is no longer with us and shouldn't be
      searched for translatable strings.
      ec918adf
    • D
      Convert libvirtd over to the new RPC handling APIs · df0b57a9
      Daniel P. Berrange 提交于
      This guts the libvirtd daemon, removing all its networking and
      RPC handling code. Instead it calls out to the new virServerPtr
      APIs for all its RPC & networking work
      
      As a fallout all libvirtd daemon error reporting now takes place
      via the normal internal error reporting APIs. There is no need
      to call separate error reporting APIs in RPC code, nor should
      code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.
      
      * daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
        old generated dispatcher code
      * daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
        code
      * daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
      * daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
        APIs
      * daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
        code
      * daemon/stream.c, daemon/stream.h: Update for new APIs
      * daemon/Makefile.am: Link to libvirt-net-rpc-server.la
      df0b57a9
  21. 24 6月, 2011 7 次提交
    • D
      Introduce generic RPC client objects · 434de30d
      Daniel P. Berrange 提交于
      To facilitate creation of new clients using XDR RPC services,
      pull alot of the remote driver code into a set of reusable
      objects.
      
       - virNetClient: Encapsulates a socket connection to a
         remote RPC server. Handles all the network I/O for
         reading/writing RPC messages. Delegates RPC encoding
         and decoding to the registered programs
      
       - virNetClientProgram: Handles processing and dispatch
         of RPC messages for a single RPC (program,version).
         A program can register to receive async events
         from a client
      
       - virNetClientStream: Handles generic I/O stream
         integration to RPC layer
      
      Each new client program now merely needs to define the list of
      RPC procedures & events it wants and their handlers. It does
      not need to deal with any of the network I/O functionality at
      all.
      434de30d
    • D
      Introduce generic RPC module for advertising via MDNS · e23ec81d
      Daniel P. Berrange 提交于
      Allow RPC servers to advertise themselves using MDNS,
      via Avahi
      
      * src/rpc/virnetserver.c, src/rpc/virnetserver.h: Allow
        registration of MDNS services via avahi
      * src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add
        API to fetch the listen port number
      * src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add API to
        fetch the local port number
      * src/rpc/virnetservermdns.c, src/rpc/virnetservermdns.h: Represent
        an MDNS advertisement
      e23ec81d
    • D
      Introduce generic RPC server objects · 4e00b1da
      Daniel P. Berrange 提交于
      To facilitate creation of new daemons providing XDR RPC services,
      pull a lot of the libvirtd daemon code into a set of reusable
      objects.
      
       * virNetServer: A server contains one or more services which
         accept incoming clients. It maintains the list of active
         clients. It has a list of RPC programs which can be used
         by clients. When clients produce a complete RPC message,
         the server passes this onto the corresponding program for
         handling, and queues any response back with the client.
      
       * virNetServerClient: Encapsulates a single client connection.
         All I/O for the client is handled, reading & writing RPC
         messages.
      
       * virNetServerProgram: Handles processing and dispatch of
         RPC method calls for a single RPC (program,version).
         Multiple programs can be registered with the server.
      
       * virNetServerService: Encapsulates socket(s) listening for
         new connections. Each service listens on a single host/port,
         but may have multiple sockets if on a dual IPv4/6 host.
      
      Each new daemon now merely has to define the list of RPC procedures
      & their handlers. It does not need to deal with any network related
      functionality at all.
      4e00b1da
    • D
      Generic module for handling SASL authentication & encryption · bb1c9296
      Daniel P. Berrange 提交于
      This provides two modules for handling SASL
      
       * virNetSASLContext provides the process-wide state, currently
         just a whitelist of usernames on the server and a one time
         library init call
      
       * virNetTLSSession provides the per-connection state, ie the
         SASL session itself. This also include APIs for providing
         data encryption/decryption once the session is established
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
        SASL handling code
      bb1c9296
    • D
      Generic module for handling TLS encryption and x509 certs · 30fd0bbb
      Daniel P. Berrange 提交于
      This provides two modules for handling TLS
      
       * virNetTLSContext provides the process-wide state, in particular
         all the x509 credentials, DH params and x509 whitelists
       * virNetTLSSession provides the per-connection state, ie the
         TLS session itself.
      
      The virNetTLSContext provides APIs for validating a TLS session's
      x509 credentials. The virNetTLSSession includes APIs for performing
      the initial TLS handshake and sending/recving encrypted data
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
        TLS handling code
      30fd0bbb
    • D
      Introduce a generic object for using network sockets · 58b5b14e
      Daniel P. Berrange 提交于
      Introduces a simple wrapper around the raw POSIX sockets APIs
      and name resolution APIs. Allows for easy creation of client
      and server sockets with correct usage of name resolution APIs
      for protocol agnostic socket setup.
      
      It can listen for UNIX and TCP stream sockets.
      
      It can connect to UNIX, TCP streams directly, or indirectly
      to UNIX sockets via an SSH tunnel or external command
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Generic
        sockets APIs
      * tests/Makefile.am: Add socket test
      * tests/virnetsockettest.c: New test case
      * tests/testutils.c: Avoid overriding LIBVIRT_DEBUG settings
      * tests/ssh.c: Dumb helper program for SSH tunnelling tests
      58b5b14e
    • D
      Provide a simple object for encoding/decoding RPC messages · ceacc1dd
      Daniel P. Berrange 提交于
      This provides a new struct that contains a buffer for the RPC
      message header+payload, as well as a decoded copy of the message
      header. There is an API for applying a XDR encoding & decoding
      of the message headers and payloads. There are also APIs for
      maintaining a simple FIFO queue of message instances.
      
      Expected usage scenarios are:
      
      To send a message
      
         msg = virNetMessageNew()
      
         ...fill in msg->header fields..
         virNetMessageEncodeHeader(msg)
         ...loook at msg->header fields to determine payload filter
         virNetMessageEncodePayload(msg, xdrfilter, data)
         ...send msg->bufferLength worth of data from buffer
      
      To receive a message
      
         msg = virNetMessageNew()
         ...read VIR_NET_MESSAGE_LEN_MAX of data into buffer
         virNetMessageDecodeLength(msg)
         ...read msg->bufferLength-msg->bufferOffset of data into buffer
         virNetMessageDecodeHeader(msg)
         ...look at msg->header fields to determine payload filter
         virNetMessageDecodePayload(msg, xdrfilter, data)
         ...run payload processor
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Internal
        message handling API.
      * testutils.c, testutils.h: Helper for printing binary differences
      * virnetmessagetest.c: Validate all XDR encoding/decoding
      ceacc1dd
  22. 23 6月, 2011 1 次提交
    • S
      cleanup: make nlComm commonly available · 6a597883
      Stefan Berger 提交于
      In a first cleanup step, make nlComm from macvtap.c commonly available
      for other code to use. Since nlComm uses Linux-specific structures as
      parameters it's prototype is only visible on Linux.
      6a597883
  23. 02 6月, 2011 2 次提交
    • D
      Add a plugin for the 'sanlock' project · 9f135031
      Daniel P. Berrange 提交于
      Sanlock is a project that implements a disk-paxos locking
      algorithm. This is suitable for cluster deployments with
      shared storage.
      
      * src/Makefile.am: Add dlopen plugin for sanlock
      * src/locking/lock_driver_sanlock.c: Sanlock driver
      * configure.ac: Check for sanlock
      * libvirt.spec.in: Add a libvirt-lock-sanlock RPM
      9f135031
    • D
      Basic framework for lock manager plugins · 6a943419
      Daniel P. Berrange 提交于
      Define the basic framework lock manager plugins. The
      basic plugin API for 3rd parties to implemented is
      defined in
      
        src/locking/lock_driver.h
      
      This allows dlopen()able modules for alternative locking
      schemes, however, we do not install the header. This
      requires lock plugins to be in-tree allowing changing of
      the lock manager plugin API in future.
      
      The libvirt code for loading & calling into plugins
      is in
      
        src/locking/lock_manager.{c,h}
      
      * include/libvirt/virterror.h, src/util/virterror.c: Add
        VIR_FROM_LOCKING
      * src/locking/lock_driver.h: API for lock driver plugins
        to implement
      * src/locking/lock_manager.c, src/locking/lock_manager.h:
        Internal API for managing locking
      * src/Makefile.am: Add locking code
      6a943419