1. 11 1月, 2017 16 次提交
  2. 10 1月, 2017 24 次提交
    • J
      storage: Fix storage_backend probing when PARTED not installed. · bdd371c5
      John Ferlan 提交于
      Commit id 'a48c674f' caused problems for systems without PARTED installed.
      
      So move the PARTED probing code back to storage_backend_disk.c and create
      a shim within storage_backend.c to call it if WITH_STORAGE_DISK is true;
      otherwise, just return -1 with the error.
      bdd371c5
    • J
      storage: Validate the device formats at logical startup · cb38b6cb
      John Ferlan 提交于
      At startup time, rather than blindly trusting the target devices are
      still properly formatted, let's check to make sure the pool's target
      devices are all properly formatted before attempting to start the pool.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      cb38b6cb
    • J
      storage: Add overwrite flag checking for logical pool · f573f84e
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1373711
      
      Add support and documentation for the [NO_]OVERWRITE flags for the
      logical backend.
      
      Update virsh.pod with a description of the process for usage of
      the flags and building of the pool's volume group.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      f573f84e
    • J
      storage: Extract logical device initialize into a helper · d5cc5f89
      John Ferlan 提交于
      Make the remaining code a bit cleaner.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      d5cc5f89
    • J
      storage: Clean up logical pool devices on build failure · 71a08b5a
      John Ferlan 提交于
      If the build fails, then we need to ensure that we've run pvremove
      on any devices which we've run pvcreate on; otherwise, a subsequent
      build could fail since running pvcreate twice on a device requires
      special force arguments.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      71a08b5a
    • J
      storage: Adjust disk label found to match labels · a4cb4a74
      John Ferlan 提交于
      Currently as long as the disk is formatted using a known parted format
      type, the algorithm is happy to continue. However, that leaves a scenario
      whereby a disk formatted using "pc98" could be used by a pool that's defined
      using "dvh" (or vice versa). Alter the check to be match and different
      and adjust the caller.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      a4cb4a74
    • J
      storage: Move and rename disk backend label checking · a48c674f
      John Ferlan 提交于
      Rather than have the Disk code having to use PARTED to determine if
      there's something on the device, let's use the virStorageBackendDeviceProbe.
      and only fallback to the PARTED probing if the BLKID code isn't built in.
      
      This will also provide a mechanism for the other current caller (File
      System Backend) to utilize a PARTED parsing algorithm in the event that
      BLKID isn't built in to at least see if *something* exists on the disk
      before blindly trying to use. The PARTED error checking will not find
      file system types, but if there is a partition table set on the device,
      it will at least cause a failure.
      
      Move virStorageBackendDiskValidLabel and virStorageBackendDiskFindLabel
      to storage_backend and rename/rework the code to fit the new model.
      
      Update the virsh.pod description to provide a more generic description
      of the process since we could now use either blkid or parted to find
      data on the target device.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      a48c674f
    • J
      storage: For FS pool check for properly formatted target volume · a11fd697
      John Ferlan 提交于
      Prior to starting up, let's be sure the target volume device is
      formatted as we expect; otherwise, inhibit the start.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      a11fd697
    • J
      storage: Add writelabel bool for virStorageBackendDeviceProbe · 19ced38f
      John Ferlan 提交于
      It's possible that the API could be called from a startup path in
      order to check whether the label on the device matches what our
      format is. In order to handle that condition, add a 'writelabel'
      boolean to the API in order to indicate whether a write or just
      read is about to happen.
      
      This alters two "error" conditions that would care about knowing.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      19ced38f
    • J
      storage: Add partition type checks for BLKID probing · a22e1a00
      John Ferlan 提交于
      A device may be formatted using some sort of disk partition format type.
      We can check that using the blkid_ API's as well - so alter the logic to
      allow checking the device for both a filesystem and a disk partition.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      a22e1a00
    • J
      storage: Fix implementation of no-overwrite for file system backend · f23d4bbc
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1363586
      
      Commit id '27758859' introduced the "NO_OVERWRITE" flag check for
      file system backends; however, the implementation, documentation,
      and algorithm was inconsistent. For the "flag" description for the
      API the flag was described as "Do not overwrite existing pool";
      however, within the storage backend code the flag is described
      as "it probes to determine if filesystem already exists on the
      target device, renurning an error if exists".
      
      The code itself was implemented using the paradigm to set up the
      superblock probe by creating a filter that would cause the code
      to only search for the provided format type. If that type wasn't
      found, then the algorithm would return success allowing the caller
      to format the device. If the format type already existed on the
      device, then the code would fail indicating that the a filesystem
      of the same type existed on the device.
      
      The result is that if someone had a file system of one type on the
      device, it was possible to overwrite it if a different format type
      was specified in updated XML effectively trashing whatever was on
      the device already.
      
      This patch alters what NO_OVERWRITE does for a file system backend
      to be more realistic and consistent with what should be expected when
      the caller requests to not overwrite the data on the disk.
      
      Rather than filter results based on the expected format type, the
      code will allow success/failure be determined solely on whether the
      blkid_do_probe calls finds some known format on the device. This
      adjustment also allows removal of the virStoragePoolProbeResult
      enum that was under utilized.
      
      If it does find a formatted file system different errors will be
      generated indicating a file system of a specific type already exists
      or a file system of some other type already exists.
      
      In the original virsh support commit id 'ddcd5674', the description
      for '--no-overwrite' within the 'pool-build' command help output
      has an ambiguous "of this type" included in the short description.
      Compared to the longer description within the "Build a given pool."
      section of the virsh.pod file it's more apparent that the meaning
      of this flag would cause failure if a probe of the target already
      has a filesystem.
      
      So this patch also modifies the short description to just be the
      antecedent of the 'overwrite' flag, which matches the API description.
      This patch also modifies the grammar in virsh.pod for no-overwrite
      as well as reworking the paragraph formats to make it easier to read.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      f23d4bbc
    • J
      storage: Introduce virStorageBackendDeviceIsEmpty · 553d21da
      John Ferlan 提交于
      Rename virStorageBackendFileSystemProbe and to virStorageBackendBLKIDFindFS
      and move to the more common storage_backend module.
      
      Create a shim virStorageBackendDeviceIsEmpty which will make the call
      to the virStorageBackendBLKIDFindFS and check the return value.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      553d21da
    • M
      qemu: Drop qemuDomainDeleteNamespace · 406e3909
      Michal Privoznik 提交于
      After previous commits, this function is no longer needed.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      406e3909
    • M
      qemuDomainCreateNamespace: move mkdir to qemuDomainBuildNamespace · 5d198c2b
      Michal Privoznik 提交于
      Again, there is no need to create /var/lib/libvirt/$domain.*
      directories in CreateNamespace(). It is sufficient to create them
      as soon as we need them which is in BuildNamespace. This way we
      don't leave them around for the whole lifetime of domain.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      5d198c2b
    • M
      qemuDomainGetPreservedMounts: Do not special case /dev · 5d300576
      Michal Privoznik 提交于
      The c1140eb9 got me thinking. We don't want to special case /dev
      in qemuDomainGetPreservedMounts(), but in all other places in the
      code we special case it anyway. I mean,
      /var/run/libvirt/$domain.dev path is constructed separately just
      so that it is not constructed here. It makes only a little sense
      (if any at all).
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      5d300576
    • M
      qemuDomainCreateNamespace: s/unlink/rmdir/ · 40ebbf72
      Michal Privoznik 提交于
      If something goes wrong in this function we try a rollback. That
      is unlink all the directories we created earlier. For some weird
      reason unlink() was called instead of rmdir().
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      40ebbf72
    • M
      qemu: Use transactions from security driver · 095f042e
      Michal Privoznik 提交于
      So far if qemu is spawned under separate mount namespace in order
      to relabel everything it needs an access to the security driver
      to run in that namespace too. This has a very nasty down side -
      it is being run in a separate process, so any internal state
      transition is NOT reflected in the daemon. This can lead to many
      sleepless nights. Therefore, use the transaction APIs so that
      libvirt developers can sleep tight again.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      095f042e
    • M
      4674fc6a
    • M
      security_dac: Implement transaction APIs · 67232478
      Michal Privoznik 提交于
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      67232478
    • M
      security driver: Introduce transaction APIs · 95576b4d
      Michal Privoznik 提交于
      With our new qemu namespace code in place, the relabelling of
      devices is done not as good is it could: a child process is
      spawned, it enters the mount namespace of the qemu process and
      then runs desired API of the security driver.
      
      Problem with this approach is that internal state transition of
      the security driver done in the child process is not reflected in
      the parent process. While currently it wouldn't matter that much,
      it is fairly easy to forget about that. We should take the extra
      step now while this limitation is still fresh in our minds.
      
      Three new APIs are introduced here:
        virSecurityManagerTransactionStart()
        virSecurityManagerTransactionCommit()
        virSecurityManagerTransactionAbort()
      
      The Start() is going to be used to let security driver know that
      we are starting a new transaction. During a transaction no
      security labels are actually touched, but rather recorded and
      only at Commit() phase they are actually updated. Should
      something go wrong Abort() aborts the transaction freeing up all
      memory allocated by transaction.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      95576b4d
    • M
      security_dac: Resolve virSecurityDACSetOwnershipInternal const correctness · 39779eb1
      Michal Privoznik 提交于
      The code at the very bottom of the DAC secdriver that calls
      chown() should be fine with read-only data. If something needs to
      be prepared it should have been done beforehand.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      39779eb1
    • A
      qemu: Use virtio-pci by default for mach-virt guests · 1d845463
      Andrea Bolognani 提交于
      virtio-pci is the way forward for aarch64 guests: it's faster
      and less alien to people coming from other architectures.
      Now that guest support is finally getting there (Fedora 24,
      CentOS 7.3, Ubuntu 16.04 and Debian testing all support
      virtio-pci out of the box), we'd like to start using it by
      default instead of virtio-mmio.
      
      Users and applications can already opt-in by explicitly using
      
        <address type='pci'/>
      
      inside the relevant elements, but that's kind of cumbersome and
      requires all users and management applications to adapt, which
      we'd really like to avoid.
      
      What we can do instead is use virtio-mmio only if the guest
      already has at least one virtio-mmio device, and use virtio-pci
      in all other situations.
      
      That means existing virtio-mmio guests will keep using the old
      addressing scheme, and new guests will automatically be created
      using virtio-pci instead. Users can still override the default
      in either direction.
      
      Existing tests such as aarch64-aavmf-virtio-mmio and
      aarch64-virtio-pci-default already cover all possible
      scenarios, so no additions to the test suites are necessary.
      1d845463
    • P
      qemu: setvcpus: Properly coldplug vcpus when hotpluggable vcpus are present · a946ea1a
      Peter Krempa 提交于
      When coldplugging vcpus to a VM that already has a few hotpluggable
      vcpus the code might generate invalid configuration as
      non-hotpluggable cpus need to be clustered starting from vcpu 0.
      
      This fix forces the added vcpus to be hotpluggable in such case.
      
      Fixes a corner case described in:
      https://bugzilla.redhat.com/show_bug.cgi?id=1370357
      a946ea1a
    • N
      perf: Add cache_l1d perf event support · ae16c95f
      Nitesh Konkar 提交于
      This patch adds support and documentation for
      a generalized hardware cache event called cache_l1d
      perf event.
      Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com>
      ae16c95f