- 22 10月, 2012 2 次提交
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
On F17 at least, every time libvirtd starts we get this in syslog: libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory This comes from cyrus-sasl, and happens regardless of whether the gssapi plugin is requested, which is what actually uses /etc/libvirt/krb5.tab. While cyrus-sasl shouldn't complain, we can easily make it shut up by commenting out the keytab value by default. Also update the keytab comment to the more modern one from qemu's sasl config file.
-
- 21 10月, 2012 2 次提交
-
-
由 Laine Stump 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483 virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three allow network definitions to contain multiple <portgroup> elements with default='yes'. Only a single default portgroup should be allowed for each network. This patch updates networkValidate() (called by both virNetworkCreate() and virNetworkDefine()) and virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not allow multiple default portgroups.
-
由 Laine Stump 提交于
This fixes the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=868389 Previously, the dnsmasq hosts file (used for static dhcp entries, and addnhosts file (used for additional dns host entries) were only created/referenced on the dnsmasq commandline if there was something to put in them at the time the network was started. Once we can update a network definition while it's active (which is now possible with virNetworkUpdate), this is no longer a valid strategy - if there were 0 dhcp static hosts (resulting in no reference to the hosts file on the commandline), then one was later added, the commandline wouldn't have linked dnsmasq up to the file, so even though we create it, dnsmasq doesn't pay any attention. The solution is to just always create these files and reference them on the dnsmasq commandline (almost always, anyway). That way dnsmasq can notice when a new entry is added at runtime (a SIGHUP is sent to dnsmasq by virNetworkUdpate whenever a host entry is added or removed) The exception to this is that the dhcp static hosts file isn't created if there are no lease ranges *and* no static hosts. This is because in this case dnsmasq won't be setup to listen for dhcp requests anyway - in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq will need to be restarted anyway (to get it listening on the dhcp port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there are no dhcp ranges) we need to restart dnsmasq so that it will stop listening on port 67. These special situations are handled in the bridge driver's networkUpdate() by checking for ((bool) nranges||nhosts) both before and after the update, and triggering a dnsmasq restart if the before and after don't match.
-
- 20 10月, 2012 23 次提交
-
-
由 Laine Stump 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=866364 pointed out a crash due to virNetworkObjAssignDef free'ing network->newDef without NULLing it afterward. A fix for this is in upstream commit b7e92024. While the NULLing of newDef was a legitimate fix, newDef should have already been empty (NULL) anyway (as indicated in the comment that was deleted by that commit). The reason that newDef had a non-NULL value (i.e. the root cause) was that networkStartNetwork() had failed after populating network->newDef, but then neglected to free/NULL newDef in the cleanup. (A bit of background here: network->newDef should contain the persistent config of a network when a network is active (and of course only when it is persisten), and NULL at all other times. There is also a network->def which should contain the persistent definition of the network when it is inactive, and the current live state at all other times. The idea is that you can make changes to network->newDef which will take effect the next time the network is restarted, but won't mess with the current state of the network (virDomainObj has a similar pair of virDomainDefs that behave in the same fashion). Personally I think there should be a network->live and network->config, and the location of the persistent config should *always* be in network->config, but that's for a later cleanup). Since I love things to be symmetric, I created a new function called virNetworkObjUnsetDefTransient(), which reverses the effects of virNetworkObjSetDefTransient(). I don't really like the name of the new function, but then I also didn't really like the name of the old one either (it's just named that way to match a similar function in the domain conf code).
-
由 Eric Blake 提交于
Gcc with optimization warns: ../../src/qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': ../../src/qemu/qemu_driver.c:12813:46: error: 'disk' may be used uninitialized in this function [-Werror=maybe-uninitialized] ../../src/qemu/qemu_driver.c:12698:25: note: 'disk' was declared here cc1: all warnings being treated as errors so obviously I had only been testing with optimization off. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Guard cleanup.
-
由 Eric Blake 提交于
I finally have all the pieces in place to perform a block-commit with SELinux enforcing. There's still missing cleanup work when the commit completes, but doing that requires tracking both the backing chain and the base and top files within that chain in domain XML across libvirtd restarts. Furthermore, from a security standpoint, once you have granted access, you must assume any damage that can be done will be done; later revoking access is nice to minimize the window of damage, but less important as it does not affect the fact that damage can be done in the first place. Therefore, deferring the revoke efforts until we have better XML tracking of what chain operations are in effect, including across a libvirtd restart, is reasonable. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Label disks as needed. (qemuDomainPrepareDiskChainElement): Cast away const.
-
由 Eric Blake 提交于
Previously, snapshot code did its own permission granting (lock manager, cgroup device controller, and security manager labeling) inline. But now that we are adding block-commit and block-copy which also have to change permissions, it's better to reuse common code for the task. While snapshot should fall back to no access if read-write access failed, block-commit will want to fall back to read-only access. The common code doesn't know whether failure to grant read-write access should revert to no access (snapshot, block-copy) or read-only access (block-commit). This code can also be used to revoke access to unused files after block-pull. It might be nice to clean things up in a future patch by adding new functions to the lock manager, cgroup manager, and security manager that takes a single file name and applies context of a disk to that file, rather than the current semantics of applying context to the entire chain already associated to a disk. That way, we could avoid the games this patch plays of temporarily swapping out the disk->src and related fields of the disk. But that would involve more code changes, so this patch really is the smallest hack for doing the necessary work; besides, this patch is more or less code motion (the hack was already employed by the snapshot creation code, we are just making it reusable). * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateSingleDiskActive) (qemuDomainSnapshotUndoSingleDiskActive): Refactor labeling hacks... (qemuDomainPrepareDiskChainElement): ...into new function.
-
由 Eric Blake 提交于
Now that we can crawl the chain of backing files, we can do argument validation and implement the 'shallow' flag. In testing this, I discovered that it can be handy to pass the shallow flag and an explicit base, as a means of validating that the base is indeed the file we expected. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Crawl through chain to implement shallow flag. * src/libvirt.c (virDomainBlockCommit): Relax API.
-
由 Eric Blake 提交于
This is the bare minimum to kick off a block commit. In particular, flags support is missing (shallow requires us to crawl the backing chain to determine the file name to pass to the qemu monitor command; delete requires us to track what needs to be deleted at the time the completion event fires). Also, we are relying on qemu to do error checking (such as validating 'top' and 'base' as being members of the backing chain), including the fact that the current qemu code does not support committing the active layer (although it is still planned to add that before qemu 1.3). Since the active layer won't change, we have it easy and do not have to alter the domain XML. Additionally, this will fail if SELinux is enforcing, because we fail to grant qemu proper read/write access to the files it will modify. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): New function. (qemuDriver): Register it.
-
由 Eric Blake 提交于
qemu 1.3 will be adding a 'block-commit' monitor command, per qemu.git commit ed61fc1. It matches nicely to the libvirt API virDomainBlockCommit. * src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCK_COMMIT): New bit. * src/qemu/qemu_capabilities.c (qemuCapsProbeQMPCommands): Set it. * src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): New prototype. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit): Likewise. * src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Implement it. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit): Likewise. (qemuMonitorJSONHandleBlockJobImpl) (qemuMonitorJSONGetBlockJobInfoOne): Handle new event type.
-
由 Eric Blake 提交于
Minor cleanup made possible by previous simplifications. * src/qemu/qemu_cgroup.h (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup): Alter signature. * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup, qemuSetupCgroup): Update all uses. * src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice) (qemuDomainDetachDiskDevice): Likewise. * src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive) (qemuDomainChangeDiskMediaLive) (qemuDomainSnapshotCreateSingleDiskActive) (qemuDomainSnapshotUndoSingleDiskActive): Likewise.
-
由 Eric Blake 提交于
We used to walk the backing file chain at least twice per disk, once to set up cgroup device whitelisting, and once to set up security labeling. Rather than walk the chain every iteration, which possibly includes calls to fork() in order to open root-squashed NFS files, we can exploit the cache of the previous patch. * src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter signature. * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller to supply backing chain via disk, if recursion is desired. * src/security/security_dac.c (virSecurityDACSetSecurityImageLabel): Adjust caller. * src/security/security_selinux.c (virSecuritySELinuxSetSecurityImageLabel): Likewise. * src/security/virt-aa-helper.c (get_files): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup) (qemuTeardownDiskCgroup): Likewise. (qemuSetupCgroup): Pre-populate chain.
-
由 Eric Blake 提交于
Technically, we should not be re-probing any file that qemu might be currently writing to. As such, we should cache the backing file chain prior to starting qemu. This patch adds the cache, but does not use it until the next patch. Ultimately, we want to also store the chain in domain XML, so that it is remembered across libvirtd restarts, and so that the only kosher way to modify the backing chain of an offline domain will be through libvirt API calls, but we aren't there yet. So for now, we merely invalidate the cache any time we do a live operation that alters the chain (block-pull, block-commit, external disk snapshot), as well as tear down the cache when the domain is not running. * src/conf/domain_conf.h (_virDomainDiskDef): New field. * src/conf/domain_conf.c (virDomainDiskDefFree): Clean new field. * src/qemu/qemu_domain.h (qemuDomainDetermineDiskChain): New prototype. * src/qemu/qemu_domain.c (qemuDomainDetermineDiskChain): New function. * src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive) (qemuDomainChangeDiskMediaLive): Pre-populate chain. (qemuDomainSnapshotCreateSingleDiskActive): Uncache chain before snapshot. * src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Update chain after block pull.
-
由 Eric Blake 提交于
In order to temporarily label files read/write during a commit operation, we need to crawl the backing chain and find the absolute file name that needs labeling in the first place, as well as the name of the file that owns the backing file. * src/util/storage_file.c (virStorageFileChainLookup): New function. * src/util/storage_file.h: Declare it. * src/libvirt_private.syms (storage_file.h): Export it.
-
由 Eric Blake 提交于
In order to search for a backing file name as literally present in a chain, we need to remember if the chain had relative names. Also, searching for absolute names is easier if we only have to canonicalize once, rather than on every iteration. * src/util/storage_file.h (_virStorageFileMetadata): Add field. * src/util/storage_file.c (virStorageFileGetMetadataFromBuf): (virStorageFileFreeMetadata): Manage it (absolutePathFromBaseFile): Store absolute names in canonical form.
-
由 Eric Blake 提交于
Requiring pre-allocation was an unusual idiom. It allowed iteration over the backing chain to use fewer mallocs, but made one-shot clients harder to read. Also, this makes it easier for a future patch to move away from opening fds on every iteration over the chain. * src/util/storage_file.h (virStorageFileGetMetadataFromFD): Alter signature. * src/util/storage_file.c (virStorageFileGetMetadataFromFD): Allocate return value. (virStorageFileGetMetadata): Update clients. * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget): Likewise.
-
由 Eric Blake 提交于
Previously, no one was using virStorageFileGetMetadata, and for good reason - it couldn't support root-squash NFS. Change the signature and make it useful to future patches, including enhancing the metadata to recursively track the entire chain. * src/util/storage_file.h (_virStorageFileMetadata): Add field. (virStorageFileGetMetadata): Alter signature. * src/util/storage_file.c (virStorageFileGetMetadata): Rewrite. (virStorageFileGetMetadataRecurse): New function. (virStorageFileFreeMetadata): Handle recursion.
-
由 Eric Blake 提交于
Backing chains can end on a network protocol, such as nbd:xxx; we should not attempt to probe the file system in this case. * src/storage/storage_backend_fs.c (virStorageBackendProbeTarget): Only probe files.
-
由 Eric Blake 提交于
This is the last use of raw strings for disk formats throughout the src/conf directory. * src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Store enum rather than string for disk type. * src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear) (virDomainSnapshotDiskDefParseXML, virDomainSnapshotDefFormat): Adjust users. * src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare) (qemuDomainSnapshotCreateSingleDiskActive): Likewise.
-
由 Eric Blake 提交于
Actually use the enum in the domain conf structure. * src/conf/domain_conf.h (_virDomainDiskDef): Store enum rather than string for disk type. * src/conf/domain_conf.c (virDomainDiskDefFree) (virDomainDiskDefParseXML, virDomainDiskDefFormat) (virDomainDiskDefForeachPath): Adjust users. * src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk): Likewise. * src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise. * src/vbox/vbox_tmpl.c (vboxAttachDrives): Likewise. * src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
-
由 Eric Blake 提交于
Express the default disk type as an enum, for easier handling. * src/conf/capabilities.h (_virCaps): Store enum rather than string for disk type. * src/conf/domain_conf.c (virDomainDiskDefParseXML): Adjust clients. * src/qemu/qemu_driver.c (qemuCreateCapabilities): Likewise.
-
由 Eric Blake 提交于
At one point, the code passed through arbitrary strings for file formats, which supposedly lets qemu handle a new file type even before libvirt has been taught to handle it. However, to properly label files, libvirt has to learn the file type anyway, so we might as well make our life easier by only accepting file types that we are prepared to handle. This patch lets the RNG validation ensure that only known strings are let through. * docs/schemas/domaincommon.rng (driverFormat): Limit to list of supported strings. * docs/schemas/domainsnapshot.rng (driver): Likewise.
-
由 Eric Blake 提交于
We have historically allowed 'aio' as a synonym for 'raw' for back-compat to xen, but since a future patch will move to using an enum value, we have to pick one to be our preferred output name. This is a slight change in the output XML, but the sexpr and xm outputs should still be identical, and the input XML can still use either form. * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Move aio back-compat... (virDomainDiskDefParseXML): ...to parse time. * src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk): ...and to output time. * src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise. * tests/sexpr2xmldata/sexpr2xml-*.xml: Update tests.
-
由 Eric Blake 提交于
When an image has no backing file, using VIR_STORAGE_FILE_AUTO for its type is a bit confusing. Additionally, a future patch would like to reserve a default value for the case of no file type specified in the XML, but different from the current use of -1 to imply probing, since probing is not always safe. Also, a couple of file types were missing compared to supported code: libxl supports 'vhd', and qemu supports 'fat' for directories passed through as a file system. * src/util/storage_file.h (virStorageFileFormat): Add VIR_STORAGE_FILE_NONE, VIR_STORAGE_FILE_FAT, VIR_STORAGE_FILE_VHD. * src/util/storage_file.c (virStorageFileMatchesVersion): Match documentation when version probing not supported. (cowGetBackingStore, qcowXGetBackingStore, qcow1GetBackingStore) (qcow2GetBackingStoreFormat, qedGetBackingStore) (virStorageFileGetMetadataFromBuf) (virStorageFileGetMetadataFromFD): Take NONE into account. * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise. * src/conf/storage_conf.c (virStorageVolumeFormatFromString): New function. (poolTypeInfo): Use it.
-
由 Cole Robinson 提交于
AUTHORS.in tracks the maintainers, as well as some folks who were previously in AUTHORS but don't have a git commit with proper attribution. Generated output is sorted alphabetically and lacks pretty spacing, so tweak AUTHORS.in to follow the same format. Additionally, drop the syntax-check rule that previously validated AUTHORS against git log.
-
由 Guannan Ren 提交于
Relabeling tapfd right after the tap device is created. qemuPhysIfaceConnect is common function called both for static netdevs and for hotplug netdevs.
-
- 19 10月, 2012 4 次提交
-
-
由 Jiri Denemark 提交于
Having hostuuid in migration cookie is a nice bonus since it provides an easy way of detecting migration to the same host. However, requiring it breaks backward compatibility with older libvirt releases.
-
由 Jiri Denemark 提交于
Recently, patches were added support for (managed)saving, restoring, and migrating domains with host USB devices. However, qemu driver would still forbid migration of such domains because qemuMigrationIsAllowed was not updated.
-
由 Guido Günther 提交于
If we can't probe the architecture from QMP we parse the architecture from the qemu binaries name. This results in the architecture being i386 instead of i686 which then results in QEMU_CAPS_PCI_MULTIBUS being unset which gives a broken qemu command line. This probably didn't show up earlier since most of the time there's also a /usr/bin/qemu around which results in i686 capabilities.
-
由 Guido Günther 提交于
This unbreaks qemu:///session that got broken by ba63d8f7.
-
- 18 10月, 2012 9 次提交
-
-
由 Michal Privoznik 提交于
which frees all allocated memory but doesn't set the passed pointer to NULL. Therefore, we must do it ourselves. This is causing actual libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should be dropped. And the memory is freed, indeed. However, the pointer is not set to NULL but kept instead. And the next duo of calls 'virsh net-start' and 'virsh net-destroy' starts the disaster. The latter one does the same as 'virsh destroy'; it sees that newDef is nonNULL so it replaces def with newDef (which has been freed already as said a few lines above). Therefore any subsequent call accessing def will hit the ground.
-
由 Viktor Mihajlovski 提交于
Missing entry for cpu_ppc_data.h added to fix RPM build. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-
由 Jiri Denemark 提交于
When libvirt cannot find a suitable CPU model for host CPU (easily reproducible by running libvirt in a guest), it would not provide CPU topology in capabilities XML either. Even though CPU topology is known and can be queried by virNodeGetInfo. With this patch, CPU topology will always be provided in capabilities XML regardless on the presence of CPU model.
-
由 Jiri Denemark 提交于
This should not make a big difference in real world since libvirt-daemon, which is already required by libvirt-lock-sanlock, requires libvirt-client and thus libvirt-lock-sanlock gets this dependency transitively. However, since libvirt-lock-sanlock contains sanlock_helper binary linked to libvirt.so, we should start requiring libvirt-client directly.
-
由 Peter Krempa 提交于
This patch adds QEMU support for the "relaxed" feature implemented by previous patch.
-
由 Peter Krempa 提交于
Hypervisors are starting to support HyperV Enlightenment features that improve behavior of guests running Microsoft Windows operating systems. This patch adds support for the "relaxed" feature that improves timer behavior and also establishes a framework to add these features in future.
-
由 Peter Krempa 提交于
The apic-eoi feature enum and implementation can be made more universal to allow re-use of the enum for other features.
-
由 Michal Privoznik 提交于
Currently we query-spice after the main migration has completed before moving to next state. Qemu reports this as boolean (not enclosed within quotes). Therefore it is not correct to use virJSONValueObjectGetString but virJSONValueObjectGetBoolean instead.
-
由 Viktor Mihajlovski 提交于
The machine in the last output line of <qemu-binary> -M ? was always reported as default machine even if this wasn't the actual default. Trivial fix. Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
-