- 09 12月, 2014 20 次提交
-
-
由 Peter Krempa 提交于
Avoid leaving the domain locked on a failed ACL check in qemuDomainMigratePerform() and qemuDomainMigrateFinish2(). Introduced in commit abf75aea (Add ACL checks into the QEMU driver).
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
The module XML::XPath is needed when building from git only (no need to have it when building from tarball), so this patch moves the check from specfile into bootstrap.conf. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Eric Blake 提交于
Several portability changes, but the one we are most interested in is the improvement to bootstrap to detect perl modules. This patch doesn't actually change our bootstrap requirements (that will be a separate patch), but sets the stage for it. * .gnulib: Update to latest. * bootstrap: Regenerate from upstream. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Commit c7542573 introduced a compilation failure: ../../src/access/viraccessdriverpolkit.c: In function 'virAccessDriverPolkitCheck': ../../src/access/viraccessdriverpolkit.c:137:5: error: format '%d' expects argument of type 'int', but argument 9 has type 'pid_t' [-Werror=format=] VIR_DEBUG("Check action '%s' for process '%d' time %lld uid %d", ^ Since mingw pid_t is 64 bits, it's easier to just follow what we've done elsewhere and cast to a large enough type when printing pids. * src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck): Add cast. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Bug introduced in commit 100b7a72: util/virnetdevbridge.c: In function 'virNetDevBridgePortSetLearning': util/virnetdevbridge.c:359:38: error: unused parameter 'enable' [-Werror=unused-parameter] bool enable) ^ * src/util/virnetdevbridge.c (virNetDevBridgePortSetLearning): Mark unused variable. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Kyle DeFrancia 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779 A <dhcp> element can exist in only one IPv4 address and one IPv6 address per network. This patch enforces that in virNetworkUpdate.
-
由 Laine Stump 提交于
lxcProcessSetupInterfaces() used to have a special case for actualType='network' (a network with forward mode of route, nat, or isolated) to call the libvirt public API to retrieve the bridge being used by a network. That is no longer necessary - since all network types that use a bridge and tap device now get the bridge name stored in the ActualNetDef, we can just always use virDomainNetGetActualBridgeName() instead.
-
由 Laine Stump 提交于
qemuNetworkIfaceConnect() used to have a special case for actualType='network' (a network with forward mode of route, nat, or isolated) to call the libvirt public API to retrieve the bridge being used by a network. That is no longer necessary - since all network types that use a bridge and tap device now get the bridge name stored in the ActualNetDef, we can just always use virDomainNetGetActualBridgeName() instead. (an audit of the two callers to qemuNetworkIfaceConnect() confirms that it is never called for any other type of network, so the dead code in the else statement (logging an internal error if it is called for any other type of network) is eliminated in the process.)
-
由 Laine Stump 提交于
When libvirt is managing the MAC table of a Linux host bridge, it must turn off learning and unicast_flood for each tap device attached to that bridge, then add a Forwarding Database (fdb) entry for the tap device using the MAC address from the domain interface config. Once we have disabled learning and flooding, any packet that has a destination MAC address not present in the fdb will be dropped by the bridge. This, along with the opportunistic disabling of promiscuous mode[*], can result in enhanced network performance. and a potential slight security improvement. [*] If there is only one device on the bridge with learning/unicast_flood enabled, then that device will automatically have promiscuous mode disabled. If there are *no* devices with learning/unicast_flood enabled (e.g. for a libvirt "route", "nat", or isolated network that has no physical device attached), then all non-tap devices will have promiscuous mode disabled (tap devices always have promiscuous mode enabled, which may be a bug in the kernel, but in practice has 0 effect). None of this has any effect for kernels prior to 3.15 (upstream kernel commit 2796d0c648c940b4796f84384fbcfb0a2399db84 "bridge: Automatically manage port promiscuous mode"). Even after that, until kernel 3.17 (upstream commit 5be5a2df40f005ea7fb7e280e87bbbcfcf1c2fc0 "bridge: Add filtering support for default_pvid") traffic will not be properly forwarded without manually adding vlan table entries. Unfortunately, although the presence of the first patch is signalled by existence of the "learning" and "unicast_flood" options in sysfs, there is no reliable way to query whether or not the system's kernel has the second of those patches installed, the only thing that can be done is to try the setting and see if traffic continues to pass.
-
由 Laine Stump 提交于
When the bridge device for a network has macTableManager='libvirt' the intent is that all kernel management of the bridge's MAC table (Forwarding Database, or fdb, in the case of a Linux Host Bridge) be disabled, with libvirt handling updates to the table instead. The setup required for the bridge itself is: 1) set the "vlan_filtering" property of the bridge device to 1. 2) If the bridge has a "Dummy" tap device used to set a fixed MAC address on the bridge (which is always the case for a bridge created by libvirt, and never the case for a bridge created by the host system network config), turn off learning and unicast_flood on this tap (this is needed even though this tap is never IFF_UP, because the kernel ignores the IFF_UP flag of devices when using their settings to automatically decide whether or not to turn off promiscuous mode for any attached device). (1) is done both for libvirt-created/managed bridges, and for bridges that are created by the host system config, while (2) is done only for bridges created by libvirt (i.e. for forward modes of nat, routed, and isolated bridges) There is no attempt to turn vlan_filtering off when destroying the network because in the case of a libvirt-created bridge, the bridge is about to be destroyed anyway, and in the case of a system bridge, if the other devices attached to the bridge could operate properly before destroying libvirt's network object, they will continue to operate properly (this is similar to the way that libvirt will enable ip_forwarding whenever a routed/natted network is started, but will never attempt to disable it if they are stopped).
-
由 Laine Stump 提交于
At the time that the network driver allocates a connection to a network, the tap device that will be used hasn't yet been created - that will be done later by qemu (or lxc or whoever) - but if the network has macTableManager='libvirt', then when we do get around to creating the tap device, we will need to add an entry for it to the network bridge's fdb (forwarding database) *and* turn off learning and unicast_flood for that tap device in the bridge's sysfs settings. This means that qemu needs to know both the bridge name as well as the setting of macTableManager, so we either need to create a new API to retrieve that info, or just pass it back in the ActualNetDef that is created during networkAllocateActualDevice. We choose the latter method, since it's already done for the bridge device, and it has the side effect of making the information available in domain status. (NB: in the future, I think that the tap device should actually be created by networkAllocateActualDevice(), as that will solve several other problems, but that is a battle for another day, and this information will still be useful outside the network driver)
-
由 Laine Stump 提交于
When the actualType of a virDomainNetDef is "network", it means that we are connecting to a libvirt-managed network (routed, natted, or isolated) which does use a bridge device (created by libvirt). In the past we have required drivers such as qemu to call the public API to retrieve the bridge name in this case (even though it is available in the NetDef's ActualNetDef if the actualType is "bridge" (i.e., an externally-created bridge that isn't managed by libvirt). There is no real reason for this difference, and as a matter of fact it complicates things for qemu. Also, there is another bridge-related attribute (macTableManager) that will need to be available in both cases, so this makes things consistent. In order to avoid problems when restarting libvirtd after an update from an older version that *doesn't* store the network's bridgename in the ActualNetDef, we also need to put it in place during networkNotifyActualDevice() (this function is run for each interface of each domain whenever libvirtd is restarted). Along with making the bridge name available in the internal object, it is also now reported in the <source> element of the <interface> state XML (or the <actual> subelement in the internally-stored format). The one oddity about this change is that usually there is a separate union for every different "type" in a higher level object (e.g. in the case of a virDomainNetDef there are separate "network" and "bridge" members of the union that pivots on the type), but in this case network and bridge types both have exactly the same attributes, so the "bridge" member is used for both type==network and type==bridge.
-
由 Laine Stump 提交于
The macTableManager attribute of a network's bridge subelement tells libvirt how the bridge's MAC address table (used to determine the egress port for packets) is managed. In the default mode, "kernel", management is left to the kernel, which usually determines entries in part by turning on promiscuous mode on all ports of the bridge, flooding packets to all ports when the correct destination is unknown, and adding/removing entries to the fdb as it sees incoming traffic from particular MAC addresses. In "libvirt" mode, libvirt turns off learning and flooding on all the bridge ports connected to guest domain interfaces, and adds/removes entries according to the MAC addresses in the domain interface configurations. A side effect of turning off learning and unicast_flood on the ports of a bridge is that (with Linux kernel 3.17 and newer), the kernel can automatically turn off promiscuous mode on one or more of the bridge's ports (usually only the one interface that is used to connect the bridge to the physical network). The result is better performance (because packets aren't being flooded to all ports, and can be dropped earlier when they are of no interest) and slightly better security (a guest can still send out packets with a spoofed source MAC address, but will only receive traffic intended for the guest interface's configured MAC address). The attribute looks like this in the configuration: <network> <name>test</name> <bridge name='br0' macTableManager='libvirt'/> ... This patch only adds the config knob, documentation, and test cases. The functionality behind this knob is added in later patches.
-
由 Laine Stump 提交于
These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages to add and delete entries from a bridge's fdb. The bridge itself is not referenced in the arguments to the functions, only the name of the device that is attached to the bridge (since a device can only be attached to one bridge at a time, and must be attached for this function to make sense, the kernel easily infers which bridge's fdb is being modified by looking at the device name/index).
-
由 Laine Stump 提交于
These functions all set/get items in the sysfs for a bridge device.
-
由 Eric Blake 提交于
I'm about to make block stats optionally more complex to cover backing chains, where block.count will no longer equal the number of <disks> for a domain. For these reasons, it is nicer if the statistics output includes the source path (for local files). This patch doesn't add anything for network disks, although we may decide to add that later. With this patch, I now see the following for the same domain as in the previous patch (one qcow2 file, and an empty cdrom drive): $ virsh domstats --block foo Domain: 'foo' block.count=2 block.0.name=hda block.0.path=/var/lib/libvirt/images/foo.qcow2 block.1.name=hdc * src/libvirt-domain.c (virConnectGetAllDomainStats): Document new field. * tools/virsh.pod (domstats): Document new field. * src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Return the new stat for local files/block devices. (QEMU_ADD_NAME_PARAM): Add parameter. (qemuDomainGetStatsInterface): Update caller. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
I noticed that for an offline domain, 'virsh domstats --block $dom' was producing just the domain name, with no stats. But the older 'virsh domblkinfo' works just fine on offline domains. This patch starts to get us closer, by at least reporting the disk names for an offline domain. With this patch, I now see the following for an offline domain with one qcow2 disk and an empty cdrom drive: $ virsh domstats --block foo Domain: 'foo' block.count=2 block.0.name=hda block.1.name=hdc * src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Don't short-circuit output of block name. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
At least with 'virsh domstats --block' on an offline domain, we currently output no stats even though we recognize the stat category. Although a later patch will improve this situation, it is better to document that this is expected behavior. Also, while the current implementation rejects filtering flags for virDomainListGetStats, this limitation may be lifted in the future and we do not enforce it at the API level. * src/libvirt-domain.c (virConnectGetAllDomainStats): Document that recognized stats might not be reported. (virDomainListGetStats): Likewise, and tweak filtering documentation. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
qemuDomainGetStatsBlock() could leak a stats hash table if it encountered OOM while populating the virTypedParameters. Oddly, the fix doesn't even touch qemuDomainGetStatsBlock :) * src/qemu/qemu_driver.c (QEMU_ADD_COUNT_PARAM) (QEMU_ADD_NAME_PARAM): Don't return early. (qemuDomainGetStatsInterface): Adjust caller. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 12月, 2014 4 次提交
-
-
由 Christophe Fergeau 提交于
Use 'they' instead of 'he'.
-
由 Martin Kletzander 提交于
Whenever client socket was marked as closed for some reason, it could've been changed when really closing the connection. With this patch the proper reason is kept since the first time it's marked as closed. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Each command that needs a connection causes a new connection to be made. Reconnecting after a command failed is pointless, mainly when there is no other command to run. Removeing three lines of code takes care of that and keeps virsh working as it should. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Peter Krempa 提交于
Other parts of libvirt use "%u" for formatting uid/gid and typecast to unsigned int. Storage driver used the signed variant.
-
- 06 12月, 2014 5 次提交
-
-
由 Chen Fan 提交于
this patch fix some weird typos: 1. < hostdev> => <hostdev> 2. < type> => <type> 3. <virtualport > => <virtualport> 4. redundant comma 5. missing right-half bracket Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com>
-
由 John Ferlan 提交于
Add the optional adapter options for pool create/define. Results in either: <adapter type='scsi_host' name='scsi_host2'/> or (on one line) <adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/> being generated.
-
由 John Ferlan 提交于
Add 3 new optional options for the pool-create-as and pool-define-as command in order to define the 3 elements required in order to add an auth element, such as: <auth type='chap' username='myuser'> <secret usage='libvirtiscsi'/> </auth>
-
由 John Ferlan 提交于
Properly format the options and provide meaningful descriptions for the various options.
-
由 John Ferlan 提交于
Fix format of the secret XML in the example. The XML had an extraneous "type='iscsi'" (which is used by the <disk> definitions) The world wide node name had a typo in the acronym (wwwn).
-
- 05 12月, 2014 5 次提交
-
-
由 Erik Skultety 提交于
When user tries to insert element metadata providing a namespace declaration as well, currently we insert the element without any validation check for XML prefix (if provided). The next VM start would then fail with parse error. This patch fixes this issue by adding a call to xmlValidateNCName function to check for illegal characters in the prefix. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143921
-
由 Daniel P. Berrange 提交于
If probing capabilities via QMP fails, we now have a check that prevents us falling back to -help parsing. Unfortunately the error message "Failed to probe capabilities for /usr/bin/qemu-kvm: unsupported configuration: QEMU 2.1.2 is too new for help parsing" is proving rather unhelpful to the user. We need to be telling them why QMP failed (the root cause), rather than they can't use -help (the side effect). To do this we should capture stderr during QMP probing, and if -help parsing then sees a new QEMU version, we know that QMP should have worked, and so we can show the messages from stderr. The message thus becomes "Failed to probe capabilities for /usr/bin/qemu-kvm: internal error: QEMU / QMP failed: Could not access KVM kernel module: No such file or directory failed to initialize KVM: No such file or directory"
-
由 Shanzhi Yu 提交于
When attempting to create internal system checkpoint with a passthrough device qemu will report the following error: error: operation failed: Error -22 while writing VM This patch calls the function to check if migration is possible with given VM and thus improves the error to: error: Requested operation is not valid: domain has assigned non-USB host devices Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418#c19Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
To ease debugging permission problems add uid/gid values to the debug message when initializing a storage file backend.
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1115292 In one of the previous commits (eafb53fe) we disallowed network-wide bandwidth to some network types. However, we forgot about <portgroups/> which can have <bandwidth/> too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 04 12月, 2014 6 次提交
-
-
由 Cole Robinson 提交于
-
由 Peter Krempa 提交于
3ecebf07 breaks the build as it adds a way to jump to cleanup before the 'cfg' object is retrieved and 'priv' is initialized.
-
由 Daniel P. Berrange 提交于
The apibuild.py script did not handle whitespace in preprocessor macros, so it failed to detect constants declared with '# define' instead of '#define'. Since we now correctly indent our public header files, we have silently lost all constants from libvirt-api.xml. This also caused us to not detect formatting errors in constant docs
-
由 Peter Krempa 提交于
Move entering the job into the thread to simplify the program flow. Also as the code holds a separate reference to the domain object some conditions can be simplified. After this patch qemuDomainObjTransferJob is no longer needed so this patch removes it.
-
由 Ian Campbell 提交于
On a Debian system lacking the w3c-dtd-xhtml package the build fails with: $ make -C docs/ formatcaps.html make: Entering directory '/local/scratch/ianc/devel/libvirt.git/docs' Generating formatcaps.html.tmp I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd formatcaps.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" ^ I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd ../docs/sitemap.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" ^ missing XHTML1 DTD rm formatcaps.html.tmp make: Leaving directory '/local/scratch/ianc/devel/libvirt.git/docs' $ ls docs/formatcaps* docs/formatcaps.html.in https://www.redhat.com/archives/libvir-list/2009-November/msg00413.html suggests that the XHTML1 DTD should not be a hard requirement and the docs should be generated but not validated if it is not available. Therefore when the DTD is not available arrange for the .html.tmp file to be propagated to the .html output. Signed-off-by: NIan Campbell <ian.campbell@citrix.com> Cc: Daniel Veillard <veillard@redhat.com>
-
由 Martin Kletzander 提交于
When trying clang, it found out that we were comparing sizeof with 0 even though we wanted to check the return value of memcmp. That showed us that the test was wrong and it needs a fix as well. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-