1. 26 7月, 2011 10 次提交
    • D
      Report error if unable to bind to any socket · a4458597
      Daniel P. Berrange 提交于
      When setting up a server socket, we must skip EADDRINUSE errors
      from bind, since the IPv6 socket bind may have already bound to
      the IPv4 socket too. If we don't manage to bind to any sockets
      at all though, we should then report the EADDRINUSE error as
      normal.
      
      This fixes the case where libvirtd would not exit if some other
      program was listening on its TCP/TLS ports.
      
      * src/rpc/virnetsocket.c: Report EADDRINUSE
      a4458597
    • D
      Fix leak of mDNS object in virNetServer · 4bfd0cf7
      Daniel P. Berrange 提交于
      * src/rpc/virnetserver.c: Free mDNS object
      4bfd0cf7
    • D
      Fix memory leaks in MDNS code · 268cc6e9
      Daniel P. Berrange 提交于
      * src/rpc/virnetservermdns.c: Fix leaks
      268cc6e9
    • E
      virsh: use faster bit search · 7e853d6c
      Eric Blake 提交于
      Now that gnulib gives us ffs, we might as well use it.
      
      * tools/virsh.c (vshCmddefGetData): Use ffs rather than
      count_one_bits.
      7e853d6c
    • E
      virsh: make vcpucount use --current consistently · 4b7a8e9c
      Eric Blake 提交于
      Rename the existing --current flag to the new name --active,
      while adding a new flag --current to expose the new
      VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.
      
      For backwards compability, the output does not change (even
      though the label "current" no longer matches the spelling of
      the option that would trigger that number in isolation), and
      we accept "--current --live" as an undocumented synonym for
      "--active --live" to avoid breaking any existing clients.
      
      * tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
      existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
      * tools/virsh.pod (vcpucount): Document this.
      4b7a8e9c
    • E
      vcpu: teach getVcpusFlags about current · 59d04287
      Eric Blake 提交于
      Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
      so should virDomainGetVcpusFlags.
      
      Unfortunately, the virsh counterpart 'virsh vcpucount' has already
      commandeered --current for a different meaning, so teaching virsh
      to expose this in the next patch will require a bit of care.
      
      * src/libvirt.c (virDomainGetVcpusFlags): Allow
      VIR_DOMAIN_AFFECT_CURRENT.
      * src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
      * src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
      * src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.
      59d04287
    • C
      python: Handle embedded NUL in stream.send data · 6f1bfd6d
      Cole Robinson 提交于
      Otherwise things like volume upload are only useful with text data.
      6f1bfd6d
    • L
      util: change virFile*Pid functions to return < 0 on failure · d6354c16
      Laine Stump 提交于
      Although most functions in libvirt return 0 on success and < 0 on
      failure, there are a few functions lingering around that return errno
      (a positive value) on failure, and sometimes code calling those
      functions incorrectly assumes the <0 standard. I noticed one of these
      the other day when auditing networkStartDhcpDaemon after Guido Gunther
      found a place where success was improperly returned on failure (that
      patch has been acked and is pending a push). The problem was that it
      expected the return value from virFileReadPid to be < 0 on failure,
      but it was actually positive (it was also neglected to set the return
      code in this case, similar to the bug found by Guido).
      
      This all led to the fact that *all* of the virFile*Pid functions in
      util.c are returning errno on failure. This patch remedies that
      problem by changing them all to return -errno on failure, and makes
      any necessary changes to callers of the functions. (In the meantime, I
      also properly set the return code on failure of virFileReadPid in
      networkStartDhcpDaemon).
      d6354c16
    • G
      Catch dnsmasq start failures · 85a954ce
      Guido Günther 提交于
      While we checked the return value we didn't maks sure ret != 0 which
      resulted in dnsmasq errors being ignored.
      85a954ce
    • D
      Fix import of private key with older gnutls · 677258ab
      Daniel P. Berrange 提交于
      With older GNUTLS the gnutls_x509_privkey_import function is
      unable to import our private key. Instead we must use the
      alternative gnutls_x509_privkey_import_pkcs8() (as certtool
      does).
      
      * virnettlscontexttest.c: Fix import of private key with
        older gnutls. Also add missing newlines to key
      677258ab
  2. 25 7月, 2011 19 次提交
    • D
      Fix TLS context tests with expired certs · 567b8d69
      Daniel P. Berrange 提交于
      commit 5283ea9b changed the
      semantics of the 'expire_offset' field in the test case struct
      so that instead of being an absolute timestamp, it was a delta
      relative to the current time. This broke the test cases which
      were testing expiry of certificates, by putting the expiry
      time into the future, instead of in the past.
      
      Fix this by changing the expiry values to be negative, so that
      the delta goes into the past again.
      
      * virnettlscontexttest.c: Fix expiry tests
      567b8d69
    • W
      rename cfs_* to vcpu_* · 2a667c34
      Wen Congyang 提交于
      In the XML file we now have
      
        <cputune>
          <shares>1024</shares>
          <period>90000</period>
          <quota>0</quota>
        </cputune>
      
      But the schedinfo parameter are being named
      
       cpu_shares: 1024
       cfs_period: 90000
       cfs_quota: 0
      
      The period/quota is per-vcpu value, so these new tunables should be named
      'vcpu_period' and 'vcpu_quota'.
      2a667c34
    • C
      docs: Break up 'Basic Resources' XML section · d0e83bd8
      Cole Robinson 提交于
      We had a bit too many elements crammed in there. Separate it into different
      headings:
      
      - CPU Allocation (<vcpus>)
      - CPU Tuning (<cputune>)
      - Memory allocation (<memory> and <currentMemory>)
      - Memory backing (<memoryBacking>)
      - Memory tuning (<memtune>)
      - Numa tuning (<numatune>)
      - Block I/O tuning (<blkiotune>)
      d0e83bd8
    • T
      python: add Python binding for virDomainGetVcpuPinInfo API · da4009ec
      Taku Izumi 提交于
      This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
      * python/generator.py: add it to generator skip list
      * python/libvirt-override-api.xml: provide an override description
      * python/libvirt-override.c: provide an override binding implementation
      da4009ec
    • T
      python: add Python binding for virDomainPinVcpusFlags API · 18a68f7d
      Taku Izumi 提交于
      This patch adds the Python bindings for virDomainPinVcpuFlags API.
      * python/generator.py: add it to the generator skip list
      * python/libvirt-override-api.xml: provide override description
      * python/libvirt-override.c: provide override bindings implementation
      18a68f7d
    • T
      python: add Python binding for virDomainGetSchedulerParametersFlags API · 9e4de118
      Taku Izumi 提交于
      This patch adds the Python bindings for
      virDomainGetSchedulerParametersFlags API.
      9e4de118
    • T
      python: add Python binding for virDomainGetSchedulerParametersFlags API · c5cf6e14
      Taku Izumi 提交于
      This patch adds the Python bindings for
      virDomainGetSchedulerParametersFlags API.
      * python/libvirt-override-api.xml: provide and override description
      * python/libvirt-override.c: implement the bindings
      c5cf6e14
    • E
      tests: detect gnutls errors · d1f144d6
      Eric Blake 提交于
      * tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.
      d1f144d6
    • W
      driver.h: Fix two driver documentation mistakes · 2fdf2173
      Wieland Hoffmann 提交于
      2fdf2173
    • M
      bandwidth: Add domain schema and xml2xml tests · 2b9efcb3
      Michal Privoznik 提交于
      2b9efcb3
    • M
      bandwidth: Add test cases for network · e5f1f9de
      Michal Privoznik 提交于
      e5f1f9de
    • M
      bandwidth: Implement functions to enable and disable QoS · 90074ecf
      Michal Privoznik 提交于
      These function executes 'tc' with appropriate arguments to set
      desired QoS setting on interface or bridge during its creation.
      90074ecf
    • M
      bandwidth: Create format functions · aaa98b08
      Michal Privoznik 提交于
      aaa98b08
    • M
      bandwidth: Add parsing and free functions · e2ed67a8
      Michal Privoznik 提交于
      These functions parse given XML node and return pointer to the
      output. Unknown elements are silently ignored. Attributes must
      be integer and must fit in unsigned long long.
      
      Free function frees elements of virBandwidth structure.
      e2ed67a8
    • M
      bandwidth: Declare internal structures · 73731882
      Michal Privoznik 提交于
      73731882
    • M
      bandwidth: Define schema and create documentation · a8923162
      Michal Privoznik 提交于
      Define new 'bandwidth' element with possible child element 'inbound'
      and 'outbound' addressing incoming and outgoing traffic respectively:
      
      <bandwidth>
        <inbound average='1000' peak='2000' burst='5120'/>
        <outbound average='500'/>
      </bandwidth>
      
      Leaving any element out means not to shape traffic in that
      direction.
      The units for average and peak (rate) are in kilobytes per second,
      for burst (size) are just in kilobytes.
      This element can be inserted into domain's 'interface' and
      'network'.
      a8923162
    • L
      network: provide internal API to return IP of a network · 239322cb
      Laine Stump 提交于
      The new listenNetwork attribute needs to learn an IP address based on a
      named network. This patch provides a function networkGetNetworkAddress
      which provides that.
      
      Some networks have an IP address explicitly in their configuration
      (ie, those with a forward type of "none", "route", or "nat"). For
      those, we can just return the IP address from the config.
      
      The rest will have a physical device associated with them (either via
      <bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
      of interfaces inside the network's <forward> element) and we will need
      to ask the kernel for a current IP address of that device (via the
      newly added ifaceGetIPAddress)
      
      If networkGetNetworkAddress encounters an error while trying to learn
      the address for a network, it will return -1. In the case that libvirt
      has been compiled without the network driver, the call is a macro
      which reduces to -2. This allows differentiating between a failure of
      the network driver, and its complete absence.
      239322cb
    • L
      util: add an ifaceGetIPAddress to the interface utilities · c5d1592e
      Laine Stump 提交于
      This function uses ioctl(SIOCGIFADDR), which limits it to returning
      the first IPv4 address of an interface, but that's what we want right
      now (the place we're going to use the address only accepts one).
      c5d1592e
    • E
      tests: fix compilation failures · 5283ea9b
      Eric Blake 提交于
      Even though gnutls is a hard-req for libvirt, and gnutls depends
      on libtasn1, that does not mean that you have to have the libtasn1
      development files installed.  Skip the test rather than failing
      compilation in that case.
      
      With newer gcc, the test consumed too much stack space.  Move
      things to static storage to fix that.
      
      * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
      (HAVE_LIBTASN1): New automake conditional.
      * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
      (virnettlscontexttest_LDADD): Allow compilation without libtasn1.
      * tests/virnettlscontexttest.c: Skip test if headers not present.
      (struct testTLSCertReq): Alter time members.
      (testTLSGenerateCert): Reflect the change.
      (mymain): Reduce stack usage.
      5283ea9b
  3. 22 7月, 2011 11 次提交
    • D
      Pre-create /var/lib/libvirt/sanlock directory · c198d916
      Daniel P. Berrange 提交于
      The sanlock plugin for libvirt expects the directory
      /var/lib/libvirt/sanlock to exist. Create this and add
      it to the RPM
      
      * libvirt.spec.in: Add /var/lib/libvirt/sanlock
      * src/Makefile.am: Create /var/lib/libvirt/sanlock
      c198d916
    • D
      Honour filesystem readonly flag & make special FS readonly · b3ad9b9b
      Daniel P. Berrange 提交于
      A container should not be allowed to modify stuff in /sys
      or /proc/sys so make them readonly. Make /selinux readonly
      so that containers think that selinux is disabled.
      
      Honour the readonly flag when mounting container filesystems
      from the guest XML config
      
      * src/lxc/lxc_container.c: Support readonly mounts
      b3ad9b9b
    • D
      Refactor mounting of special filesystems · 6d37888e
      Daniel P. Berrange 提交于
      Even in non-virtual root filesystem mode we should be mounting
      more than just a new /proc. Refactor lxcContainerMountBasicFS
      so that it does everything except for /dev and /dev/pts moving
      that into lxcContainerMountDevFS. Pass in a source prefix
      to lxcContainerMountBasicFS() so it can be used in both shared
      root and private root modes.
      
      * src/lxc/lxc_container.c: Unify mounting code for special
        filesystems
      6d37888e
    • D
      Pull code for doing a bind mount into separate method · 66a00e61
      Daniel P. Berrange 提交于
      The bind mount setup is about to get more complicated.
      To avoid having to deal with several copies, pull it
      out into a separate lxcContainerMountFSBind method.
      
      Also pull out the iteration over container filesystems,
      so that it will be easier to drop in support for non-bind
      mount filesystems
      
      * src/lxc/lxc_container.c: Pull bind mount code out into
        lxcContainerMountFSBind
      66a00e61
    • D
      ed12c9ca
    • D
      Add a test case for certificate validation · bd789dff
      Daniel P. Berrange 提交于
      This test case checks certification validation rules for
      
       - Basic constraints
       - Key purpose
       - Key usage
       - Start/expiry times
      
      It checks initial context creation sanity checks, and live
      session validation
      bd789dff
    • D
      Allow certificate sanity checking to be disabled · 07f9b6f0
      Daniel P. Berrange 提交于
      When libvirtd starts it it will sanity check its own certs,
      and before libvirt clients connect to a remote server they
      will sanity check their own certs. This patch allows such
      sanity checking to be skipped. There is no strong reason to
      need to do this, other than to bypass possible libvirt bugs
      in sanity checking, or for testing purposes.
      
      libvirt.conf gains tls_no_sanity_certificate parameter to
      go along with tls_no_verify_certificate. The remote driver
      client URIs gain a no_sanity URI parameter
      
      * daemon/test_libvirtd.aug, daemon/libvirtd.conf,
        daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
        allow cert sanity checks to be skipped
      * src/remote/remote_driver.c: Add no_sanity parameter to
        skip cert checks
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
        Add new parameter for skipping sanity checks independantly
        of skipping session cert validation checks
      07f9b6f0
    • M
      build: Use $(PYTHON) instead of python for the keycode map generator · 1a80a4e0
      Matthias Bolte 提交于
      Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
      as executable and switch the shebang line from /bin/python to the
      commonly use /usr/bin/python.
      1a80a4e0
    • M
      xenapi: Fix double-freeing the session in xenapiClose · 379efa10
      Matthias Bolte 提交于
      xen_session_logout already frees the whole session object.
      Don't call xenSessionFree on a freed session object.
      
      Reported by Sharmila Radhakrishnan.
      379efa10
    • O
      remote/ssh: optional "keyfile" parameter. · 6b01c83a
      Oskari Saarenmaa 提交于
      New optional parameter "keyfile" for ssh transport allows the user to select
      the private key to be used to authenticate to the remote host.
      6b01c83a
    • L
      util: make interface.c functions consistently return < 0 on error · f7e18208
      Laine Stump 提交于
      All of the functions in util/interface.c were returning 0 on success,
      but some returned -1 on error, and some returned a positive value
      (usually the value of errno, but sometimes just 1). Libvirt's standard
      is to return < 0 on error (in the case of functions that need to
      return errno, -errno is returned.
      
      This patch modifies all functions in interface.c to consistently
      return < 0 on error, and makes changes to callers of those functions
      where necessary.
      f7e18208