1. 12 12月, 2012 16 次提交
    • S
      add vnc unix sockets to apparmor policy · a4e44e67
      Serge Hallyn 提交于
      When using vnc gaphics over a unix socket, virt-aa-helper needs to provide
      access for the qemu domain to access the sockfile.
      Signed-off-by: NSerge Hallyn <serge.hallyn@ubuntu.com>
      a4e44e67
    • S
      add security hook for permitting hugetlbfs access · 88bd1a64
      Serge Hallyn 提交于
      When a qemu domain is backed by huge pages, apparmor needs to grant the domain
      rw access to files under the hugetlbfs mount point.  Add a hook, called in
      qemu_process.c, which ends up adding the read-write access through
      virt-aa-helper.  Qemu will be creating a randomly named file under the
      mountpoint and unlinking it as soon as it has mmap()d it, therefore we
      cannot predict the full pathname, but for the same reason it is generally
      safe to provide access to $path/**.
      Signed-off-by: NSerge Hallyn <serge.hallyn@ubuntu.com>
      88bd1a64
    • E
      maint: mention when HACKING is rebuilt during make · cdf1a372
      Eric Blake 提交于
      I noticed that on Fedora 18, xlstproc decides to regenerate
      HACKING with additional whitespace.  I haven't figured out why
      that is happening (although fixing it would probably be a task
      for xlstproc), but in the process of investigating, I noticed
      that 'make HACKING' was completely silent, for no good reason.
      
      * Makefile.am (gen-ChangeLog, gen-AUTHORS, NEWS)
      ($(top_srcdir)/HACKING): Mention which files we are generating.
      cdf1a372
    • J
      docs: Document offline migration · 748f6dd0
      Jiri Denemark 提交于
      748f6dd0
    • P
      qemu: reuse qemuMigrationIsAllowed when doing save and managedsave · 08379dbd
      Peter Krempa 提交于
      Save and managedsave both use migration to file. This patch reuses
      qemuMigrationIsAllowed to check if the migration could happen before
      trying.
      08379dbd
    • P
      qemu: snapshot: Report better error message if migration isn't allowed · 98e92ba8
      Peter Krempa 提交于
      Qemu doesn't support migration on guests with host devices. This patch
      adds a check to ensure migration is safe before actually doing so.
      98e92ba8
    • P
      qemu: Make qemuMigrationIsAllowed more reusable · e5d3ab5e
      Peter Krempa 提交于
      This patch exports qemuMigrationIsAllowed and adds a new parameter to it
      to denote if it's a remote migration or a local migration. Local
      migrations are used in snapshots and saving of the machine state and
      have fewer restrictions. This patch also adjusts callers of the function
      and tweaks some error messages to be more universal.
      e5d3ab5e
    • J
      qemu: assume seccomp sandbox is supported since qemu 1.2 · 6543a459
      Ján Tomko 提交于
      Currently there is no way to detect it via QMP and requesting "-sandbox
      off" works correctly even if it was compiled out, so this will work
      unless someone both requests the sandbox in qemu.conf and builds QEMU
      without the support for it.
      6543a459
    • M
      domain: Keep assigned class_id in domstatus XML · c2fbb3c6
      Michal Privoznik 提交于
      Interfaces keeps a class_id, which is an ID from which bridge
      part of QoS settings is derived. We need to store class_id
      in domain status file, so we can later pass it to
      virNetDevBandwidthUnplug.
      c2fbb3c6
    • M
      network: Create real network status files · ae757743
      Michal Privoznik 提交于
      Currently, we are only keeping a inactive XML configuration
      in status dir. This is no longer enough as we need to keep
      this class_id attribute so we don't overwrite old entries
      when the daemon restarts. However, since there has already
      been release which has just <network/> as root element,
      and we want to keep things compatible, detect that loaded
      status file is older one, and don't scream about it.
      ae757743
    • M
      bandwidth: Create network bandwidth (un)plug functions · 07d1b6b5
      Michal Privoznik 提交于
      Network should be notified if we plug in or unplug an
      interface, so it can perform some action, e.g. set/unset
      network part of QoS. However, we are doing this in very
      early stage, so iface->ifname isn't filled in yet. So
      whenever we want to report an error, we must use a different
      identifier, e.g. the MAC address.
      07d1b6b5
    • M
      bandwidth: Create rate update function · b697411c
      Michal Privoznik 提交于
      This will be used whenever a NIC with guaranteed throughput is to
      be plugged into a bridge. It will adjust the average throughput of
      non guaranteed NICs (classid 1:2) to meet new requirements.
      b697411c
    • M
      bandwidth: Create (un)plug functions · 7cdbacb4
      Michal Privoznik 提交于
      These set bridge part of QoS when bringing domain's interface up.
      Long story short, if there's a 'floor' set, a new QoS class is created.
      ClassID MUST be unique within the bridge and should be kept for
      unplug phase.
      7cdbacb4
    • M
      bandwidth: Create hierarchical shaping classes · 67159f1c
      Michal Privoznik 提交于
      These classes can borrow unused bandwidth. Basically,
      only egress qdsics can have classes, therefore we can
      do this kind of traffic shaping only on host's outgoing,
      that is domain's incoming traffic.
      67159f1c
    • M
      bandwidth: add new 'floor' attribute · ec6474b2
      Michal Privoznik 提交于
      This is however supported only on domain interfaces with
      type='network'. Moreover, target network needs to have at least
      inbound QoS set. This is required by hierarchical traffic shaping.
      
      From now on, the required attribute for <inbound/> is either 'average'
      (old) or 'floor' (new). This new attribute can be used just for
      interfaces type of network (<interface type='network'/>) currently.
      ec6474b2
    • M
      bandwidth: Attach sfq to leaf node · 7e5040bd
      Michal Privoznik 提交于
      Stochastic Fairness Queuing (SFQ) is queuing discipline
      (qdisc) which doesn't really shape any traffic but 'just'
      re-arrange packets in sending buffer so no stream starve.
      The goal is to ensure fairness. There is basically only one
      configuration parameter (perturb) which is set to advised
      value of 10.
      7e5040bd
  2. 11 12月, 2012 24 次提交
    • D
      parallels: handle network adapters of type 'routed' · ad9d8dbc
      Dmitry Guryanov 提交于
      Network adapters of type 'routed' is a special case. Other adapters
      have 'network' parameter in prlctl's output instead.
      
      Routed network adapters should be connected to 'routed' network
      from libvirt's view.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      ad9d8dbc
    • D
      parallels: add routed pseudo network · 84f0a0b8
      Dmitry Guryanov 提交于
      Historically if traffic from the adapter is routed to LAN without
      NAT, it isn't connected to any virtual networks, but has a 'type'
      instead. Sinse libvirt has special virtual network type for such case,
      let's add pseudo network 'routed' to fit libvirt's API well.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      84f0a0b8
    • D
      parallels: parse virtual network properties · 56494d2b
      Dmitry Guryanov 提交于
      Fill bridge name and mac for bridged network and
      DHCP server parameter for host-only network.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      56494d2b
    • D
      parallels: add network driver · 6034ce31
      Dmitry Guryanov 提交于
      Parallels Cloud Server uses virtual networks model for network
      configuration. It uses own tools for virtual network management.
      So add network driver, which will be responsible for listing
      virtual networks and performing different operations on them
      (in consequent patched).
      
      This patch only allows listing virtual network names, without
      any parameters like DHCP server settings.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      6034ce31
    • D
      parallels: move parallelsParseError to parallels_utils.h · 68c6d3dc
      Dmitry Guryanov 提交于
      This macro will be used in another file in the next
      patch, so move it to common header file.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      68c6d3dc
    • D
      parallels: add support of network interfaces to parallelsDomainDefineXML · 880fcf6a
      Dmitry Guryanov 提交于
      Allow changing network interfaces in domain configuration.
      
      ifname is used as iterface identifier: if there is interface
      with some ifname in old config and there are no interfaces with
      such name in the new config - issue prlctl command to delete
      the network interface. And vice versa - if interface with
      some ifname exists only in new config - issue prlctl command
      to create it.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      880fcf6a
    • D
      parallels: parse information about network interfaces · 8ce9e2ab
      Dmitry Guryanov 提交于
      Parse network interfaces info from prlctl output.
      
      Parallels Cloud Server uses virtual networks model for
      network configuration: You can add network adapter to
      VM and connect it to some predefined virtual network.
      
      Fill type, mac, network name and linkstate fields of
      virDomainNetDef structure.
      Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
      8ce9e2ab
    • P
      qemu: snapshot: Remove memory image if external checkpoint fails · a912977a
      Peter Krempa 提交于
      When the disk snapshot part of an external system checkpoint fails the
      memory image is retained. This patch adds code to remove the image in
      such case.
      a912977a
    • P
      qemu: snapshot: Don't leak XML definition if restarting of CPUs fails · d5b28287
      Peter Krempa 提交于
      In case the snapshot code isn't able to restart CPUs after an external
      checkpoint we would leak a copy of the domains XML definition. This
      patch fixes the cleanup path.
      d5b28287
    • J
      qemu: fix uninitialized variable warning in doPeer2PeerMigrate · 07b64de5
      Ján Tomko 提交于
      False positive, but it breaks the build with gcc-4.6.3.
      
      qemu/qemu_migration.c:2931:37: error: 'offline' may be used
      uninitialized in this function [-Werror=uninitialized]
      qemu/qemu_migration.c:2887:10: note: 'offline' was declared here
      07b64de5
    • J
      80756876
    • J
      examples: Fix balloon event callback · d648b056
      Jiri Denemark 提交于
      d648b056
    • G
      network: put dnsmasq parameters in conf-file instead of command line · 8b32c80d
      Gene Czarcinski 提交于
      This patch changes how parameters are passed to dnsmasq.  Instead of
      being on the command line, the parameters are put into a file (one
      parameter per line) and a commandline --conf-file= specifies the
      location of the file.  The file is located in the same directory as
      the leases file.
      
      Putting the dnsmasq parameters into a configuration file
      allows them to be examined and more easily understood than
      examining the command lines displayed by "ps ax".  This is
      especially true when a number of networks have been started.
      
      When the use of dnsmasq was originally done, the required command line
      was simple, but it has gotten more complicated over time and will
      likely become even more complicated in the future.
      
      Note: The test conf files have all been renamed .conf instead of
      .argv, and tests/networkxml2xmlargvdata was moved to
      tests/networkxml2xmlconfdata.
      8b32c80d
    • G
      network: add support for DHCPv6 · 2d5cd1d7
      Gene Czarcinski 提交于
      The DHCPv6 support includes IPV6 dhcp-range and dhcp-host for one
      IPv6 subnetwork on one interface.  This support will only work
      if dnsmasq version >= 2.64; otherwise an error occurs if
      dhcp-range or dhcp-host is specified for an IPv6 address.
      
      Essentially, this change provides the same DHCP support for IPv6
      that has been available for IPv4.
      
      With dnsmasq >= 2.64, support for the RA service is also now provided
      by dnsmasq (radvd is no longer used/started). (Although at least one
      version of dnsmasq prior to 2.64 "supported" IPv6 Router
      Advertisement, there were bugs (fixed in 2.64) that rendered it
      unusable.)
      
      Documentation and the network schema has been updated
      to reflect the new support.
      2d5cd1d7
    • L
      conf: split <forward> parser/clear into separate functions · 71e30eff
      Laine Stump 提交于
      virNetworkDefUpdateForward requires separate functions to parse and
      clear a virNetworkForwardDef by itself, but they were previously just
      inlined in the virNetworkDef parse and free functions. This patch
      makes them into separate functions.
      71e30eff
    • L
      conf: put data for network <forward> element into its own struct · 47c94b65
      Laine Stump 提交于
      The attributes of a <network> element's <forward> element were
      previously stored directly in the virNetworkDef object, but
      virNetworkUpdateForward() needs to operate on a <forward> in
      isolation, so this patchs pulls out all those attributes into a
      separate virNetworkForwardDef struct (and shortens their names
      appropriately). This new object is contained in the virNetworkDef, not
      pointed to by it, so there is no extra memory management.
      
      This patch makes no functional changes, it only changes, e.g.,
      "nForwardIfs" to "forward.nifs".
      47c94b65
    • L
      conf: make virNetworkIpDefClear consistent with other functions · 31d21197
      Laine Stump 提交于
      The other clear functions in network_conf.c that clear out arrays of
      sub-objects do so by using the n[itemname]s value as a counter going
      down to 0. Make this one consistent. There's no functional value, just
      makes the style more consistent with the rest of the file.
      31d21197
    • L
      conf: rename some labels and functions in network_conf · dc9d8d68
      Laine Stump 提交于
      This makes some function names and arg lists for consistent with other
      parse functions in network_conf.c. While modifying
      virNetworkIPParseXML(), also change its "error" label to "cleanup",
      since the code at that label is executed on success as well as
      failure.
      dc9d8d68
    • L
      network: backend functions for updating network dns host/srv/txt · fc19a005
      Laine Stump 提交于
      These three functions are very similar - none allow a MODIFY
      operation; you can only add or delete.
      
      The biggest difference between them (other than the data itself) is in
      the criteria for determining a match, and whether or not multiple
      matches are possible:
      
      1) for HOST records, it's considered a match if the IP address or any
      of the hostnames of an existing record matches.
      
      2) for SRV records, it's a match if all of
      domain+service+protocol+target *which have been specified* are
      matched.
      
      3) for TXT records, there is only a single field to match - name
      (value can be the same for multiple records, and isn't considered a
      search term), so by definition there can be no ambiguous matches.
      
      In all three cases, if any matches are found, ADD will fail; if
      multiple matches are found, it means the search term was ambiguous,
      and a DELETE will fail.
      
      The upper level code in bridge_driver.c is already implemented for
      these functions - appropriate conf files will be re-written, and
      dnsmasq will be SIGHUPed or restarted as appropriate.
      fc19a005
    • L
      conf: clear and parse functions for dns host/srv/txt records · ab297bec
      Laine Stump 提交于
      Since there is only a single virNetworkDNSDef for any virNetworkDef,
      and it's trivial to determine whether or not it contains any real
      data, it's much simpler (and fits more uniformly with the parse
      function calling sequence of the parsers for many other objects that
      are subordinates of virNetworkDef) if virNetworkDef *contains* an
      virNetworkDNSDef rather than pointing to one.
      
      Since it is now just a part of another object rather than its own
      object, it no longer makes sense to have a *Free() function, so that
      is changed to a *Clear() function.
      
      More importantly though, ParseXML and Clear functions are needed for
      the individual items contained in a virNetworkDNSDef (srv, txt, and
      host records), but none of them have a *Clear(), and only two of the
      three had *ParseXML() functions (both of which used a non-uniform
      arglist). Those problems are cleared up by this patch - it splits the
      higher-level Clear function into separate functions for each of the
      three, creates a parse for txt records, and cleans up the srv and host
      parsers, so we now have all the utility functions necessary to
      implement virNetworkDefUpdateDNS(Host|Srv|Txt).
      ab297bec
    • L
      conf: rename network dns host/srv/txt arrays · 8b7d1874
      Laine Stump 提交于
      This shortens the name of the structs for srv and txt, and their
      instances in virNetworkDNSDef, to be more compact and uniform with the
      naming of the dns host array. It also changes the type of ntxts, etc
      from unsigned int to size_t, so that they can be used directly as args
      to VIR_*_ELEMENT.
      8b7d1874
    • L
      conf: use VIR_(INSERT|DELETE)_ELEMENT in virNetworkUpdate backend · 2dc5839a
      Laine Stump 提交于
      The already-written backend functions for virNetworkUpdate that add
      and delete items into lists within the a network were already debugged
      to work properly, but future such functions will use
      VIR_(INSERT|DELETE)_ELEMENT instead, so these are changed for
      uniformity.
      2dc5839a
    • L
      util: add VIR_(APPEND|INSERT|DELETE)_ELEMENT · 85b22f52
      Laine Stump 提交于
      I noticed when writing the backend functions for virNetworkUpdate that
      I was repeating the same sequence of memmove, VIR_REALLOC, nXXX-- (and
      messed up the args to memmove at least once), and had seen the same
      sequence in a lot of other places, so I decided to write a few
      utility functions/macros - see the .h file for full documentation.
      
      The intent is to reduce the number of lines of code, but more
      importantly to eliminate the need to check the element size and
      element count arithmetic every time we need to do this (I *always*
      make at least one mistake.)
      
      VIR_INSERT_ELEMENT: insert one element at an arbitrary index within an
        array of objects. The size of each object is determined
        automatically by the macro using sizeof(*array). The new element's
        contents are copied into the inserted space, then the original copy
        of contents are 0'ed out (if everything else was
        successful). Compile-time assignment and size compatibility between
        the array and the new element is guaranteed (see explanation below
        [*])
      
      VIR_INSERT_ELEMENT_COPY: identical to VIR_INSERT_ELEMENT, except that
        the original contents of newelem are not cleared to 0 (i.e. a copy
        is made).
      
      VIR_APPEND_ELEMENT: This is just a special case of VIR_INSERT_ELEMENT
        that "inserts" one past the current last element.
      
      VIR_APPEND_ELEMENT_COPY: identical to VIR_APPEND_ELEMENT, except that
        the original contents of newelem are not cleared to 0 (i.e. a copy
        is made).
      
      VIR_DELETE_ELEMENT: delete one element at an arbitrary index within an
        array of objects. It's assumed that the element being deleted is
        already saved elsewhere (or cleared, if that's what is appropriate).
      
      All five of these macros have an _INPLACE variant, which skips the
      memory re-allocation of the array, assuming that the caller has
      already done it (when inserting) or will do it later (when deleting).
      
      Note that VIR_DELETE_ELEMENT* can return a failure, but only if an
      invalid index is given (index + amount to delete is > current array
      size), so in most cases you can safely ignore the return (that's why
      the helper function virDeleteElementsN isn't declared with
      ATTRIBUTE_RETURN_CHECK). A warning is logged if this ever happens,
      since it is surely a coding error.
      
      [*] One initial problem with the INSERT and APPEND macros was that,
      due to both the array pointer and newelem pointer being cast to void*
      when passing to virInsertElementsN(), any chance of type-checking was
      lost. If we were going to move in newelem with a memmove anyway, we
      would be no worse off for this. However, most current open-coded
      insert/append operations use direct struct assignment to move the new
      element into place (or just populate the new element directly) - thus
      use of the new macros would open a possibility for new usage errors
      that didn't exist before (e.g. accidentally sending &newelemptr rather
      than newelemptr - I actually did this quite a lot in my test
      conversions of existing code).
      
      But thanks to Eric Blake's clever thinking, I was able to modify the
      INSERT and APPEND macros so that they *do* check for both assignment
      and size compatibility of *ptr (an element in the array) and newelem
      (the element being copied into the new position of the array). This is
      done via clever use of the C89-guaranteed fact that the sizeof()
      operator must have *no* side effects (so an assignment inside sizeof()
      is checked for validity, but not actually evaluated), and the fact
      that virInsertElementsN has a "# of new elements" argument that we
      want to always be 1.
      85b22f52
    • P
      qemu: Restart CPUs with valid async job type when doing external snapshots · 46b0c933
      Peter Krempa 提交于
      When restarting CPUs after an external snapshot, the restarting function
      was called without the appropriate async job type. This caused that a
      new sync job wasn't created and allowed races in the monitor.
      46b0c933