1. 24 5月, 2012 11 次提交
    • D
      Split QEMU dtrace probes into separate file · a4e45a06
      Daniel P. Berrange 提交于
      When building as driver modules, it is not possible for the QEMU
      driver module to reference the DTrace/SystemTAP probes linked into
      the main libvirt.so. Thus we need to move the QEMU probes into a
      separate file 'libvirt_qemu_probes.d'. Also rename the existing
      file from 'probes.d' to 'libvirt_probes.d' while we're at it
      
      * daemon/Makefile.am, src/internal.h: Include libvirt_probes.h
        instead of probes.h
      * src/Makefile.am: Add rules for libvirt_qemu_probes.d
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
        src/qemu/qemu_monitor_text.c: Include libvirt_qemu_probes.h
      * src/libvirt_probes.d: Rename from probes.d
      * src/libvirt_qemu_probes.d: QEMU specific probes formerly
        in probes.d
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a4e45a06
    • D
      Replace RTLD_LOCAL with RTLD_GLOBAL · f5f1fe1b
      Daniel P. Berrange 提交于
      Since we have drivers which depend on each other (ie QEMU/LXC
      depend on the network driver APIs), we need to use RTLD_GLOBAL
      instead of RTLD_LOCAL. While this pollutes the calling binary
      with many more symbols, this is no worse than if we directly
      link to the drivers, and this only applies to libvirtd
      
      * src/driver.c: s/RTLD_LOCAL/RTLD_GLOBAL/
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f5f1fe1b
    • D
      Ensure LXC driver links against libblkid explicitly. · ee53a8c8
      Daniel P. Berrange 提交于
      Only libvirt_driver_storage.la links to libblkid currently. If
      we are running in a scenario with driver modules, LXC must
      directly link to it, since it can't assume the storage driver
      is present
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ee53a8c8
    • D
      Remove libvirt_test.la library · 6cd4b1fe
      Daniel P. Berrange 提交于
      The libvirt_test.la library was introduced to allow test suites
      to reference internal-only symbols. These days, nearly every
      symbol we care about is in src/libvirt_private.syms, so there
      is no need for libvirt_test.la to continue to exist
      
      * src/Makefile.am: Delete libvirt_test.la & add new .syms files
      * src/libvirt_private.syms: Export symbols needed by test suite
      * tests/Makefile.am: Link to libvirt_test.la. Ensure LXC tests link
        to network_driver.la
      * src/libvirt_esx.syms, src/libvirt_openvz.syms: Add exports needed
        by test suite
      6cd4b1fe
    • D
      Fix broken linkage of libvirt_driver_nodedev.la · 1e27f291
      Daniel P. Berrange 提交于
      libvirt_driver_nodedev.la should not link against either
      libvirt_util.la or gnulib.la, since libvirt.so brings
      in those deps.
      
      * src/Makefile.am: Fix broken linkage of libvirt_driver_nodedev.la
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1e27f291
    • D
      Only build server side drivers as modules · 1c275e9a
      Daniel P. Berrange 提交于
      The driver modules all use symbols which are defined in libvirt.so.
      Thus for loading of modules to work, the binary that libvirt.so
      is linked to must export its symbols back to modules. If the
      libvirt.so itself is dlopen()d then the RTLD_GLOBAL flag must
      be set. Unfortunately few, if any, programming languages use
      the RTLD_GLOBAL flag when loading modules :-( This means is it
      not practical to use driver modules for any libvirt client side
      drivers (OpenVZ, VMWare, Hyper-V, Remote client, test).
      
      This patch changes the build process so only server side drivers
      are built as modules (Xen, QEMU, LXC, UML)
      
      * daemon/libvirtd.c: Add missing load of 'interface' driver
      * src/Makefile.am: Only build server side drivers as modules
      * src/libvirt.c: Don't load any driver modules
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1c275e9a
    • D
      Fix dep from libvirt-lock-sanlock RPM · aad1625d
      Daniel P. Berrange 提交于
      The libvirt-lock-sanlock RPM requires libvirtd, so its RPM dep
      should be on libvirt-daemon, not libvirt
      aad1625d
    • G
      openvz: add quota argument when creating container · e6384546
      Guido Günther 提交于
      e6384546
    • G
      openvz: support file system quota reporting · 680ac813
      Guido Günther 提交于
      680ac813
    • G
      Introduce filesystem limits to virDomainFSDef · 41f1db6a
      Guido Günther 提交于
      41f1db6a
    • G
      Introduce virDomainParseScaledValue · b46e0054
      Guido Günther 提交于
      and use it for virDomainParseMemory. This allows to parse arbitrary
      scaled value, not only memory related values as needed for the
      filesystem limits code following later in this series.
      b46e0054
  2. 23 5月, 2012 3 次提交
  3. 22 5月, 2012 5 次提交
    • L
      util: export virBufferTrim · 3404729e
      Laine Stump 提交于
      This was forgotten in commit cdb87b1c.
      3404729e
    • E
      virBuffer: add way to trim back extra text · cdb87b1c
      Eric Blake 提交于
      I'm tired of writing:
      
      bool sep = false;
      while (...) {
          if (sep)
             virBufferAddChar(buf, ',');
          sep = true;
          virBufferAdd(buf, str);
      }
      
      This makes it easier, allowing one to write:
      
      while (...)
          virBufferAsprintf(buf, "%s,", str);
      virBufferTrim(buf, ",", -1);
      
      to trim any remaining comma.
      
      * src/util/buf.h (virBufferTrim): Declare.
      * src/util/buf.c (virBufferTrim): New function.
      * tests/virbuftest.c (testBufTrim): Test it.
      cdb87b1c
    • W
      storage backend: Add RBD (RADOS Block Device) support · 74951ead
      Wido den Hollander 提交于
      This patch adds support for a new storage backend with RBD support.
      
      RBD is the RADOS Block Device and is part of the Ceph distributed storage
      system.
      
      It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only
      supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only.
      
      To function this backend relies on librbd and librados being present on the
      local system.
      
      The backend also supports Cephx authentication for safe authentication with
      the Ceph cluster.
      
      For storing credentials it uses the built-in secret mechanism of libvirt.
      Signed-off-by: NWido den Hollander <wido@widodh.nl>
      74951ead
    • E
      build: fix unused variable after last patch · b8e6021e
      Eric Blake 提交于
      The previous commit (2cb0899e) left a dead variable behind.
      
      * src/libxl/libxl_driver.c (libxlClose): Drop dead variable.
      b8e6021e
    • D
      Fix potential events deadlock when unref'ing virConnectPtr · 2cb0899e
      Daniel P. Berrange 提交于
      When the last reference to a virConnectPtr is released by
      libvirtd, it was possible for a deadlock to occur in the
      virDomainEventState functions. The virDomainEventStatePtr
      holds a reference on virConnectPtr for each registered
      callback. When removing a callback, the virUnrefConnect
      function is run. If this causes the last reference on the
      virConnectPtr to be released, then virReleaseConnect can
      be run, which in turns calls qemudClose. This function has
      a call to virDomainEventStateDeregisterConn which is intended
      to remove all callbacks associated with the virConnectPtr
      instance. This will try to grab a lock on virDomainEventState
      but this lock is already held. Deadlock ensues
      
      Thread 1 (Thread 0x7fcbb526a840 (LWP 23185)):
      
      Since each callback associated with a virConnectPtr holds a
      reference on virConnectPtr, it is impossible for the qemudClose
      method to be invoked while any callbacks are still registered.
      Thus the call to virDomainEventStateDeregisterConn must in fact
      be a no-op. Thus it is possible to just remove all trace of
      virDomainEventStateDeregisterConn and avoid the deadlock.
      
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Delete virDomainEventStateDeregisterConn
      * src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
        src/qemu/qemu_driver.c, src/uml/uml_driver.c: Remove
        calls to virDomainEventStateDeregisterConn
      2cb0899e
  4. 21 5月, 2012 2 次提交
    • J
      Fix build when configuring with polkit0 · 651d7124
      Jim Fehlig 提交于
      Commit 2223ea98 removed the only use of 'server' param in
      remoteDispatchAuthPolkit().  Mark the parameter with ATTRIBUTE_UNUSED
      to fix the build when configuring with polkit0.
      651d7124
    • S
      nwfilter: Add support for ipset · a3f3ab4c
      Stefan Berger 提交于
      This patch adds support for the recent ipset iptables extension
      to libvirt's nwfilter subsystem. Ipset allows to maintain 'sets'
      of IP addresses, ports and other packet parameters and allows for
      faster lookup (in the order of O(1) vs. O(n)) and rule evaluation
      to achieve higher throughput than what can be achieved with
      individual iptables rules.
      
      On the command line iptables supports ipset using
      
      iptables ... -m set --match-set <ipset name> <flags> -j ...
      
      where 'ipset name' is the name of a previously created ipset and
      flags is a comma-separated list of up to 6 flags. Flags use 'src' and 'dst'
      for selecting IP addresses, ports etc. from the source or
      destination part of a packet. So a concrete example may look like this:
      
      iptables -A INPUT -m set --match-set test src,src -j ACCEPT
      
      Since ipset management is quite complex, the idea was to leave ipset 
      management outside of libvirt but still allow users to reference an ipset.
      The user would have to make sure the ipset is available once the VM is
      started so that the iptables rule(s) referencing the ipset can be created.
      
      Using XML to describe an ipset in an nwfilter rule would then look as
      follows:
      
        <rule action='accept' direction='in'>
          <all ipset='test' ipsetflags='src,src'/>
        </rule>
      
      The two parameters on the command line are also the two distinct XML attributes
      'ipset' and 'ipsetflags'.
      
      FYI: Here is the man page for ipset:
      
      https://ipset.netfilter.org/ipset.man.html
      
      Regards,
          Stefan
      a3f3ab4c
  5. 18 5月, 2012 7 次提交
  6. 17 5月, 2012 3 次提交
    • M
      qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices · 9c484e3d
      Michal Privoznik 提交于
      If qemuPrepareHostdevUSBDevices fail it will roll back devices added
      to the driver list of used devices. However, if it may fail because
      the device is being used already. But then again - with roll back.
      Therefore don't try to remove a usb device manually if the function
      fail. Although, we want to remove the device if any operation
      performed afterwards fail.
      9c484e3d
    • E
      nodeinfo: test more details · 5a8262a0
      Eric Blake 提交于
      Make it obvious why we need Osier's patch in commit 10d9038b
      to fix NUMA parsing of an AMD machine with two cores sharing
      a socket id.
      
      * tests/nodeinfotest.c (linuxTestCompareFiles): Enhance the test.
      * tests/nodeinfodata/linux-nodeinfo-sysfs-test-*-output.txt: Update.
      5a8262a0
    • D
      Add a virLogMessage alternative taking va_list args · e7df360d
      Daniel P. Berrange 提交于
      Allow the logging APIs to be called with a va_list for format
      args, instead of requiring var-args usage.
      
      * src/util/logging.h, src/util/logging.c: Add virLogVMessage
      e7df360d
  7. 16 5月, 2012 9 次提交
    • E
      build: fix recent syntax-check breakage · 3337ba6d
      Eric Blake 提交于
      The use of readlink() in lxc_container.c is intentional; we don't
      want an absolute pathname there.
      
      * src/util/cgroup.h (VIR_CGROUP_SYSFS_MOUNT): Indent properly.
      * cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Add
      exemption.
      3337ba6d
    • M
      qemu: Rollback on used USB devices · 2f5fdc88
      Michal Privoznik 提交于
      One of our latest USB device handling patches
      05abd150 introduced a regression.
      That is, we first create a temporary list of all USB devices that
      are to be used by domain just starting up. Then we iterate over and
      check if a device from the list is in the global list of currently
      assigned devices (activeUsbHostdevs). If not, we add it there and
      continue with next iteration then. But if a device from temporary
      list is either taken already or adding to the activeUsbHostdevs fails,
      we remove all devices in temp list from the activeUsbHostdevs list.
      Therefore, if a device is already taken we remove it from
      activeUsbHostdevs even if we should not. Thus, next time we allow
      the device to be assigned to another domain.
      2f5fdc88
    • D
      Fix build compat with older libselinux for LXC · 7ba66ef2
      Daniel P. Berrange 提交于
      Most versions of libselinux do not contain the function
      selinux_lxc_contexts_path() that the security driver
      recently started using for LXC. We must add a conditional
      check for it in configure and then disable the LXC security
      driver for builds where libselinux lacks this function.
      
      * configure.ac: Check for selinux_lxc_contexts_path
      * src/security/security_selinux.c: Disable LXC security
        if selinux_lxc_contexts_path() is missing
      7ba66ef2
    • D
      Reject any non-option command line arguments · 51bcb09f
      Daniel P. Berrange 提交于
      Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing
      libvirt processes to run with the following command line args
      
         /usr/sbin/libvirtd --listen '#' 'by vdsm'
      
      While it correctly rejects any invalid option flags, libvirtd
      was not rejecting any non-option command line arguments
      
      * daemon/libvirtd.c: Reject non-option argv
      51bcb09f
    • D
      Remount cgroups controllers after setting up new /sys in LXC · a8c0b2fe
      Daniel P. Berrange 提交于
      Normal practice is for cgroups controllers to be mounted at
      /sys/fs/cgroup. When setting up a container, /sys is mounted
      with a new sysfs instance, thus we must re-mount all the
      cgroups controllers. The complexity is that we must mount
      them in the same layout as the host OS. ie if 'cpu' and 'cpuacct'
      were mounted at the same location in the host we must preserve
      this in the container. Also if any controllers are co-located
      we must setup symlinks from the individual controller name to
      the co-located mount-point
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a8c0b2fe
    • D
      Trim /proc & /sys subtrees before mounting new instances · c529b47a
      Daniel P. Berrange 提交于
      Both /proc and /sys may have sub-mounts in them from the host
      OS. We must explicitly unmount them all before mounting the
      new instance over that location. If we don't then /proc/mounts
      will show the sub-mounts as existing, even though nothing will
      be able to access them, due to the over-mount.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c529b47a
    • D
      Avoid LXC pivot root in the root source is still / · c16b4c43
      Daniel P. Berrange 提交于
      If the LXC config has a filesystem
      
        <filesystem>
           <source dir='/'/>
           <target dir='/'/>
        </filesystem>
      
      then there is no need to go down the pivot root codepath.
      We can simply use the existing root as needed.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c16b4c43
    • D
      Mount fresh instance of sysfs/selinux in LXC · e8639920
      Daniel P. Berrange 提交于
      Currently to make sysfs readonly, we remount the existing
      instance and then bind it readonly. Unfortunately this means
      sysfs is still showing device objects wrt the host OS namespace.
      We need it to reflect the container namespace, so we must mount
      a completely new instance of it. Do the same for selinuxfs since
      there is no benefit to bind mounting & this lets us simplify
      the code.
      
      * src/lxc/lxc_container.c: Mount fresh sysfs instance
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e8639920
    • D
      Convert the LXC driver to use the security driver API for mount options · 8dd5794f
      Daniel Walsh 提交于
      Instead of hardcoding use of SELinux contexts in the LXC driver,
      switch over to using the official security driver API.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      8dd5794f