1. 25 7月, 2011 4 次提交
    • M
      bandwidth: Define schema and create documentation · a8923162
      Michal Privoznik 提交于
      Define new 'bandwidth' element with possible child element 'inbound'
      and 'outbound' addressing incoming and outgoing traffic respectively:
      
      <bandwidth>
        <inbound average='1000' peak='2000' burst='5120'/>
        <outbound average='500'/>
      </bandwidth>
      
      Leaving any element out means not to shape traffic in that
      direction.
      The units for average and peak (rate) are in kilobytes per second,
      for burst (size) are just in kilobytes.
      This element can be inserted into domain's 'interface' and
      'network'.
      a8923162
    • L
      network: provide internal API to return IP of a network · 239322cb
      Laine Stump 提交于
      The new listenNetwork attribute needs to learn an IP address based on a
      named network. This patch provides a function networkGetNetworkAddress
      which provides that.
      
      Some networks have an IP address explicitly in their configuration
      (ie, those with a forward type of "none", "route", or "nat"). For
      those, we can just return the IP address from the config.
      
      The rest will have a physical device associated with them (either via
      <bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
      of interfaces inside the network's <forward> element) and we will need
      to ask the kernel for a current IP address of that device (via the
      newly added ifaceGetIPAddress)
      
      If networkGetNetworkAddress encounters an error while trying to learn
      the address for a network, it will return -1. In the case that libvirt
      has been compiled without the network driver, the call is a macro
      which reduces to -2. This allows differentiating between a failure of
      the network driver, and its complete absence.
      239322cb
    • L
      util: add an ifaceGetIPAddress to the interface utilities · c5d1592e
      Laine Stump 提交于
      This function uses ioctl(SIOCGIFADDR), which limits it to returning
      the first IPv4 address of an interface, but that's what we want right
      now (the place we're going to use the address only accepts one).
      c5d1592e
    • E
      tests: fix compilation failures · 5283ea9b
      Eric Blake 提交于
      Even though gnutls is a hard-req for libvirt, and gnutls depends
      on libtasn1, that does not mean that you have to have the libtasn1
      development files installed.  Skip the test rather than failing
      compilation in that case.
      
      With newer gcc, the test consumed too much stack space.  Move
      things to static storage to fix that.
      
      * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
      (HAVE_LIBTASN1): New automake conditional.
      * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
      (virnettlscontexttest_LDADD): Allow compilation without libtasn1.
      * tests/virnettlscontexttest.c: Skip test if headers not present.
      (struct testTLSCertReq): Alter time members.
      (testTLSGenerateCert): Reflect the change.
      (mymain): Reduce stack usage.
      5283ea9b
  2. 22 7月, 2011 36 次提交
    • D
      Pre-create /var/lib/libvirt/sanlock directory · c198d916
      Daniel P. Berrange 提交于
      The sanlock plugin for libvirt expects the directory
      /var/lib/libvirt/sanlock to exist. Create this and add
      it to the RPM
      
      * libvirt.spec.in: Add /var/lib/libvirt/sanlock
      * src/Makefile.am: Create /var/lib/libvirt/sanlock
      c198d916
    • D
      Honour filesystem readonly flag & make special FS readonly · b3ad9b9b
      Daniel P. Berrange 提交于
      A container should not be allowed to modify stuff in /sys
      or /proc/sys so make them readonly. Make /selinux readonly
      so that containers think that selinux is disabled.
      
      Honour the readonly flag when mounting container filesystems
      from the guest XML config
      
      * src/lxc/lxc_container.c: Support readonly mounts
      b3ad9b9b
    • D
      Refactor mounting of special filesystems · 6d37888e
      Daniel P. Berrange 提交于
      Even in non-virtual root filesystem mode we should be mounting
      more than just a new /proc. Refactor lxcContainerMountBasicFS
      so that it does everything except for /dev and /dev/pts moving
      that into lxcContainerMountDevFS. Pass in a source prefix
      to lxcContainerMountBasicFS() so it can be used in both shared
      root and private root modes.
      
      * src/lxc/lxc_container.c: Unify mounting code for special
        filesystems
      6d37888e
    • D
      Pull code for doing a bind mount into separate method · 66a00e61
      Daniel P. Berrange 提交于
      The bind mount setup is about to get more complicated.
      To avoid having to deal with several copies, pull it
      out into a separate lxcContainerMountFSBind method.
      
      Also pull out the iteration over container filesystems,
      so that it will be easier to drop in support for non-bind
      mount filesystems
      
      * src/lxc/lxc_container.c: Pull bind mount code out into
        lxcContainerMountFSBind
      66a00e61
    • D
      ed12c9ca
    • D
      Add a test case for certificate validation · bd789dff
      Daniel P. Berrange 提交于
      This test case checks certification validation rules for
      
       - Basic constraints
       - Key purpose
       - Key usage
       - Start/expiry times
      
      It checks initial context creation sanity checks, and live
      session validation
      bd789dff
    • D
      Allow certificate sanity checking to be disabled · 07f9b6f0
      Daniel P. Berrange 提交于
      When libvirtd starts it it will sanity check its own certs,
      and before libvirt clients connect to a remote server they
      will sanity check their own certs. This patch allows such
      sanity checking to be skipped. There is no strong reason to
      need to do this, other than to bypass possible libvirt bugs
      in sanity checking, or for testing purposes.
      
      libvirt.conf gains tls_no_sanity_certificate parameter to
      go along with tls_no_verify_certificate. The remote driver
      client URIs gain a no_sanity URI parameter
      
      * daemon/test_libvirtd.aug, daemon/libvirtd.conf,
        daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
        allow cert sanity checks to be skipped
      * src/remote/remote_driver.c: Add no_sanity parameter to
        skip cert checks
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
        Add new parameter for skipping sanity checks independantly
        of skipping session cert validation checks
      07f9b6f0
    • M
      build: Use $(PYTHON) instead of python for the keycode map generator · 1a80a4e0
      Matthias Bolte 提交于
      Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
      as executable and switch the shebang line from /bin/python to the
      commonly use /usr/bin/python.
      1a80a4e0
    • M
      xenapi: Fix double-freeing the session in xenapiClose · 379efa10
      Matthias Bolte 提交于
      xen_session_logout already frees the whole session object.
      Don't call xenSessionFree on a freed session object.
      
      Reported by Sharmila Radhakrishnan.
      379efa10
    • O
      remote/ssh: optional "keyfile" parameter. · 6b01c83a
      Oskari Saarenmaa 提交于
      New optional parameter "keyfile" for ssh transport allows the user to select
      the private key to be used to authenticate to the remote host.
      6b01c83a
    • L
      util: make interface.c functions consistently return < 0 on error · f7e18208
      Laine Stump 提交于
      All of the functions in util/interface.c were returning 0 on success,
      but some returned -1 on error, and some returned a positive value
      (usually the value of errno, but sometimes just 1). Libvirt's standard
      is to return < 0 on error (in the case of functions that need to
      return errno, -errno is returned.
      
      This patch modifies all functions in interface.c to consistently
      return < 0 on error, and makes changes to callers of those functions
      where necessary.
      f7e18208
    • D
      Refactor the certification validation code · 637711cb
      Daniel P. Berrange 提交于
      There is some commonality between the code for sanity checking
      certs when initializing libvirt and the code for validating
      certs during a live TLS session handshake. This patchset splits
      up the sanity checking function into several smaller functions
      each doing a specific type of check. The cert validation code
      is then updated to also call into these functions
      
      * src/rpc/virnettlscontext.c: Refactor cert validation code
      637711cb
    • D
      Remove call to deprecated gnutls_certificate_type_set_priority (again) · 3b8061c7
      Daniel P. Berrange 提交于
      The gnutls_certificate_type_set_priority method is deprecated.
      Since we already set the default gnutls priority, it was not
      serving any useful purpose and can be removed
      
      * src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
        call
      3b8061c7
    • D
      Ensure that libvirtd shuts down if initialization fails · 92509413
      Daniel P. Berrange 提交于
      If the virStateInitialize call fails we must shutdown libvirtd
      since drivers will not be available. Just free'ing the virNetServer
      is not sufficient, we must send a SIGTERM to ourselves so that
      we interrupt the event loop and trigger a orderly shutdown
      
      * daemon/libvirtd.c: Kill ourselves if state init fails
      * src/rpc/virnetserver.c: Add some debugging to event loop
      92509413
    • A
      Asynchronous event for BlockJob completion · d489b046
      Adam Litke 提交于
      When an operation started by virDomainBlockPull completes (either with
      success or with failure), raise an event to indicate the final status.
      This API allow users to avoid polling on virDomainGetBlockJobInfo if
      they would prefer to use an event mechanism.
      
      * daemon/remote.c: Dispatch events to client
      * include/libvirt/libvirt.h.in: Define event ID and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle the new event
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for block_stream completion and emit a libvirt block pull event
      * src/remote/remote_driver.c: Receive and dispatch events to application
      * src/remote/remote_protocol.x: Wire protocol definition for the event
      * src/remote_protocol-structs: structure definitions for protocol verification
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
        from QEMU monitor
      d489b046
    • A
      Enable virDomainBlockPull in the python API · f50750b2
      Adam Litke 提交于
      virDomainGetBlockJobInfo requires manual override since it returns a
      custom type.
      
      * python/generator.py: reenable bindings for this entry point
      * python/libvirt-override-api.xml python/libvirt-override.c:
        manual overrides
      f50750b2
    • A
      Enable the virDomainBlockPull API in virsh · b31abc6f
      Adam Litke 提交于
      Define two new virsh commands:
       * blockpull: Initiate a blockPull for the given disk
       * blockjob: Retrieve progress info, modify speed, and cancel active block jobs
      
      Share print_job_progress() with the migration code.
      
      * tools/virsh.c: implement the new commands
      b31abc6f
    • A
      Implement virDomainBlockPull for the qemu driver · b976165c
      Adam Litke 提交于
      The virDomainBlockPull* family of commands are enabled by the
      following HMP/QMP commands: 'block_stream', 'block_job_cancel',
       'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
      
      * src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
        streaming by using the proper qemu monitor commands.
      * src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
      b976165c
    • A
      Add virDomainBlockPull support to the remote driver · 4daeefac
      Adam Litke 提交于
      The generator can handle everything except virDomainGetBlockJobInfo().
      
      * src/remote/remote_protocol.x: provide defines for the new entry points
      * src/remote/remote_driver.c daemon/remote.c: implement the client and
        server side for virDomainGetBlockJobInfo.
      * src/remote_protocol-structs: structure definitions for protocol verification
      * src/rpc/gendispatch.pl: Permit some unsigned long parameters
      4daeefac
    • A
      virDomainBlockPull: Implement the main entry points · 72082a05
      Adam Litke 提交于
      * src/libvirt.c: implement the main entry points
      72082a05
    • A
      Add new API virDomainBlockPull* to headers · 152e8103
      Adam Litke 提交于
      Set up the types for the block pull functions and insert them into the
      virDriver structure definition.  Symbols are exported in this patch to
      prevent
      documentation compile failures.
      
      * include/libvirt/libvirt.h.in: new API
      * src/driver.h: add the new entry to the driver structure
      * python/generator.py: fix compiler errors, the actual python bindings
      * are
        implemented later
      * src/libvirt_public.syms: export symbols
      * docs/apibuild.py: Extend 'unsigned long' parameter exception to this
      * API
      152e8103
    • E
      save: add virsh commands for manipulating save files · bfb485ce
      Eric Blake 提交于
      Now you can edit a saved state file even if you forgot to grab
      a dumpxml file prior to saving a domain.  Plus, in-place editing
      feels so much nicer.
      
      * tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
      (cmdSaveImageEdit): New commands.
      * tools/virsh.pod (save-image-dumpxml, save-image-define)
      (save-image-edit): Document them.
      bfb485ce
    • E
      save: wire up remote protocol · 0696beca
      Eric Blake 提交于
      * src/remote/remote_driver.c (remote_driver): Add new callbacks.
      * src/remote/remote_protocol.x (remote_procedure): New RPCs.
      (remote_domain_save_image_get_xml_desc_args)
      (remote_domain_save_image_get_xml_desc_ret)
      (remote_domain_save_image_define_xml_args): New structs.
      * src/remote_protocol-structs: Update.
      0696beca
    • E
      save: new API to manipulate save file images · d2a929d4
      Eric Blake 提交于
      Modifying the xml on either save or restore only gets you so
      far - you have to remember to 'virsh dumpxml dom' just prior
      to the 'virsh save' in order to have an xml file worth modifying
      that won't be rejected due to abi breaks.  To make this more
      powerful, we need a way to grab the xml embedded within a state
      file, and from there, it's not much harder to also support
      modifying a state file in-place.
      
      Also, virDomainGetXMLDesc didn't document its flags.
      
      * include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
      (virDomainSaveImageDefineXML): New prototypes.
      * src/libvirt.c (virDomainSaveImageGetXMLDesc)
      (virDomainSaveImageDefineXML): New API.
      * src/libvirt_public.syms: Export them.
      * src/driver.h (virDrvDomainSaveImageGetXMLDesc)
      (virDrvDomainSaveImgeDefineXML): New driver callbacks.
      d2a929d4
    • E
      save: support bypass-cache flag in libvirt-guests init script · 28d18250
      Eric Blake 提交于
      libvirt-guests is a perfect use case for bypassing the file system
      cache - lots of filesystem traffic done at system shutdown, where
      caching is pointless, and startup, where reading large files only
      once just gets in the way.  Make this a configurable option in the
      init script, but defaulting to existing behavior.
      
      * tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
      * tools/libvirt-guests.init.sh (start, suspend_guest): Use it.
      28d18250
    • E
      save: support bypass-cache flag in qemu.conf · a9f9545e
      Eric Blake 提交于
      When auto-dumping a domain on crash events, or autostarting a domain
      with managed save state, let the user configure whether to imply
      the bypass cache flag.
      
      * src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
      Document new variables.
      * src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
      * src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
      * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
      * src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
      Honor them.
      a9f9545e
    • E
      save: support BYPASS_CACHE during qemu save/restore · 58e668d2
      Eric Blake 提交于
      Wire together the previous patches to support file system cache
      bypass during API save/restore requests in qemu.
      
      * src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
      (qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
      (qemuDomainObjStart): Add parameter.
      (qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
      (processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
      (qemuDomainRestoreFlags): Update callers.
      58e668d2
    • E
      save: add virFileDirectFd wrapper type · 519a1c43
      Eric Blake 提交于
      O_DIRECT has stringent requirements.  Rather than make lots of changes
      at each site that wants to use O_DIRECT, it is easier to offload
      the work through a helper process that mirrors the I/O between a
      pipe and the actual direct fd, so that the other end of the pipe
      no longer has to worry about constraints.
      
      Plus, if the kernel ever gains better posix_fadvise support, then we
      only have to touch a single file to let all callers benefit from a
      more efficient way to avoid file system caching.
      
      * src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
      (virFileDirectFdClose, virFileDirectFdFree): New prototypes.
      * src/util/virdirect.c: Implement new wrapper object.
      * src/libvirt_private.syms (virfile.h): Export new symbols.
      * cfg.mk (useless_free_options): Add to list.
      * po/POTFILES.in: Add new translations.
      519a1c43
    • E
      save: let iohelper work on O_DIRECT fds · 12291656
      Eric Blake 提交于
      Required for a coming patch where iohelper will operate on O_DIRECT
      fds.  There, the user-space memory must be aligned to file system
      boundaries (at least 512, but using page-aligned works better, and
      some file systems prefer 64k).  Made tougher by the fact that
      VIR_ALLOC won't work on void *, but posix_memalign won't work on
      char * and isn't available everywhere.
      
      This patch makes some simplifying assumptions - namely, output
      to an O_DIRECT fd will only be attempted on an empty seekable
      file (hence, no need to worry about preserving existing data
      on a partial block, and ftruncate will work to undo the effects
      of having to round up the size of the last block written), and
      input from an O_DIRECT fd will only be attempted on a complete
      seekable file with the only possible short read at EOF.
      
      * configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
      * src/util/iohelper.c (runIO): Use aligned memory, and handle
      quirks of O_DIRECT on last write.
      12291656
    • E
      save: let iohelper handle inherited fd · 1eb66479
      Eric Blake 提交于
      Rather than making the iohelper subject to a race in reopening
      the file, it is nicer to pass an already-open fd by inheritance.
      
      The old synopsis form must continue to work - if someone updates
      their libvirt package and installs a new libvirt_iohelper but
      without restarting the old libvirtd daemon, then the daemon can
      still make calls using the old syntax but the new iohelper.
      
      * src/util/iohelper.c (runIO): Split code for open...
      (prepare): ...to new function.
      (usage): Update synopsis.
      (main): Allow alternate calling form.
      * src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.
      1eb66479
    • E
      save: support --xml to virsh save/restore · 38149ec1
      Eric Blake 提交于
      Also, migrate was missing documentation for the --xml option
      added in commit ec5301cb.
      
      * tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
      * tools/virsh.pod (save, restore, migrate): Document it.
      38149ec1
    • E
      save: add --bypass-cache flag to virsh save/restore operations · a779d2ff
      Eric Blake 提交于
      Wire up the new flag to several virsh commands.  Also, the
      'dump' command had undocumented flags.
      
      * tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
      (cmdRestore): Add new flag.
      * tools/virsh.pod (save, managedsave, dump, start, restore):
      Document flags.
      a779d2ff
    • E
      save: wire up trivial save/restore flags implementations · b1083a4c
      Eric Blake 提交于
      For all hypervisors that support save and restore, the new API
      now performs the same functions as the old.
      
      VBox is excluded from this list, because its existing domainsave
      is broken (there is no corresponding domainrestore, and there
      is no control over the filename used in the save).  A later
      patch should change vbox to use its implementation for
      managedsave, and teach start to use managedsave results.
      
      * src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
      (libxlDomainSaveFlags): ...to new function.
      (libxlDomainRestore): Move guts...
      (libxlDomainRestoreFlags): ...to new function.
      * src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
      (testDomainRestore, testDomainRestoreFlags): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainSave)
      (xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
      (xenUnifiedDomainRestoreFlags): Likewise.
      * src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
      Rename and move guts.
      (qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
      (qemuDomainRestoreFlags): ...here.
      (qemudDomainSaveFlag): Rename...
      (qemuDomainSaveInternal): ...to this, and update callers.
      b1083a4c
    • E
      error: add new error type for reflecting partial API support · 17003457
      Eric Blake 提交于
      VIR_ERR_INVALID_ARG implies that an argument cannot possibly
      be correct, given the current state of the API.
      VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
      wrong, but arguments aren't configuration.
      VIR_ERR_NO_SUPPORT implies that a function is completely
      unimplemented.
      
      But in the case of a function that is partially implemented,
      yet the full power of the API is not available for that
      driver, none of the above messages make sense.  Hence a new
      error message, implying that the argument is known to comply
      with the current state of the API, and that while the driver
      supports aspects of the function, it does not support that
      particular use of the argument.
      
      A good use case for this is a driver that supports
      virDomainSaveFlags, but not the dxml argument of that API.
      
      It might be feasible to also use this new error for all functions
      that check flags, and which accept fewer flags than what is possible
      in the public API.  But doing so would get complicated, since
      neither libvirt.c nor the remote driver may do flag filtering,
      and every other driver would have to do a two-part check, first
      using virCheckFlags on all public flags (which gives
      VIR_ERR_INVALID_ARG for an impossible flag), followed by a
      particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
      possible public flag but unsupported by this driver).
      
      * include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
      error.
      * src/util/virterror.c (virErrorMsg): Give it a message.
      Suggested by Daniel P. Berrange.
      17003457
    • E
      build: fix bugs with destroyFlags patches · 934fdcb3
      Eric Blake 提交于
      Build failure on xenapi_driver from compiler warnings (flags was unused).
      
      Build failure on xen (incorrect number of arguments).  And in fixing
      that, I obeyed the comments of struct xenUnifiedDriver that state
      that we want to minimize the number of callback functions in that
      struct, not add to it.
      
      * src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
      arguments.
      (xenUnifiedDomainDestroy): Simplify.
      * src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
      * src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
      * src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
      * src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
      * src/xen/xm_internal.c (xenXMDriver): Likewise.
      * src/xen/xs_internal.c (xenStoreDriver): Likewise.
      * src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
      * src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
      unknown flags.
      934fdcb3
    • M
      remote: Fix forgotten comma · a9135359
      Michal Privoznik 提交于
      during conflict resolving
      a9135359