1. 29 10月, 2010 1 次提交
    • D
      Release of libvirt-0.8.5 · 4c2b3e1d
      Daniel Veillard 提交于
      * configure.ac libvirt.spec.in: new version
      * docs/news.html.in: update news page and improve format
      * po/*.po*: Update po again
      4c2b3e1d
  2. 22 10月, 2010 1 次提交
    • D
      Add dtrace static probes in libvirtd · 968eb4e5
      Daniel P. Berrange 提交于
      Adds initial support for dtrace static probes in libvirtd
      daemon, assuming use of systemtap dtrace compat shim on
      Linux. The probes are inserted for network client connect,
      disconnect, TLS handshake states and authentication protocol
      states.
      
      This can be tested by running the xample program and then
      attempting to connect with any libvirt client (virsh,
      virt-manager, etc).
      
       # stap examples/systemtap/client.stp
        Client fd=44 connected readonly=0
        Client fd=44 auth polkit deny pid:24997,uid:500
        Client fd=44 disconnected
        Client fd=46 connected readonly=1
        Client fd=46 auth sasl allow test
        Client fd=46 disconnected
      
      The libvirtd.stp file should also really not be required,
      since it is duplicated info that is already available in
      the main probes.d definition file. A script to autogenerate
      the .stp file is needed, either in libvirtd tree, or better
      as part of systemtap itself.
      
      * Makefile.am: Add examples/systemtap subdir
      * autobuild.sh: Disable dtrace for mingw32
      * configure.ac: Add check for dtrace
      * daemon/.gitignore: Ignore generated dtrace probe file
      * daemon/Makefile.am: Build dtrace probe header & object
        files
      * daemon/libvirtd.stp: SystemTAP convenience probeset
      * daemon/libvirtd.c: Add connect/disconnect & TLS probes
      * daemon/remote.c: Add SASL and PolicyKit auth probes
      * daemon/probes.d: Master probe definition
      * daemon/libvirtd.h: Add convenience macro for probes
        so that compilation is a no-op when dtrace is not available
      * examples/systemtap/Makefile.am, examples/systemtap/client.stp
        Example systemtap script using dtrace probe markers
      * libvirt.spec.in: Enable dtrace on F13/RHEL6
      * mingw32-libvirt.spec.in: Force disable dtrace
      968eb4e5
  3. 20 10月, 2010 1 次提交
    • D
      Basic framework for auditing integration · 8f680ad3
      Daniel P. Berrange 提交于
      Integrate with libaudit.so for auditing of important operations.
      libvirtd gains a couple of config entries for auditing. By
      default it will enable auditing, if its enabled on the host.
      It can be configured to force exit if auditing is disabled
      on the host. It will can also send audit messages via libvirt
      internal logging API
      
      Places requiring audit reporting can use the VIR_AUDIT
      macro to report data. This is a no-op unless auditing is
      enabled
      
      * autobuild.sh, mingw32-libvirt.spec.in: Disable audit
        on mingw
      * configure.ac: Add check for libaudit
      * daemon/libvirtd.aug, daemon/libvirtd.conf,
        daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
        options to enable auditing
      * include/libvirt/virterror.h, src/util/virterror.c: Add
        VIR_FROM_AUDIT source
      * libvirt.spec.in: Enable audit
      * src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
        API for auditing messages
      8f680ad3
  4. 19 10月, 2010 1 次提交
    • D
      qemu: let qemu group look below /var/lib/libvirt/qemu/ · 0df552cd
      Dan Kenigsberg 提交于
      Vdsm needs to communicate with its guest agent via unix domain socket,
      which qemu creates due to the following domain xml device:
      
          <channel type='unix'>
            <target type='virtio' name='com.redhat.rhevm.vdsm'/>
            <source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
          </channel>
      
      The location of the socket below /var/lib/libvirt/qemu/channels makes
      sense, to humans and selinux policy alike. However, that socket should
      be accessible to vdsm, too.
      
      Due to other (storage) reasons, vdsm is to join the "qemu" group. With
      this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
      socket.
      
      The socket itself should be chmod'ed to allow qemu group read/write, but
      that's for another project.
      
      BZ#643407
      0df552cd
  5. 15 10月, 2010 1 次提交
  6. 10 9月, 2010 1 次提交
  7. 07 9月, 2010 1 次提交
  8. 25 8月, 2010 1 次提交
  9. 12 8月, 2010 1 次提交
    • J
      bridge: Add --dhcp-no-override option to dnsmasq · e26672f7
      Jiri Denemark 提交于
      --dhcp-no-override description from dnsmasq man page:
      
            Disable  re-use  of  the  DHCP servername and filename fields as
            extra option space. If it can, dnsmasq moves the boot server and
            filename  information  (from  dhcp-boot)  out of their dedicated
            fields into DHCP options. This make extra space available in the
            DHCP  packet  for options but can, rarely, confuse old or broken
            clients. This flag forces "simple and safe" behaviour  to  avoid
            problems in such a case.
      
      It seems some virtual network card ROMs are this old/buggy so let's add
      --dhcp-no-override as a workaround for them. We don't use extra DHCP
      options so this should be safe. The option was added in dnsmasq-2.41,
      which becomes the minimum required version.
      e26672f7
  10. 04 8月, 2010 1 次提交
  11. 17 7月, 2010 1 次提交
    • J
      man pages: update authors and copyright notice for libvirtd and virsh · de7d4c6a
      Justin Clift 提交于
      This patch removes the individual author names from the libvirtd and virsh
      man pages, instead referring to the main AUTHORS file distributed with
      libvirt.  This approach is needed, as we can't guarantee unicode support
      across all versions of pod2man used with libvirt.
      
      Additionally, this patch includes the libvirtd man page in the spec file
      used with "make rpm".  Without this patch "make rpm" is broken.
      de7d4c6a
  12. 13 7月, 2010 1 次提交
  13. 05 7月, 2010 1 次提交
  14. 29 5月, 2010 1 次提交
    • J
      Fix libvirt-guests init script · 1a5c465e
      Jiri Denemark 提交于
      Firstly, the init script has to touch its file under /var/lock/subsys
      when started, otherwise the system would think it's not running and
      won't stop it during shutdown.
      
      Secondly, for some reason there is a policy to automatically enable
      init scripts when they are installed, so let the specfile do this. We
      also need to start the init script to ensure it will be stopped during
      the first shutdown after installing the package.
      
      Also $LISTFILE should be enclosed by quotes everywhere as suggested by
      Eric.
      1a5c465e
  15. 27 5月, 2010 2 次提交
  16. 26 5月, 2010 1 次提交
  17. 21 5月, 2010 1 次提交
    • J
      Init script for handling guests on shutdown/boot · 66823690
      Jiri Denemark 提交于
      Example output during shutdown:
      
      Running guests on default URI: console, rhel6-1, rhel5-64
      Running guests on lxc:/// URI: lxc-shell
      Running guests on xen:/// URI: error: no hypervisor driver available for xen:///
      error: failed to connect to the hypervisor
      Running guests on vbox+tcp://orkuz/system URI: no running guests.
      Suspending guests on default URI...
      Suspending console: done
      Suspending rhel6-1: done
      Suspending rhel5-64: done
      Suspending guests on lxc:/// URI...
      Suspending lxc-shell: error: Failed to save domain 9cba8bfb-56f4-6589-2d12-8a58c886dd3b state
      error: this function is not supported by the hypervisor: virDomainManagedSave
      
      Note, the "Suspending $guest: " shows progress during the suspend phase
      if domjobinfo gives meaningful output.
      
      Example output during boot:
      
      Resuming guests on default URI...
      Resuming guest rhel6-1: done
      Resuming guest rhel5-64: done
      Resuming guest console: done
      Resuming guests on lxc:/// URI...
      Resuming guest lxc-shell: already active
      
      Configuration used for generating the examples above:
      URIS='default lxc:/// xen:/// vbox+tcp://orkuz/system'
      
      The script uses /var/lib/libvirt/libvirt-guests files to note all active
      guest it should try to resume on next boot. It's content looks like:
      
      default 7f8b9d93-30e1-f0b9-47a7-cb408482654b 085b4c95-5da2-e8e1-712f-6ea6a4156af2 fb4d8360-5305-df3a-2da1-07d682891b8c
      lxc:/// 9cba8bfb-56f4-6589-2d12-8a58c886dd3b
      66823690
  18. 06 5月, 2010 1 次提交
  19. 04 5月, 2010 1 次提交
    • D
      Various fixes for the spec file · 7efa3937
      Daniel Veillard 提交于
      This includes various things:
       - fix the Requires: libvirt-client to use %{name} to allow easy
         renaming
       - when building ESX support one need libcurl-devel
       - remove Makefile[.in] from xml/nwfilter in the docs, as this breaks
         parallel install ation of i686 and x86_64 packages
       - don't include nwfilter config files if not building with the daemon
      all relatively trivial which is why I packed them together
      * libvirt.spec.in: fix various small bugs
      7efa3937
  20. 01 5月, 2010 1 次提交
    • D
      Release of libvirt-0.8.1 · 5d65d32f
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: updates for release
      * po/*.po*: updated localizations and regenerated
      5d65d32f
  21. 28 4月, 2010 1 次提交
    • D
      Move dnsmasq host file to a separate directory · 4e041189
      Daniel Veillard 提交于
      use /var/lib/libvirt/dnsmasq since /var/lib/libvirt/network is
      unreadable by the dnsmasq binary
      
      * src/network/bridge_driver.c: update DNSMASQ_STATE_DIR
      * src/Makefile.am: create it on make install
      * libvirt.spec.in: take the new directory into account
      4e041189
  22. 16 4月, 2010 1 次提交
    • D
      Run test suite as part of RPM build process · f6770e86
      Daniel P. Berrange 提交于
      To ensure that patches in the RPM don't break any functionality
      it is neccessary to run the test suites during build. It currently
      has 3 tests disabled
      
       - daemon-conf: this is totally broken, since it relies on
         being able to resolve the 'libvirt' group & being able to
         resolve hostnames at daemon startup. This isn't possible
         in a mock build root
       - seclabeltest: fails to initialize selinux in the mock
         build root. Possibly fixable
       - nodeinfotest: broken on s390 + ppc - this is a real bug
      
      * libvirt.spec.in: Add a %check section, with 3 tests
         temporarily disabled
      f6770e86
  23. 13 4月, 2010 2 次提交
  24. 08 4月, 2010 1 次提交
    • S
      nwfilter: Support for learning a VM's IP address · 3bf24abc
      Stefan Berger 提交于
      This patch implements support for learning a VM's IP address. It uses
      the pcap library to listen on the VM's backend network interface (tap)
      or the physical ethernet device (macvtap) and tries to capture packets
      with source or destination MAC address of the VM and learn from DHCP
      Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
      the VM's interface is. This then allows to instantiate the network
      traffic filtering rules without the user having to provide the IP
      parameter somewhere in the filter description or in the interface
      description as a parameter. This only supports to detect the parameter
      IP, which is for the assumed single IPv4 address of a VM. There is not
      support for interfaces that may have multiple  IP addresses (IP
      aliasing) or IPv6 that may then require more than one valid IP address
      to be detected. A VM can have multiple independent interfaces that each
      uses a different IP address and in that case it will be attempted to
      detect each one of the address independently.
      
      So, when for example an interface description in the domain XML has
      looked like this up to now:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'>
              <parameter name='IP' value='10.2.3.4'/>
            </filterref>
          </interface>
      
      you may omit the IP parameter:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'/>
          </interface>
      
      Internally I am walking the 'tree' of a VM's referenced network filters
      and determine with the given variables which variables are missing. Now,
      the above IP parameter may be missing and this causes a libvirt-internal
      thread to be started that uses the pcap library's API to listen to the
      backend interface  (in case of macvtap to the physical interface) in an
      attempt to determine the missing IP parameter. If the backend interface
      disappears the thread terminates assuming the VM was brought down. In
      case of a macvtap device a timeout is being used to wait for packets
      from the given VM (filtering by VM's interface MAC address). If the VM's
      macvtap device disappeared the thread also terminates. In all other
      cases it tries to determine the IP address of the VM and will then apply
      the rules late on the given interface, which would have happened
      immediately if the IP parameter had been explicitly given. In case an
      error happens while the firewall rules are applied, the VM's backend
      interface is 'down'ed preventing it to communicate. Reasons for failure
      for applying the network firewall rules may that an ebtables/iptables
      command failes or OOM errors. Essentially the same failure reasons may
      occur as when the firewall rules are applied immediately on VM start,
      except that due to the late application of the filtering rules the VM
      now is already running and cannot be hindered anymore from starting.
      Bringing down the whole VM would probably be considered too drastic.
      While a VM's IP address is attempted to be determined only limited
      updates to network filters are allowed. In particular it is prevented
      that filters are modified in such a way that they would introduce new
      variables.
      
      A caveat: The algorithm does not know which one is the appropriate IP
      address of a VM. If the VM spoofs an IP address in its first ARP traffic
      or IPv4 packets its filtering rules will be instantiated for this IP
      address, thus 'locking' it to the found IP address. So, it's still
      'safer' to explicitly provide the IP address of a VM's interface in the
      filter description if it is known beforehand.
      
      * configure.ac: detect libpcap
      * libvirt.spec.in: require libpcap[-devel] if qemu is built
      * src/internal.h: add the new ATTRIBUTE_PACKED define
      * src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
      * src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
      * src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
        src/nwfilter/nwfilter_ebiptables_driver.[ch]
        src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
      * tests/nwfilterxml2xmltest: extend testing
      3bf24abc
  25. 06 4月, 2010 1 次提交
  26. 01 4月, 2010 1 次提交
    • E
      build: more fallout from test -a · a792bf24
      Eric Blake 提交于
      * cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
      * docs/Makefile.am (%.html, html/index.html): Avoid non-portable
      test usage.
      * libvirt.spec.in (%post): Likewise.
      * tools/virt-pki-validate.in (servercert.pem): Likewise.
      * configure.ac (LOGNAME): Use test, not [, in files processed by
      autoconf.
      Detected by Matthias Bolte.
      a792bf24
  27. 31 3月, 2010 1 次提交
  28. 18 3月, 2010 1 次提交
  29. 10 3月, 2010 1 次提交
    • D
      Change logrotate to be per-hypervisor logs · 89bf843a
      Daniel Veillard 提交于
      Having a single logrotate configuration file for all hypervisors
      did not work as logrotate would get confused if an hypervisor not
      supported on that platform was still listed. Simplest is to split
      the logrotate as separate per hypervisor files and change the
      spec file to only install the ones compiled in.
      * daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
        daemon/libvirtd.uml.logrotate.in: copy and split the original
        daemon/libvirtd.logrotate.in file
      * daemon/Makefile.am: update to support the different files and
        cleanup in sed suggested by Eric Blake
      * libvirt.spec.in: only install the relevant logrotate configs
      * daemon/.gitignore: update logrotate generated list
      89bf843a
  30. 06 3月, 2010 1 次提交
    • D
      Release of libvirt-0.7.7 · 703c1651
      Daniel Veillard 提交于
      * configure.ac libvirt.spec.in: update with new version
      * docs/news.html.in: add list of changes in 0.7.7
      * po/*po*: updated spanish and russian localisations, rebuilt
      703c1651
  31. 26 2月, 2010 1 次提交
  32. 24 2月, 2010 1 次提交
    • D
      Format FS pools on creation · b738016b
      Dave Allan 提交于
      Create the filesystem on the partition used by the pool
      * configure.ac: check for mkfs availability
      * libvirt.spec.in: add extra require on util-linux for mkfs
      * src/storage/storage_backend_fs.c: run mkfs with the expected
        fs type when creating a filesystem pool
      b738016b
  33. 04 2月, 2010 1 次提交
    • D
      Release of libvirt-0.7.6 · 31a5ee92
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: version bump and doc
        updates
      * po/*.po*: updated and regenerated the localizations
      31a5ee92
  34. 24 12月, 2009 1 次提交
  35. 23 12月, 2009 1 次提交
  36. 22 12月, 2009 1 次提交
  37. 10 12月, 2009 1 次提交
    • M
      remove all traces of lokkit support · 3b3305d8
      Mark McLoughlin 提交于
      Long ago we tried to use Fedora's lokkit utility in order to register
      our iptables rules so that 'service iptables restart' would
      automatically load our rules.
      
      There was one fatal flaw - if the user had configured iptables without
      lokkit, then we would clobber that configuration by running lokkit.
      
      We quickly disabled lokkit support, but never removed it. Let's do
      that now.
      
      The 'my virtual network stops working when I restart iptables' still
      remains. For all the background on this saga, see:
      
        https://bugzilla.redhat.com/227011
      
      * src/util/iptables.c: remove lokkit support
      
      * configure.in: remove --enable-lokkit
      
      * libvirt.spec.in: remove the dirs used only for saving rules for lokkit
      
      * src/Makefile.am: ditto
      
      * src/libvirt_private.syms, src/network/bridge_driver.c,
        src/util/iptables.h: remove references to iptablesSaveRules
      3b3305d8
  38. 07 12月, 2009 1 次提交
    • D
      Introduce a simple API for handling JSON data · 9428f2ce
      Daniel P. Berrange 提交于
      This introduces simple API for handling JSON data. There is
      an internal data structure 'virJSONValuePtr' which stores a
      arbitrary nested JSON value (number, string, array, object,
      nul, etc).  There are APIs for constructing/querying objects
      and APIs for parsing/formatting string formatted JSON data.
      
      This uses the YAJL library for parsing/formatting from
      
       http://lloyd.github.com/yajl/
      
      * src/util/json.h, src/util/json.c: Data structures and APIs
        for representing JSON data, and parsing/formatting it
      * configure.in: Add check for yajl library
      * libvirt.spec.in: Add build requires for yajl
      * src/Makefile.am: Add json.c/h
      * src/libvirt_private.syms: Export JSON symbols to drivers
      9428f2ce