- 16 10月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Since commit 44e7f029 util: rewrite auto cleanup macros to use glib's equivalent VIR_AUTOPTR aliases to g_autoptr. Replace all of its use by the GLib macro version. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 10月, 2019 1 次提交
-
-
由 Ján Tomko 提交于
Use G_GNUC_UNUSED from GLib instead of ATTRIBUTE_UNUSED. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 9月, 2019 1 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
- 09 8月, 2019 3 次提交
-
-
由 Daniel P. Berrangé 提交于
The libvirtd daemon provides the traditional libvirt experience where all the drivers are in a single daemon, and is accessible over both local UNIX sockets and remote IP sockets. In the new world we're having a set of per-driver daemons which will primarily be accessed locally via their own UNIX sockets. We still, however, need to allow for case of applications which will connect to libvirt remotely. These remote connections can be done as TCP/TLS sockets, or by SSH tunnelling to the UNIX socket. In the later case, the old libvirt.so clients will only know about the path to the old libvirtd socket /var/run/libvirt/libvirt-sock, and not the new driver sockets /var/run/libvirt/virtqemud-sock. It is also not desirable to expose the main driver specific daemons over IP directly to minimize their attack service. Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets, and back compat for the old libvirtd UNIX socket path(s). It will then forward all RPC calls made to the appropriate driver specific daemon. Essentially it is equivalent to the old libvirtd with absolutely no drivers registered except for the remote driver (and other stateless drivers in libvirt.so). We could have modified libvirtd so none of the drivers are registed to get the same end result. We could even add a libvirtd.conf parameter to control whether the drivers are loaded to enable users to switch back to the old world if we discover bugs in the split-daemon model. Using a new daemon though has some advantages - We can make virtproxyd and the virtXXXd per-driver daemons all have "Conflicts: libvirtd.service" in their systemd unit files. This will guarantee that libvirtd is never started at the same time, as this would result in two daemons running the same driver. Fortunately drivers use locking to protect themselves, but it is better to avoid starting a daemon we know will conflict. - It allows us to break CLI compat to remove the --listen parameter. Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf will default to zero. Either TLS or TCP can be enabled exclusively though virtd.conf without requiring the extra step of adding --listen. - It allows us to set a strict SELinux policy over virtproxyd. For back compat the libvirtd policy must continue to allow all drivers to run. We can't easily give a second policy to libvirtd which locks it down. By introducing a new virtproxyd we can set a strict policy for that daemon only. - It gets rid of the weird naming of having a daemon with "lib" in its name. Now all normal daemons libvirt ships will have "virt" as their prefix not "libvirt". - Distros can more easily choose their upgrade path. They can ship both sets of daemons in their packages, and choose to either enable libvirtd, or enable the per-driver daemons and virtproxyd out of the box. Users can easily override this if desired by just tweaking which systemd units are active. After some time we can deprecate use of libvirtd and after some more time delete it entirely, leaving us in a pretty world filled with prancing unicorns. The main downside with introducing a new daemon, and with the per-driver daemons in general, is figuring out the correct upgrade path. The conservative option is to leave libvirtd running if it was an existing installation. Only use the new daemons & virtproxyd on completely new installs. The aggressive option is to disable libvirtd if already running and activate all the new daemons. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Prepare for reusing libvirtd source to create other daemons by making the use of IP sockets conditionally defined by the make rules. The main libvirtd daemon will retain IP listen ability, but all the driver specific daemons will be local UNIX sockets only. Apps needing IP connectivity will connect via the libvirtd daemon which will proxy to the driver specfic daemon. Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Prepare for reusing libvirtd source to create other daemons by making the daemon name conditionally defined by the make rules. Reviewed-by: NChristophe de Dinechin <dinechin@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 6月, 2019 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Libvirtd has long had integration with avahi for advertising libvirtd using mDNS when TCP/TLS listening is enabled. For a long time the virt-manager application had support for auto-detecting libvirtds on the local network using mDNS, but this was removed last year commit fc8f8d5d7e3ba80a0771df19cf20e84a05ed2422 Author: Cole Robinson <crobinso@redhat.com> Date: Sat Oct 6 20:55:31 2018 -0400 connect: Drop avahi support Libvirtd can advertise itself over avahi. The feature is disabled by default though and in practice I hear of no one actually using it and frankly I don't think it's all that useful The 'Open Connection' wizard has a disproportionate amount of code devoted to this feature, but I don't think it's useful or worth maintaining, so let's drop it I've never heard of any other applications having support for using mDNS to detect libvirtd instances. Though it is theoretically possible something exists out there, it is clearly going to be a niche use case in the virt ecosystem as a whole. By removing avahi integration we can cut down the dependency chain for the basic libvirtd install and reduce our code maint burden. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 10 4月, 2019 2 次提交
-
-
由 Peter Krempa 提交于
This reverts commit a5e16020. Getting rid of unistd.h from our headers will require more work than just fixing the broken mingw build. Revert it until I have a more complete proposal. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Peter Krempa 提交于
util/virutil.h bogously included unistd.h. Drop it and replace it by including it directly where needed. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 14 12月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
In many files there are header comments that contain an Author: statement, supposedly reflecting who originally wrote the code. In a large collaborative project like libvirt, any non-trivial file will have been modified by a large number of different contributors. IOW, the Author: comments are quickly out of date, omitting people who have made significant contribitions. In some places Author: lines have been added despite the person merely being responsible for creating the file by moving existing code out of another file. IOW, the Author: lines give an incorrect record of authorship. With this all in mind, the comments are useless as a means to identify who to talk to about code in a particular file. Contributors will always be better off using 'git log' and 'git blame' if they need to find the author of a particular bit of code. This commit thus deletes all Author: comments from the source and adds a rule to prevent them reappearing. The Copyright headers are similarly misleading and inaccurate, however, we cannot delete these as they have legal meaning, despite being largely inaccurate. In addition only the copyright holder is permitted to change their respective copyright statement. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 21 7月, 2018 1 次提交
-
-
由 Marc Hartmayer 提交于
Hypervisor drivers (e.g. QEMU) assume that they run in a separate thread from the main event loop thread otherwise deadlocks can occur. Therefore let's report an error if max_workers < 1 is set in the libvirtd configuration file. Signed-off-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 22 2月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Having a daemon/ directory makes little sense from a code structure point of view, as 90% of the code that is built into libvirtd already lives in the src/ directory. The virtlockd and virlogd daemons also live entirely in src/{locking,logging} directories. This moves the source code for libvirtd into src/remote/, alongside the client code. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 16 8月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
Since its introduction in f6134117 it was never implemented nor there are plans to implement it. Drop it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 08 8月, 2017 1 次提交
-
-
由 Ján Tomko 提交于
Rewrite virConfReadMem to take a null-terminated string. All the callers were calling strlen on it anyway.
-
- 09 2月, 2017 1 次提交
-
-
由 Boris Fiuczynski 提交于
Provide the ability to specify a default timeout value for successful completion of openvswitch calls in the libvirtd configuration file. Signed-off-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 12 7月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirtdconftest was previously used to test data type handling of the libvirtd config file. Now we're using the typedef APIs, this test case has little value, and is pretty hard to fixup with deal with the new APIs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 6月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add a "tls_priority" config option to /etc/libvirt/libvirtd.conf to allow the administrator to override the built-in default setting. This only affects the server side configuration. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 5月, 2016 1 次提交
-
-
由 Nikolay Shirokovskiy 提交于
Daemon config parameter switch between reading host uuid either from smbios or machine-id: host_uuid_source = "smbios|machine-id" Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
- 02 3月, 2016 1 次提交
-
-
由 Jason J. Herne 提交于
Commit 1199edb1 added config option max_queued_clients and documented the default value as 1000 but never actually set that value. This patch sets the default value. This addresses an issue whereby the following error message is reported if too many migrations are started simultaneously: error: End of file while reading data: Ncat: Invalid argument.: Input/output error The problem is that too many ncat processes are spawned on the destination system. They all attempt to connect to the libvirt socket. Because the destination libvirtd cannot respond to the connect requests quickly enough we overrun the socket's pending connections queue. Signed-off-by: NJason J. Herne <jjherne@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
-
- 10 8月, 2015 1 次提交
-
-
由 Martin Kletzander 提交于
Since its introduction in 2011 (particularly in commit f4324e32), the option doesn't work. It just effectively disables all incoming connections. That's because the client private data that contain the 'keepalive_supported' boolean, are initialized to zeroes so the bool is false and the only other place where the bool is used is when checking whether the client supports keepalive. Thus, according to the server, no client supports keepalive. Removing this instead of fixing it is better because a) apparently nobody ever tried it since 2011 (4 years without one month) and b) we cannot know whether the client supports keepalive until we get a ping or pong keepalive packet. And that won't happen until after we dispatched the ConnectOpen call. Another two reasons would be c) the keepalive_required was tracked on the server level, but keepalive_supported was in private data of the client as well as the check that was made in the remote layer, thus making all other instances of virNetServer miss this feature unless they all implemented it for themselves and d) we can always add it back in case there is a request and a use-case for it. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 16 6月, 2015 1 次提交
-
-
由 Martin Kletzander 提交于
This is not going to be very widely used, but for some corner cases and easier (unsafe) debugging, it might be nice. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 15 12月, 2014 2 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1160995 In our config files users are expected to pass several integer values for different configuration knobs. However, majority of them expect a nonnegative number and only a few of them accept a negative number too (notably keepalive_interval in libvirtd.conf). Therefore, a new type to config value is introduced: VIR_CONF_ULONG that is set whenever an integer is positive or zero. With this approach knobs accepting VIR_CONF_LONG should accept VIR_CONF_ULONG too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
There's no need to implement ToString() function like we do if we can use our shiny macros. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 21 3月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 18 3月, 2014 3 次提交
-
-
由 Daniel P. Berrange 提交于
A earlier commit changed the global log buffer so that it only records messages that are explicitly requested via the log filters setting. This removes the performance burden, and improves the signal/noise ratio for messages in the global buffer. At the same time though, it is somewhat pointless, since all the recorded log messages are already going to be sent to an explicit log output like syslog, stderr or the journal. The global log buffer is thus just duplicating this data on stderr upon crash. The log_buffer_size config parameter is left in the augeas lens to prevent breakage for users on upgrade. It is however completely ignored hereafter. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=992980 This config tunable allows users to determine the maximum number of accepted but yet not authenticated users. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
Some of these are leftovers from renaming the files, others are just typos. Also introduce an ugly awk script to enforce this.
-
- 05 8月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
This configuration knob lets user to set the length of queue of connection requests waiting to be accept()-ed by the daemon. IOW, it just controls the @backlog passed to listen: int listen(int sockfd, int backlog);
-
- 10 7月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Michal Privoznik 提交于
-
- 29 6月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Commit id 'ed3bac71' introduced the following: TEST: libvirtdconftest ........................................ 40 OK ==25875== 690 (480 direct, 210 indirect) bytes in 30 blocks are definitely lost in loss record 18 of 24 ==25875== at 0x4A06B6F: calloc (vg_replace_malloc.c:593) ==25875== by 0x4C737DF: virAllocN (viralloc.c:152) ==25875== by 0x403BC8: remoteConfigGetStringList (libvirtd-config.c:74) ==25875== by 0x4042CF: daemonConfigLoadOptions (libvirtd-config.c:382) ==25875== by 0x4052F5: daemonConfigLoadData (libvirtd-config.c:479) ==25875== by 0x40222C: testCorrupt (libvirtdconftest.c:112) ==25875== by 0x40321F: virtTestRun (testutils.c:158) ==25875== by 0x401FEE: mymain (libvirtdconftest.c:228) ==25875== by 0x40385A: virtTestMain (testutils.c:722) ==25875== by 0x37C1021A04: (below main) (libc-start.c:225) ==25875== PASS: libvirtdconftest
-
- 24 6月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add a new 'access_drivers' config parameter to the libvirtd.conf configuration file. This allows admins to setup the default access control drivers to use for API authorization. The same driver is to be used by all internal drivers & APIs Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 07 6月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
There's no sense in using virAsprintf() just to duplicate a string. We should use VIR_STRDUP which is designed just for that.
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 08 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the virGetHostname() API has a bogus virConnectPtr parameter. This is because virtualization drivers directly reference this API in their virDriverPtr tables, tieing its API design to the public virConnectGetHostname API design. This also causes problems for access control checks since these must only be done for invocations from the public API, not internal invocation. Remove the bogus virConnectPtr parameter, and make each hypervisor driver provide a dedicated function for the driver API impl. This will allow access control checks to be easily inserted later. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 14 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
-