1. 06 9月, 2011 3 次提交
    • M
      qemu: Deal with stucked qemu on daemon startup · d38897a5
      Michal Privoznik 提交于
      If libvirt daemon gets restarted and there is (at least) one
      unresponsive qemu, the startup procedure hangs up. This patch creates
      one thread per vm in which we try to reconnect to monitor. Therefore,
      blocking in one thread will not affect other APIs.
      d38897a5
    • M
      qemu: Introduce job queue size limit · 3005cacb
      Michal Privoznik 提交于
      This patch creates an optional BeginJob queue size limit. When
      active, all other attempts above level will fail. To set this
      feature assign desired value to max_queued variable in qemu.conf.
      Setting it to 0 turns it off.
      3005cacb
    • M
      daemon: Create priority workers pool · 597fe3ce
      Michal Privoznik 提交于
      This patch annotates APIs with low or high priority.
      In low set MUST be all APIs which might eventually access monitor
      (and thus block indefinitely). Other APIs may be marked as high
      priority. However, some must be (e.g. domainDestroy).
      
      For high priority calls (HPC), there are some high priority workers
      (HPW) created in the pool. HPW can execute only HPC, although normal
      worker can process any call regardless priority. Therefore, only those
      APIs which are guaranteed to end in reasonable small amount of time
      can be marked as HPC.
      
      The size of this HPC pool is static, because HPC are expected to end
      quickly, therefore jobs assigned to this pool will be served quickly.
      It can be configured in libvirtd.conf via prio_workers variable.
      Default is set to 5.
      
      To mark API with low or high priority, append priority:{low|high} to
      it's comment in src/remote/remote_protocol.x. This is similar to
      autogen|skipgen. If not marked, the generator assumes low as default.
      597fe3ce
  2. 05 9月, 2011 22 次提交
    • E
      snapshot: use SELinux and lock manager with external snapshots · 63379890
      Eric Blake 提交于
      With this, it is now possible to create external snapshots even
      when SELinux is enforcing, and to protect the new file with a
      lock manager.
      
      * src/qemu/qemu_driver.c
      (qemuDomainSnapshotCreateSingleDiskActive): Create and register
      new file with proper permissions and locks.
      (qemuDomainSnapshotCreateDiskActive): Update caller.
      63379890
    • E
      snapshot: wire up live qemu disk snapshots · 9c21b441
      Eric Blake 提交于
      Lots of earlier patches led up to this point - the qemu snapshot_blkdev
      monitor command can now be controlled by libvirt!  Well, insofar as
      SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
      still some followup work before things work with SELinux enforcing,
      but this patch is big enough to post now.
      
      There's still room for other improvements, too (for example, taking a
      disk snapshot of an inactive domain, by using qemu-img for both internal
      and external snapshots; wiring up delete and revert control, including
      additional flags from my RFC; supporting active QED disk snapshots;
      supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
      etc.).  But this patch is the one that proves the new XML works!
      
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
      active disk snapshots.
      (qemuDomainSnapshotDiskPrepare)
      (qemuDomainSnapshotCreateDiskActive)
      (qemuDomainSnapshotCreateSingleDiskActive): New functions.
      9c21b441
    • E
      snapshot: wire up new qemu monitor command · e702b5ba
      Eric Blake 提交于
      No one uses this yet, but it will be important once
      virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
      flag, and the xml allows passing in the new file names.
      
      * src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
      * src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
      Likewise.
      * src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
      Likewise.
      * src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
      function.
      * src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
      Likewise.
      e702b5ba
    • E
      snapshot: make it possible to audit external snapshot · c111517a
      Eric Blake 提交于
      Snapshots alter the set of disk image files opened by qemu, so
      they must be audited.  But they don't involve a full disk definition
      structure, just the new filename.  Make the next patch easier by
      refactoring the audit routines to just operate on file name.
      
      * src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
      * src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
      not definition structures.
      (virDomainAuditStart): Update caller.
      * src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
      (qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
      (qemuDomainAttachUsbMassstorageDevice)
      (qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
      Likewise.
      c111517a
    • E
      snapshot: reject unimplemented disk snapshot features · 7807e05d
      Eric Blake 提交于
      My RFC for snapshot support [1] proposes several rules for when it is
      safe to delete or revert to an external snapshot, predicated on
      the existence of new API flags.  These will be incrementally added
      in future patches, but until then, blindly mishandling a disk
      snapshot risks corrupting internal state, so it is better to
      outright reject the attempts until the other pieces are in place,
      thus incrementally relaxing the restrictions added in this patch.
      
      [1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
      
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
      function.
      (qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
      safety valve.
      (qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
      valve.
      7807e05d
    • E
      snapshot: wire up disk-only flag to snapshot-create · 35d52b56
      Eric Blake 提交于
      Expose the disk-only flag through virsh.  Additionally, make
      virsh snapshot-create-as take an arbitrary number of diskspecs,
      which can be used to build up the xml for <domainsnapshot>.
      
      * tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
      (cmdSnapshotCreateAs): Likewise, and add argv diskspec.
      (vshParseSnapshotDiskspec): New helper function.
      (vshCmddefGetOption): Allow naming of argv field.
      * tools/virsh.pod (snapshot-create, snapshot-create-as): Document
      them.
      * tests/virsh-optparse: Test snapshot-create-as parsing.
      35d52b56
    • E
      snapshot: add flag for requesting disk snapshot · e03a62b4
      Eric Blake 提交于
      Prior to this patch, <domainsnapshot>/<disks> was ignored.  This
      changes it to be an error unless an explicit disk snapshot is
      requested (a future patch may relax things if it turns out to
      be useful to have a <disks> specification alongside a system
      checkpoint).
      
      * include/libvirt/libvirt.h.in
      (VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
      * src/libvirt.c (virDomainSnapshotCreateXML): Document it.
      * src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
      snapshots not supported yet.
      * src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.
      e03a62b4
    • E
      snapshot: add virsh domblklist command · 88a993b1
      Eric Blake 提交于
      This adds a convenience function to virsh that parses out block
      information from the domain xml, making it much easier to see
      what strings can be used in all other contexts that demand a
      specific block name, especially when given the previous patch
      that allows using either target or unique source name.
      
      As an example on a domain with one disk and an empty cdrom drive:
      
      Target     Source
      -------------------------------------------
      vda        /var/lib/libvirt/images/fedora_12.img
      hdc        -
      
      * tools/virsh.c (cmdDomblklist): New function.
      * tools/virsh.pod (domblklist): Document it.
      88a993b1
    • E
      snapshot: also support disks by path · 89b6284f
      Eric Blake 提交于
      I got confused when 'virsh domblkinfo dom disk' required the
      path to a disk (which can be ambiguous, since a single file
      can back multiple disks), rather than the unambiguous target
      device name that I was using in disk snapshots.  So, in true
      developer fashion, I went for the best of both worlds - all
      interfaces that operate on a disk (aka block) now accept
      either the target name or the unambiguous path to the backing
      file used by the disk.
      
      * src/conf/domain_conf.h (virDomainDiskIndexByName): Add
      parameter.
      (virDomainDiskPathByName): New prototype.
      * src/libvirt_private.syms (domain_conf.h): Export it.
      * src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
      searching by path, and decide whether ambiguity is okay.
      (virDomainDiskPathByName): New function.
      (virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
      callers.
      * src/qemu/qemu_driver.c (qemudDomainBlockPeek)
      (qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
      (qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
      * src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
      Likewise.
      * src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
      (libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
      (libxlDomainUpdateDeviceConfig): Likewise.
      * src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
      * src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
      * docs/formatsnapshot.html.in: Update documentation.
      * tools/virsh.pod (domblkstat, domblkinfo): Likewise.
      * docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
      disk targets.
      * docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
      * tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.
      89b6284f
    • E
      snapshot: add <disks> to snapshot xml · d6f6b2d1
      Eric Blake 提交于
      Adds an optional element to <domainsnapshot>, which will be used
      to give user control over external snapshot filenames on input,
      and specify generated filenames on output.
      
      For now, no driver accepts this element; that will come later.
      
      <domainsnapshot>
        ...
        <disks>
          <disk name='vda' snapshot='no'/>
          <disk name='vdb' snapshot='internal'/>
          <disk name='vdc' snapshot='external'>
            <driver type='qcow2'/>
            <source file='/path/to/new'/>
          </disk>
        </disks>
        <domain>
          ...
          <devices>
            <disk ...>
              <driver name='qemu' type='raw'/>
              <target dev='vdc'/>
              <source file='/path/to/old'/>
            </disk>
          </devices>
        </domain>
      </domainsnapshot>
      
      * src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
      (_virDomainSnapshotDef): Add new elements.
      (virDomainSnapshotAlignDisks): New prototype.
      * src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
      (virDomainSnapshotDiskDefParseXML, disksorter)
      (virDomainSnapshotAlignDisks): New functions.
      (virDomainSnapshotDefParseString): Parse new fields.
      (virDomainSnapshotDefFree): Clean them up.
      (virDomainSnapshotDefFormat): Output them.
      * src/libvirt_private.syms (domain_conf.h): Export new function.
      * docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
      Add more xml.
      * docs/formatsnapshot.html.in: Document it.
      * tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
      * tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.
      d6f6b2d1
    • E
      snapshot: support extra state in snapshots · 5b30b08d
      Eric Blake 提交于
      In order to distinguish disk snapshots from system checkpoints, a
      new state value that is only valid for snapshots is helpful.
      
      * include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
      * src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
      (VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
      * src/conf/domain_conf.c (virDomainState): Use placeholder.
      (virDomainSnapshotState): Extend mapping by one for use in snapshot.
      (virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
      Handle new state.
      (virDomainObjSetState, virDomainStateReasonToString)
      (virDomainStateReasonFromString): Avoid compiler warnings.
      * tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
      Likewise.
      * src/libvirt_private.syms (domain_conf.h): Export new functions.
      * docs/schemas/domainsnapshot.rng: Tighten state definition.
      * docs/formatsnapshot.html.in: Document it.
      * tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.
      5b30b08d
    • E
      snapshot: expose halt-after-creation in virsh · a891ffa4
      Eric Blake 提交于
      Easy enough to emulate even with older servers.
      
      * tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
      --halt flag.
      (vshSnapshotCreate): Emulate halt when flag is unsupported.
      * tools/virsh.pod (snapshot-create, snapshot-create-as): Document
      it.
      a891ffa4
    • E
      snapshot: allow halting after snapshot · 6f66423e
      Eric Blake 提交于
      Since a snapshot is fully recoverable, it is useful to have a
      snapshot as a means of hibernating a guest, then reverting to
      the snapshot to wake the guest up.  This mode of usage is
      similar to 'virsh save/virsh restore', except that virsh
      save uses an external file while virsh snapshot keeps the
      vm state internal to a qcow2 file.  However, it only works on
      persistent domains.
      
      In the usage pattern of snapshot/revert for hibernating a guest,
      there is no need to keep the guest running between the two points
      in time, especially since that would generate runtime state that
      would just be discarded.  Add a flag to make it possible to
      stop the domain after the snapshot has completed.
      
      * include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
      New flag.
      * src/libvirt.c (virDomainSnapshotCreateXML): Document it.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
      (qemuDomainSnapshotCreateActive): Implement it.
      6f66423e
    • E
      snapshot: expose new delete flag in virsh · ddc88273
      Eric Blake 提交于
      It would technically be possible to have virsh compute the list
      of descendants of a given snapshot, then delete those one at
      a time.  But it's complex, and not worth writing for a first
      cut at implementing the new flags.
      
      * tools/virsh.c (cmdSnapshotDelete): Add --children-only,
      --metadata.
      * tools/virsh.pod (snapshot-delete): Document them.
      ddc88273
    • E
      snapshot: introduce new deletion flag · 3d77d0a6
      Eric Blake 提交于
      Reverting to a state prior to an external snapshot risks
      corrupting any other branches in the snapshot hierarchy that
      were using the snapshot as a read-only backing file.  So
      disk snapshot code will default to preventing reverting to
      a snapshot that has any children, meaning that deleting just
      the children of a snapshot becomes a useful operation in
      preparing that snapshot for being a future reversion target.
      The code for the new flag is simple - it's one less deletion,
      plus a tweak to keep the current snapshot correct.
      
      * include/libvirt/libvirt.h.in
      (VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
      * src/libvirt.c (virDomainSnapshotDelete): Document it, and
      enforce mutual exclusion.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
      it.
      3d77d0a6
    • E
      snapshot: reject transient disks where code is not ready · e91d27ee
      Eric Blake 提交于
      The previous patch introduced new config, but if a hypervisor does
      not support that new config, someone can write XML that does not
      behave as documented.  This prevents some of those cases by
      explicitly rejecting transient disks for several hypervisors.
      
      Disk snapshots will require a new flag to actually affect a snapshot
      creation, so there's not much to reject there.
      
      * src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
      disks for now.
      * src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
      * src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
      * src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.
      e91d27ee
    • E
      snapshot: additions to domain xml for disks · 47123530
      Eric Blake 提交于
      As discussed here:
      https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
      https://www.redhat.com/archives/libvir-list/2011-August/msg00552.html
      
      Adds snapshot attribute and transient sub-element:
      
      <devices>
        <disk type=... snapshot='no|internal|external'>
          ...
          <transient/>
        </disk>
      </devices>
      
      * docs/schemas/domaincommon.rng (snapshot): New define.
      (disk): Add snapshot and persistent attributes.
      * docs/formatdomain.html.in: Document them.
      * src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
      (_virDomainDiskDef): New fields.
      * tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
      test of rng, no args counterpart until qemu support is complete.
      * tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
      file, snapshot attribute does not affect args.
      * tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
      * tests/qemuxml2argvtest.c (mymain): Run new test.
      47123530
    • L
      Check for source conflicts in storage pools · 5a1f2728
      Lei Li 提交于
      Fix bug #611823 storage driver should prohibit pools with duplicate
      underlying storage.
      
      Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
      check based on source location infomation for pool type.
      
      * AUTHORS: add Lei Li
      5a1f2728
    • M
      Add a usb1 & usb2 qemuxml2argv test · ddc90362
      Marc-André Lureau 提交于
      ddc90362
    • M
      Default USB device is on slot 1 function 2 · 360aaafc
      Marc-André Lureau 提交于
      Fix qemuAssignDevicePCISlots() and the associated regression tests
      360aaafc
    • M
      PIIX3 USB controller is on function 2 · 07901bf2
      Marc-André Lureau 提交于
      Current code reserves slot 1 function 2 even if there is a user
      defined PIIX3 USB controller there.
      07901bf2
    • P
      Fix localtime handling for Xen-PV domains · 8be115ff
      Philipp Hahn 提交于
      At least Xen-3.4.3 translates the /vm/localtime SXPR value to
      /domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
      the domain is defined.  When reading back that information libvirt only
      handles HVM domains, but not PV domains: This results in libvirtd always
      returning
          <clock offset="utc"/>
      while Xend used (localtime 1).
      
      For PV domains use /domain/image/linux/localtime.
      8be115ff
  3. 03 9月, 2011 15 次提交
    • E
      snapshot: store qemu domain details in xml · 973fcd8f
      Eric Blake 提交于
      When reverting to a snapshot, the inactive domain configuration
      has to be rolled back to what it was at the time of the snapshot.
      Additionally, if the VM is active and the snapshot was active,
      this now adds a failure if the two configurations are ABI
      incompatible, rather than risking qemu confusion.
      
      A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
      will be required for two risky code paths - reverting to an
      older snapshot that lacked full domain information, and reverting
      from running to a live snapshot that requires starting a new qemu
      process.  Any reverting that stops a running vm is also a form
      of data loss (discarding the current running state to go back in
      time), but as that is what reversion usually implies, it is
      probably not worth requiring a force flag.
      
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
      domain.
      (qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
      ABI compatibility checks.
      973fcd8f
    • E
      snapshot: update rng to support full domain in xml · 2a95a3e9
      Eric Blake 提交于
      This patch will probably cause merge conflicts to those trying
      to do backports.  The end goal is simple - domaincommon.rng
      should be the state of domain.rng pre-patch, with a few lines
      tweaked in the header, while domain.rng post-patch is now just
      a shell that includes domaincommon.rng and sets the <start>.
      
      * docs/schemas/domain.rng: Move guts...
      * docs/schemas/domaincommon.rng: ...to new file.
      * docs/schemas/domainsnapshot.rng: Allow new xml.
      * docs/schemas/Makefile.am (schema_DATA): Distribute new file.
      * tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
      * libvirt.spec.in (%files client): Ship new file.  Sort lines.
      * mingw32-libvirt.spec.in: Likewise.
      2a95a3e9
    • E
      snapshot: correctly escape generated xml · 8352e04d
      Eric Blake 提交于
      Commit 69278878 fixed one direction of arbitrarily-named snapshots,
      but not the round trip path.  While auditing domain_conf, I found
      a couple other instances that weren't escaping arbitrary strings.
      
      * src/conf/domain_conf.c (virDomainFSDefFormat)
      (virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
      Escape arbitrary strings.
      8352e04d
    • E
      snapshot: allow full domain xml in snapshot · f609cb85
      Eric Blake 提交于
      Just like VM saved state images (virsh save), snapshots MUST
      track the inactive domain xml to detect any ABI incompatibilities.
      
      The indentation is not perfect, but functionality comes before form.
      
      Later patches will actually supply a full domain; for now, this
      wires up the storage to support one, but doesn't ever generate one
      in dumpxml output.
      
      Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
      from read-only connections, even though before this patch, there was
      no information to be secured by the use of that flag.
      
      And while we're at it, mark the libvirt snapshot metadata files
      as internal-use only.
      
      * src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
      * src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
      (virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
      Update signature.
      * src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
      (virDomainSnapshotDefParseString): Optionally parse domain.
      (virDomainSnapshotDefFormat): Output full domain.
      * src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
      (esxDomainSnapshotGetXMLDesc): Update callers.
      * src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
      (vboxDomainSnapshotGetXMLDesc): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
      (qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
      (qemuDomainSnapshotWriteMetadata): Likewise.
      * docs/formatsnapshot.html.in: Rework doc example.
      Based on a patch by Philipp Hahn.
      f609cb85
    • E
      snapshot: refactor domain xml output · 0ce68c66
      Eric Blake 提交于
      Minor semantic change - allow domain xml to be generated in place
      within a larger buffer, rather than having to go through a
      temporary string.
      
      * src/conf/domain_conf.c (virDomainDefFormatInternal): Add
      parameter.
      (virDomainDefFormat, virDomainObjFormat): Update callers.
      0ce68c66
    • E
      snapshot: prevent migration from stranding snapshot data · e2fb96d9
      Eric Blake 提交于
      Migration is another case of stranding metadata.  And since
      snapshot metadata is arbitrarily large, there's no way to
      shoehorn it into the migration cookie of migration v3.
      
      This patch consolidates two existing locations for migration
      validation into one helper function, then enhances that function
      to also do the new checks.  If we could always trust the source
      to validate migration, then the destination would not have to
      do anything; but since older servers that did not do checking
      can migrate to newer destinations, we have to repeat some of
      the same checks on the destination; meanwhile, we want to
      detect failures as soon as possible.  With migration v2, this
      means that validation will reject things at Prepare on the
      destination if the XML exposes the problem, otherwise at Perform
      on the source; with migration v3, this means that validation
      will reject things at Begin on the source, or if the source
      is old and the XML exposes the problem, then at Prepare on the
      destination.
      
      This patch is necessarily over-strict.  Once a later patch
      properly handles auto-cleanup of snapshot metadata on the
      death of a transient domain, then the only time we actually
      need snapshots to prevent migration is when using the
      --undefinesource flag on a persistent source domain.
      
      It is possible to recreate snapshot metadata on the destination
      with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
      VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
      since if we delete the snapshot metadata prior to migration,
      then we won't know the name of the current snapshot to pass
      along; and if we delete the snapshot metadata after migration
      and use the v3 migration cookie to pass along the name of the
      current snapshot, then we need a way to bypass the fact that
      this patch refuses migration with snapshot metadata present.
      
      So eventually, we may have to introduce migration protocol v4
      that allows feature negotiation and an arbitrary number of
      handshake exchanges, so as to pass as many rpc calls as needed
      to transfer all the snapshot xml hierarchy.
      
      But all of that is thoughts for the future; for now, the best
      course of action is to quit early, rather than get into a
      funky state of stale metadata; then relax restrictions later.
      
      * src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
      * src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
      signature, and allow checks for both outgoing and incoming.
      (qemuMigrationBegin, qemuMigrationPrepareAny)
      (qemuMigrationPerformJob): Update callers.
      e2fb96d9
    • E
      snapshot: support new undefine flags in qemu · 19f8c980
      Eric Blake 提交于
      A nice benefit of deleting all snapshots at undefine time is that
      you don't have to do any reparenting or subtree identification - since
      everything goes, this is an O(n) process, whereas using multiple
      virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
      only doable for snapshot metadata, where we are in control of the
      data being deleted; for the actual snapshots, there's too much
      likelihood of something going wrong, and requiring even more API
      calls to figure out what failed in the meantime, so callers are
      better off deleting the snapshot data themselves one snapshot at
      a time where they can deal with failures as they happen.
      
      * src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.
      19f8c980
    • E
      snapshot: cache qemu-img location · 3881a470
      Eric Blake 提交于
      As more clients start to want to know this information, doing
      a PATH stat walk and malloc for every client adds up.
      
      We are only caching the location, not the capabilities, so even
      if qemu-img is updated in the meantime, it will still probably
      live in the same location.  So there is no need to worry about
      clearing this particular cache.
      
      * src/qemu/qemu_conf.h (qemud_driver): Add member.
      * src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
      (qemuFindQemuImgBinary): Add an argument, and cache result.
      (qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
      (qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
      (qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
      callers.
      3881a470
    • E
      snapshot: refactor some qemu code · 8055e5af
      Eric Blake 提交于
      Prepare for code sharing.  No semantic change.
      
      * src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
      (qemuDomainSnapshotWriteMetadata)
      (qemuDomainSnapshotDiscard)
      (qemuDomainSnapshotForEachQcow2): Float up.
      (qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
      (qemuDomainSnapshotDiscardAll): ...for generic use.
      (qemuDomainSnapshotDelete): Update caller.
      8055e5af
    • E
      snapshot: teach virsh about new undefine flags · e88872e9
      Eric Blake 提交于
      Similar to 'undefine --managed-save' (commit 83e849c1), we must
      assume that the old API is unsafe; however, we cannot emulate
      metadata-only deletion on older servers.  Additionally, we have
      the wrinkle that while virDomainUndefineFlags and managed save
      cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
      snapshots block undefine of a domain.  Do the best we can given
      the server we are talking to.
      
      * tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
      * tools/virsh.pod (undefine, destroy, shutdown): Document effect
      of snapshots.
      e88872e9
    • E
      snapshot: prevent stranding snapshot data on domain destruction · 282fe1f0
      Eric Blake 提交于
      Just as leaving managed save metadata behind can cause problems
      when creating a new domain that happens to collide with the name
      of the just-deleted domain, the same is true of leaving any
      snapshot metadata behind.  For safety sake, extend the semantic
      change of commit b26a9fa9 to also cover snapshot metadata as a
      reason to reject undefining an inactive domain.  A future patch
      will make sure that shutdown of a transient domain automatically
      deletes snapshot metadata (whether by destroy, shutdown, or
      guest-initiated action).  Management apps of transient domains
      should take care to capture xml of snapshots, if it is necessary
      to recreate the snapshot metadata on a later transient domain
      with the same name and uuid.
      
      This also documents a new flag that hypervisors can choose to
      support as a shortcut for taking care of the metadata as part of
      the undefine process; however, nontrivial driver support for these
      flags will be deferred to future patches.
      
      Note that ESX and VBox can never be transient; therefore, they
      do not have to worry about automatic cleanup after shutdown
      (the persistent domain still remains); likewise they never
      store snapshot metadata, so the undefine flag is trivial.
      The nontrivial work remaining is thus in the qemu driver.
      
      * include/libvirt/libvirt.h.in
      (VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
      * src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
      Document new limitations and flag.
      * src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
      implementation.
      * src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
      the limitations.
      282fe1f0
    • E
      snapshot: add qemu snapshot redefine support · bd18b967
      Eric Blake 提交于
      Redefining a qemu snapshot requires a bit of a tweak to the common
      snapshot parsing code, but the end result is quite nice.
      
      Be careful that redefinitions do not introduce circular parent
      chains.  Also, we don't want to allow conversion between online
      and offline existing snapshots.  We could probably do some more
      validation for snapshots that don't already exist to make sure
      they are even feasible, by parsing qemu-img output, but that
      can come later.
      
      * src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
      internal flags.
      * src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
      signature to take internal flags.
      * src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
      * src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
      new public flags.
      bd18b967
    • E
      snapshot: add qemu snapshot creation without metadata · ece197e9
      Eric Blake 提交于
      Supporting NO_METADATA on snapshot creation is interesting - we must
      still return a valid opaque snapshot object, but the user can't get
      anything out of it (unless we add a virDomainSnapshotGetName()),
      since it is no longer registered with the domain.
      
      Also, virsh now tries to query for secure xml, in anticipation of
      when we store <domain> xml inside <domainsnapshot>; for now, we
      can trivially support it, since we have nothing secure.
      
      * src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
      new flag.
      (qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.
      ece197e9
    • E
      snapshot: improve virsh snapshot-create, add snapshot-edit · 2b4d8deb
      Eric Blake 提交于
      Wire up the new snapshot creation flags in virsh.  For convenience,
      teach 'snapshot-current' how to make an existing snapshot become
      current (can be used after upgrading to newer libvirt to recover
      from the fact that the older libvirt lost track of the current
      snapshot after a restart).  The snapshot-create-as command is
      intentionally not taught --redefine or --current, as this would
      imply adding a lot of other options for everything else that can
      appear in the <domainsnapshot> xml, but which is normally read-only.
      Besides, redefining will usually be done on files created by
      snapshot-dumpxml, rather than something built up by hand on the
      command line.  And now that we can redefine, we can edit.
      
      * tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
      and --no-metadata.
      (cmdSnapshotCreateAs): Add --no-metadata.
      (cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
      (cmdSnapshotEdit): New command.
      * tools/virsh.pod (snapshot-create, snapshot-create-as)
      (snapshot-current, snapshot-edit):  Document these.
      2b4d8deb
    • E
      snapshot: refactor virsh snapshot creation · 90ec08ed
      Eric Blake 提交于
      The next patch will make snapshot creation more complex, so it's
      better to avoid repetition of the complexity.
      
      * tools/virsh.c (vshSnapshotCreate): New helper function.
      (cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.
      90ec08ed