1. 15 9月, 2009 6 次提交
    • D
      Remove accidentally added UUID re-definition in storage schema · fac3f4cd
      Daniel P. Berrange 提交于
      * docs/schemas/storageencryption.rng: Remove UUID definition
        since its provided by the domain.rng/storagevol.rng schemas
        that import this
      fac3f4cd
    • D
      Rebuild API docs · e1d715ef
      Daniel P. Berrange 提交于
      e1d715ef
    • D
      Make secrets RNG more strict · 67b2d5e0
      Daniel P. Berrange 提交于
      * docs/schemas/secret.rng: Require volume element to be an absolute
        path. Fix whitespace indentation
      67b2d5e0
    • D
      Fill in secret UUID for qcow encryption · 756be09d
      Daniel P. Berrange 提交于
      * src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
        for storage volumes using encryption
      756be09d
    • D
      Add usage type/id as a public API property of virSecret · a2a30038
      Daniel P. Berrange 提交于
      * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
        virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
      * python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
        as not throwing exceptions
      * qemud/remote.c: Implement dispatch for virLookupSecretByUsage
      * qemud/remote_protocol.x: Add usage type & ID as attributes of
        remote_nonnull_secret. Add RPC calls for new public APIs
      * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
        qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
        qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
      * src/datatypes.c, src/datatypes.h: Add usageType and usageID as
        properties of virSecretPtr
      * src/driver.h: Add virLookupSecretByUsage driver entry point
      * src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
        and virLookupSecretByUsage
      * src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
        and virLookupSecretByUsage
      * src/remote_internal.c: Implement virLookupSecretByUsage entry
      * src/secret_conf.c, src/secret_conf.h: Remove the
        virSecretUsageType enum, now in public API. Make volume
        path mandatory when parsing XML
      * src/secret_driver.c: Enforce usage uniqueness when defining secrets.
        Implement virSecretLookupByUsage api method
      * src/virsh.c: Include usage for secret-list command
      a2a30038
    • D
      Fix UUID handling in secrets/storage encryption APIs · 47e7a258
      Daniel P. Berrange 提交于
      Convert all the secret/storage encryption APIs / wire format to
      handle UUIDs in raw format instead of non-canonical printable
      format. Guarentees data format correctness.
      
      * docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
        and validate fully
      * docs/schemas/secret.rng: Fully validate UUID
      * include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
        virSecretLookupByUUID and virSecretGetUUID. Make
        virSecretGetUUIDString follow normal API design pattern
      * python/generator.py: Skip generation of virSecretGetUUID,
        virSecretGetUUIDString and virSecretLookupByUUID
      * python/libvir.c, python/libvirt-python-api.xml: Manual impl
        of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
      * qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
        Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
      * qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
        remote_uuid instead of remote_nonnull_string for UUID field.
        Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
        REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
        remote_uuid  value
      * qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
        qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
        qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
      * src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
        of printable. Change virGetSecret to use raw format UUID
      * src/driver.h: Rename virDrvSecretLookupByUUIDString to
        virDrvSecretLookupByUUID and use raw format UUID
      * src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
        and re-implement virSecretLookupByUUIDString and
        virSecretGetUUIDString in terms of those
      * src/libvirt_public.syms: Add virSecretLookupByUUID and
        virSecretGetUUID
      * src/remote_internal.c: Rename remoteSecretLookupByUUIDString
        to remoteSecretLookupByUUID. Fix typo in args for
        remoteSecretDefineXML impl. Use raw UUID format for
        get_nonnull_secret and make_nonnull_secret
      * src/storage_encryption_conf.c, src/storage_encryption_conf.h:
        Storage UUID in raw format, and require it to be present in
        XML. Use UUID parser to validate.
      * secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
        Storage UUID in raw format.
      * src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
        in a filed with printable UUID, instead of base64 UUID.
      * src/virsh.c: Adjust for changed public API contract of
        virSecretGetUUIDString.
      * src/storage_Backend.c: DOn't undefine secret we just generated
        upon successful volume creation. Fix to handle raw UUIDs. Generate
        a non-clashing UUID
      * src/qemu_driver.c: Change to use lookupByUUID instead of
        lookupByUUIDString
      47e7a258
  2. 14 9月, 2009 7 次提交
  3. 11 9月, 2009 5 次提交
    • M
      Add support for qcow encrypted volumes to qemu. · 07ce4d2a
      Miloslav Trmač 提交于
      Integrate with QEMU monitor to provide encryption passphrase when
      starting a guest using encrypted qcow volumes
      
      * src/qemu_driver.c (findDomainDiskEncryption,
        findVolumeQcowPassphrase,
        qemudMonitorSendVolumePassphrase, qemudMonitorSendCont): Send a volume
        passphrase if qemu asks for it.
      07ce4d2a
    • M
      Provide missing passphrase when creating a volume. · cd6a9334
      Miloslav Trmač 提交于
      If the <encryption format='qcow'> element does not specify a secret
      during volume creation, generate a suitable secret and add it to the
      <encryption> tag.  The caller can view the updated <encryption> tag
      using virStorageVolGetXMLDesc().
      
      Similarly, when <encryption format='default'/> is specified while
      creating a qcow or qcow2-formatted volume, change the format to "qcow"
      and generate a secret as described above.
      
      * src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE,
        virStorageGenerateQcowPasphrase),
        src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase),
        src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase().
      * src/storage_backend.c (virStoragegenerateQcowEncryption,
        virStorageBackendCreateQemuImg): Generate a passphrase and
        <encryption> when creating a qcow-formatted encrypted volume and the
        user did not supply the information.
      cd6a9334
    • M
      Add virsh commands for secrets APIs · 2db2c5a1
      Miloslav Trmač 提交于
      * src/virsh.c: Add virsh commands.
      * docs/virsh.pod, virsh.1: Update documentation.
      2db2c5a1
    • M
      Local file implementation of secret driver API · 03d33860
      Miloslav Trmač 提交于
      This implementation stores the secrets in an unencrypted text file,
      for simplicity in implementation and debugging.
      
      (Symmetric encryption, e.g. using gpgme, will not be difficult to add.
      Because the TLS private key used by libvirtd is stored unencrypted,
      encrypting the secrets file does not currently provide much additional
      security.)
      
      * include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
        error number.
      * po/POTFILES.in, src/Makefile.am: Add secret_driver.
      * bootstrap: Use gnulib's base64 module.
      * src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
        Add local secret driver.
      * qemud/qemud.c (qemudInitialize): Use the local secret driver.
      03d33860
    • M
      Add an internal <secret> XML handling API · b9a8bef4
      Miloslav Trmač 提交于
      Add a <secret> XML handling API, separate from the local driver, to
      avoid manually generating XML in other parts of libvirt.
      
      * src/secret_conf.c, src/secret_conf.h: New files.
      * po/POTFILES.in, src/Makefile.am: Add secret_conf.
      b9a8bef4
  4. 10 9月, 2009 22 次提交
    • M
      Mask out flags used internally for virSecretGetValue · ecc5c829
      Miloslav Trmač 提交于
      Add a VIR_SECRET_GET_VALUE_INTERNAL_CALL flag value, replacing the
      originally separate libvirt_internal_call parameter.  The flag is used
      to differentiate external virSecretGetValue() calls from internal calls
      by libvirt drivers that need to use the secret even if it is private.
      
      * src/libvirt_internal.h Remove VIR_DOMAIN_XML_FLAGS_MASK
      * src/driver.h Add VIR_SECRET_GET_VALUE_FLAGS_MASK constant and
        VIR_SECRET_GET_VALUE_INTERNAL_CALL. Re-add the
        VIR_DOMAIN_XML_FLAGS_MASK constant
      * src/libvirt.c (virSecretGetValue): Don't allow the user to specify
        internal flags.
      ecc5c829
    • D
      Fix use of dlopen modules · fcd4e269
      Daniel P. Berrange 提交于
      Remove the bogus dependancy between node_device.c & storage_backend.c
      by moving the virWaitForDevices into util.h where it can be shared
      safely
      
      * src/storage_backend_disk.c, src/storage_backend_logical.c,
        src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
        virStorageBackendWaitForDevices with virFileWaitForDevices
      * src/storage_backend.c, src/storage_backend.h: Remove
        virStorageBackendWaitForDevices, virWaitForDevices
      * src/util.h, src/util.c: Add virFileWaitForDevices
      * configure.in: Move xmlrpc check further down after pkgconfig
        is detected
      * src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
      * src/libvirt_private.syms: Add many missing exports
      fcd4e269
    • M
      Consolidate "cont" into qemudMonitorSendCont() · 7ec20935
      Miloslav Trmač 提交于
      The interface allows qemudMonitorSendCont() to report errors that are
      not overridden by its callers.
      
      Also fix a potential infinite loop in qemuDomainCoreDump() if sending
      cont repeatedly fails.
      
      * src/qemu_driver.c (qemudMonitorSendCont): New function.
        (qemudAutostartConfigs): Reset error before each call to
        qemudStartVMDaemon().
        (qemudInitCpus, qemudDomainResume, qemudDomainCoreDump,
        qemudDomainRestore, qemudDomainMigratePerform,
        qemudDomainMigrateFinish2): Use qemudMonitorSendCont().
      7ec20935
    • M
      Add <usage> to <secret> docs · 78811ae5
      Miloslav Trmač 提交于
      * docs/formatsecret.html.in, docs/formatsecret.html: Document <usage
        type='volume'>, replacing stand-alone <volume>.
      * docs/schemas/secret.rng: Update schema to require <usage
        type='volume'>
      78811ae5
    • D
      Cleanup sec driver error reporting to use virReportSystemError · 7887e003
      Daniel P. Berrange 提交于
      * src/security_selinux.c: Use virReportSystemError whereever an
        errno is involved
      * src/qemu_driver.c: Don't overwrite error message from the
        security driver
      7887e003
    • D
      Support relabelling of USB and PCI devices · 0e9ae444
      Daniel P. Berrange 提交于
      * src/security.h: Driver API for relabelling host devices
      * src/security_selinux.c: Implement relabelling of PCI and USB
        devices
      * src/qemu_driver.c: Relabel USB/PCI devices before hotplug
      0e9ae444
    • D
      Port QEMU driver to use USB/PCI device helpers · c42c1b8a
      Daniel P. Berrange 提交于
      * src/qemu_driver.c: Remove usbfs/sysfs iterator code and call
        into generic helper APIs instead when setting device permissions
      c42c1b8a
    • D
      Add helper APIs for iterating over PCI device resource files · ec31cd76
      Daniel P. Berrange 提交于
      * src/pci.h, src/pci.c: Helper for iterating over PCI device
        resource files
      * src/libvirt_private.syms: Export pciDeviceFileIterate
      ec31cd76
    • D
      Add helper module for dealing with USB host devices · 1e060bf2
      Daniel P. Berrange 提交于
      * src/Makefile.am: Add usb.h and usb.h to libvirt_util.la
      * src/libvirt_private.syms: Export symbols
      * src/usb.c, src/usb.h: Helper APIs for USB host devices
      1e060bf2
    • D
      Fix more OOM handling bugs · cbe63e52
      Daniel P. Berrange 提交于
      * src/qemu_conf.c: Fix leak of values upon OOM
      * src/xend_internal.c: Fix missing check for OOM failure
      * tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Free
        stateDir upon exit to avoid leak
      cbe63e52
    • D
      Fix logging buffer overrun read · 755915ea
      Daniel P. Berrange 提交于
      * src/logging.c: Fix buffer offset in logging read
      755915ea
    • D
      Fix misc thread locking bugs / bogus warnings · 5c8d3d3b
      Daniel P. Berrange 提交于
      Fix all thread locking bugs reported by object-locking test
      case.
      
      NB, some of the driver locking is getting too coarse. Driver
      mutexes really need to be turned into RW locks instead to
      significantly increase concurrency.
      
      * src/lxc_driver.c: Fix useof driver when unlocked in the methods
        lxcDomainGetInfo, lxcSetSchedulerParameters, and
        lxcGetSchedulerParameters
      * src/opennebula/one_driver.c: Fix missing unlock in oneDomainUndefine.
        Fix use of driver when unlocked in oneDomainGetInfo,
        oneGetOSType, oneDomainShutdown
      * src/qemu_driver.c: Fix use of driver when unlocked in
        qemudDomainSavem, qemuGetSchedulerType, qemuSetSchedulerParameters
        and qemuGetSchedulerParameters
      * src/storage_driver.c: Re-work storagePoolCreate to avoid bogus
        lock checking warning. Re-work storageVolumeCreateXMLFrom to
        remove a potential NULL de-reference & avoid bogus lock check
        warnings
      * src/test.c: Remove testDomainAssignDef since it break lock chekc
        warnings.
      * tests/object-locking.ml: Add oneDriverLock, oneDriverUnlock
        and one_driver_t methods/types to allow lock checking on the
         OpenNebula drivers
      5c8d3d3b
    • M
      Test that domain-specific qemu machine types are used correctly · e52d608d
      Mark McLoughlin 提交于
      * tests/testutilsqemu.c: add a machine types list for /usr/bin/kvm
        which doesn't have any aliases, while the guest has aliases
      
      * tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.*,
        tests/qemuxml2argvtest.c: add a test using /usr/bin/kvm and make
        sure that 'pc' machine type doesn't get canonicalized using the
        aliases in the guest machine type list
      e52d608d
    • M
      Simplify and fix qemudCanonicalizeMachine() · 6ab16aaf
      Mark McLoughlin 提交于
      The algorithm is quite simple:
      
        If the emulator matches a guest's domain:
          if domain has machine type info:
            check the domain's machine type info
          else
            check the guest's default machine type info
        else if the emulator matches the guest's default emulator:
           check the guest's default machine type info
      
      The previous implementation was incorrectly falling back to the default
      machine type info if the domain's machine type info didn't have an
      alias.
      
      * src/qemu_driver.c: simplify and fix qemudCanonicalizeMachine()
      6ab16aaf
    • M
      Probe machine types from kvm binary too · 3e14a8dc
      Mark McLoughlin 提交于
      Currently we only probe the main qemu binary for machine types, but we
      should also probe the kvm binary.
      
      * src/qemu_conf.c: probe kvm binary machines in qemudCapsInitGuest()
      3e14a8dc
    • M
      Look up machine types from all domains in qemudGetOldMachines() · f5dd3bcd
      Mark McLoughlin 提交于
      Rather than just looking at the default domain info, look at all
      domains
      
      * src/qemu_conf.c: look at all domains in qemudGetOldMachines()
      f5dd3bcd
    • M
      Split up qemudGetOldMachines() · 44646747
      Mark McLoughlin 提交于
      We need to look at all the domain infos in guest capabilities, not
      just the defaults.
      
      In order to allow that, split out a qemudGetOldMachinesFromInfo()
      from qemudGetOldMachines(). We'll make more use of it in the next
      patch.
      
      * src/qemu_conf.c: split out qemudGetOldMachinesFromInfo() from
        qemudGetOldMachines()
      44646747
    • M
      Test qemu machine aliases · aa67241b
      Mark McLoughlin 提交于
      * tests/testutilsqemu.c: make 'pc' an alias for qemu-system-x86_64
      
      * tests/qemuxml2argvdata/qemuxml2argv-machine-aliases1.*,
        tests/qemuxml2argvtest.c: add a test which uses qemu-system-x86_64
        and make sure the machine type is canonicalized.
      aa67241b
    • M
      Re-factor qemu test machine allocation code · d4c032d0
      Mark McLoughlin 提交于
      * test/testutilsqemu.c: split out code to testQemuAllocMachines()
        and make use of the ARRAY_CARDINALITY macro
      d4c032d0
    • M
      Canonicalize the qemu machine type in qemuxml2argvtest · 6e7ab461
      Mark McLoughlin 提交于
      This doesn't have any affect on the current tests because we don't have
      any machine aliases in the current test data.
      
      * src/qemu_conf.h, src/qemu_driver.c: expose qemudCanonicalizeMachine()
        for the tests
      
      * tests/qemuxml2argvtest.c: canonicalize the machine type
      6e7ab461
    • M
      Dump qemu driver capabilities if test debugging enabled · d7ed2c18
      Mark McLoughlin 提交于
      * src/testutils.[ch]: make testDebug externally available
      
      * src/testutilsqemu.c: if VIR_TEST_DEBUG is set, dump the qemu
        driver capabilities to stderr
      d7ed2c18
    • M
      Fix formatting of machine types in capabilities XML · 3fa4a82e
      Mark McLoughlin 提交于
      * src/capabilities.c: fix machine type formatting in
        virCapabilitiesFormatXML()
      3fa4a82e