libvirt/configure.ac

1057 lines
29 KiB
Plaintext
Raw Normal View History

2005-11-02 12:50:21 +00:00
dnl Process this file with autoconf to produce a configure script.
dnl Copyright (C) 2005-2015 Red Hat, Inc.
maint: use LGPL correctly Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-14 23:42:12 +00:00
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
AC_INIT([libvirt], [5.7.0], [libvir-list@redhat.com], [], [https://libvirt.org])
2008-05-22 15:34:02 +00:00
AC_CONFIG_SRCDIR([src/libvirt.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
AH_BOTTOM([#include <config-post.h>])
AC_CONFIG_MACRO_DIR([m4])
dnl Make automake keep quiet about wildcards & other GNUmake-isms
AM_INIT_AUTOMAKE([
foreign
-Wno-portability
tar-pax
no-dist-gzip
dist-xz
subdir-objects
])
dnl older automake's default of ARFLAGS=cru is noisy on newer binutils;
dnl we don't really need the 'u' even in older toolchains. Then there is
dnl older libtool, which spelled it AR_FLAGS
m4_divert_text([DEFAULTS], [: "${ARFLAGS=cr} ${AR_FLAGS=cr}"])
# Maintainer note - comment this line out if you plan to rerun
# GNULIB_POSIXCHECK testing to see if libvirt should be using more modules.
# Leave it uncommented for normal releases, for faster ./configure.
gl_ASSERT_NO_GNULIB_POSIXCHECK
# Default to using the silent-rules feature when possible. Formatting
# chosen to bypass 'grep' checks that cause older automake to warn.
# Users (include rpm) can still change the default at configure time.
m4_ifndef([AM_SILENT_RULES],
[m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
2005-11-02 12:50:21 +00:00
AC_CANONICAL_HOST
# First extract pieces from the version number string
LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
LIBVIRT_MICRO_VERSION=`echo $VERSION | awk -F. '{print $3}'`
LIBVIRT_VERSION=$LIBVIRT_MAJOR_VERSION.$LIBVIRT_MINOR_VERSION.$LIBVIRT_MICRO_VERSION$LIBVIRT_MICRO_VERSION_SUFFIX
LIBVIRT_VERSION_NUMBER=`expr $LIBVIRT_MAJOR_VERSION \* 1000000 + $LIBVIRT_MINOR_VERSION \* 1000 + $LIBVIRT_MICRO_VERSION`
2005-11-02 12:50:21 +00:00
# In libtool terminology we need to figure out:
#
# CURRENT
# The most recent interface number that this library implements.
#
# REVISION
# The implementation number of the CURRENT interface.
#
# AGE
# The difference between the newest and oldest interfaces that this
# library implements.
#
# In other words, the library implements all the interface numbers
# in the range from number `CURRENT - AGE' to `CURRENT'.
#
# Libtool assigns the soname version from `CURRENT - AGE', and we
# don't want that to ever change in libvirt. ie it must always be
# zero, to produce libvirt.so.0.
#
# We would, however, like the libvirt version number reflected
# in the so version'd symlinks, and this is based on AGE.REVISION
# eg libvirt.so.0.AGE.REVISION
#
# Assuming we do ever want to break soname version, this can
# toggled. But seriously, don't ever touch this.
LIBVIRT_SONUM=0
# The following examples show what libtool will do
#
# Input: 0.9.14 -> libvirt.so.0.9.14
# Input: 1.0.0 -> libvirt.so.0.1000.0
# Input: 2.5.8 -> libvirt.so.0.2005.8
#
AGE=`expr $LIBVIRT_MAJOR_VERSION '*' 1000 + $LIBVIRT_MINOR_VERSION`
REVISION=$LIBVIRT_MICRO_VERSION
CURRENT=`expr $LIBVIRT_SONUM + $AGE`
LIBVIRT_VERSION_INFO=$CURRENT:$REVISION:$AGE
2008-05-22 15:34:02 +00:00
AC_SUBST([LIBVIRT_MAJOR_VERSION])
AC_SUBST([LIBVIRT_MINOR_VERSION])
AC_SUBST([LIBVIRT_MICRO_VERSION])
AC_SUBST([LIBVIRT_SONUM])
2008-05-22 15:34:02 +00:00
AC_SUBST([LIBVIRT_VERSION])
AC_SUBST([LIBVIRT_VERSION_INFO])
AC_SUBST([LIBVIRT_VERSION_NUMBER])
2005-11-02 12:50:21 +00:00
LIBVIRT_ARG_WITH([PACKAGER], [Extra packager name], [no])
LIBVIRT_ARG_WITH([PACKAGER_VERSION], [Extra packager version], [no])
if test "x$with_packager" != "xno"
then
AC_DEFINE_UNQUOTED([PACKAGER], ["$with_packager"],
[Extra package name])
fi
if test "x$with_packager_version" != "xno"
then
AC_DEFINE_UNQUOTED([PACKAGER_VERSION], ["$with_packager_version"],
[Extra package version])
fi
dnl Where we look for daemons and admin binaries during configure
LIBVIRT_SBIN_PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"
dnl Checks for C compiler.
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_CPP
dnl Setting AB_VERSION makes the 'autobuild' lines of configure output
dnl slightly more useful
if test -d $srcdir/.git && git --version >/dev/null 2>&1 ; then
AB_VERSION=`cd $srcdir && git describe --match 'v[[0-9]]*' 2>/dev/null`
fi
Use gnulib, starting with its physmem and getaddrinfo modules. New files go into these directories: gnulib/lib gnulib/m4 gnulib/tests * bootstrap: A wrapper around gnulib-tool. * configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY before any macro that uses AC_COMPILE_IFELSE. (AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile. * Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests early enough that those tests run before any libvirt unit tests. * m4/Makefile.am: Remove file. Not needed. * src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib. (LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la. * src/nodeinfo.c: Include "physmem.h". * qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h". (MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions. (virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate. * tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib. (LDADDS): Add ../gnulib/lib/libgnu.la. * qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la. * tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total memory from a file. Update expected output not to include "Memory: NNNN" * tests/nodeinfodata/linux-nodeinfo-1.txt: * tests/nodeinfodata/linux-nodeinfo-2.txt: * tests/nodeinfodata/linux-nodeinfo-3.txt: * tests/nodeinfodata/linux-nodeinfo-4.txt: * tests/nodeinfodata/linux-nodeinfo-5.txt: * tests/nodeinfodata/linux-nodeinfo-6.txt: * src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that would conflict with the one now in "config.h". * autogen.sh: Add -I gnulib/m4. * src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE. Instead, include "config.h". * qemud/qemud.c: Remove definition of _GNU_SOURCE. * src/openvz_driver.c: Likewise. * src/qemu_driver.c: Likewise. * src/remote_internal.c: Likewise. * configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch of gettextize-generated files go into build-aux/, rather than in the top-level directory. * .cvsignore: Adjust. * build-aux/.cvsignore: New file. Author: Jim Meyering <meyering@redhat.com>
2007-12-05 21:31:07 +00:00
gl_EARLY
gl_INIT
AC_TYPE_UID_T
Use gnulib, starting with its physmem and getaddrinfo modules. New files go into these directories: gnulib/lib gnulib/m4 gnulib/tests * bootstrap: A wrapper around gnulib-tool. * configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY before any macro that uses AC_COMPILE_IFELSE. (AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile. * Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests early enough that those tests run before any libvirt unit tests. * m4/Makefile.am: Remove file. Not needed. * src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib. (LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la. * src/nodeinfo.c: Include "physmem.h". * qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h". (MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions. (virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate. * tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib. (LDADDS): Add ../gnulib/lib/libgnu.la. * qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la. * tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total memory from a file. Update expected output not to include "Memory: NNNN" * tests/nodeinfodata/linux-nodeinfo-1.txt: * tests/nodeinfodata/linux-nodeinfo-2.txt: * tests/nodeinfodata/linux-nodeinfo-3.txt: * tests/nodeinfodata/linux-nodeinfo-4.txt: * tests/nodeinfodata/linux-nodeinfo-5.txt: * tests/nodeinfodata/linux-nodeinfo-6.txt: * src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that would conflict with the one now in "config.h". * autogen.sh: Add -I gnulib/m4. * src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE. Instead, include "config.h". * qemud/qemud.c: Remove definition of _GNU_SOURCE. * src/openvz_driver.c: Likewise. * src/qemu_driver.c: Likewise. * src/remote_internal.c: Likewise. * configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch of gettextize-generated files go into build-aux/, rather than in the top-level directory. * .cvsignore: Adjust. * build-aux/.cvsignore: New file. Author: Jim Meyering <meyering@redhat.com>
2007-12-05 21:31:07 +00:00
dnl Support building Win32 DLLs (must appear *before* AM_PROG_LIBTOOL)
AC_LIBTOOL_WIN32_DLL
AC_HEADER_MAJOR
m4_ifndef([LT_INIT], [
AM_PROG_LIBTOOL
], [
LT_INIT([shared disable-static])
])
AM_PROG_CC_C_O
AM_PROG_LD
AC_MSG_CHECKING([for how to mark DSO non-deletable at runtime])
LIBVIRT_NODELETE=
`$LD --help 2>&1 | grep -- "-z nodelete" >/dev/null` && \
LIBVIRT_NODELETE="-Wl,-z -Wl,nodelete"
AC_MSG_RESULT([$LIBVIRT_NODELETE])
AC_SUBST([LIBVIRT_NODELETE])
AC_MSG_CHECKING([for how to set DSO symbol versions])
case "$host" in
*-*-mingw* | *-*-msvc* )
# mingw's ld has the --version-script parameter, but it requires a .def file
# instead to work properly, therefore clear --version-script here and use
# -Wl, to pass the .def file to the linker
# cygwin's ld has the --version-script parameter too, but for some reason
# it's working there as expected
VERSION_SCRIPT_FLAGS="-Wl,"
;;
* )
VERSION_SCRIPT_FLAGS=-Wl,--version-script=
`$LD --help 2>&1 | grep -- --version-script >/dev/null` || \
VERSION_SCRIPT_FLAGS="-Wl,-M -Wl,"
;;
esac
AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
AC_SUBST([VERSION_SCRIPT_FLAGS])
dnl Specify if we rely on ifconfig instead of iproute2 (e.g. in case
dnl we're working on BSD)
want_ifconfig=no
dnl Make some notes about which OS we're compiling for, as the lxc and qemu
dnl drivers require linux headers, and storage_mpath, dtrace, and nwfilter
dnl are also linux specific. The "network" and storage_fs drivers are known
dnl to not work on macOS presently, so we also make a note if compiling
dnl for that
with_linux=no with_macos=no with_freebsd=no with_win=no with_cygwin=no
case $host in
*-*-linux*) with_linux=yes ;;
*-*-darwin*) with_macos=yes ;;
*-*-freebsd*) with_freebsd=yes ;;
*-*-mingw* | *-*-msvc* ) with_win=yes ;;
*-*-cygwin*) with_cygwin=yes ;;
esac
if test $with_linux = no; then
if test "x$with_lxc" != xyes
then
with_lxc=no
fi
with_dtrace=no
with_storage_scsi=no
fi
if test $with_freebsd = yes; then
want_ifconfig=yes
with_firewalld=no
fi
if test $with_cygwin = yes; then
with_vbox=no
fi
AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
# We don't support the daemon yet
if test "$with_win" = "yes" ; then
with_libvirtd=no
fi
# The daemon requires remote support. Likewise, if we are not using
# RPC, we don't need several libraries.
if test "$with_remote" = "no" ; then
with_libvirtd=no
with_ssh2=no
with_sasl=no
with_libssh=no
fi
# Stateful drivers are useful only when building the daemon.
if test "$with_libvirtd" = "no" ; then
with_qemu=no
with_lxc=no
with_libxl=no
with_vbox=no
fi
# Check for compiler and library settings.
LIBVIRT_COMPILE_WARNINGS
LIBVIRT_COMPILE_PIE
LIBVIRT_LINKER_RELRO
LIBVIRT_LINKER_NO_INDIRECT
LIBVIRT_LINKER_NO_UNDEFINED
LIBVIRT_ARG_APPARMOR
LIBVIRT_ARG_ATTR
LIBVIRT_ARG_AUDIT
LIBVIRT_ARG_BASH_COMPLETION
LIBVIRT_ARG_BLKID
LIBVIRT_ARG_CAPNG
LIBVIRT_ARG_CURL
LIBVIRT_ARG_DBUS
LIBVIRT_ARG_FIREWALLD
configure: selectively install a firewalld 'libvirt' zone In the past (when both libvirt and firewalld used iptables), if either libvirt's rules *OR* firewalld's rules accepted a packet, it would be accepted. This was because libvirt and firewalld rules were processed during the same kernel hook, and a single ACCEPT result would terminate the rule traversal and cause the packet to be accepted. But now firewalld can use nftables for its backend, while libvirt's firewall rules are still using iptables; iptables rules are still processed, but at a different time during packet processing (i.e. during a different hook) than the firewalld nftables rules. The result is that a packet must be accepted by *BOTH* the libvirt iptables rules *AND* the firewalld nftable rules in order to be accepted. This causes pain because 1) libvirt always adds rules to permit DNS and DHCP (and sometimes TFTP) from guests to the host network's bridge interface. But libvirt's bridges are in firewalld's "default" zone (which is usually the zone called "public"). The public zone allows ssh, but doesn't allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the DHCP and DNS traffic, the firewalld rules (now processed during a different hook) dont, thus guests connected to libvirt's bridges can't acquire an IP address from DHCP, nor can they make DNS queries to the DNS server libvirt has setup on the host. (This could be solved by modifying the default firewalld zone to allow DNS and DHCP, but that would open *all* interfaces in the default zone to those services, which is most likely not what the host's admin wants.) 2) Even though libvirt adds iptables rules to allow forwarded traffic to pass the iptables hook, firewalld's higher level "rich rules" don't yet have the ability to configure the acceptance of forwarded traffic (traffic that is going somewhere beyond the host), so any traffic that needs to be forwarded from guests to the network beyond the host is rejected during the nftables hook by the default zone's "default reject" policy (which rejects all traffic in the zone not specifically allowed by the rules in the zone, whether that traffic is destined to be forwarded or locally received by the host). libvirt can't send "direct" nftables rules (firewalld only supports direct/passthrough rules for iptables), so we can't solve this problem by just sending explicit nftables rules instead of explicit iptables rules (which, if it could be done, would place libvirt's rules in the same hook as firewalld's native rules, and thus eliminate the need for packets to be accepted by both libvirt's and firewalld's own rules). However, we can take advantage of a quirk in firewalld zones that have a default policy of "accept" (meaning any packet that doesn't match a specific rule in the zone will be *accepted*) - this default accept will also accept forwarded traffic (not just traffic destined for the host). Of course we don't want to modify firewalld's default zone in that way, because that would affect the filtering of traffic coming into the host from other interfaces using that zone. Instead, we will create a new zone called "libvirt". The libvirt zone will have a default policy of accept so that forwarded traffic can pass and list specific services that will be allowed into the host from guests (DNS, DHCP, SSH, and TFTP). But the same default accept policy that fixes forwarded traffic also causes *all* traffic from guest to host to be accepted. To close this new hole, the libvirt zone can take advantage of a new feature in firewalld (currently slated for firewalld-0.7.0) - priorities for rich rules - to add a low priority rule that rejects all local traffic (but leaves alone all forwarded traffic). So, our new zone will start with a list of services that are allowed (dhcp, dns, tftp, and ssh to start, but configurable via any firewalld management application, or direct editing of the zone file in /etc/firewalld/zones/libvirt.xml), followed by a low priority <reject/> rule (to reject all other traffic from guest to host), and finally with a default policy of accept (to allow forwarded traffic). This patch only creates the zonefile for the new zone, and implements a configure.ac option to selectively enable/disable installation of the new zone. A separate patch contains the necessary code to actually place bridge interfaces in the libvirt zone. Why do we need a configure option to disable installation of the new libvirt zone? It uses a new firewalld attribute that sets the priority of a rich rule; this feature first appears in firewalld-0.7.0 (unless it has been backported to am earlier firewalld by a downstream maintainer). If the file were installed on a system with firewalld that didn't support rule priorities, firewalld would log an error every time it restarted, causing confusion and lots of extra bug reports. So we add two new configure.ac switches to avoid polluting the system logs with this error on systems that don't support rule priorities - "--with-firewalld-zone" and "--without-firewalld-zone". A package builder can use these to include/exclude the libvirt zone file in the installation. If firewalld is enabled (--with-firewalld), the default is --with-firewalld-zone, but it can be disabled during configure (using --without-firewalld-zone). Targets that are using a firewalld version too old to support the rule priority setting in the libvirt zone file can simply add --without-firewalld-zone to their configure commandline. These switches only affect whether or not the libvirt zone file is *installed* in /usr/lib/firewalld/zones, but have no effect on whether or not libvirt looks for a zone called libvirt and tries to use it. NB: firewalld zones can only be added to the permanent config of firewalld, and won't be loaded/enabled until firewalld is restarted, so at package install/upgrade time we have to restart firewalld. For rpm-based distros, this is done in the libvirt.spec file by calling the %firewalld_restart rpm macro, which is a part of the firewalld-filesystem package. (For distros that don't use rpm packages, the command "firewalld-cmd --reload" will have the same effect). Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-26 04:52:37 +00:00
LIBVIRT_ARG_FIREWALLD_ZONE
LIBVIRT_ARG_FUSE
LIBVIRT_ARG_GLUSTER
LIBVIRT_ARG_HAL
LIBVIRT_ARG_LIBISCSI
LIBVIRT_ARG_LIBPCAP
LIBVIRT_ARG_LIBSSH
LIBVIRT_ARG_LIBXML
LIBVIRT_ARG_MACVTAP
LIBVIRT_ARG_NETCF
LIBVIRT_ARG_NLS
LIBVIRT_ARG_NSS
LIBVIRT_ARG_NUMACTL
LIBVIRT_ARG_OPENWSMAN
LIBVIRT_ARG_PCIACCESS
LIBVIRT_ARG_PM_UTILS
LIBVIRT_ARG_POLKIT
LIBVIRT_ARG_READLINE
LIBVIRT_ARG_SANLOCK
LIBVIRT_ARG_SASL
LIBVIRT_ARG_SELINUX
LIBVIRT_ARG_SSH2
LIBVIRT_ARG_UDEV
LIBVIRT_ARG_VIRTUALPORT
LIBVIRT_ARG_WIRESHARK
LIBVIRT_ARG_YAJL
LIBVIRT_CHECK_ACL
LIBVIRT_CHECK_APPARMOR
LIBVIRT_CHECK_ATOMIC
LIBVIRT_CHECK_ATTR
LIBVIRT_CHECK_AUDIT
LIBVIRT_CHECK_BASH_COMPLETION
LIBVIRT_CHECK_BLKID
LIBVIRT_CHECK_CAPNG
LIBVIRT_CHECK_CURL
LIBVIRT_CHECK_DBUS
LIBVIRT_CHECK_DEVMAPPER
LIBVIRT_CHECK_DLOPEN
LIBVIRT_CHECK_FIREWALLD
configure: selectively install a firewalld 'libvirt' zone In the past (when both libvirt and firewalld used iptables), if either libvirt's rules *OR* firewalld's rules accepted a packet, it would be accepted. This was because libvirt and firewalld rules were processed during the same kernel hook, and a single ACCEPT result would terminate the rule traversal and cause the packet to be accepted. But now firewalld can use nftables for its backend, while libvirt's firewall rules are still using iptables; iptables rules are still processed, but at a different time during packet processing (i.e. during a different hook) than the firewalld nftables rules. The result is that a packet must be accepted by *BOTH* the libvirt iptables rules *AND* the firewalld nftable rules in order to be accepted. This causes pain because 1) libvirt always adds rules to permit DNS and DHCP (and sometimes TFTP) from guests to the host network's bridge interface. But libvirt's bridges are in firewalld's "default" zone (which is usually the zone called "public"). The public zone allows ssh, but doesn't allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the DHCP and DNS traffic, the firewalld rules (now processed during a different hook) dont, thus guests connected to libvirt's bridges can't acquire an IP address from DHCP, nor can they make DNS queries to the DNS server libvirt has setup on the host. (This could be solved by modifying the default firewalld zone to allow DNS and DHCP, but that would open *all* interfaces in the default zone to those services, which is most likely not what the host's admin wants.) 2) Even though libvirt adds iptables rules to allow forwarded traffic to pass the iptables hook, firewalld's higher level "rich rules" don't yet have the ability to configure the acceptance of forwarded traffic (traffic that is going somewhere beyond the host), so any traffic that needs to be forwarded from guests to the network beyond the host is rejected during the nftables hook by the default zone's "default reject" policy (which rejects all traffic in the zone not specifically allowed by the rules in the zone, whether that traffic is destined to be forwarded or locally received by the host). libvirt can't send "direct" nftables rules (firewalld only supports direct/passthrough rules for iptables), so we can't solve this problem by just sending explicit nftables rules instead of explicit iptables rules (which, if it could be done, would place libvirt's rules in the same hook as firewalld's native rules, and thus eliminate the need for packets to be accepted by both libvirt's and firewalld's own rules). However, we can take advantage of a quirk in firewalld zones that have a default policy of "accept" (meaning any packet that doesn't match a specific rule in the zone will be *accepted*) - this default accept will also accept forwarded traffic (not just traffic destined for the host). Of course we don't want to modify firewalld's default zone in that way, because that would affect the filtering of traffic coming into the host from other interfaces using that zone. Instead, we will create a new zone called "libvirt". The libvirt zone will have a default policy of accept so that forwarded traffic can pass and list specific services that will be allowed into the host from guests (DNS, DHCP, SSH, and TFTP). But the same default accept policy that fixes forwarded traffic also causes *all* traffic from guest to host to be accepted. To close this new hole, the libvirt zone can take advantage of a new feature in firewalld (currently slated for firewalld-0.7.0) - priorities for rich rules - to add a low priority rule that rejects all local traffic (but leaves alone all forwarded traffic). So, our new zone will start with a list of services that are allowed (dhcp, dns, tftp, and ssh to start, but configurable via any firewalld management application, or direct editing of the zone file in /etc/firewalld/zones/libvirt.xml), followed by a low priority <reject/> rule (to reject all other traffic from guest to host), and finally with a default policy of accept (to allow forwarded traffic). This patch only creates the zonefile for the new zone, and implements a configure.ac option to selectively enable/disable installation of the new zone. A separate patch contains the necessary code to actually place bridge interfaces in the libvirt zone. Why do we need a configure option to disable installation of the new libvirt zone? It uses a new firewalld attribute that sets the priority of a rich rule; this feature first appears in firewalld-0.7.0 (unless it has been backported to am earlier firewalld by a downstream maintainer). If the file were installed on a system with firewalld that didn't support rule priorities, firewalld would log an error every time it restarted, causing confusion and lots of extra bug reports. So we add two new configure.ac switches to avoid polluting the system logs with this error on systems that don't support rule priorities - "--with-firewalld-zone" and "--without-firewalld-zone". A package builder can use these to include/exclude the libvirt zone file in the installation. If firewalld is enabled (--with-firewalld), the default is --with-firewalld-zone, but it can be disabled during configure (using --without-firewalld-zone). Targets that are using a firewalld version too old to support the rule priority setting in the libvirt zone file can simply add --without-firewalld-zone to their configure commandline. These switches only affect whether or not the libvirt zone file is *installed* in /usr/lib/firewalld/zones, but have no effect on whether or not libvirt looks for a zone called libvirt and tries to use it. NB: firewalld zones can only be added to the permanent config of firewalld, and won't be loaded/enabled until firewalld is restarted, so at package install/upgrade time we have to restart firewalld. For rpm-based distros, this is done in the libvirt.spec file by calling the %firewalld_restart rpm macro, which is a part of the firewalld-filesystem package. (For distros that don't use rpm packages, the command "firewalld-cmd --reload" will have the same effect). Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-26 04:52:37 +00:00
LIBVIRT_CHECK_FIREWALLD_ZONE
LIBVIRT_CHECK_FUSE
storage: initial support for linking with libgfapi We support gluster volumes in domain XML, so we also ought to support them as a storage pool. Besides, a future patch will want to take advantage of libgfapi to handle the case of a gluster device holding qcow2 rather than raw storage, and for that to work, we need a storage backend that can read gluster storage volume contents. This sets up the framework. Note that the new pool is named 'gluster' to match a <disk type='network'><source protocol='gluster'> image source already supported in a <domain>; it does NOT match the <pool type='netfs'><source><target type='glusterfs'>, since that uses a FUSE mount to a local file name rather than a network name. This and subsequent patches have been tested against glusterfs 3.4.1 (available on Fedora 19); there are likely bugs in older versions that may prevent decent use of gfapi, so this patch enforces the minimum version tested. A future patch may lower the minimum. On the other hand, I hit at least two bugs in 3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth raising the minimum: glfs_readdir is nicer to use than glfs_readdir_r [1], and glfs_fini should only return failure on an actual failure [2]. [1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html [2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html * configure.ac (WITH_STORAGE_GLUSTER): New conditional. * m4/virt-gluster.m4: new file. * libvirt.spec.in (BuildRequires): Support gluster in spec file. * src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool type. * src/conf/storage_conf.c (poolTypeInfo): Treat similar to sheepdog and rbd. (virStoragePoolDefFormat): Don't output target for gluster. * src/storage/storage_backend_gluster.h: New file. * src/storage/storage_backend_gluster.c: Likewise. * po/POTFILES.in: Add new file. * src/storage/storage_backend.c (backends): Register new type. * src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files. * src/storage/storage_backend.h (_virStorageBackend): Documet assumption. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 23:26:05 +00:00
LIBVIRT_CHECK_GLUSTER
LIBVIRT_CHECK_GNUTLS
LIBVIRT_CHECK_HAL
LIBVIRT_CHECK_LIBISCSI
LIBVIRT_CHECK_LIBNL
LIBVIRT_CHECK_LIBPARTED
LIBVIRT_CHECK_LIBPCAP
LIBVIRT_CHECK_LIBSSH
LIBVIRT_CHECK_LIBXML
LIBVIRT_CHECK_MACVTAP
LIBVIRT_CHECK_NETCF
LIBVIRT_CHECK_NLS
LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_NWFILTER
LIBVIRT_CHECK_OPENWSMAN
LIBVIRT_CHECK_PCIACCESS
LIBVIRT_CHECK_PM_UTILS
LIBVIRT_CHECK_POLKIT
LIBVIRT_CHECK_PTHREAD
LIBVIRT_CHECK_READLINE
LIBVIRT_CHECK_SANLOCK
LIBVIRT_CHECK_SASL
LIBVIRT_CHECK_SELINUX
LIBVIRT_CHECK_SSH2
LIBVIRT_CHECK_UDEV
LIBVIRT_CHECK_VIRTUALPORT
LIBVIRT_CHECK_WIRESHARK
LIBVIRT_CHECK_XDR
LIBVIRT_CHECK_YAJL
AC_CHECK_SIZEOF([long])
Adds CPU selection infrastructure Each driver supporting CPU selection must fill in host CPU capabilities. When filling them, drivers for hypervisors running on the same node as libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers, such as VMware, need to implement their own way of getting such data. Raw data can be decoded into virCPUDefPtr using cpuDecode() function. When implementing virConnectCompareCPU(), a hypervisor driver can just call cpuCompareXML() function with host CPU capabilities. For each guest for which a driver supports selecting CPU models, it must set the appropriate feature in guest's capabilities: virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0) Actions needed when a domain is being created depend on whether the hypervisor understands raw CPU data (currently CPUID for i686, x86_64 architectures) or symbolic names has to be used. Typical use by hypervisors which prefer CPUID (such as VMware and Xen): - convert guest CPU configuration from domain's XML into a set of raw data structures each representing one of the feature policies: cpuEncode(conn, architecture, guest_cpu_config, &forced_data, &required_data, &optional_data, &disabled_data, &forbidden_data) - create a mask or whatever the hypervisor expects to see and pass it to the hypervisor Typical use by hypervisors with symbolic model names (such as QEMU): - get raw CPU data for a computed guest CPU: cpuGuestData(conn, host_cpu, guest_cpu_config, &data) - decode raw data into virCPUDefPtr with a possible restriction on allowed model names: cpuDecode(conn, guest, data, n_allowed_models, allowed_models) - pass guest->model and guest->features to the hypervisor * src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h * configure.in: check for CPUID instruction * src/Makefile.am: glue the new files in * src/libvirt_private.syms: add new private symbols * po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 15:02:11 +00:00
dnl Availability of various common functions (non-fatal if missing),
dnl and various less common threadsafe functions
AC_CHECK_FUNCS_ONCE([\
cfmakeraw \
fallocate \
geteuid \
getgid \
getifaddrs \
getmntent_r \
getpwuid_r \
getrlimit \
getuid \
if_indextoname \
mmap \
newlocale \
posix_fallocate \
posix_memalign \
prlimit \
sched_getaffinity \
sched_setscheduler \
setgroups \
setns \
setrlimit \
symlink \
sysctlbyname \
unshare \
])
dnl Availability of various common headers (non-fatal if missing).
AC_CHECK_HEADERS([\
ifaddrs.h \
libtasn1.h \
linux/magic.h \
mntent.h \
net/ethernet.h \
netinet/tcp.h \
pwd.h \
stdarg.h \
syslog.h \
sys/mount.h \
sys/syscall.h \
sys/sysctl.h \
sys/ucred.h \
sys/un.h \
])
dnl Check whether endian provides handy macros.
AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxstat64])
AC_CHECK_TYPE([struct ifreq],
[AC_DEFINE([HAVE_STRUCT_IFREQ],[1],
[Defined if struct ifreq exists in net/if.h])],
[], [[#include <sys/socket.h>
#include <net/if.h>
]])
AC_CHECK_TYPE([struct sockpeercred],
[AC_DEFINE([HAVE_STRUCT_SOCKPEERCRED], [1],
[Defined if struct sockpeercred is available])],
[], [[#include <sys/socket.h>
]])
AC_CHECK_DECLS([ETH_FLAG_TXVLAN, ETH_FLAG_NTUPLE, ETH_FLAG_RXHASH, ETH_FLAG_LRO,
ETHTOOL_GGSO, ETHTOOL_GGRO, ETHTOOL_GFLAGS, ETHTOOL_GFEATURES,
ETHTOOL_SCOALESCE, ETHTOOL_GCOALESCE],
[], [], [[#include <linux/ethtool.h>
]])
AC_CHECK_DECLS([SEEK_HOLE], [], [],
[#include <sys/types.h>
#include <unistd.h>])
dnl Our only use of libtasn1.h is in the testsuite, and can be skipped
dnl if the header is not present. Assume -ltasn1 is present if the
dnl header could be found.
AM_CONDITIONAL([HAVE_LIBTASN1], [test "x$ac_cv_header_libtasn1_h" = "xyes"])
2008-09-05 12:03:45 +00:00
AC_CHECK_LIB([intl],[gettext],[])
dnl
dnl Check for external programs
dnl
LIBVIRT_CHECK_EXTERNAL_PROGRAMS
dnl if --prefix is /usr, don't use /usr/var for localstatedir
dnl or /usr/etc for sysconfdir
dnl as this makes a lot of things break in testing situations
if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var' ; then
localstatedir='/var'
fi
if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc' ; then
sysconfdir='/etc'
fi
dnl
dnl Virtualization drivers check
dnl
LIBVIRT_DRIVER_ARG_QEMU
LIBVIRT_DRIVER_ARG_OPENVZ
LIBVIRT_DRIVER_ARG_VMWARE
LIBVIRT_DRIVER_ARG_PHYP
LIBVIRT_DRIVER_ARG_XENAPI
LIBVIRT_DRIVER_ARG_LIBXL
LIBVIRT_DRIVER_ARG_VBOX
LIBVIRT_DRIVER_ARG_LXC
LIBVIRT_DRIVER_ARG_VZ
LIBVIRT_DRIVER_ARG_BHYVE
LIBVIRT_DRIVER_ARG_ESX
LIBVIRT_DRIVER_ARG_HYPERV
LIBVIRT_DRIVER_ARG_TEST
LIBVIRT_DRIVER_ARG_REMOTE
LIBVIRT_DRIVER_ARG_LIBVIRTD
LIBVIRT_DRIVER_ARG_NETWORK
LIBVIRT_DRIVER_ARG_INTERFACE
LIBVIRT_DRIVER_CHECK_QEMU
LIBVIRT_DRIVER_CHECK_OPENVZ
LIBVIRT_DRIVER_CHECK_VMWARE
LIBVIRT_DRIVER_CHECK_PHYP
LIBVIRT_DRIVER_CHECK_XENAPI
LIBVIRT_DRIVER_CHECK_LIBXL
LIBVIRT_DRIVER_CHECK_VBOX
LIBVIRT_DRIVER_CHECK_LXC
LIBVIRT_DRIVER_CHECK_VZ
LIBVIRT_DRIVER_CHECK_BHYVE
LIBVIRT_DRIVER_CHECK_ESX
LIBVIRT_DRIVER_CHECK_HYPERV
LIBVIRT_DRIVER_CHECK_TEST
LIBVIRT_DRIVER_CHECK_REMOTE
LIBVIRT_DRIVER_CHECK_LIBVIRTD
LIBVIRT_DRIVER_CHECK_NETWORK
LIBVIRT_DRIVER_CHECK_INTERFACE
AM_CONDITIONAL([WITH_XENCONFIG], [test "$with_libxl" = "yes"])
dnl
dnl in case someone want to build static binaries
dnl STATIC_BINARIES="-static"
dnl
STATIC_BINARIES=
2008-05-22 15:34:02 +00:00
AC_SUBST([STATIC_BINARIES])
dnl
dnl Miscellaneous checks
dnl
LIBVIRT_ARG_DEBUG
LIBVIRT_ARG_DTRACE
LIBVIRT_ARG_NUMAD
LIBVIRT_ARG_INIT_SCRIPT
LIBVIRT_ARG_CHRDEV_LOCK_FILES
LIBVIRT_ARG_DEFAULT_EDITOR
LIBVIRT_ARG_LOADER_NVRAM
LIBVIRT_ARG_LOGIN_SHELL
LIBVIRT_ARG_HOST_VALIDATE
LIBVIRT_ARG_TLS_PRIORITY
LIBVIRT_ARG_SYSCTL_CONFIG
LIBVIRT_CHECK_DEBUG
LIBVIRT_CHECK_DTRACE
LIBVIRT_CHECK_NUMAD
LIBVIRT_CHECK_INIT_SCRIPT
LIBVIRT_CHECK_CHRDEV_LOCK_FILES
LIBVIRT_CHECK_DEFAULT_EDITOR
LIBVIRT_CHECK_LOADER_NVRAM
LIBVIRT_CHECK_LOGIN_SHELL
LIBVIRT_CHECK_HOST_VALIDATE
LIBVIRT_CHECK_TLS_PRIORITY
LIBVIRT_CHECK_SYSCTL_CONFIG
LIBVIRT_CHECK_NSS
dnl
dnl check for kvm headers
dnl
AC_CHECK_HEADERS([linux/kvm.h])
dnl
dnl check for kernel headers required by src/bridge.c
dnl
if test "$with_linux" = "yes"; then
# Various kernel versions have headers that are not self-standing, but
# yet are incompatible with the corresponding glibc headers. In order
# to guarantee compilation across a wide range of versions (from RHEL 5
# to rawhide), we first have to probe whether glibc and kernel can be
# used in tandem; and if not, provide workarounds that ensure that
# ABI-compatible IPv6 types are present for use by the kernel headers.
# These probes mirror the usage in virnetdevbridge.c
AC_CACHE_CHECK(
[whether <linux/*.h> and <netinet/*.h> headers are compatible],
[lv_cv_netinet_linux_compatible],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <netinet/in.h>
#include <linux/in6.h>
]])],
[lv_cv_netinet_linux_compatible=yes],
[lv_cv_netinet_linux_compatible=no])])
if test "x$lv_cv_netinet_linux_compatible" != xyes; then
AC_DEFINE([NETINET_LINUX_WORKAROUND], [1],
[define to 1 if Linux kernel headers require a workaround to avoid
compilation errors when mixed with glibc netinet headers])
fi
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
[AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])],
[[#include <netinet/in.h>
#if NETINET_LINUX_WORKAROUND
# define in6_addr in6_addr_
# define sockaddr_in6 sockaddr_in6_
# define ipv6_mreq ipv6_mreq_
# define in6addr_any in6addr_any_
# define in6addr_loopback in6addr_loopback_
#endif
build: more workarounds for if_bridge.h This is a second attempt at fixing the problem first attempted in commit 2df8d99; basically undoing the fact that it was reverted in commit 43cee32f, plus fixing two more issues: the code in configure.ac has to EXACTLY match virnetdevbridge.c with regards to declaring in6 types before using if_bridge.h, and the fact that RHEL 5 has even more conflicts: In file included from util/virnetdevbridge.c:49: /usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any' /usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here /usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback' /usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here The rest of this commit message borrows from the original try of 2df8d99: A fresh checkout on a RHEL 6 machine with these packages: kernel-headers-2.6.32-405.el6.x86_64 glibc-2.12-1.128.el6.x86_64 failed to configure with this message: checking for linux/if_bridge.h... no configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support Digging in config.log, we see that the problem is identical to what we fixed earlier in commit d12c2811: configure:98831: checking for linux/if_bridge.h configure:98853: gcc -std=gnu99 -c -g -O2 conftest.c >&5 In file included from /usr/include/linux/if_bridge.h:17, from conftest.c:559: /usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr' /usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6' /usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq' configure:98860: $? = 1 I had not hit it earlier because I was using incremental builds, where config.cache had shielded me from the kernel-headers breakage. * configure.ac (if_bridge.h): Avoid conflicting type definitions. * src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-07 16:34:08 +00:00
#include <linux/in6.h>
]])
fi
dnl Need to test if pkg-config exists
PKG_PROG_PKG_CONFIG
dnl Security driver checks
LIBVIRT_SECDRIVER_ARG_SELINUX
LIBVIRT_SECDRIVER_ARG_APPARMOR
LIBVIRT_SECDRIVER_CHECK_SELINUX
LIBVIRT_SECDRIVER_CHECK_APPARMOR
LIBVIRT_ARG_WITH_FEATURE([SECRETS], [local secrets management driver], [yes])
if test "$with_libvirtd" = "no"; then
with_secrets=no
fi
if test "$with_secrets" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_SECRETS], 1, [whether local secrets management driver is available])
fi
AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])
dnl
dnl Storage driver checks
dnl
LIBVIRT_STORAGE_ARG_DIR
LIBVIRT_STORAGE_ARG_FS
LIBVIRT_STORAGE_ARG_LVM
LIBVIRT_STORAGE_ARG_ISCSI
LIBVIRT_STORAGE_ARG_ISCSI_DIRECT
LIBVIRT_STORAGE_ARG_SCSI
LIBVIRT_STORAGE_ARG_MPATH
LIBVIRT_STORAGE_ARG_DISK
LIBVIRT_STORAGE_ARG_RBD
LIBVIRT_STORAGE_ARG_SHEEPDOG
LIBVIRT_STORAGE_ARG_GLUSTER
LIBVIRT_STORAGE_ARG_ZFS
LIBVIRT_STORAGE_ARG_VSTORAGE
2008-09-05 12:03:45 +00:00
if test "$with_libvirtd" = "no"; then
with_storage_dir=no
with_storage_fs=no
with_storage_lvm=no
with_storage_iscsi=no
with_storage_iscsi_direct=no
with_storage_scsi=no
with_storage_mpath=no
2008-09-05 12:03:45 +00:00
with_storage_disk=no
with_storage_rbd=no
with_storage_sheepdog=no
storage: initial support for linking with libgfapi We support gluster volumes in domain XML, so we also ought to support them as a storage pool. Besides, a future patch will want to take advantage of libgfapi to handle the case of a gluster device holding qcow2 rather than raw storage, and for that to work, we need a storage backend that can read gluster storage volume contents. This sets up the framework. Note that the new pool is named 'gluster' to match a <disk type='network'><source protocol='gluster'> image source already supported in a <domain>; it does NOT match the <pool type='netfs'><source><target type='glusterfs'>, since that uses a FUSE mount to a local file name rather than a network name. This and subsequent patches have been tested against glusterfs 3.4.1 (available on Fedora 19); there are likely bugs in older versions that may prevent decent use of gfapi, so this patch enforces the minimum version tested. A future patch may lower the minimum. On the other hand, I hit at least two bugs in 3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth raising the minimum: glfs_readdir is nicer to use than glfs_readdir_r [1], and glfs_fini should only return failure on an actual failure [2]. [1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html [2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html * configure.ac (WITH_STORAGE_GLUSTER): New conditional. * m4/virt-gluster.m4: new file. * libvirt.spec.in (BuildRequires): Support gluster in spec file. * src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool type. * src/conf/storage_conf.c (poolTypeInfo): Treat similar to sheepdog and rbd. (virStoragePoolDefFormat): Don't output target for gluster. * src/storage/storage_backend_gluster.h: New file. * src/storage/storage_backend_gluster.c: Likewise. * po/POTFILES.in: Add new file. * src/storage/storage_backend.c (backends): Register new type. * src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files. * src/storage/storage_backend.h (_virStorageBackend): Documet assumption. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 23:26:05 +00:00
with_storage_gluster=no
with_storage_zfs=no
with_storage_vstorage=no
2008-09-05 12:03:45 +00:00
fi
dnl storage-fs does not work on macOS
if test "$with_macos" = "yes"; then
with_storage_fs=no
fi
2008-09-05 12:03:45 +00:00
LIBVIRT_STORAGE_CHECK_DIR
LIBVIRT_STORAGE_CHECK_FS
LIBVIRT_STORAGE_CHECK_LVM
LIBVIRT_STORAGE_CHECK_ISCSI
LIBVIRT_STORAGE_CHECK_ISCSI_DIRECT
LIBVIRT_STORAGE_CHECK_SCSI
LIBVIRT_STORAGE_CHECK_MPATH
LIBVIRT_STORAGE_CHECK_DISK
LIBVIRT_STORAGE_CHECK_RBD
LIBVIRT_STORAGE_CHECK_SHEEPDOG
LIBVIRT_STORAGE_CHECK_GLUSTER
LIBVIRT_STORAGE_CHECK_ZFS
LIBVIRT_STORAGE_CHECK_VSTORAGE
with_storage=no
for backend in dir fs lvm iscsi iscsi_direct scsi mpath rbd disk; do
if eval test \$with_storage_$backend = yes; then
with_storage=yes
break
fi
done
if test $with_storage = yes; then
AC_DEFINE([WITH_STORAGE], [1],
[Define to 1 if at least one storage backend is in use])
fi
AM_CONDITIONAL([WITH_STORAGE], [test "$with_storage" = "yes"])
dnl
dnl check for kernel headers required by btrfs ioctl
dnl
if test "$with_linux" = "yes"; then
AC_CHECK_HEADERS([linux/btrfs.h])
fi
dnl
dnl check for xfs dev headers required by xfs ioctl
dnl
if test "$with_linux" = "yes"; then
AC_CHECK_HEADERS([xfs/xfs.h])
fi
dnl
dnl check for DEVLINK_CMD_ESWITCH_GET
dnl
dnl Assume DEVLINK_ESWITCH_MODE_SWITCHDEV is also
dnl available, as it was introudced in kernel 4.8
dnl along with the original spelling of this constant
dnl (DEVLINK_CMD_ESWITCH_MODE_GET, not supported by libvirt)
dnl
if test "$with_linux" = "yes"; then
AC_CHECK_HEADERS([linux/devlink.h])
AC_CHECK_DECLS([DEVLINK_CMD_ESWITCH_GET], [], [],
[[#include <linux/devlink.h>]])
fi
dnl
dnl check for VHOST_VSOCK_SET_GUEST_CID
dnl
if test "$with_linux" = "yes"; then
AC_CHECK_DECLS([VHOST_VSOCK_SET_GUEST_CID], [], [],
[[#include <linux/vhost.h>]])
fi
dnl Allow perl/python overrides
AC_PATH_PROGS([PYTHON], [python3 python2 python])
if test -z "$PYTHON"; then
AC_MSG_ERROR(['python3', 'python2' or 'python' binary is required to build libvirt])
fi
AC_PATH_PROG([PERL], [perl])
if test -z "$PERL"; then
AC_MSG_ERROR(['perl' binary is required to build libvirt])
fi
LIBVIRT_ARG_WITH([TEST_SUITE], [build test suite by default], [check])
case "$with_test_suite" in
yes|no|check) ;;
*) AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
esac
AC_MSG_CHECKING([Whether to build test suite by default])
if test "$with_test_suite" = "check" ; then
if test -d $srcdir/.git ; then
with_test_suite=yes
else
with_test_suite=no
fi
fi
AC_MSG_RESULT([$with_test_suite])
AM_CONDITIONAL([WITH_TESTS], [test "$with_test_suite" = "yes"])
LIBVIRT_ARG_ENABLE([EXPENSIVE_TESTS],
[set the default for enabling expensive tests ]
[(gnulib and long timeouts), use VIR_TEST_EXPENSIVE to ]
[override during make],
[check])
case "$enable_expensive_tests" in
0|no) VIR_TEST_EXPENSIVE_DEFAULT=0 ;;
1|yes) VIR_TEST_EXPENSIVE_DEFAULT=1 ;;
check) ;;
*) AC_MSG_ERROR([bad value ${enable_expensive_tests} for enable-expensive-tests option]) ;;
esac
if test "$enable_expensive_tests" = check; then
build: add configure option to disable gnulib tests The gnulib testsuite is relatively stable - the only times it is likely to have a test change from pass to fail is on a gnulib submodule update or a major system change (such as moving from Fedora 18 to 19, or other large change to libc). While it is an important test for end users on arbitrary machines (to make sure that the portability glue works for their machine), it mostly wastes time for development testing (as most developers aren't making any of the major changes that would cause gnulib tests to alter behavior). Thus, it pays to make the tests optional at configure time, defaulting to off for development, on for tarballs, with autobuilders requesting it to be on. It also helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01] (much the way automake sets up V=[01] for overriding the configure time default of how verbose to be). Automake has some pretty hard-coded magic with regards to the TESTS variable; I had quite a job figuring out how to keep 'make distcheck' passing regardless of the configure option setting in use, while still disabling the tests at runtime when I did not configure them on and did not use the override variable. Thankfully, we require GNU make, which lets me hide some information from Automake's magic handling of TESTS. * bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable. * configure.ac (--enable-expensive-tests): Add new enable switch. (VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new witnesses. * gnulib/tests/Makefile.am (TESTS): Make tests conditional on configure settings and the VIR_TEST_EXPENSIVE variable. * tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE to all tests. * autobuild.sh: Enable all tests during autobuilds. * libvirt.spec.in (%configure): Likewise. * mingw-libvirt.spec.in (%mingw_configure): Likewise. * docs/hacking.html.in: Document the option. * HACKING: Regenerate. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-31 13:18:58 +00:00
if test -d $srcdir/.git ; then
VIR_TEST_EXPENSIVE_DEFAULT=0
else
VIR_TEST_EXPENSIVE_DEFAULT=1
fi
fi
AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
case "$enable_test_coverage" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
esac
if test "$enable_test_coverage" = yes; then
save_WARN_CFLAGS=$WARN_CFLAGS
WARN_CFLAGS=
gl_WARN_ADD([-fprofile-arcs])
gl_WARN_ADD([-ftest-coverage])
COVERAGE_FLAGS=$WARN_CFLAGS
AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
WARN_CFLAGS=$save_WARN_CFLAGS
fi
LIBVIRT_ARG_ENABLE([TEST_OOM], [memory allocation failure checking], [no])
case "$enable_test_oom" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enable_test_oom} for test-oom option]) ;;
esac
2008-05-29 15:13:07 +00:00
if test "$enable_test_oom" = yes; then
2008-05-29 15:13:07 +00:00
have_trace=yes
AC_CHECK_HEADER([execinfo.h],[],[have_trace=no])
AC_CHECK_FUNC([backtrace],[],[have_trace=no])
if test "$have_trace" = "yes"; then
AC_DEFINE([TEST_OOM_TRACE], 1, [Whether backtrace() is available])
fi
AC_DEFINE([TEST_OOM], 1, [Whether malloc OOM checking is enabled])
fi
LIBVIRT_ARG_ENABLE([TEST_LOCKING], [thread locking tests using CIL], [no])
case "$enable_test_locking" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enable_test_locking} for test-locking option]) ;;
esac
if test "$enable_test_locking" = "yes"; then
LOCK_CHECKING_CFLAGS="-save-temps"
AC_SUBST([LOCK_CHECKING_CFLAGS])
fi
AM_CONDITIONAL([WITH_CIL],[test "$enable_test_locking" = "yes"])
dnl Cygwin, MinGW and MSVC checks
LIBVIRT_WIN_CHECK_COMMON
LIBVIRT_WIN_CHECK_CYGWIN
LIBVIRT_WIN_CHECK_MINGW
LIBVIRT_WIN_CHECK_SYMBOLS
LIBVIRT_WIN_CHECK_WINDRES
dnl Driver-Modules library support
LIBVIRT_ARG_DRIVER_MODULES
LIBVIRT_CHECK_DRIVER_MODULES
2008-11-21 12:16:08 +00:00
# Set LV_LIBTOOL_OBJDIR to "." or $lt_cv_objdir, depending on whether
# we're building shared libraries. This is the name of the directory
# in which .o files will be created.
test "$enable_shared" = no && lt_cv_objdir=.
LV_LIBTOOL_OBJDIR=${lt_cv_objdir-.}
2008-05-22 15:34:02 +00:00
AC_SUBST([LV_LIBTOOL_OBJDIR])
with_nodedev=no;
if test "$with_hal" = "yes" || test "$with_udev" = "yes";
then
with_nodedev=yes
AC_DEFINE_UNQUOTED([WITH_NODE_DEVICES], 1, [with node device driver])
fi
AM_CONDITIONAL([WITH_NODE_DEVICES], [test "$with_nodedev" = "yes"])
dnl GET_VLAN_VID_CMD is required for virNetDevGetVLanID
AC_CHECK_DECLS([GET_VLAN_VID_CMD], [], [], [[#include <linux/if_vlan.h>]])
# Check for Linux vs. BSD ifreq members
AC_CHECK_MEMBERS([struct ifreq.ifr_newname,
struct ifreq.ifr_ifindex,
struct ifreq.ifr_index,
struct ifreq.ifr_hwaddr],
[], [],
[#include <sys/socket.h>
#include <net/if.h>
])
# Check for BSD approach for setting MAC addr
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if_dl.h>
]],
[[
link_addr(0, 0)]])],
[AC_DEFINE([HAVE_DECL_LINK_ADDR],
[1],
[whether link_addr is available])])
# Check for BSD approach for bridge management
AC_CHECK_DECLS([BRDGSFD, BRDGADD, BRDGDEL],
[AC_DEFINE([HAVE_BSD_BRIDGE_MGMT],
[1],
[whether BSD style bridge management is available])],
[],
[#include <stdint.h>
#include <net/if.h>
#include <net/ethernet.h>
#include <net/if_bridgevar.h>
])
# Check for BSD CPU affinity availability
AC_CHECK_DECLS([cpuset_getaffinity],
[AC_DEFINE([HAVE_BSD_CPU_AFFINITY],
[1],
[whether BSD CPU affinity management is available])],
[],
[#include <sys/param.h>
#include <sys/cpuset.h>
])
# Check for BSD kvm (kernel memory interface)
if test $with_freebsd = yes; then
AC_CHECK_LIB([kvm], [kvm_getprocs], [],
[AC_MSG_ERROR([BSD kernel memory interface library is required to build on FreeBSD])]
)
fi
2014-07-06 09:53:40 +00:00
# FreeBSD 10-STABLE requires _IFI_OQDROPS to be defined for if_data.ifi_oqdrops
# field be available
old_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -D_IFI_OQDROPS"
AC_CHECK_MEMBERS([struct if_data.ifi_oqdrops],
[],
[CFLAGS="$old_CFLAGS"],
[#include <net/if.h>
])
AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
[AC_DEFINE([HAVE_MACH_CLOCK_ROUTINES],
[1],
[whether Mach clock routines are available])],
[],
[#include <mach/clock.h>
#include <mach/mach.h>
])
# Check if we need to look for ifconfig
if test "$want_ifconfig" = "yes"; then
AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
if test -z "$IFCONFIG_PATH"; then
AC_MSG_ERROR([Failed to find ifconfig.])
fi
AC_DEFINE_UNQUOTED([IFCONFIG_PATH], "$IFCONFIG_PATH", [path to ifconfig binary])
fi
# Detect when running under the clang static analyzer's scan-build driver
# or Coverity-prevent's cov-build. Define STATIC_ANALYSIS accordingly.
AC_CACHE_CHECK([whether this build is done by a static analysis tool],
[lv_cv_static_analysis], [
lv_cv_static_analysis=no
if test -n "${CCC_ANALYZER_ANALYSIS+set}" || \
test -n "$COVERITY_BUILD_COMMAND$COVERITY_LD_PRELOAD"; then
lv_cv_static_analysis=yes
fi
])
t=0
test "x$lv_cv_static_analysis" = xyes && t=1
AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
[Define to 1 when performing static analysis.])
# Some GNULIB base64 symbols clash with a kerberos library
AC_DEFINE_UNQUOTED([isbase64],[libvirt_gl_isbase64],[Hack to avoid symbol clash])
AC_DEFINE_UNQUOTED([base64_encode],[libvirt_gl_base64_encode],[Hack to avoid symbol clash])
AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack to avoid symbol clash])
AC_CONFIG_FILES([run],
[chmod +x,-w run])
AC_CONFIG_FILES([\
makefile: Move include/Makefile.am to include/libvirt/Makefile.am The reason for this is to fix the automatic rebuild of libvirt-common.h.in. All *.in files should be automatically rebuilt each time they're modified. It works well for makefiles and pkgconfig files, since they do have a valid dependency in the top-level Makefile. However, with libvirt-common.h.in there is no dependency in the top-level Makefile and there's no need for it either, so this rule include/libvirt/libvirt-common.h: $(top_builddir)/config.status \ $(top_srcdir)/include/libvirt/libvirt-common.h.in cd $(top_builddir) && $(SHELL) ./config.status $@ is never hit and should be moved to include/Makefile, but that's automake's job. According to GNU automake docs: "Files created by AC_CONFIG_FILES, be they Automake Makefiles or not, are all removed by ‘make distclean’. Their inputs are automatically distributed, unless they are the output of prior AC_CONFIG_FILES commands. Finally, rebuild rules are generated in the Automake Makefile existing in the subdirectory of the output file, if there is one, or in the top-level Makefile otherwise." Which means that if we want to have the rule for libvirt-common.h automatically generated by automake, the include/Makefile.am needs to be moved into libvirt/ subdirectory and $SUBDIRS in the top-level Makefile need to be adjusted as well. This patch moves Makefile.am from include/ to include/libvirt, adjusting the prefixes accordingly as well as updates the top-level Makefile $SUBDIRS to properly hint automake to generate all rules at proper places. Best way to see the changes, use -M with 'git show'. Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-04-05 19:04:06 +00:00
Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
gnulib/lib/Makefile \
gnulib/tests/Makefile \
.color_coded \
.ycm_extra_conf.py \
libvirt.pc \
libvirt-qemu.pc \
libvirt-lxc.pc \
libvirt-admin.pc \
src/libvirt.pc \
src/libvirt-qemu.pc \
src/libvirt-lxc.pc \
libvirt.spec mingw-libvirt.spec \
po/Makefile \
include/libvirt/libvirt-common.h \
examples/Makefile \
tests/Makefile \
tools/Makefile])
AC_OUTPUT
2007-09-18 23:36:30 +00:00
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Configuration summary])
AC_MSG_NOTICE([=====================])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Drivers])
AC_MSG_NOTICE([])
LIBVIRT_DRIVER_RESULT_QEMU
LIBVIRT_DRIVER_RESULT_OPENVZ
LIBVIRT_DRIVER_RESULT_VMWARE
LIBVIRT_DRIVER_RESULT_VBOX
LIBVIRT_DRIVER_RESULT_XENAPI
LIBVIRT_DRIVER_RESULT_LIBXL
LIBVIRT_DRIVER_RESULT_LXC
LIBVIRT_DRIVER_RESULT_PHYP
LIBVIRT_DRIVER_RESULT_ESX
LIBVIRT_DRIVER_RESULT_HYPERV
LIBVIRT_DRIVER_RESULT_VZ
LIBVIRT_DRIVER_RESULT_BHYVE
LIBVIRT_DRIVER_RESULT_TEST
LIBVIRT_DRIVER_RESULT_REMOTE
LIBVIRT_DRIVER_RESULT_NETWORK
LIBVIRT_DRIVER_RESULT_LIBVIRTD
LIBVIRT_DRIVER_RESULT_INTERFACE
2007-09-18 23:36:30 +00:00
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Storage Drivers])
AC_MSG_NOTICE([])
LIBVIRT_STORAGE_RESULT_DIR
LIBVIRT_STORAGE_RESULT_FS
LIBVIRT_STORAGE_RESULT_LVM
LIBVIRT_STORAGE_RESULT_ISCSI
LIBVIRT_STORAGE_RESULT_ISCSI_DIRECT
LIBVIRT_STORAGE_RESULT_SCSI
LIBVIRT_STORAGE_RESULT_MPATH
LIBVIRT_STORAGE_RESULT_DISK
LIBVIRT_STORAGE_RESULT_RBD
LIBVIRT_STORAGE_RESULT_SHEEPDOG
LIBVIRT_STORAGE_RESULT_GLUSTER
LIBVIRT_STORAGE_RESULT_ZFS
LIBVIRT_STORAGE_RESULT_VSTORAGE
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Security Drivers])
AC_MSG_NOTICE([])
LIBVIRT_SECDRIVER_RESULT_SELINUX
LIBVIRT_SECDRIVER_RESULT_APPARMOR
AC_MSG_NOTICE([])
2008-11-21 12:16:08 +00:00
AC_MSG_NOTICE([Driver Loadable Modules])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_DRIVER_MODULES
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Libraries])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_ACL
LIBVIRT_RESULT_APPARMOR
LIBVIRT_RESULT_ATTR
LIBVIRT_RESULT_AUDIT
LIBVIRT_RESULT_BASH_COMPLETION
LIBVIRT_RESULT_BLKID
LIBVIRT_RESULT_CAPNG
LIBVIRT_RESULT_CURL
LIBVIRT_RESULT_DBUS
LIBVIRT_RESULT_DLOPEN
LIBVIRT_RESULT_FIREWALLD
configure: selectively install a firewalld 'libvirt' zone In the past (when both libvirt and firewalld used iptables), if either libvirt's rules *OR* firewalld's rules accepted a packet, it would be accepted. This was because libvirt and firewalld rules were processed during the same kernel hook, and a single ACCEPT result would terminate the rule traversal and cause the packet to be accepted. But now firewalld can use nftables for its backend, while libvirt's firewall rules are still using iptables; iptables rules are still processed, but at a different time during packet processing (i.e. during a different hook) than the firewalld nftables rules. The result is that a packet must be accepted by *BOTH* the libvirt iptables rules *AND* the firewalld nftable rules in order to be accepted. This causes pain because 1) libvirt always adds rules to permit DNS and DHCP (and sometimes TFTP) from guests to the host network's bridge interface. But libvirt's bridges are in firewalld's "default" zone (which is usually the zone called "public"). The public zone allows ssh, but doesn't allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the DHCP and DNS traffic, the firewalld rules (now processed during a different hook) dont, thus guests connected to libvirt's bridges can't acquire an IP address from DHCP, nor can they make DNS queries to the DNS server libvirt has setup on the host. (This could be solved by modifying the default firewalld zone to allow DNS and DHCP, but that would open *all* interfaces in the default zone to those services, which is most likely not what the host's admin wants.) 2) Even though libvirt adds iptables rules to allow forwarded traffic to pass the iptables hook, firewalld's higher level "rich rules" don't yet have the ability to configure the acceptance of forwarded traffic (traffic that is going somewhere beyond the host), so any traffic that needs to be forwarded from guests to the network beyond the host is rejected during the nftables hook by the default zone's "default reject" policy (which rejects all traffic in the zone not specifically allowed by the rules in the zone, whether that traffic is destined to be forwarded or locally received by the host). libvirt can't send "direct" nftables rules (firewalld only supports direct/passthrough rules for iptables), so we can't solve this problem by just sending explicit nftables rules instead of explicit iptables rules (which, if it could be done, would place libvirt's rules in the same hook as firewalld's native rules, and thus eliminate the need for packets to be accepted by both libvirt's and firewalld's own rules). However, we can take advantage of a quirk in firewalld zones that have a default policy of "accept" (meaning any packet that doesn't match a specific rule in the zone will be *accepted*) - this default accept will also accept forwarded traffic (not just traffic destined for the host). Of course we don't want to modify firewalld's default zone in that way, because that would affect the filtering of traffic coming into the host from other interfaces using that zone. Instead, we will create a new zone called "libvirt". The libvirt zone will have a default policy of accept so that forwarded traffic can pass and list specific services that will be allowed into the host from guests (DNS, DHCP, SSH, and TFTP). But the same default accept policy that fixes forwarded traffic also causes *all* traffic from guest to host to be accepted. To close this new hole, the libvirt zone can take advantage of a new feature in firewalld (currently slated for firewalld-0.7.0) - priorities for rich rules - to add a low priority rule that rejects all local traffic (but leaves alone all forwarded traffic). So, our new zone will start with a list of services that are allowed (dhcp, dns, tftp, and ssh to start, but configurable via any firewalld management application, or direct editing of the zone file in /etc/firewalld/zones/libvirt.xml), followed by a low priority <reject/> rule (to reject all other traffic from guest to host), and finally with a default policy of accept (to allow forwarded traffic). This patch only creates the zonefile for the new zone, and implements a configure.ac option to selectively enable/disable installation of the new zone. A separate patch contains the necessary code to actually place bridge interfaces in the libvirt zone. Why do we need a configure option to disable installation of the new libvirt zone? It uses a new firewalld attribute that sets the priority of a rich rule; this feature first appears in firewalld-0.7.0 (unless it has been backported to am earlier firewalld by a downstream maintainer). If the file were installed on a system with firewalld that didn't support rule priorities, firewalld would log an error every time it restarted, causing confusion and lots of extra bug reports. So we add two new configure.ac switches to avoid polluting the system logs with this error on systems that don't support rule priorities - "--with-firewalld-zone" and "--without-firewalld-zone". A package builder can use these to include/exclude the libvirt zone file in the installation. If firewalld is enabled (--with-firewalld), the default is --with-firewalld-zone, but it can be disabled during configure (using --without-firewalld-zone). Targets that are using a firewalld version too old to support the rule priority setting in the libvirt zone file can simply add --without-firewalld-zone to their configure commandline. These switches only affect whether or not the libvirt zone file is *installed* in /usr/lib/firewalld/zones, but have no effect on whether or not libvirt looks for a zone called libvirt and tries to use it. NB: firewalld zones can only be added to the permanent config of firewalld, and won't be loaded/enabled until firewalld is restarted, so at package install/upgrade time we have to restart firewalld. For rpm-based distros, this is done in the libvirt.spec file by calling the %firewalld_restart rpm macro, which is a part of the firewalld-filesystem package. (For distros that don't use rpm packages, the command "firewalld-cmd --reload" will have the same effect). Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-26 04:52:37 +00:00
LIBVIRT_RESULT_FIREWALLD_ZONE
LIBVIRT_RESULT_FUSE
storage: initial support for linking with libgfapi We support gluster volumes in domain XML, so we also ought to support them as a storage pool. Besides, a future patch will want to take advantage of libgfapi to handle the case of a gluster device holding qcow2 rather than raw storage, and for that to work, we need a storage backend that can read gluster storage volume contents. This sets up the framework. Note that the new pool is named 'gluster' to match a <disk type='network'><source protocol='gluster'> image source already supported in a <domain>; it does NOT match the <pool type='netfs'><source><target type='glusterfs'>, since that uses a FUSE mount to a local file name rather than a network name. This and subsequent patches have been tested against glusterfs 3.4.1 (available on Fedora 19); there are likely bugs in older versions that may prevent decent use of gfapi, so this patch enforces the minimum version tested. A future patch may lower the minimum. On the other hand, I hit at least two bugs in 3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth raising the minimum: glfs_readdir is nicer to use than glfs_readdir_r [1], and glfs_fini should only return failure on an actual failure [2]. [1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html [2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html * configure.ac (WITH_STORAGE_GLUSTER): New conditional. * m4/virt-gluster.m4: new file. * libvirt.spec.in (BuildRequires): Support gluster in spec file. * src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool type. * src/conf/storage_conf.c (poolTypeInfo): Treat similar to sheepdog and rbd. (virStoragePoolDefFormat): Don't output target for gluster. * src/storage/storage_backend_gluster.h: New file. * src/storage/storage_backend_gluster.c: Likewise. * po/POTFILES.in: Add new file. * src/storage/storage_backend.c (backends): Register new type. * src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files. * src/storage/storage_backend.h (_virStorageBackend): Documet assumption. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-19 23:26:05 +00:00
LIBVIRT_RESULT_GLUSTER
LIBVIRT_RESULT_GNUTLS
LIBVIRT_RESULT_HAL
LIBVIRT_RESULT_LIBISCSI
LIBVIRT_RESULT_LIBNL
LIBVIRT_RESULT_LIBPCAP
LIBVIRT_RESULT_LIBSSH
LIBVIRT_RESULT_LIBXL
LIBVIRT_RESULT_LIBXML
LIBVIRT_RESULT_MACVTAP
LIBVIRT_RESULT_NETCF
LIBVIRT_RESULT_NLS
LIBVIRT_RESULT_NSS
LIBVIRT_RESULT_NUMACTL
LIBVIRT_RESULT_OPENWSMAN
LIBVIRT_RESULT_PCIACCESS
LIBVIRT_RESULT_PM_UTILS
LIBVIRT_RESULT_POLKIT
LIBVIRT_RESULT_RBD
LIBVIRT_RESULT_READLINE
LIBVIRT_RESULT_SANLOCK
LIBVIRT_RESULT_SASL
LIBVIRT_RESULT_SELINUX
LIBVIRT_RESULT_SSH2
LIBVIRT_RESULT_UDEV
LIBVIRT_RESULT_VIRTUALPORT
LIBVIRT_RESULT_XDR
LIBVIRT_RESULT_XENAPI
LIBVIRT_RESULT_YAJL
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Windows])
AC_MSG_NOTICE([])
LIBVIRT_WIN_RESULT_COMMON
LIBVIRT_WIN_RESULT_WINDRES
2007-09-18 23:36:30 +00:00
AC_MSG_NOTICE([])
2008-05-29 15:13:07 +00:00
AC_MSG_NOTICE([Test suite])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([ Coverage: $enable_test_coverage])
AC_MSG_NOTICE([ Alloc OOM: $enable_test_oom])
2008-05-29 15:13:07 +00:00
AC_MSG_NOTICE([])
2007-09-18 23:36:30 +00:00
AC_MSG_NOTICE([Miscellaneous])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_DEBUG
AC_MSG_NOTICE([ Use -Werror: $enable_werror])
AC_MSG_NOTICE([ Warning Flags: $WARN_CFLAGS])
LIBVIRT_RESULT_DTRACE
LIBVIRT_RESULT_NUMAD
LIBVIRT_RESULT_INIT_SCRIPT
LIBVIRT_RESULT_CHRDEV_LOCK_FILES
LIBVIRT_RESULT_DEFAULT_EDITOR
LIBVIRT_RESULT_LOADER_NVRAM
LIBVIRT_RESULT_LOGIN_SHELL
LIBVIRT_RESULT_HOST_VALIDATE
LIBVIRT_RESULT_TLS_PRIORITY
2007-09-18 23:36:30 +00:00
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Developer Tools])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_WIRESHARK
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Privileges])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_QEMU_PRIVILEGES
AC_MSG_NOTICE([])