'make distcheck' fails from a directory configured --without-lxc:
GEN virt-login-shell.1
Can't write-open ../../tools/virt-login-shell.1: Permission denied at /usr/bin/pod2man line 69.
* tools/Makefile.am (EXTRA_DIST): Ship pre-built man page.
Signed-off-by: Eric Blake <eblake@redhat.com>
It's possible to create a domain which will only use a TLS port
and will not have a non-TLS port set by using:
<graphics type='spice' autoport='yes' defaultMode='secure'/>
In such a setup, the 'graphics' node for the running domain will be:
<graphics type='spice' tlsPort='5900'
autoport='yes' listen='127.0.0.1'
defaultMode='secure'>
However, cmdDomDisplay loops over all the 'graphics' node, and it
ignores nodes which don't have a 'port' attribute. This means
'virsh domdisplay' will only return an empty string for domains
as the one above.
This commit looks for both 'port' and 'tlsPort' before deciding
to ignore a graphics node. It also makes sure 'port' is not printed
when it's not set.
This makes 'virsh domdisplay' return
'spice://127.0.0.1?tls-port=5900' for domains using only a TLS
port.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
After commit 8aecd35126 it'll detect
that a required option is not defined and it will assert and exit with:
virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.
Problem has been latent since commit ed23b106.
Signed-off-by: Eric Blake <eblake@redhat.com>
completer and completer_flags added to the _vshCmdOptDef
structure so it will be possible for completion generators to
conveniently call option completer functions with desired flags.
Signed-off-by: Eric Blake <eblake@redhat.com>
Some systems apparently have a global variable/function called remove
and thus break compilation of virsh-domain.c. Rename the variable to
avoid this.
Reported by GuanQiang.
Since the maxvcpus command query the maximum number of virtual
CPUs supported for a guest VM on this connection, it should be
in virsh-host.c but not virsh-domain.c.
Signed-off-by: yangdongsheng <yangds.fnst@cn.fujitsu.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1006864
Commit 38ab1225 changed the default value of ret from true to false but
forgot to set ret = true when job is NONE. Thus, virsh domjobinfo
returned 1 when there was no job running for a domain but it used to
(and should) return 0 in this case.
The VIR_FREE() macro will cast away any const-ness. This masked a
number of places where we passed a 'const char *' string to
VIR_FREE. Fortunately in all of these cases, the variable was not
in fact const data, but a heap allocated string. Fix all the
variable declarations to reflect this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Recent patches to fix handling of Ctrl-C when interacting with
ssh are not portable to mingw, which lacks termios handling.
The simplest solution is to just compile that code out, and
if someone ever appears that has a serious interest in getting
virsh fully functional even with ssh connections, they can
provide patches at that time.
* tools/virsh.h (_vshControl): Make termattr conditional.
* tools/virsh.c (vshTTYIsInterruptCharacter)
(vshTTYDisableInterrupt, vshTTYRestore, cfmakeraw, vshTTYMakeRaw)
(main): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Automake has builtin support to prevent botched conditional nesting,
but only if you use:
if FOO
else !FOO
endif !FOO
An example error message when using the wrong name:
daemon/Makefile.am:378: error: else reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
daemon/Makefile.am:381: error: endif reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
As our makefiles tend to have quite a bit of nested conditionals,
it's better to take advantage of the benefits of the build system
double-checking that our conditionals are well-nested, but that
requires a syntax check to enforce our usage style.
Alas, unlike C preprocessor and spec files, we can't use indentation
to make it easier to see how deeply nesting goes.
* cfg.mk (sc_makefile_conditionals): New rule.
* daemon/Makefile.am: Enforce the style.
* gnulib/tests/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
The vshWatchJob function registers a SIGINT handler that is used to
abort the active job and does not terminate virsh. Unfortunately, this
breaks when using the ssh transport as SIGINT is sent to the foreground
process group including the ssh transport processes which terminate.
This breaks the connection and migration is left in a insane state.
With this patch the terminal is modified to ignore key binding that
sends SIGINT and does the handling manually.
Resoves: https://bugzilla.redhat.com/show_bug.cgi?id=983348
This patch adds instrumentation to allow modification of config of the
terminal in virsh and successful reset of the state afterwards.
The added helpers allow to disable receiving of SIGINT when pressing the
key sequence (Ctrl+C usualy). This normally sends SIGINT to the
foreground process group which kills ssh processes used for transport of
the data.
When virBufferError is ok in cmdAttachDisk, the latter
should 'goto cleanup', instead of returning a false to
prevent memory leaking.
Signed-off-by: Eric Blake <eblake@redhat.com>
I noticed from an ./autobuild.sh run that we were installing a
virt-login-shell.exe binary when cross-building for mingw,
even though such a binary is necessarily worthless since the
code depends on lxc which is a Linux-only concept.
* tools/Makefile.am (conf_DATA, bin_PROGRAMS, dist_man1_MANS):
Make virt-login-shell installation conditional.
Signed-off-by: Eric Blake <eblake@redhat.com>
Noticed while reviewing another patch that had an accidental
mismatch due to refactoring. An audit of the code showed that
very few callers of vshCommandOpt were expecting a return of
-2, indicating programmer error, and of those that DID check,
they just propagated that status to yet another caller that
did not check. Fix this by making the code blatantly warn
the programmer, rather than silently ignoring it and possibly
doing the wrong thing downstream.
I know that we frown on assert()/abort() inside libvirtd
(libraries should NEVER kill the program that linked them),
but as virsh is an app rather than the library, and as this
is not the first use of assert() in virsh, I think this
approach is okay.
* tools/virsh.h (vshCommandOpt): Drop declaration.
* tools/virsh.c (vshCommandOpt): Make static, and add a
parameter. Abort on programmer errors rather than making callers
repeat that logic.
(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
(vshCommandOptString, vshCommandOptStringReq)
(vshCommandOptLongLong, vshCommandOptULongLong)
(vshCommandOptBool): Adjust callers.
Signed-off-by: Eric Blake <eblake@redhat.com>
Surprisingly, augtool get (or print) returns "path = value" while we are
only interested in the value. We need to remove the "path = " part from
the augtool's output. The following is an example of the augtool command
as used in virt-sanlock-cleanup script:
$ augtool get /files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir
/files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir = /var/lib/libvirt/sanlock
Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
there was still one more thing missing to fix. When using virsh
parameters to setup debugging, those weren't honored, because at the
time debugging was initializing, arguments weren't parsed yet. To
make ewerything work as expected, we need to initialize the debugging
twice, once before debugging (so we can debug option parsing properly)
and then again after these options are parsed.
As a side effect, this patch also fixes a leak when virsh is ran with
multiple '-l' parameters.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Since 785ff34bf8 we are using the outputStr variable in cleanup label.
However, there is a possibility to jump to the label before the variable
has been declared:
virsh-pool.c: In function 'cmdPoolList':
virsh-pool.c:1121:25: error: jump skips variable initialization [-Werror=jump-misses-init]
goto asprintf_failure;
^
virsh-pool.c:1308:1: note: label 'asprintf_failure' defined here
asprintf_failure:
^
virsh-pool.c:1267:11: note: 'outputStr' declared here
char *outputStr = NULL;
VIR_FREE(caps) is not enough to free an array allocated
by vshStringToArray.
==17== 4 bytes in 1 blocks are definitely lost in loss record 4 of 728
==17== by 0x4EFFC44: virStrdup (virstring.c:554)
==17== by 0x128B10: _vshStrdup (virsh.c:125)
==17== by 0x129164: vshStringToArray (virsh.c:218)
==17== by 0x157BB3: cmdNodeListDevices (virsh-nodedev.c:409)
https://bugzilla.redhat.com/show_bug.cgi?id=1001536
==23== 41 bytes in 1 blocks are definitely lost in loss record 626 of 727
==23== by 0x4F0099F: virAsprintfInternal (virstring.c:358)
==23== by 0x15D2C9: cmdPoolList (virsh-pool.c:1268)
https://bugzilla.redhat.com/show_bug.cgi?id=1001536
virsh secret-list leak when no secrets are defined:
==27== 8 bytes in 1 blocks are definitely lost in loss record 6 of 726
==27== by 0x4E941DD: virAllocN (viralloc.c:183)
==27== by 0x5037F1A: remoteConnectListAllSecrets (remote_driver.c:3076)
==27== by 0x5004EC6: virConnectListAllSecrets (libvirt.c:16298)
==27== by 0x15F813: vshSecretListCollect (virsh-secret.c:397)
==27== by 0x15F0E1: cmdSecretList (virsh-secret.c:532)
And so do some other *-list commands.
https://bugzilla.redhat.com/show_bug.cgi?id=1001536
The messages were only freed on error.
==12== 1,100 bytes in 1 blocks are definitely lost in loss record 698 of 729
==12== by 0x4E98C22: virBufferAsprintf (virbuffer.c:294)
==12== by 0x12C950: vshOutputLogFile (virsh.c:2440)
==12== by 0x12880B: vshError (virsh.c:2254)
==12== by 0x131957: vshCommandOptDomainBy (virsh-domain.c:109)
==12== by 0x14253E: cmdStart (virsh-domain.c:3333)
https://bugzilla.redhat.com/show_bug.cgi?id=1001536
virsh cpu-stats guest --start 0 --count 3
It outputs right but the return value is 1 rather than 0
echo $?
1
Found by running libvirt-autotest
./run -t libvirt --tests virsh_cpu_stats
Commit abfff210 changed the order of vshParseArgv() and vshInit() in
order to make fix debugging of parameter parsing. However, vshInit()
did a vshReconnect() even though ctl->name wasn't set according to the
'-c' parameter yet. In order to keep both issues fixed, I've split
the vshInit() into vshInitDebug() and vshInit().
One simple memleak of ctl->name is fixed as a part of this patch,
since it is related to the issue it's fixing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=999323
When using virsh secret-list - if the secret types are cephx or iscsi,
then allow fetch/print of the usage information. Prior to the change
the following would print:
UUID Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused
Afterwards:
UUID Usage
-----------------------------------------------------------
1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi
Use the new semantics of vshStringToArray to avoid leaking the array of
volumes to be deleted. The array would be leaked in case the first
volume was found in the domain definition. Also refactor the code a bit
to sanitize naming of variables hoding arrays and dimensions of the
arrays.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050
At a slightly larger memory expense allow stealing of items from the
string array returned from vshStringToArray and turn the result into a
string list compatible with virStringSplit. This will allow to use the
common dealloc function.
This patch also fixes a few forgotten checks of return from
vshStringToArray and one memory leak.
We were failing to autoprobe which schema to use for several
top-level XML elements.
* tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
<filter>, and <secret>.
Signed-off-by: Eric Blake <eblake@redhat.com>
All good tools should have --help and --version output :)
Furthermore, we want to ensure a failed exit if xmllint fails,
or even for 'virt-xml-validate > /dev/full'.
* tools/virt-xml-validate.in: Add option parsing. Output errors
to stderr. Update documentation to match.
* tools/Makefile.am (virt-xml-validate): Substitute version.
Signed-off-by: Eric Blake <eblake@redhat.com>
Currently the virConnectBaselineCPU API does not expose the CPU features
that are part of the CPU's model. This patch adds a new flag,
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
list all features that are part of that model.
Signed-off-by: Don Dugger <donald.d.dugger@intel.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=997765
==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760
==1349431== at 0x4C2A554: calloc (vg_replace_malloc.c:593)
==1349431== by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1)
==1349431== by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1)
==1349431== by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh)
==1349431== by 0x12C608: vshCommandRun (in /usr/bin/virsh)
==1349431== by 0x12889A: main (in /usr/bin/virsh)
Address a number of code, style and docs issues identified
in review of virt-login-shell after it was merged.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
To avoid having to assign a failure code to the returned variable switch
this function to negative logic. This will fix issue with invalid number
of cpus returning success return code.
https://bugzilla.redhat.com/show_bug.cgi?id=996466
I attempted 'virsh blockcopy $dom vda $path --wait --verbose', then
hit Ctrl-C; I was a bit surprised to see this error message:
Block Copy: [ 3 %]error: failed to query job for disk vda
when I had been expecting:
Block Copy: [ 3 %]
Copy aborted
* tools/virsh-domain.c (cmdBlockCopy): Print graceful exit message
rather than error when ctrl-c interrupts job.
Signed-off-by: Eric Blake <eblake@redhat.com>
The virLoginShellAllowedUser method must not free the 'groups'
parameter it is given, as that is owned by the caller.
The virLoginShellAllowedUser method should be checking
'!*ptr' (ie empty string) rather than '!ptr' (NULL string)
since the latter cannot be true.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
virt-login-shell.c was failing to compile with
CC virt_login_shell-virt-login-shell.o
virt-login-shell.c: In function 'main':
virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration]
virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs]
virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function)
Add a virt-login-shell binary that can be set as a user's
shell, such that when they login, it causes them to enter
the LXC container with a name matching their user name.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The VIR_DOMAIN_PAUSED_GUEST_PANICKED constant is badly named,
leaking the QEMU event name. Elsewhere in the API we use
'CRASHED' rather than 'PANICKED', and the addition of 'GUEST'
is redundant since all events are guest related.
Thus rename it to VIR_DOMAIN_PAUSED_CRASHED, which matches
with VIR_DOMAIN_RUNNING_CRASHED and VIR_DOMAIN_EVENT_CRASHED.
It was added in commit 14e7e0ae8d
which post-dates v1.1.0, so is safe to rename before 1.1.1
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The VIR_DOMAIN_SHUTDOWN_CRASHED state constant does not appear
to be used in the QEMU code anyway. It also doesn't make much
(any) sense, since the 'shutdown' state is a transient state
between 'running' and 'shutoff' and when a guest crashes, it
does not end up in a 'shutdown' state, only 'shutoff'.
It was added in commit 14e7e0ae8d
which post-dates v1.1.0, so is safe to remove before 1.1.1
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Noticed that the expected "not supported" error is dropped when
invoking 'virsh snapshot-list dom' on a Xen installation running
the libxl driver
virsh snapshot-list test
error: Invalid snapshot: virDomainSnapshotFree
The error is overwritten by a call to virDomainSnapshotFree
in cleanup code within cmdSnapshotList. Prevent overwritting
the real error by not calling virDomainSnapshotFree with a NULL
virDomainSnapshotPtr.
Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=923053
When cdrom is block type, the virsh change-media failed to insert
source info because virsh uses "<source block='/dev/sdb'/>" while
the correct name of the attribute for block disks is "dev".
Add a "--pass-fds N,M,..." arg to the virsh start/create
methods. This allows pre-opened file descriptors from the
shell to be passed on into the guest
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
usage of a new --period option in order to set the collection period for the
balloon driver. This may enable or disable the collection based on the value.
Add the --current, --live, & --config options to dommemstat.
Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
the processing of the 'ndevices' and its associated allocated arrays in
'vshNodeDeviceListCollect' due to the possibility of returning -1 in a
call and using the returned value as a for loop index end condition.
Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
the processing of the 'nActiveIfaces' and 'nInactiveIfaces' and their
associated allocated arrays in 'vshInterfaceListCollect' due to the
possibility of returning -1 in a call and using the return value as a
for loop index end condition.
Convert the type of loop iterators named 'i', 'j', k',
'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
'unsigned int', also santizing 'ii', 'jj', 'kk' to use
the normal 'i', 'j', 'k' naming
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Actually, I'm turning this function into a macro as filename,
function name and line number needs to be passed. The new
function virAsprintfInternal is introduced with the extended set
of arguments.
Free the old XML strings before overwriting them if the user
has chosen to reedit the file or force the redefinition.
Found by Alex Jia trying to reproduce another bug:
https://bugzilla.redhat.com/show_bug.cgi?id=977430#c3
Paolo Bonzini pointed out that it's actually possible to migrate a qemu
instance that was paused due to I/O error and it will be able to work on
the destination if the storage is accessible.
This patch introduces flag VIR_MIGRATE_ABORT_ON_ERROR that cancels the
migration in case an I/O error happens while it's being performed and
allows migration without this flag. This flag can be possibly used for
other error reasons that may be introduced in the future.
This patch fixes changes done in commit 29c1e913e4
that was pushed without implementing review feedback.
The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and
documentation makes the difference between regular hotplug and this new
functionality more explicit.
The virsh options that enable the use of the new flag are changed to
"--guest" and the documentation is fixed too.
This flag will allow to use qemu guest agent commands to disable
(offline) and enable (online) processors in a live guest that has the
guest agent running.
Our documentation says a pool may be referenced by its name or UUID
anywhere if it makes sense (pool-name and pool-uuid are the only
exceptions). However, vol-create and vol-create-as commands did not obey
this.
Because it's a valid combination. p2p still uses a separate channel
for qemu migration, so there's value in letting the user specify a manual
migrate URI for overriding auto-port, or libvirt's FQDN lookup.
What _isn't_ allowed is --migrateuri and TUNNELLED, since there is
no separate migration channel. Disallow that instead
I noticed several unusual spacings in for loops, and decided to
fix them up. See the next commit for the syntax check that found
all of these.
* examples/domsuspend/suspend.c (main): Fix spacing.
* python/libvirt-override.c: Likewise.
* src/conf/interface_conf.c: Likewise.
* src/security/virt-aa-helper.c: Likewise.
* src/util/virconf.c: Likewise.
* src/util/virhook.c: Likewise.
* src/util/virlog.c: Likewise.
* src/util/virsocketaddr.c: Likewise.
* src/util/virsysinfo.c: Likewise.
* src/util/viruuid.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* tools/virsh-domain-monitor.c (vshDomainStateToString): Drop
default case, to let compiler check us.
* tools/virsh-domain.c (vshDomainVcpuStateToString): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Introduced by commit 1daa4ba33a. vshCommandOptStringReq returns
0 on *success* or the option is not required && not present, both
are right result. Error out when returning 0 is not correct.
the caller, it doesn't have to check wether it
Don't print 'OPTION' if there's no options. Just behaves as DESCRIPTION
does.
This mostly affects 'interface' command group.
Signed-off-by: Zhang Xiaohe <zhangxh@cn.fujitsu.com>
Reported-by: Li Yang <liyang.fnst@cn.fujitsu.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Automake already passes all CFLAGS to the linker too, so it
is not necessary to set WARN_LDFLAGS in addition to the
WARN_CFLAGS variable.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
These all existed before virfile.c was created, and for some reason
weren't moved.
This is mostly straightfoward, although the syntax rule prohibiting
write() had to be changed to have an exception for virfile.c instead
of virutil.c.
This movement pointed out that there is a function called
virBuildPath(), and another almost identical function called
virFileBuildPath(). They really should be a single function, which
I'll take care of as soon as I figure out what the arglist should look
like.
Recent commit '53531e16' resulted in a new Coverity warning regarding
a missing break in the ':' options processing. Adjust the commit to
avoid the issue.
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
Mention file/volume contents instead of just 'file'/'volume'.
Also change Download->download in vol-download help,
to be consistent with other volume commands.
https://bugzilla.redhat.com/show_bug.cgi?id=955537
For long options, print:
* the option as specified by the user if it's unknown
* the canonical long option if its argument is not
a number (and should be)
And for missing arguments, print both the short and
the long option name.
(Doing only one of those would require either parsing
argv ourselves or let getopt print the errors, since
we can't tell long and short options apart by optopt
or longindex)
https://bugzilla.redhat.com/show_bug.cgi?id=949373
Unsupported long option:
$ virsh --pm
Before:
error: unsupported option '-
After:
error: unsupported option '--pm'. See --help.
Missing parameter:
$ virsh --deb
Before:
error: option '-d' requires an argument
After:
error: option '-d'/'--debug' requires an argument
$ virsh -rd
Before:
error: option '-d' requires an argument
After:
error: option '-d'/'--debug' requires an argument
Non-numeric parameter:
$ virsh --deb duck
Before:
error: option -d takes a numeric argument
After:
error: option --debug takes a numeric argument
'virsh help | grep nodedev-det' shows only nodedev-detach, but
'virsh help nodedev | grep nodedev-det' also shows the old alias
nodedev-dettach that we intentionally hid in commit af3f9aab.
See also commit 787f4fe and this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=956966
* tools/virsh.c (vshCmdGrpHelp): Copy suppression of vshCmdHelp.
Signed-off-by: Eric Blake <eblake@redhat.com>
The virsh nodedev-detach command has a new --driver option. If it's
given virsh will attempt to use the new virNodeDeviceDetachFlags API
instead of virNodeDeviceDettach. Validation of the driver name string
is left to the hypervisor (qemu accepts "kvm" or "vfio". The only
other hypervisor that implements these functions is xen, and it only
accepts NULL).
This patch factors out the vCPU count retrieval including fallback means
into vshCPUCountCollect() and removes the duplicated code to retrieve
individual counts.
The --current flag (this flag is assumed by default) now works also with
--maximum or --active without the need to explicitly specify the state
of the domain that is requested.
This patch also fixes the output of "virsh vcpucount domain" on inactive
domains:
Before:
$ virsh vcpucount domain
maximum config 4
error: Requested operation is not valid: domain is not running
current config 4
error: Requested operation is not valid: domain is not running
After:
$virsh vcpucount domain
maximum config 4
current config 4
.. and for transient domains too:
Before:
$ virsh vcpucount transient-domain
error: Requested operation is not valid: cannot change persistent config of a transient domain
maximum live 3
error: Requested operation is not valid: cannot change persistent config of a transient domain
current live 1
After:
$ virsh vcpucount transient-domain
maximum live 3
current live 1
Using of a incorrect value for the --holdtime option was silently
ignored and 0 was used. In case a negative number was used, it
overflowed as the API expects a unsigned int.
Fix the data type and getter function type and report errors on
incorrect values.
With this patch, include public headers in "" form is only allowed
for "internal.h". And only the external tools (examples|tools|python
|include/libvirt) can include the public headers in <> form.
Explicitly state that using incomplete XML definition snippets for hot-management
commands may have unexpected results due to autogenerating values for some of
the fields if they aren't specified explicitly.
Newer pod (hello rawhide) complains if you attempt to mix bullets
and non-bullets in the same list:
virsh.pod around line 3177: Expected text after =item, not a bullet
As our intent was to nest an inner list, we make that explicit to
keep pod happy.
* tools/virsh.pod (ENVIRONMENT): Use correct pod syntax.
This patch improves the error message after disconnecting from the
hypervisor and adds the close callback operations required not to leak
the callback reference.
The function is used to establish connection so it should be in the main
virsh file. This movement also enables further improvements done in next
patches.
Note that the "connect" command has moved from the host section of virsh to the
main section. It is now listed by 'virsh help virsh' instead of 'virsh help
host'.
Before closing the connection we unregister the close callback
to prevent a reference leak.
Further, the messages on virConnectClose != 0 are a bit more specific
now.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
By passing the flags -z relro -z now to the linker, we can force
it to resolve all library symbols at startup, instead of on-demand.
This allows it to then make the global offset table (GOT) read-only,
which makes some security attacks harder.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
PIE (position independent executable) adds security to executables
by composing them entirely of position-independent code (PIC. The
.so libraries already build with -fPIC. This adds -fPIE which is
the equivalent to -fPIC, but for executables. This for allows Exec
Shield to use address space layout randomization to prevent attackers
from knowing where existing executable code is during a security
attack using exploits that rely on knowing the offset of the
executable code in the binary, such as return-to-libc attacks.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
virsh schedinfo was able to set only one parameter at a time (not
counting the deprecated options), but it is useful to set more at
once, so this patch adds the possibility to do stuff like this:
virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
emulator_period=0 emulator_quota=0
Invalid scheduler options are reported as well. These were previously
reported only if the command hadn't updated any values (when
cmdSchedInfoUpdate returned 0).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
The virsh(1) man page wasn't saying anything about the 'migrateuri'
parameter other than it can be usually omitted. A patched version of
docs/migrate.html.in is taken in this patch to fix that up in the man
page.
The man page states that with --config the next boot is affected. This
can be understood as if _only_ the next boot was affected. This isn't
true if the machine is running.
This patch adds the full --live, --config, --current infrastructure and
tweaks stuff to correctly support the obsolete --persistent flag.
Note that this patch changes the the behavior of the --config flag to match the
use of this flag in rest of libvirt. This flag was mistakenly renamed from
--persistent that originaly had different semantics.
The domif-getlink command did not terminate successfully when the
interface state was found. As the code used old and too complex approach
to do the job, this patch refactors it and fixes the bug.
The 'virsh vcpupin' and 'virsh emulatorpin' commands use the same
code to parse the cpulist. This patch abstracts the same code as
a helper. Along with various code style fixes, and error improvement
(only error "Physical CPU %d doesn't exist" if the specified CPU
exceed the range, no "cpulist: Invalid format", see the following
for an example of the error prior to this patch).
% virsh vcpupin 4 0 0-8
error: Physical CPU 4 doesn't exist.
error: cpulist: Invalid format.
Since the refactoring in fbe2d49 we call virSecretFree even if
virSecretDefineXML fails, which leads to overwriting the error
message with:
error: Invalid secret: virSecretFree
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=929045
Right now, libvirt-guests gives awkward output. It's possible to
force faster failure by setting /etc/sysconfig/libvirt-guests to use:
ON_SHUTDOWN=shutdown
PARALLEL_SHUTDOWN=0
SHUTDOWN_TIMEOUT=1
ON_BOOT=ignore
at which point, we see:
$ service libvirt-guests restart
Running guests on default URI: a, b, d, c
Shutting down guests on default URI...
Starting shutdown on guest: a
Shutdown of guest a failed to complete in time.Starting shutdown on guest: b
Shutdown of guest b failed to complete in time.Starting shutdown on guest: d
Shutdown of guest d failed to complete in time.Starting shutdown on guest: c
Shutdown of guest c failed to complete in time.libvirt-guests is configured not to start any guests on boot
* tools/libvirt-guests.sh.in (shutdown_guest): Add missing newline.
Reported by Xuesong Zhang.
VIR_CONNECT_LIST_NODE_DEVICES_CAP_FC_HOST to filter the FC HBA,
and VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS to filter the FC HBA
which supports vport.
The docs assumed the command works always for QEMU and other
hypervisors. As this is done using the balloon mechainism live increase
of the maximum memory limit isn't supported. Fix the docs to mention
this limitation.
Don't print the pool option name if it's null.
Before:
virsh # vol-name vol
error: failed to get vol 'vol', specifying --(null) might help
error: Storage volume not found: no storage vol with matching path vol
After:
virsh # vol-name vol
error: failed to get vol 'vol'
error: Storage volume not found: no storage vol with matching path vol
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=924571
This patch adds three macros to the virsh source tree that help to
easily check for mutually exclusive parameters.
VSH_EXCLUSIVE_OPTIONS_EXPR has four arguments, two expressions to check
and two names of the parameters to print in the message.
VSH_EXCLUSIVE_OPTIONS is more specific and check the command structure
for the parameters using vshCommandOptBool.
VSH_EXCLUSIVE_OPTIONS_VAR is meant to check boolean variables with the
same name as the parameters.
Clarify that net-create deals with a transient virtual
network whereas net-define defines a persistent virtual
network definition and will create the network (xml)
definition file.
Clarify that net-destroy works with both transient and
persistent virtual networks.
Signed-off-by: Gene Czarcinski <gene@czarc.net>
After we switched to C99 initialization, I noticed there were many
places where the specification of .flags parameter differed. After
going through many options and deciding whether to unify the
initialization to be '.flags = 0' or '.flags = VSH_OFLAG_NONE', I
realized both can be removed and it makes the code easier to go
through.
According to the man page, the memspec parameter should have the
'--memspec' option mandatory and this is as close as we can get to
that. What this change does is explained below.
man virsh:
snapshot-create-as ... [[--live] [--memspec memspec]]
virsh help snapshot-create-as before this patch:
SYNOPSIS
snapshot-create-as ... [<memspec>] ...
...
OPTIONS
[--memspec] <string> ...
virsh help snapshot-create-as after this patch:
SYNOPSIS
snapshot-create-as ... [--memspec <string>] ...
...
OPTIONS
--memspec <string> ...
Add a new virDomainLxcEnterSecurityLabel() function as a
counterpart to virDomainLxcEnterNamespaces(), which can
change the current calling process to have a new security
context. This call runs client side, not in libvirtd
so we can't use the security driver infrastructure.
When entering a namespace, the process spawned from virsh
will default to running with the security label of virsh.
The actual desired behaviour is to run with the security
label of the container most of the time. So this changes
virsh lxc-enter-namespace command to invoke the
virDomainLxcEnterSecurityLabel method.
The current behaviour is:
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
Note the ps command is running as unconfined_t, After this patch,
The new behaviour is this:
virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
LABEL PID TTY TIME CMD
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
The '--noseclabel' flag can be used to skip security labelling.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Properly check the return value of vshCommandOptStringReq for xmlfile:
* error out on incorrect input (--xmlfile '')
* use default XML <domainsnapshot/> with no --xmlfile specified
(Broken by commit b2e8585)
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=919826
RHEL4 vintage libxml2 header files are missing xmlSaveToBuffer
despite the symbol existing in the binary
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Only nodedev-destroy and nodedev-dumpxml can benifit from the
new API, other commands like nodedev-detach only works for
PCI devices, WWN makes no sense for them.
This patch switches string option retrieval to vshCommandOptStringReq
and refactors some error paths to avoid an unlikely memory leak of a
secret object in cmdSecretSetValue.
also avoids potential NULL pointer dereference:
$ virsh snapshot-current asdf ""
error: invalid snapshotname argument '(null)'
by removing the error message in favor of vshCommandOptStringReq
This patch adds some empty lines to separate blocks of code, cleans up
unnecessary error message constructs in cmdNodeDeviceDetach,
cmdNodeDeviceReAttach, cmdNodeDeviceReset and refactors error paths in
cmdNodeDeviceDumpXML.
This patch adds a helper function with similar semantics to
vshCommandOptString that requests a string argument, but does some error
reporting without the need to do it in the functions themselves.
The error reporting also provides information about the parameter whose
retrieval failed.
Way back when I started making changes for Coverity messages my first set
were to a bunch of CHECKED_RETURN errors. In particular virAsprintf() had
a few callers that Coverity noted didn't check their return (although some
did check if the buffer being printed to was NULL or not).
It was suggested at the time as a further patch an ATTRIBUTE_RETURN_CHECK
should be added to virAsprintf(), see:
https://www.redhat.com/archives/libvir-list/2013-January/msg00120.html
This patch does that and fixes a few more instances not found by Coverity
that failed the check.
When a disk-only snapshot is requested the domain is treated as if it
was offline. This forbids to mix memory checkpoints with the DISK_ONLY
flag.
This patch improves the error message and mentions the restriction in
the virsh man page.
Linefeed is missed in the help of node-memory-tune.
This patch just adds '\n' to get a correct help message.
Signed-off-by: Satoru Moriya <satoru.moriya@hds.com>
This patch fixes the following issues in the cpu-stats virsh command:
1) Renames label failed_params to no_memory to match coding style
2) Uses proper typed parameter cleanup in error paths to avoid leaks
3) Adds a ret variable and simplifies error labels
4) Changes error message to a slightly more descriptive one and gets rid
of the newline at the end:
Before:
$ virsh cpu-stats tr
error: Failed to virDomainGetCPUStats()
error: Requested operation is not valid: domain is not running
After:
$ tools/virsh cpu-stats tr
error: Failed to retrieve CPU statistics for domain 'tr'
error: Requested operation is not valid: domain is not running
Add a 'lxc-enter-namespace' command which accepts a domain name
and then a command + args to run, attached to the container
eg
virsh -c lxc:/// lxc-enter-namespace demo -- /bin/ps -auxf
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This patch changes whitespace and the length of the separation line from
this format:
$ virsh net-list --all
Name State Autostart Persistent
--------------------------------------------------
default inactive yes yes
to
$ virsh net-list --all
Name State Autostart Persistent
----------------------------------------------------------
default inactive yes yes
to match the output of virsh list.
The QEMU specific APIs all operate on domains, not the host,
so should be in the virsh-domain.c file / group
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
See also commit 66ff2dd, where we avoided installing these files
as executables.
* daemon/Makefile.am (libvirtd.service): Drop chmod.
* tools/Makefile.am (libvirt-guests.service): Likewise.
* src/Makefile.am (virtlockd.service, virtlockd.socket):
Likewise.
We had several different styles of .in conversion in our Makefiles:
ALLCAPS, @ALLCAPS@, @lower@, ::lower::
Canonicalize on one form, to make it easier to copy and paste
between .in files.
Also, we were using some non-portable sed constructs: \@ is an
undefined escape sequence (it happens to be @ itself in GNU sed,
but POSIX allows it to mean something else), as well as risky
behavior (failure to consistently quote things means a space
in $(sysconfdir) could throw things off; also, Autoconf recommends
using | rather than , or ! in the s||| operator, because | has to
be quoted in shell and is therefore less likely to appear in file
names than , or !).
Fix all of these uses to follow the same syntax.
* daemon/libvirtd.8.in: Switch to @var@.
* tools/virt-xml-validate.in: Likewise.
* tools/virt-pki-validate.in: Likewise.
* src/locking/virtlockd.init.in: Likewise.
* daemon/Makefile.am: Prefer | over ! in sed.
(libvirtd.8): Prefer consistent substitution.
(libvirtd.init, libvirtd.service): Avoid non-portable sed.
* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
(libvirt-guests.service): Likewise.
(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
Prefer consistent capitalization.
* src/Makefile.am (virtlockd.init, virtlockd.service)
(virtlockd.socket): Prefer consistent substitution.
For non-default connections (specified by the environment variable or
the command line option) we call virConnectOpenAuth without registering
the vshCatchDisconnect callback.
This calls vshReconnect instead which takes care of it.
Since we (ab)use vshReconnect for the default URI connection, if it
fails it might print 'Failed to reconnect to the hypervisor' even if we
were never connected before.
This changes it to only mention reconnection on the first try after
getting disconnected.
Most of this deals with moving the libvirt-guests.sh script which
does all the work to /usr/libexec, so it can be shared by both
systemd and traditional init. Previously systemd depended on
the script being in /etc/init.d
Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747
Offline migration transfers inactive definition of a domain (which may
or may not be active). After successful completion, the domain remains
in its current state on source host and is defined but inactive on
destination host. It's a bit more clever than virDomainGetXMLDesc() on
source host followed by virDomainDefineXML() on destination host, as
offline migration will run pre-migration hook to update the domain XML
on destination host. Currently, copying non-shared storage is not
supported during offline migration.
Offline migration can be requested with a new migration flag called
VIR_MIGRATE_OFFLINE (which has to be combined with
VIR_MIGRATE_PERSIST_DEST flag).
The termios struct exported by the termios.h header is used as an
argument for vshMakeStdinRaw(). The header isn't used anywhere in
tools/virsh-domain.c.
This patch adds the header to the header declaring vshMakeStdinRaw() and
removes other places in virsh.
Libvirt's helper API's when called directly don't raise the error so
that virsh remembers it. Subsequent calls to libvirt API's might reset
the error.
In case of schedinfo virDomainFree() in the cleanup section resets the
error when virTypedParameterAssignFromStr() fails.
This patch adds function vshSaveLibvirtError() that can be called after
calling libvirt helper APIs to ensure the error is remembered.
virStringSplit requires a non-NULL input, but commit cef78ed forgot
to follow the rule.
* tools/virsh-domain.c (cmdReboot, cmdShutdown): Avoid NULL deref.
The virNodeSuspend API allows for a duration of 0, to mean no
timed wakup. virsh needlessly forbids this though
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The virDomainShutdownFlags and virDomainReboot APIs allow the caller
to request the operation is implemented via either acpi button press
or a guest agent. For containers, a couple of other methods make
sense, a message to /dev/initctl, and direct kill(SIGTERM|HUP) of
the container init process.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
On error, virStoragePoolGetAutostart would return -1 leaving autostart
untouched.
Removed the misleading debug message as well.
Error: CHECKED_RETURN (CWE-252):
libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the
return value of "virStoragePoolGetAutostart(pool, &autostart)".
Found by coverity:
Error: SIZEOF_MISMATCH (CWE-569):
libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing
argument "8UL /* sizeof (cpumap) */" to function
"_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
then casting the return value to "unsigned char *" is suspicious.
Error: SIZEOF_MISMATCH (CWE-569):
libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing
argument "8UL /* sizeof (cpumap) */" to function
"_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
then casting the return value to "unsigned char *" is suspicious.
Throughout the code, we've always used VIR_DOMAIN_SHUTDOWN* flags
even for virDomainReboot() API and its implementation. Fortunately,
the appropriate macros has the same value. But if we want to keep
things consistent, we should be using the correct macros. This
patch doesn't break anything, luckily.
Just a little rewrite of the cmdDomDisplay function to make it
consistent and hopefully more readable. This also fixes a problem
with password not being displayed for vnc even with the
"--include-password" option.
Now that we can filter on this information, we should also make
it easy to get at.
* tools/virsh-snapshot.c (cmdSnapshotInfo): Add another output
row, and switch to XPath queries rather than strstr.
Snapshot filtering based on types is useful enough to add
back-compat support into virsh. It is also rather easy - all
versions of libvirt that don't understand the new filter flags
already gave us sufficient information in a single XML field
to reconstruct all the information we need (that is, it isn't
until libvirt 1.0.1 that we have more interesting types of
snapshots, such as offline external).
* tools/virsh-snapshot.c (vshSnapshotFilter): New function.
(vshSnapshotListCollect): Add fallback support.
As we enable more modes of snapshot creation, it becomes more important
to be able to quickly filter based on snapshot properties. This patch
introduces new filter flags; subsequent patches will introduce virsh
back-compat filtering, as well as actual libvirt filtering.
* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add
five new flags in two new groups.
* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
(virDomainListAllSnapshots, virDomainSnapshotNumChildren)
(virDomainSnapshotListChildrenNames)
(virDomainSnapshotListAllChildren): Document them.
* src/conf/snapshot_conf.h (VIR_DOMAIN_SNAPSHOT_FILTERS_STATUS)
(VIR_DOMAIN_SNAPSHOT_FILTERS_LOCATION): Add new convenience filter
collection macros.
* tools/virsh-snapshot.c (cmdSnapshotList): Add 5 new flags.
* tools/virsh.pod (snapshot-list): Document them.
This reverts commits 5f63a5cb42
and ff86b0c97b. After much list
discussion, consensus was that libvirt aliases should be reserved
to correct typos, otherwise it risks confusion. Rather, we
should implement a way for users to provide their own aliases
as part of their virsh configuration preferences.
Modified the places where virNodeGetInfo was used for the purpose
of obtaining the maximum node CPU number. Transparently falling
back to virNodeGetInfo in case of failure.
Wrote utility function vshNodeGetCPUCount to compute node CPU
number.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
External checkpoints could be created with snapshot-create, but
without libvirt supplying a default name for the memory file,
it is essential to add a new argument to snapshot-create-as to
allow the user to choose the memory file name. This adds the
option --memspec [file=]name[,snapshot=type], where type can
be none, internal, or external. For an example,
virsh snapshot-create-as $dom --memspec /path/to/file
is the shortest possible command line for creating an external
checkpoint, named after the current timestamp.
* tools/virsh-snapshot.c (vshParseSnapshotMemspec): New function.
(cmdSnapshotCreateAs): Use it.
* tests/virsh-optparse (test_url): Test it.
* tools/virsh.pod (snapshot-create-as): Document it.
So far, none of the existing callers of vshStringToArray expected
the user to ever pass a literal comma; meanwhile, snapshot parsing
had rolled its own array parser. Moving the comma escaping into
the common function won't affect any existing callers, and will make
this function reusable for adding memory handling to snapshot parsing.
As a bonus, the testsuite was already testing snapshot parsing, so
the fact that the test still passes means that we are now giving
testsuite exposure to vshStringToArray.
* tools/virsh-snapshot.c (vshParseSnapshotDiskspec): Move ,,
parsing...
* tools/virsh.c (vshStringToArray): ...into common function.
Also, vshStrdup can't fail.
Make it clear that the alternate terms have no difference except
for length of time they were supported.
* tools/virsh.pod (start, shutdown, reboot): More documentation.
https://bugzilla.redhat.com/show_bug.cgi?id=873344 suggested that
the grouping 'boot', 'shutdown', 'reboot'; as well as the grouping
'start', 'stop', 'restart'; might be easier to remember than the
current mix of 'start', 'shutdown', 'reboot'.
Also, touch up the wording of 'reboot' to be more accurate.
* tools/virsh-domain.c (domManagementCmds): Add other command names.
* tools/virsh.pod (start, shutdown, reboot): Document the aliases.
The default behavior while creating external checkpoints is to pause the
guest while the memory state is captured. We want the users to sacrifice
space saving for creating the memory save image while the guest is live
to minimize downtime.
This patch adds a flag that causes the guest not to be paused before
taking the snapshot.
*include/libvirt/libvirt.h.in:
- add new paused reason: VIR_DOMAIN_PAUSED_SNAPSHOT
- add new flag for taking snapshot: VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
*tools/virsh-domain-monitor.c:
- add string representation for VIR_DOMAIN_PAUSED_SNAPSHOT
*tools/virsh-snapshot.c:
- add support for VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
*tools/virsh.pod:
- add docs for --live option added to use
VIR_DOMAIN_SNAPSHOT_CREATE_LIVE flag
The libvirt coding standard is to use 'function(...args...)'
instead of 'function (...args...)'. A non-trivial number of
places did not follow this rule and are fixed in this patch.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
https://bugzilla.redhat.com/show_bug.cgi?id=871756
Commit cd1e8d1 assumed that systems new enough to have journald
also have mkostemp; but this is not true for uclibc.
For that matter, use of mkstemp[s] is unsafe in a multi-threaded
program. We should prefer mkostemp[s] in the first place.
* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
mkstemp and mkstemps.
* cfg.mk (sc_prohibit_mkstemp): New syntax check.
* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemudDomainMemoryPeek): Likewise.
* src/secret/secret_driver.c (replaceFile): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
This resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=862515
which describes inconsistencies in dealing with duplicate mac
addresses on network devices in a domain.
(at any rate, it resolves *almost* everything, and prints out an
informative error message for the one problem that isn't solved, but
has a workaround.)
A synopsis of the problems:
1) you can't do a persistent attach-interface of a device with a mac
address that matches an existing device.
2) you *can* do a live attach-interface of such a device.
3) you *can* directly edit a domain and put in two devices with
matching mac addresses.
4) When running virsh detach-device (live or config), only MAC address
is checked when matching the device to remove, so the first device
with the desired mac address will be removed. This isn't always the
one that's wanted.
5) when running virsh detach-interface (live or config), the only two
items that can be specified to match against are mac address and model
type (virtio, etc) - if multiple netdevs match both of those
attributes, it again just finds the first one added and assumes that
is the only match.
Since it is completely valid to have multiple network devices with the
same MAC address (although it can cause problems in many cases, there
*are* valid use cases), what is needed is:
1) remove the restriction that prohibits doing a persistent add of a
netdev with a duplicate mac address.
2) enhance the backend of virDomainDetachDeviceFlags to check for
something that *is* guaranteed unique (but still work with just mac
address, as long as it yields only a single results.
This patch does three things:
1) removes the check for duplicate mac address during a persistent
netdev attach.
2) unifies the searching for both live and config detach of netdevices
in the subordinate functions of qemuDomainModifyDeviceFlags() to use the
new function virDomainNetFindIdx (which matches mac address and PCI
address if available, checking for duplicates if only mac address was
specified). This function returns -2 if multiple matches are found,
allowing the callers to print out an appropriate message.
Steps 1 & 2 are enough to fully fix the problem when using virsh
attach-device and detach-device (which require an XML description of
the device rather than a bunch of commandline args)
3) modifies the virsh detach-interface command to check for multiple
matches of mac address and show an error message suggesting use of the
detach-device command in cases where there are multiple matching mac
addresses.
Later we should decide how we want to input a PCI address on the virsh
commandline, and enhance detach-interface to take a --address option,
eliminating the need to use detach-device
* src/conf/domain_conf.c
* src/conf/domain_conf.h
* src/libvirt_private.syms
* added new virDomainNetFindIdx function
* removed now unused virDomainNetIndexByMac and
virDomainNetRemoveByMac
* src/qemu/qemu_driver.c
* remove check for duplicate max from qemuDomainAttachDeviceConfig
* use virDomainNetFindIdx/virDomainNetRemove instead
of virDomainNetRemoveByMac in qemuDomainDetachDeviceConfig
* use virDomainNetFindIdx instead of virDomainIndexByMac
in qemuDomainUpdateDeviceConfig
* src/qemu/qemu_hotplug.c
* use virDomainNetFindIdx instead of a homespun loop in
qemuDomainDetachNetDevice.
* tools/virsh-domain.c: modified detach-interface command as described
above
Patch 61299a1c fixed a long-standing pod error in the man page.
But we should be preventing these up front.
See also https://bugzilla.redhat.com/show_bug.cgi?id=870273
* tools/Makefile.am (virt-xml-validate.1, virt-pki-validate.1)
(virt-host-validate.1, virt-sanlock-cleanup.8, virsh.1): Reject
pod conversion errors.
* daemon/Makefile.am ($(srcdir)/libvirtd.8.in): Likewise.
We always expose individual bits from flags as separate options rather
than exposing a raw flags options. Since virNodeSuspendForDuration does
not currently support any flags, the only way of using this --flags
options that would not fail is "--flags 0", which is equivalent to
omitting the option. Thus it is highly unlikely anyone would actually be
using it and removing it should be safe.
https://bugzilla.redhat.com/show_bug.cgi?id=869100 mentioned some
confusion about 'virsh snapshot-list' errors. Clean up a
misleading error message, and add some documentation.
* tools/virsh-snapshot.c (cmdSnapshotList): Mention --current
rather than --from when appropriate.
* tools/virsh.pod (snapshot-list): Mention that the named starting
point is NOT part of the list except under --tree.
Upstream kernel introduced new sysfs knob "merge_across_nodes" to
specify if pages from different numa nodes can be merged. When set
to 0, only pages which physically reside in the memory area of
same NUMA node can be merged. When set to 1, pages from all nodes
can be merged.
This patch supports the tuning by adding new param field
"shm_merge_across_nodes".
Using VIR_DOMAIN_XML_MIGRATABLE flag, one can request domain's XML
configuration that is suitable for migration or save/restore. Such XML
may contain extra run-time stuff internal to libvirt and some default
configuration may be removed for better compatibility of the XML with
older libvirt releases.
This flag may serve as an easy way to get the XML that can be passed
(after desired modifications) to APIs that accept custom XMLs, such as
virDomainMigrate{,ToURI}2 or virDomainSaveFlags.
Add a read-only udev based backend for virInterface. Useful for distros
that do not have netcf support yet. Multiple libvirt based utilities use
a HAL based fallback when virInterface is not available which is less
than ideal. This implements:
* virConnectNumOfInterfaces()
* virConnectListInterfaces()
* virConnectNumOfDefinedInterfaces()
* virConnectListDefinedInterfaces()
* virConnectListAllInterfaces()
* virConnectInterfaceLookupByName()
* virConnectInterfaceLookupByMACString()
I was using qemu-monitor-command during development, and found it quite
hard to use. Compare the results of this patch on ease of reading:
$ virsh qemu-monitor-command dom '{"execute":"query-version"}'
{"return":{"qemu":{"micro":1,"minor":12,"major":0},"package":"(qemu-kvm-0.12.1.2)"},"id":"libvirt-7683"}
$ virsh qemu-monitor-command --pretty dom '{"execute":"query-version"}'
{
"return": {
"qemu": {
"micro": 1,
"minor": 12,
"major": 0
},
"package": "(qemu-kvm-0.12.1.2)"
},
"id": "libvirt-7674"
}
* tools/virsh-host.c (cmdQemuMonitorCommand): New option.
* tools/virsh.pod (qemu-monitor-command): Document it.
This command uses the new virNetworkUpdate() API to modify an existing
network definition, and optionally have those modifications take
effect immediately without restarting the network.
An example usage:
virsh net-update mynet add-last ip-dhcp-host \
"<host mac='00:11:22:33:44:55' ip='192.168.122.45'/>" \
--live --config
If you like, you can instead put the xml into a file, and call like
this:
virsh net-update mynet add ip-dhcp-host /tmp/myxml.xml
--live --config
virsh will autodetect whether the argument is itself an xml element,
or if it's a file, by looking at the first character - the first
character of an xml element is always "<", and the first character of
a file is almost always *not* "<" (in the rare case that it is, the
user could specify "./<filename...").
A --parent-index option is also available (to give the index within a
list of parent objects, e.g. the index of the parent <ip> element when
updating ip-dhcp-host elements), but is optional and at least for now
will probably be used rarely.
--live, --config, and --current options - if you specify --live, only
the live state of the network will be updated. If you also specify
--config, then the persistent configuration will also be updated;
these two commands can be given separately, or both together. If you
don't specify either (you can optionally specify "--current" for the
same effect), then the "current" config will be updated (i.e. if the
network is active, then only its live config is affected, but if the
network is inactive, only the persistent config is affected).
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.
* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/; If/. If/
Based exclusively on work by Eric Blake in a patch posted with the same
subject. However some modifications related to comments and my plans to
add another backend.
Added WITH_INTERFACE as the only automake variable deciding whether to
build the driver and using WITH_NETCF to identify that we're wanting to
use the netcf library as the backend.
* configure.ac: Added with_interface
* src/interface/netcf_driver.c: Renamed..
* src/interface/interface_backend_netcf.c: ..to this to match storage.
* src/interface/netcf_driver.h: Renamed..
* src/interface/interface_driver.h: ..to this.
* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
* libvirt.spec.in: Add RPM support for --with-interface
The new command 'virsh blockcommit $dom $disk' requests the start
of an asynchronous commit operation across the entire chain of
$disk. Further arguments can fine-tune which portion of the
chain is committed. Existing 'virsh blockjob' commands can then
track the status, change the bandwidth, or abort the commit job.
With a bit more on the command line, 'virsh blockcommit $dom $disk
--wait --verbose' can be used for blocking behavior, with visual
feedback on the overall status, and can be canceled with Ctrl-C.
The overall design, including the wait loop logic, borrows heavily
from the existing blockpull command.
* tools/virsh-domain.c (cmdBlockCommit): New function.
* tools/virsh.pod (blockcommit): Document it.
New command node-memory-tune to get/set the node memory parameters,
only two parameters are allowed to set (pages_to_scan, and sleep_millisecs,
see documents in this patch for more details).
Example of node-memory-tune's output:
Shared memory:
pages_to_scan 100
sleep_millisecs 20
pages_shared 0
pages_sharing 0
pages_unshared 0
pages_volatile 0
full_scans 0
This introduces four new options for secret-list, to filter the
returned secrets by whether it's ephemeral or not, and/or by
whether it's private or not.
* tools/virsh-secret.c: (New helper vshSecretSorter,
vshSecretListFree, and vshCollectSecretList; Use the new
API for secret-list; error out if flags are specified,
because there is no way to filter the results when using
old APIs (no APIs to get the properties (ephemeral, private)
of a secret yet).
* tools/virsh.pod: Document the 4 new options.
tools/virsh-nwfilter.c:
* vshNWFilterSorter to sort network filters by name
* vshNWFilterListFree to free the network filter objects list.
* vshNWFilterListCollect to collect the network filter objects, trying
to use new API first, fall back to older APIs if it's not supported.
tools/virsh-nodedev.c:
* vshNodeDeviceSorter to sort node devices by name
* vshNodeDeviceListFree to free the node device objects list.
* vshNodeDeviceListCollect to collect the node device objects, trying
to use new API first, fall back to older APIs if it's not supported.
* Change option --cap to accept multiple capability types.
tools/virsh.pod
* Update document for --cap
This improve helper vshStringToArray to accept const string as
argument instead. To not convert the const string when using
vshStringToArray, and thus avoid motifying it.
I got an off-list report about a bad diagnostic:
Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8
True to form, I've added a syntax check rule to prevent it
from recurring, and found several other offenders.
* cfg.mk (sc_require_whitespace_in_translation): New rule.
* src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
space.
* src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
* src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSetMetadata)
(qemuDomainGetMetadata): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
* src/rpc/virnettlscontext.c
(virNetTLSContextCheckCertDNWhitelist): Likewise.
* src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
Avoid false negatives.
* tools/virsh-domain.c (info_save_image_dumpxml): Reword.
Based on a report by Luwen Su.
tools/virsh-interface.c:
* vshInterfaceSorter to sort interfaces by name
* vshInterfaceListFree to free the interface objects list.
* vshInterfaceListCollect to collect the interface objects, trying
to use new API first, fall back to older APIs if it's not supported.
tools/virsh-network.c:
* vshNetworkSorter to sort networks by name
* vshNetworkListFree to free the network objects list.
* vshNetworkListCollect to collect the network objects, trying
to use new API first, fall back to older APIs if it's not supported.
* New options --persistent, --transient, --autostart, --no-autostart,
for net-list, and new field 'Persistent' for its output.
tools/virsh.pod:
* Add documents for the new options.
tools/virsh-volume.c:
* vshStorageVolSorter to sort storage vols by name
* vshStorageVolumeListFree to free the volume objects list
* vshStorageVolumeListCollect to collect the volume objects, trying
to use new API first, fall back to older APIs if it's not supported.
When setting the cpu tunables in virsh you are able to update only a
subset of them. Virsh while doing the update updated all of the
tunables, changed ones with new values and unchanged with old ones.
This is unfortunate as it:
a) might overwrite some other change by a race condition (unprobable)
b) fails with range checking as some of the old values saved might be
out of range
This patch changes the update procedure so that only the changed value
is updated on the host.
This patch also fixes a very unprobable memory leak if the daemon would
return a string tunable parameter, as the typed parameter array was not
cleared.
A last minute rename in commit fc122e1a to virsh.h was not properly
reflected when rebasing virsh-pool.c in commit 93a346d.
* tools/virsh-pool.c (vshStoragePoolListCollect): Use VSH_MATCH,
not MATCH.
tools/virsh-pool.c:
* vshStoragePoolSorter to sort the pool list by pool name.
* struct vshStoragePoolList to present the pool list, pool info
is collected by list->poolinfo if 'details' is specified by
user.
* vshStoragePoolListFree to free the pool list
* vshStoragePoolListCollect to collect the pool list, new API
virStorageListAllPools is tried first, if it's not supported,
fall back to older APIs.
* New options --persistent, --transient, --autostart, --no-autostart
and --type for pool-list. --persistent or --transient is to filter
the returned pool list by whether the pool is persistent or not.
--autostart or --no-autostart is to filter the returned pool list
by whether the pool is autostarting or not. --type is to filter
the pools by pool types. E.g.
% virsh pool-list --all --persistent --type dir,disk
tools/virsh.pod:
* Add documentations for the new options.
Move definition of MATCH from virsh-domain-monitor.c into
virsh.h, and rename it as VSH_MATCH for further use.
* tools/virsh-domain-monitor.c: Change MATCH into VSH_MATCH
* tools/virsh.h: Define VSH_MATCH
The storage pool's management doesn't relate with a domain, it
probably was an intention, but not achieved yet. And the fact
is only active pools are listed by default.
Yesterday's commit 15d2c9f pointed out that virsh was still using
localtime(), which is not thread-safe, even though virsh is
definitely multi-threaded. Even if we only ever triggered it from
one thread, it's better safe than sorry for maintenance purposes.
* cfg.mk (exclude_file_name_regexp--sc_prohibit_nonreentrant):
Tighten the rule.
* tools/virsh.c (vshOutputLogFile): Avoid localtime.
(vshEditWriteToTempFile, vshEditReadBackFile, cmdCd, cmdPwd)
(vshCloseLogFile): Avoid strerror.
* tools/console.c (vshMakeStdinRaw): Likewise.
* tools/virsh-domain.c (vshGenFileName): Fix spacing in previous
patch.
On 09/04/2012 08:20 AM, Eric Blake wrote:
> tv_sec is required by POSIX to be
> of type time_t; so this is a bug in the OpenBSD header
> [for declaring it as long]
Most likely this problem arose because of the patch I pushed
in gnulib commit e07d7c40f3ca5ec410cf5aa6fa03cfe51e712039.
Previously, gnulib required timeval's tv_sec to be
the same size as time_t. But now, it requires only that
tv_sec be big enough to hold a time_t.
This patch was needed for Emacs. Without the patch, gnulib
replaced struct timeval on OpenBSD, and this messed up
utimens.c, and Emacs wouldn't build.
Alternatively, gnulib could substitute its own struct timeval
for the system's, wrapping every struct timeval-using function
(gettimeofday, futimesat, futimes, lutimes, etc. That'd be
more work, though. And it would introduce some performance
issues with gettimeofday, which is supposed to be fast.
I've been trying to get away from using struct timeval,
and to use the higher-resolution struct timespec instead,
so messing with these obsolescent interfaces has been
lower priority for me. But if someone wants to take the
more-ambitious approach that'd be fine, I expect.
For this particular case, though, how about if we avoid
the problem entirely? libvirt doesn't need to use struct
timeval here at all. It makes libvirt smaller and probably
faster, and it ports to OpenBSD without messing with gnulib.
Now that vshCommandRun() checks for the connection automaticaly, remove
all of the redundant checks in the code.
vshConnectionUsability() no longer needs to be exported and this patch
marks it static.
Almost each virsh command uses the function vshConnectionUsability
before doing anything, to check if the connection is "alive". Commands
that don't need an conection are already conveniently marked with
VSH_CMD_FLAG_NOCONNECT. We can automaticaly check for the connection
before calling any remote command so we don't forget to do so.
This patch also upgrades the connection check to use virConnectIsAlive
along with the current approach.
When executing virsh -t <command> the reported timing was off
by 3 orders of magnitude if the command took more than one
second.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>