Commit Graph

1622 Commits

Author SHA1 Message Date
Jiri Denemark
1cb031a2bb qemu: Always remove domain object if MigratePrepare fails
If migration failed in Prepare phase after virDomainAssignDef and before
a job was started, the domain object was not properly removed.
2011-09-28 09:57:30 +02:00
Laine Stump
dc79852af8 qemu: add ability to set PCI device "rombar" on or off
This patch was made in response to:

  https://bugzilla.redhat.com/show_bug.cgi?id=738095

In short, qemu's default for the rombar setting (which makes the
firmware ROM of a PCI device visible/not on the guest) was previously
0 (not visible), but they recently changed the default to 1
(visible). Unfortunately, there are some PCI devices that fail in the
guest when rombar is 1, so the setting must be exposed in libvirt to
prevent a regression in behavior (it will still require explicitly
setting <rom bar='off'/> in the guest XML).

rombar is forced on/off by adding:

  <rom bar='on|off'/>

inside a <hostdev> element that defines a PCI device. It is currently
ignored for all other types of devices.

At the moment there is no clean method to determine whether or not the
rombar option is supported by QEMU - this patch uses the advice of a
QEMU developer to assume support for qemu-0.12+. There is currently a
patch in the works to put this information in the output of "qemu-kvm
-device pci-assign,?", but of course if we switch to keying off that,
we would lose support for setting rombar on all the versions of qemu
between 0.12 and whatever version gets that patch.
2011-09-27 11:23:28 -04:00
Jiri Denemark
75e3149264 qemu: Relax -no-shutdown check to [0.14.0, 0.15.50)
SIGTERM handling for -no-shutdown is already fixed in qemu git and
libvirt can safely use it. The downside is that 0.15.50 version of qemu
can be any qemu compiled from git, even that without the fix for
SIGTERM. However, I think this patch is worth it since excluding 0.15.50
from the check makes testing current qemu with libvirt much easier and
someone running qemu from git should be able to rebuild fixed qemu from
git if they hit the problem with a hang on shutdown.
2011-09-27 15:46:23 +02:00
Michal Privoznik
45ad3d6962 debug: Annotate some variables as unused
as they are not used with debugging turned off.
2011-09-27 10:16:46 +02:00
Oskari Saarenmaa
f887334dcf Add unsafe cache mode support for disk driver
QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
it in the libvirt layer.

  * Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
    as even if $prefix_CACHE_V2 is set, we can't know if unsafe
    is supported.

  * Improved the reliability of qemu cache type detection.
2011-09-23 08:29:57 -06:00
Michal Privoznik
c42e1c3947 qemu: Transfer inactive XML among cookie
If a domain has inactive XML we want to transfer it to destination
when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
the migration protocol as least as possible, a optional cookie was
chosen.
2011-09-22 09:48:51 +02:00
Eric Blake
61dbee0efd snapshot: also delete empty directory
The previous patch removed all snapshots, but not the directory
where the snapshots lived, which is still a form of stale data.

* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
snapshot directory.
2011-09-22 14:02:44 +08:00
Eric Blake
e485dcc9cb snapshot: remove snapshot metadata on transient exit
Commit 282fe1f0 documented that transient domains will auto-delete
any snapshot metadata when the last reference to the domain is
removed, and that management apps are in charge of grabbing any
snapshot metadata prior to that point.  However, this was not
actually implemented for qemu until now.

* src/qemu/qemu_driver.c (qemudDomainCreate)
(qemuDomainDestroyFlags, qemuDomainSaveInternal)
(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
(qemuMigrationPerformJob, qemuMigrationPerformPhase)
(qemuMigrationFinish): Likewise.
* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
(qemuProcessReconnect, qemuProcessReconnectHelper)
(qemuProcessAutoDestroyDom): Likewise.
2011-09-22 14:02:03 +08:00
Eric Blake
bcf974b94b snapshot: prepare to remove transient snapshot metadata
This patch is mostly code motion - moving some functions out
of qemu_driver and into qemu_domain so they can be reused by
multiple qemu_* files (since qemu_driver.h must not grow).
It also adds a new helper function, qemuDomainRemoveInactive,
which will be used in the next patch.

* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
(qemuDomainRemoveInactive): New prototypes.
(struct qemu_snap_remove): New struct.
* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
(qemuDomainSnapshotDiscardAllMetadata): New functions.
(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
(qemuDomainSnapshotDiscardAll): Move here...
* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
here.
(qemuDomainUndefineFlags): Update caller.
* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.
2011-09-22 13:52:17 +08:00
Eric Blake
e6966fa79a snapshot: fix logic bug in qemu undefine
Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
with the intent that omitting the flag makes undefine fail, and
including the flag deletes metadata.  But it used the wrong logic.
Also, hoist the transient domain sooner, so that we don't
accidentally remove metadata of a transient domain.

* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
flag value.
2011-09-22 13:43:21 +08:00
Alex Jia
d93a08eb47 qemu: avoid dereferencing a NULL pointer
* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
  virDomainObjUnref(obj) will dereference NULL pointer.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-09-21 15:25:52 -06:00
Jiri Denemark
3abadf82d7 qemu: Avoid loop of fake reboots
Once virDomainReboot is called for a domain, guest OS initiated shutdown
would always result in reboot instead of shutdown. Only
virDomainShutdown would actually shutd such domain down. That's because
we forgot to reset fakeReboot flag once we asked the domain to reboot.
2011-09-21 16:53:18 +02:00
Jiri Denemark
f84aedad09 qemu: Fix shutdown regression with buggy qemu
The commit that prevents disk corruption on domain shutdown
(96fc478417) causes regression with QEMU
0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
only recently in QEMU git. The affected versions of QEMU do not quit on
SIGTERM if started with -no-shutdown, which we use to implement fake
reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
shutdown, domains started using the affected QEMU cannot be shutdown
properly and stay in a paused state.

This patch disables fake reboot feature on such QEMU by not using
-no-shutdown, which makes shutdown work as expected. However,
virDomainReboot will not work in this case and it will report "Requested
operation is not valid: Reboot is not supported with this QEMU binary".
2011-09-21 16:53:06 +02:00
Eric Blake
ad4036c34a build: silence warning on 32-bit build
gcc warns when building libvirt 0.9.5 on a 32-bit machine:

qemu/qemu_migration.c: In function 'qemuMigrationToFile':
qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]

* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
to long when building for 32-bit platform.
2011-09-20 16:53:58 -06:00
Peter Krempa
2ad83bf448 virsh: doc: Fix supported driver types for attach-disk command
Virsh man page lists driver types to be used with attach-device
command, but does not specify that those are usable only with the XEN
Hypervisor.

This patch adds statement, that those options specified are applicable
only on the Xen hypervisor and adds option usable with qemu emulator.

This patch also changes type of error returned by QEMU driver if the
user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
VIR_ERR_CONFIG_UNSUPPORTED.
2011-09-19 16:54:13 -06:00
ajia@redhat.com
db3b32c4e1 qemu: avoid memory leak
Leak introduced in commit 036ad50, affects only error case.

* src/qemu/qemu_command.c: fix memory leak.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-09-19 13:23:53 -06:00
Eric Blake
43c2641c18 snapshot: allow disk snapshots of qcow2 disks
For all types of disks other than qcow2, we were requesting that
SELinux labeling visit the new file as if it were qcow2, which
means labeling would try to find the backing files of an empty file.
And for a pre-existing qcow2 disk, we were passing NULL, which meant
that labelling tried to probe the file type (and if probing is
disabled, per the default qemu.conf, this made snapshots fail).
What we really want is to make SELinux labeling visit the new
file as raw; it will later be converted to qcow2 if qemu successfully
made the snapshot.

* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
to avoid probe of new file.
2011-09-17 06:16:08 -06:00
Eric Blake
2895905a0b snapshot: affect persistent xml after disk snapshot
For external snapshots to be useful on persistent domains, we must
alter the persistent definition alongside the running definition.
Thanks to the possibility of disk hotplug as well as of edits that
only affect the persistent xml, we can't assume that vm->def and
vm->newDef have the same disk at the same index, so we can only
update the persistent copy if the device destination matches up.

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
present.
2011-09-17 05:57:23 -06:00
Alex Jia
14c22b3b64 qemu: add return value check
* src/qemu/qemu_command.c: missing return value check.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-09-16 14:20:11 -06:00
Jiri Denemark
d2d6776342 qemu: Introduce shutdown reason for paused state
Qemu sends STOP event as part of the shutdown process. Detect such STOP
event and consider shutdown to be reason of emitting such event. That's
the best we can do until qemu provides us the reason directly in STOP
event. This allows us to report shutdown reason for paused state so that
apps can detect domains that failed to finish the shutdown process
(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
blocked in flushing disk buffers).
2011-09-16 17:25:55 +02:00
Jiri Denemark
96fc478417 qemu: Prevent disk corruption on domain shutdown
Ever since we introduced fake reboot, we call qemuProcessKill as a
reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
flushed all internal buffers before sending SHUTDOWN, in which case
killing the process forcibly may result in (virtual) disk corruption.

By sending just SIGTERM without SIGKILL we give qemu time to to flush
all buffers and exit. Once qemu exits, we will see an EOF on monitor
connection and tear down the domain. In case qemu ignores SIGTERM or
just hangs there, the process stays running but that's not any different
from a possible hang anytime during the shutdown process so I think it's
just fine.

Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
which causes it not to exit but instead send new SHUTDOWN event and keep
waiting. I think the best we can do is to ignore duplicate SHUTDOWN
events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
state.
2011-09-16 17:21:10 +02:00
Jiri Denemark
c2e9fab273 qemu: Properly detect crash of a rebooted domain
When a domain is rebooted using libvirt API, we use fake reboot
consisting of shutting down and resetting the domain. Thus we see a
SHUTDOWN event and set gotShutdown flag. But we never reset it back and
if the domain crashes after it was rebooted this way, we consider it was
a normal shutdown and not a crash.
2011-09-16 17:18:20 +02:00
Jiri Denemark
3acb664c56 qemu: Fix shutoff reason when domain crashes
Commit 4454a9efc7 changed shutoff reason
from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
see an unexpected EOF on monitor connection. But FAILED reason is
dedicated for domains that fail to start. CRASHED reason is the right
one to use in this situation.
2011-09-16 17:14:39 +02:00
Stefan Berger
3f2cb3ab59 Fix buzzilla 738778
This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.

https://bugzilla.redhat.com/show_bug.cgi?id=738778

Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.
2011-09-16 09:44:43 -04:00
Peter Krempa
79cf07af7c Avoid using "devname" as an identifier.
/usr/lib/stdlib.h in Mac OS X and probably also in BSD's
exports this symbol :(
2011-09-16 20:49:04 +08:00
Jim Fehlig
1c90642f85 Fix build after commit 829bce17
Pushing under build-breaker rule.
2011-09-14 17:57:55 -06:00
Jim Fehlig
0257ba8f9f Use max bandwidth from qemuDomainObjPrivate struct when migrating
Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
structure when setting qemu migration speed.  Caller-specified 'resource'
parameter overrides migMaxBandwidth.
2011-09-14 16:42:11 -06:00
Jim Fehlig
ef1065cf5a Set qemu migration speed unlimited when migrating to file
The qemu migration speed default is 32MiB/s as defined in migration.c

/* Migration speed throttling */
static int64_t max_throttle = (32 << 20);

There's no need to throttle migration when targeting a file, so set migration
speed to unlimited prior to migration, and restore to libvirt default value
after migration.

Default units is MB for migrate_set_speed monitor command, so
(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.

Tested with both json and text monitors.
2011-09-14 16:42:11 -06:00
Jim Fehlig
8fc40c511c Save migration speed in qemuDomainMigrateSetMaxSpeed
Now that migration speed is stored in qemuDomainObjPrivate structure,
save the new value when invoking qemuDomainMigrateSetMaxSpeed().

Allow setting migration speed on inactive domain too.
2011-09-14 16:42:10 -06:00
Jim Fehlig
829bce174c Impl virDomainMigrateGetMaxSpeed in qemu driver 2011-09-14 16:42:10 -06:00
Jim Fehlig
6f84e110d6 Store max migration bandwidth in qemuDomainObjPrivate struct
The maximum bandwidth that can be consumed when migrating a domain
is better classified as an operational vs configuration parameter of
the dommain.  As such, store this parameter in qemuDomainObjPrivate
structure.
2011-09-14 16:42:10 -06:00
Peter Krempa
b998f1f77c xml: Clean up rest of virtual XML document names for XML strings
Commit 498d783 cleans up some of virtual file names for parsing strings
in memory. This patch cleans up (hopefuly) the rest forgotten by the
first patch.

This patch also changes all of the previously modified "filenames" to
valid URI's replacing spaces for underscores.

Changes to v1:
- Replace all spaces for underscores, so that the strings form valid
  URI's
- Replace spaces in places changed by commit 498d783
2011-09-14 09:09:04 -06:00
Guannan Ren
011eeb4130 snapshot: fix double free of qemuImgBinary
Regression introduced in commit 3881a470, due to an improper rebase
of a cleanup written beforehand but only applied after a rebased of
a refactoring that created a new function in commit 25fb3ef.

Also avoids passing NULL to printf %s.

* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
it free up the memory of qemu_driver->qemuImgBinary in the
cleanup tag which leads to the garbage value of qemuImgBinary
in qemu_driver struct and libvirtd crash when running
"virsh snapshot-create" command a second time.

Signed-off-by: Eric Blake <eblake@redhat.com>
2011-09-13 09:11:11 -06:00
Eric Blake
6977fd95bf blockinfo: fix qemu regression in handling disk name
Regression introduced in commit 89b6284fd, due to an incorrect
conversion to the new means of converting disk names back to
the correct object.

* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.
2011-09-08 10:52:43 +01:00
Peter Krempa
e0a07bb1f2 link-state: qemu: Add net intf modification to virUpdateDeviceFlags
This patch enables modifying network device configuration using the
virUpdateDeviceFlags API method. Matching of devices is accomplished
using MAC addresses.

While updating live configuration of a running domain, the user is
allowed only to change link state of the interface. Additional
modifications may be added later. For now the code checks for
unsupported changes and thereafter changes the link state, if
applicable.

When updating persistent configuration of guest's network interface the
whole configuration (except for the MAC address) may be modified and
is stored for the next startup.

* src/qemu/qemu_driver.c   - Add dispatching of virUpdateDevice for
                             network devices update (live/config)
* src/qemu/qemu_hotplug.c  - add setting of initial link state on live
                             device addition
                           - add function to change network device
                             configuration. By now it supports only
                             changing of link state
* src/qemu/qemu_hotplug.h  - Headers to above functions
* src/qemu/qemu_process.c  - set link states before virtual machine
                             start. Qemu does not support setting of
                             this on the command line.
2011-09-06 16:23:47 +08:00
Peter Krempa
8277c15151 link-state: qemu: Add monitor handling for link state modification
This patch adds handlers for modification of guest's interface
link state. Both HMP and QMP commands are supported, but as the
link state functionality is from the beginning supported in QMP
the HMP code will probably never be used.
2011-09-06 16:18:57 +08:00
Osier Yang
ee0d8c3b5c latency: Implemente internal API for qemu driver 2011-09-06 12:02:51 +08:00
Osier Yang
2f58ba8996 latency: Update monitor functions for new latency fields
The mainly changes are:

1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
   functions to return the value of new latency fields.
2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
   to count how many parameters the underlying QEMU supports.
3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
   compatible with the changes by 1).
2011-09-06 12:02:51 +08:00
Michal Privoznik
d38897a5d4 qemu: Deal with stucked qemu on daemon startup
If libvirt daemon gets restarted and there is (at least) one
unresponsive qemu, the startup procedure hangs up. This patch creates
one thread per vm in which we try to reconnect to monitor. Therefore,
blocking in one thread will not affect other APIs.
2011-09-05 18:14:08 +02:00
Michal Privoznik
3005cacb69 qemu: Introduce job queue size limit
This patch creates an optional BeginJob queue size limit. When
active, all other attempts above level will fail. To set this
feature assign desired value to max_queued variable in qemu.conf.
Setting it to 0 turns it off.
2011-09-05 18:14:08 +02:00
Michal Privoznik
597fe3cee6 daemon: Create priority workers pool
This patch annotates APIs with low or high priority.
In low set MUST be all APIs which might eventually access monitor
(and thus block indefinitely). Other APIs may be marked as high
priority. However, some must be (e.g. domainDestroy).

For high priority calls (HPC), there are some high priority workers
(HPW) created in the pool. HPW can execute only HPC, although normal
worker can process any call regardless priority. Therefore, only those
APIs which are guaranteed to end in reasonable small amount of time
can be marked as HPC.

The size of this HPC pool is static, because HPC are expected to end
quickly, therefore jobs assigned to this pool will be served quickly.
It can be configured in libvirtd.conf via prio_workers variable.
Default is set to 5.

To mark API with low or high priority, append priority:{low|high} to
it's comment in src/remote/remote_protocol.x. This is similar to
autogen|skipgen. If not marked, the generator assumes low as default.
2011-09-05 18:14:08 +02:00
Eric Blake
6337989089 snapshot: use SELinux and lock manager with external snapshots
With this, it is now possible to create external snapshots even
when SELinux is enforcing, and to protect the new file with a
lock manager.

* src/qemu/qemu_driver.c
(qemuDomainSnapshotCreateSingleDiskActive): Create and register
new file with proper permissions and locks.
(qemuDomainSnapshotCreateDiskActive): Update caller.
2011-09-05 07:03:05 -06:00
Eric Blake
9c21b44131 snapshot: wire up live qemu disk snapshots
Lots of earlier patches led up to this point - the qemu snapshot_blkdev
monitor command can now be controlled by libvirt!  Well, insofar as
SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
still some followup work before things work with SELinux enforcing,
but this patch is big enough to post now.

There's still room for other improvements, too (for example, taking a
disk snapshot of an inactive domain, by using qemu-img for both internal
and external snapshots; wiring up delete and revert control, including
additional flags from my RFC; supporting active QED disk snapshots;
supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
etc.).  But this patch is the one that proves the new XML works!

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
active disk snapshots.
(qemuDomainSnapshotDiskPrepare)
(qemuDomainSnapshotCreateDiskActive)
(qemuDomainSnapshotCreateSingleDiskActive): New functions.
2011-09-05 07:03:05 -06:00
Eric Blake
e702b5bab1 snapshot: wire up new qemu monitor command
No one uses this yet, but it will be important once
virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
flag, and the xml allows passing in the new file names.

* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
Likewise.
* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
Likewise.
* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
function.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
Likewise.
2011-09-05 07:03:05 -06:00
Eric Blake
c111517a88 snapshot: make it possible to audit external snapshot
Snapshots alter the set of disk image files opened by qemu, so
they must be audited.  But they don't involve a full disk definition
structure, just the new filename.  Make the next patch easier by
refactoring the audit routines to just operate on file name.

* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
not definition structures.
(virDomainAuditStart): Update caller.
* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
(qemuDomainAttachUsbMassstorageDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
Likewise.
2011-09-05 07:03:05 -06:00
Eric Blake
7807e05d43 snapshot: reject unimplemented disk snapshot features
My RFC for snapshot support [1] proposes several rules for when it is
safe to delete or revert to an external snapshot, predicated on
the existence of new API flags.  These will be incrementally added
in future patches, but until then, blindly mishandling a disk
snapshot risks corrupting internal state, so it is better to
outright reject the attempts until the other pieces are in place,
thus incrementally relaxing the restrictions added in this patch.

[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html

* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
function.
(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
safety valve.
(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
valve.
2011-09-05 07:03:04 -06:00
Eric Blake
e03a62b456 snapshot: add flag for requesting disk snapshot
Prior to this patch, <domainsnapshot>/<disks> was ignored.  This
changes it to be an error unless an explicit disk snapshot is
requested (a future patch may relax things if it turns out to
be useful to have a <disks> specification alongside a system
checkpoint).

* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
snapshots not supported yet.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.
2011-09-05 07:03:04 -06:00
Eric Blake
89b6284fd9 snapshot: also support disks by path
I got confused when 'virsh domblkinfo dom disk' required the
path to a disk (which can be ambiguous, since a single file
can back multiple disks), rather than the unambiguous target
device name that I was using in disk snapshots.  So, in true
developer fashion, I went for the best of both worlds - all
interfaces that operate on a disk (aka block) now accept
either the target name or the unambiguous path to the backing
file used by the disk.

* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
parameter.
(virDomainDiskPathByName): New prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
searching by path, and decide whether ambiguity is okay.
(virDomainDiskPathByName): New function.
(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
callers.
* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
Likewise.
* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
(libxlDomainUpdateDeviceConfig): Likewise.
* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
* docs/formatsnapshot.html.in: Update documentation.
* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
disk targets.
* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.
2011-09-05 07:03:04 -06:00
Eric Blake
6f66423e17 snapshot: allow halting after snapshot
Since a snapshot is fully recoverable, it is useful to have a
snapshot as a means of hibernating a guest, then reverting to
the snapshot to wake the guest up.  This mode of usage is
similar to 'virsh save/virsh restore', except that virsh
save uses an external file while virsh snapshot keeps the
vm state internal to a qcow2 file.  However, it only works on
persistent domains.

In the usage pattern of snapshot/revert for hibernating a guest,
there is no need to keep the guest running between the two points
in time, especially since that would generate runtime state that
would just be discarded.  Add a flag to make it possible to
stop the domain after the snapshot has completed.

* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
New flag.
* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotCreateActive): Implement it.
2011-09-05 07:03:04 -06:00
Eric Blake
3d77d0a644 snapshot: introduce new deletion flag
Reverting to a state prior to an external snapshot risks
corrupting any other branches in the snapshot hierarchy that
were using the snapshot as a read-only backing file.  So
disk snapshot code will default to preventing reverting to
a snapshot that has any children, meaning that deleting just
the children of a snapshot becomes a useful operation in
preparing that snapshot for being a future reversion target.
The code for the new flag is simple - it's one less deletion,
plus a tweak to keep the current snapshot correct.

* include/libvirt/libvirt.h.in
(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
* src/libvirt.c (virDomainSnapshotDelete): Document it, and
enforce mutual exclusion.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
it.
2011-09-05 07:03:04 -06:00
Eric Blake
e91d27ee45 snapshot: reject transient disks where code is not ready
The previous patch introduced new config, but if a hypervisor does
not support that new config, someone can write XML that does not
behave as documented.  This prevents some of those cases by
explicitly rejecting transient disks for several hypervisors.

Disk snapshots will require a new flag to actually affect a snapshot
creation, so there's not much to reject there.

* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
disks for now.
* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.
2011-09-05 07:03:04 -06:00
Marc-André Lureau
360aaafc63 Default USB device is on slot 1 function 2
Fix qemuAssignDevicePCISlots() and the associated regression tests
2011-09-05 15:03:27 +08:00
Marc-André Lureau
07901bf235 PIIX3 USB controller is on function 2
Current code reserves slot 1 function 2 even if there is a user
defined PIIX3 USB controller there.
2011-09-05 14:48:56 +08:00
Eric Blake
973fcd8fd3 snapshot: store qemu domain details in xml
When reverting to a snapshot, the inactive domain configuration
has to be rolled back to what it was at the time of the snapshot.
Additionally, if the VM is active and the snapshot was active,
this now adds a failure if the two configurations are ABI
incompatible, rather than risking qemu confusion.

A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
will be required for two risky code paths - reverting to an
older snapshot that lacked full domain information, and reverting
from running to a live snapshot that requires starting a new qemu
process.  Any reverting that stops a running vm is also a form
of data loss (discarding the current running state to go back in
time), but as that is what reversion usually implies, it is
probably not worth requiring a force flag.

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
domain.
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
ABI compatibility checks.
2011-09-03 08:27:07 -06:00
Eric Blake
f609cb85ca snapshot: allow full domain xml in snapshot
Just like VM saved state images (virsh save), snapshots MUST
track the inactive domain xml to detect any ABI incompatibilities.

The indentation is not perfect, but functionality comes before form.

Later patches will actually supply a full domain; for now, this
wires up the storage to support one, but doesn't ever generate one
in dumpxml output.

Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
from read-only connections, even though before this patch, there was
no information to be secured by the use of that flag.

And while we're at it, mark the libvirt snapshot metadata files
as internal-use only.

* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
Update signature.
* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
(virDomainSnapshotDefParseString): Optionally parse domain.
(virDomainSnapshotDefFormat): Output full domain.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
(esxDomainSnapshotGetXMLDesc): Update callers.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
(vboxDomainSnapshotGetXMLDesc): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
(qemuDomainSnapshotWriteMetadata): Likewise.
* docs/formatsnapshot.html.in: Rework doc example.
Based on a patch by Philipp Hahn.
2011-09-03 08:09:35 -06:00
Eric Blake
e2fb96d92b snapshot: prevent migration from stranding snapshot data
Migration is another case of stranding metadata.  And since
snapshot metadata is arbitrarily large, there's no way to
shoehorn it into the migration cookie of migration v3.

This patch consolidates two existing locations for migration
validation into one helper function, then enhances that function
to also do the new checks.  If we could always trust the source
to validate migration, then the destination would not have to
do anything; but since older servers that did not do checking
can migrate to newer destinations, we have to repeat some of
the same checks on the destination; meanwhile, we want to
detect failures as soon as possible.  With migration v2, this
means that validation will reject things at Prepare on the
destination if the XML exposes the problem, otherwise at Perform
on the source; with migration v3, this means that validation
will reject things at Begin on the source, or if the source
is old and the XML exposes the problem, then at Prepare on the
destination.

This patch is necessarily over-strict.  Once a later patch
properly handles auto-cleanup of snapshot metadata on the
death of a transient domain, then the only time we actually
need snapshots to prevent migration is when using the
--undefinesource flag on a persistent source domain.

It is possible to recreate snapshot metadata on the destination
with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
since if we delete the snapshot metadata prior to migration,
then we won't know the name of the current snapshot to pass
along; and if we delete the snapshot metadata after migration
and use the v3 migration cookie to pass along the name of the
current snapshot, then we need a way to bypass the fact that
this patch refuses migration with snapshot metadata present.

So eventually, we may have to introduce migration protocol v4
that allows feature negotiation and an arbitrary number of
handshake exchanges, so as to pass as many rpc calls as needed
to transfer all the snapshot xml hierarchy.

But all of that is thoughts for the future; for now, the best
course of action is to quit early, rather than get into a
funky state of stale metadata; then relax restrictions later.

* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
signature, and allow checks for both outgoing and incoming.
(qemuMigrationBegin, qemuMigrationPrepareAny)
(qemuMigrationPerformJob): Update callers.
2011-09-02 21:57:34 -06:00
Eric Blake
19f8c980ef snapshot: support new undefine flags in qemu
A nice benefit of deleting all snapshots at undefine time is that
you don't have to do any reparenting or subtree identification - since
everything goes, this is an O(n) process, whereas using multiple
virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
only doable for snapshot metadata, where we are in control of the
data being deleted; for the actual snapshots, there's too much
likelihood of something going wrong, and requiring even more API
calls to figure out what failed in the meantime, so callers are
better off deleting the snapshot data themselves one snapshot at
a time where they can deal with failures as they happen.

* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.
2011-09-02 21:57:34 -06:00
Eric Blake
3881a47088 snapshot: cache qemu-img location
As more clients start to want to know this information, doing
a PATH stat walk and malloc for every client adds up.

We are only caching the location, not the capabilities, so even
if qemu-img is updated in the meantime, it will still probably
live in the same location.  So there is no need to worry about
clearing this particular cache.

* src/qemu/qemu_conf.h (qemud_driver): Add member.
* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
(qemuFindQemuImgBinary): Add an argument, and cache result.
(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
callers.
2011-09-02 21:57:33 -06:00
Eric Blake
8055e5af82 snapshot: refactor some qemu code
Prepare for code sharing.  No semantic change.

* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
(qemuDomainSnapshotWriteMetadata)
(qemuDomainSnapshotDiscard)
(qemuDomainSnapshotForEachQcow2): Float up.
(qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
(qemuDomainSnapshotDiscardAll): ...for generic use.
(qemuDomainSnapshotDelete): Update caller.
2011-09-02 21:57:33 -06:00
Eric Blake
282fe1f08c snapshot: prevent stranding snapshot data on domain destruction
Just as leaving managed save metadata behind can cause problems
when creating a new domain that happens to collide with the name
of the just-deleted domain, the same is true of leaving any
snapshot metadata behind.  For safety sake, extend the semantic
change of commit b26a9fa9 to also cover snapshot metadata as a
reason to reject undefining an inactive domain.  A future patch
will make sure that shutdown of a transient domain automatically
deletes snapshot metadata (whether by destroy, shutdown, or
guest-initiated action).  Management apps of transient domains
should take care to capture xml of snapshots, if it is necessary
to recreate the snapshot metadata on a later transient domain
with the same name and uuid.

This also documents a new flag that hypervisors can choose to
support as a shortcut for taking care of the metadata as part of
the undefine process; however, nontrivial driver support for these
flags will be deferred to future patches.

Note that ESX and VBox can never be transient; therefore, they
do not have to worry about automatic cleanup after shutdown
(the persistent domain still remains); likewise they never
store snapshot metadata, so the undefine flag is trivial.
The nontrivial work remaining is thus in the qemu driver.

* include/libvirt/libvirt.h.in
(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
Document new limitations and flag.
* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
implementation.
* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
the limitations.
2011-09-02 21:57:33 -06:00
Eric Blake
bd18b9670f snapshot: add qemu snapshot redefine support
Redefining a qemu snapshot requires a bit of a tweak to the common
snapshot parsing code, but the end result is quite nice.

Be careful that redefinitions do not introduce circular parent
chains.  Also, we don't want to allow conversion between online
and offline existing snapshots.  We could probably do some more
validation for snapshots that don't already exist to make sure
they are even feasible, by parsing qemu-img output, but that
can come later.

* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
internal flags.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
signature to take internal flags.
* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
new public flags.
2011-09-02 21:57:33 -06:00
Eric Blake
ece197e9d4 snapshot: add qemu snapshot creation without metadata
Supporting NO_METADATA on snapshot creation is interesting - we must
still return a valid opaque snapshot object, but the user can't get
anything out of it (unless we add a virDomainSnapshotGetName()),
since it is no longer registered with the domain.

Also, virsh now tries to query for secure xml, in anticipation of
when we store <domain> xml inside <domainsnapshot>; for now, we
can trivially support it, since we have nothing secure.

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
new flag.
(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.
2011-09-02 21:57:32 -06:00
Eric Blake
6b3801b042 snapshot: identify qemu snapshot roots
Filtering for roots is pretty easy to do.

* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
(virDomainSnapshotObjListNum): Update prototype.
* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
(virDomainSnapshotObjListGetNames, virDomainSnapshotObjListCount)
(virDomainSnapshotObjListNum): Support filtering.
* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
(qemuDomainSnapshotListNames): Update callers.
2011-09-02 17:35:02 -06:00
Eric Blake
9f5e53e211 snapshot: identify which snapshots have metadata
To make it easier to know when undefine will fail because of existing
snapshot metadata, we need to know how many snapshots have metadata.

Also, it is handy to filter the list of snapshots to just those that
have no parents; document that flag now, but implement it in later patches.

* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
* src/libvirt.c (virDomainSnapshotNum)
(virDomainSnapshotListNames): Document them.
* src/esx/esx_driver.c (esxDomainSnapshotNum)
(esxDomainSnapshotListNames): Implement trivial flag.
* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
(vboxDomainSnapshotListNames): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
(qemuDomainSnapshotListNames): Likewise.
2011-09-02 16:58:36 -06:00
Eric Blake
7afa6b4129 snapshot: let qemu discard only snapshot metadata
Adding this was trivial compared to the previous patch for fixing
qemu snapshot deletion in the first place.

* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
parameter.
(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
Update callers.
2011-09-02 16:56:48 -06:00
Eric Blake
67555b2434 snapshot: simplify acting on just children
Similar to the last patch in isolating the filtering from the
client actions, so that clients don't have to reinvent the
filtering.

* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
(virDomainSnapshotForEachChild): New functions.
(virDomainSnapshotCountChildren): Delete.
(virDomainSnapshotHasChildren): Simplify.
* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
(qemuDomainSnapshotDelete): Likewise.
2011-09-02 16:09:18 -06:00
Eric Blake
90ea06b88a snapshot: track current domain across deletion of children
Deleting a snapshot and all its descendants had problems with
tracking the current snapshot.  The deletion does not necessarily
proceed in depth-first order, so a parent could be deleted
before a child, wreaking havoc on passing the notion of the
current snapshot to the parent.  Furthermore, even if traversal
were depth-first, doing multiple file writes to pass current up
the chain one snapshot at a time is wasteful, comparing to a
single update to the current snapshot at the end of the algorithm.

* src/qemu/qemu_driver.c (snap_remove): Add field.
(qemuDomainSnapshotDiscard): Add parameter.
(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
(qemuDomainSnapshotDelete): Properly reset current.
2011-09-02 16:07:41 -06:00
Eric Blake
cb231b4bee snapshot: avoid crash when deleting qemu snapshots
This one's nasty.  Ever since we fixed virHashForEach to prevent
nested hash iterations for safety reasons (commit fba550f6),
virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
has been broken for qemu: it deletes children, while leaving
grandchildren intact but pointing to a no-longer-present parent.
But even before then, the code would often appear to succeed to
clean up grandchildren, but risked memory corruption if you have
a large and deep hierarchy of snapshots.

For acting on just children, a single virHashForEach is sufficient.
But for acting on an entire subtree, it requires iteration; and
since we declared recursion as invalid, we have to switch to a
while loop.  Doing this correctly requires quite a bit of overhaul,
so I added a new helper function to isolate the algorithm from the
actions, so that callers do not have to reinvent the iteration.

Note that this _still_ does not handle CHILDREN correctly if one
of the children is the current snapshot; that will be next.

* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
(virDomainSnapshotForEachDescendant): New prototype.
* src/libvirt_private.syms (domain_conf.h): Export it.
* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
(virDomainSnapshotActOnDescendant)
(virDomainSnapshotForEachDescendant): New functions.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
Replace...
(qemuDomainSnapshotDiscardDescenent): ...with callback that
doesn't nest hash traversal.
(qemuDomainSnapshotDelete): Use new function.
2011-09-02 16:04:32 -06:00
Eric Blake
7dc44eb059 snapshot: fine-tune qemu snapshot revert states
For a system checkpoint of a running or paused domain, it's fairly
easy to honor new flags for altering which state to use after the
revert.  For an inactive snapshot, the revert has to be done while
there is no qemu process, so do back-to-back transitions; this also
lets us revert to inactive snapshots even for transient domains.

* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
flags.
2011-09-02 12:33:37 -06:00
Eric Blake
25fb3ef1e1 snapshot: properly revert qemu to offline snapshots
Commit 5e47785 broke reverts to offline system checkpoint snapshots
with older qemu, since there is no longer any code path to use
qemu -loadvm on next boot.  Meanwhile, reverts to offline system
checkpoints have been broken for newer qemu, both before and
after that commit, since -loadvm no longer works to revert to
disk state without accompanying vm state.  Fix both of these by
using qemu-img to revert disk state.

Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
over all disks of a VM into one function, so that any future
algorithmic fixes to the FIXMEs in that function after partial
loop iterations are dealt with at once.  That does mean that this
patch doesn't handle partial reverts very well, but we're not
making the situation any worse in this patch.

* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
(qemuDomainSnapshotRevertInactive): New helper.
(qemuDomainSnapshotCreateInactive): Factor guts...
(qemuDomainSnapshotForEachQcow2): ...into new helper.
(qemuDomainSnapshotDiscard): Use it.
2011-09-02 12:30:11 -06:00
Eric Blake
88fe7a4ba5 snapshot: improve reverting to qemu paused snapshots
If you take a checkpoint snapshot of a running domain, then pause
qemu, then restore the snapshot, the result should be a running
domain, but the code was leaving things paused.  Furthermore, if
you take a checkpoint of a paused domain, then run, then restore,
there was a brief but non-deterministic window of time where the
domain was running rather than paused.  Fix both of these
discrepancies by always pausing before restoring.

Also, check that the VM is active every time lock is dropped
between two monitor calls.

Finally, straighten out the events that get emitted on each
transition.

* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
pause before reversion, and improve events.
2011-09-02 12:05:08 -06:00
Eric Blake
7381aaff33 snapshot: fine-tune qemu saved images starting paused
Implement the new running/paused overrides for saved state management.

Unfortunately, for virDomainSaveImageDefineXML, the saved state
updates are write-only - I don't know of any way to expose a way
to query the current run/pause setting of an existing save image
file to the user without adding a new API or modifying the domain
xml of virDomainSaveImageGetXMLDesc to include a new element to
reflect the state bit encoded into the save image.  However, I
don't think this is a show-stopper, since the API is designed to
leave the state bit alone unless an explicit flag is used to
change it.

* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
(qemuDomainSaveImageOpen): Adjust signature.
(qemuDomainSaveFlags, qemuDomainManagedSave)
(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
callers.
2011-09-02 10:00:06 -06:00
Eric Blake
c1ff5dc63d snapshot: better events when starting paused
There are two classes of management apps that track events - one
that only cares about on/off (and only needs to track EVENT_STARTED
and EVENT_STOPPED), and one that cares about paused/running (also
tracks EVENT_SUSPENDED/EVENT_RESUMED).  To keep both classes happy,
any transition that can go from inactive to paused must emit two
back-to-back events - one for started and one for suspended (since
later resuming of the domain will only send RESUMED, but the first
class isn't tracking that).

This also fixes a bug where virDomainCreateWithFlags with the
VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
from a managed save image.

* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
(qemuDomainSaveImageStartVM): Likewise, and add parameter.
(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
starting paused.
(qemuDomainObjRestore): Add parameter.
(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
* examples/domain-events/events-c/event-test.c
(eventDetailToString): Map new detail strings.
2011-09-02 10:00:06 -06:00
Marc-André Lureau
162efa1a7c Add "redirdev" redirection device
- create a new "redirdev" element for this purpose
2011-09-02 23:39:03 +08:00
Marc-André Lureau
fdd14a9d05 qemu: Don't append 0 at usb id, so that it is compatible with legacy -usb
QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
If we want to allow USB devices to specify their addresses with legacy
-usb, we should either in case of legacy bus name drop the 0 from the
address bus, or just drop the 0 from device id. This patch does the
later.

Another solution would be to permit addressing on non-legacy USB
controllers only.
2011-09-02 23:39:03 +08:00
Marc-André Lureau
f35bbf7be7 qemu: don't reserve slot 1 if a PIIX3 USB controller is defined there
Applies only to piix3 and check if piix3 controller is on correct
address, or report error
2011-09-02 23:39:03 +08:00
Marc-André Lureau
31710a5389 Modify USB port to be defined as a port path
So that devices can be attached to hubs. Example, to attach to first
port of a usb-hub on port 1.

      <hub type='usb'>
         <address type='usb' bus='0' port='1'/>
      </hub>

      <input type='mouse' type='usb'>
         <address type='usb' bus='0' port='1.1'/>
      </hub>

also add a test entry
2011-09-02 23:39:03 +08:00
Marc-André Lureau
fdabeb3c5f Add USB hub device
domain parsing and serialization code, qemu driver backend and
a couple of test
2011-09-02 23:38:52 +08:00
Marc-André Lureau
f3ce59621f Add USB companion controllers support
Companion controllers take an extra 'master' attribute to associate
them.

Also add tests for this
2011-09-02 23:22:56 +08:00
Marc-André Lureau
22c0d433ab USB devices gain a new USB address child element
Expand the domain and the QEmu driver code
Adds a couple of tests
2011-09-02 23:22:56 +08:00
Marc-André Lureau
d6d54cd19e Add a new controller type 'usb' with optionnal 'model'
The model by default is piix3-uchi.

Example:
<controller type='usb' index='0' model='ich9-ehci'/>
2011-09-02 23:22:56 +08:00
Marc-André Lureau
329f907b99 Add various USB devices QEMU_CAPS 2011-09-02 23:22:56 +08:00
Eric Blake
c554f6e18b snapshot: fix corner case on OOM during creation
Commit 6766ff10 introduced a corner case bug with snapshot creation:
if a snapshot is created, but then we hit OOM while trying to
create the return value of the function, then we have polluted the
internal directory with the snapshot metadata with no way to clean
it up from the running libvirtd.

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
write metadata file on OOM condition.
2011-09-02 08:50:01 -06:00
Osier Yang
6ee52c1b76 Add directsync cache mode support for disk driver
Newer QEMU introduced cache=directsync for -drive, this patchset
is to expose it in libvirt layer.

  * Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
    As even $prefix_CACHE_V2 is set, we can't known if directsync
    is supported.
2011-09-02 21:36:58 +08:00
Eric Blake
55d88def95 qemu: detect incomplete save files
Several users have reported problems with 'virsh start' failing because
it was encountering a managed save situation where the managed save file
was incomplete.  Be more robust to this by using two different magic
numbers, so that newer libvirt can gracefully handle an incomplete file
differently than a complete one, while older libvirt will at least fail
up front rather than trying to load only to have qemu fail at the end.

Managed save is a convenience - it exists to preserve as much state
as possible; if the state was not preserved, it is reasonable to just
log that fact, then proceed with a fresh boot.  On the other hand,
user saves are under user control, so we must fail, but by making
the failure message distinct, the user can better decide how to handle
the situation of an incomplete save file.

* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
(qemuDomainSaveInternal): Use it to mark incomplete images.
(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
that controls what to do with partial images.
(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
Based on an initial idea by Osier Yang.
2011-09-01 22:08:13 -06:00
Eric Blake
449ae9c2f1 qemu: refactor file opening
In a SELinux or root-squashing NFS environment, libvirt has to go
through some hoops to create a new file that qemu can then open()
by name.  Snapshots are a case where we want to guarantee an empty
file that qemu can open; also, reopening a save file to convert it
from being marked partial to complete requires a reopen to avoid
O_DIRECT headaches.  Refactor some existing code to make it easier
to reuse in later patches.

* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
the stat, rather than asking caller to do it and pass info down.
* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
(qemuDomainSaveInternal): ...here.
(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.
2011-09-01 22:08:13 -06:00
Wen Congyang
deff02a365 reserve slot 1 on pci bus0
After supporting multi function pci device, we only reserve function 1 on slot 1.
The user can use the other function on slot 1 in the xml config file. We should
detect this wrong usage.
2011-09-02 11:33:04 +08:00
Adam Litke
d4b9e06256 BlockPull: Set initial bandwidth limit if specified
The libvirt BlockPull API supports the use of an initial bandwidth limit but the
qemu block_stream API does not.  To get the desired behavior we use the two APIs
strung together: first BlockPull, then BlockJobSetSpeed.  We can do this at the
driver level to avoid duplicated code in each monitor path.

Signed-off-by: Adam Litke <agl@us.ibm.com>
2011-09-01 20:11:50 -06:00
Adam Litke
78d9325d1e BlockJob: Bandwidth parameter is in MB when using text monitor
Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
to block_job_set_speed are different between the text monitor and the qmp
monitor.  While the qmp monitor uses bytes/s, the text monitor expects MB/s.

Correct the units for the text interface.

Signed-off-by: Adam Litke <agl@us.ibm.com>
2011-09-01 20:11:50 -06:00
Osier Yang
6f2581edd7 qemu: Fix a regression of domain save
* src/qemu/qemu_driver.c - qemuDomainSaveInternal: Return directly
will keep the domain object locked, introduced by 173015bec6.
2011-09-01 17:38:20 +08:00
Daniel P. Berrange
64bdec3841 Fix sanlock socket security labelling
It is not possible to change the label of a TCP socket once it
has been opened. When creating a TCP socket care must be taken
to ensure the socket creation label is set & then cleared.
Remove the bogus call to virSecurityManagerSetProcessFDLabel
from the lock driver guest setup code and instead make use of
virSecurityManagerSetSocketLabel
2011-08-31 11:07:31 +01:00
Eric Blake
173015bec6 snapshot: forbid snapshot on autodestroy domain
There is no reason to forbid pausing an autodestroy domain
(not to mention that 'virsh start --paused --autodestroy'
succeeds in creating a paused autodestroy domain).

Meanwhile, qemu was failing to enforce the API documentation that
autodestroy domains cannot be saved.  And while the original
documentation only mentioned save/restore, snapshots are another
form of saving that are close enough in semantics as to make no
sense on one-shot domains.

* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
saves of autodestroy domains.
* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
Document snapshot interaction.
2011-08-30 11:03:54 -06:00
Philipp Hahn
4521ffabeb Fix error detection in device change
According to qemu-kvm/qerror.c all messages start with a capital
"Device ", but the current code only scans for the lower case "device ".
This results in "virDomainUpdateDeviceFlags()" to not detect locked
CD-ROMs and reporting success even in the case of a failure:
	# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
	Device 'drive-ide0-0-0' is locked
	# virsh update-device "$VM" /dev/stdin <<<"<disk type='file' device='cdrom'><driver name='qemu' type='raw'/><source file='/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso'/><target dev='hda' bus='ide'/><readonly/><alias name='ide0-0-0'/><address type='drive' controller='0' bus='0' unit='0'/></disk>"
	Device updated successfully

Signed-off-by: Philipp Hahn <hahn@univention.de>
2011-08-30 10:32:13 -06:00
Eric Blake
27c8526053 start: allow discarding managed save
There have been several instances of people having problems with
a broken managed save file, and not aware that they could use
'virsh managedsave-remove dom' to fix things.  Making it possible
to do this as part of starting a domain makes the same functionality
easier to find, and one less API call.

* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
flag.
* src/libvirt.c (virDomainCreateWithFlags): Document it.
* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
* tools/virsh.c (cmdStart): Expose it in virsh.
* tools/virsh.pod (start): Document it.
2011-08-30 09:26:47 -06:00
Eric Blake
e6b8bc812a qemu: properly label outgoing pipe for tunneled migration
Commit 3261761 made it possible to use pipes instead of sockets
for outgoing tunneled migration; however, it caused a regression
because the pipe was never given a SELinux label.

* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.
2011-08-30 09:15:26 -06:00
KAMEZAWA Hiroyuki
709b4c500d Fix persistent migration config save
When a user migrates a domain by command as

libvirt saves vm's domain XML config in destination host after migration.
But it saves vm->def. Then, the saved XML contains some garbage.

  <domain type='kvm' id='50'>
                     ^^^^^^^^
  ...
   <console type='pty' tty='/dev/pts/5'>
                       ^^^^^^^^^^^^^^^^^

Avoid saving unnecessary things by saving persistent vm definition.
2011-08-26 09:45:57 -06:00
Daniel P. Berrange
6b434da6bf Detect errors from the 'sendkey' command
On success, the 'sendkey' command does not return any data, so
any data in the reply should be considered to be an error
message

* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
  error message for 'sendkey' command
2011-08-26 14:18:57 +01:00
Daniel P. Berrange
ce93f64b1e Fix keymap used to talk with QEMU
The QEMU 'sendkey' command expects keys to be encoded in the same
way as the RFB extended keycode set. Specifically it wants extended
keys to have the high bit of the first byte set, while the Linux
XT KBD driver codeset uses the low bit of the second byte. To deal
with this we introduce a new keymap 'RFB' and use that in the QEMU
driver

* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
  set from the XT KBD set
* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
  verify check on cardinality of the codeOffset table
2011-08-26 14:18:57 +01:00
Jiri Denemark
855f768996 qemu: Correctly label migration TCP socket 2011-08-26 11:52:54 +02:00
Jiri Denemark
4c85d96f27 security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
The APIs are designed to label a socket in a way that the libvirt daemon
itself is able to access it (i.e., in SELinux the label is virtd_t based
as opposed to svirt_* we use for labeling resources that need to be
accessed by a vm). The new name reflects this.
2011-08-26 11:51:09 +02:00
Eric Blake
6766ff10dd snapshot: track current snapshot across restarts
Audit all changes to the qemu vm->current_snapshot, and make them
update the saved xml file for both the previous and the new
snapshot, so that there is always at most one snapshot with
<active>1</active> in the xml, and that snapshot is used as the
current snapshot even across libvirtd restarts.

This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
where one of the children is the current snapshot; that will be later.

* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
type and name.
* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
(virDomainSnapshotDefFormat): Update clients.
* docs/schemas/domainsnapshot.rng: Tighten rng.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
snapshot.
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDiscard): Track current snapshot.
2011-08-25 15:11:03 -06:00
Eric Blake
5e47785b85 snapshot: only pass snapshot to qemu command line when reverting
Changing the current vm, and writing that change to the file
system, all before a new qemu starts, is risky; it's hard to
roll back if starting the new qemu fails for some reason.
Instead of abusing vm->current_snapshot and making the command
line generator decide whether the current snapshot warrants
using -loadvm, it is better to just directly pass a snapshot all
the way through the call chain if it is to be loaded.

This frees up the last use of snapshot->def->active for qemu's
use, so the next patch can repurpose that field for tracking
which snapshot is current.

* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
field of snapshot.
* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
callers.
* src/qemu/qemu_driver.c (qemudDomainCreate)
(qemuDomainSaveImageStartVM, qemuDomainObjStart)
(qemuDomainRevertToSnapshot): Likewise.
(qemuDomainSnapshotSetCurrentActive)
(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.
2011-08-25 15:07:57 -06:00
Eric Blake
861dc84bb5 snapshot: don't leak resources on qemu snapshot failure
https://bugzilla.redhat.com/show_bug.cgi?id=727709
mentions that if qemu fails to create the snapshot (such as what
happens on Fedora 15 qemu, which has qmp but where savevm is only
in hmp, and where libvirt is old enough to not try the hmp fallback),
then 'virsh snapshot-list dom' will show a garbage snapshot entry,
and the libvirt internal directory for storing snapshot metadata
will have a bogus file.

This fixes the fallout bug of polluting the snapshot-list with
garbage on failure (the root cause of the F15 bug of not having
fallback to hmp has already been fixed in newer libvirt releases).

* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
memory before making snapshot, and cleanup on failure.  Don't
dereference NULL if transient domain exited during snapshot creation.
2011-08-25 14:01:36 -06:00
Alex Jia
d69d321086 qemu: avoid dead store in doPeer2PeerMigrate3
* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
  clang warning.

Detected by ccc-analyzer:

  CC     libvirt_driver_qemu_la-qemu_migration.lo
qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
    ret = qemuMigrationConfirm(driver, sconn, vm,
    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2011-08-25 13:28:08 -06:00
Shradha Shah
7ae740fcb1 qemu: fix off-by-one in pci slot reservation
Signed-off-by: Steve Hodgson <shodgson@solarflare.com>
2011-08-24 10:49:02 -06:00
Shradha Shah
c0f025b8ba pci: fix pciDeviceListSteal on multiple devices
pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
the length of pcidevs, so moving onto what was the next dev is wrong.

Instead callers should pop entry 0 repeatedly until pcidevs is empty.

Signed-off-by: Steve Hodgson <shodgson@solarflare.com>
Signed-off-by: Shradha Shah <sshah@solarflare.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2011-08-24 10:31:29 -06:00
Osier Yang
10b100240f qemu: Report error if qemu monitor command not found for BlockJob
* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
  report the error.

* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
  it prints the output of "help info", for other commands,
  "unknown command" is printed.

Without this patch, libvirt always report:

  An error occurred, but the cause is unknown

This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
break out detection of unrecognized text monitor commands into a separate
function.

Signed-off-by: Adam Litke <agl@us.ibm.com>
2011-08-24 14:39:42 +08:00
Eric Blake
3a52b864dd maint: fix comment typos
* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Fix typo.
* src/conf/domain_event.c (virDomainEventDispatchMatchCallback):
Likewise.
* daemon/libvirtd.c (daemonRunStateInit): Likewise.
* src/lxc/lxc_container.c (lxcContainerChildMountSort): Likewise.
* src/util/virterror.c (virCopyError, virRaiseErrorFull): Likewise.
* src/xenxs/xen_sxpr.c (xenParseSxprSound): Likewise.
2011-08-23 11:31:28 -06:00
Osier Yang
4340b3ba40 qemu: Cleanup improper VIR_ERR_NO_SUPPORT use
* src/qemu/qemu_command.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_CONFIG_UNSUPPORTED/

* src/qemu/qemu_driver.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

* src/qemu/qemu_process.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/
2011-08-23 16:23:10 +08:00
Osier Yang
825d91cd31 qemu: Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_OPERATION_INVALID
* src/qemu/qemu_monitor_text.c: Error like "this function is not
supported by the connection driver" is confused obviously.
2011-08-23 14:59:16 +08:00
Eric Blake
d89dd42d51 maint: simplify lots of libxml2 clients
Repetitive patterns should be factored.  The sign of a good
factorization is a change that kills 5x more lines than it adds :)

* src/conf/domain_conf.c (virDomainDeviceDefParse)
(virDomainSnapshotDefParseString): Use new convenience macros.
* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
Likewise.
* src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
* src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
Likewise.
* src/security/virt-aa-helper.c (caps_mockup): Likewise.
* src/test/test_driver.c (testOpenFromFile): Likewise.
* tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
Likewise.
* tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
(cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
(cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
(cmdSnapshotList, cmdSnapshotParent): Likewise.
2011-08-19 09:13:55 -06:00
Osier Yang
aaa93ab6fa qemu: Allow to undefine a running domain 2011-08-19 21:49:37 +08:00
Osier Yang
4ffa7530a4 qemu: Get memory balloon info correctly for text monitor
* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
"balloon: actual=", which cause "actual=" is stripped early before
the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
and modifies related functions, also renames
"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
as after the changing, it parses all the info returned by "info balloon".
2011-08-19 21:34:59 +08:00
Tom Vijlbrief
108ca33357 qemu: disk migration verbose progress
A virsh command like:

migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
--persistent --verbose

shows

Migration: [  0 %]

during the storage copy and does not start counting
until the ram transfer starts

Fix this by scraping optional disk transfer status, and adding it
into the progress meter.
2011-08-17 08:01:12 -06:00
Osier Yang
2ce90ea296 qemu: Init reattaching related members of pciDevice before reattach
Otherwise the device will still be bound to pci-stub driver even
it's set as "managed=yes" when do detaching. Of course, it won't
triger any driver reprobing too.
2011-08-17 20:58:33 +08:00
Laine Stump
73c0a148af qemu: support event_idx parameter for virtio disk and net devices
In some versions of qemu, both virtio-blk-pci and virtio-net-pci
devices can have an event_idx setting that determines some details of
event processing. When it is enabled, it "reduces the number of
interrupts and exits for the guest". qemu will automatically enable
this feature when it is available, but there may be cases where this
new feature could actually make performance worse (NB: no such case
has been found so far).

As a safety switch in case such a situation is encountered in the
field, this patch adds a new attribute "event_idx" to the <driver>
element of both disk and interface devices. event_idx can be set to
"on" (to force event_idx on in case qemu has it disabled by default)
or "off" (for force event_idx off). In the case that event_idx support
isn't present in qemu, the attribute is ignored (this on the advice of
the qemu developer).

docs/formatdomain.html.in: document the new flag (marking it as
   "don't mess with this!"
docs/schemas/domain.rng: add event_idx in appropriate places
src/conf/domain_conf.[ch]: add event_idx to parser and formatter
src/libvirt_private.syms: export
   virDomainVirtioEventIdx(From|To)String
src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
   disk/net
src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
    when appropriate.
tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
tests/qemuxml2argvtest.c,
tests/qemuxml2xmltest.c: test cases for event_idx.
2011-08-15 09:35:42 -04:00
Peter Krempa
d17101e011 qemu: error message should show uri instead of (null)
Fix pointer for error message uri if domain migration fails.

BZ# 730244
2011-08-15 15:30:03 +02:00
Jiri Denemark
3261761794 qemu: Use fd: protocol for migration
By opening a connection to remote qemu process ourselves and passing the
socket to qemu we get much better errors than just "migration failed"
when the connection is opened by qemu.
2011-08-15 15:21:31 +02:00
Jiri Denemark
e8989ae4e2 qemu: Use virNetSocket for tunneled migration 2011-08-15 15:21:31 +02:00
Jiri Denemark
52e2918ae1 qemu: Refactor do{Tunnel,Native}Migrate functions
The core of these two functions is very similar and most of it is even
exactly the same. Factor out the core functionality into a separate
function to remove code duplication and make further changes easier.
2011-08-15 15:21:31 +02:00
Daniel P. Berrange
f80a4ed77a Move pidfile functions into util/virpidfile.{c,h}
The functions for manipulating pidfiles are in util/util.{c,h}.
We will shortly be adding some further pidfile related functions.
To avoid further growing util.c, this moves the pidfile related
functions into a dedicated virpidfile.{c,h}. The functions are
also all renamed to have 'virPidFile' as their name prefix

* util/util.h, util/util.c: Remove all pidfile code
* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
  handling.
* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
  qemu/qemu_process.c: Add virpidfile.h include and adapt for API
  renames
2011-08-12 20:37:00 +01:00
Eric Blake
398ce48d5c qemu: silence clang false positive
Our logic throws off analyzer tools:

ptr var = NULL;
if (flags == 0) flags = live ? _LIVE : _CONFIG;
if (flags & _LIVE) do stuff
if (flags & _CONFIG) var = non-null;
if (flags & _LIVE) do more stuff
else if (flags & _CONFIG) use var

the tools keep thinking that var can still be NULL in the last
if clause, adding the hint shuts them up.

* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
static analysis hint.
2011-08-11 13:04:25 -06:00
Cole Robinson
d30d572650 qemu: Fix -chardev udp if parameters are omitted
The following XML:

    <serial type='udp'>
      <source mode='connect' service='9999'/>
    </serial>

is accepted by domain_conf.c but maps to the qemu command line:

-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)

qemu can cope with everything omitting except the connection port, which
seems to also be the intent of domain_conf validation, so let's not
generate bogus command lines for that case.
The defaults are empty strings for addresses and 0 for the localport

Additionally, tweak the qemu cli parsing to handle omitted host
parameters
for -serial udp
2011-08-11 15:19:51 +08:00
Eric Blake
0de75e855b managedsave: prohibit use on transient domains
Transient domains reject attempts to set autostart, and using
virDomainCreate to restart a domain only works on persistent
domains.  Therefore, managed save makes no sense on transient
domains, and should be rejected up front rather than creating
an otherwise unrecoverable managed save file.

Besides, transient domains imply that a lot more management is
being done by the upper layer; this includes the assumption
that the upper layer is okay managing the saved state file
created by virDomainSave, and does not need to use managed save.

* src/libvirt.c: Document that transient domains are incompatible
with managed save.
* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.
2011-08-10 21:50:02 -06:00
Eric Blake
cdbb27e3bb qemu: minor formatting cleanup
I noticed some inconsistent use of 'else'.

* src/qemu/qemu_driver.c (qemuCPUCompare)
(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDiscard): Match coding conventions.
2011-08-10 09:21:56 -06:00
Philipp Hahn
839a5295ef Fix memory leak while scanning snapshots
If a snapshot with the name already exists, virDomainSnapshotAssignDef()
just returns NULL, in which case the snapshot definition is leaked.
Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
is only called once during initial startup of libvirtd.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2011-08-09 10:13:33 -06:00
Jiri Denemark
63e4af45f2 qemu: Avoid overwriting errors from virGetHostname 2011-08-05 18:36:14 +02:00
Eric Blake
5ef1b6c54a qemu: avoid crash on process attach
Detected by ccc-analyzer, reported by Alex Jia.

qemuProcessStart always calls qemuProcessWaitForMonitor with a
non-negative position, but qemuProcessAttach always calls with -1.
In the latter case, there is no log file we can scrape, so we
also should not be trying to scrape the logs if the qemu process
died at the very end.

* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
to read from log in qemuProcessAttach case.
2011-08-04 14:18:14 -06:00
Alex Jia
2c4d7b5fa4 qemu: avoid dead store in qemuMonitorTextBlockJob
Value stored to 'ret' is never read, so remove this dead assignment.

* src/qemu/qemu_monitor_text.c: kill dead assignment.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-08-04 08:09:31 -06:00
Alex Jia
2280447962 qemu: avoid dead store in qemuProcessStart
Value stored to 'ret' is never read, in fact, 'cleanup' section will
directly return -1 when function is fail, so remove this dead assignment.

* src/qemu/qemu_process.c: kill dead assignment.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-08-04 08:02:31 -06:00
Eric Blake
f768b4c3e9 qemu: silence coverity false positives
Coverity gets confused by our logic.  Add some hints to silence
false positives.

* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo): Add hint.
(qemuDomainGetMemoryParameters): Likewise.
2011-08-02 16:45:23 -06:00
Eric Blake
2ea9409a88 qemu: avoid memory leaks
Quite a few leaks detected by coverity.  For chr, the leaks were
close enough to the allocations to plug in place; for disk, the
leaks were separated from the allocation by enough other lines with
intermediate failure cases that I refactored the cleanup instead.

* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.
2011-08-02 16:33:46 -06:00
Eric Blake
0c1813f4c9 qemu: plug child process leak on domain core dump
Detected by Coverity.  Leak introduced by typo in commit 58e668d2.

* src/qemu/qemu_driver.c (doCoreDump): Use correct function.
2011-08-02 15:10:50 -06:00
Eric Blake
9a87657a31 qemu: remove dead code
Warning detected by Coverity.  No need for the NULL check, and
removing it silences the warning without any semantic change.

* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
endjob had non-NULL vm.
2011-08-02 15:10:50 -06:00
Eric Blake
9160573d32 qemu: avoid null deref on block pull error
Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
for a NULL return; and that by not checking we risk a null deref
during an error.  The error is unlikely since the prior call to
virJSONValueArraySize would probably have already caught any botched
JSON array parse, but better safe than sorry.

* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
Check for NULL.
(qemuMonitorJSONExtractPtyPaths): Fix typo.
2011-08-02 15:04:36 -06:00
Eric Blake
00ef048f62 fdstream: drop delete argument
Revert 6a1f5f568f.  Now that libvirt_iohelper takes fds by
inheritance rather than by open() (commit 1eb66479), there is
no longer a race where the parent can unlink() a file prior to
the iohelper open()ing the same file.  From there, it makes
more sense to have the callers both create and unlink, rather
than the caller create and the stream unlink, since the latter
was only needed when iohelper had to do the unlink.

* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
Callers are responsible for deletion.
* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
file on failure.
(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemuDomainOpenConsole): Likewise.
* src/storage/storage_driver.c (storageVolumeDownload)
(storageVolumeUpload): Likewise.
* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
2011-08-02 14:53:43 -06:00
Eric Blake
440d6b6a0b screenshot: don't unlink bogus file
The previous qemu patch could end up calling unlink(tmp) before
tmp was the name of a valid file (unlinking a fileXXXXXX template
instead), or calling unlink(tmp) twice on success (once here,
and once at the end of the stream).  Meanwhile, vbox also suffered
from the same leaked tmp file bug.

* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
success, or on invalid name.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.
2011-08-02 13:10:35 -06:00
Michal Privoznik
d68b97c8a6 qemu: Unlink temporary file on failure
Although virFDStreamOpenFile will unlink it once opened, when we hit
error path, we must unlink it by hand.
2011-08-02 10:21:08 -06:00
Eric Blake
193cd0f3c8 qemu: fix crash when mixing sync and async monitor jobs
Currently, we attempt to run sync job and async job at the same time. It
means that the monitor commands for two jobs can be run in any order.

In the function qemuDomainObjEnterMonitorInternal():
    if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
        if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
We check whether the caller is an async job by priv->job.active and
priv->job.asynJob. But when an async job is running, and a sync job is
also running at the time of the check, then priv->job.active is not
QEMU_JOB_NONE. So we cannot check whether the caller is an async job
in the function qemuDomainObjEnterMonitorInternal(), and must instead
put the burden on the caller to tell us when an async command wants
to do a nested job.

Once the burden is on the caller, then only async monitor enters need
to worry about whether the VM is still running; for sync monitor enter,
the internal return is always 0, so lots of ignore_value can be dropped.

* src/qemu/THREADS.txt: Reflect new rules.
* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
prototype.
* src/qemu/qemu_process.h (qemuProcessStartCPUs)
(qemuProcessStopCPUs): Add parameter.
* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
(qemuMigrationWaitForCompletion): Make static.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
parameter.
(qemuDomainObjEnterMonitorAsync): New function.
(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
Update callers.
* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
Likewise.
* src/qemu/qemu_process.c (qemuProcessStopCPUs)
(qemuProcessFakeReboot, qemuProcessRecoverMigration)
(qemuProcessRecoverJob, qemuProcessStart): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationToFile)
(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
(qemuMigrationPerformPhase, qemuMigrationFinish)
(qemuMigrationConfirm): Likewise.
* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.
2011-08-01 09:41:57 -06:00
Alex Jia
c03f7f1358 qemu: fix return value issue
whether or not previous return value is -1, the following codes will be
executed for a inactive guest in src/qemu/qemu_driver.c:
ret = virDomainSaveConfig(driver->configDir, persistentDef);
and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
will be overwritten, this patch will fix this issue.

* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
  in out of blkio weight range for a inactive guest.

* how to reproduce?
  % virsh blkiotune ${guestname} --weight 10
  % echo $?

  Note: guest must be inactive, argument 10 in out of blkio weight range,
  and can get a error information by checking libvirtd.log, however,
  virsh hasn't raised any error information, and return value is 0.

  https://bugzilla.redhat.com/show_bug.cgi?id=726304

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-08-01 09:40:13 -06:00
Alex Jia
868453db1e qemu: fix return value issue in qemuDomainSetMemoryParameters
whether or not previous return value is -1, the following codes will be
executed for a inactive guest in qemuDomainSetMemoryParameters:
ret = virDomainSaveConfig(driver->configDir, persistentDef);
and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
will be overwritten, this patch will fix this issue.

* src/qemu/qemu_driver.c: avoid return value is overwritten when set
  min_guarante value to a inactive guest.

* how to reproduce?
  % virsh memtune ${guestname} --min_guarante 1024
  % echo $?

  Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
  in memory tunable, and I can get the error when check actual libvirtd.log,
  however, virsh hasn't raised any error information, and return value is 0.

Signed-off-by: Alex Jia <ajia@redhat.com>
2011-08-01 09:21:33 -06:00
Guannan Ren
2f6239d068 Correct the default value of lock_manager in qemu.conf
* src/qemu/qemu.conf: switch back the comment for the default lock
  manager to sanlock
2011-08-01 21:15:46 +08:00
Osier Yang
f362a99a53 qemu: Fix a regression of domjobabort
Introduced by f9a837da73, the condition is not changed after
the else clause is removed. So now it quit with "domain is not
running" when the domain is running. However, when the domain is
not running, it reports "no job is active".

How to reproduce:

1)
% virsh start $domain
% virsh domjobabort $domain
error: Requested operation is not valid: domain is not running

2)
% virsh destroy $domain
% virsh domjobabort $domain
error: Requested operation is not valid: no job is active on the domain

3)
% virsh save $domain /tmp/$domain.save

Before above commands finished, try to abort job in another terminal

% virsh domabortjob $domain
error: Requested operation is not valid: domain is not running
2011-08-01 19:41:07 +08:00
Eric Blake
dd20328fbb conf: make 'vnet' prefix a macro
Using a macro ensures that all the code is looking for the same
prefix.

* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
Suggested by Laine Stump.
2011-07-29 16:08:54 -06:00
Eric Blake
f0a5eaf35f save: let qemu driver manipulate save files
The goal here is that save-image-dumpxml fed back to
save-image-define should not change the save file; anywhere that
this is not the case is probably a bug in domain_conf.c.

* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
(qemuDomainSaveImageDefineXML): New functions.
(qemuDomainSaveImageOpen): Add parameter.
(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.
2011-07-28 15:39:14 -06:00
Eric Blake
0ea479f8f6 save: support qemu modifying xml on domain save/restore
With this, it is possible to update the path to a disk backing
image on either the save or restore action, without having to
binary edit the XML embedded in the state file.

This also modifies virDomainSave to output a smaller xml (only
the inactive xml, which is all the more virDomainRestore parses),
while still guaranteeing padding for most typical abi-compatible
xml replacements, necessary so that the next patch for
virDomainSaveImageDefineXML will not cause unnecessary
modifications to the save image file.

* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
only use inactive state, and guarantee padding.
(qemuDomainSaveImageOpen): Add parameter.
(qemuDomainSaveFlags, qemuDomainManagedSave)
(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.
2011-07-28 15:31:08 -06:00
Laine Stump
99e4b30b39 qemu: support type=network in domain graphics <listen>
The domain XML now understands the <listen> subelement of its
<graphics> element (including when listen type='network'), and the
network driver has an internal API that will turn a network name into
an IP address, so the final logical step is to put the glue into the
qemu driver so that when it is starting up a domain, if it finds
<listen type='network' network='xyz'/> in the XML, it will call the
network driver to get an IPv4 address associated with network xyz, and
tell qemu to listen for vnc (or spice) on that address rather than the
default address (localhost).

The motivation for this is that a large installation may want the
guests' VNC servers listening on physical interfaces rather than
localhost, so that users can connect directly from the outside; this
requires sending qemu the appropriate IP address to listen on. But
this address will of course be different for each host, and if a guest
might be migrated around from one host to another, it's important that
the guest's config not have any information embedded in it that is
specific to one particular host. <listen type='network.../> can solve
this problem in the following manner:

  1) on each host, define a libvirt network of the same name,
     associated with the interface on that host that should be used
     for listening (for example, a simple macvtap network: <forward
     mode='bridge' dev='eth0'/>, or host bridge network: <forward
     mode='bridge'/> <bridge name='br0'/>

  2) in the <graphics> element of each guest's domain xml, tell vnc to
     listen on the network name used in step 1:

     <graphics type='vnc' port='5922'>
       <listen type='network'network='example-net'/>
     </graphics>

(all the above also applies for graphics type='spice').
2011-07-28 13:46:50 -04:00
Laine Stump
ef79fb5b5f conf: add <listen> subelement to domain <graphics> element
Once it's plugged in, the <listen> element will be an optional
replacement for the "listen" attribute that graphics elements already
have. If the <listen> element is type='address', it will have an
attribute called 'address' which will contain an IP address or dns
name that the guest's display server should listen on. If, however,
type='network', the <listen> element should have an attribute called
'network' that will be set to the name of a network configuration to
get the IP address from.

* docs/schemas/domain.rng: updated to allow the <listen> element

* docs/formatdomain.html.in: document the <listen> element and its
  attributes.

* src/conf/domain_conf.[hc]:

  1) The domain parser, formatter, and data structure are modified to
     support 0 or more <listen> subelements to each <graphics>
     element. The old style "legacy" listen attribute is also still
     accepted, and will be stored internally just as if it were a
     separate <listen> element. On output (i.e. format), the address
     attribute of the first <listen> element of type 'address' will be
     duplicated in the legacy "listen" attribute of the <graphic>
     element.

  2) The "listenAddr" attribute has been removed from the unions in
     virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
     This attribute is now in the <listen> subelement (aka
     virDomainGraphicsListenDef)

  3) Helper functions were written to provide simple access
     (both Get and Set) to the listen elements and their attributes.

* src/libvirt_private.syms: export the listen helper functions

* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
  src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
  src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c

  Modify all these files to use the listen helper functions rather
  than directly referencing the (now missing) listenAddr
  attribute. There can be multiple <listen> elements to a single
  <graphics>, but the drivers all currently only support one, so all
  replacements of direct access with a helper function indicate index
  "0".

* tests/* - only 3 of these are new files added explicitly to test the
  new <listen> element. All the others have been modified to reflect
  the fact that any legacy "listen" attributes passed in to the domain
  parse will be saved in a <listen> element (i.e. one of the
  virDomainGraphicsListenDefs), and during the domain format function,
  both the <listen> element as well as the legacy attributes will be
  output.
2011-07-28 13:46:39 -04:00
Eric Blake
d9fcd17ec2 qemu: fix nested job with driver lock held
qemuMigrationUpdateJobStatus (called in a loop by migration
and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
however, that function ended up starting a nested job without
releasing the driver.

Since no one else is making nested calls, we can inline the
internal functions to properly track driver_locked.

* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
(qemuDomainObjBeginNestedJobWithDriver)
(qemuDomainObjEndNestedJob): Drop unused prototypes.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
Reflect driver lock to nested job.
(qemuDomainObjBeginNestedJob)
(qemuDomainObjBeginNestedJobWithDriver)
(qemuDomainObjEndNestedJob): Drop unused functions.
2011-07-28 08:07:44 -06:00
Michal Privoznik
09d7eba99d qemu: Fix memory leak on metadata fetching
As written in virStorageFileGetMetadataFromFD decription, caller
must free metadata after use. Qemu driver miss this and therefore
leak metadata which can grow to huge mem leak if somebody query
for blockInfo a lot.
2011-07-28 16:01:39 +02:00
Osier Yang
01e1ea1219 qemu: Improve docs for virsh dump format
The error in getCompressionType will never be reported, change
the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
syntax-check rule), and also improve the docs in qemu.conf to tell
user the truth.
2011-07-28 09:37:52 +08:00
Eric Blake
9a34ebd357 qemu: improve thread documentation
* src/qemu/THREADS.txt: Fix problems with typos, grammar, and
outdated examples.
2011-07-27 16:20:00 -06:00
Jiri Denemark
f9a837da73 qemu: Remove special case for virDomainAbortJob
This doesn't abort migration job in any phase, yet.
2011-07-27 08:45:17 -06:00
Jiri Denemark
ad6cc26c8d qemu: Remove special case for virDomainSuspend 2011-07-27 08:45:17 -06:00
Jiri Denemark
63d15036cc qemu: Remove special case for virDomainMigrateSetMaxDowntime
Call qemu monitor command directly within a special job that is only
allowed during outgoing migration.
2011-07-27 08:45:16 -06:00
Jiri Denemark
d1bd3f57bc qemu: Remove special case for virDomainMigrateSetMaxSpeed
Call qemu monitor command directly within a special job that is only
allowed during outgoing migration.
2011-07-27 08:45:16 -06:00
Jiri Denemark
90feb02dd0 qemu: Remove special case for virDomainBlockStats
Like other query commands, this can now be called directly during
migration.
2011-07-27 08:45:16 -06:00
Jiri Denemark
fb3cada0a0 qemu: Remove special case for virDomainGetBlockInfo
Like other query commands, this can now be called directly during
migration.
2011-07-27 08:45:16 -06:00
Jiri Denemark
9cfd2197e4 qemu: Recover from interrupted migration 2011-07-27 08:45:16 -06:00
Jiri Denemark
d58e91a812 qemu: Migration job on source daemon
Make MIGRATION_OUT use the new helper methods.

This also introduces new protection to migration v3 process: the
migration job is held from Begin to Confirm to avoid changes to a domain
during migration (esp. between Begin and Perform phases). This change is
automatically applied to p2p and tunneled migrations. For normal
migration, this requires support from a client. In other words, if an
old (pre 0.9.4) client starts normal migration of a domain, the domain
will not be protected against changes between Begin and Perform steps.
2011-07-27 08:45:10 -06:00
Jiri Denemark
eeb008dbfc qemu: Migration job on destination daemon
Make MIGRATION_IN use the new helper methods.
2011-07-27 08:45:09 -06:00
Jiri Denemark
9271367067 qemu: Implement migration job phases
This patch introduces several helper methods to deal with jobs and
phases during migration in a simpler manner.
2011-07-27 08:45:09 -06:00
Eric Blake
1c93fbbbe7 build: support warnings on RHEL 5
Without this, a configure built by autoconf 2.59 was broken when
trying to detect which compiler warning flags were supported.

* .gnulib: Update to latest, for warnings.m4 fix.
* bootstrap.conf: Add fclose explicitly, to match recent gnulib
implicit dependency changes.
* src/qemu/qemu_conf.c (includes): Drop unused include.
* src/uml/uml_conf.c (include): Likewise.
Reported by Daniel P. Berrange.
2011-07-27 07:31:38 -06:00
Michal Privoznik
fe957f0a6f bandwidth: Integrate bandwidth into portgroups
Every DomainNetDef has a bandwidth, as does every portgroup.
Whenever a DomainNetDef of type NETWORK is about to be used, a call is
made to networkAllocateActualDevice(). This function chooses the "best"
bandwidth object and places it in the DomainActualNetDef.
From that point on, whenever some code needs to use the bandwidth data
for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
which will always return the "best" info as determined in the
previous step.
2011-07-27 10:26:25 +02:00
Wen Congyang
652e55b7a5 set cpu bandwidth for the vm
The cpu bandwidth is applied at the vcpu group level. We should apply it
at the vm group level too, because the vm may do heavy I/O, and it will affect
the other vm.

We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
that max(child_quota) <= parent_quota when we modify cpu bandwidth.
2011-07-26 22:12:57 +08:00
Eric Blake
59d042871c vcpu: teach getVcpusFlags about current
Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
so should virDomainGetVcpusFlags.

Unfortunately, the virsh counterpart 'virsh vcpucount' has already
commandeered --current for a different meaning, so teaching virsh
to expose this in the next patch will require a bit of care.

* src/libvirt.c (virDomainGetVcpusFlags): Allow
VIR_DOMAIN_AFFECT_CURRENT.
* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.
2011-07-25 15:45:10 -06:00
Laine Stump
d6354c1696 util: change virFile*Pid functions to return < 0 on failure
Although most functions in libvirt return 0 on success and < 0 on
failure, there are a few functions lingering around that return errno
(a positive value) on failure, and sometimes code calling those
functions incorrectly assumes the <0 standard. I noticed one of these
the other day when auditing networkStartDhcpDaemon after Guido Gunther
found a place where success was improperly returned on failure (that
patch has been acked and is pending a push). The problem was that it
expected the return value from virFileReadPid to be < 0 on failure,
but it was actually positive (it was also neglected to set the return
code in this case, similar to the bug found by Guido).

This all led to the fact that *all* of the virFile*Pid functions in
util.c are returning errno on failure. This patch remedies that
problem by changing them all to return -errno on failure, and makes
any necessary changes to callers of the functions. (In the meantime, I
also properly set the return code on failure of virFileReadPid in
networkStartDhcpDaemon).
2011-07-25 16:56:26 -04:00
Wen Congyang
2a667c34cb rename cfs_* to vcpu_*
In the XML file we now have

  <cputune>
    <shares>1024</shares>
    <period>90000</period>
    <quota>0</quota>
  </cputune>

But the schedinfo parameter are being named

 cpu_shares: 1024
 cfs_period: 90000
 cfs_quota: 0

The period/quota is per-vcpu value, so these new tunables should be named
'vcpu_period' and 'vcpu_quota'.
2011-07-25 22:48:23 +08:00
Michal Privoznik
90074ecfa7 bandwidth: Implement functions to enable and disable QoS
These function executes 'tc' with appropriate arguments to set
desired QoS setting on interface or bridge during its creation.
2011-07-25 13:49:55 +08:00
Adam Litke
d489b04628 Asynchronous event for BlockJob completion
When an operation started by virDomainBlockPull completes (either with
success or with failure), raise an event to indicate the final status.
This API allow users to avoid polling on virDomainGetBlockJobInfo if
they would prefer to use an event mechanism.

* daemon/remote.c: Dispatch events to client
* include/libvirt/libvirt.h.in: Define event ID and callback signature
* src/conf/domain_event.c, src/conf/domain_event.h,
  src/libvirt_private.syms: Extend API to handle the new event
* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
  for block_stream completion and emit a libvirt block pull event
* src/remote/remote_driver.c: Receive and dispatch events to application
* src/remote/remote_protocol.x: Wire protocol definition for the event
* src/remote_protocol-structs: structure definitions for protocol verification
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
  from QEMU monitor
2011-07-22 13:57:42 +08:00
Adam Litke
b976165ca4 Implement virDomainBlockPull for the qemu driver
The virDomainBlockPull* family of commands are enabled by the
following HMP/QMP commands: 'block_stream', 'block_job_cancel',
 'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.

* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
  streaming by using the proper qemu monitor commands.
* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
2011-07-22 13:39:37 +08:00
Eric Blake
a9f9545e12 save: support bypass-cache flag in qemu.conf
When auto-dumping a domain on crash events, or autostarting a domain
with managed save state, let the user configure whether to imply
the bypass cache flag.

* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
Document new variables.
* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
Honor them.
2011-07-21 16:24:09 -06:00
Eric Blake
58e668d2ea save: support BYPASS_CACHE during qemu save/restore
Wire together the previous patches to support file system cache
bypass during API save/restore requests in qemu.

* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
(qemuDomainObjStart): Add parameter.
(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
(qemuDomainRestoreFlags): Update callers.
2011-07-21 16:24:08 -06:00
Eric Blake
b1083a4c53 save: wire up trivial save/restore flags implementations
For all hypervisors that support save and restore, the new API
now performs the same functions as the old.

VBox is excluded from this list, because its existing domainsave
is broken (there is no corresponding domainrestore, and there
is no control over the filename used in the save).  A later
patch should change vbox to use its implementation for
managedsave, and teach start to use managedsave results.

* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
(libxlDomainSaveFlags): ...to new function.
(libxlDomainRestore): Move guts...
(libxlDomainRestoreFlags): ...to new function.
* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
(testDomainRestore, testDomainRestoreFlags): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainSave)
(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
(xenUnifiedDomainRestoreFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
Rename and move guts.
(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
(qemuDomainRestoreFlags): ...here.
(qemudDomainSaveFlag): Rename...
(qemuDomainSaveInternal): ...to this, and update callers.
2011-07-21 16:24:05 -06:00
Laine Stump
04711a0f32 network: internal API functions to manage assignment of physdev to guest
The network driver needs to assign physical devices for use by modes
that use macvtap, keeping track of which physical devices are in use
(and how many instances, when the devices can be shared). Three calls
are added:

networkAllocateActualDevice - finds a physical device for use by the
domain, and sets up the virDomainActualNetDef accordingly.

networkNotifyActualDevice - assumes that the domain was already
running, but libvirtd was restarted, and needs to be notified by each
already-running domain about what interfaces they are using.

networkReleaseActualDevice - decrements the usage count of the
allocated physical device, and frees the virDomainActualNetDef to
avoid later accidentally using the device.

bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
functions are all #defined to be "0" in the .h file (effectively
becoming a NOP) to prevent link errors.

qemu_(command|driver|hotplug|process).c - add calls to the above APIs
    in the appropriate places.

tests/Makefile.am - we need to include libvirt_driver_network.la
    whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
    symbols (in functions that are never called by the test
    programs...)
2011-07-21 14:47:19 -04:00
Laine Stump
e9949a586a qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
This is the one function outside of domain_conf.c that plays around
with (even modifying) the internals of the virDomainNetDef, and thus
can't be fixed up simply by replacing direct accesses to the fields of
the struct with the GetActual*() access functions.

In this case, we need to check if the defined type is "network", and
if it is *then* check the actual type; if the actual type is "bridge",
then we can at least put the bridgename in a place where it can be
used; otherwise (if type isn't "bridge"), we behave exactly as we used
to - just null out *everything*.
2011-07-21 14:47:11 -04:00
Laine Stump
03caa988a6 qemu: use virDomainNetGetActual*() functions where appropriate
The qemu driver accesses fields in the virDomainNetDef directly, but
with the advent of the virDomainActualNetDef, some pieces of
information may be found in a different place (the ActualNetDef) if
the network connection is of type='network' and that network is of
forward type='bridge|private|vepa|passthrough'. The previous patch
added functions to mask this difference from callers - they hide the
decision making process and just pick the value from the proper place.

This patch uses those functions in the qemu driver as a first step in
making qemu work with the new network types. At this point, the
virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
function will return exactly what the def->X that's being replaced
would have returned (ie bisecting is not compromised).

There is one place (in qemu_driver.c) where the internal details of
the NetDef are directly manipulated by the code, so the GetActual
functions cannot be used there without extra additional code; that
file will be treated in a separate patch.
2011-07-21 14:47:04 -04:00
Laine Stump
524655eea2 conf: virDomainNetDef points to (rather than contains) virtPortProfile
The virtPortProfile in the domain interface struct is now a separately
allocated object *pointed to by* (rather than contained in) the main
virDomainNetDef object. This is done to make it easier to figure out
when a virtualPortProfile has/hasn't been specified in a particular
config.
2011-07-21 14:46:39 -04:00
Michal Privoznik
427eaf13e2 destroy: Implement internal API for qemu driver 2011-07-21 20:41:27 +02:00
Eric Blake
360e5ea144 qemu: fix error message with migrate2 xml
Otherwise, an ABI mismatch gives error messages attributing the target
xml string as current, and the current domain state as the new xml.

* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
argument order.
2011-07-21 10:34:51 -06:00
Eric Blake
8e22e08935 build: rename files.h to virfile.h
In preparation for a future patch adding new virFile APIs.

* src/util/files.h, src/util/files.c: Move...
* src/util/virfile.h, src/util/virfile.c: ...here, and rename
functions to virFile prefix.  Macro names are intentionally
left alone.
* *.c: All '#include "files.h"' uses changed.
* src/Makefile.am (UTIL_SOURCES): Reflect rename.
* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
* src/libvirt_private.syms: Likewise.
* docs/hacking.html.in: Likewise.
* HACKING: Regenerate.
2011-07-21 10:34:51 -06:00
Eric Blake
5d804ffae4 command: avoid leaking fds across fork
Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
as possible in the parent, and only relax fds to inherited after
forking, to avoid leaking an fd created in one thread to a fork
run in another thread.  This gets us closer to that ideal, by
making virCommand automatically clear FD_CLOEXEC on fds intended
for the child, as well as avoiding a window of time with non-cloexec
pipes created for capturing output.

* src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
child, guarantee that all fds to pass to child are inheritable.
(getDevNull): Use CLOEXEC.
(prepareStdFd): New helper function.
(virCommandRun, virCommandRequireHandshake): Use pipe2.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.
2011-07-21 10:34:51 -06:00
Daniel P. Berrange
5e7d638ca0 Fix uninitialized variable in QEMU CPU bandwidth code
* src/qemu/qemu_driver.c: Fix uninitialized variable
2011-07-21 13:28:08 +01:00
Wen Congyang
d6fa4967bc fix make syntax-check error 2011-07-21 17:42:44 +08:00
Wen Congyang
67a173c54f qemu: Implement cfs_period and cfs_quota's modification
This patch implements cfs_period and cfs_quota's modification.
We can use the command 'virsh schedinfo' to query or modify cfs_period and
cfs_quota.
If you query period or quota from config file, the value 0 means it does not set
in the config file.
If you set period or quota to config file, the value 0 means that delete current
setting from config file.
If you modify period or quota while vm is running, the value 0 means that use
current value.
2011-07-21 17:11:12 +08:00
Wen Congyang
c4441fee10 qemu: Implement period and quota tunable XML configuration and parsing
This patch implements period and quota tunable XML configuration and parsing.
A quota or period of zero will be simply ignored.
2011-07-21 17:11:12 +08:00
Lai Jiangshan
e40725779c qemu: send-key: Implement the driver methods
qemu driver just accept xt_kbd codeset's keycode, so the lib virtkey
is used for translating keycodes from other codesets
2011-07-21 15:58:31 +08:00
Osier Yang
ae8e08aa28 undefine: Implement internal API for qemu driver
* src/qemu/qemu_driver.c: New call back for qemu_driver,
New function qemudDomainUndefineFlags, and changes on
qemudDomainUndefine.
2011-07-20 11:04:15 +08:00
Daniel P. Berrange
789fc4ae90 Fix reporting of errors for p2p migration
Starting/ending jobs when closing the connection may reset any
error which was reported earlier in p2p migration. We must
save the original error before doing so. This means we can also
just call virConnectClose as normal, instead of virUnrefConnect

* src/qemu/qemu_migration.c: Preserve errors in p2p migration
2011-07-19 11:20:34 -04:00
Eric Blake
33ba6e6881 libvirt: do not mix internal flags into public API
There were two API in driver.c that were silently masking flags
bits prior to calling out to the drivers, and several others
that were explicitly masking flags bits.  This is not
forward-compatible - if we ever have that many flags in the
future, then talking to an old server that masks out the
flags would be indistinguishable from talking to a new server
that can honor the flag.  In general, libvirt.c should forward
_all_ flags on to drivers, and only the drivers should reject
unknown flags.

In the case of virDrvSecretGetValue, the solution is to separate
the internal driver callback function to have two parameters
instead of one, with only one parameter affected by the public
API.  In the case of virDomainGetXMLDesc, it turns out that
no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
the dumpxml path in the first place; that internal flag was
only used in saving and restoring state files, which happened
to be in functions internal to a single file, so there is no
mixing of the internal flag with a public flags argument.
Additionally, virDomainMemoryStats passed a flags argument
over RPC, but not to the driver.

* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
(virDrvSecretGetValue): Separate out internal flags.
(virDrvDomainMemoryStats): Provide missing flags argument.
* src/driver.c (verify): Drop unused check.
* src/conf/domain_conf.h (virDomainObjParseFile): Delete
declaration.
(virDomainXMLInternalFlags): Move...
* src/conf/domain_conf.c: ...here.  Delete redundant include.
(virDomainObjParseFile): Make static.
* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
clients.
(virDomainMemoryPeek, virInterfaceGetXMLDesc)
(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
Don't mask unknown flags.
* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
unknown flags.
* src/secret/secret_driver.c (secretGetValue): Update clients.
* src/remote/remote_driver.c (remoteSecretGetValue)
(remoteDomainMemoryStats): Likewise.
* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.
2011-07-18 13:50:51 -06:00
Osier Yang
fab4f0c699 qemu: Fix a regression of attaching device
The regression is introduced by Commit da1eba6b, the new
codes with this commit doesn't reset "ret" to "-1" when
it fails on parsing the device XML (live device attachment)

This patch changes the codes to reset the "ret" and "-1",
and also changes the codes so that it don't modify "ret"
for condition checking.

How to reproduce:

% cat test.xml
<disk type='oops' device='disk'>
  <driver name='qemu' type='raw'/>
  <source file='/var/lib/libvirt/images/test.img'/>
  <target dev='vda' bus='virtio'/>
</disk>

% virsh attach-device $domain test.xml
Device attached successfully

The device attachment failed actually with error "unknown disk type 'oops'",
however, it reports success.
2011-07-16 11:27:34 +08:00
Eric Blake
8d733f4ef1 flags: fix qemu migration regression
Commit f548480b broke migration v3 on qemu, because the driver
passed flags on through to qemu_migration even though
qemu_migration wasn't using those flags.

* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
* src/qemu/qemu_driver.c: Simplify all migration callbacks.
* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.
2011-07-15 12:34:00 -06:00
Eric Blake
461e0f1a2d flags: use common dumpxml flags check
The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
auditing the drivers found other places where flags was being used
but not validated.  In particular, domainGetXMLDesc had issues with
clients accepting a different set of flags than the common
virDomainDefFormat helper function.

* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
(umlDomainDetachDeviceFlags): Reject unknown
flags.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
(vboxDomainAttachDeviceFlags)
(vboxDomainDetachDeviceFlags): Likewise.
* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
(qemuDomainGetXMLDesc): Document common flag handling.
* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.
2011-07-15 12:22:20 -06:00
Taku Izumi
c147b93739 setvcpus: extend qemuDomainSetVcpusFlags() to support current flag
This patch extends qemudDomainSetVcpusFlags() function to support
VIR_DOMAIN_AFFECT_CURRENT flag.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-07-15 08:19:24 -06:00
Jiri Denemark
c3fd09f7b7 qemu: Don't overwrite errors by closefd in error paths
When qemuMonitorCloseFileHandle is called in error path, we need to
preserve the original error since a possible further error when running
closefd monitor command is not very useful to users.
2011-07-14 16:10:17 +02:00
Jiri Denemark
5169e5ea38 qemu: Save domain status ASAP after creating qemu process
When creating new qemu process we saved domain status XML only after the
process was fully setup and running. In case libvirtd was killed before
the whole process finished, once libvirtd started again it didn't know
anything about the new process and we end up with an orphaned qemu
process. Let's save the domain status XML as soon as we know the PID so
that libvirtd can kill the process on restart.
2011-07-14 16:10:17 +02:00
Eric Blake
088473b29f build: avoid ATTRIBUTE_UNUSED in headers
The compiler might optimize based on our declaration that something
is unused.  Putting that declaration in the header risks getting
out of sync with the actual implementation, so it belongs better
only in the .c files.  We were mostly compliant, and a new syntax
check will help us in the future.

* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
attribute already present in .c file.
* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
* src/util/virterror_internal.h (virReportErrorHelper): Parameters
are actually used by .c file.
* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
(xenFormatSxpr): Adjust caller.
* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
(xenDaemonUpdateDeviceFlags): Likewise.
Suggested by Daniel Veillard.
2011-07-14 07:51:30 -06:00
Eric Blake
f548480b7f qemu: reject unknown flags
* src/qemu/qemu_driver.c (qemudOpen, qemuDomainScreenshot)
(qemuDomainXMLFromNative, qemuDomainXMLToNative)
(qemudDomainBlockPeek, qemuCPUCompare, qemuCPUBaseline): Reject
unknown flags.
* src/qemu/qemu_migration.c (qemuMigrationConfirm): Likewise.
(_qemuMigrationCookie, qemuMigrationCookieXMLParse)
(qemuMigrationCookieXMLParseStr, qemuMigrationBakeCookie)
(qemuMigrationEatCookie): Make flags unsigned.
* src/qemu/qemu_domain.h: (qemuDomainDefFormatXML)
(qemuDomainFormatXML): Prefer unsigned flags.
* src/qemu/qemu_domain.c (qemuDomainDefFormatXML)
(qemuDomainFormatXML): Likewise.
(qemuDomainOpenLogHelper, qemuDomainCreateLog): Rename variable.
2011-07-13 14:44:09 -06:00
Peter Krempa
36caaddde6 qemu: build failed due to unused variables
While compiling on F15 build crashed (probably because of new GCC).
2011-07-13 11:22:28 -06:00
Eric Blake
06dbfa6d21 maint: print flags in hex during debug
Continuation of commit 313ac7fd, and enforce things with a syntax
check.

Technically, virNetServerClientCalculateHandleMode is not printing
a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
however, these bits are < 8, so there is no different in the
output, and that was the easiest way to silence the new syntax check.

* cfg.mk (sc_flags_debug): New syntax check.
(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
hex, mode_t in octal.
* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
(virDomainQemuAttach): Likewise.
* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
Likewise.
* src/locking/lock_manager.c: Likewise.
* src/qemu/qemu_migration.c: Likewise.
* src/qemu/qemu_monitor.c: Likewise.
* src/rpc/virnetserverclient.c
(virNetServerClientCalculateHandleMode): Print mode with %o.
2011-07-13 07:47:45 -06:00
Jiri Denemark
a23476f0db qemu: Fix monitor unlocking in some error paths
When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
correct method for leaving and unlocking the monitor is
qemuDomainObjExitMonitorWithDriver.
2011-07-13 01:53:32 +02:00
Jiri Denemark
307656b48a qemu: Consolidate qemuMigrationPrepare{Direct,Tunnel}
Most of the code in these two functions is supposed to be identical but
currently it isn't (which is natural since the code is duplicated).
Let's move common parts of these functions into qemuMigrationPrepareAny.

This also fixes qemuMigrationPrepareTunnel which didn't store received
lockState in the domain object.
2011-07-13 01:53:32 +02:00
Jiri Denemark
5b2d0bbc4c qemu: Add support for job phase
Asynchronous jobs may take long time to finish and may consist of
several phases which we need to now about to help with recovery/rollback
after libvirtd restarts.
2011-07-13 01:53:32 +02:00
Jiri Denemark
e6704af1fc qemu: Recover from interrupted jobs
Detect and react on situations when libvirtd was restarted or killed
when a job was active.
2011-07-13 01:53:32 +02:00
Jiri Denemark
ff340a84b8 qemu: Save job type in domain status XML
If libvirtd is restarted when a job is running, the new libvirtd process
needs to know about that to be able to recover and rollback the
operation.
2011-07-13 01:53:32 +02:00
Jiri Denemark
361842881e qemu: Allow all query commands to be run during long jobs
Query commands are safe to be called during long running jobs (such as
migration). This patch makes them all work without the need to
special-case every single one of them.

The patch introduces new job.asyncCond condition and associated
job.asyncJob which are dedicated to asynchronous (from qemu monitor
point of view) jobs that can take arbitrarily long time to finish while
qemu monitor is still usable for other commands.

The existing job.active (and job.cond condition) is used all other
synchronous jobs (including the commands run during async job).

Locking schema is changed to use these two conditions. While asyncJob is
active, only allowed set of synchronous jobs is allowed (the set can be
different according to a particular asyncJob) so any method that
communicates to qemu monitor needs to check if it is allowed to be
executed during current asyncJob (if any). Once the check passes, the
method needs to normally acquire job.cond to ensure no other command is
running. Since domain object lock is released during that time, asyncJob
could have been started in the meantime so the method needs to recheck
the first condition. Then, normal jobs set job.active and asynchronous
jobs set job.asyncJob and optionally change the list of allowed job
groups.

Since asynchronous jobs only set job.asyncJob, other allowed commands
can still be run when domain object is unlocked (when communicating to
remote libvirtd or sleeping). To protect its own internal synchronous
commands, the asynchronous job needs to start a special nested job
before entering qemu monitor. The nested job doesn't check asyncJob, it
only acquires job.cond and sets job.active to block other jobs.
2011-07-13 01:53:21 +02:00
Jiri Denemark
24f717ac22 qemu: Consolidate {Enter,Exit}Monitor{,WithDriver}
EnterMonitor and ExitMonitor methods are very similar to their
*WithDriver variants; consolidate them into EnterMonitorInternal and
ExitMonitorInternal to avoid (mainly future) code duplication.
2011-07-12 21:17:28 +02:00
Jiri Denemark
cec1d280ad qemu: Consolidate BeginJob{,WithDriver} into a single method
This avoids code duplication and also avoids relying on good luck that
ignore_value(virDomainObjUnref(obj)) doesn't set errno.
2011-07-12 21:17:28 +02:00
Jiri Denemark
90a422f071 qemu: Separate job related data into a new object 2011-07-12 21:17:28 +02:00
Daniel P. Berrange
b43070ebfc Move qemu_audit.h helpers into shared code
The LXC and UML drivers can both make use of auditing. Move
the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
  src/qemu/qemu_process.c: Update for changed audit API names
2011-07-12 17:05:25 +01:00
Daniel P. Berrange
109efd7941 Implement code to attach to external QEMU instances.
Given a PID, the QEMU driver reads /proc/$PID/cmdline and
/proc/$PID/environ to get the configuration. This is fed
into the ARGV->XML convertor to build an XML configuration
for the process.

/proc/$PID/exe is resolved to identify the full command
binary path

After checking for name/uuid uniqueness, an attempt is
made to connect to the monitor socket. If successful
then 'info status' and 'info kvm' are issued to determine
whether the CPUs are running and if KVM is enabled.

* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
  qemuProcessAttach to connect to the monitor of an
  existing QEMU process
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
7760eaa050 Add monitor API for checking whether KVM is enabled
When attaching to an external QEMU process, it is neccessary
to check if the process is using KVM or not. This can be done
using a monitor command

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
  API for checking if KVM is enabled
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
80a4ee4695 Add a method for extracting QEMU argv from /proc
To enable attaching to externally launched QEMU, we need
to be able to reverse engineer a guest XML config based
on the argv for a PID in /proc

* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
  qemuParseCommandLinePid which extracts QEMU config from
  argv in /proc, given a PID number
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
ebbae359ff Change extract pidfile & monitor config from QEMU command line
When converting QEMU argv into a virDomainDefPtr, also extract
the pidfile, monitor character device config and the monitor
mode.

* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
  pidfile & monitor config from QEMU argv
* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
  params when calling qemuParseCommandLineString
2011-07-12 15:39:04 +01:00
Daniel P. Berrange
accfe952eb Keep pidfile path in qemuDomainObjPrivate struct
Avoid re-formatting the pidfile path everytime we need it. Create
it once when starting the guest, and preserve it until the guest
is shutdown.

* src/libvirt_private.syms, src/util/util.c,
  src/util/util.h: Add virFileReadPidPath
* src/qemu/qemu_domain.h: Add pidfile field
* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate
2011-07-12 15:39:03 +01:00
Alex Jia
9c5b190017 qemu: update configuration file
* src/qemu/qemu.conf: Add blkio controller into qemu.conf.
2011-07-12 07:24:43 -06:00
Eric Blake
f532bfa297 qemu: avoid fd leak on core dump failure
* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.
2011-07-12 07:24:43 -06:00
Eric Blake
2ceb35e1cd maint: rename virtaudit to match file contents
* src/util/virtaudit.[ch]: Rename...
* src/util/viraudit.[ch]: ...to match virAudit* API.
* src/Makefile.am (UTIL_SOURCES): Reflect rename.
* daemon/libvirtd.c: Likewise.
* po/POTFILES.in: Likewise.
* src/libvirt_private.syms: Likewise.
* src/qemu/qemu_audit.c: Likewise.
2011-07-12 07:24:43 -06:00
Matthias Bolte
aa14709a47 Add domain type checking
The drivers were accepting domain configs without checking if those
were actually meant for them. For example the LXC driver happily
accepts configs with type QEMU.

Add a check for the expected domain types to the virDomainDefParse*
functions.
2011-07-11 19:38:51 +02:00
Wen Congyang
8a8b45b889 kill vm if saving config failed in v3 protocol
If virDomainSaveConfig() failed, we will return NULL to source,
and the vm is still available to restart during confirm() step in
v3 protocol. So we should kill it off in qemuMigrationFinish().

In v2 protocol, we should not set vm to NULL, because we hold
a reference of vm and should unrefernce it.
2011-07-11 20:53:35 +08:00
Michal Privoznik
874e65aa15 bios: Add support for SGA
This patch creates new <bios> element which, at this time has only the
attribute useserial='yes|no'. This attribute allow users to use
Serial Graphics Adapter and see BIOS messages from the very first moment
domain boots up. Therefore, users can choose boot medium, set PXE, etc.
2011-07-11 11:47:14 +02:00
Michael Santos
b0b85c454c qemu: clean up OOM checks 2011-07-08 09:39:23 -06:00
Michal Privoznik
30c43afd73 graphics: add support for action_if_connected in qemu
This option accepts 3 values:
-keep, to keep current client connected (Spice+VNC)
-disconnect, to disconnect client (Spice)
-fail, to fail setting password if there is a client connected (Spice)
2011-07-08 17:00:43 +02:00
Michal Privoznik
724819a10a qemu: Don't chown files on NFS share if dynamic_ownership is off
When dynamic ownership is disabled we don't want to chown any files,
not just local.
2011-07-08 10:05:59 +02:00
John Williams
a1092070d4 microblaze: Add architecture support
Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

Signed-off-by: John Williams <john.williams@petalogix.com>
2011-07-07 17:49:21 -06:00
Eric Blake
1740c38116 drivers: prefer unsigned int for flags
Now that the public APIs always use unsigned flags, the internal
driver callbacks might as well do likewise.

* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
(virDrvNWFilterGetXMLDesc): Update type.
* src/remote/remote_protocol.x (remote_open_args)
(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
(remote_network_get_xml_desc_args)
(remote_nwfilter_get_xml_desc_args): Likewise.
* src/test/test_driver.c: Update clients.
* src/remote/remote_driver.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* src/xen/xen_hypervisor.h: Likewise.
* src/xen/xen_driver.c: Likewise.
* src/xen/xend_internal.c: Likewise.
* src/xen/xend_internal.h: Likewise.
* src/xen/xm_internal.c: Likewise.
* src/xen/xm_internal.h: Likewise.
* src/xen/xs_internal.c: Likewise.
* src/xen/xs_internal.h: Likewise.
* src/xen/xen_inotify.c: Likewise.
* src/xen/xen_inotify.h: Likewise.
* src/phyp/phyp_driver.c: Likewise.
* src/openvz/openvz_driver.c: Likewise.
* src/vmware/vmware_driver.c: Likewise.
* src/vbox/vbox_driver.c: Likewise.
* src/vbox/vbox_tmpl.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/esx/esx_driver.c: Likewise.
* src/esx/esx_interface_driver.c: Likewise.
* src/esx/esx_network_driver.c: Likewise.
* src/esx/esx_storage_driver.c: Likewise.
* src/esx/esx_device_monitor.c: Likewise.
* src/esx/esx_secret_driver.c: Likewise.
* src/esx/esx_nwfilter_driver.c: Likewise.
* src/interface/netcf_driver.c: Likewise.
* src/nwfilter/nwfilter_driver.c: Likewise.
* src/libxl/libxl_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/uml/uml_driver.c: Likewise.
* src/network/bridge_driver.c: Likewise.
* src/secret/secret_driver.c: Likewise.
* src/storage/storage_driver.c: Likewise.
* src/node_device/node_device_hal.c: Likewise.
* src/node_device/node_device_udev.c: Likewise.
* src/remote_protocol-structs: Likewise.
2011-07-07 14:15:37 -06:00
Matthias Bolte
e123e1ee6b Fix return value semantic of virFileMakePath
Some callers expected virFileMakePath to set errno, some expected
it to return an errno value. Unify this to return 0 on success and
-1 on error. Set errno to report detailed error information.

Also optimize virFileMakePath if stat fails with an errno different
from ENOENT.
2011-07-06 09:27:06 +02:00
Guannan Ren
416814e66a pci: initialize state values on reattach
add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

Initialize three state value of device driver to 1. This is just for a new call to
qemudNodeDeviceReAttach()
2011-07-05 11:42:38 -06:00
Laine Stump
834ce603f9 qemu: check flags in qemuDomainGetXMLDesc
Although most functions with flags check to verify no application is
passing in flag bits that are currently undefined, for some reason
this function wasn't.
2011-07-05 12:33:21 -04:00
Matthias Bolte
4a03db81cd qemu: Fix virFileMakePath error handling in snapshot creation
virFileMakePath returns an errno value on error, that will never
be negative. An virFileMakePath error would have been ignored here,
instead of being reported correctly.
2011-07-05 10:49:36 +02:00
Daniel P. Berrange
6321fd9798 Allow for resource relabelling with static labels
Add a new attribute to the <seclabel> XML to allow resource
relabelling to be enabled with static label usage.

  <seclabel model='selinux' type='static' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
  </seclabel>

* docs/schemas/domain.rng: Add relabel attribute
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
  the 'relabel' attribute
* src/qemu/qemu_process.c: Unconditionally clear out the
  'imagelabel' attribute
* src/security/security_apparmor.c: Skip based on 'relabel'
  attribute instead of label type
* src/security/security_selinux.c: Skip based on 'relabel'
  attribute instead of label type and fill in <imagelabel>
  attribute if relabel is enabled.
2011-07-04 11:18:57 +01:00
Daniel P. Berrange
4ebfc42716 Allow a base label to be specified in dynamic labelling mode
Normally the dynamic labelling mode will always use a base
label of 'svirt_t' for VMs. Introduce a <baselabel> field
in the <seclabel> XML to allow this base label to be changed

eg

   <seclabel type='dynamic' model='selinux'>
     <baselabel>system_u:object_r:virt_t:s0</baselabel>
   </seclabel>

* docs/schemas/domain.rng: Add <baselabel>
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  of base label
* src/qemu/qemu_process.c: Don't reset 'model' attribute if
  a base label is specified
* src/security/security_apparmor.c: Refuse to support base label
* src/security/security_selinux.c: Use 'baselabel' when generating
  label, if available
2011-07-04 11:17:19 +01:00
Wen Congyang
1aa5f85bb8 initialize pointer to NULL
cmd is not initialized to NULL, but we try to freed it if we
meet some error.
2011-07-04 14:00:28 +08:00
Eric Blake
74d224fac3 qemu: avoid null deref on low memory
Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
pointer; most callers silently drop the event if we encountered
and OOM situation trying to create the event.

* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.
2011-07-04 10:30:43 +08:00
Eric Blake
aaea56dc99 qemu: silence coverity warnings
Coverity warns if the majority of callers check a function for
errors, but a few don't; but in qemu_audit and qemu_domain, the
choice to not check for failures was safe.  In qemu_command, the
failure to generate a uuid can only occur on a bad pointer.

* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
  cgroup controller.
* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
  timestamp.
* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.
2011-07-04 10:23:46 +08:00
Daniel P. Berrange
e44bec2e34 Fix potential crash when saving guests
The qemudDomainSaveFlag method will call EndJob on the 'vm'
object it is passed in. This can result in the 'vm' object
being free'd if the last reference is removed. Thus no caller
of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
upon return.

Unfortunately qemudDomainSave and qemuDomainManagedSave
both call 'virDomainObjUnlock', which can result in a
crash. This is non-deterministic since it involves a race
with the monitor I/O thread.

Fix this by making qemudDomainSaveFlag responsible for
calling virDomainObjUnlock instead.

* src/qemu/qemu_driver.c: Fix potential use after free
  when saving guests
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
f870c99b45 Fix uninitialized value in QEMU monitor FD sending code
The 'char control[CMSG_SPACE(sizeof(int))];' was not being
wiped, so could potentially contain uninitialized bytes.
While this was harmless in this case, it caused complaints
from valgrind

* src/qemu/qemu_monitor.c: memset 'control' variable
  in qemuMonitorIOWriteWithFD
2011-06-30 18:04:02 +01:00
Daniel P. Berrange
5ab8746f69 Fix leak of JSON object for events
The event handler functions do not free the virJSONValuePtr
object. Every event received from a VM thus caused a memory
leak

* src/qemu/qemu_monitor_json.c: Fix leak of event object
2011-06-30 18:04:01 +01:00
Daniel P. Berrange
56a77b4920 Fix use of uninitialized memory when releasing PCI slots
The 'function' field in the PCI address was not correctly
initialized, so it was building the wrong address address
string and so not removing all functions from the in use
list.

* src/qemu/qemu_command.c: Fix initialization of PCI function
2011-06-30 18:04:01 +01:00
Wen Congyang
cd13dbb147 lock qemu_driver early in qemuGetSchedulerParametersFlags()
If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
qemuGetSchedulerParametersFlags() or *nparams is less than 1,
we will unlock qemu_driver without locking it. It's very dangerous.

We should lock qemu_driver after calling virCheckFlags().
2011-06-30 13:27:00 +08:00
Wen Congyang
fb2a2e2611 save domain status after modifing vcpupin
We should save domain status after modifing vcpupin. If not,
we will get wrong vcpupin information after rebooting libvirtd.
2011-06-30 13:26:56 +08:00
Michal Privoznik
c72aecc5fc screenshot: Set access rights to temporary file
Although we create a temporary file, it is owned by root:root and have
rights 0600. In case qemu does not run under root, it is unable to write
to that file and thus we transfer 0B sized file.
2011-06-29 12:05:34 +02:00
Daniel P. Berrange
5df29ebc25 Allow per-driver config file for lock manager plugins
Allow a 'configFile' parameter to be passed into the lock
drivers to provide configuration. Wire up the QEMU driver
to pass in file names '/etc/libvirt/qemu-$NAME.conf
eg qemu-sanlock.conf

* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
  src/locking/lock_manager.h: Add configFile parameter
* src/qemu/qemu_conf.c: Pass in configuration file path to
  lock driver plugins
2011-06-28 18:07:06 +01:00
Daniel P. Berrange
5247b0695a Ensure sanlock socket is labelled with the VM process label
The libvirt sanlock plugin is intentionally leaking a file
descriptor to QEMU. To enable QEMU to use this FD under
SELinux, it must be labelled correctly. We dont want to use
the svirt_image_t for this, since QEMU must not be allowed
to actually use the FD. So instead we label it with svirt_t
using virSecurityManagerSetProcessFDLabel

* src/locking/domain_lock.c, src/locking/domain_lock.h,
  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
  src/locking/lock_manager.h: Optionally pass an FD back to
  the hypervisor for security driver labelling
* src/qemu/qemu_process.c: label the lock manager plugin
  FD with the process label
2011-06-28 16:41:46 +01:00
Daniel P. Berrange
4438c63e71 Rename virSecurityManagerSetFDLabel method
The virSecurityManagerSetFDLabel method is used to label
file descriptors associated with disk images. There will
shortly be a need to label other file descriptors in a
different way. So the current name is ambiguous. Rename
the method to virSecurityManagerSetImageFDLabel to clarify
its purpose

* src/libvirt_private.syms,
  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
  src/security/security_apparmor.c, src/security/security_dac.c,
  src/security/security_driver.h, src/security/security_manager.c,
  src/security/security_manager.h, src/security/security_selinux.c,
  src/security/security_stack.c: s/FDLabel/ImageFDLabel/
2011-06-28 16:39:22 +01:00
Jiri Denemark
ad7b327690 qemu: Fix update device for CURRENT + FORCE flags
When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
nothing because it failed to transform CURRENT into either LIVE or
CONFIG.
2011-06-28 14:21:50 +02:00
Eric Blake
28e45afc3f build: rename Vcpupin to VcpuPin
We already have a public virDomainPinVcpu, which implies that
Pin and Vcpu are treated as separate words.  Unreleased commit
e261987c introduced virDomainGetVcpupinInfo as the first public
API that used Vcpupin, although we had prior internal uses of
that spelling.  For consistency, change the spelling to be two
words everywhere, regardless of whether pin comes first or last.

* daemon/remote.c: Treat vcpu and pin as separate words.
* include/libvirt/libvirt.h.in: Likewise.
* src/conf/domain_conf.c: Likewise.
* src/conf/domain_conf.h: Likewise.
* src/driver.h: Likewise.
* src/libvirt.c: Likewise.
* src/libvirt_private.syms: Likewise.
* src/libvirt_public.syms: Likewise.
* src/libxl/libxl_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/xen/xend_internal.c: Likewise.
* tools/virsh.c: Likewise.
* src/remote/remote_protocol.x: Likewise.
* src/remote_protocol-structs: Likewise.
Suggested by Matthias Bolte.
2011-06-27 09:55:11 -06:00
Osier Yang
79306739db qemu: Remove bogus error codes for NUMA memory tuning
This is no code between virSaveLastError and virGetLastError will
set an error, remove the bogus codes.
2011-06-27 23:20:15 +08:00
Eric Blake
2bebf93846 build: avoid uninitialized variable
Caught by gcc -O2, during autobuild.sh.

* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.
2011-06-24 20:55:32 -06:00
Taku Izumi
96414c4ed1 vcpupin: implement the code to support new API for the qemu driver
This patch implements the code to address the new API (virDomainGetVcpupinInfo)
in the qemu driver.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-24 17:00:22 -06:00
Eric Blake
3c2f0a17e2 Revert "Implement virDomainBlockPull for the qemu driver"
This reverts commit 784ee08d22.
2011-06-24 08:41:25 -06:00
Eric Blake
c4c59e7228 Revert "Asynchronous event for BlockPull completion"
This reverts commit 12cd77a0c5.

Conflicts:

	python/libvirt-override-virConnect.py
	python/libvirt-override.c
	src/remote/remote_protocol.x
2011-06-24 08:41:24 -06:00
Eric Blake
98d83094a0 build: fix NUMA build on RHEL 5
Use NUMA's older nodemask_t (fixed-size map) rather than the newer
'struct bitmask' (variable-size) in order to still compile on RHEL 5,
with its numactl-devel-0.9.8.

* src/qemu/qemu_process.c [HAVE_NUMA]: Prefer back-compat mode.
(qemuProcessInitNumaMemoryPolicy): Use older nodemask_t.
2011-06-24 08:24:10 -06:00
Daniel P. Berrange
c0cd292933 Add missing translation of error message from QEMU reboot patch
* src/qemu/qemu_process.c: Add missing _(...)
2011-06-24 12:25:00 +01:00
Daniel P. Berrange
7479831311 Fix job type set in qemuMigrationPrepareDirect/PrepareTunnel
The qemuMigrationPrepareDirect/PrepareTunnel methods accidentally
set the domain job to  QEMU_JOB_MIGRATION_OUT when it should have
been  QEMU_JOB_MIGRATION_IN. This didn't have any ill-effect, but
it is none-the-less wrong.

* src/qemu/qemu_migration.c: Fix job type
2011-06-24 12:15:10 +01:00
Daniel P. Berrange
bd180de57b Avoid high privileges taint warning for QEMU session driver
The code emitting taint warnings was mistakenly thinking
that guests run from the QEMU session driver were tainted
for having high privileges. This is of course nonsense
since the session driver is always unprivileged

* src/qemu/qemu_domain.c: Don't warn for high privileges in
  non-privileged QEMU
2011-06-24 12:15:10 +01:00
Daniel P. Berrange
3ba937da42 Allow automatic kill of guests when a connection is closed
If an application is using libvirt + KVM as a piece of its
internal infrastructure to perform a specific task, it can
be desirable to guarentee the VM dies when the virConnectPtr
disconnects from libvirtd. This ensures the app can't leak
any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
a flag when starting guests enables this to be done.

* include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
* src/qemu/qemu_driver.c: Support automatic killing of guests
  upon connection close
* tools/virsh.c: Add --autokill flag to 'start' and 'create'
  commands
2011-06-24 12:15:10 +01:00
Daniel P. Berrange
2c2effa1d7 Automatically kill target QEMU if migration aborts abnormally
Migration is a multi-step process

  1. Begin(src)
  2. Prepare(dst)
  3. Perform(src)
  4. Finish(dst)
  5. Confirm(src)

At step 2, a QEMU process is lauched in the destination to
accept the incoming migration. Occasionally the process
that is controlling the migration workflow aborts, and fails
to call step 4, Finish. This leaves a QEMU process running
on the target (albeit with paused CPUs). Unfortunately because
step 2 actives a job on the QEMU process, it is unkillable by
normal means.

By registering the VM for autokill against the src virConnectPtr
in step 2, we can ensure that the guest is forcefully killed off
if the connection is closed without step 4 being invoked

* src/qemu/qemu_migration.c: Register autokill in PrepareDirect
  and PrepareTunnel. Unregister autokill on successful run
  of Finish
* src/qemu/qemu_process.c: Unregister autokill when stopping a
  process
2011-06-24 12:15:10 +01:00
Daniel P. Berrange
558b7fd03d Add infrastructure to automatically destroy guests when a connection closes
Sometimes it is useful to be able to automatically destroy a guest when
a connection is closed. For example, kill an incoming migration if
the client managing the migration dies. This introduces a map between
guest 'uuid' strings and virConnectPtr objects. When a connection is
closed, any associated guests are killed off.

* src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
  for performing autokill of guests associated with a connection
* src/qemu/qemu_driver.c: Initialize autodestroy map
2011-06-24 12:15:10 +01:00
Daniel P. Berrange
42f43592be Support reboots with the QEMU driver
For controlled shutdown we issue a 'system_powerdown' command
to the QEMU monitor. This triggers an ACPI event which (most)
guest OS wire up to a controlled shutdown. There is no equiv
ACPI event to trigger a controlled reboot. This patch attempts
to fake a reboot.

 - In qemuDomainObjPrivatePtr we have a bool fakeReboot
   flag.
 - The virDomainReboot method sets this flag and then
   triggers a normal 'system_powerdown'.
 - The QEMU process is started with '-no-shutdown'
   so that the guest CPUs pause when it powers off the
   guest
 - When we receive the 'POWEROFF' event from QEMU JSON
   monitor if fakeReboot is not set we invoke the
   qemuProcessKill command and shutdown continues
   normally
 - If fakeReboot was set, we spawn a background thread
   which issues 'system_reset' to perform a warm reboot
   of the guest hardware. Then it issues 'cont' to
   start the CPUs again

* src/qemu/qemu_command.c: Add -no-shutdown flag if
  we have JSON support
* src/qemu/qemu_domain.h: Add 'fakeReboot' flag to
  qemuDomainObjPrivate struct
* src/qemu/qemu_driver.c: Fake reboot using the
  system_powerdown command if JSON support is available
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
  binding for system_reset command
* src/qemu/qemu_process.c: Reset the guest & start CPUs if
  fakeReboot is set
2011-06-24 12:13:47 +01:00
Eric Blake
ab228c81f2 build: avoid compiler failure
GCC complained about a C99 for-loop declaration outside of C99 mode
when compiling on RHEL 5.

* src/qemu/qemu_driver.c (qemudDomainPinVcpuFlags): Avoid C99 for
loop, since gcc 4.1.2 hates it.
2011-06-23 21:57:58 -06:00
Osier Yang
d61820df98 qemu: Fix memory leak in qemuProcessWaitForMonitor
Move "VIR_FREE(buf) into label "closelog", so that "buf" could be
freed before returning.
2011-06-23 18:15:25 +08:00
Jiri Denemark
6a15cc6b90 qemu: Only check for NUMA availability if required
We only care about NUMA availability if NUMA configuration is requested
in domain XML.
2011-06-23 09:39:54 +02:00
Osier Yang
20d5e9db82 qemu: Fix one memory leak
* src/qemu/qemu_domain.c: (qemuDomainAppendLog)

  Free "message" in "cleanup".
2011-06-22 19:32:04 +08:00
Michal Privoznik
017abcbb1a qemu: domain I/O asynchronous handling
For virtio disks and interfaces, qemu allows users to enable or disable
ioeventfd feature. This means, qemu can execute domain code, while
another thread waits for I/O event. Basically, in some cases it is win,
in some loss. This feature is available via 'ioeventfd' attribute in disk
and interface <driver> element. It accepts 'on' and 'off'. Leaving this
attribute out defaults to hypervisor decision.
2011-06-22 09:26:24 +02:00
Dirk Herrendoerfer
cbd8227ee0 set and restore MAC address of a NIC when using PASSTHROUGH mode
The following patch addresses the problem that when a PASSTHROUGH
mode DIRECT NIC connection is made the MAC address of the NIC is
not automatically set and reset to the configured VM MAC and
back again.

The attached patch fixes this problem by setting and resetting the MAC
while remembering the previous setting while the VM is running.
This also works if libvirtd is restarted while the VM is running.

the patch passes make syntax-check
2011-06-21 11:49:40 -04:00
Cole Robinson
6094ad7bd7 Promote virEvent*Handle/Timeout to public API
Since we virEventRegisterDefaultImpl is now a public API, callers need
a way to invoke the default registered Handle and Timeout functions. We
already have general functions for these internally, so promote
them to the public API.

v2:
    Actually add APIs to libvirt.h
2011-06-21 10:08:47 -04:00
Taku Izumi
7ea9778c8a vcpupin: add vcpupin resetting feature to qemu driver
Pinning to all physical cpus means resetting, hence it is preferable to
delete vcpupin setting of XML.

This patch changes qemu driver to delete vcpupin setting by invoking
virDomainVcpupinDel API when pinning the specified virtual cpu to
all host physical cpus.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-20 18:14:54 +08:00
Osier Yang
a6f5c9b600 numatune: Support NUMA memory tuning in qemu driver
Implemented as setting NUMA policy between fork and exec as a hook,
using libnuma. Only support memory tuning on domain process currently.

For the nodemask out of range, will report soft warning instead of
hard error in libvirt layer. (Kernel will be silent as long as one
of set bit in the nodemask is valid on the host. E.g. For a host
has two NUMA nodes, kernel will be silent for nodemask "01010101").
So, soft warning is the only thing libvirt can do, as one might want
to specify the numa policy prior to a node that doesn't exist yet,
however, it may come as hotplug soon.
2011-06-20 15:16:16 +08:00
Hu Tao
8485e5a256 Update qemuDomainSetBlkioParameters to use flags 2011-06-20 15:52:11 +08:00
Hu Tao
100c39ca03 update qemuDomainGetBlkioParameters to use flags 2011-06-20 15:52:11 +08:00
Daniel P. Berrange
c24c07f40b Add missing error reporting when loading mac filter config for QEMU
If the 'mac_filter' configuration parameter is enabled, and there
is a failure to enable filtering, no error is reported back to
the caller. Also fix some bogus whitespace indentation for
hugetlbfs_mount

* src/qemu/qemu_conf.c: Add missing error reporting
2011-06-17 11:02:13 +01:00
Jiri Denemark
559fcf8a24 qemu: Implement virDomainGetControlInfo 2011-06-16 18:47:12 +02:00
Jiri Denemark
c3068d4d23 qemu: Translate boot config into bootindex if possible
Prefer bootindex=N option for -device over the old way -boot ORDER
possibly accompanied with boot=on option for -drive. This gives us full
control over which device will actually be used for booting guest OS.
Moreover, if qemu doesn't support boot=on, this is the only way to boot
of certain disks in some configurations (such as virtio disks when used
together IDE disks) without transforming domain XML to use per device
boot elements.
2011-06-15 11:29:09 +02:00
Adam Litke
12cd77a0c5 Asynchronous event for BlockPull completion
When an operation started by virDomainBlockPullAll completes (either with
success or with failure), raise an event to indicate the final status.  This
allows an API user to avoid polling on virDomainBlockPullInfo if they would
prefer to use the event mechanism.

* daemon/remote.c: Dispatch events to client
* include/libvirt/libvirt.h.in: Define event ID and callback signature
* src/conf/domain_event.c, src/conf/domain_event.h,
  src/libvirt_private.syms: Extend API to handle the new event
* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
  for block_stream completion and emit a libvirt block pull event
* src/remote/remote_driver.c: Receive and dispatch events to application
* src/remote/remote_protocol.x: Wire protocol definition for the event
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
  from QEMU monitor

Signed-off-by: Adam Litke <agl@us.ibm.com>
2011-06-14 22:48:42 -06:00
Adam Litke
784ee08d22 Implement virDomainBlockPull for the qemu driver
The virDomainBlockPull* family of commands are enabled by the
'block_stream' and 'info block_stream' qemu monitor commands.

* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
  streaming by using the stream and info stream text monitor commands
* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

Signed-off-by: Adam Litke <agl@us.ibm.com>
Acked-by: Daniel P. Berrange <berrange@redhat.com>
2011-06-14 22:02:06 -06:00
Marc-André Lureau
98bfdff12c spice: add <clipboard copypaste='yes|no'> option
From a security pov copy and paste between the guest and the client is not
always desirable. So we need to be able to enable/disable this. The best place
to do this from an administration pov is on the hypervisor, so the qemu cmdline
is getting a spice disable-copy-paste option, see bug 693645. Example qemu
invocation:
qemu -spice port=5932,disable-ticketing,disable-copy-paste

https://bugzilla.redhat.com/show_bug.cgi?id=693661
2011-06-14 17:03:26 -06:00
Minoru Usui
af35cece3b virNodeGetMemoryStats: Implement linux support
Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
2011-06-14 16:54:01 -06:00
Minoru Usui
ce76e85350 virNodeGetCPUStats: Implement linux support
Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
2011-06-14 15:57:26 -06:00
Cole Robinson
c0980a3a6e qemu: Fix parsing 'info chardev'
If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
not just 'serial0'. Typically we don't use this code path because the
pty's are scraped from stdout.
2011-06-14 10:41:19 -04:00
Cole Robinson
d0b1a9a087 qemu: Scrape stdout for virtio console pty
Currently we forget to do this and have to fallback to info chardev (which
also fails, see following patch)
2011-06-14 10:41:19 -04:00
Osier Yang
41514f7b3e qemu: Parse current balloon value returned by query_balloon
Qemu once supported following memory stats which will returned by
"query_balloon":

    stat_put(dict, "actual", actual);
    stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
    stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
    stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
    stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
    stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
    stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);

But it later disabled all the stats except "actual" by commit
07b0403dfc2b2ac179ae5b48105096cc2d03375a.

libvirt doesn't parse "actual", so user will always see a empty result
with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
we should support parsing "actual".
2011-06-14 11:21:35 +08:00
Taku Izumi
d5f3320de7 vcpupin: Fix cpu affinity setting bug of qemu driver
There is the case where cpu affinites for vcpu of qemu doesn't work
correctly. For example, if only one vcpupin setting entry is provided
and its setting is not for vcpu0, it doesn't work.

   # virsh dumpxml VM
   ...
   <vcpu>4</vcpu>
   <cputune>
     <vcpupin vcpu='3' cpuset='9-11'/>
   </cputune>
   ...

   # virsh start VM
   Domain VM started

   # virsh vcpuinfo VM
   VCPU:           0
   CPU:            31
   State:          running
   CPU time:       2.5s
   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

   VCPU:           1
   CPU:            12
   State:          running
   CPU time:       0.9s
   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

   VCPU:           2
   CPU:            30
   State:          running
   CPU time:       1.5s
   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

   VCPU:           3
   CPU:            13
   State:          running
   CPU time:       1.7s
   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

This patch fixes this problem.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
2011-06-14 11:17:54 +08:00
Hu Tao
fbd7820b2c Deprecate several CURRENT/LIVE/CONFIG enums
This patch deprecates following enums:

VIR_DOMAIN_MEM_CURRENT
VIR_DOMAIN_MEM_LIVE
VIR_DOMAIN_MEM_CONFIG

VIR_DOMAIN_VCPU_LIVE
VIR_DOMAIN_VCPU_CONFIG

VIR_DOMAIN_DEVICE_MODIFY_CURRENT
VIR_DOMAIN_DEVICE_MODIFY_LIVE
VIR_DOMAIN_DEVICE_MODIFY_CONFIG

And modify internal codes to use virDomainModificationImpact.
2011-06-13 14:17:16 -06:00
Stefan Berger
f5358fdc72 qemu: Faster response time to qemu startup errors
The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.

This patch also introduces a special handling of signal for the Win32 part of virKillProcess.
2011-06-13 15:59:58 -04:00
Taku Izumi
6690150ddd vcpupin: implement the code to address the new API in the qemu driver
This patch implements the new API (virDomainPinVcpuFlags) in the qemu
driver.
2011-06-13 23:42:09 +08:00
Jiri Denemark
a231016b69 Use virTimeMs when appropriate 2011-06-13 11:24:58 +02:00
Wen Congyang
9f8baf646e support multifunction PCI device
If qemu supports multi function PCI device, the format of the PCI address passed
to qemu is "bus=pci.0,multifunction=on,addr=slot.function".

If qemu does not support multi function PCI device, the format of the PCI address
passed to qemu is "bus=pci.0,addr=slot".
2011-06-13 09:27:22 +08:00
Wen Congyang
6fe678cdaf the hotplugged PCI device should use the whole slot
Hot pluging/unpluging multi PCI device is not supported now. So the function
of hotplugged PCI device must be 0. When we hot unplug it, we should set release
all functions in the slot.
2011-06-13 09:27:22 +08:00
Wen Congyang
f12f34fe2f assign the whole slot to the PCI device that has no address
If user does not specify the PCI address, we should auto assign an unused slot.
2011-06-13 09:27:22 +08:00
Wen Congyang
38912f3107 Reimplement qemuDomainPCIAddressReserveSlot(): reserve all functions in the slot
We will support multi function PCI device. So we should reserve all functions in
the slot if we want to reserve a slot.
2011-06-13 09:27:22 +08:00
Wen Congyang
d8f24f75a8 the key of hash table should include the function value
We save all used PCI address in the hash table. The key is generated by domain,
bus and slot now. We will support multi function PCI device, so the key should
be generated by domain, bus, slot and function.
2011-06-13 09:27:21 +08:00
Wen Congyang
cb6ea85b78 prevent hot unplugging multi function PCI device
We do not support to hot unplug multi function PCI device now. If the device is
one function of multi function PCI device, we shoul not allow to hot unplugg
it.
2011-06-13 09:27:21 +08:00
Wen Congyang
d58c382e93 check whether qemu supports multi function PCI device
qemu supports multi function PCI device at least version 0.13.0.
2011-06-13 09:27:21 +08:00
Osier Yang
08a6826a14 qemu: Fix one type in the error prompt string
s/hostdevwork/hostdev/
2011-06-10 11:30:59 +08:00
Eric Blake
d7814b21a2 build: break some long lines
As long as I was already touching the function...

* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Line wrap.
2011-06-08 05:30:56 -06:00
Eric Blake
ddc5b158d7 qemu: add missing break statement
Detected by Coverity.  Bug introduced in commit 9d73efd (v0.8.8).

* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Don't report
error on success.
2011-06-08 05:30:56 -06:00
Eric Blake
4eb17d642e qemu: reorder checks for safety
Detected by Coverity.  All existing callers happen to be in
range, so this isn't too serious.

* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
bounds before dereference.
2011-06-08 05:28:20 -06:00
Cole Robinson
1ba75cf9aa qemu: Convert virExec usage to virCommand
v2:
    Have virCommand cleanup intermediate process for us

v3:
    Preserve original FD closing behavior

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2011-06-07 11:11:02 -04:00
Osier Yang
ebf6b11ac1 Use VIR_USE_CPU instead of new wheel 2011-06-07 16:51:51 +08:00
Daniel P. Berrange
3e87a3901a Fix QEMU p2p v2 migration when run from a v3 client
When peer-2-peer migration was invoked by a client supporting
v3, but where the target server only supported v2, we'd not
correctly shutdown the guest.

* src/qemu/qemu_migration.c: Ensure guest is shutdown in
  v2 peer 2 peer migration
2011-06-06 11:05:34 +08:00
Daniel P. Berrange
a50f5f6faa Don't raise an error if the migration cookie is NULL
The v2 migration protocol doesn't use cookies, so we should not
be raising an error if the cookie parameters are NULL.

* src/qemu/qemu_migration.c: Don't raise error if cookie is NULL
2011-06-04 07:26:32 -04:00
Daniel P. Berrange
a018c0b910 Fix check of virKillProcess return status
The error code for virKillProcess is returned in the errno variable
not the return value. THis mistake caused the logs to be filled with
errors when shutting down QEMU processes

* src/qemu/qemu_process.c: Fix process kill check.
2011-06-04 07:26:07 -04:00
Eric Blake
33d90bafe7 API: consolidate common unreleased enums
This commit is safe precisely because there has been no release
for any of the enum values being deleted (they were added post-0.9.1).

After the 0.9.2 release, we can then take advantage of
virDomainModificationImpact in more places.

* include/libvirt/libvirt.h.in (virDomainModificationImpact): New
enum.
(virDomainSchedParameterFlags, virMemoryParamFlags): Delete, since
these were never released, and the new enum works fine here.
* src/libvirt.c	(virDomainGetMemoryParameters)
(virDomainSetMemoryParameters)
(virDomainGetSchedulerParametersFlags)
(virDomainSetSchedulerParametersFlags): Update documentation.
* src/qemu/qemu_driver.c (qemuDomainSetMemoryParameters)
(qemuDomainGetMemoryParameters, qemuSetSchedulerParametersFlags)
(qemuSetSchedulerParameters, qemuGetSchedulerParametersFlags)
(qemuGetSchedulerParameters): Adjust clients.
* tools/virsh.c (cmdSchedinfo, cmdMemtune): Likewise.
Based on ideas by Daniel Veillard and Hu Tao.
2011-06-04 09:58:53 +02:00
Jiri Denemark
aeed51f775 qemu: Avoid use after free in qemuCaps parsing 2011-06-03 19:58:43 +02:00
Eric Blake
2834d57175 qemu: avoid memory leak on vcpupin
Detected by Coverity.  This leaked a cpumap on every iteration
of the loop.  Leak introduced in commit 1cc4d02 (v0.9.0).

* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
leak, and hoist allocation outside loop.
2011-06-03 08:11:43 -06:00
Daniel P. Berrange
6d68e0df72 Explicitly set VM state to paused after migration completes
In v3 migration, once migration is completed, the VM needs
to be left in a paused state until after Finish3 has been
executed on the target. Only then will the VM be killed
off. When using non-JSON QEMU monitor though, we don't
receive any 'STOP' event from QEMU, so we need to manually
set our state offline & thus release lock manager leases.
It doesn't hurt to run this on the JSON case too, just in
case the event gets lost somehow

* src/qemu/qemu_migration.c: Explicitly set VM state to
  paused when migration completes
2011-06-03 09:59:47 -04:00
Daniel P. Berrange
2027e184c5 Fix regressions BlockStats/Info APIs in QEMU driver
The change 18c2a59206 caused
some regressions in behaviour of virDomainBlockStats
and virDomainBlockInfo in the QEMU driver.

The virDomainBlockInfo API stopped working for inactive
guests if querying a block device.

The virDomainBlockStats API did not promptly report
an error if the guest was not running in some cases.

* src/qemu/qemu_driver.c: Fix inactive guest handling
  in BlockStats/Info APIs
2011-06-03 14:55:11 +01:00
Daniel P. Berrange
020342e68d Fix auditing of disk hotunplug operations
The qemuAuditDisk calls in disk hotunplug operations were being
passed 'ret >= 0', but the code which sets ret to 0 was not yet
executed, and the error path had already jumped to the 'cleanup'
label. This meant hotunplug failures were never audited, and
hotunplug success was audited as a failure

* src/qemu/qemu_hotplug.c: Fix auditing of hotunplug
2011-06-02 17:23:45 +01:00
Daniel P. Berrange
43917db3f9 Fix handling of VIR_EVENT_HANDLE_ERROR in QEMU monitor
Commit 4454a9efc7 introduced bad
behaviour on the VIR_EVENT_HANDLE_ERROR condition. This condition
is only hit when an invalid FD is used in poll() (typically due
to a double-close bug). The QEMU monitor code was treating this
condition as non-fatal, and thus libvirt would poll() in a fast
loop forever burning 100% CPU. VIR_EVENT_HANDLE_ERROR must be
handled in the same way as VIR_EVENT_HANDLE_HANGUP, killing the
QEMU instance.

* src/qemu/qemu_monitor.c: Treat VIR_EVENT_HANDLE_ERROR as EOF
2011-06-02 17:23:44 +01:00
Daniel P. Berrange
30ffe7bceb Allow leases to be hotpluged with QEMU guests
* src/conf/domain_conf.c, src/conf/domain_conf.h: APIs for
  inserting/finding/removing virDomainLeaseDefPtr instances
* src/qemu/qemu_driver.c: Wire up hotplug/unplug for leases
* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Support
  for hotplug and unplug of leases
2011-06-02 10:54:01 +01:00
Daniel P. Berrange
7474560bef Support passing QEMU lock state to dest during migration
Some lock managers associate state with leases, allowing a process
to temporarily release its leases, and re-acquire them later, safe
in the knowledge that no other process has acquired + released the
leases in between.

This is already used between suspend/resume operations, and must
also be used across migration. This passes the lockstate in the
migration cookie. If the lock manager uses lockstate, then it
becomes compulsory to use the migration v3 protocol to get the
cookie support.

* src/qemu/qemu_driver.c: Validate that migration v2 protocol is
  not used if lock manager needs state transfer
* src/qemu/qemu_migration.c: Transfer lock state in migration
  cookie XML
2011-06-02 10:54:01 +01:00
Daniel P. Berrange
12317957ec Integrate the QEMU driver with the lock manager infrastructure
The QEMU integrates with the lock manager instructure in a number
of key places

 * During startup, a lock is acquired in between the fork & exec
 * During startup, the libvirtd process acquires a lock before
   setting file labelling
 * During shutdown, the libvirtd process acquires a lock
   before restoring file labelling
 * During hotplug, unplug & media change the libvirtd process
   holds a lock while setting/restoring labels

The main content lock is only ever held by the QEMU child process,
or libvirtd during VM shutdown. The rest of the operations only
require libvirtd to hold the metadata locks, relying on the active
QEMU still holding the content lock.

* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
  src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug:
  Add config parameter for configuring lock managers
* src/qemu/qemu_driver.c: Add calls to the lock manager
2011-06-02 10:54:01 +01:00
Daniel P. Berrange
44924615ce Allow custom XML to be passed in during migration
Update the qemuDomainMigrateBegin method so that it accepts
an optional incoming XML document. This will be validated
for ABI compatibility against the current domain config,
and if this check passes, will be passed back out for use
by the qemuDomainMigratePrepare method on the target

* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h,
  src/qemu/qemu_migration.c: Allow custom XML to be passed
2011-05-31 12:14:57 +01:00
Daniel P. Berrange
80d2038d58 Issue full error messages when processing QEMU monitor I/O
Currently the QEMU monitor I/O handler code uses errno values
to report errors. This results in a sub-optimal error messages
on certain conditions, in particular when parsing JSON strings
malformed data simply results in 'EINVAL'.

This changes the code to use the standard libvirt error reporting
APIs. The virError is stored against the qemuMonitorPtr struct,
and when a monitor API is run, any existing stored error is copied
into that thread's error local

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Use
  virError APIs for all monitor I/O handling code
2011-05-29 20:51:08 +08:00
Daniel P. Berrange
4454a9efc7 Don't kill QEMU process when a monitor I/O parsing error occurs
Currently whenever there is any failure with parsing the monitor,
this is treated in the same was as end-of-file (ie QEMU quit).
The domain is terminated, if not already dead.

With this change, failures in parsing the monitor stream do not
result in the death of QEMU. The guest continues running unchanged,
but all further use of the monitor will be disabled.

The VMM_FAILURE event will be emitted, and the mgmt application
can decide when to kill/restart the guest to re-gain control

* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Run a
  different callback for monitor EOF vs error conditions.
* src/qemu/qemu_process.c: Emit VMM_FAILURE event when monitor
  fails
2011-05-29 20:37:29 +08:00
Eric Blake
8432170f6f qemu: introduce qemuGetSchedulerParametersFlags
* src/qemu/qemu_driver.c (qemuGetSchedulerParameters): Move
guts...
(qemuGetSchedulerParametersFlags): ...to new callback, and honor
flags more accurately.
2011-05-29 18:40:06 +08:00
Eric Blake
163e5f04ef maint: prefer newer API names internally
Rather mechanical in nature.

* src/driver.h: Use newer virTypedParameter API names.
* src/libvirt.c: Likewise.
* daemon/remote.c: Likewise.
* src/esx/esx_driver.c: Likewise.
* src/libxl/libxl_driver.c: Likewise.
* src/lxc/lxc_driver.c: Likewise.
* src/qemu/qemu_driver.c: Likewise.
* src/remote/remote_driver.c: Likewise.
* src/test/test_driver.c: Likewise.
* src/xen/xen_driver.c: Likewise.
* src/xen/xen_hypervisor.c: Likewise.
* src/xen/xen_hypervisor.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* tools/virsh.c: Likewise.
2011-05-29 18:26:31 +08:00
Hu Tao
4b997daaf5 qemu: implement the new flags for setting memory parameters
* src/qemu/qemu_driver.c: update qemuDomainSetMemoryParameters to
  look at the flag parameter and depending on it save the config
  or the live amount
2011-05-27 15:49:07 +08:00
Hu Tao
7639d1ef31 qemu: implement the new flags for getting memory parameters
* src/qemu/qemu_driver.c: update qemuDomainGetMemoryParameters to
  look at the flag parameter and depending on it read the config
  or the live amount
2011-05-27 15:48:55 +08:00
KAMEZAWA Hiroyuki
9c26d6f09e qemu : support persistent add/delete network interface
This patch allows to modify interfaces of domain(qemu)
* src/conf/domain_conf.c src/conf/domain_conf.h src/libvirt_private.syms:
  (virDomainNetInsert)     : Insert a network device to domain definition.
  (virDomainNetIndexByMac) : Returns an index of net device in array.
  (virDomainNetRemoveByMac): Remove a NIC of passed MAC address.
* src/qemu/qemu_driver.c
  (qemuDomainAttachDeviceConfig): add codes for NIC.
  (qemuDomainDetachDeviceConfig): add codes for NIC.
2011-05-27 15:01:47 +08:00
Federico Simoncelli
18c2a59206 qemu: allow blkstat/blkinfo calls during migration
Originally most of libvirt domain-specific calls were blocking
during a migration.
A new mechanism to allow specific calls (blkstat/blkinfo) to be
executed in such condition has been implemented.
In the long term it'd be desirable to get a more general
solution to mark further APIs as migration safe, without needing
special case code.

 * src/qemu/qemu_migration.c: add some additional job signal
   flags for doing blkstat/blkinfo during a migration
 * src/qemu/qemu_domain.c: add a condition variable that can be
   used to efficiently wait for the migration code to clear the
   signal flag
 * src/qemu/qemu_driver.c: execute blkstat/blkinfo using the
   job signal flags during migration
2011-05-26 11:05:04 -06:00
Markus Groß
23e5393c40 Fix modifying disk devices in qemu driver
When modifying the disk devices of a live domain and the domain
configuration, the function qemuDomainAttachDeviceConfig
first sets dev->data->disk to NULL. Later qemuDomainAttachDeviceLive
accesses dev->data.disk and causes a segfault.
* src/qemu/qemu_driver.c: fix qemuDomainModifyDeviceFlags() accordingly
2011-05-26 22:32:51 +08:00
Richard W.M. Jones
78eb8b60d5 json: Avoid passing large positive 64 bit integers to QMP.
http://lists.gnu.org/archive/html/qemu-devel/2011-05/threads.html#02162

Currently, qemu silently clips any JSON integer in the range
0x8000000000000000 - 0xffffffffffffffff (all numbers in this range
will be clipped to 0x7fffffffffffffff == LLONG_MAX).

To avoid this, pass these as signed 64 bit integers in the QMP
request.
2011-05-25 21:30:39 +01:00
Daniel P. Berrange
2593f9692d Fix the signature of virDomainMigrateFinish3 for error reporting
The current virDomainMigrateFinish3 method signature attempts to
distinguish two types of errors, by allowing return with ret== 0,
but ddomain == NULL, to indicate a failure to start the guest.
This is flawed, because when ret == 0, there is no way for the
virErrorPtr details to be sent back to the client.

Change the signature of virDomainMigrateFinish3 so it simply
returns a virDomainPtr, in the same way as virDomainMigrateFinish2
The disk locking code will protect against the only possible
failure mode this doesn't account for (loosing conenctivity to
libvirtd after Finish3 starts the CPUs, but before the client
sees the reply for Finish3).

* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Change
  virDomainMigrateFinish3 to return a virDomainPtr instead of int
* src/remote/remote_driver.c, src/remote/remote_protocol.x,
  daemon/remote.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c:
  Update for API change
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
5e31df9335 Fix preservation of errors across migration steps
When doing migration, if an error occurs in Perform, it must not
be overwritten during Finish/Confirm steps. If an error occurs
in Finish, it must not be overwritten in Confirm.

Previous commit a9d12c2444 added
code to qemudDomainMigrateFinish2 to preserve the error. This
is not the right place, because it is not applicable in non-p2p
migration. The src/libvirt.c virDomainMigrateV2/3 methods need
code to preserve errors for non-p2p migration, while the
doPeer2PeerMigrate2 and doPeer2PeerMigrate3 methods contain
code to preverse errors for p2p migration.

Remove the bogus error preservation from qemudDomainMigrateFinish2
and qemudDomainMigrateFinish3.

Fix virDomainMigrateV3 and doPeer2PeerMigrate3 so that they
preserve any error hit during the Finish3 step, before invoking
Confirm3.

Finally if qemuMigrationFinish fails to resume the CPUs, it must
preserve the error before tearing down the VM, so that VM cleanup
doesn't overwrite it.

* src/libvirt.c: Preserve error before invoking Confirm3
* src/qemu/qemu_driver.c: Remove bogus error preservation
  code in qemudDomainMigrateFinish2/qemudDomainMigrateFinish3
* src/qemu/qemu_migration.c: Preserve error before invoking Confirm3
  and after resume fails in qemuMigrationFinish.
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
03547eee92 Improve debug logging of migration APIs
* src/libvirt.c: Add further debug lines in helper APIs for
  migration
* src/qemu/qemu_migration.c: Add debug lines for all internal
  migration API parameters
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
1853bd9d6e Fix error propagation in finish method for v3 migration
Even when failing to start CPUs, the finish method was returning
a success result. Fix this so that the QEMU process is killed
off when finish fails under v3 protocol. Also rename the
killOnFinish boolean to 'v3proto' to make it clearer that this
is a tunable based on the migration protocol version

* src/qemu/qemu_driver.c: Update for API change
* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Kill
  VM in qemuMigrationFinish if failing to start CPUs
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
b336710383 Fix SPICE seamless migration hostname
The SPICE seamless migration process requires data to be passed
back from the target host, to the source host via a cookie.
The cookie includes the target host's hostname, but this was not
stored, merely validated. This patch explicitly records the
remote hostname after parsing the cookie, and uses it when
initiating the SPICE migration

* qemu/qemu_migration.c: Fix SPICE seamless migration hostname
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
73b3e0b70b Fix resume on destination when doing non-live tunnelled migration
Before running perform in peer-2-peer migration, the current
guest state must be recorded, so that non-live migration can
currently unpause a running guest on completion.

* src/qemu/qemu_migration.c: Move check for offline guest
  to fix non-live migration
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
f9f2d4e147 Add a second URI parameter to virDomainMigratePerform3 method
The virDomainMigratePerform3 currently has a single URI parameter
whose meaning varies. It is either

 - A QEMU migration URI (normal migration)
 - A libvirtd connection URI (peer2peer migration)

Unfortunately when using peer2peer migration, without also
using tunnelled migration, it is possible that both URIs are
required.

This adds a second URI parameter to the virDomainMigratePerform3
method, to cope with this scenario. Each parameter how has a fixed
meaning.

NB, there is no way to actually take advantage of this yet,
since virDomainMigrate/virDomainMigrateToURI do not have any
way to provide the 2 separate URIs

* daemon/remote.c, src/remote/remote_driver.c,
  src/remote/remote_protocol.x, src/remote_protocol-structs: Add
  the second URI parameter to perform3 message
* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Add
  the second URI parameter to Perform3 method
* src/libvirt_internal.h, src/qemu/qemu_migration.c,
  src/qemu/qemu_migration.h: Update to handle URIs correctly
2011-05-25 11:47:48 -04:00
Daniel P. Berrange
7ad4b6b9cc Extend v3 migration protocol to allow app supplied XML for target
This extends the v3 migration protocol such that the
virDomainMigrateBegin3 and virDomainMigratePerform3
methods accept an application supplied XML config for
the target VM.

If the 'xmlin' parameter is NULL, then Begin3 uses the
current guest XML as normal. A driver implementing the
Begin3 method should either reject all non-NULL 'xmlin'
parameters, or strictly validate that the app supplied
XML does not change guest ABI.

The Perform3 method also needed the xmlin parameter to
cope with the Peer2Peer migration sequence.

NB it is not yet possible to use this capability since
neither of the public virDomainMigrate/virDomainMigrateToURI
methods have a way to pass in XML.

* daemon/remote.c, src/remote/remote_driver.c,
  src/remote/remote_protocol.x, src/remote_protocol-structs:
  Add 'remote_string xmlin' parameter to begin3/perform3
  RPC messages
* src/libvirt.c, src/driver.h, src/libvirt_internal.h: Add
  'const char *xmlin' parameter to Begin3/Perform3 methods
* src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
  src/qemu/qemu_migration.h: Pass xmlin parameter around
  migration methods
2011-05-25 11:47:47 -04:00
Michal Privoznik
764c282cdf qemu: Don't change ownership of file when appending to it
Saving domain to previously created file changes also its ownership.
This is certainly not what users want if some conditions are met:
it is a regular, local file and dynamic_ownership is off.
2011-05-24 17:41:34 +02:00
Laine Stump
51781b82f7 qemu: fix typo in name - should be VHOST_NET, not VNET_HOST
NB: the enum that uses the string vnet-host (now changed to vhost-net)
is used in XML, but fortunately that hasn't been in an official
release yet, so it can still be fixed.
2011-05-24 10:45:55 -04:00
Daniel P. Berrange
58765b58a3 Fix QEMU -vnc arg generation with raw IPv6 addresses
Since -vnc uses ':' to separate the address from the port, raw
IPv6 addresses need to be escaped like [addr]:port

* src/qemu/qemu_command.c: Escape raw IPv6 addresses with []
* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
  tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml: Tweak
  to test Ipv6 escaping
* docs/schemas/domain.rng: Allow Ipv6 addresses, or hostnames
  in <graphics> listen attributes
2011-05-24 10:33:53 -04:00
Daniel P. Berrange
65e1acad80 Fix peer2peer migration with transient VMs
The qemuMigrationConfirm method shouldn't deal with final VM
cleanup, since it can be called from the peer2peer migration,
which expects to still use the 'vm' object afterwards.

Push the cleanup code out of qemuMigrationConfirm, into its
caller, qemuDomainMigrateConfirm3

* src/qemu/qemu_driver.c: Add VM cleanup code to
  qemuDomainMigrateConfirm3
* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
  job handling cleanup from qemuMigrationConfirm
2011-05-24 05:41:23 -04:00
Daniel P. Berrange
f88af9dc16 Perform feature flag compat checking in QEMU migration cookies
To allow new mandatory migration cookie data to be introduced,
add support for checking supported feature flags when parsing
migration cookie.

* src/qemu/qemu_migration.c: Feature flag checking in migration
  cookie parsing
2011-05-24 05:40:50 -04:00
Alon Levy
bb1c5423b9 spice: support streaming-video parameter
This adds a streaming-video=filter|all|off attribute. It is used to change
the behavior of video stream detection in spice, the default is filter (the
default for libvirt is not to specify it - the actual default is defined in
libspice-server.so).

Usage:

    <graphics type='spice' autoport='yes'>
      <streaming mode='off'/>
    </graphics>

Tested with the above and with tests/qemuxml2argvtest.

Signed-off-by: Alon Levy <alevy@redhat.com>
2011-05-23 20:53:59 -06:00
Laine Stump
17266c5c68 qemu: don't require is_kvm for vhost-net support
This was discussed in:

  https://www.redhat.com/archives/libvir-list/2011-May/msg01370.html

The capabilities code only sets the flag to allow use of vhost-net if
kvm is detected (set if the help string contains "(qemu-kvm-" or
"(kvm-"), but actually vhost-net is available in some qemu builds that
don't have kvm in their name, so just checking for ",vhost=" is enough.
2011-05-23 15:59:31 -04:00
Richard W.M. Jones
bb12a63909 qemudDomainMemoryPeek: change ownership/selinux label on temporary file.
Otherwise qemu is unable to write to it, with the error:

libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
2011-05-20 16:12:36 +01:00
Daniel P. Berrange
6b937b2430 Don't generate cookies with v2 migration protocol.
The v2 migration protocol had a limit on cookie length that was
too small to be useful for QEMU. Avoid generating cookies with
v2 protocol, so that old libvirtd can still reliably migrate a
guest to new libvirtd uses v2 protocol.

* src/qemu/qemu_driver.c: Avoid migration cookies with v2
  migration
2011-05-19 07:13:07 -04:00
Daniel P. Berrange
03f8832684 Fix QEMU migration cookie crash for guests with no graphics
When generating a cookie for a guest with no data, the
QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
graphics data was added. Avoid setting the flag unless
it was needed, also add a safety check for mig->graphics
being non-NULL

* src/qemu/qemu_migration.c: Avoid cookie crash for guest
  with no graphics
2011-05-19 07:13:00 -04:00
Matthias Bolte
191e1ec65c Clarify that virDomainGet(Memory|Blkio)Parameters doesn't support subsets
Improve invalid argument checks in the size query case. The drivers already
relied on this unchecked behavior.

Relax the implementation of virDomainGet(Memory|Blkio)MemoryParameters
in the drivers and allow to pass more memory than necessary for all
parameters.
2011-05-18 18:20:47 +02:00
Matthias Bolte
e430c0d0c6 Clarify the semantic of virDomainGetSchedulerParameters arguments
params and nparams are essential and cannot be NULL. Check this in
libvirt.c and remove redundant checks from the drivers (e.g. xend).

Instead of enforcing that nparams must point to exact same value as
returned by virDomainGetSchedulerType relax this to a lower bound
check. This is what some drivers (e.g. xen hypervisor and esx)
already did. Other drivers (e.g. xend) didn't check nparams at all
and assumed that there is enough space in params.

Unify the behavior in all drivers to a lower bound check and update
nparams to the number of valid values in params on success.
2011-05-18 18:20:47 +02:00
Michal Privoznik
45b28f7c4f qemu: fix typo in spice migration code
This typo caused XPath returning improper value and thus not
working spice after migration.
2011-05-18 11:57:07 +02:00
Hu Tao
a9189e2c41 qemu: introduce qemuSetSchedulerParametersFlags
Support for virDomainSetSchedulerParametersFlags of qemu driver.
2011-05-17 10:17:53 -06:00
Daniel P. Berrange
6e7c56f8c9 Add missing initialization to 'ret' in qemu migration
* src/qemu/qemu_migration.c: Add missing 'ret' initializer
  in qemuMigrationCookieXMLParseStr
2011-05-16 16:11:10 +01:00
Daniel P. Berrange
1d916a60a7 Run tunnelled migration IO in separate thread
By running the doTunnelSendAll code in a separate thread, the
main thread can do qemuMigrationWaitForCompletion as with
normal migration. This in turn ensures that job signals work
correctly and that progress monitoring can be done

* src/qemu/qemu_migration.c: Run tunnelled migration in
  separate thread
2011-05-16 15:18:22 +01:00
Daniel P. Berrange
5a6ca96a01 Don't overwrite error when stream send fails
virStreamSend already sets an error message, so don't
overwrite it

* src/qemu/qemu_migration.c: Remove bogus error report
2011-05-16 15:18:22 +01:00
Daniel P. Berrange
2bf92bb829 Close all sockets before cancelling QEMU migration
Cancelling the QEMU migration may cause QEMU to flush pending
data on the migration socket. This may in turn block QEMU if
nothing reads from the other end of the socket. Closing the
socket before cancelling QEMU migration avoids this possible
deadlock.

* src/qemu/qemu_migration.c: Close sockets before cancelling
  migration on failure
2011-05-16 15:18:22 +01:00