Commit Graph

861 Commits

Author SHA1 Message Date
Hu Tao
fd8fd0f916 refactor virDomainVcpuPinAdd() 2012-08-22 15:03:28 +08:00
Hu Tao
1fea56673c add function bitmapFromBytemap() to convert bytemap to bitmap 2012-08-22 14:40:23 +08:00
J.B. Joret
5d4f8d9746 Support for Disk Geometry Override
A hypervisor may allow to override the disk geometry of drives.
Qemu, as an example with cyls=,heads=,secs=[,trans=].
This patch extends the domain config to allow the specification of
disk geometry with libvirt.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-21 15:30:07 -06:00
Stefan Berger
4efde75fab nwfilter: provide basic support for firewalld
This patch provides basic support for using firewalld's firewall-cmd
rather than then plain eb/ip(6)tables commands.
2012-08-21 13:40:58 -04:00
Martin Kletzander
a14b4aea51 qemu: Unify port-wise SPICE and VNC behavior
Port allocations for SPICE and VNC behave almost the same (with
default ports), but there is some mess in the code. This patch clears
these inconsistencies and makes sure the same behavior will be used
when ports for remote displays are changed.

Changes:
 - hard-coded number 5900 removed (handled elsewhere like with VNC)
 - reservedVNCPorts renamed to reservedRemotePorts (it's not just for
   VNC anymore)
 - QEMU_VNC_PORT_{MIN,MAX} renamed to QEMU_REMOTE_PORT_{MIN,MAX}
 - port allocation unified for VNC and SPICE
2012-08-21 11:36:32 +02:00
Marcelo Cerri
e9377dda36 Multiple security drivers in XML data
This patch updates the domain and capability XML parser and formatter to
support more than one "seclabel" element for each domain and device. The
RNG schema and the tests related to this are also updated by this patch.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-20 19:13:33 +02:00
Marcelo Cerri
6c3cf57d6c Internal refactory of data structures
This patch updates the structures that store information about each
domain and each hypervisor to support multiple security labels and
drivers. It also updates all the remaining code to use the new fields.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-20 19:13:33 +02:00
Shradha Shah
3ebf5484bc conf: add function virDevicePCIAddressEqual
This function is needed by the network driver in a later commit.
It is useful in functions like networkNotifyActualDevice and
networkReleaseActualDevice
2012-08-17 15:43:26 -04:00
Shradha Shah
1446003419 conf: parser/formatter/rng for <forward mode='hostdev'>
This patch introduces the new forward mode='hostdev' along with
attribute managed. Includes updates to the network RNG and new xml
parser/formatter code.

Signed-off-by: Shradha Shah <sshah@solarflare.com>
2012-08-17 15:43:26 -04:00
Shradha Shah
f9150c8158 conf: move DevicePCIAddress functions to separate file
Move the functions the parse/format, and validate PCI addresses to
their own file so they can be conveniently used in other places
besides device_conf.c

Refactoring existing code without causing any functional changes to
prepare for new code.

This patch makes the code reusable.

Signed-off-by: Shradha Shah <sshah@solarflare.com>
2012-08-17 15:43:25 -04:00
Jiri Denemark
d413464229 conf: Fix ABI stability check for spicevmc channel
Change device type of a virtio channel from/to spicevmc is not a user
visible change. However, spicevmc channels use different default target
name than other virtio channels. To maintain ABI stability during this
change target name must be explicitly specified (and equal) in both
configurations.
2012-08-17 21:26:53 +02:00
Laine Stump
3f9274a524 conf: add <vlan> element to network and domain interface elements
The following config elements now support a <vlan> subelements:

within a domain: <interface>, and the <actual> subelement of <interface>
within a network: the toplevel, as well as any <portgroup>

Each vlan element must have one or more <tag id='n'/> subelements.  If
there is more than one tag, it is assumed that vlan trunking is being
requested. If trunking is required with only a single tag, the
attribute "trunk='yes'" should be added to the toplevel <vlan>
element.

Some examples:

  <interface type='hostdev'/>
    <vlan>
      <tag id='42'/>
    </vlan>
    <mac address='52:54:00:12:34:56'/>
    ...
  </interface>

  <network>
    <name>vlan-net</name>
    <vlan trunk='yes'>
      <tag id='30'/>
    </vlan>
    <virtualport type='openvswitch'/>
  </network>

  <interface type='network'/>
    <source network='vlan-net'/>
    ...
  </interface>

  <network>
    <name>trunk-vlan</name>
    <vlan>
      <tag id='42'/>
      <tag id='43'/>
    </vlan>
    ...
  </network>

  <network>
    <name>multi</name>
    ...
    <portgroup name='production'/>
      <vlan>
        <tag id='42'/>
      </vlan>
    </portgroup>
    <portgroup name='test'/>
      <vlan>
        <tag id='666'/>
      </vlan>
    </portgroup>
  </network>

  <interface type='network'/>
    <source network='multi' portgroup='test'/>
    ...
  </interface>

IMPORTANT NOTE: As of this patch there is no backend support for the
vlan element for *any* network device type. When support is added in
later patches, it will only be for those select network types that
support setting up a vlan on the host side, without the guest's
involvement. (For example, it will be possible to configure a vlan for
a guest connected to an openvswitch bridge, but it won't be possible
to do that for one that is connected to a standard Linux host bridge.)
2012-08-15 13:10:57 -04:00
Laine Stump
1f7a291c96 conf: log error when encountering multiple filterrefs in interface
Each interface has a single pointer to a filterref object. That
filterref can itself point to multiple other filterrefs, but at the
toplevel there is only one.

The parser had previously just silently overwritten earlier filterrefs
when a new one was encountered, so the interface was left with
whichever was the last filterref in the xml, ignoring all the
others. This patch logs an error when it sees more than one filterref.
2012-08-14 23:53:58 -04:00
Laine Stump
300bcdb63b network: add connections counter to networks
Just as each physical device used by a network has a connections
counter, now each network has a connections counter which is
incremented once for each guest interface that connects using this
network.

The count is output in the live network XML, like this:

   <network connections='20'>
   ...
   </network>

It is read-only, and for informational purposes only - it isn't used
internally anywhere by libvirt.
2012-08-14 23:53:58 -04:00
Laine Stump
92a8304081 conf: output forward device connections count in network XML
It may be useful for management applications to know which physical
network devices are in use by guests. This information is already
available in the network objects, but wasn't output in the XML. This
patch outputs it when the INACTIVE flag isn't set (and if it's non-0).
2012-08-14 23:53:58 -04:00
Laine Stump
643feae785 conf: rename interface "usageCount" to "connections"
I want to include this count in the xml output of networks, but
calling it "connections" in the XML sounds better than "usageCount", and it
would be better if the name in the XML matched the variable name.

In a few places, usageCount was being initialized to 0, but this is
unnecessary, because VIR_ALLOC_N zero-fills everything anyway.
2012-08-14 23:53:58 -04:00
Laine Stump
95ae4e7fa3 conf: use a unique data type for PF array in virDomainNetDef
This array was originally defined using the existing
virNetworkForwardIfDef, but that struct has a UsageCount field that
isn't used in the case of PFs. This patch just copies that struct and
removes UsageCount. It ends up being a struct with a single field, but
I left it as a struct in case we need to add other fields to it in the
future.
2012-08-14 23:53:57 -04:00
Laine Stump
4af3cbafdd conf: support partially-specified <virtualport> in parser and formatter
Until now, all attributes in a <virtualport> parameter list that were
acceptable for a particular type, were also required. There were no
optional attributes.

One of the aims of supporting <virtualport> in libvirt's virtual
networks and portgroups is to allow specifying the group-wide
parameters in the network's virtualport, and merge that with the
interface's virtualport, which will have the instance-specific info
(i.e. the interfaceid or instanceid).

Additionally, the guest's interface XML shouldn't need to know what
type of network connection will be used prior to runtime - it could be
openvswitch, 802.1Qbh, 802.1Qbg, or none of the above - but should
still be able to specify instance-specific info just in case it turns
out to be applicable.

Finally, up to now, the parser for virtualport has always generated a
random instanceid/interfaceid when appropriate, making it impossible
to leave it blank (which is what's required for virtualports within a
network/portprofile definition).

This patch modifies the parser and formatter of the <virtualport>
element in the following ways:

* because most of the attributes in a virNetDevVPortProfile are fixed
  size binary data with no reserved values, there is no way to embed a
  "this value wasn't specified" sentinel into the existing data. To
  solve this problem, the new *_specified fields in the
  virNetDevVPortProfile object that were added in a previous patch of
  this series are now set when the corresponding attribute is present
  during the parse.

* allow parsing/formatting a <virtualport> that has no type set. In
  this case, all fields are settable, but all are also optional.

* add a GENERATE_MISSING_DEFAULTS flag to the parser - if this flag is
  set and an instanceid/interfaceid is expected but not provided, a
  random one will be generated. This was previously the default
  behavior, but is now done only for virtualports inside an
  <interface> definition, not for those in <network> or <portgroup>.

* add a REQUIRE_ALL_ATTRIBUTES flag to the parser - if this flag is
  set the parser will call the new
  virNetDevVPortProfileCheckComplete() functions at the end of the
  parser to check for any missing attributes (based on type), and
  return failure if anything is missing. This used to be default
  behavior. Now it is only used for the virtualport defined inside an
  interface's <actual> element (by the time you've figured out the
  contents of <actual>, you should have all the necessary data to fill
  in the entire virtualport)

* add a REQUIRE_TYPE flag to the parser - if this flag is set, the
  parser will return an error if the virtualport has no type
  attribute. This also was previously the default behavior, but isn't
  needed in the case of the virtualport for a type='network' interface
  (i.e. the exact type isn't yet known), or the virtualport of a
  portgroup (i.e. the portgroup just has modifiers for the network's
  virtualport, which *does* require a type) - in those cases, the
  check will be done at domain startup, once the final virtualport is
  assembled (this is handled in the next patch).
2012-08-14 15:47:50 -04:00
Laine Stump
ff1efc0901 conf: simplify Buffer Indentation in virDomainNetDefFormat
This function has several calls to increase the buffer indent by 6,
then decrease it again, then increase, then decrease. Additionally,
there were several printfs that had 6 spaces at the beginning of the
line.

virDomainActualNetDefFormat, which is called by virDomainNetDefFormat,
had similar ugliness.

This patch changes both functions to just increase the indent at the
beginning, decrease it at (well, just before*) the end, and remove all
of the occurences of 6/8 spaces at the beginning of lines.

*The indent had to be reset before the end of the function because
virDomainDeviceInfoFormat assumes a 0 indent and is called from many
other places, and I didn't want to do an overhaul of every caller of
that function. A separate patch to switch all of domain_conf.c would
be a useful exercise, but my current goal is unrelated to that, so
I'll leave it for another day.
2012-08-14 15:47:39 -04:00
Laine Stump
2841a0ad0f conf: make error returns from virDomainActualNetDefFormat consistent
There was an error: label that simply did "return ret", but ret was
defaulted to -1, and was never used other than setting it manually to
0 just before a non-error return. Aside from this, some of the error
return paths used "goto error" and others used "return ret".

This patch removes ret and the error: label, and makes all error
returns just consistently do "return -1".
2012-08-14 15:47:33 -04:00
Laine Stump
1d1744285b conf: move virtPortProfile out of unions in virDomainNetDef
virtPortProfile is now used by 4 different types of network devices
(NETWORK, BRIDGE, DIRECT, and HOSTDEV), and it's getting cumbersome to
replicate so much code in 4 different places just because each type
has the virtPortProfile in a slightly different place. This patch puts
a single virtPortProfile in a common place (outside the type-specific
union) in both virDomainNetDef and virDomainActualNetDef, and adjusts
the parse and format code (and the few other places where it is used)
accordingly.

Note that when a <virtualport> element is found, the parse functions
verify that the interface is of a type that supports one, otherwise an
error is generated (CONFIG_UNSUPPORTED in the case of <interface>, and
INTERNAL in the case of <actual>, since the contents of <actual> are
always generated by libvirt itself).
2012-08-14 15:47:28 -04:00
Laine Stump
21ea73e8f4 util: eliminate union in virNetDevVPortProfile
virNetDevVPortProfile has (had) a type field that can be set to one of
several values, and a union of several structs, one for each
type. When a domain's interface object is of type "network", the
domain config may not know beforehand which type of virtualport is
going to be provided in the actual device handed down from the network
driver at runtime, but may want to set some values in the virtualport
that may or may not be used, depending on the type. To support this
usage, this patch replaces the union of structs with toplevel fields
in the struct, making it possible for all of the fields to be set at
the same time.
2012-08-14 15:47:08 -04:00
Osier Yang
bb705e2519 Destroy virdomainlist.[ch]
As the consensus in:
https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
this patch is to destroy conf/virdomainlist.[ch], folding the
helpers into conf/domain_conf.[ch].

* src/Makefile.am:
  - Various indention fixes incidentally
  - Add macro DATATYPES_SOURCES (datatypes.[ch])
  - Link datatypes.[ch] for libvirt_lxc

* src/conf/domain_conf.c:
  - Move all the stuffs from virdomainlist.c into it
  - Use virUnrefDomain and virUnrefDomainSnapshot instead of
    virDomainFree and virDomainSnapshotFree, which are defined
    in libvirt.c, and we don't want to link to it.
  - Remove "if" before "free" the object, as virObjectUnref
    is in the list "useless_free_options".

* src/conf/domain_conf.h:
  - Move all the stuffs from virdomainlist.h into it
  - s/LIST_FILTER/LIST_DOMAINS_FILTER/

* src/libxl/libxl_driver.c:
  - s/LIST_FILTER/LIST_DOMAINS_FILTER/
  - no (include "virdomainlist.h")

* src/libxl/libxl_driver.c: Likewise

* src/lxc/lxc_driver.c: Likewise

* src/openvz/openvz_driver.c: Likewise

* src/parallels/parallels_driver.c: Likewise

* src/qemu/qemu_driver.c: Likewise

* src/test/test_driver.c: Likewise

* src/uml/uml_driver.c: Likewise

* src/vbox/vbox_tmpl.c: Likewise

* src/vmware/vmware_driver.c: Likewise

* tools/virsh-domain-monitor.c: Likewise

* tools/virsh.c: Likewise
2012-08-14 17:27:49 +08:00
Laine Stump
b8a56f12f5 nwfilter: fix crash during filter define when lxc driver failed startup
The meat of this patch is just moving the calls to
virNWFilterRegisterCallbackDriver from each hypervisor's "register"
function into its "initialize" function. The rest is just code
movement to allow that, and a new virNWFilterUnRegisterCallbackDriver
function to undo what the register function does.

The long explanation:

There is an array in nwfilter called callbackDrvArray that has
pointers to a table of functions for each hypervisor driver that are
called by nwfilter. One of those function pointers is to a function
that will lock the hypervisor driver. Entries are added to the table
by calling each driver's "register" function, which happens quite
early in libvirtd's startup.

Sometime later, each driver's "initialize" function is called. This
function allocates a driver object and stores a pointer to it in a
static variable that was previously initialized to NULL. (and here's
the important part...) If the "initialize" function fails, the driver
object is freed, and that pointer set back to NULL (but the entry in
nwfilter's callbackDrvArray is still there).

When the "lock the driver" function mentioned above is called, it
assumes that the driver was successfully loaded, so it blindly tries
to call virMutexLock on "driver->lock".

BUT, if the initialize never happened, or if it failed, "driver" is
NULL. And it just happens that "lock" is always the first field in
driver so it is also NULL.

Boom.

To fix this, the call to virNWFilterRegisterCallbackDriver for each
driver shouldn't be called until the end of its (*already guaranteed
successful*) "initialize" function, not during its "register" function
(which is currently the case). This implies that there should also be
a virNWFilterUnregisterCallbackDriver() function that is called in a
driver's "shutdown" function (although in practice, that function is
currently never called).
2012-08-09 23:28:00 -04:00
Eric Blake
51ee43aa55 build: fix PROBE() usage of intptr_t
Otherwise, in locations like virobject.c where PROBE is used,
for certain configure options, the compiler warns:

util/virobject.c:110:1: error: 'intptr_t' undeclared (first use in this function)

As long as we are making this header always available, we can
clean up several other files.

* src/internal.h (includes): Pull in <stdint.h>.
* src/conf/nwfilter_conf.h: Rely on internal.h.
* src/storage/storage_backend.c: Likewise.
* src/storage/storage_backend.h: Likewise.
* src/util/cgroup.c: Likewise.
* src/util/sexpr.h: Likewise.
* src/util/virhashcode.h: Likewise.
* src/util/virnetdevvportprofile.h: Likewise.
* src/util/virnetlink.h: Likewise.
* src/util/virrandom.h: Likewise.
* src/vbox/vbox_driver.c: Likewise.
* src/xenapi/xenapi_driver.c: Likewise.
* src/xenapi/xenapi_utils.c: Likewise.
* src/xenapi/xenapi_utils.h: Likewise.
* src/xenxs/xenxs_private.h: Likewise.
* tests/storagebackendsheepdogtest.c: Likewise.
2012-08-09 15:40:42 -06:00
Matthias Bolte
b8fa5fd071 esx: Implement network driver
An ESX server has one or more PhysicalNics that represent the actual
hardware NICs. Those can be listed via the interface driver.

A libvirt virtual network is mapped to a HostVirtualSwitch. On the
physical side a HostVirtualSwitch can be connected to PhysicalNics.
On the virtual side a HostVirtualSwitch has HostPortGroups that are
mapped to libvirt virtual network's portgroups. Typically there is
HostPortGroups named 'VM Network' that is used to connect virtual
machines to a HostVirtualSwitch. A second HostPortGroup typically
named 'Management Network' is used to connect the hypervisor itself
to the HostVirtualSwitch. This one is not mapped to a libvirt virtual
network's portgroup. There can be more HostPortGroups than those
typical two on a HostVirtualSwitch.

         +---------------+-------------------+
   ...---|               |                   |   +-------------+
         | HostPortGroup |                   |---| PhysicalNic |
         |   VM Network  |                   |   |    vmnic0   |
   ...---|               |                   |   +-------------+
         +---------------+ HostVirtualSwitch |
                         |     vSwitch0      |
         +---------------+                   |
         | HostPortGroup |                   |
   ...---|   Management  |                   |
         |    Network    |                   |
         +---------------+-------------------+

The virtual counterparts of the PhysicalNic is the HostVirtualNic for
the hypervisor and the VirtualEthernetCard for the virtual machines
that are grouped into HostPortGroups.

   +---------------------+   +---------------+---...
   | VirtualEthernetCard |---|               |
   +---------------------+   | HostPortGroup |
   +---------------------+   |   VM Network  |
   | VirtualEthernetCard |---|               |
   +---------------------+   +---------------+
                                             |
                             +---------------+
   +---------------------+   | HostPortGroup |
   |    HostVirtualNic   |---|   Management  |
   +---------------------+   |    Network    |
                             +---------------+---...

The currently implemented network driver can list, define and undefine
HostVirtualSwitches including HostPortGroups for virtual machines.
Existing HostVirtualSwitches cannot be edited yet. This will be added
in a followup patch.
2012-08-09 22:31:47 +02:00
Daniel P. Berrange
31cb030ab6 Turn virDomainObjPtr into a virObjectPtr
Switch virDomainObjPtr to use the virObject APIs for reference
counting. The main change is that virObjectUnref does not return
the reference count, merely a bool indicating whether the object
still has any refs left. Checking the return value is also not
mandatory.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-07 11:47:41 +01:00
Daniel P. Berrange
46ec5f85c8 Convert public datatypes to inherit from virObject
This converts the following public API datatypes to use the
virObject infrastructure:

  virConnectPtr
  virDomainPtr
  virDomainSnapshotPtr
  virInterfacePtr
  virNetworkPtr
  virNodeDevicePtr
  virNWFilterPtr
  virSecretPtr
  virStreamPtr
  virStorageVolPtr
  virStoragePoolPtr

The code is significantly simplified, since the mutex in the
virConnectPtr object now only needs to be held when accessing
the per-connection virError object instance. All other operations
are completely lock free.

* src/datatypes.c, src/datatypes.h, src/libvirt.c: Convert
  public datatypes to use virObject
* src/conf/domain_event.c, src/phyp/phyp_driver.c,
  src/qemu/qemu_command.c, src/qemu/qemu_migration.c,
  src/qemu/qemu_process.c, src/storage/storage_driver.c,
  src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
  tests/qemuxml2argvtest.c, tests/qemuxmlnstest.c,
  tests/sexpr2xmltest.c, tests/xmconfigtest.c: Convert
  to use virObjectUnref/virObjectRef

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-07 11:47:41 +01:00
Peter Krempa
45edefc7a7 conf: Remove console stream callback only when freeing console helper
Commit ba226d334a tried to fix crash of
the daemon when a domain with an open console was destroyed. The fix was
wrong as it tried to remove the callback also when the stream was
aborted, where at that point the fd stream driver was already freed and
removed.

This patch clears the callbacks with a helper right before the hash is
freed, so that it doesn't interfere with other codepaths where the
stream object is freed.
2012-08-03 23:42:45 +02:00
Osier Yang
ed1e711b99 qemu: Allow to attach/detach controller device persistently
* src/conf/domain_conf.c:
  - Add virDomainControllerFind to find controller device by type
    and index.
  - Add virDomainControllerRemove to remove the controller device
    from maintained controler list.

* src/conf/domain_conf.h:
  - Declare the two new helpers.

* src/libvirt_private.syms:
  - Expose private symbols for the two new helpers.

* src/qemu/qemu_driver.c:
  - Support attach/detach controller device persistently

* src/qemu/qemu_hotplug.c:
  - Use the two helpers to simplify the codes.
2012-08-03 12:19:16 +08:00
Hendrik Schwartke
7383c1d762 Added timestamps to storage volumes
The access, birth, modification and change times are added to
storage volumes and corresponding xml representations.  This
shows up in the XML in this format:

<timestamps>
  <atime>1341933637.027319099</atime>
  <mtime>1341933637.027319099</mtime>
</timestamps>

Signed-off-by: Eric Blake <eblake@redhat.com>
2012-08-02 17:14:17 -06:00
Ján Tomko
37a10129c2 Update xml schemas according to libvirt source
capability.rng: Guest features can be in any order.
nodedev.rng: Added <driver> element, <capability> phys_function and
virt_functions for PCI devices.
storagepool.rng: Owner or group ID can be -1.

schema tests: New capabilities and nodedev files; changed owner and
group to -1 in pool-dir.xml.
storage_conf: Print uid_t and gid_t as signed to storage pool XML.
2012-08-02 14:36:23 -06:00
Peter Krempa
317badb213 domain_conf: Add helpers to verify if device configuration is valid
This patch adds helpers that validate domain's device configuration.
This will be needed later on to verify devices being hot-plugged to
guests. If the guest has no USB bus, then it's not valid to plug a USB
device to that guest.
2012-08-02 11:54:50 +02:00
Peter Krempa
0925189713 domain_conf: Add USB controler model "none"
Libvirt adds a USB controller to the guest even if the user does not
specify any in the XML. This is due to back-compat reasons.

To allow disabling USB for a guest this patch adds a new USB controller
type "none" that disables USB support for the guest.
2012-08-02 11:54:14 +02:00
Dmitry Guryanov
cafc26ff5f parallels: add driver skeleton
Parallels Cloud Server is a cloud-ready virtualization
solution that allows users to simultaneously run multiple virtual
machines and containers on the same physical server.

More information can be found here: http://www.parallels.com/products/pcs/
Also beta version of Parallels Cloud Server can be downloaded there.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2012-08-01 11:44:26 +08:00
Peter Krempa
ba226d334a conf: Remove callback from stream when freeing entries in console hash
When a domain has a active console connection and is destroyed the
callback is called on private data that no longer exist causing a
segfault.
2012-07-30 15:38:07 +02:00
Peter Krempa
7550bc66f7 conf: Remove dead code from virConsoleOpen() 2012-07-30 15:38:07 +02:00
Eric Blake
768007aedc maint: don't permit format strings without %
Any time we have a string with no % passed through gettext, a
translator can inject a % to cause a stack overread.  When there
is nothing to format, it's easier to ask for a string that cannot
be used as a formatter, by using a trivial "%s" format instead.

In the past, we have used --disable-nls to catch some of the
offenders, but that doesn't get run very often, and many more
uses have crept in.  Syntax check to the rescue!

The syntax check can catch uses such as
virReportError(code,
               _("split "
                 "string"));
by using a sed script to fold context lines into one pattern
space before checking for a string without %.

This patch is just mechanical insertion of %s; there are probably
several messages touched by this patch where we would be better
off giving the user more information than a fixed string.

* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
* src/datatypes.c (virUnrefConnect, virGetDomain)
(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
(lxcDomainGetBlkioParameters): Likewise.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
Likewise.
* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
(virNetworkDefParseXML): Likewise.
* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
Likewise.
* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
(virNWFilterVarAccessParse): Likewise.
* src/libvirt.c (virDomainSave, virDomainSaveFlags)
(virDomainRestore, virDomainRestoreFlags)
(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
(virDomainCoreDump, virDomainGetXMLDesc)
(virDomainMigrateVersion1, virDomainMigrateVersion2)
(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
(virStreamSendAll, virStreamRecvAll)
(virDomainSnapshotGetXMLDesc): Likewise.
* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
(virNWFilterDHCPSnoopReq): Likewise.
* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
(qemuBuildCommandLine): Likewise.
* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
Likewise.
* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskBuildPool): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemProbe)
(virStorageBackendFileSystemBuild): Likewise.
* src/storage/storage_backend_rbd.c
(virStorageBackendRBDOpenRADOSConn): Likewise.
* src/storage/storage_driver.c (storageVolumeResize): Likewise.
* src/test/test_driver.c (testInterfaceChangeBegin)
(testInterfaceChangeCommit, testInterfaceChangeRollback):
Likewise.
* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
Likewise.
* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
(xenFormatXM): Likewise.
2012-07-26 14:32:30 -06:00
Jiri Denemark
f53904e4b5 conf: Fix typo in virDomainHostdevSubsys comment 2012-07-25 16:31:43 +02:00
Peter Krempa
8e0f7faf56 maint: Clean up coding style and fix error message spelling
This patch cleans up coding style breaks some long lines and fixes error
message spelling on various places in domain_conf.c and in the qemu
driver.
2012-07-23 13:37:56 +02:00
Osier Yang
f9ce7dad60 Desert the FSF address in copyright
Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c
2012-07-23 10:50:50 +08:00
Sebastian Wiedenroth
29bc4fe646 Add a sheepdog backend for the storage driver
This patch brings support to manage sheepdog pools and volumes to libvirt.
It uses the "collie" command-line utility that comes with sheepdog for that.

A sheepdog pool in libvirt maps to a sheepdog cluster.
It needs a host and port to connect to, which in most cases
is just going to be the default of localhost on port 7000.

A sheepdog volume in libvirt maps to a sheepdog vdi.
To create one specify the pool, a name and the capacity.
Volumes can also be resized later.

In the volume XML the vdi name has to be put into the <target><path>.
To use the volume as a disk source for virtual machines specify
the vdi name as "name" attribute of the <source>.
The host and port information from the pool are specified inside the host tag.

  <disk type='network'>
    ...
    <source protocol="sheepdog" name="vdi_name">
      <host name="localhost" port="7000"/>
    </source>
  </disk>

To work right this patch parses the output of collie,
so it relies on the raw output option. There recently was a bug which caused
size information to be reported wrong. This is fixed upstream already and
will be in the next release.

Signed-off-by: Sebastian Wiedenroth <wiedi@frubar.net>
2012-07-18 20:08:27 +01:00
Daniel P. Berrange
1e0bb184a7 Convert all files in src/conf/ to use virReportError()
This removes all the per-file error reporting macros
from the code in src/conf/

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-18 19:01:50 +01:00
Stefan Berger
387117ad92 Convert 'raw MAC address' usages to use virMacAddr
Introduce new members in the virMacAddr 'class'
- virMacAddrSet: set virMacAddr from a virMacAddr
- virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer
- virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer
- virMacAddrCmp: comparing two virMacAddr
- virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer

then replace raw MAC addresses by replacing

- 'unsigned char *' with virMacAddrPtr
- 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr

and introduce usage of above functions where necessary.
2012-07-17 08:07:59 -04:00
Daniel P. Berrange
7ed6d7dda7 Define public API for receiving guest memory balloon events
When the guest changes its memory balloon applications may want
to know what the new value is, without having to periodically
poll on XML / domain info. Introduce a "balloon change" event
to let apps see this

* include/libvirt/libvirt.h.in: Define the
  virConnectDomainEventBalloonChangeCallback callback
  and VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE constant
* python/libvirt-override-virConnect.py,
  python/libvirt-override.c: Wire up helpers for new event
* daemon/remote.c: Helper for serializing balloon event
* examples/domain-events/events-c/event-test.c,
  examples/domain-events/events-python/event-test.py: Add
  example of balloon event usage
* src/conf/domain_event.c, src/conf/domain_event.h: Handling
  of balloon events
* src/remote/remote_driver.c: Add handler of balloon events
* src/remote/remote_protocol.x: Define wire protocol for
  balloon events
* src/remote_protocol-structs: Likewise.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-07-14 16:02:26 +08:00
Osier Yang
8a544719aa storage: Default pool permission mode to 0755
Per the typical use of libvirt is to fork the qemu process with
qemu:qemu. Setting the pool permission mode as 0700 by default
will prevent the guest start with permission reason.

Define macro for the default pool and vol permission modes
incidentally.
2012-07-11 22:40:48 +08:00
Viktor Mihajlovski
d0304eaac7 S390: Add support for virtio-s390 devices.
The s390(x) architecture doesn't feature a PCI bus. For the purpose of
supporting virtio devices a virtual bus called virtio-s390 is used.
A new address type VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_S390 is used to
distinguish the virtio devices on s390 from PCI-based virtio devices.

V3 Change: updated QEMU_CAPS_VIRTIO_S390 to fit upstream.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-07-11 11:19:05 +02:00
Peter Krempa
73f4b30882 storage_conf: Break long line and polish coding style 2012-07-09 16:19:50 +02:00
Hendrik Schwartke
a3389319ba Added the attribute vendor_id to the cpu model
Introducing the attribute vendor_id to force the CPUID instruction
in a kvm guest to return the specified vendor.
2012-07-03 12:06:38 +02:00
Eric Blake
791d095235 build: use correct limit for unsigned long long
Reported by Jason Helfman as a build-breaker on FreeBSD.

* src/conf/domain_conf.c (virDomainFSDefParseXML): Use POSIX
spelling.
* src/openvz/openvz_conf.c (openvzReadFSConf): Likewise.
2012-06-29 15:14:01 -06:00
Stefan Berger
b1675bac67 nwfilter: Fix memory leak
Below patch fixes this coverity report:

/libvirt/src/conf/nwfilter_conf.c:382:
leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.
2012-06-29 14:36:15 -04:00
Peter Krempa
96ebb4fe58 network_conf: Don't free uninitialized pointers while parsing DNS SRV
If the user specified invalid protocol type in a network's SRV record
the error path ended up in freeing uninitialized pointers causing a
daemon crash.

*network_conf.c: virNetworkDNSSrvDefParseXML(): initialize local
                                                variables
2012-06-28 23:42:50 +02:00
Peter Krempa
6117c35829 conf: Don't shadow error from virGetDomain()
virGetDomain() does a good job of reporting errors itself. This patch
removes shadowing of that error in virDomainListPopulate().
2012-06-28 17:56:46 +02:00
Peter Krempa
11bdab02c2 maint: include ignore-value in internal.h
The ignore_value macro is used across libvirt. This patch includes it in
the internal header and cleans all other includes.
2012-06-28 16:36:30 +02:00
Michal Privoznik
cd15303fd1 events: Don't fail on registering events for two different domains
virConnectDomainEventRegisterAny() takes a domain as an argument.
So it should be possible to register the same event (be it
VIR_DOMAIN_EVENT_ID_LIFECYCLE for example) for two different domains.
That is, we need to take domain into account when searching for
duplicate event being already registered.
2012-06-27 16:20:41 +02:00
Daniel P. Berrange
9273e07f9e Remove stray debug fprintf in XML parser 2012-06-25 11:26:29 +01:00
Daniel P. Berrange
3b1ddec1ef Add support for guest bind mounts with LXC
Currently you can configure LXC to bind a host directory to
a guest directory, but not to bind a guest directory to a
guest directory. While the guest container init could do
this itself, allowing it in the libvirt XML means a stricter
SELinux policy can be written
2012-06-25 10:17:56 +01:00
Daniel P. Berrange
76b644c362 Add support for RAM filesystems for LXC
Introduce a new syntax for filesystems to allow use of a RAM
filesystem

   <filesystem type='ram'>
      <source usage='10' units='MiB'/>
      <target dir='/mnt'/>
   </filesystem>

The usage units default to KiB to limit consumption of host memory.

* docs/formatdomain.html.in: Document new syntax
* docs/schemas/domaincommon.rng: Add new attributes
* src/conf/domain_conf.c: Parsing/formatting of RAM filesystems
* src/lxc/lxc_container.c: Mounting of RAM filesystems

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-06-25 10:17:56 +01:00
Gerd Hoffmann
fd4fd420b4 qemu: Add xhci support
qemu 1.1 features a xhci controller,
this patch adds support for it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-21 16:33:00 +02:00
Eric Blake
8548a9c501 list: new helper function to collect snapshots
Wraps the conversion from 'char *name' to virDomainSnapshotPtr in
a reusable manner.

* src/conf/virdomainlist.h (virDomainListSnapshots): New declaration.
* src/conf/virdomainlist.c (virDomainListSnapshots): Implement it.
* src/libvirt_private.syms (virdomainlist.h): Export it.
2012-06-19 14:51:54 -06:00
Eric Blake
5873f2e2da snapshot: add additional filters when getting lists
It turns out that one-bit filtering makes it hard to select the inverse
set, so it is easier to provide filtering groups.  For back-compat,
omitting all bits within a group means the group is not used for
filtering, and by definition of a group (each snapshot matches exactly
one bit within the group, and the set of bits in the group covers all
snapshots), selecting all bits also makes the group useless.

Unfortunately, virDomainSnapshotListChildren defined the bit
VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS as an expansion rather than a
filter, so we cannot make it part of a filter group, so that bit
(and its counterpart VIR_DOMAIN_SNAPSHOT_LIST_ROOTS for
virDomainSnapshotList) remains a single control bit.

* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add a
couple more flags.
* src/libvirt.c (virDomainSnapshotNum)
(virDomainSnapshotNumChildren): Document them.
(virDomainSnapshotListNames, virDomainSnapshotListChildrenNames):
Likewise, and add thread-safety caveats.
* src/conf/virdomainlist.h (VIR_DOMAIN_SNAPSHOT_FILTERS_*): New
convenience macros.
* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
(virDomainSnapshotObjListCount): Support the new flags.
2012-06-19 13:50:03 -06:00
Martin Kletzander
830d035ff5 domain_conf: fix possible memory leak
Until now, it was possible to crash libvirtd when defining domain with
channel device with missing source element.

When creating new virDomainChrDef, target.port is set to -1, but
unfortunately it is an union with addresses that virDomainChrDefFree
tries to free in case the deviceType is channel. Having the port set
to -1 is intended, however the cleanest way to get around the problems
with the crash seems to be renumbering the VIR_DOMAIN_CHR_CHANNEL_
target types to cover new NONE type (with value 0) being the default
(no target type yet).
2012-06-19 18:20:03 +02:00
Eric Blake
ec83c7163e snapshot: merge count and name collection
Another case where we can do the same amount of work with fewer
lines of redundant code, which will make adding new filters easier.

* src/conf/domain_conf.c (virDomainSnapshotNameData): Adjust
struct.
(virDomainSnapshotObjListCount): Delete, now taken care of...
(virDomainSnapshotObjListCopyNames): ...here.
(virDomainSnapshotObjListGetNames): Adjust caller to handle
counting.
(virDomainSnapshotObjListNum): Simplify.
2012-06-18 15:11:28 -06:00
Eric Blake
7e111c6fe6 snapshot: merge domain and snapshot computation
Now that domain listing is a thin wrapper around child listing,
it's easier to have a common entry point.  This restores the
hashForEach optimization lost in the previous patch when there
are no snapshots being filtered out of the entire list.

* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
(virDomainSnapshotObjListNum): Add parameter.
(virDomainSnapshotObjListGetNamesFrom)
(virDomainSnapshotObjListNumFrom): Delete.
* src/libvirt_private.syms (domain_conf.h): Drop deleted functions.
* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames):
Merge, and (re)add an optimization.
* src/qemu/qemu_driver.c (qemuDomainUndefineFlags)
(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
(qemuDomainSnapshotListChildrenNames)
(qemuDomainSnapshotNumChildren): Update callers.
* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
* src/conf/virdomainlist.c (virDomainListPopulate): Likewise.
2012-06-18 15:11:28 -06:00
Eric Blake
06d4a1e429 snapshot: use metaroot node to simplify management
This idea was first suggested by Daniel Veillard here:
https://www.redhat.com/archives/libvir-list/2011-October/msg00353.html

Now that I am about to add more complexity to snapshot listing, it
makes sense to avoid code duplication and special casing for domain
listing (all snapshots) vs. snapshot listing (descendants); adding
a metaroot reduces the number of code lines by having the domain
listing turn into a descendant listing of the metaroot.

Note that this has one minor pessimization - if we are going to list
ALL snapshots without filtering, then virHashForeach is more efficient
than recursing through the child relationships; restoring that minor
optimization will occur in the next patch.

* src/conf/domain_conf.h (_virDomainSnapshotObj)
(_virDomainSnapshotObjList): Repurpose some fields.
(virDomainSnapshotDropParent): Drop unused parameter.
* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames)
(virDomainSnapshotObjListCount): Simplify.
(virDomainSnapshotFindByName, virDomainSnapshotSetRelations)
(virDomainSnapshotDropParent): Match new field semantics.
* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
Adjust clients.
2012-06-18 15:11:28 -06:00
Peter Krempa
2c68080444 conf: Add helper for listing domains on drivers supporting virDomainObj
This patch adds common code to list domains in fashion used by
virListAllDomains with all currently supported flags. The header file
also contains macros that group filters together that are used to
shorten filter conditions.
2012-06-18 21:24:13 +02:00
Peter Krempa
bc8e15592c conf: Store managed save image existence in virDomainObj
This patch stores existence of the image in the object. At start of the
daemon the state is checked and then updated in key moments in domain
lifecycle.
2012-06-18 21:24:13 +02:00
Jim Fehlig
cc004a6647 Check for errors when parsing bridge interface XML
The return status of virInterfaceDefParseBridge() was not being
checked, potentially resulting in the creation of a broken
interface.
2012-06-15 12:08:40 -06:00
Daniel P. Berrange
92cbe7ae39 Improve error message diagnosing incorrect XML CPU mode
Tell the user what CPU mode value is wrong
2012-06-14 17:01:24 +01:00
Guido Günther
0dde544c95 Introduce virDomainFSIndexByName
for containers matching virDomainDiskIndexByName.
2012-06-12 17:59:28 +02:00
Cole Robinson
9ec6f818de Fix missing ) in 2 strings
https://bugzilla.redhat.com/show_bug.cgi?id=801656
2012-06-07 17:56:54 -04:00
Stefan Berger
797b47580a nwfilter: move code for IP address map into separate file
The goal of this patch is to prepare for support for multiple IP
addresses per interface in the DHCP snooping code.

Move the code for the IP address map that maps interface names to
IP addresses into their own file. Rename the functions on the way
but otherwise leave the code as-is. Initialize this new layer
separately before dependent layers (iplearning, dhcpsnooping)
and shut it down after them.
2012-06-01 19:32:06 -04:00
Stefan Berger
cec281fcaa nwfilter: add DHCP snooping
This patch adds DHCP snooping support to libvirt. The learning method for
IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of
"any" [default] (existing IP learning code), "none" (static only addresses)
or "dhcp" (DHCP snooping).

Active leases are saved in a lease file and reloaded on restart or HUP.

The following interface XML activates and uses the DHCP snooping:

    <interface type='bridge'>
      <source bridge='virbr0'/>
      <filterref filter='clean-traffic'>
        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
      </filterref>
    </interface>

All filters containing the variable 'IP' are automatically adjusted when
the VM receives an IP address via DHCP. However, multiple IP addresses per
interface are silently ignored in this patch, thus only supporting one IP
address per interface. Multiple IP address support is added in a later
patch in this series.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2012-06-01 19:32:06 -04:00
Guido Günther
41f1db6a0c Introduce filesystem limits to virDomainFSDef 2012-05-24 11:35:02 +02:00
Guido Günther
b46e005459 Introduce virDomainParseScaledValue
and use it for virDomainParseMemory. This allows to parse arbitrary
scaled value, not only memory related values as needed for the
filesystem limits code following later in this series.
2012-05-24 11:35:01 +02:00
Wido den Hollander
74951eadef storage backend: Add RBD (RADOS Block Device) support
This patch adds support for a new storage backend with RBD support.

RBD is the RADOS Block Device and is part of the Ceph distributed storage
system.

It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only
supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only.

To function this backend relies on librbd and librados being present on the
local system.

The backend also supports Cephx authentication for safe authentication with
the Ceph cluster.

For storing credentials it uses the built-in secret mechanism of libvirt.

Signed-off-by: Wido den Hollander <wido@widodh.nl>
2012-05-21 12:37:38 -06:00
Daniel P. Berrange
2cb0899eec Fix potential events deadlock when unref'ing virConnectPtr
When the last reference to a virConnectPtr is released by
libvirtd, it was possible for a deadlock to occur in the
virDomainEventState functions. The virDomainEventStatePtr
holds a reference on virConnectPtr for each registered
callback. When removing a callback, the virUnrefConnect
function is run. If this causes the last reference on the
virConnectPtr to be released, then virReleaseConnect can
be run, which in turns calls qemudClose. This function has
a call to virDomainEventStateDeregisterConn which is intended
to remove all callbacks associated with the virConnectPtr
instance. This will try to grab a lock on virDomainEventState
but this lock is already held. Deadlock ensues

Thread 1 (Thread 0x7fcbb526a840 (LWP 23185)):

Since each callback associated with a virConnectPtr holds a
reference on virConnectPtr, it is impossible for the qemudClose
method to be invoked while any callbacks are still registered.
Thus the call to virDomainEventStateDeregisterConn must in fact
be a no-op. Thus it is possible to just remove all trace of
virDomainEventStateDeregisterConn and avoid the deadlock.

* src/conf/domain_event.c, src/conf/domain_event.h,
  src/libvirt_private.syms: Delete virDomainEventStateDeregisterConn
* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
  src/qemu/qemu_driver.c, src/uml/uml_driver.c: Remove
  calls to virDomainEventStateDeregisterConn
2012-05-21 18:50:47 +01:00
Stefan Berger
a3f3ab4c9c nwfilter: Add support for ipset
This patch adds support for the recent ipset iptables extension
to libvirt's nwfilter subsystem. Ipset allows to maintain 'sets'
of IP addresses, ports and other packet parameters and allows for
faster lookup (in the order of O(1) vs. O(n)) and rule evaluation
to achieve higher throughput than what can be achieved with
individual iptables rules.

On the command line iptables supports ipset using

iptables ... -m set --match-set <ipset name> <flags> -j ...

where 'ipset name' is the name of a previously created ipset and
flags is a comma-separated list of up to 6 flags. Flags use 'src' and 'dst'
for selecting IP addresses, ports etc. from the source or
destination part of a packet. So a concrete example may look like this:

iptables -A INPUT -m set --match-set test src,src -j ACCEPT

Since ipset management is quite complex, the idea was to leave ipset 
management outside of libvirt but still allow users to reference an ipset.
The user would have to make sure the ipset is available once the VM is
started so that the iptables rule(s) referencing the ipset can be created.

Using XML to describe an ipset in an nwfilter rule would then look as
follows:

  <rule action='accept' direction='in'>
    <all ipset='test' ipsetflags='src,src'/>
  </rule>

The two parameters on the command line are also the two distinct XML attributes
'ipset' and 'ipsetflags'.

FYI: Here is the man page for ipset:

https://ipset.netfilter.org/ipset.man.html

Regards,
    Stefan
2012-05-21 06:26:34 -04:00
Marc-André Lureau
988e85a51e domain: add <codec> sound sub-element
Allow specifying sound device codecs. See formatdomain.html for
more details.
2012-05-17 11:40:11 -06:00
Daniel P. Berrange
03b804a200 Set a sensible default master start port for ehci companion controllers
The uhci1, uhci2, uhci3 companion controllers for ehci1 must
have a master start port set. Since this value is predictable
we should set it automatically if the app does not supply it
2012-05-15 17:07:34 +01:00
Daniel P. Berrange
2c195fdbf3 Fix virDomainDeviceInfoIsSet() to check all struct fields
The virDomainDeviceInfoIsSet API was only checking if an
address or alias was set in the struct. Thus if only a
rom bar setting / filename, boot index, or USB master
value was set, they could be accidentally dropped when
formatting XML
2012-05-15 17:07:34 +01:00
Alex Jia
15e0b20acd conf: Fix memory leaks in virStoragePoolDefParseSource
Detected by valgrind. Leaks are introduced in commit 122fa379.

src/conf/storage_conf.c: fix memory leaks.

How to reproduce?
$ make && make -C tests check TESTS=storagepoolxml2xmltest
$ cd tests && valgrind -v --leak-check=full ./storagepoolxml2xmltest

actual result:
==28571== LEAK SUMMARY:
==28571==    definitely lost: 40 bytes in 5 blocks
==28571==    indirectly lost: 0 bytes in 0 blocks
==28571==      possibly lost: 0 bytes in 0 blocks
==28571==    still reachable: 1,054 bytes in 21 blocks
==28571==         suppressed: 0 bytes in 0 blocks

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-05-10 09:28:24 +08:00
Jim Fehlig
10a87145f7 Report error when parsing character device target type
No useful error was being reported when an invalid character device
target type is specified in the domainXML. E.g.

    ...
    <console type="pty">
      <source path="/dev/pts/2"/>
      <target type="kvm" port="0"/>
    </console>
    ...

resulted in

error: Failed to define domain from x.xml
error: An error occurred, but the cause is unknown

With this small patch, the error is more helpful

error: Failed to define domain from x.xml
error: XML error: unknown target type 'kvm' specified for character device
2012-05-09 11:12:38 -06:00
Osier Yang
d70f2e117a numad: Always output 'placement' of <vcpu>
<vcpu> is not an optional node. The value for its 'placement'
actually always defaults to 'static' in the underlying codes.
(Even no 'cpuset' and 'placement' is specified, the domain
process will be pinned to all the available pCPUs).
2012-05-08 16:57:37 -06:00
Osier Yang
8d26a7fd4e numad: Copy 'placement' of <numatune> to <vcpu> by default
With this patch, one can also fully drive numad by:

  <vcpu>2</vcpu>
  <numatune>
    <memory placement='auto'/>
  </numatune>

New tests are added.
2012-05-08 16:57:36 -06:00
Osier Yang
97010eb1f1 numad: Set memory policy from numad advisory nodeset
Though numad will manage the memory allocation of task dynamically,
it wants management application (libvirt) to pre-set the memory
policy according to the advisory nodeset returned from querying numad,
(just like pre-bind CPU nodeset for domain process), and thus the
performance could benefit much more from it.

This patch introduces new XML tag 'placement', value 'auto' indicates
whether to set the memory policy with the advisory nodeset from numad,
and its value defaults to the value of <vcpu> placement, or 'static'
if 'nodeset' is specified. Example of the new XML tag's usage:

  <numatune>
    <memory placement='auto' mode='interleave'/>
  </numatune>

Just like what current "numatune" does, the 'auto' numa memory policy
setting uses libnuma's API too.

If <vcpu> "placement" is "auto", and <numatune> is not specified
explicitly, a default <numatume> will be added with "placement"
set as "auto", and "mode" set as "strict".

The following XML can now fully drive numad:

1) <vcpu> placement is 'auto', no <numatune> is specified.

   <vcpu placement='auto'>10</vcpu>

2) <vcpu> placement is 'auto', no 'placement' is specified for
   <numatune>.

   <vcpu placement='auto'>10</vcpu>
   <numatune>
     <memory mode='interleave'/>
   </numatune>

And it's also able to control the CPU placement and memory policy
independently. e.g.

1) <vcpu> placement is 'auto', and <numatune> placement is 'static'

   <vcpu placement='auto'>10</vcpu>
   <numatune>
     <memory mode='strict' nodeset='0-10,^7'/>
   </numatune>

2) <vcpu> placement is 'static', and <numatune> placement is 'auto'

   <vcpu placement='static' cpuset='0-24,^12'>10</vcpu>
   <numatune>
     <memory mode='interleave' placement='auto'/>
   </numatume>

A follow up patch will change the XML formatting codes to always output
'placement' for <vcpu>, even it's 'static'.
2012-05-08 16:57:32 -06:00
Alon Levy
ba97e4edc6 domain_conf: add "default" to list of valid spice channels
qemu's behavior in this case is to change the spice server behavior to
require secure connection to any channel not otherwise specified as
being in plaintext mode. libvirt doesn't currently allow requesting this
(via plaintext-channel=<channel name>).

RHBZ: 819499

Signed-off-by: Alon Levy <alevy@redhat.com>
2012-05-08 12:14:45 -06:00
Alon Levy
4e78ffb634 domain_conf: add "usbredir" to list of valid spice channels
Add "usbredir" channel to list of recognized spice channels.

RHBZ: 819498

Signed-off-by: Alon Levy <alevy@redhat.com>
2012-05-08 09:22:45 -06:00
Marc-André Lureau
ca1bf4bd74 build: fix output of pid values
Fix a few more places where pid_t is printed with wrong type
2012-05-02 12:47:20 -06:00
Eric Blake
29e702e576 storage: fix build with iscsi
The previous storage patch missed an instance affected by the struct
member rename.  It also had some botched whitespace detected by
'make check'.

* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSIFindPoolSources): Adjust to new struct.
* src/conf/storage_conf.c (virStoragePoolSourceFormat): Fix
indentation.
2012-04-30 11:37:35 -06:00
Osier Yang
980f12be72 storage: Break out the loop if duplicate pool is found
It doesn't break out the "for" loop even if duplicate pool is
found, and thus the "matchpool" could be overriden as NULL again
if there is different pool afterwards.

To address the problem in libvirt-user list:

https://www.redhat.com/archives/libvirt-users/2012-April/msg00150.html
2012-04-30 21:12:58 +08:00
Wido den Hollander
122fa379de storage: Allow multiple hosts for a storage pool
The current storage pools for NFS and iSCSI only require one host to
connect to. Future storage pools like RBD and Sheepdog will require
multiple hosts.

This patch allows multiple source hosts and rewrites the current
storage drivers.

Signed-off-by: Wido den Hollander <wido@widodh.nl>
2012-04-30 18:44:44 +08:00
Stefan Berger
59b935f5ae More coverity findings addressed
More bug extermination in the category of:

Error: CHECKED_RETURN:

/libvirt/src/conf/network_conf.c:595:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).

/libvirt/src/qemu/qemu_process.c:2780:
unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))".

/libvirt/tests/commandtest.c:809:
check_return: Calling function "setsid" without checking return value (as is done elsewhere 4 out of 5 times).

/libvirt/tests/commandtest.c:830:
unchecked_value: No check of the return value of "virTestGetDebug()".

/libvirt/tests/commandtest.c:831:
check_return: Calling function "virTestGetVerbose" without checking return value (as is done elsewhere 41 out of 42 times).

/libvirt/tests/commandtest.c:833:
check_return: Calling function "virInitialize" without checking return value (as is done elsewhere 18 out of 21 times).


One note about the error in commandtest line 809: setsid() seems to fail when running the test -- could be removed ?
2012-04-27 17:25:35 -04:00
Stefan Berger
42548fbf2a nwfilter: address more coverity findings
This patch addresses the following coverity findings:

/libvirt/src/conf/nwfilter_params.c:390:
var_assigned: Assigning: "varValue" = null return value from "virHashLookup".

/libvirt/src/conf/nwfilter_params.c:392:
dereference: Dereferencing a pointer that might be null "varValue" when calling "virNWFilterVarValueGetNthValue".

/libvirt/src/conf/nwfilter_params.c:399:
dereference: Dereferencing a pointer that might be null "tmp" when calling "virNWFilterVarValueGetNthValue".
2012-04-26 16:45:36 -04:00
Stefan Berger
9c1ce3dc11 nwfilter: address coverity findings
This patch addresses the following coverity findings:

/libvirt/src/conf/nwfilter_params.c:157:
deref_parm: Directly dereferencing parameter "val".

/libvirt/src/conf/nwfilter_params.c:473:
negative_returns: Using variable "iterIndex" as an index to array "res->iter".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3590:
var_deref_op: Dereferencing null variable "inst".
2012-04-26 16:45:36 -04:00
Eric Blake
ae6aa8c396 blockjob: enhance xml to track mirrors across libvirtd restart
In order to track a block copy job across libvirtd restarts, we
need to save internal XML that tracks the name of the file
holding the mirror.  Displaying this name in dumpxml might also
be useful to the user, even if we don't yet have a way to (re-)
start a domain with mirroring enabled up front.  This is done
with a new <mirror> sub-element to <disk>, as in:

    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/original.img'/>
      <mirror file='/var/lib/libvirt/images/copy.img' format='qcow2' ready='yes'/>
      ...
    </disk>

For now, the element is output-only, in live domains; it is ignored
when defining a domain or hot-plugging a disk (since those contexts
use VIR_DOMAIN_XML_INACTIVE in parsing).  The 'ready' attribute appears
when libvirt knows that the job has changed from the initial pulling
phase over to the mirroring phase, although absence of the attribute
is not a sure indicator of the current phase.  If we come up with a way
to make qemu start with mirroring enabled, we can relax the xml
restriction, and allow <mirror> (but not attribute 'ready') on input.
Testing active-only XML meant tweaking the testsuite slightly, but it
was worth it.

* docs/schemas/domaincommon.rng (diskspec): Add diskMirror.
* docs/formatdomain.html.in (elementsDisks): Document it.
* src/conf/domain_conf.h (_virDomainDiskDef): New members.
* src/conf/domain_conf.c (virDomainDiskDefFree): Clean them.
(virDomainDiskDefParseXML): Parse them, but only internally.
(virDomainDiskDefFormat): Output them.
* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: New test file.
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror.xml: Likewise.
* tests/qemuxml2xmltest.c (testInfo): Alter members.
(testCompareXMLToXMLHelper): Allow more test control.
(mymain): Run new test.
2012-04-23 08:43:33 -06:00
Eric Blake
6877a34dd1 conf: remove redundant ()
I almost copied-and-pasted some redundant () into my new code,
and figured a general cleanup prereq patch would be better instead.

No semantic change.

* src/conf/domain_conf.c (virDomainLeaseDefParseXML)
(virDomainDiskDefParseXML, virDomainFSDefParseXML)
(virDomainActualNetDefParseXML, virDomainNetDefParseXML)
(virDomainGraphicsDefParseXML, virDomainVideoAccelDefParseXML)
(virDomainVideoDefParseXML, virDomainHostdevFind)
(virDomainControllerInsertPreAlloced, virDomainDefParseXML)
(virDomainObjParseXML, virDomainCpuSetFormat)
(virDomainCpuSetParse, virDomainDiskDefFormat)
(virDomainActualNetDefFormat, virDomainNetDefFormat)
(virDomainTimerDefFormat, virDomainGraphicsListenDefFormat)
(virDomainDefFormatInternal, virDomainNetGetActualHostdev)
(virDomainNetGetActualBandwidth, virDomainGraphicsGetListen):
Reduce extra ().
2012-04-19 19:04:51 -06:00
Eric Blake
c09acad352 conf: tighten up XML integer parsing
https://bugzilla.redhat.com/show_bug.cgi?id=617711 reported that
even with my recent patched to allow <memory unit='G'>1</memory>,
people can still get away with trying <memory>1G</memory> and
silently get <memory unit='KiB'>1</memory> instead.  While
virt-xml-validate catches the error, our C parser did not.

Not to mention that it's always fun to fix bugs while reducing
lines of code.  :)

* src/conf/domain_conf.c (virDomainParseMemory): Check for parse error.
(virDomainDefParseXML): Avoid strtoll.
* src/conf/storage_conf.c (virStorageDefParsePerms): Likewise.
* src/util/xml.c (virXPathLongBase, virXPathULongBase)
(virXPathULongLong, virXPathLongLong): Likewise.
2012-04-19 17:42:53 -06:00
Stefan Berger
7c26343bc3 nwfilter: Fix support for trusted DHCP servers
Fix the support for trusted DHCP server in the ebtables code's
hard-coded function applying DHCP only filtering rules:
Rather than using a char * use the more flexible
virNWFilterVarValuePtr that contains the trusted DHCP server(s)
IP address. Process all entries.

Since all callers so far provided NULL as parameter, no changes
are necessary in any other code.
2012-04-19 10:21:43 -04:00
Stefan Berger
25fce290e3 Fix a memory leak
The below patch fixes the following memory leak.

==20624== 24 bytes in 2 blocks are definitely lost in loss record 532 of 1,867
==20624==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
==20624==    by 0x38EC27FC01: strdup (strdup.c:43)
==20624==    by 0x4EB6BA3: virDomainChrSourceDefCopy (domain_conf.c:1122)
==20624==    by 0x495D76: qemuProcessFindCharDevicePTYs (qemu_process.c:1497)
==20624==    by 0x498321: qemuProcessWaitForMonitor (qemu_process.c:1258)
==20624==    by 0x49B5F9: qemuProcessStart (qemu_process.c:3652)
==20624==    by 0x468B5C: qemuDomainObjStart (qemu_driver.c:4753)
==20624==    by 0x469171: qemuDomainStartWithFlags (qemu_driver.c:4810)
==20624==    by 0x4F21735: virDomainCreate (libvirt.c:8153)
==20624==    by 0x4302BF: remoteDispatchDomainCreateHelper (remote_dispatch.h:852)
==20624==    by 0x4F72C14: virNetServerProgramDispatch (virnetserverprogram.c:416)
==20624==    by 0x4F6D690: virNetServerHandleJob (virnetserver.c:164)
==20624==    by 0x4E8F43D: virThreadPoolWorker (threadpool.c:144)
==20624==    by 0x4E8EAB5: virThreadHelper (threads-pthread.c:161)
==20624==    by 0x38EC606CCA: start_thread (pthread_create.c:301)
==20624==    by 0x38EC2E0C2C: clone (clone.S:115)
2012-04-17 15:13:33 -04:00