Changes from v1 to v2:
- changed function name prefixes to 'iface' from previous 'Iface'
- Further to make make syntax-check pass:
- indentation fix in interface.h
- added entry to POTFILES.in
I am consolidating network interface related functions used in nwfilter
and macvtap code in utils/interface.c. All function names are prefixed
with 'Iface'. The following functions are now available through
interface.h:
int ifaceCtrl(const char *name, bool up);
int ifaceUp(const char *name);
int ifaceDown(const char *name);
int ifaceCheck(bool reportError, const char *ifname,
const unsigned char *macaddr, int ifindex);
int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);
I added 'int ifindex' as parameter to ifaceCheck to the original
function and modified the code accordingly.
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
The Python script generates the mappings based on the type descriptions
in the esx_vi_generator.input file.
This also improves the inheritance handling and allows to get rid of the
ugly, inflexible, and error prone _base/_super approach. Now every struct
that represents a SOAP type contains a _type member, that allows to
recreate C++-like dynamic dispatch for "method" calls in C.
* src/Makefile.am: adds a few missing header files in the associated
file variables, it's needed otherwise the missing headers breaks
compilation from a distribution tarball
This exports 3 basic routines:
- virHookInitialize() initializing the hook support by looking for
scripts availability
- virHookPresent() used to test if there is a hook for a given driver
- virHookCall() which actually calls a synchronous script hook with
the needed parameters
Note that this doesn't expose any public API except for the locations
and arguments passed to the scripts
* src/Makefile.am: add the 2 new files
* src/util/hooks.h src/util/hooks.c: implements the 3 functions
* src/libvirt_private.syms: export the 3 symbols internally
* po/POTFILES.in: add src/util/hooks.c to translatables modules
This patch implements the core driver and provides
- management functionality for managing the filter XMLs
- compiling the internal filter representation into ebtables rules
- applying ebtables rules on a network (tap,macvtap) interface
- tearing down ebtables rules that were applied on behalf of an
interface
- updating of filters while VMs are running and causing the firewalls to
be rebuilt
- other bits and pieces
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
This patch adds XML processing for the network filter schema
and extends the domain XML processing to parse the top level
referenced filter along with potentially provided parameters
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
* src/Makefile.am (augeas-check): New target, just to give the existing
rule a name. At the same time, prefix the commands with $(AM_V_GEN),
to avoid unexpected build output with V=0 which is the default.
With the recent changes to the linking defaults in Fedora 13 (namely
enabling --no-add-needed behaviour by default), we have to pass the
dlopen()-providing libraries directly at the link of the module; use the
same AC_SEARCH_LIBS function as used before to look for it and add it to
the Makefile.
This patch adds build support for libvirt checking for certain contents
of /usr/include/linux/if_link.h to see whether macvtap support is
compilable on that system. One can disable macvtap support in libvirt
via --without-macvtap passed to configure.
* configure.ac src/Makefile.am: new build support
* src/libvirt_macvtap.syms: list of exported symbols
* src/util/macvtap.c: empty module to not break compilation
This new security driver is responsible for managing UID/GID changes
to the QEMU process, and any files/disks/devices assigned to it.
* qemu/qemu_conf.h: Add flag for disabling automatic file permission
changes
* qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
for QEMU guests
* Makefile.am: Add new files
The latter is not officially "wrong", but *is* terribly anachronistic.
I think automake documentation or comments call that syntax obsolescent.
* cfg.mk (_makefile_at_at_check_exceptions): Exempt @SCHEMADIR@
and @SYSCONFDIR@ uses -- there are no Makefile variables for those.
* docs/Makefile.am: Use $(INSTALL), not @INSTALL@.
* examples/dominfo/Makefile.am: Similar.
* examples/domsuspend/Makefile.am: Similar.
* proxy/Makefile.am: Similar.
* python/Makefile.am: Similar.
* python/tests/Makefile.am: Similar.
* src/Makefile.am: Similar.
* tests/Makefile.am: Similar.
All other stateful drivers are linked directly to libvirtd
instead of libvirt.so. Link the secret driver to libvirtd too.
* daemon/Makefile.am: link the secret driver to libvirtd
* daemon/libvirtd.c: add #ifdef WITH_SECRETS blocks
* src/Makefile.am: don't link the secret driver to libvirt.so
* src/libvirt_private.syms: remove the secretRegister symbol
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
* include/libvirt/virterror.h src/util/virterror.c: add new domain
VIR_FROM_CPU for errors
* src/conf/cpu_conf.c src/conf/cpu_conf.h: new parsing module
* src/Makefile.am proxy/Makefile.am: include new files
* src/conf/capabilities.[ch] src/conf/domain_conf.[ch]: reference
new code
* src/libvirt_private.syms: private export of new entry points
Long ago we tried to use Fedora's lokkit utility in order to register
our iptables rules so that 'service iptables restart' would
automatically load our rules.
There was one fatal flaw - if the user had configured iptables without
lokkit, then we would clobber that configuration by running lokkit.
We quickly disabled lokkit support, but never removed it. Let's do
that now.
The 'my virtual network stops working when I restart iptables' still
remains. For all the background on this saga, see:
https://bugzilla.redhat.com/227011
* src/util/iptables.c: remove lokkit support
* configure.in: remove --enable-lokkit
* libvirt.spec.in: remove the dirs used only for saving rules for lokkit
* src/Makefile.am: ditto
* src/libvirt_private.syms, src/network/bridge_driver.c,
src/util/iptables.h: remove references to iptablesSaveRules
Initial support for the new QEMU monitor protocol using JSON
as the data encoding format instead of plain text
* po/POTFILES.in: Add src/qemu/qemu_monitor_json.c
* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Hack to turn on QMP
mode. Replace with a version number check on >= 0.12 later
* src/qemu/qemu_monitor.c: Delegate to json monitor if enabled
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
impl of QMP protocol
* src/Makefile.am: Add src/qemu/qemu_monitor_json.{c,h}
This introduces simple API for handling JSON data. There is
an internal data structure 'virJSONValuePtr' which stores a
arbitrary nested JSON value (number, string, array, object,
nul, etc). There are APIs for constructing/querying objects
and APIs for parsing/formatting string formatted JSON data.
This uses the YAJL library for parsing/formatting from
http://lloyd.github.com/yajl/
* src/util/json.h, src/util/json.c: Data structures and APIs
for representing JSON data, and parsing/formatting it
* configure.in: Add check for yajl library
* libvirt.spec.in: Add build requires for yajl
* src/Makefile.am: Add json.c/h
* src/libvirt_private.syms: Export JSON symbols to drivers
Also fixed serial port configuration which was broken due to recent
change in virDomainChrDef where targetType was newly added.
* src/Makefile.am: add new files
* src/vbox/vbox_driver.c: add case for version 3.1
* src/vbox/vbox_tmpl.c: refactor common patterns into macros, support for
version 3.1, serial port configuration fix
* src/vbox/vbox_CAPI_v3_1.h, src/vbox/vbox_V3_1.c: generated code
* src/Makefile.am: Add processinfo.h/processinfo.c
* src/util/processinfo.c, src/util/processinfo.h: Module providing
APIs for getting/setting process CPU affinity
* src/qemu/qemu_driver.c: Switch over to new APIs for schedular
affinity
* src/libvirt_private.syms: Export virProcessInfoSetAffinity
and virProcessInfoGetAffinity to internal drivers
0.7.3 was broken
* configure.in docs/news.html.in: release of 0.7.4
* configure.in libvirt.spec.in: require netcf >= 0.1.4
* src/Makefile.am: node_device/node_device_udev.h was missing from
NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
udev
uses libpciaccess to provide human readable names for PCI vendor and
device IDs
* configure.in: add a requirement for libpciaccess >= 0.10.0
* src/Makefile.am: add the associated compilation flags and link
* src/node_device/node_device_udev.c: lookup the libpciaccess for
vendor name and product name based on their ids
* configure.in src/Makefile.am: remove the configuration check and
build instructions
* src/node_device/node_device_devkit.c: removed the module
* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
removed references to the old backend
* configure.in: add new --with-udev, disabled by default, and requiring
libudev > 145
* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
the new node device backend
* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
to a better file name
* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
of fields in node device definitions, and an API to look them up,
remove a couple of unused fields from previous patch.
* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
plug the new driver
* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
files and symbols
* src/util/util.h src/util/util.c: add a new convenience macro
virBuildPath and virBuildPathInternal() function
The qemu_driver.c code should not contain any code that interacts
with the QEMU monitor at a low level. A previous commit moved all
the command invocations out. This change moves out the code which
actually opens the monitor device.
* src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
from it.
* src/Makefile.am: Add qemu_monitor.{c,h}
* src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
* src/qemu/qemu_monitor.c: All code for opening the monitor
* src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
a new config type option for mac filtering
* src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
* src/qemu/qemu_driver.c: plug the MAC filtering at the right places
in the domain life cycle
* src/Makefile.am po/POTFILES.in: add the new module
* configure.in: look for ebtables binary location if present
* src/Makefile.am: add the new module
* src/util/ebtables.[ch]: new module and internal APIs around
the ebtables binary
* src/libvirt_private.syms: export the symbols only internally
* src/lxc/lxc.conf: new configuration file, there is currently one
tunable "log_with_libvirtd" that controls whether an lxc controller will
log only to the container log file, or whether it will honor libvirtd's
log output configuration. This provides a way to have libvirtd and its
children log to a single file. The default is to log to the container
log file.
* src/Makefile.am libvirt.spec.in: add the new file
* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
from the configuration file and pass the log informations when
starting up a container.
* configure.in: look for AppArmor and devel
* src/security/security_apparmor.[ch] src/security/security_driver.c
src/Makefile.am: add and plug the new driver
* src/security/virt-aa-helper.c: new binary which is used exclusively by
the AppArmor security driver to manipulate AppArmor.
* po/POTFILES.in: registers the new files
* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
tests for virt-aa-helper and the security driver, secaatest.c is
identical to seclabeltest.c except it initializes the 'apparmor'
driver instead of 'selinux'
Rename virStorageVolFormatFileSystem to virStorageFileFormat and
move to src/util/storage_file.[ch]
* src/Makefile.am: add src/util/storage_file.[ch]
* src/conf/storage_conf.[ch]: move enum from here ...
* src/util/storage_file.[ch]: .. to here
* src/libvirt_private.syms: update To/FromString exports
* src/storage/storage_backend.c, src/storage/storage_backend_fs.c,
src/vbox/vbox_tmpl.c: update for above changes
Pull out all the QEMU monitor interaction code to a separate
file. This will make life easier when we need to drop in a
new implementation for the forthcoming QMP machine friendly
monitor support.
Next step is to add formal APIs for each monitor command,
and remove direct commands for sending/receiving generic
data.
* src/Makefile.am: Add qemu_monitor.c to build
* src/qemu/qemu_driver.c: Remove code for monitor interaction
* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
file for monitor interaction
* po/POTFILES.in: Add src/qemu/qemu_monitor_text.c
When making changes to the remote protocol, src/ is always built
first, so rpcgen should live there, to avoid having to run make
in the 'daemon/' directory before building src/
* src/Makefile.am: Add rules for rpcgen, and drop -I../daemon from
remote client build
* daemon/Makefile.am: Add -I../src/remote/ to libvirtd build
and remove rpcgen rules
* daemon/libvirtd.c: Adapt include of remote_driver.h taking
into account new -I flag
* daemon/remote_protocol.c, daemon/remote_protocol.h,
daemon/remote_protocol.x: Move to src/remote/
* daemon/rpcgen_fix.pl: Move to src/remote/rpcgen_fix.pl
* src/capabilities.c, src/capabilities.h, src/domain_conf.c,
src/domain_conf.h, src/domain_event.c, src/domain_event.h,
src/interface_conf.c, src/interface_conf.h,
src/network_conf.c, src/network_conf.h, src/node_device_conf.c,
src/node_device_conf.h, src/secret_conf.c, src/secret_conf.h,
src/storage_conf.c, src/storage_conf.h, src/storage_encryption_conf.c,
src/storage_encryption_conf.h: Move to src/conf/
* src/Makefile.am: Add -Isrc/conf to the individual build targets
which need to use XML config APIs. Remove LIBXML_CFLAGS, LIBSSH2_CFLAGS
and SELINUX_CFLAGS from global INCLUDES and only have them in build
targets which actually need them. Create a libvirt_conf.la
convenience library for all config parsers
* src/hostusb.h: Remove bogus include of domain_conf.h
* tests/Makefile.am: Add -Isrc/conf. Remove bogus -I$builddir/src
since it never has any generated header files
* daemon/Makefile.am: Add -Isrc/conf
* proxy/Makefile.am: Add -Isrc/conf and cope with renamed files
* src/hash.c: Remove bogus include of libxml/threads.h
* daemon/default-network.xml: Move to src/network/default.xml
* daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move
to src/qemu/
* src/qemu.conf: Move to src/qemu/qemu.conf
* daemon/Makefile.am: Remove rules for default-nmetwork.xml and
libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in
uninstall-local that would install polkit again.
* src/Makefile.am: Add rules for installing network/default.xml
and the qemu/*.aug files. Add test case for QEMU augeas files.
Add uninstall-local rule for files/directories created during
install. Rename install-exec-local to install-data-local.
Only install qemu.conf if WITH_QEMU is set.
* tests/networkschematest: Update for XML location move
Move the virsh tool and its man page into the tools directory
* Makefile.am: Remove rules for virsh.1 man page
* virsh.1: Remove auto-generated file
* docs/Makefile.am: Remove rules for virsh.pod man page
* docs/virsh.pod: Move to tools/ directory
* src/Makefile.am, src/.gitignore: Remove rules for virsh
* src/console.c, src/console.h, src/*.ico, src/virsh_win_icon.rc,
src/virsh.c: Move into tools/ directory
* tools/Makefile.am: Add rules for building virsh
* tools/.gitignore: Ignore virsh built files
* tests/virshtest.c, tests/int-overflow: Update for new
virsh location
* configure.in: Only define WITH_SECRETS if libvirtd is present
* src/Makefile.am: Only build secrets driver if WITH_SECRETS is
defined. Always add SECRET_DRIVER_SOURCES to EXTRA_DIST
This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
Add a <secret> XML handling API, separate from the local driver, to
avoid manually generating XML in other parts of libvirt.
* src/secret_conf.c, src/secret_conf.h: New files.
* po/POTFILES.in, src/Makefile.am: Add secret_conf.
Remove the bogus dependancy between node_device.c & storage_backend.c
by moving the virWaitForDevices into util.h where it can be shared
safely
* src/storage_backend_disk.c, src/storage_backend_logical.c,
src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
virStorageBackendWaitForDevices with virFileWaitForDevices
* src/storage_backend.c, src/storage_backend.h: Remove
virStorageBackendWaitForDevices, virWaitForDevices
* src/util.h, src/util.c: Add virFileWaitForDevices
* configure.in: Move xmlrpc check further down after pkgconfig
is detected
* src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
* src/libvirt_private.syms: Add many missing exports
* configure.in src/Makefile.am src/storage_backend.[ch]
src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
add a new module for storage multipath, it requires device-mapper
* configure.in src/Makefile.am: change detection and flags
* src/phyp/phyp_driver.c src/phyp/phyp_driver.h: connection now
need to be done as part of the driver code, cleaned up by DV
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
* src/vbox/vbox_driver.c: remove some old 2.5 switches and plug the
3.0 driver
* src/vbox/vbox_V3_0.c src/vbox/vbox_CAPI_v3_0.h: the driver for
VirtualBox 3.0
* src/vbox/vbox_tmpl.c: handle the new driver and add event support
* src/Makefile.am: plug in the new module
Features supported:
- Connects to HMC/VIOS or IVM systems.
- Life cycle commands (resume and shutdown).
- dumpxml
- 'list' and 'list --all'
What is being implemented:
- better and centralized control for UUID
- definexml
- CPU management commands
* src/domain_conf.c src/domain_conf.h: first version of the driver
* configure.in src/Makefile.am include/libvirt/virterror.h
src/domain_conf.[ch] src/libvirt.c src/virterror.c: glue the driver
in the general framework
* src/esx/esx_*.[ch]: the driver, uses a remote minimal SOAP client
to talk to the VI services on ESX nodes.
* configure.in include/libvirt/virterror.h src/Makefile.am src/driver.h
src/libvirt.c src/virterror.c: glue in the new driver
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
parameters
* src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
for cgroups
* src/qemu_driver.c: Only use cgroups controllers that are activated,
and use configured device whitelist instead of default, if set.
* src/interface_driver.c src/interface_driver.h: the new driver
* src/Makefile.am qemud/Makefile.am qemud/qemud.c: hook the new driver
in the build system and get ti activated by the daemon
* src/libvirt_private.syms: export needed symbols internally
* configure.in: Add --with-qemu-user and --with-qemu-group args
* libvirt.spec.in: use 'qemu' for user/group for Fedora >= 12
* qemud/libvirtd_qemu.arg, qemud/test_libvirtd_qemu.aug,
src/qemu.conf: Add 'user' and 'group' args for configuration
* src/Makefile.am: Create %localstatedir/cache/libvirt/qemu
* src/qemu_conf.c, src/qemu_conf.h: Load user/group from config
* src/qemu_driver.c: Change user ID/group ID when launching QEMU
guests. Change user/group ownership on disks/usb/pci devs.
Put memory dumps in %localstatedir/cache/libvirt/qemu
* src/util.c, src/util.h: Add convenient APIs for converting
username/groupname to user ID / group ID
* src/interface_conf.c src/interface_conf.h: the import and export
routines and the internal APIs
* src/Makefile.am: hook the new file in the makefiles
* src/libvirt_private.syms: export a few private symbols internally
* po/POTFILES.in: the new file contains translatable strings
* src/Makefile.am src/libvirt.c src/libvirt_private.syms src/logging.c
src/logging.h src/util.c src/libvirt_debug.syms: big cleanup of
the debug configuration option and code by Amy Griffis
daniel
* configure.in libvirt.spec.in src/Makefile.am
src/opennebula/one_client.[ch] src/opennebula/one_conf.h
src/opennebula/one_driver.[ch] : Finish the integration of OpenNebula,
avoid dependancy on OpenNebula libraries, require xmlrpc-c-devel
and build it by default, based on patch by Javier Fontan and DanB
suggestions
Daniel
* src/Makefile.am src/node_device.[ch] src/node_device_conf.[ch]
src/node_device_hal.[ch] src/node_device_hal_linux.c
src/qemu_driver.c src/remote_internal.c src/storage_backend.c
src/virsh.c src/xen_unified.c tests/nodedevxml2xmltest.c
po/POTFILES.in: implementation for node device create and destroy
in NPIV support, patch by David Allan
Daniel
* src/opennebula/one_conf.[ch] src/opennebula/one_driver.[ch]:
the OpenNebula driver
* configure.in include/libvirt/virterror.h qemud/Makefile.am
qemud/qemud.c src/Makefile.am src/domain_conf.[ch] src/driver.h
src/libvirt.c src/virterror.c: integration of the OpenNebula
driver in the libvirt infrastructure
* AUTHORS: add Abel Miguez Rodriguez
daniel
* configure.in include/libvirt/virterror.h src/Makefile.am
src/domain_conf.[ch] src/driver.h src/virterror.c src/vbox/README
src/vbox/vbox_CAPI_v2_2.h src/vbox/vbox_V2_2.c
src/vbox/vbox_XPCOMCGlue.[ch] src/vbox/vbox_driver.[ch]
src/vbox/vbox_tmpl.c: integration of the VirtualBox support
patches by Pritesh Kothari
Daniel
* configure.in po/POTFILES.in src/Makefile.am src/libvirt_private.syms
src/pci.c src/pci.h: Add implementations of dettach, reattach and
reset for PCI devices, patch by Mark McLoughlin
Daniel
* configure.in: Provide a new --with-bridge option.
* src/Makefile.am (PRIVSYMFILES) [WITH_BRIDGE]: Append libvirt_bridge.syms.
* src/bridge.c: Test WITH_BRIDGE rather than particular drivers.
* src/libvirt_private.syms: Move bridge-related symbols into...
* src/libvirt_bridge.syms: ...this new file.
Author: John Levon
qemudCapsInitNUMA and umlCapsInitNUMA were identical, so this change
factors them into a new function, virCapsInitNUMA, and puts it in
nodeinfo.c.
In addition to factoring out the duplicates, this change also
adjusts that function definition (along with its macros) so
that it works with Fedora 9's numactl version 1, and makes it
so the code will work even if someone builds the kernel with
CONFIG_NR_CPUS > 4096.
Finally, also perform this NUMA initialization for the lxc
and openvz drivers.
* src/nodeinfo.c: Include <stdint.h>, <numa.h> and "memory.h".
(virCapsInitNUMA): Rename from qemudCapsInitNUMA and umlCapsInitNUMA.
(NUMA_MAX_N_CPUS): Define depending on NUMA API version.
(n_bits, MASK_CPU_ISSET): Define, adjust, use uint64 rather than long.
* src/nodeinfo.h: Include "capabilities.h".
(virCapsInitNUMA): Declare it.
* examples/domain-events/events-c/Makefile.am:
* src/Makefile.am: Add $(NUMACTL_CFLAGS) and $(NUMACTL_LIBS) to various
compile/link-related variables.
* src/qemu_conf.c: Include "nodeinfo.h".
(qemudCapsInitNUMA): Remove duplicate code. Adjust caller.
* src/uml_conf.c (umlCapsInitNUMA): Likewise.
Include "nodeinfo.h".
* src/lxc_conf.c: Include "nodeinfo.h".
(lxcCapsInit): Perform NUMA initialization here, too.
* src/openvz_conf.c (openvzCapsInit): And here.
Include "nodeinfo.h".
* src/libvirt_sym.version.in: Add virCapsInitNUMA so that libvirtd
can link to this function.
This is the second part of the change mentioned here:
http://thread.gmane.org/gmane.comp.emulators.libvirt/10331
It removes the essentially redundant "optname" parameter
from each of the vshCommandOptNetworkBy and vshCommandOptDomainBy
functions as well as the correspond macros (without "By" suffix).
Now, instead of always passing the optname, "domain", to
vshCommandOptDomainBy, that function requires that its command
argument refer to an opts array containing a "domain" option.
This normalization makes one more help-related change:
it renames the net-start "name" argument to the more
sensible and consistent "network".
* src/virsh.c (VSH_BYNAME, vshCommandOptDomain)
(cmd_has_option): New function, used in vshCommandOptDomainBy
and vshCommandOptNetworkBy.
(vshCommandOptDomainBy, vshCommandOptNetworkBy): Remove the optname
parameter, it's always "domain" ("network"). Update all callers.
Call cmd_has_option.
(vshCommandOptNetwork, cmdAutostart, cmdConsole, cmdDomstate)
(cmdDomblkstat, cmdDomIfstat, cmdSuspend, cmdUndefine, cmdStart)
(cmdSave, cmdSchedinfo, cmdDump, cmdResume, cmdShutdown)
(cmdReboot, cmdDestroy, cmdDominfo, cmdVcpuinfo, cmdVcpupin)
(cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML, cmdDomname)
(cmdDomid, cmdDomuuid, cmdMigrate, cmdNetworkAutostart)
(cmdNetworkDestroy, cmdNetworkDumpXML, cmdNetworkName)
(opts_network_start, cmdNetworkStart, cmdNetworkUndefine)
(cmdNetworkUuid, cmdVNCDisplay, cmdTTYConsole, cmdAttachDevice)
(cmdDetachDevice, cmdAttachInterface, cmdDetachInterface)
(cmdAttachDisk, cmdDetachDisk, cmdEdit)
* src/Makefile.am (virsh-pool-edit.c): This code is generated
from cmdEdit, and cmdEdit uses the vshCommandOptDomain macro which
now, with the changes above, has only 3 (was 4) arguments, yet the
macro use is mapped to vshCommandOptPool, which still requires 4
arguments. So this change adjusts the sed code to reinsert the
just-removed argument -- we're not changing pool-related code right
now, because it's not as straight-forward.
* src/socketcompat.h: Remove file.
* src/remote_internal.c: Don't include socketcompat.h.
* qemud/qemud.h: Likewise.
* qemud/remote_protocol.x: Likewise, but do include <arpa/inet.h>
for htonl.
* src/remote_internal.c: Likewise, but do include <errno.h>.
* qemud/remote_protocol.c: Regenererate.
* qemud/remote_protocol.h: Regenererate.
* src/Makefile.am (REMOTE_DRIVER_SOURCES): Remove socketcompat.h.
* src/virsh.c: Implement 'virsh edit', 'virsh net-edit' and
'virsh pool-edit' commands. These edit the XML for domains,
networks and storage pools respectively, and are the
equivalent of doing 'virsh dumpxml; vi foo.xml; virsh define'
* src/Makefile.am, src/.cvsignore: Auto-generate the net-edit
and pool-edit commands.
* docs/virsh.pod: Updated the documentation.
* include/libvirt/libvirt.h.in, src/libvirt.c, src/driver.h,
src/libvirt_sym.version: New virDomainMemoryPeek API.
* qemud/remote.c, qemud/remote_protocol.x, src/remote_internal.c:
Support for remote.
* src/qemu_driver.c: QEMU driver implementation of API.
* src/test.c: Test driver (null) implementation of API.
* docs/hvsupport.html.in: Document API.
* libvirt.spec.in: New path /var/cache/libvirt for temporary
storage of memory images.
* qemud/libvirtd.init.in: Remove any old temp files in
/var/cache/libvirt on restarts.
* src/Makefile.am: make install creates /var/cache/libvirt.
* configure.in: Detect mkdir -p.
* configure.in: Fix pkg-config detection of libxml2,
add -lgcrypt to gnutls lib.
* src/Makefile.am: If compiling --without-libvirtd then
don't compile any part of the storage driver.
* configure.in, src/hash.c, src/internal.h: Detect availability
of pthread library and compile out mutex code if not available.
* src/storage_driver.c, src/util.c: Ignore some missing
headers on MinGW.
* configure.in include/libvirt/virterror.h src/Makefile.am
src/driver.h src/lxc_conf.[ch] src/lxc_driver.[ch] src/virterror.c:
Applied 3 patches from Dave Leskovec for intial support of
Linux containers, configured off by default, work in progress.
* src/libvirt.c: improve virDomainCreateLinux xmlDesc description
Daniel
* src/Makefile.am (cov): Rewrite rule to merge gcov results corresponding
to two .o files: the libvirt_la- one, and the libvirt_test_la- one.
(tst): Remove unused rule.
* configure.in (LV_LIBTOOL_OBJDIR): Define and AC_SUBST.
* src/Makefile.am: Create a convenience library, libvirt_test.la,
and don't restrict access to *its* symbols.
* tests/Makefile.am (LDADDS): Add ../src/libvirt_test.la, so that
"configure --disable-shared" no longer provokes link errors.
(LIBVIRT): Remove definition.
(LDADDS): Remove use.
($(LIBVIRT)): Remove rule.
(LDADDS): Use the new convenience library instead.
(CLEANFILES): Define.
* docs/examples/index.py (dump_Makefile): Append $(COVERAGE_LDFLAGS),
to the LDADDS definition, to avoid link error with the combination of
--enable-test-coverage and --disable-shared.
* docs/examples/Makefile.am: Regenerate.
* docs/examples/index.html: Likewise.
* qemud/Makefile.am (libvirtd_LDFLAGS): Append $(COVERAGE_LDFLAGS).
* src/libvirt_sym.version: Remove some SP-before-TAB.
We currently use safewrite from inside libvirt and don't want to publish
any such function name. However, we do want to use it in applications
like virsh, libvirtd and libvirt_proxy that link with libvirt. To that
end, this change moves that function definition (along with the nearly
identical saferead) into a new file, util-lib.c. To avoid maintaining
separate copies of even such small functions, we simply include that new
file from util.c. Then, the separate applications that need to use
safewrite simply compile and link with util-lib.c.
Of course, this does mean that each of those applications will
containing two copies of these functions. However, the functions
are so small that it's not worth worrying about that.
* src/util.c (saferead, safewrite): Move function definitions to
util-lib.c and include that .c file.
* src/util-lib.c (saferead, safewrite): New file. Functions from src/util.c
with slight change (s/int r =/ssize_t r =/) to reflect read/write return type.
* src/util-lib.h: Declare the two moved functions.
* src/util.h: Remove declarations. Include src/util-lib.h.
* proxy/Makefile.am (libvirt_proxy_SOURCES): Add src/util-lib.c.
* qemud/Makefile.am (libvirtd_SOURCES): Likewise.
* src/Makefile.am (virsh_SOURCES): Add util-lib.c. Remove some SP-before-TAB.
* configure.in: xdr functions may require -lxdr.
* configure.in, src/Makefile.am: Extra linking flags for
building libvirt DLL.
* src/socketcompat.h: Hide Windows Winsock incompatibilities
in a separate header file.
* src/remote_internal.c: Switch to using socketcompat.h /
socket_errno().
* src/test.c: Switch to using socketcompat.h.
* gnulib/lib/arpa/.cvsignore: Ignore another generated file.
* src/qparams.c: Include <config.h>.
* src/qparams.c, src/qparams.h, src/Makefile.am: Added a
separate 'qparams' module for handling query parameters.
* src/remote_internal.c: Factor out query parameter code so
it uses the 'qparams' module.
New files go into these directories:
gnulib/lib
gnulib/m4
gnulib/tests
* bootstrap: A wrapper around gnulib-tool.
* configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY
before any macro that uses AC_COMPILE_IFELSE.
(AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile.
* Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests
early enough that those tests run before any libvirt unit tests.
* m4/Makefile.am: Remove file. Not needed.
* src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la.
* src/nodeinfo.c: Include "physmem.h".
* qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h".
(MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions.
(virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate.
* tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS): Add ../gnulib/lib/libgnu.la.
* qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la.
* tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total
memory from a file.
Update expected output not to include "Memory: NNNN"
* tests/nodeinfodata/linux-nodeinfo-1.txt:
* tests/nodeinfodata/linux-nodeinfo-2.txt:
* tests/nodeinfodata/linux-nodeinfo-3.txt:
* tests/nodeinfodata/linux-nodeinfo-4.txt:
* tests/nodeinfodata/linux-nodeinfo-5.txt:
* tests/nodeinfodata/linux-nodeinfo-6.txt:
* src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that
would conflict with the one now in "config.h".
* autogen.sh: Add -I gnulib/m4.
* src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE.
Instead, include "config.h".
* qemud/qemud.c: Remove definition of _GNU_SOURCE.
* src/openvz_driver.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/remote_internal.c: Likewise.
* configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch
of gettextize-generated files go into build-aux/, rather than in
the top-level directory.
* .cvsignore: Adjust.
* build-aux/.cvsignore: New file.
Author: Jim Meyering <meyering@redhat.com>
* configure.in: Added CYGWIN_EXTRA_LDFLAGS, CYGWIN_EXTRA_LIBADD,
CYGWIN_EXTRA_PYTHON_LIBADD, CYGWIN automake conditional.
* src/Makefile.am: Extra flags required to build DLL of libvirt
for Cygwin.
* python/Makefile.am: Extra flags and rule required to build
Python module for Cygwin.
* src/stats_linux.c, src/stats_linux.h, src_xen_internal.c:
Abstract out the Linux-specific statistics. Fixed parsing
of 64 bit numbers.
* src/Makefile.am: Updated Makefile for new files.
* src/libvirt.c (virDomainMigrate): Added virDomainMigrate
API call.
* src/xend_internal.c, src/xen_unified.c: Support for migration
of Xen domains.
* src/xen_internal.c: Xen capabilities indicates level of
support for migration.
* qemud/remote.c, qemud/remote_protocol.x, src/remote_internal.c:
Support for migration between remote hypervisors.
* src/virsh.c: Added 'virsh migrate' command.
* docs/libvir.html, docs/hvsupport.html: Updated hvsupport
documentation.
src/openvz_driver.c src/qemu_driver.c src/util.c src/util.h:
cleanup patches from Shuveb Hussain, with new util module for
common code shared between drivers.
Daniel
applied patch from Shuveb Hussain to plug the developping
OpenVZ support. Disabled by default.
* src/openvz_conf.[ch] src/openvz_driver.[ch]: added new
OpenVZ driver files. Avoid a redefinition of readline().
Daniel
+
+ * TODO: Added a note about requiring C++ compiler because of a
+ possible problem with libtool autoconf macros.
+ * docs/examples/Makefile.am, proxy/Makefile.am, qemud/Makefile.am,
+ src/Makefile.am, tests/Makefile.am: Pass $(WARN_CFLAGS) when
+ linking, so if -fstack-protector is there, gcc will link to
+ the stack protector library.
+ * tests/xencapstest.c: Allow this test to compile when Xen
+ libraries are not enabled.
+
src/Makefile.am src/libvirt.c src/qemu_internal.c src/test.c
src/xen_internal.c src/xen_internal.h src/xend_internal.c
src/xm_internal.c src/xml.c src/xs_internal.c
tests/Makefile.am tests/sexpr2xmltest.c tests/xmconfigtest.c:
allow selective compilation of Xen,QEmu/KVM and test support
in or out at configure time. Also allows to compile on a system
without Xen development installed. All drivers are selected by
default.
Daniel
* acinclude.m4: add LIBVIRT_COMPILE_WARNINGS, copied from
GNOME but with a few more flags we'd been using.
* configure.in: use that instead of setting CFLAGS
directly.
* proxy/Makefile.am, python/Makefile.am, qemud/Makefile.am,
src/Makefile.am, tests/Makefile.am: use $(WARN_CFLAGS)
* qemud/Makefile.am: install libvirt_qemud in /usr/sbin
instead of /usr/libexec
* src/Makefile.am, src/qemu_internal.c: pass the correct
path to libvirt
* src/xend_internal.c: fix the reconnection problem to xend pointed
by Philippe Berthault
* tests/Makefile.am tests/reconnect.c: add a specific test case
Daniel
* configure.in include/libvirt/virterror.h src/Makefile.am
src/conf.c src/conf.h src/virterror.c src/xen_internal.c:
adding a subset of Xen config file parser, and serializer
* tests/Makefile.am tests/conftest.c tests/test_conf.sh
tests/confdata/Makefile.am tests/confdata/fc4.conf
tests/confdata/fc4.out: adding test program for config in and out
Daniel
src/Makefile.am: moved proxy/proxy.h and proxy/proxy_client.c as
proxy_internal.[ch] and integrated them as a new driver.
* proxy/Makefile.am proxy/libvirt_proxy.c src/xen_internal.c
src/xen_internal.h src/xend_internal.c: various related cleanups.
Daniel
src/virterror.c: created a new module related to Xen Store accesses
* src/libvirt.c src/xen_internal.[ch] src/xend_internal.[ch]:
nearly completed the separation of the code from the different modules
Daniel
src/virterror.c include/Makefile.am include/virterror.h: adding
the public APIs for errors, callbacks and synchronous. The boring
stuff is still left to do, plugging it. Also need to be exposed
at the python level.
* doc//*: rebuilt
Daniel
* include/libvirt.h* src/libvirt.c src/xend_internal.[ch]
src/xml.[ch]: added XML parsing for Xen domain descriptions
needed for creates, plugged in a converter to s-exp and
xend call. Modified the virDomainCreateLinux() to reflect
that XML based description. Seems to work.
* python/tests/create.py: added a test case which seems to work
not tested much yet
* docs/*: regenerated
Daniel
src/libvir_sym.version src/virsh.c src/xml.c: started working on
the XML dump, added a dumpxml virsh version and a bit of
infrastructure code. Found a way to detect dead ID from xenstore
data.
Daniel
include/Makefile.am: provide/fix library versionning information
include/libvir.h is now generated !
* include/libvir.h.in src/libvir.c: revamp APIs and implement
complete ones.
* src/virsh.c: finish the version command and a bit of cleanup.
Daniel
one.
* include/libxen.h src/libxen.c src/libxen_sym.version: extend API
start to access libxenctrl directly (need xen update to get includes)
* src/xensh.c: access to both xenstore and hypervisor
Daniel
config.h.in configure.in: fix make dist, add rpm packaging
* src/libxen_sym.version src/Makefile.am: set a policy of no
export by default of library symbols
Daniel