Commit Graph

7684 Commits

Author SHA1 Message Date
Osier Yang
f07034159e list: Implement listAllNetworks for network driver
src/network/bridge_driver.c: Implement listAllNetworks.
2012-09-11 17:00:46 +08:00
Osier Yang
d3c6cabbac list: Add helpers to list network objects
src/conf/network_conf.c: Add virNetworkMatch to filter the networks;
and virNetworkList to iterate over all the networks with the filter.

src/conf/network_conf.h: Declare virNetworkList and define the macros
for filters.

src/libvirt_private.syms: Export virNetworkList.
2012-09-11 16:59:51 +08:00
Osier Yang
eff8a8dbb1 list: Implement RPC calls for virConnectListAllNetworks
The RPC generator doesn't support returning list of object, this patch
do the work manually.

* daemon/remote.c:
  Implemente the server side handler remoteDispatchConnectListAllNetworks.

* src/remote/remote_driver.c:
  Add remote driver handler remoteConnectListAllNetworks.

* src/remote/remote_protocol.x:
  New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_NETWORKS and
  structs to represent the args and ret for it.

* src/remote_protocol-structs: Likewise.
2012-09-11 16:59:33 +08:00
Osier Yang
89a1df9b06 list: Define new API virConnectListAllNetworks
This is to list the network objects, supported filtering flags
are: active|inactive, persistent|transient, autostart|no-autostart.

include/libvirt/libvirt.h.in: Declare enum virConnectListAllNetworkFlags
                              and virConnectListAllNetworks.
python/generator.py: Skip auto-generating
src/driver.h: (virDrvConnectListAllNetworks)
src/libvirt.c: Implement the public API
src/libvirt_public.syms: Export the symbol to public
2012-09-11 16:58:16 +08:00
Christophe Fergeau
164c03d33b Fix unwanted closing of libvirt client connection
e5a1bee07 introduced a regression in Boxes: when Boxes is left idle
(it's still doing some libvirt calls in the background), the
libvirt connection gets closed after a few minutes. What happens is
that this code in virNetClientIOHandleOutput gets triggered:

if (!thecall)
    return -1; /* Shouldn't happen, but you never know... */

and after the changes in e5a1bee07, this causes the libvirt connection
to be closed.

Upon further investigation, what happens is that
virNetClientIOHandleOutput is called from gvir_event_handle_dispatch
in libvirt-glib, which is triggered because the client fd became
writable. However, between the times gvir_event_handle_dispatch
is called, and the time the client lock is grabbed and
virNetClientIOHandleOutput is called, another thread runs and
completes the current call. 'thecall' is then NULL when the first
thread gets to run virNetClientIOHandleOutput.

After describing this situation on IRC, danpb suggested this:

11:37 < danpb> In that case I think the correct thing would be to change
               'return -1' above to 'return 0' since that's not actually an
               error - its a rare, but expected event

which is what this patch is doing. I've tested it against master
libvirt, and I didn't get disconnected in ~10 minutes while this
happens in less than 5 minutes without this patch.
2012-09-10 14:13:06 +02:00
Osier Yang
a4d7f4a0d9 list: Implement virStoragePoolListAllVolumes for test driver
src/test/test_driver.c: Implement poolListAllVolumes.
2012-09-10 10:39:58 +08:00
Osier Yang
7254a3670e list: Implement virStoragePoolListAllVolumes for storage driver
src/storage/storage_driver.c: Implement poolListAllVolumes.
2012-09-10 10:38:57 +08:00
Osier Yang
a8bac1c0f3 list: Implement RPC calls for virStoragePoolListAllVolumes
The RPC generator doesn't returning support list of object, this
patch do the work manually.

  * daemon/remote.c:
    Implemente the server side handler remoteDispatchStoragePoolListAllVolumes

  * src/remote/remote_driver.c:
    Add remote driver handler remoteStoragePoolListAllVolumes

  * src/remote/remote_protocol.x:
    New RPC procedure REMOTE_PROC_STORAGE_POOL_LIST_ALL_VOLUMES and
    structs to represent the args and ret for it.

  * src/remote_protocol-structs: Likewise.
2012-09-10 10:37:43 +08:00
Osier Yang
a42eac601e list: Define new API virStoragePoolListAllVolumes
Simply returns the storage volume objects. No supported filter
flags.

include/libvirt/libvirt.h.in: Declare the API
python/generator.py: Skip the function for generating. virStoragePool.py
                     will be added in later patch.
src/driver.h: virDrvStoragePoolListVolumesFlags
src/libvirt.c: Implementation for the API.
src/libvirt_public.syms: Export the symbol to public
2012-09-10 10:37:22 +08:00
Matthias Bolte
aa7c4068a8 esx: Remove unused variable from esxDomainGetAutostart 2012-09-09 12:44:20 +02:00
Christophe Fergeau
defa8b8589 events: Fix domain event race on client disconnect
GNOME Boxes sometimes stops getting domain events from libvirtd, even
after restarting it. Further investigation in libvirtd shows that
events are properly queued with virDomainEventStateQueue, but the
timer virDomainEventTimer which flushes the events and sends them to
the clients never gets called. Looking at the event queue in gdb
shows that it's non-empty and that its size increases with each new
events.

virDomainEventTimer is set up in virDomainEventStateRegister[ID]
when going from 0 client connecte to 1 client connected, but is
initially disabled. The timer is removed in
virDomainEventStateRegister[ID] when the last client is disconnected
(going from 1 client connected to 0).

This timer (which handles sending the events to the clients) is
enabled in virDomainEventStateQueue when queueing an event on an
empty queue (queue containing 0 events). It's disabled in
virDomainEventStateFlush after flushing the queue (ie removing all
the elements from it). This way, no extra work is done when the queue
is empty, and when the next event comes up, the timer will get
reenabled because the queue will go from 0 event to 1 event, which
triggers enabling the timer.

However, with this Boxes bug, we have a client connected (Boxes), a
non-empty queue (there are events waiting to be sent), but a disabled
timer, so something went wrong.

When Boxes connects (it's the only client connecting to the libvirtd
instance I used for debugging), the event timer is not set as expected
(state->timer == -1 when virDomainEventStateRegisterID is called),
but at the same time the event queue is not empty. In other words,
we had no clients connected, but pending events. This also explains
why the timer never gets enabled as this is only done when an event
is queued on an empty queue.

I think this can happen if an event gets queued using
virDomainEventStateQueue and the client disconnection happens before
the event timer virDomainEventTimer gets a chance to run and flush
the event. In this situation, virDomainEventStateDeregister[ID] will
get called with a non-empty event queue, the timer will be destroyed
if this was the only client connected. Then, when other clients connect
at a later time, they will never get notified about domain events as
the event timer will never get enabled because the timer is only
enabled if the event queue is empty when virDomainEventStateRegister[ID]
gets called, which will is no longer the case.

To avoid this issue, this commit makes sure to remove all events from
the event queue when the last client in unregistered. As there is
no longer anyone interested in receiving these events, these events
are stale so there is no need to keep them around. A client connecting
later will have no interest in getting events that happened before it
got connected.
2012-09-07 14:45:00 +02:00
Daniel P. Berrange
a4fd740561 Don't assume use of /sys/fs/cgroup
The introduction of /sys/fs/cgroup came in fairly recent kernels.
Prior to that time distros would pick a custom directory like
/cgroup or /dev/cgroup. We need to auto-detect where this is,
rather than hardcoding it

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-09-07 13:30:20 +01:00
Daniel P. Berrange
1f490138ba Add non-null annotations to qemuMonitorOpen
Add some non-null annotations to qemuMonitorOpen and also
check that the error callback is set, since it is mandatory

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-09-07 13:18:00 +01:00
Jiri Denemark
fc4115e8d6 Add PMSUSPENDED life cycle event
While PMSUSPENDED state was added a long time ago, we didn't have
corresponding life cycle event.
2012-09-07 09:38:22 +02:00
Peter Krempa
245cef9f97 util: Add helper to assign typed params from string
This patch adds a helper to deal with assigning values to
virTypedParameter structures from strings. The helper parses the value
from the string and assigns it to the corresponding union value.
2012-09-07 08:08:16 +02:00
Peter Krempa
972e914f59 qemu: Add range checking for scheduler tunables when changed by API
The quota and period tunables for cpu scheduler accept only a certain
range of values. When changing the live configuration invalid values get
rejected. This check is not performed when changing persistent config.

This patch adds a separate range check, that improves error messages
when changing live config and adds the check for persistent config.
This check is done only when using the API. It is still possible to
specify invalid values in the XML.
2012-09-07 07:52:48 +02:00
Peter Krempa
3e250b3669 qemu: clean up qemuSetSchedulerParametersFlags()
This patch tries to clean the code up a little bit and shorten very long
lines.

The apparent semantic change from moving the condition before calling
the setter function is a non-issue here as the setter function is a
no-op when called with both arguments zero.
2012-09-07 07:52:48 +02:00
Eric Blake
ddd8c3b995 nwfilter: drop use of awk
Commit 2a41bc9 dropped a dependency on gawk, but we can go one step
further and avoid awk altogether.

* src/nwfilter/nwfilter_ebiptables_driver.c
(iptablesLinkIPTablesBaseChain): Simplify command.
(ebiptablesDriverInit, ebiptablesDriverShutdown): Drop awk probe.
2012-09-06 16:33:06 -06:00
Gene Czarcinski
f20b7dbe63 remove dnsmasq command line parameter "--filterwin2k"
This patch removed the "--filterwin2k" dnsmasq command line
parameter which was unnecessary for domain specification,
possibly blocked some usage, and was command line clutter.

Gene Czarcinski <gene@czarc.net>
2012-09-06 10:59:33 -06:00
Eric Blake
ccaf0beec8 build: improved handling of <execinfo.h>, BSD <net/if.h>
FreeBSD and OpenBSD have a <net/if.h> that is not self-contained;
and mingw lacks the header altogether.  But gnulib has just taken
care of that for us, so we might as well simplify our code.  In
the process, I got a syntax-check failure if we don't also take
the gnulib execinfo module.

* .gnulib: Update to latest, for execinfo and net_if.
* bootstrap.conf (gnulib_modules): Add execinfo and net_if modules.
* configure.ac: Let gnulib check for headers.  Simplify check for
'struct ifreq', while also including enough prereq headers.
* src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it.
* src/nwfilter/nwfilter_learnipaddr.h: Use correct header for
IF_NAMESIZE.
* src/util/virnetdev.c (includes): Assume <net/if.h> exists.
* src/util/virnetdevbridge.c (includes): Likewise.
* src/util/virnetdevtap.c (includes): Likewise.
* src/util/logging.c (includes): Assume <execinfo.h> exists.
(virLogStackTraceToFd): Handle gnulib's fallback implementation.
2012-09-06 10:08:47 -06:00
Eric Blake
b6a14aec5f build: avoid tabs that failed syntax-check
Introduced in commit f299ddd6.

* src/check-symfile.pl: Fix whitespace.
* .dir-locals.el (perl-mode): Prevent future occurrences.
2012-09-06 09:43:46 -06:00
Daniel P. Berrange
f299ddd6b1 Remove duplicate symbols and add test case
When the event symbols were added to the public API, not all
of them were removed from the private exports list. Solaris
gets unhappy when there are duplicated symbols. Extend the
symfile check to test for this scenario
2012-09-06 16:05:41 +01:00
Osier Yang
cf45862817 list: Implement listAllStoragePools for test driver
src/test/test_driver.c: Implement listAllStoragePools
2012-09-06 22:03:59 +08:00
Osier Yang
c71f989bb5 list: Implement listAllStoragePools for storage driver
src/storage/storage_driver.c: Implement listAllStoragePools.
2012-09-06 22:03:20 +08:00
Osier Yang
17fd00888a list: Implement the RPC calls for virConnectListAllStoragePools
The RPC generator doesn't support returning list of object, this patch does
the work manually.

  * daemon/remote.c:
    Implement the server side handler remoteDispatchConnectListAllStoragePools

  * src/remote/remote_driver.c:
    Add remote driver handler remoteConnectListAllStoragePools.

  * src/remote/remote_protocol.x:
    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_STORAGE_POOLS and
    structs to represent the args and ret for it.

  * src/remote_protocol-structs: Likewise.
2012-09-06 22:02:04 +08:00
Osier Yang
84208a4a8b list: Add helpers for listing storage pool objects
src/conf/storage_conf.c: Add virStoragePoolMatch to filter the
pools; Add virStoragePoolList to iterate over the pool objects
with filter.

src/conf/storage_conf.h: Declare virStoragePoolMatch,
virStoragePoolList, and the macros for filters.

src/libvirt_private.syms: Export helper virStoragePoolList.
2012-09-06 21:59:00 +08:00
Osier Yang
075c754af0 list: Define new API virStorageListAllStoragePools
This introduces a new API to list the storage pool objects,
4 groups of flags are provided to filter the returned pools:

  * Active or not

  * Autostarting or not

  * Persistent or not

  * And the pool type.

include/libvirt/libvirt.h.in: New enum virConnectListAllStoragePoolFlags;
                              Declare the API.
python/generator.py: Skip the generating
src/driver.h: (virDrvConnectListAllStoragePools)
src/libvirt.c: Implementation for the API.
src/libvirt_public.syms: Export the symbol.
2012-09-06 21:58:36 +08:00
Peter Krempa
9e0ba44faf esx: Add implementation for virConnectListAllDomains()
ESX doesn't use the common virDomainObj implementation so this patch
adds a separate implementation.

This driver supports all currently defined filtering flags, but as with
other drivers some combinations yield a empty result list.
2012-09-06 11:06:10 +02:00
Peter Krempa
60d0ecdaa1 hyperv: Add implementation for virConnectListAllDomains()
Hyperv doesn't use the common virDomainObj implementation so this patch
adds a separate implementation.

This driver supports all currently added flags for filtering although
some of those don't make sense with this driver (no support yet) and
thus produce no output when used.
2012-09-06 10:04:30 +02:00
Jasper Lievisse Adriaanse
edc67a6f5d Define DYNLIB_NAME on OpenBSD. 2012-09-06 15:26:44 +08:00
Eric Blake
ae94cf2d13 build: avoid check-symfile on non-Linux
I tested both OpenBSD and cygwin; both failed 'make check' with:

  GEN    check-symfile
Can't return outside a subroutine at ./check-symfile.pl line 13.

Perl requires 'exit 77' instead of 'return 77' in that context,
but even with that tweak, the build still fails, since the exit
code of 77 is only special to explicit TESTS=foo listings, and
not to make-only dependency rules where we are not going through
automake's test framework.

* src/check-symfile.pl: Kill bogus platform check...
* src/Makefile.am (check-symfile): ...and replace with an automake
conditional.
2012-09-05 13:10:18 -06:00
Laine Stump
98e732fc34 network: prevent infinite hang if ovs-vswitchd isn't running
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=852984

If a network or interface is configured to use Open vSwitch, but
ovs-vswitchd (the Open vSwitch database service) isn't running, the
ovs-vsctl add-port/del-port commands will hang indefinitely rather
than returning an error. There is a --nowait option, but that appears
to have no effect on add-port and del-port commands, so instead we add
a --timeout=5 to the commands - they will retry for up to 5 seconds,
then fail if there is no response.
2012-09-05 14:35:04 -04:00
Eric Blake
c579d6b3d6 build: avoid warnings from gcc 4.2.1
OpenBSD ships with gcc 4.2.1, which annoyingly treats all format
strings as though they were also attribute((nonnull)).  The two
concepts are orthogonal, though, as evidenced by the number of
spurious warnings it generates on uses where we know that
virReportError specifically handles NULL instead of a format
string; worse, since we now force -Werror on git builds, it
prevents development builds on OpenBSD.

I hate to do this, as it disables ALL format checking on older
gcc, and therefore misses out on some useful checks (code that
happened to compile on Linux may still have type mismatches
when compiled on other platforms, as evidenced by the number
of times I have fixed formatting mismatches for uid_t as found
by warnings on Cygwin), but I don't see any other way to keep
-Werror alive and still compile on OpenBSD.

A more invasive change would be to make virReportError() mark
its format attribute as nonnull, and fix (a lot of) fallout;
we may end up doing that anyways as part of danpb's error
refactoring improvements, but not today.

* src/internal.h (ATTRIBUTE_FMT_PRINTF): Use preferred spellings.
* m4/virt-compile-warnings.m4 (-Wformat): Disable on older gcc.
2012-09-05 12:05:55 -06:00
Martin Kletzander
9f86fb9326 qemu: don't pin all the cpus
This is another fix for the emulator-pin series. When going through
the cputune pinning settings, the current code is trying to pin all
the CPUs, even when not all of them are specified. This causes error
in the subsequent function which, of course, cannot find the cpu to
pin. Since it's enough to pass the correct VCPU ID to the function,
the fix is trivial.
2012-09-05 19:25:10 +02:00
Jiri Denemark
965ccdd1bd qemu: Do not require auth scheme in graphics events
Only VNC_{{DIS,}CONNECTED,INITIALIZED} and SPICE_INITIALIZED events are
documented to support server/auth field and even there it is marked as
optional. Emit "" auth scheme in case QEMU didn't send it.
2012-09-05 11:27:14 +02:00
Martin Kletzander
95fbc83387 conf: describe security_driver behavior
As a request was raised for this, I added few lines in the "Notes"
part of the "security_driver" comments about allowed values.
2012-09-05 06:46:57 +02:00
Eric Blake
d74e5a4dfc build: use correct libraries for clock_gettime
On OpenBSD, clock_gettime() exists in libc rather than librt, and
blindly linking with -lrt made the build fail.  Gnulib already
did the work for determining which libraries to use, so we should
reuse that work rather than doing it ourselves.

* bootstrap.conf (gnulib_modules): Pull in clock-time.
* configure.ac (RT_LIBS): Drop.
* src/Makefile.am (libvirt_util_la_LIBADD): Use gnulib variable
instead.
* src/util/virtime.c (includes): Simplify.
2012-09-04 10:57:25 -06:00
Jasper Lievisse Adriaanse
afa67b7743 Include an extra header needed for OpenBSD. 2012-09-04 10:45:18 -06:00
Viktor Mihajlovski
72f1f2206e Rename iolimit to blockio.
After discussion with DB we decided to rename the new iolimit
element as it creates the impression it would be there to
limit (i.e. throttle) I/O instead of specifying immutable
characteristics of a block device.
This is also backed by the fact that the term I/O Limits has
vanished from newer storage admin documentation.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-09-04 09:14:36 -06:00
Jiri Denemark
03c42a4510 qemu: Fix reboot with guest agent
When reboot using qemu guest agent was requested, qemu driver kept
waiting for SHUTDOWN event from qemu. However, such event is never
emitted during guest reboot and qemu driver would keep waiting forever.
2012-09-04 14:09:54 +02:00
Peter Krempa
00b81636c5 qemu: Don't update graphic definitions on password change failure
When the password change failed we updated the graphic definition
anyways, which is not desired.
2012-09-03 16:52:27 +02:00
Martin Kletzander
b8216ec917 qemu: Add support for S3/S4 state configuration
This patch adds support for running qemu guests with the required
parameters to forcefully enable or disable BIOS advertising of S3 and
S4 states.  The support for this is added to capabilities and there is
also a qemu command parameter parsing implemented.
2012-09-03 09:32:39 +02:00
Martin Kletzander
09cd8f2ddf Add per-guest S3/S4 state configuration
There is a new <pm/> element implemented that can control what ACPI
sleeping states will be advertised by BIOS and allowed to be switched
to by libvirt. The default keeps defaults on hypervisor, otherwise
forces chosen setting.
The documentation of the pm element is added as well.
2012-09-03 09:08:21 +02:00
Viktor Mihajlovski
277a49bce7 qemu: Support for Block Device IO Limits.
Implementation of iolimits for the qemu driver with
capability probing for block size attribute and
command line generation for block sizes.
Including testcase for qemuxml2argvtest.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-31 11:27:47 -07:00
Viktor Mihajlovski
5cc50ad7a4 conf: Support for Block Device IO Limits
Introducing a new iolimits element allowing to override certain
properties of a guest block device like the physical and logical
block size.
This can be useful for platforms with 'non-standard' disk formats
like S390 DASD with its 4K block size.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-31 11:27:27 -07:00
Eric Blake
54e99644bf command: shell-quote when logging commands
Without this patch, logged command executions can be ambiguous if
the command contained any shell metacharacters.  This has caused
more than one person to attempt to patch clients to add unnecessary
quoting, without realizing that the command itself was run with
correct args, and only the logged output was ambiguous.

* src/util/command.c (virCommandToString): Add shell escapes.
* tests/commandtest.c (test16): Test new behavior.
* tests/commanddata/test16.log: Update expected output.
* tests/qemuxml2argvdata/qemuxml2argv-*.args: Likewise.
* tests/networkxml2argvdata/*.argv: Likewise.
2012-08-31 08:10:58 -07:00
Martin Kletzander
b805e3428e qemu: fix remote port searching
After fixing the last review comments on remote port searching (commit
a14b4aea51), the commit right after that
wasn't modified accordingly, therefore two values weren't changed as
they should and the configurable ports don't work as expected.

This simple commit changes last two values missed and fixes the issue.
2012-08-31 16:08:02 +02:00
Osier Yang
a2145faef9 util: Update the inconsistent and outdated comments
The codes were updated to allow to reset the device as long as
there is no devices/functions behind the same bus. However, the
comments were kept without touched.
2012-08-31 21:48:26 +08:00
Marcelo Cerri
990e46c454 conf: Avoid formatting auto-generated DAC labels
To avoid backward compatibility issues, this patch suppresses
auto-generated DAC labels from XML. This change affects commands such as
dumpxml and save.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-31 20:14:44 +08:00
Marcelo Cerri
86e205a24f conf: Fix parsing of seclabels without model
With this patch libvirt tries to assign a model to a single seclabel
when model is missing. Libvirt will look up at host's capabilities and
assign the first model to seclabel.

This patch fixes:

1. The problem with existing guests that have a seclabel defined in its XML.
2. A XML parse error when a guest is restored.

Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
2012-08-31 20:14:41 +08:00
Jiri Denemark
774eb45be6 qemu: Don't ignore CPU tuning config if required cgroups are missing
When domain XML contains any of the elements for setting up CPU
scheduling parameters (period, quota, emulator_period, or
emulator_quota) we need cpu cgroup to enforce the configuration.
However, the existing code would just ignore silently such settings if
either cgroups were not available at all cpu cgroup was not available.
Moreover, APIs for manipulating CPU scheduler parameters were already
failing if cpu cgroup was not available. This patch makes cpu cgroup
mandatory for all domains that use CPU scheduling elements in their XML.
2012-08-31 13:24:02 +02:00
Guannan Ren
fccab89def cgroup: fix libvirtd crash caused by messed memory
The variable max_id is initialized again in the step of
getting cpu mapping variable map2. But in the next for loop
we still expect original value of max_id, the bug will
crash libvirtd when using on NUMA machine with big number
of cpus.
2012-08-31 16:45:02 +08:00
Guannan Ren
657fef1401 cgroup: fix a typo on extracting data from vcpu cgroup 2012-08-31 16:40:10 +08:00
Guannan Ren
c402eebc71 cgroup: read more data from cgroup cpuacct.usage_percpu
On NUMA machine, the length of string got from file
cpuacct.usage_percpu is quite large, so expand the
limit of 1024 bytes.

errors like:
Failed to read file \
'/cgroup/cpuacct/libvirt/qemu/rhel6q/cpuacct.usage_percpu': \
Value too large for defined data type
2012-08-31 16:31:30 +08:00
Stefan Berger
4021b85fce nwfilter: adapt IP learning for broadcasted DHCP replies
Adapt the IP learning code to also accept broadcasted DHCP replies
2012-08-31 11:41:30 +08:00
Stefan Berger
c828a746fa nwfilter: accept broadcasted DHCP replies in DHCP snooping code
Some DHCP servers send their DHCP replies to the broadcast MAC address
rather than to the MAC address of the VM. The existing DHCP snooping
code assumes that the reply always goes to the MAC address of the VM
thus filtering the traffic of some DHCP servers' replies.

The below patch adapts the code to

1) filter DHCP replies by comparing the MAC address in the reply against
   the MAC address of the VM (held in the snoop request)

2) adapts the pcap filter for traffic towards the VM to accept DHCP replies
   sent to any MAC address; for further filtering we rely on 1)

3) creates initial rules that are active while waiting for DHCP replies;
   these rules now accept DHCP replies to the VM's MAC address or to the
   MAC broadcast address
2012-08-31 11:41:26 +08:00
Stefan Berger
46b2cafb25 Implement virMacAddrIsBroadcastRaw
Add function for testing for Ethernet broadcast address
2012-08-31 11:41:23 +08:00
Kyle Mestery
7b9d55e629 Fix adding ports to OVS bridges without VLAN tags
The introduction of the new VLAN code, along with the fix
from 5e465df6be, caused the
addition of OVS ports to fail with the following message:

ovs-vsctl: 00002|vsctl|ERR|: missing column name

This fix takes into account the VLAN arguments are optional,
and correctly sets up the command line to run the "ovs-vsctl"
command to add ports to the OVS bridge.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
CC: Eric Blake <eblake@redhat.com>
2012-08-31 10:57:00 +08:00
Nishank Trivedi
3044433f29 Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
If a 8021.Qbh network device supports SRIOV and its VF is being used
in pci passthrough mode, when the guest is shutdown or destroyed, the
PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
finds out the PF for provided hostdev (which is VF) and passes it to
virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
to virNetDevSetOnline() where the interface is brought down by clearing
IFF_UP flag.

Bringing down a PF, when only VF is being brought down is not expected
behavior. This patch adds a check so that virNetDevSetOnline() is called
only for PF and not if device is a VF.

Signed-off-by: Nishank Trivedi <nistrive@cisco.com>
2012-08-30 15:27:27 -04:00
Stefan Berger
9e995c9a23 nwfilter: loop generated too many rules
The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
2012-08-30 13:51:27 -04:00
Peter Krempa
1497e36db9 security: Re-apply commit ce53382ba2
Recent changes in the security driver discarded changes that fixed
labeling un-confined guests.
2012-08-30 16:45:38 +02:00
Peter Krempa
077e7bf51f vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
definition doesn't fit into the array. The list is an array of pointers
but the function definition didn't support returning the changed pointer
to the caller if it was realloced. This caused segfaults if realloc
would change the base pointer.
2012-08-30 16:45:38 +02:00
Peter Krempa
40dfb52517 qemu: Fix possible infinite loop and segfault on error path.
virDomainVcpuPinDefCopy when the control flow reaches out of memory
cleanup code, the flow would end in a infinite loop as the loop variable
wasn't decremented.

Also a dereference of NULL pointers was possible if allocation of the
Vcpu pinning definiton structure failed.
2012-08-30 16:45:38 +02:00
Peter Krempa
46514ff752 qemu: Clean up security driver initialisation and config file
Commit d0c0e79ac6 left behind some dead
code (hasDAC can't be efectively set to true, because
virSecurityManagerNew fails to load the "dac" driver).

This patch also enhances the condition for adding the default
auto-detected security manager if the manager array is allocated but
empty.

Also the configuration file for qemu driver still contains reference to
the DAC driver that can't be enabled manualy.
2012-08-30 16:45:38 +02:00
Jiri Denemark
7444ccce4c qemu: Revert to blocking behavior of qemuAgentCommand
Before commit 05447e3af4, qemuAgentCommand
blocked until it got a reply or appropriate event. When new parameter
was added to qemuAgentCommand in the above commit, all existing callers
of it were updated in a wrong way changing them from blocking to
5-seconds timeout.
2012-08-30 16:27:00 +02:00
Jiri Denemark
e360a96067 qemu: Remove redundant parameter from qemuAgentSend
The @timeout parameter of qemuAgentSend is both redundant and confusing.
This patch should not result in any functional changes.
2012-08-30 16:26:59 +02:00
Laine Stump
b3bd5d6c5a network: get vlan info for Open vSwitch interfaces from proper source
This bug was revealed by the crash described in

  https://bugzilla.redhat.com/show_bug.cgi?id=852383

The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
be non-NULL unless there is at least one tag. The factthat such a vlan
info pointer was receveid pointed out that a caller was passing the
wrong pointer. Instead of sending &net->vlan, the result of
virDomainNetGetActualVlan(net) should be sent - that function will
look for vlan info in net->data.network.actual->vlan, and in cany case
return NULL instead of a pointer if the vlan info it finds has no
tags.

Aside from causing the crash, sending a hardcoded &net->vlan has the
effect of ignoring vlan info from a <network> or <portgroup> config.
2012-08-30 18:05:18 +08:00
Daniel Veillard
3219cc3292 Small cleanup on previous patch
As pointed by Eric Blake
2012-08-30 15:18:02 +08:00
Kyle Mestery
5e465df6be Fix a crash when using Open vSwitch virtual ports
Fixup buffer usage when handling VLANs. Also fix the logic
used to determine if the virNetDevVlanPtr is valid or not.
Fixes crashes in the latest code when using Open vSwitch
virtualports.

Signed-off-by: Kyle Mestery <kmestery@cisco.com>
2012-08-30 13:48:52 +08:00
Osier Yang
20b780aec9 qemu: Sort the numa params only when it affects the live config
As the next boot doesn't have to worry about the previous numa
params setting (there is no).
2012-08-30 12:29:56 +08:00
Daniel P. Berrange
d0c0e79ac6 Fix configuration of QEMU security drivers
If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.

This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.

The desired semantics are:

 - security_driver not set
     -> probe for selinux/apparmour/nop
     -> auto-add DAC driver
 - security_driver set to a string
     -> add that one driver
     -> auto-add DAC driver
 - security_driver set to a list
     -> add all drivers in list
     -> auto-add DAC driver

It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-30 11:36:28 +08:00
Peter Krempa
eb8e9b6027 qemu: Refactor initialisation of security drivers.
The security driver loading code in qemu has a flaw that causes it to
register the DAC security driver twice. This causes problems (machines
unable to start) as the two DAC drivers clash together.

This patch refactors the code to allow loading the DAC driver even if
its specified in configuration (it can't be registered as a common
security driver), and does not add the driver twice.
2012-08-29 16:18:41 +02:00
Peter Krempa
ba150e5504 Revert "security: Add DAC to security_drivers"
This reverts commit 9f9b7b85c9.

The DAC security driver needs special handling and extra parameters and
can't just be added to regular security drivers.
2012-08-29 16:18:41 +02:00
Jiri Denemark
0c7cca36e7 qemu: Fix starting domains with no cpu cgroup
If cgroups are enabled in general but cpu cgroup is disabled in
qemu.conf or not mounted at all, libvirt would refuse to start any
domain even though scheduler parameters are not set in domain XML.

This patch makes cpu cgroup mandatory only for domains that actually
want to use it.
2012-08-29 16:13:38 +02:00
Alex Jia
95c61007e7 security: remove dead code from virSecurityDACGenLabel
* src/security/security_dac.c: remove useless dead code.

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 18:25:57 +08:00
Peter Krempa
f33dfffc41 nwfilter: Don't try to acquire DBus context when DBus is disabled
To silence error if DBus support is not compiled in.
2012-08-29 12:00:23 +08:00
Guido Günther
2a41bc95b5 Don't require gawk for a simple print expression
Fedora uses gawk as awk so there's no change and in behavior while
Debian/Ubuntu use mawk by default.

This was reported by Luca Capello in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712
2012-08-29 12:00:03 +08:00
Alex Jia
83b85e3e8f util: Prevent libvirtd crash from virNetDevOpenvswitchAddPort()
* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd
crash due to derefing a NULL virtVlan->tag.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383

Signed-off-by: Alex Jia <ajia@redhat.com>
2012-08-29 11:04:42 +08:00
Osier Yang
6fd1708fad qemu: Set placement when setting numa parameters
To keep the internal data structure consistent.
2012-08-29 09:45:28 +08:00
Peter Krempa
f2f0af3960 security_dac: Don't return uninitialised uid and gid for image labels
As in the previous commit, images are also chowned to uninitialised
uid and gid if the label is not present.
2012-08-29 01:31:30 +02:00
Peter Krempa
3c2f5e3ede security_dac: Don't return uninitialised value when parsing seclabels
When starting a machine the DAC security driver tries to set the UID and
GID of the newly spawned process. This worked as desired if the desired
label was set. When the label was missing a logical bug in
virSecurityDACGenLabel() caused that uninitialised values were used as
uid and gid for the new process.

With this patch, default values (from qemu driver configuration)
are used if the label is not found.
2012-08-28 18:41:41 +02:00
Peter Krempa
f2b241e6a7 security_dac: Avoid segfault when no label is requested
When no DAC "label" was requested for a domain the DAC manager tried to
strdup a NULL string causing a segfault.
2012-08-28 18:40:36 +02:00
Peter Krempa
f2bb32b1d2 util: Fix error message when getpwuid_r fails to find the user
getpwuid_r returns success but sets the return structure to NULL when it
fails to deliver data about the requested uid. In our helper code this
created following strange error messages:

" ... cannot getpwuid_r(1234): Success"

This patch creates a more helpful message:
" ... getpwuid_r failed to retrieve data for uid '1234'"
2012-08-28 18:36:57 +02:00
Osier Yang
a22909d5c2 conf: Fix the problem which cause libvirtd to crash
* src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
as def->seclables[i]->model could be NULL.
2012-08-28 23:54:17 +08:00
Michal Privoznik
500c246889 build: define 'inline' iff HAVE_LIBNL1
Previous commit 0b4b53bb80 defined 'inline' to prevent broken build on
systems with libnl1 headers. However, it broke build on systems with
libnl3 headers. Therefore we must make that fix conditional.
2012-08-28 12:09:43 +02:00
Eric Blake
0b4b53bb80 build: work with older libnl1 headers
Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
assumed the old gcc semantics of 'extern inline' as a C89 extension:
the function will _always_ be inline if it is used, and that
it may be declared extern inline in headers without a definition,
as long as the definition occurs before any use.  But when C99
added 'extern inline' as a mandatory feature of the language, with
slightly different semantics than gcc (the function MUST have
external linkage, and the inline definition MUST be present
alongside any declaration, where the compiler can then choose
which of the two versions to use), this rendered the use of
'inline' in libnl's header obsolete.  Most distros already solved
this by removing 'inline' (the resulting 'extern' is correct,
regardless of gcc semantics), and libnl-3 does not have the
problem (where it has switched to 'static inline' instead, again
with the definition present, and again, our hack will result in
plain 'static' with no ill effects).  But for the case of building
out of the box, we hack around the broken Ubuntu header.

* src/util/virnetlink.h: Work around libnl issue.
2012-08-27 15:08:25 -06:00
Michal Privoznik
9eee40cc54 qemu: Fix define logic
With current flow in qemudDomainDefine we might lose data
when updating an existing domain. We parse given XML and
overwrite the configuration.  Then we try to save the new
config. However, this step may fail and we don't perform any
roll back.  In fact, we remove the domain from the list of
domains held up by qemu driver. This is okay as long as the
domain was brand new one.
2012-08-27 19:01:09 +02:00
Michal Privoznik
3e0cc6306a qemu_agent: Switch to virReportSystemError() on system error
Currently, if a syscall in qemu_agent.c fails we report an internal
error even though we should be reporting a system error.
2012-08-27 18:00:10 +02:00
Michal Privoznik
aa3e8bd4ca Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code
Currently, when guest agent is configured but not responsive
(e.g. due to appropriate service not running in the guest)
we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
we need to introduce new error code to reflect this case.
2012-08-27 18:00:10 +02:00
Ján Tomko
1fe6d219cb conf: prevent NULL pointer access in virSecurityLabelDefsParseXML
When checking for seclabels without security models, def->nseclabels is
already set to n. In the case of an error def->seclabels is freed but
nseclabels is left untouched. This leads to a segmentation fault when
def is freed in virDomainDefParseXML.
2012-08-27 15:02:24 +02:00
Michal Privoznik
661d7fb4fc qemu: Switch to unified func name
With the latest patches libvirt supports qemu agent monitor
passthrough. However, function in qemu driver is called
qemuDrvDomainAgentCommand. s/Drv// as used in all other names.
2012-08-27 11:44:03 +02:00
Guannan Ren
2b8624dd33 rpc: fix segmentation fault caused by null client-sock
The client-sock could have been set to NULL by eventloop thread
after async event fired.
2012-08-27 16:59:25 +08:00
Martin Kletzander
340196c46f qemu: fix regression with spice tls port allocation
In my quest for reusing variables I failed to edit one variable when
fixing details between two patch versions. That results in a failure
to start qemu with autoport and spice tls, because qemu is trying to
bind two sockets to the same port.
2012-08-27 10:20:53 +02:00
Martin Kletzander
16ebec2b7c qemu: fix regression with pinning
Commit 4b03d59167 changed the pinning
behavior in a way that makes some machines non-startable.

The comment mentioning that we cannot control each vcpu when there is
not VCPU<-> PID mapping available is true, however, this isn't
necessarily an error, because this can be caused by old QEMU without
support for "query-cpus" command as well as a software emulated
machines that don't create more than one process.
2012-08-27 10:20:42 +02:00
Laine Stump
9cb9cbee96 build: add LIBNL_CFLAGS to build of libvirt_lxc
When libvirt_lxc is built, it uses the utility library and #includes
virnetdev.h, which #includes virnetlink.h, which includes
<netlink/msg.h>.

Normally, the netlink include directory would be just off
/usr/include, so that wouldn't create a problem, but on Fedora and
RHEL systems using libnl3, the libnl includes have been moved into
/usr/include/libnl3 (to allow concurrent installation of libnl-1.1).

All other binaries that need it have added $(LIBNL_CFLAGS) to their
CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
that have only libnl3-devel installed. This was previously unnoticed
because everyone was building with libnl headers in
/usr/include/netlink (even on systems with the headers in
/usr/include/libnl3/netlink, many people (like me) usually also have
the libnl1.1 headers in /usr/include/netlink).

This patch adds the necessary CFLAGS for libvirt_lxc.

Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
binary, because it never directly calls libnl functions, but only
calls them indirectly through the util library, which it's already
linking against.
2012-08-25 14:47:04 -04:00
Eric Blake
1385c9cd74 snapshot: rename an enum
The name 'virDomainDiskSnapshot' didn't fit in with our normal
conventions of using a prefix hinting that it is related to a
virDomainSnapshotPtr.  Also, a future patch will reuse the
enum for declaring where the VM memory is stored.

* src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
(virDomainSnapshotLocation): ...to this.
(_virDomainSnapshotDiskDef): Update clients.
* src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
* src/libvirt_private.syms (domain_conf.h): Likewise.
* src/conf/domain_conf.c (virDomainDiskDefParseXML)
(virDomainDiskDefFormat): Likewise.
* src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
(virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
(qemuDomainSnapshotCreateSingleDiskActive)
(qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
Likewise.
2012-08-24 09:51:08 -06:00
Eric Blake
6478ec1673 snapshot: split snapshot conf code into own file
This has several benefits:
1. Future snapshot-related code has a definite place to go (and I
_will_ be adding some)
2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
classification, which has been underutilized (previously only in
libvirt.c)

* src/conf/domain_conf.h, domain_conf.c: Split...
* src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
* src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
* po/POTFILES.in: Mark new file for translation.
* src/vbox/vbox_tmpl.c: Update caller.
* src/esx/esx_driver.c: Likewise.
* src/qemu/qemu_command.c: Likewise.
* src/qemu/qemu_domain.h: Likewise.
2012-08-24 09:51:08 -06:00
Eric Blake
3211deba3e snapshot: make virDomainSnapshotObjList opaque
We were failing to react to allocation failure when initializing
a snapshot object list.  Changing things to store a pointer
instead of a complete object adds one more possible point of
allocation failure, but at the same time, will make it easier to
react to failure now, as well as making it easier for a future
patch to split all virDomainSnapshotPtr handling into a separate
file, as I continue to add even more snapshot code.

Luckily, there was only one client outside of domain_conf.c that
was actually peeking inside the object, and a new wrapper function
was easy.

* src/conf/domain_conf.h (_virDomainObj): Use a pointer.
(virDomainSnapshotObjListInit): Rename.
(virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
declarations.
(_virDomainSnapshotObjList): Move definitions...
* src/conf/domain_conf.c: ...here.
(virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
Rename...
(virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
these.
(virDomainSnapshotForEach): New function.
(virDomainObjDispose, virDomainListPopulate): Adjust callers.
* src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
(qemuDomainSnapshotDiscardAllMetadata): Likewise.
* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
(qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
(qemuDomainListAllSnapshots)
(qemuDomainSnapshotListChildrenNames)
(qemuDomainSnapshotNumChildren)
(qemuDomainSnapshotListAllChildren)
(qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
(qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
(qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
(qemuDomainSnapshotDelete): Likewise.
* src/libvirt_private.syms (domain_conf.h): Export new function.
2012-08-24 09:51:08 -06:00
Philipp Hahn
fbe7a88373 xen-xs: fix uuid of renamed domain
When the XenStore tdb lives persistently and is not cleared between host
reboots, Xend (version 3.4 and 4.1) re-creates the domain information
located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
hg265950e3df69 to fix a problem when locally migrating a domain to the
host itself.)

When doing so a version number is added to the UUID separated by one
dash, which confuses xenStoreDomainIntroduced(): It iterates over all
domains and tries to lookup all inactive domains using
xenStoreDomainGetUUID(), which fails if the running domain is renamed:
virUUIDParse() fails to parse the versioned UUID and the domain is
flagged as missing. When this happens the function delays .2s and
re-tries 20 times again, multiplied by the number of renamed VMs.
  14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again

This adds a significant delay:
  # time virsh list >/dev/null
  real    0m6.529s
  # xenstore-list /vm
  00000000-0000-0000-0000-000000000000
  00000000-0000-0000-0000-000000000000-1
  00000000-0000-0000-0000-000000000000-2
  00000000-0000-0000-0000-000000000000-3
  00000000-0000-0000-0000-000000000000-4
  00000000-0000-0000-0000-000000000000-5
  7c06121e-90c3-93d4-0126-50481d485cca
  00000000-0000-0000-0000-000000000000-6
  00000000-0000-0000-0000-000000000000-7
  144ad19d-dfb4-2f80-8045-09196bb8784f
  00000000-0000-0000-0000-000000000000-8
  144ad19d-dfb4-2f80-8045-09196bb8784f-1
  00000000-0000-0000-0000-000000000000-9
  00000000-0000-0000-0000-000000000000-10
  00000000-0000-0000-0000-000000000000-11
  00000000-0000-0000-0000-000000000000-12
  00000000-0000-0000-0000-000000000000-13
  00000000-0000-0000-0000-000000000000-14
  144ad19d-dfb4-2f80-8045-09196bb8784f-2
  00000000-0000-0000-0000-000000000000-15
  144ad19d-dfb4-2f80-8045-09196bb8784f-3
  00000000-0000-0000-0000-000000000000-16

The patch adds truncation of the UUID as read from the XenStore path
before passing it to virUUIDParse().

The same issue is reported at
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>

Signed-off-by: Philipp Hahn <hahn@univention.de>
2012-08-24 09:46:19 -06:00
Michal Privoznik
0ee655f5f5 conf: Don't always require security/@model
Only parse model, if static labelling, or
a base label is set, or doing active XML.
2012-08-24 17:19:25 +02:00
Michal Privoznik
9f9b7b85c9 security: Add DAC to security_drivers
Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
fails to initialize as DAC driver is not found because it is missing
in our security drivers array.
2012-08-24 17:19:25 +02:00
Laine Stump
e1602a76bd nwfilter: don't log error if firewalld is disabled, improve diagnostics
The original patch to support firewalld in nwfilter wasn't personally
checking the exit status of firewall-cmd, but was instead sending NULL
in the *exitstatus arg, which meant that virCommandWait would log an
error just for the exit status being non-0 (and a "more scary than
useful" error at that).

We don't want to treat this as an error, though, just as a reason to
use standard (ip|eb)tables commands instead of firewall-cmd.

This patch modifies the virCommandRun in the nwfilter code to request
status back from the caller. This avoids virCommandWait logging an
error message, and allows the caller to do as it likes after examining
the status.

The VIR_DEBUG() logged when firewalld is enabled has also been
reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
added in the case that firewalld is *not* found+enabled.
2012-08-24 03:07:00 -04:00
Laine Stump
46dc643232 openvz: check the exitstatus of vzlist
I noticed this while auditing all calls to virCommandRun that request
an exit status from virCommandRun. Two functions in the openvz driver

  openvzDomainGetBarrierLimit
  openvzDomainSetBarrierLimit

request an exit status from virCommandRun (thus assuring that
virCommandRun won't log any errors just due to a non-0 exit status),
but then fail to examine that exit status. This could result in the
functions believing that the call to "vzlist" was successful, even
though it may have encountered an error.
2012-08-24 03:07:00 -04:00
Eric Blake
352cbae8b3 qemu-agent: available in 0.10.0
The recent virDomainQemuAgentCommand addition is part of 0.10.0;
also, grouping all libvirt-qemu.so callbacks together makes them
easier to identify.

* src/libvirt_qemu.syms: Fix release symbol.
* src/qemu/qemu_driver.c (qemuDriver): Likewise.
* src/remote/remote_driver.c (remote_driver): Likewise.
* src/driver.h (_virDriver): Group qemu-specific callbacks.
2012-08-23 13:05:52 -06:00
Laine Stump
ddf1ccb7fe network: fix virtual network bridge delay setting
libvirt's network config documents that a bridge's STP "forward delay"
(called "delay" in the XML) should be specified in seconds, but
virNetDevBridgeSetSTPDelay() assumes that it is given a delay in
milliseconds (although the comment at the top of the function
incorrectly says "seconds".

This fixes the comment, and converts the delay to milliseconds before
calling virNetDevBridgeSetSTPDelay().
2012-08-23 14:27:53 -04:00
Michal Privoznik
385ee0e982 qemu: forbid suspend if already pmsuspended
If a domain is pmsuspended then virsh suspend will succeed. Beside
obvious flaw, virsh resume will report success and change domain
state to running which is another mistake. Therefore we must forbid
any attempts for suspend and resume when pmsuspended.
2012-08-23 17:48:44 +02:00
MATSUDA Daiki
88555379f2 agent: add remote driver support
Add qemuDomainAgentCommand() which is generated automatically,
for .qemuDomainArbitraryAgentCommand to remote driver.

Signed-off-by: MATSUDA Daiki <matsudadik@intellilink.co.jp>
2012-08-23 19:05:50 +08:00
MATSUDA Daiki
0e963f4dc6 agent: add qemu driver support
Add qemuDrvDomainAgentCommand() for .qemuDomainArbitraryAgentCommand
to qemu driver.

Signed-off-by: MATSUDA Daiki <matsudadik@intellilink.co.jp>
2012-08-23 19:04:49 +08:00
MATSUDA Daiki
847fc9945e agent: add virDrvDomainQemuAgentCommand prototype for drivers.
Add virDrvDomainQemuAgentCommand prototype for drivers.
Add virDomainQemuAgentCommand() for virDrvDomainQemuAgentCommand.

Signed-off-by: MATSUDA Daiki <matsudadik@intellilink.co.jp>
2012-08-23 18:13:15 +08:00
MATSUDA Daiki
ff049d227b agent: add qemuAgentArbitraryCommand() for general qemu agent command
Add a function qemuAgentArbitraryCommand() for general qemu agent command.

Signed-off-by: MATSUDA Daiki <matsudadik@intellilink.co.jp>
2012-08-23 18:10:29 +08:00
MATSUDA Daiki
05447e3af4 agent : add @seconds variable to qemuAgentSend().
Add @seconds variable to qemuAgentSend().
When @timemout is true, @seconds controls how long to wait for a
response (if @seconds is VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT,
default to QEMU_AGENT_WAIT_TIME).
In addition, @seconds must be >= 0 or VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT.
If @timeout is false, @seconds is ignored.

Signed-off-by: MATSUDA Daiki <matsudadik@intellilink.co.jp>
2012-08-23 17:55:33 +08:00
Hu Tao
e9b354e2a9 fix check of vcpuid in virDomainVcpuPinDefParseXML
For emulator, the vcpuid field is always set to -1, instead of parsing
XML for the value of it.
2012-08-23 14:01:22 +08:00
Laine Stump
947a51ee94 util: eliminate erroneous VIR_WARNs in (eb|ip)tables.c
Several VIR_DEBUG()'s were changed to VIR_WARN() while I was testing
the firewalld support patch, and I neglected to change them back
before I pushed.

In the meantime I've decided that it would be useful to have them be
VIR_INFO(), just so there will be logged evidence of which method is
being used (firewall-cmd vs. (eb|ip)tables) without needing to crank
logging to 11. (at most this adds 2 lines to libvirtd's logs per
libvirtd start).
2012-08-22 22:44:17 -04:00
Yuri Chornoivan
66d811293a Fix some typos in messages, docs and comments. 2012-08-22 15:34:07 -06:00
Gene Czarcinski
f3868259ca dnsmasq: avoid forwarding queries without a domain
dnsmasq is forwarding a number of queries upstream that should not
be done.  There still remains an MX query for a plain name with no
domain specified that will be forwarded is dnsmasq has --domain=xxx
--local=/xxx/ specified. This does not happen with no domain name
and --local=// ... not a libvirt problem.

BTW, thanks again to Claudio Bley!
2012-08-22 11:36:39 -06:00
Stefan Hajnoczi
5b7f5a049c docs: fix blockpull/blockcopy bandwidth Mbps -> MiB/s
The bandwidth units for blockpull and blockcopy are in Megabytes per
Second, not Megabits per Second.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-08-22 17:15:56 +02:00
Daniel P. Berrange
34b30de5f5 Fix parameter list in virNetlinkEvent{Add,Remove}Client Win32 stubs
The virNetlinkEventAddClient / virNetlinkEventRemoveClient stub
impls had syntax errors in their parameter lists, using a ')'
after the second-to-last parameter instead of a ','

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-22 16:10:09 +01:00
Daniel P. Berrange
66473616c8 Fix typo in Makefile.am s/LDFOAGS/LDFLAGS/ 2012-08-22 11:42:47 +01:00
Tang Chen
15a71e6059 Introduce virNetlinkEventServiceStopAll() to stop all netlink services.
This patch introduce virNetlinkEventServiceStopAll() to stop
all the monitors to receive netlink messages for libvirtd.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
2012-08-22 18:23:58 +08:00
Tang Chen
d575679401 Improve netlink to support all protocol.
This patch improve all the API in virnetlink.c to support
all kinds of netlink protocols, and make all netlink sockets
be able to join in groups.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
2012-08-22 18:23:58 +08:00
Peter Krempa
225f280744 client: Change default location of known_hosts file for libssh2 layer
Unfortunately libssh2 doesn't support all types of host keys that can be
saved in the known_hosts file. Also it does not report that parsing of
the file failed. This results into truncated known_hosts files where the
standard client stores keys also in other formats (eg.
ecdsa-sha2-nistp256).

This patch changes the default location of the known_hosts file into the
libvirt private configuration directory, where it will be only written
by the libssh2 layer itself. This prevents trashing user's known_host
file.
2012-08-22 11:49:07 +02:00
Peter Krempa
f1d0b92a01 libssh2_session: Add support for creating known_hosts file
The libssh2 code wasn't supposed to create the known_hosts file, but
recent findings show, that we can't use the default created by OpenSSH
as libssh2 might damage it. We need to create a private known_hosts file
in the config path.

This patch adds support for skipping error if the known_hosts file is
not present and let libssh2 create a new one.
2012-08-22 11:49:07 +02:00
Wen Congyang
5065942019 qemu: support of emulator_period and emulator_quota's modification
allow the user change/get emulator's period and quota when the vm is running.
2012-08-22 17:01:44 +08:00
Hu Tao
b65dafa812 qemu: introduce period/quota tuning for emulator
This patch introduces support of setting emulator's period and
quota to limit cpu bandwidth when the vm starts.  Also updates
XML Schema for new entries and docs.
2012-08-22 16:52:22 +08:00
Hu Tao
1d4395eb47 limit cpu bandwidth only for vcpus
This patch changes the behaviour of xml element cputune.period
and cputune.quota to limit cpu bandwidth only for vcpus, and no
longer limit cpu bandwidth for the whole guest.

The reasons to do this are:

  - This matches docs of cputune.period and cputune.quota.
  - The other parts excepting vcpus are treated as "emulator",
    and there are separate period/quota settings for emulator
    in the subsequent patches
2012-08-22 16:50:41 +08:00
Tang Chen
ca5c99aecb remote: introduce emulator pinning RPCs
Introduce 2 APIs to support emulator threads in remote driver.
    1) remoteDomainPinEmulator: call driver api, such as qemudDomainPinEmulator.
    2) remoteDomainGetEmulatorPinInfo: call driver api, such as qemudDomainGetEmulatorPinInfo.
They are similar to remoteDomainPinVcpuFlags and remoteDomainGetVcpuPinInfo.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:32:26 +08:00
Hu Tao
3dbf4838e4 qemu: support emulator pinning
Introduce 2 APIs to support emulator threads pin in qemu driver.

    1) qemudDomainPinEmulator: setup emulator threads pin info.
    2) qemudDomainGetEmulatorPinInfo: get all emulator threads pin info.

They are similar to qemudDomainPinVcpuFlags and qemudDomainGetVcpuPinInfo.
And also, remoteDispatchDomainPinEmulatorFlags and remoteDispatchDomainGetEmulatorPinInfo
functions are introduced.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:30:44 +08:00
Tang Chen
151eee5a06 Introduce virDomainEmulatorPinAdd and virDomainEmulatorPinDel functions
Introduce 2 APIs to support emulator threads pin.
    1) virDomainEmulatorPinAdd: setup emulator threads pin with a given cpumap string.
    2) virDomainEmulatorPinDel: remove all emulator threads pin.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:29:57 +08:00
Tang Chen
c152bf9425 Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions.
Introduce 2 APIs to set/get physical cpu pinning info of emulator threads.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:20:13 +08:00
Tang Chen
6db98e8a3f Add qemuProcessSetEmulatorAffinites and set emulator threads affinities
Emulator threads should also be pinned by sched_setaffinity(), just
the same as vcpu threads.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:19:52 +08:00
Tang Chen
a1249489ce qemu: synchronize emulatorpin info to cgroup
Introduce qemuSetupCgroupEmulatorPin() function to add emulator
threads pin info to cpuset cgroup, the same as vcpupin.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 16:09:26 +08:00
Tang Chen
19630db3e3 Support emulatorpin xml parse.
This patch adds a new xml element <emulatorpin>, which is a sibling
to the existing <vcpupin> element under the <cputune>, to pin emulator
threads to specified physical CPUs.

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 15:51:23 +08:00
Hu Tao
ed92285095 Change virDomainVcpuPinDefParseXML to support parsing emulatorpin 2012-08-22 15:30:57 +08:00
Hu Tao
fe1d32596c Enable cpuset cgroup and synchronous vcpupin info to cgroup.
vcpu threads pin are implemented using sched_setaffinity(), but
not controlled by cgroup. This patch does the following things:

    1) enable cpuset cgroup
    2) reflect all the vcpu threads pin info to cgroup

Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 15:12:22 +08:00
Hu Tao
a5dd8b808c updates of some vcpupin related functions
1. add a new function virDomainVcpuPinDefCopy
2. make virDomainVcpuPinDefFree non-static
2012-08-22 15:11:38 +08:00
Hu Tao
fd8fd0f916 refactor virDomainVcpuPinAdd() 2012-08-22 15:03:28 +08:00
Hu Tao
1fea56673c add function bitmapFromBytemap() to convert bytemap to bitmap 2012-08-22 14:40:23 +08:00
Wen Congyang
4b03d59167 create a new cgroup and move all emulator threads to the new cgroup
Create a new cgroup and move all emulator threads to the new cgroup.
And then we can do the other things:
1. limit only vcpu usage rather than the whole qemu
2. limit for emulator threads(include vhost-net threads)

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 14:33:59 +08:00
Hu Tao
910282960f Introduce the function virCgroupMoveTask
Introduce a new API to move tasks of one controller from a cgroup to another cgroup

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 14:33:28 +08:00
Wen Congyang
92741ef3ee Introduce the function virCgroupForEmulator
Introduce the function virCgroupForEmulator() to create sub directory
for simulator thread(include I/O thread, vhost-net thread)

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
2012-08-22 14:25:06 +08:00
J.B. Joret
a46af26004 qemu: Disk Geometry Override Support
Qemu command line generation for geometry override and testcases.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-21 15:35:48 -06:00
J.B. Joret
5d4f8d9746 Support for Disk Geometry Override
A hypervisor may allow to override the disk geometry of drives.
Qemu, as an example with cyls=,heads=,secs=[,trans=].
This patch extends the domain config to allow the specification of
disk geometry with libvirt.

Signed-off-by: J.B. Joret <jb@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-08-21 15:30:07 -06:00
Eric Blake
4fce1c43ca build: avoid $(builddir) in Makefile
Older automake 1.9.6 (hello there, RHEL 5) did not populate
$(builddir), which meant 'make check' failed with:

make[3]: *** No rule to make target `/.libs/libvirt.la', needed by `check-symfile'.  Stop.

For that matter, even newer automake doesn't directly emit rules
to build .libs/libvirt.la; we are better off basing our rules
on the public ./libvirt.la.

* src/Makefile.am (check-symfile): Delete useless variable.
2012-08-21 14:33:03 -06:00
Eric Blake
f97d02d7be build: network requires location of dbus headers
Without this patch, RHEL 5 fails to compile, since the dbus
files lives under /usr/include/dbus-1.0/dbus/dbus.h, and
DBUS_CFLAGS contains -I/usr/include/dbus-1.0.

In file included from network/bridge_driver.c:67:
../src/util/virdbus.h:26:25: error: dbus/dbus.h: No such file or directory

* src/Makefile.am (libvirt_driver_network_impl_la_CFLAGS): Add
DBUS_CFLAGS.
2012-08-21 14:27:38 -06:00
Eric Blake
cd8f8c8de7 atomic: fix whitespace in previous patch 2012-08-21 14:27:32 -06:00
Eric Blake
bf76174bac atomic: mark header functions static
When gcc atomic intrinsics are not available (such as on RHEL 5
with gcc 4.1.2), we were getting link errors due to multiple
definitions:

./.libs/libvirt_util.a(libvirt_util_la-virobject.o): In function `virAtomicIntXor':
/home/dummy/l,ibvirt/src/util/viratomoic.h:404: multiple definition of `virAtomicIntXor'
./.libs/libvirt_util.a(libvirt_util_la-viratomic.o):/home/dummy/libvirt/src/util/viratomic.h:404: first defined here

Solve this by conditionally marking the functions static (the
condition avoids falling foul of gcc warnings about unused
static function declarations).

* src/util/viratomic.h: When not using gcc intrinsics, use static
functions to avoid linker errors on duplicate functions.
2012-08-21 13:54:00 -06:00
Eric Blake
0d03735f4a build: work with glibc that lacks CPU_COUNT
Building on RHEL 5 warned:

nodeinfo.c: 305: warning: implicit declaration of function 'CPU_COUNT'

This extension macro in <sched.h> was not added until later glibc.

* src/nodeinfo.c (CPU_COUNT): Add fallback implementation.
2012-08-21 12:07:03 -06:00
Eric Blake
77de1f3573 build: work with older RHEL 5 kernel
We already skip out on building the LXC under RHEL 5, because the
kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
moved some LXC-only code into common files, resulting in this
build failure:

util/virfile.c: In function 'virFileLoopDeviceAssociate':
util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)

Unfortunately, the kernel folks only made it an enum, rather than
also a #define, so we have to modify configure.ac to record when
it is usable.

* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
compilation when kernel is too old.
2012-08-21 12:07:00 -06:00
Ján Tomko
8211c677a3 command: avoid double close in virExecWithHook
Fix possible double close in the child process after the fork in case
infd and outfd are equal, just like they are after being called from
virNetSocketNewConnectCommand.
2012-08-21 11:46:49 -06:00
Stefan Berger
4efde75fab nwfilter: provide basic support for firewalld
This patch provides basic support for using firewalld's firewall-cmd
rather than then plain eb/ip(6)tables commands.
2012-08-21 13:40:58 -04:00