This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
policykit API
* libvirt.spec.in: deal with new policy install locations & deps
* src/logging.c src/logging.h src/libvirt_private.syms:
define new functions virLogSetFromEnv and virLogParseDefaultPriority
* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
unified functions
* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
they can override a valid setting from the config file. Send all
settings through the parser functions for validation, so that the
existence of a bad setting doesn't nullify a good setting that should
have applied -- particularly the default output. Keep the order of
precedence consistent for all variables between the environment and
the config file. Warn when an invalid log level, filter, or output
is ignored.
* src/libvirt_private.syms: export internally a few convenience functions
* src/interface_driver.c src/interface_driver.h: the new driver
* src/Makefile.am qemud/Makefile.am qemud/qemud.c: hook the new driver
in the build system and get ti activated by the daemon
* src/libvirt_private.syms: export needed symbols internally
All incoming messages currently get routed to the generic method
remoteDispatchClientRequest() for processing. To allow incoming
data stream messages to bypass this and be routed to a specific
location, a concept of dispatch filters is introduced.
* qemud/qemud.h: Add a qemud_client_filter struct and a callback
qemud_client_filter_func. Maintain a list of filters on every
struct qemud_client
* qemud/qemud.c: Move remoteDecodeClientMessageHeader() out of
qemudWorker() into qemudDispatchClientRead(). Check registered
message filters in qemudDispatchClientRead() to decide where
to send incoming messages for dispatch.
The current qemudRegisterClientEvent() code is used both for
registering the initial socket watch, and updating the already
registered watch. This causes unneccessary complexity in alot
of code which only cares about updating existing watches. The
updating of a watch cannot ever fail, nor is a reference to the
'qemud_server' object required.
This introduces a new qemudUpdateClientEvent() method for that
case, allowing the elimination of unneccessary error checking
and removal of the server back-reference in struct qemud_client.
* qemud/qemud.h: Remove 'server' field from struct qemud_client.
Add qemudUpdateClientEvent() method. Remove 'update' param
from qemudRegisterClientEvent method
* qemud/dispatch.c, qemud/qemud.c, qemud/remote.c: Update alot
of code to use qemudUpdateClientEvent() instead of
qemudRegisterClientEvent(). Move more logic from remoteRelayDomainEvent
into remoteDispatchDomainEventSend.
This removes an assumption from qemudWorker() code that every
incoming message will generate a reply.
* qemud/dispatch.c: remoteDispatchClientRequest now has responsibility
for queuing the reply message to the RPC call
* qemud/qemud.c: Do not queue the RPC call reply in qemudWorker(),
allowing remoteDispatchClientRequest() to take care of it
Separate the decoding of incoming request header out from the
dispatch code. This will allow later code to making dispatcher
routing decisions based on the header field data.
* qemud/dispatch.c, qemud/dispatch.h: Add remoteDecodeClientMessageHeader
API for decoding the header of a client message. Update the
remoteDispatchClientRequest method to assume a pre-decoded
header.
* qemud/qemud.h: Include a 'remote_message_header' field in
'struct qemud_client_message' for pre-decoded header data
* qemud/qemud.c: Decode the incoming client message header before
invoking remoteDispatchClientRequest
* docs/logging.html[.in] qemud/libvirtd.conf qemud/qemud.c
src/logging.[ch]: cleanup the logging code and docs to remove
all references to log level 0, cleanup hardcoded values and add
a default VIR_LOG_DEFAULT value, patch by Amy Griffis
daniel
* src/opennebula/one_conf.[ch] src/opennebula/one_driver.[ch]:
the OpenNebula driver
* configure.in include/libvirt/virterror.h qemud/Makefile.am
qemud/qemud.c src/Makefile.am src/domain_conf.[ch] src/driver.h
src/libvirt.c src/virterror.c: integration of the OpenNebula
driver in the libvirt infrastructure
* AUTHORS: add Abel Miguez Rodriguez
daniel
* qemud/qemud.c src/console.c src/network_driver.c
src/node_device_conf.c src/node_device_hal.c src/storage_conf.c
src/util.c: cleanup of some direct stderr logging
daniel
bridge.c: In function 'brSetInetAddr':
bridge.c:665: error: dereferencing pointer '({anonymous})' does break strict-aliasing rules
bridge.c:665: note: initialized from here
bridge.c:666: error: dereferencing pointer '({anonymous})' does break strict-aliasing rules
bridge.c:666: note: initialized from here
Fix qemud.c warnings with gcc-4.4
qemud.c: In function ‘remoteListenTCP’:
qemud.c:675: error: dereferencing pointer ‘sa.72’ does break strict-aliasing rules
qemud.c:675: note: initialized from here
qemud.c:678: error: dereferencing pointer ‘sa.73’ does break strict-aliasing rules
qemud.c:678: note: initialized from here
Before this change, the unix socket directory was hard-coded
to be e.g., /var/run/libvirt for euid==0 and ~/.libvirt otherwise.
With this change, you may now specify that directory in libvirtd's
config file via a line like this: unix_sock_dir = "/var/run/libvirt".
This is essential for running tests that do not impinge on any
existing libvirtd process, and in running tests in parallel.
* qemud/libvirtd.conf (unix_sock_dir): Add comment and example.
* qemud/qemud.h (struct qemud_server) [logDir]: Change type
from char[PATH_MAX] to char*.
* qemud/qemud.c (unix_sock_dir): New global
(remoteReadConfigFile): Set the global.
(qemudInitPaths): Use the global, unix_sock_dir, if non-NULL.
One minor improvement: unlink both sockets or none, never
just one of them.
(qemudCleanup): Free logDir.
(main): Use the new global rather than hard-coding "/run/libvirt".
* qemud/libvirtd.aug (sock_acl_entry): Add "unix_sock_dir".
* qemud/qemud.c (remoteReadConfigFile): Don't return 0 (success)
when the config file is unreadable or nonexistent
Return -1, not 0, upon virConfReadFile failure.
(main): If remote_config_file is not specified via --config(-f),
use the default config file only if it exists. Otherwise,
use /dev/null.
* src/conf.c (virConfReadFile): Don't diagnose virFileReadAll
failure, since it already does that.
* qemud/qemud.c qemud/test_libvirtd_qemu.aug tests/Makefile.am
tests/daemon-conf: fix make check with the new logging support
the messages now carry a timestamp which need to be removed,
the daemon needs to exit if the log configuration informations
are wrong and we also look at the LIBVIRT_DEBUG environment
variable
Daniel