Commit Graph

20586 Commits

Author SHA1 Message Date
Michal Privoznik
79bd55b302 virSecurityManagerNew: Turn array of booleans into flags
So imagine you want to crate new security manager:

  if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true)));

Hard to parse, right? What about this:

  if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
                                    VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
                                    VIR_SECURITY_MANAGER_PRIVILEGED)));

Now that's better! This is what the commit does.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-10-07 17:51:28 +02:00
Cole Robinson
a946c50ded tests: eventtest: Fix coverity warning
We can ignore the result of virtTestResult here, because failure is
unconditionally reported by the callers
2015-10-07 10:48:45 -04:00
Andrea Bolognani
7cdf944b0a qemu: Fix indentation issue
Two #define lines introduced by b527aa0 did not respect the
indentation rules, thus breaking syntax-check.
2015-10-07 11:07:11 +02:00
Andrea Bolognani
b527aa090d qemu: Remove explicit values from virQEMUCapsFlags
This gets rid of the partially enforced alignment and makes it less
likely for a bogus value to be introduced in the enumeration.
Capabilities are divided in five-element groups for better readability.

Use #define for QEMU_CAPS_NET_NAME and QEMU_CAPS_HOST_NET_ADD, both
of which are aliases for QEMU_CAPS_0_10.
2015-10-07 11:04:21 +02:00
Peter Krempa
01b4baba59 qemu: migration: Skip few checks while doing offline migration
qemuMigrationIsAllowed would disallow offline migration if the VM
contained host devices or memory modules. Since during offline migration
we don't transfer any state we can safely migrate VMs with such
configuration.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1265049
2015-10-07 09:10:05 +02:00
Peter Krempa
b6c44af0f7 qemu: migration: Use migration flags in qemuMigrationIsAllowed
Use the migration @flags for checking various migration aspects rather
than picking them out as booleans. Document the new semantics in the
function header.
2015-10-07 09:09:22 +02:00
Peter Krempa
f558c66f17 qemu: migration: Drop @def from qemuMigrationIsAllowed
Now that qemuMigrationIsAllowed is always called with @vm, we can drop
the @def argument and simplify the control flow.

Additionally the comment is invalid so drop it.
2015-10-07 09:09:21 +02:00
Peter Krempa
b866991f0c qemu: migration: Split source and destination migration checks
Extract the hostdev check from qemuMigrationIsAllowed into a separate
function since that is the only part that needs to be done in the v2
migration protocol prepare phase on the destination. All other checks
were added when the v3 protocol existed so they don't need to be
extracted.

This change will allow to drop the @def argument for
qemuMigrationIsAllowed and further simplify the function.
2015-10-07 09:08:59 +02:00
Cole Robinson
62ff210e5d spec: Delete .git after applying patches
I'm hitting this little annoyance in fedora's package repo:

$ fedpkg prep
Downloading libvirt-1.2.20.tar.gz
...
+ /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz
$ git clean -xdf
Removing libvirt-1.2.20.tar.gz
Skipping repository libvirt-1.2.20/

We git-ify the libvirt directory as part of applying patches in the spec
file, but 'git clean' will ignore subfolders that appear to be standalone
git repos.

Let's just delete the .git directory after we're done with it.
2015-10-06 15:54:47 -04:00
Maxim Nestratov
bd6ae7b8ab vz: remove storage driver as never used
In fact, it was never used as far as vz has no features supporting it.
That is why there will be no harm to anyone if we just remove this code to
prevent further misunderstanding and efforts to support dead code.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2015-10-06 18:22:47 +03:00
Maxim Nestratov
439f29e78c vz: remove network driver as never used
At the time this code was added we had intentions to support libvirt interface
to manage vz networks. In fact, it was never implemented completely to work
correctly that makes me think that there will be no harm to anyone if we just
rip it off. Moreover, in vz7 we started to use libvirt bridge network driver to
manage networks.

Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2015-10-06 18:22:47 +03:00
Cole Robinson
1a83a068e4 tests: qemu: Add aarch64 virtio pci tests
- qemuxml2argv-aarch64-mmio-default-pci: Verify that we still default
  to virtio-mmio even if qemu is new enough to support PCI
- qemuxml2argv-aarch64-virtio-pci: Check generated arm virtio PCI args
2015-10-06 10:27:10 -04:00
Cole Robinson
bdcc2f80a6 docs: domain: Show canonical pvspinlock XML
The example pvspinlock XML is:

  <pvspinlock/>

While this is accepted by libvirt and works correctly, it's currently
always output as a tristate like

  <pvspinlock state='on'/>

So document that format instead
2015-10-06 10:26:59 -04:00
Jiri Denemark
be5347bb72 qemu: Wait until destination QEMU consumes all migration data
Even though QEMU on the source host reports completed migration and thus
we move to the Finish phase, QEMU on the destination host may still be
processing migration data. Thus before we can start guest CPUs on the
destination, we have to wait for a completed migration event.

https://bugzilla.redhat.com/show_bug.cgi?id=1265902

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-10-06 16:15:21 +02:00
Jiri Denemark
829c62b7a5 qemu: Make updating stats in qemuMigrationCheckJobStatus optional
With new QEMU which supports migration events,
qemuMigrationCheckJobStatus needs to explicitly query QEMU for migration
statistics once migration is completed to make sure the caller sees
up-to-date statistics with both old and new QEMU. However, some callers
are not interested in the statistics at all and once we start waiting
for a completed migration on the destination host too, checking the
statistics would even fail. Let's push the decision whether to update
the statistics or not to the caller.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-10-06 16:15:21 +02:00
Jiri Denemark
2af983f4c4 qemu: Introduce flags in qemuMigrationCompleted
The function already has two bool parameters and we will need to add a
new one. Let's switch to flags to make the callers readable.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-10-06 16:15:21 +02:00
Jiri Denemark
b106c8b910 qemu: Copy completed migration stats only on success
The destination host gets detailed statistics about the current
migration form the source host via migration cookie and copies them to
the domain object so that they can be queried using
virDomainGetJobStats. However, we should only copy statistics to the
domain object when migration finished successfully.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-10-06 16:15:21 +02:00
Jiri Denemark
d27c66dbaa qemu: Always update migration times on destination
Even if we are migrating a domain with VIR_MIGRATE_PAUSED flag set, we
should still update the total time of the migration. Updating downtime
doesn't hurt either, even though we don't actually start guest CPUs.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2015-10-06 16:15:21 +02:00
Martin Kletzander
7d19413955 tests: Check GIC-related XMLs in qemuxml2xmltest
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-06 15:10:36 +02:00
Martin Kletzander
a9fe620372 Do not distribute generated virkeymaps.h
We are distributing virkeymaps.h and all the tools needed to rebuild
that file.  On top of that, we are generating that file into the
$(srcdir) and that sometimes fails when trying to do make dist in VPATH
on rawhide fedora.  And we don't clean the file when maintainer-clean
make target is requested.  So let's not distribute the file and rather
let everyone rebuild it when needed and clean it when appropriate.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-06 15:10:36 +02:00
Cédric Bosdonnat
a1bdf04b27 apparmor: differentiate between error and unconfined profiles
profile_status function was not making any difference between error
cases and unconfined profiles. The problem with this approach is that
dominfo was throwing an error on unconfined domains.
2015-10-06 13:47:01 +02:00
Peter Krempa
51a4178f24 conf: Remove <metadata> elements with no namespace
Our docs state that subelements of <metadata> shall have a namespace
and the medatata APIs expect that too. To avoid inaccessible
<metadata> sub-elements, just remove those that don't conform to the
documentation.

Apart from adding the new condition this patch renames the function and
refactors the code flow to allow the changes.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245525
2015-10-06 13:36:12 +02:00
Cole Robinson
bb5fc5c778 testutils: Drop virtTestResult
virtTestResult is suboptimal for a few reasons:

- It poorly duplicates virtTestRun pass/fail reporting logic
- It doesn't have virtTestRun's alloc testing support
- It only reports the test name _after_ the test has run.
- It doesn't follow the standard virtTestRun pattern that most other
  tests use.

There's no users left, so drop it. If any other async tests like eventtest
spring up that don't cleanly fit the virtTestRun pattern, I suggest they
just open code the support for it around virtTestRun
2015-10-05 14:34:04 -04:00
Cole Robinson
ae8755370f tests: eventtest: Open code virtTestResult
These event tests aren't run synchronously, so there isn't an obvious
function to pass to virtTestRun. Instead, open code roughly what
virtTestResult did before: printing an error message if a test failed.
2015-10-05 14:34:04 -04:00
Cole Robinson
64cc686d79 tests: sheepdog: Drop use of virtTestResult
Instead use the same pattern that most other test files use.
2015-10-05 14:34:04 -04:00
Cole Robinson
3de074efa5 testutils: Add coloring to verbose PASS/FAILED output
Helps to visually track down test failures if debugging the test suite.

The colors match what 'make check' does for pass/fail/skip
2015-10-05 14:34:04 -04:00
John Ferlan
1895b42114 storage: Adjust calculation of alloc/capacity for disk
https://bugzilla.redhat.com/show_bug.cgi?id=1247987

Calculation of the extended and logical partition values for the disk
pool is complex. As the bz points out an extended partition should have
it's allocation initialized to 0 (zero) and keep the capacity as the size
dictated by the extents read.  Then for each logical partition found,
adjust the allocation of the extended partition.

Finally, previous logic tried to avoid recalculating things if a logical
partition was deleted; however, since we now have special logic to handle
the allocation of the extended partition, just make life easier by reading
the partition table again - rather than doing the reverse adjustment.
2015-10-05 08:14:44 -04:00
John Ferlan
657f3bea8d storage: Introduce virStorageBackendDiskStartPool
https://bugzilla.redhat.com/show_bug.cgi?id=1251461

When 'starting' up a disk pool, we need to make sure the label on the
device is valid; otherwise, the followup refreshPool will assume the
disk has been properly formatted for use. If we don't find the valid
label, then refuse the start and give a proper reason.
2015-10-05 08:14:44 -04:00
John Ferlan
fba2076f43 storage: Add additional errors/checks for disk label
Let's check to ensure we can find the Partition Table in the label
and that libvirt actually recognizes that type; otherwise, when we
go to read the partitions during a refresh operation we may not be
reading what we expect.

This will expand upon the types of errors or reason that a build
would fail, so we can create more direct error messages.
2015-10-05 08:14:44 -04:00
John Ferlan
05c46f5c22 storage: Add param to check whether we can write a disk label
Modify virStorageBackendDiskValidLabel to add a 'writelabel' parameter.
While initially for the purpose of determining whether the label should
be written during DiskBuild, a future use during DiskStart could determine
whether the pool should be started using the label found. Augment the
error messages also to give a hint as to what someone may need to do
or why the command failed.
2015-10-05 08:14:44 -04:00
John Ferlan
2f177c5a41 storage: Refactor disk label checking
Create a new function virStorageBackendDiskValidLabel to handle checking
whether there is a label on the device and whether it's valid or not.
While initially for the purpose of determining whether the label can be
overwritten during DiskBuild, a future use during DiskStart could determine
whether the pool should be started using the label found.
2015-10-05 08:14:44 -04:00
John Ferlan
fdda37608a storage: Prior to creating a volume, refresh the pool
https://bugzilla.redhat.com/show_bug.cgi?id=1233003

Although perhaps bordering on a don't do that type scenario, if
someone creates a volume in a pool outside of libvirt, then uses that
same name to create a volume in the pool via libvirt, then the creation
will fail and in some cases cause the same name volume to be deleted.

This patch will refresh the pool just prior to checking whether the
named volume exists prior to creating the volume in the pool. While
it's still possible to have a timing window to create a file after the
check - at least we tried.  At that point, someone is being malicious.
2015-10-05 08:14:44 -04:00
John Ferlan
cb19cff468 virfile: Fix error path for forked virFileRemove
As it turns out the caller in this case expects a return < 0 for failure
and to get/use "errno" rather than using the negative of returned status.
Again different than the create path.

If someone "deleted" a file from the pool without using virsh vol-delete,
then the unlink/rmdir would return an error (-1) and set errno to ENOENT.
The caller checks errno for ENOENT when determining whether to throw an
error message indicating the failure.  Without the change, the error
message is:

error: Failed to delete vol $vol
error: cannot unlink file '/$pathto/$vol': Success

This patch thus allows the fork path to follow the non-fork path
where unlink/rmdir return -1 and errno.
2015-10-05 08:14:44 -04:00
John Ferlan
c6b32d6801 virfile: Add extra check for direct delete in virFileRemove
Unlike create options, if the file to be removed is already in the
pool, then the uid/gid will come from the pool. If it's the same as the
currently running process, then just do the unlink/rmdir directly
rather than going through the fork processing unnecessarily
2015-10-05 08:14:44 -04:00
Andrea Bolognani
938368f838 qemu: Add conditions for qemu-kvm use on ppc64
qemu-kvm can be used to run ppc64 guests on ppc64le hosts and vice
versa, since the hardware is actually the same and the endianness
is chosen by the guest kernel.

Up until now, however, libvirt didn't allow the use of qemu-kvm
to run guests if their endianness didn't match the host's.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1267882
2015-10-05 09:45:28 +02:00
Peter Krempa
9869f24d08 rpc: libssh2: Fix regression in ssh host key verification
Commit 792f81a40e caused a regression in the libssh2 host key
verification code by changing the variable type of 'i' to unsigned.
Since one of the loops used -1 as a special value if the asking
callback was found the conversion made a subsequent test always fail.

The bug was stealth enough to pass review, compilers and coverity.

Refactor the condition to avoid problems.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
2015-10-05 07:38:18 +02:00
Peter Krempa
387c316e11 rpc: libssh2: Add more debugging info 2015-10-05 07:38:18 +02:00
Peter Krempa
34315608a8 conf: Reuse virDomainDefCheckDuplicateDiskWWN to check disk serial too
Rename the function to virDomainDefCheckDuplicateDiskInfo and make it
check disk serials too.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245013
2015-10-05 07:25:21 +02:00
Peter Krempa
199d17de32 qemu: Perform the disk WWN check only on fresh starts
Since we'd disallow migration of a guest that would have possibly
invalid config but still be able to work, relax the WWN check to be
performed only on new starts of the VM.
2015-10-05 07:25:21 +02:00
Laine Stump
ce692d5ea6 interface: let netcf pre-filter for active vs. inactive
If a system has a large number of active or active interfaces, it can
be a big waste of time to retrieve and qualify all interfaces if the
caller only wanted one subset. Since netcf has a simple flag for this,
translate the libvirt flag into a netcf flag and let netcf pre-filter.
2015-10-02 11:16:11 -04:00
Laine Stump
070732735f interface: re-use name and mac address rather than re-retrieving
Getting the MAC address of an interface is actually fairly expensive,
and we've already gotten it and stored it into def, so just keep def
around a bit longer and retrieve it from there.

This reduces the time for "virsh iface-list --all" from 28 to 23
seconds when there are 400 interfaces.
2015-10-02 11:16:11 -04:00
Laine Stump
6fda6699e5 interface: report correct interface count when not returning list
The spec for virConnectListAllInterfaces says that if the pointer that
is supposed to hold the list of interfaces is NULL, the function
should just return the count of interfaces that matched the filter,
but the code never increments the count if the list pointer is NULL.
2015-10-02 11:16:11 -04:00
Laine Stump
ead2df32ba interface: fail on OOM from virGetInterface() 2015-10-02 11:16:11 -04:00
Daniel P. Berrange
e3155cac18 libvirt.spec: fix accidental conditional inclusion of polkit docs
In previous change:

  commit 29b5167417
  Author: Jiri Denemark <jdenemar@redhat.com>
  Date:   Tue Aug 4 14:05:52 2015 +0200

    examples: Add example polkit ACL rules

The polkit examples were accidentally added to the spec inside
a %if %{with_network} conditional.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-02 16:08:02 +01:00
Martin Kletzander
41c2aa729f qemu: Use memory-backing-file only when needed
We are using memory-backing-file even when it's not needed, for example
if user requests hugepages for memory backing, but does not specify any
pagesize or memory node pinning.  This causes migrations to fail when
migrating from older libvirt that did not do this.  So similarly to
commit 7832fac847 which does it for
memory-backend-ram, this commit makes is more generic and
backend-agnostic, so the backend is not used if there is no specific
pagesize of hugepages requested, no nodeset the memory node should be
bound to, no memory access change required, and so on.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1266856

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00
Martin Kletzander
a2dba3ceb2 qemu: Add -mem-path even with numa
So since the introduction of the memory-backend-file object until now we
only added '-mem-path' for non-NUMA guests and we used the parameters of
the memory-backend-file object to specify the path to the hugetlbfs
mount.  But hugepages can be also used without memory-backend-file
object, as it used to be before its introduction.  Let's just get this
part of the code back and properly append the '-mem-path' for NUMA
guests as well, but only when the memory backend is not needed.

This parameter is already being applied when no numa is requested and
because we still use memory-object-file unconditionally for
hugepage-backed NUMA guests, this should not fire until later.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00
Martin Kletzander
ad8ab88c91 qemu: Extract -mem-path building into its own function
That function is called qemuBuildMemPathStr() and will be used in
other places in the future.  The change in the test suite is proper due
to the fact that -mem-prealloc makes only sense with -mem-path (from
qemu documentation -- html/qemu-doc.html).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00
Martin Kletzander
5f12b8444c qemu: Move memory size detection to the top of the function
To get rid of very long line and make it more readable.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00
Martin Kletzander
04b57b4ae1 qemu: Move simplification variable to begining of the function
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00
Martin Kletzander
37e85cff06 docs: Add Cuckoo Sandbox into apps.html
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-10-02 16:14:26 +02:00