Commit Graph

11828 Commits

Author SHA1 Message Date
Eric Blake
8d59a025bb install: fix virtlockd installation
The virtlockd daemon scripts were lousy, when compared to their
counterparts in daemon/Makefile.am.  In particular, when init
scripts were selected, this resulted in 'make distcheck' failing
due to failure to clean up src/virtlockd.init.

* src/Makefile.am (install-systemd): Fix dependencies.  Use MKDIR_P.
(uninstall-systemd): Remove empty directory.  Use fewer processes.
(install-init, install-sysconfig): Use MKDIR_P.
(uninstall-init): Remove correct file, and also empty directory.
(uninstall-sysconfig): Remove empty directory.
(DISTCLEANFILES): Clean up trivially built sources.
2012-12-14 06:27:10 -07:00
Michał Łomnicki
c86f53d5b2 docs: Fix location of libvirt.conf and auth.conf
For a unprivileged user libvirt.conf and auth.conf are looked up in
$XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.
2012-12-14 13:35:03 +01:00
Laine Stump
9cf8734e7c qemu: don't fail update netdev on bridge detach failure
When a network device's bridge connection is changed by
virDomainUpdateDevice, libvirt first removes the netdev's tap from its
old bridge, then adds it to the new bridge. Sometimes, due to a
network being destroyed while a guest device is still attached, the
tap may already be "removed" from the old bridge (or the old bridge
may not even exist any more); the existing code was needlessly failing
the update when this happened, making it impossible to recover from
the situation without completely detaching (i.e. removing) the netdev
from the guest and re-attaching.

Instead of failing the entire operation when removal of the tap from
the old bridge fails, this patch changes qemuDomainChangeNetBridge to
just log a warning and continue, allowing a reasonable recover from
the situation.

(you'll appreciate this change if you ever accidentally destroy a
network while your guests are still using it).
2012-12-14 07:14:10 -05:00
Jiri Denemark
b4f20d07e2 spec: Include lockd files in libvirt-daemon package 2012-12-14 11:59:37 +01:00
Jiri Denemark
2e59e1207a build: Install both qemu-lockd.conf and qemu-sanlock.conf
With sanlock enabled, only one of those files was installed.
2012-12-14 11:59:37 +01:00
Eric Blake
c0a8056ee2 build: use fewer cat processes
* src/Makefile.am (libvirt.syms): Let cat loop for us.
2012-12-13 15:45:40 -07:00
Ján Tomko
b28fb61fd7 selinux: fix NULL dereference in GetSecurityMountOptions
In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
is set to NULL, then dereferenced while printing the debug message.
2012-12-13 15:41:44 -07:00
Jiri Denemark
912a4e9c06 build: Distribute more files 2012-12-13 23:17:34 +01:00
Jiri Denemark
809473ba6c locking: Fix VPATH build and distribute generated files 2012-12-13 23:17:34 +01:00
Laine Stump
d66eb78667 network: prevent dnsmasq from listening on localhost
This patch resolves the problem reported in:

   https://bugzilla.redhat.com/show_bug.cgi?id=886663

The source of the problem was the fix for CVE 2011-3411:

   https://bugzilla.redhat.com/show_bug.cgi?id=833033

which was originally committed upstream in commit
753ff83a50. That commit improperly
removed the "--except-interface lo" from dnsmasq commandlines when
--bind-dynamic was used (based on comments in the latter bug).

It turns out that the problem reported in the CVE could be eliminated
without removing "--except-interface lo", and removing it actually
caused each instance of dnsmasq to listen on localhost on port 53,
which created a new problem:

If another instance of dnsmasq using "bind-interfaces" (instead of
"bind-dynamic") had already been started (or if another instance
started later used "bind-dynamic"), this wouldn't have any immediately
visible ill effects, but if you tried to start another dnsmasq
instance using "bind-interfaces" *after* starting any libvirt
networks, the new dnsmasq would fail to start, because there was
already another process listening on port 53.

(Subsequent to the CVE fix, another patch changed the network driver
to put dnsmasq options in a conf file rather than directly on the
dnsmasq commandline, but preserved the same options.)

This patch changes the network driver to *always* add
"except-interface=lo" to dnsmasq conf files, regardless of whether we use
bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
are listening on localhost (and the CVE is still fixed).

The actual code change is miniscule, but must be propogated through all
of the test files as well.
2012-12-13 12:15:03 -05:00
Jiri Denemark
d0d3e92d0b build: Fix VPATH build
$(srcdir) is already part of $$file since commit f1f9a7ac7e.
2012-12-13 17:06:36 +01:00
Ján Tomko
8d0e7eb4c1 virsh: use vshReconnect for non-default connections too
For non-default connections (specified by the environment variable or
the command line option) we call virConnectOpenAuth without registering
the vshCatchDisconnect callback.

This calls vshReconnect instead which takes care of it.
2012-12-13 16:39:38 +01:00
Ján Tomko
d94b501b7b virsh: don't lie about reconnection in vshReconnect
Since we (ab)use vshReconnect for the default URI connection, if it
fails it might print 'Failed to reconnect to the hypervisor' even if we
were never connected before.

This changes it to only mention reconnection on the first try after
getting disconnected.
2012-12-13 16:39:38 +01:00
Daniel P. Berrange
64f0e145c1 Add support for locking based on SCSI volume ID 2012-12-13 15:26:58 +00:00
Daniel P. Berrange
565d040f43 Add support for locking based on LVM volume uuid 2012-12-13 15:26:58 +00:00
Daniel P. Berrange
f14fdae368 Add ability to maintain disk leases indirectly
The default lockd driver behavour is to acquire leases
directly on the disk files. This introduces an alternative
mode, where leases are acquire indirectly on a file that
is based on a SHA256 hash of the disk filename.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
eb8268a4f6 Add a virtlockd client as a lock driver impl
This adds a 'lockd' lock driver which is just a client which
talks to the lockd daemon to perform all locking. This will
be the default lock driver for any hypervisor which needs one.

* src/Makefile.am: Add lockd.so plugin
* src/locking/lock_driver_lockd.c: Lockd driver impl

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
f234dc9366 Add support for re-exec() of virtlockd upon SIGUSR1
The virtlockd daemon maintains file locks on behalf of libvirtd
and any VMs it is running. These file locks must be held for as
long as any VM is running. If virtlockd itself ever quits, then
it is expected that a node would be fenced/rebooted. Thus to
allow for software upgrads on live systemd, virtlockd needs the
ability to re-exec() itself.

Upon receipt of SIGUSR1, virtlockd will save its current live
state out to a file /var/run/virtlockd-restart-exec.json
It then re-exec()'s itself with exactly the same argv as it
originally had, and loads the state file, reconstructing any
objects as appropriate.

The state file contains information about all locks held and
all network services and clients currently active. An example
state document is

 {
    "server": {
        "min_workers": 1,
        "max_workers": 20,
        "priority_workers": 0,
        "max_clients": 20,
        "keepaliveInterval": 4294967295,
        "keepaliveCount": 0,
        "keepaliveRequired": false,
        "services": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_client_max": 1,
                "socks": [
                    {
                        "fd": 6,
                        "errfd": -1,
                        "pid": 0,
                        "isClient": false
                    }
                ]
            }
        ],
        "clients": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 9,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1722,
                    "ownerId": 6,
                    "ownerName": "f18x86_64",
                    "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
                }
            },
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 10,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1784,
                    "ownerId": 7,
                    "ownerName": "f16x86_64",
                    "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
                }
            }
        ]
    },
    "defaultLockspace": {
        "resources": [
            {
                "name": "/var/lib/libvirt/images/f16x86_64.raw",
                "path": "/var/lib/libvirt/images/f16x86_64.raw",
                "fd": 14,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/shared.img",
                "path": "/var/lib/libvirt/images/shared.img",
                "fd": 12,
                "lockHeld": true,
                "flags": 1,
                "owners": [
                    1722,
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/f18x86_64.img",
                "path": "/var/lib/libvirt/images/f18x86_64.img",
                "fd": 11,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1722
                ]
            }
        ]
    },
    "lockspaces": [

    ],
    "magic": "30199"
 }

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
74c0353e4f Enable systemd socket activation with virtlockd
This enhancement virtlockd so that it can receive a pre-opened
UNIX domain socket from systemd at launch time, and adds the
systemd service/socket unit files

* daemon/libvirtd.service.in: Require virtlockd to be running
* libvirt.spec.in: Add virtlockd systemd files
* src/Makefile.am: Install systemd files
* src/locking/lock_daemon.c: Support socket activation
* src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
  systemd unit files
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
  Add virNetServerServiceNewFD() method
* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
  method

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
0e49b83912 Implement dispatch functions for lock protocol in virtlockd
Introduce a lock_daemon_dispatch.c file which implements the
server side dispatcher the RPC APIs previously defined in the
lock protocol.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
ad39fd83a8 Define a wire protocol for talking to the virtlockd daemon
The virtlockd daemon will be responsible for managing locks
on virtual machines. Communication will be via the standard
RPC infrastructure. This provides the XDR protocol definition

* src/locking/lock_protocol.x: Wire protocol for virtlockd
* src/Makefile.am: Include lock_protocol.[ch] in virtlockd

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
c57e3d8994 Introduce basic infrastructure for virtlockd daemon
The virtlockd daemon will maintain locks on behalf of libvirtd.
There are two reasons for it to be separate

 - Avoid risk of other libvirtd threads accidentally
   releasing fcntl() locks by opening + closing a file
   that is locked
 - Ensure locks can be preserved across libvirtd restarts.
   virtlockd will need to be able to re-exec itself while
   maintaining locks. This is simpler to achieve if its
   sole job is maintaining locks

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
f199f75e9b Refactor creation of lock manager plugins
Refactor virLockManagerPluginNew() so that the caller does
not need to pass in the config file path itself - just the
config directory and driver name.

Fix QEMU to actually pass in a config file when creating the
default lock manager plugin, rather than NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange
41ac222e52 Fix error reporting when fetching SCSI/LVM keys
The current  virStorageFileGet{LVM,SCSI}Key methods return
the key as the return value. Unfortunately it is desirable
for "NULL" to be a valid return value, as well as an error
indicator. Thus the returned key must instead be provided
as an out-parameter.

When we invoke lvs or scsi_id to extract ID for block devices,
we don't want virCommandWait logging errors messages. Thus we
must explicitly check 'status != 0', rather than letting
virCommandWait do it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Jim Fehlig
f6b5ed5ef0 Support network boot for HVM guests in libxl
The libxl driver ignored boot devices in the domain config,
preventing PXE booting HVM domains.  This patch accounts for
user-specified boot devices when building the libxl domain
configuration.
2012-12-13 08:05:12 -07:00
Daniel P. Berrange
32bef82a2d Fix probing of QED file format
The QED file format is non-versioned, so although the magic
value matched, libvirt rejected it due to lack of a version
number to compare against. We need to distinguish this case
by allowing a value of '-2' to indicate a non-versioned file
where only the magic is required to match

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:01:38 +00:00
Daniel P. Berrange
24643c780b Add lots of debugging to storage file probing code
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:01:25 +00:00
Daniel P. Berrange
dfba37048a Log warning if storage magic matches, but version does not
To help us detect when new storage file versions come into
existance log a warning if the storage file magic matches,
but the version does not

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:00:12 +00:00
Daniel P. Berrange
f6bd0a8899 Fix memory leak in QEMU QMP capabilities initialization
The qemuCapsInitQMP method never frees the QEMU 'package'
version string.
2012-12-13 14:45:53 +00:00
Daniel P. Berrange
cc5c7f9865 Change virCgroupGetAppRoot stub on non-Linux to avoid unused param warning
Fully stub out the virCgroupGetAppRoot method as done with other
methods in the file, rather than just the body. This lets us
annotate the unused parameter to avoid a warning
2012-12-13 13:11:44 +00:00
Eric Blake
7339bc4ced network: match xml warning message
I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
it was intended to match the wording in src/util/xml.c.

* src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
* tests/networkxml2confdata/*.conf: Update accordingly.
2012-12-12 15:12:58 -07:00
Roman Bogorodskiy
9a2f36ec04 Qemu FreeBSD: fix compilation
* Autotools changes:
  - Don't assume Qemu is Linux-only
  - Check Linux headers only on Linux
  - Disable firewalld on FreeBSD
* Initctl:
  Initctl seem to present only on Linux, so stub it on other platforms
* Raw I/O: Linux-only as well
* Headers cleanup
2012-12-12 11:59:53 -07:00
Roman Bogorodskiy
b467e9323c Drop mntent.h include.
It's no longer used and also causes build fail on FreeBSD.
2012-12-12 11:07:24 -07:00
Viktor Mihajlovski
f1f9a7ac7e Fix make check with different object directory
make check fails in check-symsorting if configure is not run in
the source directory. Prefixing symfile names with $(srcdir)
fixes this.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-12-12 16:15:25 +00:00
Peter Krempa
ed0bfd04f8 qemu: Improve error reporting from qemuDomainManagedSaveRemove
Report an error if unlink of the managedsave file fails.
2012-12-12 14:34:12 +01:00
Peter Krempa
a02579141e qemu: Small code cleanups in the managedsave functions
Save a few lines moving assignments into conditions and fix braces
position.
2012-12-12 14:34:12 +01:00
Peter Krempa
2745177b34 qemu: Refactor managed save functions to use domain lookup helpers 2012-12-12 14:34:12 +01:00
Peter Krempa
7fc06b0480 qemu: Add a new domain lookup helper and improve the docs
This patch adds a new domain lookup helper qemuDomObjFromDomainDriver
that lookups the domain and leaves the driver locked. The driver is
returned as the second argument of that function. If the lookup fails
the driver is unlocked to help avoid cleanup codepaths.

This patch also improves docs for the helpers.
2012-12-12 14:34:12 +01:00
Peter Krempa
ab8d323319 util: Fix warning message in previous patch
I didn't notice the extra "does" in the previous patch. Remove it.
2012-12-12 14:19:03 +01:00
Peter Krempa
96460a1987 util: rework error reporting in virGet(User|Group)IDByName
This patch gets rid of the undeterministic error reporting code done on
return values of get(pw|gr)nam_r. With this patch, if the group record
is not returned by the corresponding function this error is not
considered fatal even if errno != 0. The error is logged in such case.
2012-12-12 14:06:59 +01:00
Daniel P. Berrange
9cdd9ea20e Refactor virDomainHostdevFind method
Move the code for matching hostdev instances out of virDomainHostdevFind
and into virDomainHostdevMatch method, which in turn calls out to other
helper methods depending on the type of hostdev.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 12:27:53 +00:00
Daniel P. Berrange
50897ffbb6 Slightly refactor hostdev parsing / formating
Rename virDomainHostdevPartsParse to virDomainHostdevDefParseSubsys
to reflect the fact that it only deals with hostdevs uing the
traditional mode=subsystem, and not mode=capabilities

Rename virDomainHostSourceFormat to virDomainHostdevDefFormatSubsys
for the same reason.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 12:26:53 +00:00
Daniel P. Berrange
3f0010a673 Remove bogus const return values in storage file APIs
virStorageFileGetLVMKey and virStorageFileGetSCSIKey
both return heap allocated strings, so the return value
should not be marked const.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 10:50:55 +00:00
Daniel P. Berrange
64212ed20e Add missing export of virStorageFileGetLVMKey & virStorageFileGetSCSIKey 2012-12-12 10:50:11 +00:00
Daniel P. Berrange
a8c8685eaa Fix sorting of libvirt_private.syms and add syntax check rule
Add check-symsorting.pl to perform case-insensitive alphabetical
sorting of groups of symbols. Fix all violations it reports

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 10:45:37 +00:00
Cole Robinson
7b97030ad4 uml: Report error if inotify fails on driver startup 2012-12-11 20:03:08 -05:00
Cole Robinson
d13155c20c tools: Only install guests init script if --with-init=script=redhat
Most of this deals with moving the libvirt-guests.sh script which
does all the work to /usr/libexec, so it can be shared by both
systemd and traditional init. Previously systemd depended on
the script being in /etc/init.d

Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747
2012-12-11 19:54:37 -05:00
Serge Hallyn
a4e44e674e add vnc unix sockets to apparmor policy
When using vnc gaphics over a unix socket, virt-aa-helper needs to provide
access for the qemu domain to access the sockfile.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2012-12-11 14:32:39 -07:00
Serge Hallyn
88bd1a644b add security hook for permitting hugetlbfs access
When a qemu domain is backed by huge pages, apparmor needs to grant the domain
rw access to files under the hugetlbfs mount point.  Add a hook, called in
qemu_process.c, which ends up adding the read-write access through
virt-aa-helper.  Qemu will be creating a randomly named file under the
mountpoint and unlinking it as soon as it has mmap()d it, therefore we
cannot predict the full pathname, but for the same reason it is generally
safe to provide access to $path/**.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2012-12-11 14:27:20 -07:00
Eric Blake
cdf1a372c6 maint: mention when HACKING is rebuilt during make
I noticed that on Fedora 18, xlstproc decides to regenerate
HACKING with additional whitespace.  I haven't figured out why
that is happening (although fixing it would probably be a task
for xlstproc), but in the process of investigating, I noticed
that 'make HACKING' was completely silent, for no good reason.

* Makefile.am (gen-ChangeLog, gen-AUTHORS, NEWS)
($(top_srcdir)/HACKING): Mention which files we are generating.
2012-12-11 13:35:33 -07:00