Commit Graph

579 Commits

Author SHA1 Message Date
Nikolay Shirokovskiy
018b4ae14b vz: add ACL checks to API calls
vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to
move removing domain from domain list from perform to confirm
step. This would further imply adding a flag and check that migration
is in progress to prohibit mistakenly (maliciously) removing domains
on confirm step. vz version of p2p also need to be fixed to include confirm step.
One would also need to add means to cleanup pending migration
on client disconnect as now is has state across several API
calls.

  On the other hand current version of confirm step is totaly
harmless thus it is easier to whitelist it at the moment.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-08-23 19:48:01 +03:00
Nikolay Shirokovskiy
0adc9d26ae remote: rename protocol names for close callbacks
This way we make naming consistent to API calls and make subsequent
ACL checks possible (otherwise ACL check would discover name
discrepancies).

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-23 19:48:01 +03:00
Jovanka Gulicoska
43a6b37b24 Introduce node device update event as top level event
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.

Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
2016-08-15 08:30:56 -04:00
Jovanka Gulicoska
9b13df379c remote: implement node device lifecycle event APIs 2016-08-02 09:52:00 -04:00
Daniel P. Berrange
f3b860e871 remote: convert to typesafe virConf accessors
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-12 09:58:22 +01:00
Daniel P. Berrange
0330848207 Promote storage pool refresh lifecycle event to top level event
The VIR_STORAGE_POOL_EVENT_REFRESHED constant does not
reflect any change in the lifecycle of the storage pool.

It should thus not be part of the storage pool lifecycle
event set, but rather be a top level event in its own
right. Thus we introduce VIR_STORAGE_POOL_EVENT_ID_REFRESH
to replace it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-24 18:26:11 +01:00
Ján Tomko
541bd183f7 Rename virNetClient*AddrString
Add SASL at the end to make the format obvious.
2016-06-23 22:31:20 +02:00
Ján Tomko
0f7eeb20ad Revert "virnetsocket: Provide socket address format in a more standard form"
This partially reverts commit 9b45c9f049.

It changed the default format of socket address from the one SASL
requires, but did not adjust all the callers.

It also removed the test coverage for it.

Revert most of the changes except the virSocketAddrFormatFull support
for URI-formatted strings.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while
reverting the format used by virt-admin's client-info command from
the URI one to the SASL one.

https://bugzilla.redhat.com/show_bug.cgi?id=1345743
2016-06-23 22:15:06 +02:00
Peter Krempa
3ebf7ca07e lib: Add API to set individual vcpu usage in the guest via guest agent
To allow finer-grained control of vcpu state using guest agent this API
can be used to individually set the state of the vCPU.

This will allow to better control NUMA enabled guests and/or test
various vCPU configurations.
2016-06-22 09:25:47 +02:00
Peter Krempa
800244faf3 lib: Add API to query guest vcpu info using guest agent
Add a rather universal API implemented via typed params that will allow
to query the guest agent for the state and possibly other aspects of
guest vcpus.
2016-06-22 08:16:31 +02:00
Peter Krempa
830f9b624d rpcgen: Add support for generating funcs returning alloc'd typed params
Since it's rather tedious to write the dispatchers for functions that
return an array of typed parameters (which are rather common) let's add
some rpcgen code to generate them.
2016-06-22 08:15:45 +02:00
Jovanka Gulicoska
22fb4374da remote: implement storage lifecycle event APIs 2016-06-16 12:22:11 -04:00
Daniel P. Berrange
6d310c9cff remote: allow TLS priority to be customized
Support reading the TLS priority from the client configuration
file via the "tls_priority" config option, eg

 $ cat $HOME/.config/libvirt/libvirt.conf
 tls_priority="NORMAL:-VERS-SSL3.0"

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
5f1837eaca Pass config file object through to driver open methods
The virConnectOpenInternal method opens the libvirt client
config file and uses it to resolve things like URI aliases.

There may be driver specific things that are useful to
store in the config file too, so rather than have them
re-parse the same file, pass the virConfPtr down to the
drivers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
416358d99d remote: allow TLS protocol/cipher priority override in URI
Add support for a "tls_priority" URI parameter in remote
driver URIs. eg

 qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
214489f550 rpc: allow priority string to be passed to TLS context
Extend the virNetTLSContextNew* constructors to allow
the TLS priority string to be passed in, overriding the
compile time default.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Erik Skultety
9b45c9f049 virnetsocket: Provide socket address format in a more standard form
Our socket address format is in a rather non-standard format and that is
because sasl library requires the IP address and service to be delimited by a
semicolon. The string form is a completely internal matter, however once the
admin interfaces to retrieve client identity information are merged, we should
return the socket address string in a common format, e.g. format defined by
URI rfc-3986, i.e. the IP address and service are delimited by a colon and
in case of an IPv6 address, square brackets are added:

Examples:
    127.0.0.1:1234
    [::1]:1234

This patch changes our default format to the one described above, while adding
separate methods to request the non-standard SASL format using semicolon as a
delimiter.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Cole Robinson
84371303d8 remote: Don't reject remote polkit if client lacks support
If you compile a client --without-polkit, and connect to a URI that needs
polkit auth, the connection will fail with:

$ ./tools/virsh --connect qemu+ssh://crobinso@machine/system
error: failed to connect to the hypervisor
error: authentication failed: unsupported authentication type 2

This is because the client side portion of the polkit handling is
compiled out. However, nothing polkit specific is actually required
of the client.

Fix that error by unconditionally compiling the basic polkit client
handling.

https://bugzilla.redhat.com/show_bug.cgi?id=635529
2016-04-26 11:43:33 -04:00
Peter Krempa
5be120710e Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVAL_FAILED event
Since we didn't opt to use one single event for device lifecycle for a
VM we are missing one last event if the device removal failed. This
event will be emitted once we asked to eject the device but for some
reason it is not possible.
2016-04-13 13:26:29 +02:00
Michal Privoznik
3b6c818532 virDomain{Get,Set}PerfEvents: Add @flags argument
I've noticed that these APIs are missing @flags argument. Even
though we don't have a use for them, it's our policy that every
new API must have @flags.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-31 07:24:36 +02:00
Michal Privoznik
46a5d1938e remoteDomainGetPerfEvents: Re-indent
There are few lines off the indentation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-03-31 07:24:36 +02:00
Qiaowei Ren
dd00767cbd perf: implement the remote protocol for perf event
Add remote support for perf event.

Signed-off-by: Qiaowei Ren <qiaowei.ren@intel.com>
Message-id: 1459171833-26416-3-git-send-email-qiaowei.ren@intel.com
2016-03-29 13:13:05 +01:00
Cristian Klein
1a1246ec7d Add public APIs for post-copy migration
To use post-copy one has to start the migration with
VIR_MIGRATE_POSTCOPY flag and, while migration is in progress, call
virDomainMigrateStartPostCopy() to switch from pre-copy to post-copy.

Signed-off-by: Cristian Klein <cristiklein@gmail.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-03-21 15:15:46 +01:00
Martin Kletzander
42b85f173d remote: Generate what's possible
Since gendisplatch can now generate "modern" *ListAll* functions, let
them all be generated.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-03-11 12:58:41 +01:00
Jiri Denemark
f289300181 Introduce job completed event
The VIR_DOMAIN_EVENT_ID_JOB_COMPLETED event will be triggered once a job
(such as migration) finishes and it will contain statistics for the job
as one would get by calling virDomainGetJobStats. Thanks to this event
it is now possible to get statistics of a completed migration of a
transient domain on the source host.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-03-08 16:26:00 +01:00
Nikolay Shirokovskiy
f484310add daemon: add connection close rpc
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-03-01 14:18:16 +00:00
Nikolay Shirokovskiy
ec4ef72c13 remote: factor out feature checks on connection open
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-03-01 14:18:16 +00:00
Nikolay Shirokovskiy
88f09b75eb close callback: move it to driver
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-03-01 14:17:38 +00:00
Nikolay Shirokovskiy
24dbb69f21 factor out virConnectCloseCallbackDataPtr methods
Make register and unregister functions return void because
we can check the state of callback object beforehand via
virConnectCloseCallbackDataGetCallback. This can be done
without race conditions if we use higher level locks for registering
and unregistering. The fact they return void simplifies
task of consistent registering/unregistering.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-03-01 14:16:56 +00:00
Joao Martins
d9c57ca9f9 remote: enforce VIR_TYPED_PARAM_STRING_OKAY flag on client side serialization
Commit 8cd1d54 consolidates both daemon and remote driver typed param
serialization functions. The consolidation now enforces client to use
VIR_TYPED_PARAM_STRING_OKAY flag to properly serialize string parameters, which
server has used for quite some time now. And this caused an issue, since the
commit had not adjusted client remote calls appropriately, thus causing a
failure in blkiotune, numatune and migration APIs (as per Xen CI tests). This
patch adjusts both remote_driver.c and gendispatch.pl to properly address this
issue.

http://lists.xenproject.org/archives/html/xen-devel/2016-02/msg01012.html

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-02-08 14:59:54 +01:00
Erik Skultety
8cd1d546e6 util: Export remoteSerializeTypedParameters internally via util
Same as for deserializer, this method might get handy for admin one day.
The major reason for this patch is to stay consistent with idea, i.e.
when deserializer can be shared, why not serializer as well. The only
problem to be solved was that the daemon side serializer uses a code
snippet which handles sparse arrays returned by some APIs as well as
removes any string parameters that can't be returned to older clients.
This patch makes of the new virTypedParameterRemote datatype introduced
by one of the pvious patches.
2016-02-03 15:46:45 +01:00
Erik Skultety
9afc115f73 util: Export remoteFreeTypedParameters internally via util
Since the method is static to remote_driver, it can't even be used by our
daemon. Other than that, it would be useful to be able to use it with admin as
well. This patch uses the new virTypedParameterRemote datatype introduced in
one of previous patches.
2016-02-03 15:46:45 +01:00
Erik Skultety
0472cef685 util: Export remoteDeserializeTypedParameters internally via util
Currently, the deserializer is hardcoded into remote_driver which makes
it impossible for admin to use it. One way to achieve a shared implementation
(besides moving the code to another module) would be pass @ret_params_val as a
void pointer as opposed to the remote_typed_param pointer and add a new extra
argument specifying which of those two protocols is being used and typecast
the pointer at the function entry. An example from remote_protocol:

struct remote_typed_param_value {
        int type;
        union {
                int i;
                u_int ui;
                int64_t l;
                uint64_t ul;
                double d;
                int b;
                remote_nonnull_string s;
        } remote_typed_param_value_u;
};
typedef struct remote_typed_param_value remote_typed_param_value;

struct remote_typed_param {
        remote_nonnull_string field;
        remote_typed_param_value value;
};

That would leave us with a bunch of if-then-elses that needed to be used across
the method. This patch takes the other approach using the new datatype
introduced in one of earlier commits.
2016-02-03 15:46:45 +01:00
Jiri Denemark
0b50f4a025 Introduce migration iteration event
The VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION event will be triggered
whenever VIR_DOMAIN_JOB_MEMORY_ITERATION changes its value, i.e.,
whenever a new iteration over guest memory pages is started during
migration.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-01-21 16:36:08 +01:00
Jasper Lievisse Adriaanse
2b6f6ad64b Unify int types handling in protocol files
Some of the protocol files already include handing of the missing int
types such as xdr_uint64_t, some don't. To fix it everywhere, move out
of the appropriate defines to the utils/virxdrdefs.h file and include
it where needed.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
2016-01-11 19:56:06 +03:00
Martin Kletzander
53704bf24e Change name of the domain upon successful rename
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-09-04 18:55:01 +02:00
Michal Privoznik
e689300770 remoteClientCloseFunc: Don't mangle connection object refcount
Well, in 8ad126e6 we tried to fix a memory corruption problem.
However, the fix was not as good as it could be. I mean, the
commit has one line more than it should. I've noticed this output
just recently:

  # ./run valgrind --leak-check=full --show-reachable=yes ./tools/virsh domblklist gentoo
  ==17019== Memcheck, a memory error detector
  ==17019== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
  ==17019== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
  ==17019== Command: /home/zippy/work/libvirt/libvirt.git/tools/.libs/virsh domblklist gentoo
  ==17019==
  Target     Source
  ------------------------------------------------
  fda        /var/lib/libvirt/images/fd.img
  vda        /var/lib/libvirt/images/gentoo.qcow2
  hdc        /home/zippy/tmp/install-amd64-minimal-20150402.iso

  ==17019== Thread 2:
  ==17019== Invalid read of size 4
  ==17019==    at 0x4EFF5B4: virObjectUnref (virobject.c:258)
  ==17019==    by 0x5038CFF: remoteClientCloseFunc (remote_driver.c:552)
  ==17019==    by 0x5069D57: virNetClientCloseLocked (virnetclient.c:685)
  ==17019==    by 0x506C848: virNetClientIncomingEvent (virnetclient.c:1852)
  ==17019==    by 0x5082136: virNetSocketEventHandle (virnetsocket.c:1913)
  ==17019==    by 0x4ECD64E: virEventPollDispatchHandles (vireventpoll.c:509)
  ==17019==    by 0x4ECDE02: virEventPollRunOnce (vireventpoll.c:658)
  ==17019==    by 0x4ECBF00: virEventRunDefaultImpl (virevent.c:308)
  ==17019==    by 0x130386: vshEventLoop (vsh.c:1864)
  ==17019==    by 0x4F1EB07: virThreadHelper (virthread.c:206)
  ==17019==    by 0xA8462D3: start_thread (in /lib64/libpthread-2.20.so)
  ==17019==    by 0xAB441FC: clone (in /lib64/libc-2.20.so)
  ==17019==  Address 0x139023f4 is 4 bytes inside a block of size 240 free'd
  ==17019==    at 0x4C2B1F0: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==17019==    by 0x4EA8949: virFree (viralloc.c:582)
  ==17019==    by 0x4EFF6D0: virObjectUnref (virobject.c:273)
  ==17019==    by 0x4FE74D6: virConnectClose (libvirt.c:1390)
  ==17019==    by 0x13342A: virshDeinit (virsh.c:406)
  ==17019==    by 0x134A37: main (virsh.c:950)

The problem is, when registering remoteClientCloseFunc(), it's
conn->closeCallback which is ref'd. But in the function itself
it's conn->closeCallback->conn what is unref'd. This is causing
imbalance in reference counting. Moreover, there's no need for
the remote driver to increase/decrease conn refcount since it's
not used anywhere. It's just merely passed to client registered
callback. And for that purpose it's correctly ref'd in
virConnectRegisterCloseCallback() and then unref'd in
virConnectUnregisterCloseCallback().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-09-03 16:19:47 +02:00
Martin Kletzander
e4c8b67024 protocol: Don't use rename as a variable name
That causes shadowing errors on older compilers.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-08-15 17:15:33 +02:00
Tomas Meszaros
9f7a559a6d Introduce virDomainRename API
Also, among with this new API new ACL that restricts rename
capability is invented too.

Signed-off-by: Tomas Meszaros <exo@tty.sk>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-08-14 10:50:20 +02:00
Daniel P. Berrange
afe69e6582 remote: fix typo in remoteDomainOpenGraphicsFD
The remoteDomainOpenGraphicsFD method was using the wrong RPC
arg struct remote_domain_open_graphics_args instead of
remote_domain_open_graphics_fd_args. Fortunately both structs
had identical contents so there was no functional bug, but to
avoid confusing future maintainers, we should fix it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-07-27 12:53:36 +01:00
Daniel P. Berrange
d587704cc7 rpc: allow selection of TCP address family
By default, getaddrinfo() will return addresses for both
IPv4 and IPv6 if both protocols are enabled, and so the
RPC code will listen/connect to both protocols too. There
may be cases where it is desirable to restrict this to
just one of the two protocols, so add an 'int family'
parameter to all the TCP related APIs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-06-11 12:11:18 +01:00
Ján Tomko
e8982c88bd Introduce virDomainSetUserPassword API
For setting passwords of users inside the domain.

With the VIR_DOMAIN_PASSWORD_ENCRYPTED flag set, the password
is assumed to be already encrypted by the method required
by the guest OS.

https://bugzilla.redhat.com/show_bug.cgi?id=1174177
2015-05-21 16:04:01 +02:00
John Ferlan
5bb343f355 remote: Add support for AddIOThread and DelIOThread
Add remote support for the add/delete IOThread API's
2015-04-27 12:36:36 -04:00
Ján Tomko
1882c0bd8d Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event
The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED.

https://bugzilla.redhat.com/show_bug.cgi?id=1206114
2015-04-15 17:06:01 +02:00
Ján Tomko
a96b68e7a4 Rename DomainGetIOThreadsInfo to DomainGetIOThreadInfo
While it returns info about multiple threads, the version
without the plural is easier to read.
2015-03-26 16:11:10 +01:00
Ján Tomko
cf8b828a72 Rename virDomainIOThreadsInfoFree to virDomainIOThreadInfoFree
This function only frees the info for one thread.
2015-03-26 16:11:10 +01:00
Michal Privoznik
3640245db7 RPC: Allow HW address in remote_domain_interface struct to be NULL
Not all NICs (esp. the virtual ones like TUN) must have a hardware
address. Teach our RPC that it's possible.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-03-18 09:12:36 +01:00
Nehal J Wani
71546d1798 domifaddr: Implement the remote protocol
daemon/remote.c
   * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses

src/remote/remote_driver.c
   * Define remoteDomainInterfaceAddresses

src/remote/remote_protocol.x
   * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES
   * Define structs remote_domain_ip_addr, remote_domain_interface,
     remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret
   * Introduce upper bounds (to handle DoS attacks):
     REMOTE_DOMAIN_INTERFACE_MAX = 2048
     REMOTE_DOMAIN_IP_ADDR_MAX = 2048
     Restrictions on the maximum number of aliases per interface were
     removed after kernel v2.0, and theoretically, at present, there
     are no upper limits on number of interfaces per virtual machine
     and on the number of IP addresses per interface.

src/remote_protocol-structs
   * New structs added

Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>
2015-03-17 15:15:38 +00:00
John Ferlan
d8977b8ea3 remote: Implement the plumbing for virDomainPinIOThread
Implement the remote plumbing.
2015-03-11 12:23:33 -04:00
John Ferlan
1e5a8ddc81 remote: Implement the remote plumbing for virDomainGetIOThreadsInfo
Implement the remote plumbing for virDomainGetIOThreadsInfo

Signed-off-by: John Ferlan <jferlan@redhat.com>
2015-03-06 06:49:32 -05:00