Commit Graph

17734 Commits

Author SHA1 Message Date
Michal Privoznik
92b0577db2 virNodeAllocPages: Disallow RO connection
Due to a missing check the API can be successfully called even if
the connection is ReadOnly. Fortunately, the API hasn't been
released yet, so there's no need for a CVE.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 17:12:46 +02:00
Dmitry Guryanov
e7bb373fdf parallels: login to parallels SDK
Add files parallels_sdk.c and parallels_sdk.h for code
which works with SDK, so libvirt's code will not mix with
dealing with parallels SDK.

To use Parallels SDK you must first call PrlApi_InitEx function,
and then you will be able to connect to a server with
PrlSrv_LoginLocalEx function. When you've done you must call
PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen,
count number of connections and deinitialize, when this counter
becomes zero.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-09-25 15:42:32 +02:00
Dmitry Guryanov
64018e0c83 parallels: build with parallels SDK
Executing prlctl command is not an optimal way to interact with
Parallels Cloud Server (PCS), it's better to use parallels SDK,
which is a remote API to paralles dispatcher service.

We prepared opensource version of this SDK and published it on
github, it's distributed under LGPL license. Here is a git repo:
https://github.com/Parallels/parallels-sdk.

To build with parallels SDK user should get compiler and linker
options from pkg-config 'parallels-sdk' file. So fix checks in
configure script and build with parallels SDK, if that pkg-config
file exists and add gcc options to makefile.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-09-25 15:42:32 +02:00
Michal Privoznik
cb5de6552e virnetserver: Raise log level of max_clients related messages
We have these configuration knobs, like max_clients and
max_anonymous_clients. They limit the number of clients
connected.  Whenever the limit is reached, the daemon stops
accepting new ones and resumes if one of the connected clients
disconnects. If that's the case, a debug message is printed into
the logs. And when the daemon starts over to accept new clients
too. However, the problem is the messages have debug priority.
This may be unfortunate, because if the daemon stops accepting
new clients all of a sudden, and users don't have debug logs
enabled they have no idea what's going on. Raise the messages
level to INFO at least.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 13:45:29 +02:00
Pavel Hrdina
c4b4b13ccb polkit_driver: fix possible segfault
The changes in commit c7542573 introduced possible segfault. Looking
deeper into the code and the original code before the patch series were
applied I think that we should report error for each function failure
and also we shouldn't call some of the function twice.

Found by coverity.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 12:53:37 +02:00
Pavel Hrdina
18fc3199c2 blkdeviotune: trigger tunable event for blkdeviotune updates
Use the universal tunable event to report changes to user. All
blkdeviotune values are prefixed with "blkdeviotune".

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 11:50:13 +02:00
Pavel Hrdina
783fe9ca8c blkdeviotune: fix bug with saving values into live XML
When you updated some blkdeviotune values for running domain the values
were stored only internally, but not saved into the live XML so they
won't survive restarting the libvirtd.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 11:50:03 +02:00
Pavel Hrdina
dd0ce57386 Fix build without polkit
The commit 1b854c76 introduced a new function 'virPolkitCheckAuth' and
in the #else section when you don't have polkit all attributes should be
follwed by ATTRIBUTE_UNUSED.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 10:59:43 +02:00
Pavel Hrdina
ceb7c90e69 tunable_event: extend debug message and tweak limit for remote message
It would be nice to also print a params pointer and number of params in
the debug message and the previous limit for number of params in the rpc
message was too large. The 2048 params will be enough for future events.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-25 10:56:04 +02:00
Michal Privoznik
3426d380bf virsh: Expose virNodeAllocPages
The new virsh command is named 'allocpages'.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:45 +02:00
Michal Privoznik
0228fa11c0 nodeinfo: Implement nodeAllocPages
And add stubs to other drivers like: lxc, qemu, uml and vbox.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:45 +02:00
Michal Privoznik
d1fd4a9b3b virnuma: Introduce virNumaSetPagePoolSize
This internal API can be used to allocate or free some pages in
the huge pages pool.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:45 +02:00
Michal Privoznik
fa5c5580d6 Introduce virNodeAllocPages
A long time ago in a galaxy far, far away it has been decided
that libvirt will manage not only domains but host as well. And
with my latest work on qemu driver supporting huge pages, we miss
the cherry on top: an API to allocate huge pages on the run.
Currently users are forced to log into the host and adjust the
huge pages pool themselves.  However, with this API the problem
is gone - they can both size up and size down the pool.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:44 +02:00
Michal Privoznik
4aa8a68faa nodeGetFreePages: Push forgotten change
In the previous patch I've changed the for loop bounds but forgot
to 'git add' changes that adapt the rest of the code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-25 10:24:44 +02:00
Cole Robinson
d3489548b5 security: Fix labelling host devices (bz 1145968)
The check for ISCSI devices was missing a check of subsys type, which
meant we could skip labelling of other host devices as well. This fixes
USB hotplug on F21

https://bugzilla.redhat.com/show_bug.cgi?id=1145968
2014-09-24 17:04:28 -04:00
Pavel Hrdina
b8b3c56566 Fix MinGW build
When building on mingw the format string for long long/unsigned long
long have to be I64d/I64u instead of lld/llu.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-24 17:16:32 +02:00
Daniel P. Berrange
308c0c5a95 Convert polkit code to use DBus API instead of CLI helper
Spawning the pkcheck program every time a permission check is
required is hugely expensive on CPU. The pkcheck program is just
a dumb wrapper for the DBus API, so rewrite the code to use the
DBus API directly. This also simplifies error handling a bit.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
88a2dc1f4c Support passing dict by reference for dbus messages
Currently DBus dict values must be passed inline

   virDBusMessageEncode("a{ss}",
                        3,
                        "key1", "val1",
                        "key2", "val2",
                        "key3", "val3");
   virDBusMessageDecode("a{ss}",
                        3,
                        &key1, &val1,
                        &key2, &val2,
                        &key3, &val3);

This allows them to be passed by reference

   const char **dictin = {
      "key1", "val1",
      "key2", "val2",
      "key3", "val3"
   };
   char **dictout;
   size_t ndictout;

   virDBusMessageEncode("a&{ss}",
                        ARRAY_CARDINALITY(dict) / 2,
                        dictin);
   virDBusMessageDecode("a&{ss}",
                        &ndictout,
                        &dictout);

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
c754257347 Convert remote daemon & acl code to use polkit API
Convert the remote daemon auth check and the access control
code to use the common polkit API for checking auth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
64a5dc1b6a Convert callers to use typesafe APIs for getting identity attrs
Convert virAccessDriverPolkitFormatProcess to use typesafe API
for getting process ID attribute.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
5282ed8d1c Convert callers to use typesafe APIs for setting identity attrs
Update virNetServerClientCreateIdentity and virIdentityGetSystem
to use the new typesafe APIs for setting identity attributes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
b4b41521fa Add typesafe APIs for virIdentity attributes
Instead of requiring the caller to format to/from strings,
add typesafe APIs todo this work.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
1b854c76c7 Add common API for doing polkit authentication
There are now two places in libvirt which use polkit. Currently
they use pkexec, which is set to be replaced by direct DBus API
calls. Add a common API which they will both be able to use for
this purpose.

No tests are added at this time, since the impl will be gutted
in favour of a DBus API call shortly.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Ján Tomko
2d79e1752a qemu: wire up virtio-net segment offloading options
Format the segment offloading options specified by
<driver>
  <host .../>
  <guest .../>
</driver>
on virtio-net command line.
2014-09-24 16:16:45 +02:00
Ján Tomko
5b3536ae90 conf: add options for disabling segment offloading
Add options for tuning segment offloading:
<driver>
  <host csum='off' gso='off' tso4='off' tso6='off'
        ecn='off' ufo='off'/>
  <guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>
</driver>
which control the respective host_ and guest_ properties
of the virtio-net device.
2014-09-24 16:16:45 +02:00
Jincheng Miao
8baf0f025f nodeinfo: fix nodeGetFreePages when max node is zero
In nodeGetFreePages, if startCell is given by '0',
and the max node number is '0' too. The for-loop
wouldn't be executed.
So convert it to while-loop.

Before:
> virsh freepages --cellno 0 --pagesize 4
error: internal error: no suitable info found

After:
> virsh freepages --cellno 0 --pagesize 4
4KiB: 472637

Signed-off-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-24 13:33:43 +02:00
Chen Hanxiao
0114a1e703 LXC: emphasis uid start of idmap only accept '0' in docs
We don't accept any other values except '0'.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2014-09-24 11:58:14 +02:00
Pavel Hrdina
a71f741ec5 Fix bug with loading bridge name for active domain during libvirtd start
If you have a bridge network in running domain and libvirtd is restarted
the information about host bridge interface is lost from live xml.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140085

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-24 11:34:00 +02:00
Peter Krempa
eaf43e3755 storage: Improve error message when traversing backing chains
Report also the name of the parent file and uid/gid used to access it to
help debugging broken storage configurations.
2014-09-24 10:19:13 +02:00
Peter Krempa
639a00984a qemu: Report better errors from broken backing chains
Request erroring out from the backing chain traveller and drop qemu's
internal backing chain integrity tester.

The backing chain traveller reports errors by itself with possibly more
detail than qemuDiskChainCheckBroken ever could.

We also need to make sure that we reconnect to existing qemu instances
even at the cost of losing the backing chain info (this really should be
stored in the XML rather than reloaded from disk, but that needs some
work).
2014-09-24 10:18:47 +02:00
Peter Krempa
172ca0e748 qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain
Reuse virStorageSourceIsEmpty and rename "force" argument to
"force_probe".
2014-09-24 09:30:12 +02:00
Peter Krempa
b8549877a1 util: storage: Allow metadata crawler to report useful errors
Add a new parameter to virStorageFileGetMetadata that will break the
backing chain detection process and report useful error message rather
than having to use virStorageFileChainGetBroken.

This patch just introduces the option, usage will be provided
separately.
2014-09-24 09:28:29 +02:00
Jim Fehlig
a9bad1a337 libvirt-guests: run after time-sync.target
When libvirt-guests is configured to start guests on host
boot, it is possible for guests start and read the host
clock before it is synchronized.  Services such as
libvirt-guests that require correct time should use the
Special Passive System Unit time-sync.target

http://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2014-09-23 14:35:43 -06:00
Pavel Hrdina
0dce260cc8 cputune_event: queue the event for cputune updates
Now we have universal tunable event so we can use it for reporting
changes to user. The cputune values will be prefixed with "cputune" to
distinguish it from other tunable events.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 21:58:09 +02:00
Pavel Hrdina
9e734ab73e add an example how to use tunable event
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 21:55:31 +02:00
Pavel Hrdina
e426718129 event: introduce new event for tunable values
This new event will use typedParameters to expose what has been actually
updated and the reason is that we can in the future extend any tunable
values or add new tunable values. With typedParameters we don't have to
worry about creating some other events, we will just use this universal
event to inform user about updates.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 21:49:57 +02:00
Jiri Denemark
ad56f86378 qemu: Fix memory leak in RDMA migration code
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 15:23:10 +02:00
Martin Kletzander
c58e7e78ce conf: sanitize tap and vhost paths
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-09-23 14:24:33 +02:00
Michal Privoznik
de31dcc89a qemuBuildNumaArgStr: Discard def->cpu check
In the function at one place we check if def->cpu is NULL prior
to accessing def->cpu->ncells. Then, later in the code,
def->cpu->ncells is accessed directly, without the check. This
makes coverity unhappy, because the first check makes it think
def->cpu can be NULL. However, the function is not called if
def->cpu is NULL. Therefore, remove the first check and hopefully
make coverity cheer again.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-23 13:08:39 +02:00
Michal Privoznik
f8857c8f88 nodeinfo: Prefer MIN in nodeGetFreePages
It's better to use a macro instead of if-else construct.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-23 11:34:06 +02:00
Pavel Hrdina
60c4ae454e domain_conf: separate structures from virDomainDef
Cleanup virDomanDef structure from other nested structure and create
separate type definition for them.

Fix a typo in virDomainHugePage.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-09-23 10:47:32 +02:00
Jincheng Miao
c46fa72e40 Fix typo of virNodeGetFreePages comment
Signed-off-by: Jincheng Miao <jmiao@redhat.com>
2014-09-23 10:23:20 +02:00
Jincheng Miao
7db1936642 nodeinfo: report error when given node is out of range
https://bugzilla.redhat.com/show_bug.cgi?id=1145050

Signed-off-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-23 10:23:20 +02:00
Jincheng Miao
c3e2d5929c virsh-host: fix pagesize unit of freepages
The unit of '--pagesize' of freepages is kibibytes.

https://bugzilla.redhat.com/show_bug.cgi?id=1145048

Signed-off-by: Jincheng Miao <jmiao@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-09-23 10:23:20 +02:00
Michael R. Hines
9cc1586d2b qemu: Memory pre-pinning support for RDMA migration
RDMA Live migration requires registering memory with the hardware, and
thus QEMU offers a new 'capability' to pre-register / mlock() the guest
memory in advance for higher RDMA performance before the migration
begins. This capability is disabled by default, which means QEMU will
register the memory with the hardware in an on-demand basis.

This patch exposes this capability with the following example usage:

virsh migrate --live --rdma-pin-all --migrateuri rdma://hostname domain qemu+ssh://hostname/system

Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 08:11:50 +02:00
Michael R. Hines
ed22a47434 qemu: RDMA migration support
This patch adds support for RDMA protocol in migration URIs.

USAGE: $ virsh migrate --live --migrateuri rdma://hostname domain qemu+ssh://hostname/system

Since libvirt runs QEMU in a pretty restricted environment, several
files needs to be added to cgroup_device_acl (in qemu.conf) for QEMU to
be able to access the host's infiniband hardware. Full documenation of
the feature can be found on QEMU wiki:
http://wiki.qemu.org/Features/RDMALiveMigration

Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 08:11:50 +02:00
Jiri Denemark
b3fd95e368 qemu: Add RDMA migration capabilities 2014-09-23 08:11:49 +02:00
Jiri Denemark
e16a39fcd3 qemu: Prepare support for arbitrary migration protocol
Currently we only support TCP protocol for native QEMU migration but
this is going to be changed. Let's make the code more general and remove
hardcoded TCP protocol from several places.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 08:11:49 +02:00
Jiri Denemark
1cffb25c16 qemu: Fix old tcp:host URIs more cleanly
For compatibility with old libvirt we need to support both tcp:host and
tcp://host migration URIs. Let's make the code that parses them a bit
cleaner.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 08:11:35 +02:00
Michael R. Hines
30b24df165 qemu: Expose additional migration statistics
RDMA migration uses the 'setup' state in QEMU to optionally lock
all memory before the migration starts. The total time spent in
this state is exposed as VIR_DOMAIN_JOB_SETUP_TIME.

Additionally, QEMU also exports migration throughput (mbps) for both
memory and disk, so let's add them too: VIR_DOMAIN_JOB_MEMORY_BPS,
VIR_DOMAIN_JOB_DISK_BPS.

Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-09-23 08:10:30 +02:00