Commit Graph

33750 Commits

Author SHA1 Message Date
Ján Tomko
18e41d6c00 tests: qemu: minimize fs9p.xml
Remove the hard drive, USB controller and memballoon.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-16 17:00:36 +02:00
Michal Privoznik
432faf259b virCommand: use procfs to learn opened FDs
When spawning a child process, between fork() and exec() we close
all file descriptors and keep only those the caller wants us to
pass onto the child. The problem is how we do that. Currently, we
get the limit of opened files and then iterate through each one
of them and either close() it or make it survive exec(). This
approach is suboptimal (although, not that much in default
configurations where the limit is pretty low - 1024). We have
/proc where we can learn what FDs we hold open and thus we can
selectively close only those.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-16 13:47:49 +02:00
Michal Privoznik
c1a9bfbbba vircommand: Separate mass FD closing into a function
I will optimize this code a bit in the next commit. But for that
it is better if the code lives in a separate function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-16 13:43:43 +02:00
Michal Privoznik
cc34260f5a test: Introduce virnetdevopenvswitchtest
Test if our parsing of interface stats as returned by ovs-vsctl
works as expected. To achieve this without having to mock
virCommand* I'm separating parsing of stats into a separate
function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-16 13:42:39 +02:00
Michal Privoznik
c297eab525 virNetDevOpenvswitchInterfaceStats: Optimize for speed
We run 'ovs-vsctl' nine times (first to find if interface is
there and then eight times = for each stats member separately).
This is very inefficient. I've found a way to run it once and
with a bit of help from virJSON module we can parse out stats
we need.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-16 13:39:16 +02:00
Daniel P. Berrangé
f58bcb80b2 tests: don't assume "localhost" only resolves to 1/2 IPs
On Debian derived distros "localhost" can resolve to the normal
"127.0.0.1" and "::1", but it can also resolve to "127.0.1.1"

Rewrite the code so that it doesn't assume a fixed number of IPs.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-15 17:39:39 +01:00
Ilias Stamatis
cbfc84f7bc test_driver: implement virDomainSetMemoryParameters
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 15:24:53 +02:00
Daniel P. Berrangé
8486611548 interface: fix driver name in state directory path
Typo meant we use 'nodedev' instead of 'interface'. This doesn't hurt
libvirtd because if a process tries to acquire a lock it already holds
it will succeed. It fails when nodedev & interface drivers are in
separate daemons though.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-15 13:36:45 +01:00
Daniel P. Berrangé
cb1938eb58 all: don't wait for driver lock during startup
When the drivers acquire their pidfile lock we don't want to wait if the
lock is already held. We need the driver to immediately report error,
causing the daemon to exit.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-15 13:36:45 +01:00
Ilias Stamatis
38e9e7e0d7 test_driver: implement virDomainSetUserPassword
Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 14:26:29 +02:00
Michal Privoznik
a7cbfabc2f libvirt_nss: Report newer addresses first
Ideally, a software that's translating domain names would iterate
over all addresses the NSS returned, but some software does not
bother (e.g. ping). What happens is that for instance when
installing a guest, it's assigned one IP address but once it's
installed and rebooted it gets a different IP address (because
client ID used for the first DHCP traffic when installing the
guest was generated dynamically and never saved so after reboot
the guest generated new ID which resulted in different IP address
to be assigned). This results in 'ping $domain' not working
properly as it still pings the old IP address. Well, it might -
NSS plugin does not guarantee any order of addresses.

To resolve this problem, we can sort the array just before
returning it to the caller (ping) so that the newer IP addresses
come before older ones.

Reported-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 13:48:19 +02:00
Michal Privoznik
757b94c682 libvirt_nss: Pass @name to appendAddr()
In the nss plugin we have ERROR() macro which by default does
nothing. However, at compile time it can be made to report errors
(this is useful for debugging because by nature of NSS debugging
is hard). Anyway, the appendAddr() function uses @name (which
contains name the caller wants us to resolve) for error
reporting. But the caller findLeaseInJSON() is not passing it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 13:48:19 +02:00
Michal Privoznik
a532bf641b libvirt_nss: Drop some needless cleanup labels
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 13:48:19 +02:00
Michal Privoznik
d8766dfc22 libvirt_nss: Use VIR_AUTOPTR and VIR_AUTOFREE
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 13:48:19 +02:00
Michal Privoznik
2249f74419 libvirt_nss: Use VIR_STEAL_PTR() in findLease()
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-15 13:48:19 +02:00
Christian Ehrhardt
bc85411c49
security: aa-helper: allow virt-aa-helper to read .vhd images
VHD images can be used as any other, so we should add them to the list
of types that virt-aa-helper can read when creating the per-guest rules
for backing files.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
2019-07-15 13:43:51 +02:00
Michal Privoznik
7711a7346a qemu: Relax os.loader->type check when validating domain
When validating a domain among all the checks there are two that
concern VIR_DOMAIN_LOADER_TYPE_PFLASH specifically. The first
check ensures that on x86 ACPI is enabled when UEFI is requested,
the second ensures that UEFI is used when ACPI is requested on
aarch64. However, check for UEFI is done by plain comparison of
def->os.loader->type which is insufficient because we have
def->os.firmware too.

NB, this wouldn't be a problem for active domain, because on
startup process def->os.loader->type gets filled by
qemuFirmwareEnableFeatures(), but that's not the case for
inactive domains.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1729604

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2019-07-15 13:24:09 +02:00
Peter Krempa
35e3069ce4 qemu: block: Split up qemuBlockStorageSourceAttachApply
Split up the addition of a storage source into the following sub-steps:
1) storage access dependencies (TLS transport, persistent reservation)
2) storage acccess node (file/gluster/nbd...)
3) format driver dependencies (encryption secret)
4) format driver node (qcow2, raw, ...)

The functions split out will be later reused when implementing support
for 'blockdev-create' as we'll need the dependencies plugged in first,
then blockdev-create will be called and after that successfully finishes
blockdev-add will be added.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:26:23 +02:00
Peter Krempa
16ca234b56 qemu: Refactor variables for extracting flags in qemuDomainBlockCopyCommon
Add separate booleans for extracting VIR_DOMAIN_BLOCK_COPY_REUSE_EXT and
VIR_DOMAIN_BLOCK_COPY_SHALLOW from '@flags' and also change 'reuse' into
'existing'.

qemuMonitorDriveMirror requires the unmodified state of the flags to
pass to qemu and also we use the value a few times internally. Extract
it separately now.

The 'reuse' flag did not indicate reusing of the file as much as the
fact that the storage is existing and thus should not be created, so
modify the name to reflect this.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:26:23 +02:00
Peter Krempa
0db5912617 qemu: blockjob: Don't emit traditional disk events for jobs without disk
With -blockdev it will be possible that a block job loses the disk that
was used to start it to a guest-initiated hot-unplug. Don't emit the
block job events in that case as we can't report the top level source or
disk target for an unplugged (and potentially replugged with different
source) disk.

Eventually when we add machinery for tracking jobs globally for a VM the
event will be reinstated via the domain job event.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:26:23 +02:00
Peter Krempa
3149e00ab1 qemu: blockjob: Don't reset state when entering sync blockjob
job->newstate is now used internally all the time so there's no need to
clear it as it already has correct value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:26:23 +02:00
Jonathon Jongsma
e579f5300b qemu: add 'bochs' video display type
Update schema and configuration to allow specifying new video type of
'bochs'. Add implementation and tests for qemu.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:21:21 +02:00
Jonathon Jongsma
086c19d699 qemu: Add bochs-display capability
Check whether qemu supports the bochs-display device and set a
capability. Update tests.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-15 10:21:21 +02:00
Han Han
3efdffc450 storage: Add iscsi-direct pool list type flag
Add pool list type flag VIR_CONNECT_LIST_STORAGE_POOLS_ISCSI_DIRECT,
which was forgotten when introducing iscsi-direct pool at f0bf1be3.

https://bugzilla.redhat.com/show_bug.cgi?id=1726609

Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-07-13 17:40:09 +02:00
Han Han
355fb766c9 virsh.pod: Add zfs and vstorage pool types
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-07-13 17:39:39 +02:00
Han Han
8462467cf7 storage: Add missing pool type flags in comment
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2019-07-13 17:39:06 +02:00
Eric Blake
47d32c017c maint: RNG comment fix
Typo'd at file creation in commit 0c97dc41.

Signed-off-by: Eric Blake <eblake@redhat.com>
2019-07-12 17:09:08 -05:00
Eric Blake
e3989ce3ed snapshot: Factor out redefine cycle validation
The code to check whether a redefined snapshot/checkpoint XML is
attempting to create a cycle in the list of moments is lengthy, and
common between the two types of list. Therefore, it belongs in the
shared base file.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-12 15:12:29 -05:00
Daniel P. Berrangé
ff09b1f62b tests: skip systemd activation test if FDs 3/4/5 are open
With systemd activation the passed in file descriptors are required to
be numbered from STDERR_FILENO + 1 onwards. The unit tests thus require
FDs 3, 4 and 5 to be available.

This may not be the case in all environments in which the tests run. For
example on RHEL7 it was seen that a library constructor (gcrypt probably)
opens /dev/urandom and leaves the file handle open. This means FD 3 is
not available and the activation tests fail.

The best way to deal with this would be to create a standalone helper
program for the tests, but that's much more work than just skipping the
tests if we notice we have the problem.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 18:12:25 +01:00
Daniel P. Berrangé
597bded48d rpc: remove unused typedef for auto shutdown function callback
The use of the virNetServerAutoShutdownFunc typedef was removed in

  commit 79b8a56995
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Oct 31 19:03:55 2012 +0000

    Replace polling for active VMs with signalling by drivers

This unused typedef was then copied into the virNetDaemon object
when that was split off from virNetServer, resulting in a typedef
virNetDaemonAutoShutdownFunc that has never been needed.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
a1dd97cd8d util: remove unused helper for getting UNIX socket path
The new systemd activation APIs mean there is no longer a need to get
the UNIX socket path associated with a plain FD.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
2879315d39 util: move code for getting listen FDs into systemd module
The virGetListenFDs method no longer needs to be called directly, so it
can be a static function internal to the systemd code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
7ac64b5c86 logging: convert log daemon to use systemd activation APIs
Using the new system activation APIs allows for simpler code setting up
the network services.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
26ae4e1a92 locking: convert lock daemon to use systemd activation APIs
Using the new system activation APIs allows for simpler code setting up
the network services.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
2dfacbffea util: remove code spawning with systemd activation env vars
The only use of this code was removed by:

  commit be78814ae0
  Author: Michal Privoznik <mprivozn@redhat.com>
  Date:   Thu Apr 2 14:41:17 2015 +0200

    virNetSocketNewConnectUNIX: Use flocks when spawning a daemon

less than a year after it was first introduced in

  commit 1b807f92db
  Author: Martin Kletzander <mkletzan@redhat.com>
  Date:   Wed Jul 16 08:00:19 2014 +0200

    rpc: pass listen FD to the daemon being started

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
ee04bfaf9d remote: update config files to note usage wrt systemd socket activation
Certain libvirtd.conf settings are not honoured when using systemd
socket activation.

Certain systemd unit file settings must match those defined in
libvirtd.conf for systemd socket activation to work with systemd
version < 227, otherwise libvirtd cannot determine which inherited
FD to use for which service.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
4304222f50 remote: make system libvirtd exit when idle via timeout
Since we have socket activation available now, we can let the system
libvirtd exit when it is idle. This allows it to still do autostart
when the host boots up, but when nothing was started it will quickly
exit again until some mgmt app connects to the socket.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
2c3e08b0e3 remote: add systemd socket units for UNIX/TCP sockets
We don't do socket activation of libvirtd, since we need to
unconditionally start libvirtd in order to perform autostart. This
doesn't mean we can't have systemd socket units. Some use cases will
not need libvirt's autostart & are thus free to use activation.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
03fd51051e rpc: remove unused API for creating services from FDs
The virNetServerServiceNewFDOrUNIX method cannot be correctly used when
dealing with systemd activation of a service which can receive more than
one socket FD as there is not guaranteed ordering of FDs.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
e2f012b8f0 remote: fix handling of systemd activation wrt socket ordering
The current libvirtd code for systemd socket activation assumes socket
FDs are passed in the order unix-rw, unix-ro, unix-admin.  There is in
fact no ordering guarantee made by systemd. Applications are expected
to check the address or name associated with each FD to figure out its
identity.

This rewrites libvirtd to make use of the new systemd activation APIs
to make it robust wrt socket ordering changes.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
e9095c328a remote: simplify libvirtd code for deciding if SASL auth is needed
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
49fa9e64ca rpc: add API for checking whether an auth scheme is in use on a server
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
9692fe10eb rpc: add helper APIs for adding services with systemd activation
Currently code has to first create the service and then separately
register it with the server. If the socket associated with a particular
service is not passed from systemd we want to skip creating the service
altogether. This means we can't put the systemd activation logic into
the constructors for virNetServerService.

This patch thus creates some helper methods against virNetServer which
combine systemd activation, service creation and service registration
into one single operation. This operation is automatically a no-op if
systemd activation is present and no sockets were passed in.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
1519c55dc8 rpc: avoid unlinking sockets passed in from systemd
Currently the socket code will unlink any UNIX socket path which is
associated with a server socket. This is not fine grained enough, as we
need to avoid unlinking server sockets we were passed by systemd.

To deal with this we must explicitly track whether each socket needs to
be unlinked when closed, separately of the client vs server state.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
9f3d1c5c8f rpc: allow creating RPC service from an array of FDs
The virNetServerServiceNewFD API only accepts a single FD, but it is
easily changed to allow for an array of FDs to be passed in.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
3b6bfde089 rpc: refactor RPC service constructors to share more code
Introduce a virNetServerServiceNewSocket API that allows the various
constructors to share more code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
5b8569dd6e util: add APIs for facilitating use of systemd activation FDs
When receiving multiple FDs from systemd during service activation it is
neccessary to identify which purpose each FD is used for. While this
could be inferred by looking for the specific IP ports or UNIX socket
paths, this requires the systemd config to always match what is expected
by the code. Using systemd FD names we can remove this restriction and
simply identify FDs based on an arbitrary name.

The FD names are passed by systemd in the LISTEN_FDNAMES env variable
which is populated with the socket unit file names, unless overriden
by using the FileDescriptorName setting.

This is supported since the system 227 release and unfortunately RHEL7
lacks this version. Thus the code has some back compat support whereby
we look at the TCP ports or the UNIX socket paths to identify what
socket maps to which name. This back compat code is written such that
is it easly deleted when we are able to mandate newer systemd.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
f8b3905edf rpc: ensure all sockets bind to same port when service is NULL
When the service passed to getaddrinfo is NULL the kernel will choose a
free port to bind to. In a dual stack though we will get separate
sockets for IPv4 and IPv6 and we need them to bind to the same port
number. Thus once the kerel has auto-selected a port for the first
socket, we must disable auto-select for subsequent IP sockets and force
reuse of the first port.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Ján Tomko
b632e00ffb storage: rbd: do not attempt to dereference a non-pointer
My commit 9b7c4048fa was too blind
and my librbd was not new enough to actually compile this part.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-12 17:51:39 +02:00
Ján Tomko
68c4d62046 docs: RBD pool only supports raw volumes
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:43 +02:00