Commit Graph

23474 Commits

Author SHA1 Message Date
Ján Tomko
1549f16832 Revert "lxc: support setting host-side IP addresses/routes"
This reverts commit cd5c9f21de.

This feature was accidentally pushed in the feature freeze.
2016-06-27 12:54:55 +02:00
Ján Tomko
84d47a3cce Revert "qemu: support setting host-side IP addresses/routes"
This reverts commit 0b4645a7e0.

This feature was accidentally pushed in the feature freeze.
2016-06-27 12:54:55 +02:00
Andrea Bolognani
7970436ec4 Clean up after virNetDevIP creation
Commit cf0568b0af moved a bunch of functions from virNetDev
to the more specific virNetDevIP; however, not all of the
existing uses were moved properly, causing build failures on
FreeBSD.

Complete the transition to the new names and drop the
obsolete declarations from the header file while at it.
2016-06-27 12:42:48 +02:00
Andrea Bolognani
014dd11291 util: netdevip: Include vircommand.h
Not including the header causes

  util/virnetdevip.c:520:5: error:
  unknown type name 'virCommandPtr'; did you mean 'virCondPtr'?
    virCommandPtr cmd = NULL;
    ^~~~~~~~~~~~~

and plenty more similar failures when compiling on FreeBSD.
2016-06-27 12:42:48 +02:00
Michal Privoznik
60f1f1082a libvirtd.conf: Fix invalid default of max_anonymous_clients
https://bugzilla.redhat.com/show_bug.cgi?id=1343442

When a client connects, it is placed into a queue. As soon as it
authenticate, it is taken out of that queue and placed into a
different one. Now, we have a setting in the daemon config file
that allows users to control the length of the queue of yet not
authenticated clients. By default, it has a value 20 but in the
description to the config knob we clam it's zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-06-27 08:54:03 +02:00
Laine Stump
0b4645a7e0 qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.
2016-06-26 19:33:10 -04:00
Laine Stump
cd5c9f21de lxc: support setting host-side IP addresses/routes 2016-06-26 19:33:10 -04:00
Laine Stump
cb20f989df util: support setting peer for virNetDevIPInfo addresses
This will apply to any IP address setting that uses
virNetDevIPInfoAddToDev() (which so far is only the guest-side of LXC
type='ethernet' interfaces).
2016-06-26 19:33:10 -04:00
Laine Stump
fe6a77898a conf: support host-side IP/route information in <interface>
This is place as a sub-element of <source>, where other aspects of the
host-side connection to the network device are located (network or
bridge name, udp listen port, etc). It's a bit odd that the interface
we're configuring with this info is itself named in <target dev='x'/>,
but that ship sailed long ago:

    <interface type='ethernet'>
      <mac address='00:16:3e:0f:ef:8a'/>
      <source>
        <ip address='192.168.122.12' family='ipv4'
            prefix='24' peer='192.168.122.1'/>
        <ip address='192.168.122.13' family='ipv4' prefix='24'/>
        <route family='ipv4' address='0.0.0.0'
               gateway='192.168.122.1'/>
        <route family='ipv4' address='192.168.124.0' prefix='24'
               gateway='192.168.124.1'/>
      </source>
    </interface>

In practice, this will likely only be useful for type='ethernet', so
its presence in any other type of interface is currently forbidden in
the generic device Validate function (but it's been put into the
general population of virDomainNetDef rather than the
ethernet-specific union member so that 1) we can more easily add the
capability to other types, and 2) we can retain the info when set to
an invalid interface type all the way through to validation and report
a proper error, rather than just ignoring it (which is currently what
happens for many other type-specific settings).

(NB: The already-existing configuration of IP info for the guest-side
of interfaces is in subelements directly under <interface>, and the
name of the guest-side interface (when configurable) is in <guest
dev='x'/>).
2016-06-26 19:33:10 -04:00
Vasiliy Tolstov
93135abf14 conf: allow setting peer address in <ip> element of <interface>
The peer attribute is used to set the property of the same name in the
interface IP info:

  <interface type='ethernet'>
    ...
    <ip family='ipv4' address='192.168.122.5'
        prefix='32' peer='192.168.122.6'/>
    ...
  </interface>

Note that this element is used to set the IP information on the
*guest* side interface, not the host side interface - that will be
supported in an upcoming patch.

(This is an updated *re*-commit of commit 690969af, which was
subsequently reverted in commit 1d14b13f).

Signed-off-by: Vasiliy Tolstov <v.tolstov@selfip.ru>
Signed-off-by: Laine Stump <laine@laine.org>
2016-06-26 19:33:10 -04:00
Laine Stump
f1e0d0da11 util: new function virNetDevIPInfoAddToDev
This patch takes the code out of
lxcContainerRenameAndEnableInterfaces() that adds all IP addresses and
IP routes to the interface, and puts it into a utility function
virNetDevIPInfoAddToDev() in virnetdevip.c so that it can be used by
anyone.

One small change in functionality -
lxcContainerRenameAndEnableInterfaces() previously would add all IP
addresses to the interface while it was still offline, then set the
interface online, and then add the routes. Because I don't want the
utility function to set the interface online, I've moved this up so
the interface is first set online, then IP addresses and routes are
added. This is the same order that the network service from
initscripts (in ifup-ether) does it, so it shouldn't pose any problem
(and hasn't, in the tests that I've run).
2016-06-26 19:33:10 -04:00
Laine Stump
4ff9ec7dae lxc: move debug/error log when adding IP addresses to virNetDevIPAddrAdd
It makes more sense to have the logging at the lower level so other
callers can share the goodness.

While removing so much stuff from / touching so many lines in
lxcContainerRenameAndEnableInterfaces() (which used to have this
debug/error logging), label names were changed and it was updated to
use the now-more-common method of initializing ret to -1 (failure),
then setting to 0 right before the cleanup label.
2016-06-26 19:33:10 -04:00
Laine Stump
255995827b conf: clean up after adding calls to virNetDevIPInfo helpers
virDomainNetIPInfoParseXML() and virDomainNetIPInfoFormat() are no
longer "unused", so we can now remove the "ATTRIBUTE_UNUSED" from
their definitions, since virDomainNetIPInfoFormat() is now the only
caller of virDomainNetIPsFormat() and virDomainNetRoutesFormat(),
those two functions can simply be subsumed into
virDomainNetIPInfoFormat().
2016-06-26 19:33:09 -04:00
Laine Stump
d987f63a45 qemu: forbid setting guest-side IP address/route info of <interface>
libvirt's qemu driver doesn't have direct access to the config on the
guest side of a network interface, and currently doesn't have any
method in place to even inform the guest of the desired config. In the
future, an unenforceable attempt to set the guest-side IP info could
be made by adding a static host entry to the appropriate dnsmasq
configuration (or changing the default dhcp client address on the qemu
commandline for type='user' interfaces), or enhancing the guest agent
to allow setting an IP address, but for now it can't have any effect,
and we don't want to give the illusion that it does.

To prevent the "disappearance" of any existing configs with ip
address/route info (due to parser failure), this check is added in the
newly implemented qemuDomainDeviceDefValidate(), which is only called
when a domain is defined or started, *not* when it is reread from disk
at libvirtd startup.
2016-06-26 19:33:09 -04:00
Laine Stump
fbc1843d2e conf: use virNetDevIPInfo for guest-side <interface> config
All the same information was already there, just in slightly different
places in the virDomainNetDef.
2016-06-26 19:33:09 -04:00
Laine Stump
69e04044dd conf: use virNetDevIPInfo in virDomainHostdevCaps
a.k.a. <hostdev mode='capabilities' type='net'>.

This replaces the existing nips, ips, nroutes, and routes with a
single virNetDevIPInfo, and simplifies the code by calling that
object's parse/format/clear functions instead of open coding.
2016-06-26 19:33:09 -04:00
Laine Stump
9911562a22 conf: single object containing list of IP addresses, list of routes
There are currently two places in the domain where this combination is
used, and there is about to be another. This patch puts them together
for brevity and uniformity.

As with the newly-renamed virNetDevIPAddr and virNetDevIPRoute
objects, the new virNetDevIPInfo object will need to be accessed by a
utility function that calls low level Netlink functions (so we don't
want it to be in the conf directory) and will be called from multiple
hypervisor drivers (so it can't be in any hypervisor directory); the
most appropriate place is thus once again the util directory.

The parse and format functions are in conf/domain_conf.c because only
the domain XML (i.e. *not* the network XML) has this exact combination
of IP addresses plus routes. Note that virDomainNetIPInfoFormat() will
end up being the only caller to virDomainNetRoutesFormat() and
virDomainNetIPsFormat(), so it will just subsume those functions in a
later patch, but we can't do that until they are no longer called.

(It would have been nice to include the interface name within the
virNetDevIPInfo object (with a slight name change), but that can't
be done cleanly, because in each case the interface name is provided
in a different place in the XML relative to the routes and IP
addresses, so putting it in this object would actually make the code
more confused rather than simpler).
2016-06-26 19:33:09 -04:00
Laine Stump
fa18e814ba util: move IP route & address object-related functions to virnetdevip.c
These functions all need to be called from a utility function that
must be located in the util directory, so we move them all into
util/virnetdevip.[ch] now that it exists.

Function and struct names were appropriately changed for the new
location, but all code is unchanged aside from motion and renaming.
2016-06-26 19:33:09 -04:00
Laine Stump
cf0568b0af util: new files virnetdevip.[ch] for IP-related netdev functions
This patch splits virnetdev.[ch] into multiple files, with the new
virnetdevip.[ch] containing all the functions related to setting and
retrieving IP-related info for a device (both addresses and routes).
2016-06-26 19:33:09 -04:00
Laine Stump
9658e70f7d conf/openvz: eliminate incorrect/undocumented use of <source dev='blah'/>
When support for <interface type='ethernet'> was added in commit
9a4b705f back in 2010, it erroneously looked at <source dev='blah'/>
for a user-specified guest-side interface name. This was never
documented though. (that attribute already existed at the time in the
data.ethernet union member of virDomainNetDef, but apparently had no
practical use - it was only used as a storage place for a NetDef's
bridge name during qemuDomainXMLToNative(), but even then that was
never used for anything).

When support for similar guest-side device naming was added to the lxc
driver several years later, it was put in a new subelement <guest
dev='blah'/>.

In the intervening years, since there was no validation that
ethernet.dev was NULL in the other drivers that didn't actually use
it, innocent souls who were adding other features assuming they needed
to account for non-NULL ethernet.dev when really they didn't, so
little bits of the usual pointless cargo-cult code showed up.

This patch not only switches the openvz driver to use the documented
<guest dev='blah'/> notation for naming the guest-side device (just in
case anyone is still using the openvz driver), and logs an error if
anyone tries to set <source dev='blah'/> for a type='ethernet'
interface, it also removes the cargo-cult uses of ethernet.dev and
<source dev='blah'/>, and eliminates if from the RNG and from
virDomainNetDef.

NB: I decided on this course of action after mentioning the
inconsistency here:

  https://www.redhat.com/archives/libvir-list/2016-May/msg02038.html

and getting encouragement do eliminate it in a later IRC discussion
with danpb.
2016-06-26 19:33:08 -04:00
Laine Stump
a71fd239bd qemu: eliminate memory leaks when converting NetDefs to type='ethernet'
in qemuConnectDomainXMLToNative. This function was only accounting for
about 1/10 of all the allocated items in the NetDef prior to memseting
it to all 0's. On top of that, it was going to great pains to learn
the name of the bridge device, but then never doing anything useful
with it (just putting it into data.ethernet.dev, which is *never* used
when building a qemu commandline). (I think this again all started off
as code with good intentions, but it was never completed, and instead
was just Frankensteinically cargo-culted into the odd mish mash we
have today).

The resulting code is much simpler, produces exactly the same output,
and doesn't leak memory.
2016-06-26 19:33:08 -04:00
Laine Stump
9104509289 qemu: don't set/clear NetDef IP addresses in qemuConnectDomainXMLToNative()
This patch removes the expanded and duplicated code that all sprung
out of two well-intentioned-but-useless settings of
net->data.(bridge|ethernet).ipaddr.

qemu has never supported even a single IP address in the interface
config, much less a list of them. All of the instances of "clearing
out the IP addresses" that are now in this function originated with
commit d8dbd6 "Basic domain XML conversions for Xen/QEMU drivers" in
May 2009, but even then the single "ipaddr" in the struct for
type='ethernet' and type='bridge' wasn't used in the qemu driver (only
in xen and openvz). Since then anyone who added a new interface type
also tacked on another unnecessary clearing of ipaddr, and when it was
made into a list of IPs (so far supported only by the LXC driver) this
simple setting was turned into a loop (well, multiple loops) to clear
them all.
2016-06-26 19:33:08 -04:00
Laine Stump
7cfbaad189 conf: new function virDomainNetDefClear
We need to clear these out without freeing the object completely.
2016-06-26 19:33:08 -04:00
Laine Stump
70a2c7e062 lxc: use correct prefix when setting veth IP address
Commit c9a641 (first appearred in 1.2.12) added support for setting
the guest-side IP address of veth devices in lxc domains.
Unfortunately, it hardcoded the assumption that the proper prefix for
any IP address with no explicit prefix in the config should be "24";
that is only correct for class C IPv4 addresses, but not for any other
IPv4 address, nor for any IPv6 address.

The good news is that there is already a function in libvirt that will
determine the proper default prefix for any IP address. This patch
replaces the use of the ill-fated VIR_SOCKET_ADDR_DEFAULT_PREFIX with
calls to virSocketAddrGetIPPrefix().
2016-06-26 19:33:08 -04:00
Laine Stump
f03a4a2a96 lxc: eliminate extraneous free of netDef->ifname_guest
lxcContainerRenameAndEnableInterfaces() isn't making a copy of the
interface's ifname_guest (into newname), it's just copying the pointer
to it. This means that when it later calls VIR_FREE(newname), it's
actually freeing up (and fortunately NULLing out, so at least we don't
try to access free'd memory) netDef->ifname_guest.
2016-06-26 19:33:08 -04:00
Laine Stump
9359167ec0 util: allow calling virSocketAddrGetIPPrefix with NULL netmask or address
There are times when we don't have a netmask pointer to give to
virSocketAddrGetIPPrefix() (e.g. the IP addresses in domain interfaces
only have a prefix, no netmask), but it would have caused a segv if we
called it with NULL instead of a pointer to a netmask. This patch
qualifies the code that would use the netmask or address pointers to
check for NULL first.
2016-06-26 19:33:08 -04:00
Laine Stump
e1219b6f3c tests: mock virNetDevSetIPAddress
Now that we can include <interface type='ethernet'> in tests, we could
almost test XML that has an <ip> element in an interface. Except that
the test fails when it tries to actually set the IP address for the
interface's tap device. This patch mocks virNetDevSetIPAddress() to
just return success.
2016-06-26 19:33:08 -04:00
Laine Stump
bfd2de6eed conf: clean up virDomainNetIPParseXML()
Rearrange this function to be better organized and more correct:

* the error codes were changed from the incorrect INVALID_ARG to
  XML_ERROR

* prefix still isn't required, but if present it must be valid or an
  error will be logged.

* don't emit a debug log just because prefix is missing - this
  is valid.

* group everything related to setting prefix in one place rather than
  scattered through the function.
2016-06-26 19:33:07 -04:00
Laine Stump
22a6873a98 global: consistently use IP rather than Ip in identifiers
I'm tired of mistyping this all the time, so let's do it the same all
the time (similar to how we changed all "Pci" to "PCI" awhile back).

(NB: I've left alone some things in the esx and vbox drivers because
I'm unable to compile them and they weren't obviously *not* a part of
some API. I also didn't change a couple of variables named,
e.g. "somethingIptables", because they were derived from the name of
the "iptables" command)
2016-06-26 19:33:07 -04:00
Laine Stump
638c6e5ba5 util: move virInterface(State|Link)/virNetDevFeature from conf to util
These had been declared in conf/device_conf.h, but then used in
util/virnetdev.c, meaning that we had to #include conf/device_conf.h
in virnetdev.c (which we have for a long time said shouldn't be done.

This caused a bigger problem when I tried to #include util/virnetdev.h
in a file in src/conf (which is allowed) - for some reason the
"device_conf.h: File not found" error.

The solution is to move the data types and functions used in util
sources from conf to util. Some names were adjusted during the move
("virInterface" --> "virNetDevIf", and "VIR_INTERFACE" -->
"VIR_NETDEV_IF")
2016-06-26 19:33:07 -04:00
Laine Stump
943a400c0d util: move virNetDevLinkDump to virnetlink.c
virNetDevLinkDump should have been in virnetlink.c, but that file
didn't exist yet when the function was created. It didn't really
matter until now - I found that having virnetlink.h included by
virnetdev.h caused build problems when trying to #include virnetdev.h
in a .c file in src/conf (due to missing directory in -I). Rather than
fix that to further institutionalize the incorrect placement of this
one function, this patch moves the function.
2016-06-26 19:33:07 -04:00
Erik Skultety
d0a9dbc323 spec: distribute admin API within libvirt-client package
With respect to to the following thread
https://www.redhat.com/archives/libvir-list/2016-June/msg01822.html, until we
introduce a new rpm package '-libs' that would allow us to drop daemon's
dependency on the client package, distribute admin API related stuff within
the client package (since it's the best analogy to the virsh client).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:07 +02:00
Erik Skultety
fbb8205de3 examples: admin: Add some examples for the new admin APIs
Some of the examples make use of asprintf and strtol functions (to keep
things simple) which are prohibited to use within our code (enforced by
syntax-check). Therefore besides adding some examples, this patch also updates
cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
updates .gitignore to exclude all the new admin binaries created in the
'examples' dir.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:06 +02:00
Erik Skultety
52dbacc07a admin: enable both admin API functionality and tarball distribution
This patch enables admin socket creation in daemon's code, bumps the library
version in libvirt_admin_public.syms, and performs all necessary modifications
to our makefiles so that admin API can finally be included in the tarball,
and eventually become part of an rpm package (a patch later in this series).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:06 +02:00
Nikolay Shirokovskiy
851a751575 vz: always pass graphics address to sdk
We need this because apply graphics functions is used on
update too. Also in case of NULL address resolve it to default
instead of error.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:04 +03:00
Nikolay Shirokovskiy
96ca48451a vz: support vnc password
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:04 +03:00
Nikolay Shirokovskiy
4698b4e65c vz: remove exlicitly setting zeros in dumping graphics
Allocation will do this job. Also we don't use the explicit setting
in other places.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:04 +03:00
Nikolay Shirokovskiy
e325c997a8 vz: support attach/detach/update/ of graphics device
Move graphic device config to post parse. This way we
detect error on early stage and leverage checking on detach too.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:04 +03:00
Nikolay Shirokovskiy
e7878d4623 vz: move getting container video devices out from vnc code
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
3a622f6b32 vz: trustGuestRxFilters fixes
First we need to always set value to vz sdk parameter so
we can leverage setting code for device updates. This patch
resolves tristate default to off implicitly. This is easier
then extract default value from vz sdk itself. First current
default is off too, second this approach is already taken
for 'net->linkstate'.

Second dump this option in domain xml.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
3a82c04c09 vz: fix minor type safey issues with net union usage
Fix net->data usage accordingly to type field.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
62b0066de4 vz: fix updating to no gateways
Current code that pass gateways to vz sdk is not suitable for
updates. If update has no gateways while we had them before
we need to pass "" for vz sdk gateways to reset old value.

The code definitely deserves its own function.

Drop checks that skip setting gateways if network address
is not set. Such a configuration is possible in vz sdk.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
c34a9d6e56 vz: dump route info in domain xml
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
b86396dc54 vz: dump ip addresses to domain xml
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:03 +03:00
Nikolay Shirokovskiy
2e4bed1b81 vz: give nice report if network device not found
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:02 +03:00
Nikolay Shirokovskiy
3cea593f35 vz: fix memory leaks in attach/detach functions
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:02 +03:00
Nikolay Shirokovskiy
91ee31d19e vz: move disks checks to device post parse
And reformat so that we don't have lengthy lines. Also simplify
some checks.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:02 +03:00
Nikolay Shirokovskiy
511f6ab5ba vz: leverage disks parameters check on disks updates too
This is as easy as moving disks checks from domain post
parse callback to device post parse callback.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-06-25 22:56:02 +03:00
Nikolay Shirokovskiy
307eb644ed vz: add device updates
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-06-25 22:56:02 +03:00
Nikolay Shirokovskiy
0f38187b68 vz: reuse edit config frame in for attach/detach functions
Attach/detach functions for disk/net are quite trivial and
typically call a few functions in begin/end edit frame. Having
in mind update function too adding configuring for another
device (like graphics) will introduce 3 trivial functions more.
Let's replace current approach by attach/detach functions for
device.

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
Signed-off-by: Maxim Nestratov <mnestratov@virtuozzo.com>
2016-06-25 22:56:01 +03:00