Commit Graph

859 Commits

Author SHA1 Message Date
Erik Skultety
30b650b2ba daemon: Split filter parsing and filter defining
Similar to outputs, parser should do parsing only, thus the 'define' logic
is going to be stripped from virLogParseAndDefineFilters by replacing calls to
this method to virLogSetFilters instead.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-10-10 08:27:25 +02:00
Erik Skultety
c9279169a1 daemon: Split output parsing and output defining
Since virLogParseAndDefineOutputs is going to be stripped from 'output defining'
logic, replace all relevant occurrences with virLogSetOutputs call to make the
change transparent to all original callers (daemons mostly).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-10-10 08:27:25 +02:00
Erik Skultety
b8c370a96e virlog: Rename virLogParse* to virLogParseAndDefine*
Right now virLogParse* functions are doing both parsing and defining of filters
and outputs which should be two separate operations. Since the naming is
apparently a bit poor this patch renames these functions to
virLogParseAndDefine* which eventually will be replaced by virLogSet*.
Additionally, virLogParse{Filter,Output} will be later (after the split) reused,
so that these functions do exactly what the their name suggests.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-10-10 08:27:24 +02:00
Nitesh Konkar
eff8f77255 stream.c: fix a typo
Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2016-09-21 14:02:43 +02:00
Andrea Bolognani
839a060890 virtlogd.socket: Tie lifecycle to libvirtd.service
We already guarantee that virtlogd.socket is enabled/disabled
along with libvirtd.service, but if libvirtd.service has just
been installed and is started before rebooting, then
virtlogd.socket will not be running and guest startup will
fail.

Add Requires=virtlogd.socket to libvirtd.service to make sure
virtlogd.socket is always started along with libvirtd.service,
and add Before=libvirtd.service to both virtlogd.socket and
virtlogd.service so that virtlogd never disappears before
libvirtd has exited.

Also add PartOf=libvirtd.service to both virtlogd.socket and
virtlogd.service, so that virtlogd can be shut down when not
needed.

Resolves: https://bugzilla.redhat.com/1372576
2016-09-06 16:05:20 +02:00
Nikolay Shirokovskiy
0adc9d26ae remote: rename protocol names for close callbacks
This way we make naming consistent to API calls and make subsequent
ACL checks possible (otherwise ACL check would discover name
discrepancies).

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-08-23 19:48:01 +03:00
Jovanka Gulicoska
43a6b37b24 Introduce node device update event as top level event
This event is emitted when a nodedev XML definition is updated,
like when cdrom media is changed in a cdrom block device.

Also includes node device update event implementation for udev
backend, virsh nodedev-event support, and event-test support
2016-08-15 08:30:56 -04:00
Jovanka Gulicoska
9b13df379c remote: implement node device lifecycle event APIs 2016-08-02 09:52:00 -04:00
Erik Skultety
2e5417bc46 rpc: virnetserver: Rename ClientSetProcessingControls to ClientSetLimits
The original naming was just a leftover that should have been fixed in commit
8b1f0469.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 14:51:13 +02:00
Erik Skultety
5289e21f31 daemon: sasl: Don't forget to save SASL username to client's identity
Once the SASL authentication process has successfully passed, we should also
save the SASL username used to client's identity, so that when a client like
virt-admin tries to obtain it, the server will actually format the username to
the response data.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 08:25:42 +02:00
Erik Skultety
385ec6280f admin: Retrieve the SASL context for both local and remote connection
When commit 4a0e9108 added a support for client information retrieval, it made
the API return SASL identity info only for clients connected remotely, yet SASL
can be happily used with UNIX sockets as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-08-02 08:25:42 +02:00
Daniel P. Berrange
54628f5434 libvirtd: convert to typesafe virConf accessors
The libvirtdconftest was previously used to test data type
handling of the libvirtd config file. Now we're using the
typedef APIs, this test case has little value, and is pretty
hard to fixup with deal with the new APIs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-07-12 09:57:01 +01:00
Ján Tomko
a3f565b339 Fix possible invalid read in adminClientGetInfo
virNetServerClientGetInfo returns the client's remote address
as a string, which is a part of the client object.

Use VIR_STRDUP to make a copy which can be freely accessed
even after the virNetServerClient object is unlocked.

To reproduce, put a sleep between virObjectUnlock in
virNetServerClientGetInfo and virTypedParamsAddString in
adminClientGetInfo, then close the queried connection during
that sleep.
2016-06-29 16:13:12 +02:00
Michal Privoznik
60f1f1082a libvirtd.conf: Fix invalid default of max_anonymous_clients
https://bugzilla.redhat.com/show_bug.cgi?id=1343442

When a client connects, it is placed into a queue. As soon as it
authenticate, it is taken out of that queue and placed into a
different one. Now, we have a setting in the daemon config file
that allows users to control the length of the queue of yet not
authenticated clients. By default, it has a value 20 but in the
description to the config knob we clam it's zero.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-06-27 08:54:03 +02:00
Erik Skultety
52dbacc07a admin: enable both admin API functionality and tarball distribution
This patch enables admin socket creation in daemon's code, bumps the library
version in libvirt_admin_public.syms, and performs all necessary modifications
to our makefiles so that admin API can finally be included in the tarball,
and eventually become part of an rpm package (a patch later in this series).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-06-26 00:21:06 +02:00
Daniel P. Berrange
0330848207 Promote storage pool refresh lifecycle event to top level event
The VIR_STORAGE_POOL_EVENT_REFRESHED constant does not
reflect any change in the lifecycle of the storage pool.

It should thus not be part of the storage pool lifecycle
event set, but rather be a top level event in its own
right. Thus we introduce VIR_STORAGE_POOL_EVENT_ID_REFRESH
to replace it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-24 18:26:11 +01:00
Ján Tomko
eaf7ff3873 Rename virNetServerClient*AddrString
Add SASL at the end to make the format obvious.
2016-06-23 22:23:21 +02:00
Ján Tomko
0f7eeb20ad Revert "virnetsocket: Provide socket address format in a more standard form"
This partially reverts commit 9b45c9f049.

It changed the default format of socket address from the one SASL
requires, but did not adjust all the callers.

It also removed the test coverage for it.

Revert most of the changes except the virSocketAddrFormatFull support
for URI-formatted strings.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while
reverting the format used by virt-admin's client-info command from
the URI one to the SASL one.

https://bugzilla.redhat.com/show_bug.cgi?id=1345743
2016-06-23 22:15:06 +02:00
Jovanka Gulicoska
22fb4374da remote: implement storage lifecycle event APIs 2016-06-16 12:22:11 -04:00
Daniel P. Berrange
c7d0fbe62b libvirtd: add config option for TLS priority
Add a "tls_priority" config option to /etc/libvirt/libvirtd.conf
to allow the administrator to override the built-in default
setting. This only affects the server side configuration.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Daniel P. Berrange
214489f550 rpc: allow priority string to be passed to TLS context
Extend the virNetTLSContextNew* constructors to allow
the TLS priority string to be passed in, overriding the
compile time default.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-08 13:48:45 +01:00
Jovanka Gulicoska
b29e08dbe3 More usage of virGetLastErrorMessage
Convert to virGetLastErrorMessage() in the rest of the code
2016-05-19 15:17:03 -04:00
Erik Skultety
8b1f04693d admin: Introduce virAdmServerSetClientLimits
Opposite operation to virAdmServerGetClientLimits. Understandably though,
setting values for current number of clients connected or still waiting
for authentication does not make sense, since changes to these values are event
dependent, i.e. a client connects - counter is increased. Thus only the limits
to maximum clients connected and waiting for authentication can be set. Should
a request for other controls to be set arrive (provided such a setting will
be first introduced to the config), the set of configuration controls can be
later expanded (thanks to typed params). This patch also introduces a
constraint that the maximum number of clients waiting for authentication has to
be less than the overall maximum number of clients connected and any attempt to
violate this constraint will be denied.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-19 12:31:53 +02:00
Erik Skultety
509bd5d8b3 admin: Introduce virAdmServerGetClientLimits
Enable retrieval of the number of maximum clients connected to all sockets
combined, as well as the number of maximum clients waiting for authentication,
in order to be successfully connected. These are the attributes configurable
through libvirtd.conf, however, it could be handy to not only know values for
these limits, but also the values for the current number of clients
connected and number of clients currently waiting for authentication which are
changing dynamically. This API does both, retrieves the limits as well as the
current dynamic values.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-19 12:31:53 +02:00
Erik Skultety
e54b81604d admin: Fix passing an incorrect readonly attribute to virNetServerServiceNew
When registering admin UNIX socket, a new service is created for it. This
service is incorrectly initialized to be readonly, which is later inherited by
all clients connected to the socket. In libvirt-admin's case there currently
isn't any use for the attribute anyway, but since the socket has root-only
access permissions, the least we can do is to make every admin client
connected to it report readonly as false.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-16 16:26:47 +02:00
Erik Skultety
c22ac618b5 admin: Introduce virAdmClientClose API
Once we're able to list and identify all clients connected to a specific
server, we can then support force-closing a connection. This patch introduces
a simple API calling virNetServerClientClose on a specific client, which
can be later extended easily, e.g. by sending an event once the client is
disconnected successfully.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-10 16:05:17 +02:00
John Ferlan
70e9114e7c admin: Clean up error path in adminServerListClients
Coverity noted that in adminServerListClients if virNetServerGetClients
returns a -1 into ret, then the call virObjectListFreeCount in cleanup
will not be very happy.

Adjust the code to skip the cleanup label and just return -1 if
virNetServerGetClients fails.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-09 19:33:56 -04:00
Eric Blake
a4ef805758 build: fix 32-bit build of admin
We can't guarantee which 64-bit type will be used in an RPC struct;
while %lu worked on 64-bit Linux, that won't always be the type
used on all 64-bit platforms; and certainly is not right for 32-bit:

admin.c: In function 'adminDispatchClientGetInfo':
admin.c:265:25: error: format '%lu' expects argument of type 'long unsigned int', but argument 7 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=]

Signed-off-by: Eric Blake <eblake@redhat.com>
2016-05-04 13:20:23 -06:00
Erik Skultety
784b9cc821 daemon: Add VIR_ERR_NO_SERVER and VIR_ERR_NO_CLIENT to daemonErrorLogFilter
Commits 52a2eef9 and 62be5486 forgot to add these errors to daemon's error
whitelist, i.e. in order to avoid log file pollution with errors like "Domain
not found" or "Server not found" in this case, since these events are valid
and expected to occur.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-04 09:30:58 +02:00
Erik Skultety
4a0e910825 admin: Introduce virAdmClientGetInfo API
Expose a public API to retrieve some identity and connection information about
a client connected to the specified server on daemon. The identity info
retrieved is mostly connection transport dependent, i.e. there won't be any
socket address returned for a local (UNIX socket) connection, while on the
other hand, when connected through TLS or unencrypted TCP, obviously no UNIX
process identification will be present in the returned data. All supported
values that can be returned in typed params are exposed and documented in
include/libvirt/libvirt-admin.h

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
9b45c9f049 virnetsocket: Provide socket address format in a more standard form
Our socket address format is in a rather non-standard format and that is
because sasl library requires the IP address and service to be delimited by a
semicolon. The string form is a completely internal matter, however once the
admin interfaces to retrieve client identity information are merged, we should
return the socket address string in a common format, e.g. format defined by
URI rfc-3986, i.e. the IP address and service are delimited by a colon and
in case of an IPv6 address, square brackets are added:

Examples:
    127.0.0.1:1234
    [::1]:1234

This patch changes our default format to the one described above, while adding
separate methods to request the non-standard SASL format using semicolon as a
delimiter.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Erik Skultety
52a2eef948 admin: Introduce virAdmServerLookupClient
Just like with server-related APIs, before any of client-based APIs can be
called, a reference to a client-side client object needs to be obtained. For
this purpose, a lookup method should exist. Apart from the client retrieval
logic, a new error code for non-existent client had to be added as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 15:52:50 +02:00
Nikolay Shirokovskiy
6fe81c3a71 daemon: add option to read host uuid from /etc/machine-id
Daemon config parameter switch between reading host uuid
either from smbios or machine-id:

host_uuid_source = "smbios|machine-id"

Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
2016-05-03 08:58:30 -04:00
Erik Skultety
ed978fa2bc admin: Introduce listing clients
Finally add public method to retrieve the list of currently connected clients
to a given server.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:54 +02:00
Erik Skultety
5841d64d25 rpc: virnetserverclient: Identify clients by an integer ID
Admin API needs a way of addressing specific clients. Unlike servers, which we
are happy to address by names both because its name reflects its purpose (to
some extent) and we only have two of them (so far), naming clients doesn't make
any sense, since a) each client is an anonymous, i.e. not recognized after a
disconnect followed by a reconnect, b) we can't predict what kind of requests
it's going to send to daemon, and c) the are loads of them comming and going,
so the only viable option is to use an ID which is of a reasonably wide data
type.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:51 +02:00
Cole Robinson
66a03d0af2 daemon: stream: Don't force error when client aborts
Every time a client aborts a stream via the virStreamAbort API,
the daemon always logs an error like:

  error : daemonStreamHandleAbort:617 : stream aborted at client request

and that same error is returned to the client. Meaning virStreamAbort
always returns -1, which seems strange.

This reworks the error handling to only raise an error on virStreamAbort
if the actual server side abort call raises an error. This is similar
to how virStreamFinish works.

If the abort code path is triggered by an unexpected message type
then we continue to raise an unconditional error. Also drop a redundant
VIR_WARN call there, since virReportError will raise a VIR_ERROR anyways
2016-05-02 10:13:05 -04:00
Cole Robinson
75e1999042 daemon: stream: set stream->closed on removal
These are the only places where we don't set stream->closed when
aborting the stream. This leads to spurious errors when the client
hangs up unexpectedly:

error : virFDStreamUpdateCallback:127 : internal error: stream is not open
2016-05-02 10:13:04 -04:00
Cole Robinson
a680dde643 daemon: stream: don't update events if stream->closed
Calling virStreamFinish prematurely seems to trigger this code path
even after the stream is closed, which ends up hitting this error
message later:

error : virFDStreamUpdateCallback:127 : internal error: stream is not open

Skip this function if stream->closed, which is used in many other places
like read/write handlers
2016-05-02 10:13:04 -04:00
Cole Robinson
e7407872a4 daemon: stream: Close stream on send failure
This is the only place in daemon/stream.c that sets
'stream->closed = true' but neglects to actually abort the stream
and remove the callback, which seems wrong.
2016-05-02 10:13:04 -04:00
Cédric Bosdonnat
0304a2a7ef Adapt augeas profile to handle negative int values.
Introducing keepalive_interval = -1 breaks to augeas lens. Fix the lens
by allowing signed ints in the regular expression.
2016-05-02 10:04:40 +02:00
Andrea Bolognani
92b2c047d6 man: Fix SYNOPSIS section
Format the text properly.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
49ba028aed build: Replace variables in man pages
We can't use eg. @sysconfdir@ directly in the .pod file, because
pod2man(1) will interpret that as a variable name and format it
accordingly.

Instead, we use eg. SYSCONFDIR and use a subsequent sed(1) call
to turn it into the expected @sysconfdir@.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
7351f7fe68 build: Group files
Define $(PODFILES) and $(MANINFILES) so that adding a new man
page only requires changes in a few, well defined spots.
2016-04-25 15:40:44 +02:00
Andrea Bolognani
5b479f3b5b build: Standardize on .pod -> .x.in -> .x
After this commit, all man pages are generated using the same two
steps:

  1. Process a source $command.pod file with pod2man(1) to obtain
     a valid man page in $command.$section.in

  2. Process $command.$section.in with sed(1) to obtain the final
     man page in $command.$section
2016-04-25 15:40:44 +02:00
Andrea Bolognani
90709d8d22 build: Build man pages in $(builddir)
No file should be created inside $(srcdir) during build.
2016-04-25 15:40:43 +02:00
Michal Privoznik
01acd6f52b daemonStreamHandleRead: Rework to follow our coding pattern
Usually, we have this 'if() goto cleanup;' pattern in our new
code. It is going to be useful here too. Thing is, there was a
memleak. If there has been an error in
virNetServerProgramSendStreamError() or
virNetServerProgramSendStreamData() created message was never
freed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-21 16:29:41 +02:00
Michal Privoznik
ae886429e4 daemon stream: Remove useless empty lines from header file
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-21 16:29:41 +02:00
Michal Privoznik
7747c3bfca daemon stream: Convert @tx in daemonClientStream to bool
This structure item is used as pure boolean. There's no need to
hold whole integer for it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-21 16:29:41 +02:00
Michal Privoznik
5441a25ff6 daemon stream: Prefer bool over unsigned int var:1
There is no need for doing that since we have a bool type.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-21 16:29:41 +02:00
Michal Privoznik
8def0a22a3 daemonClientStream: Use unsigned int to store stream @serial
The stream serial number is the serial number of the RPC call
that initiated a data transfer. And as such can never be
negative. Moreover, when looking up internal state for a stream,
the serial numbers are compared. But hey, the serial number in
message header is unsigned too!

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-04-21 16:29:41 +02:00