When using TLS authentication and operating as the non-root user,
initially attempt to use that specific user's TLS certificates before
attempting to use the system wide TLS certificates.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Otherwise qemu is unable to write to it, with the error:
libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'
Now that RHEL 5.6 ships with gettext 0.17, we can get out of the
stone age and use the newer gettext capabilities and improved
macros for certain configure tests.
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
(MKINSTALLDIRS): Delete hack that is no longer needed.
* bootstrap.conf (buildreq): Check for minimum gettext version.
Based on a report by Wen Congyang.
The v2 migration protocol had a limit on cookie length that was
too small to be useful for QEMU. Avoid generating cookies with
v2 protocol, so that old libvirtd can still reliably migrate a
guest to new libvirtd uses v2 protocol.
* src/qemu/qemu_driver.c: Avoid migration cookies with v2
migration
When generating a cookie for a guest with no data, the
QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
graphics data was added. Avoid setting the flag unless
it was needed, also add a safety check for mig->graphics
being non-NULL
* src/qemu/qemu_migration.c: Avoid cookie crash for guest
with no graphics
The internal virDomainMigratePeer2Peer and virDomainMigrateDirect
helper methods were not checking whether the target supports the
v3 migration protocol.
* src/libvirt.c: Use v3 migration protocol for p2p/direct
migration if available.
Some bogus apps are generating a VNC/SPICE/RFB listen attribute
with no content. This then causes a failure with the graphics
migration cookie parsing. Blank out the 'listenAddr' parameter
after parsing domain XML if it is the empty string, so the host
default takes over
* src/qemu/qemu_migration.c: Blank out listenAddr parameter
if empty
The on-the-wire protocol is identical; XDR guarantees that
both 'hyper' and 'unsigned hyper' are transmitted as 8 bytes.
* src/remote/remote_protocol.x (remote_get_version_ret)
(remote_get_lib_version_ret): Match public API.
* daemon/remote_generator.pl: Drop special case.
* src/remote_protocol-structs: Reflect updated type.
Clang couldn't quite see that the same condition of
(flags & VIR_DOMAIN_MEM_CONFIG) is used twice, such that
the second block is guaranteed that def was assigned in
the first block.
* src/libxl/libxl_driver.c (libxlDomainSetMemoryFlags): Add a hint
for clang.
Ramon de Carvalho Valle reported a problem with:
virsh connect qemu:///system
as a non-root user. The real root problem appears to be a regression
in libvirtd being auto-started on the default qemu:///session URI;
however, the symptom points to an independent flaw in virsh - we
shouldn't be wasting efforts on making a connection if we aren't going
to be using that connection. Fixing virsh avoids Ramon's issue, while
I work in the meantime to fix the real libvirtd regression.
This patch looks big, but that's because 'gcc -Wmissing-field-initializers'
gets triggered by './autobuild.sh --enable-compile-warnings=error', so I
had to add 0 initialization to everyone (rather than my preference of
just adding the non-zero flags to virshCmds and to cmdConnect).
Meanwhile, if you use 'virsh -c URI', the connection must succeed; this
patch _only_ optimizes the default connection to be deferred to a later
point where we know if a particular command to be run needs a connection.
* tools/virsh.c (VSH_CMD_FLAG_NOCONNECT): New flag.
(vshCmdDef): Add new flags field.
(vshCommandRun): Honor new flag.
(domManagementCmds, domMonitoringCmds, storagePoolCmds)
(storageVolCmds, networkCmds, nodedevCmds, ifaceCmds)
(nwfilterCmds, secretCmds, virshCmds, snapshotCmds)
(hostAndHypervisorCmds): Populate new field.
(vshReconnect): Don't warn on initial connection.
Improve invalid argument checks in the size query case. The drivers already
relied on this unchecked behavior.
Relax the implementation of virDomainGet(Memory|Blkio)MemoryParameters
in the drivers and allow to pass more memory than necessary for all
parameters.
Add invalid argument checks for params and nparams to the public API
and remove them from the drivers (e.g. xend).
Add subset handling to libxl and test drivers.
params and nparams are essential and cannot be NULL. Check this in
libvirt.c and remove redundant checks from the drivers (e.g. xend).
Instead of enforcing that nparams must point to exact same value as
returned by virDomainGetSchedulerType relax this to a lower bound
check. This is what some drivers (e.g. xen hypervisor and esx)
already did. Other drivers (e.g. xend) didn't check nparams at all
and assumed that there is enough space in params.
Unify the behavior in all drivers to a lower bound check and update
nparams to the number of valid values in params on success.
Some drivers assumed it can be NULL (e.g. qemu and lxc) and check it
before assigning to it, other drivers assumed it must be non-NULL
(e.g. test and esx) and just assigned to it.
Unify this to nparams being optional and document it.
This error code has existed since the dawn of time, yet the messages it
generates are almost universally busted. Here's a small sampling:
src/conf/domain_conf.c:4889 : XML description for missing root element is not well formed or invalid
src/conf/domain_conf.c:4951 : XML description for unknown device type is not well formed or invalid
src/conf/domain_conf.c:5460 : XML description for maximum vcpus must be an integer is not well formed or invalid
src/conf/domain_conf.c:5468 : XML description for invalid maxvcpus %(count)lu is not well formed or invalid
Fix up the error code to instead be
XML error: <msg>
Adjust the few locations that were using the original correctly (or shouldn't
have been using the error code at all).
v2:
Fix wording of error code without a passed argument
The new type is identical to the three old types that it replaces,
and by creating a common type, this allows future patches to share
common code that manipulates typed parameters.
This change is backwards-compatible in API (recompilation works
without any edits) and ABI (an older client that has not been
recompiled uses the same layout) for code using only public
names; only code using private names (those beginning with _)
will have to adapt.
* include/libvirt/libvirt.h.in (virTypedParameterType)
(VIR_TYPED_PARAM_FIELD_LENGTH, _virTypedParameter): New enum,
macro, and type.
(virSchedParameter, virBlkioParameter, virMemoryParameter):
Rewrite in terms of a common type, while keeping all old public
names for backwards compatibility.
(struct _virSchedParameter, struct _virBlkioParameter)
(struct _virMemoryParameter): Delete - these are private names.
* python/generator.py (enum): Cope with the refactoring.
starting with kernel 2.6.38 macvtap supports a 'passthru' mode for
attaching virtual functions of a SRIOV capable network card directly to a VM.
This patch adds the capability to configure such a device.
Signed-off-by: Dirk Herrendoerfer <d.herrendoerfer@herrendoerfer.name>
<sys/syslimits.h> is not standardized, so portable programs should
not need to rely on it. If there really is something that we need
where <sys/syslimits.h> provided the limit but <limits.h> did not,
then that would be a candidate for fixing in gnulib. But this patch
did not turn up any compilation failures on Linux.
* src/internal.h (includes): Drop unused header.
* daemon/libvirtd.h (includes): Likewise.
* configure.ac (AC_CHECK_HEADERS): Likewise.
Based on a report by Matthias Bolte.
POSIX allows sysconf(_SC_GETPW_R_SIZE_MAX) to return -1 if there
is no fixed limit, and requires ERANGE errors to track real size.
Model our behavior after the example in POSIX itself:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html
Also, on error for get*_r functions, errno is undefined, and the
real error was the return value.
* src/util/util.c (virGetUserEnt, virGetUserID, virGetGroupID)
(virSetUIDGID): Cope with sysconf failure or too small buffer.
Reported by Matthias Bolte.
virRunWithHook is now unused, so we can drop it. Tested w/ raw + qcow2
volume creation and copying.
v2:
Use opaque data to skip hook second time around
Simply command building
v3:
Drop explicit FindFileInPath
virStreamNew needs to dispatch the error that virGetStream reports
on failure.
remoteCreateClientStream can fail due to virStreamNew or due to
VIR_ALLOC. Report OOM error for VIR_ALLOC failure to report errors
in all error cases.
Remove OOM error reporting from remoteCreateClientStream callers.
When the session has expired then multiple threads can race while
reestablishing it.
This race condition is not that critical as it requires a special usage
pattern to be triggered. It can only happen when an application doesn't
do API calls for quite some time (the session expires after 30 min
inactivity) and then multiple threads doing simultaneous API calls and
end up doing simultaneous calls to esxVI_EnsureSession.