Commit Graph

4878 Commits

Author SHA1 Message Date
Daniel P. Berrange
182a80b922 Move QEMU monitor socket in /var/lib/libvirt/qemu
Separate the guest created QEMU monitor socket location
from the libvirtd create XML / PID data files, to improve
security separation when running QEMU non-root

* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
* src/qemu_conf.h: Add libDir and cacheDir directory paths
* src/qemu_driver.c: Move QEMU monitor socket from
  stateDir to libDir to avoid making security critical directory
  accessible to QEMU guests.
* src/util.c: Delay running hook till after damonizing to
  ensure pidfile is still written before changing UID/GID
2009-09-03 18:10:16 +01:00
Daniel P. Berrange
34d22c1ed5 Avoid polling on FDs with no events enabled
If a file descriptor with events=0 was added to the libvirtd
event loop, it would still be added to the poll() fds' array.
While it wouldn't see any POLLIN/OUT events, it'd still get
triggered for HANGUP/ERROR events which was not in compliance
with the libvirt events API contract.

* qemud/event.c: Don't poll on FDs with events=0
* tests/eventtest.c: Add test case to validate fix to event.c
2009-09-03 18:06:16 +01:00
Jim Meyering
77a1f418c8 xen_internal.c: remove two unused local variables
* src/xen_internal.c (xenHypervisorSetSchedulerParameters): Remove
set-but-never-used local variables, cap_set and weight_set.
2009-09-03 18:04:24 +02:00
Matthias Bolte
8ed3088441 esx_vi: return -1 upon failure, as intended
* src/esx/esx_vi.c (esxVI_Enumeration_Deserialize): Fix
reversed goto and result=-1 statements.
2009-09-03 18:04:24 +02:00
Jim Meyering
0fa4d62986 python: let libvirt_virConnectDomainEventCallback indicate success
* python/libvir.c (libvirt_virConnectDomainEventCallback): Return 0
when successful, rather than always returning -1.
clang flagged this function for its dead-store of "ret=0".
Once "ret" was set to 0, it was never used, and
the function would always return -1.
2009-09-03 18:04:24 +02:00
Jim Meyering
f4592a8df5 mdns.c: remove dead initialization
* qemud/mdns.c (libvirtd_mdns_client_callback): Remove dead
initialization.
2009-09-03 18:04:23 +02:00
Jim Meyering
3468628a22 node_device_conf.c: remove dead initialization
* src/node_device_conf.c (virNodeDeviceDefFormat): Remove dead
initialization.
2009-09-03 18:04:23 +02:00
Jim Meyering
1e813ceb3e openvz_conf.c: don't use undefined local, "net"
* src/openvz_conf.c (openvzReadNetworkConf): Initialize "net".
Otherwise, upon openvzRead... failure, we would "goto error;"
where an uninitialized "net" could be dereferenced.
2009-09-03 18:04:23 +02:00
Jim Meyering
20f1f714ba test.c: don't use undefined local, "def"
* src/test.c (testOpenVolumesForPool): Upon early virAsprintf or
virXPathNodeSet failure, "goto error" would take us to
virStorageVolDefFree(def), but with "def" not defined.
Initialize it to NULL.
2009-09-03 18:04:23 +02:00
Jim Meyering
f435a3002b uml_conf.c: don't return an uninitialized pointer
* src/uml_conf.c (umlBuildCommandLineChr): Initialize "ret".
2009-09-03 18:04:23 +02:00
Jim Meyering
5cb74dadaf storage_backend.c: assure clang that inputvol can't be NULL
* src/storage_backend.c: Include "internal.h".
(virStorageBackendCopyToFD): Mark inputvol parameter as "nonnull".
Remove test for non-NULL inputvol.  Both callers ensure it's non-NULL.
2009-09-03 18:04:23 +02:00
Jim Meyering
d9b4538469 libvir.c: avoid NULL dereference in virStoragePoolSetAutostart
* src/libvirt.c (virStoragePoolSetAutostart): Return -1 if the pool
argument is invalid, rather than "goto error" where we could dereference
that possibly-NULL "pool".
(virConnectFindStoragePoolSources): Likewise.
(virConnectNumOfDomains): Likewise.
Daniel P. Berrange spotted that the two latter functions
needed the same treatment.
2009-09-03 18:04:23 +02:00
Jim Meyering
1f5e292520 remote_internal.c: appease clang
* src/remote_internal.c (remoteNetworkOpen): Mark "conn" parameter
as non-NULL.  Remove now-unnecessary "conn == NULL" test.
(remoteDevMonOpen): Likewise.
(remoteSecretOpen): Likewise.
(remoteStorageOpen): Likewise.
(remoteInterfaceOpen): Likewise.
2009-09-03 18:04:23 +02:00
Jim Meyering
45aec0eae4 infra: define ATTRIBUTE_NONNULL to mark non-NULL parameters
* src/internal.h (ATTRIBUTE_NONNULL): Define.
2009-09-03 18:04:23 +02:00
Jim Meyering
625f1745dd lxc: don't unlink(NULL) in main
* src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.
2009-09-03 18:04:23 +02:00
Jim Meyering
e4ac19a87a lxc: avoid NULL dereference upon getmntent failure
* src/lxc_container.c (lxcContainerUnmountOldFS): Don't pass
a NULL pointer to qsort.
2009-09-03 18:04:23 +02:00
Jim Meyering
cff257f584 storage_conf.c: avoid overflow upon use of "z" or "Z" (zebi) suffix
* src/storage_conf.c (virStorageSize): Don't try to compute 1024^7,
since it's too large for a 64-bit type.
2009-09-03 18:04:23 +02:00
Jim Meyering
2e6bad311d storage_backend_fs: avoid NULL dereference on opendir failure
* src/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
Don't call closedir on a NULL pointer.
2009-09-03 18:04:23 +02:00
Pritesh Kothari
da482fe1dd VBox cleanup and update of networking shutdown
* src/vbox/vbox_tmpl.c: merged vboxNetworkUndefine() and
  vboxNetworkDestroy() and added code to handle multiple hostonly
  interfaces.
2009-09-03 17:08:52 +02:00
Pritesh Kothari
32ad6aefca VBox cleanup and update of networking XML functions
* src/vbox/vbox_tmpl.c: merged vboxNetworkCreateXML() and
  vboxNetworkDefineXML() and added code to handle multiple hostonly
  interfaces.
2009-09-03 17:06:03 +02:00
Daniel P. Berrange
85d15b5143 Add support for setting disk drive serial numbers
* docs/schemas/domain.rng: Add <serial> element to disks
* src/domain_conf.h, src/domain_conf.c: XML parsing and
  formatting for disk serial numbers
* src/qemu_conf.c: Set serial number when launching guests
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.args,
  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.xml: Add
  serial number to XML test
2009-09-03 13:53:34 +01:00
Daniel P. Berrange
d823a05aef Support configuration of huge pages in guests
Add option to domain XML for

     <memoryBacking>
        <hugepages/>
     </memoryBacking>

* configure.in: Add check for mntent.h
* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
  Add 'hugetlbfs_mount' config parameter
* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
  and pass it when hugepages are requested.
  Load hugetlbfs_mount config parameter, search for mount if not given.
* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
  Create directory for QEMU hugepage usage, chowning if required.
* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
  helper API
* tests/qemuhelptest.c: Add -mem-path constants
* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
  handling
* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
  tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
  hugepage tests
2009-09-03 13:51:55 +01:00
Daniel P. Berrange
8eacfd4cc2 Fix misc OOM bugs
* tests/testutils.c: Run test function twice, once to prime it for
  static allocations, once to count the non-static allocations.
* tests/testutilsqemu.c: Initialize variable correctl
* src/capabilities.c: Don't free machines variable upon failure
  since caller must do that
* src/xm_internal.c: Add missing check for OOM in building VIF
  config param
2009-09-03 13:14:46 +01:00
Pritesh Kothari
4ff6091294 VBox support for defining/dumping video devices
* src/vbox/vbox_tmpl.c: add setting of video and acceleration in
  VBox driver, and the ability to save this back for serialization
2009-09-03 10:36:44 +02:00
Pritesh Kothari
6aa576cda7 Generic parsing support for video acceleration
* docs/schemas/domain.rng: augment the video model with an optional
  acceleration element with optional accel2d and accel3d flags
* src/domain_conf.c src/domain_conf.h: exten the virDomainVideoDef
  structure with an optional accel field, virDomainVideoAccelDefParseXML
  and virDomainVideoAccelDefFormat functions to parse and serialize
  the structure.
2009-09-03 10:29:35 +02:00
Chris Lalancette
6dfc042c21 Fix bugs in virDomainMigrate v2 code.
Paolo Bonzini points out that in my refactoring of the code for
virDomainMigrate(), I added a check for the return value from
virDomainMigratePerform().  The problem is that we don't want to
exit if we fail, we actually want to go on and do
virDomainMigrateFinish2() with a non-0 return code to clean things
up.  Remove the check.

While reproducing this issue, I also noticed that we wouldn't
always properly propagate an error message.  In particular, I
found that if you blocked off the migration ports (with iptables)
and then tried the migration, it would actually fail but we would
get no failure output from Qemu.  Therefore, we would think we
succeeded, and leave a huge mess behind us.  Execute the monitor
command "info migrate", and look for a failure string in there
as well.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-09-02 17:23:06 +02:00
Matthias Bolte
b8ee9810b0 VMware ESX: Don't warn on some query parameter
* src/esx/esx_util.c: esxUtil_ParseQuery() warns if a known query
  parameter should be ignored due to the corresponding char/int pointer
  being NULL, instead of silently ignoring it. Fix the control flow.
2009-09-02 16:32:30 +02:00
Matthias Bolte
b6e747ec5a VMware ESX: Allow ethernet address type 'vpx'
* src/esx/esx_vmx.c: add an extra type of addressType beside 'static'
  and 'generated', 'vpx' indicates that the MAC address was generated
  by a vCenter.
2009-09-02 16:24:06 +02:00
Daniel P. Berrange
2d6adabd53 Don't blindly reorder disk drives
Calling qsort() on the disks array causes disk to be
unneccessarily re-ordered, potentially breaking the
ability to boot if the boot disk gets moved later in
the list. The new algorithm will insert a new disk as
far to the end of the list as possible, while being
ordered correctly wrt other disks on the same bus.

* src/domain_conf.c, src/domain_conf.h: Remove disk sorting
  routines. Add API to insert a disk into existing list at
  the optimal position, without resorting disks
* src/libvirt_private.syms: Export virDomainDiskInsert
* src/xend_internal.c, src/xm_internal.c: Remove calls to
  qsort, use virDomainDiskInsert instead.
* src/qemu_driver.c: Remove calls to qsort, use virDoaminDiskInsert
  instead. Fix reordering bugs when hotunplugging disks and
  networks. Fix memory leak in disk/net unplug
2009-09-02 15:19:34 +01:00
Pritesh Kothari
fea5a0bdc9 Support for getting/setting number of cpus in VBox
* src/vbox/vbox_tmpl.c: adds support for getting/setting number of cpus
2009-09-02 16:08:14 +02:00
Daniel P. Berrange
575b18c0f0 Misc fixes to secrets API code
* proxy/Makefile.am: Build storage_encryption_conf.c since its a
  dependancy of domain_conf.c
* src/storage_encryption_conf.c: Disable XML parsing APis when
  build under proxy
* src/test.c: Add a dummy no-op secrets driver for test suite
2009-09-01 21:37:42 +01:00
Daniel P. Berrange
6a035507fd Only add glusterfs dep for Fedora >= 11
* libvirt.spec.in: Conditionalize glusterfs requires line for
  Fedora >= 11, since other distros don't have it available
2009-09-01 21:19:38 +01:00
Daniel P. Berrange
721d3f06c9 Remove redundant base64 include file
* src/storage_encryption_conf.c: Remove base64.h
2009-09-01 21:17:51 +01:00
Daniel P. Berrange
24121aa9da Add Miloslav Trmač to AUTHORS file 2009-09-01 18:37:38 +01:00
Miloslav Trmač
28b8cc31f6 Make handling of monitor prompts more general.
* src/qemu_driver.c: Support arbitrary callbacks for "secondary
  prompts".  Reimplement qemudMonitorCommandExtra using such a
  callback.
2009-09-01 18:37:06 +01:00
Miloslav Trmač
077cd91773 Don't assume buffered output echoes the command.
The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
starts with "cmd").  Make the assumption explicit, it will be broken in
a future patch.

* src/qemu_driver.c: Don't assume buffered monitor output echoes the
  command.
2009-09-01 18:36:59 +01:00
Miloslav Trmač
f340964dc9 Attach encryption information to virDomainDiskDef.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.

A domain with partial encryption information can be defined,
completeness of the information is not verified.  The domain won't
start until the remaining information is added, of course.

* docs/formatdomain.html, docs/formatdomain.html.in: Document
  new encryption options for disks
* docs/schemas/domain.rng: Pull in storage encryption schema
  rules
* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
  XML parsing/formatting APIs
2009-09-01 18:36:53 +01:00
Miloslav Trmač
46acb0f2b7 Add support for encrypted (qcow) volume creation.
Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.

Curiously, qemu-img does not need the passphrase for anything to create
an encrypted volume.  This implementation thus does not need to touch
any secrets to work with cooperating clients.  More generic passphrase
handling is added in the next patch.

* src/storage_backend.c: Request encryption when creating qcow/qcow2
  files
* src/storage_backend_disk.c, src/storage_backend_fs.c,
  src/storage_backend_logical.c: Refuse to create volumes with
  encryption params set.
2009-09-01 18:27:51 +01:00
Miloslav Trmač
d288703d57 Recognize encryption format of qcow volumes.
(The implementation is not very generic, but that can be very
easily rectified if/when new encryption formats appear.)

* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
  algorithm field
2009-09-01 18:27:44 +01:00
Miloslav Trmač
eda3af2488 Attach encryption information to virStorageVolDef.
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.

Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation.  The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.

* docs/formatstorage.html, docs/formatstorage.html.in: Document
  storage volume encryption options
* src/storage_conf.c, src/storage_conf.h: Hook up storage
  encryption XML handling
* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
  schema changes
2009-09-01 18:27:38 +01:00
Miloslav Trmač
05b9b8fda3 Add volume encryption information handling.
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).

Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.

Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.

This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.

* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
  Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
  Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
  helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
  RNG schema
2009-09-01 18:27:28 +01:00
Miloslav Trmač
9dc3b99345 Secret manipulation API docs refresh & wire up python generator
Sample session:

>>> import libvirt
>>> c = libvirt.open('qemu:///session')

>>> c.listSecrets()
['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']

>>> s = c.secretDefineXML("<secret ephemeral='no' private='no'>\n<description>Something for use</description>\n<volume>/foo/bar</volume>\n</secret>\n")

>>> s.UUIDString()
'340c2dfb-811b-eda8-da9e-25ccd7bfd650'

>>> s.XMLDesc()
"<secret ephemeral='no' private='no'>\n  <uuid>340c2dfb-811b-eda8-da9e-25ccd7bfd650</uuid>\n  <description>Something for use</description>\n  <volume>/foo/bar</volume>\n</secret>\n"

>>> s.setValue('abc\0xx\xffx')
0

>>> s.value()
'abc\x00xx\xffx'

>>> s.undefine()
0

* python/generator.py: Add rules for virSecret APIs
* python/libvir.c, python/libvirt-python-api.xml: Manual impl of
  virSecretSetValue, virSecretGetValue$ and virConnectListSecrets APIs
* python/libvirt_wrap.h, python/types.c: Wrapper for virSecret objects
* docs/libvirt-api.xml, docs/libvirt-refs.xml,
  docs/html/libvirt-virterror.html, docs/html/libvirt-libvirt.html,
  docs/devhelp/libvirt-virterror.html, docs/devhelp/libvirt-libvirt.html:
  Re-generate with 'make api'
2009-09-01 18:27:06 +01:00
Miloslav Trmač
f68c91faa6 Secret manipulation remote client
* src/remote_internal.c: Implement client binding for new secrets
  APIs
* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
  struct
2009-09-01 17:39:25 +01:00
Miloslav Trmač
0de63c6745 Secret manipulation libvirtd wire protocol & remote dispatcher
* qemud/remote_protocol.x: Define wire protocol for secrets public
  APIs
* qemud/remote_protocol.h, qemud/remote_protocol.c,
  qemud/remote_dispatch_table.h, qemud/remote_dispatch_ret.h,
  qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_args.h:
  Re-generate from updated protocol definition
* qemud/remote.c: Implement RPC dispatchers for new secrets APIs
2009-09-01 17:39:19 +01:00
Miloslav Trmač
b35f0131e6 Secret manipulation public API implementation
* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
  and VIR_FROM_SECRET
* src/libvirt.c: Define stubs for every new public API
2009-09-01 17:39:07 +01:00
Miloslav Trmač
eb42e0ab5c Secret manipulation internal API
* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
  virSecret struct definition and helper APIs
* src/driver.h: Sub-driver API definitions for secrets
* src/libvirt.c: Define new sub-driver for secrets
2009-09-01 17:38:59 +01:00
Miloslav Trmač
6acc17af8c Secret manipulation public API
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.

* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
  schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
  describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
  API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
  files list
2009-09-01 17:38:52 +01:00
Daniel Veillard
3697a0cef6 Update chinese, polish and spanish localizations
* po/*: and update the po set
2009-09-01 15:09:21 +02:00
Charles Duffy
cc76cf31d7 support lzop save compression for qemu
Per prior discussion -- this was, indeed, trivial.

I'm a little disappointed to be breaking the ordering characteristics of
the enum (as it had been ordered by increasing time requirements and
decreasing output size), but breaking any save files with the old
constants in the headers would of course be worse.

>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
From: Charles Duffy <Charles_Duffy@dell.com>
Date: Fri, 28 Aug 2009 11:49:54 -0500
Subject: [PATCH] support lzop save compression for qemu

One of the larger disincentives towards use of compression for migrated-out save
files is performance impact. This patch adds support for lzop; CPU time for
compression is about 5x faster than gzip (the next most performant algorithm)
and decompression is about 3x faster.

Signed-off-by: Charles Duffy <Charles_Duffy@dell.com>
Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-31 21:11:51 +02:00
Chris Lalancette
1dac1b3726 OpenVZ: accept NULL as type for GetMaxVCPUs.
All of the other drivers that support the getMaxVcpus callback
also accept a NULL value for type.  Make openvz also accept a
NULL value.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-31 21:03:02 +02:00