Commit Graph

4165 Commits

Author SHA1 Message Date
Daniel P. Berrange
0095edaa06 Remove bogus log warning lines when launching QEMU
The refactoring of QEMU command startup was comitted with
a couple of VIR_WARN lines left in from debugging.

* src/qemu/qemu_driver.c: Remove log warning lines
2011-01-28 11:49:21 +00:00
Daniel P. Berrange
e85247e7c3 Remove double close of qemu monitor
When qemuMonitorSetCapabilities() fails, there is no need to
call qemuMonitorClose(), because the caller will already see
the error code and tear down the entire VM. The extra call to
qemuMonitorClose resulted in a double-free due to it removing
a ref count prematurely.

* src/qemu/qemu_driver.c: Remove premature close of monitor
2011-01-28 11:49:13 +00:00
Eric Blake
b96b6f4723 qemu: fix error messages
Regression in commit caa805ea let a lot of bad messages slip in.

* cfg.mk (msg_gen_function): Fix function name.
* src/qemu/qemu_cgroup.c (qemuRemoveCgroup): Fix fallout from
'make syntax-check'.
* src/qemu/qemu_driver.c (qemudDomainGetInfo)
(qemuDomainWaitForMigrationComplete, qemudStartVMDaemon)
(qemudDomainSaveFlag, qemudDomainAttachDevice)
(qemuDomainUpdateDeviceFlags): Likewise.
* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
Likewise.
2011-01-27 20:41:26 -07:00
Hu Tao
cdbba1c496 qemu: Report more accurate error on failure to attach device.
When attaching device from a xml file and the device is mis-configured,
virsh gives mis-leading message "out of memory". This patch fixes this.

Signed-off-by: Eric Blake <eblake@redhat.com>
2011-01-27 20:27:05 -07:00
Eric Blake
3fdc7895ec qemu: use separate alias for chardev and associated device
* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the
chardev alias.
(qemuBuildCommandLine): Output an id for the chardev counterpart.
* tests/qemuxml2argvdata/*: Update tests to match.
Reported by Daniel P. Berrange.
2011-01-27 13:55:35 -07:00
Wen Congyang
d96431f910 avoid vm to be deleted if qemuConnectMonitor failed
Steps to reproduce this bug:
1. service libvirtd start
2. virsh start <domain>
3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
4. service libvirtd restart
5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)

Then libvirtd will core dump or be in deadlock state.

Make sure that json is built into libvirt and the version
of qemu is newer than 0.13.0.

The reason of libvirtd cores dump is that:
We add vm->refs when we alloc the memory, and decrease it
in the function qemuHandleMonitorEOF() in other thread.

We add vm->refs in the function qemuConnectMonitor() and
decrease it when the vm is inactive.

The libvirtd will block in the function qemuMonitorSetCapabilities()
because the vm is stopped by signal SIGSTOP. Now the vm->refs is 2.

Then we kill the vm by signal SIGKILL. The function
qemuMonitorSetCapabilities() failed, and then we will decrease vm->refs
in the function qemuMonitorClose().
In another thread, mon->fd is broken and the function
qemuHandleMonitorEOF() is called.

If qemuHandleMonitorEOF() decreases vm->refs before qemuConnectMonitor()
returns, vm->refs will be decrease to 0 and the memory is freed.

We will call qemudShutdownVMDaemon() as qemuConnectMonitor() failed.
The memory has been freed, so qemudShutdownVMDaemon() is too dangerous.

We will reference NULL pointer in the function virDomainConfVMNWFilterTeardown():
=============
void
virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) {
    int i;

    if (nwfilterDriver != NULL) {
        for (i = 0; i < vm->def->nnets; i++)
            virDomainConfNWFilterTeardown(vm->def->nets[i]);
    }
}
============
vm->def->nnets is not 0 but vm->def->nets is NULL(We don't set vm->def->nnets
to 0 when we free vm).

We should add an extra reference of vm to avoid vm to be deleted if
qemuConnectMonitor() failed.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
2011-01-27 13:38:29 -07:00
Osier Yang
31242565ae remote: Add extra parameter pkipath for URI
This new parameter allows user specifies where the client
cerficate, client key, CA certificate of x509 is, instead of
hardcoding it. If 'pkipath' is not specified, and the user
is not root, try to find files in $HOME/.pki/libvirt, as long
as one of client cerficate, client key, CA certificate can
not be found, use default global location (LIBVIRT_CACERT,
LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
src/remote/remote_driver.h)

Example of use:

[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
or directory
error: failed to connect to the hypervisor
[root@Osier client]# ls -l
total 24
-rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
-rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
-rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
-rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem

[root@Osier client]# cp /tmp/cacert.pem .
[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
'quit' to quit

virsh #

* src/remote/remote_driver.c: adds support for the new pkipath URI parameter
2011-01-27 16:34:54 +08:00
Osier Yang
6002e0406c storage: Round up capacity for LVM volume creation
If vol->capacity is odd, the capacity will be rounded down
by devision, this patch is to round it up instead of rounding
down, to be safer in case of one writes to the volume with the
size he used to create.

- src/storage/storage_backend_logical.c: make sure size is not rounded down
2011-01-27 16:28:19 +08:00
David Allan
8e28c5d402 Do not use virtio-serial port 0 for generic ports
Per the discussion in:

https://bugzilla.redhat.com/show_bug.cgi?id=670394

The port numbering should start from 1, not 0.  We assign maxport + 1,
so start maxport at 0.
2011-01-26 23:02:40 -05:00
Laine Stump
c9c794b52b Manually kill gzip if restore fails before starting qemu
If a guest image is saved in compressed format, and the restore fails
in some way after the intermediate process used to uncompress the
image has been started, but before qemu has been started to hook up to
the uncompressor, libvirt will endlessly wait for the uncompressor to
finish, but it never will because it's still waiting to have something
hooked up to drain its output.

The solution is to close the pipes on both sides of the uncompressor,
then send a SIGTERM before calling waitpid on it (only if the restore
has failed, of course).
2011-01-26 10:13:43 -05:00
Daniel P. Berrange
e0e4e4de7a Add check for poll error events in monitor
Handle poll errors in the same way as hangup event

* src/qemu/qemu_monitor.c: Handle error events
2011-01-26 14:54:23 +00:00
Daniel P. Berrange
b8786c0641 Filter out certain expected error messages from libvirtd
Add a hook to the error reporting APIs to allow specific
error messages to be filtered out. Wire up libvirtd to
remove VIR_ERR_NO_DOMAIN & similar error codes from the
logs. They are still logged at DEBUG level.

* daemon/libvirtd.c: Filter VIR_ERR_NO_DOMAIN and friends
* src/libvirt_private.syms, src/util/virterror.c,
  src/util/virterror_internal.h: Hook for changing error
  reporting level
2011-01-26 14:54:23 +00:00
Daniel P. Berrange
dbfca3ff70 Revert all previous error log priority hacks
This reverts the additions in commit

  abff683f78

taking us back to state where all errors are fully logged
in both libvirtd and normal clients.

THe intent was to stop VIR_ERR_NO_DOMAIN (No such domain
with UUID XXXX) messages from client apps polluting syslog
The change affected all error codes, but more seriously,
it also impacted errors from internal libvirtd infrastructure
For example guest autostart no longer logged errors. The
libvirtd network code no longer logged some errors. This
makes debugging incredibly hard

* daemon/libvirtd.c: Remove error log priority filter
* src/util/virterror.c, src/util/virterror_internal.h: Remove
  callback for overriding log priority
2011-01-26 14:54:23 +00:00
Daniel P. Berrange
2b7ac8838d Cleanup code style in logging APIs
Remove use of brackets around following return statement.
Fix indentation of two switch statements
2011-01-26 14:54:23 +00:00
Laine Stump
34a19dda1c Set SELinux context label of pipes used for qemu migration
This patch is a partial resolution to the following bug:

   https://bugzilla.redhat.com/show_bug.cgi?id=667756

(to complete the fix, an updated selinux-policy package is required,
to add the policy that allows libvirt to set the context of a fifo,
which was previously not allowed).

Explanation : When an incoming migration is over a pipe (for example,
if the image was compressed and is being fed through gzip, or was on a
root-squash nfs server, so needed to be opened by a child process
running as a different uid), qemu cannot read it unless the selinux
context label for the pipe has been set properly.

The solution is to check the fd used as the source of the migration
just before passing it to qemu; if it's a fifo (implying that it's a
pipe), we call the newly added virSecurityManagerSetFDLabel() function
to set the context properly.
2011-01-26 09:03:21 -05:00
Laine Stump
d89608f994 Add a function to the security driver API that sets the label of an open fd.
A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().

If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().
2011-01-26 09:03:11 -05:00
Wen Congyang
75da8b8505 dispatch error before return
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
2011-01-25 10:05:03 -07:00
Osier Yang
dbd63c4d63 qemu: Error prompt when managed save a shutoff domain
The problem was introduced by commit 4303c91, which removed the checking
of domain state, this patch is to fix it.

Otherwise, improper error will be thrown, e.g.

error: Failed to save domain rhel6 state
error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
file or directory
2011-01-25 09:51:26 -07:00
Cole Robinson
6cabc0b0d0 qemu: sound: Support intel 'ich6' model
In QEMU, the card itself is a PCI device, but it requires a codec
(either -device hda-output or -device hda-duplex) to actually output
sound. Specifying <sound model='ich6'/> gives us -device intel-hda
-device hda-duplex I think it's important that a simple <sound model='ich6'/>
sets up a useful codec, to have consistent behavior with all other sound cards.

This is basically Dan's proposal of

    <sound model='ich6'>
        <codec type='output' slot='0'/>
        <codec type='duplex' slot='3'/>
    </sound>

without the codec bits implemented.

The important thing is to keep a consistent API here, we don't want some
<sound> devs require tweaking codecs but not others. Steps I see to
accomplishing this:

    - every <sound> device has a <codec type='default'/> (unless codecs are
        manually specified)
    - <codec type='none'/> is required to specify 'no codecs'
    - new audio settings like mic=on|off could then be exposed in
        <sound> or <codec> in a consistent manner for all sound models

v2:
    Use model='ich6'

v3:
    Use feature detection, from eblake
    Set codec id, bus, and cad values

v4:
    intel-hda isn't supported if -device isn't available

v5:
    Comment spelling fixes
2011-01-24 13:11:52 -05:00
Matthias Bolte
4a267912bf vmx: Use VIR_ERR_CONFIG_UNSUPPORTED when appropriated 2011-01-22 00:26:52 +01:00
Cole Robinson
1e1f7a8950 Push unapplied fixups for previous patch
- Add augeas tests
- Clarify vnc_auto_unix_socket precedence in qemu.conf
2011-01-21 16:18:54 -05:00
Cole Robinson
a942ea0692 qemu: Add conf option to auto setup VNC unix sockets
If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
listen or socket value will be setup to serve over a unix socket in
/var/lib/libvirt/qemu/$vmname.vnc.

We store the generated socket path in the transient VM definition at
CLI build time.
2011-01-21 16:03:05 -05:00
Cole Robinson
1d9c0a08d9 qemu: Allow serving VNC over a unix domain socket
QEMU supports serving VNC over a unix domain socket rather than traditional
TCP host/port. This is specified with:

<graphics type='vnc' socket='/foo/bar/baz'/>

This provides better security access control than VNC listening on
127.0.0.1, but will cause issues with tools that rely on the lax security
(virt-manager in fedora runs as regular user by default, and wouldn't be
able to access a socket owned by 'qemu' or 'root').

Also not currently supported by any clients, though I have patches for
virt-manager, and virt-viewer should be simple to update.

v2:
    schema: Make listen vs. socket a <choice>
2011-01-21 16:03:04 -05:00
Cole Robinson
cb4c2694f1 qemu: Set domain def transient at beginning of startup process
This will allow us to record transient runtime state in vm->def, like
default VNC parameters. Accomplish this by adding an extra 'live' parameter
to SetDefTransient, with similar semantics to the 'live' flag for
AssignDef.
2011-01-21 16:03:03 -05:00
Jim Fehlig
4301b95af7 [v2] qemu: Retry JSON monitor cont cmd on MigrationExpected error
When restoring a saved qemu instance via JSON monitor, the vm is
left in a paused state.  Turns out the 'cont' cmd was failing with
"MigrationExpected" error class and "An incoming migration is
expected before this command can be executed" error description
due to migration (restore) not yet complete.

Detect if 'cont' cmd fails with "MigrationExpecte" error class and
retry 'cont' cmd.

V2: Fix potential double-free noted by Laine Stump
2011-01-21 09:35:57 -07:00
Osier Yang
af268f2a36 qemu: report more proper error for unsupported graphics
Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
as it's valid in our domain schema, just unsupported by hypervisor
here.

* src/qemu/qemu_command.c
2011-01-21 09:27:15 -07:00
Daniel P. Berrange
87a183f698 Fix startup with VNC password expiry on old QEMU
The code which set VNC passwords correctly had fallback for
the set_password command, but was lacking it for the
expire_password command. This made it impossible to start
a guest. It also failed to check whether QEMU was still
running after the initial 'set_password' command completed

* src/qemu/qemu_hotplug.c: Fix error handling when
  password expiry fails
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
  return code for missing expire_password command
2011-01-21 16:24:13 +00:00
Daniel P. Berrange
f0bbf96047 Fix error reporting when machine type probe fails
Avoid overwriting the real error message with a generic
OOM failure message, when machine type probe fails

* src/qemu/qemu_driver.c: Don't overwrite error
2011-01-21 16:08:28 +00:00
Daniel P. Berrange
31c698d76d Avoid crash in security driver if model is NULL
If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL

* src/security/security_manager.c: Skip NULL model on verify
2011-01-21 16:07:04 +00:00
Wen Congyang
bda57661b8 qemu: Fix a possible deadlock in p2p migration
The function virUnrefConnect() may call virReleaseConnect() to release
the dest connection, and the function virReleaseConnect() will call
conn->driver->close().

So the function virUnrefConnect() should be surrounded by
qemuDomainObjEnterRemoteWithDriver() and
qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
two communicating libvirt daemons.

See commit f0c8e1cb37 for further details.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
2011-01-21 08:21:12 -07:00
Jiri Denemark
15e7865893 qemu: Avoid sending STOPPED event twice
In some circumstances, libvirtd would issue two STOPPED events after it
stopped a domain. This was because an EOF event can arrive after a qemu
process is killed but before qemuMonitorClose() is called.

qemuHandleMonitorEOF() should ignore EOF when the domain is not running.

I wasn't able to reproduce this bug directly, only after adding an
artificial sleep() into qemudShutdownVMDaemon().
2011-01-19 15:01:52 +01:00
Jiri Denemark
45c02ee06f qemu: Fail if per-device boot is used but deviceboot is not supported 2011-01-19 15:01:52 +01:00
Daniel P. Berrange
f10d209585 Remove redundant brackets around return values
A large number of return values used 'return (0)' instead
of simply 'return 0'. Remove all these redundant brackets
so the style is consistent throughout the file

* src/libvirt.c: Remove redundant brackets
2011-01-19 12:42:23 +00:00
Daniel P. Berrange
921b3812e2 Increase size of driver table to make UML work again
The driver table only has 10 slots, but there are potentially
11 drivers that need activating. Improve the error message
when driver registration fails

* src/libvirt.c: Increase driver table size & improve errors
2011-01-19 12:42:23 +00:00
Daniel P. Berrange
19d931d290 Turn libvirt.c error reporting functions into macros
The virLibConnError() function (and related ones) do not correctly
report line number info. Turn them all into macros so line numbers
are reported correctly. Drop the connection object in all of them
since it is no longer used.

Also from the virLibConnWarning() equivalents completely. Now
that the Xen driver is running 100% inside libvirtd, those
codepaths for secondary drivers cannot be reached.

* src/libvirt.c: Replace error functions with macros
2011-01-19 12:42:18 +00:00
Eric Blake
c5b11b3cc4 build: use more gnulib modules for simpler code
* .gnulib: Update to latest, for sigpipe and sigaction modules.
* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
gnulib guarantees it.
(SA_SIGINFO): Define for mingw fallback.
* src/util/virterror.c (virStrerror): Simplify, now that gnulib
guarantees the POSIX interface.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.
2011-01-18 15:35:41 -07:00
Matthias Bolte
915bc7421e Remove two unused PATH_MAX-sized char arrays from the stack 2011-01-18 23:14:37 +01:00
Matthias Bolte
e065e1ea04 Use VIR_ERR_OPERATION_INVALID when appropriated
VIR_ERR_OPERATION_INVALID means that the operation is not valid
for the current state of the involved object.
2011-01-18 23:14:37 +01:00
Matthias Bolte
8c6d61162f Fix misuse of VIR_ERR_INVALID_* error code
VIR_ERR_INVALID_* is meant for invalid pointers only.
2011-01-18 23:14:37 +01:00
Matthias Bolte
2c0db5b5dc Simplify "NWFilterPool" to "NWFilter"
The public object is called NWFilter but the corresponding private
object is called NWFilterPool. I don't see compelling reasons for this
Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.

Remove the Pool suffix from NWFilterPool. No functional change included.
2011-01-18 23:14:37 +01:00
Matthias Bolte
f002e9218d datatypes: Fix outdated function names in the documentation 2011-01-18 23:14:37 +01:00
Matthias Bolte
6916cfd7dd datatypes: Get virSecretFreeName in sync with the other free functions 2011-01-18 23:14:37 +01:00
Eric Blake
93681a3683 qemu: don't fail capabilities check on 0.12.x
Fixes regression introduced in commit 2211518, where all qemu 0.12.x
fails to start, as does qemu 0.13.x lacking the pci-assign device.
Prior to 2211518, the code was just ignoring a non-zero exit status
from the qemu child, but the virCommand code checked this to avoid
masking any other issues, which means the real bug of provoking
non-zero exit status has been latent for a longer time.

* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
for -device driver,? support.
(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
are unsupported.
Reported by Ken Congyang.
2011-01-18 14:45:53 -07:00
Eric Blake
1859939a74 qemu: use -incoming fd:n to avoid qemu holding fd indefinitely
https://bugzilla.redhat.com/show_bug.cgi?id=620363

When using -incoming stdio or -incoming exec:, qemu keeps the
stdin fd open long after the migration is complete.  Not to
mention that exec:cat is horribly inefficient, by doubling the
I/O and going through a popen interface in qemu.

The new -incoming fd: of qemu 0.12.0 closes the fd after using
it, and allows us to bypass an intermediary cat process for
less I/O.

* src/qemu/qemu_command.h (qemuBuildCommandLine): Add parameter.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Support
migration via fd: when possible.  Consolidate migration handling
into one spot, now that it is more complex.
* src/qemu/qemu_driver.c (qemudStartVMDaemon): Update caller.
* tests/qemuxml2argvtest.c (mymain): Likewise.
* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args: New file.
* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml: Likewise.
2011-01-17 09:24:41 -07:00
Jiri Denemark
3d44035824 qemu: Support per-device boot ordering
Support for this is included in qemu and seabios from upstream git.
2011-01-17 17:08:13 +01:00
Jiri Denemark
94234fa2f8 Introduce per-device boot element
Currently, boot order can be specified per device class but there is no
way to specify exact disk/NIC device to boot from.

This patch adds <boot order='N'/> element which can be used inside
<disk/> and <interface/>. This is incompatible with the older os/boot
element. Since not all hypervisors support per-device boot
specification, new deviceboot flag is included in capabilities XML for
hypervisors which understand the new boot element. Presence of the flag
allows (but doesn't require) users to use the new style boot order
specification.
2011-01-17 17:08:13 +01:00
Jiri Denemark
f5456ffd9d conf: Move boot parsing into a separate function 2011-01-17 17:08:13 +01:00
Nikunj A. Dadhania
d94a14f89d memtune: Let virsh know the unlimited value for memory tunables
Display or set unlimited values for memory parameters. Unlimited is
represented by INT64_MAX in memory cgroup.

Signed-off-by: Nikunj A. Dadhania <nikunj@linux.vnet.ibm.com>
Reported-by: Justin Clift <jclift@redhat.com>
2011-01-14 17:17:27 -07:00
Eric Blake
d9b0494779 datatypes: avoid redundant __FUNCTION__
virLibConnError already includes __FUNCTION__ in its output, so we
were redundant.  Furthermore, clang warns that __FUNCTION__ is not
a string literal (at least __FUNCTION__ will never contain %, so
it was not a security risk).

* src/datatypes.c: Replace __FUNCTION__ with a descriptive string.
2011-01-14 15:36:38 -07:00
Laine Stump
fe053dbea7 Enable tuning of qemu network tap device "sndbuf" size
This is in response to a request in:

   https://bugzilla.redhat.com/show_bug.cgi?id=665293

In short, under heavy load, it's possible for qemu's networking to
lock up due to the tap device's default 1MB sndbuf being
inadequate. adding "sndbuf=0" to the qemu commandline -netdevice
option will alleviate this problem (sndbuf=0 actually sets it to
0xffffffff).

Because we must be able to explicitly specify "0" as a value, the
standard practice of "0 means not specified" won't work here. Instead,
virDomainNetDef also has a sndbuf_specified, which defaults to 0, but
is set to 1 if some value was given.

The sndbuf value is put inside a <tune> element of each <interface> in
the domain. The intent is that further tunable settings will also be
placed inside this element.

     <interface type='network'>
       ...
       <tune>
         <sndbuf>0</sndbuf>
       ...
       </tune>
     </interface>
2011-01-14 14:46:38 -05:00