Commit Graph

926 Commits

Author SHA1 Message Date
Chen Hanxiao
9d34af1a6b libvirtd: clarify the TLS conf default value setting
Provide more details related to the requirement that setting one
of the values requires setting all of them.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-22 11:02:51 -05:00
Michal Koutný
1b0c42ff7a libvirtd: Explicit dependency on systemd-machined
The libvirtd daemon uses systemd-machined D-Bus API when manipulating
domains. The systemd-machined is D-Bus activated on demand.

However, during system shutdown systemd-machined is stopped concurrently
with libvirtd and virsh users also doing their final cleanup may
transitively fail due to unavailability of systemd-machined. Example
error message

> libvirtd[1390]: 2017-12-20 18:55:56.182+0000: 32700: error : virSystemdTerminateMachine:503 : Refusing activation, D-Bus is shutting down.

To circumvent this we need to explicitly specify both ordering and
requirement dependency (to avoid late D-Bus activation) on
systemd-machined. See [1] for the dependency debate.

[1] https://lists.freedesktop.org/archives/systemd-devel/2018-January/040095.html
2018-01-22 16:55:12 +01:00
Marc Hartmayer
f1d8251972 rpc: Introduce virNetServerSetClientAuthenticated
Combine virNetServerClientSetAuth(client,
VIR_NET_SERVER_SERVICE_AUTH_NONE) and virNetServerTrackCompletedAuth
into one new function named virNetServerSetClientAuthenticated.

After using this new function the function
virNetServerTrackCompletedAuth was superfluous and is therefore
removed. In addition, it is not very common that a
'{{function}}' (virNetServerTrackCompletedAuth) does more than just
the locking compared to
'{{function}}Locked' (virNetServerTrackCompletedAuthLocked).

virNetServerTrackPendingAuth was already superfluous and therefore
it's also removed.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
6e7e553180 rpc: Add typedef for the anonymous enum used for authentication methods
Add typedef for the anonymous enum used for the authentication methods
and remove the default case. This allows the usage of the type in a
switch statement and taking advantage of the compilers feature to
detect uncovered cases.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Marc Hartmayer
ed88b37fb4 rpc: Use the enum value instead of a numerical value
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-01-04 06:55:31 -05:00
Erik Skultety
a8582e3656 admin: Use the connection to determine a client is connected readonly
Prior to this change, we relied solely on the inherited readonly
attribute of a service's socket. This only worked for our UNIX sockets
(and only to some degree), but doesn't work for TCP sockets which are RW
by default, but such connections support RO as well. This patch forces
an update on the client object once we have established a connection to
reflect the nature of the connection itself rather than relying on the
underlying socket's attributes.
Clients connected to the admin server have always been connected as RW
only.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1524399
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-12-18 08:42:29 +01:00
Marc Hartmayer
4199c2f221 audit: Log only an info message if audit_level < 2 and audit is not supported
Replace the error message during startup of libvirtd with an info
message if audit_level < 2 and audit is not supported by the
kernel. Audit is not supported by the current kernel if the kernel
does not have audit compiled in or if audit is disabled (e.g. by the
kernel cmdline).

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-12-13 13:42:16 +01:00
xinhua.Cao
1fd1b76610 remote: Move the call to remoteClientFreePrivateCallbacks from FreeFunc to CloseFunc
Still because of commit id 'fe8f1c8b' where we generate a REF for the
Register and that's transparent to the consumer (e.g. how would they
know they need to ensure that Deregister is called), thus the purpose of
this patch is to find a way to Deregister if it's determined that the
consumer hasn't by the time of the "last" REF we'd have.

This solution to this problem is to alter the processing to have the
remoteClientCloseFunc handle performing the Deregister calls instead of
the remoteClientFreeFunc because there's no way FreeFunc would be called
unless the Deregister was already called.
2017-11-23 08:00:34 -05:00
xinhua.Cao
60e8bbc4c5 remote: Extract common clearing of event callbacks of client private data
Extract common clearing of event callbacks as remoteClientFreePrivateCallbacks.
the common function also separation including the sysident handling.
2017-11-23 07:35:23 -05:00
John Ferlan
2f3054c22a libvirtd: Fix order of cleanup processing
Current cleanup processing is ad-hoc at best - it's led to a couple of
strange and hard to diagnose timing problems and crashes.

So rather than perform cleanup in a somewhat random order, let's
perform cleanup in the exact opposite order of startup.

NB: It is possible that virNetlinkEventServerStart fails and we jump
to cleanup before driversInitialized has been set. That could leave
things inconsistent; however, resolution of that possibility is perhaps
more trouble than it's worth to handle.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-11-18 07:51:43 -05:00
John Ferlan
723cadd9ff libvirtd: Alter order of virNetDaemonNew
Let's be sure we can get a Daemon object before the server object.
This is a more "orderly" way to do things since the svr object would
be added to the dmn object afterwards.
2017-11-18 07:51:43 -05:00
John Ferlan
b5726b7ee9 libvirtd: Move pid_file_fd setup to before run_dir
Once we have forked the daemon successfully, let's claim the pidfile
immediately rather than waiting for setup of run_dir.
2017-11-18 07:51:43 -05:00
xinhua.Cao
b008797662 remote: Set *neventCallbacks to zero at DEREG_CB
To avoid the chance that the loop is run twice, set the neventCallbacks
to zero after VIR_FREE(eventCallbacks) was called.
2017-11-12 09:35:37 -05:00
Andrea Bolognani
3e7db8d3e8 Remove backslash alignment attempts
Right-aligning backslashes when defining macros or using complex
commands in Makefiles looks cute, but as soon as any changes is
required to the code you end up with either distractingly broken
alignment or unnecessarily big diffs where most of the changes
are just pushing all backslashes a few characters to one side.

Generated using

  $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
    grep -E '*\.([chx]|am|mk)$$' | \
    while read f; do \
      sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
    done

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2017-11-03 13:24:12 +01:00
Jim Fehlig
418a100290 daemon: remove minsize directive from hypervisor logrotate files
Commit 6c43149c removed the minsize directive from the qemu logrotate
file but missed other hypervisors. Remove minsize from the libxl, lxc,
and uml logrotate files as well.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-26 11:23:07 -06:00
Jim Fehlig
6c43149c41 qemu: logrotate: drop minsize directive
On a cloud host it is possible to create 100's of unique instances
per day, each leaving behind a /var/log/libvirt/qemu/instance-name.log
file that is < 100k. With the current 'minsize 100k' directive, these
files are never rotated and hence never removed. Over months of time,
tens of thousands of these files can accumulate on the host.

Dropping 'minsize 100k' allows rotating small files, which will
increase the number of log files, but 'rotate 4' ensures they will
be removed after a month.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-26 11:00:07 -06:00
Erik Skultety
15a37cdf88 maint: Remove not-so-much informative block commentaries
There were a bunch of commentary blocks that were literally useless in
terms of describing what the code following them does, since most of
them were documenting "the obvious" or it just wouldn't help at all.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-10-18 13:38:59 +02:00
Daniel P. Berrange
e371b3bf41 Use https:// links for most sites
This adds a rule to require https links for the libvirt, qemu
and kvm websites.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-16 10:22:34 +01:00
Erik Skultety
bc92770aba docs: Update --timeout description in libvirtd's man page
Since commit @ae2163f8, only active client connections or running
domains are allowed to inhibit daemon shutdown. The man page however
wasn't updated appropriately.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325066

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-09-08 11:07:45 +02:00
Erik Skultety
4c248e938a maint: Fix incorrect parenthesis placement causing true/false assignment
There were a few places in our code where the following pattern in 'if'
condition occurred:

if ((foo = bar() < 0))
    do something;

This patch adjusts the conditions to the expected format:

if ((foo = bar()) < 0)
    do something;

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1488192

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2017-09-05 11:27:12 +02:00
Erik Skultety
b988f794e3 daemon: logging: Fix --verbose option being ignored by the daemon
Commit 94c465d0 refactored the logging setup phase but introduced an
issue, where the daemon ignores verbose mode when there are no outputs
defined and the default must be used. The problem is that the default
output was determined too early, thus ignoring the potential '--verbose'
option taking effect. This patch postpones the creation of the default
output to the very last moment when nothing else can change. Since the
default output is only created during the init phase, it's safe to leave
the pointer as NULL for a while, but it will be set eventually, thus not
affecting runtime.
Patch also adjusts both the other daemons.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1442947

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-08-28 16:42:13 +02:00
Michal Privoznik
733359a6ff libvirtd.conf: Drop max_requests
Since its introduction in f61341173b it was never
implemented nor there are plans to implement it. Drop it.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-08-16 08:59:28 +02:00
Ján Tomko
e9f3222705 introduce virConfReadString
Rewrite virConfReadMem to take a null-terminated string.
All the callers were calling strlen on it anyway.
2017-08-08 12:19:17 +02:00
Peter Krempa
5aec02dc37 make: Drop building without driver modules
Driver modules proved to be reliable for a long time. Since support for
not building modules complicates the code and makefiles drop it.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-27 12:00:35 +02:00
John Ferlan
b913c8f453 daemon: Don't conditionally free @origErr in daemonStreamEvent
Commit id '0fe4aa149' added @origErr, but since it's assigned outside
the if condition, the free should be outside as well.

Found by Coverity
2017-07-20 10:08:27 -04:00
Michal Privoznik
0fe4aa149f fdstream: Report error from the I/O thread
Problem with our error reporting is that the error object is a
thread local variable. That means if there's an error reported
within the I/O thread it gets logged and everything, but later
when the event loop aborts the stream it doesn't see the original
error. So we are left with some generic error. We can do better
if we copy the error message between the threads.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2017-07-11 08:41:01 +02:00
Daniel P. Berrange
3e03d1bd7e Fix conditional check for DBus
The DBus conditional was renamed way back:

  commit da77f04ed5
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Sep 20 15:05:39 2012 +0100

    Convert HAVE_DBUS to WITH_DBUS

but the shutdown inhibit code was not updated. Thus libvirt
was never inhibiting shutdown by a logged in user when VMs
are running.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-05 13:12:21 +01:00
Lily Zhu
0f0c0921e6 man: Fix documentation errors about the paths of the config files
The default conf files, for example libvirtd.conf, virtlockd.conf, and
virtlogd.conf, should be located under the directory "/etc/libvirt" when
root as root, rather than "/etc". When run as non-root, the configuration
files should be located under "$XDG_CONFIG_HOME/libvirt/", rather than
"XDG_CONFIG_HOME".

Signed-off-by: Lily Zhu <lizhu@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-06-28 11:07:08 +02:00
Michal Privoznik
ba81c4ee4f daemonUnixSocketPaths: Unify exit paths
Right now, there is a lot of exit points from the function.
Depending on their position they need to copy the same free
calls. This goes against our style where we usually have just one
exit point from the function which also does the necessary free.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-06-13 15:06:34 +02:00
Yi Wang
2502a0fade daemon: fix memory leak in daemonUnixSocketPaths
@rundir, allocated by virGetUserRuntimeDirectory, is leaked in case
virFileMakePath fails.

Signed-off-by: Xi Xu <xu.xi8@zte.com.cn>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2017-06-13 11:01:21 +02:00
Peter Krempa
ed914284ba daemon: Don't initialize SASL context if not necessary
SASL context would be initialized even if the corresponding TCP or TLS
sockets are not enabled.

fe772f24a6 attempted to fix the symptom by commenting out the settings,
but that did not fix the root cause. 3c647ee4bb later reverted those
changes so that the more secure algorithm is used.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095
2017-06-02 14:52:11 +02:00
Michal Privoznik
89a0e69cec daemonStreamHandleRead: Wire up seekable stream
Whenever client is able to receive some data from stream
daemonStreamHandleRead is called. But now the behaviour of this
function needs to be changed a bit. Previously it just read data
from underlying file (of chardev or whatever) and sent those
through the stream to client. This model will not work any longer
because it does not differentiate whether underlying file is in
data or hole section. Therefore, at the beginning of this
function add code that checks this situation and acts
accordingly.
So after the this, when wanting to send some data we always check
whether we are not in a hole and if so, skip it an inform client
about its size.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-05-18 07:42:13 +02:00
Michal Privoznik
470aaa20d4 daemon: Implement VIR_NET_STREAM_HOLE handling
Basically, whenever the new type of stream packet arrives to the
daemon call this function that decodes it and calls
virStreamSendHole(). Otherwise a regular data stream packet has
arrived and therefore continue its processing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-05-18 07:42:13 +02:00
Michal Privoznik
79d16419c4 Introduce VIR_NET_STREAM_HOLE message type
This is a special type of stream packet, that is bidirectional
and contains information regarding how many bytes each side will
be skipping in the stream.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-05-18 07:42:13 +02:00
Michal Privoznik
5f4f9d87a9 Add new flag to daemonCreateClientStream and virNetClientStreamNew
Add a new argument to daemonCreateClientStream in order to allow for
future expansion to mark that a specific stream can be used to skip
data, such as the case with sparsely populated files. The new flag will
be the eventual decision point between client/server to decide whether
both ends can support and want to use sparse streams.

A new bool 'allowSkip' is added to both _virNetClientStream and
daemonClientStream in order to perform the tracking.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-05-18 07:42:13 +02:00
John Ferlan
fe8f1c8b86 remote: Fix possible use-after-free when sending event message
Based upon an idea and some research by Wang King <king.wang@huawei.com>
and xinhua.Cao <caoxinhua@huawei.com>.

Since we're assigning the 'client' to our callback event lookaside list,
it's imperative that we grab a reference to the object; otherwise, when
the object is unref'd during virNetServerProcessClients when it's determined
that the virNetServerClientIsClosed and the memory is free'd before perhaps
the object event state callbacks are run.  When a virObjectLock() is run,
before sending the message the following trace occurs;

    #0  0x00007fda223d66d8 in virClassIsDerivedFrom
        (klass=0xdeadbeef, parent=0x7fda24c81b40)
         at util/virobject.c:169
    #1  0x00007fda223d6a1e in virObjectIsClass
        (anyobj=anyobj@entry=0x7fd9e575b400, klass=<optimized out>)
         at util/virobject.c:365
    #2  0x00007fda223d6a44 in virObjectLock
        (anyobj=0x7fd9e575b400)
        at util/virobject.c:317
    #3  0x00007fda22507f71 in virNetServerClientSendMessage
        (client=client@entry=0x7fd9e575b400, msg=msg@entry=0x7fd9ec30de90)
        at rpc/virnetserverclient.c:1422
    #4  0x00007fda230d714d in remoteDispatchObjectEventSend
        (client=0x7fd9e575b400, program=0x7fda24c844e0, procnr=348,
         proc=0x7fda2310e5e0 <xdr_remote_domain_event_callback_tunable_msg>,
         data=0x7ffc3857fdb0)
        at remote.c:3803
    #5  0x00007fda230dd71b in remoteRelayDomainEventTunable
        (conn=<optimized out>, dom=0x7fda27cd7660, params=0x7fda27f3aae0,
         nparams=1,opaque=0x7fd9e6c99e00)
        at remote.c:1033
    #6  0x00007fda224484cb in virDomainEventDispatchDefaultFunc
        (conn=0x7fda27cd0120, event=0x7fda2736ea00, cb=0x7fda230dd610
         <remoteRelayDomainEventTunable>, cbopaque=0x7fd9e6c99e00)
        at conf/domain_event.c:1910
    #7  0x00007fda22446871 in virObjectEventStateDispatchCallbacks
        (callbacks=<optimized out>, callbacks=<optimized out>,
         event=0x7fda2736ea00,state=0x7fda24ca3960)
        at conf/object_event.c:722
    #8  virObjectEventStateQueueDispatch
        (callbacks=0x7fda24c65800, queue=0x7ffc3857fe90, state=0x7fda24ca3960)
        at conf/object_event.c:736
    #9  virObjectEventStateFlush (state=0x7fda24ca3960)
        at conf/object_event.c:814
    #10 virObjectEventTimer (timer=<optimized out>, opaque=0x7fda24ca3960)
        at conf/object_event.c:560
    #11 0x00007fda223ae8b9 in virEventPollDispatchTimeouts ()
        at util/vireventpoll.c:458
    #12 virEventPollRunOnce ()
        at util/vireventpoll.c:654
    #13 0x00007fda223ad1d2 in virEventRunDefaultImpl ()
        at util/virevent.c:314
    #14 0x00007fda225046cd in virNetDaemonRun (dmn=0x7fda24c775c0)
        at rpc/virnetdaemon.c:818
    #15 0x00007fda230d6351 in main (argc=<optimized out>, argv=<optimized out>)
        at libvirtd.c:1623

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-04-25 07:26:36 -04:00
John Ferlan
2033e8cc11 daemon: Rework remoteClientFreeFunc cleanup loops into C macro
Rather than 'n' repetitive code segments, let's create a single macro
which will make the code easier to read.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-04-25 07:26:36 -04:00
Wang King
0023cc039d daemon: Remove unnecessary goto error
Freeing the dst is unnecessary if the VIR_STRDUP fails, and therefore
we need to remove the error label as well.
2017-04-25 11:30:41 +02:00
Wang King
f69340472c daemon: Fix domain name leak in error path
Domain name is duplicated in make_nonnull_domain, but not freed when
virTypedParamsSerialize returns error.
2017-04-25 11:30:26 +02:00
Jim Fehlig
6b3fb86b39 Increase default task limit for libvirtd
libvirtd can spawn threads/tasks when creating new domains for
some hypervisors such as Xen's libxl driver, quickly reaching
the cgroups pids controller default TasksMax setting of 512. When
the limit is reached, attempting to create additional domains
results in an error from the cgroups pids controller, e.g.

kernel: [71282.213347] cgroup: fork rejected by pids controller in
/system.slice/libvirtd.service

Depending on domain type and configuration, anywhere from 4-7
threads/tasks may be created by libxl when starting a domain.
In order to support 4096 domains, similar to commit 27cd763500,
increase the TasksMax setting in libvirtd.service to
4096 * 8 = 32768 tasks.
2017-04-20 09:13:34 -06:00
Ján Tomko
e73889b631 Split out -Wframe-larger-than warning from WARN_CLFAGS
Introduce STRICT_FRAME_LIMIT_CFLAGS that will be used for
production code and RELAXED_FRAME_LIMIT_CFLAGS for tests.

Raising the limit for tests allows building them with clang
with optimizations disabled.
2017-04-06 12:29:35 +02:00
Michal Privoznik
5683b21309 virGetDomain: Set domain ID too
So far our code is full of the following pattern:

  dom = virGetDomain(conn, name, uuid)
  if (dom)
      dom->id = 42;

There is no reasong why it couldn't be just:

  dom = virGetDomain(conn, name, uuid, id);

After all, client domain representation consists of tuple (name,
uuid, id).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-04-03 08:35:57 +02:00
Peter Krempa
085e794a86 lib: Introduce event for tracking disk backing file write threshold
When using thin provisioning, management tools need to resize the disk
in certain cases. To avoid having them to poll disk usage introduce an
event which will be fired when a given offset of the storage is written
by the hypervisor. Together with the API which will be added later, it
will allow registering thresholds for given storage backing volumes and
this event will then notify management if the threshold is exceeded.
2017-03-27 09:29:57 +02:00
Nitesh Konkar
9dba52efd2 perf: remote: Compare perf nparams against the correct constant
Currently 'virsh perf domain' errors out as the perf nparams is
incorrectly compared against REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX
instead of REMOTE_DOMAIN_PERF_EVENTS_MAX.

Signed-off-by: Nitesh Konkar <nitkon12@linux.vnet.ibm.com>
2017-03-17 10:39:45 +01:00
Daniel P. Berrange
887450cbdf Sanity check explicit TLS file paths
When providing explicit x509 cert/key paths in libvirtd.conf,
the user must provide all three. If one or more is missed,
this leads to obscure errors at runtime when negotiating
the TLS session

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-16 10:49:58 +00:00
Daniel P. Berrange
27cd763500 Increase default file handle limits for daemons
Linux still defaults to a 1024 open file handle limit. This causes
scalability problems for libvirtd / virtlockd / virtlogd on large
hosts which might want > 1024 guest to be running. In fact if each
guest needs > 1 FD, we can't even get to 500 guests. This is not
good enough when we see machines with 100's of physical cores and
TBs of RAM.

In comparison to other memory requirements of libvirtd & related
daemons, the resource usage associated with open file handles
is essentially line noise. It is thus reasonable to increase the
limits unconditionally for all installs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-16 10:48:09 +00:00
Daniel P. Berrange
3c647ee4bb Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
RFC 6331 documents a number of serious security weaknesses in
the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
by using it as a default mechanism. GSSAPI is the only other
viable SASL mechanism that can provide secure session encryption
so enable that by defalt as the replacement.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-03-15 18:14:51 +00:00
Peter Krempa
633b7592d6 daemon: Refactor connection driver module loading
Pass the registration function name to virDriverLoadModule so that we
can later call specific functions if necessary (e.g. for testing
purposes). This gets rid of the rather ugly automatic name generator and
unifies the code to load/initialize the modules.

It's also clear which registration function gets called.
2017-02-21 09:24:33 +01:00
Boris Fiuczynski
4e036ab0c2 libvirtd: set openvswitch timeout value based on config data
Since a successful completion of the calls to openvswitch is expected
a longer timeout should be able to be chosen to account for loaded systems.
Therefore this patch provides the ability to specify the timeout value for
openvswitch calls in the libvirtd configuration file.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
2017-02-09 14:34:08 +01:00
Boris Fiuczynski
66583c0cf7 libvirtd: add openvitch timeout value
Provide the ability to specify a default timeout value for
successful completion of openvswitch calls in the libvirtd
configuration file.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2017-02-09 14:34:08 +01:00