Commit Graph

22414 Commits

Author SHA1 Message Date
Erik Skultety
ed978fa2bc admin: Introduce listing clients
Finally add public method to retrieve the list of currently connected clients
to a given server.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:54 +02:00
Erik Skultety
42b06aa65d rpc: virnetserverclient: Implement client connection transport retrieval
Although we document 6 types of transport that we support, internally we can
only differentiate between TCP, TLS, and UNIX transports only, since both SSH
and libssh2 transports, due to using netcat, behave in the exactly the same
way as a UNIX socket.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-03 10:04:49 +02:00
Erik Skultety
15500e9229 include: admin: export connection transport constants
We have to expose some constants, in order for the client object transport
field to make sense.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
04bab54d05 rpc: virnetserver: Support retrieval of a list of clients
For now, the list copy is done simply by locking the whole server, walking the
original and increasing the refcount on each object. We may want to change
the list to a lockable object (like list of domains) later in the future if
we discover some performance issues related to locking the whole server in
order to walk the whole list of clients, possibly issuing some 'ForEach'
callback.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
4bd430748c rpc: gendispatch: Tune it to support client structure
Now that libvirt-admin supports another client-side object and provided that
we want to generate as many both client-side and server-side RPC dispatchers,
support for this needs to be added to gendispatch.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:23 +02:00
Erik Skultety
324945d99b admin: Introduce virAdmClient client-side object
Besides ID, the object also stores static data like connection transport and
connection timestamp, since once obtained a list of all clients connected to a
server, from user's perspective, it would be nice to know whether a given
client is remote or local only and when did it connect to the daemon.
Along with the object introduction, all necessary client-side methods necessary
to work with the object are added as well.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:26:17 +02:00
Erik Skultety
a32135b3b1 rpc: virnetserverclient: Introduce new attribute conn_time to client
Besides ID, libvirt should provide several parameters to help the user
distinguish two clients from each other. One of them is the connection
timestamp. This patch also adds a testcase for proper JSON formatting of the
new attribute too (proper formatting of older clients that did not support
this attribute yet is included in the existing tests) - in order to
testGenerateJSON to work, a mock of time_t time(time_t *timer) needed to be
created.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:52 +02:00
Erik Skultety
5841d64d25 rpc: virnetserverclient: Identify clients by an integer ID
Admin API needs a way of addressing specific clients. Unlike servers, which we
are happy to address by names both because its name reflects its purpose (to
some extent) and we only have two of them (so far), naming clients doesn't make
any sense, since a) each client is an anonymous, i.e. not recognized after a
disconnect followed by a reconnect, b) we can't predict what kind of requests
it's going to send to daemon, and c) the are loads of them comming and going,
so the only viable option is to use an ID which is of a reasonably wide data
type.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-05-02 22:25:51 +02:00
Andrea Bolognani
6620cd1efc configure: Introduce LIBVIRT_{CHECK,RESULT}_INIT_SCRIPT
Move the code dealing with init scripts to a separate file
so configure.ac itself can be a little bit smaller.
2016-05-02 17:18:05 +02:00
Andrea Bolognani
cf72255ede configure: Add systemd detection to --with-init-script=check
Most distributions, including RHEL, have switched to systemd,
so we should detect it and act accordingly. This also means
that 'systemd+redhat' should be preferred to legacy 'redhat'.

Our witness for the check is the availability of the systemctl
command on the host.
2016-05-02 17:18:05 +02:00
Andrea Bolognani
6f91606777 configure: Improve --with-init-script=check
If we didn't find a match, either because we're cross compiling
or because we're not building on RHEL, we won't install any
init script.

Make sure this is reported correctly in the configure summary.
2016-05-02 17:18:05 +02:00
Boris Fiuczynski
383c6f7f4d tests: add tests for panic device model s390
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
73e4e10e62 qemu: add default panic device to S390 guests
This patch adds by default a panic device with model s390 to S390 guests.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
d855465452 qemu: add panic device support for S390
If a panic device is being defined without a model in a domain
the default value is always overwritten with model ISA. An ISA
bus does not exist on S390 and therefore specifying a panic device
results in an unsupported configuration.
Since the S390 architecture inherently provides a crash detection
capability the panic device should be defined in the domain xml.

This patch adds an s390 panic device model and prevents setting a
device address on it.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
b43ab240c2 qemu: merge S390 and S390X default device creation
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
a1574e5c98 qemu: fix error message for default panic device
Adding the default bus type ISA to the message.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Boris Fiuczynski
f91403e00b docs: align spelling of S390
Signed-off-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
2016-05-02 17:01:40 +02:00
Cole Robinson
a5481546d6 fdstream: don't raise error on SIGPIPE if abort requested
The iohelper dies on SIGPIPE if the stream is closed before all data
is processed. IMO this should be an error condition for virStreamFinish
according to docs like:

  * This method is a synchronization point for all asynchronous
  * errors, so if this returns a success code the application can
  * be sure that all data has been successfully processed.

However for virStreamAbort, not so much:

  * Request that the in progress data transfer be cancelled
  * abnormally before the end of the stream has been reached.
  * For output streams this can be used to inform the driver
  * that the stream is being terminated early. For input
  * streams this can be used to inform the driver that it
  * should stop sending data.

Without this, virStreamAbort will realistically always error for
active streams like domain console. So, treat the SIGPIPE case
as non-fatal if abort is requested.

Note, this will only affect an explicit user requested abort. An
abnormal abort, like from a server error, always raises an error
in the daemon.
2016-05-02 10:13:05 -04:00
Cole Robinson
66a03d0af2 daemon: stream: Don't force error when client aborts
Every time a client aborts a stream via the virStreamAbort API,
the daemon always logs an error like:

  error : daemonStreamHandleAbort:617 : stream aborted at client request

and that same error is returned to the client. Meaning virStreamAbort
always returns -1, which seems strange.

This reworks the error handling to only raise an error on virStreamAbort
if the actual server side abort call raises an error. This is similar
to how virStreamFinish works.

If the abort code path is triggered by an unexpected message type
then we continue to raise an unconditional error. Also drop a redundant
VIR_WARN call there, since virReportError will raise a VIR_ERROR anyways
2016-05-02 10:13:05 -04:00
Cole Robinson
8958dde506 rpc: protocol: Clarify VIR_NET_ERROR usage with streams
The described protocol semantics really only apply to server initiated
stream messages. Document the semantics for client messages.
2016-05-02 10:13:04 -04:00
Cole Robinson
75e1999042 daemon: stream: set stream->closed on removal
These are the only places where we don't set stream->closed when
aborting the stream. This leads to spurious errors when the client
hangs up unexpectedly:

error : virFDStreamUpdateCallback:127 : internal error: stream is not open
2016-05-02 10:13:04 -04:00
Cole Robinson
a680dde643 daemon: stream: don't update events if stream->closed
Calling virStreamFinish prematurely seems to trigger this code path
even after the stream is closed, which ends up hitting this error
message later:

error : virFDStreamUpdateCallback:127 : internal error: stream is not open

Skip this function if stream->closed, which is used in many other places
like read/write handlers
2016-05-02 10:13:04 -04:00
Cole Robinson
e7407872a4 daemon: stream: Close stream on send failure
This is the only place in daemon/stream.c that sets
'stream->closed = true' but neglects to actually abort the stream
and remove the callback, which seems wrong.
2016-05-02 10:13:04 -04:00
Cole Robinson
c48db92fbd fdstream: Raise explicit error when iohelper gets SIGPIPE
This happens when virStreamFinish/Abort are called, but iohelper
still has data to process.
2016-05-02 10:13:04 -04:00
Cole Robinson
6b173cf562 fdstream: Report error with virProcessTranslateStatus
Rather than poorly duplicate it
2016-05-02 10:13:04 -04:00
Cole Robinson
c0e870376c fdstream: separate out virCommandPtr cleanup
Let's us de-nest some of the logic, and will simplify upcoming
patches
2016-05-02 10:12:58 -04:00
Cole Robinson
441e881e9a nwfilter: Save config to disk if we generated a UUID
libvirt-daemon-config-nwfilter will put a bunch of xml configs
into /etc/libvirt/nwfilter. These configs don't hardcode a UUID
and depends on libvirt to generate one. However the generated UUID
is never saved to disk, unless the user manually calls Define.

This makes daemon reload quite noisy with many errors like:

error : virNWFilterObjAssignDef:3101 : operation failed: filter 'allow-incoming-ipv4' already exists with uuid 50def3b5-48d6-46a3-b005-cc22df4e5c5c

Because a new UUID is generated every time the config is read from
disk, so libvirt constantly thinks it's finding a new nwfilter.

Detect if we generated a UUID when the config file is loaded; if so,
resave the new contents to disk to ensure the UUID is persisteny.

This is similar to what was done in commit a47ae7c0 with virtual
networks and generated MAC addresses
2016-05-02 10:06:04 -04:00
Cole Robinson
0feb1c6c24 nwfilter: Push configFile building into LoadConfig
This matches the pattern used for network object APIs, and we want
configDir in LoadConfig for upcoming patches
2016-05-02 10:06:04 -04:00
Cole Robinson
ab05abdbc3 nwfilter: Fix potential locking problems on ObjLoad failure
In virNWFilterObjLoad we can still fail after virNWFilterObjAssignDef,
but we don't unlock and free the created virNWFilterObjPtr in the
cleanup path.

The bit we are trying to do after AssignDef is just STRDUP in the
configFile path. However caching the configFile in the NWFilterObj
is largely redundant and doesn't follow the same pattern we use
for domain and network objects.

So just remove all the configFile caching which fixes the latent
bug as a side effect.
2016-05-02 10:06:04 -04:00
Cole Robinson
26af7e4e93 network: Fix segfault on daemon reload
We will segfault of a daemon reload picks up a new network config
that needs to be autostarted. We shouldn't be passing NULL for
network_driver here. This seems like it was missed in the larger
rework in commit 1009a61e
2016-05-02 10:06:04 -04:00
Shivaprasad G Bhat
192a53e07c send default USB controller in xml to destination during migration
The default USB controller is not sent to destination as the older versions
of libvirt(0.9.4 or earlier as I see in commit log of 409b5f54) didn't
support them. For some archs where the support started much later can
safely send the USB controllers without this worry. So, send the controller
to destination for all archs except x86. Moreover this is not very applicable
to x86 as the USB controller has model ich9_ehci1 on q35 and for pc-i440fx,
there cant be any slots before USB as it is fixed on slot 1.

The patch fixes a bug that, if the USB controller happens to occupy
a slot after disks/interfaces and one of them is hot-unplugged, then
the default USB controller added on destination takes the smallest slot
number and that would lead to savestate mismatch and migration
failure. Seen and verified on PPC64.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
2016-05-02 10:06:04 -04:00
Cole Robinson
601531d6ea conf: format runtime DAC seclabel, unless MIGRATABLE
We historically format runtime seclabel selinux/apparmor values,
however we skip formatting runtime DAC values. This was added in

commit 990e46c454
Author: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Date:   Fri Aug 31 13:40:41 2012 +0200

    conf: Avoid formatting auto-generated DAC labels

to maintain migration compatibility with libvirt < 0.10.0.

However the formatting was skipped unconditionally. Instead only
skip formatting in the VIR_DOMAIN_DEF_FORMAT_MIGRATABLE case.

https://bugzilla.redhat.com/show_bug.cgi?id=1215833
2016-05-02 10:06:04 -04:00
Cole Robinson
20b52668dd conf: storage: pool: reject name containing '/'
Trying to define a pool name containing an embedded '/'
will immediately fail when trying to write the XML to disk.
This patch explicitly rejects names containing a '/'

Besides our stateful driver, there are two other storage impls:
esx and phyp. esx doesn't support pool creation, so this should
doesn't apply.

phyp does support pool creation, and the name is passed to the
'mksp' tool, which google doesn't reveal whether it accepts '/'
or not. IMO the likeliness of this impacting any users is near zero
2016-05-02 10:06:04 -04:00
Cole Robinson
454f739f24 conf: network: reject name containing '/'
Trying to define a network name containing an embedded '/'
will immediately fail when trying to write the XML to disk.
This patch explicitly rejects names containing a '/'

Besides the network bridge driver, the only other network
implementation is a very thin one for virtualbox, which seems to
use the network name as a host interface name, which won't
accept '/' anyways, so I think this is fine to do unconitionally.

https://bugzilla.redhat.com/show_bug.cgi?id=787604
2016-05-02 10:06:04 -04:00
Cole Robinson
b1fc6a7b73 conf: domain: reject name containing '/'
Trying to define a domain name containing an embedded '/'
will immediately fail when trying to write the XML to disk for
our stateful drivers. This patch explicitly rejects names
containing a '/', and provides an xmlopt feature for drivers
to avoid this validation check, which is enabled in every
non-stateful driver that already has xmlopt handling wired up.

(Technically this could reject a previously accepted vmname like
 '/foo', however at least for the qemu driver that falls over
 later when starting qemu)

https://bugzilla.redhat.com/show_bug.cgi?id=639923
2016-05-02 10:06:04 -04:00
Martin Kletzander
541f21afa6 conf: Parse more of our nodedev XML
We were lacking tests that are checking for the completeness of our
nodedev XMLs and also whether we output properly formatted ones.  This
patch adds parsing for the capability elements inside the <capability
type='pci'> element.  Also bunch of tests are added to show everything
works properly.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-05-02 15:46:23 +02:00
Martin Kletzander
9840761fb4 schemas: Update nodedev schema to match reality
There were few things done in the nodedev code but we were lacking tests
for it.  And because of that we missed that the schema was not updated
either.  Fix the schema and add various test files to show the schema
is correct.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-05-02 15:46:23 +02:00
Martin Kletzander
88c8be67d4 Move capability formatting together
All sub-PCI capabilities should be next to each other for clarity.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-05-02 15:46:23 +02:00
Martin Kletzander
c36b1f7b6a Change virDevicePCIAddress to virPCIDeviceAddress
We had both and the only difference was that the latter also included
information about multifunction setting.  The problem with that was that
we couldn't use functions made for only one of the structs (e.g.
parsing).  To consolidate those two structs, use the one in virpci.h,
include that in domain_conf.h and add the multifunction member in it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-05-02 15:46:23 +02:00
John Ferlan
573cfd188c qemu: hotplug: Fix possible memory leak of props
If we failed to build the aliases or attach the chardev, then the props
would be leaked - fix that.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:29:21 -04:00
John Ferlan
3e81b98ceb qemu: hotplug: Adjust error path for attach hostdev scsi disk
Adjust error path logic to make it clearer how to undo the failed add.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:29:21 -04:00
John Ferlan
843ae77896 qemu: hotplug: Adjust error path for attach virtio disk
Adjust error path logic to make it clearer how to undo the failed add.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:29:21 -04:00
John Ferlan
b0e002fcfd qemu: hotplug: Adjust error path for attach scsi disk
Adjust error path logic to make it clearer how to undo the failed add.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:22:56 -04:00
John Ferlan
db5b47fd4a qemu: Use qemuDomainSecretInfoPtr in qemuBuildNetworkDriveURI
Rather than take username and password as parameters, now take
a qemuDomainSecretInfoPtr and decode within the function.

NB: Having secinfo implies having the username for a plain type
    from a successful virSecretGetSecretString

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:10:19 -04:00
John Ferlan
d081665045 qemu: Introduce qemuDomainSecretHostdevPrepare and Destroy
Similar to the qemuDomainSecretDiskPrepare, generate the secret
for the Hostdev's prior to call qemuProcessLaunch which calls
qemuBuildCommandLine. Additionally, since the secret is not longer
added as part of building the command, the hotplug code will need
to make the call to add the secret in the hostdevPriv.

Since this then is the last requirement to pass a virConnectPtr
to qemuBuildCommandLine, we now can remove that as part of these
changes. That removal has cascading effects through various callers.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:10:19 -04:00
John Ferlan
27726d8c21 qemu: Introduce qemuDomainHostdevPrivatePtr
Modeled after the qemuDomainDiskPrivatePtr logic, create a privateData
pointer in the _virDomainHostdevDef to allow storage of private data
for a hypervisor in order to at least temporarily store auth/secrets
data for usage during qemuBuildCommandLine.

NB: Since the qemu_parse_command (qemuParseCommandLine) code is not
expecting to restore the auth/secret data, there's no need to add
code to handle this new structure there.

Updated copyrights for modules touched. Some didn't have updates in a
couple years even though changes have been made.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:10:19 -04:00
John Ferlan
40d8e2ba37 qemu: Introduce qemuDomainSecretPrepare and Destroy
Rather than needing to pass the conn parameter to various command
line building API's, add qemuDomainSecretPrepare just prior to the
qemuProcessLaunch which calls qemuBuilCommandLine. The function
must be called after qemuProcessPrepareHost since it's expected
to eventually need the domain masterKey generated during the prepare
host call. Additionally, future patches may require device aliases
(assigned during the prepare domain call) in order to associate
the secret objects.

The qemuDomainSecretDestroy is called after the qemuProcessLaunch
finishes in order to clear and free memory used by the secrets
that were recently prepared, so they are not kept around in memory
too long.

Placing the setup here is beneficial for future patches which will
need the domain masterKey in order to generate an encrypted secret
along with an initialization vector to be saved and passed (since
the masterKey shouldn't be passed around).

Finally, since the secret is not added during command line build,
the hotplug code will need to get the secret into the private disk data.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 06:10:19 -04:00
John Ferlan
48f56a9c5a qemu: Introduce qemuDomainSecretInfo
Introduce a new private structure to hold qemu domain auth/secret data.
This will be stored in the qemuDomainDiskPrivate as a means to store the
auth and fetched secret data rather than generating during building of
the command line.

The initial changes will handle the current username and secret values
for rbd and iscsi disks (in their various forms). The rbd secret is
stored as a base64 encoded value, while the iscsi secret is stored as
a plain text value. Future changes will store encoded/encrypted secret
data as well as an initialization vector needed to be given to qemu
in order to decrypt the encoded password along with the domain masterKey.
The inital assumption will be that VIR_DOMAIN_SECRET_INFO_PLAIN is
being used.

Although it's expected that the cleanup of the secret data will be
done immediately after command line generation, reintroduce the object
dispose function qemuDomainDiskPrivateDispose to handle removing
memory associated with the structure for "normal" cleanup paths.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-05-02 05:55:40 -04:00
Cédric Bosdonnat
0304a2a7ef Adapt augeas profile to handle negative int values.
Introducing keepalive_interval = -1 breaks to augeas lens. Fix the lens
by allowing signed ints in the regular expression.
2016-05-02 10:04:40 +02:00
Peter Krempa
7434eba7c7 qemu: monitor: Kill legacy PCI hotplug code 2016-05-02 09:12:14 +02:00