libvirt/src/esx
Eric Blake 73b9977140 xml: use long long internally, to centralize overflow checks
On 64-bit platforms, unsigned long and unsigned long long are
identical, so we don't have to worry about overflow checks.
On 32-bit platforms, anywhere we narrow unsigned long long back
to unsigned long, we have to worry about overflow; it's easier
to do this in one place by having most of the code use the same
or wider types, and only doing the narrowing at the last minute.
Therefore, the memory set commands remain unsigned long, and
the memory get command now centralizes the overflow check into
libvirt.c, so that drivers don't have to repeat the work.

This also fixes a bug where xen returned the wrong value on
failure (most APIs return -1 on failure, but getMaxMemory
must return 0 on failure).

* src/driver.h (virDrvDomainGetMaxMemory): Use long long.
* src/libvirt.c (virDomainGetMaxMemory): Raise overflow.
* src/test/test_driver.c (testGetMaxMemory): Fix driver.
* src/rpc/gendispatch.pl (name_to_ProcName): Likewise.
* src/xen/xen_hypervisor.c (xenHypervisorGetMaxMemory): Likewise.
* src/xen/xen_driver.c (xenUnifiedDomainGetMaxMemory): Likewise.
* src/xen/xend_internal.c (xenDaemonDomainGetMaxMemory):
Likewise.
* src/xen/xend_internal.h (xenDaemonDomainGetMaxMemory):
Likewise.
* src/xen/xm_internal.c (xenXMDomainGetMaxMemory): Likewise.
* src/xen/xm_internal.h (xenXMDomainGetMaxMemory): Likewise.
* src/xen/xs_internal.c (xenStoreDomainGetMaxMemory): Likewise.
* src/xen/xs_internal.h (xenStoreDomainGetMaxMemory): Likewise.
* src/xenapi/xenapi_driver.c (xenapiDomainGetMaxMemory):
Likewise.
* src/esx/esx_driver.c (esxDomainGetMaxMemory): Likewise.
* src/libxl/libxl_driver.c (libxlDomainGetMaxMemory): Likewise.
* src/qemu/qemu_driver.c (qemudDomainGetMaxMemory): Likewise.
* src/lxc/lxc_driver.c (lxcDomainGetMaxMemory): Likewise.
* src/uml/uml_driver.c (umlDomainGetMaxMemory): Likewise.
2012-03-07 18:24:43 -07:00
..
esx_device_monitor.c esx: reject unknown flags 2011-07-15 16:30:22 -06:00
esx_device_monitor.h build: consistently indent preprocessor directives 2010-03-09 19:22:28 +01:00
esx_driver.c xml: use long long internally, to centralize overflow checks 2012-03-07 18:24:43 -07:00
esx_driver.h esx: Cleanup file header comments 2010-03-23 01:28:08 +01:00
esx_interface_driver.c esx: reject unknown flags 2011-07-15 16:30:22 -06:00
esx_interface_driver.h esx: Cleanup file header comments 2010-03-23 01:28:08 +01:00
esx_network_driver.c esx: reject unknown flags 2011-07-15 16:30:22 -06:00
esx_network_driver.h esx: Cleanup file header comments 2010-03-23 01:28:08 +01:00
esx_nwfilter_driver.c esx: reject unknown flags 2011-07-15 16:30:22 -06:00
esx_nwfilter_driver.h esx: Add nwfilter driver stub 2010-04-15 19:52:38 +02:00
esx_private.h esx: Convert autoAnswer from esxVI_Boolean to a simple bool 2011-05-17 13:16:48 +02:00
esx_secret_driver.c esx: reject unknown flags 2011-07-15 16:30:22 -06:00
esx_secret_driver.h esx: Cleanup file header comments 2010-03-23 01:28:08 +01:00
esx_storage_driver.c Fix typos in messages. 2012-01-03 20:30:33 -07:00
esx_storage_driver.h build: consistently indent preprocessor directives 2010-03-09 19:22:28 +01:00
esx_util.c Fixed URI parsing 2012-02-24 16:49:21 -07:00
esx_util.h Fixed URI parsing 2012-02-24 16:49:21 -07:00
esx_vi_generator.input esx: Support folders in the path of vpx:// connection URIs 2011-11-01 18:45:42 +01:00
esx_vi_generator.py esx: Refactor a repeated string in the generator 2011-08-23 23:15:21 +02:00
esx_vi_methods.c esx: Generate implicit _this macros 2011-05-14 11:45:08 +02:00
esx_vi_methods.h build: fix recent 'make syntax-check' failure 2010-04-14 11:23:09 -06:00
esx_vi_types.c time_t is not a long on FreeBSD, switch internal type to long long 2011-05-25 18:47:33 +02:00
esx_vi_types.h time_t is not a long on FreeBSD, switch internal type to long long 2011-05-25 18:47:33 +02:00
esx_vi.c esx: Correctly disable HTTP Expect header usage of libcurl 2012-02-21 20:48:33 +01:00
esx_vi.h esx: Support folders in the path of vpx:// connection URIs 2011-11-01 18:45:42 +01:00
README esx: Handle name escaping properly 2010-10-14 22:43:16 +02:00

Some links to relevant documentation
====================================


VI/vSphere API:
  http://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/
  http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/
  http://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/

VMX config:
  http://www.sanbarrow.com/vmx.html

CPUID:
  http://www.sandpile.org/ia32/cpuid.htm

Memory model:
  http://www.vmware.com/pdf/esx3_memory.pdf
  http://www.vmware.com/pdf/usenix_resource_mgmt.pdf

Virtual serial port (network backed):
  http://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/vim.vm.device.VirtualSerialPort.URIBackingInfo.html
  http://www.vmware.com/support/developer/vc-sdk/visdk41pubs/vsp41_usingproxy_virtual_serial_ports.pdf



Automatic question handling
===========================


What is a question in the ESX context?
--------------------------------------

The VI API contains methods that start tasks, for example PowerOnVM_Task(). Such
tasks may be blocked by questions if the ESX host detects an issue with the
virtual machine that requires user interaction.

An example: If a virtual machine has a serial port that is realized via a file,
the ESX host will ask a question on power-on of this virtual machine whether
new content should be appended to this file or the file should be replaced.
Until this question is answered the power-on task is blocked and the virtual
machine won't get powered on.

The ESX driver cannot prompt the user to answer a question, libvirt doesn't
have an API for something like this. The VI API provides the AnswerVM() method
to programmatically answer such questions. A question comes together with a list
of possible answers. One of this answers is marked as the default one. For all
questions I've seen so far the default answer is always a non-destructive one.

There are two options how to handle a question that is blocking a task: either
answer it automatically or report it as error and try to cancel the blocked
task.

The auto_answer query parameter defines how the driver should handle questions.
Possible values are 0 for the report-error-and-try-to-cancel option and 1 for
the automatic-answer option.


How is automatic question handling implemented?
-----------------------------------------------

Before any new task is started the driver checks if there is a pending task
blocked by a question. If automatic question handling is disabled the driver
reports an error that includes the question and returns from the driver
function. If automatic question handling is enabled the driver answers the
question with the default answer and returns from the driver function.

In both cases the actual desired task is not started. If the question was not
answered the blocked task is still blocked and because task can't be executed
in parallel in general it's of no use to start yet another task. If the
question was answered the blocked task may already perform the desired action
and one must wait for its completion, so it's of no use to start yet another
task.

If there is no question blocking a task or another pending task that had not
finished yet the driver starts the desired task and waits for its completion.
While polling for status updates of the task it also checks for question that
may have been triggered by the current task and handles them according to the
value of the auto_answer query parameter. If automatic question handling is
enabled the driver answers the question with the default answer and continues
polling for status updates. If automatic question handling is disabled the
driver reports an error that includes the question, tries to cancel the blocked
task and returns from the driver function.

It tries to cancel the blocked task, but this may not be possible, because
there are task like the power-on task that is marked as non-cancelable. So the
driver may leave blocked tasks behind if automatic question handling is
disabled.



Different escaping schemes used in different places
===================================================

A domain name in the vSphere API has [%/\] escaped as %XX (percent-encoding),
where XX is the ASCII code of the escaped char in hex.

A domainName entry in a VMX config file is percent-encoded and has [|"] escaped
as |XX (pipe-encoding).

A annotation entry in a VMX config file is pipe-encoded.

A datastore item name has the special Windows path characters ["*<>:|?]
replaced by underscores (_). The result is escaped using percent-encoding and
base64-encoding. This isn't a bijective encoding. Therefore, escaped datastore
item names cannot be unescaped completely.

For base64-encoding sequences of chars that don't match [a-zA-Z0-9'(),. _-]
are replaced by their base64 form (the padding is omitted). An encoded sequence
begins with a plus (+), ends with a minus (-) and can contain a plus (+). The
minus (-) is omitted if the string ends in a base64-encoded sequence. VMware
uses the comma (,) instead of the slash (/) in the base64 alphabet to avoid
conflicts with the slash as path separator.