Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Laine Stump b03d9e9593 conf: add hypervisor agnostic, domain start-time, validation function for NetDef
<interface> devices (virDomainNetDef) are a bit different from other
types of devices in that their actual type may come from a network (in
the form of a port connection), and that doesn't happen until the
domain is started. This means that any validation of an <interface> at
parse time needs to be a bit liberal in what it accepts - when
type='network', you could think that something is/isn't allowed, but
once the domain is started and a port is created by the configured
network, the opposite might be true.

To solve this problem hypervisor drivers need to do an extra
validation step when the domain is being started. I recently (commit
3cff23f7, libvirt 5.7.0) added a function to peform such validation
for all interfaces to the QEMU driver -
qemuDomainValidateActualNetDef() - but while that function is a good
single point to call for the multiple places that need to "start" an
interface (domain startup, device hotplug, device update), it can't be
called by the other hypervisor drivers, since 1) it's in the QEMU
driver, and 2) it contains some checks specific to QEMU. For
validation that applies to network devices on *all* hypervisors, we
need yet another interface validation function that can be called by
any hypervisor driver (not just QEMU) right after its network port has
been created during domain startup or hotplug. This patch adds that
function - virDomainActualNetDefValidate(), in the conf directory,
and calls it in appropriate places in the QEMU, lxc, and libxl
drivers.

This new function is the place to put all network device validation
that 1) is hypervisor agnostic, and 2) can't be done until we know the
"actual type" of an interface.

There is no framework for validation at domain startup as there is for
post-parse validation, but I don't want to create a whole elaborate
system that will only be used by one type of device. For that reason,
I just made a single function that should be called directly from the
hypervisors, when they are initializing interfaces to start a domain,
right after conditionally allocating the network port (and regardless
of whether or not that was actually needed). In the case of the QEMU
driver, qemuDomainValidateActualNetDef() is already called in all the
appropriate places, so we can just call the new function from
there. In the case of the other hypervisors, we search for
virDomainNetAllocateActualDevice() (which is the hypervisor-agnostic
function that calls virNetworkPortCreateXML()), and add the call to our
new function right after that.

The new function itself could be plunked down into many places in the
code, but we already have 3 validation functions for network devices
in 2 different places (not counting any basic validation done in
virDomainNetDefParseXML() itself):

1) post-parse hypervisor-agnostic
   (virDomainNetDefValidate() - domain_conf.c:6145)
2) post-parse hypervisor-specific
   (qemuDomainDeviceDefValidateNetwork() - qemu_domain.c:5498)
3) domain-start hypervisor-specific
   (qemuDomainValidateActualNetDef() - qemu_domain.c:5390)

I placed (3) right next to (2) when I added it, specifically to avoid
spreading validation all over the code. For the same reason, I decided
to put this new function right next to (1) - this way if someone needs
to add validation specific to qemu, they go to one location, and if
they need to add validation applying to everyone, they go to the
other. It looks a bit strange to have a public function in between a
bunch of statics, but I think it's better than the alternative of
further fragmentation. (I'm open to other ideas though, of course.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2019-11-25 15:30:05 -05:00
.ctags.d
.gnulib@1f6fb368c0 maint: Improve use of configmake.h on mingw 2019-08-19 17:04:05 -05:00
build-aux src: rewrite systemtap function generator in Python 2019-11-20 14:45:25 +00:00
ci ci: Stop using --workdir 2019-08-21 18:58:34 +02:00
docs docs: Document support for obeying <backingStore> of <disk> on input 2019-11-22 12:51:27 +01:00
examples suspend.c: remove unneeded cleanup label 2019-11-12 17:54:01 +01:00
gnulib
include/libvirt util: introduce virbpf helpers 2019-11-15 12:58:00 +01:00
m4 Drop virAsprintf() 2019-11-12 16:15:59 +01:00
po bootstrap: remove regex module 2019-11-20 13:30:55 +01:00
scripts scripts: use in even more 2019-11-22 11:40:52 +01:00
src conf: add hypervisor agnostic, domain start-time, validation function for NetDef 2019-11-25 15:30:05 -05:00
tests conf: return a const from virDomainNetGetActualVirtPortProfile 2019-11-25 15:29:56 -05:00
tools virsh: limit completion of 'domhostname' to active domains 2019-11-22 11:36:51 +01:00
.color_coded.in
.ctags
.dir-locals.el
.editorconfig Add .editorconfig 2019-09-06 12:47:46 +02:00
.gitignore src: remote: generate source files into build directory 2019-11-08 17:07:57 +01:00
.gitlab-ci.yml gitlab: Adapt to container name changes 2019-08-20 13:08:42 +02:00
.gitmodules
.gitpublish
.mailmap mailmap: Remove some duplicates 2019-06-07 13:18:08 +02:00
.travis.yml travis: add fedora-31 & fedora-rawhide to the build images 2019-11-25 10:28:04 +00:00
.ycm_extra_conf.py.in
ABOUT-NLS
AUTHORS.in
autogen.sh
bootstrap
bootstrap.conf gnulib: remove mk*temp modules 2019-11-20 13:31:21 +01:00
ChangeLog
config-post.h nss: only link to yajl library and nothing else 2019-08-07 16:54:02 +01:00
configure.ac vircgroup: introduce virCgroupV2DevicesAvailable 2019-11-15 12:58:04 +01:00
COPYING
COPYING.LESSER
gitdm.config gitdm: add 'ibm' file 2019-10-18 17:32:52 +02:00
GNUmakefile build: merge all syntax-check logic into one file 2019-10-09 13:36:54 +01:00
libvirt-admin.pc.in Add libvirt-admin library 2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in
libvirt-qemu.pc.in
libvirt.pc.in
libvirt.spec.in spec: Remove build-time list of edk2 firmwares 2019-11-15 16:49:30 -07:00
Makefile.am src: rewrite polkit ACL generator in Python 2019-11-20 14:45:25 +00:00
Makefile.nonreentrant
mingw-libvirt.spec.in build: probe for glib-2 library in configure 2019-10-14 10:54:42 +01:00
README
README-hacking build: mandate use of a build dir != src dir 2019-11-08 17:07:35 +01:00
README.md build: mandate use of a build dir != src dir 2019-11-08 17:07:35 +01:00
run.in util: activate directory override when used from library 2019-09-10 11:03:35 +01:00

Build Status CII Best Practices

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Libvirt uses the GNU Autotools build system, so in general can be built and installed with the usual commands, however, we mandate to have the build directory different than the source directory. For example, to build in a manner that is suitable for installing as root, use:

$ mkdir build && cd build
$ ../configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make
$ sudo make install

While to build & install as an unprivileged user

$ mkdir build && cd build
$ ../configure --prefix=$HOME/usr
$ make
$ make install

The libvirt code relies on a large number of 3rd party libraries. These will be detected during execution of the configure script and a summary printed which lists any missing (optional) dependencies.

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html