[libvirt] PATCH: better error checking for LOCAL_PEERCRED
I was debugging libvirt with OSX today, and got as far as finding the problem with LOCAL_PEERCRED, then googled this only to find that Ryota Ozaki had fixed the problems a few days ago! However you still may find the following patch useful. It tightens up the checking in the LOCAL_PEERCRED block, and in particular fixes the unlocking of the socket in the error return path for invalid groups, by using the same logic from SO_PEERCRED - have a 'goto cleanup' in all return paths. (Detail: I found that when getsockopt was being called with SOL_SOCKET, cr_ngroups was typically 0, probably because it was uninitialised. However once the check for this was tightened, it hung because the socket wasn't being unlocked on return. So better to (a) initialise it to a negative value anyway, and (b) fix the return path) However I have not checked that NGROUPS is defined on other BSD-like systems. You could just have if (cr.cr_ngroups = 0) instead. Regards, Brian Candler. --- src/rpc/virnetsocket.c.orig2013-10-10 22:37:49.0 +0100 +++ src/rpc/virnetsocket.c2013-10-12 22:51:57.0 +0100 @@ -1157,8 +1157,10 @@ { struct xucred cr; socklen_t cr_len = sizeof(cr); +int ret = -1; virObjectLock(sock); +cr.cr_ngroups = -1; # if defined(__APPLE__) if (getsockopt(sock-fd, SOL_LOCAL, LOCAL_PEERCRED, cr, cr_len) 0) { # else @@ -1166,20 +1168,19 @@ # endif virReportSystemError(errno, %s, _(Failed to get client socket identity)); -virObjectUnlock(sock); -return -1; +goto cleanup; } if (cr.cr_version != XUCRED_VERSION) { virReportError(VIR_ERR_SYSTEM_ERROR, %s, _(Failed to get valid client socket identity)); -return -1; +goto cleanup; } -if (cr.cr_ngroups == 0) { +if (cr.cr_ngroups = 0 || cr.cr_ngroups NGROUPS) { virReportError(VIR_ERR_SYSTEM_ERROR, %s, _(Failed to get valid client socket identity groups)); -return -1; +goto cleanup; } /* PID and process creation time are not supported on BSDs */ @@ -1188,8 +1189,11 @@ *uid = cr.cr_uid; *gid = cr.cr_gid; +ret = 0; + +cleanup: virObjectUnlock(sock); -return 0; +return ret; } #else int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED, -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Migration issue php-libvirt
Hi All I am trying to migrate offline domain on other URI but its not working due to this error Failure!Libvirt last error: Requested operation is not valid: domain is not running I tried to use this option but not working VIR_MIGRATE_OFFLINE Please anybody help me? Br. Umar -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2] rpc: Retrieve peer PID via new getsockopt() for Mac
While LOCAL_PEERCRED on the BSDs does not return the pid information of the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we should use that when its available to get that information. --- v2: * Make LOCAL_PEERPID call non-fatal in case the user built the binary on a system that supports it but then runs it on a kernel that does not support it --- src/rpc/virnetsocket.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index e8cdfa6..7126c4f 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -1195,12 +1195,29 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, return -1; } -/* PID and process creation time are not supported on BSDs */ +/* PID and process creation time are not supported on BSDs by + * LOCAL_PEERCRED. + */ *pid = -1; *timestamp = -1; *uid = cr.cr_uid; *gid = cr.cr_gid; +# ifdef LOCAL_PEERPID +/* Exists on Mac OS X 10.8 for retrieving the peer's PID */ +cr_len = sizeof(*pid); + +if (getsockopt(sock-fd, VIR_SOL_PEERCRED, LOCAL_PEERPID, pid, cr_len) 0) { +virReportSystemError(errno, %s, + _(Failed to get client socket PID)); +/* Don't treat this as fatal, but do set the value to something sane + * in case the user built this on a system that has LOCAL_PEERPID + * defined but the kernel does not actually support it. + */ +*pid = -1; +} +# endif + virObjectUnlock(sock); return 0; } -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/3] Fix exit status of lxc controller
Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com -Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Daniel P. Berrange Sent: Saturday, October 12, 2013 12:54 AM To: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/3] Fix exit status of lxc controller From: Daniel P. Berrange berra...@redhat.com The LXC controller main() method initialized 'rc' to 1 rather than '-1'. In the cleanup path it will print any error to stderr, if-and-only-if rc 0. Hence the incorrect initialization caused errors to be lost. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/lxc/lxc_controller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index b881f17..1c6aed6 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -2230,7 +2230,7 @@ cleanup: int main(int argc, char *argv[]) { pid_t pid; -int rc = 1; +int rc = -1; char *name = NULL; size_t nveths = 0; char **veths = NULL; -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller
This would be far more convenient than checking logs. Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com -Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Daniel P. Berrange Sent: Saturday, October 12, 2013 12:54 AM To: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller From: Daniel P. Berrange berra...@redhat.com The LXC code would read the log file if an LXC guest failed to startup. There were a number of failure cases where the guest will not start and libvirtd never gets as far as looking at the log file. Fix this by replacing some earlier generic errors with messages from the log. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/lxc/lxc_process.c | 31 +-- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index d07ff13..840e138 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -980,6 +980,7 @@ int virLXCProcessStart(virConnectPtr conn, virErrorPtr err = NULL; virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver); virCgroupPtr selfcgroup; +int status; if (virCgroupNewSelf(selfcgroup) 0) return -1; @@ -1182,9 +1183,18 @@ int virLXCProcessStart(virConnectPtr conn, VIR_WARN(Unable to seek to end of logfile: %s, virStrerror(errno, ebuf, sizeof(ebuf))); -if (virCommandRun(cmd, NULL) 0) +if (virCommandRun(cmd, status) 0) goto cleanup; +if (status != 0) { +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) = 0) +snprintf(ebuf, sizeof(ebuf), unexpected exit status %d, status); +virReportError(VIR_ERR_INTERNAL_ERROR, + _(guest failed to start: %s), ebuf); +goto cleanup; +} + + if (VIR_CLOSE(handshakefds[1]) 0) { virReportSystemError(errno, %s, _(could not close handshake fd)); goto cleanup; @@ -1193,16 +1203,25 @@ int virLXCProcessStart(virConnectPtr conn, /* Connect to the controller as a client *first* because * this will block until the child has written their * pid file out to disk created their cgroup */ -if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) +if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) { +VIR_ERROR(Here); +/* Intentionally overwrite the real monitor error message, + * since a better one is almost always found in the logs + */ +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) 0) { +VIR_ERROR(tHere); +virResetLastError(); +virReportError(VIR_ERR_INTERNAL_ERROR, + _(guest failed to start: %s), ebuf); +} goto cleanup; +} /* And get its pid */ if ((r = virPidFileRead(cfg-stateDir, vm-def-name, vm-pid)) 0) { -char out[1024]; - -if (virLXCProcessReadLogOutput(vm, logfile, pos, out, 1024) 0) +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) 0) virReportError(VIR_ERR_INTERNAL_ERROR, - _(guest failed to start: %s), out); + _(guest failed to start: %s), ebuf); else virReportSystemError(-r, _(Failed to read pid file %s/%s.pid), -- 1.8.3.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/3] Improve error reporting with LXC controller
On 11.10.2013 18:53, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The LXC code would read the log file if an LXC guest failed to startup. There were a number of failure cases where the guest will not start and libvirtd never gets as far as looking at the log file. Fix this by replacing some earlier generic errors with messages from the log. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/lxc/lxc_process.c | 31 +-- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index d07ff13..840e138 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -980,6 +980,7 @@ int virLXCProcessStart(virConnectPtr conn, virErrorPtr err = NULL; virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver); virCgroupPtr selfcgroup; +int status; if (virCgroupNewSelf(selfcgroup) 0) return -1; @@ -1182,9 +1183,18 @@ int virLXCProcessStart(virConnectPtr conn, VIR_WARN(Unable to seek to end of logfile: %s, virStrerror(errno, ebuf, sizeof(ebuf))); -if (virCommandRun(cmd, NULL) 0) +if (virCommandRun(cmd, status) 0) goto cleanup; +if (status != 0) { +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) = 0) +snprintf(ebuf, sizeof(ebuf), unexpected exit status %d, status); +virReportError(VIR_ERR_INTERNAL_ERROR, + _(guest failed to start: %s), ebuf); +goto cleanup; +} + + if (VIR_CLOSE(handshakefds[1]) 0) { virReportSystemError(errno, %s, _(could not close handshake fd)); goto cleanup; @@ -1193,16 +1203,25 @@ int virLXCProcessStart(virConnectPtr conn, /* Connect to the controller as a client *first* because * this will block until the child has written their * pid file out to disk created their cgroup */ -if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) +if (!(priv-monitor = virLXCProcessConnectMonitor(driver, vm))) { +VIR_ERROR(Here); You probably don't want this line ^^ +/* Intentionally overwrite the real monitor error message, + * since a better one is almost always found in the logs + */ +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) 0) { +VIR_ERROR(tHere); Nor this one ^^. +virResetLastError(); +virReportError(VIR_ERR_INTERNAL_ERROR, + _(guest failed to start: %s), ebuf); +} goto cleanup; +} /* And get its pid */ if ((r = virPidFileRead(cfg-stateDir, vm-def-name, vm-pid)) 0) { -char out[1024]; - -if (virLXCProcessReadLogOutput(vm, logfile, pos, out, 1024) 0) +if (virLXCProcessReadLogOutput(vm, logfile, pos, ebuf, sizeof(ebuf)) 0) virReportError(VIR_ERR_INTERNAL_ERROR, - _(guest failed to start: %s), out); + _(guest failed to start: %s), ebuf); else virReportSystemError(-r, _(Failed to read pid file %s/%s.pid), Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list