Re: [libvirt] [PATCH] rbd: Use RBD format 2 by default when creating images.
On 07/14/2015 12:42 PM, John Ferlan wrote:
On 07/14/2015 04:15 AM, Wido den Hollander wrote:
We used to look at the librbd code version and depending on that
we would invoke rbd_create3() or rbd_create().
Since librbd version 0.67.9 we can however tell RBD that it should
create rbd format 2 images even if we invoke rbd_create().
The less options we pass to librbd, the more we can lean on the sane
defaults it uses.
For rbd_create3() we had things like the stripe count and unit hardcoded
in libvirt and that might cause problems down the road.
Hardcoding the feature bits is even worse. I think this is the right
approach.
Signed-off-by: Wido den Hollander w...@widodh.nl
---
src/storage/storage_backend_rbd.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/storage/storage_backend_rbd.c
b/src/storage/storage_backend_rbd.c
index 8e8d7a7..936ad18 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -66,6 +66,7 @@ static int
virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
const char *client_mount_timeout = 30;
const char *mon_op_timeout = 30;
const char *osd_op_timeout = 30;
+const char *rbd_default_format = 2;
if (authdef) {
VIR_DEBUG(Using cephx authorization, username: %s,
authdef-username);
@@ -211,6 +212,14 @@ static int
virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
VIR_DEBUG(Setting RADOS option rados_osd_op_timeout to %s,
osd_op_timeout);
rados_conf_set(ptr-cluster, rados_osd_op_timeout, osd_op_timeout);
+/*
+ * Librbd supports creating RBD format 2 images. We no longer have to
invoke
+ * rbd_create3(), we can tell librbd to default to format 2.
+ * This leaves us to simply use rbd_create() and use the default behavior
of librbd
+ */
+VIR_DEBUG(Setting RADOS option rbd_default_format to %s,
rbd_default_format);
+rados_conf_set(ptr-cluster, rbd_default_format, rbd_default_format);
+
I assume (from above) 0.67.9 is the first time this option is recognized?
It's recognized in the bobtail (since 0.56.7) and cuttlefish (since
0.61.3) series as well. It was actually in all the dumpling (0.67.x)
releases.
ptr-starttime = time(0);
r = rados_connect(ptr-cluster);
if (r 0) {
@@ -475,16 +484,7 @@ static int virStorageBackendRBDCreateImage(rados_ioctx_t
io,
char *name, long capacity)
{
int order = 0;
-#if LIBRBD_VERSION_CODE 260
-uint64_t features = 3;
-uint64_t stripe_count = 1;
-uint64_t stripe_unit = 4194304;
-
-if (rbd_create3(io, name, capacity, features, order,
-stripe_unit, stripe_count) 0) {
-#else
if (rbd_create(io, name, capacity, order) 0) {
-#endif
Not quite my area of expertise, but since this was a build time
check/change wouldn't this then impose a certain minimum version of rbd
on the libvirt package build/install environment (eg librbd1-devel)?
That is - if this were applied and installed on some host that didn't
have at least 0.67.9, then what would happen? Or one with less than 0.56?
The build time check was for the rbd_create3() function. This patch
removes that usage, and relies on the rbd_default* ceph options
which have no build time requirement.
At runtime a non-existent option will return ENOENT, which isn't checked
in this patch. I think that's fine, especially since dumpling (0.67.x)
is no longer maintained [1].
Just trying to prevent some less than obvious issue because some build
environment doesn't have the latest and greatest librbd.h installed
I'm glad you're vigilant about these, they're important. In this case
the patch looks good to me:
Reviewed-by: Josh Durgin jdur...@redhat.com
[1] http://ceph.com/docs/master/releases/
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Using external ceph.conf for RBD pools and disks
On 11/01/2013 07:42 AM, Eric Blake wrote: On 11/01/2013 08:31 AM, Michael Chapman wrote: As I mentioned before, without that QEMU will implicitly try to find a system ceph.conf file using a built-in librados search path. Would this actually be backwards-incompatible change given it was never documented by libvirt? The old behavior is broken, so we can bill this as a bug fix (previously, qemu would behave differently than what the XML defined, which is not supposed to happen) rather than a backwards-incompatible change. Can you propose a patch in time for inclusion in 1.1.4? This will break OpenStack's usage of libvirt + rbd in Grizzly and earlier releases, which relied on loading ceph.conf for the monitor addresses. This is fixed in OpenStack Havana, but I wanted to note that applications are relying on this behavior. Passing conf=/dev/null removes the last remaining way of specifying arbitrary ceph options for rbd devices, which is backwards-incompatible in some setups even with well-behaved applications. In general it may break setups using non-default options that libvirt is not aware of. For example, ceph has an option to require messages to be signed. This is off by default for backwards compatibility with older ceph clients, but it can be enabled for qemu right now by adding an option to /etc/ceph/ceph.conf. If libvirt passes conf=/dev/null, guests are less secure since they may get their data from an untrusted source that does not sign messages. Ceph is a fast-moving complex project, and there are many options (and will be more in the future) that affect security, performance tuning, run-time introspection, logging, etc. I don't think libvirt should remove the ability to configure these settings without having a way to add them via xml. It doesn't seem feasible to make libvirt (and all applications using it) aware of all existing and new options, especially since many of them are quite ceph-specific. Instead, I'd like to propose a mechanism for passing through generic key/value pairs to configure block devices. Concretely, this could be something like: disk type='network' driver name='qemu' type='raw' cache='writeback'/ source protocol='rbd' name='pool/image' host name='mon1.example.org'/ option name=cephx require signatures value=true/ option name=rbd cache size value=131768/ option name=rbd cache max dirty value=131768/ option name=rbd cache max dirty age value=1.5/ option name=rbd balance snap reads value=true/ option name=debug ms value=0/0/ option name=debug auth value=0/0/ option name=debug rados value=0/0/ /source /disk I don't care about the particular format, just that there's a way to set these kinds of settings. It's much easier for users of libvirt and ceph if these are treated as opaque strings by libvirt, since they can ugrade ceph and use new options without upgrading libvirt and any applications using it as well. I'm happy to provide patches if this approach is acceptable. Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] libvirt and Parallels Cloud Storage
On 02/08/2013 06:47 AM, Alexander Gordeev wrote: В Thu, 7 Feb 2013 16:09:31 + Daniel P. Berrange berra...@redhat.com пишет: On Mon, Feb 04, 2013 at 08:13:20PM +0400, Alexander Gordeev wrote: Hi! I'd like to develop libvirt integration with Parallels Cloud Storage (Pstorage) which is a new distributed file system from Parallels designed specifically for storing VM images: http://www.parallels.com/products/pcs/cloud-storage/ Yay, yet another filesystem :-( Everyone seems to think they need to write their own custom network/cluster/cloud FUSE filesystem these days. Do you think Parallels would invest many man-years of development if we could just take existing solutions? :) It offers some unique combination of features: strong consistency, replication, high-availability. Also it's very fast. Let's compare: These are all incorrect afaik: 1. CEPH uses BTRFS which is not considered stable yet. btrfs isn't required, xfs is actually recommended, and ext4 works fine too. btrfs just happens to be more efficient for some workloads. 2. Sheepdog has only synchronous writes and poor performance. sheepdog certainly has aio in their qemu driver, which is the main interface. It also isn't a distributed filesystem, it's just block storage. 3. Glusterfs doesn't offer strong consistency. Strong consistency is required for real filesystems (NTFS, ext3/4, ...) because that's what HDDs offer. I'm pretty sure glusterfs is supposed to be strongly consistent, although I haven't tested it myself. Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: escape ipv6 for rbd network disk hosts
On 01/23/2013 08:20 PM, Osier Yang wrote:
On 2013年01月24日 10:15, Josh Durgin wrote:
Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
so they are often referenced by IP rather than hostname for
convenience, or to avoid relying on DNS. Using IPv4 addresses as the
host name works already, but IPv6 addresses require rbd-specific
escaping because the colon is used as an option separator in the
string passed to qemu.
Escape these colons, and enclose the IPv6 address in square brackets
if a port is specified.
Actually the IPv6 address is always enclosed in the code.
Indeed.
Signed-off-by: Josh Durginjosh.dur...@inktank.com
---
docs/schemas/domaincommon.rng |5 ++-
src/qemu/qemu_command.c| 34
+++
tests/qemuargv2xmltest.c |1 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.args |9 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.xml | 36
tests/qemuxml2argvtest.c |2 +
6 files changed, 79 insertions(+), 8 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.xml
diff --git a/docs/schemas/domaincommon.rng
b/docs/schemas/domaincommon.rng
index 7f3320e..273e54c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1099,7 +1099,10 @@
/attribute
/optional
attribute name=name
-ref name=dnsName/
+choice
+ref name=dnsName/
+ref name=ipAddr/
+/choice
/attribute
attribute name=port
ref name=unsignedInt/
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 02fe015..dfc042b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -34,6 +34,7 @@
#include virerror.h
#include virutil.h
#include virfile.h
+#include virstring.h
#include viruuid.h
#include c-ctype.h
#include domain_nwfilter.h
@@ -1937,13 +1938,16 @@ qemuBuildRBDString(virConnectPtr conn,
if (i) {
virBufferAddLit(opt, \\;);
}
-if (disk-hosts[i].port) {
-virBufferAsprintf(opt, %s\\:%s,
- disk-hosts[i].name,
- disk-hosts[i].port);
+
+/* assume host containing : is ipv6 */
+if (strchr(disk-hosts[i].name, ':')) {
+virBufferEscape(opt, '\\', :, [%s],
disk-hosts[i].name);
} else {
virBufferAsprintf(opt, %s, disk-hosts[i].name);
}
+if (disk-hosts[i].port) {
+virBufferAsprintf(opt, \\:%s, disk-hosts[i].port);
+}
}
}
@@ -1961,15 +1965,26 @@ error:
static int qemuAddRBDHost(virDomainDiskDefPtr disk, char *hostport)
{
char *port;
+size_t skip;
+char **parts;
disk-nhosts++;
if (VIR_REALLOC_N(disk-hosts, disk-nhosts) 0)
goto no_memory;
-port = strstr(hostport, \\:);
+if (strchr(hostport, ']')) {
+/* ipv6, strip brackets */1 / 384 =
+hostport += 1;
+port = strstr(hostport, ]\\:);
This can be simplified as (no need to get the same address
twice):
if ((port = strchr(hostport, ']'))) {
hostport += 1;
skip = 3;
} else {
...
}
Others looks pretty neat. ACK.
Good point, I'd forgotten that the port is mandatory when a name is
specified. Sending a v2.
Thanks!
Josh
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2] qemu: escape ipv6 for rbd network disk hosts
Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
so they are often referenced by IP rather than hostname for
convenience, or to avoid relying on DNS. Using IPv4 addresses as the
host name works already, but IPv6 addresses require rbd-specific
escaping because the colon is used as an option separator in the
string passed to qemu.
Escape these colons, and enclose the IPv6 address in square brackets
so it is distinguished from the port, which is currently mandatory.
Acked-by: Osier Yang jy...@redhat.com
Signed-off-by: Josh Durgin josh.dur...@inktank.com
---
Since v1, in response to Osier's review:
- corrected commit message
- eliminated extra call to strstr() in qemuAddRBDHost
docs/schemas/domaincommon.rng |5 ++-
src/qemu/qemu_command.c| 33 ++
tests/qemuargv2xmltest.c |1 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.args |9 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.xml | 36
tests/qemuxml2argvtest.c |2 +
6 files changed, 78 insertions(+), 8 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.xml
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7f3320e..273e54c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1099,7 +1099,10 @@
/attribute
/optional
attribute name=name
- ref name=dnsName/
+ choice
+ref name=dnsName/
+ref name=ipAddr/
+ /choice
/attribute
attribute name=port
ref name=unsignedInt/
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 02fe015..f6273c1 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -34,6 +34,7 @@
#include virerror.h
#include virutil.h
#include virfile.h
+#include virstring.h
#include viruuid.h
#include c-ctype.h
#include domain_nwfilter.h
@@ -1937,13 +1938,16 @@ qemuBuildRBDString(virConnectPtr conn,
if (i) {
virBufferAddLit(opt, \\;);
}
-if (disk-hosts[i].port) {
-virBufferAsprintf(opt, %s\\:%s,
- disk-hosts[i].name,
- disk-hosts[i].port);
+
+/* assume host containing : is ipv6 */
+if (strchr(disk-hosts[i].name, ':')) {
+virBufferEscape(opt, '\\', :, [%s], disk-hosts[i].name);
} else {
virBufferAsprintf(opt, %s, disk-hosts[i].name);
}
+if (disk-hosts[i].port) {
+virBufferAsprintf(opt, \\:%s, disk-hosts[i].port);
+}
}
}
@@ -1961,15 +1965,25 @@ error:
static int qemuAddRBDHost(virDomainDiskDefPtr disk, char *hostport)
{
char *port;
+size_t skip;
+char **parts;
disk-nhosts++;
if (VIR_REALLOC_N(disk-hosts, disk-nhosts) 0)
goto no_memory;
-port = strstr(hostport, \\:);
+if ((port = strchr(hostport, ']'))) {
+/* ipv6, strip brackets */
+hostport += 1;
+skip = 3;
+} else {
+port = strstr(hostport, \\:);
+skip = 2;
+}
+
if (port) {
*port = '\0';
-port += 2;
+port += skip;
disk-hosts[disk-nhosts-1].port = strdup(port);
if (!disk-hosts[disk-nhosts-1].port)
goto no_memory;
@@ -1978,7 +1992,12 @@ static int qemuAddRBDHost(virDomainDiskDefPtr disk, char
*hostport)
if (!disk-hosts[disk-nhosts-1].port)
goto no_memory;
}
-disk-hosts[disk-nhosts-1].name = strdup(hostport);
+
+parts = virStringSplit(hostport, \\:, 0);
+if (!parts)
+goto no_memory;
+disk-hosts[disk-nhosts-1].name = virStringJoin((const char **)parts,
:);
+virStringFreeList(parts);
if (!disk-hosts[disk-nhosts-1].name)
goto no_memory;
diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c
index 2923324..e465f3d 100644
--- a/tests/qemuargv2xmltest.c
+++ b/tests/qemuargv2xmltest.c
@@ -185,6 +185,7 @@ mymain(void)
DO_TEST(disk-drive-network-nbd);
DO_TEST(disk-drive-network-gluster);
DO_TEST(disk-drive-network-rbd);
+DO_TEST(disk-drive-network-rbd-ipv6);
/* older format using CEPH_ARGS env var */
DO_TEST(disk-drive-network-rbd-ceph-env);
DO_TEST(disk-drive-network-sheepdog);
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
new file mode 100644
index 000..0c67229
--- /dev
[libvirt] [PATCH] qemu: escape ipv6 for rbd network disk hosts
Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
so they are often referenced by IP rather than hostname for
convenience, or to avoid relying on DNS. Using IPv4 addresses as the
host name works already, but IPv6 addresses require rbd-specific
escaping because the colon is used as an option separator in the
string passed to qemu.
Escape these colons, and enclose the IPv6 address in square brackets
if a port is specified.
Signed-off-by: Josh Durgin josh.dur...@inktank.com
---
docs/schemas/domaincommon.rng |5 ++-
src/qemu/qemu_command.c| 34 +++
tests/qemuargv2xmltest.c |1 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.args |9 +
.../qemuxml2argv-disk-drive-network-rbd-ipv6.xml | 36
tests/qemuxml2argvtest.c |2 +
6 files changed, 79 insertions(+), 8 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.xml
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7f3320e..273e54c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1099,7 +1099,10 @@
/attribute
/optional
attribute name=name
- ref name=dnsName/
+ choice
+ref name=dnsName/
+ref name=ipAddr/
+ /choice
/attribute
attribute name=port
ref name=unsignedInt/
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 02fe015..dfc042b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -34,6 +34,7 @@
#include virerror.h
#include virutil.h
#include virfile.h
+#include virstring.h
#include viruuid.h
#include c-ctype.h
#include domain_nwfilter.h
@@ -1937,13 +1938,16 @@ qemuBuildRBDString(virConnectPtr conn,
if (i) {
virBufferAddLit(opt, \\;);
}
-if (disk-hosts[i].port) {
-virBufferAsprintf(opt, %s\\:%s,
- disk-hosts[i].name,
- disk-hosts[i].port);
+
+/* assume host containing : is ipv6 */
+if (strchr(disk-hosts[i].name, ':')) {
+virBufferEscape(opt, '\\', :, [%s], disk-hosts[i].name);
} else {
virBufferAsprintf(opt, %s, disk-hosts[i].name);
}
+if (disk-hosts[i].port) {
+virBufferAsprintf(opt, \\:%s, disk-hosts[i].port);
+}
}
}
@@ -1961,15 +1965,26 @@ error:
static int qemuAddRBDHost(virDomainDiskDefPtr disk, char *hostport)
{
char *port;
+size_t skip;
+char **parts;
disk-nhosts++;
if (VIR_REALLOC_N(disk-hosts, disk-nhosts) 0)
goto no_memory;
-port = strstr(hostport, \\:);
+if (strchr(hostport, ']')) {
+/* ipv6, strip brackets */
+hostport += 1;
+port = strstr(hostport, ]\\:);
+skip = 3;
+} else {
+port = strstr(hostport, \\:);
+skip = 2;
+}
+
if (port) {
*port = '\0';
-port += 2;
+port += skip;
disk-hosts[disk-nhosts-1].port = strdup(port);
if (!disk-hosts[disk-nhosts-1].port)
goto no_memory;
@@ -1978,7 +1993,12 @@ static int qemuAddRBDHost(virDomainDiskDefPtr disk, char
*hostport)
if (!disk-hosts[disk-nhosts-1].port)
goto no_memory;
}
-disk-hosts[disk-nhosts-1].name = strdup(hostport);
+
+parts = virStringSplit(hostport, \\:, 0);
+if (!parts)
+goto no_memory;
+disk-hosts[disk-nhosts-1].name = virStringJoin((const char **)parts,
:);
+virStringFreeList(parts);
if (!disk-hosts[disk-nhosts-1].name)
goto no_memory;
diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c
index 2923324..e465f3d 100644
--- a/tests/qemuargv2xmltest.c
+++ b/tests/qemuargv2xmltest.c
@@ -185,6 +185,7 @@ mymain(void)
DO_TEST(disk-drive-network-nbd);
DO_TEST(disk-drive-network-gluster);
DO_TEST(disk-drive-network-rbd);
+DO_TEST(disk-drive-network-rbd-ipv6);
/* older format using CEPH_ARGS env var */
DO_TEST(disk-drive-network-rbd-ceph-env);
DO_TEST(disk-drive-network-sheepdog);
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
new file mode 100644
index 000..0c67229
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ipv6.args
@@ -0,0 +1,9 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
+/usr/bin/qemu
Re: [libvirt] how to enable ceph-rbd in libvirt.
On 2012-10-13 10:49, libv...@163.com wrote: hahha, you are right. my qemu-kvm is installed from yum.repo ,not compiled by me. i always think qemu-kvm and qemu-system-x86_64 are not the same thing. actully they are the same thing. i replace /usr/libexec/qemu-kvm with my qemu-system-x86_64,now it works. i have a question. what the difference between qemu.git and qemu-kvm.git? any one is ok for kvm? There's little difference these days. This wiki page summarizes the differences as of last May: http://wiki.qemu.org/KVM#qemu-kvm_fork_for_x86 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] how to enable ceph-rbd in libvirt.
It sounds like the qemu binary that libvirt is using isn't one compiled with rbd support. You can check by running: qemu-kvm -drive format=? rbd should appear in the list of supported formats. Josh On 10/13/2012 01:20 AM, yue wrote: i try your proposal. but there are no any output in qemu-rbd.log. selinux has been disabled(then reboot my OS). i do not know apparmor. my OS has no rpm of apparmor. my os is centps-6.2. 2.6.32-220.el6.x86_64. 1.would you give me the options of libvirt configure. i rebuild it. 2.if there a other way to confirm whether libvirt support rbd.other way to find root cause. thanks. rbd disk disk type='network' device='disk' driver name='qemu' type='raw' cache='writethrough' io='native'/ auth username='admin' secret type='ceph' uuid='7a91dc24-b072-43c4-98fb-4b2415322b0f'/ /auth source protocol='rbd' name='cloud/testrbd:debug_ms=1:debug_rbd=20:debug_monc=20:debug_auth=20:log_file=/tmp/qemu-rbd.log' host name='192.168.10.4' port='6789'/ /source target dev='vda' bus='virtio'/ address type='pci' domain='0x' bus='0x00' slot='0x06' function='0x0'/ /disk At 2012-10-12 15:06:45,Josh Durgin josh.dur...@inktank.com wrote: Sorry, I forgot libvirt/qemu eats stderr. The extra logging wasn't captured. Could you try: name='cloud/testrbd:debug_ms=1:debug_rbd=20:debug_monc=10:log_file=/tmp/qemu-rbd.log' If /tmp/qemu-rbd.log isn't full of debug messages, make sure selinux or apparmor aren't preventing qemu from writing to it. Josh On 2012-10-11 22:31, yue wrote: hi, i add debug options related to rbd in xpSP3.xml. but error seems same with privious. libvirtd.log-- erfaces 2012-10-12 13:25:28.267+: 9023: error : virNodeNumOfDevices:13984 : this function is not supported by the connection driver: virNodeNumOfDevices 2012-10-12 13:25:29.264+: 9025: error : virConnectNumOfInterfaces:11014 : this function is not supported by the connection driver: virConnectNumOfInterfaces 2012-10-12 13:25:29.266+: 9023: error : virConnectNumOfDefinedInterfaces:11098 : this function is not supported by the connection driver: virConnectNumOfDefinedInterfaces 2012-10-12 13:25:29.267+: 9022: error : virNodeNumOfDevices:13984 : this function is not supported by the connection driver: virNodeNumOfDevices 2012-10-12 13:25:30.264+: 9025: error : virConnectNumOfInterfaces:11014 : this f unction is not supported by the connection driver: virConnectNumOfInterfaces 2012-10-12 13:25:30.267+: 9023: error : virConnectNumOfDefinedInterfaces:11098 : this function is not supported by the connection driver: virConnectNumOfDefinedInterfaces 2012-10-12 13:25:30.269+: 9022: error : virNodeNumOfDevices:13984 : this function is not supported by the connection driver: virNodeNumOfDevices 2012-10-12 13:25:30.523+: 9021: warning : qemuDomainObjTaint:1364 : Domain id=1 name='xpSP3' uuid=b45bd66a-6700-4905-c5f4-4c799413d7b7 is tainted: high-privileges 2012-10-12 13:25:30.943+: 9021: error : qemuMonitorOpenUnix:293 : failed to connect to monitor socket: No such process 2012-10-12 13:25:30.943+: 9021: info : qemuConnectMonitor:1247 : Failed to connect monitor for xpSP3 2012-10-12 13:25:30.943+: 9021: error : qemuProcessWaitForMonitor:1634 : internal error process exited while connecting to monitor: char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2:id=admin:key=AQCp1GFQMMOrCxAAEb4jxgUF9BuSBkQIigFi/Q==:auth_supported=cephx;none:mon_host=192.168.10.4:6789,if=none,id=drive-virtio-disk0,format=raw,cache=writethrough,aio=native: could not open disk image rbd:cloud/testrbd:debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2:id=admin:key=AQCp1GFQMMOrCxAAEb4jxgUF9BuSBkQIigFi/Q==:auth_supported=cephx;none:mon_host=192.168.10.4:6789: No such file or directory -xpSP3.log---is attached.--- 2012-10-12 13:11:33.133+: starting up LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name xpSP3 -S -M rhel6.2.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -uuid b45bd66a-6700-4905-c5f4-4c799413d7b7 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/ qemu/xpSP3.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=localtime,driftfix=slew -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/xpSP3.img,if=none,id=drive-ide0-0-0,format=raw,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=rbd:cloud/testrbd:debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2:id=admin:key=AQCp1GFQMMOrCxAAEb4jxgUF9BuSBkQIigFi/Q==:auth_supported=cephx;none:mon_host=192.168.10.4:6789,if=none,id=drive-virtio-disk0,format=raw,cache=writethrough,aio=native -device virtio-blk
Re: [libvirt] how to enable ceph-rbd in libvirt.
: qemuProcessHook:2626 : Setting up security labelling 2012-10-12 13:11:33.157+: 7818: debug : virGetUserIDByName:2539 : User record for user '0' does not exist 2012-10-12 13:11:33.157+: 7818: debug : virGetGroupIDByName:2621 : Group record for group '0' does not exist 2012-10-12 13:11:33.157+: 7818: debug : virSecurityDACSetProcessLabel:861 : Dropping privileges of DEF to 0:0 2012-10-12 13:11:33.157+: 7818: debug : qemuProcessHook:2633 : Hook complete ret=0 2012-10-12 13:11:33.157+: 7818: debug : virCommandHook:2060 : Done hook 0 2012-10-12 13:11:33.157+: 7818: debug : virCommandHook:2074 : Notifying parent for handshake start on 21 2012-10-12 13:11:33.157+: 7818: debug : virCommandHook:2098 : Waiting on parent for handshake complete on 22 2012-10-12 13:11:33.157+0 000: 7818: debug : virFileClose:72 : Closed fd 21 2012-10-12 13:11:33.157+: 7818: debug : virFileClose:72 : Closed fd 22 2012-10-12 13:11:33.157+: 7818: debug : virCommandHook:2119 : Hook is done 0 char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2:id=admin:key=AQCp1GFQMMOrCxAAEb4jxgUF9BuSBkQIigFi/Q==:auth_supported=cephx;none:mon_host=192.168.10.4:6789,if=none,id=drive-virtio-disk0,format=raw,cache=writethrough,aio=native: could not open disk image rbd:cloud/testrbd:debug_rbd=20:debug_monc=20:debug_auth=20:log_to_stderr=2:id=admin:key=AQCp1GFQMMOrCxAAEb4jxgUF9BuSBkQIigFi/Q==:auth_supported=cephx;none:mon_host=192.168.10.4:6789: No such file or directory 2012-10-12 13:11:33.557+: shutting down At 2012-10-12 00:04:19,Josh Durgi n josh.dur...@inktank.com wrote: On 10/11/2012 12:00 AM, yue wrote: how should i do? i configurate guest-os.xml ,add rbd disk manually. then virsh start xpSP3 That's the right way to do it. ---rbd disk disk type='network' device='disk' driver name='qemu' type='raw' cache='writethrough' io='native'/ auth username='cloud' secret type='ceph' uuid='7a91dc24-b072-43c4-98fb-4b2415322b0f'/ /auth source protocol='rbd' name='cloud/testrbd' host name='192.168.10.4' port='6789'/ /source target dev='vdb' bus='virtio'/ address type='pci' domain='0x' bus='0x00' slot='0x06' function='0x0'/ /disk ---error log--- [root@KVM-ip11 git]# virsh start xpSP3 error: Failed to start domain xpSP3 error: internal error process exited while connecting to monitor: char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx;none:mon_host=192.168.10.4:6789,if=none,id=drive-virtio-disk1,format=raw,cache=writethrough,aio=native: could not open disk image rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx;none:mon_host=192.168.10.4:6789: No such file or directory ---xpSP3.log- 2012-10-11 14:57:58.118+: starting up LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name xpSP3 -S -M rhel6.2.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -uuid b45bd66a-6700-4905-c5f4-4c799413d7b7 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/xpSP3.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=localtime,driftfix=slew -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/xpSP3.img,if=none,id=drive-ide0-0-0,format=raw,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx;none:mon_host=192.168.10.4:6789, if=none,id=drive-virtio-disk1,format=raw -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1 -netdev tap,fd=19,id=hostnet0 -device e1000,netdev! =hostnet0,id=net0,mac=52:54:00:2a:8c:48,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga std -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 Domain id=3 is tainted: high-privileges char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx;none:mon_host=192.168.10.4:6789,if=none,id=drive-virtio-disk1,format=raw: could not open disk image rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx;none:mon_host=192.168.10.4:6789: No such file or directory 2012-10-11 14:57:58.548+: shutting down It's unclear where the actual problem is - could you try again with name='cloud/testrbd:debug_ms=1:debug_rbd=20:debug_monc=10:log_to_stderr=true' and post the instance log (i.e. xpSP3.log)? Josh At 2012-10-11 14:48:43,Josh
Re: [libvirt] how to enable ceph-rbd in libvirt.
On 10/10/2012 10:52 PM, yue wrote: hi, now i rebuild libvirtd, version 0.10.2. and define ceph secret ,define ceph storage-pool. all fine up to now. i operate guest-os through virt-manager-GUI . i add a rbd-file(qemu-img create before) from ceph-rbd-pool, click 'finish',it pop error NoneType object has no attribute startswith, someone say it is python error. python-virtinst (and thus virt-manager) don't support the rbd storage pool. They don't know how to configure rbd disks yet either. Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] how to enable ceph-rbd in libvirt.
On 10/11/2012 12:00 AM, yue wrote: how should i do? i configurate guest-os.xml ,add rbd disk manually. then virsh start xpSP3 That's the right way to do it. ---rbd disk disk type='network' device='disk' driver name='qemu' type='raw' cache='writethrough' io='native'/ auth username='cloud' secret type='ceph' uuid='7a91dc24-b072-43c4-98fb-4b2415322b0f'/ /auth source protocol='rbd' name='cloud/testrbd' host name='192.168.10.4' port='6789'/ /source target dev='vdb' bus='virtio'/ address type='pci' domain='0x' bus='0x00' slot='0x06' function='0x0'/ /disk ---error log--- [root@KVM-ip11 git]# virsh start xpSP3 error: Failed to start domain xpSP3 error: internal error process exited while connecting to monitor: char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx\;none:mon_host=192.168.10.4\:6789,if=none,id=drive-virtio-disk1,format=raw,cache=writethrough,aio=native: could not open disk image rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx\;none:mon_host=192.168.10.4\:6789: No such file or directory ---xpSP3.log- 2012-10-11 14:57:58.118+: starting up LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name xpSP3 -S -M rhel6.2.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -uuid b45bd66a-6700-4905-c5f4-4c799413d7b7 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/xpSP3.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=localtime,driftfix=slew -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/xpSP3.img,if=none,id=drive-ide0-0-0,format=raw,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx\;none:mon_host=192.168.10.4\:6789,if=none,id=drive-virtio-disk1,format=raw -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1 -netdev tap,fd=19,id=hostnet0 -device e1000,netd! ev! =hostnet0,id=net0,mac=52:54:00:2a:8c:48,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga std -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 Domain id=3 is tainted: high-privileges char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx\;none:mon_host=192.168.10.4\:6789,if=none,id=drive-virtio-disk1,format=raw: could not open disk image rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx\;none:mon_host=192.168.10.4\:6789: No such file or directory 2012-10-11 14:57:58.548+: shutting down It's unclear where the actual problem is - could you try again with name='cloud/testrbd:debug_ms=1:debug_rbd=20:debug_monc=10:log_to_stderr=true' and post the instance log (i.e. xpSP3.log)? Josh At 2012-10-11 14:48:43,Josh Durgin josh.dur...@inktank.com wrote: On 10/10/2012 10:52 PM, yue wrote: hi, now i rebuild libvirtd, version 0.10.2. and define ceph secret ,define ceph storage-pool. all fine up to now. i operate guest-os through virt-manager-GUI . i add a rbd-file(qemu-img create before) from ceph-rbd-pool, click 'finish',it pop error NoneType object has no attribute startswith, someone say it is python error. python-virtinst (and thus virt-manager) don't support the rbd storage pool. They don't know how to configure rbd disks yet either. Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] how to enable ceph-rbd in libvirt.
On 10/10/2012 07:52 PM, yue wrote: 1.my libvirtd version is 0.9.10. i rebuild qemu with --enable-rbd. it seems not work if guest-os has a rbd disk. -rbd disk info disk type='network' device='disk' driver name='qemu' type='raw'/ auth username='cloud' secret type='ceph' uuid='7a91dc24-b072-43c4-98fb-4b2415322b0f'/ /auth source protocol='rbd' name='cloud/testrbd' host name='192.168.10.4' port='6789'/ /source target dev='vdb' bus='virtio'/ address type='pci' domain='0x' bus='0x00' slot='0x06' function='0x0'/ /disk 2.---error log- LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -S -M rhel6.2.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name xpSP3 -uuid b45bd66a-6700-4905-c5f4-4c799413d7b7 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/xpSP3.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/xpSP3.img,if=none,id=drive-ide0-0-0,format=raw,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx none:mon_host=192.168.10.4\:6789,if=none,id=drive-virtio-disk1,format=raw -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1 -netdev tap,fd=26,id=hostnet0 -device! e! 1000,netdev=hostnet0,id=net0,mac=52:54:00:2a:8c:48,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga std -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 Domain id=6 is tainted: high-privileges char device redirected to /dev/pts/4 qemu-kvm: -drive file=rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx none:mon_host=192.168.10.4\:6789,if=none,id=drive-virtio-disk1,format=raw: could not open disk image rbd:cloud/testrbd:id=cloud:key=AQCGbGRQ+M+NGBAATtylZNiSxqCTQ4uaApd+9w==:auth_supported=cephx none:mon_host=192.168.10.4\:6789: No such file or directory 2012-10-11 10:37:24.215+: shutting down You may need this patch to libvirt: http://www.redhat.com/archives/libvir-list/2012-May/msg3.html This is included in libvirt 0.9.12. Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: add rbd to whitelist of migration-safe formats
QEMU (and librbd) flush the cache on the source before the
destination starts, and the destination does not read any
changeable data before that, so live migration with rbd caching
is safe.
This makes 'virsh migrate' work with rbd and caching without the
--unsafe flag.
Reported-by: Vladimir Bashkirtsev vladi...@bashkirtsev.com
Signed-off-by: Josh Durgin josh.dur...@inktank.com
---
src/qemu/qemu_migration.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 48369d6..f51c99a 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -847,6 +847,9 @@ qemuMigrationIsSafe(virDomainDefPtr def)
continue;
else if (cfs 0)
return false;
+} else if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK
+ disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+continue;
}
qemuReportError(VIR_ERR_MIGRATE_UNSAFE, %s,
--
1.7.9.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: add rbd to whitelist of migration-safe formats
On 07/02/2012 12:48 PM, Eric Blake wrote:
On 07/02/2012 12:55 PM, Josh Durgin wrote:
QEMU (and librbd) flush the cache on the source before the
destination starts, and the destination does not read any
changeable data before that, so live migration with rbd caching
is safe.
This makes 'virsh migrate' work with rbd and caching without the
--unsafe flag.
Reported-by: Vladimir Bashkirtsevvladi...@bashkirtsev.com
Signed-off-by: Josh Durginjosh.dur...@inktank.com
---
src/qemu/qemu_migration.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 48369d6..f51c99a 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -847,6 +847,9 @@ qemuMigrationIsSafe(virDomainDefPtr def)
continue;
else if (cfs 0)
return false;
+} else if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK
+ disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+continue;
}
ACK. However, before I push, I note that you are previously listed in
AUTHORS under a different email address. Which of the two addresses do
you prefer, so that we can update .mailmap and keep 'make syntax-check'
happy?
I prefer the @inktank.com one, thanks!
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH RESEND] qemu: allow snapshotting of sheepdog and rbd disks
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
src/qemu/qemu_driver.c | 14 ++
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 78899a4..86e82d6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -9605,12 +9605,18 @@ qemuDomainSnapshotIsAllowed(virDomainObjPtr vm)
* that succeed as well
*/
for (i = 0; i vm-def-ndisks; i++) {
-if ((vm-def-disks[i]-device == VIR_DOMAIN_DISK_DEVICE_LUN) ||
-(vm-def-disks[i]-device == VIR_DOMAIN_DISK_DEVICE_DISK
- STRNEQ_NULLABLE(vm-def-disks[i]-driverType, qcow2))) {
+virDomainDiskDefPtr disk = vm-def-disks[i];
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK
+(disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_SHEEPDOG ||
+ disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD))
+continue;
+
+if ((disk-device == VIR_DOMAIN_DISK_DEVICE_LUN) ||
+(disk-device == VIR_DOMAIN_DISK_DEVICE_DISK
+ STRNEQ_NULLABLE(disk-driverType, qcow2))) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
_(Disk '%s' does not support snapshotting),
-vm-def-disks[i]-src);
+disk-src);
return false;
}
}
--
1.7.5.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 RESEND] qemu: change rbd auth_supported separation character to ;
This works with newer qemu that doesn't allow escaping spaces.
It's backwards compatible as well.
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
src/qemu/qemu_command.c|2 +-
.../qemuxml2argv-disk-drive-network-rbd-auth.args |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 45cd417..070d13e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1674,7 +1674,7 @@ qemuBuildRBDString(virConnectPtr conn,
goto error;
}
virBufferEscape(opt, '\\', :,
-:key=%s:auth_supported=cephx none,
+:key=%s:auth_supported=cephx\\;none,
base64);
VIR_FREE(base64);
} else {
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
index 1500672..b323e91 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
@@ -5,6 +5,6 @@ file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 -drive \
file=rbd:pool/image:\
id=myname:\
key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
-auth_supported=cephx none:\
+auth_supported=cephx\;none:\
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
if=virtio,format=raw -net none -serial none -parallel none -usb
--
1.7.5.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] qemu: change rbd auth_supported separation character to ;
This works with newer qemu that doesn't allow escaping spaces.
It's backwards compatible as well.
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
Changes since v1:
* update test as well
src/qemu/qemu_command.c|2 +-
.../qemuxml2argv-disk-drive-network-rbd-auth.args |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ea9431f..9784245 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1674,7 +1674,7 @@ qemuBuildRBDString(virConnectPtr conn,
goto error;
}
virBufferEscape(opt, '\\', :,
-:key=%s:auth_supported=cephx none,
+:key=%s:auth_supported=cephx\\;none,
base64);
VIR_FREE(base64);
} else {
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
index 1500672..b323e91 100644
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
@@ -5,6 +5,6 @@ file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 -drive \
file=rbd:pool/image:\
id=myname:\
key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
-auth_supported=cephx none:\
+auth_supported=cephx\;none:\
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
if=virtio,format=raw -net none -serial none -parallel none -usb
--
1.7.5.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: change rbd auth_supported separation character to ;
This works with newer qemu that doesn't allow escaping spaces.
It's backwards compatible as well.
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
src/qemu/qemu_command.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f971a08..ee3bf48 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1673,8 +1673,8 @@ qemuBuildRBDString(virConnectPtr conn,
virReportOOMError();
goto error;
}
-virBufferEscape(opt, '\\', :,
-:key=%s:auth_supported=cephx none,
+virBufferEscape(opt, '\\', :;,
+:key=%s:auth_supported=cephx;none,
base64);
VIR_FREE(base64);
} else {
--
1.7.5.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: allow snapshotting of sheepdog and rbd disks
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
.gnulib|2 +-
src/qemu/qemu_driver.c | 14 ++
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/.gnulib b/.gnulib
index d5612c7..6b93d00 16
--- a/.gnulib
+++ b/.gnulib
@@ -1 +1 @@
-Subproject commit d5612c714c87555f1059d71d347e20271dced322
+Subproject commit 6b93d00f5410ec183e3a70ebf8e418e3b1bb0191
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7e6d59c..fc537df 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -9571,12 +9571,18 @@ qemuDomainSnapshotIsAllowed(virDomainObjPtr vm)
* that succeed as well
*/
for (i = 0; i vm-def-ndisks; i++) {
-if ((vm-def-disks[i]-device == VIR_DOMAIN_DISK_DEVICE_LUN) ||
-(vm-def-disks[i]-device == VIR_DOMAIN_DISK_DEVICE_DISK
- STRNEQ_NULLABLE(vm-def-disks[i]-driverType, qcow2))) {
+virDomainDiskDefPtr disk = vm-def-disks[i];
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK
+(disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_SHEEPDOG ||
+ disk-protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD))
+continue;
+
+if ((disk-device == VIR_DOMAIN_DISK_DEVICE_LUN) ||
+(disk-device == VIR_DOMAIN_DISK_DEVICE_DISK
+ STRNEQ_NULLABLE(disk-driverType, qcow2))) {
qemuReportError(VIR_ERR_OPERATION_INVALID,
_(Disk '%s' does not support snapshotting),
-vm-def-disks[i]-src);
+disk-src);
return false;
}
}
--
1.7.5.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] qemu: unescape HMP commands before converting them to json
QMP commands don't need to be escaped since converting them to json
also escapes special characters. When a QMP command fails, however,
libvirt falls back to HMP commands. These fallback functions
(qemuMonitorText*) do their own escaping, and pass the result directly
to qemuMonitorHMPCommandWithFd. If the monitor is in json mode, these
pre-escaped commands will be escaped again when converted to json,
which can result in the wrong arguments being sent.
For example, a filename test\file would be sent in json as
test\\file.
This prevented attaching an image file with a or \ in its name in
qemu 1.0.50, and also broke rbd attachment (which uses backslashes to
escape some internal arguments.)
Reported-by: Masuko Tomoya tomoya.mas...@gmail.com
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
Changes since v1:
* fix leak of json_cmd
* change comments to /* */ instead of //
.gitignore |1 +
src/qemu/qemu_monitor.c | 67 ++--
src/qemu/qemu_monitor.h |1 +
tests/Makefile.am | 12 -
tests/qemumonitortest.c | 114 +++
5 files changed, 188 insertions(+), 7 deletions(-)
create mode 100644 tests/qemumonitortest.c
diff --git a/.gitignore b/.gitignore
index b7561dc..264a419 100644
--- a/.gitignore
+++ b/.gitignore
@@ -128,6 +128,7 @@
/tests/openvzutilstest
/tests/qemuargv2xmltest
/tests/qemuhelptest
+/tests/qemumonitortest
/tests/qemuxmlnstest
/tests/qparamtest
/tests/reconnect
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 93f3505..1068280 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -153,6 +153,49 @@ char *qemuMonitorEscapeArg(const char *in)
return out;
}
+char *qemuMonitorUnescapeArg(const char *in)
+{
+int i, j;
+char *out;
+int len = strlen(in) + 1;
+char next;
+
+if (VIR_ALLOC_N(out, len) 0)
+return NULL;
+
+for (i = j = 0; i len; ++i) {
+next = in[i];
+if (in[i] == '\\') {
+if (len i + 1) {
+/* trailing backslash shouldn't be possible */
+VIR_FREE(out);
+return NULL;
+}
+++i;
+switch(in[i]) {
+case 'r':
+next = '\r';
+break;
+case 'n':
+next = '\n';
+break;
+case '':
+case '\\':
+next = in[i];
+break;
+default:
+/* invalid input */
+VIR_FREE(out);
+return NULL;
+}
+}
+out[j++] = next;
+}
+out[j] = '\0';
+
+return out;
+}
+
#if DEBUG_RAW_IO
# include c-ctype.h
static char * qemuMonitorEscapeNonPrintable(const char *text)
@@ -852,10 +895,26 @@ int qemuMonitorHMPCommandWithFd(qemuMonitorPtr mon,
int scm_fd,
char **reply)
{
-if (mon-json)
-return qemuMonitorJSONHumanCommandWithFd(mon, cmd, scm_fd, reply);
-else
-return qemuMonitorTextCommandWithFd(mon, cmd, scm_fd, reply);
+char *json_cmd = NULL;
+int ret = -1;
+
+if (mon-json) {
+/* hack to avoid complicating each call to text monitor functions */
+json_cmd = qemuMonitorUnescapeArg(cmd);
+if (!json_cmd) {
+VIR_DEBUG(Could not unescape command: %s, cmd);
+qemuReportError(VIR_ERR_INTERNAL_ERROR, %s,
+_(Unable to unescape command));
+goto cleanup;
+}
+ret = qemuMonitorJSONHumanCommandWithFd(mon, json_cmd, scm_fd, reply);
+} else {
+ret = qemuMonitorTextCommandWithFd(mon, cmd, scm_fd, reply);
+}
+
+cleanup:
+VIR_FREE(json_cmd);
+return ret;
}
/* Ensure proper locking around callbacks. */
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 7c6c52b..9768457 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -128,6 +128,7 @@ struct _qemuMonitorCallbacks {
char *qemuMonitorEscapeArg(const char *in);
+char *qemuMonitorUnescapeArg(const char *in);
qemuMonitorPtr qemuMonitorOpen(virDomainObjPtr vm,
virDomainChrSourceDefPtr config,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9974c2f..3e505a5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -72,6 +72,7 @@ EXTRA_DIST = \
nwfilterxml2xmlout \
oomtrace.pl \
qemuhelpdata \
+ qemumonitortest \
qemuxml2argvdata \
qemuxml2xmloutdata \
qemuxmlnsdata \
@@ -110,7 +111,8 @@ check_PROGRAMS += xml2sexprtest sexpr2xmltest \
endif
if WITH_QEMU
check_PROGRAMS += qemuxml2argvtest qemuxml2xmltest qemuxmlnstest \
- qemuargv2xmltest qemuhelptest domainsnapshotxml2xmltest
+ qemuargv2xmltest qemuhelptest domainsnapshotxml2xmltest \
+ qemumonitortest
endif
if WITH_OPENVZ
[libvirt] [PATCH] qemu: unescape HMP commands before converting them to json
QMP commands don't need to be escaped since converting them to json
also escapes special characters. When a QMP command fails, however,
libvirt falls back to HMP commands. These fallback functions
(qemuMonitorText*) do their own escaping, and pass the result directly
to qemuMonitorHMPCommandWithFd. If the monitor is in json mode, these
pre-escaped commands will be escaped again when converted to json,
which can result in the wrong arguments being sent.
For example, a filename test\file would be sent in json as
test\\file.
This prevented attaching an image file with a or \ in its name in
qemu 1.0.50, and also broke rbd attachment (which uses backslashes to
escape some internal arguments.)
Reported-by: Masuko Tomoya tomoya.mas...@gmail.com
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
.gitignore |1 +
src/qemu/qemu_monitor.c | 59 +++-
src/qemu/qemu_monitor.h |1 +
tests/Makefile.am | 12 -
tests/qemumonitortest.c | 114 +++
5 files changed, 181 insertions(+), 6 deletions(-)
create mode 100644 tests/qemumonitortest.c
diff --git a/.gitignore b/.gitignore
index b7561dc..264a419 100644
--- a/.gitignore
+++ b/.gitignore
@@ -128,6 +128,7 @@
/tests/openvzutilstest
/tests/qemuargv2xmltest
/tests/qemuhelptest
+/tests/qemumonitortest
/tests/qemuxmlnstest
/tests/qparamtest
/tests/reconnect
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 93f3505..85212a7 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -153,6 +153,49 @@ char *qemuMonitorEscapeArg(const char *in)
return out;
}
+char *qemuMonitorUnescapeArg(const char *in)
+{
+int i, j;
+char *out;
+int len = strlen(in) + 1;
+char next;
+
+if (VIR_ALLOC_N(out, len) 0)
+return NULL;
+
+for (i = j = 0; i len; ++i) {
+next = in[i];
+if (in[i] == '\\') {
+if (len i + 1) {
+// trailing backslash shouldn't be possible
+VIR_FREE(out);
+return NULL;
+}
+++i;
+switch(in[i]) {
+case 'r':
+next = '\r';
+break;
+case 'n':
+next = '\n';
+break;
+case '':
+case '\\':
+next = in[i];
+break;
+default:
+// invalid input
+VIR_FREE(out);
+return NULL;
+}
+}
+out[j++] = next;
+}
+out[j] = '\0';
+
+return out;
+}
+
#if DEBUG_RAW_IO
# include c-ctype.h
static char * qemuMonitorEscapeNonPrintable(const char *text)
@@ -852,10 +895,20 @@ int qemuMonitorHMPCommandWithFd(qemuMonitorPtr mon,
int scm_fd,
char **reply)
{
-if (mon-json)
-return qemuMonitorJSONHumanCommandWithFd(mon, cmd, scm_fd, reply);
-else
+char *json_cmd = NULL;
+if (mon-json) {
+// hack to avoid complicating each call to text monitor functions
+json_cmd = qemuMonitorUnescapeArg(cmd);
+if (!json_cmd) {
+VIR_DEBUG(Could not unescape command: %s, cmd);
+qemuReportError(VIR_ERR_INTERNAL_ERROR, %s,
+_(Unable to unescape command));
+return -1;
+}
+return qemuMonitorJSONHumanCommandWithFd(mon, json_cmd, scm_fd, reply);
+} else {
return qemuMonitorTextCommandWithFd(mon, cmd, scm_fd, reply);
+}
}
/* Ensure proper locking around callbacks. */
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 7c6c52b..9768457 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -128,6 +128,7 @@ struct _qemuMonitorCallbacks {
char *qemuMonitorEscapeArg(const char *in);
+char *qemuMonitorUnescapeArg(const char *in);
qemuMonitorPtr qemuMonitorOpen(virDomainObjPtr vm,
virDomainChrSourceDefPtr config,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9974c2f..3e505a5 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -72,6 +72,7 @@ EXTRA_DIST = \
nwfilterxml2xmlout \
oomtrace.pl \
qemuhelpdata \
+ qemumonitortest \
qemuxml2argvdata \
qemuxml2xmloutdata \
qemuxmlnsdata \
@@ -110,7 +111,8 @@ check_PROGRAMS += xml2sexprtest sexpr2xmltest \
endif
if WITH_QEMU
check_PROGRAMS += qemuxml2argvtest qemuxml2xmltest qemuxmlnstest \
- qemuargv2xmltest qemuhelptest domainsnapshotxml2xmltest
+ qemuargv2xmltest qemuhelptest domainsnapshotxml2xmltest \
+ qemumonitortest
endif
if WITH_OPENVZ
@@ -237,7 +239,8 @@ endif
if WITH_QEMU
TESTS += qemuxml2argvtest qemuxml2xmltest qemuxmlnstest qemuargv2xmltest \
-qemuhelptest domainsnapshotxml2xmltest nwfilterxml2xmltest
+qemuhelptest domainsnapshotxml2xmltest
[libvirt] [PATCH] security: don't try to label network disks
Network disks don't have paths to be resolved or files to be checked
for ownership. ee3efc41e6233e625aa03003bf3127319ccd546f checked this
for some image label functions, but was partially reverted in a
refactor. This finishes adding the check to each security driver's
set and restore label methods for images.
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
src/security/security_apparmor.c |3 +++
src/security/security_dac.c |6 ++
src/security/security_selinux.c |3 +++
3 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index db7e7dc..3a01a21 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -606,6 +606,9 @@ AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
virDomainObjPtr vm,
virDomainDiskDefPtr disk ATTRIBUTE_UNUSED)
{
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
+return 0;
+
return reload_profile(mgr, vm, NULL, false);
}
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0e75319..9f8a320 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -180,6 +180,9 @@ virSecurityDACSetSecurityImageLabel(virSecurityManagerPtr
mgr,
if (!priv-dynamicOwnership)
return 0;
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
+return 0;
+
return virDomainDiskDefForeachPath(disk,
virSecurityManagerGetAllowDiskFormatProbing(mgr),
false,
@@ -199,6 +202,9 @@
virSecurityDACRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
if (!priv-dynamicOwnership)
return 0;
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
+return 0;
+
/* Don't restore labels on readoly/shared disks, because
* other VMs may still be accessing these
* Alternatively we could iterate over all running
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 78c0d45..6ef61c7 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -636,6 +636,9 @@ SELinuxSetSecurityImageLabel(virSecurityManagerPtr mgr,
if (secdef-norelabel)
return 0;
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
+return 0;
+
return virDomainDiskDefForeachPath(disk,
allowDiskFormatProbing,
true,
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v5 4/4] qemu/rbd: improve rbd device specification
On 11/15/2011 04:05 PM, Eric Blake wrote:
On 10/31/2011 07:29 PM, Josh Durgin wrote:
From: Sage Weils...@newdream.net
Sorry for letting my review of this slip 2 weeks.
This improves the support for qemu rbd devices by adding support for a few
key features (e.g., authentication) and cleaning up the way in which
rbd configuration options are passed to qemu.
Anauth member of the disk source xml specifies how librbd should
authenticate. The username attribute is the Ceph/RBD user to authenticate as.
The usage or uuid attributes specify which secret to use. Usage is an
arbitrary identifier local to libvirt.
The old RBD support relied on setting an environment variable to
communicate information to qemu/librbd. Instead, pass those options
explicitly to qemu. Update the qemu argument parsing and tests
accordingly.
Signed-off-by: Sage Weils...@newdream.net
Signed-off-by: Josh Durginjosh.dur...@dreamhost.com
---
Changes since v4:
* fixes memory management issues
* keep older rbd command line parsing and test case
* check qemuAddRBDHost return values
* use more efficient virBuffer functions
Looks like you got all my review points.
ACK and pushed, although I do have some questions that may deserve
followup patches:
+static int
+qemuBuildRBDString(virConnectPtr conn,
+ virDomainDiskDefPtr disk,
+ virBufferPtr opt)
+{
+int i, ret = 0;
+virSecretPtr sec = NULL;
+char *secret = NULL;
+size_t secret_size;
+
+virBufferAsprintf(opt, rbd:%s, disk-src);
+if (disk-auth.username) {
+virBufferEscape(opt, :, :id=%s, disk-auth.username);
This results in ambiguous output if disk-auth.username can end in a
single backslash (since then, you would have \: when combined with the
next part of the option, making it look like the next :mon_host=
option is instead a continuation of the :id= username). Should we be
escaping backslash as well as colon? Or should virBufferEscape be
taught to always escape backslash in addition to whatever characters
were passed in to its 'toescape' argument?
Escaping backslashes wouldn't hurt, but these usernames aren't expected
to have backslashes in them (they're genericNames in the xml schema).
+if (sec) {
+char *base64 = NULL;
+
+secret = (char *)conn-secretDriver-getValue(sec,secret_size, 0,
+
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+if (secret == NULL) {
+qemuReportError(VIR_ERR_INTERNAL_ERROR,
+_(could not get the value of the secret for
username %s),
+disk-auth.username);
+goto error;
+}
+/* qemu/librbd wants it base64 encoded */
+base64_encode_alloc(secret, secret_size,base64);
+if (!base64) {
+virReportOOMError();
+goto error;
+}
+virBufferEscape(opt, :, :key=%s:auth_supported=cephx none,
+base64);
+VIR_FREE(base64);
The command line that we pass to qemu gets logged. But what happens if
the secret was marked as ephemeral - could we be violating the premise
of not exposing passwords to too broad an audience? Or are we already
safe in that the log entries created by virCommand can only be exposed
to users that already can get at the secret information by other means?
The secret can be read from the command line of the running process,
which is even less secure than the log. I'm working on passing the
secret via the qemu monitor instead of the command line, which will
avoid both issues.
Maybe this means we should we be adding capabilities into virCommand to
prevent the logging of the actual secret (whether base64-encoded or
otherwise), and instead log an alternate string? That is, should
virCommand be tracking parallel argv arrays; the real array passed to
exec() but never logged, and the alternate array (normally matching the
real one, but which can differ in this particular case of passing an
argument that contains a password)?
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v5 4/4] qemu/rbd: improve rbd device specification
From: Sage Weil s...@newdream.net
This improves the support for qemu rbd devices by adding support for a few
key features (e.g., authentication) and cleaning up the way in which
rbd configuration options are passed to qemu.
An auth member of the disk source xml specifies how librbd should
authenticate. The username attribute is the Ceph/RBD user to authenticate as.
The usage or uuid attributes specify which secret to use. Usage is an
arbitrary identifier local to libvirt.
The old RBD support relied on setting an environment variable to
communicate information to qemu/librbd. Instead, pass those options
explicitly to qemu. Update the qemu argument parsing and tests
accordingly.
Signed-off-by: Sage Weil s...@newdream.net
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
Changes since v4:
* fixes memory management issues
* keep older rbd command line parsing and test case
* check qemuAddRBDHost return values
* use more efficient virBuffer functions
src/qemu/qemu_command.c| 356 ++--
tests/qemuargv2xmltest.c |2 +
.../qemuxml2argv-disk-drive-network-rbd-auth.args | 10 +
.../qemuxml2argv-disk-drive-network-rbd-auth.xml | 37 ++
...muxml2argv-disk-drive-network-rbd-ceph-env.args |6 +
...emuxml2argv-disk-drive-network-rbd-ceph-env.xml | 34 ++
.../qemuxml2argv-disk-drive-network-rbd.args |7 +-
tests/qemuxml2argvtest.c | 58
8 files changed, 406 insertions(+), 104 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.xml
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ceph-env.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-ceph-env.xml
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dc92fa3..55859e2 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -38,6 +38,7 @@
#include domain_audit.h
#include domain_conf.h
#include network/bridge_driver.h
+#include base64.h
#include sys/utsname.h
#include sys/stat.h
@@ -1495,6 +1496,189 @@ qemuSafeSerialParamValue(const char *value)
return 0;
}
+static int
+qemuBuildRBDString(virConnectPtr conn,
+ virDomainDiskDefPtr disk,
+ virBufferPtr opt)
+{
+int i, ret = 0;
+virSecretPtr sec = NULL;
+char *secret = NULL;
+size_t secret_size;
+
+virBufferAsprintf(opt, rbd:%s, disk-src);
+if (disk-auth.username) {
+virBufferEscape(opt, :, :id=%s, disk-auth.username);
+/* look up secret */
+switch (disk-auth.secretType) {
+case VIR_DOMAIN_DISK_SECRET_TYPE_UUID:
+sec = virSecretLookupByUUID(conn,
+disk-auth.secret.uuid);
+break;
+case VIR_DOMAIN_DISK_SECRET_TYPE_USAGE:
+sec = virSecretLookupByUsage(conn,
+ VIR_SECRET_USAGE_TYPE_CEPH,
+ disk-auth.secret.usage);
+break;
+}
+
+if (sec) {
+char *base64 = NULL;
+
+secret = (char *)conn-secretDriver-getValue(sec, secret_size, 0,
+
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+if (secret == NULL) {
+qemuReportError(VIR_ERR_INTERNAL_ERROR,
+_(could not get the value of the secret for
username %s),
+disk-auth.username);
+goto error;
+}
+/* qemu/librbd wants it base64 encoded */
+base64_encode_alloc(secret, secret_size, base64);
+if (!base64) {
+virReportOOMError();
+goto error;
+}
+virBufferEscape(opt, :, :key=%s:auth_supported=cephx none,
+base64);
+VIR_FREE(base64);
+} else {
+qemuReportError(VIR_ERR_INTERNAL_ERROR,
+_(rbd username '%s' specified but secret not
found),
+disk-auth.username);
+goto error;
+}
+}
+
+if (disk-nhosts 0) {
+virBufferAddLit(opt, :mon_host=);
+for (i = 0; i disk-nhosts; ++i) {
+if (i) {
+virBufferAddLit(opt, \\;);
+}
+if (disk-hosts[i].port) {
+virBufferAsprintf(opt, %s\\:%s,
+ disk-hosts[i].name,
+ disk-hosts[i].port);
+} else {
+virBufferAsprintf(opt, %s, disk-hosts[i].name);
+}
+}
+}
+
+cleanup:
+VIR_FREE(secret);
+if (sec)
+virUnrefSecret(sec);
+
+return ret;
+
+error:
+ret = -1;
+goto
Re: [libvirt] [RFC PATCH v3 1/4] secret: add Ceph secret type
On 10/28/2011 10:41 AM, Eric Blake wrote: On 10/27/2011 02:28 AM, Daniel P. Berrange wrote: On Thu, Oct 20, 2011 at 11:01:24AM -0700, Josh Durgin wrote: From: Sage Weils...@newdream.net Add a new secret type to store a Ceph authentication key. The name is simply an identifier for easy human reference. The xml looks like this: secret ephemeral='no' private='no' uuid0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f/uuid usage type='ceph' namemycluster_admin/name /usage /secret Signed-off-by: Sage Weils...@newdream.net Signed-off-by: Josh Durginjosh.dur...@dreamhost.com --- docs/schemas/secret.rng | 10 ++ Missing docs/formatsecret.html.in changes to document this, but I think I managed. include/libvirt/libvirt.h.in | 3 +++ src/conf/secret_conf.c | 23 ++- src/conf/secret_conf.h | 1 + src/secret/secret_driver.c | 8 5 files changed, 44 insertions(+), 1 deletions(-) ACK I'm adding this, and pushing: Thanks, I'm not sure why the mail didn't go through to the libvirt list. It looks like there's a break missing in the pushed version though: diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index fa80888..a51fc69 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -55,6 +55,7 @@ virSecretDefFree(virSecretDefPtr def) case VIR_SECRET_USAGE_TYPE_CEPH: VIR_FREE(def-usage.ceph); +break; default: VIR_ERROR(_(unexpected secret usage type %d), def-usage_type); I'll send an updated version of the other patches shortly. diff --git i/docs/formatsecret.html.in w/docs/formatsecret.html.in index 63a1f2a..01aff2d 100644 --- i/docs/formatsecret.html.in +++ w/docs/formatsecret.html.in @@ -39,8 +39,8 @@ dd Specifies what this secret is used for. A mandatory codetype/code attribute specifies the usage category, currently - only codevolume/code is defined. Specific usage categories are - described below. + only codevolume/code and codeceph/code are defined. + Specific usage categories are described below. /dd /dl @@ -54,6 +54,18 @@ this secret is associated with. /p + h3Usage type ceph/h3 + + p + This secret is associated with a Ceph RBD (rados block device). + The codelt;usage type='ceph'gt;/code element must contain + a single codename/code element that specifies a usage name + for the secret. The Ceph secret can then be used by UUID or by + this usage name via the codelt;authgt;/code element of + a a href=domain.html#elementsDisksdisk + device/a. span class=sinceSince 0.9.7/span. + /p + h2a name=exampleExample/a/h2 pre -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC PATCH v3 2/4] storage: add auth to virDomainDiskDef
On 10/28/2011 11:53 AM, Eric Blake wrote:
On 10/27/2011 02:33 AM, Daniel P. Berrange wrote:
On Thu, Oct 20, 2011 at 11:01:25AM -0700, Josh Durgin wrote:
Add additional fields to let you specify the how to authenticate with
a disk.
The secret to use may be referenced by a usage string or a UUID, i.e.:
auth username='myuser'
secret type='ceph' usage='secretname'/
/auth
or
auth username='myuser'
secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/
/auth
+++ b/src/Makefile.am
@@ -128,7 +128,8 @@ DOMAIN_CONF_SOURCES = \
conf/capabilities.c conf/capabilities.h \
conf/domain_conf.c conf/domain_conf.h \
conf/domain_audit.c conf/domain_audit.h \
- conf/domain_nwfilter.c conf/domain_nwfilter.h
+ conf/domain_nwfilter.c conf/domain_nwfilter.h \
+ conf/secret_conf.c
Unless I'm missing something, I don't think your code changes to
domain_conf.c actually introduce any dependancy on secret_conf.c
You include secret_conf.h, but that is only to get access to one
of the enum values. So there's no dep on the secret_conf.c code
and you can just drop this hunk
Actually, the linker now wants to pull in
virSecretUsageTypeTypeFromString (yuck; why do we have that doubled
Type in the name?), so that means more drivers have to add a link
library, to prevent problems like this:
libvirt_lxc-domain_conf.o: In function `virDomainDiskDefParseXML':
/home/remote/eblake/libvirt/src/conf/domain_conf.c:2479: undefined
reference to `virSecretUsageTypeTypeFromString'
+ /attribute
+ attribute name=usage
+ ref name=genericName/
This says usage='name' uses a genericName, but in secret.rng, you said
element name could use arbitrary text - that is, we have a discrepancy
where the secret could have an arbitrary name which validates for
secret.rng but fails to validate for auth as part of domain.rng. You
probably ought to do a followup patch that consolidates the two .rng
files to use the same definition for what you will accept as a valid
Ceph secret name.
Yeah, I'll fix that.
+ if (def-auth.username) {
+ virBufferAsprintf(buf, auth username='%s'\n,
+ def-auth.username);
+ if (def-auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) {
+ virUUIDFormat(def-auth.secret.uuid, uuidstr);
+ virBufferAsprintf(buf,
+ secret type='passphrase' uuid='%s'/\n,
This disagrees with your type='ceph' in the commit message (twice). You
would have caught this had you added a test that does round-trip from
XML in and back out somewhere in the series. Could you please do that as
a followup patch?
Oops, sorry about that. The reason I didn't include a test going from
commandline to secret is that we're going to be passing the secret
through the qemu monitor so it won't be exposed on the command line.
+ uuidstr);
+ }
+ if (def-auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) {
+ virBufferAsprintf(buf,
This must use virBufferEscapeString, since the user's usage string may
have arbitrary text.
+ secret type='passphrase' usage='%s'/\n,
+ def-auth.secret.usage);
+ }
+ virBufferAsprintf(buf, /auth\n);
AddLit is more efficient than Asprintf for a constant string.
+enum virDomainDiskSecretType {
+ VIR_DOMAIN_DISK_SECRET_TYPE_NONE,
+ VIR_DOMAIN_DISK_SECRET_TYPE_UUID,
+ VIR_DOMAIN_DISK_SECRET_TYPE_USAGE,
+
+ VIR_DOMAIN_DISK_SECRET_TYPE_LAST
+};
+
/* Stores the virtual disk configuration */
typedef struct _virDomainDiskDef virDomainDiskDef;
typedef virDomainDiskDef *virDomainDiskDefPtr;
@@ -281,6 +289,14 @@ struct _virDomainDiskDef {
int protocol;
int nhosts;
virDomainDiskHostDefPtr hosts;
+ struct {
+ char *username;
+ int secretType;
I like to add a comment stating which values are expected in this field
(here, enum virDomainDiskSecretType).
ACK with the Makefile.am hunk dropped
Also missing documentation. Here's what I had to squash in for that,
before pushing. Also, I added Josh to AUTHORS (shoot, I also realized
that I botched Josh's email in 1/4 when hand-applying everything, due to
battling the lost emails, sorry about that).
diff --git i/docs/formatdomain.html.in w/docs/formatdomain.html.in
index fcffb25..f31b775 100644
--- i/docs/formatdomain.html.in
+++ w/docs/formatdomain.html.in
@@ -913,6 +913,16 @@
lt;transient/gt;
lt;address type='drive' controller='0' bus='1' unit='0'/gt;
lt;/diskgt;
+ lt;disk type='network'gt;
+ lt;driver name=qemu type=raw/gt;
+ lt;source protocol=rbd name=image_name2gt;
+ lt;host name=hostname port=7000/gt;
+ lt;/sourcegt;
+ lt;target dev=hdd bus=ide/gt;
+ lt;auth username='myuser'gt;
+ lt;secret type='ceph' usage='mypassid'/gt;
+ lt;/authgt;
+ lt;/diskgt;
lt;disk type='block' device='cdrom'gt;
lt;driver name='qemu' type='raw'/gt;
lt;target def='hdc' bus='ide'/gt;
@@ -1160,7 +1170,24 @@
drive controller, additional attributes
codecontroller/code, codebus/code,
and codeunit/code are available, each defaulting to 0.
-
+ /dd
+ dtcodeauth/code/dt
+ ddIf present, the codeauth/code element provides the
+ authentication credentials needed to access the source. It
+ includes a mandatory
[libvirt] [PATCH 1/1] Use a common xml type for ceph secret usage.
The types used in domaincommon.rng and secret.rng should be the same.
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
docs/schemas/domaincommon.rng | 11 ---
docs/schemas/secret.rng |4 +++-
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 3477351..d053489 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2558,13 +2558,13 @@
attribute name='uuid'
ref name=UUID/
/attribute
-attribute name=usage
- ref name=genericName/
+attribute name='usage'
+ ref name='usageName'/
/attribute
/choice
/element
/define
-
+
!--
Optional hypervisor extensions in their own namespace:
QEmu
@@ -2675,6 +2675,11 @@
param
name=pattern(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])|(([0-9a-fA-F]+|:)+[0-9a-fA-F]+)|([a-zA-Z0-9_\.\+\-]*)/param
/data
/define
+ define name=usageName
+data type=string
+ param name=pattern[a-zA-Z0-9_\.\+\-]+/param
+/data
+ /define
define name=usbId
data type=string
param name=pattern(0x)?[0-9a-fA-F]{1,4}/param
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index 8e7714b..3abd3c7 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -4,6 +4,8 @@
ref name='secret'/
/start
+ include href='domaincommon.rng'/
+
define name='secret'
element name='secret'
optional
@@ -60,7 +62,7 @@
valueceph/value
/attribute
element name='name'
- text/
+ ref name='usageName'/
/element
/define
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v4 4/4] qemu/rbd: improve rbd device specification
From: Sage Weil s...@newdream.net
This improves the support for qemu rbd devices by adding support for a few
key features (e.g., authentication) and cleaning up the way in which
rbd configuration options are passed to qemu.
And auth member of the disk source xml specifies how librbd should
authenticate. The username attribute is the Ceph/RBD user to authenticate as.
The usage or uuid attributes specify which secret to use. Usage is an
arbitrary identifier local to libvirt.
The old RBD support relied on setting an environment variable to
communicate information to qemu/librbd. Instead, pass those options
explicitly to qemu. Update the qemu argument parsing and tests
accordingly.
Signed-off-by: Sage Weil s...@newdream.net
Signed-off-by: Josh Durgin josh.dur...@dreamhost.com
---
This fixes the things Daniel mentioned.
src/qemu/qemu_command.c| 284
.../qemuxml2argv-disk-drive-network-rbd-auth.args |6 +
.../qemuxml2argv-disk-drive-network-rbd-auth.xml | 37 +++
.../qemuxml2argv-disk-drive-network-rbd.args |6 +-
tests/qemuxml2argvtest.c | 56
5 files changed, 272 insertions(+), 117 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.xml
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f5d89b9..48b0762 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -38,6 +38,7 @@
#include domain_audit.h
#include domain_conf.h
#include network/bridge_driver.h
+#include base64.h
#include sys/utsname.h
#include sys/stat.h
@@ -1495,6 +1496,159 @@ qemuSafeSerialParamValue(const char *value)
return 0;
}
+static int qemuBuildRBDString(virConnectPtr conn,
+ virDomainDiskDefPtr disk,
+ virBufferPtr opt)
+{
+int i;
+virSecretPtr sec = NULL;
+char *secret = NULL;
+size_t secret_size;
+
+virBufferAsprintf(opt, rbd:%s, disk-src);
+if (disk-auth.username) {
+virBufferEscape(opt, :, :id=%s, disk-auth.username);
+/* look up secret */
+switch (disk-auth.secretType) {
+case VIR_DOMAIN_DISK_SECRET_TYPE_UUID:
+sec = virSecretLookupByUUID(conn,
+disk-auth.secret.uuid);
+break;
+case VIR_DOMAIN_DISK_SECRET_TYPE_USAGE:
+sec = virSecretLookupByUsage(conn,
+ VIR_SECRET_USAGE_TYPE_CEPH,
+ disk-auth.secret.usage);
+break;
+}
+
+if (sec) {
+char *base64;
+
+secret = (char *)conn-secretDriver-getValue(sec, secret_size, 0,
+
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+if (secret == NULL) {
+qemuReportError(VIR_ERR_INTERNAL_ERROR,
+_(could not get the value of the secret for
username %s),
+disk-auth.username);
+return -1;
+}
+/* qemu/librbd wants it base64 encoded */
+base64_encode_alloc(secret, secret_size, base64);
+virBufferEscape(opt, :, :key=%s:auth_supported=cephx\\;none,
+base64);
+VIR_FREE(base64);
+VIR_FREE(secret);
+virUnrefSecret(sec);
+} else {
+qemuReportError(VIR_ERR_INTERNAL_ERROR,
+_(rbd username '%s' specified but secret not
found),
+disk-auth.username);
+return -1;
+}
+}
+
+if (disk-nhosts 0) {
+virBufferStrcat(opt, :mon_host=, NULL);
+for (i = 0; i disk-nhosts; ++i) {
+if (i) {
+virBufferStrcat(opt, \\;, NULL);
+}
+if (disk-hosts[i].port) {
+virBufferAsprintf(opt, %s\\:%s,
+ disk-hosts[i].name,
+ disk-hosts[i].port);
+} else {
+virBufferAsprintf(opt, %s, disk-hosts[i].name);
+}
+}
+}
+
+return 0;
+}
+
+static int qemuAddRBDHost(virDomainDiskDefPtr disk, char *hostport)
+{
+char *port;
+int ret;
+
+disk-nhosts++;
+ret = VIR_REALLOC_N(disk-hosts, disk-nhosts);
+if (ret 0) {
+virReportOOMError();
+return -1;
+}
+
+port = strstr(hostport, \\:);
+if (port) {
+*port = '\0';
+port += 2;
+disk-hosts[disk-nhosts-1].port = strdup(port);
+} else {
+disk-hosts[disk-nhosts-1].port = strdup(6789);
+}
+disk-hosts[disk-nhosts-1].name = strdup(hostport);
+return 0;
+}
+
+/* disk-src initially has everything after the rbd: prefix */
+static int qemuParseRBDString
[libvirt] passing secrets to block devices
We're working on libvirt support for block device authentication [1]. To authenticate, rbd needs a username and a secret. Normally, to avoid putting the secret on the command line, you can store the secret in a file and pass the file to qemu, but when this is automated, there's no good way to know when the file can be removed. There are a few ways to pass the secret to qemu that avoid this problem: 1) pass an fd to an unlinked file containing the secret This is the simplest method, but it sounds like qemu developers don't like fd passing from libvirt. [2] 2) start guests paused, without disks requiring authentication, then use the drive_add monitor command to attach them This would make disks with authentication somewhat of a special case in libvirt, but would be simple to implement, and require no qemu changes. 3) start guests paused, then send the secret via a new QMP/HMP command (block_set_conf key value?) This is a larger change, but it would be more generally useful for changing configuration at runtime. What do you think is the best approach? [1] http://permalink.gmane.org/gmane.comp.file-systems.ceph.devel/4129 [2] http://lists.gnu.org/archive/html/qemu-devel/2011-08/msg02494.html -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] passing secrets to block devices
On 10/20/2011 12:24 PM, Daniel P. Berrange wrote:
On Thu, Oct 20, 2011 at 11:30:42AM -0700, Josh Durgin wrote:
We're working on libvirt support for block device authentication [1]. To
authenticate, rbd needs a username and a secret. Normally, to
avoid putting the secret on the command line, you can store the secret
in a file and pass the file to qemu, but when this is automated,
there's no good way to know when the file can be removed. There are
a few ways to pass the secret to qemu that avoid this problem:
This is the same problem the iSCSI block driver currently faces,
and also if the Curl/HTTP block driver wanted todo authentication
we'd hit this. So it isn't unique to Ceph/RBD.
1) pass an fd to an unlinked file containing the secret
This is the simplest method, but it sounds like qemu developers don't
like fd passing from libvirt. [2]
That would be workable, but it means people trying to run the libvirt
QEMU command line themselves, would have to remove some args.
Isn't this already the case for chardevs? I can understand not wanting
more things like that though.
2) start guests paused, without disks requiring authentication, then
use the drive_add monitor command to attach them
This would make disks with authentication somewhat of a special case
in libvirt, but would be simple to implement, and require no qemu changes.
This makes it very hard for people to take the libvirt QEMU command line
and run themselves, since now an entire chunk of it is just missing.
So I really don't want to go down this route.
3) start guests paused, then send the secret via a new QMP/HMP
command (block_set_confkey value?)
This is a larger change, but it would be more generally useful for
changing configuration at runtime.
I don't think you need to try to solve the problem of a general
purpose 'set configuration' command here, not least because that
will likely get you drawn into a huge discussion about qemu device
configuration in general which will likely never end.
We already have a 'block_passwd' command for setting qcow2 decryption
keys. These aren't decryption passwords, rather they are authentication
passwords, so they're a little different, but I think this command could
still likely be leveraged for Ceph/iSCSI/etc auth passwords.
Ideally, we want to cope with having both a decryption auth password
for the same block device. eg, an encrypted qcow2 image accessed, over
HTTP would require both. In these case there are 2 block drivers involved,
the 'qcow2' driver and the 'http' driver. So perhaps an extra parameter
for the 'block_password' command to identify which driver the password
is intended for is the right approach. If omitted,we'd default to 'qcow2'
for back compat.
So eg, for a encrypted qcow2 disk accessed over http
-drive file=http://fred@host/my.iso,format=qcow2,id=mydrive
the app would invoke
{ execute: block_password, argument: { device: mydrive,
driver, qcow2,
password, 12345 } }
{ execute: block_password, argument: { device: mydrive,
driver, curl,
password, 7890 } }
For Ceph/RBD with a plain file, you'd just do
{ execute: block_password, argument: { device: mydrive,
driver, rbd,
password, 7890 } }
This sounds good to me, although the same driver might use
authentication and encryption. Adding another argument to specify 'auth'
or 'encryption' would fix this, i.e.:
{ execute: block_password, argument: { device: mydrive,
driver: qcow2,
use: encryption
password: 12345 } }
I'll prepare a patch if there are no objections to this approach.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv2] Don't allow two or more disks to be mapped to the same image file
On 03/25/2011 12:06 AM, Hu Tao wrote: On Thu, Mar 24, 2011 at 04:22:38PM -0700, Josh Durgin wrote: This won't work for network disks, which aren't files. To check for network disk conflicts, you'd need to check that whether any host and port are the same as well. This won't be perfect, since hosts and ports can be implicit or referred to by different names, but it won't have false positives. Is there a perfect way to solve this problem? However I will try your way first. I'm not sure there is a perfect way for all types of network disks using the information libvirt has, since multiple hostnames/ip addresses may refer to the same storage location. A more robust solution would use a lower level interface to implement locking. I'm not sure how this would work for nbd or sheepdog, but for rbd the watch/notify mechanism in librados can be used to do this. It sounds like this would be easier to do later within Dan's lock manager framework. It doesn't help much to only stop duplicate mappings on one domain (or host) when your disks aren't local. If libvirt ends up with a check that only works on one host or domain, skipping network disks might be better than providing a false sense of security. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv2] Don't allow two or more disks to be mapped to the same image file
On 03/24/2011 02:45 PM, Eric Blake wrote:
On 03/24/2011 02:46 AM, Hu Tao wrote:
If two or more disks are mapped to the same image file, operating
on these disks at the same time may corrupt data stored in the
image file.
changes:
v2:
- allow it for read-only disks
- compare source files by inode number
+
+if (stat(disk-src, stat1)) {
+if (errno != ENOENT) {
+/* Can't stat file, for safety treate it as conflicted */
s/treate/treat/
Won't this will fail on root-squash NFS from qemu:///system? (Or does
root-squash meant that root can still stat() but just not open() a file?)
This won't work for network disks, which aren't files. To check
for network disk conflicts, you'd need to check that whether any
host and port are the same as well. This won't be perfect, since
hosts and ports can be implicit or referred to by different
names, but it won't have false positives.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/1] Skip file-based security checks for network disks
Network disks are accessed by qemu directly, and have no
associated file on the host, so checking for file ownership etc.
is unnecessary.
Signed-off-by: Josh Durgin jo...@hq.newdream.net
---
src/conf/domain_conf.c |2 +-
src/qemu/qemu_security_dac.c |2 +-
src/security/security_apparmor.c |2 +-
src/security/security_selinux.c |2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d516fbe..c857a89 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8353,7 +8353,7 @@ int virDomainDiskDefForeachPath(virDomainDiskDefPtr disk,
size_t depth = 0;
char *nextpath = NULL;
-if (!disk-src)
+if (!disk-src || disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
if (disk-driverType) {
diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
index 55dc0c6..88fdb8d 100644
--- a/src/qemu/qemu_security_dac.c
+++ b/src/qemu/qemu_security_dac.c
@@ -144,7 +144,7 @@
qemuSecurityDACRestoreSecurityImageLabelInt(virSecurityDriverPtr drv ATTRIBUTE_U
if (disk-readonly || disk-shared)
return 0;
-if (!disk-src)
+if (!disk-src || disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
/* If we have a shared FS doing migrated, we must not
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b43c4ac..468d0a3 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -619,7 +619,7 @@ AppArmorSetSecurityImageLabel(virSecurityDriverPtr drv,
if (secdef-type == VIR_DOMAIN_SECLABEL_STATIC)
return 0;
-if (!disk-src)
+if (!disk-src || disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
if (secdef-imagelabel) {
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 49efa75..47da677 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -436,7 +436,7 @@ SELinuxRestoreSecurityImageLabelInt(virSecurityDriverPtr
drv ATTRIBUTE_UNUSED,
if (disk-readonly || disk-shared)
return 0;
-if (!disk-src)
+if (!disk-src || disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK)
return 0;
/* If we have a shared FS doing migrated, we must not
--
1.7.2.3
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/2] rbd network disk support
Here are patches on top of Kazutaka's v2 to add RBD support and fix some general network disk problems. There's also a test for each type of network disk. Josh Durgin (2): qemu: Add RBD support and some network disk fixes tests: Add tests for network disks docs/schemas/domain.rng| 11 ++- src/conf/domain_conf.c | 25 +++- src/conf/domain_conf.h |1 + src/qemu/qemu_conf.c | 143 ++-- tests/qemuargv2xmltest.c |3 + .../qemuxml2argv-disk-drive-network-nbd.args |1 + .../qemuxml2argv-disk-drive-network-nbd.xml| 32 + .../qemuxml2argv-disk-drive-network-rbd.args |1 + .../qemuxml2argv-disk-drive-network-rbd.xml| 34 + .../qemuxml2argv-disk-drive-network-sheepdog.args |1 + .../qemuxml2argv-disk-drive-network-sheepdog.xml | 32 + tests/qemuxml2argvtest.c |6 + 12 files changed, 275 insertions(+), 15 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-sheepdog.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-sheepdog.xml -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] qemu: Add RBD support and some network disk fixes
Changes common to all network disks:
-Make source name optional in the domain schema, since NBD doesn't use it
-Add a hostName type to the domain schema, and use it instead of genericName,
which doesn't include .
-Don't leak host names or ports
-Set the source protocol in qemuParseCommandline
Signed-off-by: Josh Durgin jo...@hq.newdream.net
---
docs/schemas/domain.rng | 11 +++-
src/conf/domain_conf.c | 25 +++-
src/conf/domain_conf.h |1 +
src/qemu/qemu_conf.c| 143 ---
4 files changed, 165 insertions(+), 15 deletions(-)
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index 4463884..51aae14 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -626,11 +626,13 @@
valuesheepdog/value
/choice
/attribute
-attribute name=name/
+optional
+ attribute name=name/
+/optional
zeroOrMore
element name=host
attribute name=name
- ref name=genericName/
+ ref name=hostName/
/attribute
attribute name=port
ref name=unsignedInt/
@@ -2024,6 +2026,11 @@
param name=minInclusive1/param
/data
/define
+ define name=hostName
+data type=string
+ param name=pattern[a-zA-Z0-9\.\-]+/param
+/data
+ /define
define name=PortNumber
data type=short
param name=minInclusive-1/param
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5e2422b..6b4320a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -508,21 +508,34 @@ void virDomainInputDefFree(virDomainInputDefPtr def)
void virDomainDiskDefFree(virDomainDiskDefPtr def)
{
+unsigned int i;
+
if (!def)
return;
VIR_FREE(def-serial);
VIR_FREE(def-src);
-VIR_FREE(def-hosts);
VIR_FREE(def-dst);
VIR_FREE(def-driverName);
VIR_FREE(def-driverType);
virStorageEncryptionFree(def-encryption);
virDomainDeviceInfoClear(def-info);
+for (i = 0 ; i def-nhosts ; i++)
+virDomainDiskHostDefFree(def-hosts[i]);
+
VIR_FREE(def);
}
+void virDomainDiskHostDefFree(virDomainDiskHostDefPtr def)
+{
+if (!def)
+return;
+
+VIR_FREE(def-name);
+VIR_FREE(def-port);
+}
+
void virDomainControllerDefFree(virDomainControllerDefPtr def)
{
if (!def)
@@ -1643,7 +1656,12 @@ virDomainDiskDefParseXML(virCapsPtr caps,
protocol);
goto error;
}
-source = virXMLPropString(cur, name);
+if (!(source = virXMLPropString(cur, name))
+def-protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
+virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+ _(missing name for disk
source));
+goto error;
+}
host = cur-children;
while (host != NULL) {
if (host-type == XML_ELEMENT_NODE
@@ -1876,8 +1894,7 @@ cleanup:
VIR_FREE(target);
VIR_FREE(source);
while (nhosts 0) {
-VIR_FREE(hosts[nhosts - 1].name);
-VIR_FREE(hosts[nhosts - 1].port);
+virDomainDiskHostDefFree(hosts[nhosts - 1]);
nhosts--;
}
VIR_FREE(hosts);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 6c97289..c1e39ba 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1070,6 +1070,7 @@ virDomainObjPtr virDomainFindByName(const
virDomainObjListPtr doms,
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def);
void virDomainInputDefFree(virDomainInputDefPtr def);
void virDomainDiskDefFree(virDomainDiskDefPtr def);
+void virDomainDiskHostDefFree(virDomainDiskHostDefPtr def);
void virDomainControllerDefFree(virDomainControllerDefPtr def);
void virDomainFSDefFree(virDomainFSDefPtr def);
void virDomainNetDefFree(virDomainNetDefPtr def);
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 55e193f..d1368dc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -4010,6 +4010,8 @@ qemudBuildCommandLine(virConnectPtr conn,
int last_good_net = -1;
bool hasHwVirt = false;
virCommandPtr cmd;
+bool has_rbd_hosts = false;
+virBuffer rbd_hosts = VIR_BUFFER_INITIALIZER;
uname_normalize(ut);
@@ -4550,6 +4552,7 @@ qemudBuildCommandLine(virConnectPtr conn,
int bootable = 0;
virDomainDiskDefPtr disk = def-disks[i];
int withDeviceArg = 0;
+int j;
/* Unless we have -device, then USB disks need special
handling */
@@ -4599,6 +4602,27 @@ qemudBuildCommandLine(virConnectPtr conn,
virCommandAddArg(cmd
Re: [libvirt] [PATCH] support sheepdog volumes
On 11/18/2010 04:42 PM, MORITA Kazutaka wrote: On 2010/11/18 19:46, Daniel P. Berrange wrote: On Wed, Nov 17, 2010 at 06:19:58PM +0900, MORITA Kazutaka wrote: Sheepdog is a distributed storage system for QEMU. It provides highly available block level storage volumes to VMs like Amazon EBS. This patch adds support for Sheepdog; we can create VMs with sheepdog volumes, and attach sheepdog volumes to running machines via the attach-device command. Sheepdog volumes can be declared like this: disk type='sheepdog' device='disk' driver name='qemu' type='raw' / source vdi='volume_name' host='hostname' port='7000'/ target dev='vda' bus='virtio' / /disk 'host' and 'port' in the source element are optional. If they are not specified, sheepdog clients use the default value (localhost:7000). I'm not too familiar with sheepdog implementation, but I understand that each block device is stored across multiple hosts, but you're only listing one hostname here. In the proposal for supporting RBD/ CEPH in libvirt/QEMU, there's tan option to give multiple hostnames. Is the need to give multiple hostnames going to be something that is also relevant for Sheepdog, or does it cope with this in an entirely different way ? We use the hostname as like a gateway to access sheepdog volumes. Though we could extend it to multiple hostnames to achieve high availability, how to use these parameters as qemu arguments needs to be discussed. For RBD, the monitor hostnames can be set through the environment. It looks like this is easy to add to the libvirt QEMU driver. Would environment variables work for sheepdog as well? As mentioned in the RBD thread[1], I'm wondering whether we should aim for separate 'types' for each network block device or try to merge them into one common syntax like disk type=network device=disk driver name=qemu type=raw / source protocol='rbd|sheepdog|nbd' name=...some image identifier... host name=mon1.example.org port=6000 host name=mon2.example.org port=6000 host name=mon3.example.org port=6000 /source target dev=vda bus=virtio / /disk Are monitor addresses necessary in the above syntax for RBD? I guess the monitor addresses are parameters to create a rbd image, but not ones to use a rbd image. If so, we can make the syntax a bit simpler like The monitors serve as gateways for RBD. All need to be specified so that RBD can still access the cluster if some monitors go down. disk type=network device=disk driver name=qemu type=raw / source protocol='rbd|sheepdog|nbd' name=... host=hostname port=6000 / target dev=vda bus=virtio / /disk Thannks, Kazutaka Thanks, Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] rbd storage pool support for libvirt
Hi Daniel, On 11/08/2010 05:16 AM, Daniel P. Berrange wrote: In any case, before someone goes off and implements something, does this look like the right general approach to adding rbd support to libvirt? I think this looks reasonable. I'd be inclined to get the storage pool stuff working with the kernel RBD driver UDEV rules for stable path names, since that avoids needing to make any changes to guest XML format. Support for QEMU with the native librados CEPH driver could be added as a second patch. Okay, that sounds reasonable. Supporting the QEMU librados driver is definitely something we want to target, though, and seems to be route that more users are interested in. Is defining the XML syntax for a guest VM something we can discuss now as well? (BTW this is biting NBD users too. Presumably the guest VM XML should look similar? And also Sheepdog storage volumes. To define a syntax for all these we need to determine what configuration metadata is required at a per-VM level for each of them. Then try and decide how to represent that in the guest XML. It looks like at a VM level we'd need a hostname, port number and a volume name (or path). It looks like that's what Sheepdog needs from the patch that was submitted earlier today. For RBD, we would want to allow multiple hosts, and specify the pool and image name when the QEMU librados driver is used, e.g.: disk type=rbd device=disk driver name=qemu type=raw / source vdi=image_name pool=pool_name host name=mon1.example.org port=6000 host name=mon2.example.org port=6000 host name=mon3.example.org port=6000 /source target dev=vda bus=virtio / /disk As you mentioned earlier, we could just use the existing source format for the kernel RBD driver. Does this seem like a reasonable format for the VM XML? Any suggestions? Thanks, Josh -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] rbd storage pool support for libvirt
On 11/17/2010 04:33 PM, Josh Durgin wrote: Hi Daniel, On 11/08/2010 05:16 AM, Daniel P. Berrange wrote: In any case, before someone goes off and implements something, does this look like the right general approach to adding rbd support to libvirt? I think this looks reasonable. I'd be inclined to get the storage pool stuff working with the kernel RBD driver UDEV rules for stable path names, since that avoids needing to make any changes to guest XML format. Support for QEMU with the native librados CEPH driver could be added as a second patch. Okay, that sounds reasonable. Supporting the QEMU librados driver is definitely something we want to target, though, and seems to be route that more users are interested in. Is defining the XML syntax for a guest VM something we can discuss now as well? (BTW this is biting NBD users too. Presumably the guest VM XML should look similar? And also Sheepdog storage volumes. To define a syntax for all these we need to determine what configuration metadata is required at a per-VM level for each of them. Then try and decide how to represent that in the guest XML. It looks like at a VM level we'd need a hostname, port number and a volume name (or path). It looks like that's what Sheepdog needs from the patch that was submitted earlier today. For RBD, we would want to allow multiple hosts, and specify the pool and image name when the QEMU librados driver is used, e.g.: disk type=rbd device=disk driver name=qemu type=raw / source vdi=image_name pool=pool_name host name=mon1.example.org port=6000 host name=mon2.example.org port=6000 host name=mon3.example.org port=6000 /source target dev=vda bus=virtio / /disk As you mentioned earlier, we could just use the existing source format for the kernel RBD driver. Does this seem like a reasonable format for the VM XML? Any suggestions? Also, it would be convenient to be able to specify which RBD driver to use in the guest XML, so that it's independent of the libvirt pool configuration. Would having two different rbd disk types be the right approach here? -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
