Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 02/13/2014 07:51 PM, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- include/libvirt/libvirt.h.in | 13 +++ src/driver.h | 13 +++ src/libvirt.c| 91 src/libvirt_public.syms | 6 +++ 4 files changed, 123 insertions(+) +int virDomainGetTime(virDomainPtr dom, + long long *time, + unsigned int flags); + +typedef enum { +VIR_DOMAIN_TIME_SYNC = (1 0), /* Re-sync domain time from domain's RTC */ +} virDomainSetTimeFlags; + +int virDomainSetTime(virDomainPtr dom, + long long time, + const char *timezone, Both 'time' and 'timezone' generate a warning about shadowed global declaration with older GCC. + unsigned int flags); + /** * virSchedParameterType: * Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 14.02.2014 09:10, Ján Tomko wrote: On 02/13/2014 07:51 PM, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- include/libvirt/libvirt.h.in | 13 +++ src/driver.h | 13 +++ src/libvirt.c| 91 src/libvirt_public.syms | 6 +++ 4 files changed, 123 insertions(+) +int virDomainGetTime(virDomainPtr dom, + long long *time, + unsigned int flags); + +typedef enum { +VIR_DOMAIN_TIME_SYNC = (1 0), /* Re-sync domain time from domain's RTC */ +} virDomainSetTimeFlags; + +int virDomainSetTime(virDomainPtr dom, + long long time, + const char *timezone, Both 'time' and 'timezone' generate a warning about shadowed global declaration with older GCC. Sigh. That's another case where a syntax-check rule prohibiting some variable names would be useful. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/21] LXC configuration conversion
On 02/05/2014 03:09 PM, Cédric Bosdonnat wrote: Here is an updated version of the patch set fixing comments from Daniel. It also adds 3 commits: * One adding conversion for the newly supported blkio throttle tune in lxc driver. * One actually using the state of the veth network device in lxc driver. * One adding the ability to give major:minor numbers instead of a path for blkio tune devices. The last one is a way to address Daniel's comment on the /dev/block/... paths. Cédric Bosdonnat (21): Improve virConf parse to handle LXC config format LXC driver: started implementing connectDomainXMLFromNative LXC from native: import rootfs LXC from native: migrate fstab and lxc.mount.entry LXC from native: implement no network conversion LXC from native: migrate veth network configuration LXC from native: convert phys network types to net hostdev devices LXC from native: convert lxc.tty to console devices LXC from native: convert macvlan network configuration LXC from native: convert lxc.id_map into idmap LXC from native: migrate memory tuning LXC from native: map lxc.cgroup.cpu.* LXC from native: map lxc.cgroup.cpuset.* LXC from native: add lxc.cgroup.blkio.* mapping LXC from native: map lxc.arch to /domain/os/type@arch LXC from native: map block filesystems LXC from native: map vlan network type LXC: added some doc on domxml-from-native with mention of limitations LXC from native: convert blkio throttle config lxc: honor link state=up for veth interfaces blkiotune: allow node major='' minor=''/ in place of path ... src/lxc/lxc_native.c | 952 + Hi, The use of 'link' as a function parameter breaks the build on RHEL-6.4: cc1: warnings being treated as errors ../../src/lxc/lxc_native.c: In function 'lxcCreateNetDef': ../../src/lxc/lxc_native.c:337: error: declaration of 'link' shadows a global declaration [-Wshadow] /usr/include/unistd.h:809: error: shadowed declaration is here [-Wshadow] ../../src/lxc/lxc_native.c: In function 'lxcAddNetworkDefinition': ../../src/lxc/lxc_native.c:414: error: declaration of 'link' shadows a global declaration [-Wshadow] /usr/include/unistd.h:809: error: shadowed declaration is here [-Wshadow] make[3]: *** [lxc/libvirt_driver_lxc_impl_la-lxc_native.lo] Error 1 Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v7 4/7] qemu_cap: Add USB keyboard capability
From: Li Zhang zhlci...@linux.vnet.ibm.com QEMU can support USB keyboard but libvirt haven't supportted it yet. This patch is to add USB keyboard capabilities and test cases. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/qemu/qemu_capabilities.c | 3 +++ src/qemu/qemu_capabilities.h | 1 + tests/qemucapabilitiesdata/caps_1.2.2-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.3.1-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.4.2-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.5.3-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.6.0-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.6.50-1.caps | 1 + tests/qemuhelptest.c | 8 9 files changed, 18 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e7d953a..d618b3f 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -249,6 +249,8 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, enable-fips, spice-file-xfer-disable, spiceport, + + usb-kbd, /* 165 */ ); struct _virQEMUCaps { @@ -1403,6 +1405,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { virtio-mmio, QEMU_CAPS_DEVICE_VIRTIO_MMIO }, { ich9-intel-hda, QEMU_CAPS_DEVICE_ICH9_INTEL_HDA }, { pvpanic, QEMU_CAPS_DEVICE_PANIC }, +{ usb-kbd, QEMU_CAPS_DEVICE_USB_KBD }, }; static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBlk[] = { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index a4eecb6..b5445e7 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -203,6 +203,7 @@ enum virQEMUCapsFlags { QEMU_CAPS_ENABLE_FIPS= 162, /* -enable-fips */ QEMU_CAPS_SPICE_FILE_XFER_DISABLE = 163, /* -spice disable-agent-file-xfer */ QEMU_CAPS_CHARDEV_SPICEPORT = 164, /* -chardev spiceport */ +QEMU_CAPS_DEVICE_USB_KBD = 165, /* -device usb-kbd */ QEMU_CAPS_LAST, /* this must always be the last item */ }; diff --git a/tests/qemucapabilitiesdata/caps_1.2.2-1.caps b/tests/qemucapabilitiesdata/caps_1.2.2-1.caps index c3ae814..436cecd 100644 --- a/tests/qemucapabilitiesdata/caps_1.2.2-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.2.2-1.caps @@ -113,4 +113,5 @@ flag name='usb-storage.removable'/ flag name='kvm-pit-lost-tick-policy'/ flag name='enable-fips'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemucapabilitiesdata/caps_1.3.1-1.caps b/tests/qemucapabilitiesdata/caps_1.3.1-1.caps index da15d8b..6b4a8f0 100644 --- a/tests/qemucapabilitiesdata/caps_1.3.1-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.3.1-1.caps @@ -126,4 +126,5 @@ flag name='usb-storage'/ flag name='usb-storage.removable'/ flag name='kvm-pit-lost-tick-policy'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemucapabilitiesdata/caps_1.4.2-1.caps b/tests/qemucapabilitiesdata/caps_1.4.2-1.caps index c419068..e3d0047 100644 --- a/tests/qemucapabilitiesdata/caps_1.4.2-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.4.2-1.caps @@ -127,4 +127,5 @@ flag name='usb-storage.removable'/ flag name='ich9-intel-hda'/ flag name='kvm-pit-lost-tick-policy'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemucapabilitiesdata/caps_1.5.3-1.caps b/tests/qemucapabilitiesdata/caps_1.5.3-1.caps index adf8531..01b4d27 100644 --- a/tests/qemucapabilitiesdata/caps_1.5.3-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.5.3-1.caps @@ -135,4 +135,5 @@ flag name='pvpanic'/ flag name='reboot-timeout'/ flag name='spiceport'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemucapabilitiesdata/caps_1.6.0-1.caps b/tests/qemucapabilitiesdata/caps_1.6.0-1.caps index e6b2f76..597f873 100644 --- a/tests/qemucapabilitiesdata/caps_1.6.0-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.6.0-1.caps @@ -141,4 +141,5 @@ flag name='enable-fips'/ flag name='spice-file-xfer-disable'/ flag name='spiceport'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemucapabilitiesdata/caps_1.6.50-1.caps b/tests/qemucapabilitiesdata/caps_1.6.50-1.caps index e6b8117..0c1dd87 100644 --- a/tests/qemucapabilitiesdata/caps_1.6.50-1.caps +++ b/tests/qemucapabilitiesdata/caps_1.6.50-1.caps @@ -139,4 +139,5 @@ flag name='reboot-timeout'/ flag name='spice-file-xfer-disable'/ flag name='spiceport'/ +flag name='usb-kbd'/ /qemuCaps diff --git a/tests/qemuhelptest.c b/tests/qemuhelptest.c index 3628fbe..6e0a5f8 100644 --- a/tests/qemuhelptest.c +++ b/tests/qemuhelptest.c @@ -403,6 +403,7 @@ mymain(void) QEMU_CAPS_DEVICE_VMWARE_SVGA, QEMU_CAPS_DEVICE_USB_SERIAL, QEMU_CAPS_DEVICE_USB_NET, +QEMU_CAPS_DEVICE_USB_KBD, QEMU_CAPS_DEVICE_PCI_BRIDGE); DO_TEST(qemu-kvm-0.12.3, 12003, 1, 0, QEMU_CAPS_VNC_COLON, @@ -515,6 +516,7 @@ mymain(void)
[libvirt] [PATCH v7 0/7] Support keyboard device
From: Li Zhang zhlci...@linux.vnet.ibm.com This patchset is to add keyboard input device. For PPC64, it doesn't support a default keyboard device when the graphic is enabled. Libvirt supports QEMU command line as -device VGA which won't create any keyboard device for it. So it requires libvirt to add a default USB keyboard device for it. This patchset is to add keyboard input device and a default USB keyboard for PPC64. The related discussion in QEMU community: http://lists.nongnu.org/archive/html/qemu-devel/2013-11/msg01734.html Li Zhang (7): conf: Add a keyboard input device type conf: Add one interface to add default input devices conf: Remove the implicit PS2 mouse for non-X86 and platforms and add an implicit PS2 keyboard device for X86 platforms. qemu_cap: Add USB keyboard capability qemu: format qemu command line for USB keyboard xen: format xen command line for USB keyboard Add a default USB keyboard and USB mouse for PPC64 v7 - v6: * Corret indention errors in code. (Jan Tomko) * Correct make check error in xen driver. (Jan Tomko) * Split 5/6 to 2 parts, qemu and xen. (Jan Tomko) v6 - v5: * Change kbd to keyboard, and correct -usbdevice parameter. * Remove implicit PS/2 keyboard output in XML in case older libvirtd can read it. (Jan Tomko) * Remove implicit keyboard for XEN to make it safer. v5 - v4: * Add PS/2 KBD definition in XML file. (Daniel.P.Berrange) * Allow PS/2 KBD devices and set KBD default bus as PS2 for X86, USB for non-x86. (Daniel.P.Berrange) * Add an implicit PS/2 KBD as PS/2 mouse. (Danniel.P.Berrange) v4 - v3: * Don't remove PS2 mouse device for other virtualization drivers (Jan Tomko). v3 - v2: * Handle the KBD device type in xen and QEMU driver. (Daniel.P.Berrange) * Remove PS2 mouse device for non-X86 platforms. * Move virDomainDefMaybeAddInput to a new patch. (Jan Tomko) * Replace VIR_REALLOC_N with VIR_APPEND_ELEMENT. (Jan Tomoko) * Fix several typos. (Jan Tomoko) * Add a virReportError when QEMU_CAPS_DEVICE_USB_KBD can't be gotten. (Jan Tomoko) v2 - v1: * change ifs to switch clause. * reconstruct the patches docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 112 ++--- src/conf/domain_conf.h | 5 + src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 3 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c| 41 ++-- src/qemu/qemu_domain.c | 23 - src/util/virarch.h | 2 + src/xenxs/xen_sxpr.c | 27 +++-- src/xenxs/xen_xm.c | 30 -- tests/qemucapabilitiesdata/caps_1.2.2-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.3.1-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.4.2-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.5.3-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.6.0-1.caps | 1 + tests/qemucapabilitiesdata/caps_1.6.50-1.caps | 1 + tests/qemuhelptest.c | 8 ++ .../qemuxml2argvdata/qemuxml2argv-pseries-disk.xml | 3 +- .../qemuxml2argv-pseries-usb-kbd.args | 9 ++ .../qemuxml2argv-pseries-usb-kbd.xml | 19 tests/qemuxml2argvtest.c | 3 + 22 files changed, 227 insertions(+), 67 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.xml -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v7 1/7] conf: Add a keyboard input device type
From: Li Zhang zhlci...@linux.vnet.ibm.com There is no keyboard for non-x86 platforms when graphics are enabled. It's preferred to add one USB keyboard. This patch is to add keyboard input device type. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c| 20 +--- src/conf/domain_conf.h| 1 + 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c1efcd2..601e7ac 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3269,6 +3269,7 @@ choice valuetablet/value valuemouse/value + valuekeyboard/value /choice /attribute optional diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index f6065ed..9d344bc 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -506,7 +506,8 @@ VIR_ENUM_IMPL(virDomainVideo, VIR_DOMAIN_VIDEO_TYPE_LAST, VIR_ENUM_IMPL(virDomainInput, VIR_DOMAIN_INPUT_TYPE_LAST, mouse, - tablet) + tablet, + keyboard) VIR_ENUM_IMPL(virDomainInputBus, VIR_DOMAIN_INPUT_BUS_LAST, ps2, @@ -7796,8 +7797,9 @@ virDomainInputDefParseXML(const char *ostype, } if (STREQ(ostype, hvm)) { -if (def-bus == VIR_DOMAIN_INPUT_BUS_PS2 /* Only allow mouse for ps2 */ -def-type != VIR_DOMAIN_INPUT_TYPE_MOUSE) { +if (def-bus == VIR_DOMAIN_INPUT_BUS_PS2 /* PS2 can be mouse or keyboard */ +!(def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || +def-type == VIR_DOMAIN_INPUT_TYPE_KBD)) { virReportError(VIR_ERR_INTERNAL_ERROR, _(ps2 bus does not support %s input device), type); @@ -7815,7 +7817,8 @@ virDomainInputDefParseXML(const char *ostype, _(unsupported input bus %s), bus); } -if (def-type != VIR_DOMAIN_INPUT_TYPE_MOUSE) { +if (def-type != VIR_DOMAIN_INPUT_TYPE_MOUSE +def-type != VIR_DOMAIN_INPUT_TYPE_KBD) { virReportError(VIR_ERR_INTERNAL_ERROR, _(xen bus does not support %s input device), type); @@ -7824,7 +7827,8 @@ virDomainInputDefParseXML(const char *ostype, } } else { if (STREQ(ostype, hvm)) { -if (def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE) +if (def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || +def-type == VIR_DOMAIN_INPUT_TYPE_KBD) def-bus = VIR_DOMAIN_INPUT_BUS_PS2; else def-bus = VIR_DOMAIN_INPUT_BUS_USB; @@ -12422,10 +12426,12 @@ virDomainDefParseXML(xmlDocPtr xml, * XXX will this be true for other virt types ? */ if ((STREQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_PS2 - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE) || + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD)) || (STRNEQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_XEN - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE)) { + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD))) { virDomainInputDefFree(input); continue; } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 4895e81..98706d5 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1239,6 +1239,7 @@ struct _virDomainTPMDef { enum virDomainInputType { VIR_DOMAIN_INPUT_TYPE_MOUSE, VIR_DOMAIN_INPUT_TYPE_TABLET, +VIR_DOMAIN_INPUT_TYPE_KBD, VIR_DOMAIN_INPUT_TYPE_LAST }; -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v7 2/7] conf: Add one interface to add default input devices
From: Li Zhang zhlci...@linux.vnet.ibm.com This patch is to add one new interface to add input devices. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/conf/domain_conf.c | 27 +++ src/conf/domain_conf.h | 4 src/libvirt_private.syms | 1 + 3 files changed, 32 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9d344bc..3cb4fc1 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -11043,6 +11043,33 @@ virDomainDefMaybeAddController(virDomainDefPtr def, return 0; } +int +virDomainDefMaybeAddInput(virDomainDefPtr def, + int type, + int bus) +{ +size_t i; +virDomainInputDefPtr input; + +for (i = 0; i def-ninputs; i++) { +if (def-inputs[i]-type == type +def-inputs[i]-bus == bus) +return 0; +} + +if (VIR_ALLOC(input) 0) +return -1; + +input-type = type; +input-bus = bus; + +if (VIR_APPEND_ELEMENT(def-inputs, def-ninputs, input) 0) { +VIR_FREE(input); +return -1; +} + +return 0; +} /* Parse a memory element located at XPATH within CTXT, and store the * result into MEM. If REQUIRED, then the value must exist; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 98706d5..2740152 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2805,6 +2805,10 @@ virDomainDefMaybeAddController(virDomainDefPtr def, int type, int idx, int model); +int +virDomainDefMaybeAddInput(virDomainDefPtr def, + int type, + int bus); char *virDomainDefGetDefaultEmulator(virDomainDefPtr def, virCapsPtr caps); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0b28bac..607888d 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -165,6 +165,7 @@ virDomainDefGenSecurityLabelDef; virDomainDefGetDefaultEmulator; virDomainDefGetSecurityLabelDef; virDomainDefMaybeAddController; +virDomainDefMaybeAddInput; virDomainDefNew; virDomainDefParseFile; virDomainDefParseNode; -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v7 3/7] conf: Remove the implicit PS2 mouse for non-X86 and platforms and add an implicit PS2 keyboard device for X86 platforms.
From: Li Zhang zhlci...@linux.vnet.ibm.com PS2 device only works for X86 platform, other platforms may need USB mouse. Athough it doesn't influence the QEMU command line, but it's not right to add one PS2 mouse for non-X86 platform. What's more, PS2 keyboard can be supported for X86. So, this patch is to remove PS2 mouse for non-x86 platforms and also add an implicit PS2 keyboard device for X86. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/conf/domain_conf.c | 69 +++--- src/util/virarch.h | 2 + .../qemuxml2argvdata/qemuxml2argv-pseries-disk.xml | 1 - 3 files changed, 37 insertions(+), 35 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3cb4fc1..87f5fea 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -7763,7 +7763,7 @@ error: /* Parse the XML definition for an input device */ static virDomainInputDefPtr -virDomainInputDefParseXML(const char *ostype, +virDomainInputDefParseXML(const virDomainDef *dom, xmlNodePtr node, unsigned int flags) { @@ -7796,7 +7796,7 @@ virDomainInputDefParseXML(const char *ostype, goto error; } -if (STREQ(ostype, hvm)) { +if (STREQ(dom-os.type, hvm)) { if (def-bus == VIR_DOMAIN_INPUT_BUS_PS2 /* PS2 can be mouse or keyboard */ !(def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || def-type == VIR_DOMAIN_INPUT_TYPE_KBD)) { @@ -7826,9 +7826,10 @@ virDomainInputDefParseXML(const char *ostype, } } } else { -if (STREQ(ostype, hvm)) { -if (def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || -def-type == VIR_DOMAIN_INPUT_TYPE_KBD) +if (STREQ(dom-os.type, hvm)) { +if ((def-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || +def-type == VIR_DOMAIN_INPUT_TYPE_KBD) +ARCH_IS_X86(dom-os.arch)) def-bus = VIR_DOMAIN_INPUT_BUS_PS2; else def-bus = VIR_DOMAIN_INPUT_BUS_USB; @@ -9850,7 +9851,7 @@ virDomainDeviceDefParse(const char *xmlStr, goto error; break; case VIR_DOMAIN_DEVICE_INPUT: -if (!(dev-data.input = virDomainInputDefParseXML(def-os.type, +if (!(dev-data.input = virDomainInputDefParseXML(def, node, flags))) goto error; break; @@ -12433,7 +12434,7 @@ virDomainDefParseXML(xmlDocPtr xml, goto error; for (i = 0; i n; i++) { -virDomainInputDefPtr input = virDomainInputDefParseXML(def-os.type, +virDomainInputDefPtr input = virDomainInputDefParseXML(def, nodes[i], flags); if (!input) @@ -12485,29 +12486,28 @@ virDomainDefParseXML(xmlDocPtr xml, VIR_FREE(nodes); /* If graphics are enabled, there's an implicit PS2 mouse */ -if (def-ngraphics 0) { -virDomainInputDefPtr input; +if (def-ngraphics 0 +(ARCH_IS_X86(def-os.arch) || + def-os.arch == VIR_ARCH_NONE)) { +int input_bus = VIR_DOMAIN_INPUT_BUS_XEN; -if (VIR_ALLOC(input) 0) { -goto error; -} -if (STREQ(def-os.type, hvm)) { -input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; -input-bus = VIR_DOMAIN_INPUT_BUS_PS2; -} else { -input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; -input-bus = VIR_DOMAIN_INPUT_BUS_XEN; -} +if (STREQ(def-os.type, hvm)) +input_bus = VIR_DOMAIN_INPUT_BUS_PS2; -if (VIR_REALLOC_N(def-inputs, def-ninputs + 1) 0) { -virDomainInputDefFree(input); +if (virDomainDefMaybeAddInput(def, + VIR_DOMAIN_INPUT_TYPE_MOUSE, + input_bus) 0) goto error; + +/*Ignore keyboard for XEN, only add a PS2 keyboard device for hvm*/ +if (STREQ(def-os.type, hvm)) { +if (virDomainDefMaybeAddInput(def, + VIR_DOMAIN_INPUT_TYPE_KBD, + input_bus) 0) +goto error; } -def-inputs[def-ninputs] = input; -def-ninputs++; } - /* analysis of the sound devices */ if ((n = virXPathNodeSet(./devices/sound, ctxt, nodes)) 0) { goto error; @@ -17523,16 +17523,17 @@ virDomainDefFormatInternal(virDomainDefPtr def, } if (def-ngraphics 0) { -/* If graphics is enabled, add the implicit mouse */ -virDomainInputDef autoInput = { -VIR_DOMAIN_INPUT_TYPE_MOUSE, -STREQ(def-os.type, hvm) ? -VIR_DOMAIN_INPUT_BUS_PS2 : VIR_DOMAIN_INPUT_BUS_XEN, -{
[libvirt] [PATCH v7 5/7] qemu: format qemu command line for USB keyboard
From: Li Zhang zhlci...@linux.vnet.ibm.com This patch is to format qemu command line for USB keyboard and add test cases for it. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/qemu/qemu_command.c| 41 -- .../qemuxml2argv-pseries-usb-kbd.args | 9 + .../qemuxml2argv-pseries-usb-kbd.xml | 19 ++ tests/qemuxml2argvtest.c | 3 ++ 4 files changed, 62 insertions(+), 10 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index e499d54..d7d39b3 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -5306,9 +5306,19 @@ qemuBuildUSBInputDevStr(virDomainDefPtr def, { virBuffer buf = VIR_BUFFER_INITIALIZER; -virBufferAsprintf(buf, %s,id=%s, - dev-type == VIR_DOMAIN_INPUT_TYPE_MOUSE ? - usb-mouse : usb-tablet, dev-info.alias); +switch (dev-type) { +case VIR_DOMAIN_INPUT_TYPE_MOUSE: +virBufferAsprintf(buf, usb-mouse,id=%s, dev-info.alias); +break; +case VIR_DOMAIN_INPUT_TYPE_TABLET: +virBufferAsprintf(buf, usb-tablet,id=%s, dev-info.alias); +break; +case VIR_DOMAIN_INPUT_TYPE_KBD: +if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_USB_KBD)) +goto error; +virBufferAsprintf(buf, usb-kbd,id=%s, dev-info.alias); +break; +} if (qemuBuildDeviceAddressStr(buf, def, dev-info, qemuCaps) 0) goto error; @@ -9044,9 +9054,17 @@ qemuBuildCommandLine(virConnectPtr conn, virCommandAddArg(cmd, optstr); VIR_FREE(optstr); } else { -virCommandAddArgList(cmd, -usbdevice, - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE - ? mouse : tablet, NULL); +switch (input-type) { +case VIR_DOMAIN_INPUT_TYPE_MOUSE: +virCommandAddArgList(cmd, -usbdevice, mouse, NULL); +break; +case VIR_DOMAIN_INPUT_TYPE_TABLET: +virCommandAddArgList(cmd, -usbdevice, tablet, NULL); +break; +case VIR_DOMAIN_INPUT_TYPE_KBD: +virCommandAddArgList(cmd, -usbdevice, keyboard, NULL); +break; +} } } } @@ -11720,20 +11738,23 @@ qemuParseCommandLine(virCapsPtr qemuCaps, } else if (STREQ(arg, -usbdevice)) { WANT_VALUE(); if (STREQ(val, tablet) || -STREQ(val, mouse)) { +STREQ(val, mouse) || +STREQ(val, keyboard)) { virDomainInputDefPtr input; if (VIR_ALLOC(input) 0) goto error; input-bus = VIR_DOMAIN_INPUT_BUS_USB; if (STREQ(val, tablet)) input-type = VIR_DOMAIN_INPUT_TYPE_TABLET; -else +else if (STREQ(val, mouse)) input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; -if (VIR_REALLOC_N(def-inputs, def-ninputs+1) 0) { +else +input-type = VIR_DOMAIN_INPUT_TYPE_KBD; + +if (VIR_APPEND_ELEMENT(def-inputs, def-ninputs, input) 0) { virDomainInputDefFree(input); goto error; } -def-inputs[def-ninputs++] = input; } else if (STRPREFIX(val, disk:)) { if (VIR_ALLOC(disk) 0) goto error; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.args b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.args new file mode 100644 index 000..373c72a --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.args @@ -0,0 +1,9 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-ppc64 -S -M pseries -m 512 -smp 1 \ +-nographic -nodefconfig -nodefaults \ +-chardev socket,id=charmonitor,path=/tmp/test-monitor,server,nowait \ +-mon chardev=charmonitor,id=monitor,mode=readline -no-acpi -boot c \ +-device pci-ohci,id=usb,bus=pci,addr=0x1 \ +-chardev pty,id=charserial0 \ +-device spapr-vty,chardev=charserial0,reg=0x3000 \ +-device usb-kbd,id=input0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.xml b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.xml new file mode 100644 index 000..5bd4c37 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-usb-kbd.xml @@ -0,0 +1,19 @@ +domain type='qemu' + nameQEMUGuest1/name + uuid1ccfd97d-5eb4-478a-bbe6-88d254c16db7/uuid + memory unit='KiB'524288/memory + vcpu
[libvirt] [PATCH v7 6/7] xen: format xen command line for USB keyboard
From: Li Zhang zhlci...@linux.vnet.ibm.com This patch is to format xen command line for USB keyboard Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/xenxs/xen_sxpr.c | 27 +++ src/xenxs/xen_xm.c | 30 ++ 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/src/xenxs/xen_sxpr.c b/src/xenxs/xen_sxpr.c index d514725..d366b1b 100644 --- a/src/xenxs/xen_sxpr.c +++ b/src/xenxs/xen_sxpr.c @@ -724,21 +724,23 @@ xenParseSxprUSB(virDomainDefPtr def, tmp = sexpr_node(node, usbdevice); if (tmp *tmp) { if (STREQ(tmp, tablet) || -STREQ(tmp, mouse)) { +STREQ(tmp, mouse) || +STREQ(tmp, keyboard)) { virDomainInputDefPtr input; if (VIR_ALLOC(input) 0) goto error; input-bus = VIR_DOMAIN_INPUT_BUS_USB; if (STREQ(tmp, tablet)) input-type = VIR_DOMAIN_INPUT_TYPE_TABLET; -else +else if (STREQ(tmp, mouse)) input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; +else +input-type = VIR_DOMAIN_INPUT_TYPE_KBD; -if (VIR_REALLOC_N(def-inputs, def-ninputs+1) 0) { +if (VIR_APPEND_ELEMENT(def-inputs, def-ninputs, input) 0) { VIR_FREE(input); goto error; } -def-inputs[def-ninputs++] = input; } else { /* XXX Handle other non-input USB devices later */ } @@ -2144,15 +2146,24 @@ xenFormatSxprInput(virDomainInputDefPtr input, return 0; if (input-type != VIR_DOMAIN_INPUT_TYPE_MOUSE -input-type != VIR_DOMAIN_INPUT_TYPE_TABLET) { +input-type != VIR_DOMAIN_INPUT_TYPE_TABLET +input-type != VIR_DOMAIN_INPUT_TYPE_KBD) { virReportError(VIR_ERR_INTERNAL_ERROR, _(unexpected input type %d), input-type); return -1; } -virBufferAsprintf(buf, (usbdevice %s), - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE ? - mouse : tablet); +switch (input-type) { +case VIR_DOMAIN_INPUT_TYPE_MOUSE: +virBufferAsprintf(buf, (usbdevice %s), mouse); +break; +case VIR_DOMAIN_INPUT_TYPE_TABLET: +virBufferAsprintf(buf, (usbdevice %s), tablet); +break; +case VIR_DOMAIN_INPUT_TYPE_KBD: +virBufferAsprintf(buf, (usbdevice %s), keyboard); +break; +} return 0; } diff --git a/src/xenxs/xen_xm.c b/src/xenxs/xen_xm.c index 5e89876..3a57547 100644 --- a/src/xenxs/xen_xm.c +++ b/src/xenxs/xen_xm.c @@ -886,14 +886,18 @@ xenParseXM(virConfPtr conf, int xendConfigVersion, goto cleanup; if (str (STREQ(str, tablet) || - STREQ(str, mouse))) { + STREQ(str, mouse) || + STREQ(str, keyboard))) { virDomainInputDefPtr input; if (VIR_ALLOC(input) 0) goto cleanup; input-bus = VIR_DOMAIN_INPUT_BUS_USB; -input-type = STREQ(str, tablet) ? -VIR_DOMAIN_INPUT_TYPE_TABLET : -VIR_DOMAIN_INPUT_TYPE_MOUSE; +if (STREQ(str, mouse)) +input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; +else if (STREQ(str, tablet)) +input-type = VIR_DOMAIN_INPUT_TYPE_TABLET; +else if (STREQ(str, keyboard)) +input-type = VIR_DOMAIN_INPUT_TYPE_KBD; if (VIR_ALLOC_N(def-inputs, 1) 0) { virDomainInputDefFree(input); goto cleanup; @@ -1746,10 +1750,20 @@ virConfPtr xenFormatXM(virConnectPtr conn, if (def-inputs[i]-bus == VIR_DOMAIN_INPUT_BUS_USB) { if (xenXMConfigSetInt(conf, usb, 1) 0) goto cleanup; -if (xenXMConfigSetString(conf, usbdevice, - def-inputs[i]-type == VIR_DOMAIN_INPUT_TYPE_MOUSE ? - mouse : tablet) 0) -goto cleanup; +switch (def-inputs[i]-type) { +case VIR_DOMAIN_INPUT_TYPE_MOUSE: +if (xenXMConfigSetString(conf, usbdevice, mouse) 0) +goto cleanup; +break; +case VIR_DOMAIN_INPUT_TYPE_TABLET: +if (xenXMConfigSetString(conf, usbdevice, tablet) 0) +goto cleanup; +break; +case VIR_DOMAIN_INPUT_TYPE_KBD: +if (xenXMConfigSetString(conf, usbdevice, keyboard) 0) +
[libvirt] [PATCH v7 7/7] Add a default USB keyboard and USB mouse for PPC64
From: Li Zhang zhlci...@linux.vnet.ibm.com There is no keyboard working on PPC64 and PS2 mouse is only for PPC64 when graphics are enabled. It needs to add a USB keyboard and USB mouse for it. This patch is to add a USB keyboard and USB mouse when graphics are enabled. Signed-off-by: Li Zhang zhlci...@linux.vnet.ibm.com --- src/qemu/qemu_domain.c | 23 +- .../qemuxml2argvdata/qemuxml2argv-pseries-disk.xml | 2 ++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a665061..7f4ff0e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -691,6 +691,8 @@ qemuDomainDefPostParse(virDomainDefPtr def, bool addPCIRoot = false; bool addPCIeRoot = false; bool addDefaultMemballoon = true; +bool addDefaultUSBKBD = false; +bool addDefaultUSBMouse = false; /* check for emulator and create a default one if needed */ if (!def-emulator @@ -732,9 +734,14 @@ qemuDomainDefPostParse(virDomainDefPtr def, addDefaultMemballoon = false; break; +case VIR_ARCH_PPC64: +addPCIRoot = true; +addDefaultUSBKBD = true; +addDefaultUSBMouse = true; +break; + case VIR_ARCH_ALPHA: case VIR_ARCH_PPC: -case VIR_ARCH_PPC64: case VIR_ARCH_PPCEMB: case VIR_ARCH_SH4: case VIR_ARCH_SH4EB: @@ -787,6 +794,20 @@ qemuDomainDefPostParse(virDomainDefPtr def, def-memballoon = memballoon; } +if (addDefaultUSBKBD +def-ngraphics 0 +virDomainDefMaybeAddInput(def, + VIR_DOMAIN_INPUT_TYPE_KBD, + VIR_DOMAIN_INPUT_BUS_USB) 0) +return -1; + +if (addDefaultUSBMouse +def-ngraphics 0 +virDomainDefMaybeAddInput(def, + VIR_DOMAIN_INPUT_TYPE_MOUSE, + VIR_DOMAIN_INPUT_BUS_USB) 0) +return -1; + return 0; } diff --git a/tests/qemuxml2argvdata/qemuxml2argv-pseries-disk.xml b/tests/qemuxml2argvdata/qemuxml2argv-pseries-disk.xml index 8dde776..64b70f3 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-pseries-disk.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-pseries-disk.xml @@ -30,6 +30,8 @@ controller type='usb' index='0'/ controller type='scsi' index='0'/ controller type='pci' index='0' model='pci-root'/ +input type='keyboard' bus='usb'/ +input type='mouse' bus='usb'/ graphics type='sdl'/ video model type='cirrus' vram='9216' heads='1'/ -- 1.8.2.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
On Fri, Feb 14, 2014 at 08:47:37AM +0100, Richard Weinberger wrote: Am 14.02.2014 08:10, schrieb Martin Kletzander: On Thu, Feb 13, 2014 at 05:15:22PM +, Daniel P. Berrange wrote: From: Richard Weinberger rich...@nod.at Add a new helper function to change the permissions of a control group. This function is needed for user namespaces, we need to chmod() the cgroup to the initial uid/gid such that systemd is allowed to use the cgroup. Only the systemd controller is made accessible to the container. Others must remain read-only since it is generally not safe to delegate resource controller write access to unprivileged processes. Signed-off-by: Richard Weinberger rich...@nod.at --- src/libvirt_private.syms | 1 + src/lxc/lxc_cgroup.c | 9 src/util/vircgroup.c | 54 src/util/vircgroup.h | 5 + 4 files changed, 69 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0b28bac..cfa9f75 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1056,6 +1056,7 @@ virCgroupSetMemory; virCgroupSetMemoryHardLimit; virCgroupSetMemorySoftLimit; virCgroupSetMemSwapHardLimit; +virCgroupSetOwner; virCgroupSupportsCpuBW; diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index cc0d5e8..0d0d9c0 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -484,6 +484,15 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) cgroup) 0) goto cleanup; +/* setup control group permissions for user namespace */ +if (def-idmap.uidmap) { +if (virCgroupSetOwner(cgroup, + def-idmap.uidmap[0].target, + def-idmap.gidmap[0].target, + (1 VIR_CGROUP_CONTROLLER_SYSTEMD))) This should be if (virCgroupSetOwner() 0) to go with the rest. Ok. +goto cleanup; +} + virCgroupNewMachine() guarantees that the cgroup is NULL in case of an error, but you don't guarantee that in virCgroupSetOwner(), so the errors from it won't propagate anywhere, because you don't return NULL from this function. Do we really want to treat a failed chown() as fatal error? I'm not saying either way, but if you're not using the error (or you don't want that error to be used, than don't report it with virReportError() and use VIR_WARN() for example. However, if the called function should report an error and this is the only case which should not do it (an exception), then reset the error at least. cleanup: return cgroup; } diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index a6d60c5..2dc6986 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -3253,6 +3253,60 @@ cleanup: } +int virCgroupSetOwner(virCgroupPtr cgroup, + uid_t uid, + gid_t gid, + int controllers) +{ +size_t i; + +for (i = 0; i VIR_CGROUP_CONTROLLER_LAST; i++) { +char *base, *entry; +DIR *dh; +struct dirent *de; + +if (!((1 i) controllers)) +continue; + +if (!cgroup-controllers[i].mountPoint) +continue; + +if (virAsprintf(base, %s%s, cgroup-controllers[i].mountPoint, +cgroup-controllers[i].placement) 0) { +virReportOOMError(); Double OOM reporting. Ahh, virAsprintf() already reports the error... +return -1; +} + +dh = opendir(base); +while ((de = readdir(dh)) != NULL) { +if (STREQ(de-d_name, .) || +STREQ(de-d_name, ..)) +continue; + +if (virAsprintf(entry, %s/%s, base, de-d_name) 0) { +VIR_FREE(base); +virReportOOMError(); Same here, plus you continue the loop and don't return -1. Ok! +} + +if (chown(entry, uid, gid) 0) +virReportSystemError(errno, _(cannot chown '%s' to (%u, %u)), +entry, uid, gid); Indentation's off and you continue the loop again. I continue here by design because I don't treat a failed chown() as fatal error. + +VIR_FREE(entry); +} +closedir(dh); + +if (chown(base, uid, gid) 0) +virReportSystemError(errno, _(cannot chown '%s' to (%u, %u)), +base, uid, gid); Again reporting an error, but returning 0 even in case of an error. Same here. Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com
Re: [libvirt] [PATCH v6 1/6] conf: Add a keyboard input device type
On 2014年02月14日 00:39, Daniel P. Berrange wrote: On Thu, Feb 13, 2014 at 04:48:21PM +0800, Li Zhang wrote: @@ -12422,10 +12426,12 @@ virDomainDefParseXML(xmlDocPtr xml, * XXX will this be true for other virt types ? */ if ((STREQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_PS2 - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE) || + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD)) || (STRNEQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_XEN - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE)) { + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD))) { virDomainInputDefFree(input); continue; Later on in this function there is /* If graphics are enabled, there's an implicit PS2 mouse */ if (def-ngraphics 0) { virDomainInputDefPtr input; if (VIR_ALLOC(input) 0) { goto error; } if (STREQ(def-os.type, hvm)) { input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; input-bus = VIR_DOMAIN_INPUT_BUS_PS2; } else { input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; input-bus = VIR_DOMAIN_INPUT_BUS_XEN; } if (VIR_REALLOC_N(def-inputs, def-ninputs + 1) 0) { virDomainInputDefFree(input); goto error; } def-inputs[def-ninputs] = input; def-ninputs++; } which needs to take care of keyboards too now. And some more similar logic in virDomainDefFormatInternal which needs updating I have add the keyboard device in this function in this version [3/6]. But Jan suggested to remove it from virDomainDefFormatInternal in v5. Because it would make the XML unreadable by older libvirtd that didn't know the keyboard input type. Daniel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v6 1/6] conf: Add a keyboard input device type
On 02/14/2014 10:02 AM, Li Zhang wrote: On 2014年02月14日 00:39, Daniel P. Berrange wrote: On Thu, Feb 13, 2014 at 04:48:21PM +0800, Li Zhang wrote: @@ -12422,10 +12426,12 @@ virDomainDefParseXML(xmlDocPtr xml, * XXX will this be true for other virt types ? */ if ((STREQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_PS2 - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE) || + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD)) || (STRNEQ(def-os.type, hvm) input-bus == VIR_DOMAIN_INPUT_BUS_XEN - input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE)) { + (input-type == VIR_DOMAIN_INPUT_TYPE_MOUSE || + input-type == VIR_DOMAIN_INPUT_TYPE_KBD))) { virDomainInputDefFree(input); continue; Later on in this function there is /* If graphics are enabled, there's an implicit PS2 mouse */ if (def-ngraphics 0) { virDomainInputDefPtr input; if (VIR_ALLOC(input) 0) { goto error; } if (STREQ(def-os.type, hvm)) { input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; input-bus = VIR_DOMAIN_INPUT_BUS_PS2; } else { input-type = VIR_DOMAIN_INPUT_TYPE_MOUSE; input-bus = VIR_DOMAIN_INPUT_BUS_XEN; } if (VIR_REALLOC_N(def-inputs, def-ninputs + 1) 0) { virDomainInputDefFree(input); goto error; } def-inputs[def-ninputs] = input; def-ninputs++; } which needs to take care of keyboards too now. And some more similar logic in virDomainDefFormatInternal which needs updating I have add the keyboard device in this function in this version [3/6]. But Jan suggested to remove it from virDomainDefFormatInternal in v5. Because it would make the XML unreadable by older libvirtd that didn't know the keyboard input type. Sorry about that, it seems we only care about XML to be readable by older libvirt if virDomainDefFormat* is called with the VIR_DOMAIN_XML_MIGRATABLE flag, so we can safely format it when this flag is not set. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Looking for project ideas and mentors for Google Summer of Code 2014
On Fri, Feb 14, 2014 at 09:16:19AM +0100, Jan Kiszka wrote: On 2014-02-11 11:17, Stefan Hajnoczi wrote: On Mon, Feb 3, 2014 at 8:45 AM, Stefan Hajnoczi stefa...@gmail.com wrote: Project ideas Please post project ideas on the wiki page below. Project ideas should be suitable as a 12-week project that a student fluent in C/Python/etc can complete. No prior knowledge of QEMU/KVM/libvirt internals can be assumed. http://qemu-project.org/Google_Summer_of_Code_2014 Please post your project ideas before Friday. I need to submit our organization application (including our project ideas) on Friday. Hope it's not too late: just added the VT-d emulation proposal. Excellent! I was going to ping you today because the project you mentored last year was quite successful. Thank you for posting your idea for 2014. Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-java] [PATCH 01/65] Fix warnings about using raw types
Hi, On Thu, Feb 13, 2014 at 04:22:09PM +0100, Claudio Bley wrote: Eclipse generates this kind of warning: org/libvirt/jna/virConnectCredential.java:20: List is a raw type. References to generic type ListE should be parameterized Signed-off-by: Claudio Bley cb...@av-test.de --- src/main/java/org/libvirt/jna/virConnectAuth.java |4 ++-- .../java/org/libvirt/jna/virConnectCredential.java |4 ++-- .../java/org/libvirt/jna/virDomainBlockInfo.java |4 ++-- .../java/org/libvirt/jna/virDomainBlockStats.java |4 ++-- src/main/java/org/libvirt/jna/virDomainInfo.java |4 ++-- .../org/libvirt/jna/virDomainInterfaceStats.java |4 ++-- .../java/org/libvirt/jna/virDomainJobInfo.java |4 ++-- .../java/org/libvirt/jna/virDomainMemoryStats.java |4 ++-- src/main/java/org/libvirt/jna/virError.java|4 ++-- src/main/java/org/libvirt/jna/virNodeInfo.java |4 ++-- .../java/org/libvirt/jna/virSchedParameter.java|4 ++-- .../java/org/libvirt/jna/virStoragePoolInfo.java |4 ++-- .../java/org/libvirt/jna/virStorageVolInfo.java|4 ++-- src/main/java/org/libvirt/jna/virVcpuInfo.java |4 ++-- 14 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/main/java/org/libvirt/jna/virConnectAuth.java b/src/main/java/org/libvirt/jna/virConnectAuth.java index ece61f6..0451348 100644 --- a/src/main/java/org/libvirt/jna/virConnectAuth.java +++ b/src/main/java/org/libvirt/jna/virConnectAuth.java @@ -15,11 +15,11 @@ public class virConnectAuth extends Structure { public Libvirt.VirConnectAuthCallback cb; public Pointer cbdata; -private static final List fields = Arrays.asList( +private static final ListString fields = Arrays.asList( credtype, ncredtype, cb, cbdata); @Override -protected List getFieldOrder() { +protected ListString getFieldOrder() { return fields; } } diff --git a/src/main/java/org/libvirt/jna/virConnectCredential.java b/src/main/java/org/libvirt/jna/virConnectCredential.java index 6dd4a75..316b1f4 100644 --- a/src/main/java/org/libvirt/jna/virConnectCredential.java +++ b/src/main/java/org/libvirt/jna/virConnectCredential.java @@ -17,12 +17,12 @@ public class virConnectCredential extends Structure implements Structure.ByRefer public String result; public int resultlen; -private static final List fields = Arrays.asList( +private static final ListString fields = Arrays.asList( type, prompt, challenge, defresult, result, resultlen); @Override -protected List getFieldOrder() { +protected ListString getFieldOrder() { return fields; } } diff --git a/src/main/java/org/libvirt/jna/virDomainBlockInfo.java b/src/main/java/org/libvirt/jna/virDomainBlockInfo.java index fb1b845..5a88ba3 100644 --- a/src/main/java/org/libvirt/jna/virDomainBlockInfo.java +++ b/src/main/java/org/libvirt/jna/virDomainBlockInfo.java @@ -10,11 +10,11 @@ public class virDomainBlockInfo extends Structure { public long allocation; public long physical; -private static final List fields = Arrays.asList( +private static final ListString fields = Arrays.asList( capacity, allocation, physical); @Override -protected List getFieldOrder() { +protected ListString getFieldOrder() { return fields; } } diff --git a/src/main/java/org/libvirt/jna/virDomainBlockStats.java b/src/main/java/org/libvirt/jna/virDomainBlockStats.java index a7331f6..e48629a 100644 --- a/src/main/java/org/libvirt/jna/virDomainBlockStats.java +++ b/src/main/java/org/libvirt/jna/virDomainBlockStats.java @@ -20,11 +20,11 @@ public class virDomainBlockStats extends Structure { public long errs; // this is a long long in the code, so a long mapping is // correct -private static final List fields = Arrays.asList( +private static final ListString fields = Arrays.asList( rd_req, rd_bytes, wr_req, wr_bytes, errs); @Override -protected List getFieldOrder() { +protected ListString getFieldOrder() { return fields; } } diff --git a/src/main/java/org/libvirt/jna/virDomainInfo.java b/src/main/java/org/libvirt/jna/virDomainInfo.java index 0b667f6..ff20d16 100644 --- a/src/main/java/org/libvirt/jna/virDomainInfo.java +++ b/src/main/java/org/libvirt/jna/virDomainInfo.java @@ -16,11 +16,11 @@ public class virDomainInfo extends Structure { public short nrVirtCpu; public long cpuTime; -private static final List fields = Arrays.asList( +private static final ListString fields = Arrays.asList( state, maxMem, memory, nrVirtCpu, cpuTime); @Override -protected List getFieldOrder() { +protected ListString getFieldOrder() { return fields; } } diff --git
Re: [libvirt] [libvirt-java] [PATCH 05/65] test: ensure that exceptions are thrown when expected
On Thu, Feb 13, 2014 at 04:22:13PM +0100, Claudio Bley wrote: Signed-off-by: Claudio Bley cb...@av-test.de --- src/test/java/org/libvirt/TestJavaBindings.java |2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/java/org/libvirt/TestJavaBindings.java b/src/test/java/org/libvirt/TestJavaBindings.java index 9e7fa82..a25c4f3 100644 --- a/src/test/java/org/libvirt/TestJavaBindings.java +++ b/src/test/java/org/libvirt/TestJavaBindings.java @@ -27,6 +27,7 @@ public final class TestJavaBindings extends TestCase { try { conn.domainDefineXML(fail, miserably); +fail(LibvirtException expected); } catch (LibvirtException e) {} // ignore assertTrue(Error callback was not called, cb.error); @@ -87,6 +88,7 @@ public final class TestJavaBindings extends TestCase { // this should throw an exception try { network1.create(); +fail(LibvirtException expected); } catch (LibvirtException e) { // eat it } ACK (from a non Java expert). -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-java] [PATCH 03/65] Fix typos in Error.java
On Thu, Feb 13, 2014 at 04:22:11PM +0100, Claudio Bley wrote: Signed-off-by: Claudio Bley cb...@av-test.de --- src/main/java/org/libvirt/Error.java |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/libvirt/Error.java b/src/main/java/org/libvirt/Error.java index 6f68f57..ef339bd 100644 --- a/src/main/java/org/libvirt/Error.java +++ b/src/main/java/org/libvirt/Error.java @@ -228,9 +228,9 @@ public class Error implements Serializable { } /** - * Gets he error code + * Gets the error code * - * @return a VirErroNumber + * @return a VirErrorNumber */ public ErrorNumber getCode() { return code; @@ -294,7 +294,7 @@ public class Error implements Serializable { } /** - * Returns human-readable informative error messag + * Returns a human-readable informative error message * * @return error message */ ACK (from a non Java expert). -- Guido -- 1.7.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-java] [PATCH 06/65] Make comments proper javadoc comments for enum constants
On Thu, Feb 13, 2014 at 04:22:14PM +0100, Claudio Bley wrote: Signed-off-by: Claudio Bley cb...@av-test.de --- src/main/java/org/libvirt/Error.java | 397 ++ 1 file changed, 262 insertions(+), 135 deletions(-) diff --git a/src/main/java/org/libvirt/Error.java b/src/main/java/org/libvirt/Error.java index ef339bd..15dd870 100644 --- a/src/main/java/org/libvirt/Error.java +++ b/src/main/java/org/libvirt/Error.java @@ -28,54 +28,104 @@ public class Error implements Serializable { } public static enum ErrorDomain { -VIR_FROM_NONE, VIR_FROM_XEN, /* Error at Xen hypervisor layer */ -VIR_FROM_XEND, /* Error at connection with xend daemon */ -VIR_FROM_XENSTORE, /* Error at connection with xen store */ -VIR_FROM_SEXPR, /* Error in the S-Expression code */ -VIR_FROM_XML, /* Error in the XML code */ -VIR_FROM_DOM, /* Error when operating on a domain */ -VIR_FROM_RPC, /* Error in the XML-RPC code */ -VIR_FROM_PROXY, /* Error in the proxy code */ -VIR_FROM_CONF, /* Error in the configuration file handling */ -VIR_FROM_QEMU, /* Error at the QEMU daemon */ -VIR_FROM_NET, /* Error when operating on a network */ -VIR_FROM_TEST, /* Error from test driver */ -VIR_FROM_REMOTE, /* Error from remote driver */ -VIR_FROM_OPENVZ, /* Error from OpenVZ driver */ -VIR_FROM_XENXM, /* Error at Xen XM layer */ -VIR_FROM_STATS_LINUX, /* Error in the Linux Stats code */ -VIR_FROM_LXC, /* Error from Linux Container driver */ -VIR_FROM_STORAGE, /* Error from storage driver */ -VIR_FROM_NETWORK, /* Error from network config */ -VIR_FROM_DOMAIN, /* Error from domain config */ -VIR_FROM_UML, /* Error at the UML driver */ -VIR_FROM_NODEDEV, /* Error from node device monitor */ -VIR_FROM_XEN_INOTIFY, /* Error from xen inotify layer */ -VIR_FROM_SECURITY, /* Error from security framework */ -VIR_FROM_VBOX, /* Error from VirtualBox driver */ -VIR_FROM_INTERFACE, /* Error when operating on an interface */ -VIR_FROM_ONE, /* Error from OpenNebula driver */ -VIR_FROM_ESX, /* Error from ESX driver */ -VIR_FROM_PHYP, /* Error from IBM power hypervisor */ -VIR_FROM_SECRET, /* Error from secret storage */ -VIR_FROM_CPU, /* Error from CPU driver */ -VIR_FROM_XENAPI, /* Error from XenAPI */ -VIR_FROM_NWFILTER, /* Error from network filter driver */ -VIR_FROM_HOOK, /* Error from Synchronous hooks */ -VIR_FROM_DOMAIN_SNAPSHOT, /* Error from domain snapshot */ -VIR_FROM_AUDIT, /* Error from auditing subsystem */ -VIR_FROM_SYSINFO, /* Error from sysinfo/SMBIOS */ -VIR_FROM_STREAMS, /* Error from I/O streams */ -VIR_FROM_VMWARE, /* Error from VMware driver */ -VIR_FROM_EVENT, /* Error from event loop impl */ -VIR_FROM_LIBXL, /* Error from libxenlight driver */ -VIR_FROM_LOCKING, /* Error from lock manager */ -VIR_FROM_HYPERV, /* Error from Hyper-V driver */ -VIR_FROM_CAPABILITIES, /* Error from capabilities */ -VIR_FROM_URI, /* Error from URI handling */ -VIR_FROM_AUTH, /* Error from auth handling */ -VIR_FROM_DBUS, /* Error from DBus */ -VIR_FROM_UNKNOWN; /* unknown error domain (must be the last entry!) */ +VIR_FROM_NONE, +/** Error at Xen hypervisor layer */ +VIR_FROM_XEN, +/** Error at connection with xend daemon */ +VIR_FROM_XEND, +/** Error at connection with xen store */ +VIR_FROM_XENSTORE, +/** Error in the S-Expression code */ +VIR_FROM_SEXPR, +/** Error in the XML code */ +VIR_FROM_XML, +/** Error when operating on a domain */ +VIR_FROM_DOM, +/** Error in the XML-RPC code */ +VIR_FROM_RPC, +/** Error in the proxy code */ +VIR_FROM_PROXY, +/** Error in the configuration file handling */ +VIR_FROM_CONF, +/** Error at the QEMU daemon */ +VIR_FROM_QEMU, +/** Error when operating on a network */ +VIR_FROM_NET, +/** Error from test driver */ +VIR_FROM_TEST, +/** Error from remote driver */ +VIR_FROM_REMOTE, +/** Error from OpenVZ driver */ +VIR_FROM_OPENVZ, +/** Error at Xen XM layer */ +VIR_FROM_XENXM, +/** Error in the Linux Stats code */ +VIR_FROM_STATS_LINUX, +/** Error from Linux Container driver */ +VIR_FROM_LXC, +/** Error from storage driver */ +VIR_FROM_STORAGE, +/** Error from network config */ +VIR_FROM_NETWORK, +/** Error from domain config */ +VIR_FROM_DOMAIN, +/** Error at the UML
Re: [libvirt] [libvirt-java] [PATCH 07/65] Ignore editor backup files
On Thu, Feb 13, 2014 at 04:22:15PM +0100, Claudio Bley wrote: Signed-off-by: Claudio Bley cb...@av-test.de --- .gitignore |2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b02fd55..28ddc6e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +*~ +\#*\# .classpath .project .settings ACK (from a non Java expert). -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Destroying a suspended LXC domain
Hi! If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the process freezer. Upon destroy libvirt tries to kill all tasks using SIGTERM and later SIGKILL, but as they are frozen the tasks are unkillable. This seems to confuse libvirt, all tasks remain but libvirt forgets the domain. Here a small example: ---cut--- lxc-host1:/etc # /opt/libvirt-dev/bin/virsh domstate my3rdcontainer paused lxc-host1:/etc # /opt/libvirt-dev/bin/virsh destroy my3rdcontainer error: Failed to destroy domain my3rdcontainer error: internal error: Some processes refused to die lxc-host1:/etc # ps fax ... 2118 ?Dsl0:00 /opt/libvirt-dev/lib/libvirt_lxc --name my3rdcontainer --console 19 --security=none --handshake 22 --backgr 2128 ?Ds 0:00 \_ /sbin/init 2152 ?Ds 0:00 \_ /usr/lib/systemd/systemd-journald 2171 ?Ds 0:00 \_ /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 2174 ?Ds 0:00 \_ /usr/lib/systemd/systemd-logind 2189 ?Dsl0:00 \_ /usr/sbin/rsyslogd -n 2778 ?Ds 0:00 \_ /usr/sbin/cron -n 2782 pts/0Ds+0:00 \_ /sbin/agetty --noclear -s console 115200 38400 9600 2786 ?Ds 0:00 \_ /usr/sbin/sshd -D ... ---cut--- I can think of three options to deal with that. a) Refuse to destroy a suspended LXC domain b) Implicitly resume it upon destroy c) Send a SIGKILL to each task and then thaw all tasks using the process freezer. If the task is woken up the it sees immediately the pending SIGKILL and dies. I'd vote for c) because I want to destroy a LXC domain without resuming it. I.e. I want to kill it to avoid any further IO from the already suspended domain. What do you think? I'd volunteer for a patch. :) Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-java] [PATCH 02/65] Fix warnings about accessing static methods
On Thu, Feb 13, 2014 at 04:22:10PM +0100, Claudio Bley wrote: java/org/libvirt/Error.java:217: The static method wrap(int) from the type Error.ErrorDomain should be accessed in a static way Signed-off-by: Claudio Bley cb...@av-test.de --- src/main/java/org/libvirt/Error.java |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/libvirt/Error.java b/src/main/java/org/libvirt/Error.java index 114e758..6f68f57 100644 --- a/src/main/java/org/libvirt/Error.java +++ b/src/main/java/org/libvirt/Error.java @@ -213,9 +213,9 @@ public class Error implements Serializable { private NetworkPointer VNP; /* Deprecated */ public Error(virError vError) { -code = code.wrap(vError.code); -domain = domain.wrap(vError.domain); -level = level.wrap(vError.level); +code = ErrorNumber.wrap(vError.code); +domain = ErrorDomain.wrap(vError.domain); +level = ErrorLevel.wrap(vError.level); message = vError.message; str1 = vError.str1; str2 = vError.str2; ACK (from a non Java expert). -- Guido -- 1.7.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv6 8/8] qemu: snapshot: Add support for external active snapshots on gluster
On 02/13/14 22:17, Eric Blake wrote: On 02/13/2014 09:49 AM, Peter Krempa wrote: Add support for gluster backed images as sources for snapshots in the qemu driver. This will also simplify adding further network backed volumes as sources for snapshot in case qemu will support them. --- Notes: Version 6: - fixed after rename of qemuSnapshotDiskGetActualType ACK. Series is now pushed with the little tweak requested in 5/8. Thanks for the reviews. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
this patch works for me. container is starting fine. but a login (ssh/console) is not possible. host: centos6 kernel: 3.13.2 libvirt: 1.2.1 (+ lxc: Add virCgroupSetOwner()) container logs says agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for device in my container: # ls -la /dev/ total 4 drwxr-xr-x 3 root root 320 Feb 14 10:06 . dr-xr-xr-x 20 root root 4096 Feb 13 10:06 .. lrwxrwxrwx 1 root root 10 Feb 14 10:06 console - /dev/pts/0 lrwxrwxrwx 1 root root 13 Feb 14 10:06 fd - /proc/self/fd crw-rw-rw- 1 root root 1, 7 Feb 14 10:06 full crw-rw-rw- 1 root root 1, 3 Feb 14 10:06 null crw-rw-rw- 1 root root 5, 2 Feb 14 10:06 ptmx drwxr-xr-x 2 root root0 Feb 14 10:06 pts crw-rw-rw- 1 root root 1, 8 Feb 14 10:06 random lrwxrwxrwx 1 root root 15 Feb 14 10:06 stderr - /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Feb 14 10:06 stdin - /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Feb 14 10:06 stdout - /proc/self/fd/1 crw-rw-rw- 1 root root 5, 0 Feb 14 10:06 tty lrwxrwxrwx 1 root root 10 Feb 14 10:06 tty1 - /dev/pts/0 crw-rw-rw- 1 root root 1, 9 Feb 14 10:06 urandom crw-rw-rw- 1 root root 1, 5 Feb 14 10:06 zero # ls -la /dev/pts/ total 0 drwxr-xr-x 2 root root 0 Feb 14 10:06 . drwxr-xr-x 3 root root320 Feb 14 10:06 .. crw--w 1 root root 136, 0 Feb 14 10:07 0 crw-rw-rw- 1 root root 5, 2 Feb 14 10:07 ptmx chgrp tty /dev/pts/0 and then exec /sbin/init systemd.log_level=debug has no effect. still the same error cannot get controlling tty: Operation not permitted -- Software is like sex, it's better when it's free! -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] lxc: Only delegate VIR_CGROUP_CONTROLLER_SYSTEMD to containers
On Fri, Feb 14, 2014 at 08:49:07AM +0100, Richard Weinberger wrote: Am 13.02.2014 18:16, schrieb Daniel P. Berrange: On Tue, Feb 11, 2014 at 11:51:26PM +0100, Richard Weinberger wrote: Due to security concerns we delegate only VIR_CGROUP_CONTROLLER_SYSTEMD to containers. Currently it is not safe to allow a container access to a resource controller. We *do* want to allow all controllers to be visible to the container. eg it is valid for them to have read access to view things like block I/O and CPU accounting information. We just don't want to make it writable for usernamespaces. Okay. But what if one does not enable user namespaces? Then the controllers are writable within the container. If you don't enable user namespaces, then containers should be considered insecure unless all processes run non-root and all your filesystems are mounted no-setuid to prevent escalation fo privileges back to root, or you have SELinux applying controls. So once ypou have the requirement that security depends on being non-root then the cgroups are no longer writable, except when your consider is already insecure for other reasons. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
Am 14.02.2014 11:21, schrieb Stephan Sachse: this patch works for me. container is starting fine. but a login (ssh/console) is not possible. Thanks for testing! But I fear my patch is not the culprit for your login issues. host: centos6 kernel: 3.13.2 libvirt: 1.2.1 (+ lxc: Add virCgroupSetOwner()) container logs says agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for device Is this really the reason why the login fails? Does getty not start or does the login fail? I've never tested an upstart based distro maybe it is somehow confused. :) Can you please collect more details why a login via ssh is failing? Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Destroying a suspended LXC domain
On 14.02.2014 11:14, Richard Weinberger wrote: Hi! If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the process freezer. Upon destroy libvirt tries to kill all tasks using SIGTERM and later SIGKILL, but as they are frozen the tasks are unkillable. This seems to confuse libvirt, all tasks remain but libvirt forgets the domain. Here a small example: ---cut--- lxc-host1:/etc # /opt/libvirt-dev/bin/virsh domstate my3rdcontainer paused lxc-host1:/etc # /opt/libvirt-dev/bin/virsh destroy my3rdcontainer error: Failed to destroy domain my3rdcontainer error: internal error: Some processes refused to die lxc-host1:/etc # ps fax ... 2118 ?Dsl0:00 /opt/libvirt-dev/lib/libvirt_lxc --name my3rdcontainer --console 19 --security=none --handshake 22 --backgr 2128 ?Ds 0:00 \_ /sbin/init 2152 ?Ds 0:00 \_ /usr/lib/systemd/systemd-journald 2171 ?Ds 0:00 \_ /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 2174 ?Ds 0:00 \_ /usr/lib/systemd/systemd-logind 2189 ?Dsl0:00 \_ /usr/sbin/rsyslogd -n 2778 ?Ds 0:00 \_ /usr/sbin/cron -n 2782 pts/0Ds+0:00 \_ /sbin/agetty --noclear -s console 115200 38400 9600 2786 ?Ds 0:00 \_ /usr/sbin/sshd -D ... ---cut--- I can think of three options to deal with that. a) Refuse to destroy a suspended LXC domain b) Implicitly resume it upon destroy c) Send a SIGKILL to each task and then thaw all tasks using the process freezer. If the task is woken up the it sees immediately the pending SIGKILL and dies. I'd vote for c) because I want to destroy a LXC domain without resuming it. I.e. I want to kill it to avoid any further IO from the already suspended domain. Yeah, I also vote for c). What do you think? I'd volunteer for a patch. :) Awesome. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Destroying a suspended LXC domain
On Fri, Feb 14, 2014 at 11:14:39AM +0100, Richard Weinberger wrote: Hi! If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the process freezer. Upon destroy libvirt tries to kill all tasks using SIGTERM and later SIGKILL, but as they are frozen the tasks are unkillable. This seems to confuse libvirt, all tasks remain but libvirt forgets the domain. Here a small example: ---cut--- lxc-host1:/etc # /opt/libvirt-dev/bin/virsh domstate my3rdcontainer paused lxc-host1:/etc # /opt/libvirt-dev/bin/virsh destroy my3rdcontainer error: Failed to destroy domain my3rdcontainer error: internal error: Some processes refused to die lxc-host1:/etc # ps fax ... 2118 ?Dsl0:00 /opt/libvirt-dev/lib/libvirt_lxc --name my3rdcontainer --console 19 --security=none --handshake 22 --backgr 2128 ?Ds 0:00 \_ /sbin/init 2152 ?Ds 0:00 \_ /usr/lib/systemd/systemd-journald 2171 ?Ds 0:00 \_ /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 2174 ?Ds 0:00 \_ /usr/lib/systemd/systemd-logind 2189 ?Dsl0:00 \_ /usr/sbin/rsyslogd -n 2778 ?Ds 0:00 \_ /usr/sbin/cron -n 2782 pts/0Ds+0:00 \_ /sbin/agetty --noclear -s console 115200 38400 9600 2786 ?Ds 0:00 \_ /usr/sbin/sshd -D ... ---cut--- I can think of three options to deal with that. a) Refuse to destroy a suspended LXC domain b) Implicitly resume it upon destroy c) Send a SIGKILL to each task and then thaw all tasks using the process freezer. If the task is woken up the it sees immediately the pending SIGKILL and dies. I'd vote for c) because I want to destroy a LXC domain without resuming it. I.e. I want to kill it to avoid any further IO from the already suspended domain. Yes, I think c) is the only reasonable option here. Allowing processes any window where they can continue executing is not ok. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] storage: Fix build with older compilers afeter gluster snapshot series
In commit e32268184b4fd1611ed5ffd3c758b8f6a34152e6 I accidentally added twice a typedef for virStorageFileBackend when I moved it between files across patch iterations. The double declaration breaks build on older compilers in RHEL5 and FreeBSD. Remove the spurious definition. --- Notes: Pushed under the build-breaker rule. src/storage/storage_backend.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/storage/storage_backend.h b/src/storage/storage_backend.h index 1c7ad1e..5314411 100644 --- a/src/storage/storage_backend.h +++ b/src/storage/storage_backend.h @@ -207,9 +207,6 @@ typedef int (*virStorageFileBackendStat)(virStorageFilePtr file, struct stat *st); -typedef struct _virStorageFileBackend virStorageFileBackend; -typedef virStorageFileBackend *virStorageFileBackendPtr; - virStorageFileBackendPtr virStorageFileBackendForType(int type, int protocol); struct _virStorageFileBackend { -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] lxc: Only delegate VIR_CGROUP_CONTROLLER_SYSTEMD to containers
Am 14.02.2014 11:30, schrieb Daniel P. Berrange: On Fri, Feb 14, 2014 at 08:49:07AM +0100, Richard Weinberger wrote: Am 13.02.2014 18:16, schrieb Daniel P. Berrange: On Tue, Feb 11, 2014 at 11:51:26PM +0100, Richard Weinberger wrote: Due to security concerns we delegate only VIR_CGROUP_CONTROLLER_SYSTEMD to containers. Currently it is not safe to allow a container access to a resource controller. We *do* want to allow all controllers to be visible to the container. eg it is valid for them to have read access to view things like block I/O and CPU accounting information. We just don't want to make it writable for usernamespaces. Okay. But what if one does not enable user namespaces? Then the controllers are writable within the container. If you don't enable user namespaces, then containers should be considered insecure unless all processes run non-root and all your filesystems are mounted no-setuid to prevent escalation fo privileges back to root, or you have SELinux applying controls. Yeah, I hope all users know that too. Do you plan to support non-user namespace container in future? Maybe one should communicate this to docker.io folks as well. *scnr* So once ypou have the requirement that security depends on being non-root then the cgroups are no longer writable, except when your consider is already insecure for other reasons. Yep. Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] lxc: Only delegate VIR_CGROUP_CONTROLLER_SYSTEMD to containers
On Fri, Feb 14, 2014 at 12:11:13PM +0100, Richard Weinberger wrote: Am 14.02.2014 11:30, schrieb Daniel P. Berrange: On Fri, Feb 14, 2014 at 08:49:07AM +0100, Richard Weinberger wrote: Am 13.02.2014 18:16, schrieb Daniel P. Berrange: On Tue, Feb 11, 2014 at 11:51:26PM +0100, Richard Weinberger wrote: Due to security concerns we delegate only VIR_CGROUP_CONTROLLER_SYSTEMD to containers. Currently it is not safe to allow a container access to a resource controller. We *do* want to allow all controllers to be visible to the container. eg it is valid for them to have read access to view things like block I/O and CPU accounting information. We just don't want to make it writable for usernamespaces. Okay. But what if one does not enable user namespaces? Then the controllers are writable within the container. If you don't enable user namespaces, then containers should be considered insecure unless all processes run non-root and all your filesystems are mounted no-setuid to prevent escalation fo privileges back to root, or you have SELinux applying controls. Yeah, I hope all users know that too. Do you plan to support non-user namespace container in future? Maybe one should communicate this to docker.io folks as well. *scnr* Yep, I've gone into this in much detail with Red Hat folks who are working with Docker on their container impl, so they at least know the risks in what they're going Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv6 5/8] storage: Add storage file backends for gluster
Coverity has found a RESOURCE_LEAK... ...snip... +static int +virStorageFileBackendGlusterInit(virStorageFilePtr file) +{ +virStorageFileBackendGlusterPrivPtr priv = NULL; +virDomainDiskHostDefPtr host = (file-hosts[0]); +const char *hostname = host-name; +int port = 0; + +VIR_DEBUG(initializing gluster storage file %p(%s/%s), + file, hostname, file-path); + +if (VIR_ALLOC(priv) 0) +return -1; + We have 'priv' here... but anywhere through to error: if we fail, then priv isn't free'd. +if (VIR_STRDUP(priv-volname, file-path) 0) +goto error; + +if (!(priv-path = strchr(priv-volname, '/'))) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(invalid path of gluster volume: '%s'), + file-path); +goto error; +} + +*priv-path = '\0'; +priv-path++; + +if (host-port +virStrToLong_i(host-port, NULL, 10, port) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(failed to parse port number '%s'), + host-port); +goto error; +} + +if (host-transport == VIR_DOMAIN_DISK_PROTO_TRANS_UNIX) +hostname = host-socket; + + +if (!(priv-vol = glfs_new(priv-volname))) { +virReportOOMError(); +goto error; +} + +if (glfs_set_volfile_server(priv-vol, + virDomainDiskProtocolTransportTypeToString(host-transport), +hostname, port) 0) { +virReportSystemError(errno, + _(failed to set gluster volfile server '%s'), + hostname); +goto error; +} + +if (glfs_init(priv-vol) 0) { +virReportSystemError(errno, + _(failed to initialize gluster connection to + server: '%s'), hostname); +goto error; +} + +file-priv = priv; + +return 0; + +error: +VIR_FREE(priv-volname); +glfs_fini(priv-vol); Adding the free here would be the salve for Coverity. John + +return -1; +} + -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] storage: gluster: Don't leak private data when storage file init fails
In a44b7b87bcc6681e2939f65a3552fc96f68bc7b6 I've introduced a function that initializes a storage file wrapper object on gluster based volumes. The initialization function leaks the private data pointer in case of failure. This patch fixes it. Reported by John Ferlan. --- Notes: Pushed under the trivial rule. src/storage/storage_backend_gluster.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/storage/storage_backend_gluster.c b/src/storage/storage_backend_gluster.c index a9c33c2..202a441 100644 --- a/src/storage/storage_backend_gluster.c +++ b/src/storage/storage_backend_gluster.c @@ -570,6 +570,7 @@ virStorageFileBackendGlusterInit(virStorageFilePtr file) error: VIR_FREE(priv-volname); glfs_fini(priv-vol); +VIR_FREE(priv); return -1; } -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv6 5/8] storage: Add storage file backends for gluster
On 02/14/14 12:24, John Ferlan wrote: ... +error: +VIR_FREE(priv-volname); +glfs_fini(priv-vol); Adding the free here would be the salve for Coverity. Thanks for reporting the issue. This is now fixed by commit commit ad95fa59572c99c26959e6808a1e779a4ffed6de Author: Peter Krempa pkre...@redhat.com Date: Fri Feb 14 13:08:39 2014 +0100 storage: gluster: Don't leak private data when storage file init fails John Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for device Is this really the reason why the login fails? Does getty not start or does the login fail? yes, the getty is started 10 26665 0.0 0.0 6412 792 pts/0Ss+ 13:22 0:00 /sbin/agetty --noclear tty1 10 26667 0.0 0.0 6412 848 ?Ss 13:22 0:00 /sbin/agetty --noclear -s console 115200 38400 9600 and i can connect with fedora1 console virsh # console fedora1 Verbunden mit der Domain: fedora1 Escape-Zeichen ist ^] Fedora release 20 (Heisenbug) Kernel 3.13.2-2.el6.x86_64 on an x86_64 (tty1) fedora1 login: put the console is crazy. wrong line breaks after hit enter. first two logins fails with wrong log entries. the password is displayed as login. the third attemot works. then i have a mix of console and login promt. every 10 secons i hit enter i see a passwort promt. but i can still use the shell. but imo this is a other problem. there are messages about systemd --user can not connect the dbus socket in /run/user/0/dbus/user_bus_socket I've never tested an upstart based distro maybe it is somehow confused. :) forgot to say the container is fedora 20 Can you please collect more details why a login via ssh is failing? set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan -- Software is like sex, it's better when it's free! -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] lxc: Don't shadow global symbol link
Yet another variable name frowned upon by older compilers. Introduced in commit b73c029d. --- src/lxc/lxc_native.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index 2cf479d..663e29c 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -334,7 +334,7 @@ lxcFstabWalkCallback(const char* name, virConfValuePtr value, void * data) static virDomainNetDefPtr lxcCreateNetDef(const char *type, -const char *link, +const char *linkdev, const char *mac, const char *flag, const char *macvlanmode) @@ -357,18 +357,18 @@ lxcCreateNetDef(const char *type, net-mac = macAddr; if (STREQ(type, veth)) { -if (!link) +if (!linkdev) goto error; net-type = VIR_DOMAIN_NET_TYPE_BRIDGE; -if (VIR_STRDUP(net-data.bridge.brname, link) 0) +if (VIR_STRDUP(net-data.bridge.brname, linkdev) 0) goto error; } else if (STREQ(type, macvlan)) { net-type = VIR_DOMAIN_NET_TYPE_DIRECT; -if (!link || VIR_STRDUP(net-data.direct.linkdev, link) 0) +if (!linkdev || VIR_STRDUP(net-data.direct.linkdev, linkdev) 0) goto error; if (!macvlanmode || STREQ(macvlanmode, private)) @@ -411,7 +411,7 @@ lxcCreateHostdevDef(int mode, int type, const char *data) static int lxcAddNetworkDefinition(virDomainDefPtr def, const char *type, -const char *link, +const char *linkdev, const char *mac, const char *flag, const char *macvlanmode, @@ -428,14 +428,14 @@ lxcAddNetworkDefinition(virDomainDefPtr def, isPhys = STREQ(type, phys); isVlan = STREQ(type, vlan); if (type != NULL (isPhys || isVlan)) { -if (!link) { +if (!linkdev) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s, _(Missing 'link' attribute for NIC)); goto error; } if (!(hostdev = lxcCreateHostdevDef(VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES, VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET, -link))) +linkdev))) goto error; /* This still requires the user to manually setup the vlan interface @@ -443,7 +443,7 @@ lxcAddNetworkDefinition(virDomainDefPtr def, if (isVlan vlanid) { VIR_FREE(hostdev-source.caps.u.net.iface); if (virAsprintf(hostdev-source.caps.u.net.iface, -%s.%s, link, vlanid) 0) +%s.%s, linkdev, vlanid) 0) goto error; } @@ -451,7 +451,7 @@ lxcAddNetworkDefinition(virDomainDefPtr def, goto error; def-hostdevs[def-nhostdevs - 1] = hostdev; } else { -if (!(net = lxcCreateNetDef(type, link, mac, flag, macvlanmode))) +if (!(net = lxcCreateNetDef(type, linkdev, mac, flag, macvlanmode))) goto error; if (VIR_EXPAND_N(def-nets, def-nnets, 1) 0) -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
Am 14.02.2014 13:42, schrieb Stephan Sachse: agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for device Is this really the reason why the login fails? Does getty not start or does the login fail? yes, the getty is started 10 26665 0.0 0.0 6412 792 pts/0Ss+ 13:22 0:00 /sbin/agetty --noclear tty1 10 26667 0.0 0.0 6412 848 ?Ss 13:22 0:00 /sbin/agetty --noclear -s console 115200 38400 9600 and i can connect with fedora1 console virsh # console fedora1 Verbunden mit der Domain: fedora1 Escape-Zeichen ist ^] Fedora release 20 (Heisenbug) Kernel 3.13.2-2.el6.x86_64 on an x86_64 (tty1) fedora1 login: put the console is crazy. wrong line breaks after hit enter. first two logins fails with wrong log entries. the password is displayed as login. the third attemot works. then i have a mix of console and login promt. every 10 secons i hit enter i see a passwort promt. but i can still use the shell. but imo this is a other problem. there are messages about systemd --user can not connect the dbus socket in /run/user/0/dbus/user_bus_socket Looks like you have a getty on /dev/console _and_ /dev/tty1 ...both are symlinks to the same pts fake console. I've never tested an upstart based distro maybe it is somehow confused. :) forgot to say the container is fedora 20 Ah, thought it is CentOS 6 too. Can you please collect more details why a login via ssh is failing? set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Hmmm, no idea so far. Have you disabled pam_loginuid? Maybe SELinux hates you too... Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Don't shadow global symbol link
On 14.2.2014 13:48, Peter Krempa wrote: Yet another variable name frowned upon by older compilers. Introduced in commit b73c029d. --- ACK, Pavel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Don't shadow global symbol link
On 02/14/14 14:00, Pavel Hrdina wrote: On 14.2.2014 13:48, Peter Krempa wrote: Yet another variable name frowned upon by older compilers. Introduced in commit b73c029d. --- ACK, Pavel Pushed; Thanks. Peter signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Looking for project ideas and mentors for Google Summer of Code 2014
On 2014-02-11 11:17, Stefan Hajnoczi wrote: On Mon, Feb 3, 2014 at 8:45 AM, Stefan Hajnoczi stefa...@gmail.com wrote: Project ideas Please post project ideas on the wiki page below. Project ideas should be suitable as a 12-week project that a student fluent in C/Python/etc can complete. No prior knowledge of QEMU/KVM/libvirt internals can be assumed. http://qemu-project.org/Google_Summer_of_Code_2014 Please post your project ideas before Friday. I need to submit our organization application (including our project ideas) on Friday. Hope it's not too late: just added the VT-d emulation proposal. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 2/4] remote: Implement remote{Get,Set}Time
On Thu, Feb 13, 2014 at 07:51:43PM +0100, Michal Privoznik wrote: This is also adding new ACL permission to check 'set_time'. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- daemon/remote.c | 35 +++ src/access/viraccessperm.c | 2 +- src/access/viraccessperm.h | 6 ++ src/remote/remote_driver.c | 32 src/remote/remote_protocol.x | 31 ++- src/remote_protocol-structs | 16 6 files changed, 120 insertions(+), 2 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 932f65f..8020e60 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -6027,3 +6027,38 @@ error: } return -1; } + +static int +remoteDispatchDomainGetTime(virNetServerPtr server ATTRIBUTE_UNUSED, +virNetServerClientPtr client, +virNetMessagePtr msg ATTRIBUTE_UNUSED, +virNetMessageErrorPtr rerr, +remote_domain_get_time_args *args, +remote_domain_get_time_ret *ret) +{ +int rv = -1; +virDomainPtr dom = NULL; +struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); +long long time; + Applies to previous patch too, this 'time' will be a problem with '-Wshadow-declarations' on older (some) compilers. ACK with that variable name changed. Martin signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
Am 14.02.2014 13:42, schrieb Stephan Sachse: set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches. LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms. ~tom -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] lxc: Add virCgroupSetOwner()
Add a new helper function to change the permissions of a control group. This function is needed for user namespaces, we need to chmod() the cgroup to the initial uid/gid such that systemd is allowed to use the cgroup. Signed-off-by: Richard Weinberger rich...@nod.at --- Changes between v1 and v2: - Addressed Martin Kletzander's comments - Fixed opendir() error handling --- src/libvirt_private.syms | 1 + src/lxc/lxc_cgroup.c | 12 ++ src/util/vircgroup.c | 60 src/util/vircgroup.h | 5 4 files changed, 78 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2c9536a..40e72f2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1056,6 +1056,7 @@ virCgroupSetMemory; virCgroupSetMemoryHardLimit; virCgroupSetMemorySoftLimit; virCgroupSetMemSwapHardLimit; +virCgroupSetOwner; virCgroupSupportsCpuBW; diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index cc0d5e8..39d955c 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -484,6 +484,18 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def) cgroup) 0) goto cleanup; +/* setup control group permissions for user namespace */ +if (def-idmap.uidmap) { +if (virCgroupSetOwner(cgroup, + def-idmap.uidmap[0].target, + def-idmap.gidmap[0].target, + (1 VIR_CGROUP_CONTROLLER_SYSTEMD)) 0) { +virCgroupFree(cgroup); +cgroup = NULL; +goto cleanup; +} +} + cleanup: return cgroup; } diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index a6d60c5..4bef0db 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -3253,6 +3253,66 @@ cleanup: } +int virCgroupSetOwner(virCgroupPtr cgroup, + uid_t uid, + gid_t gid, + int controllers) +{ +size_t i; + +for (i = 0; i VIR_CGROUP_CONTROLLER_LAST; i++) { +char *base, *entry; +DIR *dh; +struct dirent *de; + +if (!((1 i) controllers)) +continue; + +if (!cgroup-controllers[i].mountPoint) +continue; + +if (virAsprintf(base, %s%s, cgroup-controllers[i].mountPoint, +cgroup-controllers[i].placement) 0) { +return -1; +} + +dh = opendir(base); +if (!dh) { +VIR_ERROR(_(Unable to open %s: %s), base, strerror(errno)); +VIR_FREE(base); +return -1; +} + +while ((de = readdir(dh)) != NULL) { +if (STREQ(de-d_name, .) || +STREQ(de-d_name, ..)) +continue; + +if (virAsprintf(entry, %s/%s, base, de-d_name) 0) { +VIR_FREE(base); +closedir(dh); +return -1; +} + +if (chown(entry, uid, gid) 0) +VIR_WARN(_(cannot chown '%s' to (%u, %u): %s), entry, uid, gid, +strerror(errno)); + +VIR_FREE(entry); +} +closedir(dh); + +if (chown(base, uid, gid) 0) +VIR_WARN(_(cannot chown '%s' to (%u, %u): %s), entry, uid, gid, +strerror(errno)); + +VIR_FREE(base); +} + +return 0; +} + + /** * virCgroupSupportsCpuBW(): * Check whether the host supports CFS bandwidth. diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h index a70eb18..38d94f3 100644 --- a/src/util/vircgroup.h +++ b/src/util/vircgroup.h @@ -225,4 +225,9 @@ int virCgroupIsolateMount(virCgroupPtr group, bool virCgroupSupportsCpuBW(virCgroupPtr cgroup); +int virCgroupSetOwner(virCgroupPtr cgroup, + uid_t uid, + gid_t gid, + int controllers); + #endif /* __VIR_CGROUP_H__ */ -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
On Fri, Feb 14, 2014 at 01:42:25PM +0100, Stephan Sachse wrote: agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for device Is this really the reason why the login fails? Does getty not start or does the login fail? yes, the getty is started 10 26665 0.0 0.0 6412 792 pts/0Ss+ 13:22 0:00 /sbin/agetty --noclear tty1 10 26667 0.0 0.0 6412 848 ?Ss 13:22 0:00 /sbin/agetty --noclear -s console 115200 38400 9600 and i can connect with fedora1 console virsh # console fedora1 Verbunden mit der Domain: fedora1 Escape-Zeichen ist ^] Fedora release 20 (Heisenbug) Kernel 3.13.2-2.el6.x86_64 on an x86_64 (tty1) fedora1 login: put the console is crazy. wrong line breaks after hit enter. first two logins fails with wrong log entries. the password is displayed as login. the third attemot works. then i have a mix of console and login promt. every 10 secons i hit enter i see a passwort promt. but i can still use the shell. but imo this is a other problem. there are messages about systemd --user can not connect the dbus socket in /run/user/0/dbus/user_bus_socket I believe you might need a newer systemd or libvirt. Libvirt creates /dev/ttyN from 1- number of console elements in the XML, and also makes /dev/console a symlink to /dev/ttyN. If you see double logins this is a good sign that an agetty has been started on both /dev/tty1 and /dev/console. A month or so back we made libvirt set container_ttys to list all /dev/ttyN devices except for /dev/tty1. systemd GIT will honour this env var when deciding how to spawn agettys on the /dev/ttyN devices. That said unless you've done some custom config I'd not expect an outdated systemd to launch anything on /dev/ttyN devices, only /dev/console. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 2/4] remote: Implement remote{Get,Set}Time
On 02/14/2014 06:23 AM, Martin Kletzander wrote: On Thu, Feb 13, 2014 at 07:51:43PM +0100, Michal Privoznik wrote: This is also adding new ACL permission to check 'set_time'. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- Applies to previous patch too, this 'time' will be a problem with '-Wshadow-declarations' on older (some) compilers. ACK with that variable name changed. I'm half-tempted to just tweak m4/virt-compile-warnings.m4 to drop -Wshadow-declarations on older gcc. Since newer gcc is sane about local variables not conflicting with public functions, it's not worth worrying about the collisions that only older gcc reports. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
Am 14.02.2014 14:17, schrieb Tom Kuther: Am 14.02.2014 13:42, schrieb Stephan Sachse: set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches. LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms. ~tom Setting UseDNS=no in the container's sshd_config fixes this. I have no idea why that happens. DNS lookups generally do work in the container. ~tom -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
On Fri, Feb 14, 2014 at 02:17:24PM +0100, Tom Kuther wrote: Am 14.02.2014 13:42, schrieb Stephan Sachse: set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches. LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms. Most likely is the pam_loginuid module denying access. Sadly I find debugging PAM a complete pain - if anyone knows how to make it spew logs for each module executed and then accept/reject state, that'd be awesome for troubleshooting this. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 2/4] remote: Implement remote{Get,Set}Time
On Fri, Feb 14, 2014 at 06:32:21AM -0700, Eric Blake wrote: On 02/14/2014 06:23 AM, Martin Kletzander wrote: On Thu, Feb 13, 2014 at 07:51:43PM +0100, Michal Privoznik wrote: This is also adding new ACL permission to check 'set_time'. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- Applies to previous patch too, this 'time' will be a problem with '-Wshadow-declarations' on older (some) compilers. ACK with that variable name changed. I'm half-tempted to just tweak m4/virt-compile-warnings.m4 to drop -Wshadow-declarations on older gcc. Since newer gcc is sane about local variables not conflicting with public functions, it's not worth worrying about the collisions that only older gcc reports. The problem is shadow decls can occur within libvirt code too in which case they would likely be genuine bugs. eg someone declares 'foo' at the start of a method and some time later redeclares it in a for/while loop body or some such. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 3/4] virsh: Expose virDomain{Get,Set}Time
On Thu, Feb 13, 2014 at 07:51:44PM +0100, Michal Privoznik wrote: These APIs are exposed under new virsh command 'domtime' which both gets and sets (not at the same time of course :)). Signed-off-by: Michal Privoznik mpriv...@redhat.com --- tools/virsh-domain-monitor.c | 126 +++ tools/virsh.pod | 16 ++ 2 files changed, 142 insertions(+) diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index de4afbb..8e21e37 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -1391,6 +1391,126 @@ cleanup: } /* + * domtime command + */ +static const vshCmdInfo info_domtime[] = { +{.name = help, + .data = N_(domain time) +}, +{.name = desc, + .data = N_(Gets or sets a domain time) +}, +{.name = NULL} +}; + +static const vshCmdOptDef opts_domtime[] = { +{.name = domain, + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .help = N_(domain name, id or uuid) +}, +{.name = now, + .type = VSH_OT_BOOL, + .help = N_(set current host time) +}, +{.name = pretty, + .type = VSH_OT_BOOL, + .help = N_(print domain's time in human readable form) +}, +{.name = sync, + .type = VSH_OT_BOOL, + .help = N_(instead of setting given time, synchronize from domain's RTC), +}, +{.name = time, + .type = VSH_OT_INT, + .help = N_(time to set) +}, +{.name = NULL} +}; + +static bool +cmdDomTime(vshControl *ctl, const vshCmd *cmd) +{ +virDomainPtr dom; +bool ret = false; +bool now = vshCommandOptBool(cmd, now); +bool pretty = vshCommandOptBool(cmd, pretty); +bool sync = vshCommandOptBool(cmd, sync); +bool doSet = false; +long long guest_time; +const char *timezone = NULL; +int rv; + +if (!(dom = vshCommandOptDomain(ctl, cmd, NULL))) +return false; + +rv = vshCommandOptLongLong(cmd, time, guest_time); + +if (rv 0) { +/* invalid integer format */ vshCommandOptLongLong() does not set an error, please set one. +goto cleanup; +} else if (rv 0) { +/* --time is used, so set time instead of get time. + * However, --time and --now are mutually exclusive. */ +if (now) { +vshError(ctl, _(--time and --now are mutually exclusive)); +goto cleanup; +} + +/* Neither is --time and --sync */ +if (sync) { +vshError(ctl, _(--time and --sync are mutually exclusive)); +goto cleanup; + +} +doSet = true; +} + +if (sync now) { +vshError(ctl, _(--sync and --now are mutually exclusive)); +goto cleanup; +} + And VSH_EXCLUSIVE_OPTIONS will deal with the rest for you (or it's _EXPR variant if you already have the booleans in some variable. +/* --now or --sync means setting */ +doSet |= now | sync; + +if (doSet) { +if (now ((guest_time = time(NULL)) == (time_t) -1)) { +vshError(ctl, _(unable to get current time)); +goto cleanup; +} +if (virDomainSetTime(dom, guest_time, timezone, You don't make the use of 'timezone' anywhere in the code. And it has the same problem as 'time' with older GCCs. + sync ? VIR_DOMAIN_TIME_SYNC : 0) 0) +goto cleanup; +} else { +if (virDomainGetTime(dom, guest_time, 0) 0) +goto cleanup; + +if (pretty) { +char timestr[100]; +time_t cur_time = guest_time; +struct tm time_info; + +if (!gmtime_r(cur_time, time_info)) { +vshError(ctl, _(Unable to format time)); +goto cleanup; +} +strftime(timestr, sizeof(timestr), %Y-%m-%d-%H:%M:%S, time_info); use space instead of dash (hyphen) after the date, better than that is to use %F instead of %Y-%m-%d and even best would be to use %c. Question on the side, can you get the timezone from the guest agent, too? That would be great... + +vshPrint(ctl, _(Time: %s), timestr); +} else { +vshPrint(ctl, _(Time: %llu), guest_time); +} +} + +ret = true; + +cleanup: +virDomainFree(dom); +return ret; +} + +/* * list command */ static const vshCmdInfo info_list[] = { @@ -1946,6 +2066,12 @@ const vshCmdDef domMonitoringCmds[] = { .info = info_domstate, .flags = 0 }, +{.name = domtime, + .handler = cmdDomTime, + .opts = opts_domtime, + .info = info_domtime, + .flags = 0 +}, {.name = list, .handler = cmdList, .opts = opts_list, diff --git a/tools/virsh.pod b/tools/virsh.pod index f221475..40cb5b5 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -969,6 +969,22 @@ Convert a
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
Am 14.02.2014 14:32, schrieb Daniel P. Berrange: On Fri, Feb 14, 2014 at 02:17:24PM +0100, Tom Kuther wrote: Am 14.02.2014 13:42, schrieb Stephan Sachse: set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches. LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms. Most likely is the pam_loginuid module denying access. Sadly I find debugging PAM a complete pain - if anyone knows how to make it spew logs for each module executed and then accept/reject state, that'd be awesome for troubleshooting this. Daniel I have that disabled. As I wrote in the other mail, it seems to be a funny DNS lookup problem. Setting UseDNS=no in sshd_config fixes it. But there is a more general problem with local LAN DNS lookup. I do have set the router's DNS server in /etc/resolv.conf, yet I cannot reach any clients on the LAN using their lan hostname.domainname - this works fine when not using user namespace. Using their IP works, Internet DNS lookup works, too. Interface type for the container is bridge via the hosts's br0. No idea if this could be a libvirt, kernel or systemd problem. ~tom -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
systemctl mask console-getty.service fix the console login problem. sshd is still not working. dns works fine in the container. UseDNS=no fix the sshd login problem. crazy! yet I cannot reach any clients on the LAN using their lan hostname.domainname ping host.name works for me -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 2/4] remote: Implement remote{Get,Set}Time
On 02/14/2014 06:34 AM, Daniel P. Berrange wrote: On Fri, Feb 14, 2014 at 06:32:21AM -0700, Eric Blake wrote: On 02/14/2014 06:23 AM, Martin Kletzander wrote: On Thu, Feb 13, 2014 at 07:51:43PM +0100, Michal Privoznik wrote: This is also adding new ACL permission to check 'set_time'. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- Applies to previous patch too, this 'time' will be a problem with '-Wshadow-declarations' on older (some) compilers. ACK with that variable name changed. I'm half-tempted to just tweak m4/virt-compile-warnings.m4 to drop -Wshadow-declarations on older gcc. Since newer gcc is sane about local variables not conflicting with public functions, it's not worth worrying about the collisions that only older gcc reports. The problem is shadow decls can occur within libvirt code too in which case they would likely be genuine bugs. eg someone declares 'foo' at the start of a method and some time later redeclares it in a for/while loop body or some such. Yes, but -Wshadow-declarations catches that on newer gcc. Thus, my proposal is: older gcc: omit the warning option, since it is prone to noise that devs on newer systems have to fix after the fact newer gcc: use -Wshadow-declarations, and catch the real problems (and not the conflict between global functions and local variables) Most dev work is done on newer gcc and thus will avoid the real problems, and patches submitted from devs on older gcc may cause issues that have to be fixed up by devs on newer machines, but it will be less frequent than the case of devs submitting patches that then cause old gcc to barf on -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] qemu: Use virtio network device for aarch64/virt
This patch changes network device type used by default from rtl8139 to virtio when architecture type is aarch64 and machine type is virt. Qemu doesn't support any other machine types for aarch64 right now and we can't make any other aarch64-specific tuning in this function yet. Signed-off-by: Oleg Strikov oleg.stri...@canonical.com --- Changes since v1: * qemuxml2argvtest suite has been extended to validate correct setup for aarch64 guests when no NIC model is provided in the XML src/qemu/qemu_domain.c |3 ++- .../qemuxml2argv-aarch64-virt-default-nic.args |6 ++ .../qemuxml2argv-aarch64-virt-default-nic.xml | 22 tests/qemuxml2argvtest.c |3 +++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.xml diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a665061..9a040ee 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -797,7 +797,8 @@ qemuDomainDefaultNetModel(const virDomainDef *def) def-os.arch == VIR_ARCH_S390X) return virtio; -if (def-os.arch == VIR_ARCH_ARMV7L) { +if (def-os.arch == VIR_ARCH_ARMV7L || +def-os.arch == VIR_ARCH_AARCH64) { if (STREQ(def-os.machine, versatilepb)) return smc91c111; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.args b/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.args new file mode 100644 index 000..d4d403b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-aarch64 -S -M virt -m 1024 -smp 1 -nographic \ +-nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait \ +-boot c -kernel /aarch64.kernel -initrd /aarch64.initrd -append console=ttyAMA0 \ +-usb -device virtio-net-device,vlan=0,id=net0,mac=52:54:00:09:a4:37 \ +-net user,vlan=0,name=hostnet0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.xml b/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.xml new file mode 100644 index 000..868de94 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-aarch64-virt-default-nic.xml @@ -0,0 +1,22 @@ +domain type=qemu + nameaarch64-virt-default-nic/name + uuid6ba410c5-1e5c-4d57-bee7-2228e7ffa32f/uuid + memory1048576/memory + currentMemory1048576/currentMemory + vcpu1/vcpu + features +acpi/ + /features + os +type arch=aarch64 machine=virthvm/type +kernel/aarch64.kernel/kernel +initrd/aarch64.initrd/initrd +cmdlineconsole=ttyAMA0/cmdline + /os + devices +emulator/usr/bin/qemu-system-aarch64/emulator +interface type='user' + mac address='52:54:00:09:a4:37'/ +/interface + /devices +/domain diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 7a5b50d..43ac1d1 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1335,6 +1335,9 @@ mymain(void) QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DTB, QEMU_CAPS_DRIVE, QEMU_CAPS_DEVICE_VIRTIO_MMIO, QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_RANDOM); +DO_TEST(aarch64-virt-default-nic, +QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG, +QEMU_CAPS_DEVICE_VIRTIO_MMIO); DO_TEST(kvm-pit-device, QEMU_CAPS_KVM_PIT_TICK_POLICY); DO_TEST(kvm-pit-delay, QEMU_CAPS_NO_KVM_PIT); -- 1.7.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
On Fri, Feb 14, 2014 at 2:17 PM, Tom Kuther t...@kuther.net wrote: Am 14.02.2014 13:42, schrieb Stephan Sachse: set LogLevel to DEBUG3. keyexchange is down. put then hangs for some time und sshd dies sshd[269]: debug1: KEX done [preauth] sshd[269]: debug1: userauth-request for user root service ssh-connection method none [preauth] sshd[269]: debug1: attempt 0 failures 0 [preauth] sshd[269]: debug3: mm_getpwnamallow entering [preauth] sshd[269]: debug3: mm_request_send entering: type 8 [preauth] sshd[269]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] sshd[269]: debug3: mm_request_receive_expect entering: type 9 [preauth] sshd[269]: debug3: mm_request_receive entering [preauth] sshd[269]: debug3: mm_request_receive entering sshd[269]: debug3: monitor_read: checking request 8 sshd[269]: debug3: mm_answer_pwnamallow sshd[269]: debug3: Trying to reverse map address 10.1.25.151. systemd[1]: Received SIGCHLD from PID 270 (sshd). systemd[1]: Got SIGCHLD for process 270 (sshd) systemd[1]: Child 270 died (code=killed, status=15/TERM) Also keep in mind that running a compete distro within LXC + user namespaces requires some changes. Like disabling pam_loginuid.so in pam. For systemd distros you have to remove OOMScoreAdjust= and CapabilityBoundingSet= from all units... yes, i know. i have no errors from systemd, all looks fine with exec /sbin/init systemd.log_level=debug /stephan I have the same problem on a slightly different setup. Both host and guest are Archlinux with systemd-208, libvirt-git with the chown() patches. LXC Console login works fine (and I do not have such issues with messed up console), but login via SSH fails with the exact same symptoms. ~tom Please don't crop CC lists. -- Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 02/13/2014 11:51 AM, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- +/** + * virDomainGetTime: + * @dom: a domain object + * @time: where to store the domain's time + * @flags: extra flags, not used yet, so callers should always pass 0 + * + * Get the information about guest time relative to the Epoch of + * 1970-01-01 in UTC. The returned time is in seconds. Even though qga doesn't yet provide it, should we make this API flexible enough to also allow return the timezone offset of the guest for hypervisors that have a way of reporting that from the guest? That is, documenting that the reported time is always normalized to UTC is okay, but it would also be nice to have an int* parameter that can store the timezone offset, if known. + * + * Please note that some hypoervisors may require guest agent to s/hypoervisors/hypervisors/ + * be configured and running in order to be able to run this API. + * + * Returns 0 on success, -1 otherwise. + */ +int +virDomainGetTime(virDomainPtr dom, + long long *time, + unsigned int flags) +{ +VIR_DOMAIN_DEBUG(dom, time=%p, flags=%x, + time, flags); + +virResetLastError(); + +virCheckDomainReturn(dom, -1); +virCheckReadOnlyGoto(dom-conn-flags, error); Good - since this may involve guest agent interaction, it should not be allowed on read-only clients. + +/** + * virDomainSetTime: + * @dom: a domain object + * @time: time to set in the domain + * @timezone: timezone of @time, currently not used, always pass NULL + * @flags: extra flags, not used yet, so callers should always pass 0 There is an upstream patch pending for qga that adds the ability to call set-time without a time specification, which then tells the guest to reread its (virtual) hardware clock and adjust its time from there. https://lists.gnu.org/archive/html/qemu-devel/2014-02/msg02333.html We need to support that option; I suggest that it might be worth defining our first @flags option. + * + * When a domain is suspended or restored from a file the + * domain's OS has no idea that there was a big gap in the time. + * Depending on how long the gap was, NTP might not be able to + * resynchronize the guest. + * + * This API tries to set guest time to the given value. The time + * should be in seconds, relative to the Epoch of 1970-01-01 in UTC. + * + * Please note that some hypoervisors may require guest agent to s/hypoervisors/hypervisors/ + * be configured and running in order to be able to run this API. + * + * Returns 0 on success, -1 otherwise. + */ +int +virDomainSetTime(virDomainPtr dom, + long long time, + const char *timezone, If timezone is not NULL, how would it be interpreted? Would it be better to report a timezone as an int (minutes east or west from UTC) than a string? -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] [RFC] lxc: Remove !priv-cgroup case
Currently we enforce that every container has a cgroup. So we can delete these two !priv-cgroup branches. Signed-off-by: Richard Weinberger rich...@nod.at --- Hi! Maybe I miss something but I think we can delete these two !priv-cgroup branches. If virLXCCgroupCreate() returns NULL the LXC controller exists. Thanks, //richard --- src/lxc/lxc_process.c | 30 +- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index ed729f6..f75d353 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -203,10 +203,8 @@ static void virLXCProcessCleanup(virLXCDriverPtr driver, virDomainConfVMNWFilterTeardown(vm); -if (priv-cgroup) { -virCgroupRemove(priv-cgroup); -virCgroupFree(priv-cgroup); -} +virCgroupRemove(priv-cgroup); +virCgroupFree(priv-cgroup); /* Get machined to terminate the machine as it may not have cleaned it * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for @@ -697,23 +695,13 @@ int virLXCProcessStop(virLXCDriverPtr driver, VIR_FREE(vm-def-seclabels[0]-imagelabel); } -if (priv-cgroup) { -rc = virCgroupKillPainfully(priv-cgroup); -if (rc 0) -return -1; -if (rc 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, %s, - _(Some processes refused to die)); -return -1; -} -} else { -/* If cgroup doesn't exist, just try cleaning up the - * libvirt_lxc process */ -if (virProcessKillPainfully(vm-pid, true) 0) { -virReportError(VIR_ERR_INTERNAL_ERROR, - _(Processes %d refused to die), (int)vm-pid); -return -1; -} +rc = virCgroupKillPainfully(priv-cgroup); +if (rc 0) +return -1; +if (rc 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, +_(Some processes refused to die)); +return -1; } virLXCProcessCleanup(driver, vm, reason); -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Looking for project ideas and mentors for Google Summer of Code 2014
On Fri, 2014-02-14 at 09:16 +0100, Jan Kiszka wrote: I need to submit our organization application (including our project ideas) on Friday. Hope it's not too late: just added the VT-d emulation proposal. It's not too late. Ideas page must be ready when students will discover the list of accepted organizations on Monday 24th. I'm not GSoc admin here, but on LibreOffice ;) -- Cedric -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] [RFC] lxc: Remove !priv-cgroup case
On Fri, Feb 14, 2014 at 03:21:01PM +0100, Richard Weinberger wrote: Currently we enforce that every container has a cgroup. So we can delete these two !priv-cgroup branches. Signed-off-by: Richard Weinberger rich...@nod.at --- Hi! Maybe I miss something but I think we can delete these two !priv-cgroup branches. If virLXCCgroupCreate() returns NULL the LXC controller exists. Unfortunately there's an issue that 'virLXCProcessStop' method can be called from 'virLXCProcessStart' when container startup fails and in this case we don't guarantee cgroup != NULL. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 4/4] qemu: Implement virDomain{Get, Set}Time
On Thu, Feb 13, 2014 at 07:51:45PM +0100, Michal Privoznik wrote: One caveat though, qemu-ga is expecting time and returning time in nanoseconds. With all the buffering and propagation delay, the time is already wrong once it gets to the qemu-ga, but there's nothing we can do about it. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- src/qemu/qemu_agent.c | 81 + src/qemu/qemu_agent.h | 6 +++ src/qemu/qemu_driver.c | 135 + 3 files changed, 222 insertions(+) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 4a3820c..28f14ea 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1657,3 +1657,84 @@ qemuAgentUpdateCPUInfo(unsigned int nvcpus, return 0; } + + +int +qemuAgentGetTime(qemuAgentPtr mon, + long long *time) +{ +int ret = -1; +unsigned long long json_time; +virJSONValuePtr cmd; +virJSONValuePtr reply = NULL; + +cmd = qemuAgentMakeCommand(guest-get-time, + NULL); +if (!cmd) +return ret; + +if (qemuAgentCommand(mon, cmd, reply, + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) 0) +goto cleanup; + +if (!reply || qemuAgentCheckError(cmd, reply) 0) +goto cleanup; + I don't like that qemu is not that introspectable for us to know whether it has the 'sync' functionality, because otherwise it will fail with not-very-descriptive internal error :( However, I don't see an easy way out of it. +if (virJSONValueObjectGetNumberUlong(reply, return, json_time) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, %s, + _(malformed return value)); +goto cleanup; +} + +/* guest agent returns time in nanoseconds, + * we need it in seconds here */ +*time = json_time / 10LL; +ret = 0; + +cleanup: +virJSONValueFree(cmd); +virJSONValueFree(reply); +return ret; +} + + +/** + * qemuAgentSetTime: + * @sync: let guest agent to read domain's RTC (@time is ignored) + */ +int +qemuAgentSetTime(qemuAgentPtr mon, +long long time, +bool sync) +{ +int ret = -1; +virJSONValuePtr cmd; +virJSONValuePtr reply = NULL; + +if (sync) { +cmd = qemuAgentMakeCommand(guest-set-time, NULL); +} else { +/* guest agent expect time with nanosecond granularity. s/expect/expects/ + * Impressing. */ s/Impressing/Impressive/ ;-) Definitely, especially when it takes so long to communicate with him sometimes :) +unsigned long long json_time = time * 10LL; +cmd = qemuAgentMakeCommand(guest-set-time, + U:time, json_time, + NULL); +} + +if (!cmd) +return ret; + +if (qemuAgentCommand(mon, cmd, reply, + VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) 0) +goto cleanup; + +if (!reply || qemuAgentCheckError(cmd, reply) 0) +goto cleanup; + +ret = 0; +cleanup: +virJSONValueFree(cmd); +virJSONValueFree(reply); +return ret; +} diff --git a/src/qemu/qemu_agent.h b/src/qemu/qemu_agent.h index 5fbacdb..4618f84 100644 --- a/src/qemu/qemu_agent.h +++ b/src/qemu/qemu_agent.h @@ -97,4 +97,10 @@ int qemuAgentSetVCPUs(qemuAgentPtr mon, qemuAgentCPUInfoPtr cpus, size_t ncpus); int qemuAgentUpdateCPUInfo(unsigned int nvcpus, qemuAgentCPUInfoPtr cpuinfo, int ncpuinfo); + +int qemuAgentGetTime(qemuAgentPtr mon, + long long *time); +int qemuAgentSetTime(qemuAgentPtr mon, + long long time, + bool sync); #endif /* __QEMU_AGENT_H__ */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 59e018d..7ed7120 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c [...] +static int +qemuDomainSetTime(virDomainPtr dom, + long long set_time, + const char *timezone, + unsigned int flags) +{ +virQEMUDriverPtr driver = dom-conn-privateData; +virDomainObjPtr vm; +int ret = -1; +bool sync = flags VIR_DOMAIN_TIME_SYNC; +qemuDomainObjPrivatePtr priv; + +virCheckFlags(VIR_DOMAIN_TIME_SYNC, ret); + +if (timezone) { +virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, %s, + _(Supplying timezone is not supported yet)); +return ret; OK, now I get why you didn't use that variable :) Are you planning on adding the possibility into qemu driver or it will be available in guest agent? Not that it matters for this patch, just curious. Rest looks fine, Martin signature.asc Description: Digital signature -- libvir-list mailing list libvir-list@redhat.com
Re: [libvirt] [PATCH] [RFC] lxc: Remove !priv-cgroup case
Am 14.02.2014 15:30, schrieb Daniel P. Berrange: On Fri, Feb 14, 2014 at 03:21:01PM +0100, Richard Weinberger wrote: Currently we enforce that every container has a cgroup. So we can delete these two !priv-cgroup branches. Signed-off-by: Richard Weinberger rich...@nod.at --- Hi! Maybe I miss something but I think we can delete these two !priv-cgroup branches. If virLXCCgroupCreate() returns NULL the LXC controller exists. Unfortunately there's an issue that 'virLXCProcessStop' method can be called from 'virLXCProcessStart' when container startup fails and in this case we don't guarantee cgroup != NULL. Hmm, I see the issue. Maybe I find a nice solution to clean this up. Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Destroying a suspended LXC domain
Quoting Daniel P. Berrange (berra...@redhat.com): On Fri, Feb 14, 2014 at 11:14:39AM +0100, Richard Weinberger wrote: Hi! If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the process freezer. Upon destroy libvirt tries to kill all tasks using SIGTERM and later SIGKILL, but as they are frozen the tasks are unkillable. This seems to confuse libvirt, all tasks remain but libvirt forgets the domain. Here a small example: ---cut--- lxc-host1:/etc # /opt/libvirt-dev/bin/virsh domstate my3rdcontainer paused lxc-host1:/etc # /opt/libvirt-dev/bin/virsh destroy my3rdcontainer error: Failed to destroy domain my3rdcontainer error: internal error: Some processes refused to die lxc-host1:/etc # ps fax ... 2118 ?Dsl0:00 /opt/libvirt-dev/lib/libvirt_lxc --name my3rdcontainer --console 19 --security=none --handshake 22 --backgr 2128 ?Ds 0:00 \_ /sbin/init 2152 ?Ds 0:00 \_ /usr/lib/systemd/systemd-journald 2171 ?Ds 0:00 \_ /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 2174 ?Ds 0:00 \_ /usr/lib/systemd/systemd-logind 2189 ?Dsl0:00 \_ /usr/sbin/rsyslogd -n 2778 ?Ds 0:00 \_ /usr/sbin/cron -n 2782 pts/0Ds+0:00 \_ /sbin/agetty --noclear -s console 115200 38400 9600 2786 ?Ds 0:00 \_ /usr/sbin/sshd -D ... ---cut--- I can think of three options to deal with that. a) Refuse to destroy a suspended LXC domain b) Implicitly resume it upon destroy c) Send a SIGKILL to each task and then thaw all tasks using the process freezer. If the task is woken up the it sees immediately the pending SIGKILL and dies. I'd vote for c) because I want to destroy a LXC domain without resuming it. I.e. I want to kill it to avoid any further IO from the already suspended domain. Yes, I think c) is the only reasonable option here. Allowing processes any window where they can continue executing is not ok. ( For the record that's what lxc does as well - +1 ) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 0/2] Support IPv6 in port allocator
On 02/06/2014 05:43 PM, Ján Tomko wrote: v1: Support IPv6 in port allocator https://www.redhat.com/archives/libvir-list/2013-October/msg7.html v2: https://www.redhat.com/archives/libvir-list/2013-October/msg01313.html bind to v4 and v6 separately v3: fix the embarrasing bug of hardcoding AF_INET anyway added a test that mocks a v4-only system even on systems with IPv6 compiled in Ján Tomko (2): Split out bind() from virPortAllocatorAcquire Support IPv6 in port allocator src/util/virportallocator.c | 106 +++ tests/virportallocatortest.c | 68 +-- 2 files changed, 143 insertions(+), 31 deletions(-) I've pushed the series, thank you for the reviews! Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 14.02.2014 15:16, Eric Blake wrote: On 02/13/2014 11:51 AM, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- +/** + * virDomainGetTime: + * @dom: a domain object + * @time: where to store the domain's time + * @flags: extra flags, not used yet, so callers should always pass 0 + * + * Get the information about guest time relative to the Epoch of + * 1970-01-01 in UTC. The returned time is in seconds. Even though qga doesn't yet provide it, should we make this API flexible enough to also allow return the timezone offset of the guest for hypervisors that have a way of reporting that from the guest? That is, documenting that the reported time is always normalized to UTC is okay, but it would also be nice to have an int* parameter that can store the timezone offset, if known. Sure, great idea. + * + * Please note that some hypoervisors may require guest agent to s/hypoervisors/hypervisors/ + * be configured and running in order to be able to run this API. + * + * Returns 0 on success, -1 otherwise. + */ +int +virDomainGetTime(virDomainPtr dom, + long long *time, + unsigned int flags) +{ +VIR_DOMAIN_DEBUG(dom, time=%p, flags=%x, + time, flags); + +virResetLastError(); + +virCheckDomainReturn(dom, -1); +virCheckReadOnlyGoto(dom-conn-flags, error); Good - since this may involve guest agent interaction, it should not be allowed on read-only clients. + +/** + * virDomainSetTime: + * @dom: a domain object + * @time: time to set in the domain + * @timezone: timezone of @time, currently not used, always pass NULL + * @flags: extra flags, not used yet, so callers should always pass 0 There is an upstream patch pending for qga that adds the ability to call set-time without a time specification, which then tells the guest to reread its (virtual) hardware clock and adjust its time from there. https://lists.gnu.org/archive/html/qemu-devel/2014-02/msg02333.html We need to support that option; I suggest that it might be worth defining our first @flags option. Ouch. I'm already introducing virDomainSetTimeFlags and even in this patch. So the description is bogus. I'll fix it. + * + * When a domain is suspended or restored from a file the + * domain's OS has no idea that there was a big gap in the time. + * Depending on how long the gap was, NTP might not be able to + * resynchronize the guest. + * + * This API tries to set guest time to the given value. The time + * should be in seconds, relative to the Epoch of 1970-01-01 in UTC. + * + * Please note that some hypoervisors may require guest agent to s/hypoervisors/hypervisors/ + * be configured and running in order to be able to run this API. + * + * Returns 0 on success, -1 otherwise. + */ +int +virDomainSetTime(virDomainPtr dom, + long long time, + const char *timezone, If timezone is not NULL, how would it be interpreted? Would it be better to report a timezone as an int (minutes east or west from UTC) than a string? Yeah. That would ease things. Okay, I'll change that and repost. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/2] Test secret XML parsing and formatting
Ján Tomko (2): docs: remove auth from secret XML format Add tests for secret XML parsing docs/formatsecret.html.in| 2 - tests/Makefile.am| 12 ++- tests/secretschematest | 10 +++ tests/secretxml2xmlin/ephemeral-usage-volume.xml | 7 ++ tests/secretxml2xmlin/usage-ceph.xml | 7 ++ tests/secretxml2xmlin/usage-iscsi.xml| 7 ++ tests/secretxml2xmlin/usage-volume.xml | 7 ++ tests/secretxml2xmltest.c| 98 8 files changed, 147 insertions(+), 3 deletions(-) create mode 100755 tests/secretschematest create mode 100644 tests/secretxml2xmlin/ephemeral-usage-volume.xml create mode 100644 tests/secretxml2xmlin/usage-ceph.xml create mode 100644 tests/secretxml2xmlin/usage-iscsi.xml create mode 100644 tests/secretxml2xmlin/usage-volume.xml create mode 100644 tests/secretxml2xmltest.c -- 1.8.3.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Revert storage: Introduce internal pool support
The internal pools were an idea in one of the first iterations of the gluster series that deemed unused. Somehow still this got pushed. Remove it as the internal flag isn't needed. This reverts commit 362da8209d760fc1acd3a1c8df5b04aa676492eb. --- src/conf/storage_conf.c | 3 --- src/conf/storage_conf.h | 1 - src/storage/storage_driver.c | 12 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index eaa9325..e4232e9 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -2172,9 +2172,6 @@ static bool virStoragePoolMatch(virStoragePoolObjPtr poolobj, unsigned int flags) { -if (poolobj-internal) -return false; - /* filter by active state */ if (MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_ACTIVE) !((MATCH(VIR_CONNECT_LIST_STORAGE_POOLS_ACTIVE) diff --git a/src/conf/storage_conf.h b/src/conf/storage_conf.h index cada861..251b968 100644 --- a/src/conf/storage_conf.h +++ b/src/conf/storage_conf.h @@ -332,7 +332,6 @@ struct _virStoragePoolObj { int active; int autostart; unsigned int asyncjobs; -bool internal; virStoragePoolDefPtr def; virStoragePoolDefPtr newDef; diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 64451c5..e0ebdb0 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -376,8 +376,7 @@ storageConnectNumOfStoragePools(virConnectPtr conn) { virStoragePoolObjPtr obj = driver-pools.objs[i]; virStoragePoolObjLock(obj); if (virConnectNumOfStoragePoolsCheckACL(conn, obj-def) -virStoragePoolObjIsActive(obj) -!obj-internal) +virStoragePoolObjIsActive(obj)) nactive++; virStoragePoolObjUnlock(obj); } @@ -402,8 +401,7 @@ storageConnectListStoragePools(virConnectPtr conn, virStoragePoolObjPtr obj = driver-pools.objs[i]; virStoragePoolObjLock(obj); if (virConnectListStoragePoolsCheckACL(conn, obj-def) -virStoragePoolObjIsActive(obj) -!obj-internal) { +virStoragePoolObjIsActive(obj)) { if (VIR_STRDUP(names[got], obj-def-name) 0) { virStoragePoolObjUnlock(obj); goto cleanup; @@ -437,8 +435,7 @@ storageConnectNumOfDefinedStoragePools(virConnectPtr conn) { virStoragePoolObjPtr obj = driver-pools.objs[i]; virStoragePoolObjLock(obj); if (virConnectNumOfDefinedStoragePoolsCheckACL(conn, obj-def) -!virStoragePoolObjIsActive(obj) -!obj-internal) +!virStoragePoolObjIsActive(obj)) nactive++; virStoragePoolObjUnlock(obj); } @@ -463,8 +460,7 @@ storageConnectListDefinedStoragePools(virConnectPtr conn, virStoragePoolObjPtr obj = driver-pools.objs[i]; virStoragePoolObjLock(obj); if (virConnectListDefinedStoragePoolsCheckACL(conn, obj-def) -!virStoragePoolObjIsActive(obj) -!obj-internal) { +!virStoragePoolObjIsActive(obj)) { if (VIR_STRDUP(names[got], obj-def-name) 0) { virStoragePoolObjUnlock(obj); goto cleanup; -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Forgot to add lxcconf2xmldata to dist.
--- tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 0718a69..9bb61ca 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -72,6 +72,7 @@ EXTRA_DIST = \ domainsnapshotxml2xmlout \ fchostdata \ interfaceschemadata \ + lxcconf2xmldata \ lxcxml2xmldata \ lxcxml2xmloutdata \ networkschematest \ -- 1.8.5.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 13.02.2014 19:51, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. Signed-off-by: Michal Privoznik mpriv...@redhat.com --- include/libvirt/libvirt.h.in | 13 +++ src/driver.h | 13 +++ src/libvirt.c| 91 src/libvirt_public.syms | 6 +++ 4 files changed, 123 insertions(+) +/** + * virDomainSetTime: + * @dom: a domain object + * @time: time to set in the domain + * @timezone: timezone of @time, currently not used, always pass NULL + * @flags: extra flags, not used yet, so callers should always pass 0 + * + * When a domain is suspended or restored from a file the + * domain's OS has no idea that there was a big gap in the time. + * Depending on how long the gap was, NTP might not be able to + * resynchronize the guest. + * + * This API tries to set guest time to the given value. The time + * should be in seconds, relative to the Epoch of 1970-01-01 in UTC. One question though. qemu-ga currently takes nanoseconds in its 'guest-set-time' and returns nanoseconds in 'guest-get-time'. I know nanoseconds are out of scope for libvirt. But aren't seconds too gross? Maybe we want something more finer - miliseconds perhaps. In my measurements I was unable to get below 6-7 miliseconds: for ((i=0; i100; i++)) ; do virsh -t qemu-agent-command rhel7 '{execute:guest-ping}' | grep Time; done | sort -n -t ':' -k 2 (Time: 7,590 ms) (Time: 7,601 ms) (Time: 7,635 ms) (Time: 7,682 ms) (although to be fair, this involves domain lookup API too) Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Forgot to add lxcconf2xmldata to dist.
On 02/14/2014 04:06 PM, Cédric Bosdonnat wrote: --- tests/Makefile.am | 1 + 1 file changed, 1 insertion(+) ACK and pushed. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] Add tests for secret XML parsing
also validate it against the RNG schema. --- tests/Makefile.am| 12 ++- tests/secretschematest | 10 +++ tests/secretxml2xmlin/ephemeral-usage-volume.xml | 7 ++ tests/secretxml2xmlin/usage-ceph.xml | 7 ++ tests/secretxml2xmlin/usage-iscsi.xml| 7 ++ tests/secretxml2xmlin/usage-volume.xml | 7 ++ tests/secretxml2xmltest.c| 98 7 files changed, 147 insertions(+), 1 deletion(-) create mode 100755 tests/secretschematest create mode 100644 tests/secretxml2xmlin/ephemeral-usage-volume.xml create mode 100644 tests/secretxml2xmlin/usage-ceph.xml create mode 100644 tests/secretxml2xmlin/usage-iscsi.xml create mode 100644 tests/secretxml2xmlin/usage-volume.xml create mode 100644 tests/secretxml2xmltest.c diff --git a/tests/Makefile.am b/tests/Makefile.am index 0718a69..404c17d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -94,6 +94,7 @@ EXTRA_DIST = \ qemuxml2argvdata \ qemuxml2xmloutdata \ qemuxmlnsdata \ + secretxml2xmlin \ securityselinuxlabeldata \ schematestutils.sh \ sexpr2xmldata \ @@ -257,6 +258,8 @@ test_programs += cputest test_programs += metadatatest +test_programs += secretxml2xmltest + test_scripts = \ capabilityschematest \ interfaceschematest \ @@ -266,7 +269,8 @@ test_scripts = \ domainschematest \ nodedevschematest \ nwfilterschematest \ - domainsnapshotschematest + domainsnapshotschematest \ + secretschematest if WITH_LIBVIRTD test_scripts +=\ @@ -611,6 +615,12 @@ nwfilterxml2xmltest_SOURCES = \ testutils.c testutils.h nwfilterxml2xmltest_LDADD = $(LDADDS) +secretxml2xmltest_SOURCES = \ + secretxml2xmltest.c \ + testutils.c testutils.h +secretxml2xmltest_LDADD = $(LDADDS) + + if WITH_STORAGE storagevolxml2argvtest_SOURCES = \ storagevolxml2argvtest.c \ diff --git a/tests/secretschematest b/tests/secretschematest new file mode 100755 index 000..f64d1a3 --- /dev/null +++ b/tests/secretschematest @@ -0,0 +1,10 @@ +#!/bin/sh + +: ${srcdir=.} +. $srcdir/test-lib.sh +. $abs_srcdir/schematestutils.sh + +DIRS=secretxml2xmlin +SCHEMA=secret.rng + +check_schema $DIRS $SCHEMA diff --git a/tests/secretxml2xmlin/ephemeral-usage-volume.xml b/tests/secretxml2xmlin/ephemeral-usage-volume.xml new file mode 100644 index 000..e273c57 --- /dev/null +++ b/tests/secretxml2xmlin/ephemeral-usage-volume.xml @@ -0,0 +1,7 @@ +secret ephemeral='yes' private='yes' + uuid22e1353d-c27e-4d6d-bf15-465053e6ba0b/uuid + descriptionEphemeral Private Secret/description + usage type='volume' +volume/var/lib/libvirt/images/image.img/volume + /usage +/secret diff --git a/tests/secretxml2xmlin/usage-ceph.xml b/tests/secretxml2xmlin/usage-ceph.xml new file mode 100644 index 000..e880293 --- /dev/null +++ b/tests/secretxml2xmlin/usage-ceph.xml @@ -0,0 +1,7 @@ +secret ephemeral='no' private='yes' + uuidf52a81b2-424e-490c-823d-6bd4235bc572/uuid + descriptionCeph secret/description + usage type='ceph' +nameCephCephCephCeph/name + /usage +/secret diff --git a/tests/secretxml2xmlin/usage-iscsi.xml b/tests/secretxml2xmlin/usage-iscsi.xml new file mode 100644 index 000..bfc9472 --- /dev/null +++ b/tests/secretxml2xmlin/usage-iscsi.xml @@ -0,0 +1,7 @@ +secret ephemeral='no' private='yes' + uuid27f25d34-aea6-4e2a-be85-fa2c18380be8/uuid + descriptioniSCSI secret/description + usage type='iscsi' +targetiscsitarget/target + /usage +/secret diff --git a/tests/secretxml2xmlin/usage-volume.xml b/tests/secretxml2xmlin/usage-volume.xml new file mode 100644 index 000..e273c57 --- /dev/null +++ b/tests/secretxml2xmlin/usage-volume.xml @@ -0,0 +1,7 @@ +secret ephemeral='yes' private='yes' + uuid22e1353d-c27e-4d6d-bf15-465053e6ba0b/uuid + descriptionEphemeral Private Secret/description + usage type='volume' +volume/var/lib/libvirt/images/image.img/volume + /usage +/secret diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c new file mode 100644 index 000..be9ef64 --- /dev/null +++ b/tests/secretxml2xmltest.c @@ -0,0 +1,98 @@ +#include config.h + +#include stdlib.h + +#include internal.h +#include testutils.h +#include secret_conf.h + +#define VIR_FROM_THIS VIR_FROM_NONE + +static int +testCompareXMLToXMLFiles(const char *inxml, const char *outxml) +{ +char *inXmlData = NULL; +char *outXmlData = NULL; +char *actual = NULL; +int ret = -1; +virSecretDefPtr secret = NULL; + +if (virtTestLoadFile(inxml, inXmlData) 0) +goto fail; +if (virtTestLoadFile(outxml, outXmlData) 0) +goto fail; + +if (!(secret = virSecretDefParseString(inXmlData))) +goto fail; + +if (!(actual = virSecretDefFormat(secret))) +goto fail; + +if (STRNEQ(outXmlData, actual)) { +
Re: [libvirt] [PATCH] Revert storage: Introduce internal pool support
On 02/14/2014 08:08 AM, Peter Krempa wrote: The internal pools were an idea in one of the first iterations of the gluster series that deemed unused. Somehow still this got pushed. Remove grammar is off, but I'm not sure of the best fix. Maybe one of: of the gluster series, which we decided not to use. of the gluster series, deemed unused by later iterations. it as the internal flag isn't needed. This reverts commit 362da8209d760fc1acd3a1c8df5b04aa676492eb. --- src/conf/storage_conf.c | 3 --- src/conf/storage_conf.h | 1 - src/storage/storage_driver.c | 12 3 files changed, 4 insertions(+), 12 deletions(-) ACK to the revert. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH glib] Fix symfile checks in VPATH build
The check-symfile and check-symsorting rules were not taking $(srcdir) into account when accessing the symfile paths. Signed-off-by: Daniel P. Berrange berra...@redhat.com --- build-aux/check-symsorting.pl | 3 +-- libvirt-gconfig/Makefile.am | 4 ++-- libvirt-glib/Makefile.am | 4 ++-- libvirt-gobject/Makefile.am | 4 ++-- 4 files changed, 7 insertions(+), 8 deletions(-) Pushed as a build-breaker fix. diff --git a/build-aux/check-symsorting.pl b/build-aux/check-symsorting.pl index 470247c..31b6059 100755 --- a/build-aux/check-symsorting.pl +++ b/build-aux/check-symsorting.pl @@ -19,10 +19,9 @@ use strict; use warnings; -die syntax: $0 SRCDIR SYMFILE... unless int(@ARGV) = 2; +die syntax: $0 SYMFILE... unless int(@ARGV) = 1; my $ret = 0; -my $srcdir = shift; my $incomment = 0; my $name; foreach my $symfile (@ARGV) { diff --git a/libvirt-gconfig/Makefile.am b/libvirt-gconfig/Makefile.am index e32d222..d328ca7 100644 --- a/libvirt-gconfig/Makefile.am +++ b/libvirt-gconfig/Makefile.am @@ -224,14 +224,14 @@ libvirt-gconfig-enum-types.c: $(GCONFIG_HEADER_FILES) libvirt-gconfig-enum-types # rule for libosvirt-gconfig.la. However, checking symbols relies on Linux ELF layout if WITH_LINUX check-symfile: libvirt-gconfig.sym libvirt-gconfig-1.0.la - $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl libvirt-gconfig.sym \ + $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl $(srcdir)/libvirt-gconfig.sym \ .libs/libvirt-gconfig-1.0.so else ! WITH_LINUX check-symfile: endif ! WITH_LINUX check-symsorting: $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symsorting.pl \ - $(srcdir) libvirt-gconfig.sym + $(srcdir)/libvirt-gconfig.sym check-local: check-symfile check-symsorting -include $(INTROSPECTION_MAKEFILE) diff --git a/libvirt-glib/Makefile.am b/libvirt-glib/Makefile.am index 15b9917..a48cfbb 100644 --- a/libvirt-glib/Makefile.am +++ b/libvirt-glib/Makefile.am @@ -41,14 +41,14 @@ libvirt_glib_1_0_la_LDFLAGS = \ # rule for libosvirt-glib.la. However, checking symbols relies on Linux ELF layout if WITH_LINUX check-symfile: libvirt-glib.sym libvirt-glib-1.0.la - $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl libvirt-glib.sym \ + $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl $(srcdir)/libvirt-glib.sym \ .libs/libvirt-glib-1.0.so else ! WITH_LINUX check-symfile: endif ! WITH_LINUX check-symsorting: $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symsorting.pl \ - $(srcdir) libvirt-glib.sym + $(srcdir)/libvirt-glib.sym check-local: check-symfile check-symsorting -include $(INTROSPECTION_MAKEFILE) diff --git a/libvirt-gobject/Makefile.am b/libvirt-gobject/Makefile.am index b6b2a5d..516c10f 100644 --- a/libvirt-gobject/Makefile.am +++ b/libvirt-gobject/Makefile.am @@ -124,14 +124,14 @@ CLEANFILES = $(BUILT_SOURCES) # rule for libosvirt-gobject.la. However, checking symbols relies on Linux ELF layout if WITH_LINUX check-symfile: libvirt-gobject.sym libvirt-gobject-1.0.la - $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl libvirt-gobject.sym \ + $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symfile.pl $(srcdir)/libvirt-gobject.sym \ .libs/libvirt-gobject-1.0.so else ! WITH_LINUX check-symfile: endif ! WITH_LINUX check-symsorting: $(AM_V_GEN)$(PERL) $(top_srcdir)/build-aux/check-symsorting.pl \ - $(srcdir) libvirt-gobject.sym + $(srcdir)/libvirt-gobject.sym check-local: check-symfile check-symsorting -include $(INTROSPECTION_MAKEFILE) -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: Add virCgroupSetOwner()
next problem: on centos6 there is no systemd. the init of the cgroups is handled by cgconfig. per default cgroups are mounted below /cgroup. i change /etc/cgconfig.conf to mount all cgroups below /sys/fs/cgroup. but thats not enough for the systemd in the container. i must add name=systemd = /sys/fs/cgroup/systemd; to /etc/cgconfig.conf. is this secure? is it ok to run more then one systemd container with this config? maybe libvirt should init the name=systemd thing. /stephan -- Software is like sex, it's better when it's free! -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 02/14/2014 08:14 AM, Michal Privoznik wrote: On 13.02.2014 19:51, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. + * + * This API tries to set guest time to the given value. The time + * should be in seconds, relative to the Epoch of 1970-01-01 in UTC. One question though. qemu-ga currently takes nanoseconds in its 'guest-set-time' and returns nanoseconds in 'guest-get-time'. I know nanoseconds are out of scope for libvirt. But aren't seconds too gross? Maybe we want something more finer - miliseconds perhaps. In my measurements I was unable to get below 6-7 miliseconds: We definitely need subsecond resolution. Maybe best is to mirror struct timespec, by providing 'long long seconds' and 'unsigned int nanos'. Even if nanos are too fine and precision is lost along the way, there's no need to artificially limit things for when performance gets faster in the future. for ((i=0; i100; i++)) ; do virsh -t qemu-agent-command rhel7 '{execute:guest-ping}' | grep Time; done | sort -n -t ':' -k 2 (Time: 7,590 ms) (Time: 7,601 ms) (Time: 7,635 ms) (Time: 7,682 ms) (although to be fair, this involves domain lookup API too) Not to mention that your approach was spawning an app and connection per request, rather than reusing a connection within a single app. And while I'm thinking about it, I would like to make sure that at least the virsh command has a way to both set an explicit time, as well as to request a sync to the host time without having to specify a timestamp (that is, a common use case will be to sync the guest to the time that the host is using, without having to first figure out the host time and type that into the virsh command line). But I'm not sure whether such convenience should be limited to virsh, or actually folded into the API via another flag. Remember, if it is virsh that does it, then the time being chosen is local to the host running virsh; whereas if a flag is used, then the time chosen will be on the hypervisor (which is different than the host running virsh if you use remote connection) -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] lxc: Add destroy support for suspended domains
Destroying a suspended domain needs special action. We cannot simply terminate all process because they are frozen. Do deal with that we send them SIGKILL and thaw them. Upon wakeup the process sees the pending signal and dies immediately. Signed-off-by: Richard Weinberger rich...@nod.at --- src/lxc/lxc_process.c | 25 + 1 file changed, 25 insertions(+) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index ed729f6..b518dce 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -697,6 +697,30 @@ int virLXCProcessStop(virLXCDriverPtr driver, VIR_FREE(vm-def-seclabels[0]-imagelabel); } +/* If the LXC domain is suspended we send all processes a SIGKILL + * and thaw them. Upon wakeup the process sees the pending signal + * and dies immediately. It is guaranteed that priv-cgroup != NULL + * here because the domain has aleady been suspended using the + * freezer cgroup. + */ +if (reason == VIR_DOMAIN_SHUTOFF_DESTROYED +virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) { +if (virCgroupKillRecursive(priv-cgroup, SIGKILL) = 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Unable to kill all processes)); +return -1; +} + +if (virCgroupSetFreezerState(priv-cgroup, THAWED) 0) { +virReportError(VIR_ERR_OPERATION_FAILED, + _(Unable to thaw all processes)); + +return -1; +} + +goto cleanup; +} + if (priv-cgroup) { rc = virCgroupKillPainfully(priv-cgroup); if (rc 0) @@ -716,6 +740,7 @@ int virLXCProcessStop(virLXCDriverPtr driver, } } +cleanup: virLXCProcessCleanup(driver, vm, reason); return 0; -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] Test secret XML parsing and formatting
On 02/14/2014 08:08 AM, Ján Tomko wrote: Ján Tomko (2): docs: remove auth from secret XML format Add tests for secret XML parsing ACK series. Wow - we've gone that long without testing secret XML? docs/formatsecret.html.in| 2 - tests/Makefile.am| 12 ++- tests/secretschematest | 10 +++ tests/secretxml2xmlin/ephemeral-usage-volume.xml | 7 ++ tests/secretxml2xmlin/usage-ceph.xml | 7 ++ tests/secretxml2xmlin/usage-iscsi.xml| 7 ++ tests/secretxml2xmlin/usage-volume.xml | 7 ++ tests/secretxml2xmltest.c| 98 8 files changed, 147 insertions(+), 3 deletions(-) create mode 100755 tests/secretschematest create mode 100644 tests/secretxml2xmlin/ephemeral-usage-volume.xml create mode 100644 tests/secretxml2xmlin/usage-ceph.xml create mode 100644 tests/secretxml2xmlin/usage-iscsi.xml create mode 100644 tests/secretxml2xmlin/usage-volume.xml create mode 100644 tests/secretxml2xmltest.c -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] Test secret XML parsing and formatting
On 02/14/2014 04:44 PM, Eric Blake wrote: On 02/14/2014 08:08 AM, Ján Tomko wrote: Ján Tomko (2): docs: remove auth from secret XML format Add tests for secret XML parsing ACK series. Wow - we've gone that long without testing secret XML? Thanks, pushed. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Looking for project ideas and mentors for Google Summer of Code 2014
On Fri, Feb 14, 2014 at 03:22:04PM +0100, Cedric Bosdonnat wrote: On Fri, 2014-02-14 at 09:16 +0100, Jan Kiszka wrote: I need to submit our organization application (including our project ideas) on Friday. Hope it's not too late: just added the VT-d emulation proposal. It's not too late. Ideas page must be ready when students will discover the list of accepted organizations on Monday 24th. I'm not GSoc admin here, but on LibreOffice ;) The project ideas list is linked from the organization application form and Google folks have mentioned messy/incomplete project ideas lists when giving feedback to orgs that were not accepted. This is why it's worth having the project ideas list ready. But Cedric is right that we can still add project ideas later. I set the hard deadline at March 10th when students begin applying. Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v1 1/4] Introduce virDomain{Get,Set}Time APIs
On 14.02.2014 16:39, Eric Blake wrote: On 02/14/2014 08:14 AM, Michal Privoznik wrote: On 13.02.2014 19:51, Michal Privoznik wrote: These APIs allow users to get or set time in a domain, which may come handy if the domain has been resumed just recently and NTP is not configured or hasn't kicked in yet and the guest is running something time critical. In addition, NTP may refuse to re-set the clock if the skew is too big. + * + * This API tries to set guest time to the given value. The time + * should be in seconds, relative to the Epoch of 1970-01-01 in UTC. One question though. qemu-ga currently takes nanoseconds in its 'guest-set-time' and returns nanoseconds in 'guest-get-time'. I know nanoseconds are out of scope for libvirt. But aren't seconds too gross? Maybe we want something more finer - miliseconds perhaps. In my measurements I was unable to get below 6-7 miliseconds: We definitely need subsecond resolution. Maybe best is to mirror struct timespec, by providing 'long long seconds' and 'unsigned int nanos'. Even if nanos are too fine and precision is lost along the way, there's no need to artificially limit things for when performance gets faster in the future. for ((i=0; i100; i++)) ; do virsh -t qemu-agent-command rhel7 '{execute:guest-ping}' | grep Time; done | sort -n -t ':' -k 2 (Time: 7,590 ms) (Time: 7,601 ms) (Time: 7,635 ms) (Time: 7,682 ms) (although to be fair, this involves domain lookup API too) Not to mention that your approach was spawning an app and connection per request, rather than reusing a connection within a single app. Reconnecting is not counted in the timing: if ((ctl-conn == NULL || disconnected) !(cmd-def-flags VSH_CMD_FLAG_NOCONNECT)) vshReconnect(ctl); if (enable_timing) GETTIMEOFDAY(before); if ((cmd-def-flags VSH_CMD_FLAG_NOCONNECT) || vshConnectionUsability(ctl, ctl-conn)) { ret = cmd-def-handler(ctl, cmd); } else { /* connection is not usable, return error */ ret = false; } if (enable_timing) GETTIMEOFDAY(after); And while I'm thinking about it, I would like to make sure that at least the virsh command has a way to both set an explicit time, as well as to request a sync to the host time without having to specify a timestamp (that is, a common use case will be to sync the guest to the time that the host is using, without having to first figure out the host time and type that into the virsh command line). But I'm not sure whether such convenience should be limited to virsh, or actually folded into the API via another flag. Remember, if it is virsh that does it, then the time being chosen is local to the host running virsh; whereas if a flag is used, then the time chosen will be on the hypervisor (which is different than the host running virsh if you use remote connection) The patches I'm proposing have the virsh part. With them you can do both: virsh domtime $dom --sync virsh domtime $dom --now virsh domtime $dom 1234567890 Where --now is taken from the host running virsh, not where libvirtd is running. For --host-now (to take the $now from libvirtd) - my patches don't implement this right now, but they certainly create environment for it - just a new flag needs to be added. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 01/10] Add util virCgroupGetBlkioIo*Serviced methods.
This reads blkio stats from blkio.throttle.io_service_bytes and blkio.throttle.io_serviced. --- src/libvirt_private.syms | 2 + src/util/vircgroup.c | 254 +++ src/util/vircgroup.h | 12 +++ 3 files changed, 268 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0b28bac..88a1a89 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1007,6 +1007,8 @@ virCgroupDenyDevice; virCgroupDenyDeviceMajor; virCgroupDenyDevicePath; virCgroupFree; +virCgroupGetBlkioIoDeviceServiced; +virCgroupGetBlkioIoServiced; virCgroupGetBlkioWeight; virCgroupGetCpuacctPercpuUsage; virCgroupGetCpuacctStat; diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index a6d60c5..867bd26 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -1786,6 +1786,233 @@ virCgroupPathOfController(virCgroupPtr group, /** + * virCgroupGetBlkioIoServiced: + * + * @group: The cgroup to get throughput for + * @bytes_read: Pointer to returned bytes read + * @bytes_write: Pointer to returned bytes written + * @requests_read: Pointer to returned read io ops + * @requests_write: Pointer to returned write io ops + * + * Returns: 0 on success, -1 on error + */ +int +virCgroupGetBlkioIoServiced(virCgroupPtr group, +long long *bytes_read, +long long *bytes_write, +long long *requests_read, +long long *requests_write) +{ +long long stats_val; +char *str1 = NULL, *str2 = NULL, *p1, *p2; +size_t i; +int ret = -1; + +const char *value_names[] = { +Read , +Write +}; +long long *bytes_ptrs[] = { +bytes_read, +bytes_write +}; +long long *requests_ptrs[] = { +requests_read, +requests_write +}; + +*bytes_read = 0; +*bytes_write = 0; +*requests_read = 0; +*requests_write = 0; + +if (virCgroupGetValueStr(group, + VIR_CGROUP_CONTROLLER_BLKIO, + blkio.throttle.io_service_bytes, str1) 0) +goto cleanup; + +if (virCgroupGetValueStr(group, + VIR_CGROUP_CONTROLLER_BLKIO, + blkio.throttle.io_serviced, str2) 0) +goto cleanup; + +/* sum up all entries of the same kind, from all devices */ +for (i = 0; i ARRAY_CARDINALITY(value_names); i++) { +p1 = str1; +p2 = str2; + +while ((p1 = strstr(p1, value_names[i]))) { +p1 += strlen(value_names[i]); +if (virStrToLong_ll(p1, p1, 10, stats_val) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Cannot parse byte %sstat '%s'), + value_names[i], + p1); +goto cleanup; +} + +if (stats_val 0 || +(stats_val 0 *bytes_ptrs[i] (LLONG_MAX - stats_val))) +{ +virReportError(VIR_ERR_OVERFLOW, + _(Sum of byte %sstat overflows), + value_names[i]); +goto cleanup; +} +*bytes_ptrs[i] += stats_val; +} + +while ((p2 = strstr(p2, value_names[i]))) { +p2 += strlen(value_names[i]); +if (virStrToLong_ll(p2, p2, 10, stats_val) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(Cannot parse %srequest stat '%s'), + value_names[i], + p2); +goto cleanup; +} + +if (stats_val 0 || +(stats_val 0 *requests_ptrs[i] (LLONG_MAX - stats_val))) +{ +virReportError(VIR_ERR_OVERFLOW, + _(Sum of %srequest stat overflows), + value_names[i]); +goto cleanup; +} +*requests_ptrs[i] += stats_val; +} +} + +ret = 0; + +cleanup: +VIR_FREE(str2); +VIR_FREE(str1); +return ret; +} + + +/** + * virCgroupGetBlkioIoDeviceServiced: + * + * @group: The cgroup to get throughput for + * @path: The device to get throughput for + * @bytes_read: Pointer to returned bytes read + * @bytes_write: Pointer to returned bytes written + * @requests_read: Pointer to returned read io ops + * @requests_write: Pointer to returned write io ops + * + * Returns: 0 on success, -1 on error + */ +int +virCgroupGetBlkioIoDeviceServiced(virCgroupPtr group, + const char *path, + long long *bytes_read, + long long *bytes_write, + long long *requests_read, + long long *requests_write) +{
[libvirt] [PATCHv4 06/10] Widening API change - accept empty path for virDomainBlockStats
And provide domain summary stat in that case, for lxc backend. Use case is a container inheriting all devices from the host, e.g. when doing application containerization. --- src/libvirt.c| 8 ++-- tools/virsh-domain-monitor.c | 11 --- tools/virsh.pod | 5 +++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/libvirt.c b/src/libvirt.c index 666ab1e..b0051bb 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -7747,7 +7747,9 @@ error: * an unambiguous source name of the block device (the source * file='...'/ sub-element, such as /path/to/image). Valid names * can be found by calling virDomainGetXMLDesc() and inspecting - * elements within //domain/devices/disk. + * elements within //domain/devices/disk. Some drivers might also + * accept the empty string for the @disk parameter, and then yield + * summary stats for the entire domain. * * Domains may have more than one block device. To get stats for * each you should make multiple calls to this function. @@ -7813,7 +7815,9 @@ error: * an unambiguous source name of the block device (the source * file='...'/ sub-element, such as /path/to/image). Valid names * can be found by calling virDomainGetXMLDesc() and inspecting - * elements within //domain/devices/disk. + * elements within //domain/devices/disk. Some drivers might also + * accept the empty string for the @disk parameter, and then yield + * summary stats for the entire domain. * * Domains may have more than one block device. To get stats for * each you should make multiple calls to this function. diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index de4afbb..105f841 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -888,7 +888,7 @@ static const vshCmdOptDef opts_domblkstat[] = { }, {.name = device, .type = VSH_OT_DATA, - .flags = VSH_OFLAG_REQ, + .flags = VSH_OFLAG_EMPTY_OK, .help = N_(block device) }, {.name = human, @@ -954,8 +954,13 @@ cmdDomblkstat(vshControl *ctl, const vshCmd *cmd) if (!(dom = vshCommandOptDomain(ctl, cmd, name))) return false; -if (vshCommandOptStringReq(ctl, cmd, device, device) 0) -goto cleanup; +/* device argument is optional now. if it's missing, supply empty + string to denote 'all devices'. A NULL device arg would violate + API contract. + */ +rc = vshCommandOptStringReq(ctl, cmd, device, device); /* and ignore rc */ +if (!device) +device = ; rc = virDomainBlockStatsFlags(dom, device, NULL, nparams, 0); diff --git a/tools/virsh.pod b/tools/virsh.pod index f221475..a13a1c7 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -623,12 +623,13 @@ If I--graceful is specified, don't resort to extreme measures (e.g. SIGKILL) when the guest doesn't stop after a reasonable timeout; return an error instead. -=item Bdomblkstat Idomain Iblock-device [I--human] +=item Bdomblkstat Idomain [Iblock-device] [I--human] Get device block stats for a running domain. A Iblock-device corresponds to a unique target name (target dev='name'/) or source file (source file='name'/) for one of the disk devices attached to Idomain (see -also Bdomblklist for listing these names). +also Bdomblklist for listing these names). On a lxc domain, omitting the +Iblock-device yields device block stats summarily for the entire domain. Use I--human for a more human readable output. -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 10/10] Add unit test for virCgroupGetPercpuStats.
--- tests/vircgrouptest.c | 66 +++ 1 file changed, 66 insertions(+) diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c index e05b882..5c14efb 100644 --- a/tests/vircgrouptest.c +++ b/tests/vircgrouptest.c @@ -33,6 +33,7 @@ # include virlog.h # include virfile.h # include testutilslxc.h +# include nodeinfo.h # define VIR_FROM_THIS VIR_FROM_NONE @@ -530,6 +531,68 @@ static int testCgroupAvailable(const void *args) return 0; } +static int testCgroupGetPercpuStats(const void *args ATTRIBUTE_UNUSED) +{ +virCgroupPtr cgroup = NULL; +size_t i; +int rv, ret = -1; +virTypedParameter params[2]; + +// TODO: mock nodeGetCPUCount() as well check 2nd cpu, too +unsigned long long expected[] = { +1413142688153030 +}; + +if ((rv = virCgroupNewPartition(/virtualmachines, true, +(1 VIR_CGROUP_CONTROLLER_CPU) | +(1 VIR_CGROUP_CONTROLLER_CPUACCT), +cgroup)) 0) { +fprintf(stderr, Could not create /virtualmachines cgroup: %d\n, -rv); +goto cleanup; +} + +if (nodeGetCPUCount() 1) { +fprintf(stderr, Unexpected: nodeGetCPUCount() yields: %d\n, nodeGetCPUCount()); +goto cleanup; +} + +if ((rv = virCgroupGetPercpuStats(cgroup, + params, + 2, 0, 1)) 0) { +fprintf(stderr, Failed call to virCgroupGetPercpuStats for /virtualmachines cgroup: %d\n, -rv); +goto cleanup; +} + +for (i = 0; i ARRAY_CARDINALITY(expected); i++) { +if (!STREQ(params[i].field, VIR_DOMAIN_CPU_STATS_CPUTIME)) { +fprintf(stderr, +Wrong parameter name value from virCgroupGetPercpuStats (is: %s)\n, +params[i].field); +goto cleanup; +} + +if (params[i].type != VIR_TYPED_PARAM_ULLONG) { +fprintf(stderr, +Wrong parameter value type from virCgroupGetPercpuStats (is: %d)\n, +params[i].type); +goto cleanup; +} + +if (params[i].value.ul != expected[i]) { +fprintf(stderr, +Wrong value from virCgroupGetMemoryUsage (expected %llu)\n, +params[i].value.ul); +goto cleanup; +} +} + +ret = 0; + +cleanup: +virCgroupFree(cgroup); +return ret; +} + static int testCgroupGetMemoryUsage(const void *args ATTRIBUTE_UNUSED) { virCgroupPtr cgroup = NULL; @@ -735,6 +798,9 @@ mymain(void) if (virtTestRun(virCgroupGetMemoryUsage works, testCgroupGetMemoryUsage, NULL) 0) ret = -1; +if (virtTestRun(virCgroupGetPercpuStats works, testCgroupGetPercpuStats, NULL) 0) +ret = -1; + setenv(VIR_CGROUP_MOCK_MODE, allinone, 1); if (virtTestRun(New cgroup for self (allinone), testCgroupNewForSelfAllInOne, NULL) 0) ret = -1; -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 00/10] Add BlkIO and CPU/mem stat API implementations for lxc
This patch set adds block io, memory and domain cpu statistics API slot implementations to the LXC driver, in order to get linux container monitoring and accounting a bit closer to qemu standards. The last patch is a tad quirky (happy to hear suggestions on alternative ways), in that it widens the permissible value set at the .domainBlockStats slot: for lxc guests, it is relatively likely to have zero disk devices, since host filesystems can be used via passthrough bind mounts. Therefore, passing the zero-length string as device path, is interpreted as 'return summary stats for the entire domains's block io'. v4 addresses the last remaining review comments. Thorsten Behrens (10): Add util virCgroupGetBlkioIo*Serviced methods. Implement domainMemoryStats API slot for LXC driver. Make qemuGetDomainTotalCPUStats a virCgroup function. Implement domainGetCPUStats for lxc driver. Implement lxcDomainBlockStats* for lxc driver Widening API change - accept empty path for virDomainBlockStats Add unit test for virCgroupGetBlkioIo*Serviced Add unit test for virCgroupGetMemoryUsage. Fix misspelled cpuacct.usage_percpu in cgroup mock. Add unit test for virCgroupGetPercpuStats. src/libvirt.c| 8 +- src/libvirt_private.syms | 4 + src/lxc/lxc_driver.c | 300 + src/qemu/qemu_driver.c | 54 +- src/util/vircgroup.c | 382 +++ src/util/vircgroup.h | 24 +++ tests/testutilslxc.h | 3 + tests/vircgroupmock.c| 100 ++- tests/vircgrouptest.c| 230 ++ tools/virsh-domain-monitor.c | 11 +- tools/virsh.pod | 5 +- 11 files changed, 1059 insertions(+), 62 deletions(-) -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 02/10] Implement domainMemoryStats API slot for LXC driver.
--- Notes to v4: - check errors before filling param array - UL-ULL change punted to separate patch src/lxc/lxc_driver.c | 56 1 file changed, 56 insertions(+) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index f735631..827d989 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -5197,6 +5197,61 @@ lxcNodeGetInfo(virConnectPtr conn, static int +lxcDomainMemoryStats(virDomainPtr dom, + struct _virDomainMemoryStat *stats, + unsigned int nr_stats, + unsigned int flags) +{ +virDomainObjPtr vm; +int ret = -1; +virLXCDomainObjPrivatePtr priv; +unsigned long long swap_usage; +unsigned long mem_usage; + +virCheckFlags(0, -1); + +if (!(vm = lxcDomObjFromDomain(dom))) +goto cleanup; + +priv = vm-privateData; + +if (virDomainMemoryStatsEnsureACL(dom-conn, vm-def) 0) +goto cleanup; + +if (!virCgroupGetMemSwapUsage(priv-cgroup, swap_usage)) +goto cleanup; + +if (!virCgroupGetMemoryUsage(priv-cgroup, mem_usage)) +goto cleanup; + +ret = 0; +if (!virDomainObjIsActive(vm)) +goto cleanup; + +if (ret nr_stats) { +stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON; +stats[ret].val = vm-def-mem.cur_balloon; +ret++; +} +if (ret nr_stats) { +stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_SWAP_IN; +stats[ret].val = swap_usage; +ret++; +} +if (ret nr_stats) { +stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_RSS; +stats[ret].val = mem_usage; +ret++; +} + +cleanup: +if (vm) +virObjectUnlock(vm); +return ret; +} + + +static int lxcNodeGetCPUStats(virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, @@ -5426,6 +5481,7 @@ static virDriver lxcDriver = { .domainSetSchedulerParameters = lxcDomainSetSchedulerParameters, /* 0.5.0 */ .domainSetSchedulerParametersFlags = lxcDomainSetSchedulerParametersFlags, /* 0.9.2 */ .domainInterfaceStats = lxcDomainInterfaceStats, /* 0.7.3 */ +.domainMemoryStats = lxcDomainMemoryStats, /* 1.2.2 */ .nodeGetCPUStats = lxcNodeGetCPUStats, /* 0.9.3 */ .nodeGetMemoryStats = lxcNodeGetMemoryStats, /* 0.9.3 */ .nodeGetCellsFreeMemory = lxcNodeGetCellsFreeMemory, /* 0.6.5 */ -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 05/10] Implement lxcDomainBlockStats* for lxc driver
Adds lxcDomainBlockStatsFlags and lxcDomainBlockStats functions. --- src/lxc/lxc_driver.c | 195 +++ 1 file changed, 195 insertions(+) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index e31b3ac..e1fcceb 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -76,6 +76,7 @@ #define LXC_NB_MEM_PARAM 3 +#define LXC_NB_DOMAIN_BLOCK_STAT_PARAM 4 static int lxcStateInitialize(bool privileged, @@ -2230,6 +2231,198 @@ lxcDomainMergeBlkioDevice(virBlkioDevicePtr *dest_array, static int +lxcDomainBlockStats(virDomainPtr dom, +const char *path, +struct _virDomainBlockStats *stats) +{ +int ret = -1, idx; +virDomainObjPtr vm; +virDomainDiskDefPtr disk = NULL; +virLXCDomainObjPrivatePtr priv; + +if (!(vm = lxcDomObjFromDomain(dom))) +return ret; + +priv = vm-privateData; + +if (virDomainBlockStatsEnsureACL(dom-conn, vm-def) 0) +goto cleanup; + +if (!virDomainObjIsActive(vm)) { +virReportError(VIR_ERR_OPERATION_INVALID, + %s, _(domain is not running)); +goto cleanup; +} + +if (!virCgroupHasController(priv-cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(blkio cgroup isn't mounted)); +goto cleanup; +} + +if (!*path) { +/* empty path - return entire domain blkstats instead */ +ret = virCgroupGetBlkioIoServiced(priv-cgroup, + stats-rd_bytes, + stats-wr_bytes, + stats-rd_req, + stats-wr_req); +goto cleanup; +} + +if ((idx = virDomainDiskIndexByName(vm-def, path, false)) 0) { +virReportError(VIR_ERR_INVALID_ARG, + _(invalid path: %s), path); +goto cleanup; +} +disk = vm-def-disks[idx]; + +if (!disk-info.alias) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(missing disk device alias name for %s), disk-dst); +goto cleanup; +} + +ret = virCgroupGetBlkioIoDeviceServiced(priv-cgroup, +disk-info.alias, +stats-rd_bytes, +stats-wr_bytes, +stats-rd_req, +stats-wr_req); +cleanup: +if (vm) +virObjectUnlock(vm); +return ret; +} + + +static int +lxcDomainBlockStatsFlags(virDomainPtr dom, + const char * path, + virTypedParameterPtr params, + int * nparams, + unsigned int flags) +{ +int tmp, ret = -1, idx; +virDomainObjPtr vm; +virDomainDiskDefPtr disk = NULL; +virLXCDomainObjPrivatePtr priv; +long long rd_req, rd_bytes, wr_req, wr_bytes; +virTypedParameterPtr param; + +virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); + +/* We don't return strings, and thus trivially support this flag. */ +flags = ~VIR_TYPED_PARAM_STRING_OKAY; + +if (!params !*nparams) { +*nparams = LXC_NB_DOMAIN_BLOCK_STAT_PARAM; +return 0; +} + +if (!(vm = lxcDomObjFromDomain(dom))) +return ret; + +priv = vm-privateData; + +if (virDomainBlockStatsFlagsEnsureACL(dom-conn, vm-def) 0) +goto cleanup; + +if (!virDomainObjIsActive(vm)) { +virReportError(VIR_ERR_OPERATION_INVALID, + %s, _(domain is not running)); +goto cleanup; +} + +if (!virCgroupHasController(priv-cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(blkio cgroup isn't mounted)); +goto cleanup; +} + +if (!*path) { +/* empty path - return entire domain blkstats instead */ +if (virCgroupGetBlkioIoServiced(priv-cgroup, +rd_bytes, +wr_bytes, +rd_req, +wr_req) 0) { +virReportError(VIR_ERR_INTERNAL_ERROR, + %s, _(domain stats query failed)); +goto cleanup; +} +} else { +if ((idx = virDomainDiskIndexByName(vm-def, path, false)) 0) { +virReportError(VIR_ERR_INVALID_ARG, + _(invalid path: %s), path); +goto cleanup; +} +disk = vm-def-disks[idx]; + +if (!disk-info.alias) { +virReportError(VIR_ERR_INTERNAL_ERROR, + _(missing disk device alias name for %s), disk-dst); +goto cleanup; +} + +if
[libvirt] [PATCHv4 03/10] Make qemuGetDomainTotalCPUStats a virCgroup function.
To reuse this from other drivers, like lxc. --- src/libvirt_private.syms | 1 + src/qemu/qemu_driver.c | 54 ++-- src/util/vircgroup.c | 53 +++ src/util/vircgroup.h | 5 + 4 files changed, 61 insertions(+), 52 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 88a1a89..5b141d0 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1018,6 +1018,7 @@ virCgroupGetCpuCfsQuota; virCgroupGetCpusetCpus; virCgroupGetCpusetMems; virCgroupGetCpuShares; +virCgroupGetDomainTotalCpuStats; virCgroupGetFreezerState; virCgroupGetMemoryHardLimit; virCgroupGetMemorySoftLimit; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 59e018d..8e12892 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -105,7 +105,6 @@ #define QEMU_NB_NUMA_PARAM 2 -#define QEMU_NB_TOTAL_CPU_STAT_PARAM 3 #define QEMU_NB_PER_CPU_STAT_PARAM 2 #define QEMU_SCHED_MIN_PERIOD 1000LL @@ -15799,56 +15798,6 @@ cleanup: return ret; } -/* qemuDomainGetCPUStats() with start_cpu == -1 */ -static int -qemuDomainGetTotalcpuStats(virDomainObjPtr vm, - virTypedParameterPtr params, - int nparams) -{ -unsigned long long cpu_time; -int ret; -qemuDomainObjPrivatePtr priv = vm-privateData; - -if (nparams == 0) /* return supported number of params */ -return QEMU_NB_TOTAL_CPU_STAT_PARAM; -/* entry 0 is cputime */ -ret = virCgroupGetCpuacctUsage(priv-cgroup, cpu_time); -if (ret 0) { -virReportSystemError(-ret, %s, _(unable to get cpu account)); -return -1; -} - -if (virTypedParameterAssign(params[0], VIR_DOMAIN_CPU_STATS_CPUTIME, -VIR_TYPED_PARAM_ULLONG, cpu_time) 0) -return -1; - -if (nparams 1) { -unsigned long long user; -unsigned long long sys; - -ret = virCgroupGetCpuacctStat(priv-cgroup, user, sys); -if (ret 0) { -virReportSystemError(-ret, %s, _(unable to get cpu account)); -return -1; -} - -if (virTypedParameterAssign(params[1], -VIR_DOMAIN_CPU_STATS_USERTIME, -VIR_TYPED_PARAM_ULLONG, user) 0) -return -1; -if (nparams 2 -virTypedParameterAssign(params[2], -VIR_DOMAIN_CPU_STATS_SYSTEMTIME, -VIR_TYPED_PARAM_ULLONG, sys) 0) -return -1; - -if (nparams QEMU_NB_TOTAL_CPU_STAT_PARAM) -nparams = QEMU_NB_TOTAL_CPU_STAT_PARAM; -} - -return nparams; -} - /* This function gets the sums of cpu time consumed by all vcpus. * For example, if there are 4 physical cpus, and 2 vcpus in a domain, * then for each vcpu, the cpuacct.usage_percpu looks like this: @@ -16046,7 +15995,8 @@ qemuDomainGetCPUStats(virDomainPtr domain, } if (start_cpu == -1) -ret = qemuDomainGetTotalcpuStats(vm, params, nparams); +ret = virCgroupGetDomainTotalCpuStats(priv-cgroup, + params, nparams); else ret = qemuDomainGetPercpuStats(vm, params, nparams, start_cpu, ncpus); diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 867bd26..7427a21 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -51,11 +51,14 @@ #include virhashcode.h #include virstring.h #include virsystemd.h +#include virtypedparam.h #define CGROUP_MAX_VAL 512 #define VIR_FROM_THIS VIR_FROM_CGROUP +#define CGROUP_NB_TOTAL_CPU_STAT_PARAM 3 + #if defined(__linux__) defined(HAVE_GETMNTENT_R) \ defined(_DIRENT_HAVE_D_TYPE) defined(_SC_CLK_TCK) # define VIR_CGROUP_SUPPORTED @@ -2821,6 +2824,56 @@ virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms) } + +int +virCgroupGetDomainTotalCpuStats(virCgroupPtr group, +virTypedParameterPtr params, +int nparams) +{ +unsigned long long cpu_time; +int ret; + +if (nparams == 0) /* return supported number of params */ +return CGROUP_NB_TOTAL_CPU_STAT_PARAM; +/* entry 0 is cputime */ +ret = virCgroupGetCpuacctUsage(group, cpu_time); +if (ret 0) { +virReportSystemError(-ret, %s, _(unable to get cpu account)); +return -1; +} + +if (virTypedParameterAssign(params[0], VIR_DOMAIN_CPU_STATS_CPUTIME, +VIR_TYPED_PARAM_ULLONG, cpu_time) 0) +return -1; + +if (nparams 1) { +unsigned long long user; +unsigned long long sys; + +ret = virCgroupGetCpuacctStat(group, user, sys); +if (ret 0) { +virReportSystemError(-ret, %s, _(unable to get cpu account)); +
[libvirt] [PATCHv4 07/10] Add unit test for virCgroupGetBlkioIo*Serviced
--- Notes to v4: - share fake disk device path via header file instead of env var tests/testutilslxc.h | 3 ++ tests/vircgroupmock.c | 98 +- tests/vircgrouptest.c | 129 ++ 3 files changed, 228 insertions(+), 2 deletions(-) diff --git a/tests/testutilslxc.h b/tests/testutilslxc.h index ee8056f..aa0730e 100644 --- a/tests/testutilslxc.h +++ b/tests/testutilslxc.h @@ -1,4 +1,7 @@ #include capabilities.h +# define FAKEDEVDIR0 /fakedevdir0/bla/fasl +# define FAKEDEVDIR1 /fakedevdir1/bla/fasl + virCapsPtr testLXCCapsInit(void); diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c index 6542973..d154a4a 100644 --- a/tests/vircgroupmock.c +++ b/tests/vircgroupmock.c @@ -30,10 +30,13 @@ # include fcntl.h # include sys/stat.h # include stdarg.h +# include testutilslxc.h static int (*realopen)(const char *path, int flags, ...); static FILE *(*realfopen)(const char *path, const char *mode); static int (*realaccess)(const char *path, int mode); +static int (*realstat)(const char *path, struct stat *sb); +static int (*real__xstat)(int ver, const char *path, struct stat *sb); static int (*reallstat)(const char *path, struct stat *sb); static int (*real__lxstat)(int ver, const char *path, struct stat *sb); static int (*realmkdir)(const char *path, mode_t mode); @@ -43,6 +46,8 @@ static int (*realmkdir)(const char *path, mode_t mode); * vircgroupmock.c:462:22: error: static variable 'fakesysfsdir' is used in an inline function with external linkage [-Werror,-Wstatic-in-inline] */ char *fakesysfsdir; +const char *fakedevicedir0 = FAKEDEVDIR0; +const char *fakedevicedir1 = FAKEDEVDIR1; # define SYSFS_PREFIX /not/really/sys/fs/cgroup/ @@ -332,13 +337,23 @@ static int make_controller(const char *path, mode_t mode) 8:0 Write 411440480256\n 8:0 Sync 248486822912\n 8:0 Async 222495764480\n - 8:0 Total 470982587392\n); + 8:0 Total 470982587392\n + 9:0 Read 59542107137\n + 9:0 Write 411440480257\n + 9:0 Sync 248486822912\n + 9:0 Async 222495764480\n + 9:0 Total 470982587392\n); MAKE_FILE(blkio.throttle.io_serviced, 8:0 Read 4832583\n 8:0 Write 36641903\n 8:0 Sync 30723171\n 8:0 Async 10751315\n - 8:0 Total 41474486\n); + 8:0 Total 41474486\n + 9:0 Read 4832584\n + 9:0 Write 36641904\n + 9:0 Sync 30723171\n + 9:0 Async 10751315\n + 9:0 Total 41474486\n); MAKE_FILE(blkio.throttle.read_bps_device, ); MAKE_FILE(blkio.throttle.read_iops_device, ); MAKE_FILE(blkio.throttle.write_bps_device, ); @@ -382,6 +397,7 @@ static void init_syms(void) LOAD_SYM(fopen); LOAD_SYM(access); LOAD_SYM_ALT(lstat, __lxstat); +LOAD_SYM_ALT(stat, __xstat); LOAD_SYM(mkdir); LOAD_SYM(open); } @@ -529,6 +545,14 @@ int __lxstat(int ver, const char *path, struct stat *sb) } ret = real__lxstat(ver, newpath, sb); free(newpath); +} else if (STRPREFIX(path, fakedevicedir0)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(8, 0); +return 0; +} else if (STRPREFIX(path, fakedevicedir1)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(9, 0); +return 0; } else { ret = real__lxstat(ver, path, sb); } @@ -552,12 +576,82 @@ int lstat(const char *path, struct stat *sb) } ret = reallstat(newpath, sb); free(newpath); +} else if (STRPREFIX(path, fakedevicedir0)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(8, 0); +return 0; +} else if (STRPREFIX(path, fakedevicedir1)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(9, 0); +return 0; } else { ret = reallstat(path, sb); } return ret; } +int __xstat(int ver, const char *path, struct stat *sb) +{ +int ret; + +init_syms(); + +if (STRPREFIX(path, SYSFS_PREFIX)) { +init_sysfs(); +char *newpath; +if (asprintf(newpath, %s/%s, + fakesysfsdir, + path + strlen(SYSFS_PREFIX)) 0) { +errno = ENOMEM; +return -1; +} +ret = real__xstat(ver, newpath, sb); +free(newpath); +} else if (STRPREFIX(path, fakedevicedir0)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(8, 0); +return 0; +} else if (STRPREFIX(path, fakedevicedir1)) { +sb-st_mode = S_IFBLK; +sb-st_rdev = makedev(9, 0); +return 0; +} else { +ret = real__xstat(ver, path, sb); +} +return ret; +} + +int stat(const char *path, struct stat
[libvirt] [PATCHv4 08/10] Add unit test for virCgroupGetMemoryUsage.
--- tests/vircgrouptest.c | 35 +++ 1 file changed, 35 insertions(+) diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c index df29531..e05b882 100644 --- a/tests/vircgrouptest.c +++ b/tests/vircgrouptest.c @@ -530,6 +530,38 @@ static int testCgroupAvailable(const void *args) return 0; } +static int testCgroupGetMemoryUsage(const void *args ATTRIBUTE_UNUSED) +{ +virCgroupPtr cgroup = NULL; +int rv, ret = -1; +unsigned long kb; + +if ((rv = virCgroupNewPartition(/virtualmachines, true, +(1 VIR_CGROUP_CONTROLLER_MEMORY), +cgroup)) 0) { +fprintf(stderr, Could not create /virtualmachines cgroup: %d\n, -rv); +goto cleanup; +} + +if ((rv = virCgroupGetMemoryUsage(cgroup, kb)) 0) { +fprintf(stderr, Could not retrieve GetMemoryUsage for /virtualmachines cgroup: %d\n, -rv); +goto cleanup; +} + +if (kb != 1421212UL) { +fprintf(stderr, +Wrong value from virCgroupGetMemoryUsage (expected %ld)\n, +1421212UL); +goto cleanup; +} + +ret = 0; + +cleanup: +virCgroupFree(cgroup); +return ret; +} + static int testCgroupGetBlkioIoServiced(const void *args ATTRIBUTE_UNUSED) { virCgroupPtr cgroup = NULL; @@ -700,6 +732,9 @@ mymain(void) if (virtTestRun(virCgroupGetBlkioIoDeviceServiced works, testCgroupGetBlkioIoDeviceServiced, NULL) 0) ret = -1; +if (virtTestRun(virCgroupGetMemoryUsage works, testCgroupGetMemoryUsage, NULL) 0) +ret = -1; + setenv(VIR_CGROUP_MOCK_MODE, allinone, 1); if (virtTestRun(New cgroup for self (allinone), testCgroupNewForSelfAllInOne, NULL) 0) ret = -1; -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 04/10] Implement domainGetCPUStats for lxc driver.
--- Notes to v4: - removed extraneous variable src/libvirt_private.syms | 1 + src/lxc/lxc_driver.c | 49 +++ src/util/vircgroup.c | 75 src/util/vircgroup.h | 7 + 4 files changed, 132 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 5b141d0..ad3a077 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1025,6 +1025,7 @@ virCgroupGetMemorySoftLimit; virCgroupGetMemoryUsage; virCgroupGetMemSwapHardLimit; virCgroupGetMemSwapUsage; +virCgroupGetPercpuStats; virCgroupHasController; virCgroupIsolateMount; virCgroupKill; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 827d989..e31b3ac 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -77,6 +77,7 @@ #define LXC_NB_MEM_PARAM 3 + static int lxcStateInitialize(bool privileged, virStateInhibitCallback callback, void *opaque); @@ -5422,6 +5423,53 @@ cleanup: } +static int +lxcDomainGetCPUStats(virDomainPtr dom, + virTypedParameterPtr params, + unsigned int nparams, + int start_cpu, + unsigned int ncpus, + unsigned int flags) +{ +virDomainObjPtr vm = NULL; +int ret = -1; +virLXCDomainObjPrivatePtr priv; + +virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); + +if (!(vm = lxcDomObjFromDomain(dom))) +return ret; + +priv = vm-privateData; + +if (virDomainGetCPUStatsEnsureACL(dom-conn, vm-def) 0) +goto cleanup; + +if (!virDomainObjIsActive(vm)) { +virReportError(VIR_ERR_OPERATION_INVALID, %s, + _(domain is not running)); +goto cleanup; +} + +if (!virCgroupHasController(priv-cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) { +virReportError(VIR_ERR_OPERATION_INVALID, + %s, _(cgroup CPUACCT controller is not mounted)); +goto cleanup; +} + +if (start_cpu == -1) +ret = virCgroupGetDomainTotalCpuStats(priv-cgroup, + params, nparams); +else +ret = virCgroupGetPercpuStats(priv-cgroup, params, + nparams, start_cpu, ncpus); +cleanup: +if (vm) +virObjectUnlock(vm); +return ret; +} + + /* Function Tables */ static virDriver lxcDriver = { .no = VIR_DRV_LXC, @@ -5501,6 +5549,7 @@ static virDriver lxcDriver = { .nodeSuspendForDuration = lxcNodeSuspendForDuration, /* 0.9.8 */ .domainSetMetadata = lxcDomainSetMetadata, /* 1.1.3 */ .domainGetMetadata = lxcDomainGetMetadata, /* 1.1.3 */ +.domainGetCPUStats = lxcDomainGetCPUStats, /* 1.2.2 */ .nodeGetMemoryParameters = lxcNodeGetMemoryParameters, /* 0.10.2 */ .nodeSetMemoryParameters = lxcNodeSetMemoryParameters, /* 0.10.2 */ .domainSendProcessSignal = lxcDomainSendProcessSignal, /* 1.0.1 */ diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 7427a21..268a4ae 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -53,11 +53,14 @@ #include virsystemd.h #include virtypedparam.h +#include nodeinfo.h + #define CGROUP_MAX_VAL 512 #define VIR_FROM_THIS VIR_FROM_CGROUP #define CGROUP_NB_TOTAL_CPU_STAT_PARAM 3 +#define CGROUP_NB_PER_CPU_STAT_PARAM 1 #if defined(__linux__) defined(HAVE_GETMNTENT_R) \ defined(_DIRENT_HAVE_D_TYPE) defined(_SC_CLK_TCK) @@ -2824,6 +2827,78 @@ virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms) } +int +virCgroupGetPercpuStats(virCgroupPtr group, +virTypedParameterPtr params, +unsigned int nparams, +int start_cpu, +unsigned int ncpus) +{ +int rv = -1; +size_t i; +int id, max_id; +char *pos; +char *buf = NULL; +virTypedParameterPtr ent; +int param_idx; +unsigned long long cpu_time; + +/* return the number of supported params */ +if (nparams == 0 ncpus != 0) +return CGROUP_NB_PER_CPU_STAT_PARAM; + +/* To parse account file, we need to know how many cpus are present. */ +max_id = nodeGetCPUCount(); +if (max_id 0) +return rv; + +if (ncpus == 0) { /* returns max cpu ID */ +rv = max_id; +goto cleanup; +} + +if (start_cpu max_id) { +virReportError(VIR_ERR_INVALID_ARG, + _(start_cpu %d larger than maximum of %d), + start_cpu, max_id); +goto cleanup; +} + +/* we get percpu cputime accounting info. */ +if (virCgroupGetCpuacctPercpuUsage(group, buf)) +goto cleanup; +pos = buf; + +/* return percpu cputime in index 0 */ +param_idx = 0; + +/* number of cpus to compute */ +if (start_cpu = max_id - ncpus) +id = max_id - 1; +
[libvirt] [PATCHv4 09/10] Fix misspelled cpuacct.usage_percpu in cgroup mock.
--- tests/vircgroupmock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c index d154a4a..ae88984 100644 --- a/tests/vircgroupmock.c +++ b/tests/vircgroupmock.c @@ -215,7 +215,7 @@ static int make_controller(const char *path, mode_t mode) user 216687025\n system 43421396\n); MAKE_FILE(cpuacct.usage, 2787788855799582\n); -MAKE_FILE(cpuacct.usage_per_cpu, 1413142688153030 1374646168910542\n); +MAKE_FILE(cpuacct.usage_percpu, 1413142688153030 1374646168910542\n); } else if (STRPREFIX(controller, cpuset)) { MAKE_FILE(cpuset.cpu_exclusive, 1\n); if (STREQ(controller, cpuset)) -- 1.8.4.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] ANNOUNCE: virt-manager 1.0.0 released
I'm happy to announce the release of virt-manager 1.0.0! Our version numbers were starting to get awkward, and this release was suitably featureful, so it felt like time to bump the major version. (And it's trendy these days, right?). virt-manager is a desktop application for managing KVM, Xen, and LXC virtualization via libvirt. The release can be downloaded from: http://virt-manager.org/download.html The direct download links are: http://virt-manager.org/download/sources/virt-manager/virt-manager-1.0.0.tar.gz This release includes: - virt-manager: Snapshot support - New tool virt-xml: Edit libvirt XML in one shot from the command line: http://www.redhat.com/archives/libvir-list/2014-January/msg01226.html - Improved defaults: qcow2, USB2, host CPU model, guest agent channel, ... - Introspect command line options like --disk=? or --network=help - The virt-image tool will be removed before the next release, speak up if you have a good reason not to remove it. - virt-manager: Support arm vexpress VM creation - virt-manager: Add guest memory usage graphs (Thorsten Behrens) - virt-manager: UI for editing filesystem devices (Cédric Bosdonnat) - Spice USB redirection support (Guannan Ren) - tpm UI and command line support (Stefan Berger) - rng UI and command line support (Giuseppe Scrivano) - panic UI and command line support (Chen Hanxiao) - blkiotune command line support (Chen Hanxiao) - virt-manager: support for glusterfs storage pools (Giuseppe Scrivano) - cli: New options --memory, --features, --clock, --metadata, --pm - Greatly improve app responsiveness when connecting to remote hosts - Lots of UI cleanup and improvements Thanks to everyone who has contributed to this release through testing, bug reporting, submitting patches, and otherwise sending in feedback! Thanks, Cole -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/4] virsh: common code for parsing --seconds
Several virsh commands ask for a --timeout parameter in seconds, then use it to control interfaces that operate on millisecond limits; I also plan on adding a 'virsh event' command that also does this. Factor this into a common function. * tools/virsh.h (vshCommandOptTimeoutToMs): New prototype. * tools/virsh.c (vshCommandOptTimeoutToMs): New function. * tools/virsh-domain.c (cmdBlockCommit, cmdBlockCopy) (cmdBlockPull, cmdMigrate): Use it. (vshWatchJob): Adjust timeout scale. Signed-off-by: Eric Blake ebl...@redhat.com --- tools/virsh-domain.c | 72 ++-- tools/virsh.c| 26 ++- tools/virsh.h| 4 ++- 3 files changed, 42 insertions(+), 60 deletions(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index c3db94c..2c7bf66 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -1,7 +1,7 @@ /* * virsh-domain.c: Commands to manage domain * - * Copyright (C) 2005, 2007-2013 Red Hat, Inc. + * Copyright (C) 2005, 2007-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1629,21 +1629,10 @@ cmdBlockCommit(vshControl *ctl, const vshCmd *cmd) const char *path = NULL; bool quit = false; int abort_flags = 0; -int rv; if (blocking) { -if ((rv = vshCommandOptInt(cmd, timeout, timeout)) 0 || -(rv 0 timeout 1)) { -vshError(ctl, %s, _(invalid timeout)); +if (vshCommandOptTimeoutToMs(ctl, cmd, timeout) 0) return false; -} else if (rv 0) { -/* Ensure that we can multiply by 1000 without overflowing. */ -if (timeout INT_MAX / 1000) { -vshError(ctl, %s, _(timeout is too big)); -return false; -} -timeout *= 1000; -} if (vshCommandOptStringReq(ctl, cmd, path, path) 0) return false; if (vshCommandOptBool(cmd, async)) @@ -1819,25 +1808,14 @@ cmdBlockCopy(vshControl *ctl, const vshCmd *cmd) const char *path = NULL; bool quit = false; int abort_flags = 0; -int rv; if (blocking) { if (pivot finish) { vshError(ctl, %s, _(cannot mix --pivot and --finish)); return false; } -if ((rv = vshCommandOptInt(cmd, timeout, timeout)) 0 || -(rv 0 timeout 1)) { -vshError(ctl, %s, _(invalid timeout)); +if (vshCommandOptTimeoutToMs(ctl, cmd, timeout) 0) return false; -} else if (rv 0) { -/* Ensure that we can multiply by 1000 without overflowing. */ -if (timeout INT_MAX / 1000) { -vshError(ctl, %s, _(timeout is too big)); -return false; -} -timeout *= 1000; -} if (vshCommandOptStringReq(ctl, cmd, path, path) 0) return false; if (vshCommandOptBool(cmd, async)) @@ -2100,21 +2078,10 @@ cmdBlockPull(vshControl *ctl, const vshCmd *cmd) const char *path = NULL; bool quit = false; int abort_flags = 0; -int rv; if (blocking) { -if ((rv = vshCommandOptInt(cmd, timeout, timeout)) 0 || -(rv 0 timeout 1)) { -vshError(ctl, %s, _(invalid timeout)); +if (vshCommandOptTimeoutToMs(ctl, cmd, timeout) 0) return false; -} else if (rv 0) { -/* Ensure that we can multiply by 1000 without overflowing. */ -if (timeout INT_MAX / 1000) { -vshError(ctl, %s, _(timeout is too big)); -return false; -} -timeout *= 1000; -} if (vshCommandOptStringReq(ctl, cmd, path, path) 0) return false; if (vshCommandOptBool(cmd, async)) @@ -3606,7 +3573,7 @@ vshWatchJob(vshControl *ctl, virDomainPtr dom, bool verbose, int pipe_fd, -int timeout, +int timeout_ms, jobWatchTimeoutFunc timeout_func, void *opaque, const char *label) @@ -3676,14 +3643,14 @@ vshWatchJob(vshControl *ctl, } GETTIMEOFDAY(curr); -if (timeout (((int)(curr.tv_sec - start.tv_sec) * 1000 + - (int)(curr.tv_usec - start.tv_usec) / 1000) -timeout * 1000)) { +if (timeout_ms (((int)(curr.tv_sec - start.tv_sec) * 1000 + +(int)(curr.tv_usec - start.tv_usec) / 1000) + timeout_ms)) { /* suspend the domain when migration timeouts. */ vshDebug(ctl, VSH_ERR_DEBUG, %s timeout, label); if (timeout_func) (timeout_func)(ctl, dom, opaque); -timeout = 0; +timeout_ms = 0; } if (verbose || !jobStarted) { @@ -8844,7 +8811,6 @@
[libvirt] [PATCH 2/4] virsh: common code for waiting for an event
I plan to add 'virsh event' to virsh-domain.c and 'virsh net-event' to virsh-network.c; but as they will share quite a bit of common boilerplate, it's better to set that up now in virsh.c. * tools/virsh.h (_vshControl): Add fields. (vshEventStart, vshEventWait, vshEventDone, vshEventCleanup): New prototypes. * tools/virsh.c (vshEventFd, vshEventOldAction, vshEventInt) (vshEventTimeout): New helper variables and functions. (vshEventStart, vshEventWait, vshEventDone, vshEventCleanup): Implement new functions. (vshInit, vshDeinit, main): Manage event timeout. Signed-off-by: Eric Blake ebl...@redhat.com --- tools/virsh.c | 160 +- tools/virsh.h | 13 + 2 files changed, 172 insertions(+), 1 deletion(-) diff --git a/tools/virsh.c b/tools/virsh.c index 944c037..2d4aaff 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -42,6 +42,7 @@ #include sys/stat.h #include inttypes.h #include strings.h +#include signal.h #include libxml/parser.h #include libxml/tree.h @@ -85,6 +86,11 @@ #include virsh-snapshot.h #include virsh-volume.h +/* Gnulib doesn't guarantee SA_SIGINFO support. */ +#ifndef SA_SIGINFO +# define SA_SIGINFO 0 +#endif + static char *progname; static const vshCmdGrp cmdGroups[]; @@ -2435,6 +2441,149 @@ vshEventLoop(void *opaque) /* + * Helpers for waiting for a libvirt event. + */ + +/* We want to use SIGINT to cancel a wait; but as signal handlers + * don't have an opaque argument, we have to use static storage. */ +static int vshEventFd = -1; +static struct sigaction vshEventOldAction; + + +/* Signal handler installed in vshEventStart, removed in vshEventCleanup. */ +static void +vshEventInt(int sig ATTRIBUTE_UNUSED, +siginfo_t *siginfo ATTRIBUTE_UNUSED, +void *context ATTRIBUTE_UNUSED) +{ +char reason = VSH_EVENT_INTERRUPT; +if (vshEventFd = 0) +ignore_value(safewrite(vshEventFd, reason, 1)); +} + + +/* Event loop handler used to limit length of waiting for any other event. */ +static void +vshEventTimeout(int timer ATTRIBUTE_UNUSED, +void *opaque) +{ +vshControl *ctl = opaque; +char reason = VSH_EVENT_TIMEOUT; + +if (ctl-eventPipe[1] = 0) +ignore_value(safewrite(ctl-eventPipe[1], reason, 1)); +} + + +/** + * vshEventStart: + * @ctl virsh command struct + * @timeout_ms max wait time in milliseconds, or 0 for indefinite + * + * Set up a wait for a libvirt event. The wait can be canceled by + * SIGINT or by calling vshEventDone() in your event handler. If + * @timeout_ms is positive, the wait will also end if the timeout + * expires. Call vshEventWait() to block the main thread (the event + * handler runs in the event loop thread). When done (including if + * there was an error registering for an event), use vshEventCleanup() + * to quit waiting. Returns 0 on success, -1 on failure. */ +int +vshEventStart(vshControl *ctl, int timeout_ms) +{ +struct sigaction action; + +assert(ctl-eventPipe[0] == -1 ctl-eventPipe[1] == -1 + vshEventFd == -1 ctl-eventTimerId = 0); +if (pipe2(ctl-eventPipe, O_CLOEXEC) 0) { +char ebuf[1024]; + +vshError(ctl, _(failed to create pipe: %s), + virStrerror(errno, ebuf, sizeof(ebuf))); +return -1; +} +vshEventFd = ctl-eventPipe[1]; + +action.sa_sigaction = vshEventInt; +action.sa_flags = SA_SIGINFO; +sigemptyset(action.sa_mask); +sigaction(SIGINT, action, vshEventOldAction); + +if (timeout_ms) +virEventUpdateTimeout(ctl-eventTimerId, timeout_ms); + +return 0; +} + + +/** + * vshEventDone: + * @ctl virsh command struct + * + * Call this from an event callback to let the main thread quit + * blocking on further events. + */ +void +vshEventDone(vshControl *ctl) +{ +char reason = VSH_EVENT_DONE; + +if (ctl-eventPipe[1] = 0) +ignore_value(safewrite(ctl-eventPipe[1], reason, 1)); +} + + +/** + * vshEventWait: + * @ctl virsh command struct + * + * Call this in the main thread after calling vshEventStart() then + * registering for one or more events. This call will block until + * SIGINT, the timeout registered at the start, or until one of your + * event handlers calls vshEventDone(). Returns an enum VSH_EVENT_* + * stating how the wait concluded, or -1 on error. + */ +int +vshEventWait(vshControl *ctl) +{ +char buf; +int rv; + +assert(ctl-eventPipe[0] = 0); +while ((rv = read(ctl-eventPipe[0], buf, 1)) 0 errno == EINTR); +if (rv != 1) { +char ebuf[1024]; + +if (!rv) +errno = EPIPE; +vshError(ctl, _(failed to determine loop exit status: %s), + virStrerror(errno, ebuf, sizeof(ebuf))); +return -1; +} +return buf; +} + + +/** + * vshEventCleanup: + * @ctl virsh command struct + * + * Call at the end of any function that has used vshEventStart(), to + * tear down any remaining SIGINT or timeout handlers. + */ +void
[libvirt] [PATCH 0/4] add 'virsh event' and friends
Inspired by my work on qemu monitor events; Dan correctly argued that if we're going to expose those through virsh, we also need to expose regular events. Patch 5/4 still coming, which adds handlers for the remaining 15 domain event types. Eric Blake (4): virsh: common code for parsing --seconds virsh: common code for waiting for an event virsh: add event command, for lifecycle events virsh: add net-event command tools/virsh-domain.c | 410 +++--- tools/virsh-network.c | 171 - tools/virsh.c | 186 ++- tools/virsh.h | 17 ++- tools/virsh.pod | 30 5 files changed, 752 insertions(+), 62 deletions(-) -- 1.8.5.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/4] virsh: add net-event command
Add 'virsh net-event --list' and 'virsh net-event [net] --event=name [--loop] [--timeout]'. Very similar to 'virsh event'. * tools/virsh.pod (net-event): Document new command. * tools/virsh-network.c (vshNetworkEventToString, vshNetEventData) (vshEventLifecyclePrint, cmdNetworkEvent): New struct and functions. Signed-off-by: Eric Blake ebl...@redhat.com --- tools/virsh-network.c | 171 +- tools/virsh.pod | 15 + 2 files changed, 185 insertions(+), 1 deletion(-) diff --git a/tools/virsh-network.c b/tools/virsh-network.c index 44a676b..4377391 100644 --- a/tools/virsh-network.c +++ b/tools/virsh-network.c @@ -1,7 +1,7 @@ /* * virsh-network.c: Commands to manage network * - * Copyright (C) 2005, 2007-2013 Red Hat, Inc. + * Copyright (C) 2005, 2007-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -1130,6 +1130,169 @@ cmdNetworkEdit(vshControl *ctl, const vshCmd *cmd) return ret; } + +/* + * net-event command + */ +static const char * +vshNetworkEventToString(int event) +{ +const char *ret = _(unknown); +switch ((virNetworkEventLifecycleType) event) { +case VIR_NETWORK_EVENT_DEFINED: +ret = _(Defined); +break; +case VIR_NETWORK_EVENT_UNDEFINED: +ret = _(Undefined); +break; +case VIR_NETWORK_EVENT_STARTED: +ret = _(Started); +break; +case VIR_NETWORK_EVENT_STOPPED: +ret = _(Stopped); +break; +case VIR_NETWORK_EVENT_LAST: +break; +} +return ret; +} + +struct vshNetEventData { +vshControl *ctl; +bool loop; +int count; +}; +typedef struct vshNetEventData vshNetEventData; + +VIR_ENUM_DECL(vshNetworkEvent) +VIR_ENUM_IMPL(vshNetworkEvent, + VIR_NETWORK_EVENT_ID_LAST, + lifecycle) + +static void +vshEventLifecyclePrint(virConnectPtr conn ATTRIBUTE_UNUSED, + virNetworkPtr net, + int event, + int detail ATTRIBUTE_UNUSED, + void *opaque) +{ +vshNetEventData *data = opaque; + +if (!data-loop data-count) +return; +vshPrint(data-ctl, _(event 'lifecycle' for network %s: %s\n), + virNetworkGetName(net), vshNetworkEventToString(event)); +data-count++; +if (!data-loop) +vshEventDone(data-ctl); +} + +static const vshCmdInfo info_network_event[] = { +{.name = net-event, + .data = N_(Network Events) +}, +{.name = desc, + .data = N_(List event types, or wait for network events to occur) +}, +{.name = NULL} +}; + +static const vshCmdOptDef opts_network_event[] = { +{.name = network, + .type = VSH_OT_DATA, + .help = N_(filter by network name or uuid) +}, +{.name = event, + .type = VSH_OT_DATA, + .help = N_(which event type to wait for) +}, +{.name = loop, + .type = VSH_OT_BOOL, + .help = N_(loop until timeout or interrupt, rather than one-shot) +}, +{.name = timeout, + .type = VSH_OT_INT, + .help = N_(timeout seconds) +}, +{.name = list, + .type = VSH_OT_BOOL, + .help = N_(list valid event types) +}, +{.name = NULL} +}; + +static bool +cmdNetworkEvent(vshControl *ctl, const vshCmd *cmd) +{ +virNetworkPtr net = NULL; +bool ret = false; +int eventId = -1; +int timeout = 0; +vshNetEventData data; +const char *eventName = NULL; +int event; + +if (vshCommandOptBool(cmd, list)) { +size_t i; + +for (i = 0; i VIR_NETWORK_EVENT_ID_LAST; i++) +vshPrint(ctl, %s\n, vshNetworkEventTypeToString(i)); +return true; +} + +if (vshCommandOptString(cmd, event, eventName) 0) +return false; +if (!eventName) { +vshError(ctl, %s, _(either --list or event type is required)); +return false; +} +if ((event = vshNetworkEventTypeFromString(eventName) 0)) { +vshError(ctl, _(unknown event type %s), eventName); +return false; +} + +data.ctl = ctl; +data.loop = vshCommandOptBool(cmd, loop); +data.count = 0; +if (vshCommandOptTimeoutToMs(ctl, cmd, timeout) 0) +return false; + +if (vshCommandOptBool(cmd, network)) +net = vshCommandOptNetwork(ctl, cmd, NULL); +if (vshEventStart(ctl, timeout) 0) +goto cleanup; + +if ((eventId = virConnectNetworkEventRegisterAny(ctl-conn, net, event, + VIR_NETWORK_EVENT_CALLBACK(vshEventLifecyclePrint), + data, NULL)) 0) +goto cleanup; +switch (vshEventWait(ctl)) { +case VSH_EVENT_INTERRUPT: +vshPrint(ctl, %s, _(event loop interrupted\n)); +break; +case VSH_EVENT_TIMEOUT: +vshPrint(ctl, %s, _(event loop timed out\n)); +break; +
[libvirt] [PATCH 3/4] virsh: add event command, for lifecycle events
Add 'virsh event --list' and 'virsh event [dom] --event=name [--loop] [--timeout]'. Borrows somewhat from event-test.c, but defaults to a one-shot notification, and takes advantage of the event loop integration to allow Ctrl-C to interrupt the wait for an event. For now, this just does lifecycle events. * tools/virsh.pod (event): Document new command. * tools/virsh-domain.c (vshDomainEventToString) (vshDomainEventDetailToString, vshDomEventData) (vshEventLifecyclePrint, cmdEvent): New struct and functions. Signed-off-by: Eric Blake ebl...@redhat.com --- tools/virsh-domain.c | 338 +++ tools/virsh.pod | 15 +++ 2 files changed, 353 insertions(+) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 2c7bf66..3548131 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -10295,6 +10295,338 @@ cmdEdit(vshControl *ctl, const vshCmd *cmd) return ret; } + +/* + * event command + */ +static const char * +vshDomainEventToString(int event) +{ +const char *ret = _(unknown); +switch ((virDomainEventType) event) { +case VIR_DOMAIN_EVENT_DEFINED: +ret = _(Defined); +break; +case VIR_DOMAIN_EVENT_UNDEFINED: +ret = _(Undefined); +break; +case VIR_DOMAIN_EVENT_STARTED: +ret = _(Started); +break; +case VIR_DOMAIN_EVENT_SUSPENDED: +ret = _(Suspended); +break; +case VIR_DOMAIN_EVENT_RESUMED: +ret = _(Resumed); +break; +case VIR_DOMAIN_EVENT_STOPPED: +ret = _(Stopped); +break; +case VIR_DOMAIN_EVENT_SHUTDOWN: +ret = _(Shutdown); +break; +case VIR_DOMAIN_EVENT_PMSUSPENDED: +ret = _(PMSuspended); +break; +case VIR_DOMAIN_EVENT_CRASHED: +ret = _(Crashed); +break; +case VIR_DOMAIN_EVENT_LAST: +break; +} +return ret; +} + +static const char * +vshDomainEventDetailToString(int event, int detail) +{ +const char *ret = _(unknown); +switch ((virDomainEventType) event) { +case VIR_DOMAIN_EVENT_DEFINED: +switch ((virDomainEventDefinedDetailType) detail) { +case VIR_DOMAIN_EVENT_DEFINED_ADDED: +ret = _(Added); +break; +case VIR_DOMAIN_EVENT_DEFINED_UPDATED: +ret = _(Updated); +break; +case VIR_DOMAIN_EVENT_DEFINED_LAST: +break; +} +break; +case VIR_DOMAIN_EVENT_UNDEFINED: +switch ((virDomainEventUndefinedDetailType) detail) { +case VIR_DOMAIN_EVENT_UNDEFINED_REMOVED: +ret = _(Removed); +break; +case VIR_DOMAIN_EVENT_UNDEFINED_LAST: +break; +} +break; +case VIR_DOMAIN_EVENT_STARTED: +switch ((virDomainEventStartedDetailType) detail) { +case VIR_DOMAIN_EVENT_STARTED_BOOTED: +ret = _(Booted); +break; +case VIR_DOMAIN_EVENT_STARTED_MIGRATED: +ret = _(Migrated); +break; +case VIR_DOMAIN_EVENT_STARTED_RESTORED: +ret = _(Restored); +break; +case VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT: +ret = _(Snapshot); +break; +case VIR_DOMAIN_EVENT_STARTED_WAKEUP: +ret = _(Event wakeup); +break; +case VIR_DOMAIN_EVENT_STARTED_LAST: +break; +} +break; +case VIR_DOMAIN_EVENT_SUSPENDED: +switch ((virDomainEventSuspendedDetailType) detail) { +case VIR_DOMAIN_EVENT_SUSPENDED_PAUSED: +ret = _(Paused); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED: +ret = _(Migrated); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_IOERROR: +ret = _(I/O Error); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG: +ret = _(Watchdog); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_RESTORED: +ret = _(Restored); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT: +ret = _(Snapshot); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR: +ret = _(API error); +break; +case VIR_DOMAIN_EVENT_SUSPENDED_LAST: +break; +} +break; +case VIR_DOMAIN_EVENT_RESUMED: +switch ((virDomainEventResumedDetailType) detail) { +case VIR_DOMAIN_EVENT_RESUMED_UNPAUSED: +ret = _(Unpaused); +break; +case VIR_DOMAIN_EVENT_RESUMED_MIGRATED: +ret = _(Migrated); +break; +case VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT: +ret = _(Snapshot); +break; +case VIR_DOMAIN_EVENT_RESUMED_LAST: +break; +} +break; +case VIR_DOMAIN_EVENT_STOPPED: +switch ((virDomainEventStoppedDetailType) detail) { +case