Re: [libvirt] [PATCH 3/4] Allow multiple parameters for schedinfo
On 03/14/2013 09:53 PM, Eric Blake wrote:
On 03/14/2013 03:27 AM, Martin Kletzander wrote:
virsh schedinfo was able to set only one parameter at a time (not
counting the deprecated options), but it is useful to set more at
once, so this patch adds the possibility to do stuff like this:
virsh schedinfo domain cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
emulator_period=0 emulator_quota=0
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
tools/virsh-domain.c | 55
++--
1 file changed, 27 insertions(+), 28 deletions(-)
No change to tools/virsh.pod? I would have expected something like:
=item Bschedinfo Idomain [[I--config] [I--live] | [I--current]]
[I--set Bparameter=value]...
+++ b/tools/virsh-domain.c
@@ -4026,36 +4026,33 @@ static const vshCmdOptDef opts_schedinfo[] = {
.flags = VSH_OFLAG_REQ,
.help = N_(domain name, id or uuid)
},
-{.name = set,
- .type = VSH_OT_STRING,
- .flags = VSH_OFLAG_NONE,
- .help = N_(parameter=value)
-},
{.name = weight,
.type = VSH_OT_INT,
- .flags = VSH_OFLAG_NONE,
+ .flags = VSH_OFLAG_REQ_OPT,
.help = N_(weight for XEN_CREDIT)
Previously, 'schedinfo domain 1' was parsed as --set=1, but then errored
out because there was no '=' in the argument to set; a user doing weight
in isolation had to do an explicit --weight=1 to skip the --set field.
Now that you have re-ordered parameters, but used VSH_OFLAG_REQ_OPT on
all parameters that got moved before set, a single argument still parses
as --set, and the user still has to do an explicit --weight=1 to use the
weight option instead. That's good - no semantic change for the
single-argument case.
For the multi-argument case: previously, 'schedinfo domain foo=bar 1'
was parsed as --set=foo=bar --weight=1, now it will parse as
--set=foo=bar --set=1 and error out. But I don't think that anyone was
relying on mixing old and new syntax (the man page called out --weight
on a different line than --set), so I can live with that change.
Thus, even though I see a difference in parse, that difference is only
on a case that users should not have been doing, and I'm happy with your
patch.
ACK, if you touch up virsh.pod to match.
Thanks for that, but I've found out one more inconsistency which is
bothering me a bit (even though it was present there even before this
patch), so I'll be sending a v2 for this one. This time with the manual
fixed as well.
Martin
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/2] make: regenerate bindings when classname.py changes
--- python/Makefile.am | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/python/Makefile.am b/python/Makefile.am index 55c5e41..18da9a2 100644 --- a/python/Makefile.am +++ b/python/Makefile.am @@ -26,7 +26,8 @@ CLASSES_EXTRA = \ libvirt-override-virConnect.py \ libvirt-override-virDomain.py \ libvirt-override-virDomainSnapshot.py \ - libvirt-override-virStream.py + libvirt-override-virStream.py \ + libvirt-override-virStoragePool.py EXTRA_DIST = \ generator.py\ @@ -109,7 +110,11 @@ LXC_GENERATED= libvirt-lxc-export.c \ libvirt-lxc.h \ libvirt_lxc.py -$(GENERATE).stamp: $(srcdir)/$(GENERATE) $(API_DESC) $(QEMU_API_DESC) $(LXC_API_DESC) +$(GENERATE).stamp: $(srcdir)/$(GENERATE) \ + $(API_DESC) \ + $(QEMU_API_DESC) \ + $(LXC_API_DESC) \ + $(CLASSES_EXTRA) $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(PYTHON) \ touch $@ -- 1.7.11.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/2] python: treat flags as default argument with value 0
The following four functions have not changed because default arguments have to come after positional arguments. Changing them will break the the binding APIs. migrate(self, dconn, flags, dname, uri, bandwidth): migrate2(self, dconn, dxml, flags, dname, uri, bandwidth): migrateToURI(self, duri, flags, dname, bandwidth): migrateToURI2(self, dconnuri, miguri, dxml, flags, dname, bandwidth): --- python/generator.py | 2 ++ python/libvirt-override-virConnect.py| 14 +++--- python/libvirt-override-virDomain.py | 2 +- python/libvirt-override-virDomainSnapshot.py | 2 +- python/libvirt-override-virStoragePool.py| 2 +- python/libvirt-override.py | 2 +- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/python/generator.py b/python/generator.py index d269e88..bb53fcf 100755 --- a/python/generator.py +++ b/python/generator.py @@ -1487,6 +1487,8 @@ def buildWrappers(module): if n != index: classes.write(, %s % arg[0]) n = n + 1 +if arg[0] == flags: +classes.write(=0); classes.write():\n) writeDoc(module, name, args, '', classes) n = 0 diff --git a/python/libvirt-override-virConnect.py b/python/libvirt-override-virConnect.py index 121ef6f..5495b70 100644 --- a/python/libvirt-override-virConnect.py +++ b/python/libvirt-override-virConnect.py @@ -204,7 +204,7 @@ self.domainEventCallbackID[ret] = opaque return ret -def listAllDomains(self, flags): +def listAllDomains(self, flags=0): List all domains and returns a list of domain objects ret = libvirtmod.virConnectListAllDomains(self._o, flags) if ret is None: @@ -216,7 +216,7 @@ return retlist -def listAllStoragePools(self, flags): +def listAllStoragePools(self, flags=0): Returns a list of storage pool objects ret = libvirtmod.virConnectListAllStoragePools(self._o, flags) if ret is None: @@ -228,7 +228,7 @@ return retlist -def listAllNetworks(self, flags): +def listAllNetworks(self, flags=0): Returns a list of network objects ret = libvirtmod.virConnectListAllNetworks(self._o, flags) if ret is None: @@ -240,7 +240,7 @@ return retlist -def listAllInterfaces(self, flags): +def listAllInterfaces(self, flags=0): Returns a list of interface objects ret = libvirtmod.virConnectListAllInterfaces(self._o, flags) if ret is None: @@ -252,7 +252,7 @@ return retlist -def listAllDevices(self, flags): +def listAllDevices(self, flags=0): Returns a list of host node device objects ret = libvirtmod.virConnectListAllNodeDevices(self._o, flags) if ret is None: @@ -264,7 +264,7 @@ return retlist -def listAllNWFilters(self, flags): +def listAllNWFilters(self, flags=0): Returns a list of network filter objects ret = libvirtmod.virConnectListAllNWFilters(self._o, flags) if ret is None: @@ -276,7 +276,7 @@ return retlist -def listAllSecrets(self, flags): +def listAllSecrets(self, flags=0): Returns a list of secret objects ret = libvirtmod.virConnectListAllSecrets(self._o, flags) if ret is None: diff --git a/python/libvirt-override-virDomain.py b/python/libvirt-override-virDomain.py index ccc4d5f..142b1d4 100644 --- a/python/libvirt-override-virDomain.py +++ b/python/libvirt-override-virDomain.py @@ -1,4 +1,4 @@ -def listAllSnapshots(self, flags): +def listAllSnapshots(self, flags=0): List all snapshots and returns a list of snapshot objects ret = libvirtmod.virDomainListAllSnapshots(self._o, flags) if ret is None: diff --git a/python/libvirt-override-virDomainSnapshot.py b/python/libvirt-override-virDomainSnapshot.py index bf708a5..ec53358 100644 --- a/python/libvirt-override-virDomainSnapshot.py +++ b/python/libvirt-override-virDomainSnapshot.py @@ -6,7 +6,7 @@ Get the domain that a snapshot was created for return self.domain() -def listAllChildren(self, flags): +def listAllChildren(self, flags=0): List all child snapshots and returns a list of snapshot objects ret = libvirtmod.virDomainSnapshotListAllChildren(self._o, flags) if ret is None: diff --git a/python/libvirt-override-virStoragePool.py b/python/libvirt-override-virStoragePool.py index ffe160c..325e403 100644 --- a/python/libvirt-override-virStoragePool.py +++ b/python/libvirt-override-virStoragePool.py @@ -1,4 +1,4 @@ -def listAllVolumes(self, flags): +def listAllVolumes(self, flags=0): List all storage volumes and returns a list of storage volume objects ret = libvirtmod.virStoragePoolListAllVolumes(self._o, flags)
Re: [libvirt] [PATCH RFC 2/5] conf: Introduce scsi hostdev
On 03/06/2013 02:24 PM, Osier Yang wrote:
On 2013年03月04日 14:01, Han Cheng wrote:
@@ -2928,6 +2929,96 @@ virDomainParseLegacyDeviceAddress(char *devaddr,
}
static int
+virDomainHostdevSubsysScsiDefParseXML(const xmlNodePtr node,
+ virDomainHostdevDefPtr def)
+{
+int ret = -1;
+xmlNodePtr cur;
If you define those variables here:
char *bus, *target, *unit;
+
+cur = node-children;
+while (cur != NULL) {
+if (cur-type == XML_ELEMENT_NODE) {
+if (xmlStrEqual(cur-name, BAD_CAST address)) {
+char *bus, *target, *unit;
+
+bus=virXMLPropString(cur, bus);
+if (bus) {
These codes can be simplified as:
if ((bus = virXMLPropString(cur, bus)) 0) {
virReportError(...);
goto out;
}
if (virStrToLong_ui(bus, NULL, 0,def-source.subsys.u.scsi.bus) 0) {
virReportError(...);
goto out;
}
With freeing the strings in out. [1]
+ret = virStrToLong_ui(bus, NULL, 0,
+def-source.subsys.u.scsi.bus);
+VIR_FREE(bus);
+if (ret 0) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(cannot parse bus %s), bus);
+goto out;
...
+}
+}
+cur = cur-next;
+}
+
+ret = 0;
+out:
[1]
VIR_FREE(bus);
VIR_FREE(target);
VIR_FREE(unit);
+return ret;
+}
+
This may cause memory leak if someone add more than one address by
mistake.
Regards,
Cheng
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Make virsh support '~' and '$HOME' in interactive mode
This patch makes '~' and '$HOME' can be recognized by virsh in
interactive mode. These two variables are replaced with real
path.
eg:
virsh # pwd
/home/libvirt
virsh # cd ~/rpmbuild
virsh # pwd
/root/rpmbuild
see https://bugzilla.redhat.com/show_bug.cgi?id=806793
Signed-off-by: Zhang Xiaohe zhan...@cn.fujitsu.com
---
tools/virsh.c | 25 +
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index b574d7e..5c8df6b 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -1232,6 +1232,27 @@ vshCmddefHelp(vshControl *ctl, const char *cmdname)
* ---
*/
static void
+vshExpandPath(vshControl *ctl, char **tkdata)
+{
+char *argstr = NULL;
+char *buf = NULL;
+char *p = NULL;
+const char *home = getenv(HOME);
+size_t len = strlen(home) + strlen(*tkdata);
+
+buf = vshMalloc(ctl, len);
+p = buf;
+buf = virStrcpy(buf, home, len);
+argstr = strchr(*tkdata, '/');
+if (argstr) {
+buf += strlen(home);
+buf = virStrcpy(buf, argstr, strlen(*tkdata));
+}
+VIR_FREE(*tkdata);
+*tkdata = p;
+}
+
+static void
vshCommandOptFree(vshCmdOpt * arg)
{
vshCmdOpt *a = arg;
@@ -1855,6 +1876,10 @@ get_data:
/* save option */
vshCmdOpt *arg = vshMalloc(ctl, sizeof(vshCmdOpt));
+/* replace the ~ or $HOME with real path */
+if (tkdata[0] == '~' || STRPREFIX(tkdata, $HOME))
+vshExpandPath(ctl, tkdata);
+
arg-def = opt;
arg-data = tkdata;
arg-next = NULL;
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_UNSUPPORTED
On 20.03.2013 18:26, Eric Blake wrote: On 03/20/2013 09:59 AM, Michal Privoznik wrote: The VIR_ERR_NO_SUPPORT error code is reserved for cases where an API is not implemented in a driver. It definitely should not be used when an API execution fails due to unsupported operation. --- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 30 +++--- src/qemu/qemu_monitor.c | 2 +- src/qemu/qemu_monitor_text.c | 2 +- src/qemu/qemu_process.c | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) ACK. Thanks, pushed. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix linkage of virt-aa-helper with numa library
On 20.03.2013 17:10, Michal Privoznik wrote: On 20.03.2013 16:02, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The recent commit moved some of the use of libnuma out of the driver code, and into src/util/. It did not, however, update libvirt_util.la to link against libnuma. This caused linkage failure with virt-aa-helper, since nothing else caused libnuma to be pulled onto the linker command line. The fix removes all reference to NUMACTL_LIBS/CFLAGS from the various modules in src/Makefile.am and just adds them to the libvirt_util.la module, which everything else depends on. Technically a build-breaker fix, but wanted to wait for feedback on this Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/Makefile.am | 19 --- 1 file changed, 8 insertions(+), 11 deletions(-) ACK Michal Even though I don't like pushing other commiters patches, I've pushed this one as it's a build breaker. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [test-API][PATCH] Add nwfilter test cases and conf
On 03/18/2013 03:04 PM, hongming wrote: The patch covers all nwfilter api provided by libvirt.py. It includes define/undefine/list nwfilters and check them via checking ebtables rule. The following new files are added. cases/nwfilter.conf repos/nwfilter/__init__.py repos/nwfilter/nwfilter_check.py * Check the nwfilter via checking ebtales repos/nwfilter/nwfilter_define.py * Define the nwfilter using specified value repos/nwfilter/nwfilter_list.py * List all of the available network filters repos/nwfilter/nwfilter_undefine.py * Undefine the specified nwfilter repos/nwfilter/xmls/nwfilter.xml --- cases/nwfilter.conf | 59 + repos/nwfilter/nwfilter_check.py| 120 +++ repos/nwfilter/nwfilter_define.py | 54 repos/nwfilter/nwfilter_list.py | 76 ++ repos/nwfilter/nwfilter_undefine.py | 43 + repos/nwfilter/xmls/nwfilter.xml|3 + 6 files changed, 355 insertions(+), 0 deletions(-) create mode 100644 cases/nwfilter.conf create mode 100644 repos/nwfilter/__init__.py create mode 100644 repos/nwfilter/nwfilter_check.py create mode 100644 repos/nwfilter/nwfilter_define.py create mode 100644 repos/nwfilter/nwfilter_list.py create mode 100644 repos/nwfilter/nwfilter_undefine.py create mode 100644 repos/nwfilter/xmls/nwfilter.xml There are a lot of trailing spaces, I removed them. ACK and pushed. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix linkage of virt-aa-helper with numa library
On Thu, Mar 21, 2013 at 10:05:50AM +0100, Michal Privoznik wrote: On 20.03.2013 17:10, Michal Privoznik wrote: On 20.03.2013 16:02, Daniel P. Berrange wrote: From: Daniel P. Berrange berra...@redhat.com The recent commit moved some of the use of libnuma out of the driver code, and into src/util/. It did not, however, update libvirt_util.la to link against libnuma. This caused linkage failure with virt-aa-helper, since nothing else caused libnuma to be pulled onto the linker command line. The fix removes all reference to NUMACTL_LIBS/CFLAGS from the various modules in src/Makefile.am and just adds them to the libvirt_util.la module, which everything else depends on. Technically a build-breaker fix, but wanted to wait for feedback on this Signed-off-by: Daniel P. Berrange berra...@redhat.com --- src/Makefile.am | 19 --- 1 file changed, 8 insertions(+), 11 deletions(-) ACK Michal Even though I don't like pushing other commiters patches, I've pushed this one as it's a build breaker. Thanks, forgot todo this before i left last night Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 1/5] conf: Introduce readonly to hostdev and change helper function
On 2013年03月06日 20:38, Han Cheng wrote:
Thanks for your comments~ Please correct me if I'm wrong.
As I know,source inhostdev is parsed by
virDomainHostdevSubsys(Pci/Usb)DefParseXML. Everything else inhostdev
is parsed by virDomainDeviceInfoParseXML.
I add readonly follow this.
I do think the new readonly member should be inside
virDomainHostdevDef instead. On one hand, not all devices
that has virDomainDeviceInfo want to support readonly.
On the other hand, see what virDomainDiskDef and virDomainFSDef
does. if you add it in virDomainDeviceInfo, for disk, fs,
(etc) devices, they are just duplicate.
And what I mean for exposing the readonly is to make
it external, but not internal instead, I.E. when you
dump the XML, you should see it.
And this XML is tested by hostdev-scsi-readonly(named by your advice).
Other problems will be fixed by next version.
On 03/06/2013 01:40 PM, Osier Yang wrote:
On 2013年03月04日 14:01, Han Cheng wrote:
The only parameter in -drive affect scsi-generic is readonly. Introduce
readonly/tohostdev.
The helper function to look up disk controller model may be used by scsi
hostdev. But it should be changed to use info.
---
docs/schemas/domaincommon.rng |5 +
src/conf/domain_conf.c| 18 ++
src/conf/domain_conf.h|6 --
src/libvirt_private.syms |2 +-
src/qemu/qemu_command.c |4 ++--
5 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index e7231cc..fbb4001 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2898,6 +2898,11 @@
ref name=alias/
/optional
optional
+element name='readonly'
+empty/
+/element
+/optional
+optional
ref name=deviceBoot/
/optional
optional
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 995cf0c..5e385e4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -78,6 +78,7 @@ typedef enum {
VIR_DOMAIN_XML_INTERNAL_PCI_ORIG_STATES = (118),
VIR_DOMAIN_XML_INTERNAL_ALLOW_ROM = (119),
VIR_DOMAIN_XML_INTERNAL_ALLOW_BOOT = (120),
+ VIR_DOMAIN_XML_INTERNAL_ALLOW_READONLY = (121),
I think the readonly tag for hostdev can just always be exposed,
as don't see any special reason to keep it internally.
} virDomainXMLInternalFlags;
VIR_ENUM_IMPL(virDomainTaint, VIR_DOMAIN_TAINT_LAST,
@@ -2173,6 +2174,8 @@ virDomainDeviceInfoIsSet(virDomainDeviceInfoPtr info,
unsigned int flags)
return true;
if (info-bootIndex)
return true;
+if (info-readonly)
+return true;
And why it's of DeviceInfo struct?
return false;
}
@@ -2395,6 +2398,8 @@ virDomainDeviceInfoFormat(virBufferPtr buf,
virDomainDeviceInfoPtr info,
unsigned int flags)
{
+if ((flagsVIR_DOMAIN_XML_INTERNAL_ALLOW_READONLY)
info-readonly)
+virBufferAsprintf(buf, readonly/\n);
if ((flagsVIR_DOMAIN_XML_INTERNAL_ALLOW_BOOT)
info-bootIndex)
virBufferAsprintf(buf, boot order='%d'/\n, info-bootIndex);
@@ -2803,6 +2808,10 @@ virDomainDeviceInfoParseXML(xmlNodePtr node,
(flagsVIR_DOMAIN_XML_INTERNAL_ALLOW_ROM)
xmlStrEqual(cur-name, BAD_CAST rom)) {
rom = cur;
+} else if (info-readonly == 0
+ (flagsVIR_DOMAIN_XML_INTERNAL_ALLOW_READONLY)
+ xmlStrEqual(cur-name, BAD_CAST readonly)) {
+info-readonly = 1;
}
}
cur = cur-next;
@@ -3291,8 +3300,8 @@ error:
}
int
-virDomainDiskFindControllerModel(virDomainDefPtr def,
- virDomainDiskDefPtr disk,
+virDomainInfoFindControllerModel(virDomainDefPtr def,
Not a good name. How about changing into:
virDomainDeviceFindControllerModel.
+ virDomainDeviceInfoPtr info,
int controllerType)
{
int model = -1;
@@ -3300,7 +3309,7 @@ virDomainDiskFindControllerModel(virDomainDefPtr def,
for (i = 0; idef-ncontrollers; i++) {
if (def-controllers[i]-type == controllerType
-def-controllers[i]-idx == disk-info.addr.drive.controller)
+def-controllers[i]-idx == info-addr.drive.controller)
model = def-controllers[i]-model;
}
@@ -7838,7 +7847,8 @@ virDomainHostdevDefParseXML(const xmlNodePtr node,
if (def-info-type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
if (virDomainDeviceInfoParseXML(node, bootMap, def-info,
flags |
VIR_DOMAIN_XML_INTERNAL_ALLOW_BOOT
-
Re: [libvirt] [PATCH 3/8] virsh-host: Refactor cmdFreecell
On 03/21/13 04:48, Eric Blake wrote:
On 03/07/2013 05:53 AM, Peter Krempa wrote:
Use the new helpers to determine mutually exclusive options and touch up
some parts to simplify the code.
---
tools/virsh-host.c | 55 +++---
1 file changed, 23 insertions(+), 32 deletions(-)
-if ((cell_given = vshCommandOptInt(cmd, cellno, cell)) 0) {
-vshError(ctl, %s, _(cell number has to be a number));
-goto cleanup;
-}
-all_given = vshCommandOptBool(cmd, all);
+VSH_EXCLUSIVE_OPTIONS_VAR(all, cellno);
-if (all_given cell_given) {
-vshError(ctl, %s, _(--cellno and --all are mutually exclusive.
- Please choose only one.));
-goto cleanup;
+if (cellno vshCommandOptInt(cmd, cellno, cell) 0) {
The 'cellno ' portion is extra; we didn't need it before, so I don't
know why you added it here. vshCommandOptInt returns 0 if --cellno was
not provided, since it is not a mandatory option.
I used it there to avoid the call to vshCommandOptInt in case it won't
parse anything as the cellno parameter is missing anyways. It is not
strictly needed but it's a optimization so I'll leave it in.
ACK if you either explain the added conjunct or remove it, and if you
fix the whitespace.
Peter
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 2/5] conf: Introduce scsi hostdev
On 2013年03月06日 21:09, Han Cheng wrote:
On 03/06/2013 02:24 PM, Osier Yang wrote:
On 2013年03月04日 14:01, Han Cheng wrote:
Adding scsi hostdev, it should like:
hostdev mode='subsystem' type='scsi'
source
adapter name='scsi_host0'/
address bus='0' target='0' unit='0'/
/source
address type='drive' controller='0' bus='0' target='4' unit='8'/
/hostdev
@@ -3893,4 +3921,9 @@
/element
empty/
/define
+define name=scsiAdapter
+data type=string
+param name=patternscsi_host[0-9]{1,2}/param
No need to have a duplicate definition. It can reuse what
storage pool uses.
I mean you can reuse the schema definition of storage pool.
This is possible.
But what make differences is the number. If we don't deal with it and
storage it as string, we'll have to deal with it when build command line.
Please do it when building command line. The XML should be generic for
all drivers, not specificly for one driver.
Or, we just change the xml:
source
adapter name='scsi_host0'/
address bus='0' target='0' unit='0'/
/source
--
source
address host='0' bus='0' target='0' unit='0'/
/source
And actually 'host' can be 'controller'. Then it is drive address. We
may reduce redundant codes.
I'm not a fan of this idea. As we will want the adapter name like
scsi_host0 anyway when associating the scsi storage pool, especially
the scsi pool behind a vHBA, which is represented by wwnn/wwpn, which
is not possible to represented by a number. And on the other hand,
reusing controller makes things confused.
@@ -12997,6 +13119,15 @@ virDomainHostdevDefFormatSubsys(virBufferPtr buf,
virBufferAdjustIndent(buf, 2);
switch (def-source.subsys.type)
{
+case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI:
+virBufferAsprintf(buf, adapter name='scsi_host%d'/\n,
This is hard code. Assuming that a scsi host device can have different
name with scsi_host on platform other than Linux. So again, IMHO
we should just storing the adapter name as string.
Actually I'm quite uncomfortable when writing this hard code. If we
change xml, this won't be problem.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 2/5] conf: Introduce scsi hostdev
On 2013年03月21日 17:01, Han Cheng wrote:
On 03/06/2013 02:24 PM, Osier Yang wrote:
On 2013年03月04日 14:01, Han Cheng wrote:
@@ -2928,6 +2929,96 @@ virDomainParseLegacyDeviceAddress(char *devaddr,
}
static int
+virDomainHostdevSubsysScsiDefParseXML(const xmlNodePtr node,
+ virDomainHostdevDefPtr def)
+{
+int ret = -1;
+xmlNodePtr cur;
If you define those variables here:
char *bus, *target, *unit;
+
+cur = node-children;
+while (cur != NULL) {
+if (cur-type == XML_ELEMENT_NODE) {
+if (xmlStrEqual(cur-name, BAD_CAST address)) {
+char *bus, *target, *unit;
+
+bus=virXMLPropString(cur, bus);
+if (bus) {
These codes can be simplified as:
if ((bus = virXMLPropString(cur, bus)) 0) {
virReportError(...);
goto out;
}
if (virStrToLong_ui(bus, NULL, 0,def-source.subsys.u.scsi.bus) 0) {
virReportError(...);
goto out;
}
With freeing the strings in out. [1]
+ret = virStrToLong_ui(bus, NULL, 0,
+def-source.subsys.u.scsi.bus);
+VIR_FREE(bus);
+if (ret0) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(cannot parse bus %s), bus);
+goto out;
...
+}
+}
+cur = cur-next;
+}
+
+ret = 0;
+out:
[1]
VIR_FREE(bus);
VIR_FREE(target);
VIR_FREE(unit);
+return ret;
+}
+
This may cause memory leak if someone add more than oneaddress by
mistake.
No, as they are free'ed anyway after 1 round parsing (assuming there
are multiple address specified indeed), regardless of whether the
parsing succeeded or not.
And the things we store in the memory for these attributes are numbers.
So no memory leak.
Osier
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Make virsh support '~' and '$HOME' in interactive mode
On Thu, Mar 21, 2013 at 05:00:58PM +0800, Zhang Xiaohe wrote: This patch makes '~' and '$HOME' can be recognized by virsh in interactive mode. These two variables are replaced with real path. If we're going to the trouble of expanding $HOME, then we might as well just make it expand arbitrary environment variables rather than hardcoding $HOME. Also, we'll need a way to escape the special meaning of '~' and '$' to get them treated as literal characters instead of special characters. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC 0/5] add support for scsi-generic for virtio-scsi
On 2013年03月04日 14:01, Han Cheng wrote: This patch series tried to implement the fifth part of Paolo's proposal: http://permalink.gmane.org/gmane.comp.emulators.libvirt/50428 It is not completed. But it may for use. Needs some more works on: src/qemu/qemu_hostdev.c src/qemu/qemu_hotplug.c We may also need create src/util/virscsi.[hc] like src/util/vir(pci|usb).[hc], add sg* to nodedev tree and some others. As scsi hostdev needs -drive and -device like disk. There are two approaches: a) build a disk then use the disk related functions, b) create new function for it. I chose the last one as it is clearer and easier. But this may create some redundant codes. You did right. Except the -drive and -device, I think the other properties are very different. Mixing them together with disk will be just confused. Any ideas? Han Cheng (5): conf: Introduce readonly to hostdev and change helper function conf: Introduce scsi hostdev qemu: New cap flag for scsi-generic qemu: Build qemu command line for scsi-generic tests: tests for scsi hostdev docs/formatdomain.html.in | 36 +- docs/schemas/domaincommon.rng | 38 ++ src/conf/domain_audit.c| 10 src/conf/domain_conf.c | 167 +- src/conf/domain_conf.h | 13 src/libvirt_private.syms | 2 src/qemu/qemu_capabilities.c | 15 src/qemu/qemu_capabilities.h | 2 src/qemu/qemu_command.c| 160 + tests/qemuhelpdata/qemu-1.0-device | 10 tests/qemuhelpdata/qemu-1.1.0-device | 10 tests/qemuhelpdata/qemu-1.2.0-device | 5 tests/qemuhelpdata/qemu-kvm-1.2.0-device | 5 tests/qemuhelptest.c | 19 - tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address-boot.args | 9 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address-boot.xml | 34 ++ tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address-readonly.args | 9 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address-readonly.xml | 35 ++ tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address.args | 9 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-address.xml | 34 ++ tests/qemuxml2argvtest.c | 12 tests/qemuxml2xmltest.c| 4 22 files changed, 607 insertions(+), 31 deletions(-) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 1/2] rpc: add virNetSocketNewConnectTCPHints
Just like virNetSocketNewConnectTCP, but it has one extra parameter
specifying the address family.
---
src/libvirt_private.syms | 1 +
src/rpc/virnetsocket.c | 9 +
src/rpc/virnetsocket.h | 4
3 files changed, 14 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..e36403a 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -935,6 +935,7 @@ virNetSocketNewConnectExternal;
virNetSocketNewConnectLibSSH2;
virNetSocketNewConnectSSH;
virNetSocketNewConnectTCP;
+virNetSocketNewConnectTCPHints;
virNetSocketNewConnectUNIX;
virNetSocketNewListenFD;
virNetSocketNewListenTCP;
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index c4fd9ee..093f8a0 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -433,6 +433,14 @@ int virNetSocketNewConnectTCP(const char *nodename,
const char *service,
virNetSocketPtr *retsock)
{
+return virNetSocketNewConnectTCPHints(nodename, service, retsock,
AF_UNSPEC);
+}
+
+int virNetSocketNewConnectTCPHints(const char *nodename,
+ const char *service,
+ virNetSocketPtr *retsock,
+ int addressfamily)
+{
struct addrinfo *ai = NULL;
struct addrinfo hints;
int fd = -1;
@@ -449,6 +457,7 @@ int virNetSocketNewConnectTCP(const char *nodename,
memset(hints, 0, sizeof(hints));
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
hints.ai_socktype = SOCK_STREAM;
+hints.ai_family = addressfamily;
int e = getaddrinfo(nodename, service, hints, ai);
if (e != 0) {
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index 7392c72..bb8e7fe 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -61,6 +61,10 @@ int virNetSocketNewListenFD(int fd,
int virNetSocketNewConnectTCP(const char *nodename,
const char *service,
virNetSocketPtr *addr);
+int virNetSocketNewConnectTCPHints(const char *nodename,
+ const char *service,
+ virNetSocketPtr *retsock,
+ int addressfamily);
int virNetSocketNewConnectUNIX(const char *path,
bool spawnDaemon,
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 0/2] allow migration over IPv6
Diff to v3: Use VIR_MIGRATE_IPV6 flag instead of trying to automagically guess if we should use IPv6 or IPv4. v3: https://www.redhat.com/archives/libvir-list/2013-February/msg01379.html Ján Tomko (2): rpc: add virNetSocketNewConnectTCPHints qemu: allow migration over IPv6 include/libvirt/libvirt.h.in | 1 + src/libvirt.c| 8 + src/libvirt_private.syms | 1 + src/qemu/qemu_migration.c| 82 src/qemu/qemu_migration.h| 3 +- src/rpc/virnetsocket.c | 9 + src/rpc/virnetsocket.h | 4 +++ tools/virsh-domain.c | 7 tools/virsh.pod | 5 +-- 9 files changed, 95 insertions(+), 25 deletions(-) -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv4 2/2] qemu: allow migration over IPv6
Add VIR_MIGRATE_IPV6 flag which allows QEMU migration over IPv6 by
specifying a hostname.
If this flag is specified (or the migrate URI contains a numeric v6
address), we tell QEMU to listen on [::] instead of 0.0.0.0. The same
listen address is used for the NBD server.
Use virURIParse in qemuMigrationPrepareDirect to allow parsing
IPv6 addresses, which would cause an 'incorrect :port' error
message before.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=846013
---
include/libvirt/libvirt.h.in | 1 +
src/libvirt.c| 8 +
src/qemu/qemu_migration.c| 82
src/qemu/qemu_migration.h| 3 +-
tools/virsh-domain.c | 7
tools/virsh.pod | 5 +--
6 files changed, 81 insertions(+), 25 deletions(-)
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index f6a7aff..66e0588 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -1188,6 +1188,7 @@ typedef enum {
VIR_MIGRATE_UNSAFE= (1 9), /* force migration even if it is
considered unsafe */
VIR_MIGRATE_OFFLINE = (1 10), /* offline migrate */
VIR_MIGRATE_COMPRESSED= (1 11), /* compress data during
migration */
+VIR_MIGRATE_IPV6 = (1 12), /* use IPv6 for migration */
} virDomainMigrateFlags;
/* Domain migration. */
diff --git a/src/libvirt.c b/src/libvirt.c
index 02d5dd9..1372d44 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -5139,11 +5139,13 @@ virDomainMigrateDirect(virDomainPtr domain,
* automatically when supported).
* VIR_MIGRATE_UNSAFEForce migration even if it is considered unsafe.
* VIR_MIGRATE_OFFLINE Migrate offline
+ * VIR_MIGRATE_IPV6Migrate over IPv6
*
* VIR_MIGRATE_TUNNELLED requires that VIR_MIGRATE_PEER2PEER be set.
* Applications using the VIR_MIGRATE_PEER2PEER flag will probably
* prefer to invoke virDomainMigrateToURI, avoiding the need to
* open connection to the destination host themselves.
+ * VIR_MIGRATE_IPV6 has no effect on tunnelled migration.
*
* If a hypervisor supports renaming domains during migration,
* then you may set the dname parameter to the new name (otherwise
@@ -5366,11 +5368,13 @@ error:
* automatically when supported).
* VIR_MIGRATE_UNSAFEForce migration even if it is considered unsafe.
* VIR_MIGRATE_OFFLINE Migrate offline
+ * VIR_MIGRATE_IPV6Migrate over IPv6
*
* VIR_MIGRATE_TUNNELLED requires that VIR_MIGRATE_PEER2PEER be set.
* Applications using the VIR_MIGRATE_PEER2PEER flag will probably
* prefer to invoke virDomainMigrateToURI, avoiding the need to
* open connection to the destination host themselves.
+ * VIR_MIGRATE_IPV6 has no effect on tunnelled migration.
*
* If a hypervisor supports renaming domains during migration,
* then you may set the dname parameter to the new name (otherwise
@@ -5611,6 +5615,7 @@ error:
* automatically when supported).
* VIR_MIGRATE_UNSAFEForce migration even if it is considered unsafe.
* VIR_MIGRATE_OFFLINE Migrate offline
+ * VIR_MIGRATE_IPV6Migrate over IPv6
*
* The operation of this API hinges on the VIR_MIGRATE_PEER2PEER flag.
* If the VIR_MIGRATE_PEER2PEER flag is NOT set, the duri parameter
@@ -5626,6 +5631,7 @@ error:
* libvirt driver can connect to the destination libvirt.
*
* VIR_MIGRATE_TUNNELLED requires that VIR_MIGRATE_PEER2PEER be set.
+ * VIR_MIGRATE_IPV6 has no effect on tunnelled migration.
*
* If you want to copy non-shared storage within migration you
* can use either VIR_MIGRATE_NON_SHARED_DISK or
@@ -5763,6 +5769,7 @@ error:
* automatically when supported).
* VIR_MIGRATE_UNSAFEForce migration even if it is considered unsafe.
* VIR_MIGRATE_OFFLINE Migrate offline
+ * VIR_MIGRATE_IPV6Migrate over IPv6
*
* The operation of this API hinges on the VIR_MIGRATE_PEER2PEER flag.
*
@@ -5779,6 +5786,7 @@ error:
* supported URI schemes.
*
* VIR_MIGRATE_TUNNELLED requires that VIR_MIGRATE_PEER2PEER be set.
+ * VIR_MIGRATE_IPV6 has no effect on tunnelled migration.
*
* If you want to copy non-shared storage within migration you
* can use either VIR_MIGRATE_NON_SHARED_DISK or
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 537b834..56d870d 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1104,12 +1104,12 @@ error:
*/
static int
qemuMigrationStartNBDServer(virQEMUDriverPtr driver,
-virDomainObjPtr vm)
+virDomainObjPtr vm,
+const char *listenAddr)
{
int ret = -1;
qemuDomainObjPrivatePtr priv = vm-privateData;
unsigned short port = 0;
-const char *listenAddr = 0.0.0.0;
char *diskAlias = NULL;
size_t i;
@@ -1982,6 +1982,7 @@
Re: [libvirt] [PATCHv4 0/2] allow migration over IPv6
On Thu, Mar 21, 2013 at 11:35:05AM +0100, Ján Tomko wrote: Diff to v3: Use VIR_MIGRATE_IPV6 flag instead of trying to automagically guess if we should use IPv6 or IPv4. Why ? We should figure this out ourselves for migration just as we do anywhere else we do TCP conections Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] security: Don't add seclabel of type none if there's already a seclabel
https://bugzilla.redhat.com/show_bug.cgi?id=923946
The seclabel type='none'/ should be added iff there is no other
seclabel defined within a domain. This bug can be easily reproduced:
1) configure selinux seclabel for a domain
2) disable system's selinux and restart libvirtd
3) observe seclabel type='none'/ being appended to a domain on its
startup
---
src/security/security_manager.c | 22 +-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c621366..26262ed 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -425,7 +425,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
int rc = 0;
-size_t i;
+size_t i, j, nsec_managers;
virSecurityManagerPtr* sec_managers = NULL;
virSecurityLabelDefPtr seclabel;
@@ -435,6 +435,26 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
return -1;
+for (nsec_managers = 0; sec_managers[nsec_managers]; nsec_managers++)
+;
+
+for (i = 0; sec_managers[i]; i++) {
+if (STRNEQ(sec_managers[i]-drv-name, none))
+continue;
+
+/* If there's a seclabel defined for a @vm other than NOP,
+ * we don't want to define seclabel of type 'none' */
+for (j = 0; i vm-nseclabels; j++) {
+if (vm-seclabels[j]-type == VIR_DOMAIN_SECLABEL_NONE)
+continue;
+
+VIR_DEBUG(Skipping NOP security manager);
+memmove(sec_managers + i, sec_managers + i + 1,
+(nsec_managers - i + 1) * sizeof(sec_managers));
+break;
+}
+}
+
virObjectLock(mgr);
for (i = 0; sec_managers[i]; i++) {
seclabel = virDomainDefGetSecurityLabelDef(vm,
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv4 0/2] allow migration over IPv6
On Thu, Mar 21, 2013 at 10:38:12 +, Daniel P. Berrange wrote: On Thu, Mar 21, 2013 at 11:35:05AM +0100, Ján Tomko wrote: Diff to v3: Use VIR_MIGRATE_IPV6 flag instead of trying to automagically guess if we should use IPv6 or IPv4. Why ? We should figure this out ourselves for migration just as we do anywhere else we do TCP conections There was an attempt to discuss this matter a while ago: https://www.redhat.com/archives/libvir-list/2013-March/msg00515.html Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/2] python: treat flags as default argument with value 0
On 2013年03月21日 16:41, Guannan Ren wrote: The following four functions have not changed because default arguments have to come after positional arguments. Changing them will break the the binding APIs. migrate(self, dconn, flags, dname, uri, bandwidth): migrate2(self, dconn, dxml, flags, dname, uri, bandwidth): migrateToURI(self, duri, flags, dname, bandwidth): migrateToURI2(self, dconnuri, miguri, dxml, flags, dname, bandwidth): So how are they filtered? ... --- python/generator.py | 2 ++ python/libvirt-override-virConnect.py| 14 +++--- python/libvirt-override-virDomain.py | 2 +- python/libvirt-override-virDomainSnapshot.py | 2 +- python/libvirt-override-virStoragePool.py| 2 +- python/libvirt-override.py | 2 +- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/python/generator.py b/python/generator.py index d269e88..bb53fcf 100755 --- a/python/generator.py +++ b/python/generator.py @@ -1487,6 +1487,8 @@ def buildWrappers(module): if n != index: classes.write(, %s % arg[0]) n = n + 1 +if arg[0] == flags: +classes.write(=0); ...As I see you write flags=0 for all the automatically generated APIs here? And is there any risk to have other APIs of which flags doesn't default to 0? Except the ones you mentioned in commit log. classes.write():\n) writeDoc(module, name, args, '', classes) n = 0 diff --git a/python/libvirt-override-virConnect.py b/python/libvirt-override-virConnect.py index 121ef6f..5495b70 100644 --- a/python/libvirt-override-virConnect.py +++ b/python/libvirt-override-virConnect.py @@ -204,7 +204,7 @@ self.domainEventCallbackID[ret] = opaque return ret -def listAllDomains(self, flags): +def listAllDomains(self, flags=0): All the left are manually created files. So it's safe. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/2] make: regenerate bindings when classname.py changes
On 2013年03月21日 16:41, Guannan Ren wrote: --- python/Makefile.am | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/python/Makefile.am b/python/Makefile.am index 55c5e41..18da9a2 100644 --- a/python/Makefile.am +++ b/python/Makefile.am @@ -26,7 +26,8 @@ CLASSES_EXTRA = \ libvirt-override-virConnect.py \ libvirt-override-virDomain.py \ libvirt-override-virDomainSnapshot.py \ - libvirt-override-virStream.py + libvirt-override-virStream.py \ + libvirt-override-virStoragePool.py ACK to this. EXTRA_DIST = \ generator.py\ @@ -109,7 +110,11 @@ LXC_GENERATED= libvirt-lxc-export.c \ libvirt-lxc.h \ libvirt_lxc.py -$(GENERATE).stamp: $(srcdir)/$(GENERATE) $(API_DESC) $(QEMU_API_DESC) $(LXC_API_DESC) +$(GENERATE).stamp: $(srcdir)/$(GENERATE) \ + $(API_DESC) \ + $(QEMU_API_DESC) \ + $(LXC_API_DESC) \ + $(CLASSES_EXTRA) Why do we need to add the manually created files here? $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(PYTHON) \ touch $@ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] IPv6 migration
On Tue, Mar 19, 2013 at 03:21:31PM +0100, Jiri Denemark wrote: On Mon, Mar 11, 2013 at 19:40:52 +0100, Ján Tomko wrote: Hello. We can only tell QEMU on the destination to listen either on IPv6 or on IPv4. If we're supplied with a numeric v6 address, that's the only thing we need to know to set the listen address to [::]. For hostnames, we can either assume this based on how it resolves by default on the destination (we keep trying all the resolved addresses on the source, but this might break a few cases), which John found disgusting, so that leaves user input: How about a VIR_DOMAIN_MIGRATE_IPV6 flag, depending on which we set the listen address on the destination and creating a new function virNetSocketNewConnectTCPHints, where we would add IPv4/IPv6 hint based on the presence/absence of this flag? Yeah, I think using an explicit flag would be the best approach. As we learnt several times, implementing automagic behavior is too fragile and leads to ugly code and confusion. IIUC, we would tell QEMU to listen on :: iff either migrateuri uses IPv6 address explicitly or VIR_DOMAIN_MIGRATE_IPV6 flag is set. In all other cases, 0.0.0.0 address will be passed to QEMU. In other words, unless a user takes an explicit action, migration will use IPv4 regardless on libvirt version. That would mean that migration is broken by default in an IPv6 only environment, so I don't think that is an satisfactory approach. We should be checking whether. Listening on '[::]' means that QEMU will accept connections on *both* IPv4 and IPv6, if configured with dual-stack. So if IPv6 is present on the target host, it is entirely reasonable to default to '[::]' if given a hostname. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix initialization of virIdentityPtr thread locals
From: Daniel P. Berrange berra...@redhat.com
Some code mistakenly called virIdentityOnceInit directly
instead of virIdentityInitialize(). This meant that one-time
initializer was run many times with predictably bad results.
Pushed under trivial rule
---
src/util/viridentity.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 1d40972..c9efd3f 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -83,7 +83,7 @@ virIdentityPtr virIdentityGetCurrent(void)
{
virIdentityPtr ident;
-if (virIdentityOnceInit() 0)
+if (virIdentityInitialize() 0)
return NULL;
ident = virThreadLocalGet(virIdentityCurrent);
@@ -104,7 +104,7 @@ int virIdentitySetCurrent(virIdentityPtr ident)
{
virIdentityPtr old;
-if (virIdentityOnceInit() 0)
+if (virIdentityInitialize() 0)
return -1;
old = virThreadLocalGet(virIdentityCurrent);
--
1.8.1.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] libvirt-tck test failure with identity patches
On Wed, Mar 20, 2013 at 08:15:31PM +0100, Guido Günther wrote: Hi, the qemu session libvirt-tck test currently fails with: [19:58:21] scripts/domain/050-transient-lifecycle.t ok59684 ms [19:59:20] scripts/domain/051-transient-autostart.t ok 2001 ms [19:59:22] scripts/domain/060-persistent-lifecycle.t ... ok 2943 ms [19:59:25] scripts/domain/061-persistent-autostart.t ... ok 2050 ms [19:59:28] scripts/domain/065-persistent-redefine.t ok 2050 ms [19:59:30] scripts/domain/070-transient-to-persistent.t ok 2025 ms [19:59:32] scripts/domain/080-unique-id-define.t ... ok 3353 ms [19:59:35] scripts/domain/081-unique-id-create.t ... Dubious, test returned 22 (wstat 5632, 0x1600) All 12 subtests passed [19:59:41] scripts/domain/082-unique-id-caching.t .. Bailout called. Further testing stopped: failed to setup test harness: libvirt error code: 1, message: internal error Cannot initialize thread local for current identity Runnig 081-unique-id-create.t and 082-unique-id-caching.t separately works so there's some corruption going on. Any idea what could be triggering this? It stared with one of: ebf78be4c277cffae57d99daa199a9b3c1cf9804 Set the current client identity during API call dispatch d5e83ad9b7c74e434349ede076dc573a3cc50384 Add ability to get a virIdentity from a virNetServerClientPtr 8c5d28c1ad5d42b8f3599d52a3dfed32f88c4edc Add API to get the system identity 8726e91b3a165fa1094155218f3a3b65dbc932c5 Add APIs for associating a virIdentityPtr with the current thread 3aabe27247711324df2bfa623e9a5e8d2442e3a5 Define internal APIs for managing identities 51997e50fa9a54c4bfce3cb2dd43b53418135d18 Add APIs to get at more client security data Any idea? I'll try to dig deeper once I find some more time. There were some typos causing the one time intializer to be run many times with predictably bad results :-) I've pushed a fix Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] security: Don't add seclabel of type none if there's already a seclabel
On Thu, Mar 21, 2013 at 11:46:18AM +0100, Michal Privoznik wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=923946
The seclabel type='none'/ should be added iff there is no other
seclabel defined within a domain. This bug can be easily reproduced:
1) configure selinux seclabel for a domain
2) disable system's selinux and restart libvirtd
3) observe seclabel type='none'/ being appended to a domain on its
startup
---
src/security/security_manager.c | 22 +-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c621366..26262ed 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -425,7 +425,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
int rc = 0;
-size_t i;
+size_t i, j, nsec_managers;
virSecurityManagerPtr* sec_managers = NULL;
virSecurityLabelDefPtr seclabel;
@@ -435,6 +435,26 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
return -1;
+for (nsec_managers = 0; sec_managers[nsec_managers]; nsec_managers++)
+;
+
+for (i = 0; sec_managers[i]; i++) {
+if (STRNEQ(sec_managers[i]-drv-name, none))
+continue;
+
+/* If there's a seclabel defined for a @vm other than NOP,
+ * we don't want to define seclabel of type 'none' */
+for (j = 0; i vm-nseclabels; j++) {
+if (vm-seclabels[j]-type == VIR_DOMAIN_SECLABEL_NONE)
+continue;
+
+VIR_DEBUG(Skipping NOP security manager);
+memmove(sec_managers + i, sec_managers + i + 1,
+(nsec_managers - i + 1) * sizeof(sec_managers));
+break;
+}
+}
I don't really like this code at all.
+
virObjectLock(mgr);
for (i = 0; sec_managers[i]; i++) {
seclabel = virDomainDefGetSecurityLabelDef(vm,
IMHO the flaw is in this method - despite being a 'getter' it is
actually modifying the the domain def to add seclabel elements
when called. IMHO this is totally bogus behaviour that should be
removed. The only code which should be adding seclabel is this
security manager / driver code, not XML handling APIs.
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] remote connection issue 'virsh -c qemu+ssh:///root@localhost/system list'
Hi, I'm trying remote connection with qemu hypervisor on FSL PPC board. The libvirt server is the PPC board. root@ppc:~# ifconfig eth0 10.193.20.109 root@ppc:~# libvirtd -d root@ppc:~# virsh -c qemu:///system define test.xml root@ppc:~# virsh -c qemu:///system start test root@ppc:~# virsh -c qemu:///system list --all IdName State 2 test running Connect from an X86 PC (Ubuntu 10.04) to the PPC board. user@x86:~$ virsh -c qemu+ssh://root@10.193.20.109/system list --all The authenticity of host '10.193.20.109 (10.193.20.109)' can't be established. RSA key fingerprint is 2f:56:07:08:da:7d:ac:41:45:57:d2:12:15:19:67:e0. Are you sure you want to continue connecting (yes/no)? yes root@10.193.20.109's password: error: failed to connect to the hypervisor error: End of file while reading data: Warning: Permanently added '10.193.20.109' (RSA) to the list of known hosts. nc: invalid option -- 'U' BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary. Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]: Input/output error I tried to verify the remote connection on localhost. But it also failed as below: root@mpc8572ds:~# virsh -c qemu+ssh:///root@localhost/system list --all root@localhost's password: error: failed to connect to the hypervisor error: End of file while reading data: nc: invalid option -- 'U' BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary. Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]: Input/output error Could anyone give suggestion on this issue? Best Regards, Olivia -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Un-mark volume as mirrored/copied if blockjob copy fails
On 03/20/13 18:24, Eric Blake wrote: On 03/20/2013 09:53 AM, Peter Krempa wrote: When the blockjob fails for some reason an event is emitted but the disk wasn't unmarked as being part of a active block copy operation. --- src/qemu/qemu_process.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 2465938..ada864b 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -970,6 +970,9 @@ qemuProcessHandleBlockJob(qemuMonitorPtr mon ATTRIBUTE_UNUSED, if (disk-mirror type == VIR_DOMAIN_BLOCK_JOB_TYPE_COPY status == VIR_DOMAIN_BLOCK_JOB_READY) disk-mirroring = true; +if (disk-mirror type == VIR_DOMAIN_BLOCK_JOB_TYPE_COPY +status == VIR_DOMAIN_BLOCK_JOB_FAILED) +VIR_FREE(disk-mirror); ACK. Pushed; Thanks. Peter -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv2] python: Fix emulatorpin API bindings
On 03/20/13 21:12, Eric Blake wrote:
On 03/20/2013 08:48 AM, Peter Krempa wrote:
The addition of emulator pinning APIs didn't think of doing the right
job with python APIs for them. The default generator produced unusable
code for this.
This patch switches to proper code as in the case of domain Vcpu pining.
This change can be classified as a python API-breaker but in the state
the code was before I doubt anyone was able to use it successfully.
---
python/generator.py | 2 +
python/libvirt-override-api.xml | 18 +-
python/libvirt-override.c | 118
3 files changed, 136 insertions(+), 2 deletions(-)
+static PyObject *
+libvirt_virDomainGetEmulatorPinInfo(PyObject *self ATTRIBUTE_UNUSED,
+PyObject *args)
+{
+
+for (pcpu = 0; pcpu cpunum; pcpu++)
+PyTuple_SET_ITEM(pycpumap, pcpu,
+ PyBool_FromLong(VIR_CPU_USABLE(cpumap, cpumaplen,
+0, pcpu)));
The counterpart of libvirt_virDomainGetVpcpuPinInfo() used
PyTuple_SetItem instead of PyTuple_SET_ITEM; any reason?
I wanted to make it explicit that we don't care about the return value.
At any rate, this looks sane modulo the whitespace tweak, so:
ACK.
I fixed the whitespace and pushed.
Thanks
Peter
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Support setting the 'removable' flag for USB disks
19/03/13 12:59, Daniel P. Berrange wrote:
On Tue, Mar 19, 2013 at 09:40:54AM +0100, anonym wrote:
Can you use a real name instead of an anonymous psuedonym for patches.
Sure. Will do in my next patch proposal.
This adds an attribute named 'removable' to the 'target' element of
disks, which controls the removable flag. For instance, on a Linux
guest it controls the value of /sys/block/$dev/removable. This option
is only valid for USB disks (i.e. bus='usb'), and its default value is
'off', which is the same behaviour as before.
To achieve this, 'removable=on' is appended to the '-device
usb-storage' parameter sent to qemu when adding a USB disk via
'-disk'. For versions of qemu only supporting '-usbdevice disk:' for
adding USB disks this feature always remains 'off' since there's no
support for passing such an option.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=922495
---
docs/formatdomain.html.in |8 +++--
docs/schemas/domaincommon.rng |8 +
src/conf/domain_conf.c | 35
++--
src/conf/domain_conf.h |9 +
src/libvirt_private.syms |1 +
src/qemu/qemu_command.c|6
.../qemuxml2argv-disk-usb-device-removable.args|8 +
.../qemuxml2argv-disk-usb-device-removable.xml | 27 +++
tests/qemuxml2argvtest.c |2 ++
9 files changed, 99 insertions(+), 5 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-usb-device-removable.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-usb-device-removable.xml
@@ -12915,10 +12940,14 @@ virDomainDiskDefFormat(virBufferPtr buf,
if ((def-device == VIR_DOMAIN_DISK_DEVICE_FLOPPY ||
def-device == VIR_DOMAIN_DISK_DEVICE_CDROM)
def-tray_status != VIR_DOMAIN_DISK_TRAY_CLOSED)
-virBufferAsprintf(buf, tray='%s'/\n,
+virBufferAsprintf(buf, tray='%s',
virDomainDiskTrayTypeToString(def-tray_status));
-else
-virBufferAddLit(buf, /\n);
+if (def-bus == VIR_DOMAIN_DISK_BUS_USB
+def-removable != VIR_DOMAIN_DISK_REMOVABLE_OFF) {
This means that if the user explicitly added removeable='off' to their
XML, we'll be dropping it.
Being rather new to this, I modeled the 'removable' attribute after the
'tray' attribute, which has that behaviour. Hence you may want to
reconsider if that's what you want for 'tray' too.
+virBufferAsprintf(buf, removable='%s',
+
virDomainDiskRemovableTypeToString(def-removable));
+}
+virBufferAddLit(buf, /\n);
/*disk I/O throttling*/
if (def-blkdeviotune.total_bytes_sec ||
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 96f11ba..0f4f0d7 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -518,6 +518,13 @@ enum virDomainDiskTray {
VIR_DOMAIN_DISK_TRAY_LAST
};
+enum virDomainDiskRemovable {
If you add in
VIR_DOMAIN_DISK_REMOVABLE_DEFAULT
then you can distinguish explicit on/off settings from the
default setting to address my earlier comment.
Ok. To reduce bloat I'll use VIR_DOMAIN_FEATURE_STATE_* as suggested by
Peter Krempa.
+VIR_DOMAIN_DISK_REMOVABLE_ON,
+VIR_DOMAIN_DISK_REMOVABLE_OFF,
+
+VIR_DOMAIN_DISK_REMOVABLE_LAST
+};
+
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5cad990..0d1a9d6 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -156,6 +156,7 @@ virDomainDiskIoTypeToString;
virDomainDiskPathByName;
virDomainDiskProtocolTransportTypeFromString;
virDomainDiskProtocolTransportTypeToString;
+virDomainDiskRemovableTypeToString;
The VIR_ENUM macro generates 2 methods, so also add in
virDomainDiskRemovableTypeFromString;
Not an issue once I move to VIR_DOMAIN_FEATURE_STATE_*.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4891b65..c04cecf 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3219,6 +3219,11 @@ qemuBuildDriveDevStr(virDomainDefPtr def,
if (disk-product)
virBufferAsprintf(opt, ,product=%s, disk-product);
+if (disk-bus == VIR_DOMAIN_DISK_BUS_USB
+disk-removable != VIR_DOMAIN_DISK_REMOVABLE_OFF) {
+virBufferAsprintf(opt, ,removable=%s,
+
virDomainDiskRemovableTypeToString(disk-removable));
+}
We should should not on the QEMU default setting - so make sure
you explicitly set both removeable=on or removeable=off.
Ack. I guess it may be a good idea to not use any *TypeToString()
functions like that either since that implies that the qemu value names
have to be the same as those in libvirt's domain XML, both which could
change in the future. I'll explicitly write =on or =off
[libvirt] Cannot initialize thread local for current identity
When I play with the latest libvirt,my libvirtd force me out of console of domain. I find the problem is introduced by commit ebf78be4c277cffae57d99daa199a9b3c1cf9804 Set the current client identity during API call dispatch. Below is the error message Error polling connection 'qemu:///system': Cannot initialize thread local for current identity. I don't know if there are something wrong with my configuration, But when I reset to the commit id before this commit, everything runs well. If you need some debug information, Please let me know,It's my pleasure. Thanks. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 0/6] libvirt support for userspace iSCSI initiator (libiscsi)
This series adds support for the libiscsi userspace initiator. Compared to v1, logical units are now specified with IQN/LUN syntax in the name attribute. Paolo Paolo Bonzini (6): qemu: add support for libiscsi qemu: support passthrough for iscsi disks domain: make port optional for network disks secret: add iscsi to possible usage types domain: parse XML for iscsi authorization credentials qemu: pass iscsi authorization credentials docs/formatdomain.html.in | 29 +++-- docs/formatsecret.html.in | 12 ++ docs/schemas/domaincommon.rng | 9 +- docs/schemas/secret.rng| 10 ++ include/libvirt/libvirt.h.in | 1 + src/conf/domain_conf.c | 38 -- src/conf/secret_conf.c | 22 +++- src/conf/secret_conf.h | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c| 143 +++-- src/secret/secret_driver.c | 8 ++ tests/qemuargv2xmltest.c | 1 + .../qemuxml2argv-disk-drive-network-gluster.args | 2 +- ...qemuxml2argv-disk-drive-network-iscsi-auth.args | 1 + .../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31 + .../qemuxml2argv-disk-drive-network-iscsi-lun.args | 1 + .../qemuxml2argv-disk-drive-network-iscsi-lun.xml | 28 .../qemuxml2argv-disk-drive-network-iscsi.args | 1 + .../qemuxml2argv-disk-drive-network-iscsi.xml | 7 + ...ml2argv-disk-drive-network-nbd-ipv6-export.args | 2 +- .../qemuxml2argv-disk-drive-network-nbd-ipv6.args | 2 +- tests/qemuxml2argvtest.c | 8 ++ tests/qemuxml2xmltest.c| 1 + 23 files changed, 315 insertions(+), 44 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi.args -- 1.8.1.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 1/6] qemu: add support for libiscsi
libiscsi provides a userspace iSCSI initiator.
The main advantage over the kernel initiator is that it is very
easy to provide different initiator names for VMs on the same host.
Thus libiscsi supports usage of persistent reservations in the VM,
which otherwise would only be possible with NPIV.
libiscsi uses iscsi as the scheme, not iscsi+tcp. We can change
this in the tests (while remaining backwards-compatible manner, because
QEMU uses TCP as the default transport for both Gluster and NBD).
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
docs/formatdomain.html.in | 11 +++--
src/qemu/qemu_command.c| 57 +-
tests/qemuargv2xmltest.c | 1 +
.../qemuxml2argv-disk-drive-network-gluster.args | 2 +-
.../qemuxml2argv-disk-drive-network-iscsi.args | 1 +
.../qemuxml2argv-disk-drive-network-iscsi.xml | 7 +++
...ml2argv-disk-drive-network-nbd-ipv6-export.args | 2 +-
.../qemuxml2argv-disk-drive-network-nbd-ipv6.args | 2 +-
tests/qemuxml2argvtest.c | 2 +
9 files changed, 76 insertions(+), 9 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi.args
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e4ed3f7..f17b808 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1446,10 +1446,13 @@
are nbd, iscsi, rbd, sheepdog or gluster. If the
codeprotocol/code attribute is rbd, sheepdog or gluster, an
additional attribute codename/code is mandatory to specify which
-volume/image will be used; for nbd it is optional. When the disk
-codetype/code is network, the codesource/code may have zero
-or more codehost/code sub-elements used to specify the hosts
-to connect.
+volume/image will be used; for nbd it is optional. For iscsi,
+the codename/code attribute may include a logical unit number,
+separated from the target's name by a slash (for example,
+codeiqn.1992-01.com.example/1/code); the default LUN is zero.
+When the disk codetype/code is network, the codesource/code
+may have zero or more codehost/code sub-elements used to
+specify the hosts to connect.
span class=sinceSince 0.0.3; codetype='dir'/code since
0.7.5; codetype='network'/code since
0.8.7; codeprotocol='iscsi'/code since 1.0.4/spanbr/
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8626b62..4774650 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2391,6 +2391,31 @@ qemuParseGlusterString(virDomainDiskDefPtr def)
}
static int
+qemuParseISCSIString(virDomainDiskDefPtr def)
+{
+virURIPtr uri = NULL;
+char *slash;
+unsigned lun;
+
+if (!(uri = virURIParse(def-src)))
+return -1;
+
+if (uri-path
+(slash = strchr(uri-path + 1, '/')) != NULL) {
+
+if (slash[1] == '\0')
+*slash = '\0';
+else if (virStrToLong_ui(slash + 1, NULL, 10, lun) == -1) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(invalid name '%s' for iSCSI disk), def-src);
+return -1;
+}
+}
+
+return qemuParseDriveURIString(def, uri, iscsi);
+}
+
+static int
qemuParseNBDString(virDomainDiskDefPtr disk)
{
virDomainDiskHostDefPtr h = NULL;
@@ -2484,8 +2509,14 @@ qemuBuildDriveURIString(virDomainDiskDefPtr disk,
virBufferPtr opt,
virBufferAddLit(opt, file=);
transp =
virDomainDiskProtocolTransportTypeToString(disk-hosts-transport);
-if (virAsprintf(tmpscheme, %s+%s, scheme, transp) 0)
-goto no_memory;
+if (disk-hosts-transport == VIR_DOMAIN_DISK_PROTO_TRANS_TCP) {
+tmpscheme = strdup(scheme);
+if (tmpscheme == NULL)
+goto no_memory;
+} else {
+if (virAsprintf(tmpscheme, %s+%s, scheme, transp) 0)
+goto no_memory;
+}
if (disk-src virAsprintf(volimg, /%s, disk-src) 0)
goto no_memory;
@@ -2531,6 +2562,12 @@ qemuBuildGlusterString(virDomainDiskDefPtr disk,
virBufferPtr opt)
#define QEMU_DEFAULT_NBD_PORT 10809
static int
+qemuBuildISCSIString(virDomainDiskDefPtr disk, virBufferPtr opt)
+{
+return qemuBuildDriveURIString(disk, opt, iscsi);
+}
+
+static int
qemuBuildNBDString(virDomainDiskDefPtr disk, virBufferPtr opt)
{
const char *transp;
@@ -2713,6 +2750,11 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
goto error;
virBufferAddChar(opt, ',');
break;
+case VIR_DOMAIN_DISK_PROTOCOL_ISCSI:
+if (qemuBuildISCSIString(disk, opt) 0)
+goto error;
+virBufferAddChar(opt, ',');
+break;
case VIR_DOMAIN_DISK_PROTOCOL_SHEEPDOG:
if (disk-nhosts == 0) {
@@ -7909,6 +7951,12 @@
[libvirt] [PATCH v2 2/6] qemu: support passthrough for iscsi disks
This enables usage of commands like persistent reservations.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
src/libvirt_private.syms | 1 +
src/qemu/qemu_command.c| 9 ++-
.../qemuxml2argv-disk-drive-network-iscsi-lun.args | 1 +
.../qemuxml2argv-disk-drive-network-iscsi-lun.xml | 28 ++
tests/qemuxml2argvtest.c | 4
5 files changed, 42 insertions(+), 1 deletion(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..9529265 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -156,6 +156,7 @@ virDomainDiskIoTypeToString;
virDomainDiskPathByName;
virDomainDiskProtocolTransportTypeFromString;
virDomainDiskProtocolTransportTypeToString;
+virDomainDiskProtocolTypeToString;
virDomainDiskRemove;
virDomainDiskRemoveByName;
virDomainDiskTypeFromString;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4774650..313db2c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3026,7 +3026,14 @@ qemuBuildDriveDevStr(virDomainDefPtr def,
bus);
goto error;
}
-if (disk-type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK) {
+if (disk-protocol != VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _(disk device='lun' is not supported for
protocol='%s'),
+
virDomainDiskProtocolTypeToString(disk-protocol));
+goto error;
+}
+} else if (disk-type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_(disk device='lun' is not supported for
type='%s'),
virDomainDiskTypeToString(disk-type));
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
new file mode 100644
index 000..baa7760
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
@@ -0,0 +1 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M
pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -device
virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 -usb -drive
file=iscsi://example.org:3260/iqn.1992-01.com.example,if=none,id=drive-scsi0-0-0-0,format=raw
-device
scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
new file mode 100644
index 000..72ceee8
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
@@ -0,0 +1,28 @@
+domain type='qemu'
+ nameQEMUGuest1/name
+ uuidc7a5fdbd-edaf-9455-926a-d65c16db1809/uuid
+ memory unit='KiB'219136/memory
+ currentMemory unit='KiB'219136/currentMemory
+ vcpu placement='static'1/vcpu
+ os
+type arch='i686' machine='pc'hvm/type
+boot dev='hd'/
+ /os
+ clock offset='utc'/
+ on_poweroffdestroy/on_poweroff
+ on_rebootrestart/on_reboot
+ on_crashdestroy/on_crash
+ devices
+emulator/usr/bin/qemu/emulator
+disk type='network' device='lun'
+ driver name='qemu' type='raw'/
+ source protocol='iscsi' name='iqn.1992-01.com.example'
+host name='example.org' port='3260'/
+ /source
+ target dev='sda' bus='scsi'/
+/disk
+controller type='usb' index='0'/
+controller type='scsi' index='0' model='virtio-scsi'/
+memballoon model='none'/
+ /devices
+/domain
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 07a423e..f126fd9 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -503,6 +503,10 @@ mymain(void)
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
DO_TEST(disk-drive-network-iscsi,
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
+DO_TEST(disk-drive-network-iscsi-lun,
+QEMU_CAPS_DRIVE, QEMU_CAPS_DEVICE, QEMU_CAPS_DRIVE_FORMAT,
+QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI,
+QEMU_CAPS_VIRTIO_BLK_SG_IO, QEMU_CAPS_SCSI_BLOCK);
DO_TEST(disk-drive-network-gluster,
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
DO_TEST(disk-drive-network-rbd,
--
1.8.1.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 3/6] domain: make port optional for network disks
Only sheepdog actually required it in the code, and we can use 7000 as the
default---the same value that QEMU uses for the simple sheepdog:VOLUME
syntax. With this change, the schema can be fixed to allow no port.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
docs/formatdomain.html.in | 6 ++
docs/schemas/domaincommon.rng | 8 +---
src/conf/domain_conf.c| 5 -
src/qemu/qemu_command.c | 3 ++-
4 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index f17b808..fd33818 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1700,31 +1700,37 @@
th Protocol /th
th Meaning /th
th Number of hosts /th
+th Default port /th
/tr
tr
td nbd /td
td a server running nbd-server /td
td only one /td
+td 10809 /td
/tr
tr
td iscsi /td
td an iSCSI server /td
td only one /td
+td 3260 /td
/tr
tr
td rbd /td
td monitor servers of RBD /td
td one or more /td
+td 6789 /td
/tr
tr
td sheepdog /td
td one of the sheepdog servers (default is localhost:7000) /td
td zero or one /td
+td 7000 /td
/tr
tr
td gluster /td
td a server running glusterd daemon /td
td only one /td
+td 24007 /td
/tr
/table
gluster supports tcp, rdma, unix as valid values for the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c4e7b7a..4da65f8 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1114,9 +1114,11 @@
ref name=ipAddr/
/choice
/attribute
-attribute name=port
- ref name=unsignedInt/
-/attribute
+optional
+ attribute name=port
+ref name=unsignedInt/
+ /attribute
+/optional
/group
group
attribute name=transport
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b06cae5..8f76e8e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4111,11 +4111,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
goto error;
}
hosts[nhosts - 1].port =
virXMLPropString(child, port);
-if (!hosts[nhosts - 1].port) {
-virReportError(VIR_ERR_XML_ERROR,
- %s, _(missing port for
host));
-goto error;
-}
}
}
child = child-next;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 313db2c..5422508 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2763,7 +2763,8 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
} else {
/* only one host is supported now */
virBufferAsprintf(opt, file=sheepdog:%s:%s:,
- disk-hosts-name, disk-hosts-port);
+ disk-hosts-name,
+ disk-hosts-port ? disk-hosts-port :
7000);
virBufferEscape(opt, ',', ,, %s,, disk-src);
}
break;
--
1.8.1.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 5/6] domain: parse XML for iscsi authorization credentials
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
docs/formatdomain.html.in | 12
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 33 --
.../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31
tests/qemuxml2xmltest.c| 1 +
5 files changed, 64 insertions(+), 14 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index fd33818..c2cf75f 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1768,12 +1768,12 @@
holds the actual password or other credentials (the domain XML
intentionally does not expose the password, only the reference
to the object that does manage the password). For now, the
-only known secret codetype/code is ceph, for Ceph RBD
-network sources, and requires either an
-attribute codeuuid/code with the UUID of the Ceph secret
-object, or an attribute codeusage/code with the name
-associated with the Ceph secret
-object. span class=sincelibvirt 0.9.7/span
+known secret codetype/codes are ceph, for Ceph RBD
+network sources, and iscsi, for CHAP authentication of iSCSI
+targets. Both require either a codeuuid/code attribute
+with the UUID of the secret object, or a codeusage/code
+attribute matching the key that was specified in the
+secret object. span class=sincelibvirt 0.9.7/span
/dd
dtcodegeometry/code/dt
ddThe optional codegeometry/code element provides the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4da65f8..fae5c0d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3642,6 +3642,7 @@
attribute name='type'
choice
valueceph/value
+ valueiscsi/value
/choice
/attribute
choice
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8f76e8e..159a23d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3992,6 +3992,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
char *wwn = NULL;
char *vendor = NULL;
char *product = NULL;
+int expected_secret_usage = -1;
+int auth_secret_usage = -1;
if (VIR_ALLOC(def) 0) {
virReportOOMError();
@@ -4029,7 +4031,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
if (cur-type == XML_ELEMENT_NODE) {
if (!source !hosts
xmlStrEqual(cur-name, BAD_CAST source)) {
-
sourceNode = cur;
switch (def-type) {
@@ -4057,6 +4058,11 @@ virDomainDiskDefParseXML(virCapsPtr caps,
protocol);
goto error;
}
+if (def-protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI;
+} else if (def-protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH;
+}
if (!(source = virXMLPropString(cur, name))
def-protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
virReportError(VIR_ERR_INTERNAL_ERROR, %s,
@@ -4242,8 +4248,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
_(missing type for secret));
goto error;
}
-if (virSecretUsageTypeTypeFromString(usageType) !=
-VIR_SECRET_USAGE_TYPE_CEPH) {
+auth_secret_usage =
+virSecretUsageTypeTypeFromString(usageType);
+if (auth_secret_usage 0) {
virReportError(VIR_ERR_XML_ERROR,
_(invalid secret type %s),
usageType);
@@ -4393,6 +4400,13 @@ virDomainDiskDefParseXML(virCapsPtr caps,
cur = cur-next;
}
+if (auth_secret_usage != -1 auth_secret_usage != expected_secret_usage)
{
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(invalid secret type '%s'),
+ virSecretUsageTypeTypeToString(auth_secret_usage));
+goto error;
+}
+
device = virXMLPropString(node, device);
if (device) {
if ((def-device = virDomainDiskDeviceTypeFromString(device)) 0) {
@@ -12787,15 +12801,18 @@ virDomainDiskDefFormat(virBufferPtr buf,
if (def-auth.username) {
virBufferEscapeString(buf, auth username='%s'\n,
def-auth.username);
+if (def-protocol ==
[libvirt] [PATCH v2 4/6] secret: add iscsi to possible usage types
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
docs/formatsecret.html.in| 12
docs/schemas/secret.rng | 10 ++
include/libvirt/libvirt.h.in | 1 +
src/conf/secret_conf.c | 22 +-
src/conf/secret_conf.h | 1 +
src/secret/secret_driver.c | 8
6 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 01aff2d..c3c4a25 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -66,6 +66,18 @@
device/a. span class=sinceSince 0.9.7/span.
/p
+h3Usage type iscsi/h3
+
+p
+ This secret is associated with an iSCSI target for CHAP authentication.
+ The codelt;usage type='iscsi'gt;/code element must contain
+ a single codetarget/code element that specifies a usage name
+ for the secret. The iSCSI secret can then be used by UUID or by
+ this usage name via the codelt;authgt;/code element of
+ a a href=domain.html#elementsDisksdisk
+ device/a. span class=sinceSince 1.0.4/span.
+/p
+
h2a name=exampleExample/a/h2
pre
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index e49bd5a..d7b8f83 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -41,6 +41,7 @@
choice
ref name='usagevolume'/
ref name='usageceph'/
+ ref name='usageiscsi'/
!-- More choices later --
/choice
/element
@@ -67,4 +68,13 @@
/element
/define
+ define name='usageiscsi'
+attribute name='type'
+ valueiscsi/value
+/attribute
+element name='target'
+ ref name='genericName'/
+/element
+ /define
+
/grammar
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index f6a7aff..45b5638 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -3649,6 +3649,7 @@ typedef enum {
VIR_SECRET_USAGE_TYPE_NONE = 0,
VIR_SECRET_USAGE_TYPE_VOLUME = 1,
VIR_SECRET_USAGE_TYPE_CEPH = 2,
+VIR_SECRET_USAGE_TYPE_ISCSI = 3,
#ifdef VIR_ENUM_SENTINELS
VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index 891af65..06b9bb2 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -36,7 +36,7 @@
#define VIR_FROM_THIS VIR_FROM_SECRET
VIR_ENUM_IMPL(virSecretUsageType, VIR_SECRET_USAGE_TYPE_LAST,
- none, volume, ceph)
+ none, volume, ceph, iscsi)
void
virSecretDefFree(virSecretDefPtr def)
@@ -57,6 +57,10 @@ virSecretDefFree(virSecretDefPtr def)
VIR_FREE(def-usage.ceph);
break;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+VIR_FREE(def-usage.target);
+break;
+
default:
VIR_ERROR(_(unexpected secret usage type %d), def-usage_type);
break;
@@ -108,6 +112,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt,
}
break;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+def-usage.target = virXPathString(string(./usage/target), ctxt);
+if (!def-usage.target) {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+ _(Ceph usage specified, but target is missing));
+return -1;
+}
+break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_(unexpected secret usage type %d),
@@ -262,6 +275,13 @@ virSecretDefFormatUsage(virBufferPtr buf,
}
break;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+if (def-usage.target != NULL) {
+virBufferEscapeString(buf, target%s/target\n,
+ def-usage.target);
+}
+break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_(unexpected secret usage type %d),
diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h
index 6079d5b..53517f9 100644
--- a/src/conf/secret_conf.h
+++ b/src/conf/secret_conf.h
@@ -39,6 +39,7 @@ struct _virSecretDef {
union {
char *volume; /* May be NULL */
char *ceph;
+char *target;
} usage;
};
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 5be33b9..c577817 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -149,6 +149,11 @@ secretFindByUsage(virSecretDriverStatePtr driver, int
usageType, const char *usa
if (STREQ(s-def-usage.ceph, usageID))
return s;
break;
+
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+if (STREQ(s-def-usage.target, usageID))
+return s;
+break;
}
}
return NULL;
@@ -614,6 +619,9 @@ secretUsageIDForDef(virSecretDefPtr def)
case VIR_SECRET_USAGE_TYPE_CEPH:
return def-usage.ceph;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+return def-usage.target;
+
default:
return
[libvirt] [PATCH v2 6/6] qemu: pass iscsi authorization credentials
A better way to do this would be to use a configuration file like
[iscsi target-name]
user = name
password = pwd
and pass it via -readconfig. This would remove the username and password
from the ps output. For now, however, keep this solution.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
src/qemu/qemu_command.c| 80 ++
...qemuxml2argv-disk-drive-network-iscsi-auth.args | 1 +
tests/qemuxml2argvtest.c | 2 +
3 files changed, 70 insertions(+), 13 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5422508..006f83d 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2134,8 +2134,8 @@ qemuBuildRBDString(virConnectPtr conn,
VIR_FREE(base64);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR,
- _(rbd username '%s' specified but secret not
found),
- disk-auth.username);
+ _(%s username '%s' specified but secret not
found),
+ rbd, disk-auth.username);
goto error;
}
} else {
@@ -2303,6 +2303,7 @@ qemuParseDriveURIString(virDomainDiskDefPtr def,
virURIPtr uri,
char *transp = NULL;
char *sock = NULL;
char *volimg = NULL;
+char *secret = NULL;
if (VIR_ALLOC(def-hosts) 0)
goto no_memory;
@@ -2363,6 +2364,16 @@ qemuParseDriveURIString(virDomainDiskDefPtr def,
virURIPtr uri,
def-src = NULL;
}
+if (uri-user) {
+secret = strchr(uri-user, ':');
+if (secret)
+*secret = '\0';
+
+def-auth.username = strdup(uri-user);
+if (!def-auth.username)
+goto no_memory;
+}
+
def-nhosts = 1;
ret = 0;
@@ -2486,14 +2497,20 @@ error:
}
static int
-qemuBuildDriveURIString(virDomainDiskDefPtr disk, virBufferPtr opt,
-const char *scheme)
+qemuBuildDriveURIString(virConnectPtr conn,
+virDomainDiskDefPtr disk, virBufferPtr opt,
+const char *scheme, virSecretUsageType secretType)
{
int ret = -1;
int port = 0;
+virSecretPtr sec = NULL;
+char *secret = NULL;
+size_t secret_size;
+
char *tmpscheme = NULL;
char *volimg = NULL;
char *sock = NULL;
+char *user = NULL;
char *builturi = NULL;
const char *transp = NULL;
virURI uri = {
@@ -2529,8 +2546,42 @@ qemuBuildDriveURIString(virDomainDiskDefPtr disk,
virBufferPtr opt,
virAsprintf(sock, socket=%s, disk-hosts-socket) 0)
goto no_memory;
+if (disk-auth.username secretType != VIR_SECRET_USAGE_TYPE_NONE) {
+/* look up secret */
+switch (disk-auth.secretType) {
+case VIR_DOMAIN_DISK_SECRET_TYPE_UUID:
+sec = virSecretLookupByUUID(conn,
+disk-auth.secret.uuid);
+break;
+case VIR_DOMAIN_DISK_SECRET_TYPE_USAGE:
+sec = virSecretLookupByUsage(conn, secretType,
+ disk-auth.secret.usage);
+break;
+}
+
+if (sec) {
+secret = (char *)conn-secretDriver-getValue(sec, secret_size, 0,
+
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+if (secret == NULL) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(could not get the value of the secret for
username %s),
+ disk-auth.username);
+ret = -1;
+goto cleanup;
+}
+if (virAsprintf(user, %s:%s, disk-auth.username, secret) 0)
+goto no_memory;
+} else {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(%s username '%s' specified but secret not
found),
+ scheme, disk-auth.username);
+ret = -1;
+goto cleanup;
+}
+}
uri.scheme = tmpscheme; /* gluster+transport */
uri.server = disk-hosts-name;
+uri.user = user;
uri.port = port;
uri.path = volimg;
uri.query = sock;
@@ -2554,21 +2605,23 @@ no_memory:
}
static int
-qemuBuildGlusterString(virDomainDiskDefPtr disk, virBufferPtr opt)
+qemuBuildGlusterString(virConnectPtr conn, virDomainDiskDefPtr disk,
virBufferPtr opt)
{
-return qemuBuildDriveURIString(disk, opt, gluster);
+return qemuBuildDriveURIString(conn, disk, opt, gluster,
+ VIR_SECRET_USAGE_TYPE_NONE);
}
#define QEMU_DEFAULT_NBD_PORT 10809
static int
-qemuBuildISCSIString(virDomainDiskDefPtr disk, virBufferPtr opt)
+qemuBuildISCSIString(virConnectPtr conn, virDomainDiskDefPtr disk,
virBufferPtr opt)
{
-return
[libvirt] [PATCH v9 1/3] qdev: DEVICE_DELETED event
libvirt has a long-standing bug: when removing the device,
it can request removal but does not know when the
removal completes. Add an event so we can fix this in a robust way.
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
QMP/qmp-events.txt| 16
hw/qdev.c | 11 +++
include/monitor/monitor.h | 1 +
monitor.c | 1 +
qapi-schema.json | 4 +++-
5 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/QMP/qmp-events.txt b/QMP/qmp-events.txt
index b2698e4..24cf3e8 100644
--- a/QMP/qmp-events.txt
+++ b/QMP/qmp-events.txt
@@ -136,6 +136,22 @@ Example:
Note: The ready to complete status is always reset by a BLOCK_JOB_ERROR
event.
+DEVICE_DELETED
+-
+
+Emitted whenever the device removal completion is acknowledged
+by the guest.
+At this point, it's safe to reuse the specified device ID.
+Device removal can be initiated by the guest or by HMP/QMP commands.
+
+Data:
+
+- device: device name (json-string, optional)
+
+{ event: DEVICE_DELETED,
+ data: { device: virtio-net-pci-0 },
+ timestamp: { seconds: 1265044230, microseconds: 450486 } }
+
DEVICE_TRAY_MOVED
-
diff --git a/hw/qdev.c b/hw/qdev.c
index 0b20280..5e8a89c 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -30,6 +30,8 @@
#include qapi/error.h
#include qapi/qmp/qerror.h
#include qapi/visitor.h
+#include qapi/qmp/qjson.h
+#include monitor/monitor.h
int qdev_hotplug = 0;
static bool qdev_hot_added = false;
@@ -761,6 +763,7 @@ static void device_unparent(Object *obj)
DeviceState *dev = DEVICE(obj);
DeviceClass *dc = DEVICE_GET_CLASS(dev);
BusState *bus;
+QObject *event_data;
while (dev-num_child_bus) {
bus = QLIST_FIRST(dev-child_bus);
@@ -779,6 +782,14 @@ static void device_unparent(Object *obj)
object_unref(OBJECT(dev-parent_bus));
dev-parent_bus = NULL;
}
+
+if (dev-id) {
+event_data = qobject_from_jsonf({ 'device': %s }, dev-id);
+} else {
+event_data = qobject_from_jsonf({ });
+}
+monitor_protocol_event(QEVENT_DEVICE_DELETED, event_data);
+qobject_decref(event_data);
}
static void device_class_init(ObjectClass *class, void *data)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
index 87fb49c..b868760 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -39,6 +39,7 @@ typedef enum MonitorEvent {
QEVENT_BLOCK_JOB_CANCELLED,
QEVENT_BLOCK_JOB_ERROR,
QEVENT_BLOCK_JOB_READY,
+QEVENT_DEVICE_DELETED,
QEVENT_DEVICE_TRAY_MOVED,
QEVENT_SUSPEND,
QEVENT_SUSPEND_DISK,
diff --git a/monitor.c b/monitor.c
index 112e920..2fdfb79 100644
--- a/monitor.c
+++ b/monitor.c
@@ -458,6 +458,7 @@ static const char *monitor_event_names[] = {
[QEVENT_BLOCK_JOB_CANCELLED] = BLOCK_JOB_CANCELLED,
[QEVENT_BLOCK_JOB_ERROR] = BLOCK_JOB_ERROR,
[QEVENT_BLOCK_JOB_READY] = BLOCK_JOB_READY,
+[QEVENT_DEVICE_DELETED] = DEVICE_DELETED,
[QEVENT_DEVICE_TRAY_MOVED] = DEVICE_TRAY_MOVED,
[QEVENT_SUSPEND] = SUSPEND,
[QEVENT_SUSPEND_DISK] = SUSPEND_DISK,
diff --git a/qapi-schema.json b/qapi-schema.json
index fdaa9da..080dc39 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2354,7 +2354,9 @@
# Notes: When this command completes, the device may not be removed from the
#guest. Hot removal is an operation that requires guest cooperation.
#This command merely requests that the guest begin the hot removal
-#process.
+#process. Completion of the device removal process is signaled with a
+#DEVICE_DELETED event. Guest reset will automatically complete removal
+#for all devices.
#
# Since: 0.14.0
##
--
MST
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v9 0/3] DEVICE_DELETED event
libvirt has a long-standing bug: when removing the device,
it can request removal but does not know when the
removal completes. Add an event so we can fix this in a robust way.
First patch only adds the event with ID, second patch adds a path field.
Split this way for ease of backport (stable downstreams without QOM
would want to only take the first patch).
Event without fields is still useful as management can use it to
poll device list to figure out which device was removed.
Signed-off-by: Michael S. Tsirkin m...@redhat.com
If there are no more comments I'll stick this on my
pci branch.
Changes from v8:
- reorder qom destruction so no need to change unparent
Changes from v7:
- none, v7 was malformed series sent by mistake
Changes from v6:
- make empty event use data: {}, Markus prefers this
Changes from v5:
- Emit an empty event on unnamed devices in patch 1/3, as suggested by
Markus
Changes from v4:
- Add extra triggers and extra fields as requested by Markus
Changes from v3:
- Document that we only emit events for devices with
and ID, as suggested by Markus
Changes from v2:
- move event toward the end of device_unparent,
so that parents are reported after their children,
as suggested by Paolo
Changes from v1:
- move to device_unparent
- address comments by Andreas and Eric
--
Anthony Liguori
Michael S. Tsirkin (3):
qdev: DEVICE_DELETED event
qom: call class destructor before unparent
qmp: add path to device_deleted event
QMP/qmp-events.txt| 18 ++
hw/qdev.c | 14 ++
include/monitor/monitor.h | 1 +
monitor.c | 1 +
qapi-schema.json | 4 +++-
qom/object.c | 6 +++---
6 files changed, 40 insertions(+), 4 deletions(-)
--
MST
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v9 2/3] qom: call class destructor before unparent
Make sure object is valid when destructor is called.
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
qom/object.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/qom/object.c b/qom/object.c
index 3d638ff..a0e3cbe 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -363,12 +363,12 @@ static void object_property_del_child(Object *obj, Object
*child, Error **errp)
void object_unparent(Object *obj)
{
object_ref(obj);
-if (obj-parent) {
-object_property_del_child(obj-parent, obj, NULL);
-}
if (obj-class-unparent) {
(obj-class-unparent)(obj);
}
+if (obj-parent) {
+object_property_del_child(obj-parent, obj, NULL);
+}
object_unref(obj);
}
--
MST
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v9 3/3] qmp: add path to device_deleted event
Add QOM path to device deleted event. It now becomes useful to report
it for devices which don't have an ID assigned.
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
QMP/qmp-events.txt | 4 +++-
hw/qdev.c | 7 +--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/QMP/qmp-events.txt b/QMP/qmp-events.txt
index 24cf3e8..dcc826d 100644
--- a/QMP/qmp-events.txt
+++ b/QMP/qmp-events.txt
@@ -147,9 +147,11 @@ Device removal can be initiated by the guest or by HMP/QMP
commands.
Data:
- device: device name (json-string, optional)
+- path: device path (json-string)
{ event: DEVICE_DELETED,
- data: { device: virtio-net-pci-0 },
+ data: { device: virtio-net-pci-0,
+path: /machine/peripheral/virtio-net-pci-0 },
timestamp: { seconds: 1265044230, microseconds: 450486 } }
DEVICE_TRAY_MOVED
diff --git a/hw/qdev.c b/hw/qdev.c
index 5e8a89c..0cdf568 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -764,6 +764,7 @@ static void device_unparent(Object *obj)
DeviceClass *dc = DEVICE_GET_CLASS(dev);
BusState *bus;
QObject *event_data;
+gchar *path = object_get_canonical_path(obj);
while (dev-num_child_bus) {
bus = QLIST_FIRST(dev-child_bus);
@@ -784,12 +785,14 @@ static void device_unparent(Object *obj)
}
if (dev-id) {
-event_data = qobject_from_jsonf({ 'device': %s }, dev-id);
+event_data = qobject_from_jsonf({ 'device': %s, 'path': %s },
+dev-id, path);
} else {
-event_data = qobject_from_jsonf({ });
+event_data = qobject_from_jsonf({ 'path': %s }, path);
}
monitor_protocol_event(QEVENT_DEVICE_DELETED, event_data);
qobject_decref(event_data);
+g_free(path);
}
static void device_class_init(ObjectClass *class, void *data)
--
MST
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] libvirt-tck test failure with identity patches
Hi, On Wed, Mar 20, 2013 at 08:15:31PM +0100, Guido Günther wrote: Hi, the qemu session libvirt-tck test currently fails with: [19:58:21] scripts/domain/050-transient-lifecycle.t ok59684 ms [19:59:20] scripts/domain/051-transient-autostart.t ok 2001 ms [19:59:22] scripts/domain/060-persistent-lifecycle.t ... ok 2943 ms [19:59:25] scripts/domain/061-persistent-autostart.t ... ok 2050 ms [19:59:28] scripts/domain/065-persistent-redefine.t ok 2050 ms [19:59:30] scripts/domain/070-transient-to-persistent.t ok 2025 ms [19:59:32] scripts/domain/080-unique-id-define.t ... ok 3353 ms [19:59:35] scripts/domain/081-unique-id-create.t ... Dubious, test returned 22 (wstat 5632, 0x1600) All 12 subtests passed [19:59:41] scripts/domain/082-unique-id-caching.t .. Bailout called. Further testing stopped: failed to setup test harness: libvirt error code: 1, message: internal error Cannot initialize thread local for current identity Runnig 081-unique-id-create.t and 082-unique-id-caching.t separately works so there's some corruption going on. Any idea what could be triggering this? It stared with one of: ebf78be4c277cffae57d99daa199a9b3c1cf9804 Set the current client identity during API call dispatch d5e83ad9b7c74e434349ede076dc573a3cc50384 Add ability to get a virIdentity from a virNetServerClientPtr 8c5d28c1ad5d42b8f3599d52a3dfed32f88c4edc Add API to get the system identity 8726e91b3a165fa1094155218f3a3b65dbc932c5 Add APIs for associating a virIdentityPtr with the current thread 3aabe27247711324df2bfa623e9a5e8d2442e3a5 Define internal APIs for managing identities 51997e50fa9a54c4bfce3cb2dd43b53418135d18 Add APIs to get at more client security data Any idea? I'll try to dig deeper once I find some more time. This just got fixed by 6e5ad18992ab5b0897d6ebc5205dd988816e974f. Great! -- Guido Cheers, -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] IPv6 migration
On 03/21/2013 11:52 AM, Daniel P. Berrange wrote: On Tue, Mar 19, 2013 at 03:21:31PM +0100, Jiri Denemark wrote: On Mon, Mar 11, 2013 at 19:40:52 +0100, Ján Tomko wrote: ... Yeah, I think using an explicit flag would be the best approach. As we learnt several times, implementing automagic behavior is too fragile and leads to ugly code and confusion. IIUC, we would tell QEMU to listen on :: iff either migrateuri uses IPv6 address explicitly or VIR_DOMAIN_MIGRATE_IPV6 flag is set. In all other cases, 0.0.0.0 address will be passed to QEMU. In other words, unless a user takes an explicit action, migration will use IPv4 regardless on libvirt version. That would mean that migration is broken by default in an IPv6 only environment, so I don't think that is an satisfactory approach. We should be checking whether. Checking whether...? Listening on '[::]' means that QEMU will accept connections on *both* IPv4 and IPv6, if configured with dual-stack. So if IPv6 is present on the target host, it is entirely reasonable to default to '[::]' if given a hostname. I thought this might break IPv4 migration on FreeBSD, but QEMU turns IPV6_V6ONLY off since the support of IPv6 migration in 1.1. So this would only break migration with QEMU older than 1.1 and could be worked around by specifying the IPv4 address in the migration URI? Jan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v9 1/3] qdev: DEVICE_DELETED event
Michael S. Tsirkin m...@redhat.com writes: libvirt has a long-standing bug: when removing the device, it can request removal but does not know when the removal completes. Add an event so we can fix this in a robust way. Signed-off-by: Michael S. Tsirkin m...@redhat.com Acked-by: Markus Armbruster arm...@redhat.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v9 3/3] qmp: add path to device_deleted event
Michael S. Tsirkin m...@redhat.com writes: Add QOM path to device deleted event. It now becomes useful to report it for devices which don't have an ID assigned. Signed-off-by: Michael S. Tsirkin m...@redhat.com Acked-by: Markus Armbruster arm...@redhat.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v9 2/3] qom: call class destructor before unparent
Il 21/03/2013 13:07, Michael S. Tsirkin ha scritto:
Make sure object is valid when destructor is called.
Make sure the object still has a canonical path while the unparent
callback is running.
Otherwise, the series looks good.
Paolo
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
qom/object.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/qom/object.c b/qom/object.c
index 3d638ff..a0e3cbe 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -363,12 +363,12 @@ static void object_property_del_child(Object *obj,
Object *child, Error **errp)
void object_unparent(Object *obj)
{
object_ref(obj);
-if (obj-parent) {
-object_property_del_child(obj-parent, obj, NULL);
-}
if (obj-class-unparent) {
(obj-class-unparent)(obj);
}
+if (obj-parent) {
+object_property_del_child(obj-parent, obj, NULL);
+}
object_unref(obj);
}
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] IPv6 migration
On Thu, Mar 21, 2013 at 01:16:35PM +0100, Ján Tomko wrote: On 03/21/2013 11:52 AM, Daniel P. Berrange wrote: On Tue, Mar 19, 2013 at 03:21:31PM +0100, Jiri Denemark wrote: On Mon, Mar 11, 2013 at 19:40:52 +0100, Ján Tomko wrote: ... Yeah, I think using an explicit flag would be the best approach. As we learnt several times, implementing automagic behavior is too fragile and leads to ugly code and confusion. IIUC, we would tell QEMU to listen on :: iff either migrateuri uses IPv6 address explicitly or VIR_DOMAIN_MIGRATE_IPV6 flag is set. In all other cases, 0.0.0.0 address will be passed to QEMU. In other words, unless a user takes an explicit action, migration will use IPv4 regardless on libvirt version. That would mean that migration is broken by default in an IPv6 only environment, so I don't think that is an satisfactory approach. We should be checking whether. Checking whether...? IPv6 is present. Listening on '[::]' means that QEMU will accept connections on *both* IPv4 and IPv6, if configured with dual-stack. So if IPv6 is present on the target host, it is entirely reasonable to default to '[::]' if given a hostname. I thought this might break IPv4 migration on FreeBSD, but QEMU turns IPV6_V6ONLY off since the support of IPv6 migration in 1.1. So this would only break migration with QEMU older than 1.1 and could be worked around by specifying the IPv4 address in the migration URI? We know the QEMU version from the capabilities, so it should not need to break QEMU 1.1 Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v9 2/3] qom: call class destructor before unparent
On Thu, Mar 21, 2013 at 01:25:50PM +0100, Paolo Bonzini wrote:
Il 21/03/2013 13:07, Michael S. Tsirkin ha scritto:
Make sure object is valid when destructor is called.
Make sure the object still has a canonical path while the unparent
callback is running.
Otherwise, the series looks good.
Paolo
Worth respinning for?
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
qom/object.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/qom/object.c b/qom/object.c
index 3d638ff..a0e3cbe 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -363,12 +363,12 @@ static void object_property_del_child(Object *obj,
Object *child, Error **errp)
void object_unparent(Object *obj)
{
object_ref(obj);
-if (obj-parent) {
-object_property_del_child(obj-parent, obj, NULL);
-}
if (obj-class-unparent) {
(obj-class-unparent)(obj);
}
+if (obj-parent) {
+object_property_del_child(obj-parent, obj, NULL);
+}
object_unref(obj);
}
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/6] libvirt support for userspace iSCSI initiator (libiscsi)
On Thu, Mar 21, 2013 at 12:53:48PM +0100, Paolo Bonzini wrote: This series adds support for the libiscsi userspace initiator. Compared to v1, logical units are now specified with IQN/LUN syntax in the name attribute. ACK to all 6 Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v9 2/3] qom: call class destructor before unparent
Il 21/03/2013 13:30, Michael S. Tsirkin ha scritto: On Thu, Mar 21, 2013 at 01:25:50PM +0100, Paolo Bonzini wrote: Il 21/03/2013 13:07, Michael S. Tsirkin ha scritto: Make sure object is valid when destructor is called. Make sure the object still has a canonical path while the unparent callback is running. Otherwise, the series looks good. Worth respinning for? If it goes through the pci branch, of course not but still make the change. Otherwise, probably not. Paolo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v9 0/3] DEVICE_DELETED event
Am 21.03.2013 13:07, schrieb Michael S. Tsirkin:
Changes from v8:
- reorder qom destruction so no need to change unparent
Changes from v7:
- none, v7 was malformed series sent by mistake
Changes from v6:
- make empty event use data: {}, Markus prefers this
Changes from v5:
- Emit an empty event on unnamed devices in patch 1/3, as suggested by
Markus
Changes from v4:
- Add extra triggers and extra fields as requested by Markus
Series looks good,
Reviewed-by: Andreas Färber afaer...@suse.de
Andreas
Changes from v3:
- Document that we only emit events for devices with
and ID, as suggested by Markus
Changes from v2:
- move event toward the end of device_unparent,
so that parents are reported after their children,
as suggested by Paolo
Changes from v1:
- move to device_unparent
- address comments by Andreas and Eric
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Make virsh support '~' and '$HOME' in interactive mode
On 03/21/2013 04:20 AM, Daniel P. Berrange wrote: On Thu, Mar 21, 2013 at 05:00:58PM +0800, Zhang Xiaohe wrote: This patch makes '~' and '$HOME' can be recognized by virsh in interactive mode. These two variables are replaced with real path. If we're going to the trouble of expanding $HOME, then we might as well just make it expand arbitrary environment variables rather than hardcoding $HOME. In other words, if we're going to do this, go all the way and use wordexp() to get shell-like expansion, instead of reinventing it ourselves. Except that wordexp() is not portable to mingw, and not provided in gnulib. Also, we'll need a way to escape the special meaning of '~' and '$' to get them treated as literal characters instead of special characters. We already have the ability to quote characters, so that we can embed spaces; our quoting rules are (intentionally) copied on shell rules, so they would still work with a wordexp() approach. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH RFC] virsh: Fix semantics of --config for update-device command
On 03/15/2013 12:37 PM, Peter Krempa wrote: The man page states that with --config the next boot is affected. This can be understood as if _only_ the next bood was affected. This isn't true if the machine is running. This patch adds the full --live, --config, --current infrastructure and tweaks stuff to correctly support the obsolete --persistent flag. --- Notes: - This patch will be greatly simplified with macros from: http://www.redhat.com/archives/libvir-list/2013-March/msg00268.html - There are multiple places like this in virsh that will need update too. (detach-device for example) I agree that the way the options work in the various commands is inconsistent and it would be nice if that wasn't the case, but fixing it is a road fraught with perils. Keep in mind that there are likely already scripts written and deployed using the current meaning of the flags. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: add support for LSI MegaRAID SAS1078 (aka megasas) SCSI controller
This does nothing more than adding the new device and capability.
The device is present since QEMU 1.2.0.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
docs/formatdomain.html.in | 6 ++--
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 3 +-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c| 13 -
src/vmx/vmx.c | 3 +-
tests/qemuhelptest.c | 6 ++--
.../qemuxml2argv-disk-scsi-megasas.args| 9 ++
.../qemuxml2argv-disk-scsi-megasas.xml | 32 ++
tests/qemuxml2argvtest.c | 3 ++
tests/qemuxml2xmltest.c| 1 +
13 files changed, 73 insertions(+), 8 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-megasas.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-megasas.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index c2cf75f..8bf0736 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2091,9 +2091,9 @@
control how many devices can be connected through the
controller. A scsi controller has an optional
attribute codemodel/code, which is one of auto, buslogic,
- ibmvscsi, lsilogic, lsias1068, virtio-scsi or vmpvscsi.
- A usb controller has an optional attribute codemodel/code,
- which is one of piix3-uhci, piix4-uhci, ehci,
+ ibmvscsi, lsilogic, lsisas1068, lsisas1078, virtio-scsi or
+ vmpvscsi. A usb controller has an optional attribute
+ codemodel/code, which is one of piix3-uhci, piix4-uhci, ehci,
ich9-ehci1, ich9-uhci1, ich9-uhci2, ich9-uhci3,
vt82c686b-uhci, pci-ohci or nec-xhci. Additionally,
span class=sincesince 0.10.0/span, if the USB bus needs to be
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index fae5c0d..a136ae8 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1391,6 +1391,7 @@
valuevmpvscsi/value
valueibmvscsi/value
valuevirtio-scsi/value
+valuelsisas1078/value
valuepiix3-uhci/value
valuepiix4-uhci/value
valueehci/value
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 159a23d..0ef67be 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -304,7 +304,8 @@ VIR_ENUM_IMPL(virDomainControllerModelSCSI,
VIR_DOMAIN_CONTROLLER_MODEL_SCSI_LAS
lsisas1068,
vmpvscsi,
ibmvscsi,
- virtio-scsi);
+ virtio-scsi,
+ lsisas1078);
VIR_ENUM_IMPL(virDomainControllerModelUSB,
VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST,
piix3-uhci,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a750a1f..c3b2608 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -695,6 +695,7 @@ enum virDomainControllerModelSCSI {
VIR_DOMAIN_CONTROLLER_MODEL_SCSI_VMPVSCSI,
VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI,
VIR_DOMAIN_CONTROLLER_MODEL_SCSI_VIRTIO_SCSI,
+VIR_DOMAIN_CONTROLLER_MODEL_SCSI_LSISAS1078,
VIR_DOMAIN_CONTROLLER_MODEL_SCSI_LAST
};
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 50f8084..3840b41 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -212,6 +212,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
rng-egd,
virtio-ccw,
dtb,
+ megasas,
);
struct _virQEMUCaps {
@@ -1329,6 +1330,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ virtio-scsi-pci, QEMU_CAPS_VIRTIO_SCSI },
{ virtio-scsi-s390, QEMU_CAPS_VIRTIO_SCSI },
{ virtio-scsi-ccw, QEMU_CAPS_VIRTIO_SCSI },
+{ megasas, QEMU_CAPS_SCSI_MEGASAS },
{ spicevmc, QEMU_CAPS_DEVICE_SPICEVMC },
{ qxl-vga, QEMU_CAPS_DEVICE_QXL_VGA },
{ qxl, QEMU_CAPS_DEVICE_QXL },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index b0f8c5b..7101f67 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -173,6 +173,7 @@ enum virQEMUCapsFlags {
QEMU_CAPS_OBJECT_RNG_EGD = 131, /* EGD protocol daemon for rng */
QEMU_CAPS_VIRTIO_CCW = 132, /* -device virtio-*-ccw */
QEMU_CAPS_DTB= 133, /* -dtb file */
+QEMU_CAPS_SCSI_MEGASAS = 134, /* -device megasas */
QEMU_CAPS_LAST, /* this must always be the last item */
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 006f83d..a0c278f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@
[libvirt] [PATCHv2] virsh-domain: Simplify usage of --current, --live and --config flags
This patch uses the new helper to avoid the more complex check for
domain state modification flags.
---
Notes:
Version 2:
- remove unecessary usage of if (current)
- fix cmdSetmaxmem
- convert cmdMemtune too
tools/virsh-domain.c | 300 ---
1 file changed, 118 insertions(+), 182 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 128e516..11db36b 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -1021,25 +1021,21 @@ cmdBlkdeviotune(vshControl *ctl, const vshCmd *cmd)
int nparams = 0;
int maxparams = 0;
virTypedParameterPtr params = NULL;
-unsigned int flags = 0, i = 0;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+unsigned int i = 0;
int rv = 0;
bool current = vshCommandOptBool(cmd, current);
bool config = vshCommandOptBool(cmd, config);
bool live = vshCommandOptBool(cmd, live);
bool ret = false;
-if (current) {
-if (live || config) {
-vshError(ctl, %s, _(--current must be specified exclusively));
-return false;
-}
-flags = VIR_DOMAIN_AFFECT_CURRENT;
-} else {
-if (config)
-flags |= VIR_DOMAIN_AFFECT_CONFIG;
-if (live)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
-}
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, name)))
goto cleanup;
@@ -1206,23 +1202,18 @@ cmdBlkiotune(vshControl * ctl, const vshCmd * cmd)
unsigned int i = 0;
virTypedParameterPtr params = NULL;
bool ret = false;
-unsigned int flags = 0;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
bool current = vshCommandOptBool(cmd, current);
bool config = vshCommandOptBool(cmd, config);
bool live = vshCommandOptBool(cmd, live);
-if (current) {
-if (live || config) {
-vshError(ctl, %s, _(--current must be specified exclusively));
-return false;
-}
-flags = VIR_DOMAIN_AFFECT_CURRENT;
-} else {
-if (config)
-flags |= VIR_DOMAIN_AFFECT_CONFIG;
-if (live)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
-}
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -2475,7 +2466,7 @@ cmdDomIftune(vshControl *ctl, const vshCmd *cmd)
virDomainPtr dom;
const char *name = NULL, *device = NULL,
*inboundStr = NULL, *outboundStr = NULL;
-unsigned int flags = 0;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
int nparams = 0;
int maxparams = 0;
virTypedParameterPtr params = NULL;
@@ -2486,18 +2477,13 @@ cmdDomIftune(vshControl *ctl, const vshCmd *cmd)
virNetDevBandwidthRate inbound, outbound;
int i;
-if (current) {
-if (live || config) {
-vshError(ctl, %s, _(--current must be specified exclusively));
-return false;
-}
-flags = VIR_DOMAIN_AFFECT_CURRENT;
-} else {
-if (config)
-flags |= VIR_DOMAIN_AFFECT_CONFIG;
-if (live)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
-}
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, name)))
return false;
@@ -4027,23 +4013,18 @@ cmdSchedinfo(vshControl *ctl, const vshCmd *cmd)
int nupdates = 0;
int i, ret;
bool ret_val = false;
-unsigned int flags = 0;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
bool current = vshCommandOptBool(cmd, current);
bool config = vshCommandOptBool(cmd, config);
bool live = vshCommandOptBool(cmd, live);
-if (current) {
-if (live || config) {
-vshError(ctl, %s, _(--current must be specified exclusively));
-return false;
-}
-flags = VIR_DOMAIN_AFFECT_CURRENT;
-} else {
-if (config)
-flags |= VIR_DOMAIN_AFFECT_CONFIG;
-if (live)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
-}
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -5478,23 +5459,18 @@ cmdVcpuPin(vshControl *ctl, const vshCmd *cmd)
bool live = vshCommandOptBool(cmd, live);
Re: [libvirt] [PATCH v2 1/6] qemu: add support for libiscsi
On 2013年03月21日 19:53, Paolo Bonzini wrote:
libiscsi provides a userspace iSCSI initiator.
The main advantage over the kernel initiator is that it is very
easy to provide different initiator names for VMs on the same host.
Thus libiscsi supports usage of persistent reservations in the VM,
which otherwise would only be possible with NPIV.
libiscsi uses iscsi as the scheme, not iscsi+tcp. We can change
this in the tests (while remaining backwards-compatible manner, because
QEMU uses TCP as the default transport for both Gluster and NBD).
Signed-off-by: Paolo Bonzinipbonz...@redhat.com
---
docs/formatdomain.html.in | 11 +++--
src/qemu/qemu_command.c| 57 +-
tests/qemuargv2xmltest.c | 1 +
.../qemuxml2argv-disk-drive-network-gluster.args | 2 +-
.../qemuxml2argv-disk-drive-network-iscsi.args | 1 +
.../qemuxml2argv-disk-drive-network-iscsi.xml | 7 +++
...ml2argv-disk-drive-network-nbd-ipv6-export.args | 2 +-
.../qemuxml2argv-disk-drive-network-nbd-ipv6.args | 2 +-
tests/qemuxml2argvtest.c | 2 +
9 files changed, 76 insertions(+), 9 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi.args
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e4ed3f7..f17b808 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1446,10 +1446,13 @@
are nbd, iscsi, rbd, sheepdog or gluster. If the
codeprotocol/code attribute is rbd, sheepdog or gluster, an
additional attributecodename/code is mandatory to specify which
-volume/image will be used; for nbd it is optional. When the disk
-codetype/code is network, thecodesource/code may have zero
-or morecodehost/code sub-elements used to specify the hosts
-to connect.
+volume/image will be used; for nbd it is optional. For iscsi,
+thecodename/code attribute may include a logical unit number,
+separated from the target's name by a slash (for example,
+codeiqn.1992-01.com.example/1/code); the default LUN is zero.
+When the diskcodetype/code is network, thecodesource/code
+may have zero or morecodehost/code sub-elements used to
+specify the hosts to connect.
span class=sinceSince 0.0.3;codetype='dir'/code since
0.7.5;codetype='network'/code since
0.8.7;codeprotocol='iscsi'/code since 1.0.4/spanbr/
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8626b62..4774650 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2391,6 +2391,31 @@ qemuParseGlusterString(virDomainDiskDefPtr def)
}
static int
+qemuParseISCSIString(virDomainDiskDefPtr def)
+{
+virURIPtr uri = NULL;
+char *slash;
+unsigned lun;
+
+if (!(uri = virURIParse(def-src)))
+return -1;
+
+if (uri-path
+(slash = strchr(uri-path + 1, '/')) != NULL) {
+
+if (slash[1] == '\0')
+*slash = '\0';
+else if (virStrToLong_ui(slash + 1, NULL, 10,lun) == -1) {
Hm, we might need to change the helpers like virStrToLong_ui to accept
a NULL 4th argument to avoid the useless (lun here) variable. But
it doesn't relate with this patch.
Just small changes for the new logical unit, previous ACK stands.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 2/6] qemu: support passthrough for iscsi disks
On 2013年03月21日 19:53, Paolo Bonzini wrote:
This enables usage of commands like persistent reservations.
Signed-off-by: Paolo Bonzinipbonz...@redhat.com
---
src/libvirt_private.syms | 1 +
src/qemu/qemu_command.c| 9 ++-
.../qemuxml2argv-disk-drive-network-iscsi-lun.args | 1 +
.../qemuxml2argv-disk-drive-network-iscsi-lun.xml | 28
++
tests/qemuxml2argvtest.c | 4
5 files changed, 42 insertions(+), 1 deletion(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..9529265 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -156,6 +156,7 @@ virDomainDiskIoTypeToString;
virDomainDiskPathByName;
virDomainDiskProtocolTransportTypeFromString;
virDomainDiskProtocolTransportTypeToString;
+virDomainDiskProtocolTypeToString;
Not alphabetically sorted.
virDomainDiskRemove;
virDomainDiskRemoveByName;
virDomainDiskTypeFromString;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4774650..313db2c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3026,7 +3026,14 @@ qemuBuildDriveDevStr(virDomainDefPtr def,
bus);
goto error;
}
-if (disk-type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
+if (disk-type == VIR_DOMAIN_DISK_TYPE_NETWORK) {
+if (disk-protocol != VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _(disk device='lun' is not supported for
protocol='%s'),
+
virDomainDiskProtocolTypeToString(disk-protocol));
+goto error;
+}
+} else if (disk-type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_(disk device='lun' is not supported for
type='%s'),
virDomainDiskTypeToString(disk-type));
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
new file mode 100644
index 000..baa7760
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.args
@@ -0,0 +1 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S
-M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -device
virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 -usb -drive
file=iscsi://example.org:3260/iqn.1992-01.com.example,if=none,id=drive-scsi0-0-0-0,format=raw
-device
scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0
diff --git
a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-lun.xml
Long line, better to break.
ACK.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 3/6] domain: make port optional for network disks
On 2013年03月21日 19:53, Paolo Bonzini wrote:
Only sheepdog actually required it in the code, and we can use 7000 as the
default---the same value that QEMU uses for the simple sheepdog:VOLUME
syntax. With this change, the schema can be fixed to allow no port.
Signed-off-by: Paolo Bonzinipbonz...@redhat.com
---
docs/formatdomain.html.in | 6 ++
docs/schemas/domaincommon.rng | 8 +---
src/conf/domain_conf.c| 5 -
src/qemu/qemu_command.c | 3 ++-
4 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index f17b808..fd33818 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1700,31 +1700,37 @@
th Protocol/th
th Meaning/th
th Number of hosts/th
+th Default port/th
/tr
tr
td nbd/td
td a server running nbd-server/td
td only one/td
+td 10809/td
/tr
tr
td iscsi/td
td an iSCSI server/td
td only one/td
+td 3260/td
/tr
tr
td rbd/td
td monitor servers of RBD/td
td one or more/td
+td 6789/td
/tr
tr
td sheepdog/td
td one of the sheepdog servers (default is
localhost:7000)/td
td zero or one/td
+td 7000/td
/tr
tr
td gluster/td
td a server running glusterd daemon/td
td only one/td
+td 24007/td
/tr
/table
gluster supports tcp, rdma, unix as valid values for the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c4e7b7a..4da65f8 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1114,9 +1114,11 @@
ref name=ipAddr/
/choice
/attribute
-attribute name=port
-ref name=unsignedInt/
-/attribute
+optional
+attribute name=port
+ref name=unsignedInt/
+/attribute
+/optional
/group
group
attribute name=transport
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b06cae5..8f76e8e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -4111,11 +4111,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
goto error;
}
hosts[nhosts - 1].port =
virXMLPropString(child, port);
-if (!hosts[nhosts - 1].port) {
-virReportError(VIR_ERR_XML_ERROR,
- %s, _(missing port for
host));
-goto error;
-}
}
}
child = child-next;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 313db2c..5422508 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -2763,7 +2763,8 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
} else {
/* only one host is supported now */
virBufferAsprintf(opt, file=sheepdog:%s:%s:,
- disk-hosts-name, disk-hosts-port);
+ disk-hosts-name,
+ disk-hosts-port ? disk-hosts-port
: 7000);
virBufferEscape(opt, ',', ,, %s,, disk-src);
}
break;
ACK
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 4/6] secret: add iscsi to possible usage types
On 2013年03月21日 19:53, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzinipbonz...@redhat.com
---
docs/formatsecret.html.in| 12
docs/schemas/secret.rng | 10 ++
include/libvirt/libvirt.h.in | 1 +
src/conf/secret_conf.c | 22 +-
src/conf/secret_conf.h | 1 +
src/secret/secret_driver.c | 8
6 files changed, 53 insertions(+), 1 deletion(-)
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 01aff2d..c3c4a25 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -66,6 +66,18 @@
device/a.span class=sinceSince 0.9.7/span.
/p
+h3Usage type iscsi/h3
+
+p
+ This secret is associated with an iSCSI target for CHAP authentication.
+ Thecodelt;usage type='iscsi'gt;/code element must contain
+ a singlecodetarget/code element that specifies a usage name
+ for the secret. The iSCSI secret can then be used by UUID or by
+ this usage name via thecodelt;authgt;/code element of
+ aa href=domain.html#elementsDisksdisk
+ device/a.span class=sinceSince 1.0.4/span.
+/p
+
h2a name=exampleExample/a/h2
pre
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index e49bd5a..d7b8f83 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -41,6 +41,7 @@
choice
ref name='usagevolume'/
ref name='usageceph'/
+ref name='usageiscsi'/
!-- More choices later --
/choice
/element
@@ -67,4 +68,13 @@
/element
/define
+define name='usageiscsi'
+attribute name='type'
+valueiscsi/value
+/attribute
+element name='target'
+ref name='genericName'/
+/element
+/define
+
/grammar
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index f6a7aff..45b5638 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -3649,6 +3649,7 @@ typedef enum {
VIR_SECRET_USAGE_TYPE_NONE = 0,
VIR_SECRET_USAGE_TYPE_VOLUME = 1,
VIR_SECRET_USAGE_TYPE_CEPH = 2,
+VIR_SECRET_USAGE_TYPE_ISCSI = 3,
#ifdef VIR_ENUM_SENTINELS
VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index 891af65..06b9bb2 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -36,7 +36,7 @@
#define VIR_FROM_THIS VIR_FROM_SECRET
VIR_ENUM_IMPL(virSecretUsageType, VIR_SECRET_USAGE_TYPE_LAST,
- none, volume, ceph)
+ none, volume, ceph, iscsi)
void
virSecretDefFree(virSecretDefPtr def)
@@ -57,6 +57,10 @@ virSecretDefFree(virSecretDefPtr def)
VIR_FREE(def-usage.ceph);
break;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+VIR_FREE(def-usage.target);
+break;
+
default:
VIR_ERROR(_(unexpected secret usage type %d), def-usage_type);
break;
@@ -108,6 +112,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt,
}
break;
+case VIR_SECRET_USAGE_TYPE_ISCSI:
+def-usage.target = virXPathString(string(./usage/target), ctxt);
+if (!def-usage.target) {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+ _(Ceph usage specified, but target is missing));
s/Ceph/iSCSI/,
ACK with this fixed.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 5/6] domain: parse XML for iscsi authorization credentials
On 2013年03月21日 19:53, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzinipbonz...@redhat.com
---
docs/formatdomain.html.in | 12
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 33
--
.../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31
tests/qemuxml2xmltest.c| 1 +
5 files changed, 64 insertions(+), 14 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index fd33818..c2cf75f 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1768,12 +1768,12 @@
holds the actual password or other credentials (the domain XML
intentionally does not expose the password, only the reference
to the object that does manage the password). For now, the
-only known secretcodetype/code is ceph, for Ceph RBD
-network sources, and requires either an
-attributecodeuuid/code with the UUID of the Ceph secret
-object, or an attributecodeusage/code with the name
-associated with the Ceph secret
-object.span class=sincelibvirt 0.9.7/span
+known secretcodetype/codes are ceph, for Ceph RBD
+network sources, and iscsi, for CHAP authentication of iSCSI
+targets. Both require either acodeuuid/code attribute
+with the UUID of the secret object, or acodeusage/code
+attribute matching the key that was specified in the
+secret object.span class=sincelibvirt 0.9.7/span
/dd
dtcodegeometry/code/dt
ddThe optionalcodegeometry/code element provides the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4da65f8..fae5c0d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3642,6 +3642,7 @@
attribute name='type'
choice
valueceph/value
+valueiscsi/value
/choice
/attribute
choice
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8f76e8e..159a23d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3992,6 +3992,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
char *wwn = NULL;
char *vendor = NULL;
char *product = NULL;
+int expected_secret_usage = -1;
+int auth_secret_usage = -1;
if (VIR_ALLOC(def) 0) {
virReportOOMError();
@@ -4029,7 +4031,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
if (cur-type == XML_ELEMENT_NODE) {
if (!source !hosts
xmlStrEqual(cur-name, BAD_CAST source)) {
-
sourceNode = cur;
switch (def-type) {
@@ -4057,6 +4058,11 @@ virDomainDiskDefParseXML(virCapsPtr caps,
protocol);
goto error;
}
+if (def-protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI;
+} else if (def-protocol ==
VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH;
+}
if (!(source = virXMLPropString(cur, name))
def-protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
virReportError(VIR_ERR_INTERNAL_ERROR, %s,
@@ -4242,8 +4248,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
_(missing type for secret));
goto error;
}
-if (virSecretUsageTypeTypeFromString(usageType) !=
-VIR_SECRET_USAGE_TYPE_CEPH) {
+auth_secret_usage =
+virSecretUsageTypeTypeFromString(usageType);
+if (auth_secret_usage 0) {
virReportError(VIR_ERR_XML_ERROR,
_(invalid secret type %s),
usageType);
@@ -4393,6 +4400,13 @@ virDomainDiskDefParseXML(virCapsPtr caps,
cur = cur-next;
}
+if (auth_secret_usage != -1 auth_secret_usage !=
expected_secret_usage) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(invalid secret type '%s'),
+ virSecretUsageTypeTypeToString(auth_secret_usage));
+goto error;
+}
+
device = virXMLPropString(node, device);
if (device) {
if ((def-device = virDomainDiskDeviceTypeFromString(device)) 0) {
@@ -12787,15 +12801,18 @@ virDomainDiskDefFormat(virBufferPtr buf,
Re: [libvirt] [PATCH v2 6/6] qemu: pass iscsi authorization credentials
On 2013年03月21日 19:53, Paolo Bonzini wrote: A better way to do this would be to use a configuration file like [iscsi target-name] user = name password = pwd and pass it via -readconfig. This would remove the username and password from the ps output. For now, however, keep this solution. Signed-off-by: Paolo Bonzinipbonz...@redhat.com ACK -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 0/6] libvirt support for userspace iSCSI initiator (libiscsi)
On 2013年03月21日 20:46, Daniel P. Berrange wrote: On Thu, Mar 21, 2013 at 12:53:48PM +0100, Paolo Bonzini wrote: This series adds support for the libiscsi userspace initiator. Compared to v1, logical units are now specified with IQN/LUN syntax in the name attribute. ACK to all 6 Daniel Got conflicts when trying to push the patches, run out of time today, going to push tomorrow if Eric have no time to do it yet. Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] lxc: Prevent shutting down the host
When the container has the same '/dev' mount as host (no chroot),
calling domainShutdown(WithFlags) shouldn't shutdown the host it is
running on.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
This is also valid for 1.0.[23]-maint branches, so in case this gets
ACK'd I'll either send a follow-up for those or push it there as well
(if the ACK says so).
src/lxc/lxc_driver.c | 45 -
1 file changed, 28 insertions(+), 17 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 8603078..ba14db7 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
* Copyright IBM Corp. 2008
*
* lxc_driver.c: linux container driver functions
@@ -2778,13 +2778,19 @@ lxcDomainShutdownFlags(virDomainPtr dom,
virLXCDriverPtr driver = dom-conn-privateData;
virLXCDomainObjPrivatePtr priv;
virDomainObjPtr vm;
+virDomainFSDefPtr root;
char *vroot = NULL;
int ret = -1;
-int rc;
+int rc = 0;
+bool methodSignal;
+bool methodInitctl;
virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL |
VIR_DOMAIN_SHUTDOWN_SIGNAL, -1);
+methodSignal = !!(flags VIR_DOMAIN_SHUTDOWN_SIGNAL);
+methodInitctl = !!(flags VIR_DOMAIN_SHUTDOWN_INITCTL);
+
lxcDriverLock(driver);
vm = virDomainObjListFindByUUID(driver-domains, dom-uuid);
lxcDriverUnlock(driver);
@@ -2798,6 +2804,7 @@ lxcDomainShutdownFlags(virDomainPtr dom,
}
priv = vm-privateData;
+root = virDomainGetRootFilesystem(vm-def);
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
@@ -2817,27 +2824,31 @@ lxcDomainShutdownFlags(virDomainPtr dom,
goto cleanup;
}
-if (flags == 0 ||
-(flags VIR_DOMAIN_SHUTDOWN_INITCTL)) {
-if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF,
-vroot)) 0) {
+if (root root-src) {
+if (flags == 0)
+methodSignal = methodInitctl = true;
+} else if (methodInitctl) {
+virReportError(VIR_ERR_OPERATION_UNSUPPORTED, %s,
+ _(Cannot shutdown container using initctl
+ without separated namespace));
+goto cleanup;
+} else {
+methodSignal = true;
+}
+
+if (methodInitctl) {
+rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, vroot);
+if (rc 0)
goto cleanup;
-}
-if (rc == 0 flags != 0
-((flags ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) {
+if (rc == 0 !methodSignal) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, %s,
_(Container does not provide an initctl pipe));
goto cleanup;
}
-} else {
-rc = 0;
}
-
-if (rc == 0
-(flags == 0 ||
- (flags VIR_DOMAIN_SHUTDOWN_SIGNAL))) {
-if (kill(priv-initpid, SIGTERM) 0
-errno != ESRCH) {
+if (rc == 0 methodSignal) {
+ret = kill(priv-initpid, SIGTERM);
+if (ret 0 errno != ESRCH) {
virReportSystemError(errno,
_(Unable to send SIGTERM to init pid %llu),
(unsigned long long)priv-initpid);
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Correct invalid RNG schemas.
The 'trang' utility, which is able to transform '.rng' files into
'.rnc' files, reported some errors in our schemas that weren't caught
by the tools we use in the build. I haven't added a test for this,
but the validity can be checked by the following command:
trang -I rng -O rnc domain.rng domain.rnc
There were unescaped minuses in regular expressions and we were
constraining int (which is by default in the range of [-2^31;2^31-1]
to maximum of 2^32. But what we wanted was exactly an unsignedInt.
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
Thanks to that, the '.rnc' files can be used by nxml-mode which makes
editing libvirt xml files a *lot* easier.
docs/schemas/domaincommon.rng | 2 +-
docs/schemas/nwfilter.rng | 19 ---
2 files changed, 9 insertions(+), 12 deletions(-)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c4e7b7a..3240e1c 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3929,7 +3929,7 @@
/define
define name='aliasName'
data type=string
- param name=pattern[a-zA-Z0-9_-]+/param
+ param name=pattern[a-zA-Z0-9_\-]+/param
/data
/define
define name='alias'
diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng
index cfd9ba5..f1aa699 100644
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -308,25 +308,25 @@
choice
valueroot/value
data type=string
-param name=patternmac[a-zA-Z0-9_\.:-]{0,9}/param
+param name=patternmac[a-zA-Z0-9_\.:\-]{0,9}/param
/data
data type=string
-param name=patternstp[a-zA-Z0-9_\.:-]{0,9}/param
+param name=patternstp[a-zA-Z0-9_\.:\-]{0,9}/param
/data
data type=string
-param name=patternvlan[a-zA-Z0-9_\.:-]{0,8}/param
+param name=patternvlan[a-zA-Z0-9_\.:\-]{0,8}/param
/data
data type=string
-param name=patternarp[a-zA-Z0-9_\.:-]{0,9}/param
+param name=patternarp[a-zA-Z0-9_\.:\-]{0,9}/param
/data
data type=string
-param name=patternrarp[a-zA-Z0-9_\.:-]{0,8}/param
+param name=patternrarp[a-zA-Z0-9_\.:\-]{0,8}/param
/data
data type=string
-param name=patternipv4[a-zA-Z0-9_\.:-]{0,8}/param
+param name=patternipv4[a-zA-Z0-9_\.:\-]{0,8}/param
/data
data type=string
-param name=patternipv6[a-zA-Z0-9_\.:-]{0,8}/param
+param name=patternipv6[a-zA-Z0-9_\.:\-]{0,8}/param
/data
/choice
/attribute
@@ -950,10 +950,7 @@
param name=pattern0x[0-9a-fA-F]{1,8}/param
/data
- data type=int
-param name=minInclusive0/param
-param name=maxInclusive4294967295/param
- /data
+ data type=unsignedInt/
/choice
/define
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 0/2] Correctly treat seclabel of type none
Don't forget other seclabels when adding a seclabel type='none'/. Michal Privoznik (2): security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef security: Don't add seclabel of type none if there's already a seclabel src/conf/domain_conf.c | 56 +++-- src/conf/domain_conf.h | 7 -- src/libvirt_private.syms| 1 - src/security/security_manager.c | 55 +++- src/security/security_selinux.c | 8 -- 5 files changed, 63 insertions(+), 64 deletions(-) -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 1/2] security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef
The virDomainDefGetSecurityLabelDef was modifying the domain XML.
It tried to find a seclabel corresponding to given sec driver. If the
label wasn't found, the function created one which is wrong. In fact
it's security manager which should modify this part of domain XML.
---
src/conf/domain_conf.c | 56 +++--
src/conf/domain_conf.h | 7 --
src/libvirt_private.syms| 1 -
src/security/security_manager.c | 40 -
src/security/security_selinux.c | 8 --
5 files changed, 53 insertions(+), 59 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b06cae5..8f5ae53 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1000,7 +1000,7 @@
virDomainGraphicsListenDefClear(virDomainGraphicsListenDefPtr def)
return;
}
-static void
+void
virSecurityLabelDefFree(virSecurityLabelDefPtr def)
{
if (!def)
@@ -1013,7 +1013,7 @@ virSecurityLabelDefFree(virSecurityLabelDefPtr def)
}
-static void
+void
virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def)
{
if (!def)
@@ -16616,10 +16616,6 @@ virDomainDefGetSecurityLabelDef(virDomainDefPtr def,
const char *model)
return def-seclabels[i];
}
-seclabel = virDomainDefAddSecurityLabelDef(def, model);
-if (seclabel)
-seclabel-implicit = true;
-
return seclabel;
}
@@ -16654,55 +16650,31 @@ virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr
def, const char *model)
}
virSecurityLabelDefPtr
-virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model)
+virDomainDefGenSecurityLabelDef(const char *model)
{
virSecurityLabelDefPtr seclabel = NULL;
-if (VIR_ALLOC(seclabel) 0)
-goto no_memory;
-
-if (model) {
-seclabel-model = strdup(model);
-if (seclabel-model == NULL)
-goto no_memory;
+if (VIR_ALLOC(seclabel) 0 ||
+(model !(seclabel-model = strdup(model {
+virReportOOMError();
+virSecurityLabelDefFree(seclabel);
+seclabel = NULL;
}
-if (VIR_EXPAND_N(def-seclabels, def-nseclabels, 1) 0)
-goto no_memory;
-
-def-seclabels[def-nseclabels - 1] = seclabel;
-
return seclabel;
-
-no_memory:
-virReportOOMError();
-virSecurityLabelDefFree(seclabel);
-return NULL;
}
virSecurityDeviceLabelDefPtr
-virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char *model)
+virDomainDiskDefGenSecurityLabelDef(const char *model)
{
virSecurityDeviceLabelDefPtr seclabel = NULL;
-if (VIR_ALLOC(seclabel) 0)
-goto no_memory;
-
-if (model) {
-seclabel-model = strdup(model);
-if (seclabel-model == NULL)
-goto no_memory;
+if (VIR_ALLOC(seclabel) 0 ||
+(model !(seclabel-model = strdup(model {
+virReportOOMError();
+virSecurityDeviceLabelDefFree(seclabel);
+seclabel = NULL;
}
-if (VIR_EXPAND_N(def-seclabels, def-nseclabels, 1) 0)
-goto no_memory;
-
-def-seclabels[def-nseclabels - 1] = seclabel;
-
return seclabel;
-
-no_memory:
-virReportOOMError();
-virSecurityDeviceLabelDefFree(seclabel);
-return NULL;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a750a1f..2540bca 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2297,10 +2297,13 @@ virSecurityDeviceLabelDefPtr
virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
virSecurityLabelDefPtr
-virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
+virDomainDefGenSecurityLabelDef(const char *model);
virSecurityDeviceLabelDefPtr
-virDomainDiskDefAddSecurityLabelDef(virDomainDiskDefPtr def, const char
*model);
+virDomainDiskDefGenSecurityLabelDef(const char *model);
+
+void virSecurityLabelDefFree(virSecurityLabelDefPtr def);
+void virSecurityDeviceLabelDefFree(virSecurityDeviceLabelDefPtr def);
typedef const char* (*virEventActionToStringFunc)(int type);
typedef int (*virEventActionFromStringFunc)(const char *type);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..e8085a9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -108,7 +108,6 @@ virDomainControllerTypeToString;
virDomainCpuPlacementModeTypeFromString;
virDomainCpuPlacementModeTypeToString;
virDomainDefAddImplicitControllers;
-virDomainDefAddSecurityLabelDef;
virDomainDefCheckABIStability;
virDomainDefClearCCWAddresses;
virDomainDefClearDeviceAliases;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c621366..5c2a95b 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -424,24 +424,26 @@ int
virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
-int rc
[libvirt] [PATCH v2 2/2] security: Don't add seclabel of type none if there's already a seclabel
https://bugzilla.redhat.com/show_bug.cgi?id=923946
The seclabel type='none'/ should be added iff there is no other
seclabel defined within a domain. This bug can be easily reproduced:
1) configure selinux seclabel for a domain
2) disable system's selinux and restart libvirtd
3) observe seclabel type='none'/ being appended to a domain on its
startup
---
src/security/security_manager.c | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 5c2a95b..b55af69 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -455,11 +455,16 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
}
}
-if ((seclabel-type == VIR_DOMAIN_SECLABEL_NONE)
-sec_managers[i]-requireConfined) {
-virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s,
- _(Unconfined guests are not allowed on this
host));
-goto cleanup;
+if (seclabel-type == VIR_DOMAIN_SECLABEL_NONE) {
+if (sec_managers[i]-requireConfined) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED, %s,
+ _(Unconfined guests are not allowed on this
host));
+goto cleanup;
+} else if (vm-nseclabels generated) {
+VIR_DEBUG(Skipping auto generated seclabel of type none);
+virSecurityLabelDefFree(seclabel);
+continue;
+}
}
if (!sec_managers[i]-drv-domainGenSecurityLabel) {
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 10/11] TPM support for QEMU command line
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/qemu/qemu_command.c | 217
1 file changed, 217 insertions(+)
Index: libvirt/src/qemu/qemu_command.c
===
--- libvirt.orig/src/qemu/qemu_command.c
+++ libvirt/src/qemu/qemu_command.c
@@ -46,6 +46,7 @@
#include base64.h
#include device_conf.h
#include virstoragefile.h
+#include virtpm.h
#include sys/stat.h
#include fcntl.h
@@ -791,6 +792,10 @@ qemuAssignDeviceAliases(virDomainDefPtr
if (virAsprintf(def-rng-info.alias, rng%d, 0) 0)
goto no_memory;
}
+if (def-tpm) {
+if (virAsprintf(def-tpm-info.alias, tpm%d, 0) 0)
+goto no_memory;
+}
return 0;
@@ -4674,6 +4679,92 @@ cleanup:
}
+static char *qemuBuildTPMBackendStr(const virDomainDefPtr def,
+virQEMUCapsPtr qemuCaps,
+const char *emulator)
+{
+const virDomainTPMDefPtr tpm = def-tpm;
+virBuffer buf = VIR_BUFFER_INITIALIZER;
+const char *type = virDomainTPMBackendTypeToString(tpm-type);
+const char *cancel_path;
+
+virBufferAsprintf(buf, %s,id=tpm-%s, type, tpm-info.alias);
+
+switch (tpm-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH))
+goto no_support;
+
+virBufferAddLit(buf, ,path=);
+virBufferEscape(buf, ',', ,, %s,
+tpm-data.passthrough.source.data.file.path);
+
+if (!(cancel_path = virTPMFindCancelPath())) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+_(TPM cancel path could not be determined));
+ goto error;
+}
+
+virBufferAddLit(buf, ,cancel-path=);
+virBufferEscape(buf, ',', ,, %s, cancel_path);
+VIR_FREE(cancel_path);
+
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+goto error;
+}
+
+if (virBufferError(buf)) {
+virReportOOMError();
+goto error;
+}
+
+return virBufferContentAndReset(buf);
+
+ no_support:
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(The QEMU executable %s does not support TPM
+ backend type %s),
+ emulator, type);
+
+ error:
+virBufferFreeAndReset(buf);
+return NULL;
+}
+
+
+static char *qemuBuildTPMDevStr(const virDomainDefPtr def,
+virQEMUCapsPtr qemuCaps,
+const char *emulator)
+{
+virBuffer buf = VIR_BUFFER_INITIALIZER;
+const virDomainTPMDefPtr tpm = def-tpm;
+const char *model = virDomainTPMModelTypeToString(tpm-model);
+
+if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS)) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(The QEMU executable %s does not support TPM
+ model %s),
+ emulator, model);
+goto error;
+}
+
+virBufferAsprintf(buf, %s,tpmdev=tpm-%s,id=%s,
+ model, tpm-info.alias, tpm-info.alias);
+
+if (virBufferError(buf)) {
+virReportOOMError();
+goto error;
+}
+
+return virBufferContentAndReset(buf);
+
+ error:
+virBufferFreeAndReset(buf);
+return NULL;
+}
+
+
static char *qemuBuildSmbiosBiosStr(virSysinfoDefPtr def)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -6974,6 +7065,22 @@ qemuBuildCommandLine(virConnectPtr conn,
}
}
+if (def-tpm) {
+char *optstr;
+
+if (!(optstr = qemuBuildTPMBackendStr(def, qemuCaps, emulator)))
+goto error;
+
+virCommandAddArgList(cmd, -tpmdev, optstr, NULL);
+VIR_FREE(optstr);
+
+if (!(optstr = qemuBuildTPMDevStr(def, qemuCaps, emulator)))
+goto error;
+
+virCommandAddArgList(cmd, -device, optstr, NULL);
+VIR_FREE(optstr);
+}
+
for (i = 0 ; i def-ninputs ; i++) {
virDomainInputDefPtr input = def-inputs[i];
@@ -8801,6 +8908,112 @@ error:
static int
+qemuParseCommandLineTPM(virDomainDefPtr dom,
+const char *val)
+{
+int rc = 0;
+virDomainTPMDefPtr tpm;
+char **keywords;
+char **values;
+int nkeywords;
+int i;
+
+if (dom-tpm)
+goto error;
+
+nkeywords = qemuParseKeywords(val, keywords, values, 1);
+if (nkeywords 0)
+goto error;
+
+if (VIR_ALLOC(tpm) 0)
+goto no_memory;
+
+tpm-model = VIR_DOMAIN_TPM_MODEL_TIS;
+
+for (i = 0; i nkeywords; i++) {
+if (STREQ(keywords[i], type)) {
+if (values[i]
+STREQ(values[i],
+
virDomainTPMBackendTypeToString(VIR_DOMAIN_TPM_TYPE_PASSTHROUGH)))
+tpm-type = VIR_DOMAIN_TPM_TYPE_PASSTHROUGH;
+} else if (STREQ(keywords[i],
+
[libvirt] [PATCH v3 01/11] Add QMP probing for TPM
Probe for QEMU's QMP TPM support by querying the lists of
supported TPM models (query-tpm-models) and backend types
(query-tpm-types).
The setting of the capability flags following the strings
returned from the commands above is only provided in the
patch where domain_conf.c gets TPM support due to dependencies
on functions only introduced there.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/qemu/qemu_capabilities.c |3 +
src/qemu/qemu_capabilities.h |3 +
src/qemu/qemu_monitor.c | 44 +
src/qemu/qemu_monitor.h |6 ++
src/qemu/qemu_monitor_json.c | 90 +++
src/qemu/qemu_monitor_json.h |8 +++
6 files changed, 154 insertions(+)
Index: libvirt/src/qemu/qemu_capabilities.c
===
--- libvirt.orig/src/qemu/qemu_capabilities.c
+++ libvirt/src/qemu/qemu_capabilities.c
@@ -212,6 +212,9 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAS
rng-egd,
virtio-ccw,
dtb,
+ tpm-passthrough,
+
+ tpm-tis, /* 135 */
);
struct _virQEMUCaps {
Index: libvirt/src/qemu/qemu_capabilities.h
===
--- libvirt.orig/src/qemu/qemu_capabilities.h
+++ libvirt/src/qemu/qemu_capabilities.h
@@ -173,6 +173,8 @@ enum virQEMUCapsFlags {
QEMU_CAPS_OBJECT_RNG_EGD = 131, /* EGD protocol daemon for rng */
QEMU_CAPS_VIRTIO_CCW = 132, /* -device virtio-*-ccw */
QEMU_CAPS_DTB= 133, /* -dtb file */
+QEMU_CAPS_DEVICE_TPM_PASSTHROUGH = 134, /* -tpmdev passthrough */
+QEMU_CAPS_DEVICE_TPM_TIS = 135, /* -device tpm_tis */
QEMU_CAPS_LAST, /* this must always be the last item */
};
@@ -254,4 +256,5 @@ int virQEMUCapsParseDeviceStr(virQEMUCap
VIR_ENUM_DECL(virQEMUCaps);
bool virQEMUCapsUsedQMP(virQEMUCapsPtr qemuCaps);
+
#endif /* __QEMU_CAPABILITIES_H__*/
Index: libvirt/src/qemu/qemu_monitor.c
===
--- libvirt.orig/src/qemu/qemu_monitor.c
+++ libvirt/src/qemu/qemu_monitor.c
@@ -3522,3 +3522,47 @@ int qemuMonitorNBDServerStop(qemuMonitor
return qemuMonitorJSONNBDServerStop(mon);
}
+
+
+int qemuMonitorGetTPMModels(qemuMonitorPtr mon,
+char ***tpmmodels)
+{
+VIR_DEBUG(mon=%p tpmmodels=%p,
+ mon, tpmmodels);
+
+if (!mon) {
+virReportError(VIR_ERR_INVALID_ARG, %s,
+ _(monitor must not be NULL));
+return -1;
+}
+
+if (!mon-json) {
+virReportError(VIR_ERR_OPERATION_UNSUPPORTED, %s,
+ _(JSON monitor is required));
+return -1;
+}
+
+return qemuMonitorJSONGetTPMModels(mon, tpmmodels);
+}
+
+
+int qemuMonitorGetTPMTypes(qemuMonitorPtr mon,
+ char ***tpmtypes)
+{
+VIR_DEBUG(mon=%p tpmtypes=%p,
+ mon, tpmtypes);
+
+if (!mon) {
+virReportError(VIR_ERR_INVALID_ARG, %s,
+ _(monitor must not be NULL));
+return -1;
+}
+
+if (!mon-json) {
+virReportError(VIR_ERR_OPERATION_UNSUPPORTED, %s,
+ _(JSON monitor is required));
+return -1;
+}
+
+return qemuMonitorJSONGetTPMTypes(mon, tpmtypes);
+}
Index: libvirt/src/qemu/qemu_monitor.h
===
--- libvirt.orig/src/qemu/qemu_monitor.h
+++ libvirt/src/qemu/qemu_monitor.h
@@ -683,6 +683,12 @@ int qemuMonitorNBDServerAdd(qemuMonitorP
const char *deviceID,
bool writable);
int qemuMonitorNBDServerStop(qemuMonitorPtr);
+int qemuMonitorGetTPMModels(qemuMonitorPtr mon,
+char ***tpmmodels);
+
+int qemuMonitorGetTPMTypes(qemuMonitorPtr mon,
+ char ***tpmtypes);
+
/**
* When running two dd process and using redirection, we need a
* shell that will not truncate files. These two strings serve that
Index: libvirt/src/qemu/qemu_monitor_json.c
===
--- libvirt.orig/src/qemu/qemu_monitor_json.c
+++ libvirt/src/qemu/qemu_monitor_json.c
@@ -41,6 +41,7 @@
#include datatypes.h
#include virerror.h
#include virjson.h
+#include virstring.h
#ifdef WITH_DTRACE_PROBES
# include libvirt_qemu_probes.h
@@ -4693,3 +4694,92 @@ qemuMonitorJSONNBDServerStop(qemuMonitor
virJSONValueFree(reply);
return ret;
}
+
+
+static int
+qemuMonitorJSONGetStringArray(qemuMonitorPtr mon, const char *qmpCmd,
+ char ***array)
+{
+int ret;
+virJSONValuePtr cmd;
+virJSONValuePtr reply = NULL;
+virJSONValuePtr data;
+char **list = NULL;
+int n = 0;
+size_t i;
+
+*array = NULL;
+
+if (!(cmd = qemuMonitorJSONMakeCommand(qmpCmd, NULL)))
+
[libvirt] [PATCH v3 02/11] Add function to find a needle in a string array
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/libvirt_private.syms |1 +
src/util/virstring.c | 14 ++
src/util/virstring.h |2 ++
3 files changed, 17 insertions(+)
Index: libvirt/src/util/virstring.c
===
--- libvirt.orig/src/util/virstring.c
+++ libvirt/src/util/virstring.c
@@ -166,3 +166,17 @@ void virStringFreeList(char **strings)
}
VIR_FREE(strings);
}
+
+
+bool
+virStringArrayHasString(char **strings, const char *needle)
+{
+size_t i = 0;
+
+while (strings[i]) {
+if (STREQ(strings[i++], needle))
+return true;
+}
+
+return false;
+}
Index: libvirt/src/util/virstring.h
===
--- libvirt.orig/src/util/virstring.h
+++ libvirt/src/util/virstring.h
@@ -35,4 +35,6 @@ char *virStringJoin(const char **strings
void virStringFreeList(char **strings);
+bool virStringArrayHasString(char **strings, const char *needle);
+
#endif /* __VIR_STRING_H__ */
Index: libvirt/src/libvirt_private.syms
===
--- libvirt.orig/src/libvirt_private.syms
+++ libvirt/src/libvirt_private.syms
@@ -1714,6 +1714,7 @@ virStorageFileResize;
# util/virstring.h
+virStringArrayHasString;
virStringFreeList;
virStringJoin;
virStringSplit;
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 09/11] QEMU Cgroup support for TPM passthrough
Some refactoring for virDomainChrSourceDef type of devices so
we can use common code.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/qemu/qemu_cgroup.c | 53 +++--
1 file changed, 43 insertions(+), 10 deletions(-)
Index: libvirt/src/qemu/qemu_cgroup.c
===
--- libvirt.orig/src/qemu/qemu_cgroup.c
+++ libvirt/src/qemu/qemu_cgroup.c
@@ -144,34 +144,62 @@ int qemuTeardownDiskCgroup(virDomainObjP
data);
}
-
static int
-qemuSetupChardevCgroup(virDomainDefPtr def,
- virDomainChrDefPtr dev,
- void *opaque)
+qemuSetupChrSourceCgroup(virDomainDefPtr def,
+ virDomainChrSourceDefPtr dev,
+ qemuCgroupData *data)
{
-qemuCgroupData *data = opaque;
int rc;
-if (dev-source.type != VIR_DOMAIN_CHR_TYPE_DEV)
+if (dev-type != VIR_DOMAIN_CHR_TYPE_DEV)
return 0;
+VIR_DEBUG(Process path '%s' for device, dev-data.file.path);
-VIR_DEBUG(Process path '%s' for disk, dev-source.data.file.path);
-rc = virCgroupAllowDevicePath(data-cgroup, dev-source.data.file.path,
+rc = virCgroupAllowDevicePath(data-cgroup, dev-data.file.path,
VIR_CGROUP_DEVICE_RW);
virDomainAuditCgroupPath(data-vm, data-cgroup, allow,
- dev-source.data.file.path, rw, rc);
+ dev-data.file.path, rw, rc);
if (rc 0) {
virReportSystemError(-rc,
_(Unable to allow device %s for %s),
- dev-source.data.file.path, def-name);
+ dev-data.file.path, def-name);
return -1;
}
return 0;
}
+static int
+qemuSetupChardevCgroup(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque)
+{
+qemuCgroupData *data = opaque;
+
+return qemuSetupChrSourceCgroup(def, dev-source, data);
+}
+
+
+static int
+qemuSetupTPMCgroup(virDomainDefPtr def,
+ virDomainTPMDefPtr dev,
+ qemuCgroupData *data)
+{
+int rc = 0;
+
+switch (dev-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+rc = qemuSetupChrSourceCgroup(def, dev-data.passthrough.source,
+ data);
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+break;
+}
+
+return rc;
+}
+
int qemuSetupHostUsbDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
const char *path,
@@ -289,6 +317,11 @@ int qemuSetupCgroup(virQEMUDriverPtr dri
data) 0)
goto cleanup;
+if (vm-def-tpm)
+qemuSetupTPMCgroup(vm-def,
+ vm-def-tpm,
+ data);
+
for (i = 0; i vm-def-nhostdevs; i++) {
virDomainHostdevDefPtr hostdev = vm-def-hostdevs[i];
virUSBDevicePtr usb;
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 07/11] Add SELinux and DAC labeling support for TPM passthrough
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/security/security_dac.c | 53 ++
src/security/security_selinux.c | 96
2 files changed, 149 insertions(+)
Index: libvirt/src/security/security_selinux.c
===
--- libvirt.orig/src/security/security_selinux.c
+++ libvirt/src/security/security_selinux.c
@@ -45,6 +45,7 @@
#include virrandom.h
#include virutil.h
#include virconf.h
+#include virtpm.h
#define VIR_FROM_THIS VIR_FROM_SECURITY
@@ -76,6 +77,12 @@ struct _virSecuritySELinuxCallbackData {
#define SECURITY_SELINUX_VOID_DOI 0
#define SECURITY_SELINUX_NAME selinux
+static int
+virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainTPMDefPtr tpm);
+
+
/*
* Returns 0 on success, 1 if already reserved, or -1 on fatal error
*/
@@ -1062,6 +1069,84 @@ err:
return rc;
}
+
+static int
+virSecuritySELinuxSetSecurityTPMFileLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainTPMDefPtr tpm)
+{
+int rc;
+virSecurityLabelDefPtr seclabel;
+char *cancel_path;
+
+seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+if (seclabel == NULL)
+return -1;
+
+switch (tpm-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+rc = virSecuritySELinuxSetFilecon(
+ tpm-data.passthrough.source.data.file.path,
+ seclabel-imagelabel);
+if (rc 0)
+return -1;
+
+if ((cancel_path = virTPMFindCancelPath()) != NULL) {
+rc = virSecuritySELinuxSetFilecon(cancel_path,
+ seclabel-imagelabel);
+VIR_FREE(cancel_path);
+if (rc 0) {
+virSecuritySELinuxRestoreSecurityTPMFileLabelInt(mgr, def,
+ tpm);
+return -1;
+}
+} else {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+ _(Cannot determine TPM command cancel path));
+return -1;
+}
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+break;
+}
+
+return 0;
+}
+
+
+static int
+virSecuritySELinuxRestoreSecurityTPMFileLabelInt(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ virDomainTPMDefPtr tpm)
+{
+int rc = 0;
+virSecurityLabelDefPtr seclabel;
+char *cancel_path;
+
+seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+if (seclabel == NULL)
+return -1;
+
+switch (tpm-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+rc = virSecuritySELinuxRestoreSecurityFileLabel(
+ mgr, tpm-data.passthrough.source.data.file.path);
+
+if ((cancel_path = virTPMFindCancelPath()) != NULL) {
+if (virSecuritySELinuxRestoreSecurityFileLabel(mgr,
+ cancel_path) 0)
+rc = -1;
+VIR_FREE(cancel_path);
+}
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+break;
+}
+
+return rc;
+}
+
+
static int
virSecuritySELinuxRestoreSecurityImageLabelInt(virSecurityManagerPtr mgr,
virDomainDefPtr def,
@@ -1730,6 +1815,12 @@ virSecuritySELinuxRestoreSecurityAllLabe
if (secdef-norelabel || data-skipAllLabel)
return 0;
+if (def-tpm) {
+if (virSecuritySELinuxRestoreSecurityTPMFileLabelInt(mgr, def,
+ def-tpm) 0)
+rc = -1;
+}
+
for (i = 0 ; i def-nhostdevs ; i++) {
if (virSecuritySELinuxRestoreSecurityHostdevLabel(mgr,
def,
@@ -2144,6 +2235,11 @@ virSecuritySELinuxSetSecurityAllLabel(vi
NULL) 0)
return -1;
}
+if (def-tpm) {
+if (virSecuritySELinuxSetSecurityTPMFileLabel(mgr, def,
+ def-tpm) 0)
+return -1;
+}
if (virDomainChrDefForeach(def,
true,
Index: libvirt/src/security/security_dac.c
===
--- libvirt.orig/src/security/security_dac.c
+++ libvirt/src/security/security_dac.c
@@ -716,6 +716,46 @@ virSecurityDACRestoreChardevCallback(vir
static int
+virSecurityDACSetSecurityTPMFileLabel(virSecurityManagerPtr mgr,
+
[libvirt] [PATCH v3 11/11] Add test case for TPM passthrough
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com --- tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.args |6 +++ tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.xml | 29 +++ tests/qemuxml2argvtest.c |3 + tests/qemuxml2xmltest.c |2 + 4 files changed, 40 insertions(+) Index: libvirt/tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.args === --- /dev/null +++ libvirt/tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.args @@ -0,0 +1,6 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \ +/usr/bin/qemu -S -M pc-0.12 -m 2048 -smp 1 -nographic -nodefaults \ +-monitor unix:/tmp/test-monitor,server,nowait -boot c -usb \ +-tpmdev passthrough,id=tpm-tpm0,path=/dev/tpm0,cancel-path=/sys/class/misc/tpm0/device/cancel \ +-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 Index: libvirt/tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.xml === --- /dev/null +++ libvirt/tests/qemuxml2argvdata/qemuxml2argv-tpm-passthrough.xml @@ -0,0 +1,29 @@ +domain type='qemu' + nameTPM-VM/name + uuid11d7cd22-da89-3094-6212-079a48a309a1/uuid + memory unit='KiB'2097152/memory + currentMemory unit='KiB'512288/currentMemory + vcpu placement='static'1/vcpu + os +type arch='x86_64' machine='pc-0.12'hvm/type +boot dev='hd'/ +bootmenu enable='yes'/ + /os + features +acpi/ + /features + clock offset='utc'/ + on_poweroffdestroy/on_poweroff + on_rebootrestart/on_reboot + on_crashdestroy/on_crash + devices +emulator/usr/bin/qemu/emulator +controller type='usb' index='0'/ +tpm model='tpm-tis' + backend type='passthrough' +device path='/dev/tpm0'/ + /backend +/tpm +memballoon model='virtio'/ + /devices +/domain Index: libvirt/tests/qemuxml2argvtest.c === --- libvirt.orig/tests/qemuxml2argvtest.c +++ libvirt/tests/qemuxml2argvtest.c @@ -918,6 +918,9 @@ mymain(void) DO_TEST(ppc-dtb, QEMU_CAPS_KVM, QEMU_CAPS_DTB); +DO_TEST(tpm-passthrough, QEMU_CAPS_DEVICE, +QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_TIS); + virObjectUnref(driver.config); virObjectUnref(driver.caps); virObjectUnref(driver.xmlconf); Index: libvirt/tests/qemuxml2xmltest.c === --- libvirt.orig/tests/qemuxml2xmltest.c +++ libvirt/tests/qemuxml2xmltest.c @@ -270,6 +270,8 @@ mymain(void) DO_TEST_DIFFERENT(metadata); +DO_TEST(tpm-passthrough); + virObjectUnref(driver.caps); virObjectUnref(driver.xmlconf); -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 08/11] Audit the starting of a guest using TPM passthrough
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/conf/domain_audit.c | 55
1 file changed, 55 insertions(+)
Index: libvirt/src/conf/domain_audit.c
===
--- libvirt.orig/src/conf/domain_audit.c
+++ libvirt/src/conf/domain_audit.c
@@ -524,6 +524,58 @@ cleanup:
/**
+ * virDomainAuditTPM:
+ * @vm: domain making a change in pass-through host device
+ * @tpm: TPM device being attached or removed
+ * @reason: one of start, attach, or detach
+ * @success: true if the device passthrough operation succeeded
+ *
+ * Log an audit message about an attempted device passthrough change.
+ */
+static void
+virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm,
+ const char *reason, bool success)
+{
+char uuidstr[VIR_UUID_STRING_BUFLEN];
+char *vmname;
+char *path = NULL;
+char *device = NULL;
+const char *virt;
+
+virUUIDFormat(vm-def-uuid, uuidstr);
+if (!(vmname = virAuditEncode(vm, vm-def-name))) {
+VIR_WARN(OOM while encoding audit message);
+return;
+}
+
+if (!(virt = virDomainVirtTypeToString(vm-def-virtType))) {
+VIR_WARN(Unexpected virt type %d while encoding audit message,
vm-def-virtType);
+virt = ?;
+}
+
+switch (tpm-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+path = tpm-data.passthrough.source.data.file.path;
+if (!(device = virAuditEncode(device, VIR_AUDIT_STR(path {
+VIR_WARN(OOM while encoding audit message);
+goto cleanup;
+}
+
+VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+ virt=%s resrc=dev reason=%s %s uuid=%s %s,
+ virt, reason, vmname, uuidstr, device);
+break;
+default:
+break;
+}
+
+cleanup:
+VIR_FREE(vmname);
+VIR_FREE(device);
+}
+
+
+/**
* virDomainAuditCgroup:
* @vm: domain making the cgroups ACL change
* @cgroup: cgroup that manages the devices
@@ -761,6 +813,9 @@ virDomainAuditStart(virDomainObjPtr vm,
if (vm-def-rng)
virDomainAuditRNG(vm, vm-def-rng, NULL, start, true);
+if (vm-def-tpm)
+virDomainAuditTPM(vm, vm-def-tpm, start, true);
+
virDomainAuditMemory(vm, 0, vm-def-mem.cur_balloon, start, true);
virDomainAuditVcpu(vm, 0, vm-def-vcpus, start, true);
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 04/11] Helper functions for host TPM support
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
po/POTFILES.in |1
src/Makefile.am |1
src/libvirt_private.syms |4 +
src/util/virtpm.c| 124 +++
src/util/virtpm.h| 27 ++
5 files changed, 157 insertions(+)
Index: libvirt/src/Makefile.am
===
--- libvirt.orig/src/Makefile.am
+++ libvirt/src/Makefile.am
@@ -122,6 +122,7 @@ UTIL_SOURCES =
\
util/virthreadwin32.h \
util/virthreadpool.c util/virthreadpool.h \
util/virtime.h util/virtime.c \
+ util/virtpm.h util/virtpm.c \
util/virtypedparam.c util/virtypedparam.h \
util/virusb.c util/virusb.h \
util/viruri.h util/viruri.c \
Index: libvirt/src/util/virtpm.c
===
--- /dev/null
+++ libvirt/src/util/virtpm.c
@@ -0,0 +1,124 @@
+/*
+ * virtpm.c: TPM support
+ *
+ * Copyright (C) 2013 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * http://www.gnu.org/licenses/.
+ *
+ * Author: Stefan Berger stef...@linux.vnet.ibm.com
+ */
+
+#include config.h
+
+#include stdio.h
+#include dirent.h
+#include unistd.h
+#include sys/stat.h
+
+#include virobject.h
+#include viralloc.h
+#include virutil.h
+#include virerror.h
+#include virbuffer.h
+#include virtpm.h
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+/*
+ * Check whether the given base path, e.g., /sys/class/misc/tpm0/device,
+ * is the sysfs entry of a TPM. A TPM sysfs entry should be uniquely
+ * recognizable by the file entries 'pcrs' and 'cancel'.
+ * Upon success 'true' is returned and the basebath buffer has '/cancel'
+ * appended.
+ */
+static bool
+virTPMCheckSysfsCancel(char *basepath, size_t bufsz)
+{
+char *path = NULL;
+struct stat statbuf;
+
+if (virAsprintf(path, %s/pcrs, basepath) 0) {
+virReportOOMError();
+goto error;
+}
+if (stat(path, statbuf) == -1 || !S_ISREG(statbuf.st_mode))
+goto error;
+
+VIR_FREE(path);
+
+if (virAsprintf(path, %s/cancel, basepath) 0) {
+virReportOOMError();
+goto error;
+}
+
+if (stat(path, statbuf) == -1 || !S_ISREG(statbuf.st_mode))
+goto error;
+
+if (!virStrncpy(basepath, path, strlen(path) + 1, bufsz)) {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+ _(Basepath buffer is too small));
+goto error;
+}
+
+VIR_FREE(path);
+
+return true;
+
+error:
+VIR_FREE(path);
+return false;
+}
+
+
+char *
+virTPMFindCancelPath(void)
+{
+unsigned int idx;
+int len;
+DIR *pnp_dir;
+char path[100], *p;
+struct dirent entry, *result;
+bool found = false;
+
+snprintf(path, sizeof(path), /sys/class/misc);
+pnp_dir = opendir(path);
+if (pnp_dir != NULL) {
+while (readdir_r(pnp_dir, entry, result) == 0
+ result != NULL) {
+if (sscanf(entry.d_name, tpm%u%n, idx, len) 1 ||
+len = strlen(tpm) ||
+len != strlen(entry.d_name)) {
+continue;
+}
+snprintf(path, sizeof(path), /sys/class/misc/%s/device,
+ entry.d_name);
+if (!virTPMCheckSysfsCancel(path, sizeof(path))) {
+continue;
+}
+
+found = true;
+break;
+}
+closedir(pnp_dir);
+}
+
+if (found) {
+if (!(p = strdup(path)))
+virReportOOMError();
+return p;
+}
+
+return NULL;
+}
Index: libvirt/src/libvirt_private.syms
===
--- libvirt.orig/src/libvirt_private.syms
+++ libvirt/src/libvirt_private.syms
@@ -1772,6 +1772,10 @@ virTimeStringThen;
virTimeStringThenRaw;
+# util/virtpm.h
+virTPMFindCancelPath;
+
+
# util/virtypedparam.h
virTypedParameterArrayValidate;
virTypedParameterAssign;
Index: libvirt/src/util/virtpm.h
===
--- /dev/null
+++ libvirt/src/util/virtpm.h
@@ -0,0 +1,27
[libvirt] [PATCH v3 06/11] Convert QMP strings into QEMU capabilty bits
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/qemu/qemu_capabilities.c | 56 +++
1 file changed, 56 insertions(+)
Index: libvirt/src/qemu/qemu_capabilities.c
===
--- libvirt.orig/src/qemu/qemu_capabilities.c
+++ libvirt/src/qemu/qemu_capabilities.c
@@ -38,6 +38,7 @@
#include virbitmap.h
#include virnodesuspend.h
#include qemu_monitor.h
+#include virstring.h
#include fcntl.h
#include sys/stat.h
@@ -2131,6 +2132,59 @@ virQEMUCapsProbeQMPCPUDefinitions(virQEM
static int
+virQEMUCapsProbeQMPTPM(virQEMUCapsPtr qemuCaps,
+ qemuMonitorPtr mon)
+{
+int nentries, i;
+char **entries = NULL;
+struct typeToCaps {
+int type;
+enum virQEMUCapsFlags caps;
+};
+const struct typeToCaps tpmTypesToCaps[] = {
+{
+.type = VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
+.caps = QEMU_CAPS_DEVICE_TPM_PASSTHROUGH,
+},
+};
+const struct typeToCaps tpmModelsToCaps[] = {
+{
+.type = VIR_DOMAIN_TPM_MODEL_TIS,
+.caps = QEMU_CAPS_DEVICE_TPM_TIS,
+},
+};
+
+if ((nentries = qemuMonitorGetTPMModels(mon, entries)) 0)
+return -1;
+
+if (nentries 0) {
+for (i = 0; i ARRAY_CARDINALITY(tpmModelsToCaps); i++) {
+const char *needle = virDomainTPMModelTypeToString(
+tpmModelsToCaps[i].type);
+if (virStringArrayHasString(entries, needle))
+virQEMUCapsSet(qemuCaps, tpmModelsToCaps[i].caps);
+}
+}
+virStringFreeList(entries);
+
+if ((nentries = qemuMonitorGetTPMTypes(mon, entries)) 0)
+return -1;
+
+if (nentries 0) {
+for (i = 0; i ARRAY_CARDINALITY(tpmTypesToCaps); i++) {
+const char *needle = virDomainTPMBackendTypeToString(
+tpmTypesToCaps[i].type);
+if (virStringArrayHasString(entries, needle))
+virQEMUCapsSet(qemuCaps, tpmTypesToCaps[i].caps);
+}
+}
+virStringFreeList(entries);
+
+return 0;
+}
+
+
+static int
virQEMUCapsProbeQMPKVMState(virQEMUCapsPtr qemuCaps,
qemuMonitorPtr mon)
{
@@ -2480,6 +2534,8 @@ virQEMUCapsInitQMP(virQEMUCapsPtr qemuCa
goto cleanup;
if (virQEMUCapsProbeQMPKVMState(qemuCaps, mon) 0)
goto cleanup;
+if (virQEMUCapsProbeQMPTPM(qemuCaps, mon) 0)
+goto cleanup;
ret = 0;
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 05/11] Parse TPM passthrough XML in the domain XML
Parse the domain XML with TPM passthrough support.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/conf/domain_conf.c | 179 +++
src/conf/domain_conf.h | 33
src/libvirt_private.syms |5 +
3 files changed, 217 insertions(+)
Index: libvirt/src/conf/domain_conf.c
===
--- libvirt.orig/src/conf/domain_conf.c
+++ libvirt/src/conf/domain_conf.c
@@ -51,6 +51,7 @@
#include netdev_bandwidth_conf.h
#include netdev_vlan_conf.h
#include device_conf.h
+#include virtpm.h
#define VIR_FROM_THIS VIR_FROM_DOMAIN
@@ -714,6 +715,13 @@ VIR_ENUM_IMPL(virDomainRNGBackend,
random,
egd);
+VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST,
+ tpm-tis)
+
+VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST,
+ passthrough)
+
+
#define VIR_DOMAIN_XML_WRITE_FLAGS VIR_DOMAIN_XML_SECURE
#define VIR_DOMAIN_XML_READ_FLAGS VIR_DOMAIN_XML_INACTIVE
@@ -1569,6 +1577,23 @@ void virDomainHostdevDefClear(virDomainH
}
}
+void virDomainTPMDefFree(virDomainTPMDefPtr def)
+{
+if (!def)
+return;
+
+switch (def-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+VIR_FREE(def-data.passthrough.source.data.file.path);
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+break;
+}
+
+virDomainDeviceInfoClear(def-info);
+VIR_FREE(def);
+}
+
void virDomainHostdevDefFree(virDomainHostdevDefPtr def)
{
if (!def)
@@ -1830,6 +1855,8 @@ void virDomainDefFree(virDomainDefPtr de
virDomainRNGDefFree(def-rng);
+virDomainTPMDefFree(def-tpm);
+
VIR_FREE(def-os.type);
VIR_FREE(def-os.machine);
VIR_FREE(def-os.init);
@@ -6473,6 +6500,103 @@ error:
goto cleanup;
}
+/* Parse the XML definition for a TPM device
+ *
+ * The XML looks like this:
+ *
+ * tpm model='tpm-tis'
+ * backend type='passthrough'
+ * device path='/dev/tpm0'/
+ * /backend
+ * /tpm
+ *
+ */
+static virDomainTPMDefPtr
+virDomainTPMDefParseXML(const xmlNodePtr node,
+xmlXPathContextPtr ctxt,
+unsigned int flags)
+{
+char *type = NULL;
+char *path = NULL;
+char *model = NULL;
+char *backend = NULL;
+virDomainTPMDefPtr def;
+xmlNodePtr save = ctxt-node;
+xmlNodePtr *backends = NULL;
+int nbackends;
+
+if (VIR_ALLOC(def) 0) {
+virReportOOMError();
+return NULL;
+}
+
+model = virXMLPropString(node, model);
+if (model != NULL
+(int)(def-model = virDomainTPMModelTypeFromString(model)) 0) {
+virReportError(VIR_ERR_INVALID_ARG,
+ _(Unknown TPM frontend model '%s'), model);
+goto error;
+} else {
+def-model = VIR_DOMAIN_TPM_MODEL_TIS;
+}
+
+ctxt-node = node;
+
+if ((nbackends = virXPathNodeSet(./backend, ctxt, backends)) 0)
+goto error;
+
+if (nbackends 1) {
+virReportError(VIR_ERR_XML_ERROR, %s,
+ _(only one TPM backend is supported));
+goto error;
+}
+
+if (!(backend = virXMLPropString(backends[0], type))) {
+virReportError(VIR_ERR_XML_ERROR, %s,
+ _(missing TPM device backend type));
+goto error;
+}
+
+if ((int)(def-type = virDomainTPMBackendTypeFromString(backend)) 0) {
+virReportError(VIR_ERR_XML_ERROR,
+ _(Unknown TPM backend type '%s'),
+ backend);
+goto error;
+}
+
+switch (def-type) {
+case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+path = virXPathString(string(./backend/device/@path), ctxt);
+if (!path !(path = strdup(VIR_DOMAIN_TPM_DEFAULT_DEVICE))) {
+virReportOOMError();
+goto error;
+}
+def-data.passthrough.source.data.file.path = path;
+def-data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
+path = NULL;
+break;
+case VIR_DOMAIN_TPM_TYPE_LAST:
+goto error;
+}
+
+if (virDomainDeviceInfoParseXML(node, NULL, def-info, flags) 0)
+goto error;
+
+cleanup:
+VIR_FREE(type);
+VIR_FREE(path);
+VIR_FREE(model);
+VIR_FREE(backend);
+VIR_FREE(backends);
+ctxt-node = save;
+return def;
+
+error:
+virDomainTPMDefFree(def);
+def = NULL;
+goto cleanup;
+}
+
/* Parse the XML definition for an input device */
static virDomainInputDefPtr
virDomainInputDefParseXML(const char *ostype,
@@ -10835,6 +10959,23 @@ virDomainDefParseXML(virCapsPtr caps,
goto error;
VIR_FREE(nodes);
}
+VIR_FREE(nodes);
+
+/* Parse the TPM devices */
+if ((n = virXPathNodeSet(./devices/tpm, ctxt, nodes)) 0)
+goto error;
+
+if (n 1) {
+virReportError(VIR_ERR_XML_ERROR, %s,
+ _(only a single TPM device is supported));
+goto
[libvirt] [PATCH v3 03/11] Add documentation and schema for TPM passthrough
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com --- docs/formatdomain.html.in | 57 ++ docs/schemas/domaincommon.rng | 43 +++ 2 files changed, 100 insertions(+) Index: libvirt/docs/formatdomain.html.in === --- libvirt.orig/docs/formatdomain.html.in +++ libvirt/docs/formatdomain.html.in @@ -4376,6 +4376,63 @@ qemu-kvm -net nic,model=? /dev/null /dl +h4a name=elementsTpmTPM device/a/h4 + +p + The TPM device enables a QEMU guest to have access to TPM + functionality. +/p +p + The TPM passthrough device type provides access to the host's TPM + for one QEMU guest. No other software may be is using the TPM device, + typically /dev/tpm0, at the time the QEMU guest is started. + span class=since'passthrough' since 1.0.4/span +/p + +p + Example: usage of the TPM passthrough device +/p +pre + ... + lt;devicegt; +lt;tpm model='tpm-tis'gt; + lt;backend type='passthrough'gt; +lt;backend path='/dev/tpm0'/gt; + lt;/backendgt; +lt;/tpmgt; + lt;/devicegt; +/pre +dl + dtcodemodel/code/dt + dd +p + The codemodel/code attribute specifies what device + model QEMU provides to the guest. If no model name is provided, + codetpm-tis/code will automatically be chosen. +/p + /dd + dtcodebackend/code/dt + dd +p + The codebackend/code element specifies the type of + TPM device. The following types are supported: +/p +ul + li'passthrough' mdash; use the hosts's TPM device. +/ul + /dd + dtcodebackend type='passthrough'/code/dt + dd +p + This backend type requires exclusive access to a TPM device on + the host. + An example for such a device is /dev/tpm0. The filename is + specified as path attribute of the codesource/code element. + If no file name is specified then /dev/tpm0 is automatically used. +/p + /dd +/dl + h3a name=seclabelSecurity label/a/h3 p Index: libvirt/docs/schemas/domaincommon.rng === --- libvirt.orig/docs/schemas/domaincommon.rng +++ libvirt/docs/schemas/domaincommon.rng @@ -2824,6 +2824,48 @@ text/ /element /define + + define name=tpm +element name=tpm + optional +attribute name=model + choice +valuetpm-tis/value + /choice +/attribute + /optional + ref name=tpm-backend/ + optional +ref name=alias/ + /optional +/element + /define + + define name=tpm-backend +element name=backend + choice + group + attribute name=type + valuepassthrough/value + /attribute + ref name=tpm-passthrough-device/ + /group + /choice +/element + /define + + define name=tpm-passthrough-device +optional + element name=device +optional + attribute name=path +ref name=filePath/ + /attribute +/optional + /element + /optional + /define + define name=input element name=input attribute name=type @@ -3134,6 +3176,7 @@ ref name=redirdev/ ref name=redirfilter/ ref name=rng/ +ref name=tpm/ /choice /zeroOrMore optional -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v3 00/11] Add support for guests with TPM passthrough device
Hello! The following set of patches adds support to libvirt for adding a TPM passthrough device to a QEMU guest. Support for this was recently accepted into QEMU. This set of patches borrows a lot from the recently added support for rng's. Regards, Stefan --- v2-v3: - followed tree to 03122d7b - some bits fixed v1-v2: - Followed Daniel Berrange's comments (except for the one on de-consolidating the JSON monitor code) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Correct invalid RNG schemas.
On 03/21/2013 04:28 PM, Martin Kletzander wrote: The 'trang' utility, which is able to transform '.rng' files into '.rnc' files, reported some errors in our schemas that weren't caught by the tools we use in the build. I haven't added a test for this, but the validity can be checked by the following command: trang -I rng -O rnc domain.rng domain.rnc There were unescaped minuses in regular expressions and we were constraining int (which is by default in the range of [-2^31;2^31-1] to maximum of 2^32. But what we wanted was exactly an unsignedInt. Signed-off-by: Martin Kletzander mklet...@redhat.com --- Thanks to that, the '.rnc' files can be used by nxml-mode which makes editing libvirt xml files a *lot* easier. docs/schemas/domaincommon.rng | 2 +- docs/schemas/nwfilter.rng | 19 --- 2 files changed, 9 insertions(+), 12 deletions(-) ACK Jan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2] Allow multiple parameters for schedinfo
virsh schedinfo was able to set only one parameter at a time (not
counting the deprecated options), but it is useful to set more at
once, so this patch adds the possibility to do stuff like this:
virsh schedinfo domain cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
emulator_period=0 emulator_quota=0
Invalid scheduler options are reported as well. These were previously
reported only if the command hadn't updated any values (when
cmdSchedInfoUpdate returned 0).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
Signed-off-by: Martin Kletzander mklet...@redhat.com
---
v2:
- correctly report unsupported options
- man page updated
tests/virsh-schedinfo | 4 +-
tools/virsh-domain.c | 119 --
tools/virsh.pod | 4 +-
3 files changed, 72 insertions(+), 55 deletions(-)
diff --git a/tests/virsh-schedinfo b/tests/virsh-schedinfo
index 4f462f8..37f7bd3 100755
--- a/tests/virsh-schedinfo
+++ b/tests/virsh-schedinfo
@@ -1,7 +1,7 @@
#!/bin/sh
# Ensure that virsh schedinfo --set invalid=val fails
-# Copyright (C) 2010-2011 Red Hat, Inc.
+# Copyright (C) 2010-2011, 2013 Red Hat, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -37,7 +37,7 @@ fi
. $srcdir/test-lib.sh
printf 'Scheduler : fair\n\n' exp-out || framework_failure
-printf 'error: invalid scheduler option: j=k\n' exp-err || framework_failure
+printf 'error: invalid scheduler option: j\n' exp-err || framework_failure
fail=0
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 128e516..cc2eddc 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -3918,16 +3918,14 @@ static const vshCmdOptDef opts_schedinfo[] = {
.flags = VSH_OFLAG_REQ,
.help = N_(domain name, id or uuid)
},
-{.name = set,
- .type = VSH_OT_STRING,
- .help = N_(parameter=value)
-},
{.name = weight,
.type = VSH_OT_INT,
+ .flags = VSH_OFLAG_REQ_OPT,
.help = N_(weight for XEN_CREDIT)
},
{.name = cap,
.type = VSH_OT_INT,
+ .flags = VSH_OFLAG_REQ_OPT,
.help = N_(cap for XEN_CREDIT)
},
{.name = current,
@@ -3942,72 +3940,100 @@ static const vshCmdOptDef opts_schedinfo[] = {
.type = VSH_OT_BOOL,
.help = N_(get/set value from running domain)
},
+{.name = set,
+ .type = VSH_OT_ARGV,
+ .flags = VSH_OFLAG_NONE,
+ .help = N_(parameter=value)
+},
{.name = NULL}
};
static int
+cmdSchedInfoUpdateOne(vshControl *ctl,
+ virTypedParameterPtr src_params, int nsrc_params,
+ virTypedParameterPtr *params,
+ int *nparams, int *maxparams,
+ const char *field, const char *value)
+{
+virTypedParameterPtr param;
+int ret = -1;
+int i;
+
+for (i = 0; i nsrc_params; i++) {
+param = (src_params[i]);
+
+if (STRNEQ(field, param-field))
+continue;
+
+if (virTypedParamsAddFromString(params, nparams, maxparams,
+field, param-type,
+value) 0) {
+vshSaveLibvirtError();
+goto cleanup;
+}
+ret = 0;
+break;
+}
+
+if (ret 0)
+vshError(ctl, _(invalid scheduler option: %s), field);
+
+ cleanup:
+return ret;
+}
+
+static int
cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd,
virTypedParameterPtr src_params, int nsrc_params,
virTypedParameterPtr *update_params)
{
-const char *set_arg;
char *set_field = NULL;
char *set_val = NULL;
-virTypedParameterPtr param;
+const char *val = NULL;
+const vshCmdOpt *opt = NULL;
virTypedParameterPtr params = NULL;
int nparams = 0;
int maxparams = 0;
int ret = -1;
int rv;
-int val;
-int i;
-if (vshCommandOptString(cmd, set, set_arg) 0) {
-set_field = vshStrdup(ctl, set_arg);
+while ((opt = vshCommandOptArgv(cmd, opt))) {
+set_field = vshStrdup(ctl, opt-data);
if (!(set_val = strchr(set_field, '='))) {
-vshError(ctl, %s, _(Invalid syntax for --set, expecting
name=value));
+vshError(ctl, %s, _(Invalid syntax for --set,
+ expecting name=value));
goto cleanup;
}
*set_val = '\0';
set_val++;
-}
-for (i = 0; i nsrc_params; i++) {
-param = (src_params[i]);
-
-/* Legacy 'weight' and 'cap' parameter */
-if (param-type == VIR_TYPED_PARAM_UINT
-(STREQ(param-field, weight) || STREQ(param-field, cap))
-(rv = vshCommandOptInt(cmd, param-field, val)) != 0) {
-if (rv 0) {
-
Re: [libvirt] [PATCH] Correct invalid RNG schemas.
On 03/21/2013 05:00 PM, Ján Tomko wrote: On 03/21/2013 04:28 PM, Martin Kletzander wrote: The 'trang' utility, which is able to transform '.rng' files into '.rnc' files, reported some errors in our schemas that weren't caught by the tools we use in the build. I haven't added a test for this, but the validity can be checked by the following command: trang -I rng -O rnc domain.rng domain.rnc There were unescaped minuses in regular expressions and we were constraining int (which is by default in the range of [-2^31;2^31-1] to maximum of 2^32. But what we wanted was exactly an unsignedInt. Signed-off-by: Martin Kletzander mklet...@redhat.com --- Thanks to that, the '.rnc' files can be used by nxml-mode which makes editing libvirt xml files a *lot* easier. docs/schemas/domaincommon.rng | 2 +- docs/schemas/nwfilter.rng | 19 --- 2 files changed, 9 insertions(+), 12 deletions(-) ACK Jan Thanks, pushed (and removed the dot at the end of subject). Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/5] virsh-domain: Add --live, --config, --current logic to cmdDetachDevice
Use the established approach to improve this function too.
---
tools/virsh-domain.c | 46 +-
tools/virsh.pod | 15 +++
2 files changed, 48 insertions(+), 13 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index df72c78..7079066 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9167,14 +9167,27 @@ static const vshCmdOptDef opts_detach_device[] = {
.help = N_(XML file)
},
{.name = persistent,
- .type = VSH_OT_ALIAS,
- .help = config
+ .type = VSH_OT_BOOL,
+ .help = N_(make live change persistent)
},
{.name = config,
.type = VSH_OT_BOOL,
.help = N_(affect next boot)
},
+{.name = live,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect running domain)
+},
+{.name = current,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect current domain)
+},
+{.name = force,
+ .type = VSH_OT_BOOL,
+ .help = N_(force device update)
+},
{.name = NULL}
+
};
static bool
@@ -9185,11 +9198,30 @@ cmdDetachDevice(vshControl *ctl, const vshCmd *cmd)
char *buffer = NULL;
int ret;
bool funcRet = false;
-unsigned int flags;
+bool current = vshCommandOptBool(cmd, current);
+bool config = vshCommandOptBool(cmd, config);
+bool live = vshCommandOptBool(cmd, live);
+bool persistent = vshCommandOptBool(cmd, persistent);
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, current);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config || persistent)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
+if (persistent
+virDomainIsActive(dom) == 1)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
+
if (vshCommandOptStringReq(ctl, cmd, file, from) 0)
goto cleanup;
@@ -9198,14 +9230,10 @@ cmdDetachDevice(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
}
-if (vshCommandOptBool(cmd, config)) {
-flags = VIR_DOMAIN_AFFECT_CONFIG;
-if (virDomainIsActive(dom) == 1)
- flags |= VIR_DOMAIN_AFFECT_LIVE;
+if (flags != 0)
ret = virDomainDetachDeviceFlags(dom, buffer, flags);
-} else {
+else
ret = virDomainDetachDevice(dom, buffer);
-}
if (ret 0) {
vshError(ctl, _(Failed to detach device from %s), from);
diff --git a/tools/virsh.pod b/tools/virsh.pod
index ebbe201..760b164 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1858,16 +1858,23 @@ BNote: the optional target value is the name of a
device to be created
as the back-end on the node. If not provided a device named vnetN or vifN
will be created automatically.
-=item Bdetach-device Idomain IFILE [I--config]
+=item Bdetach-device Idomain IFILE
+[[[I--live] [I--config] | [I--current]] | [I--persistent]]
Detach a device from the domain, takes the same kind of XML descriptions
as command Battach-device.
-If I--config is specified, alter persistent configuration, effect observed
-on next boot, for compatibility purposes, I--persistent is alias of
-I--config.
For passthrough host devices, see also Bnodedev-reattach, needed if
the device does not use managed mode.
+If I--live is specified, affect a running domain.
+If I--config is specified, affect the next startup of a persistent domain.
+If I--current is specified, affect the current domain state.
+Both I--live and I--config flags may be given, but I--current is
+exclusive. Not specifying any flag is the same as specifying I--current.
+
+For compatibility purposes, I--persistent behaves like I--config for
+an offline domain, and like I--live I--config for a running domain.
+
=item Bdetach-disk Idomain Itarget [I--config]
Detach a disk device from a domain. The Itarget is the device as seen
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 5/5] virsh-domain: Add --live, --config, --current logic to cmdDetachDisk
Use the established approach to improve this function too.
---
tools/virsh-domain.c | 59 +---
tools/virsh.pod | 15 +
2 files changed, 53 insertions(+), 21 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 7079066..35c3961 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9782,13 +9782,25 @@ static const vshCmdOptDef opts_detach_disk[] = {
.help = N_(target of disk device)
},
{.name = persistent,
- .type = VSH_OT_ALIAS,
- .help = config
+ .type = VSH_OT_BOOL,
+ .help = N_(make live change persistent)
},
{.name = config,
.type = VSH_OT_BOOL,
.help = N_(affect next boot)
},
+{.name = live,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect running domain)
+},
+{.name = current,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect current domain)
+},
+{.name = force,
+ .type = VSH_OT_BOOL,
+ .help = N_(force device update)
+},
{.name = NULL}
};
@@ -9801,8 +9813,23 @@ cmdDetachDisk(vshControl *ctl, const vshCmd *cmd)
char *doc = NULL;
int ret;
bool functionReturn = false;
-unsigned int flags;
xmlNodePtr disk_node = NULL;
+bool current = vshCommandOptBool(cmd, current);
+bool config = vshCommandOptBool(cmd, config);
+bool live = vshCommandOptBool(cmd, live);
+bool persistent = vshCommandOptBool(cmd, persistent);
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, current);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config || persistent)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -9810,10 +9837,13 @@ cmdDetachDisk(vshControl *ctl, const vshCmd *cmd)
if (vshCommandOptStringReq(ctl, cmd, target, target) 0)
goto cleanup;
-doc = virDomainGetXMLDesc(dom, 0);
-if (!doc)
+if (!(doc = virDomainGetXMLDesc(dom, 0)))
goto cleanup;
+if (persistent
+virDomainIsActive(dom) == 1)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
+
if (!(disk_node = vshFindDisk(doc, target, VSH_FIND_DISK_NORMAL)))
goto cleanup;
@@ -9821,24 +9851,19 @@ cmdDetachDisk(vshControl *ctl, const vshCmd *cmd)
VSH_PREPARE_DISK_XML_NONE)))
goto cleanup;
-if (vshCommandOptBool(cmd, config)) {
-flags = VIR_DOMAIN_AFFECT_CONFIG;
-if (virDomainIsActive(dom) == 1)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
-ret = virDomainDetachDeviceFlags(dom,
- disk_xml,
- flags);
-} else {
+if (flags != 0)
+ret = virDomainDetachDeviceFlags(dom, disk_xml, flags);
+else
ret = virDomainDetachDevice(dom, disk_xml);
-}
if (ret != 0) {
vshError(ctl, %s, _(Failed to detach disk));
-} else {
-vshPrint(ctl, %s, _(Disk detached successfully\n));
-functionReturn = true;
+goto cleanup;
}
+vshPrint(ctl, %s, _(Disk detached successfully\n));
+functionReturn = true;
+
cleanup:
xmlFreeNode(disk_node);
VIR_FREE(disk_xml);
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 760b164..04df31b 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1875,13 +1875,20 @@ exclusive. Not specifying any flag is the same as
specifying I--current.
For compatibility purposes, I--persistent behaves like I--config for
an offline domain, and like I--live I--config for a running domain.
-=item Bdetach-disk Idomain Itarget [I--config]
+=item Bdetach-disk Idomain Itarget
+[[[I--live] [I--config] | [I--current]] | [I--persistent]]
Detach a disk device from a domain. The Itarget is the device as seen
from the domain.
-If I--config is specified, alter persistent configuration, effect observed
-on next boot, for compatibility purposes, I--persistent is alias of
-I--config.
+
+If I--live is specified, affect a running domain.
+If I--config is specified, affect the next startup of a persistent domain.
+If I--current is specified, affect the current domain state.
+Both I--live and I--config flags may be given, but I--current is
+exclusive. Not specifying any flag is the same as specifying I--current.
+
+For compatibility purposes, I--persistent behaves like I--config for
+an offline domain, and like I--live I--config for a running domain.
=item Bdetach-interface Idomain Itype [I--mac mac]
[[[I--live] [I--config] | [I--current]] | [I--persistent]]
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/5] virsh-domain: Add --live, --config, --current logic to cmdDetachInterface
Use the established approach to improve this function too.
---
tools/virsh-domain.c | 52 +++-
tools/virsh.pod | 15 +++
2 files changed, 50 insertions(+), 17 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 6741837..df72c78 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9353,13 +9353,25 @@ static const vshCmdOptDef opts_detach_interface[] = {
.help = N_(MAC address)
},
{.name = persistent,
- .type = VSH_OT_ALIAS,
- .help = config
+ .type = VSH_OT_BOOL,
+ .help = N_(make live change persistent)
},
{.name = config,
.type = VSH_OT_BOOL,
.help = N_(affect next boot)
},
+{.name = live,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect running domain)
+},
+{.name = current,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect current domain)
+},
+{.name = force,
+ .type = VSH_OT_BOOL,
+ .help = N_(force device update)
+},
{.name = NULL}
};
@@ -9373,12 +9385,27 @@ cmdDetachInterface(vshControl *ctl, const vshCmd *cmd)
xmlNodePtr cur = NULL, matchNode = NULL;
xmlBufferPtr xml_buf = NULL;
const char *mac =NULL, *type = NULL;
-char *doc;
+char *doc = NULL;
char buf[64];
int i = 0, diff_mac;
int ret;
int functionReturn = false;
-unsigned int flags;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+bool current = vshCommandOptBool(cmd, current);
+bool config = vshCommandOptBool(cmd, config);
+bool live = vshCommandOptBool(cmd, live);
+bool persistent = vshCommandOptBool(cmd, persistent);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, current);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config || persistent)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -9389,13 +9416,14 @@ cmdDetachInterface(vshControl *ctl, const vshCmd *cmd)
if (vshCommandOptStringReq(ctl, cmd, mac, mac) 0)
goto cleanup;
-doc = virDomainGetXMLDesc(dom, 0);
-if (!doc)
+if (persistent
+virDomainIsActive(dom) == 1)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
+
+if (!(doc = virDomainGetXMLDesc(dom, 0)))
goto cleanup;
-xml = virXMLParseStringCtxt(doc, _((domain_definition)), ctxt);
-VIR_FREE(doc);
-if (!xml) {
+if (!(xml = virXMLParseStringCtxt(doc, _((domain_definition)), ctxt))) {
vshError(ctl, %s, _(Failed to get interface information));
goto cleanup;
}
@@ -9460,10 +9488,7 @@ cmdDetachInterface(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
}
-if (vshCommandOptBool(cmd, config)) {
-flags = VIR_DOMAIN_AFFECT_CONFIG;
-if (virDomainIsActive(dom) == 1)
-flags |= VIR_DOMAIN_AFFECT_LIVE;
+if (flags != 0) {
ret = virDomainDetachDeviceFlags(dom,
(char *)xmlBufferContent(xml_buf),
flags);
@@ -9479,6 +9504,7 @@ cmdDetachInterface(vshControl *ctl, const vshCmd *cmd)
}
cleanup:
+VIR_FREE(doc);
virDomainFree(dom);
xmlXPathFreeObject(obj);
xmlXPathFreeContext(ctxt);
diff --git a/tools/virsh.pod b/tools/virsh.pod
index a9e8c65..ebbe201 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1876,16 +1876,23 @@ If I--config is specified, alter persistent
configuration, effect observed
on next boot, for compatibility purposes, I--persistent is alias of
I--config.
-=item Bdetach-interface Idomain Itype [I--mac mac] [I--config]
+=item Bdetach-interface Idomain Itype [I--mac mac]
+[[[I--live] [I--config] | [I--current]] | [I--persistent]]
Detach a network interface from a domain.
Itype can be either Inetwork to indicate a physical network device or
Ibridge to indicate a bridge to a device. It is recommended to use the
Imac option to distinguish between the interfaces if more than one are
present on the domain.
-If I--config is specified, alter persistent configuration, effect observed
-on next boot, for compatibility purposes, I--persistent is alias of
-I--config.
+
+If I--live is specified, affect a running domain.
+If I--config is specified, affect the next startup of a persistent domain.
+If I--current is specified, affect the current domain state.
+Both I--live and I--config flags may be given, but I--current is
+exclusive. Not specifying any flag is the same as specifying I--current.
+
+For compatibility purposes, I--persistent behaves like I--config for
+an offline domain, and like I--live I--config for a running domain.
=item Bupdate-device Idomain Ifile [I--force]
[[[I--live] [I--config] | [I--current]] | [I--persistent]]
--
1.8.1.5
--
libvir-list mailing list
[libvirt] [PATCH 0/5] Add domain modification impact flags to hot-management commands
As promised in the RFC, this series adds the --live, --config, --current and --persistent flags to virsh commands that were lacking them. Peter Krempa (5): virsh-domain: Fix declarations of flag variables in cmdChangeMedia virsh: Fix semantics of --config for update-device command virsh-domain: Add --live, --config, --current logic to cmdDetachInterface virsh-domain: Add --live, --config, --current logic to cmdDetachDevice virsh-domain: Add --live, --config, --current logic to cmdDetachDisk tools/virsh-domain.c | 225 --- tools/virsh.pod | 66 ++- 2 files changed, 206 insertions(+), 85 deletions(-) -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/5] virsh-domain: Fix declarations of flag variables in cmdChangeMedia
flags were declared as signed and the parameter options can be
declared directly.
Also use macros for mutual exclusion on some of the incompatible
parameter variables.
---
tools/virsh-domain.c | 27 +++
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 11db36b..68df01e 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9903,26 +9903,21 @@ cmdChangeMedia(vshControl *ctl, const vshCmd *cmd)
const char *doc = NULL;
xmlNodePtr disk_node = NULL;
const char *disk_xml = NULL;
-unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
-bool config, live, current, force = false;
-bool eject, insert, update = false;
bool ret = false;
int prepare_type = 0;
const char *action = NULL;
+bool config = vshCommandOptBool(cmd, config);
+bool live = vshCommandOptBool(cmd, live);
+bool current = vshCommandOptBool(cmd, current);
+bool force = vshCommandOptBool(cmd, force);
+bool eject = vshCommandOptBool(cmd, eject);
+bool insert = vshCommandOptBool(cmd, insert);
+bool update = vshCommandOptBool(cmd, update);
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
-config = vshCommandOptBool(cmd, config);
-live = vshCommandOptBool(cmd, live);
-current = vshCommandOptBool(cmd, current);
-force = vshCommandOptBool(cmd, force);
-eject = vshCommandOptBool(cmd, eject);
-insert = vshCommandOptBool(cmd, insert);
-update = vshCommandOptBool(cmd, update);
-
-if (eject + insert + update 1) {
-vshError(ctl, %s, _(--eject, --insert, and --update must be
specified
-exclusively.));
-return false;
-}
+VSH_EXCLUSIVE_OPTIONS_VAR(eject, insert);
+VSH_EXCLUSIVE_OPTIONS_VAR(eject, update);
+VSH_EXCLUSIVE_OPTIONS_VAR(insert, update);
if (eject) {
prepare_type = VSH_PREPARE_DISK_XML_EJECT;
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv4 0/9] Introduce driver specific callbacks and get rid of irrelevant data in virCaps
On 03/15/13 16:26, Peter Krempa wrote: This series now splits out almost everything from the virCaps object (except for the defaultConsoleTargetType callback that I will post later as It requires more tweaking). See notes in individual patches for change summary. Ping? Anybody that could spare some time to do a review? Thanks. Peter Peter Krempa (9): conf: Add post XML parse callbacks and prepare for cleaning of virCaps qemu: Record the default NIC model in the domain XML virCaps: get rid of defaultInitPath value in the virCaps struct virCaps: get rid of defaultDiskDriverName virCaps: get rid of emulatorRequired conf: Enforce ranges on cputune variables virCaps: remove defaultDiskDriverType from the struct virCaps: Get rid of hasWideScsiBus virCaps: get rid of macPrefix field -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/5] virsh: Fix semantics of --config for update-device command
The man page states that with --config the next boot is affected. This
can be understood as if _only_ the next bood was affected. This isn't
true if the machine is running.
This patch adds the full --live, --config, --current infrastructure and
tweaks stuff to correctly support the obsolete --persistent flag.
---
tools/virsh-domain.c | 41 ++---
tools/virsh.pod | 21 ++---
2 files changed, 44 insertions(+), 18 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 68df01e..6741837 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9246,13 +9246,21 @@ static const vshCmdOptDef opts_update_device[] = {
.help = N_(XML file)
},
{.name = persistent,
- .type = VSH_OT_ALIAS,
- .help = config
+ .type = VSH_OT_BOOL,
+ .help = N_(make live change persistent)
},
{.name = config,
.type = VSH_OT_BOOL,
.help = N_(affect next boot)
},
+{.name = live,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect running domain)
+},
+{.name = current,
+ .type = VSH_OT_BOOL,
+ .help = N_(affect current domain)
+},
{.name = force,
.type = VSH_OT_BOOL,
.help = N_(force device update)
@@ -9267,7 +9275,22 @@ cmdUpdateDevice(vshControl *ctl, const vshCmd *cmd)
const char *from = NULL;
char *buffer = NULL;
bool ret = false;
-unsigned int flags;
+unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+bool current = vshCommandOptBool(cmd, current);
+bool config = vshCommandOptBool(cmd, config);
+bool live = vshCommandOptBool(cmd, live);
+bool persistent = vshCommandOptBool(cmd, persistent);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(persistent, current);
+
+VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+if (config || persistent)
+flags |= VIR_DOMAIN_AFFECT_CONFIG;
+if (live)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
return false;
@@ -9275,19 +9298,15 @@ cmdUpdateDevice(vshControl *ctl, const vshCmd *cmd)
if (vshCommandOptStringReq(ctl, cmd, file, from) 0)
goto cleanup;
+if (persistent
+virDomainIsActive(dom) == 1)
+flags |= VIR_DOMAIN_AFFECT_LIVE;
+
if (virFileReadAll(from, VSH_MAX_XML_FILE, buffer) 0) {
vshReportError(ctl);
goto cleanup;
}
-if (vshCommandOptBool(cmd, config)) {
-flags = VIR_DOMAIN_AFFECT_CONFIG;
-if (virDomainIsActive(dom) == 1)
- flags |= VIR_DOMAIN_AFFECT_LIVE;
-} else {
-flags = VIR_DOMAIN_AFFECT_LIVE;
-}
-
if (vshCommandOptBool(cmd, force))
flags |= VIR_DOMAIN_DEVICE_MODIFY_FORCE;
diff --git a/tools/virsh.pod b/tools/virsh.pod
index b5e632e..a9e8c65 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1887,18 +1887,25 @@ If I--config is specified, alter persistent
configuration, effect observed
on next boot, for compatibility purposes, I--persistent is alias of
I--config.
-=item Bupdate-device Idomain Ifile [I--config] [I--force]
+=item Bupdate-device Idomain Ifile [I--force]
+[[[I--live] [I--config] | [I--current]] | [I--persistent]]
Update the characteristics of a device associated with Idomain,
-based on the device definition in an XML Ifile. If the I--config
-option is used, the changes will take affect the next time libvirt
-starts the domain. For compatibility purposes, I--persistent is
-alias of I--config. The I--force option can be used to force
-device update, e.g., to eject a CD-ROM even if it is locked/mounted in
-the domain. See the documentation at
+based on the device definition in an XML Ifile. The I--force option
+can be used to force device update, e.g., to eject a CD-ROM even if it is
+locked/mounted in the domain. See the documentation at
Lhttp://libvirt.org/formatdomain.html#elementsDevices to learn about
libvirt XML format for a device.
+If I--live is specified, affect a running domain.
+If I--config is specified, affect the next startup of a persistent domain.
+If I--current is specified, affect the current domain state.
+Both I--live and I--config flags may be given, but I--current is
+exclusive. Not specifying any flag is the same as specifying I--current.
+
+For compatibility purposes, I--persistent behaves like I--config for
+an offline domain, and like I--live I--config for a running domain.
+
=item Bchange-media Idomain Ipath [I--eject] [I--insert]
[I--update] [Isource] [I--force] [[I--live] [I--config] |
[I--current]]
--
1.8.1.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v5 1/3] virFile: Add APIs for extended attributes handling
Currently, only three wrappers are being implemented:
virFileSetAttr for setting attributes
virFileGetAttr for querying attributes (note we need to call it twice,
first time to get length of attribute value, second to get actual value)
virFileRemoveAttr for removing attributes
---
diff to v4:
-drop errno setting
diff to v3:
-set errno=ENOSYS when building without WITH_ATTR for easier check within
callee.
diff to v2:
-drop multiple check for libattr
src/libvirt_private.syms | 3 ++
src/util/virfile.c | 105 +++
src/util/virfile.h | 14 +++
3 files changed, 122 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 21bc615..fd57fa0 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1253,8 +1253,11 @@ virFileClose;
virFileDirectFdFlag;
virFileFclose;
virFileFdopen;
+virFileGetAttr;
virFileLoopDeviceAssociate;
+virFileRemoveAttr;
virFileRewrite;
+virFileSetAttr;
virFileTouch;
virFileUpdatePerm;
virFileWrapperFdClose;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 4a9fa81..2409db4 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -37,6 +37,10 @@
# include sys/ioctl.h
#endif
+#ifdef WITH_ATTR
+# include attr/xattr.h
+#endif
+
#include vircommand.h
#include configmake.h
#include viralloc.h
@@ -644,3 +648,104 @@ int virFileLoopDeviceAssociate(const char *file,
}
#endif /* __linux__ */
+
+#ifdef WITH_ATTR
+int
+virFileSetAttr(const char *file,
+ const char *name,
+ const char *value)
+{
+size_t valueSize = strlen(value);
+if (setxattr(file, name, value, valueSize, 0) 0) {
+virReportSystemError(errno,
+ _(Unable to set extended attribute '%s' on
'%s'),
+ name, file);
+return -1;
+}
+return 0;
+}
+
+int
+virFileGetAttr(const char *file,
+ const char *name,
+ char **value)
+{
+int ret = -1;
+char *buf = NULL;
+ssize_t valueSize;
+
+/* get attribute length */
+if ((valueSize = getxattr(file, name, NULL, 0)) 0) {
+/* The Linux kernel does not define ENOATTR, but maps it to ENODATA. */
+if (errno == ENOATTR || errno == ENODATA) {
+*value = NULL;
+return 0;
+} else {
+virReportSystemError(errno,
+ _(Unable to get extended attribute '%s' on
'%s'),
+ name, file);
+return ret;
+}
+}
+
+if (VIR_ALLOC_N(buf, valueSize) 0) {
+virReportOOMError();
+return ret;
+}
+
+if ((ret = getxattr(file, name, buf, valueSize)) 0) {
+VIR_FREE(buf);
+virReportSystemError(errno,
+ _(Unable to get extended attribute '%s' on
'%s'),
+ name, file);
+} else {
+*value = buf;
+}
+
+return ret;
+}
+
+int
+virFileRemoveAttr(const char *file,
+ const char *name)
+{
+if (removexattr(file, name) 0) {
+virReportSystemError(errno,
+ _(Unable to remove extended attribute '%s' on
'%s'),
+ name, file);
+return -1;
+}
+return 0;
+}
+
+#else /* WITH_ATTR */
+
+int
+virFileSetAttr(const char *file ATTRIBUTE_UNUSED,
+ const char *name ATTRIBUTE_UNUSED,
+ const char *value ATTRIBUTE_UNUSED)
+{
+virReportSystemError(ENOSYS, %s,
+ _(Unable to set extended attributes));
+return -1;
+}
+
+int
+virFileGetAttr(const char *file ATTRIBUTE_UNUSED,
+ const char *name ATTRIBUTE_UNUSED,
+ char **value ATTRIBUTE_UNUSED)
+{
+virReportSystemError(ENOSYS, %s,
+ _(Unable to get extended attributes));
+return -1;
+}
+
+int
+virFileRemoveAttr(const char *file ATTRIBUTE_UNUSED,
+ const char *name ATTRIBUTE_UNUSED)
+{
+virReportSystemError(ENOSYS, %s,
+ _(Unable to remove extended attributes));
+return -1;
+}
+#endif /* WITH_ATTR */
diff --git a/src/util/virfile.h b/src/util/virfile.h
index c885b73..9e0adf6 100644
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@@ -108,4 +108,18 @@ int virFileUpdatePerm(const char *path,
int virFileLoopDeviceAssociate(const char *file,
char **dev);
+int virFileSetAttr(const char *file,
+ const char *name,
+ const char *value)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+
+int virFileGetAttr(const char *file,
+ const char *name,
+ char **value)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+
+int virFileRemoveAttr(const char *file,
+ const char *name)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+
#endif /*
[libvirt] [PATCH v5 3/3] security_dac: Favour ACLs over chown()
On filesystems supporting ACLs we don't need to do a chown but we
can just set ACLs to gain access for qemu. However, since we are
setting these on too low level, where we don't know if disk is
just a read only or read write, we set read write access
unconditionally.
From implementation POV, a reference counter is introduced, so ACL is
restored only on the last restore attempt in order to not cut off other
domains. And since a file may had an ACL for a user already set, we need
to keep this as well. Both these, the reference counter and original ACL
are stored as extended attributes named trusted.libvirt.dac.refCount and
trusted.libvirt.dac.oldACL respectively.
However, some filesystems doesn't support ACLs, XATTRs, or both. So the
code is made to favour ACLs among with tracking the reference count. If
this fails, we fall back to chown() with best effort to remember the
original owner of file.
---
diff to v4:
-adapt to changed error reporting in 1/3 and 2/3
diff to v3:
-Dan's suggestions worked in
diff to v2:
-basically squashed functionality of 2/4 and 4/4 from previous
round
src/security/security_dac.c | 309 +++-
1 file changed, 280 insertions(+), 29 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 35b90da..989dc50 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -25,6 +25,7 @@
#include security_dac.h
#include virerror.h
+#include virfile.h
#include virutil.h
#include viralloc.h
#include virlog.h
@@ -34,6 +35,9 @@
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_DAC_NAME dac
+#define SECURITY_DAC_XATTR_OLD_ACL trusted.libvirt.dac.oldACL
+#define SECURITY_DAC_XATTR_OLD_OWNER trusted.libvirt.dac.oldOwner
+#define SECURITY_DAC_XATTR_REFCOUNT trusted.libvirt.dac.refCount
typedef struct _virSecurityDACData virSecurityDACData;
typedef virSecurityDACData *virSecurityDACDataPtr;
@@ -234,6 +238,196 @@ int virSecurityDACGetImageIds(virDomainDefPtr def,
virSecurityDACDataPtr priv,
return 0;
}
+static int
+virSecurityDACGetXATTRRefcount(const char *path,
+ int *refCount)
+{
+int ret = -1;
+char *refCountStr;
+
+if (virFileGetAttr(path, SECURITY_DAC_XATTR_REFCOUNT, refCountStr) 0)
+return ret;
+
+VIR_DEBUG(path=%s refCountStr=%s, path, NULLSTR(refCountStr));
+
+if (!refCountStr) {
+*refCount = 0;
+return 0;
+}
+
+if (virStrToLong_i(refCountStr, NULL, 10, refCount) 0) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(Malformed %s attribute: %s),
+ SECURITY_DAC_XATTR_REFCOUNT,
+ refCountStr);
+goto cleanup;
+}
+
+ret = 0;
+cleanup:
+VIR_FREE(refCountStr);
+return ret;
+}
+
+static int
+virSecurityDACSetXATTRRefcount(const char *path,
+ int refCount)
+{
+int ret = -1;
+char *refCountStr;
+
+VIR_DEBUG(path=%s refCount=%d, path, refCount);
+
+if (refCount == 0) {
+virFileRemoveAttr(path, SECURITY_DAC_XATTR_REFCOUNT);
+return 0;
+}
+
+if (virAsprintf(refCountStr, %u, refCount) 0) {
+virReportOOMError();
+return ret;
+}
+
+if (virFileSetAttr(path, SECURITY_DAC_XATTR_REFCOUNT, refCountStr) 0)
+goto cleanup;
+
+ret = 0;
+cleanup:
+VIR_FREE(refCountStr);
+return ret;
+}
+
+static int
+virSecurityDACSetACL(const char *path,
+ uid_t uid)
+{
+int ret = -1;
+char *oldACL = NULL;
+mode_t perms;
+
+VIR_DEBUG(path=%s uid=%u, path, uid);
+
+if (virFileGetACL(path, uid, perms) 0) {
+/* error getting ACL entry for @uid */
+goto cleanup;
+}
+
+if (virAsprintf(oldACL, %u:0%o, uid, perms) 0) {
+virReportOOMError();
+goto cleanup;
+}
+
+if (virFileSetAttr(path, SECURITY_DAC_XATTR_OLD_ACL, oldACL) 0)
+goto cleanup;
+
+if (virFileSetACL(path, uid, S_IRUSR | S_IWUSR) 0)
+goto cleanup;
+
+ret = 0;
+cleanup:
+if (ret 0)
+virFileRemoveAttr(path, SECURITY_DAC_XATTR_OLD_ACL);
+VIR_FREE(oldACL);
+return ret;
+}
+
+static int
+virSecurityDACRestoreACL(const char *path)
+{
+int ret = -1;
+char *oldACL = NULL, *c;
+uid_t uid;
+mode_t perms;
+
+VIR_DEBUG(path=%s, path);
+
+if (virFileGetAttr(path, SECURITY_DAC_XATTR_OLD_ACL, oldACL) 0)
+return ret;
+
+if (!oldACL) {
+VIR_WARN(Attribute %s is missing, SECURITY_DAC_XATTR_OLD_ACL);
+return ret;
+}
+
+if (!(c = strchr(oldACL, ':'))) {
+virReportError(VIR_ERR_INTERNAL_ERROR,
+ _(Malformed %s attribute: %s),
+ SECURITY_DAC_XATTR_OLD_ACL, oldACL);
+goto cleanup;
+}
+
+*c = '\0';
+c++;
+
+if (virStrToLong_ui(oldACL, NULL, 10, uid) 0 ||
+virStrToLong_ui(c, NULL, 8, perms) 0) {
+
[libvirt] [PATCH v5 0/3] Keep original file label
Yet another rework of $subj. I am still not solving atomicity problem for now. See diff to the patches if you want to know what's changed. Michal Privoznik (3): virFile: Add APIs for extended attributes handling virfile: Introduce internal API for managing ACL security_dac: Favour ACLs over chown() configure.ac| 2 + libvirt.spec.in | 1 + m4/virt-acl.m4 | 9 ++ src/Makefile.am | 4 +- src/libvirt_private.syms| 6 + src/security/security_dac.c | 309 +++- src/util/virfile.c | 295 ++ src/util/virfile.h | 28 8 files changed, 623 insertions(+), 31 deletions(-) create mode 100644 m4/virt-acl.m4 -- 1.8.1.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v5 2/3] virfile: Introduce internal API for managing ACL
For now, only three APIs are implemented:
virFileGetACL to retrieve permission for a specific user
virFileSetACL for setting requested permissions for a specific user,
virFileRemoveACL to remove those permissions.
---
diff to v4:
-drop errno setting
diff to v3:
-set errno=ENOSYS when building without WITH_ATTR for easier check within
callee.
-ACL mask is deleted prior recalc as after removing our entry, mask may be not
required anymore.
diff to v2:
-Introduced m4 macro to check for libacl
-new virFileGetACL API
-ACL mask recalc offloaded to libacl
configure.ac | 2 +
libvirt.spec.in | 1 +
m4/virt-acl.m4 | 9 +++
src/Makefile.am | 4 +-
src/libvirt_private.syms | 3 +
src/util/virfile.c | 190 +++
src/util/virfile.h | 14
7 files changed, 221 insertions(+), 2 deletions(-)
create mode 100644 m4/virt-acl.m4
diff --git a/configure.ac b/configure.ac
index 9d366e9..4e6627c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -142,6 +142,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
LIBVIRT_COMPILE_WARNINGS
+LIBVIRT_CHECK_ACL
LIBVIRT_CHECK_APPARMOR
LIBVIRT_CHECK_ATTR
LIBVIRT_CHECK_AUDIT
@@ -2462,6 +2463,7 @@ fi
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Libraries])
AC_MSG_NOTICE([])
+LIBVIRT_RESULT_ACL
LIBVIRT_RESULT_APPARMOR
LIBVIRT_RESULT_ATTR
LIBVIRT_RESULT_AUDIT
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 9fb753a..222674d 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -411,6 +411,7 @@ BuildRequires: gettext
BuildRequires: libtasn1-devel
BuildRequires: gnutls-devel
BuildRequires: libattr-devel
+BuildRequires: libacl-devel
%if 0%{?fedora} = 12 || 0%{?rhel} = 6
# for augparse, optionally used in testing
BuildRequires: augeas
diff --git a/m4/virt-acl.m4 b/m4/virt-acl.m4
new file mode 100644
index 000..7f16dca
--- /dev/null
+++ b/m4/virt-acl.m4
@@ -0,0 +1,9 @@
+dnl The libacl.so library
+
+AC_DEFUN([LIBVIRT_CHECK_ACL],[
+ LIBVIRT_CHECK_LIB([ACL], [acl], [acl_init], [sys/acl.h])
+])
+
+AC_DEFUN([LIBVIRT_RESULT_ACL],[
+ LIBVIRT_RESULT_LIB([ACL])
+])
diff --git a/src/Makefile.am b/src/Makefile.am
index 3f69d39..921ef94 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -768,11 +768,11 @@ libvirt_util_la_SOURCES =
\
$(UTIL_SOURCES)
libvirt_util_la_CFLAGS = $(CAPNG_CFLAGS) $(YAJL_CFLAGS) $(LIBNL_CFLAGS) \
$(AM_CFLAGS) $(AUDIT_CFLAGS) $(DEVMAPPER_CFLAGS) \
- $(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS)
+ $(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS) $(ACL_CFLAGS)
libvirt_util_la_LIBADD = $(CAPNG_LIBS) $(YAJL_LIBS) $(LIBNL_LIBS) \
$(THREAD_LIBS) $(AUDIT_LIBS) $(DEVMAPPER_LIBS) \
$(LIB_CLOCK_GETTIME) $(DBUS_LIBS) $(MSCOM_LIBS) $(LIBXML_LIBS) \
- $(SECDRIVER_LIBS) $(NUMACTL_LIBS)
+ $(SECDRIVER_LIBS) $(NUMACTL_LIBS) $(ACL_LIBS)
noinst_LTLIBRARIES += libvirt_conf.la
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index fd57fa0..db20591 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1253,10 +1253,13 @@ virFileClose;
virFileDirectFdFlag;
virFileFclose;
virFileFdopen;
+virFileGetACL;
virFileGetAttr;
virFileLoopDeviceAssociate;
+virFileRemoveACL;
virFileRemoveAttr;
virFileRewrite;
+virFileSetACL;
virFileSetAttr;
virFileTouch;
virFileUpdatePerm;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 2409db4..f8f0e20 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -41,6 +41,10 @@
# include attr/xattr.h
#endif
+#ifdef WITH_ACL
+# include acl/libacl.h
+#endif
+
#include vircommand.h
#include configmake.h
#include viralloc.h
@@ -749,3 +753,189 @@ virFileRemoveAttr(const char *file ATTRIBUTE_UNUSED,
return -1;
}
#endif /* WITH_ATTR */
+
+#ifdef WITH_ACL
+static acl_entry_t
+virFileACLFindEntry(acl_t acl, acl_tag_t type, id_t id)
+{
+acl_entry_t ent;
+acl_tag_t e_type;
+id_t *e_id_p;
+
+/* acl_get_entry returns 1 if there's an entry in @acl */
+if (acl_get_entry(acl, ACL_FIRST_ENTRY, ent) != 1)
+return NULL;
+
+do {
+acl_get_tag_type(ent, e_type);
+if (e_type == type) {
+if (id == ACL_UNDEFINED_ID)
+return ent;
+
+if (!(e_id_p = acl_get_qualifier(ent)))
+return NULL;
+if (*e_id_p == id) {
+acl_free(e_id_p);
+return ent;
+}
+acl_free(e_id_p);
+}
+} while (acl_get_entry(acl, ACL_NEXT_ENTRY, ent) == 1);
+
+return NULL;
+}
+
+static void
+virFileACLSetPerms(acl_entry_t ent, mode_t perms)
+{
+acl_permset_t set;
+
+acl_get_permset(ent, set);
+if (perms S_IRUSR)
+acl_add_perm(set, ACL_READ);
+else
+acl_delete_perm(set, ACL_READ);
+if (perms S_IWUSR)
+acl_add_perm(set, ACL_WRITE);
+else
+acl_delete_perm(set,
Re: [libvirt] [PATCHv4 7/9] virCaps: remove defaultDiskDriverType from the struct
On 03/15/13 16:26, Peter Krempa wrote: Use the qemu specific callback to fill this data in the qemu driver as it's the only place where it was used and fix tests as the qemu test capability object didn't configure the defaults for the tests. --- Notes: Version 4: - new in series src/conf/capabilities.h| 1 - src/conf/domain_conf.c | 5 --- src/qemu/qemu_conf.c | 6 src/qemu/qemu_domain.c | 42 ++ .../qemuxml2argv-disk-drive-network-nbd.args | 5 +-- .../qemuxml2argv-disk-drive-network-nbd.xml| 1 + .../qemuxml2argv-disk-drive-network-rbd-auth.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.xml | 1 + .../qemuxml2argv-disk-drive-network-rbd.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd.xml| 1 + .../qemuxml2argv-disk-drive-network-sheepdog.args | 3 +- .../qemuxml2argv-disk-drive-network-sheepdog.xml | 1 + 13 files changed, 47 insertions(+), 25 deletions(-) After recent Paolo's NBD patches this addition to the testsuite will be needed: diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args index bc9d93d..ca70ce4 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args @@ -1,5 +1,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \ pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ --no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 \ +-no-acpi -boot c -usb \ +-drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=raw \ -drive file=nbd:example.org:6000:exportname=bar,if=virtio,format=raw \ -net none -serial none -parallel none diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args index a942935..d103abf 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args @@ -1,5 +1,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \ pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ --no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 \ +-no-acpi -boot c -usb \ +-drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=raw \ -drive 'file=nbd+tcp://[::1]:6000/bar,if=virtio,format=raw' -net none \ -serial none -parallel none diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.args index 7cdbdd1..a03c4e8 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.args @@ -1,5 +1,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \ pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ --no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 \ +-no-acpi -boot c -usb \ +-drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=raw \ -drive 'file=nbd+tcp://[::1]:6000,if=virtio,format=raw' -net none \ -serial none -parallel none diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.args index 977b68f..84cae4a 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.args @@ -1,5 +1,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \ pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ --no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 \ +-no-acpi -boot c -usb \ +-drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=raw \ -drive file=nbd:unix:/var/run/nbdsock:exportname=bar,if=virtio,format=raw \ -net none -serial none -parallel none I already squashed that to my local tree. Peter -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv4 7/9] virCaps: remove defaultDiskDriverType from the struct
On 03/21/13 18:07, Peter Krempa wrote: On 03/15/13 16:26, Peter Krempa wrote: Use the qemu specific callback to fill this data in the qemu driver as it's the only place where it was used and fix tests as the qemu test capability object didn't configure the defaults for the tests. --- Notes: Version 4: - new in series src/conf/capabilities.h| 1 - src/conf/domain_conf.c | 5 --- src/qemu/qemu_conf.c | 6 src/qemu/qemu_domain.c | 42 ++ .../qemuxml2argv-disk-drive-network-nbd.args | 5 +-- .../qemuxml2argv-disk-drive-network-nbd.xml| 1 + .../qemuxml2argv-disk-drive-network-rbd-auth.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd-ipv6.xml | 1 + .../qemuxml2argv-disk-drive-network-rbd.args | 2 +- .../qemuxml2argv-disk-drive-network-rbd.xml| 1 + .../qemuxml2argv-disk-drive-network-sheepdog.args | 3 +- .../qemuxml2argv-disk-drive-network-sheepdog.xml | 1 + 13 files changed, 47 insertions(+), 25 deletions(-) After recent Paolo's NBD patches this addition to the testsuite will be needed: diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args index bc9d93d..ca70ce4 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.args @@ -1,5 +1,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M \ pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait \ --no-acpi -boot c -usb -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0 \ +-no-acpi -boot c -usb \ +-drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=raw \ -drive file=nbd:example.org:6000:exportname=bar,if=virtio,format=raw \ -net none -serial none -parallel none diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.args index a942935..d103abf 100644 and also the corresponding XML changes: diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.xml index f2b5ca4..7a84604 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-export.xml @@ -15,6 +15,7 @@ devices emulator/usr/bin/qemu/emulator disk type='block' device='disk' + driver name='qemu' type='raw'/ source dev='/dev/HostVG/QEMUGuest1'/ target dev='hda' bus='ide'/ address type='drive' controller='0' bus='0' target='0' unit='0'/ diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.xml index 595d7ea..c063db8 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6-export.xml @@ -15,6 +15,7 @@ devices emulator/usr/bin/qemu/emulator disk type='block' device='disk' + driver name='qemu' type='raw'/ source dev='/dev/HostVG/QEMUGuest1'/ target dev='hda' bus='ide'/ address type='drive' controller='0' bus='0' target='0' unit='0'/ diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.xml index 3c5c99d..540aa02 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-ipv6.xml @@ -15,6 +15,7 @@ devices emulator/usr/bin/qemu/emulator disk type='block' device='disk' + driver name='qemu' type='raw'/ source dev='/dev/HostVG/QEMUGuest1'/ target dev='hda' bus='ide'/ address type='drive' controller='0' bus='0' target='0' unit='0'/ diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.xml index 46114d5..a4126f5 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-nbd-unix.xml @@ -15,6 +15,7 @@ devices emulator/usr/bin/qemu/emulator disk type='block' device='disk' + driver name='qemu' type='raw'/ source dev='/dev/HostVG/QEMUGuest1'/ target dev='hda' bus='ide'/ address type='drive' controller='0' bus='0' target='0' unit='0'/ ... I already squashed that to my local tree. Peter -- libvir-list
Re: [libvirt] remote connection issue 'virsh -c qemu+ssh:///root@localhost/system list'
On Thu, Mar 21, 2013 at 6:23 AM, Yin Olivia-R63875 r63...@freescale.com wrote: Hi, I'm trying remote connection with qemu hypervisor on FSL PPC board. The libvirt server is the PPC board. root@ppc:~# ifconfig eth0 10.193.20.109 root@ppc:~# libvirtd -d root@ppc:~# virsh -c qemu:///system define test.xml root@ppc:~# virsh -c qemu:///system start test root@ppc:~# virsh -c qemu:///system list --all IdName State 2 test running Connect from an X86 PC (Ubuntu 10.04) to the PPC board. user@x86:~$ virsh -c qemu+ssh://root@10.193.20.109/system list --all The authenticity of host '10.193.20.109 (10.193.20.109)' can't be established. RSA key fingerprint is 2f:56:07:08:da:7d:ac:41:45:57:d2:12:15:19:67:e0. Are you sure you want to continue connecting (yes/no)? yes root@10.193.20.109's password: error: failed to connect to the hypervisor error: End of file while reading data: Warning: Permanently added '10.193.20.109' (RSA) to the list of known hosts. nc: invalid option -- 'U' BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary. Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]: Input/output error I tried to verify the remote connection on localhost. But it also failed as below: root@mpc8572ds:~# virsh -c qemu+ssh:///root@localhost/system list --all root@localhost's password: error: failed to connect to the hypervisor error: End of file while reading data: nc: invalid option -- 'U' BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary. Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]: Input/output error Could anyone give suggestion on this issue? Best Regards, Olivia You're using busybox's nc (netcat) implementation. It does not support UNIX sockets which is a requirement of libvirt when using the qemu+ssh:// scheme to connect. I'd suggest looking into generating some certificates and using qemu+tls:// (the default when using qemu:// to a remote system). If you don't care about any authentication or encryption for testing purposes you can use qemu+tcp:// -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix parsing of bond interface XML
Noticed that parsing bond interface XML containing the miimon element
fails
interface type=bond name=bond0
...
bond mode=active-backup
miimon freq=100 carrier=netif/
...
/bond
/interface
This configuration does not contain the optional updelay and downdelay
attributes, but parsing will fail due to returning the result of
virXPathULong (a -1 when the attribute doesn't exist) from
virInterfaceDefParseBond after examining the updelay attribute.
I considered just adding a ret = 0; near the bottom of
virInterfaceDefParseBond, but see there is no cleanup in the error
label. Instead, just return failure where failure occurs and
return success if the end of the function is reached.
---
src/conf/interface_conf.c | 56 +--
1 file changed, 25 insertions(+), 31 deletions(-)
diff --git a/src/conf/interface_conf.c b/src/conf/interface_conf.c
index 9301ec0..3d45d5c 100644
--- a/src/conf/interface_conf.c
+++ b/src/conf/interface_conf.c
@@ -572,61 +572,58 @@ error:
static int
virInterfaceDefParseBond(virInterfaceDefPtr def,
xmlXPathContextPtr ctxt) {
-int ret = -1;
+int res;
unsigned long tmp;
def-data.bond.mode = virInterfaceDefParseBondMode(ctxt);
if (def-data.bond.mode 0)
-goto error;
+return -1;
-ret = virInterfaceDefParseBondItfs(def, ctxt);
-if (ret != 0)
- goto error;
+if (virInterfaceDefParseBondItfs(def, ctxt) != 0)
+return -1;
if (virXPathNode(./miimon[1], ctxt) != NULL) {
def-data.bond.monit = VIR_INTERFACE_BOND_MONIT_MII;
-ret = virXPathULong(string(./miimon/@freq), ctxt, tmp);
-if ((ret == -2) || (ret == -1)) {
+res = virXPathULong(string(./miimon/@freq), ctxt, tmp);
+if ((res == -2) || (res == -1)) {
virReportError(VIR_ERR_XML_ERROR,
%s, _(bond interface miimon freq missing or
invalid));
-goto error;
+return -1;
}
def-data.bond.frequency = (int) tmp;
-ret = virXPathULong(string(./miimon/@downdelay), ctxt, tmp);
-if (ret == -2) {
+res = virXPathULong(string(./miimon/@downdelay), ctxt, tmp);
+if (res == -2) {
virReportError(VIR_ERR_XML_ERROR,
%s, _(bond interface miimon downdelay invalid));
-goto error;
-} else if (ret == 0) {
+return -1;
+} else if (res == 0) {
def-data.bond.downdelay = (int) tmp;
}
-ret = virXPathULong(string(./miimon/@updelay), ctxt, tmp);
-if (ret == -2) {
+res = virXPathULong(string(./miimon/@updelay), ctxt, tmp);
+if (res == -2) {
virReportError(VIR_ERR_XML_ERROR,
%s, _(bond interface miimon updelay invalid));
-goto error;
-} else if (ret == 0) {
+return -1;
+} else if (res == 0) {
def-data.bond.updelay = (int) tmp;
}
def-data.bond.carrier = virInterfaceDefParseBondMiiCarrier(ctxt);
-if (def-data.bond.carrier 0) {
-ret = -1;
-goto error;
-}
+if (def-data.bond.carrier 0)
+return -1;
} else if (virXPathNode(./arpmon[1], ctxt) != NULL) {
def-data.bond.monit = VIR_INTERFACE_BOND_MONIT_ARP;
-ret = virXPathULong(string(./arpmon/@interval), ctxt, tmp);
-if ((ret == -2) || (ret == -1)) {
+res = virXPathULong(string(./arpmon/@interval), ctxt, tmp);
+if ((res == -2) || (res == -1)) {
virReportError(VIR_ERR_XML_ERROR,
%s, _(bond interface arpmon interval missing or
invalid));
-goto error;
+return -1;
}
def-data.bond.interval = (int) tmp;
@@ -635,18 +632,15 @@ virInterfaceDefParseBond(virInterfaceDefPtr def,
if (def-data.bond.target == NULL) {
virReportError(VIR_ERR_XML_ERROR,
%s, _(bond interface arpmon target missing));
-ret = -1;
-goto error;
+return -1;
}
def-data.bond.validate = virInterfaceDefParseBondArpValid(ctxt);
-if (def-data.bond.validate 0) {
-ret = -1;
-goto error;
-}
+if (def-data.bond.validate 0)
+return -1;
}
-error:
-return ret;
+
+return 0;
}
static int
--
1.8.0.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] nwfilter: probe for inverted ctdir
Linux netfilter at some point inverted the meaning of the '--ctdir reply'
and newer netfilter implementations now expect '--ctdir original'
instread and vice-versa.
We probe for this netfilter change via a UDP message over loopback and 3
filtering rules applied to INPUT. If the sent byte arrives, the newer
netfilter implementation has been detected.
Signed-off-by: Stefan Berger stef...@linux.vnet.ibm.com
---
src/nwfilter/nwfilter_ebiptables_driver.c | 123
++
1 file changed, 123 insertions(+)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -27,6 +27,10 @@
#include string.h
#include sys/stat.h
#include fcntl.h
+#include arpa/inet.h
+#include sys/select.h
+#include sys/time.h
+#include unistd.h
#include internal.h
@@ -85,6 +89,12 @@ static char *iptables_cmd_path;
static char *ip6tables_cmd_path;
static char *grep_cmd_path;
+/*
+ * --ctdir original vs. reply's meaning was inverted in the netfilter
+ * at some point. We probe for it.
+ */
+static bool iptables_ctdir_corrected = false;
+
#define PRINT_ROOT_CHAIN(buf, prefix, ifname) \
snprintf(buf, sizeof(buf), libvirt-%c-%s, prefix, ifname)
#define PRINT_CHAIN(buf, prefix, ifname, suffix) \
@@ -1262,6 +1272,9 @@ iptablesEnforceDirection(int directionIn
virNWFilterRuleDefPtr rule,
virBufferPtr buf)
{
+if (iptables_ctdir_corrected)
+directionIn = !directionIn;
+
if (rule-tt != VIR_NWFILTER_RULE_DIRECTION_INOUT)
virBufferAsprintf(buf, -m conntrack --ctdir %s,
(directionIn) ? Original
@@ -4304,6 +4317,113 @@ ebiptablesDriverTestCLITools(void)
return ret;
}
+static void
+ebiptablesDriverProbeCtdir(void)
+{
+virBuffer buf = VIR_BUFFER_INITIALIZER;
+static const char cmdline[] =
+ $IPT -%c INPUT %c -i lo -p udp --dport %hu
+ -m state --state ESTABLISHED -j ACCEPT CMD_SEPARATOR
+ $IPT -%c INPUT %c -i lo -p udp --dport %hu
+ -m conntrack --ctdir original -j ACCEPT CMD_SEPARATOR
+ $IPT -%c INPUT %c -i lo -p udp --dport %hu -j DROP;
+/*
+ * Above '--ctdir original' gets this test to receive a message on
+ * 'fixed' netfilter.
+ */
+unsigned short port;
+int ssockfd = -1, csockfd = -1;
+struct sockaddr_in serveraddr = {
+.sin_family = AF_INET,
+};
+fd_set readfds;
+struct timeval timeout = {
+.tv_sec = 0,
+.tv_usec = 1000 * 200,
+};
+int n;
+
+if (inet_aton(127.0.0.1, serveraddr.sin_addr) == 0) {
+virReportError(VIR_ERR_INTERNAL_ERROR, %s,
+ inet_aton failed);
+goto cleanup;
+}
+
+if ((ssockfd = socket(AF_INET, SOCK_DGRAM, 0)) 0 ||
+(csockfd = socket(AF_INET, SOCK_DGRAM, 0)) 0) {
+ VIR_ERROR(_(Could not open UDP socket));
+ goto cleanup;
+}
+
+for (port = 0x; port 1024; port--) {
+serveraddr.sin_port = htons(port);
+if (bind(ssockfd, (struct sockaddr *)serveraddr,
+ sizeof(serveraddr)) == 0)
+break;
+}
+if (port == 1024) {
+VIR_ERROR(_(Could not bind to any UDP socket));
+goto cleanup;
+}
+
+NWFILTER_SET_IPTABLES_SHELLVAR(buf);
+virBufferAsprintf(buf, cmdline,
+ 'I', '1', port,
+ 'I', '2', port,
+ 'I', '3', port);
+
+if (virBufferError(buf)) {
+virReportOOMError();
+goto cleanup;
+}
+
+if (ebiptablesExecCLI(buf, NULL, NULL) 0) {
+VIR_ERROR(_(Could not apply iptables rules));
+goto cleanup_iptables;
+}
+
+if (sendto(csockfd, cmdline, 1, 0, (struct sockaddr *)serveraddr,
+ sizeof(serveraddr)) 0) {
+VIR_ERROR(_(Could not send to UDP socket));
+goto cleanup_iptables;
+}
+
+FD_ZERO(readfds);
+FD_SET(ssockfd, readfds);
+
+while (true) {
+n = select(ssockfd + 1, readfds, NULL, NULL, timeout);
+if (n 0) {
+if (errno == EINTR)
+continue;
+VIR_ERROR(_(Select failed));
+goto cleanup_iptables;
+}
+if (n == 0) {
+VIR_INFO(Ctdir probing received no data -- 'old' netfilter);
+goto cleanup_iptables;
+}
+VIR_INFO(Ctdir probing received data -- 'fixed' netfilter);
+iptables_ctdir_corrected = true;
+break;
+}
+
+cleanup_iptables:
+virBufferFreeAndReset(buf);
+
+NWFILTER_SET_IPTABLES_SHELLVAR(buf);
+virBufferAsprintf(buf, cmdline,
+ 'D', ' ', port,
+ 'D', ' ', port,
+ 'D', ' ', port);
+ebiptablesExecCLI(buf, NULL, NULL);
+
+cleanup:
+virBufferFreeAndReset(buf);
+
