Re: [Libvir] take 2 [Re: write(2) may write less than the total requested
Hi Jim, comments inline Jim Meyering wrote: diff --git a/proxy/libvirt_proxy.c b/proxy/libvirt_proxy.c index d96d3db..a22ba6c 100644 --- a/proxy/libvirt_proxy.c +++ b/proxy/libvirt_proxy.c @@ -2,7 +2,7 @@ * proxy_svr.c: root suid proxy server for Xen access to APIs with no * side effects from unauthenticated clients. * - * Copyright (C) 2006, 2007 Red Hat, Inc. + * Copyright (C) 2006, 2007, 2008 Red Hat, Inc. * * See COPYING.LIB for the License of this software * @@ -26,6 +26,7 @@ #include internal.h #include proxy_internal.h +#include util.h #include xen_internal.h #include xend_internal.h #include xs_internal.h @@ -317,19 +318,12 @@ proxyWriteClientSocket(int nr, virProxyPacketPtr req) { return(-1); } -retry: -ret = write(pollInfos[nr].fd, (char *) req, req-len); +ret = safewrite(pollInfos[nr].fd, (char *) req, req-len); if (ret 0) { Should this check (ret == req-len) instead? safewrite() will return an error if write() returns an error, regardless of how many bytes are written, but it's still possible for it to return less than requested if write() returns 0 (eof?). The behavior of safewrite could be adjusted to return errors in that case. -if (errno == EINTR) { - if (debug 0) - fprintf(stderr, write socket %d to client %d interrupted\n, - pollInfos[nr].fd, nr); - goto retry; - } fprintf(stderr, write %d bytes to socket %d from client %d failed\n, req-len, pollInfos[nr].fd, nr); - proxyCloseClientSocket(nr); - return(-1); +proxyCloseClientSocket(nr); +return(-1); } if (ret == 0) { if (debug) diff --git a/qemud/qemud.c b/qemud/qemud.c index 3a5e44c..269e9fe 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -118,7 +118,7 @@ static void sig_handler(int sig) { return; origerrno = errno; -r = write(sigwrite, sigc, 1); +r = safewrite(sigwrite, sigc, 1); write() shouldn't do a partial write for size 1, but this is necessary anyway to help with the EINTR case. Might want to add that benefit to the log message, it's not just short-writes this protects against. if (r == -1) { if (r != 1)? sig_errors++; sig_lasterrno = errno; @@ -1360,11 +1360,9 @@ static int qemudClientWriteBuf(struct qemud_server *server, const char *data, int len) { int ret; if (!client-tlssession) { -if ((ret = write(client-fd, data, len)) == -1) { -if (errno != EAGAIN) { -qemudLog (QEMUD_ERR, _(write: %s), strerror (errno)); -qemudDispatchClientFailure(server, client); -} +if ((ret = safewrite(client-fd, data, len)) == -1) { +qemudLog (QEMUD_ERR, _(write: %s), strerror (errno)); +qemudDispatchClientFailure(server, client); ret != len? return -1; } } else { diff --git a/src/conf.c b/src/conf.c index e0ecdea..53ea993 100644 --- a/src/conf.c +++ b/src/conf.c @@ -904,7 +904,7 @@ __virConfWriteFile(const char *filename, virConfPtr conf) goto error; } -ret = write(fd, buf-content, buf-use); +ret = safewrite(fd, buf-content, buf-use); close(fd); if (ret != (int) buf-use) { virConfError(NULL, VIR_ERR_WRITE_FAILED, _(failed to save content), 0); diff --git a/src/console.c b/src/console.c index 02a9c7f..1c6cba0 100644 --- a/src/console.c +++ b/src/console.c @@ -1,7 +1,7 @@ /* * console.c: A dumb serial console client * - * Copyright (C) 2007 Red Hat, Inc. + * Copyright (C) 2007, 2008 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -37,6 +37,7 @@ #include console.h #include internal.h +#include util.h /* ie Ctrl-] as per telnet */ #define CTRL_CLOSE_BRACKET '\35' @@ -161,7 +162,8 @@ int vshRunConsole(const char *tty) { while (sent got) { int done; -if ((done = write(destfd, buf + sent, got - sent)) = 0) { +if ((done = safewrite(destfd, buf + sent, got - sent)) += 0) { != (got - sent)? fprintf(stderr, _(failure writing output: %s\n), strerror(errno)); goto cleanup; diff --git a/src/proxy_internal.c b/src/proxy_internal.c index bc94763..c3e50c6 100644 --- a/src/proxy_internal.c +++ b/src/proxy_internal.c @@ -1,7 +1,7 @@ /* * proxy_client.c: client side of the communication with the libvirt proxy. * - * Copyright (C) 2006 Red Hat, Inc. + * Copyright (C) 2006, 2008 Red Hat, Inc. * * See COPYING.LIB for the License of this software * @@ -26,6 +26,7 @@ #include internal.h
Re: [Libvir] take 2 [Re: write(2) may write less than the total requested
Jim Meyering wrote: It *could* perform that test, but I think it is slightly more maintainable (no duplication of that potentially nontrivial expression) and just as correct to check only ret 0. Not having the duplicated expression is certainly good, if it's correct to do so (and it seems you're right). but it's still possible for it to return less than requested if write() returns 0 (eof?). Really? How? EOF is relevant to read, but not to write(2). As I see it, calling safewrite can have only two outcomes: - return -1 to indicate failure - return the requested byte count (arg #3, count, which is non-negative) The only way safewrite can return 0 is if its count argument is also 0, and that's not a failure. This is because write itself can return 0 only if its count is also 0. Hmm, I was thinking write might return 0 for closed pipes and similar but you're right, that's different from EOF and should return error. http://www.opengroup.org/onlinepubs/95399/functions/write.html says: Where this volume of IEEE Std 1003.1-2001 requires -1 to be returned and errno set to [EAGAIN], most historical implementations return zero (with the O_NDELAY flag set, which is the historical predecessor of O_NONBLOCK, but is not itself in this volume of IEEE Std 1003.1-2001). The error indications in this volume of IEEE Std 1003.1-2001 were chosen so that an application can distinguish these cases from end-of-file. so we're safe here. It does bring up the point that safewrite() doesn't handle EAGAIN and might not be appropriate for non-blocking fds. The sigwrite pipe is non-blocking. At quick glance, the qemud fds might be that way too? It also makes me notice that we have 3 *SetNonBlock functions, two with the same name even... -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] [PATCH] Rewrite openvzSetUUID.
Jim Meyering wrote: + /* Record failure if any of these fails, +and be careful always to close the stream. */ + if ((fseek(fp, 0, SEEK_END) 0) + + (fprintf(fp, \n#UUID: %s\n, uuidstr) 0); + + (fclose(fp) == EOF)) + ret = -1; I don't think you want to fprintf() if the fseek() fails? -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] PATCH: Support network interface model in Xen and QEMU driver
Daniel P. Berrange wrote: This patch finishes off the work from Rich / Soren to support network interface model in both Xen and QEMU drivers, and adds test cases for the new syntax I still think our consensus from when I posted this patch last year (nic model=...) makes more sense ... but getting any form of this patch upstream sounds good to me. -if (snprintf(nic, sizeof(nic), nic,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d, +if (net-model[0] != '\0') { +if (snprintf (model, sizeof (model), ,model=%s, net-model) += sizeof (model)) +goto error; +} else +model[0] = '\0'; + +if (snprintf(nic, sizeof(nic), + nic,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d%s, net-mac[0], net-mac[1], net-mac[2], net-mac[3], net-mac[4], net-mac[5], - vlan) = sizeof(nic)) + vlan, model) = sizeof(nic)) You could simplify this and not require the temporary buffer if you do it this way: http://www.mail-archive.com/libvir-list@redhat.com/msg03557.html -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] PATCH: Support initial boot time CPU affinity mask
Daniel P. Berrange wrote: Since we have CPU pinning support from my previous patch, adding in the initial pinning is fairly easy. We first pass the '-S' arg to QEMU when forking it. If -S is always added, this becomes unnecessary (qemu_conf.c:2823): if (vm-migrateFrom[0]) { if (!((*argv)[++n] = strdup(-S))) goto no_memory; -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] save/restore support for KVM
Richard W.M. Jones wrote: Jim Paris wrote: +if (strchr(path, '\'') || strchr(path, '\\') ) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + invalid filename); +return -1; +} [...] +/* Migrate to file. */ +if (asprintf (command, migrate \exec:dd of='%s' 2/dev/null\\n, + path) == -1) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +return -1; +} The patch is fine, except I'm wondering whether the quoting above is safe. We check if the path contains ' or \ and refuse to proceed. I _think_ you don't need to check for \ however I think you're right. An even better fix would be to explicitly escape bad characters in the path before passing them along. Giving an error on the filename Jim's VM as it would do right now isn't ideal. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] save/restore support for KVM
Daniel Veillard wrote: On Thu, Aug 09, 2007 at 10:55:10PM +0100, Daniel P. Berrange wrote: Just been committed to KVM repos I see. Should be an easy patch to backport too. As long as we can detect failure if this is missing report it back then I'm fine depending on this. Would checking for the kvm version from the console sufficient ? Since KVM makes even more releases than libvirt in average I guess that would be fine. I'm not sure the kvm qemu binary even reports the kvm version anywhere. I'll ask on kvm-devel to see if qemu/VERSION could get updated with each KVM release. - I append the domain's UUID at the end of the migration image. This doesn't affect KVM at all (it ignores the extra data). Does that seem reasonable? It's unclear how the saved image is supposed to get associated with a particular VM configuration without doing something like this. Actually I'd store the entire XML config appended to the end of the image. Its quite possible the saved image may be restored on a different machine so libvirt will need the XML config there its not much work to automatically append it all use it when restoring later. +1 . The only problem is that the XML has no predefined size, so it may be hard to stack more stuff behind it. I would ask first on the KVM list to check if it's okay to add a variable lenght data structure at the end, they might want to extend it in the future and that would be hard to handle. I think appending unrelated data to the migration image is a bit of a hack anyway. A better plan would be a file containing header XML config migration data On save, libvirt writes header and XML config, then closes it and uses dd of=path oflag=append conv=notrunc or just cat path as the migration command. On restore, libvirt reads the header and XML config, and then feeds the remaining migration data to KVM using -incoming stdio. I had wanted to avoid the trouble of feeding data via stdin, but maybe a well placed dup2(fd,STDIN_FILENO) would do the trick automatically. This file format would also make it easier for e.g. virt-manager to determine that a file is a valid libvirt restore image. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 1/7] Fix memory leak
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 7c75d9c..b05c3f6 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -204,6 +204,7 @@ qemudStartup(void) { qemudShutdown(); qemudAutostartConfigs(qemu_driver); +free(base); return 0; snprintf_error: -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 5/7] Add qemudEscapeShellArg for passing commandlines to qemu.
Use this to escape a shell argument in a commandline passed to qemu. First we need to escape certain characters to get them through the qemu monitor interface. On the shell side, the argument will be enclosed in single quotes, so the only character that needs special treatment is the single quote itself. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 66 + 1 files changed, 66 insertions(+), 0 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index e487640..5d310fe 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1866,6 +1866,72 @@ static int qemudDomainGetInfo(virDomainPtr dom, } +static char *qemudEscapeShellArg(const char *in) +{ +int len = 0; +int i, j; +char *out; + +/* To pass through the QEMU monitor, we need to use escape + sequences: \r, \n, \, \\ + + To pass through both QEMU + the shell, we need to escape + the single character ' as the five characters '\\'' +*/ + +for (i = 0; in[i] != '\0'; i++) { +switch(in[i]) { +case '\r': +case '\n': +case '': +case '\\': +len += 2; +break; +case '\'': +len += 5; +break; +default: +len += 1; +break; +} +} + +if ((out = (char *)malloc(len + 1)) == NULL) +return NULL; + +for (i = j = 0; in[i] != '\0'; i++) { +switch(in[i]) { +case '\r': +out[j++] = '\\'; +out[j++] = 'r'; +break; +case '\n': +out[j++] = '\\'; +out[j++] = 'n'; +break; +case '': +case '\\': +out[j++] = '\\'; +out[j++] = in[i]; +break; +case '\'': +out[j++] = '\''; +out[j++] = '\\'; +out[j++] = '\\'; +out[j++] = '\''; +out[j++] = '\''; +break; +default: +out[j++] = in[i]; +break; +} +} +out[j] = '\0'; + +return out; +} + + static int qemudDomainSave(virDomainPtr dom, const char *path ATTRIBUTE_UNUSED) { struct qemud_driver *driver = (struct qemud_driver *)dom-conn-privateData; -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 4/7] Add migration support to QEMU startup.
Adds new fields in qemu_vm structure. vm-migrateFrom specifies the argument to -incoming. vm-stdinFd specifies the file descriptor to pass to virExec as stdin, which will be used for the -incoming stdio case. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_conf.c | 12 +++- src/qemu_conf.h |2 ++ src/qemu_driver.c |4 ++-- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 79dd180..f02d693 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -1518,7 +1518,8 @@ int qemudBuildCommandLine(virConnectPtr conn, (vm-def-os.initrd[0] ? 2 : 0) + /* initrd */ (vm-def-os.cmdline[0] ? 2 : 0) + /* cmdline */ (vm-def-graphicsType == QEMUD_GRAPHICS_VNC ? 2 : - (vm-def-graphicsType == QEMUD_GRAPHICS_SDL ? 0 : 1)); /* graphics */ + (vm-def-graphicsType == QEMUD_GRAPHICS_SDL ? 0 : 1)) + /* graphics */ +(vm-migrateFrom[0] ? 3 : 0); /* migrateFrom */ snprintf(memory, sizeof(memory), %d, vm-def-memory/1024); snprintf(vcpus, sizeof(vcpus), %d, vm-def-vcpus); @@ -1767,6 +1768,15 @@ int qemudBuildCommandLine(virConnectPtr conn, /* SDL is the default. no args needed */ } +if (vm-migrateFrom[0]) { +if (!((*argv)[++n] = strdup(-S))) +goto no_memory; +if (!((*argv)[++n] = strdup(-incoming))) +goto no_memory; +if (!((*argv)[++n] = strdup(vm-migrateFrom))) +goto no_memory; +} + (*argv)[++n] = NULL; return 0; diff --git a/src/qemu_conf.h b/src/qemu_conf.h index 60a38b7..ba61264 100644 --- a/src/qemu_conf.h +++ b/src/qemu_conf.h @@ -212,6 +212,8 @@ struct qemud_vm { char configFile[PATH_MAX]; char autostartLink[PATH_MAX]; +char migrateFrom[PATH_MAX]; +int stdinFd; struct qemud_vm_def *def; /* The current definition */ struct qemud_vm_def *newDef; /* New definition to activate at shutdown */ diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 553aa21..e487640 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -656,9 +656,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, errno, strerror(errno)); if (virExecNonBlock(conn, argv, vm-pid, -0, vm-stdout, vm-stderr) == 0) { +vm-stdinFd, vm-stdout, vm-stderr) == 0) { vm-id = driver-nextvmid++; -vm-state = VIR_DOMAIN_RUNNING; +vm-state = vm-migrateFrom[0] ? VIR_DOMAIN_PAUSED : VIR_DOMAIN_RUNNING; driver-ninactivevms--; driver-nactivevms++; -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 3/7] Add option to pass stdin fd to virExec
If nonzero, uses the supplied fd instead of /dev/null. Update callers accordingly. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/openvz_driver.c |4 ++-- src/qemu_driver.c |5 +++-- src/util.c | 12 ++-- src/util.h |4 ++-- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/openvz_driver.c b/src/openvz_driver.c index 84d514c..b0788f6 100644 --- a/src/openvz_driver.c +++ b/src/openvz_driver.c @@ -342,7 +342,7 @@ static int openvzListDomains(virConnectPtr conn, int *ids, int nids) { char buf[32]; const char *cmd[] = {VZLIST, -ovpsid, -H , NULL}; -ret = virExec(conn, (char **)cmd, pid, outfd, errfd); +ret = virExec(conn, (char **)cmd, pid, 0, outfd, errfd); if(ret == -1) { error(conn, VIR_ERR_INTERNAL_ERROR, Could not exec VZLIST); return (int)NULL; @@ -373,7 +373,7 @@ static int openvzListDefinedDomains(virConnectPtr conn, const char *cmd[] = {VZLIST, -ovpsid, -H, NULL}; /* the -S options lists only stopped domains */ -ret = virExec(conn, (char **)cmd, pid, outfd, errfd); +ret = virExec(conn, (char **)cmd, pid, 0, outfd, errfd); if(ret == -1) { error(conn, VIR_ERR_INTERNAL_ERROR, Could not exec VZLIST); return (int)NULL; diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 8063ad2..553aa21 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -655,7 +655,8 @@ static int qemudStartVMDaemon(virConnectPtr conn, qemudLog(QEMUD_WARN, Unable to write argv to logfile %d: %s, errno, strerror(errno)); -if (virExecNonBlock(conn, argv, vm-pid, vm-stdout, vm-stderr) == 0) { +if (virExecNonBlock(conn, argv, vm-pid, +0, vm-stdout, vm-stderr) == 0) { vm-id = driver-nextvmid++; vm-state = VIR_DOMAIN_RUNNING; @@ -912,7 +913,7 @@ dhcpStartDhcpDaemon(virConnectPtr conn, if (qemudBuildDnsmasqArgv(conn, network, argv) 0) return -1; -ret = virExecNonBlock(conn, argv, network-dnsmasqPid, NULL, NULL); +ret = virExecNonBlock(conn, argv, network-dnsmasqPid, 0, NULL, NULL); for (i = 0; argv[i]; i++) free(argv[i]); diff --git a/src/util.c b/src/util.c index f53cfd2..546a7b8 100644 --- a/src/util.c +++ b/src/util.c @@ -79,7 +79,7 @@ static int virSetNonBlock(int fd) { static int _virExec(virConnectPtr conn, char **argv, - int *retpid, int *outfd, int *errfd, int non_block) { + int *retpid, int infd, int *outfd, int *errfd, int non_block) { int pid, null; int pipeout[2] = {-1,-1}; int pipeerr[2] = {-1,-1}; @@ -140,7 +140,7 @@ _virExec(virConnectPtr conn, if (pipeerr[0] 0 close(pipeerr[0]) 0) _exit(1); -if (dup2(null, STDIN_FILENO) 0) +if (dup2(infd 0 ? infd : null, STDIN_FILENO) 0) _exit(1); if (dup2(pipeout[1] 0 ? pipeout[1] : null, STDOUT_FILENO) 0) _exit(1); @@ -176,16 +176,16 @@ _virExec(virConnectPtr conn, int virExec(virConnectPtr conn, char **argv, - int *retpid, int *outfd, int *errfd) { + int *retpid, int infd, int *outfd, int *errfd) { -return(_virExec(conn, argv, retpid, outfd, errfd, 0)); +return(_virExec(conn, argv, retpid, infd, outfd, errfd, 0)); } int virExecNonBlock(virConnectPtr conn, char **argv, - int *retpid, int *outfd, int *errfd) { + int *retpid, int infd, int *outfd, int *errfd) { -return(_virExec(conn, argv, retpid, outfd, errfd, 1)); +return(_virExec(conn, argv, retpid, infd, outfd, errfd, 1)); } diff --git a/src/util.h b/src/util.h index 5b84043..d11e6d9 100644 --- a/src/util.h +++ b/src/util.h @@ -21,6 +21,6 @@ * File created Jul 18, 2007 - Shuveb Hussain [EMAIL PROTECTED] */ -int virExec(virConnectPtr conn, char **argv, int *retpid, int *outfd, int *errfd); -int virExecNonBlock(virConnectPtr conn, char **argv, int *retpid, int *outfd, int *errfd); +int virExec(virConnectPtr conn, char **argv, int *retpid, int infd, int *outfd, int *errfd); +int virExecNonBlock(virConnectPtr conn, char **argv, int *retpid, int infd, int *outfd, int *errfd); -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 2/7] Fix issues with QEMU monitor interface.
Due to the TTY layer, sending \n to the qemu monitor translates into \r\n when received. This triggers a bug in older versions of QEMU (KVM = 33) because the same command is executed twice, and still has problems with fixed QEMU because the (qemu) prompt is printed twice. Switch all monitor commands to end with \r which avoids both issues. The QEMU monitor sends frequent terminal escape sequences, typically \033[D and \033[K. At times, these interfere with the prompt detection when they get sent between \n and (qemu) . Fix the issue by filtering out these sequences when they are received. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 21 - 1 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index b05c3f6..8063ad2 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1306,12 +1306,14 @@ static int qemudMonitorCommand(struct qemud_driver *driver ATTRIBUTE_UNUSED, for (;;) { struct pollfd fd = { vm-monitor, POLLIN | POLLERR | POLLHUP, 0 }; char *tmp; +int skip = 0; /* Read all the data QEMU has sent thus far */ for (;;) { char data[1024]; int got = read(vm-monitor, data, sizeof(data)); char *b; +int i; if (got == 0) { if (buf) @@ -1333,14 +1335,23 @@ static int qemudMonitorCommand(struct qemud_driver *driver ATTRIBUTE_UNUSED, return -1; } buf = b; -memmove(buf+size, data, got); -buf[size+got] = '\0'; -size += got; + +/* Copy data, skipping 3-byte escape sequences */ +for (i = 0; i got; i++) { +if (data[i] == '\033') +skip = 3; +if (skip) +skip--; +else +buf[size++] = data[i]; +} +buf[size] = '\0'; } if (buf) qemudDebug(Mon [%s], buf); /* Look for QEMU prompt to indicate completion */ if (buf ((tmp = strstr(buf, \n(qemu) )) != NULL)) { +fprintf(stderr,got qemu\n); tmp[0] = '\0'; break; } @@ -1755,7 +1766,7 @@ static int qemudDomainSuspend(virDomainPtr dom) { if (vm-state == VIR_DOMAIN_PAUSED) return 0; -if (qemudMonitorCommand(driver, vm, stop\n, info) 0) { +if (qemudMonitorCommand(driver, vm, stop\r, info) 0) { qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, suspend operation failed); return -1; } @@ -1780,7 +1791,7 @@ static int qemudDomainResume(virDomainPtr dom) { } if (vm-state == VIR_DOMAIN_RUNNING) return 0; -if (qemudMonitorCommand(driver, vm, cont\n, info) 0) { +if (qemudMonitorCommand(driver, vm, cont\r, info) 0) { qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, resume operation failed); return -1; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 7/7] Add KVM restore support using migration.
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 106 +++-- 1 files changed, 102 insertions(+), 4 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 50ab702..c6de8a0 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -2047,10 +2047,108 @@ static int qemudDomainSave(virDomainPtr dom, static int qemudDomainRestore(virConnectPtr conn, - const char *path ATTRIBUTE_UNUSED) { -/*struct qemud_driver *driver = (struct qemud_driver *)conn-privateData;*/ -qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, restore is not supported); -return -1; + const char *path) { +struct qemud_driver *driver = (struct qemud_driver *)conn-privateData; +struct qemud_vm_def *def; +struct qemud_vm *vm; +int fd; +char *xml; +struct qemud_save_header header; + +/* Verify the header and read the XML */ +if ((fd = open(path, O_RDONLY)) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + cannot read domain image); +return -1; +} + +if (read(fd, header, sizeof(header)) != sizeof(header)) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to read qemu header); +close(fd); +return -1; +} + +if (memcmp(header.magic, QEMUD_SAVE_MAGIC, sizeof(header.magic)) != 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + image magic is incorrect); +close(fd); +return -1; +} + +if ((xml = (char *)malloc(header.xml_len + 1)) == NULL) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +close(fd); +return -1; +} + +if (read(fd, xml, header.xml_len) != header.xml_len) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to read XML); +close(fd); +free(xml); +return -1; +} +xml[header.xml_len] = '\0'; + +/* Create a domain from this XML */ +if (!(def = qemudParseVMDef(conn, driver, xml, NULL))) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to parse XML); +close(fd); +free(xml); +return -1; +} +free(xml); + +/* Ensure the name and UUID don't already exist in an active VM */ +vm = qemudFindVMByUUID(driver, def-uuid); +if (!vm) vm = qemudFindVMByName(driver, def-name); +if (vm qemudIsActiveVM(vm)) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + domain to restore is already active); +close(fd); +return -1; +} + +if (!(vm = qemudAssignVMDef(conn, driver, def))) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to assign new VM); +qemudFreeVMDef(def); +close(fd); +return -1; +} + +/* Set the migration source and start it up. */ +snprintf(vm-migrateFrom, sizeof(vm-migrateFrom), stdio); +vm-stdinFd = fd; + +if (qemudStartVMDaemon(conn, driver, vm) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to start VM); +if (!vm-configFile[0]) +qemudRemoveInactiveVM(driver, vm); +close(fd); +return -1; +} +close(fd); +vm-migrateFrom[0] = '\0'; +vm-stdinFd = 0; + +/* If it was running before, resume it now. */ +if (header.was_running) { +char *info; +if (qemudMonitorCommand(driver, vm, cont\n, info) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to resume domain); +return -1; +} +free(info); +vm-state = VIR_DOMAIN_RUNNING; +} + +return 0; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 6/7] Add KVM save support using migration.
The save file format consists of a header, XML for the domain, and the raw QEMU/KVM migration data stream. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 109 ++--- 1 files changed, 103 insertions(+), 6 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 5d310fe..50ab702 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1932,20 +1932,117 @@ static char *qemudEscapeShellArg(const char *in) } -static int qemudDomainSave(virDomainPtr dom, -const char *path ATTRIBUTE_UNUSED) { +#define QEMUD_SAVE_MAGIC LibvirtQemudSave +struct qemud_save_header { +char magic[sizeof(QEMUD_SAVE_MAGIC)-1]; +int xml_len; +int was_running; +}; + +static int qemudDomainSave(virDomainPtr dom, + const char *path) { struct qemud_driver *driver = (struct qemud_driver *)dom-conn-privateData; struct qemud_vm *vm = qemudFindVMByID(driver, dom-id); +char *command, *info; +int fd; +char *safe_path; +char *xml; +struct qemud_save_header header; + +memset(header, 0, sizeof(header)); +memcpy(header.magic, QEMUD_SAVE_MAGIC, sizeof(header.magic)); + if (!vm) { -qemudReportError(dom-conn, dom, NULL, VIR_ERR_INVALID_DOMAIN, no domain with matching id %d, dom-id); +qemudReportError(dom-conn, dom, NULL, VIR_ERR_INVALID_DOMAIN, + no domain with matching id %d, dom-id); return -1; } + if (!qemudIsActiveVM(vm)) { -qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, domain is not running); +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + domain is not running); return -1; } -qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, save is not supported); -return -1; + +/* Pause */ +if (vm-state == VIR_DOMAIN_RUNNING) { +header.was_running = 1; +if (qemudDomainSuspend(dom) != 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to pause domain); +return -1; +} +} + +/* Get XML for the domain */ +xml = qemudGenerateXML(dom-conn, driver, vm, vm-def, 0); +if (!xml) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to get domain xml); +return -1; +} +header.xml_len = strlen(xml); + +/* Write header to file, followed by XML */ +if ((fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to create '%s', path); +free(xml); +return -1; +} + +if (write(fd, header, sizeof(header)) != sizeof(header)) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to write save header); +close(fd); +free(xml); +return -1; +} + +if (write(fd, xml, header.xml_len) != header.xml_len) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to write xml); +close(fd); +free(xml); +return -1; +} + +close(fd); +free(xml); + +/* Migrate to file */ +safe_path = qemudEscapeShellArg(path); +if (!safe_path) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +return -1; +} +if (asprintf (command, migrate \exec: + dd of='%s' oflag=append conv=notrunc 2/dev/null + \\n, safe_path) == -1) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +free(safe_path); +return -1; +} +free(safe_path); + +if (qemudMonitorCommand(driver, vm, command, info) 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + migrate operation failed); +free(command); +return -1; +} + +free(info); +free(command); + +/* Shut it down */ +qemudShutdownVMDaemon(dom-conn, driver, vm); +if (!vm-configFile[0]) +qemudRemoveInactiveVM(driver, vm); + +return 0; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] Re: [PATCH 2/7] Fix issues with QEMU monitor interface.
Daniel Veillard wrote: +/* Copy data, skipping 3-byte escape sequences */ +for (i = 0; i got; i++) { +if (data[i] == '\033') +skip = 3; +if (skip) +skip--; +else +buf[size++] = data[i]; +} +buf[size] = '\0'; } It seems that if for some reason you do a partial read on the QEmu console descriptor ending in the middle of the escape command you may have a problem. It should be OK. Partial reads are why I'm setting using the skip variable which is persistent across read() calls. Any time we see '\033' we'll always skip three bytes from qemu. Note that partial reads across qemuMonitorCommand calls doesn't really matter, because we really just care about finding the next prompt anyway, and there shouldn't be any data received between the prompt and the execution of the next command. Daniel P. Berrange wrote: We're reading from a Psuedo-TTY which is line buffered, so I think the OS should guarentee that we can read a whole lines worth of data without getting EAGAIN. QEMU disables line buffering when it initializes the pty. It looks sane to me - I had no idea QEMU was sending this escape sequences. It comes from qemu's readline.c:term_update and is a bit of a pain. ... Actually, on closer inspection, I think this patch might be misguided. The only case where you should get escape sequences after the \n but before the (qemu) is when you are sending CRLF to a version of KVM that's supposed to be better at handling it -- it turns out my kvm patch was incomplete and didn't reset all of the input state. When monitor commands are terminated with \r rather than \n, this should never occur. And so filtering escape sequences should be unnecessary, as they should only show up on the echoed command line. There were also some bugs in my libvirt patches (a merge error left two commands terminated with \n, and I left some debug output). I'll fix things up and send an updated series. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Fix issues with QEMU monitor interface.
Due to the TTY layer, sending \n to the qemu monitor translates into \r\n when received. This triggers a bug in older versions of QEMU (KVM = 33) because the same command is executed twice, and still has problems with fixed QEMU because the (qemu) prompt is printed twice. Switch all monitor commands to end with \r which avoids both issues. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index b05c3f6..e13e6a3 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1755,7 +1755,7 @@ static int qemudDomainSuspend(virDomainPtr dom) { if (vm-state == VIR_DOMAIN_PAUSED) return 0; -if (qemudMonitorCommand(driver, vm, stop\n, info) 0) { +if (qemudMonitorCommand(driver, vm, stop\r, info) 0) { qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, suspend operation failed); return -1; } @@ -1780,7 +1780,7 @@ static int qemudDomainResume(virDomainPtr dom) { } if (vm-state == VIR_DOMAIN_RUNNING) return 0; -if (qemudMonitorCommand(driver, vm, cont\n, info) 0) { +if (qemudMonitorCommand(driver, vm, cont\r, info) 0) { qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, resume operation failed); return -1; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Add qemudEscapeShellArg for passing commandlines to qemu.
Use this to escape a shell argument in a commandline passed to qemu. First we need to escape certain characters to get them through the qemu monitor interface. On the shell side, the argument will be enclosed in single quotes, so the only character that needs special treatment is the single quote itself. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 66 + 1 files changed, 66 insertions(+), 0 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index e649060..8125622 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1855,6 +1855,72 @@ static int qemudDomainGetInfo(virDomainPtr dom, } +static char *qemudEscapeShellArg(const char *in) +{ +int len = 0; +int i, j; +char *out; + +/* To pass through the QEMU monitor, we need to use escape + sequences: \r, \n, \, \\ + + To pass through both QEMU + the shell, we need to escape + the single character ' as the five characters '\\'' +*/ + +for (i = 0; in[i] != '\0'; i++) { +switch(in[i]) { +case '\r': +case '\n': +case '': +case '\\': +len += 2; +break; +case '\'': +len += 5; +break; +default: +len += 1; +break; +} +} + +if ((out = (char *)malloc(len + 1)) == NULL) +return NULL; + +for (i = j = 0; in[i] != '\0'; i++) { +switch(in[i]) { +case '\r': +out[j++] = '\\'; +out[j++] = 'r'; +break; +case '\n': +out[j++] = '\\'; +out[j++] = 'n'; +break; +case '': +case '\\': +out[j++] = '\\'; +out[j++] = in[i]; +break; +case '\'': +out[j++] = '\''; +out[j++] = '\\'; +out[j++] = '\\'; +out[j++] = '\''; +out[j++] = '\''; +break; +default: +out[j++] = in[i]; +break; +} +} +out[j] = '\0'; + +return out; +} + + static int qemudDomainSave(virDomainPtr dom, const char *path ATTRIBUTE_UNUSED) { struct qemud_driver *driver = (struct qemud_driver *)dom-conn-privateData; -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Add KVM save support using migration.
The save file format consists of a header, XML for the domain, and the raw QEMU/KVM migration data stream. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 112 ++-- 1 files changed, 107 insertions(+), 5 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 8125622..f2c4316 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -1921,20 +1921,122 @@ static char *qemudEscapeShellArg(const char *in) } +#define QEMUD_SAVE_MAGIC LibvirtQemudSave +#define QEMUD_SAVE_VERSION 1 + +struct qemud_save_header { +char magic[sizeof(QEMUD_SAVE_MAGIC)-1]; +int version; +int xml_len; +int was_running; +int unused[16]; +}; + static int qemudDomainSave(virDomainPtr dom, -const char *path ATTRIBUTE_UNUSED) { + const char *path) { struct qemud_driver *driver = (struct qemud_driver *)dom-conn-privateData; struct qemud_vm *vm = qemudFindVMByID(driver, dom-id); +char *command, *info; +int fd; +char *safe_path; +char *xml; +struct qemud_save_header header; + +memset(header, 0, sizeof(header)); +memcpy(header.magic, QEMUD_SAVE_MAGIC, sizeof(header.magic)); +header.version = QEMUD_SAVE_VERSION; + if (!vm) { -qemudReportError(dom-conn, dom, NULL, VIR_ERR_INVALID_DOMAIN, no domain with matching id %d, dom-id); +qemudReportError(dom-conn, dom, NULL, VIR_ERR_INVALID_DOMAIN, + no domain with matching id %d, dom-id); return -1; } + if (!qemudIsActiveVM(vm)) { -qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, domain is not running); +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + domain is not running); return -1; } -qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, save is not supported); -return -1; + +/* Pause */ +if (vm-state == VIR_DOMAIN_RUNNING) { +header.was_running = 1; +if (qemudDomainSuspend(dom) != 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to pause domain); +return -1; +} +} + +/* Get XML for the domain */ +xml = qemudGenerateXML(dom-conn, driver, vm, vm-def, 0); +if (!xml) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to get domain xml); +return -1; +} +header.xml_len = strlen(xml) + 1; + +/* Write header to file, followed by XML */ +if ((fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to create '%s', path); +free(xml); +return -1; +} + +if (safewrite(fd, header, sizeof(header)) != sizeof(header)) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to write save header); +close(fd); +free(xml); +return -1; +} + +if (safewrite(fd, xml, header.xml_len) != header.xml_len) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + failed to write xml); +close(fd); +free(xml); +return -1; +} + +close(fd); +free(xml); + +/* Migrate to file */ +safe_path = qemudEscapeShellArg(path); +if (!safe_path) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +return -1; +} +if (asprintf (command, migrate \exec: + dd of='%s' oflag=append conv=notrunc 2/dev/null + \\r, safe_path) == -1) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +free(safe_path); +return -1; +} +free(safe_path); + +if (qemudMonitorCommand(driver, vm, command, info) 0) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + migrate operation failed); +free(command); +return -1; +} + +free(info); +free(command); + +/* Shut it down */ +qemudShutdownVMDaemon(dom-conn, driver, vm); +if (!vm-configFile[0]) +qemudRemoveInactiveVM(driver, vm); + +return 0; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 0/7] QEMU/KVM save/restore support, take 3
Here's take 3 of the QEMU/KVM save/restore support. Thanks for your input. Changes since last time: - Remove escape sequence filtering, it's not necessary. - Clean up stdin handling in virExec, use -1 to signify unused - Add signal-safe read/write wrappers that handle EINTR and use them. - Add version and padding to image header, and check version on restore. - Include null-termination in XML data length - Show name of conflicting domain in error message Everything seems to work well in my tests. I've run into a few rare cases where the migration doesn't work correctly (causing segfaults in the guest, or kvm to crash), but it's not libvirt's fault, and libvirt handles the failures well. (I suspect it's related to http://article.gmane.org/gmane.comp.emulators.kvm.devel/5583) Thanks, -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Add migration support to QEMU startup.
Adds new fields in qemu_vm structure. vm-migrateFrom specifies the argument to -incoming. vm-stdin specifies the file descriptor to pass to virExec as stdin, which will be used for the -incoming stdio case. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_conf.c | 13 - src/qemu_conf.h |2 ++ src/qemu_driver.c |4 ++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 79dd180..2bbd072 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -1518,7 +1518,8 @@ int qemudBuildCommandLine(virConnectPtr conn, (vm-def-os.initrd[0] ? 2 : 0) + /* initrd */ (vm-def-os.cmdline[0] ? 2 : 0) + /* cmdline */ (vm-def-graphicsType == QEMUD_GRAPHICS_VNC ? 2 : - (vm-def-graphicsType == QEMUD_GRAPHICS_SDL ? 0 : 1)); /* graphics */ + (vm-def-graphicsType == QEMUD_GRAPHICS_SDL ? 0 : 1)) + /* graphics */ +(vm-migrateFrom[0] ? 3 : 0); /* migrateFrom */ snprintf(memory, sizeof(memory), %d, vm-def-memory/1024); snprintf(vcpus, sizeof(vcpus), %d, vm-def-vcpus); @@ -1767,6 +1768,15 @@ int qemudBuildCommandLine(virConnectPtr conn, /* SDL is the default. no args needed */ } +if (vm-migrateFrom[0]) { +if (!((*argv)[++n] = strdup(-S))) +goto no_memory; +if (!((*argv)[++n] = strdup(-incoming))) +goto no_memory; +if (!((*argv)[++n] = strdup(vm-migrateFrom))) +goto no_memory; +} + (*argv)[++n] = NULL; return 0; @@ -1884,6 +1894,7 @@ qemudAssignVMDef(virConnectPtr conn, return NULL; } +vm-stdin = -1; vm-stdout = -1; vm-stderr = -1; vm-monitor = -1; diff --git a/src/qemu_conf.h b/src/qemu_conf.h index 60a38b7..4a9b1ae 100644 --- a/src/qemu_conf.h +++ b/src/qemu_conf.h @@ -199,6 +199,7 @@ struct qemud_vm_def { /* Guest VM runtime state */ struct qemud_vm { +int stdin; int stdout; int stderr; int monitor; @@ -212,6 +213,7 @@ struct qemud_vm { char configFile[PATH_MAX]; char autostartLink[PATH_MAX]; +char migrateFrom[PATH_MAX]; struct qemud_vm_def *def; /* The current definition */ struct qemud_vm_def *newDef; /* New definition to activate at shutdown */ diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 15b94b8..e649060 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -656,9 +656,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, errno, strerror(errno)); if (virExecNonBlock(conn, argv, vm-pid, --1, vm-stdout, vm-stderr) == 0) { +vm-stdin, vm-stdout, vm-stderr) == 0) { vm-id = driver-nextvmid++; -vm-state = VIR_DOMAIN_RUNNING; +vm-state = vm-migrateFrom[0] ? VIR_DOMAIN_PAUSED : VIR_DOMAIN_RUNNING; driver-ninactivevms--; driver-nactivevms++; -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Add KVM restore support using migration.
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_driver.c | 113 +++-- 1 files changed, 109 insertions(+), 4 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index f2c4316..b0b6d62 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -2041,10 +2041,115 @@ static int qemudDomainSave(virDomainPtr dom, static int qemudDomainRestore(virConnectPtr conn, - const char *path ATTRIBUTE_UNUSED) { -/*struct qemud_driver *driver = (struct qemud_driver *)conn-privateData;*/ -qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, restore is not supported); -return -1; + const char *path) { +struct qemud_driver *driver = (struct qemud_driver *)conn-privateData; +struct qemud_vm_def *def; +struct qemud_vm *vm; +int fd; +char *xml; +struct qemud_save_header header; + +/* Verify the header and read the XML */ +if ((fd = open(path, O_RDONLY)) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + cannot read domain image); +return -1; +} + +if (saferead(fd, header, sizeof(header)) != sizeof(header)) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to read qemu header); +close(fd); +return -1; +} + +if (memcmp(header.magic, QEMUD_SAVE_MAGIC, sizeof(header.magic)) != 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + image magic is incorrect); +close(fd); +return -1; +} + +if (header.version QEMUD_SAVE_VERSION) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + image version is not supported (%d %d), + header.version, QEMUD_SAVE_VERSION); +close(fd); +return -1; +} + +if ((xml = (char *)malloc(header.xml_len)) == NULL) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + out of memory); +close(fd); +return -1; +} + +if (saferead(fd, xml, header.xml_len) != header.xml_len) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to read XML); +close(fd); +free(xml); +return -1; +} + +/* Create a domain from this XML */ +if (!(def = qemudParseVMDef(conn, driver, xml, NULL))) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to parse XML); +close(fd); +free(xml); +return -1; +} +free(xml); + +/* Ensure the name and UUID don't already exist in an active VM */ +vm = qemudFindVMByUUID(driver, def-uuid); +if (!vm) vm = qemudFindVMByName(driver, def-name); +if (vm qemudIsActiveVM(vm)) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + domain is already active as '%s', vm-def-name); +close(fd); +return -1; +} + +if (!(vm = qemudAssignVMDef(conn, driver, def))) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to assign new VM); +qemudFreeVMDef(def); +close(fd); +return -1; +} + +/* Set the migration source and start it up. */ +snprintf(vm-migrateFrom, sizeof(vm-migrateFrom), stdio); +vm-stdin = fd; + +if (qemudStartVMDaemon(conn, driver, vm) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to start VM); +if (!vm-configFile[0]) +qemudRemoveInactiveVM(driver, vm); +close(fd); +return -1; +} +close(fd); +vm-migrateFrom[0] = '\0'; +vm-stdin = -1; + +/* If it was running before, resume it now. */ +if (header.was_running) { +char *info; +if (qemudMonitorCommand(driver, vm, cont\r, info) 0) { +qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, + failed to resume domain); +return -1; +} +free(info); +vm-state = VIR_DOMAIN_RUNNING; +} + +return 0; } -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] Add signal-safe read/write wrappers
Adds saferead() and safewrite(), which are like read() and write() except that they retry in case of EINTR. Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/util.c | 37 + src/util.h |2 ++ 2 files changed, 39 insertions(+), 0 deletions(-) diff --git a/src/util.c b/src/util.c index 4f80eef..eb57859 100644 --- a/src/util.c +++ b/src/util.c @@ -189,3 +189,40 @@ virExecNonBlock(virConnectPtr conn, return(_virExec(conn, argv, retpid, infd, outfd, errfd, 1)); } +/* Like read(), but restarts after EINTR */ +int saferead(int fd, void *buf, size_t count) +{ + size_t nread = 0; + while (count 0) { + int r = read(fd, buf, count); + if (r 0 errno == EINTR) + continue; + if (r 0) + return r; + if (r == 0) + return nread; + buf = (unsigned char *)buf + r; + count -= r; + nread += r; + } + return nread; +} + +/* Like write(), but restarts after EINTR */ +ssize_t safewrite(int fd, const void *buf, size_t count) +{ + size_t nwritten = 0; + while (count 0) { + int r = write(fd, buf, count); + if (r 0 errno == EINTR) + continue; + if (r 0) + return r; + if (r == 0) + return nwritten; + buf = (unsigned char *)buf + r; + count -= r; + nwritten += r; + } + return nwritten; +} diff --git a/src/util.h b/src/util.h index d11e6d9..f69fac8 100644 --- a/src/util.h +++ b/src/util.h @@ -24,3 +24,5 @@ int virExec(virConnectPtr conn, char **argv, int *retpid, int infd, int *outfd, int *errfd); int virExecNonBlock(virConnectPtr conn, char **argv, int *retpid, int infd, int *outfd, int *errfd); +int saferead(int fd, void *buf, size_t count); +ssize_t safewrite(int fd, const void *buf, size_t count); -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] [PATCH 0/7] QEMU/KVM save/restore support, take 3
Sorry, I'm still trying to learn these tools ... those subjects weren't numbered. The order should be: Subject: [PATCH 1/7] Fix issues with QEMU monitor interface. Subject: [PATCH 2/7] Add option to pass stdin fd to virExec Subject: [PATCH 3/7] Add migration support to QEMU startup. Subject: [PATCH 4/7] Add qemudEscapeShellArg for passing commandlines to qemu. Subject: [PATCH 5/7] Add signal-safe read/write wrappers Subject: [PATCH 6/7] Add KVM save support using migration. Subject: [PATCH 7/7] Add KVM restore support using migration. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] qemu: reset migration source if restore fails
With the latest KVM I'm having some issues with save/restore, but I think it's a kvm issue and not libvirt. The problems did expose a libvirt bug, though; patch below. -jim --- A failed restore of a configured VM would leave the migration source set incorrectly, preventing the VM from being started normally. Always clear migration source, then deal with failures. src/qemu_driver.c | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 87b66ad..bff17b0 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -2083,6 +2083,7 @@ static int qemudDomainRestore(virConnectPtr conn, struct qemud_vm_def *def; struct qemud_vm *vm; int fd; +int ret; char *xml; struct qemud_save_header header; @@ -2161,18 +2162,17 @@ static int qemudDomainRestore(virConnectPtr conn, /* Set the migration source and start it up. */ snprintf(vm-migrateFrom, sizeof(vm-migrateFrom), stdio); vm-stdin = fd; - -if (qemudStartVMDaemon(conn, driver, vm) 0) { +ret = qemudStartVMDaemon(conn, driver, vm); +close(fd); +vm-migrateFrom[0] = '\0'; +vm-stdin = -1; +if (ret 0) { qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED, failed to start VM); if (!vm-configFile[0]) qemudRemoveInactiveVM(driver, vm); -close(fd); return -1; } -close(fd); -vm-migrateFrom[0] = '\0'; -vm-stdin = -1; /* If it was running before, resume it now. */ if (header.was_running) { -- 1.5.3.rc4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] PATCH: Implement CDROM media change for QEMU/KVM driver
Hi Dan, That's definitely be a useful feature. Some comments... @@ -453,7 +454,7 @@ static int qemudOpenMonitor(virConnectPt char buf[1024]; int ret = -1; -if (!(monfd = open(monitor, O_RDWR))) { +if (!(monfd = open(monitor, O_NOCTTY |O_RDWR))) { Is this just to ensure portability or does it change the behavior? @@ -1365,13 +1360,35 @@ static int qemudMonitorCommand(struct qe + retry1: +if (write(vm-logfile, buf, strlen(buf)) 0) { +/* Log, but ignore failures to write logfile for VM */ +if (errno == EINTR) +goto retry1; +qemudLog(QEMUD_WARN, Unable to log VM console data: %s, + strerror(errno)); +} + *reply = buf; return 0; + + error: +if (buf) { +retry2: +if (write(vm-logfile, buf, strlen(buf)) 0) { +/* Log, but ignore failures to write logfile for VM */ +if (errno == EINTR) +goto retry2; +qemudLog(QEMUD_WARN, Unable to log VM console data: %s, + strerror(errno)); +} +free(buf); +} +return -1; I think both of these retry loops could be replaced with safewrite from util.c: if (safewrite(vm-logfile, buf, strlen(buf)) != strlen(buf)) qemudLog(...) +static int qemudDomainChangeCDROM(virDomainPtr dom, + struct qemud_vm *vm, + struct qemud_vm_disk_def *olddisk, + struct qemud_vm_disk_def *newdisk) { +struct qemud_driver *driver = (struct qemud_driver *)dom-conn-privateData; +char *cmd; +char *reply; +/* XXX QEMU only supports a single CDROM for now */ +/*cmd = malloc(strlen(change ) + strlen(olddisk-dst) + 1 + strlen(newdisk-src) + 2);*/ +cmd = malloc(strlen(change ) + strlen(cdrom) + 1 + strlen(newdisk-src) + 2); +if (!cmd) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_NO_MEMORY, monitor command); +return -1; +} +strcpy(cmd, change ); +/* XXX QEMU only supports a single CDROM for now */ +/*strcat(cmd, olddisk-dst);*/ +strcat(cmd, cdrom); +strcat(cmd, ); +strcat(cmd, newdisk-src); +strcat(cmd, \n); Commands should be terminated with \r, otherwise the terminal layer replaces \n - \r\n, and bugs in earlier qemu means it would execute the command twice. Recent qemu will still print the (qemu) prompt twice in this case, which might confuse qemudMonitorCommand into thinking that a subsequent command is finished before it's even started. Unless the O_NOCTTY somehow fixes that? -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] PATCH: Implement CDROM media change for QEMU/KVM driver
Richard W.M. Jones wrote: +char *cmd; +char *reply; +/* XXX QEMU only supports a single CDROM for now */ +/*cmd = malloc(strlen(change ) + strlen(olddisk-dst) + 1 + strlen(newdisk-src) + 2);*/ +cmd = malloc(strlen(change ) + strlen(cdrom) + 1 + strlen(newdisk-src) + 2); +if (!cmd) { +qemudReportError(dom-conn, dom, NULL, VIR_ERR_NO_MEMORY, monitor command); +return -1; +} +strcpy(cmd, change ); +/* XXX QEMU only supports a single CDROM for now */ +/*strcat(cmd, olddisk-dst);*/ +strcat(cmd, cdrom); +strcat(cmd, ); +strcat(cmd, newdisk-src); +strcat(cmd, \n); Much as it irritates me to say it, a fixed-size buffer and snprintf might be preferable here ... Or asprintf. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] Problem to compile virt-manager in debian etch
Virt-manager is compiled from mercurial tree but it isn't working. I don't know why. After run the virt-manager command, it was finished without output error and the window wasn't created. If you need more informations about ask me what informations I should sent. I ran into that too -- make sure you have the gtk-vnc package installed, it's a relatively new requirement of virt-manager and there are no errors printed if it fails to load [1]. It's not yet a Debian package but you can get it from http://sourceforge.net/project/showfiles.php?group_id=190580 -jim [1] I'd provide a patch, but my python skills are severely lacking... -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 4/5] docs: Remove duplicated qemu bridge example
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- docs/format.html |6 +- docs/libvir.html |6 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/docs/format.html b/docs/format.html index 8a519af..5553d10 100644 --- a/docs/format.html +++ b/docs/format.html @@ -274,11 +274,7 @@ support a variety of options:/polliUserspace SLIRP stack lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; lt;mac address=11:22:33:44:55:66/gt; -lt;/interfacegt; lt;interface type='bridge'gt; - lt;source dev='br0'/gt; - lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66/gt; - lt;/interfacegt;/pre +lt;/interfacegt;/pre /li liGeneric connection to LAN pProvides a means for the administrator to execute an arbitrary script diff --git a/docs/libvir.html b/docs/libvir.html index be6f9bb..7eb8a5b 100644 --- a/docs/libvir.html +++ b/docs/libvir.html @@ -1008,11 +1008,7 @@ support a variety of options:/p lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; lt;mac address=11:22:33:44:55:66/gt; -lt;/interfacegt; lt;interface type='bridge'gt; - lt;source dev='br0'/gt; - lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66/gt; - lt;/interfacegt;/pre +lt;/interfacegt;/pre /li liGeneric connection to LAN pProvides a means for the administrator to execute an arbitrary script -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] PATCH: Support NIC model selection for QEMU/KVM
Hi, Sometime between kvm-36 and kvm-46 I ran into problems with the default QEMU network card (ne2k-pci). Switching it fixed the problems, but libvirt doesn't support changing the NIC model. These patches add support for: interface nic model=rtl8139/ /interface which becomes qemu -net nic,model=rtl8139,mac=... By default, no model is appended to the qemu command line, as before. Documentation update some fixes are included too. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 5/5] docs: Document nic model options for qemu
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- docs/format.html |9 +++-- docs/libvir.html | 13 +++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/docs/format.html b/docs/format.html index 5553d10..d73adb1 100644 --- a/docs/format.html +++ b/docs/format.html @@ -219,8 +219,13 @@ XML description is quite similar, here is a simple example:/pprelt;domain linetworking interface definitions definitions are somewhat different due to a different model from Xen see below/li /ulpexcept those points the options should be quite similar to Xen HVM -ones./ph3a name=Net1 id=Net1Networking options for QEmu and KVM (added in 0.2.0)/a/h3pThe networking support in the QEmu and KVM case is more flexible, and -support a variety of options:/polliUserspace SLIRP stack +ones./ph3a name=Net1 id=Net1Networking options for QEmu and KVM (added in 0.2.0)/a/h3pThe networking support in the QEmu and KVM case is more flexible. +Common options control how the interface is presented to the VM. For example:/ppre +lt;interface type='user'gt; + span style=color: #E5; background-color: #FFlt;mac address=11:22:33:44:55:66/gt;/span + span style=color: #E5; background-color: #FFlt;nic model=rtl8139/gt;/span +lt;/interfacegt;/prepSupported models for codenic model/code (added in ?.?.?) depend +on the architecture and can be found in the QEmu documentation./ppOn the host side, the network interface can be connected in a number of ways:/polliUserspace SLIRP stack pProvides a virtual LAN with NAT to the outside world. The virtual network has DHCP amp; DNS services and will give the guest VM addresses starting from code10.0.2.15/code. The default router will be diff --git a/docs/libvir.html b/docs/libvir.html index 7eb8a5b..7113b4a 100644 --- a/docs/libvir.html +++ b/docs/libvir.html @@ -951,8 +951,17 @@ ones./p h3a name=Net1Networking options for QEmu and KVM (added in 0.2.0)/a/h3 -pThe networking support in the QEmu and KVM case is more flexible, and -support a variety of options:/p +pThe networking support in the QEmu and KVM case is more flexible. +Common options control how the interface is presented to the VM. For example:/p +pre +lt;interface type='user'gt; + span style=color: #E5; background-color: #FFlt;mac address=11:22:33:44:55:66/gt;/span + span style=color: #E5; background-color: #FFlt;nic model=rtl8139/gt;/span +lt;/interfacegt;/pre +pSupported models for codenic model/code (added in ?.?.?) depend +on the architecture and can be found in the QEmu documentation./p + +pOn the host side, the network interface can be connected in a number of ways:/p ol liUserspace SLIRP stack pProvides a virtual LAN with NAT to the outside world. The virtual -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 3/5] docs: Fix typo in QEMU network examples
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- docs/format.html |8 docs/libvir.html |8 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/format.html b/docs/format.html index efdbcde..8a519af 100644 --- a/docs/format.html +++ b/docs/format.html @@ -230,7 +230,7 @@ support a variety of options:/polliUserspace SLIRP stack prelt;interface type='user'/gt;/pre pre lt;interface type='user'gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; /pre /li @@ -253,7 +253,7 @@ support a variety of options:/polliUserspace SLIRP stack lt;interface type='network'gt; lt;source network='default'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; /pre /li @@ -273,11 +273,11 @@ support a variety of options:/polliUserspace SLIRP stack lt;interface type='bridge'gt; lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; lt;interface type='bridge'gt; lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt;/pre /li liGeneric connection to LAN diff --git a/docs/libvir.html b/docs/libvir.html index 22bb168..be6f9bb 100644 --- a/docs/libvir.html +++ b/docs/libvir.html @@ -964,7 +964,7 @@ support a variety of options:/p prelt;interface type='user'/gt;/pre pre lt;interface type='user'gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; /pre /li @@ -987,7 +987,7 @@ support a variety of options:/p lt;interface type='network'gt; lt;source network='default'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; /pre /li @@ -1007,11 +1007,11 @@ support a variety of options:/p lt;interface type='bridge'gt; lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt; lt;interface type='bridge'gt; lt;source dev='br0'/gt; lt;target dev='vnet7'/gt; - lt;mac address=11:22:33:44:55:66:/gt; + lt;mac address=11:22:33:44:55:66/gt; lt;/interfacegt;/pre /li liGeneric connection to LAN -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 2/5] qemu: specify nic model when invoking qemu
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_conf.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index c463ffb..c1260ed 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -1738,7 +1738,8 @@ int qemudBuildCommandLine(virConnectPtr conn, while (net) { char nic[100]; -if (snprintf(nic, sizeof(nic), nic,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d, +if (snprintf(nic, sizeof(nic), nic%s%s,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d, + (net-model[0] ? ,model= : ), net-model, net-mac[0], net-mac[1], net-mac[2], net-mac[3], net-mac[4], net-mac[5], -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH 1/5] qemu: Add nic model to XML format.
Signed-off-by: Jim Paris [EMAIL PROTECTED] --- src/qemu_conf.c | 21 + src/qemu_conf.h |2 ++ 2 files changed, 23 insertions(+), 0 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index f3b8f4e..c463ffb 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -644,6 +644,7 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn, struct qemud_vm_net_def *net = calloc(1, sizeof(struct qemud_vm_net_def)); xmlNodePtr cur; xmlChar *macaddr = NULL; +xmlChar *model = NULL; xmlChar *type = NULL; xmlChar *network = NULL; xmlChar *bridge = NULL; @@ -687,6 +688,9 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn, if ((macaddr == NULL) (xmlStrEqual(cur-name, BAD_CAST mac))) { macaddr = xmlGetProp(cur, BAD_CAST address); +} else if ((model == NULL) + (xmlStrEqual(cur-name, BAD_CAST nic))) { +model = xmlGetProp(cur, BAD_CAST model); } else if ((network == NULL) (net-type == QEMUD_NET_NETWORK) (xmlStrEqual(cur-name, BAD_CAST source))) { @@ -739,6 +743,21 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn, qemudRandomMAC(net); } +if (model) { +int len; + +if ((len = xmlStrlen(model)) = (QEMUD_MAX_MODEL_LEN-1)) { +qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR, + NIC model type '%s' is too long, model); +goto error; +} else { +strncpy(net-model, (char *)model, len); +net-model[len] = '\0'; +} +xmlFree(model); +model = NULL; +} + if (net-type == QEMUD_NET_NETWORK) { int len; @@ -872,6 +891,8 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn, return net; error: +if (model) +xmlFree(model); if (network) xmlFree(network); if (address) diff --git a/src/qemu_conf.h b/src/qemu_conf.h index e1844da..d95871e 100644 --- a/src/qemu_conf.h +++ b/src/qemu_conf.h @@ -79,6 +79,7 @@ enum qemud_vm_net_type { }; #define QEMUD_MAX_NAME_LEN 50 +#define QEMUD_MAX_MODEL_LEN 16 #define QEMUD_MAX_XML_LEN 4096 #define QEMUD_MAX_ERROR_LEN 1024 @@ -86,6 +87,7 @@ enum qemud_vm_net_type { struct qemud_vm_net_def { int type; unsigned char mac[QEMUD_MAC_ADDRESS_LEN]; +char model[QEMUD_MAX_MODEL_LEN]; union { struct { char ifname[BR_IFNAME_MAXLEN]; -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] PATCH: Support NIC model selection for QEMU/KVM
Daniel P. Berrange wrote: On Mon, Oct 22, 2007 at 04:33:40PM -0400, Daniel Veillard wrote: On Mon, Oct 22, 2007 at 03:44:38PM -0400, Jim Paris wrote: Hi, Sometime between kvm-36 and kvm-46 I ran into problems with the default QEMU network card (ne2k-pci). Switching it fixed the problems, but libvirt doesn't support changing the NIC model. These patches add support for: interface nic model=rtl8139/ /interface which becomes qemu -net nic,model=rtl8139,mac=... By default, no model is appended to the qemu command line, as before. Documentation update some fixes are included too. Hum, I would really prefer if we were able to identify the issue and fix it transparently for the user (for example by detecting the kvm version if possible) rather than add an option in the permanent data file just to make stuff work. I hope this is possible, but can't really tell. In Fedora/RHEL we simply switched Xen, QEMU and KVM to all use rtl8139 by defualt since ne2k is crap. Getting it fixed upstream might be best. We could also just have libvirt always append model=rtl8139, but I'd be concerned that we could break existing VMs for some users if we swap out the network card unexpectedly. An upstream change would have the same problem. Regardless of what the defaults are, I don't think exposing a knob that lets you control what NIC the guest sees is that much of a hack; describing the guest hardware is what the config xml is mostly for. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] read-only git mirror of libvirt CVS repository
Jim Meyering wrote: I've set up an automatically-sync'd git mirror of the libvirt.org's libvirt CVS repository. The mirror is updated approximately every 30 minutes. You can view the change-set summary via this URL: http://git.et.redhat.com/?p=libvirt.git You can get a copy of the repository with the following command: (this uses the efficient git:// protocol, and is sort of analogous to CVS pserver, in that you get anonymous, read-only access) git clone git://et.redhat.com/libvirt Hi Jim, Thanks, now I don't have to keep a local mirror anymore :) It seems that your mirror is missing tags, though, according to git tags -l. My local mirror had tags and was created with git-cvsimport -o master -d $CVSROOT -v -k -m -i libvirt Note, if you're new to git, you typically run git clone only once, initially, and from then on, you cd into the directory and download/merge the latest sources via git pull. But note that if you do development or otherwise modify a version-controlled file, your next git pull won't work if the pull would have to merge changes to one of the modified files. FWIW, I've found this to do the right thing in that case: git fetch git rebase remotes/origin/HEAD Also, perhaps some .gitignore files could be added upstream now? Patch below. -jim From c8e2192c4e209908f37fbd02d8fd5b5437d2152b Mon Sep 17 00:00:00 2001 From: Jim Paris [EMAIL PROTECTED] Date: Mon, 13 Aug 2007 11:23:55 -0400 Subject: [PATCH] Ignore generated files (git) --- .gitignore | 39 +++ docs/.gitignore |3 +++ docs/devhelp/.gitignore |3 +++ docs/examples/.gitignore|7 +++ docs/examples/python/.gitignore |2 ++ include/.gitignore |2 ++ include/libvirt/.gitignore |2 ++ po/.gitignore | 15 +++ proxy/.gitignore|5 + python/.gitignore | 13 + python/tests/.gitignore |2 ++ qemud/.gitignore|9 + scripts/.gitignore |2 ++ src/.gitignore | 11 +++ tests/.gitignore| 18 ++ tests/confdata/.gitignore |2 ++ tests/sexpr2xmldata/.gitignore |2 ++ tests/virshdata/.gitignore |2 ++ tests/xencapsdata/.gitignore|2 ++ tests/xmconfigdata/.gitignore |2 ++ tests/xml2sexprdata/.gitignore |2 ++ 21 files changed, 145 insertions(+), 0 deletions(-) create mode 100644 .gitignore create mode 100644 docs/.gitignore create mode 100644 docs/devhelp/.gitignore create mode 100644 docs/examples/.gitignore create mode 100644 docs/examples/python/.gitignore create mode 100644 include/.gitignore create mode 100644 include/libvirt/.gitignore create mode 100644 po/.gitignore create mode 100644 proxy/.gitignore create mode 100644 python/.gitignore create mode 100644 python/tests/.gitignore create mode 100644 qemud/.gitignore create mode 100644 scripts/.gitignore create mode 100644 src/.gitignore create mode 100644 tests/.gitignore create mode 100644 tests/confdata/.gitignore create mode 100644 tests/sexpr2xmldata/.gitignore create mode 100644 tests/virshdata/.gitignore create mode 100644 tests/xencapsdata/.gitignore create mode 100644 tests/xmconfigdata/.gitignore create mode 100644 tests/xml2sexprdata/.gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 000..dd2a475 --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +*.o +*.lo +*~ +.#* +.git +Makefile +aclocal.m4 +autom4te.cache +stamp-h.in +Makefile.in +configure +config.cache +config.h +config.h.in +config.log +config.guess +config.status +config.sub +stamp-h +stamp-h1 +libtool +ltconfig +ltmain.sh +update.log +libvirt.pc +libvirt.spec +COPYING +m4 +ABOUT-NLS +config.rpath +mkinstalldirs +coverage +results.log +libvirt-*.tar.gz +INSTALL +compile +depcomp +install-sh +missing diff --git a/docs/.gitignore b/docs/.gitignore new file mode 100644 index 000..7e717f4 --- /dev/null +++ b/docs/.gitignore @@ -0,0 +1,3 @@ +Makefile +Makefile.in +.memdump diff --git a/docs/devhelp/.gitignore b/docs/devhelp/.gitignore new file mode 100644 index 000..cc4abab --- /dev/null +++ b/docs/devhelp/.gitignore @@ -0,0 +1,3 @@ +Makefile +Makefile.in +libvirt.devhelp diff --git a/docs/examples/.gitignore b/docs/examples/.gitignore new file mode 100644 index 000..aa743cb --- /dev/null +++ b/docs/examples/.gitignore @@ -0,0 +1,7 @@ +.memdump +Makefile.in +Makefile +.deps +.libs +suspend +info1 diff --git a/docs/examples/python/.gitignore b/docs/examples/python/.gitignore new file mode 100644 index 000..282522d --- /dev/null +++ b/docs/examples/python/.gitignore @@ -0,0 +1,2 @@ +Makefile +Makefile.in diff --git a/include/.gitignore b/include/.gitignore new file mode 100644 index 000..282522d --- /dev/null +++ b/include/.gitignore @@ -0,0 +1,2
Re: [Libvir] read-only git mirror of libvirt CVS repository
Jim Paris wrote: Jim Meyering wrote: Thanks. I've added -k, since libvirt has at least 8 files with $Id[*], but don't seem to need the '-o master' -- at least not the way I'm pushing the result afterwards. Do you need it, with a recent version of git? Probably not. I was new to git-cvsimport and don't know why I added it :) Actually I take that back, it seems you do. Dan's latest commit didn't make it to your master branch, only origin: http://git.et.redhat.com/?p=libvirt.git;a=shortlog http://git.et.redhat.com/?p=libvirt.git;a=shortlog;h=origin -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvir] Build error without Xen
Daniel Veillard wrote: Jim Paris wrote: Hi, The recent changes to src/xml.c breaks the build without xen: okay, fixed in CVS Yep, builds fine now, thanks. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] stats_linux.c: Only include xs.h if WITH_XEN.
Fixes compile error when building --without-xen on a host that has no Xen headers installed. --- src/stats_linux.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/stats_linux.c b/src/stats_linux.c index 5e6d06c..125af45 100644 --- a/src/stats_linux.c +++ b/src/stats_linux.c @@ -19,7 +19,9 @@ #include string.h #include unistd.h +#ifdef WITH_XEN #include xs.h +#endif #include internal.h #include xen_unified.h -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[Libvir] [PATCH] qemu_conf.h: Avoid dubious signed one-bit bitfield
Signed one-bit bitfields are odd (values are 0 and -1?). The code doesn't test for == 1, so it's not currently broken, but it's fragile. (Noticed by Sparse). --- src/qemu_conf.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu_conf.h b/src/qemu_conf.h index 72e582d..6a59744 100644 --- a/src/qemu_conf.h +++ b/src/qemu_conf.h @@ -305,8 +305,8 @@ struct qemud_driver { char *networkConfigDir; char *networkAutostartDir; char logDir[PATH_MAX]; -int vncTLS : 1; -int vncTLSx509verify : 1; +unsigned int vncTLS : 1; +unsigned int vncTLSx509verify : 1; char *vncTLSx509certdir; char vncListen[BR_INET_ADDR_MAXLEN]; }; -- 1.5.3.4 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] heisenbug in command.c
Serge Hallyn wrote: On 03/16/2012 11:50 AM, Eric Blake wrote: On 03/16/2012 10:36 AM, Serge Hallyn wrote: Hi, It seems I've run into quite the heisenbug, reported at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/922628 It manifests itself as virPidWait returning status=4 for iptables (which should never exit with status=4). Maybe iptables isn't documented as exiting with $? of 4, but that's what is happening. The libvirt code in question is quite clear that it grabbed an accurate exit status from the child process. Well, yes. I figured that either (1) iptables actually got -EINTR from the kernel and passed that along as its exit code, or (2) something went wrong with memory being overwritten in libvirt, however unlikely. Stranger things have happened. If (1), I was wondering if it was being ignored on purpose. Why do you bring up EINTR at all? Just because EINTR is 4? That seems very much unrelated. This is from iptables: enum xtables_exittype { OTHER_PROBLEM = 1, PARAMETER_PROBLEM, VERSION_PROBLEM, RESOURCE_PROBLEM, XTF_ONLY_ONCE, XTF_NO_INVERT, XTF_BAD_VALUE, XTF_ONE_ACTION, }; So it looks like iptables is returning RESOURCE_PROBLEM (which could explain why it's intermittent). -jim ret = virPidWait(cmd-pid, exitstatus ? exitstatus :status); if (ret == 0) { cmd-pid = -1; cmd-reap = false; if (status) { char *str = virCommandToString(cmd); char *st = virCommandTranslateStatus(status); virCommandError(VIR_ERR_INTERNAL_ERROR, _(Child process (%s) status unexpected: %s), str ? str : cmd-args[0], NULLSTR(st)); But it's only been seen on two (very different) machines, and the slightest shifting of the winds makes it go away. Given how sneaky this bug appears to be, there's a slight temptation to have iptablesAddRemoveRule pass in a int* for status and better deal with the -EINTR. But I fear that might be papering over a worse race. I don't follow how you think there is a -EINTR being encountered in libvirt. Yeah I don't really either. I think you'd be better off investigating why iptables really is exiting with status 4. Well, given what EINTR means, shouldn't src/util/iptables.c re-try the command if it gets that? Anyway I'll keep digging, but was wondering if anyone else has seen this. -serge -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] udevadm settle can take too long
Hi, http://bugs.debian.org/663931 is a bug I'm hitting, where virt-manager times out on the initial connection to libvirt. The basic problem is that, while checking storage volumes, virt-manager causes libvirt to call udevadm settle. There's an interaction where libvirt's earlier use of network namespaces (to probe LXC features) had caused some uevents to be sent that get filtered out before they reach udev. This confuses udevadm settle a bit, and so it sits there waiting for a 2-3 minute built-in timeout before returning. Eventually libvirtd prints: 2012-04-22 18:22:18.678+: 30503: warning : virKeepAliveTimer:182 : No response from client 0x7feec4003630 after 5 keepalive messages in 30 seconds and virt-manager prints: 2012-04-22 18:22:18.931+: 30647: warning : virKeepAliveSend:128 : Failed to send keepalive response to client 0x25004e0 and the connection gets dropped. One workaround could be to specify a shorter timeout when doing the settle. The patch appended below allows virt-manager to work, although the connection still has to wait for the 10 second timeout before it succeeds. I don't know what a better solution would be, though. It seems the udevadm behavior might not be considered a bug from the udev/kernel point of view: https://lkml.org/lkml/2012/4/22/60 I'm using Linux 3.2.14 with libvirt 0.9.11. You can trigger the udevadm issue using a program I posted at the Debian bug report link above. -jim From 17e5b9ebab76acb0d711e8bc308023372fbc4180 Mon Sep 17 00:00:00 2001 From: Jim Paris j...@jtan.com Date: Sun, 22 Apr 2012 14:35:47 -0400 Subject: [PATCH] shorten udevadmin settle timeout Otherwise, udevadmin settle can take so long that connections from e.g. virt-manager will get closed. --- src/util/util.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/util.c b/src/util/util.c index 6e041d6..dfe458e 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -2593,9 +2593,9 @@ virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED) void virFileWaitForDevices(void) { # ifdef UDEVADM -const char *const settleprog[] = { UDEVADM, settle, NULL }; +const char *const settleprog[] = { UDEVADM, settle, --timeout, 10, NULL }; # else -const char *const settleprog[] = { UDEVSETTLE, NULL }; +const char *const settleprog[] = { UDEVSETTLE, --timeout, 10, NULL }; # endif int exitstatus; -- 1.7.7 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] udevadm settle can take too long
Guido Günther wrote: Hi, On Sun, Apr 22, 2012 at 02:41:54PM -0400, Jim Paris wrote: Hi, http://bugs.debian.org/663931 is a bug I'm hitting, where virt-manager times out on the initial connection to libvirt. I reassigned the bug back to libvirt. I still wonder what triggers this though for some users but not for others? Cheers, -- Guido On all of my machines, virt-manager hangs if udevadm settle hangs. You can use the program I posted at that bug report to trigger the udevadm problem (it can be undone by restarting udev). Libvirtd only triggers the udevadm problem at startup, through its use of network namespaces while probing lxc. If anything else generates uevents after that point, then the udevadm problem usually goes away. For example, any module loads, hardware events (ejecting a CD, closing a laptop lid, etc), or bringing up or down network interfaces (which libvirt would typically do by itself when starting a new domain). So most users might just avoid it through luck. But if you manually restart libvirtd right before trying virt-manager, you'll probably see it too. Thanks, -jim The basic problem is that, while checking storage volumes, virt-manager causes libvirt to call udevadm settle. There's an interaction where libvirt's earlier use of network namespaces (to probe LXC features) had caused some uevents to be sent that get filtered out before they reach udev. This confuses udevadm settle a bit, and so it sits there waiting for a 2-3 minute built-in timeout before returning. Eventually libvirtd prints: 2012-04-22 18:22:18.678+: 30503: warning : virKeepAliveTimer:182 : No response from client 0x7feec4003630 after 5 keepalive messages in 30 seconds and virt-manager prints: 2012-04-22 18:22:18.931+: 30647: warning : virKeepAliveSend:128 : Failed to send keepalive response to client 0x25004e0 and the connection gets dropped. One workaround could be to specify a shorter timeout when doing the settle. The patch appended below allows virt-manager to work, although the connection still has to wait for the 10 second timeout before it succeeds. I don't know what a better solution would be, though. It seems the udevadm behavior might not be considered a bug from the udev/kernel point of view: https://lkml.org/lkml/2012/4/22/60 I'm using Linux 3.2.14 with libvirt 0.9.11. You can trigger the udevadm issue using a program I posted at the Debian bug report link above. -jim From 17e5b9ebab76acb0d711e8bc308023372fbc4180 Mon Sep 17 00:00:00 2001 From: Jim Paris j...@jtan.com Date: Sun, 22 Apr 2012 14:35:47 -0400 Subject: [PATCH] shorten udevadmin settle timeout Otherwise, udevadmin settle can take so long that connections from e.g. virt-manager will get closed. --- src/util/util.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/util.c b/src/util/util.c index 6e041d6..dfe458e 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -2593,9 +2593,9 @@ virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED) void virFileWaitForDevices(void) { # ifdef UDEVADM -const char *const settleprog[] = { UDEVADM, settle, NULL }; +const char *const settleprog[] = { UDEVADM, settle, --timeout, 10, NULL }; # else -const char *const settleprog[] = { UDEVSETTLE, NULL }; +const char *const settleprog[] = { UDEVSETTLE, --timeout, 10, NULL }; # endif int exitstatus; -- 1.7.7 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] udevadm settle can take too long
Osier Yang wrote: On 2012年04月24日 03:47, Guido Günther wrote: Hi, On Sun, Apr 22, 2012 at 02:41:54PM -0400, Jim Paris wrote: Hi, http://bugs.debian.org/663931 is a bug I'm hitting, where virt-manager times out on the initial connection to libvirt. I reassigned the bug back to libvirt. I still wonder what triggers this though for some users but not for others? Cheers, -- Guido The basic problem is that, while checking storage volumes, virt-manager causes libvirt to call udevadm settle. There's an interaction where libvirt's earlier use of network namespaces (to probe LXC features) had caused some uevents to be sent that get filtered out before they reach udev. This confuses udevadm settle a bit, and so it sits there waiting for a 2-3 minute built-in timeout before returning. Eventually libvirtd prints: 2012-04-22 18:22:18.678+: 30503: warning : virKeepAliveTimer:182 : No response from client 0x7feec4003630 after 5 keepalive messages in 30 seconds and virt-manager prints: 2012-04-22 18:22:18.931+: 30647: warning : virKeepAliveSend:128 : Failed to send keepalive response to client 0x25004e0 and the connection gets dropped. One workaround could be to specify a shorter timeout when doing the settle. The patch appended below allows virt-manager to work, although the connection still has to wait for the 10 second timeout before it succeeds. I don't know what a better solution would be, though. It seems the udevadm behavior might not be considered a bug from the udev/kernel point of view: https://lkml.org/lkml/2012/4/22/60 I'm using Linux 3.2.14 with libvirt 0.9.11. You can trigger the udevadm issue using a program I posted at the Debian bug report link above. -jim From 17e5b9ebab76acb0d711e8bc308023372fbc4180 Mon Sep 17 00:00:00 2001 From: Jim Parisj...@jtan.com Date: Sun, 22 Apr 2012 14:35:47 -0400 Subject: [PATCH] shorten udevadmin settle timeout Otherwise, udevadmin settle can take so long that connections from e.g. virt-manager will get closed. --- src/util/util.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/util.c b/src/util/util.c index 6e041d6..dfe458e 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -2593,9 +2593,9 @@ virFileFindMountPoint(const char *type ATTRIBUTE_UNUSED) void virFileWaitForDevices(void) { # ifdef UDEVADM -const char *const settleprog[] = { UDEVADM, settle, NULL }; +const char *const settleprog[] = { UDEVADM, settle, --timeout, 10, NULL }; Though I don't have a good idea to fix it either, I guess this change could cause lvremove to fail again for the udev race. See BZs: https://bugzilla.redhat.com/show_bug.cgi?id=702260 https://bugzilla.redhat.com/show_bug.cgi?id=570359 It seems that those bugs were caused by something like 1. open(lv, O_RDWR) 2. close(lv) 3. system(lvremove ...) where udev would fire off a command between 2 and 3 that caused 3 to fail. Adding udevadm settle as step 2.5 is a good way to wait for that command to finish, but: - it doesn't necessarily fix the issue; something could easily re-open the device between 2.5 and 3 and cause the same failure. - the race condition sounds like it was a short window, and sometimes the original sequence would still work even without the settle. That would suggest to me that a timeout of 10s is still plenty long. A few thoughts: - For lvremove: can we try a short timeout (3 seconds), then if the lvremove still fails, try again with the default udevadm timeout (120 seconds)? - Even in that case, we need to fix libvirtd to not kill the connection after 30 seconds when it's libvirtd's fault that the connection is blocked for so long anyway. - When connecting with virt-manager, is the udevadm settle really necessary? We're not calling lvremove. Thanks, -jim -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] problems with remote authentication with policykit
Daniel P. Berrange wrote: But when accessing remotely, I get no useful error, and a hang: $ virsh -c qemu+ssh://j...@server/system libvir: Remote error : authentication failed process hangs here $ virsh --readonly -c qemu+ssh://j...@server/system libvir: Remote error : authentication failed process hangs here Furthermore, on the server, this leaves nc processes running, and eventually there are enough that libvirtd stops accepting new connections. The hang is really odd. That suggests something is not closing the socket connection properly. If you had been yusing 0.6.1/.2/.3 I would have said it was one of the libvirtd bugs, but 0.6.4 has all event handling bugs fixed. Perhaps the libvirtd client is not killing the SSH session / process when it closes the connection after auth failure. I was using 0.4.6 on the client side. I upgraded that to 0.6.4, but I still get the hang. Virsh prints nothing; the LIBVIRT_DEBUG output is: 17:34:58.524: debug : doRemoteOpen:505 : proceeding with name = qemu:///system 17:34:58.525: debug : virExecWithHook:573 : ssh server nc -U /var/run/libvirt/libvirt-sock 17:34:58.526: debug : call:6947 : Doing call 66 (nil) 17:34:58.527: debug : call:7017 : We have the buck 66 0x7fba56729010 0x7fba56729010 17:34:59.359: debug : processCallRecvLen:6605 : Got length, now need 36 total (32 more) 17:34:59.360: debug : processCalls:6873 : Giving up the buck 66 0x7fba56729010 (nil) 17:34:59.360: debug : call:7048 : All done with our call 66 (nil) 0x7fba56729010 17:34:59.360: debug : remoteAuthPolkit:6114 : Client initialize PolicyKit authentication 17:34:59.360: debug : call:6947 : Doing call 70 (nil) 17:34:59.360: debug : call:7017 : We have the buck 70 0xbccef0 0xbccef0 17:34:59.433: debug : processCallRecvLen:6605 : Got length, now need 128 total (124 more) 17:34:59.434: debug : processCalls:6873 : Giving up the buck 70 0xbccef0 (nil) 17:34:59.434: debug : call:7048 : All done with our call 70 (nil) 0xbccef0 17:34:59.434: error : server_error:7231 : authentication failed 17:35:13.585: debug : do_open:999 : driver 4 remote returned ERROR 17:35:13.585: debug : virUnrefConnect:232 : unref connection 0xbc6a60 1 17:35:13.585: debug : virReleaseConnect:191 : release connection 0xbc6a60 If I kill the libvirtd process on the server, the client then finally prints: error: authentication failed error: failed to connect to the hypervisor and the client then exits. On the server side, the libvirtd output is 17:34:59.378: debug : remoteDispatchAuthPolkit:3385 : Start PolicyKit auth 25 17:34:59.378: info : remoteDispatchAuthPolkit:3396 : Checking PID 7551 running as 1000 17:34:59.379: debug : virEventRunOnce:567 : Poll got 1 event 17:34:59.379: debug : virEventDispatchHandles:450 : Dispatch n=2 f=9 w=3 e=1 0x1a72790 17:34:59.379: debug : nodeDeviceLock:52 : LOCK node 0x1a748e0 17:34:59.379: debug : nodeDeviceUnlock:57 : UNLOCK node 0x1a748e0 17:34:59.426: error : remoteDispatchAuthPolkit:3451 : Policy kit denied action org.libvirt.unix.manage from pid 7551, uid 1000, result: auth_admin_keep_session The hang aside, it seems libvirtd should be using org.libvirt.unix.monitor for the readonly connection? Is policykit authentication supposed to work over qemu+ssh? Yes, but only if you ssh as root such that policykit is a no-op. The problem you are seeing is becaue you SSH as non-root. PolicyKit relies on ConsoleKit to determine who is authorized, and SSH does not register ConsoleKit Sessions. As I mentioned, I've modified the PolicyKit libvirtd configuration to not require a session: match action=org.libvirt.unix.manage return result=auth_admin_keep_session/ /match so I was hoping that wouldn't be a problem. With this configuration, I think even using libpam-ck-connector wouldn't change things? I was hoping it would at least not break the --readonly case. That all said --readonly is intended to work at all times. Our default policy file includes a rule allow_anyyes/allow_any which is telling policykit to allow access even if the client is not associatied with any ConsoleKit session. So this should have allowed it to work for you with --readonly. Right, it seems libvirtd is missing readonly somehow? -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] problems with remote authentication with policykit
Daniel P. Berrange wrote: On Wed, Jun 17, 2009 at 05:51:27PM -0400, Jim Paris wrote: Daniel P. Berrange wrote: 17:34:59.360: debug : call:6947 : Doing call 70 (nil) 17:34:59.360: debug : call:7017 : We have the buck 70 0xbccef0 0xbccef0 17:34:59.433: debug : processCallRecvLen:6605 : Got length, now need 128 total (124 more) 17:34:59.434: debug : processCalls:6873 : Giving up the buck 70 0xbccef0 (nil) 17:34:59.434: debug : call:7048 : All done with our call 70 (nil) 0xbccef0 17:34:59.434: error : server_error:7231 : authentication failed 17:35:13.585: debug : do_open:999 : driver 4 remote returned ERROR 17:35:13.585: debug : virUnrefConnect:232 : unref connection 0xbc6a60 1 17:35:13.585: debug : virReleaseConnect:191 : release connection 0xbc6a60 If I kill the libvirtd process on the server, the client then finally prints: error: authentication failed error: failed to connect to the hypervisor and the client then exits. Ok, this bit definitely sounds like a server side bug, unless perhaps there is some buffering taking place in ssh or nc causing the errore reply packet to not be send back promptly I'll try to get some better traces of what's going on here. The hang aside, it seems libvirtd should be using org.libvirt.unix.monitor for the readonly connection? In this case the problem is that the remote client end is using netcat on the wrong UNIX socket. Thanks, that's it. With the attached patch on the client side, virsh --readonly and virt-viewer work fine over qemu+ssh://. -jim --- libvirt-0.6.4-orig/src/remote_internal.c2009-05-29 10:55:26.0 -0400 +++ libvirt-0.6.4/src/remote_internal.c 2009-06-17 18:21:34.0 -0400 @@ -700,7 +700,10 @@ cmd_argv[j++] = strdup (priv-hostname); cmd_argv[j++] = strdup (netcat ? netcat : nc); cmd_argv[j++] = strdup (-U); -cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET); + cmd_argv[j++] = strdup (sockname ? sockname : + (flags VIR_CONNECT_RO +? LIBVIRTD_PRIV_UNIX_SOCKET_RO +: LIBVIRTD_PRIV_UNIX_SOCKET)); cmd_argv[j++] = 0; assert (j == nr_args); for (j = 0; j (nr_args-1); j++) -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] problems with remote authentication with policykit
Daniel P. Berrange wrote: We close the socket to the 'nc' process here so in theory it should be getting a HUP event from poll or EOF from read, etc and then exiting. Ominously though I see several patches to Fedora's 'nc' RPM at least one of which is related to nc hanging forever after getting HUP fback from poll(). What distro are you using ? http://cvs.fedoraproject.org/viewvc/rpms/nc/F-11/ I'm using Debian. I've already had to switch from the netcat-traditional package to the netcat-openbsd package. Debian does already include that patch, but what a mess... Since already know libvirtd is installed on the remote host, would it make sense to just add a new set of options: libvirtd --socket-connect libvirtd --socket-connect-ro that do the same thing as nc -U on the appropriate socket? Then we know it would work everywhere, and have the added benefit that the client wouldn't need to know the location of the socket. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] problems with remote authentication with policykit
Daniel P. Berrange wrote: On Thu, Jun 18, 2009 at 12:20:40PM -0400, Jim Paris wrote: I'm using Debian. I've already had to switch from the netcat-traditional package to the netcat-openbsd package. Debian does already include that patch, but what a mess... I know the reason why it gets stuck on the server end too - after an auth failure, the server won't kick off the client. The connection just remains in an unauthenticated state. This allows the client to (in theory) retry the authentication step, and gives us a little more flexibility for any future protocol changes we might need to make. Makes sense -- it would be nice for the client to be able to retry with read-only authentication when read-write fails, without having to reopen the SSH connection. Or is that not possible, since it would require opening a different socket? I think the best way to solve the problem of 'nc' potentially not quitting promptly, is to simply have the remote client kill() the SSH client pid, rather than simply closing the socket doing waitpid() on the SSH client. This would ensure the waitpid promptly cleans up. Yeah, that should fix the hang. Since already know libvirtd is installed on the remote host, would it make sense to just add a new set of options: libvirtd --socket-connect libvirtd --socket-connect-ro that do the same thing as nc -U on the appropriate socket? Then we know it would work everywhere, and have the added benefit that the client wouldn't need to know the location of the socket. If we'd thought of this originally, I would certainly have done it this way, but if we did this now, it would break compatability. ie new libvirt clients would be trying to run a binary that does not exist with old server deployments. It could still be done in a backwards-compatible way. Something like: ssh server libvirtd --socket-connect || nc -U /socket Or, if you really wanted to be nice to us Debian folks, ssh server libvirtd --socket-connect || nc.openbsd -U /socket || nc -U /socket (while the Debian libvirt package does depend on netcat-openbsd, there's nothing that forces the local nc symlink to point to the openbsd version over the traditional version, if both are installed). It's definitely messy, but it would really be nice to remove the need for the client to know which netcat to use, or where sockets are located, etc. Hmm, as I think about it more, I guess netcat is also used for VNC connections? I wonder if that could be implemented as a dynamic port forward on the existing SSH connection, which would also eliminate the need for a second connection (and having to enter the password a second time)... -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Try multiple times to open unix monitor socket
Daniel P. Berrange wrote: On Wed, Jul 15, 2009 at 11:40:42AM +0200, Daniel Veillard wrote: On Tue, Jul 14, 2009 at 06:22:42PM -0400, Cole Robinson wrote: Unlike the pty monitor (which we know exists since we scrape its path from stdout), we have no way of knowing that the unix monitor socket should exist/ be initialized. As a result, some of my KVM guests randomly fail to start on F10 host. Try to open the unix socket in a 3 second timeout loop. Ignore EACCES (path does not exist if a first time run) and ECONNREFUSED (leftover socket from a previous run hasn't been removed yet). Fixes things for me. It's always a bit annoying to end up with heuristics like this but if we don't have any other way, okay, ACK I don't like it much either, but this is no worse than what we had todo to find the /dev/pts/XXX path where we waited ina loop for 3 seconds. ACK to this patch Long term we'll need to discuss with QEMU developers to find a better way todo this without needing a timeout. One idea is actually instead of passing a UNIX domain socket path to QEMU, actually create bind the socket in libvirt and then pass the pre-opened FD to QEMU. This would guarentee that we can instantly connect to the monitor. Of course then the job of waiting passes to the code that sends monitor commands. What about qemu's -daemonize option: -daemonize Daemonize the QEMU process after initialization. QEMU will not detach from standard IO until it is ready to receive connections on any of its devices. This option is a useful way for external programs to launch QEMU without having to cope with initialization race conditions. It looks like it was introduced in 0.9.0. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] How to config my VM to use KVM with libvirt?
Daniel P. Berrange wrote: On Tue, Jul 21, 2009 at 05:47:15PM +0900, Jun Koi wrote: Hi, I have a VM running under libvirt, and it is currently run with -no-kvm option (I saw that in ps output). Now I want to run this VM with KVM. How can I reconfigure it for that? I looked into its configuration file under /etc/libvirt/qemu, but didnt see any option to turn KVM on. Run 'virsh edit GUEST' and on the top domain element, change the type attribute to be 'kvm' instead of 'qemu'. Speaking of this, I've noticed that domain type='qemu' os type arch='i686' machine='pc'hvm/type /os /domain runs WITH kvm on an x86_64 system. Is that intended? It seems that this comment in qemu_conf.c: /* Need to explicitly disable KVM if * 1. Arch matches host arch * 2. Guest domain is 'qemu' * 3. The qemu binary has the -no-kvm flag */ might need to expand #1 to consider i686 == x86_64? -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] How to config my VM to use KVM with libvirt?
Daniel P. Berrange wrote: On Tue, Jul 21, 2009 at 09:46:17AM -0400, Jim Paris wrote: Speaking of this, I've noticed that domain type='qemu' os type arch='i686' machine='pc'hvm/type /os /domain runs WITH kvm on an x86_64 system. Is that intended? No, its not intended ! ... I'm actually wondering why we bother with #1 at all. If the binary has '-no-kvm' and the domain is 'qemu', then it should be used no matter what arch. Agreed. Below is a patch which should fix the oversight (lightly tested). However, this is going to be a user-visible change and may cause people to complain that their existing 32-bit domains are unexpectedly running with -no-kvm. Is that OK? Technically it's a misconfiguration. For the record, I think we've already broken this area once when 0.6.2 came out -- previous to that, even my 64-bit VMs had domain type qemu, and libvirt ran my specified kvm binary without -no-kvm. -jim From f7edd4c887512e4fc7c97b12a4f2409244af9eb3 Mon Sep 17 00:00:00 2001 From: Jim Paris j...@jtan.com Date: Tue, 21 Jul 2009 17:07:51 -0400 Subject: [PATCH] Always add -no-kvm and -no-kqemu, if available, for qemu domains. If the qemu binary supports -no-kvm and/or -no-kqemu, they should always be added for plain qemu domains. Previously, we omitted them whenever the host and guest architectures implied that they would be disabled automatically, but that logic was flawed in some cases (such as i686 and x86_64). Signed-off-by: Jim Paris j...@jtan.com --- src/qemu_conf.c | 12 1 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 4043d70..f146598 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -977,22 +977,18 @@ int qemudBuildCommandLine(virConnectPtr conn, emulator = def-emulator; /* Need to explicitly disable KQEMU if - * 1. Arch matches host arch - * 2. Guest domain is 'qemu' - * 3. The qemu binary has the -no-kqemu flag + * 1. Guest domain is 'qemu' + * 2. The qemu binary has the -no-kqemu flag */ if ((qemuCmdFlags QEMUD_CMD_FLAG_KQEMU) -STREQ(ut.machine, def-os.arch) def-virtType == VIR_DOMAIN_VIRT_QEMU) disableKQEMU = 1; /* Need to explicitly disable KVM if - * 1. Arch matches host arch - * 2. Guest domain is 'qemu' - * 3. The qemu binary has the -no-kvm flag + * 1. Guest domain is 'qemu' + * 2. The qemu binary has the -no-kvm flag */ if ((qemuCmdFlags QEMUD_CMD_FLAG_KVM) -STREQ(ut.machine, def-os.arch) def-virtType == VIR_DOMAIN_VIRT_QEMU) disableKVM = 1; -- 1.6.1.3 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] How to get access to QEMU monitor?
Jun Koi wrote: Hi, I am running QEMU via libvirt (using virsh virt-manager). Now I want to get access to the monitor interface of QEMU, so I can issue some commands to monitor. Is there anyway to do that? That isn't supported, because libvirt won't know what you've changed and can't deal with it in the general case. If there's a specific feature you need, it would be better to get that integrated into libvirt directly. That said, you might be able to go around libvirt's back by killing libvirt, connecting to the monitor PTY (see /var/run/libvirt/vm.xml for the location), and then disconnecting and restarting libvirt. If you do anything that changes the domain state, though, you'll mess up libvirt. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC] Support for CPUID masking
Jiri Denemark wrote: Hi, We need to provide support for CPU ID masking. Xen and VMware ESX are examples of current hypervisors which support such masking. My proposal is to define new 'cpuid' feature advertised in guest capabilities: ... domain type='xen' id='42' ... features pae/ acpi/ apic/ cpuid mask level='1' register='ebx' :::1010:::: /mask ... What are your opinions about this? I think it's too low-level, and the structure is x86-specific. QEMU and KVM compute their CPUID response based on arguments to the -cpu argument, e.g.: -cpu core2duo,model=23,+ssse3,+lahf_lm I think a similar structure makes more sense for libvirt, where the configuration generally avoids big blocks of binary data, and the XML format should suit other architectures as well. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Passing -no-kvm-irqchip to KVM/QEMU guests
Garry Dolley wrote: Dear libvirt, Is there a way to tell a KVM/QEMU guest managed by libvirt to start with the -no-kvm-irqchip argument? I have some FreeBSD 7 guests with timing issues, and if I try to start the VMs manually with -no-kvm-irqchip, the timing issues go away (the only known workaround right now). However, if the guest is managed by libvirt, I have found no way to pass this command line option. I'm running libvirt 0.6.4 on Ubuntu 9.04 As a hack, you can point the XML file to a wrapper script instead of the KVM binary, where the script would contain e.g.: #!/bin/sh exec /usr/bin/kvm $@ -no-kvm-irqchip -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] virtio network problems with kvm guests with 2.6.26 kernel
Daniel P. Berrange wrote: On Tue, Sep 29, 2009 at 02:39:59AM -0400, Jim Paris wrote: Hi, After upgrading libvirt on one system, my kvm guests running a 2.6.26 kernel with virtio networking could no longer communicate with the network. It seems that the problem is caused by newer libvirt versions unconditionally enabling GSO support by setting IFF_VNET_HDR [1]. However, support for this feature is apparently broken in 2.6.26. Ubuntu seems to have also discovered this problem [2] and they currently work around it by removing GSO support from kvm [3]. Currently, I'm running with a patched libvirt that never sets IFF_VNET_HDR, and it's working fine once again. While this is not a libvirt problem per se, it certainly violated the principle of least surprise given that libvirt was the only thing that changed! But I don't know if there's much that libvirt can do to avoid this problem, as it's really something that needs to get fixed in kvm, or the guest needs to be upgraded, or switched away from virtio. libvirt probes to see if IFF_VNET_HDR is supported by the kernel and if so, enables it. If its broken in the kernel, the kernel should have been patch, or had the flag disabled as its not really practical for libvirt to special case this thing further Libvirt probes support in the host kernel. The problem lies with the guest kernel, which fails to communicate with the host when the host has IFF_VNET_HDR enabled. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] virtio network problems with kvm guests with 2.6.26 kernel
Jim Paris wrote: Daniel P. Berrange wrote: On Tue, Sep 29, 2009 at 02:39:59AM -0400, Jim Paris wrote: Hi, After upgrading libvirt on one system, my kvm guests running a 2.6.26 kernel with virtio networking could no longer communicate with the network. It seems that the problem is caused by newer libvirt versions unconditionally enabling GSO support by setting IFF_VNET_HDR [1]. However, support for this feature is apparently broken in 2.6.26. Ubuntu seems to have also discovered this problem [2] and they currently work around it by removing GSO support from kvm [3]. Currently, I'm running with a patched libvirt that never sets IFF_VNET_HDR, and it's working fine once again. While this is not a libvirt problem per se, it certainly violated the principle of least surprise given that libvirt was the only thing that changed! But I don't know if there's much that libvirt can do to avoid this problem, as it's really something that needs to get fixed in kvm, or the guest needs to be upgraded, or switched away from virtio. libvirt probes to see if IFF_VNET_HDR is supported by the kernel and if so, enables it. If its broken in the kernel, the kernel should have been patch, or had the flag disabled as its not really practical for libvirt to special case this thing further Libvirt probes support in the host kernel. The problem lies with the guest kernel, which fails to communicate with the host when the host has IFF_VNET_HDR enabled. Nevermind that, my conclusions were bogus. Things still didn't quite add up, so I tracked down what's really going on here: - Libvirt 0.7.1 (as packaged by Debian) has IFF_VNET_HDR support. - Qemu-kvm 0.11.0 (as built by myself) did NOT include IFF_VNET_HDR support, because it was built against the older headers on my system. Libvirt assumes that if it can support IFF_VNET_HDR, and qemu is new enough, then qemu must support IFF_VNET_HDR too. This assumption was wrong in my case, but it seems there's no easy way for libvirt to figure out the correct thing to do. Anyway, after updating the linux-libc-dev package and rebuilding qemu-kvm, things work now. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] add fullscreen support to qemu sdl xml (via fullscreen='true' attribute for the graphics element)
Daniel P. Berrange wrote: And in the struct int fullscreen : 1; unsigned int fullscreen : 1; would be better (so the possible values are 0 and 1). -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Leaky virsh?
John Levon wrote: Running virsh with the remote driver (as it always is on Solaris), it leaks pretty heavily: thewhip:~ # yes start fewfewf | virsh /dev/null 21 [1] 6388 # prstat -c -p 6388 PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 6388 root 10M 6788K sleep 590 0:00:02 0.2% virsh/1 Total: 1 processes, 1 lwps, load averages: 0.32, 0.12, 0.06 PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 6388 root 11M 7104K sleep 590 0:00:02 0.3% virsh/1 Total: 1 processes, 1 lwps, load averages: 0.34, 0.12, 0.06 PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 6388 root 11M 7160K sleep 590 0:00:02 0.3% virsh/1 Total: 1 processes, 1 lwps, load averages: 0.36, 0.13, 0.07 Can you reproduce on Linux anyone? Yeah, it seems there is no limit on the size of the readline history, so it just grows forever. Try this? -jim From a65339502c996dbeea9b6f3172a6cb8a2669f153 Mon Sep 17 00:00:00 2001 From: Jim Paris j...@jtan.com Date: Thu, 5 Feb 2009 19:21:01 -0500 Subject: [PATCH] virsh: limit history entries Limit the number of readline history entries in virsh, to avoid unbounded memory usage. --- src/virsh.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/virsh.c b/src/virsh.c index fd23e9f..e879982 100644 --- a/src/virsh.c +++ b/src/virsh.c @@ -6776,6 +6776,9 @@ vshReadlineInit(void) /* Tell the completer that we want a crack first. */ rl_attempted_completion_function = vshReadlineCompletion; + +/* Limit the total size of the history buffer */ +stifle_history(500); } static char * -- 1.5.6.5 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvirt] VNC auth per VM
Daniel P. Berrange wrote: On Mon, Jun 08, 2009 at 11:35:00AM +0200, Christian Weyermann wrote: Hello everybody, I encountered the following problem. I want my users to only be able to connect to their own virtual machines via VNC. Is there any way to do so? The VNC authentication setup is currently being done per-host, so there is no way to define ACLs per-(user,vm) tuple as you describe. What about the VNC password? That's per-VM, isn't it? -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [Libvirt] VNC auth per VM
Daniel P. Berrange wrote: What about the VNC password? That's per-VM, isn't it? That is true by I don't really consider VNC password to be useful. It is utterly insecure. ... Garry Dolley wrote: With KVM/QEMU, you can set a VNC password per VM. But I think it is either/or though; you can use VNC with passwords (no encryption), or use VNC with TLS, which is encrypted, but anyone with a valid certificate can connect (to any VM). Ok, makes sense. In my own case, where VNC only listens on 127.0.0.1 and all remote connections are tunneled through SSH anyway, I think that plaintext passwords and the lack of VNC encryption would be OK. Thanks for the clearifications. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] problems with remote authentication with policykit
Hi, I have libvirt 0.6.4 running kvm instances on a headless server. I'm using virt-manager 0.7.0 to manage them. In the past, I would SSH in and run virt-manager as root. Since running GTK apps as root is no good, I've switched to policykit authentication. By default, the libvirt policy only allows management if the user is in the active host session, which isn't the case with my SSH logins. Therefore I've added an override in /etc/PolicyKit/PolicyKit.conf: match action=org.libvirt.unix.manage return result=auth_admin_keep_session/ /match Now things generally work fine when SSHed in: - as root, virsh gives ro and rw access with no password - as jim, virsh gives ro access with no password, but requests a password for rw - as jim, virsh asks for a password for rw access But when accessing remotely, I get no useful error, and a hang: $ virsh -c qemu+ssh://j...@server/system libvir: Remote error : authentication failed process hangs here $ virsh --readonly -c qemu+ssh://j...@server/system libvir: Remote error : authentication failed process hangs here Furthermore, on the server, this leaves nc processes running, and eventually there are enough that libvirtd stops accepting new connections. I was also getting strange errors including: polkit-grant-helper: given auth type (8 - yes) is bogus but now I can't reproduce that for the life of me, I have no idea what changed. Is policykit authentication supposed to work over qemu+ssh? I was hoping it would at least not break the --readonly case. -jim -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [TCK PATCH] block devices: allow specification of size for safety
Eric Blake wrote: On 05/05/2010 01:31 PM, Jim Meyering wrote: Can we provide the option to specify the device serial number so that it's really impossible to trash the wrong device? Given that this is a good idea, next question is obviously how to get the serial number. One way seems to be via hdparm, e.g., hdparm -i /dev/sda /dev/sda: Model=ST3320620AS, FwRev=3.AAK, SerialNo=9QF6ET0H Great for SCSI, not so great for USB sticks: # hdparm -i /dev/sdb /dev/sdb: HDIO_DRIVE_CMD(identify) failed: Invalid exchange HDIO_GET_IDENTITY failed: Invalid argument # echo $? 22 Using a device path in /dev/disk/by-id/ would make more sense than specifying /dev/sdX if you're concerned about hitting the wrong disk. -jim -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list