Re: [libvirt] [PATCH] nwfilter: fix for directionality of ICMP traffic
On Wed, Apr 07, 2010 at 11:44:01AM -0400, Stefan Berger wrote: This patch enables the skipping of some of the ICMP traffic rules on the iptables level under certain circumstances so that the following filter properly enables unidirectional pings: filter name='testcase' uuidd6b1a2af-def6-2898-9f8d-4a74e3c39558/uuid !-- allow incoming ICMP Echo Request -- rule action='accept' direction='in' priority='500' icmp type='0'/ /rule !-- allow outgoing ICMP Echo Reply -- rule action='accept' direction='out' priority='500' icmp type='8'/ /rule !-- drop all other ICMP traffic -- rule action='drop' direction='inout' priority='600' icmp/ /rule /filter Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/nwfilter/nwfilter_ebiptables_driver.c | 108 +- 1 file changed, 64 insertions(+), 44 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c === --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -1022,6 +1022,12 @@ err_exit: * @ifname : The name of the interface to apply the rule to * @vars : A map containing the variables to resolve * @res : The data structure to store the result(s) into + * @match : optional string for state match + * @accept_target : where to jump to on accepted traffic, i.e., RETURN + *ACCEPT + * @isIPv6 : Whether this is an IPv6 rule + * @maySkipICMP : whether this rule may under certain circumstances skip + * the ICMP rule from being created * * Convert a single rule into its representation for later instantiation * @@ -1039,7 +1045,8 @@ _iptablesCreateRuleInstance(int directio virNWFilterRuleInstPtr res, const char *match, const char *accept_target, -bool isIPv6) +bool isIPv6, +bool maySkipICMP) { char chain[MAX_CHAINNAME_LENGTH]; char number[20]; @@ -1265,6 +1272,10 @@ _iptablesCreateRuleInstance(int directio if (HAS_ENTRY_ITEM(rule-p.icmpHdrFilter.dataICMPType)) { const char *parm; + +if (maySkipICMP) +goto exit_no_error; + if (rule-prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP) parm = --icmp-type; else @@ -1386,6 +1397,10 @@ err_exit: return -1; +exit_no_error: +virBufferFreeAndReset(buf); + +return 0; } @@ -1401,15 +1416,19 @@ iptablesCreateRuleInstance(virNWFilterDe int directionIn = 0; char chainPrefix[2]; int needState = 1; +bool maySkipICMP, inout = false; if ((rule-tt == VIR_NWFILTER_RULE_DIRECTION_IN) || (rule-tt == VIR_NWFILTER_RULE_DIRECTION_INOUT)) { directionIn = 1; needState = 0; +inout = (rule-tt == VIR_NWFILTER_RULE_DIRECTION_INOUT); } chainPrefix[0] = 'F'; +maySkipICMP = !directionIn !inout; + chainPrefix[1] = CHAINPREFIX_HOST_IN_TEMP; rc = _iptablesCreateRuleInstance(directionIn, chainPrefix, @@ -1421,10 +1440,14 @@ iptablesCreateRuleInstance(virNWFilterDe needState ? MATCH_STATE_OUT : NULL, RETURN, - isIPv6); + isIPv6, + maySkipICMP); if (rc) return rc; + +maySkipICMP = directionIn !inout; + chainPrefix[1] = CHAINPREFIX_HOST_OUT_TEMP; rc = _iptablesCreateRuleInstance(!directionIn, chainPrefix, @@ -1436,10 +1459,13 @@ iptablesCreateRuleInstance(virNWFilterDe needState ? MATCH_STATE_IN : NULL, ACCEPT, - isIPv6); + isIPv6, + maySkipICMP); if (rc) return rc; +maySkipICMP = !directionIn; + chainPrefix[0] = 'H'; chainPrefix[1] = CHAINPREFIX_HOST_IN_TEMP; rc = _iptablesCreateRuleInstance(directionIn, @@ -1451,9 +1477,8 @@ iptablesCreateRuleInstance(virNWFilterDe res, NULL, ACCEPT, - isIPv6); -if (rc) -return rc; + isIPv6, + maySkipICMP); return rc; }
Re: [libvirt] [PATCH v2] nwfilter: fix for directionality of ICMP traffic
On Wed, Apr 07, 2010 at 05:44:53PM -0400, Stefan Berger wrote: Changes from V1 to V2 of this patch - I had reversed the logic thinking that icmp type 0 is a echo request,but it's reply -- needed to reverse the logic - Found that ebtables takes the --ip-tos argument only as a hex number This patch enables the skipping of some of the ICMP traffic rules on the iptables level under certain circumstances so that the following filter properly enables unidirectional pings: Ah I hadn't seen v2, okay Okay, I see the change is in the initialization of maySkipICMP, fine, ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
On Wed, Apr 07, 2010 at 05:34:50PM -0400, Stefan Berger wrote: This patch adds new test cases to the existing nwfilter test program and adds a test script that must be run while a VM is running. This test script verifies that input network filter XML creates expected user-defined tables and rules on ebtables, iptables ip6tables layer and verifies their content against expected content. The idea is that these tools always return exactly the same output when displaying the content of a user-defined table so that the diff tool can be used for simple text comparison. All supported protocols have at least one test case. This test program is not run automatically since it requires a running VM. I'm wondering a bit about this. So far all our embedded tests from make tests are supposed to be agnostic on the machine state, and I wonder if it ain't preferable to kepp them that way. For example we have no real save/restore or migration tests here because like the nwfilter rukes testing that would require actual VM runnings. To me it seems this test should rather be targetted to the TCK, the separate test suite for libvirt: http://libvirt.org/git/?p=libvirt-tck.git that's really the place where tests relying on actual system behaviour should be implemented, and IMHO the more people start to look at it the better. Dan sent an introduction when he created the project http://www.mail-archive.com/libvir-list@redhat.com/msg12703.html and an update recently: http://www.mail-archive.com/libvir-list@redhat.com/msg21503.html so some of the hairy shell scripting for this test could be replaced with (less hairy ?) Perl testing, but in a framework really intended to have actual running domains. I understand that the current version of the test is not supposed to run if there is no domain target, but really it break the rule that libvirt make tests should not be dependant on the machine state, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] nwfilters: Test suite for checking created firewall entries
On Wed, Apr 07, 2010 at 02:53:28PM -0400, Stefan Berger wrote: This patch adds new test cases to the existing nwfilter test program and adds a test script that must be run while a VM is running. This test script verifies that input network filter XML creates expected user-defined tables and rules on ebtables, iptables ip6tables layer and verifies their content against expected content. The idea is that these tools always return exactly the same output when displaying the content of a user-defined table so that the diff tool can be used for simple text comparison. All supported protocols have at least one test case. This test program is not run automatically since it requires a running VM. I think this test should really be part of the libvirt-TCK, since that provides you the framework for running real VMs interacting with the host OS. The tests in libvirt/tests should all be unit tests which don't interact with the host system state Regards, Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix Win32 portability problems
On Wed, Apr 07, 2010 at 12:12:10PM -0600, Eric Blake wrote: +#ifdef WIN32 +int +virHookCall(int driver ATTRIBUTE_UNUSED, +const char *id ATTRIBUTE_UNUSED, +int op ATTRIBUTE_UNUSED, +int sub_op ATTRIBUTE_UNUSED, +const char *extra ATTRIBUTE_UNUSED, +const char *input ATTRIBUTE_UNUSED) { +virReportSystemError(ENOSYS, %s, + _(spawning hooks not supported on this platform)); +return -1; Good enough for now. But gnulib supports posix_spawn ported to mingw (currently LGPLv3, so we'd have to get it relaxed to LPGLv2 first); perhaps if we rewrite hooks to use posix_spawn() instead of fork()/exec(), then we can support hooks on mingw. posix_spawn() isn't really flexible enough to replace the virExec() functionality @@ -8425,7 +8430,7 @@ cmdSnapshotList(vshControl *ctl, const vshCmd *cmd) creation) 0) continue; localtime_r(creation, time_info); -strftime(timestr, sizeof(timestr), %F %T %z, time_info); +strftime(timestr, sizeof(timestr), %Y-%m-%d %H:%M:%S %z, time_info); Is this a case where we want localized output? Or is switching to fixed format a good move independently of mingw lacking localization? Gnulib provides strftime (but it is currently LGPLv3, and would need relaxing), if we want to go with localized output. %F %T are not localized formats anyway, so this isn't impacting that. THis is just a straight substitution expanding the shortcuts to the full syntax Regards, Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
Daniel Veillard veill...@redhat.com wrote on 04/08/2010 03:54:07 AM: Please respond to veillard On Wed, Apr 07, 2010 at 05:34:50PM -0400, Stefan Berger wrote: This patch adds new test cases to the existing nwfilter test program and adds a test script that must be run while a VM is running. This test script verifies that input network filter XML creates expected user-defined tables and rules on ebtables, iptables ip6tables layer and verifies their content against expected content. The idea is that these tools always return exactly the same output when displaying the content of a user-defined table so that the diff tool can be used for simple text comparison. All supported protocols have at least one test case. This test program is not run automatically since it requires a running VM. I'm wondering a bit about this. So far all our embedded tests from make tests are supposed to be agnostic on the machine state, and I wonder if it ain't preferable to kepp them that way. For example we have no real save/restore or migration tests here because like the nwfilter rukes testing that would require actual VM runnings. To me it seems this test should rather be targetted to the TCK, the separate test suite for libvirt: http://libvirt.org/git/?p=libvirt-tck.git that's really the place where tests relying on actual system behaviour should be implemented, and IMHO the more people start to look at it the better. Dan sent an introduction when he created the project http://www.mail-archive.com/libvir-list@redhat.com/msg12703.html and an update recently: http://www.mail-archive.com/libvir-list@redhat.com/msg21503.html so some of the hairy shell scripting for this test could be replaced with (less hairy ?) Perl testing, but in a framework really intended to have actual running domains. I understand that the current version of the test is not supposed to run if there is no domain target, but really it break the rule that libvirt make tests should not be dependant on the machine state, Ok, I'll adapt it for the TCK project. Stefan Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
On Thu, 2010-04-08 at 07:16 -0400, Stefan Berger wrote: Ok, I'll adapt it for the TCK project. Some time ago, I started with some libvirt-tck scripts - 210-no-mac-spoofing.t - 220-no-ip-spoofing.t - 230-no-mac-broadcast.t - 240-no-arp-spoofing.t which try to perform an action (like mac spoofing etc) and verify that the filter is working. Since the test scripts need to log in to the guest/domain to perform that action, they have certain requirements on the guest/domain like root password, installed utilities etc. Of course, I have a local guest which satisfies those requirements, but what is the best way to solve this in a libvirt-tck way? -- Best regards, Gerhard Stenzel, --- IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] FYI: [PATCH] Fix unterminated B... in virsh man page
FYI, I've just pushed the following trivial fix: From 7ea025aed0ff110bd7b5ab2037e04aa3205f2c13 Mon Sep 17 00:00:00 2001 Message-Id: 7ea025aed0ff110bd7b5ab2037e04aa3205f2c13.1270731158.git.jdene...@redhat.com From: Jiri Denemark jdene...@redhat.com Date: Thu, 8 Apr 2010 14:44:48 +0200 Subject: [PATCH] Fix unterminated B... in virsh man page Mail-Followup-To: libvir-list@redhat.com --- tools/virsh.pod |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/virsh.pod b/tools/virsh.pod index 9e9f4e0..1b5c1d6 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -312,7 +312,7 @@ Convert a domain name (or UUID) to a domain id Returns basic information about the domain. -=item Bdomjobabort Idomain-id-or-uuid +=item Bdomjobabort Idomain-id-or-uuid Abort the currently running domain job. -- 1.7.0.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] FYI: [PATCH] Fix unterminated B... in virsh man page
On 04/08/2010 06:54 AM, Jiri Denemark wrote: FYI, I've just pushed the following trivial fix: Returns basic information about the domain. -=item Bdomjobabort Idomain-id-or-uuid +=item Bdomjobabort Idomain-id-or-uuid Thanks. Looks like I flubbed that one. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
On Thu, Apr 08, 2010 at 02:48:35PM +0200, Gerhard Stenzel wrote: On Thu, 2010-04-08 at 07:16 -0400, Stefan Berger wrote: Ok, I'll adapt it for the TCK project. Some time ago, I started with some libvirt-tck scripts - 210-no-mac-spoofing.t - 220-no-ip-spoofing.t - 230-no-mac-broadcast.t - 240-no-arp-spoofing.t which try to perform an action (like mac spoofing etc) and verify that the filter is working. Since the test scripts need to log in to the guest/domain to perform that action, they have certain requirements on the guest/domain like root password, installed utilities etc. Of course, I have a local guest which satisfies those requirements, but what is the best way to solve this in a libvirt-tck way? Currently none of the libvirt TCK tests need to login to the guest OS, so we just auto-download boot the basic Fedora anaconda install kernel+initrd and create a blank disk image. Due to licensing complexity we can't distribute pre-built guest images directly with the TCK. So I think what we'd want todo is to write a kickstart file that installs a bare minimum Fedora guest OS, with a pre-set root password, ssh daemon active known IP address. Then use that with Rich Jones' febootstrap script to create the guest image at runtime. We'd cache the guest image between runs of the TCK, so the overhead of febootstrap will only be seen the first time. Then, your test scripts can simply request booting of a guest using this minimal guest image instead of the normal anaconda kernel/initrd the TCK uses. Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
Gerhard Stenzel gsten...@linux.vnet.ibm.com wrote on 04/08/2010 08:48:35 AM: On Thu, 2010-04-08 at 07:16 -0400, Stefan Berger wrote: Ok, I'll adapt it for the TCK project. Some time ago, I started with some libvirt-tck scripts - 210-no-mac-spoofing.t - 220-no-ip-spoofing.t - 230-no-mac-broadcast.t - 240-no-arp-spoofing.t which try to perform an action (like mac spoofing etc) and verify that the filter is working. I think those types of tests are useful. The ones I would want to add just make sure that the created firewall rules and tables are as expected given a certain filter as input, without having to log into the VM. If possible, I'd like to keep the bash script for running the test, since I don't know Perl. Regardsm Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2]
On Thu, 2010-04-08 at 14:07 +0100, Daniel P. Berrange wrote: So I think what we'd want todo is to write a kickstart file that installs a bare minimum Fedora guest OS, with a pre-set root password, ssh daemon active known IP address. Then use that with Rich Jones' febootstrap script to create the guest image at runtime. We'd cache the guest image between runs of the TCK, so the overhead of febootstrap will only be seen the first time. febootstrap seems like a good way to prepare a guest with the necessary files in it, but I have not found anything in febootstrap about kickstart support or installation in a disk image. Have I overlooked something? So. my understanding of your proposal is: - create a image file with qemu-img - loop back mount that image file - use febootstrap to install a fedora file system into image file I still have some problems setting the root password via febootstrap-run. Message is: passwd: Can not identity you Would the call to febootstrap be part of a libvirt-TCK script? An alternative could be use cmdline/ in the domain xml to pass the kickstart file to the basic Fedora anaconda install kernel+initrd and do the installation from the guest itself. -- Best regards, Gerhard Stenzel, --- IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Problems accessing ESX using libvirt
2010/4/8 Matthew Booth mbo...@redhat.com: I was forwarded the following query relating to v2v: === There are no firewalls between the hosts and the ESX firewall is configured to allow all incoming outgoing connections. The virsh -c 'esx://elabhost011.xxx/' list --all command also fails in the same way as the virt-v2v command. When I run the 'virsh list' command it doesn't prompt for a username/password as in the example below. If I run tcpdump on the ESX host, when 'virsh list' is run, I see the packet arrive from the test box and a reply sent back, only these two packets are sent between the hosts: 09:51:20.205524 bwyhs0020p.xxx.56436 elabhost011.xxx.16514: S 338(0) win 5840 mss 1460,sackOK,timestamp 1214177495 0,nop,wscale 7 (DF) 09:51:20.205544 elabhost011.xxx.16514 bwyhs0020p.xxx.56436: R 0:9 win 0 (DF) The problem is there is nothing listening on port 16514 on the ESX host, hence the Connection refused message. Should the connection be using the TSL port as opposed to a 'ESX' port? === The user is using libvirt 0.6.3-20.1.el5_4. Unfortunately I'm not intimately familiar with how the libvirt ESX driver magic works. Can anybody shed any light? Thanks, ESX support was added in libvirt 0.7.0. So libvirt 0.6.3 is too old. Libvirt will give unexpected error messages when you give it URIs that no driver handles. For example if no local driver claims to handle an URI the remote driver will try to connect to a libvirtd on the server and uses TLS (default libvirt port 16514) for that. That's what you see in the tcpdump there. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Problems accessing ESX using libvirt
On 08/04/10 16:37, Matthias Bolte wrote: ESX support was added in libvirt 0.7.0. So libvirt 0.6.3 is too old. Libvirt will give unexpected error messages when you give it URIs that no driver handles. For example if no local driver claims to handle an URI the remote driver will try to connect to a libvirtd on the server and uses TLS (default libvirt port 16514) for that. That's what you see in the tcpdump there. Thanks, Matthias. Matt -- Matthew Booth, RHCA, RHCSS Red Hat Engineering, Virtualisation Team M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 06/15] Generate libvirt.def from libvirt.syms
2010/4/7 Daniel P. Berrange berra...@redhat.com: On Mon, Mar 22, 2010 at 02:25:36AM +0100, Matthias Bolte wrote: The MinGW linker needs the libvirt.def file. --- configure.ac | 5 + src/.gitignore | 1 + src/Makefile.am | 15 +++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index bcf1d5a..6e568ee 100644 --- a/configure.ac +++ b/configure.ac @@ -1733,6 +1733,7 @@ CYGWIN_EXTRA_LIBADD= CYGWIN_EXTRA_PYTHON_LIBADD= MINGW_EXTRA_LDFLAGS= WIN32_EXTRA_CFLAGS= +LIBVIRT_SYMBOL_FILE=libvirt.syms case $host in *-*-cygwin*) CYGWIN_EXTRA_LDFLAGS=-no-undefined @@ -1752,6 +1753,9 @@ case $host in if test x$enable_shared = xno; then WIN32_EXTRA_CFLAGS=-DLIBVIRT_STATIC fi + # Also set the symbol file to .def, so src/Makefile generates libvirt.def + # from libvirt.syms and passes libvirt.def instead of libvirt.syms to the linker + LIBVIRT_SYMBOL_FILE=libvirt.def ;; esac AC_SUBST([CYGWIN_EXTRA_LDFLAGS]) @@ -1759,6 +1763,7 @@ AC_SUBST([CYGWIN_EXTRA_LIBADD]) AC_SUBST([CYGWIN_EXTRA_PYTHON_LIBADD]) AC_SUBST([MINGW_EXTRA_LDFLAGS]) AC_SUBST([WIN32_EXTRA_CFLAGS]) +AC_SUBST([LIBVIRT_SYMBOL_FILE]) dnl Look for windres to build a Windows icon resource. AC_CHECK_TOOL([WINDRES], [windres], [no]) diff --git a/src/.gitignore b/src/.gitignore index 26b8689..a5c27a5 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -12,6 +12,7 @@ Makefile.in *.cov libvirt_parthelper libvirt_lxc +libvirt.def libvirt.syms *.i *.s diff --git a/src/Makefile.am b/src/Makefile.am index 0aa3443..fea1bd3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -828,7 +828,7 @@ EXTRA_DIST += \ libvirt_macvtap.syms \ libvirt_daemon.syms -BUILT_SOURCES = libvirt.syms +BUILT_SOURCES = libvirt.syms libvirt.def libvirt.syms: libvirt_public.syms $(USED_SYM_FILES) rm -f $...@-tmp $@ @@ -844,18 +844,25 @@ libvirt.syms: libvirt_public.syms $(USED_SYM_FILES) chmod a-w $...@-tmp mv $...@-tmp libvirt.syms +libvirt.def: libvirt.syms + rm -f -- $...@-tmp $@ + printf 'EXPORTS\n' $...@-tmp + sed -e '/^$$/d; /#/d; /:/d; /\}/d; /\*/d; /LIBVIRT_/d; s/\(.*\)\;/\1/g' $^ $...@-tmp + chmod a-w $...@-tmp + mv $...@-tmp libvirt.def + # Empty source list - it merely links a bunch of convenience libs together libvirt_la_SOURCES = libvirt_la_LIBADD += \ $(CYGWIN_EXTRA_LIBADD) ../gnulib/lib/libgnu.la -libvirt_la_LDFLAGS = $(VERSION_SCRIPT_FLAGS)libvirt.syms \ +libvirt_la_LDFLAGS = $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(COVERAGE_CFLAGS:-f%=-Wc,-f%) \ $(LIBXML_LIBS) \ $(DRIVER_MODULE_LIBS) \ $(CYGWIN_EXTRA_LDFLAGS) $(MINGW_EXTRA_LDFLAGS) libvirt_la_CFLAGS = $(COVERAGE_CFLAGS) -DIN_LIBVIRT -libvirt_la_DEPENDENCIES = $(libvirt_la_LIBADD) libvirt.syms +libvirt_la_DEPENDENCIES = $(libvirt_la_LIBADD) $(LIBVIRT_SYMBOL_FILE) # Create an automake convenience library version of libvirt_la, # just for testing, since the test harness requires access to internal @@ -865,7 +872,7 @@ noinst_LTLIBRARIES += libvirt_test.la # Remove version script from convenience library test_LDFLAGS = \ $$(echo '$(libvirt_la_LDFLAGS)' \ - |sed 's!$(VERSION_SCRIPT_FLAGS)libvirt.syms!!' \ + |sed 's!$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_SYMBOL_FILE)!!' \ |sed 's!-version-info $(LIBVIRT_VERSION_INFO)!!') # Just like the above, but with a slightly different set of public symbols. I've re-examined this now to discover why we had this regression. Originally, say in 0.7.5, everything was linking fine on Mingw32 without this .defs file. I figured out that this is because Mingw32 was ignoring our .syms file, and using its default logic of exporting *everything* :-) Then, in commit 190aaa2627a8c6e455088f1e7801708fb5f123b1 Author: Matthias Bolte matthias.bo...@googlemail.com Date: Tue Mar 16 23:54:22 2010 +0100 Fix export of virConnectAuthPtrDefault for MinGW builds Use the __declspec(dllexport/dllimport) stuff to export the symbol, otherwise accessing virConnectAuthPtrDefault triggers a segfault. We used declspec() on the virConnectAuthPtrDefault. This turned off the Mingw32 logic that exported everything thus caused virsh link failures. Adding this .defs file as per your patch re-exports everything. It sucks that we export everything, but it is no worse than the old situation we had on mingw. ACK to this patch Daniel Okay, I rebased and pushed it. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 07/15] virsh: Handle absence of SA_SIGINFO
2010/4/7 Daniel P. Berrange berra...@redhat.com: On Mon, Mar 22, 2010 at 02:25:37AM +0100, Matthias Bolte wrote: MinGW and gnulib don't provide SA_SIGINFO on Windows. --- tools/virsh.c | 4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 32895b2..1c932bd 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -411,11 +411,13 @@ static int disconnected = 0; /* we may have been disconnected */ * We get here when a SIGPIPE is being raised, we can't do much in the * handler, just save the fact it was raised */ +#ifdef SA_SIGINFO static void vshCatchDisconnect(int sig, siginfo_t * siginfo, void* context ATTRIBUTE_UNUSED) { if ((sig == SIGPIPE) || (siginfo-si_signo == SIGPIPE)) disconnected++; } +#endif /* * vshSetupSignals: @@ -425,6 +427,7 @@ static void vshCatchDisconnect(int sig, siginfo_t * siginfo, */ static void vshSetupSignals(void) { +#ifdef SA_SIGINFO struct sigaction sig_action; sig_action.sa_sigaction = vshCatchDisconnect; @@ -432,6 +435,7 @@ vshSetupSignals(void) { sigemptyset(sig_action.sa_mask); sigaction(SIGPIPE, sig_action, NULL); +#endif } /* -- THis patch doesn't appear to have been pushed... Regards, Daniel You already included this into your Fix Win32 portability problems patch. so this patch is not necessary anymore. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] esx: Add domain snapshot support
2010/4/7 Daniel Veillard veill...@redhat.com: On Wed, Apr 07, 2010 at 12:00:01PM +0200, Matthias Bolte wrote: Fix invalid code generating in esx_vi_generator.py regarding deep copy types that contain enum properties. Add strptime and timegm to bootstrap.conf. Both are used to convert a xsd:dateTime to calendar time. --- bootstrap.conf | 2 + src/esx/esx_driver.c | 468 +--- src/esx/esx_vi.c | 290 + src/esx/esx_vi.h | 27 +++ src/esx/esx_vi_generator.input | 12 + src/esx/esx_vi_generator.py | 25 ++- src/esx/esx_vi_methods.c | 86 src/esx/esx_vi_methods.h | 14 ++ src/esx/esx_vi_types.c | 99 + src/esx/esx_vi_types.h | 12 + 10 files changed, 990 insertions(+), 45 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index ac2f8e6..ca9332d 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -52,9 +52,11 @@ stpcpy strchrnul strndup strerror +strptime strsep sys_stat time_r +timegm useless-if-before-free vasprintf verify Okay, IIRC the environment checks for LGPL licence compat Yes, but no problem here, both are LGPLv2+. diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index eb06555..5272654 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c pure formatting changes on this module [...] +static virDomainSnapshotPtr +esxDomainSnapshotCreateXML(virDomainPtr domain, const char *xmlDesc, + unsigned int flags ATTRIBUTE_UNUSED) +{ [...] +} + Looks fine + +static char * +esxDomainSnapshotDumpXML(virDomainSnapshotPtr snapshot, + unsigned int flags ATTRIBUTE_UNUSED) +{ + esxPrivate *priv = snapshot-domain-conn-privateData; + esxVI_VirtualMachineSnapshotTree *rootSnapshotList = NULL; + esxVI_VirtualMachineSnapshotTree *snapshotTree = NULL; + esxVI_VirtualMachineSnapshotTree *snapshotTreeParent = NULL; + virDomainSnapshotDef def; + char uuid_string[VIR_UUID_STRING_BUFLEN] = ; + char *xml = NULL; + + memset(def, 0, sizeof (virDomainSnapshotDef)); + + if (esxVI_EnsureSession(priv-host) 0) { + goto failure; + } + + if (esxVI_LookupRootSnapshotTreeList(priv-host, snapshot-domain-uuid, + rootSnapshotList) 0 || + esxVI_GetSnapshotTreeByName(rootSnapshotList, snapshot-name, + snapshotTree, snapshotTreeParent, + esxVI_Occurrence_RequiredItem) 0) { + goto failure; + } + + def.name = snapshot-name; + def.description = snapshotTree-description; + def.parent = snapshotTreeParent != NULL ? snapshotTreeParent-name : NULL; + + if (esxVI_DateTime_ConvertToCalendarTime(snapshotTree-createTime, + def.creationTime) 0) { + goto failure; + } + + def.state = esxVI_VirtualMachinePowerState_ConvertToLibvirt + (snapshotTree-state); + + virUUIDFormat(snapshot-domain-uuid, uuid_string); + + xml = virDomainSnapshotDefFormat(uuid_string, def, 0); + + cleanup: + esxVI_VirtualMachineSnapshotTree_Free(rootSnapshotList); + + return xml; + + failure: + VIR_FREE(xml); + + goto cleanup; +} + Okay, I we will need to check if virDomainSnapshotDef ever grow to get new fields, but the memset should prevent problems anyway. + +static int +esxDomainSnapshotNum(virDomainPtr domain, unsigned int flags ATTRIBUTE_UNUSED) +{ [...] +} + looks fine but we should probably raise an error if flags != 0 since this is not supported in this API level Okay, added those checks now. + +static int +esxDomainSnapshotListNames(virDomainPtr domain, char **names, int nameslen, + unsigned int flags ATTRIBUTE_UNUSED) +{ [..] +} + same here + +static virDomainSnapshotPtr +esxDomainSnapshotLookupByName(virDomainPtr domain, const char *name, + unsigned int flags ATTRIBUTE_UNUSED) +{ + esxPrivate *priv = domain-conn-privateData; + esxVI_VirtualMachineSnapshotTree *rootSnapshotTreeList = NULL; + esxVI_VirtualMachineSnapshotTree *snapshotTree = NULL; + esxVI_VirtualMachineSnapshotTree *snapshotTreeParent = NULL; + virDomainSnapshotPtr snapshot = NULL; + + if (esxVI_EnsureSession(priv-host) 0) { + goto failure; + } + + if (esxVI_LookupRootSnapshotTreeList(priv-host, domain-uuid, + rootSnapshotTreeList) 0 || + esxVI_GetSnapshotTreeByName(rootSnapshotTreeList, name, snapshotTree, + snapshotTreeParent, + esxVI_Occurrence_RequiredItem) 0) { + goto failure; + } + + snapshot =
[libvirt] [PATCH 0/1] enospace disk error policy
Dan Kenigsberg requested that we add an option to explicitly request enospace as the disk error policy. David Allan (1): Add enospace option to qemu disk error policy docs/schemas/domain.rng|1 + src/conf/domain_conf.c |3 +- src/conf/domain_conf.h |1 + src/qemu/qemu_conf.c |2 + tests/qemuargv2xmltest.c |3 ++ ...uxml2argv-disk-drive-error-policy-enospace.args |1 + ...muxml2argv-disk-drive-error-policy-enospace.xml | 32 7 files changed, 42 insertions(+), 1 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/1] Add enospace option to qemu disk error policy
* Dan Kenigsberg requested explicit support for the qemu default disk error policy which is enospace --- docs/schemas/domain.rng|1 + src/conf/domain_conf.c |3 +- src/conf/domain_conf.h |1 + src/qemu/qemu_conf.c |2 + tests/qemuargv2xmltest.c |3 ++ ...uxml2argv-disk-drive-error-policy-enospace.args |1 + ...muxml2argv-disk-drive-error-policy-enospace.xml | 32 7 files changed, 42 insertions(+), 1 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng index 58c9fcb..56b6705 100644 --- a/docs/schemas/domain.rng +++ b/docs/schemas/domain.rng @@ -629,6 +629,7 @@ choice valuestop/value valueignore/value +valueenospace/value /choice /attribute /define diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3cd43eb..2de838b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -129,7 +129,8 @@ VIR_ENUM_IMPL(virDomainDiskCache, VIR_DOMAIN_DISK_CACHE_LAST, VIR_ENUM_IMPL(virDomainDiskErrorPolicy, VIR_DOMAIN_DISK_ERROR_POLICY_LAST, default, stop, - ignore) + ignore, + enospace) VIR_ENUM_IMPL(virDomainController, VIR_DOMAIN_CONTROLLER_TYPE_LAST, ide, diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 5c64a47..82f2d15 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -156,6 +156,7 @@ enum virDomainDiskErrorPolicy { VIR_DOMAIN_DISK_ERROR_POLICY_DEFAULT, VIR_DOMAIN_DISK_ERROR_POLICY_STOP, VIR_DOMAIN_DISK_ERROR_POLICY_IGNORE, +VIR_DOMAIN_DISK_ERROR_POLICY_ENOSPACE, VIR_DOMAIN_DISK_ERROR_POLICY_LAST }; diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index df57d88..48252a5 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -4938,6 +4938,8 @@ qemuParseCommandLineDisk(const char *val, def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_STOP; else if (STREQ(values[i], ignore)) def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_IGNORE; +else if (STREQ(values[i], enospace)) +def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_ENOSPACE; } else if (STREQ(keywords[i], index)) { if (virStrToLong_i(values[i], NULL, 10, idx) 0) { virDomainDiskDefFree(def); diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index b330238..bd81018 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -165,6 +165,9 @@ mymain(int argc, char **argv) DO_TEST(disk-drive-error-policy-stop, QEMUD_CMD_FLAG_DRIVE | QEMUD_CMD_FLAG_MONITOR_JSON | QEMUD_CMD_FLAG_DRIVE_FORMAT); +DO_TEST(disk-drive-error-policy-enospace, QEMUD_CMD_FLAG_DRIVE | +QEMUD_CMD_FLAG_MONITOR_JSON | +QEMUD_CMD_FLAG_DRIVE_FORMAT); DO_TEST(disk-drive-cache-v2-wt, QEMUD_CMD_FLAG_DRIVE | QEMUD_CMD_FLAG_DRIVE_CACHE_V2); DO_TEST(disk-drive-cache-v2-wb, QEMUD_CMD_FLAG_DRIVE | diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args new file mode 100644 index 000..c208821 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args @@ -0,0 +1 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=qcow2,cache=off,werror=enospace,rerror=enospace -drive file=/dev/HostVG/QEMUGuest2,if=ide,media=cdrom,bus=1,unit=0,format=raw -net none -serial none -parallel none -usb diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml new file mode 100644 index 000..8fe64d4 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml @@ -0,0 +1,32 @@ +domain type='qemu' + nameQEMUGuest1/name + uuidc7a5fdbd-edaf-9455-926a-d65c16db1809/uuid + memory219200/memory + currentMemory219200/currentMemory + vcpu1/vcpu + os +type arch='i686' machine='pc'hvm/type +boot dev='hd'/ + /os + clock offset='utc'/ + on_poweroffdestroy/on_poweroff + on_rebootrestart/on_reboot + on_crashdestroy/on_crash + devices +emulator/usr/bin/qemu/emulator +disk type='block' device='disk' + driver name='qemu' type='qcow2' cache='none' error_policy='enospace'/ + source dev='/dev/HostVG/QEMUGuest1'/ +
[libvirt] [PATCH] Remove undefined symbols from symbols file
--- src/libvirt_private.syms |7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 814e2d8..b76f2da 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -209,7 +209,6 @@ virDomainTimerModeTypeFromString; virDomainSnapshotObjListGetNames; virDomainSnapshotObjListNum; virDomainSnapshotFindByName; -virDomainSnapshotObjListAdd; virDomainSnapshotObjListRemove; virDomainSnapshotHasChildren; virDomainSnapshotObjUnref; @@ -516,11 +515,7 @@ virNWFilterInstantiateFilter; virNWFilterTeardownFilter; -#nwfilter_learnipaddr.h -ipAddressMap; -ipAddressMapLock; -pendingLearnReq; -pendingLearnReqLock; +# nwfilter_learnipaddr.h virNWFilterGetIpAddrForIfname; virNWFilterDelIpAddrForIfname; virNWFilterLookupLearnReq; -- 1.6.3.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/1] Add enospace option to qemu disk error policy
On Thu, Apr 08, 2010 at 04:11:33PM -0400, David Allan wrote: * Dan Kenigsberg requested explicit support for the qemu default disk error policy which is enospace --- docs/schemas/domain.rng|1 + src/conf/domain_conf.c |3 +- src/conf/domain_conf.h |1 + src/qemu/qemu_conf.c |2 + tests/qemuargv2xmltest.c |3 ++ ...uxml2argv-disk-drive-error-policy-enospace.args |1 + ...muxml2argv-disk-drive-error-policy-enospace.xml | 32 7 files changed, 42 insertions(+), 1 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng index 58c9fcb..56b6705 100644 --- a/docs/schemas/domain.rng +++ b/docs/schemas/domain.rng @@ -629,6 +629,7 @@ choice valuestop/value valueignore/value +valueenospace/value /choice /attribute /define diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3cd43eb..2de838b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -129,7 +129,8 @@ VIR_ENUM_IMPL(virDomainDiskCache, VIR_DOMAIN_DISK_CACHE_LAST, VIR_ENUM_IMPL(virDomainDiskErrorPolicy, VIR_DOMAIN_DISK_ERROR_POLICY_LAST, default, stop, - ignore) + ignore, + enospace) VIR_ENUM_IMPL(virDomainController, VIR_DOMAIN_CONTROLLER_TYPE_LAST, ide, diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 5c64a47..82f2d15 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -156,6 +156,7 @@ enum virDomainDiskErrorPolicy { VIR_DOMAIN_DISK_ERROR_POLICY_DEFAULT, VIR_DOMAIN_DISK_ERROR_POLICY_STOP, VIR_DOMAIN_DISK_ERROR_POLICY_IGNORE, +VIR_DOMAIN_DISK_ERROR_POLICY_ENOSPACE, VIR_DOMAIN_DISK_ERROR_POLICY_LAST }; diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index df57d88..48252a5 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -4938,6 +4938,8 @@ qemuParseCommandLineDisk(const char *val, def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_STOP; else if (STREQ(values[i], ignore)) def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_IGNORE; +else if (STREQ(values[i], enospace)) +def-error_policy = VIR_DOMAIN_DISK_ERROR_POLICY_ENOSPACE; } else if (STREQ(keywords[i], index)) { if (virStrToLong_i(values[i], NULL, 10, idx) 0) { virDomainDiskDefFree(def); diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index b330238..bd81018 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -165,6 +165,9 @@ mymain(int argc, char **argv) DO_TEST(disk-drive-error-policy-stop, QEMUD_CMD_FLAG_DRIVE | QEMUD_CMD_FLAG_MONITOR_JSON | QEMUD_CMD_FLAG_DRIVE_FORMAT); +DO_TEST(disk-drive-error-policy-enospace, QEMUD_CMD_FLAG_DRIVE | +QEMUD_CMD_FLAG_MONITOR_JSON | +QEMUD_CMD_FLAG_DRIVE_FORMAT); DO_TEST(disk-drive-cache-v2-wt, QEMUD_CMD_FLAG_DRIVE | QEMUD_CMD_FLAG_DRIVE_CACHE_V2); DO_TEST(disk-drive-cache-v2-wb, QEMUD_CMD_FLAG_DRIVE | diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args new file mode 100644 index 000..c208821 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.args @@ -0,0 +1 @@ +LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -drive file=/dev/HostVG/QEMUGuest1,if=ide,bus=0,unit=0,format=qcow2,cache=off,werror=enospace,rerror=enospace -drive file=/dev/HostVG/QEMUGuest2,if=ide,media=cdrom,bus=1,unit=0,format=raw -net none -serial none -parallel none -usb diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml new file mode 100644 index 000..8fe64d4 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-policy-enospace.xml @@ -0,0 +1,32 @@ +domain type='qemu' + nameQEMUGuest1/name + uuidc7a5fdbd-edaf-9455-926a-d65c16db1809/uuid + memory219200/memory + currentMemory219200/currentMemory + vcpu1/vcpu + os +type arch='i686' machine='pc'hvm/type +boot dev='hd'/ + /os + clock offset='utc'/ + on_poweroffdestroy/on_poweroff + on_rebootrestart/on_reboot + on_crashdestroy/on_crash + devices +
Re: [libvirt] [PATCH] Remove undefined symbols from symbols file
On Thu, Apr 08, 2010 at 10:16:42PM +0200, Matthias Bolte wrote: --- src/libvirt_private.syms |7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 814e2d8..b76f2da 100644 -#nwfilter_learnipaddr.h -ipAddressMap; -ipAddressMapLock; -pendingLearnReq; -pendingLearnReqLock; Huh I though I had removed them before the commit ?!? +# nwfilter_learnipaddr.h virNWFilterGetIpAddrForIfname; virNWFilterDelIpAddrForIfname; virNWFilterLookupLearnReq; thanks for catching this, ACK Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Remove undefined symbols from symbols file
2010/4/8 Daniel Veillard veill...@redhat.com: On Thu, Apr 08, 2010 at 10:16:42PM +0200, Matthias Bolte wrote: --- src/libvirt_private.syms | 7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 814e2d8..b76f2da 100644 -#nwfilter_learnipaddr.h -ipAddressMap; -ipAddressMapLock; -pendingLearnReq; -pendingLearnReqLock; Huh I though I had removed them before the commit ?!? +# nwfilter_learnipaddr.h virNWFilterGetIpAddrForIfname; virNWFilterDelIpAddrForIfname; virNWFilterLookupLearnReq; thanks for catching this, ACK Daniel Okay pushed. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [RFC] Unify KVM kernel-space and user-space code into a single project
Hi, I am moving this thread here as this seems more appropriate. Sorry it has taken so long.. Here are 2 things that really get in the way of moving my existing installations to libvirt: * I tend to store much meta data with each VM instance: it can be things like ownership (contact details as text), monitoring info (sms phone numbers), backup (list of paths), firewall rules (custom syntax, with failover rules, etc), etc. At the moment, these extra bits of information consist of just a few optional lines of shell in each VM's definition file. I can extend these whenever I need, enumerate the VMs using the standard mechanism and trigger my specific actions as needed (firewall rules, backup or whatever). I see no way of doing this with libvirt. But please correct me if I am wrong. * not everything is exposed via libvirt: virsh can retrieve vncdisplay but libvirt (or at least the python bindings) does not. How come? This happens to be one thing I need for writing a libvirt backend for my virtual desktop software. Cheers Antoine Antoine Martin wrote: Hi Daniel, I'll take a look and get back to you asap. Cheers Antoine Daniel P. Berrange wrote: On Tue, Mar 23, 2010 at 03:00:28AM +0700, Antoine Martin wrote: On 03/23/2010 02:15 AM, Anthony Liguori wrote: On 03/22/2010 12:55 PM, Avi Kivity wrote: Lets look at the ${HOME}/.qemu/qmp/ enumeration method suggested by Anthony. There's numerous ways that this can break: I don't like it either. We have libvirt for enumerating guests. We're stuck in a rut with libvirt and I think a lot of the dissatisfaction with qemu is rooted in that. It's not libvirt that's the probably, but the relationship between qemu and libvirt. +1 The obvious reason why so many people still use shell scripts rather than libvirt is because if it just doesn't provide what they need. Every time I've looked at it (and I've been looking for a better solution for many years), it seems that it would have provided most of the things I needed, but the remaining bits were unsolvable. If you happen to remember what missing features prevented you choosing libvirt, that would be invaluable information for us, to see if there are quick wins that will help out. We got very useful feedback when recently asking people this same question http://rwmj.wordpress.com/2010/01/07/quick-quiz-what-stops-you-from-using-libvirt/ Allowing arbitrary passthrough of QEMU commands/args will solve some of these issues, but certainly far from solving all of them. eg guest cut+ paste, host side control of guest screen resolution, easier x509/TLS configuration for remote management, soft reboot, Windows desktop support for virt-manager, host network interface management/setup, etc Regards, Daniel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 17/30] remote: Remove virConnectPtr from error/errorf
2010/4/5 Eric Blake ebl...@redhat.com: On 04/04/2010 11:36 AM, Matthias Bolte wrote: Also unify error/errorf to remoteError and update cfg.mk accordingly. +++ b/src/remote/remote_driver.c @@ -239,11 +239,9 @@ static int remoteAuthSASL (virConnectPtr conn, struct private_data *priv, int in static int remoteAuthPolkit (virConnectPtr conn, struct private_data *priv, int in_open, virConnectAuthPtr auth); #endif /* HAVE_POLKIT */ -#define error(conn, code, info) \ - virReportErrorHelper(conn, VIR_FROM_QEMU, code, __FILE__, \ - __FUNCTION__, __LINE__, %s, info) -#define errorf(conn, code, ...) \ - virReportErrorHelper(conn, VIR_FROM_QEMU, code, __FILE__, \ + +#define remoteError(code, ...) \ + virReportErrorHelper(NULL, VIR_FROM_REMOTE, code, __FILE__, \ __FUNCTION__, __LINE__, __VA_ARGS__) I like the renaming, especially since our use of the fixed-arg preprocessor macro error() was at odds with glibc's variadic function of the same name. ACK, and the rest of the patch is mechanical fallout. Thanks, pushed. @@ -825,8 +824,9 @@ doRemoteOpen (virConnectPtr conn, case trans_unix: case trans_ssh: case trans_ext: - error (conn, VIR_ERR_INVALID_ARG, - _(transport methods unix, ssh and ext are not supported under Windows)); + remoteError(VIR_ERR_INVALID_ARG, %s, + _(transport methods unix, ssh and ext are not supported + under Windows)); I see why you broke this line, to fit 80 columns, but that can impact grep-ability of the original message. Is there any policy on this? I'm not aware of any policy for this, but we have many error messages split into multiple lines already. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 28/30] remote: Replace some virRaiseError with remoteError
2010/4/5 Eric Blake ebl...@redhat.com: On 04/04/2010 11:36 AM, Matthias Bolte wrote: --- src/remote/remote_driver.c | 29 - 1 files changed, 12 insertions(+), 17 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 19a4c03..16ffe21 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -6583,11 +6583,9 @@ static char *addrToString(struct sockaddr_storage *sa, socklen_t salen) host, sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { - virRaiseError (VIR_FROM_REMOTE, - VIR_ERR_UNKNOWN_HOST, VIR_ERR_ERROR, - NULL, NULL, NULL, 0, 0, - _(Cannot resolve address %d: %s), - err, gai_strerror(err)); + remoteError(VIR_ERR_UNKNOWN_HOST, + _(Cannot resolve address %d: %s), + err, gai_strerror(err)); Unrelated to your patch, but it seems like %d err is less than helpful here, particularly given that we immediately translate it into a string with gai_strerror(err). More useful would be Cannot resolve address %s: %s, some_conversion_to_string(host, port), to let the user know what address could not be translated. At any rate, ACK to this patch. Thanks, pushed. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] nwfilter: More XML parser test cases
This patch adds a couple more nwfilter test cases for the XML parser tests. Signed-off-by: Stefan Berger stef...@us.ibm.com Index: libvirt-acl/tests/nwfilterxml2xmlin/ipt-no-macspoof-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/ipt-no-macspoof-test.xml @@ -0,0 +1,14 @@ +filter name='testcase' + uuid5c6d49af-b071-6127-b4ec-6f8ed4b55335/uuid + rule action='drop' direction='inout' + !-- should use $MAC for MAC address, but tests would depend on VM's + MAC address -- + all match='no' srcmacaddr='12:34:56:78:9a:bc'/ + /rule + + rule action='drop' direction='in' + !-- not accepting incoming traffic from a certain MAC address -- + all match='no' srcmacaddr='aa:aa:aa:aa:aa:aa'/ + /rule + +/filter Index: libvirt-acl/tests/nwfilterxml2xmltest.c === --- libvirt-acl.orig/tests/nwfilterxml2xmltest.c +++ libvirt-acl/tests/nwfilterxml2xmltest.c @@ -114,6 +114,10 @@ mymain(int argc, char **argv) DO_TEST(ref-test); DO_TEST(ref-rule-test); +DO_TEST(ipt-no-macspoof-test); +DO_TEST(icmp-direction-test); +DO_TEST(icmp-direction2-test); +DO_TEST(icmp-direction3-test); return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE); } Index: libvirt-acl/tests/nwfilterxml2xmlout/ipt-no-macspoof-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/ipt-no-macspoof-test.xml @@ -0,0 +1,9 @@ +filter name='testcase' chain='root' + uuid5c6d49af-b071-6127-b4ec-6f8ed4b55335/uuid + rule action='drop' direction='inout' priority='500' +all match='no' srcmacaddr='12:34:56:78:9a:bc'/ + /rule + rule action='drop' direction='in' priority='500' +all match='no' srcmacaddr='aa:aa:aa:aa:aa:aa'/ + /rule +/filter Index: libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction-test.xml @@ -0,0 +1,15 @@ +filter name='testcase' +uuidf4b3f745-d23d-2ee6-218a-d5671611229b/uuid +!-- allow incoming ICMP Echo Reply -- +rule action='accept' direction='in' priority='500' +icmp type='0'/ +/rule +!-- allow outgoing ICMP Echo Request -- +rule action='accept' direction='out' priority='500' +icmp type='8'/ +/rule +!-- drop all other ICMP traffic -- +rule action='drop' direction='inout' priority='600' +icmp/ +/rule +/filter Index: libvirt-acl/tests/nwfilterxml2xmlout/icmp-direction-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/icmp-direction-test.xml @@ -0,0 +1,12 @@ +filter name='testcase' chain='root' + uuidf4b3f745-d23d-2ee6-218a-d5671611229b/uuid + rule action='accept' direction='in' priority='500' +icmp type='0'/ + /rule + rule action='accept' direction='out' priority='500' +icmp type='8'/ + /rule + rule action='drop' direction='inout' priority='600' +icmp/ + /rule +/filter Index: libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction2-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction2-test.xml @@ -0,0 +1,15 @@ +filter name='testcase' +uuidd6b1a2af-def6-2898-9f8d-4a74e3c39558/uuid +!-- allow incoming ICMP Echo Request -- +rule action='accept' direction='in' priority='500' +icmp type='8'/ +/rule +!-- allow outgoing ICMP Echo Reply -- +rule action='accept' direction='out' priority='500' +icmp type='0'/ +/rule +!-- drop all other ICMP traffic -- +rule action='drop' direction='inout' priority='600' +icmp/ +/rule +/filter Index: libvirt-acl/tests/nwfilterxml2xmlout/icmp-direction2-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlout/icmp-direction2-test.xml @@ -0,0 +1,12 @@ +filter name='testcase' chain='root' + uuidd6b1a2af-def6-2898-9f8d-4a74e3c39558/uuid + rule action='accept' direction='in' priority='500' +icmp type='8'/ + /rule + rule action='accept' direction='out' priority='500' +icmp type='0'/ + /rule + rule action='drop' direction='inout' priority='600' +icmp/ + /rule +/filter Index: libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction3-test.xml === --- /dev/null +++ libvirt-acl/tests/nwfilterxml2xmlin/icmp-direction3-test.xml @@ -0,0 +1,10 @@ +filter name='testcase' +uuidd6b1a2af-def6-2898-9f8d-4a74e3c39558/uuid +rule action='accept' direction='out' priority='500' +icmp/ +/rule +!-- drop all other traffic -- +rule action='drop' direction='inout' priority='600' +all/ +/rule +/filter Index:
[libvirt] Domain not stable while created...
Hello, I am using Scientific Linux 5.4 and xen. I want to deploy a sample ttyimage by creating a domain using virsh create. My configuration file is : - ?xml version=1.0 encoding=utf-8? domain type='xen' namettyimage/name os typelinux/type kernel/boot/vmlinuz-2.6.18-164.2.1.el5xen/kernel /os memory65536/memory vcpu1/vcpu on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot on_crashdestroy/on_crash devices graphics type='vnc' port='5900'/ disk type='file' source file='/usr/local/ttylinux-xen-libvirt/ttylinux-xen.img' / target dev='sda' / /disk interface type='bridge' source bridge='virbr0' / mac address='00:1d:60:ec:ae:1c' / target dev='testnimb-0' / /interface /devices /domain --- when I use virsh -c xen:/// create libvirt-ttylinux.xml to create a domain, the domain is crated and i can view the image (in paused mode) using the virt-manager. and when I resume the image it ,disappears (domain gets destroyed) after nearly 10 seconds. Further when I use vncviewer localhost::5900 when the image is running (during the 10 sec) ,i can view the console. But it closes once the domain is destroyed. Can someone explain why the image is not stable??? how can I make the domain to be stable Thanks in advance The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list