[libvirt] [libvirt-test-API][PATCH 2/2] Add four helpful functions in utils.py.
* get_local_hostname() get hostname on local machine * exec_cmd() execute shell command * remote_exec_pexpect() execture command on remote host * scp_file() copy file to remote host --- utils/Python/utils.py | 69 + 1 files changed, 69 insertions(+), 0 deletions(-) diff --git a/utils/Python/utils.py b/utils/Python/utils.py index eaa8eab..6787e87 100644 --- a/utils/Python/utils.py +++ b/utils/Python/utils.py @@ -26,6 +26,9 @@ import commands import socket import fcntl import struct +import pexpect +import string +import subprocess from xml.dom import minidom class Utils(object): @@ -58,6 +61,10 @@ class Utils(object): arch = ret.split( )[-2] return arch +def get_local_hostname(self): + get local host name +return socket.gethostname() + def get_libvirt_version(self, ver = ''): ver = commands.getoutput(rpm -q libvirt|head -1) if ver.split('-')[0] == 'libvirt': @@ -364,3 +371,65 @@ class Utils(object): (ret, out) = commands.getstatusoutput(cmd) return ret +def exec_cmd(self, command, sudo=False, cwd=None, infile=None, outfile=None, shell=False, data=None): + +Executes an external command, optionally via sudo. + +if sudo: +if type(command) == type(): +command = sudo + command +else: +command = [sudo] + command +if infile == None: +infile = subprocess.PIPE +if outfile == None: +outfile = subprocess.PIPE +p = subprocess.Popen(command, shell=shell, close_fds=True, cwd=cwd, +stdin=infile, stdout=outfile, stderr=subprocess.PIPE) +(out, err) = p.communicate(data) +if out == None: +# Prevent splitlines() from barfing later on +out = +return (p.returncode, out.splitlines()) + +def remote_exec_pexpect(self, hostname, username, password, cmd): + Remote exec function via pexpect +user_hostname = %s@%s % (username, hostname) +child = pexpect.spawn(/usr/bin/ssh, [user_hostname, cmd], + timeout = 60, maxread = 2000, logfile = None) +while True: +index = child.expect(['(yes\/no)', 'password:', pexpect.EOF, + pexpect.TIMEOUT]) +if index == 0: +child.sendline(yes) +elif index == 1: +child.sendline(password) +elif index == 2: +child.close() +return 0 +elif index == 3: +child.close() +return 1 + +return 0 + +def scp_file(self, hostname, username, password, target_path, file): + Scp file to remote host +user_hostname = %s@%s:%s % (username, hostname, target_path) +child = pexpect.spawn(/usr/bin/scp, [file, user_hostname]) +while True: +index = child.expect(['yes\/no', 'password: ', + pexpect.EOF, + pexpect.TIMEOUT]) +if index == 0: +child.sendline(yes) +elif index == 1: +child.sendline(password) +elif index == 2: +child.close() +return 0 +elif index == 3: +child.close() +return 1 + +return 0 -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [libvirt-test-API][PATCH 1/2] add remoteAccess directory and tls authentication testcase
--- repos/remoteAccess/tls_setup.py | 374 +++ 1 files changed, 374 insertions(+), 0 deletions(-) create mode 100644 repos/remoteAccess/__init__.py create mode 100644 repos/remoteAccess/tls_setup.py diff --git a/repos/remoteAccess/__init__.py b/repos/remoteAccess/__init__.py new file mode 100644 index 000..e69de29 diff --git a/repos/remoteAccess/tls_setup.py b/repos/remoteAccess/tls_setup.py new file mode 100644 index 000..f703ee3 --- /dev/null +++ b/repos/remoteAccess/tls_setup.py @@ -0,0 +1,374 @@ +#!/usr/bin/env python + Setup tls authentication between two hosts and configure libvirt +to use it for connection. +remoteAccess:tls_setup +target_machine +xx.xx.xx.xx +username +root +password +xx + + +__author__ = 'Guannan Ren: g...@redhat.com' +__date__ = 'Mon July 25, 2011' +__version__ = '0.1.0' +__credits__ = 'Copyright (C) 2011 Red Hat, Inc.' +__all__ = ['usage'] + +import os +import re +import sys +import pexpect +import string +import commands +import shutil + +def append_path(path): +Append root path of package +if path in sys.path: +pass +else: +sys.path.append(path) + +pwd = os.getcwd() +result = re.search('(.*)libvirt-test-API', pwd) +append_path(result.group(0)) + +from lib import connectAPI +from utils.Python import utils +from exception import LibvirtAPI + +CERTTOOL = /usr/bin/certtool +CP = /bin/cp +MKDIR = /bin/mkdir +CA_FOLDER = /etc/pki/CA +PRIVATE_KEY_FOLDER = /etc/pki/libvirt/private +CERTIFICATE_FOLDER = /etc/pki/libvirt + +TEMP_TLS_FOLDER = /tmp/libvirt_test_API_tls +CAKEY = os.path.join(TEMP_TLS_FOLDER, 'cakey.pem') +CACERT = os.path.join(TEMP_TLS_FOLDER, 'cacert.pem') +SERVERKEY = os.path.join(TEMP_TLS_FOLDER, 'serverkey.pem') +SERVERCERT = os.path.join(TEMP_TLS_FOLDER, 'servercert.pem') +CLIENTKEY = os.path.join(TEMP_TLS_FOLDER, 'clientkey.pem') +CLIENTCERT = os.path.join(TEMP_TLS_FOLDER, 'clientcert.pem') + +def check_params(params): +check out the arguments requried for migration +logger = params['logger'] +keys = ['target_machine', 'username', 'password'] +for key in keys: +if key not in params: +logger.error(Argument %s is required % key) +return 1 +return 0 + +def CA_setting_up(util, logger): + setting up a Certificate Authority +# Create a private key for CA +logger.info(generate CA certificates) + +cakey_fd = open(CAKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=cakey_fd) +cakey_fd.close() +if ret != 0: +logger.error(failed to create CA private key) +return 1 + + +# ca.info file +cainfo = os.path.join(TEMP_TLS_FOLDER, 'ca.info') +cainfo_fd = open(cainfo, 'w') +cainfo_str = cn = Libvirt_test_API\n + \ + ca\n + \ + cert_signing_key\n + +cainfo_fd.write(cainfo_str) +cainfo_fd.close() + +# Generate cacert.pem +cacert_args = [CERTTOOL, '--generate-self-signed', '--load-privkey', CAKEY, '--template', cainfo] +cacert_fd = open(CACERT, 'w') +ret, out = util.exec_cmd(cacert_args, outfile=cacert_fd) +cacert_fd.close() +if ret != 0: +logger.error(failed to create cacert.pem) +return 1 + +logger.info(done the CA certificates job) +return 0 + +def tls_server_cert(target_machine, util, logger): + generating server certificates +# Create tls server key +logger.info(generate server certificates) + +serverkey_fd = open(SERVERKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=serverkey_fd) +serverkey_fd.close() +if ret != 0: +logger.error(failed to create server key) +return 1 + +# server.info +serverinfo = os.path.join(TEMP_TLS_FOLDER, 'server.info') +serverinfo_fd = open(serverinfo, 'w') +serverinfo_str = organization = Libvirt_test_API\n + \ + cn = %s\n % target_machine+ \ + tls_www_server\n + \ + encryption_key\n + \ + signing_key\n + +serverinfo_fd.write(serverinfo_str) +serverinfo_fd.close() + +# Generate servercert.pem +servercert_args = [CERTTOOL, + '--generate-certificate', + '--load-privkey', SERVERKEY, + '--load-ca-certificate', CACERT, + '--load-ca-privkey', CAKEY, + '--template', serverinfo + ] +servercert_fd = open(SERVERCERT, 'w') +ret, out = util.exec_cmd(servercert_args, outfile=servercert_fd) +servercert_fd.close() +if ret != 0: +logger.error(failed to create servercert.pem) +return 1 + +logger.info(done the server certificates job) +return 0 + +def tls_client_cert(local_machine, util,
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On 07/26/2011 07:10 PM, Eric Blake wrote: On 07/26/2011 08:50 AM, Laine Stump wrote: I think it is a somewhat overkill to have 'autoport' be a setting per-listen element. I can't imagine people want a fixed port number on one IP addr, but a dynamic port number on another IP addr. So we could just keep that on the top level element. Although I agree with you for config purposes, it looks to me like the real use of autoport is that in the live XML it allows differentiating between ports that were manually specified and those that were automatically allocated (really, that seems like its main purpose, since simply not giving a port also implies autoport). If we have only a single autoport attribute for all the listens, we'll have to put in extra code that makes sure if they specify port for one listen, they do it for all of them. Is it that hard to add that additional validation? Anything can be done, given enough time to think, code, and test all the corner cases. I don't see where the gain is in this case, though. I see autoport more as an attribute that's useful when examining live XML than as something useful to set in the config. Having a separate autoport for each port is then not overkill, but just natural. Trying to use a single autoport to indicate whether all of a set of ports were generated automatically or were manually configured is what's overkill - you're going to a lot of trouble to enforce an unnatural restriction for no practical gain. Maybe the best thing is to only allow autoport in listen when (flags INACTIVE) is false (live XML). This would mean that, as far as config was concerned, listen would *never* have any autoport in it (which would be fine with me); it would however still be in the data structure, and still output in live XML. Regardless of that answer, and whether this requires a v4, I'll go ahead and review v3 code as if we decide that autoport-per-listen is acceptable. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-test-API][PATCH 1/2] add remoteAccess directory and tls authentication testcase
? 2011?07?27? 14:58, Guannan Ren ??: --- repos/remoteAccess/tls_setup.py | 374 +++ 1 files changed, 374 insertions(+), 0 deletions(-) create mode 100644 repos/remoteAccess/__init__.py create mode 100644 repos/remoteAccess/tls_setup.py diff --git a/repos/remoteAccess/__init__.py b/repos/remoteAccess/__init__.py new file mode 100644 index 000..e69de29 diff --git a/repos/remoteAccess/tls_setup.py b/repos/remoteAccess/tls_setup.py new file mode 100644 index 000..f703ee3 --- /dev/null +++ b/repos/remoteAccess/tls_setup.py @@ -0,0 +1,374 @@ +#!/usr/bin/env python + Setup tls authentication between two hosts and configure libvirt +to use it for connection. +remoteAccess:tls_setup +target_machine +xx.xx.xx.xx +username +root +password +xx + + +__author__ = 'Guannan Ren: g...@redhat.com' +__date__ = 'Mon July 25, 2011' +__version__ = '0.1.0' +__credits__ = 'Copyright (C) 2011 Red Hat, Inc.' +__all__ = ['usage'] + +import os +import re +import sys +import pexpect +import string +import commands +import shutil + +def append_path(path): +Append root path of package +if path in sys.path: +pass +else: +sys.path.append(path) + +pwd = os.getcwd() +result = re.search('(.*)libvirt-test-API', pwd) +append_path(result.group(0)) + +from lib import connectAPI +from utils.Python import utils +from exception import LibvirtAPI + +CERTTOOL = /usr/bin/certtool +CP = /bin/cp +MKDIR = /bin/mkdir +CA_FOLDER = /etc/pki/CA +PRIVATE_KEY_FOLDER = /etc/pki/libvirt/private +CERTIFICATE_FOLDER = /etc/pki/libvirt Hardcode these paths might not be good idea, there is new parameter for libvirt connection URI to define where the keys and CA locates. See http://libvirt.org/remote.html[pkipath] http://libvirt.org/remote.html + +TEMP_TLS_FOLDER = /tmp/libvirt_test_API_tls +CAKEY = os.path.join(TEMP_TLS_FOLDER, 'cakey.pem') +CACERT = os.path.join(TEMP_TLS_FOLDER, 'cacert.pem') +SERVERKEY = os.path.join(TEMP_TLS_FOLDER, 'serverkey.pem') +SERVERCERT = os.path.join(TEMP_TLS_FOLDER, 'servercert.pem') +CLIENTKEY = os.path.join(TEMP_TLS_FOLDER, 'clientkey.pem') +CLIENTCERT = os.path.join(TEMP_TLS_FOLDER, 'clientcert.pem') + +def check_params(params): +check out the arguments requried for migration +logger = params['logger'] +keys = ['target_machine', 'username', 'password'] +for key in keys: +if key not in params: +logger.error(Argument %s is required % key) +return 1 +return 0 + +def CA_setting_up(util, logger): + setting up a Certificate Authority +# Create a private key for CA +logger.info(generate CA certificates) + +cakey_fd = open(CAKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=cakey_fd) +cakey_fd.close() +if ret != 0: +logger.error(failed to create CA private key) +return 1 + + +# ca.info file +cainfo = os.path.join(TEMP_TLS_FOLDER, 'ca.info') +cainfo_fd = open(cainfo, 'w') +cainfo_str = cn = Libvirt_test_API\n + \ + ca\n + \ + cert_signing_key\n + +cainfo_fd.write(cainfo_str) +cainfo_fd.close() + +# Generate cacert.pem +cacert_args = [CERTTOOL, '--generate-self-signed', '--load-privkey', CAKEY, '--template', cainfo] +cacert_fd = open(CACERT, 'w') +ret, out = util.exec_cmd(cacert_args, outfile=cacert_fd) +cacert_fd.close() +if ret != 0: +logger.error(failed to create cacert.pem) +return 1 + +logger.info(done the CA certificates job) +return 0 + +def tls_server_cert(target_machine, util, logger): + generating server certificates +# Create tls server key +logger.info(generate server certificates) + +serverkey_fd = open(SERVERKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=serverkey_fd) +serverkey_fd.close() +if ret != 0: +logger.error(failed to create server key) +return 1 + +# server.info +serverinfo = os.path.join(TEMP_TLS_FOLDER, 'server.info') +serverinfo_fd = open(serverinfo, 'w') +serverinfo_str = organization = Libvirt_test_API\n + \ + cn = %s\n % target_machine+ \ + tls_www_server\n + \ + encryption_key\n + \ + signing_key\n + +serverinfo_fd.write(serverinfo_str) +serverinfo_fd.close() + +# Generate servercert.pem +servercert_args = [CERTTOOL, + '--generate-certificate', + '--load-privkey', SERVERKEY, + '--load-ca-certificate', CACERT, + '--load-ca-privkey', CAKEY, + '--template', serverinfo + ] +servercert_fd = open(SERVERCERT, 'w') +ret, out =
Re: [libvirt] [PATCH ] send-key: Implement Python API
At 07/26/2011 06:26 PM, Daniel P. Berrange Write: On Thu, Jul 21, 2011 at 05:21:10PM +0800, Lai Jiangshan wrote: Signed-off-by: Lai Jiangshan la...@cn.fujitsu.com --- diff --git a/python/libvirt-override.c b/python/libvirt-override.c index b713b6a..1ef5bfa 100644 --- a/python/libvirt-override.c +++ b/python/libvirt-override.c @@ -3789,6 +3789,53 @@ libvirt_virStreamSend(PyObject *self ATTRIBUTE_UNUSED, return py_retval; } +static PyObject * +libvirt_virDomainSendKey(PyObject *self ATTRIBUTE_UNUSED, + PyObject *args) +{ +PyObject *py_retval; +virDomainPtr domain; +PyObject *pyobj_domain; +PyObject *pyobj_list; +int codeset; +int holdtime; +unsigned int flags; +int ret; +int i; +unsigned int keycodes[VIR_DOMAIN_SEND_KEY_MAX_KEYS]; +unsigned int nkeycodes; + +if (!PyArg_ParseTuple(args, (char *)OiiOii:virDomainSendKey, + pyobj_domain, codeset, holdtime, pyobj_list, + nkeycodes, flags)) { +DEBUG(%s failed to parse tuple\n, __FUNCTION__); +return VIR_PY_INT_FAIL; +} +domain = (virDomainPtr) PyvirDomain_Get(pyobj_domain); + +if (!PyList_Check(pyobj_list)) { +return VIR_PY_INT_FAIL; +} + +if (nkeycodes != PyList_Size(pyobj_list) || +nkeycodes VIR_DOMAIN_SEND_KEY_MAX_KEYS) { +return VIR_PY_INT_FAIL; +} + +for (i = 0; i nkeycodes; i++) { +keycodes[i] = (int)PyInt_AsLong(PyList_GetItem(pyobj_list, i)); +} + +LIBVIRT_BEGIN_ALLOW_THREADS; +ret = virDomainSendKey(domain, codeset, holdtime, keycodes, nkeycodes, flags); +LIBVIRT_END_ALLOW_THREADS; + +DEBUG(virDomainSendKey ret=%d\n, ret); + +py_retval = libvirt_intWrap(ret); +return py_retval; +} + / * * * The registration stuff * @@ -3872,6 +3919,7 @@ static PyMethodDef libvirtMethods[] = { {(char *) virDomainGetJobInfo, libvirt_virDomainGetJobInfo, METH_VARARGS, NULL}, {(char *) virDomainSnapshotListNames, libvirt_virDomainSnapshotListNames, METH_VARARGS, NULL}, {(char *) virDomainRevertToSnapshot, libvirt_virDomainRevertToSnapshot, METH_VARARGS, NULL}, +{(char *) virDomainSendKey, libvirt_virDomainSendKey, METH_VARARGS, NULL}, {NULL, NULL, 0, NULL} }; ACK I read the other patch about implementing Python API, and find that the file python/libvirt-override-api.xml is updated in the other patch. But it is not updated in this patch. Is there no need to update this file here? Thanks Wen Congyang Daniel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-test-API][PATCH 2/2] Add four helpful functions in utils.py.
ACK Thanks! Best Regards! Wayne Sun Redhat QE, Beijing, China +86-10-6260-8238 - Original Message - From: Guannan Ren g...@redhat.com To: libvir-list@redhat.com Sent: Wednesday, July 27, 2011 2:58:33 PM Subject: [libvirt] [libvirt-test-API][PATCH 2/2] Add four helpful functions in utils.py. * get_local_hostname() get hostname on local machine * exec_cmd() execute shell command * remote_exec_pexpect() execture command on remote host * scp_file() copy file to remote host --- utils/Python/utils.py | 69 + 1 files changed, 69 insertions(+), 0 deletions(-) diff --git a/utils/Python/utils.py b/utils/Python/utils.py index eaa8eab..6787e87 100644 --- a/utils/Python/utils.py +++ b/utils/Python/utils.py @@ -26,6 +26,9 @@ import commands import socket import fcntl import struct +import pexpect +import string +import subprocess from xml.dom import minidom class Utils(object): @@ -58,6 +61,10 @@ class Utils(object): arch = ret.split( )[-2] return arch +def get_local_hostname(self): + get local host name +return socket.gethostname() + def get_libvirt_version(self, ver = ''): ver = commands.getoutput(rpm -q libvirt|head -1) if ver.split('-')[0] == 'libvirt': @@ -364,3 +371,65 @@ class Utils(object): (ret, out) = commands.getstatusoutput(cmd) return ret +def exec_cmd(self, command, sudo=False, cwd=None, infile=None, outfile=None, shell=False, data=None): + +Executes an external command, optionally via sudo. + +if sudo: +if type(command) == type(): +command = sudo + command +else: +command = [sudo] + command +if infile == None: +infile = subprocess.PIPE +if outfile == None: +outfile = subprocess.PIPE +p = subprocess.Popen(command, shell=shell, close_fds=True, cwd=cwd, +stdin=infile, stdout=outfile, stderr=subprocess.PIPE) +(out, err) = p.communicate(data) +if out == None: +# Prevent splitlines() from barfing later on +out = +return (p.returncode, out.splitlines()) + +def remote_exec_pexpect(self, hostname, username, password, cmd): + Remote exec function via pexpect +user_hostname = %s@%s % (username, hostname) +child = pexpect.spawn(/usr/bin/ssh, [user_hostname, cmd], + timeout = 60, maxread = 2000, logfile = None) +while True: +index = child.expect(['(yes\/no)', 'password:', pexpect.EOF, + pexpect.TIMEOUT]) +if index == 0: +child.sendline(yes) +elif index == 1: +child.sendline(password) +elif index == 2: +child.close() +return 0 +elif index == 3: +child.close() +return 1 + +return 0 + +def scp_file(self, hostname, username, password, target_path, file): + Scp file to remote host +user_hostname = %s@%s:%s % (username, hostname, target_path) +child = pexpect.spawn(/usr/bin/scp, [file, user_hostname]) +while True: +index = child.expect(['yes\/no', 'password: ', + pexpect.EOF, + pexpect.TIMEOUT]) +if index == 0: +child.sendline(yes) +elif index == 1: +child.sendline(password) +elif index == 2: +child.close() +return 0 +elif index == 3: +child.close() +return 1 + +return 0 -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Fix for newer yajl
Hi, I just notices that compiling libvirt against yail version 2 there were some errors, mainly because yajl_parser_config is no longer used. The patch below fixed this for me. Regards Brecht Sanders --- src/util/json.c 2011-03-24 08:10:26 +0100 +++ src/util/json.c 2011-07-27 09:29:52 +0200 @@ -34,2 +34,3 @@ # include yajl/yajl_parse.h +# include yajl/yajl_version.h #endif @@ -896,3 +897,5 @@ { +#if YAJL_MAJOR 2 yajl_parser_config cfg = { 1, 1 }; +#endif yajl_handle hand; @@ -903,3 +906,7 @@ +#if YAJL_MAJOR 2 hand = yajl_alloc(parserCallbacks, cfg, NULL, parser); +#else +hand = yajl_alloc(parserCallbacks, NULL, parser); +#endif @@ -1004,3 +1011,5 @@ { +#if YAJL_MAJOR 2 yajl_gen_config conf = { 0, }; /* Turns off pretty printing since QEMUcan't cope */ +#endif yajl_gen g; @@ -1012,3 +1021,7 @@ +#if YAJL_MAJOR 2 g = yajl_gen_alloc(conf, NULL); +#else +g = yajl_gen_alloc(NULL); +#endif -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On 07/26/2011 08:09 PM, Eric Blake wrote: On 07/25/2011 03:00 AM, Laine Stump wrote: Once it's plugged in, thelisten element will be an optional replacement for the listen, port, tlsPort, and autoport attributes that graphics elements already have. If thelisten type='address', it will have an attribute called 'address' which will contain an IP address or dns name that the guest's display server should listen on. If, however, type='network', thelisten element should have an attribute called 'network' that will be set to the name of a network configuration to get the IP address from. 91 files changed, 1274 insertions(+), 343 deletions(-) Big diff, but like you said mostly mechanical. @@ -2110,6 +2116,70 @@ qemu-kvm -net nic,model=? /dev/null /dd /dl +p + Rather than putting the information used to setup the listening setup is a noun, but here you want a verb form: s/setup/set up/ +dtcodeautoport/code/dt +ddIf set to 'yes', a listen port will be determined +automatically at runtime, and reflected in the domain's live +XML. +/dd May need tweaks depending on the decision on where autoport should live. @@ -1500,6 +1503,49 @@ /choice /element /define + +define name=listenElements +zeroOrMore +element name=listen +optional +attribute name=type +choice +valueaddress/value +valuenetwork/value /me curses thunderbird for squashing whitespace in my reply I'm not sure this is right. I think we want to require either type=address (which implies address=nnn must also be present, and network=nnn must not be present) or type=network (which implies that network=nnn must be present, and address=nnn might show up in live XML dumpxml output to show what was resolved, but is ignored in input parsing. Also, autoport=yes and port=nnn should be a forbidden combination. Actually it's not forbidden, that's really the only practical use I can see for the autoport attribute - in live XML autoport='yes' port='nnn' is used to indicate that the port was auto-generated and this time 'nnn' was used. (and not that it's any indication of what is right or wrong, but the current RNG file allows it). (Personally, I would prefer if the currently in-use port was stored in a separate attribute, and autoport simply didn't exist. But That is, I think this should be as follows (assuming we keep autoport in listen, further changes if autoport is global only): I think if we made autoport a single setting global to all instances of listen, and tried to prevent simultaneous (global) autoport and (local to one listen) port, the RNG would be quite unwieldy. (you would have to have a listenElementsPort and a listenElementsAutoport, and the graphics RNG would put the two of them in a choice depending on the setting of autoport) define name=listenElements zeroOrMore element name=listen choice group attribute name=type valueaddress/value /attribute attribute name=address ref name=addrIPorName/ /attribute /group group attribute name=type valuenetwork/value /attribute attribute name=network text/ /attribute optional attribute name=address ref name=addrIPorName/ /attribute /optional /group /choice choice attribute name=autoport valueyes/value /attribute group optional attribute name=autoport valueno/value /attribute /optional optional attribute name=port ref name=PortNumber/ /attribute /optional optional attribute name=tlsPort ref name=PortNumber/ /attribute /optional /group /choice /element +/zeroOrMore +/define Two spaces too much indentation on /define (not like it shows up any better in my nitpick, though). @@ -4010,19 +4029,118 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node, return 0; } +static int +virDomainGraphicsListenParseXML(virDomainGraphicsListenDefPtr def, +xmlNodePtr node, +enum virDomainGraphicsType graphicsType, +unsigned int flags) +{ +int ret = -1; +char *type = virXMLPropString(node, type); +char *address = virXMLPropString(node, address); +char *network = virXMLPropString(node, network); +char *port = virXMLPropString(node, port); +char *tlsPort = virXMLPropString(node, tlsPort); +char *autoport = virXMLPropString(node, autoport); + +if (type (def-type = virDomainGraphicsListenTypeFromString(type)) 0) { +virDomainReportError(VIR_ERR_XML_ERROR, + _(unknown graphics listen type '%s'), type); +goto error; +} Shouldn't this fail if type is not found? That is, I think type is a mandatory attribute (must be address or network). No. It's also possible that no address/network information is given (in which case type would be default, which ends up as just no type showing up at all). In that case, the qemu driver has default listen addresses for VNC and for Spice. So it's completely valid to give a port, but no address. + +if (address
Re: [libvirt] Fix for newer yajl
On Wed, Jul 27, 2011 at 09:40:47AM +0200, Brecht Sanders wrote: Hi, I just notices that compiling libvirt against yail version 2 there were some errors, mainly because yajl_parser_config is no longer used. What version of libvirt is your patch against ? The latest releases already have fixed compatibility with YAJL 2, so I'm assuming you have an old release ? Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: support warnings on RHEL 5
On Tue, Jul 26, 2011 at 02:25:40PM -0600, Eric Blake wrote: Without this, a configure built by autoconf 2.59 was broken when trying to detect which compiler warning flags were supported. * .gnulib: Update to latest, for warnings.m4 fix. * src/qemu/qemu_conf.c (includes): Drop unused include. * src/uml/uml_conf.c (include): Likewise. Reported by Daniel P. Berrange. ACK Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
Am 26.07.2011 18:57, schrieb Corey Bryant: Kevin, thanks for the input. On 07/26/2011 11:18 AM, Kevin Wolf wrote: Am 26.07.2011 14:51, schrieb Corey Bryant: sVirt provides SELinux MAC isolation for Qemu guest processes and their corresponding resources (image files). sVirt provides this support by labeling guests and resources with security labels that are stored in file system extended attributes. Some file systems, such as NFS, do not support the extended attribute security namespace, which is needed for image file isolation when using the sVirt SELinux security driver in libvirt. The proposed solution entails a combination of Qemu, libvirt, and SELinux patches that work together to isolate multiple guests' images when they're stored in the same NFS mount. This results in an environment where sVirt isolation and NFS image file isolation can both be provided. This patch contains the Qemu code to support this solution. I would like to solicit input from the libvirt community prior to starting the libvirt patch. Currently, Qemu opens an image file in addition to performing the necessary read and write operations. The proposed solution will move the open out of Qemu and into libvirt. Once libvirt opens an image file for the guest, it will pass the file descriptor to Qemu via a new fd: protocol. If the image file resides in an NFS mount, the following SELinux policy changes will provide image isolation: - A new SELinux boolean is created (e.g. virt_read_write_nfs) to allow Qemu (svirt_t) to only have SELinux read and write permissions on nfs_t files - Qemu (svirt_t) also gets SELinux use permissions on libvirt (virtd_t) file descriptors Following is a sample invocation of Qemu using the fd: protocol on the command line: qemu -drive file=fd:4,format=qcow2 The fd: protocol is also supported by the drive_add monitor command. This requires that the specified file descriptor is passed to the monitor alongside a prior getfd monitor command. There are some additional features provided by certain image types where Qemu reopens the image file. All of these scenarios will be unsupported for the fd: protocol, at least for this patch: - The -snapshot command line option - The savevm monitor command - The snapshot_blkdev monitor command - Use of copy-on-write image files - The -cdrom command line option - The -drive command line option with media=cdrom - The change monitor command The thought is that this support can be added in the future, but is not required for the initial fd: support. This patch was tested with the following formats: raw, cow, qcow, qcow2, qed, and vmdk, using the fd: protocol from the command line and the monitor. Tests were also run to verify existing file name support and qemu-img were not regressed. Non-valid file descriptors, fd: without format, snapshot and backing files, and cdrom were also tested. v2: - Add drive_add monitor command support - Fence off unsupported features that re-open image file v3: - Fence off cdrom and change monitor command support Signed-off-by: Corey Bryantcor...@linux.vnet.ibm.com --- block.c | 16 ++ block.h |1 + block/cow.c |5 +++ block/qcow.c |5 +++ block/qcow2.c |5 +++ block/qed.c |4 ++ block/raw-posix.c | 81 +++-- block/vmdk.c |5 +++ block_int.h |1 + blockdev.c| 19 monitor.c |5 +++ monitor.h |1 + qemu-options.hx |8 +++-- qemu-tool.c |5 +++ 14 files changed, 149 insertions(+), 12 deletions(-) diff --git a/block.c b/block.c index 24a25d5..500db84 100644 --- a/block.c +++ b/block.c @@ -536,6 +536,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags, char tmp_filename[PATH_MAX]; char backing_filename[PATH_MAX]; +if (bdrv_is_fd_protocol(bs)) { +return -ENOTSUP; +} Hm, shouldn't that just work even with fd? My thought was that the proposed SELinux changes would prevent the open of the temporary backing file if the file corresponding to fd resides on NFS. But perhaps the backing file is not opened on NFS? Depends on how broken your SELinux restrictions are. ;-) I would argue that allowing qemu to create temporary files is a reasonable thing to do. Maybe libvirt comes to a different conclusion, but that doesn't mean that every other management tool comes to the same. Also, as Alex already said, you shouldn't think of your use case as the only valid use case. What a fd driver implementation is about is just working with an fd for images. If libvirts puts more restrictions on it, that's fine, but don't force other users
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
On Wed, Jul 27, 2011 at 10:11:06AM +0200, Kevin Wolf wrote: Am 26.07.2011 18:57, schrieb Corey Bryant: diff --git a/block/cow.c b/block/cow.c index 4cf543c..e17f8e7 100644 --- a/block/cow.c +++ b/block/cow.c @@ -82,6 +82,11 @@ static int cow_open(BlockDriverState *bs, int flags) pstrcpy(bs-backing_file, sizeof(bs-backing_file), cow_header.backing_file); +if (bs-backing_file[0] != '\0' bdrv_is_fd_protocol(bs)) { +/* backing file currently not supported by fd: protocol */ +goto fail; +} I don't think these checks are strictly needed. Without the check you can open the image itself using an fd, and the backing file using good old raw-posix. We shouldn't decide for our users that this isn't useful. In any case, it would have to move into block.c, you can't modify independent drivers for this. I understand the point on not modifying independent drivers. But if the backing file resides on NFS, wouldn't the the proposed SELinux changes prevent the open? Probably. But what about cases where the backing file is local? Or even a non-libvirt, non-SELinux use case? Or are you talking about support where libvirt opens the backing file and passes the fd to Qemu? If so there was some discussion about future support for this here: http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg01496.html Not really, but implementing this will be a bit easier if you don't forbid using backing files with fd. In any case, for 'fd:' to be actually used by libvirt, we need to have backing files supported. There are major users of libvirt who rely on NFS and also use backing files, so an 'fd:' impl which can't deal with the backing file problem isn't much use to libvirt. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Fix for newer yajl
Hi, I just notices that compiling libvirt against yail version 2 there were some errors, mainly because yajl_parser_config is no longer used. What version of libvirt is your patch against ? The latest releases already have fixed compatibility with YAJL 2, so I'm assuming you have an old release ? Regards, Daniel Hmm, you're right. My bad. I forgot I was compiling 0.9.0 because I had other issues compiling later versions under MinGW/MSYS on Windows. In case you were not aware of this I'm including the end of my 0.9.3 output below. libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I../gnulib/lib -I../gnulib/lib -I../include -I../src/util -I../include -DIN_LIBVIRT -I/custombuilt32/include/libxml2 -Wall -W -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wno-missing-field-initializers -Wno-sign-compare -Wjump-misses-init -Wframe-larger-than=4096 -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time -Drestrict=__restrict -DWSAAPI -Dsiginfo_t=int -MT libvirt_net_rpc_server_la-virnetserver.lo -MD -MP -MF .deps/libvirt_net_rpc_server_la-virnetserver.Tpo -c rpc/virnetserver.c -DDLL_EXPORT -DPIC -o .libs/libvirt_net_rpc_server_la-virnetserver.o rpc/virnetserver.c: In function 'virNetServerSignalHandler': rpc/virnetserver.c:392:12: error: request for member 'si_signo' in something not a structure or union rpc/virnetserver.c: In function 'virNetServerSignalEvent': rpc/virnetserver.c:423:20: error: request for member 'si_signo' in something not a structure or union rpc/virnetserver.c:432:5: error: request for member 'si_signo' in something not a structure or union make[3]: *** [libvirt_net_rpc_server_la-virnetserver.lo] Error 1 make[3]: Leaving directory `/home/win32/libvirt-0.9.3/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/win32/libvirt-0.9.3/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/win32/libvirt-0.9.3' make: *** [all] Error 2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] bandwidth: Integrate bandwidth into portgroups
On 26.07.2011 20:04, Laine Stump wrote: diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 031862a..f99294c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8867,8 +8867,7 @@ virDomainNetDefFormat(virBufferPtr buf, virBufferAddLit(buf, /tune\n); } -if (virBandwidthDefFormat(buf, virDomainNetGetActualBandwidth(def), -) 0) +if (virBandwidthDefFormat(buf, def-bandwidth, ) 0) return -1; if (virDomainDeviceInfoFormat(buf,def-info, flags) 0) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0fa26dd..a406100 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -337,6 +337,7 @@ virDomainLoadAllConfigs; virDomainMemballoonModelTypeFromString; virDomainMemballoonModelTypeToString; virDomainNetDefFree; +virDomainNetGetActualBandwidth; virDomainNetGetActualBridgeName; virDomainNetGetActualDirectDev; virDomainNetGetActualDirectMode; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f8fd4ee..35d6b1e 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -132,7 +132,8 @@ qemuPhysIfaceConnect(virDomainDefPtr def, vnet_hdr, def-uuid, virDomainNetGetActualDirectVirtPortProfile(net), res_ifname, -vmop, driver-stateDir, net-bandwidth); +vmop, driver-stateDir, +virDomainNetGetActualBandwidth(net)); if (rc= 0) { virDomainAuditNetDevice(def, net, res_ifname, true); VIR_FREE(net-ifname); @@ -299,7 +300,8 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, } if (tapfd= 0 -virBandwidthEnable(net-bandwidth, net-ifname) 0) { +virBandwidthEnable(virDomainNetGetActualBandwidth(net), + net-ifname) 0) { qemuReportError(VIR_ERR_INTERNAL_ERROR, _(cannot set bandwidth limits on %s), net-ifname); diff --git a/src/util/network.c b/src/util/network.c index 314cabe..6fcdab2 100644 --- a/src/util/network.c +++ b/src/util/network.c @@ -1284,6 +1284,7 @@ virBandwidthCopy(virBandwidthPtr *dest, return -1; } +*dest = NULL; if (!src) { /* nothing to be copied */ return 0; @@ -1305,6 +1306,7 @@ virBandwidthCopy(virBandwidthPtr *dest, if (src-out) { if (VIR_ALLOC((*dest)-out) 0) { virReportOOMError(); +VIR_FREE((*dest)-in); goto cleanup; } Thanks, pushed. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
Am 27.07.2011 10:22, schrieb Daniel P. Berrange: On Wed, Jul 27, 2011 at 10:11:06AM +0200, Kevin Wolf wrote: Am 26.07.2011 18:57, schrieb Corey Bryant: diff --git a/block/cow.c b/block/cow.c index 4cf543c..e17f8e7 100644 --- a/block/cow.c +++ b/block/cow.c @@ -82,6 +82,11 @@ static int cow_open(BlockDriverState *bs, int flags) pstrcpy(bs-backing_file, sizeof(bs-backing_file), cow_header.backing_file); +if (bs-backing_file[0] != '\0' bdrv_is_fd_protocol(bs)) { +/* backing file currently not supported by fd: protocol */ +goto fail; +} I don't think these checks are strictly needed. Without the check you can open the image itself using an fd, and the backing file using good old raw-posix. We shouldn't decide for our users that this isn't useful. In any case, it would have to move into block.c, you can't modify independent drivers for this. I understand the point on not modifying independent drivers. But if the backing file resides on NFS, wouldn't the the proposed SELinux changes prevent the open? Probably. But what about cases where the backing file is local? Or even a non-libvirt, non-SELinux use case? Or are you talking about support where libvirt opens the backing file and passes the fd to Qemu? If so there was some discussion about future support for this here: http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg01496.html Not really, but implementing this will be a bit easier if you don't forbid using backing files with fd. In any case, for 'fd:' to be actually used by libvirt, we need to have backing files supported. There are major users of libvirt who rely on NFS and also use backing files, so an 'fd:' impl which can't deal with the backing file problem isn't much use to libvirt. I'm perfectly aware of that. But seriously, repeating it over and over again isn't going to make it happen any sooner. It requires -blockdev which we may or may not have by 1.0. Kevin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] libvirt-0.9.1 to 0.9.3-r1: managedsave/save won't start/restore at saved state
I'm seeing strange behaviour, here. Any guests saved using both managedsave and save commands from virsh won't restore at saved state. A new full boot sequence happen. - Tested against libvirt v0.9.1, v0.9.2, v0.9.3-r1 (Gentoo) - Confirmed on three different hosts Gentoo amd64 systems. - Tested with gentoo and ubuntu guests. - Nothing relevant in /var/log/libvirt/libvirt.log or /var/log/libvirt/qemu/dom.log The state file /var/lib/libvirt/qemu/save/dom.save exists and is deleted when 'virsh start' is called. The new boot sequence is confirmed by : - VNC console checks - previous screen sessions lost - uptime I've open a bug at https://bugs.gentoo.org/show_bug.cgi?id=376333 but had no answer. Any idea on what could happen or how to inspect it? -- Nicolas Sebrecht -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
On Wed, Jul 27, 2011 at 10:36:25AM +0200, Kevin Wolf wrote: Am 27.07.2011 10:22, schrieb Daniel P. Berrange: On Wed, Jul 27, 2011 at 10:11:06AM +0200, Kevin Wolf wrote: Am 26.07.2011 18:57, schrieb Corey Bryant: diff --git a/block/cow.c b/block/cow.c index 4cf543c..e17f8e7 100644 --- a/block/cow.c +++ b/block/cow.c @@ -82,6 +82,11 @@ static int cow_open(BlockDriverState *bs, int flags) pstrcpy(bs-backing_file, sizeof(bs-backing_file), cow_header.backing_file); +if (bs-backing_file[0] != '\0' bdrv_is_fd_protocol(bs)) { +/* backing file currently not supported by fd: protocol */ +goto fail; +} I don't think these checks are strictly needed. Without the check you can open the image itself using an fd, and the backing file using good old raw-posix. We shouldn't decide for our users that this isn't useful. In any case, it would have to move into block.c, you can't modify independent drivers for this. I understand the point on not modifying independent drivers. But if the backing file resides on NFS, wouldn't the the proposed SELinux changes prevent the open? Probably. But what about cases where the backing file is local? Or even a non-libvirt, non-SELinux use case? Or are you talking about support where libvirt opens the backing file and passes the fd to Qemu? If so there was some discussion about future support for this here: http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg01496.html Not really, but implementing this will be a bit easier if you don't forbid using backing files with fd. In any case, for 'fd:' to be actually used by libvirt, we need to have backing files supported. There are major users of libvirt who rely on NFS and also use backing files, so an 'fd:' impl which can't deal with the backing file problem isn't much use to libvirt. I'm perfectly aware of that. But seriously, repeating it over and over again isn't going to make it happen any sooner. It requires -blockdev which we may or may not have by 1.0. Yes, I understand we need also -blockdev for this. Other messages in this mail thread have impied that this proposed patch on its own is useful for libvirt's requirements, so I just wanted to remind people in general that we can't use this patch on its own until we have something like -blockdev. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [libvirt-test-API][PATCH V2] add remoteAccess directory and tls authentication testcase
--- repos/remoteAccess/tls_setup.py | 386 +++ 1 files changed, 386 insertions(+), 0 deletions(-) create mode 100644 repos/remoteAccess/__init__.py create mode 100644 repos/remoteAccess/tls_setup.py diff --git a/repos/remoteAccess/__init__.py b/repos/remoteAccess/__init__.py new file mode 100644 index 000..e69de29 diff --git a/repos/remoteAccess/tls_setup.py b/repos/remoteAccess/tls_setup.py new file mode 100644 index 000..6d0b27c --- /dev/null +++ b/repos/remoteAccess/tls_setup.py @@ -0,0 +1,386 @@ +#!/usr/bin/env python + Setup tls authentication between two hosts and configure libvirt +to use it for connection. +remoteAccess:tls_setup +target_machine +xx.xx.xx.xx +username +root +password +xx +pkipath(optional) +/tmp/pkipath + + +__author__ = 'Guannan Ren: g...@redhat.com' +__date__ = 'Mon July 25, 2011' +__version__ = '0.1.0' +__credits__ = 'Copyright (C) 2011 Red Hat, Inc.' +__all__ = ['usage'] + +import os +import re +import sys +import pexpect +import string +import commands +import shutil + +def append_path(path): +Append root path of package +if path in sys.path: +pass +else: +sys.path.append(path) + +pwd = os.getcwd() +result = re.search('(.*)libvirt-test-API', pwd) +append_path(result.group(0)) + +from lib import connectAPI +from utils.Python import utils +from exception import LibvirtAPI + +CERTTOOL = /usr/bin/certtool +CP = /bin/cp +MKDIR = /bin/mkdir +CA_FOLDER = /etc/pki/CA +PRIVATE_KEY_FOLDER = /etc/pki/libvirt/private +CERTIFICATE_FOLDER = /etc/pki/libvirt + +TEMP_TLS_FOLDER = /tmp/libvirt_test_API_tls +CAKEY = os.path.join(TEMP_TLS_FOLDER, 'cakey.pem') +CACERT = os.path.join(TEMP_TLS_FOLDER, 'cacert.pem') +SERVERKEY = os.path.join(TEMP_TLS_FOLDER, 'serverkey.pem') +SERVERCERT = os.path.join(TEMP_TLS_FOLDER, 'servercert.pem') +CLIENTKEY = os.path.join(TEMP_TLS_FOLDER, 'clientkey.pem') +CLIENTCERT = os.path.join(TEMP_TLS_FOLDER, 'clientcert.pem') + +def check_params(params): +check out the arguments requried for migration +logger = params['logger'] +keys = ['target_machine', 'username', 'password'] +for key in keys: +if key not in params: +logger.error(Argument %s is required % key) +return 1 +return 0 + +def CA_setting_up(util, logger): + setting up a Certificate Authority +# Create a private key for CA +logger.info(generate CA certificates) + +cakey_fd = open(CAKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=cakey_fd) +cakey_fd.close() +if ret != 0: +logger.error(failed to create CA private key) +return 1 + + +# ca.info file +cainfo = os.path.join(TEMP_TLS_FOLDER, 'ca.info') +cainfo_fd = open(cainfo, 'w') +cainfo_str = cn = Libvirt_test_API\n + \ + ca\n + \ + cert_signing_key\n + +cainfo_fd.write(cainfo_str) +cainfo_fd.close() + +# Generate cacert.pem +cacert_args = [CERTTOOL, '--generate-self-signed', '--load-privkey', CAKEY, '--template', cainfo] +cacert_fd = open(CACERT, 'w') +ret, out = util.exec_cmd(cacert_args, outfile=cacert_fd) +cacert_fd.close() +if ret != 0: +logger.error(failed to create cacert.pem) +return 1 + +logger.info(done the CA certificates job) +return 0 + +def tls_server_cert(target_machine, util, logger): + generating server certificates +# Create tls server key +logger.info(generate server certificates) + +serverkey_fd = open(SERVERKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=serverkey_fd) +serverkey_fd.close() +if ret != 0: +logger.error(failed to create server key) +return 1 + +# server.info +serverinfo = os.path.join(TEMP_TLS_FOLDER, 'server.info') +serverinfo_fd = open(serverinfo, 'w') +serverinfo_str = organization = Libvirt_test_API\n + \ + cn = %s\n % target_machine+ \ + tls_www_server\n + \ + encryption_key\n + \ + signing_key\n + +serverinfo_fd.write(serverinfo_str) +serverinfo_fd.close() + +# Generate servercert.pem +servercert_args = [CERTTOOL, + '--generate-certificate', + '--load-privkey', SERVERKEY, + '--load-ca-certificate', CACERT, + '--load-ca-privkey', CAKEY, + '--template', serverinfo + ] +servercert_fd = open(SERVERCERT, 'w') +ret, out = util.exec_cmd(servercert_args, outfile=servercert_fd) +servercert_fd.close() +if ret != 0: +logger.error(failed to create servercert.pem) +return 1 + +logger.info(done the server certificates job) +
[libvirt] [PATCH] daemon: Unlink unix sockets at daemon shutdown
--- daemon/libvirtd.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 9e044e2..61f5a2d 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1572,6 +1572,12 @@ cleanup: if (pid_file) unlink (pid_file); +if (sock_file sock_file[0] != '@') +unlink(sock_file); + +if (sock_file_ro sock_file_ro[0] != '@') +unlink(sock_file_ro); + VIR_FREE(sock_file); VIR_FREE(sock_file_ro); VIR_FREE(pid_file); -- 1.7.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] daemon: Unlink unix sockets at daemon shutdown
于 2011年07月27日 18:07, Osier Yang 写道: --- daemon/libvirtd.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 9e044e2..61f5a2d 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1572,6 +1572,12 @@ cleanup: if (pid_file) unlink (pid_file); +if (sock_file sock_file[0] != '@') +unlink(sock_file); + +if (sock_file_ro sock_file_ro[0] != '@') +unlink(sock_file_ro); + With this patch, the socket files could be removed successfully. But it looks to me virNetSocketFree already unlink the socket files, it's weired the unix socket files still exists after daemon shutdown. So, this patch might be not quite right. VIR_FREE(sock_file); VIR_FREE(sock_file_ro); VIR_FREE(pid_file); -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] daemon: Unlink unix sockets at daemon shutdown
On Wed, Jul 27, 2011 at 05:34:19PM +0800, Osier Yang wrote: 于 2011年07月27日 18:07, Osier Yang 写道: --- daemon/libvirtd.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 9e044e2..61f5a2d 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1572,6 +1572,12 @@ cleanup: if (pid_file) unlink (pid_file); +if (sock_file sock_file[0] != '@') +unlink(sock_file); + +if (sock_file_ro sock_file_ro[0] != '@') +unlink(sock_file_ro); + NACK to this - cleanup should be done in the RPC classes With this patch, the socket files could be removed successfully. But it looks to me virNetSocketFree already unlink the socket files, it's weired the unix socket files still exists after daemon shutdown. So, this patch might be not quite right. Yes, that suggests that virNetServerFree or something that it calls is not cleaning up properly. It could be a missing free somewhere, or a reference being held open. It might be desirable to add an explicit virNetServerClose() API which closes all sockets unlinks them, separately from virNetServerFree, so we ensure cleanup even in the event of a reference count being leaked Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Fix for newer yajl
On 27/07/2011 10:24, Brecht Sanders wrote: Hi, I just notices that compiling libvirt against yail version 2 there were some errors, mainly because yajl_parser_config is no longer used. What version of libvirt is your patch against ? The latest releases already have fixed compatibility with YAJL 2, so I'm assuming you have an old release ? Regards, Daniel Hmm, you're right. My bad. I forgot I was compiling 0.9.0 because I had other issues compiling later versions under MinGW/MSYS on Windows. In case you were not aware of this I'm including the end of my 0.9.3 output below. Please ignore my previous mail. I just noticed this was caused by -Dsiginfo_t=int which I still had in there to fix older compiles. Removing this works fine. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] daemon: Unlink unix sockets at daemon shutdown
于 2011年07月27日 17:51, Daniel P. Berrange 写道: On Wed, Jul 27, 2011 at 05:34:19PM +0800, Osier Yang wrote: 于 2011年07月27日 18:07, Osier Yang 写道: --- daemon/libvirtd.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 9e044e2..61f5a2d 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1572,6 +1572,12 @@ cleanup: if (pid_file) unlink (pid_file); +if (sock_file sock_file[0] != '@') +unlink(sock_file); + +if (sock_file_ro sock_file_ro[0] != '@') +unlink(sock_file_ro); + NACK to this - cleanup should be done in the RPC classes With this patch, the socket files could be removed successfully. But it looks to me virNetSocketFree already unlink the socket files, it's weired the unix socket files still exists after daemon shutdown. So, this patch might be not quite right. Yes, that suggests that virNetServerFree or something that it calls is not cleaning up properly. It could be a missing free somewhere, or a reference being held open. It looks to me the ref is right from the debug log, (not missed somewehre). It might be desirable to add an explicit virNetServerClose() API which closes all sockets unlinks them, separately from virNetServerFree, so we ensure cleanup even in the event of a reference count being leaked Yes, agree. Daniel -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] RFC: API additions for enhanced snapshot support
On Thu, Jun 16, 2011 at 6:41 AM, Eric Blake ebl...@redhat.com wrote: Right now, libvirt has a snapshot API via virDomainSnapshotCreateXML, but for qemu domains, it only works if all the guest disk images are qcow2, and qemu rather than libvirt does all the work. However, it has a couple of drawbacks: it is inherently tied to domains (there is no way to manage snapshots of storage volumes not tied to a domain, even though libvirt does that for qcow2 images associated with offline qemu domains by using the qemu-img application). And it necessarily operates on all of the images associated with a domain in parallel - if any disk image is not qcow2, the snapshot fails, and there is no way to select a subset of disks to save. However, it works on both active (disk and memory state) and inactive domains (just disk state). Hi Eric, Any updates on your proposed snapshot API enhancements? The use case I am particularly interested in is a backup solution using libvirt snapshot APIs to take consistent backups of guests. The two workflows are reading out full snapshots of disk images (full backup) and reading only those blocks that have changed since the last backup (incremental backup). Incremental backups can be done just like full backups except with an API call to get a dirty blocks list. The client only reads out those dirty blocks from the snapshot. Stefan -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [v2] qemu: Improve docs for virsh dump format
The error in getCompressionType will never be reported, change the errors codes into warning (VIR_WARN(%s, _(foo)); doesn't break syntax-check rule), and also improve the docs in qemu.conf to tell user the truth. --- src/qemu/qemu.conf | 10 -- src/qemu/qemu_driver.c | 15 --- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 145062c..7de6863 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -196,8 +196,14 @@ # saving a domain in order to save disk space; the list above is in descending # order by performance and ascending order by compression ratio. # -# save_image_format is used when you use 'virsh save' at scheduled saving. -# dump_image_format is used when you use 'virsh dump' at emergency crashdump. +# save_image_format is used when you use 'virsh save' at scheduled +# saving, and it is an error if the specified save_image_format is +# not valid, or the according compression program can't be found. +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the according compression program can't be found, this falls +# back to raw compression. # # save_image_format = raw # dump_image_format = raw diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0066c55..e9bd421 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2712,17 +2712,18 @@ getCompressionType(struct qemud_driver *driver) */ if (driver-dumpImageFormat) { compress = qemudSaveCompressionTypeFromString(driver-dumpImageFormat); +/* Use raw as the format if the specified format is not valid, + * or the compress program is not available, + */ if (compress 0) { -qemuReportError(VIR_ERR_OPERATION_FAILED, %s, -_(Invalid dump image format specified in - configuration file, using raw)); +VIR_WARN(%s, _(Invalid dump image format specified in + configuration file, using raw)); return QEMUD_SAVE_FORMAT_RAW; } if (!qemudCompressProgramAvailable(compress)) { -qemuReportError(VIR_ERR_OPERATION_FAILED, -%s, _(Compression program for dump image format -in configuration file isn't available, -using raw)); +VIR_WARN(%s, _(Compression program for dump image format + in configuration file isn't available, + using raw)); return QEMUD_SAVE_FORMAT_RAW; } } -- 1.7.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [libvirt-test-API][PATCH V2] add remoteAccess directory and tls authentication testcase
ACK Thanks! Best Regards! Wayne Sun Redhat QE, Beijing, China +86-10-6260-8238 - Original Message - From: Guannan Ren g...@redhat.com To: libvir-list@redhat.com Sent: Wednesday, July 27, 2011 5:31:10 PM Subject: [libvirt] [libvirt-test-API][PATCH V2] add remoteAccess directory and tls authentication testcase --- repos/remoteAccess/tls_setup.py | 386 +++ 1 files changed, 386 insertions(+), 0 deletions(-) create mode 100644 repos/remoteAccess/__init__.py create mode 100644 repos/remoteAccess/tls_setup.py diff --git a/repos/remoteAccess/__init__.py b/repos/remoteAccess/__init__.py new file mode 100644 index 000..e69de29 diff --git a/repos/remoteAccess/tls_setup.py b/repos/remoteAccess/tls_setup.py new file mode 100644 index 000..6d0b27c --- /dev/null +++ b/repos/remoteAccess/tls_setup.py @@ -0,0 +1,386 @@ +#!/usr/bin/env python + Setup tls authentication between two hosts and configure libvirt +to use it for connection. +remoteAccess:tls_setup +target_machine +xx.xx.xx.xx +username +root +password +xx +pkipath(optional) +/tmp/pkipath + + +__author__ = 'Guannan Ren: g...@redhat.com' +__date__ = 'Mon July 25, 2011' +__version__ = '0.1.0' +__credits__ = 'Copyright (C) 2011 Red Hat, Inc.' +__all__ = ['usage'] + +import os +import re +import sys +import pexpect +import string +import commands +import shutil + +def append_path(path): +Append root path of package +if path in sys.path: +pass +else: +sys.path.append(path) + +pwd = os.getcwd() +result = re.search('(.*)libvirt-test-API', pwd) +append_path(result.group(0)) + +from lib import connectAPI +from utils.Python import utils +from exception import LibvirtAPI + +CERTTOOL = /usr/bin/certtool +CP = /bin/cp +MKDIR = /bin/mkdir +CA_FOLDER = /etc/pki/CA +PRIVATE_KEY_FOLDER = /etc/pki/libvirt/private +CERTIFICATE_FOLDER = /etc/pki/libvirt + +TEMP_TLS_FOLDER = /tmp/libvirt_test_API_tls +CAKEY = os.path.join(TEMP_TLS_FOLDER, 'cakey.pem') +CACERT = os.path.join(TEMP_TLS_FOLDER, 'cacert.pem') +SERVERKEY = os.path.join(TEMP_TLS_FOLDER, 'serverkey.pem') +SERVERCERT = os.path.join(TEMP_TLS_FOLDER, 'servercert.pem') +CLIENTKEY = os.path.join(TEMP_TLS_FOLDER, 'clientkey.pem') +CLIENTCERT = os.path.join(TEMP_TLS_FOLDER, 'clientcert.pem') + +def check_params(params): +check out the arguments requried for migration +logger = params['logger'] +keys = ['target_machine', 'username', 'password'] +for key in keys: +if key not in params: +logger.error(Argument %s is required % key) +return 1 +return 0 + +def CA_setting_up(util, logger): + setting up a Certificate Authority +# Create a private key for CA +logger.info(generate CA certificates) + +cakey_fd = open(CAKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=cakey_fd) +cakey_fd.close() +if ret != 0: +logger.error(failed to create CA private key) +return 1 + + +# ca.info file +cainfo = os.path.join(TEMP_TLS_FOLDER, 'ca.info') +cainfo_fd = open(cainfo, 'w') +cainfo_str = cn = Libvirt_test_API\n + \ + ca\n + \ + cert_signing_key\n + +cainfo_fd.write(cainfo_str) +cainfo_fd.close() + +# Generate cacert.pem +cacert_args = [CERTTOOL, '--generate-self-signed', '--load-privkey', CAKEY, '--template', cainfo] +cacert_fd = open(CACERT, 'w') +ret, out = util.exec_cmd(cacert_args, outfile=cacert_fd) +cacert_fd.close() +if ret != 0: +logger.error(failed to create cacert.pem) +return 1 + +logger.info(done the CA certificates job) +return 0 + +def tls_server_cert(target_machine, util, logger): + generating server certificates +# Create tls server key +logger.info(generate server certificates) + +serverkey_fd = open(SERVERKEY, 'w') +ret, out = util.exec_cmd([CERTTOOL, '--generate-privkey'], outfile=serverkey_fd) +serverkey_fd.close() +if ret != 0: +logger.error(failed to create server key) +return 1 + +# server.info +serverinfo = os.path.join(TEMP_TLS_FOLDER, 'server.info') +serverinfo_fd = open(serverinfo, 'w') +serverinfo_str = organization = Libvirt_test_API\n + \ + cn = %s\n % target_machine+ \ + tls_www_server\n + \ + encryption_key\n + \ + signing_key\n + +serverinfo_fd.write(serverinfo_str) +serverinfo_fd.close() + +# Generate servercert.pem +servercert_args = [CERTTOOL, + '--generate-certificate', + '--load-privkey', SERVERKEY, + '--load-ca-certificate', CACERT, + '--load-ca-privkey', CAKEY, + '--template',
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
On 07/27/2011 04:43 AM, Daniel P. Berrange wrote: On Wed, Jul 27, 2011 at 10:36:25AM +0200, Kevin Wolf wrote: Am 27.07.2011 10:22, schrieb Daniel P. Berrange: On Wed, Jul 27, 2011 at 10:11:06AM +0200, Kevin Wolf wrote: Am 26.07.2011 18:57, schrieb Corey Bryant: diff --git a/block/cow.c b/block/cow.c index 4cf543c..e17f8e7 100644 --- a/block/cow.c +++ b/block/cow.c @@ -82,6 +82,11 @@ static int cow_open(BlockDriverState *bs, int flags) pstrcpy(bs-backing_file, sizeof(bs-backing_file), cow_header.backing_file); +if (bs-backing_file[0] != '\0' bdrv_is_fd_protocol(bs)) { +/* backing file currently not supported by fd: protocol */ +goto fail; +} I don't think these checks are strictly needed. Without the check you can open the image itself using an fd, and the backing file using good old raw-posix. We shouldn't decide for our users that this isn't useful. In any case, it would have to move into block.c, you can't modify independent drivers for this. I understand the point on not modifying independent drivers. But if the backing file resides on NFS, wouldn't the the proposed SELinux changes prevent the open? Probably. But what about cases where the backing file is local? Or even a non-libvirt, non-SELinux use case? Or are you talking about support where libvirt opens the backing file and passes the fd to Qemu? If so there was some discussion about future support for this here: http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg01496.html Not really, but implementing this will be a bit easier if you don't forbid using backing files with fd. In any case, for 'fd:' to be actually used by libvirt, we need to have backing files supported. There are major users of libvirt who rely on NFS and also use backing files, so an 'fd:' impl which can't deal with the backing file problem isn't much use to libvirt. I'm perfectly aware of that. But seriously, repeating it over and over again isn't going to make it happen any sooner. It requires -blockdev which we may or may not have by 1.0. Yes, I understand we need also -blockdev for this. Other messages in this mail thread have impied that this proposed patch on its own is useful for libvirt's requirements, so I just wanted to remind people in general that we can't use this patch on its own until we have something like -blockdev. Regards, Daniel Kevin/Daniel, thanks a lot for your input. In terms of the support that libvirt requires, I just want to make sure all bases are covered. In order for this support to be useful to libvirt, the following are required (sorry if this is repetitive): 1) -blockdev (backing file support) 2) savevm (snapshot support) 3) snapshot_blkdev (snapshot support) 4) 'change' monitor command 5) -cdrom and as far as I know, the status of the above is: 1) Someone is slated to work on this (not me) 2) I need to figure out how to re-open file without an open (me) 3) This will be covered by live snapshots feature (not me) 4) Should just work as is (me) 5) May also just work as is (me) In other words, 1 and 3 will not be implemented by me (except perhaps some re-usable infrastructure). Could you confirm my understanding? Regards, Corey -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/10] Rollback migration when libvirtd restarts
On Tue, Jul 19, 2011 at 02:27:29AM +0200, Jiri Denemark wrote: This is the rest of the original 19 patch series updated with some bugfixes and rebased on current master, which is also available at https://gitorious.org/~jirka/libvirt/jirka-staging/commits/migration-recovery I didn't manage to run this through the libvirt-tck migration test but I did some additional testing with the following combinations of libvirt (current contains this series): I've tested many combinations now with the TCK and it all passes, so an ACK for this series from me. I also tested this with Eric's suggested additions. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Memory leak of the remoteDomainSet* functions
Hello, there Per bug https://bugzilla.redhat.com/show_bug.cgi?id=725322, should we change the remoteDomainSet* functions into skipgen, and fix the leaks like below? (NB, new VIR_FREE statements) static int remoteDomainSetBlkioParameters(virDomainPtr dom, virTypedParameterPtr params, int nparams, unsigned int flags) { int rv = -1; int i; struct private_data *priv = dom-conn-privateData; remote_domain_set_blkio_parameters_args args; remote_domain_set_blkio_parameters_args args; remoteDriverLock(priv); make_nonnull_domain(args.dom, dom); args.flags = flags; if (remoteSerializeTypedParameters(params, nparams, args.params.params_val, args.params.params_len) 0) { for (i = 0; i nparams; i++) { VIR_FREE(args.params.params_val[i].field); } VIR_FREE(args.params.params_val); xdr_free((xdrproc_t)xdr_remote_domain_set_blkio_parameters_args, (char *)args); goto done; } if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_SET_BLKIO_PARAMETERS, (xdrproc_t)xdr_remote_domain_set_blkio_parameters_args, (char *)args, (xdrproc_t)xdr_void, (char *)NULL) == -1) { goto done; } rv = 0; done: if (args.params.params_val) { for (i = 0; i nparams; i++) { VIR_FREE(args.params.params_val[i].field); } VIR_FREE(args.params.params_val); } remoteDriverUnlock(priv); return rv; } Regards, Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] RFC: API additions for enhanced snapshot support
On 07/27/2011 04:04 AM, Stefan Hajnoczi wrote: On Thu, Jun 16, 2011 at 6:41 AM, Eric Blakeebl...@redhat.com wrote: Right now, libvirt has a snapshot API via virDomainSnapshotCreateXML, but for qemu domains, it only works if all the guest disk images are qcow2, and qemu rather than libvirt does all the work. However, it has a couple of drawbacks: it is inherently tied to domains (there is no way to manage snapshots of storage volumes not tied to a domain, even though libvirt does that for qcow2 images associated with offline qemu domains by using the qemu-img application). And it necessarily operates on all of the images associated with a domain in parallel - if any disk image is not qcow2, the snapshot fails, and there is no way to select a subset of disks to save. However, it works on both active (disk and memory state) and inactive domains (just disk state). Hi Eric, Any updates on your proposed snapshot API enhancements? I still need to post a v2 RFC that gives the XML changes needed to support disk snapshots on top of virDomainSnapshotCreateXML. Meanwhile, I still want to add additional API to make it easier to manage offline storage volume snapshots (storage volumes that are not in use by a defined or running domain), although it obviously won't happen by 0.9.4. The use case I am particularly interested in is a backup solution using libvirt snapshot APIs to take consistent backups of guests. The two workflows are reading out full snapshots of disk images (full backup) and reading only those blocks that have changed since the last backup (incremental backup). Full backup should be supported via virDomainSnapshotCreateXML, once I have the new XML in place, by using the new qemu snapshot_blkdev monitor commands. Incremental backups can be done just like full backups except with an API call to get a dirty blocks list. The client only reads out those dirty blocks from the snapshot. Incremental backups will need more work - qemu does not yet have the monitor commands for exposing which blocks are dirty. Of course, as code is written for qemu, it would be nice to also be thinking about how to support that in libvirt, so once I do propose my XML changes for full snapshots, it would be nice to remember in your review to think about whether it remains extensible to the incremental case. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] build: support warnings on RHEL 5
On 07/27/2011 02:03 AM, Daniel P. Berrange wrote: On Tue, Jul 26, 2011 at 02:25:40PM -0600, Eric Blake wrote: Without this, a configure built by autoconf 2.59 was broken when trying to detect which compiler warning flags were supported. * .gnulib: Update to latest, for warnings.m4 fix. * src/qemu/qemu_conf.c (includes): Drop unused include. * src/uml/uml_conf.c (include): Likewise. Reported by Daniel P. Berrange. ACK Thanks; pushed. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Memory leak of the remoteDomainSet* functions
2011/7/27 Osier Yang jy...@redhat.com: Hello, there Per bug https://bugzilla.redhat.com/show_bug.cgi?id=725322, should we change the remoteDomainSet* functions into skipgen, and fix the leaks like below? (NB, new VIR_FREE statements) Why not fix the generator instead? static int remoteDomainSetBlkioParameters(virDomainPtr dom, virTypedParameterPtr params, int nparams, unsigned int flags) { int rv = -1; int i; struct private_data *priv = dom-conn-privateData; remote_domain_set_blkio_parameters_args args; remote_domain_set_blkio_parameters_args args; remoteDriverLock(priv); make_nonnull_domain(args.dom, dom); args.flags = flags; if (remoteSerializeTypedParameters(params, nparams, args.params.params_val, args.params.params_len) 0) { for (i = 0; i nparams; i++) { VIR_FREE(args.params.params_val[i].field); } VIR_FREE(args.params.params_val); This loop should not be needed as remoteSerializeTypedParameters cleans up in the error case. xdr_free((xdrproc_t)xdr_remote_domain_set_blkio_parameters_args, (char *)args); goto done; } if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_SET_BLKIO_PARAMETERS, (xdrproc_t)xdr_remote_domain_set_blkio_parameters_args, (char *)args, (xdrproc_t)xdr_void, (char *)NULL) == -1) { goto done; } rv = 0; done: if (args.params.params_val) { for (i = 0; i nparams; i++) { VIR_FREE(args.params.params_val[i].field); } VIR_FREE(args.params.params_val); } remoteDriverUnlock(priv); return rv; } This can be fixed in the generator, but why no use xdr_free here instead of open coding the free loop? -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] FW: Error configuring my Virtual machine network
I am a newbie to linux and was given a task to fine out what could be wrong with the configuration of the software we are working on. The error displayed on my screen is as capture below.Can you help me out. ncftool define netmask.xml xmlXPathCompiledEval: evaluation failed error: XSLT transformation failed error: runtime error: file /usr/share/netcf/xml/suse-get.xsl line 204 element node NB. the content of my xml file is as shown bellow.What i noticed is whenever the prefix goes above 24,that is when the error comes up.but below 24 it works well. thanks interface type=ethernet name=eth5 start mode=onboot/ mac address=00:21:28:44:E3:2B/ protocol family=ipv4 ip address=204.10.0.25 prefix=26/ /protocol /interface ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ netmask.xml 7 lines, 194 characters Ehiwere matthew omogbai Graduate Student, Computer Networks Engineering. Sweden Private: 0046736942168 email:ehiw...@kth.semailto:ehiw...@kth.se MOTTO:The past is my heritage, The present is my responsibility The future is my challenge Chose to stand,not because there is no seat but because I want to be counted -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
Am 27.07.2011 15:09, schrieb Corey Bryant: Kevin/Daniel, thanks a lot for your input. In terms of the support that libvirt requires, I just want to make sure all bases are covered. In order for this support to be useful to libvirt, the following are required (sorry if this is repetitive): 1) -blockdev (backing file support) 2) savevm (snapshot support) savevm is harmless and doesn't need any special treatment. 3) snapshot_blkdev (snapshot support) 4) 'change' monitor command 5) -cdrom and as far as I know, the status of the above is: 1) Someone is slated to work on this (not me) 2) I need to figure out how to re-open file without an open (me) 3) This will be covered by live snapshots feature (not me) 4) Should just work as is (me) 5) May also just work as is (me) In other words, 1 and 3 will not be implemented by me (except perhaps some re-usable infrastructure). Could you confirm my understanding? Yes, at least not at this point. Kevin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On 07/27/2011 02:41 AM, Laine Stump wrote: On 07/26/2011 07:10 PM, Eric Blake wrote: On 07/26/2011 08:50 AM, Laine Stump wrote: I think it is a somewhat overkill to have 'autoport' be a setting per-listen element. I can't imagine people want a fixed port number on one IP addr, but a dynamic port number on another IP addr. So we could just keep that on the top level element. Although I agree with you for config purposes, it looks to me like the real use of autoport is that in the live XML it allows differentiating between ports that were manually specified and those that were automatically allocated (really, that seems like its main purpose, since simply not giving a port also implies autoport). If we have only a single autoport attribute for all the listens, we'll have to put in extra code that makes sure if they specify port for one listen, they do it for all of them. Is it that hard to add that additional validation? Anything can be done, given enough time to think, code, and test all the corner cases. I don't see where the gain is in this case, though. I see autoport more as an attribute that's useful when examining live XML than as something useful to set in the config. Having a separate autoport for each port is then not overkill, but just natural. Trying to use a single autoport to indicate whether all of a set of ports were generated automatically or were manually configured is what's overkill - you're going to a lot of trouble to enforce an unnatural restriction for no practical gain. Maybe the best thing is to only allow autoport in listen when (flags INACTIVE) is false (live XML). This would mean that, as far as config was concerned, listen would *never* have any autoport in it (which would be fine with me); it would however still be in the data structure, and still output in live XML. After more thinking, her eare two possible plans: 1) see above - the autoport attribute will only show up (or be recognized) for live XML; when writing the configuration, lack of a port will imply autoport=yes, and presence of port will imply autoport=no. 2) remove autoport from listen and store it in graphics. During the parsing of graphics, after all the listens are parsed, loop through them and verify that either all of them have a port, or none of them do (inactive XML only - for live XML they actually all should have a port). Votes? (After looking through the code again, I'm completely willing to implement (2), just want to make sure that's really what you want.) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On Wed, Jul 27, 2011 at 11:20:42AM -0400, Laine Stump wrote: On 07/27/2011 02:41 AM, Laine Stump wrote: On 07/26/2011 07:10 PM, Eric Blake wrote: On 07/26/2011 08:50 AM, Laine Stump wrote: I think it is a somewhat overkill to have 'autoport' be a setting per-listen element. I can't imagine people want a fixed port number on one IP addr, but a dynamic port number on another IP addr. So we could just keep that on the top level element. Although I agree with you for config purposes, it looks to me like the real use of autoport is that in the live XML it allows differentiating between ports that were manually specified and those that were automatically allocated (really, that seems like its main purpose, since simply not giving a port also implies autoport). If we have only a single autoport attribute for all the listens, we'll have to put in extra code that makes sure if they specify port for one listen, they do it for all of them. Is it that hard to add that additional validation? Anything can be done, given enough time to think, code, and test all the corner cases. I don't see where the gain is in this case, though. I see autoport more as an attribute that's useful when examining live XML than as something useful to set in the config. Having a separate autoport for each port is then not overkill, but just natural. Trying to use a single autoport to indicate whether all of a set of ports were generated automatically or were manually configured is what's overkill - you're going to a lot of trouble to enforce an unnatural restriction for no practical gain. Maybe the best thing is to only allow autoport in listen when (flags INACTIVE) is false (live XML). This would mean that, as far as config was concerned, listen would *never* have any autoport in it (which would be fine with me); it would however still be in the data structure, and still output in live XML. After more thinking, her eare two possible plans: 1) see above - the autoport attribute will only show up (or be recognized) for live XML; when writing the configuration, lack of a port will imply autoport=yes, and presence of port will imply autoport=no. This would be a change in behaviour - currently 'autoport' attribute is always present when we output XML, even for inactive guests, so there is a consistent way to determine if autoport is in use. 2) remove autoport from listen and store it in graphics. During the parsing of graphics, after all the listens are parsed, loop through them and verify that either all of them have a port, or none of them do (inactive XML only - for live XML they actually all should have a port). One further thought, is should we even store 'port' on the listen element. I know technically this lets you configure different port numbers for different interfaces, but this feels somewhat error prone for clients. eg consider a guest A listen addr='10.0.0.1' port='5902' listen addr='192.168.0.1' port='5909' and guest B listen addr='10.0.0.1' port='5904' listen addr='192.168.0.1' port='5902' And DNS enter 'somehost.example.com' which has two A records somehost.example.com A 10.0.0.1 somehost.example.com A 192.168.0.1 Connecting to 'somehost.example.com' guest A you need to be very careful not to accidentally get guest B. So it has become much more tedious for a client app to connect to a guest if they have to worry about the fact that a VM may be listening on different ports for each IP address associated with a DNS name. Using different ports may sound unlikely, but it actually could be a fairly common problem if you use 'autoport' feature. I feel it is worthwhile for app developer sanity to *not* allow different port numbers per listen element, only IP addresses Should we find we need the extra flexibility in the future (unlikely) then we can still add it to teh XML at that time. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On 07/27/2011 01:47 AM, Laine Stump wrote: I'm not sure this is right. I think we want to require either type=address (which implies address=nnn must also be present, and network=nnn must not be present) or type=network (which implies that network=nnn must be present, and address=nnn might show up in live XML dumpxml output to show what was resolved, but is ignored in input parsing. Also, autoport=yes and port=nnn should be a forbidden combination. Actually it's not forbidden, that's really the only practical use I can see for the autoport attribute - in live XML autoport='yes' port='nnn' is used to indicate that the port was auto-generated and this time 'nnn' was used. (and not that it's any indication of what is right or wrong, but the current RNG file allows it). ... Well, existing code doesn't do that. Do no harm. Certainly in live XML this is acceptable, and for inactive XML there may be cases where someone grabs live XML, modifies it, and sends the results back to the parse as config (aka inactive). Yeah, on thinking more, it would be nice if the rng file accepted all live xml (it doesn't, because of other aspects like alias and actual, but in general we tend to ignore rather than reject stuff we don't recognize). So maybe your rng is okay as is - it accepts more than what is strictly necessary, but as long as it doesn't reject anything that the code accepts, we're okay. The question comes down to whether it is easy to make the rng reject stuff that the code rejects, or whether to keep the rng simple and over-permissive. I think if we made autoport a single setting global to all instances of listen, and tried to prevent simultaneous (global) autoport and (local to one listen) port, the RNG would be quite unwieldy. (you would have to have a listenElementsPort and a listenElementsAutoport, and the graphics RNG would put the two of them in a choice depending on the setting of autoport) Interesting point. Overall, I think it boils down to whether we ever envision having more than one listen, where one specified a port and the other let the port be chosen automatically. Conversely, if we start strict, we can always relax later (especially since it won't be till later that we support multiple listen), whereas if we start relaxed, it's harder to tighten things up. But I'm starting to swing towards having autoport remain with listen. Shouldn't this fail if type is not found? That is, I think type is a mandatory attribute (must be address or network). No. It's also possible that no address/network information is given (in which case type would be default, which ends up as just no type showing up at all). In that case, the qemu driver has default listen addresses for VNC and for Spice. So it's completely valid to give a port, but no address. Makes sense. So I think this can be expressed in rng as: optional choice group attribute...type=address attribute...address=iporname /group group attribute...type=network attribute...network=name optional attribute...address=ip /optional /group /choice /optional That is, type is optional, but if present, then it determines whether address or network must also be present. Meanwhile, address can appear with either type, but if address appears, then type must appear. + + if (address address[0]) { + def-address = address; + address = NULL; Should we reject address if not VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS? No. Although I haven't found the right place to put it in, it's possible that the listen type may be network, and the resolved address will be filled in so that it can show up as status in the live XML. (I actually originally had exactly that check put in, but removed it for this reason). Yep, I agree that we want to be able to parse existing live output, even if we ignore that parse on INACTIVE. I learned with my virDomainSaveImageDefineXML patch that parsing must be symmetric to output format. Since your output function produces address for network mode on live xml but skips it for inactive, you _must_ make the parser leave address as NULL on parsing if (flags VIR_DOMAIN_XML_INACTIVE) and network mode is detected. I hadn't thought of that. But should we reject it in that case, or should we *ignore* it? (Will it ever be the case that someone will feed live XML back to the parser as config? And should we complain in that case, or silently ignore the extra, just as we would if it was something completely unknown to us?) (I usually tend to follow the IETF mantra of being lenient in what you accept, and strict in what you give out) In general, we ignore (not reject) live-only information when doing an INACTIVE parse. See for example how alias is treated - the format routines only output alias on live images, and when parsing INACTIVE, any existing alias is silently ignored. Possibly, I can modify the formatter to (1) never
Re: [libvirt] [PATCHv3 1/2] conf: add listen subelement to domain graphics element
On Wed, Jul 27, 2011 at 04:37:13PM +0100, Daniel P. Berrange wrote: On Wed, Jul 27, 2011 at 11:20:42AM -0400, Laine Stump wrote: One further thought, is should we even store 'port' on the listen element. I know technically this lets you configure different port numbers for different interfaces, but this feels somewhat error prone for clients. eg consider a guest A listen addr='10.0.0.1' port='5902' listen addr='192.168.0.1' port='5909' and guest B listen addr='10.0.0.1' port='5904' listen addr='192.168.0.1' port='5902' And DNS enter 'somehost.example.com' which has two A records somehost.example.com A 10.0.0.1 somehost.example.com A 192.168.0.1 Connecting to 'somehost.example.com' guest A you need to be very careful not to accidentally get guest B. It actually gets even worse if you consider a not uncommon DMZ setup where each host is configured with addresses from a private range like 10.0.0.x, but all users connect to the machine using completely different a public IP address. In such a case there'd be no way to reliably determine which port to use for a guest when conencting to the public IP if multiple different ports per VM allowed. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCHv3 2/2] qemu: support type=network in domain graphics listen
On 07/25/2011 03:00 AM, Laine Stump wrote: The domain XML now understands thelisten subelement of its graphics element (including when listen type='network'), and the network driver has an internal API that will turn a network name into an IP address, so the final logical step is to put the glue into the qemu driver so that when it is starting up a domain, if it finds listen type='network' network='xyz'/ in the XML, it will call the network driver to get an IPv4 address associated with network xyz, and tell qemu to listen for vnc (or spice) on that address rather than the default address (localhost). There may be some fallout to this patch, based on what happens to 1/2, but in general: @@ -4127,7 +4126,37 @@ qemuBuildCommandLine(virConnectPtr conn, def-graphics[0]-data.vnc.socket); } else if (qemuCapsGet(qemuCaps, QEMU_CAPS_VNC_COLON)) { +const char *listenNetwork; +const char *listenAddr = NULL; +char *netAddr = NULL; bool escapeAddr; +int ret; + +switch (virDomainGraphicsListenGetType(def-graphics[0], 0)) { +case VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS: +listenAddr = virDomainGraphicsListenGetAddress(def-graphics[0], 0); +break; + +case VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_NETWORK: +listenNetwork = virDomainGraphicsListenGetNetwork(def-graphics[0], 0); +if (!listenNetwork) +break; +ret = networkGetNetworkAddress(listenNetwork,netAddr); +if (ret= -2) { +qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, +%s, _(network-based listen not possible, +network driver not present)); +goto error; +} +if (ret 0) { +qemuReportError(VIR_ERR_XML_ERROR, +_(listen network '%s' had no usable address), +listenNetwork); +goto error; +} +listenAddr = netAddr; +break; +} this looks good. ACK. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 00/10] Rollback migration when libvirtd restarts
On 07/27/2011 07:29 AM, Daniel P. Berrange wrote: On Tue, Jul 19, 2011 at 02:27:29AM +0200, Jiri Denemark wrote: This is the rest of the original 19 patch series updated with some bugfixes and rebased on current master, which is also available at https://gitorious.org/~jirka/libvirt/jirka-staging/commits/migration-recovery I didn't manage to run this through the libvirt-tck migration test but I did some additional testing with the following combinations of libvirt (current contains this series): I've tested many combinations now with the TCK and it all passes, so an ACK for this series from me. I also tested this with Eric's suggested additions. I've now pushed the series, with my squash-in for 3/10, and will be shortly submitting a virsh patch to expose the new flag. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] virsh: expose change-protection during migration
* tools/virsh.c (doMigrate): Add --change-protection flag. * tools/virsh.pod (migrate): Document it. --- As promised here: https://www.redhat.com/archives/libvir-list/2011-July/msg01919.html tools/virsh.c |4 tools/virsh.pod |9 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 113124f..34036f9 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -4830,6 +4830,8 @@ static const vshCmdOptDef opts_migrate[] = { {suspend, VSH_OT_BOOL, 0, N_(do not restart the domain on the destination host)}, {copy-storage-all, VSH_OT_BOOL, 0, N_(migration with non-shared storage with full disk copy)}, {copy-storage-inc, VSH_OT_BOOL, 0, N_(migration with non-shared storage with incremental copy (same base image shared between source and destination))}, +{change-protection, VSH_OT_BOOL, 0, + N_(prevent any configuration changes to source until migration ends))}, {verbose, VSH_OT_BOOL, 0, N_(display the progress of migration)}, {domain, VSH_OT_DATA, VSH_OFLAG_REQ, N_(domain name, id or uuid)}, {desturi, VSH_OT_DATA, VSH_OFLAG_REQ, N_(connection URI of the destination host as seen from the client(normal migration) or source(p2p migration))}, @@ -4906,6 +4908,8 @@ doMigrate (void *opaque) if (vshCommandOptBool (cmd, copy-storage-inc)) flags |= VIR_MIGRATE_NON_SHARED_INC; +if (vshCommandOptBool (cmd, change-protection)) +flags |= VIR_MIGRATE_CHANGE_PROTECTION; if (xmlfile virFileReadAll(xmlfile, 8192, xml) 0) diff --git a/tools/virsh.pod b/tools/virsh.pod index e9aaa80..6c3c960 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -564,8 +564,9 @@ type attribute for the domain element of XML. =item Bmigrate [I--live] [I--direct] [I--p2p [I--tunnelled]] [I--persistent] [I--undefinesource] [I--suspend] [I--copy-storage-all] -[I--copy-storage-inc] [I--verbose] Idomain-id Idesturi [Imigrateuri] -[Idname] [I--timeout Bseconds] [I--xml Bfile] +[I--copy-storage-inc] [I--change-protection] [I--verbose] +Idomain-id Idesturi [Imigrateuri] [Idname] +[I--timeout Bseconds] [I--xml Bfile] Migrate domain to another host. Add I--live for live migration; I--p2p for peer-2-peer migration; I--direct for direct migration; or I--tunnelled @@ -575,6 +576,10 @@ and I--suspend leaves the domain paused on the destination host. I--copy-storage-all indicates migration with non-shared storage with full disk copy, I--copy-storage-inc indicates migration with non-shared storage with incremental copy (same base image shared between source and destination). +I--change-protection enforces that no incompatible configuration changes +will be made to the domain while the migration is underway; this flag is +implicitly enabled when supported by the hypervisor, but can be used to +reject the migration if the hypervisor lacks change protection support. I--verbose displays the progress of migration. The Idesturi is the connection URI of the destination host, and -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [v2] qemu: Improve docs for virsh dump format
On 07/27/2011 04:58 AM, Osier Yang wrote: The error in getCompressionType will never be reported, change the errors codes into warning (VIR_WARN(%s, _(foo)); doesn't break syntax-check rule), and also improve the docs in qemu.conf to tell user the truth. --- src/qemu/qemu.conf | 10 -- src/qemu/qemu_driver.c | 15 --- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 145062c..7de6863 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -196,8 +196,14 @@ # saving a domain in order to save disk space; the list above is in descending # order by performance and ascending order by compression ratio. # -# save_image_format is used when you use 'virsh save' at scheduled saving. -# dump_image_format is used when you use 'virsh dump' at emergency crashdump. +# save_image_format is used when you use 'virsh save' at scheduled +# saving, and it is an error if the specified save_image_format is +# not valid, or the according compression program can't be found. s/according/requested/ +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the according compression program can't be found, this falls s/according/requested/ +++ b/src/qemu/qemu_driver.c @@ -2712,17 +2712,18 @@ getCompressionType(struct qemud_driver *driver) */ if (driver-dumpImageFormat) { compress = qemudSaveCompressionTypeFromString(driver-dumpImageFormat); +/* Use raw as the format if the specified format is not valid, + * or the compress program is not available, + */ s/,/./ at the comment end. ACK with those nits fixed. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] libvirt-0.9.1 to 0.9.3-r1: managedsave/save won't start/restore at saved state
On 07/27/2011 02:37 AM, Nicolas Sebrecht wrote: I'm seeing strange behaviour, here. Any guests saved using both managedsave and save commands from virsh won't restore at saved state. A new full boot sequence happen. - Tested against libvirt v0.9.1, v0.9.2, v0.9.3-r1 (Gentoo) - Confirmed on three different hosts Gentoo amd64 systems. - Tested with gentoo and ubuntu guests. - Nothing relevant in /var/log/libvirt/libvirt.log or /var/log/libvirt/qemu/dom.log The state file /var/lib/libvirt/qemu/save/dom.save exists and is deleted when 'virsh start' is called. The new boot sequence is confirmed by : - VNC console checks - previous screen sessions lost - uptime I've open a bug at https://bugs.gentoo.org/show_bug.cgi?id=376333 but had no answer. Any idea on what could happen or how to inspect it? Does /var/log/libvirt/qemu/dom.log show the qemu process getting started with the -incoming fd:nnn flag? While you claim that nothing appeared to be relevant in that log, it might actually help to post a few lines of it for confirmation. It's working for me with libvirt 0.9.3 on RHEL 6, so I'm not sure what to suggest that you try next. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
On 07/27/2011 12:28 PM, Whit Blauvelt wrote: Looks like my real problem may be not incorporating a Debian/Ubuntu patch before building 0.9.x, since netcat differs: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 Hmm, what was the error message you were getting? We've made efforts at the libvirt level to have useful error reporting here, so that the cause of failure is more obvious. Also, I patched virt-manager a while ago to use a shell script to handle both RH and debian 'nc' versions. Script is here: http://git.fedorahosted.org/git?p=virt-manager.git;a=blob;f=src/virtManager/console.py;h=1bdf26b38ba50b95379a664d202af66626436f81;hb=HEAD#l95 Yeah, it's complete and utter crack, but this has been a constant frustration for users, so maybe worth revisiting at the libvirt level (and hey, launching nc over ssh is kinda crack to being with :) ). Even if we solved this in a clean way by providing our own /usr/libexec/libvirt_nc binary, we'd still probably have to play shell script games over SSH to handle connecting to older libvirt (or what if libvirt_nc was installed somewhere other than libexec?) - Cole -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
[adding libvir-list] On 07/27/2011 10:28 AM, Whit Blauvelt wrote: Looks like my real problem may be not incorporating a Debian/Ubuntu patch before building 0.9.x, since netcat differs: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 Reading that bug report, it looks like upstream libvirt.git should be patched to add a runtime test on whether a remote nc supports the -q option, rather than blindly assuming that 'nc -q' exists on the remote side. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH ] send-key: Implement Python API
On 07/26/2011 04:26 AM, Daniel P. Berrange wrote: On Thu, Jul 21, 2011 at 05:21:10PM +0800, Lai Jiangshan wrote: Signed-off-by: Lai Jiangshanla...@cn.fujitsu.com ACK Pushed. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Add support for image write mode in virtualbox driver
Hi everyone, We currently using libvirt for PYTI GSOC Project (it works very well!) and we encounter a problem. We use VM with two disk images, one which must to be snapshoted/rollbacked and the other one which must be not. We use VirtualBox as hypervisor and to do so, VirtualBox define Special image write modes (http://www.virtualbox.org/manual/ch05.html#hdimagewrites). What we need is to set the type of one image to writethrough. This information seems defined in VM config file. For instance: HardDisk uuid={402aef07-4df8-4518-831c-eeb9ae2a32d2} location=/home/boris/VirtualBox VMs/PYTI.vdi format=VDI type=Normal/ HardDisk uuid={63acf6d9-b7db-4d8d-8389-1276c3d500bb} location=/home/boris/VirtualBox VMs/adhock.vdi format=VDI type=Writethrough/ I found two pages mentioning the type of medium, this one: http://www.virtualbox.org/sdkref/_virtual_box_8idl.html#b4abb9d1b9e44b997d1d2a809e66191c and this one: http://www.virtualbox.org/sdkref/interface_i_medium_attachment.html. Hope it will help. Cheers, FELD Boris -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Environmental Variables inside a container
Hi All I am trying to pass an environmental flag to the LXC container when it is started.I found libvirt_lxc is already doing it in lxc_container.c as shown below static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef) { char uuidstr[VIR_UUID_STRING_BUFLEN]; virCommandPtr cmd; virUUIDFormat(vmDef-uuid, uuidstr); cmd = virCommandNew(vmDef-os.init); virCommandAddEnvString(cmd, PATH=/bin:/sbin); virCommandAddEnvString(cmd, TERM=linux-deva); virCommandAddEnvPair(cmd, LIBVIRT_LXC_UUID, uuidstr); virCommandAddEnvPair(cmd, LIBVIRT_LXC_NAME, vmDef-name); return cmd; } But only TERM flag is getting visible inside the container not remaining. Does it depends on how /sbin/init is receiving them? Is /sbin/init only recognizing TERM flag. If so what is intention of sending remaining flags in current libvirt. Please let me know if there is any elegant way to send environmental variable to container. Thanks for your time. Regards Devendra -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Environmental Variables inside a container
On 07/27/2011 12:44 PM, Devendra K. Modium wrote: Hi All I am trying to pass an environmental flag to the LXC container when it is started.I found libvirt_lxc is already doing it in lxc_container.c as shown below static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef) { char uuidstr[VIR_UUID_STRING_BUFLEN]; virCommandPtr cmd; virUUIDFormat(vmDef-uuid, uuidstr); cmd = virCommandNew(vmDef-os.init); virCommandAddEnvString(cmd, PATH=/bin:/sbin); virCommandAddEnvString(cmd, TERM=linux-deva); virCommandAddEnvPair(cmd, LIBVIRT_LXC_UUID, uuidstr); virCommandAddEnvPair(cmd, LIBVIRT_LXC_NAME, vmDef-name); Yes, this list is hard-coded, and only guarantees to affect the environment of the process at the root of the lxc process tree. But only TERM flag is getting visible inside the container not remaining. Does it depends on how /sbin/init is receiving them? Is /sbin/init only recognizing TERM flag. Probably something in your lxc process hierarchy is scrubbing environment variables prior to starting additional processes, but that's out of libvirt's control - libvirt can only affect the environment of the parent process. If so what is intention of sending remaining flags in current libvirt. Please let me know if there is any elegant way to send environmental variable to container. Sounds like it might be an interesting feature to enhance the xml for lxc domains to allow the specification of additional environment variables that should be inherited into the lxc process tree, beyond the few variables already hard-coded by libvirt. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] rpc: Fix memory leak in remoteDomainSet*Parameters functions
Add a new helper remoteFreeTypedParameters and teach the generator to add it to the cleanup section. https://bugzilla.redhat.com/show_bug.cgi?id=725322 --- src/remote/remote_driver.c | 22 +- src/rpc/gendispatch.pl |5 + 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0652e0d..e5bfa4b 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1208,6 +1208,22 @@ done: return rv; } +/* Helper to free typed parameters. */ +static void +remoteFreeTypedParameters(remote_typed_param *args_params_val, + u_int args_params_len) +{ +u_int i; + +if (args_params_val == NULL) +return; + +for (i = 0; i args_params_len; i++) +VIR_FREE(args_params_val[i].field); + +VIR_FREE(args_params_val); +} + /* Helper to serialize typed parameters. */ static int remoteSerializeTypedParameters(virTypedParameterPtr params, @@ -1264,11 +1280,7 @@ remoteSerializeTypedParameters(virTypedParameterPtr params, rv = 0; cleanup: -if (val) { -for (i = 0; i nparams; i++) -VIR_FREE(val[i].field); -VIR_FREE(val); -} +remoteFreeTypedParameters(val, nparams); return rv; } diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index ceeb1f5..0d344e8 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -979,6 +979,7 @@ elsif ($opt_k) { my @args_check_list = (); my @setters_list = (); my @setters_list2 = (); +my @free_list = (); my $priv_src = conn; my $priv_name = privateData; my $call_args = args; @@ -1105,6 +1106,7 @@ elsif ($opt_k) { xdr_free((xdrproc_t)xdr_$call-{args}, (char *)args);\n . goto done;\n . }); +push(@free_list, remoteFreeTypedParameters(args.params.params_val, args.params.params_len);\n); } elsif ($args_member =~ m/^((?:unsigned )?int) (\S+);\s*\/\*\s*call-by-reference\s*\*\//) { my $type_name = $1 *; my $arg_name = $2; @@ -1500,6 +1502,9 @@ elsif ($opt_k) { print \n; print done:\n; + +print join(\n, @free_list); + print remoteDriverUnlock(priv);\n; print return rv;\n; print }\n; -- 1.7.4.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Memory leak of the remoteDomainSet* functions
2011/7/27 Matthias Bolte matthias.bo...@googlemail.com: 2011/7/27 Osier Yang jy...@redhat.com: Hello, there Per bug https://bugzilla.redhat.com/show_bug.cgi?id=725322, should we change the remoteDomainSet* functions into skipgen, and fix the leaks like below? (NB, new VIR_FREE statements) Why not fix the generator instead? An here's the patch that does this https://www.redhat.com/archives/libvir-list/2011-July/msg01929.html -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
On Wed, Jul 27, 2011 at 10:53:01AM -0600, Eric Blake wrote: [adding libvir-list] On 07/27/2011 10:28 AM, Whit Blauvelt wrote: Looks like my real problem may be not incorporating a Debian/Ubuntu patch before building 0.9.x, since netcat differs: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 Reading that bug report, it looks like upstream libvirt.git should be patched to add a runtime test on whether a remote nc supports the -q option, rather than blindly assuming that 'nc -q' exists on the remote side. This is the patch we're currently using in Debian for that (based on a version originally forwarded from Ubuntu): http://anonscm.debian.org/gitweb/?p=pkg-libvirt/libvirt.git;a=blob;f=debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch I'd be happy to push that since this is the distro specific patch I have to adjust the most ;) Cheers, -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] rpc: Fix memory leak in remoteDomainSet*Parameters functions
On 07/27/2011 01:18 PM, Matthias Bolte wrote: Add a new helper remoteFreeTypedParameters and teach the generator to add it to the cleanup section. https://bugzilla.redhat.com/show_bug.cgi?id=725322 --- src/remote/remote_driver.c | 22 +- src/rpc/gendispatch.pl |5 + 2 files changed, 22 insertions(+), 5 deletions(-) ACK. diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0652e0d..e5bfa4b 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1208,6 +1208,22 @@ done: return rv; } +/* Helper to free typed parameters. */ +static void +remoteFreeTypedParameters(remote_typed_param *args_params_val, + u_int args_params_len) Not the typical one-arg free function, so it can't be listed in cfg.mk, but that's okay, since it's only used in one file. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Environmental Variables inside a container
Hi Eric Thanks for the reply. I am trying to run standard Ubuntu lxc file System(lxc-ubuntu) and /sbin/init of Ubuntu is the root process of lxc process tree. I believe most of the lxc containers start with /sbin/init as first process. Since I didn't exactly find the code of /sbin/init, I assumed since libvirt_lxc is currently sending environmental flags to first process(I believe mostly it is /sbin/init) of LXC container and hence this would be visible inside the container and assumed that /sbin/init in general should pass on this environment flags to child process. Though I know its not an libvirt issue, if its not passing on environment, just wanted to know if you have some knowledge about what might going on. Thanks in advance Regards Devendra - Original Message - From: Eric Blake ebl...@redhat.com To: Devendra K. Modium dmod...@isi.edu Cc: libvir-list@redhat.com Sent: Wednesday, July 27, 2011 3:13:51 PM Subject: Re: [libvirt] Environmental Variables inside a container On 07/27/2011 12:44 PM, Devendra K. Modium wrote: Hi All I am trying to pass an environmental flag to the LXC container when it is started.I found libvirt_lxc is already doing it in lxc_container.c as shown below static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef) { char uuidstr[VIR_UUID_STRING_BUFLEN]; virCommandPtr cmd; virUUIDFormat(vmDef-uuid, uuidstr); cmd = virCommandNew(vmDef-os.init); virCommandAddEnvString(cmd, PATH=/bin:/sbin); virCommandAddEnvString(cmd, TERM=linux-deva); virCommandAddEnvPair(cmd, LIBVIRT_LXC_UUID, uuidstr); virCommandAddEnvPair(cmd, LIBVIRT_LXC_NAME, vmDef-name); Yes, this list is hard-coded, and only guarantees to affect the environment of the process at the root of the lxc process tree. But only TERM flag is getting visible inside the container not remaining. Does it depends on how /sbin/init is receiving them? Is /sbin/init only recognizing TERM flag. Probably something in your lxc process hierarchy is scrubbing environment variables prior to starting additional processes, but that's out of libvirt's control - libvirt can only affect the environment of the parent process. If so what is intention of sending remaining flags in current libvirt. Please let me know if there is any elegant way to send environmental variable to container. Sounds like it might be an interesting feature to enhance the xml for lxc domains to allow the specification of additional environment variables that should be inherited into the lxc process tree, beyond the few variables already hard-coded by libvirt. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] rpc: Fix memory leak in remoteDomainSet*Parameters functions
2011/7/27 Eric Blake ebl...@redhat.com: On 07/27/2011 01:18 PM, Matthias Bolte wrote: Add a new helper remoteFreeTypedParameters and teach the generator to add it to the cleanup section. https://bugzilla.redhat.com/show_bug.cgi?id=725322 --- src/remote/remote_driver.c | 22 +- src/rpc/gendispatch.pl | 5 + 2 files changed, 22 insertions(+), 5 deletions(-) ACK. Thanks, pushed. -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: expose change-protection during migration
2011/7/27 Eric Blake ebl...@redhat.com: * tools/virsh.c (doMigrate): Add --change-protection flag. * tools/virsh.pod (migrate): Document it. --- As promised here: https://www.redhat.com/archives/libvir-list/2011-July/msg01919.html ACK. -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] virNetClientPtr leak in remote driver
doRemoteClose doesn't free the virNetClientPtr and this creates a 260kb leak per remote connection. This happens because virNetClientFree doesn't remove the last ref, because virNetClientNew creates the virNetClientPtr with a refcount of 2. static virNetClientPtr virNetClientNew(virNetSocketPtr sock, const char *hostname) { [...] client-refs = 1; [...] /* Set up a callback to listen on the socket data */ client-refs++; if (virNetSocketAddIOCallback(client-sock, VIR_EVENT_HANDLE_READABLE, virNetClientIncomingEvent, client, virNetClientEventFree) 0) { client-refs--; VIR_DEBUG(Failed to add event watch, disabling events); } [...] } virNetClientNew adds a ref before calling virNetSocketAddIOCallback but only removes it when virNetSocketAddIOCallback fails. This seems wrong too me and the ref should be removed in the success case too. The same pattern was added in 0302391ee643ad91fdc6d2ecf7e4cf0fc9724516 (Fix race in ref counting when handling RPC jobs) --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -763,10 +763,12 @@ readmore: /* Send off to for normal dispatch to workers */ if (msg) { +client-refs++; if (!client-dispatchFunc || client-dispatchFunc(client, msg, client-dispatchOpaque) 0) { virNetMessageFree(msg); client-wantClose = true; +client-refs--; return; } } Again, this seems wrong and the ref should be removed in the success case here too. Before I spent time to figure out how the refcounting is supposed to work here I just report it and hope that Dan can easily fix this. -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
On 07/27/2011 01:32 PM, Guido Günther wrote: On Wed, Jul 27, 2011 at 10:53:01AM -0600, Eric Blake wrote: [adding libvir-list] On 07/27/2011 10:28 AM, Whit Blauvelt wrote: Looks like my real problem may be not incorporating a Debian/Ubuntu patch before building 0.9.x, since netcat differs: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 Reading that bug report, it looks like upstream libvirt.git should be patched to add a runtime test on whether a remote nc supports the -q option, rather than blindly assuming that 'nc -q' exists on the remote side. This is the patch we're currently using in Debian for that (based on a version originally forwarded from Ubuntu): http://anonscm.debian.org/gitweb/?p=pkg-libvirt/libvirt.git;a=blob;f=debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch I'd be happy to push that since this is the distro specific patch I have to adjust the most ;) Pasting from that URL gave awkward results below; can you address my comments below, then post a v2 as a proper patch against libvirt.git? +++ b/src/rpc/virnetsocket.c 22 @@ -596,9 +596,30 @@ int virNetSocketNewConnectSSH(const char *nodename, 23 if (noTTY) 24 virCommandAddArgList(cmd, -T, -o, BatchMode=yes, 25 -e, none, NULL); 26 -virCommandAddArgList(cmd, nodename, 27 - netcat ? netcat : nc, 28 - -U, path, NULL); 29 + 30 +virCommandAddArgList(cmd, nodename, sh -c, NULL); Why is sh -c passed as a single argument, separate from the argument passed to that shell? Yes, ssh will join all arguments, then resplit the combined argument according to shell rules (I hate the fact that ssh duplicates shell word parsing), but we should either be providing a single argument to ssh with the entire shell script, or breaking this into one argument per word to be joined by ssh (three total), instead of doing half and half (two words in one argument, the third word [hairy script] in another). 31 +/* 32 + * This ugly thing is a shell script to detect availability of 33 + * the -q option for 'nc': debian and suse based distros need this 34 + * flag to ensure the remote nc will exit on EOF, so it will go away 35 + * when we close the VNC tunnel. If it doesn't go away, subsequent 36 + * VNC connection attempts will hang. s/VNC tunnel/connection tunnel/ s/VNC connection attempts/connection attempts/ This code is not a VNC tunnel. 37 + * 38 + * Fedora's 'nc' doesn't have this option, and apparently defaults 39 + * to the desired behavior. 40 + */ 41 +virCommandAddArgFormat(cmd, '%s -q 21 | grep -q \requires an argument\; grep -q is not portable to Solaris, even though it is required by POSIX. Instead, use grep with stdout and stderr redirected to /dev/null. 42 + if [ $? -eq 0 ] ; then Why split the nc probe from the if? We could use the more compact: if %s -q 21 | grep \requires an argument\ /dev/null 21; then 43 + CMD=\%s -q 0 -U %s\; I don't like this part. It is not safe to pass %s as the pathname through an additional round of shell parsing, since if the pathname has anything that might be construed as shell metacharacters, the parse will be destroyed. To some extent, that is already a pre-existing bug (slightly mitigated by the fact that 'path' is under libvirt's control, and should not be containing arbitrary characters unless you passed odd directory choices to ./configure). But we aren't even evaluating the 'netcat' variable for sanity - and that is an arbitrary string given completely by user input - sounds like we need an independent patch to reject a user-provided netcat that would be misparsed by ssh and any extra shell expansions. Without that, then this patch would need the burden of adding an extra level of escaping to match an extra level of shell parsing. 44 + else 45 + CMD=\%s -U %s\; 46 + fi; 47 + eval \$CMD\;', Yuck. We should avoid eval at all costs, since that adds a third(!) level of shell parsing on top of the two we're already suffering from (ssh and sh -c). I'd much rather see: sh -c 'CMD=either empty or -q 0; nc $CMD -U path' than sh -c 'CMD=either nc -q 0 -U path or nc -U path; eval $CMD' By the way, you can avoid one level of shell parsing by using this printf: sh -c 'CMD=..; \$1\ $CMD -U \$2\' sh %s %s, netcat, path that is, supply 'netcat' and 'path' to ssh at the same level of quoting they have always been used, with the shell script referring only to positional parameters rather than doing yet another round of parsing on those parameters. But if we already have to plug the hole of user-provided 'netcat' being safe for
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
On Wed, Jul 27, 2011 at 09:32:09PM +0200, Guido Günther wrote: This is the patch we're currently using in Debian for that (based on a version originally forwarded from Ubuntu): http://anonscm.debian.org/gitweb/?p=pkg-libvirt/libvirt.git;a=blob;f=debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch I'd be happy to push that since this is the distro specific patch I have to adjust the most ;) Somewhere I read a bug report about that not working for Solaris, whose grep doesn't have a -q flag. Suggestion there was to pipe to /dev/null instead. Best, Whit -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
On Wed, Jul 27, 2011 at 12:46:02PM -0400, Cole Robinson wrote: Hmm, what was the error message you were getting? We've made efforts at the libvirt level to have useful error reporting here, so that the cause of failure is more obvious. Debug-level error sequence at http://transpect.com/debug/virsh.txt Also, I patched virt-manager a while ago to use a shell script to handle both RH and debian 'nc' versions. Script is here: http://git.fedorahosted.org/git?p=virt-manager.git;a=blob;f=src/virtManager/console.py;h=1bdf26b38ba50b95379a664d202af66626436f81;hb=HEAD#l95 That's in the 0.9.0 virt-manager, but fails in my context, which where the systems I'm trying to manage are 0.8.3 from Ubuntu debs, and I'm on the latest versions of this all built from tar. Whit -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
The error from virt-manager 0.9.0's perspective is: Unable to open a connection to the libvirt management daemon. Libvirt URI is: qemu+ssh://root@192.168.1.65/system Verify that: - The 'libvirtd' daemon has been started [yes, it is] Cannot recv data: 15:42:02.778: 29831: debug : virCommandHook:1959 : Hook is done 0: Connection reset by peer Traceback (most recent call last): File /usr/src/virt-manager-0.9.0/src/virtManager/connection.py, line 1146, in _open_thread self.vmm = self._try_open() File /usr/src/virt-manager-0.9.0/src/virtManager/connection.py, line 1130, in _try_open flags) File /usr/local/lib/python2.7/dist-packages/libvirt.py, line 102, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: Cannot recv data: 15:42:02.778: 29831: debug : virCommandHook:1959 : Hook is done 0: Connection reset by peer - Whit -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] PCI devices passthough to LXC containers using libvirt
Hi All Please let me know if anyone have given access to PCI devices for a LXC container. I have tried getting the xml from virsh nodedev-dumpxml pci_device and added to the libvirt xml file as shown below device namepci__03_00_0/name parentpci__00_03_0/parent driver namenvidia/name /driver capability type='pci' domain0/domain bus3/bus slot0/slot function0/function product id='0x06fd' / vendor id='0x10de'nVidia Corporation/vendor /capability /device But it didn't work. I see the logs and it says couldn't get physical and virtual functions of these devices with error get_physical_function_linux:323 : Attempting to get SR IOV physical function for device with sysfs path '/sys/devices/pci:00/:00:00.0' 16:48:34.033: 13802: debug : get_sriov_function:270 : Attempting to resolve device path from device link '/sys/devices/pci:00/:00:00.0/physfn' 16:48:34.033: 13802: debug : get_sriov_function:274 : SR IOV function link '/sys/devices/pci:00/:00:00.0/physfn' does not exist 16:48:34.033: 13802: debug : get_virtual_functions_linux:348 : Attempting to get SR IOV virtual functions for devicewith sysfs path '/sys/devices/pci:00/:00:00.0' If anyone got some guidelines how to debug, please let me know. Thanks in advance Regards Devendra -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: expose change-protection during migration
On 07/27/2011 02:00 PM, Matthias Bolte wrote: 2011/7/27 Eric Blakeebl...@redhat.com: * tools/virsh.c (doMigrate): Add --change-protection flag. * tools/virsh.pod (migrate): Document it. --- As promised here: https://www.redhat.com/archives/libvir-list/2011-July/msg01919.html ACK. Thanks; pushed. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [Qemu-devel] [PATCH v3] Add support for fd: protocol
On Tue, Jul 26, 2011 at 3:51 PM, Corey Bryant cor...@linux.vnet.ibm.com wrote: sVirt provides SELinux MAC isolation for Qemu guest processes and their corresponding resources (image files). sVirt provides this support by labeling guests and resources with security labels that are stored in file system extended attributes. Some file systems, such as NFS, do not support the extended attribute security namespace, which is needed for image file isolation when using the sVirt SELinux security driver in libvirt. The proposed solution entails a combination of Qemu, libvirt, and SELinux patches that work together to isolate multiple guests' images when they're stored in the same NFS mount. This results in an environment where sVirt isolation and NFS image file isolation can both be provided. This patch contains the Qemu code to support this solution. I would like to solicit input from the libvirt community prior to starting the libvirt patch. Currently, Qemu opens an image file in addition to performing the necessary read and write operations. The proposed solution will move the open out of Qemu and into libvirt. Once libvirt opens an image file for the guest, it will pass the file descriptor to Qemu via a new fd: protocol. If the image file resides in an NFS mount, the following SELinux policy changes will provide image isolation: - A new SELinux boolean is created (e.g. virt_read_write_nfs) to allow Qemu (svirt_t) to only have SELinux read and write permissions on nfs_t files - Qemu (svirt_t) also gets SELinux use permissions on libvirt (virtd_t) file descriptors Following is a sample invocation of Qemu using the fd: protocol on the command line: qemu -drive file=fd:4,format=qcow2 The fd: protocol is also supported by the drive_add monitor command. This requires that the specified file descriptor is passed to the monitor alongside a prior getfd monitor command. There are some additional features provided by certain image types where Qemu reopens the image file. All of these scenarios will be unsupported for the fd: protocol, at least for this patch: - The -snapshot command line option - The savevm monitor command - The snapshot_blkdev monitor command - Use of copy-on-write image files - The -cdrom command line option - The -drive command line option with media=cdrom - The change monitor command In the earlier discussion, virtio-blk and iSCSI were identified as interesting protocols to be used with file descriptors in the future. This patch would bind fd: protocol only to raw file interface to be used by qcow2 etc. higher levels. I guess with small changes the protocol could be made selectable. Maybe it's just changing command line to format=virtio-blk or format=iscsi for those uses, though I fear there may be a layering violation. Considering the privilege separation side, this patch seems to be somewhat orthogonal to that (I don't expect any command line passing and parsing to happen between QEMU processes) but the low level fd handling seems useful modulo the comments made by others. The thought is that this support can be added in the future, but is not required for the initial fd: support. This patch was tested with the following formats: raw, cow, qcow, qcow2, qed, and vmdk, using the fd: protocol from the command line and the monitor. Tests were also run to verify existing file name support and qemu-img were not regressed. Non-valid file descriptors, fd: without format, snapshot and backing files, and cdrom were also tested. v2: - Add drive_add monitor command support - Fence off unsupported features that re-open image file v3: - Fence off cdrom and change monitor command support Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com --- block.c | 16 ++ block.h | 1 + block/cow.c | 5 +++ block/qcow.c | 5 +++ block/qcow2.c | 5 +++ block/qed.c | 4 ++ block/raw-posix.c | 81 +++-- block/vmdk.c | 5 +++ block_int.h | 1 + blockdev.c | 19 monitor.c | 5 +++ monitor.h | 1 + qemu-options.hx | 8 +++-- qemu-tool.c | 5 +++ 14 files changed, 149 insertions(+), 12 deletions(-) diff --git a/block.c b/block.c index 24a25d5..500db84 100644 --- a/block.c +++ b/block.c @@ -536,6 +536,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags, char tmp_filename[PATH_MAX]; char backing_filename[PATH_MAX]; + if (bdrv_is_fd_protocol(bs)) { + return -ENOTSUP; + } + /* if snapshot, we create a temporary backing file and open it instead of opening 'filename' directly */ @@ -585,6 +589,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags, /* Find the right image format driver */ if (!drv) {
Re: [libvirt] [PATCH 00/19] Rollback migration when libvirtd restarts
On 07/07/2011 05:34 PM, Jiri Denemark wrote: This series is also available at https://gitorious.org/~jirka/libvirt/jirka-staging/commits/migration-recovery The series does several things: - persists current job and its phase in status xml - allows safe monitor commands to be run during migration/save/dump jobs - implements recovery when libvirtd is restarted while a job is active - consolidates some code and fixes bugs I found when working in the area git bisect is pointing to this series as the cause of a regression in 'virsh managedsave dom' triggering libvirtd core dumps if some other process is actively making queries on domain at the same time (virt-manager is a great process for fitting that bill). I'm trying to further narrow down which patch introduced the regression, and see if I can plug the race (probably a case of not checking whether the monitor still exists when getting the condition for an asynchronous job, since the whole point of virsh [managed]save is that the domain will go away when the save completes, but that it is time-consuming enough that we want to query domain state in the meantime). Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x706d0700 (LWP 11419)] 0x004b9ad8 in qemuMonitorSend (mon=0x7fffe815c060, msg=0x706cf380) at qemu/qemu_monitor.c:801 801 while (!mon-msg-finished) { (gdb) bt #0 0x004b9ad8 in qemuMonitorSend (mon=0x7fffe815c060, msg=0x706cf380) at qemu/qemu_monitor.c:801 #1 0x004c77ae in qemuMonitorJSONCommandWithFd (mon=0x7fffe815c060, cmd=0x7fffd8000940, scm_fd=-1, reply=0x706cf480) at qemu/qemu_monitor_json.c:225 #2 0x004c78e5 in qemuMonitorJSONCommand (mon=0x7fffe815c060, cmd=0x7fffd8000940, reply=0x706cf480) at qemu/qemu_monitor_json.c:254 #3 0x004cc19c in qemuMonitorJSONGetMigrationStatus ( mon=0x7fffe815c060, status=0x706cf580, transferred=0x706cf570, remaining=0x706cf568, total=0x706cf560) at qemu/qemu_monitor_json.c:1920 #4 0x004bc1b3 in qemuMonitorGetMigrationStatus (mon=0x7fffe815c060, status=0x706cf580, transferred=0x706cf570, remaining=0x706cf568, total=0x706cf560) at qemu/qemu_monitor.c:1532 #5 0x004b201b in qemuMigrationUpdateJobStatus (driver=0x7fffe80089f0, vm=0x7fffe8015cd0, job=0x5427b6 domain save job) at qemu/qemu_migration.c:765 #6 0x004b2383 in qemuMigrationWaitForCompletion ( driver=0x7fffe80089f0, vm=0x7fffe8015cd0) at qemu/qemu_migration.c:846 #7 0x004b7806 in qemuMigrationToFile (driver=0x7fffe80089f0, vm=0x7fffe8015cd0, fd=27, offset=4096, path=0x7fffd8000990 /var/lib/libvirt/qemu/save/fedora_12.save, compressor=0x0, is_reg=true, bypassSecurityDriver=true) at qemu/qemu_migration.c:2766 #8 0x0046a90d in qemuDomainSaveInternal (driver=0x7fffe80089f0, dom=0x7fffd8000ad0, vm=0x7fffe8015cd0, path=0x7fffd8000990 /var/lib/libvirt/qemu/save/fedora_12.save, compressed=0, bypass_cache=false) at qemu/qemu_driver.c:2386 -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 04/19] qemu: Allow all query commands to be run during long jobs
On 07/07/2011 05:34 PM, Jiri Denemark wrote: Query commands are safe to be called during long running jobs (such as migration). This patch makes them all work without the need to special-case every single one of them. Git bisect says that this was the culprit commit that broke 'virsh managedsave'. +static int qemuDomainObjEnterMonitorInternal(struct qemud_driver *driver, virDomainObjPtr obj) { qemuDomainObjPrivatePtr priv = obj-privateData; +if (priv-job.active == QEMU_JOB_NONE priv-job.asyncJob) { +if (qemuDomainObjBeginNestedJob(obj) 0) +return -1; +if (!virDomainObjIsActive(obj)) { +qemuReportError(VIR_ERR_OPERATION_FAILED, %s, +_(domain is no longer running)); +return -1; +} +} I think this is the problem. Doing a managed save will eventually make the qemu process go away, so we reach a point where we cannot issue a query monitor command to see how the save is progressing. But this function only checks that vm is still active for QEMU_JOB_NONE, not for QEMU_ASYNC_JOB_SAVE. I'm trying out a patch now... -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: improve thread documentation
* src/qemu/THREADS.txt: Fix problems with typos, grammar, and outdated examples. --- Doc only, so pushing under the trivial rule. src/qemu/THREADS.txt | 30 -- 1 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/qemu/THREADS.txt b/src/qemu/THREADS.txt index 3a27a85..e73076c 100644 --- a/src/qemu/THREADS.txt +++ b/src/qemu/THREADS.txt @@ -6,7 +6,7 @@ the QEMU driver. The criteria for this model are: - Objects must never be exclusively locked for any prolonged time - Code which sleeps must be able to time out after suitable period - - Must be safe against dispatch asynchronous events from monitor + - Must be safe against dispatch of asynchronous events from monitor Basic locking primitives @@ -19,7 +19,7 @@ There are a number of locks on various objects This is the top level lock on the entire driver. Every API call in the QEMU driver is blocked while this is held, though some internal callbacks may still run asynchronously. This lock must never be held -for anything which sleeps/waits (ie monitor commands) +for anything which sleeps/waits (i.e. monitor commands) When obtaining the driver lock, under *NO* circumstances must any lock be held on a virDomainObjPtr. This *WILL* result in @@ -44,7 +44,7 @@ There are a number of locks on various objects to have the driver locked when re-acquiring the dropped locked, since the reference count prevents it being freed by another thread. -This lock must not be held for anything which sleeps/waits (ie monitor +This lock must not be held for anything which sleeps/waits (i.e. monitor commands). @@ -80,7 +80,7 @@ There are a number of locks on various objects whenever it hits a piece of code which may sleep/wait, and re-acquire it after the sleep/wait. Whenever an asynchronous job wants to talk to the monitor, it needs to acquire nested job (a -special kind of normla job) to obtain exclusive access to the +special kind of normal job) to obtain exclusive access to the monitor. Since the virDomainObjPtr lock was dropped while waiting for the @@ -139,7 +139,7 @@ To acquire the normal job condition - Increments ref count on virDomainObjPtr - Waits until the job is compatible with current async job or no async job is running -- Waits job.cond condition 'job.active != 0' using virDomainObjPtr +- Waits for job.cond condition 'job.active != 0' using virDomainObjPtr mutex - Rechecks if the job is still compatible and repeats waiting if it isn't @@ -150,7 +150,7 @@ To acquire the normal job condition - Unlocks driver - Waits until the job is compatible with current async job or no async job is running -- Waits job.cond condition 'job.active != 0' using virDomainObjPtr +- Waits for job.cond condition 'job.active != 0' using virDomainObjPtr mutex - Rechecks if the job is still compatible and repeats waiting if it isn't @@ -160,7 +160,7 @@ To acquire the normal job condition - Locks virDomainObjPtr NB: this variant is required in order to comply with lock ordering - rules for virDomainObjPtr vs driver + rules for virDomainObjPtr vs. driver qemuDomainObjEndJob() @@ -175,7 +175,7 @@ To acquire the asynchronous job condition qemuDomainObjBeginAsyncJob()(if driver is unlocked) - Increments ref count on virDomainObjPtr - Waits until no async job is running -- Waits job.cond condition 'job.active != 0' using virDomainObjPtr +- Waits for job.cond condition 'job.active != 0' using virDomainObjPtr mutex - Rechecks if any async job was started while waiting on job.cond and repeats waiting in that case @@ -185,7 +185,7 @@ To acquire the asynchronous job condition - Increments ref count on virDomainObjPtr - Unlocks driver - Waits until no async job is running -- Waits job.cond condition 'job.active != 0' using virDomainObjPtr +- Waits for job.cond condition 'job.active != 0' using virDomainObjPtr mutex - Rechecks if any async job was started while waiting on job.cond and repeats waiting in that case @@ -271,7 +271,7 @@ Design patterns - * Accessing something directly todo with a virDomainObjPtr + * Accessing something directly to do with a virDomainObjPtr virDomainObjPtr obj; @@ -285,7 +285,7 @@ Design patterns - * Accessing something directly todo with a virDomainObjPtr and driver + * Accessing something directly to do with a virDomainObjPtr and driver virDomainObjPtr obj; @@ -299,11 +299,11 @@ Design patterns - * Updating something directly todo with a virDomainObjPtr + * Updating something directly to do with a virDomainObjPtr virDomainObjPtr obj; - qemuDriverLockRO(driver); + qemuDriverLock(driver); obj = virDomainFindByUUID(driver-domains, dom-uuid); qemuDriverUnlock(driver); @@ -324,7
Re: [libvirt] [v2] qemu: Improve docs for virsh dump format
于 2011年07月28日 00:18, Eric Blake 写道: On 07/27/2011 04:58 AM, Osier Yang wrote: The error in getCompressionType will never be reported, change the errors codes into warning (VIR_WARN(%s, _(foo)); doesn't break syntax-check rule), and also improve the docs in qemu.conf to tell user the truth. --- src/qemu/qemu.conf | 10 -- src/qemu/qemu_driver.c | 15 --- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 145062c..7de6863 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -196,8 +196,14 @@ # saving a domain in order to save disk space; the list above is in descending # order by performance and ascending order by compression ratio. # -# save_image_format is used when you use 'virsh save' at scheduled saving. -# dump_image_format is used when you use 'virsh dump' at emergency crashdump. +# save_image_format is used when you use 'virsh save' at scheduled +# saving, and it is an error if the specified save_image_format is +# not valid, or the according compression program can't be found. s/according/requested/ +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the according compression program can't be found, this falls s/according/requested/ +++ b/src/qemu/qemu_driver.c @@ -2712,17 +2712,18 @@ getCompressionType(struct qemud_driver *driver) */ if (driver-dumpImageFormat) { compress = qemudSaveCompressionTypeFromString(driver-dumpImageFormat); +/* Use raw as the format if the specified format is not valid, + * or the compress program is not available, + */ s/,/./ at the comment end. ACK with those nits fixed. Thanks, pushed with the fixing. Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemu: fix nested job with driver lock held
qemuMigrationUpdateJobStatus (called in a loop by migration and save tasks) uses qemuDomainObjEnterMonitorWithDriver; however, that function ended up starting a nested job without releasing the driver. Since no one else is making nested calls, we can inline the internal functions to properly track driver_locked. * src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob) (qemuDomainObjBeginNestedJobWithDriver) (qemuDomainObjEndNestedJob): Drop unused prototypes. * src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Reflect driver lock to nested job. (qemuDomainObjBeginNestedJob) (qemuDomainObjBeginNestedJobWithDriver) (qemuDomainObjEndNestedJob): Drop unused functions. --- This does not solve the crash in 'virsh managedsave', but hopefully will make analysis easier in finding where we are freeing the monitor too early when probing to see if outgoing migration is completed. src/qemu/qemu_domain.c | 59 +++ src/qemu/qemu_domain.h |9 --- 2 files changed, 14 insertions(+), 54 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index fe88ce3..2eaaf3a 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -832,31 +832,6 @@ int qemuDomainObjBeginAsyncJobWithDriver(struct qemud_driver *driver, } /* - * Use this to protect monitor sections within active async job. - * - * The caller must call qemuDomainObjBeginAsyncJob{,WithDriver} before it can - * use this method. Never use this method if you only own non-async job, use - * qemuDomainObjBeginJob{,WithDriver} instead. - */ -int -qemuDomainObjBeginNestedJob(struct qemud_driver *driver, -virDomainObjPtr obj) -{ -return qemuDomainObjBeginJobInternal(driver, false, obj, - QEMU_JOB_ASYNC_NESTED, - QEMU_ASYNC_JOB_NONE); -} - -int -qemuDomainObjBeginNestedJobWithDriver(struct qemud_driver *driver, - virDomainObjPtr obj) -{ -return qemuDomainObjBeginJobInternal(driver, true, obj, - QEMU_JOB_ASYNC_NESTED, - QEMU_ASYNC_JOB_NONE); -} - -/* * obj must be locked before calling, qemud_driver does not matter * * To be called after completing the work associated with the @@ -888,21 +863,6 @@ qemuDomainObjEndAsyncJob(struct qemud_driver *driver, virDomainObjPtr obj) return virDomainObjUnref(obj); } -void -qemuDomainObjEndNestedJob(struct qemud_driver *driver, virDomainObjPtr obj) -{ -qemuDomainObjPrivatePtr priv = obj-privateData; - -qemuDomainObjResetJob(priv); -qemuDomainObjSaveJob(driver, obj); -virCondSignal(priv-job.cond); - -/* safe to ignore since the surrounding async job increased the reference - * counter as well */ -ignore_value(virDomainObjUnref(obj)); -} - - static int ATTRIBUTE_NONNULL(1) qemuDomainObjEnterMonitorInternal(struct qemud_driver *driver, bool driver_locked, @@ -911,7 +871,9 @@ qemuDomainObjEnterMonitorInternal(struct qemud_driver *driver, qemuDomainObjPrivatePtr priv = obj-privateData; if (priv-job.active == QEMU_JOB_NONE priv-job.asyncJob) { -if (qemuDomainObjBeginNestedJob(driver, obj) 0) +if (qemuDomainObjBeginJobInternal(driver, driver_locked, obj, + QEMU_JOB_ASYNC_NESTED, + QEMU_ASYNC_JOB_NONE) 0) return -1; if (!virDomainObjIsActive(obj)) { qemuReportError(VIR_ERR_OPERATION_FAILED, %s, @@ -952,8 +914,15 @@ qemuDomainObjExitMonitorInternal(struct qemud_driver *driver, priv-mon = NULL; } -if (priv-job.active == QEMU_JOB_ASYNC_NESTED) -qemuDomainObjEndNestedJob(driver, obj); +if (priv-job.active == QEMU_JOB_ASYNC_NESTED) { +qemuDomainObjResetJob(priv); +qemuDomainObjSaveJob(driver, obj); +virCondSignal(priv-job.cond); + +/* safe to ignore since the surrounding async job increased + * the reference counter as well */ +ignore_value(virDomainObjUnref(obj)); +} } /* @@ -962,7 +931,7 @@ qemuDomainObjExitMonitorInternal(struct qemud_driver *driver, * To be called immediately before any QEMU monitor API call * Must have already either called qemuDomainObjBeginJob() and checked * that the VM is still active or called qemuDomainObjBeginAsyncJob, in which - * case this will call qemuDomainObjBeginNestedJob. + * case this will start a nested job. * * To be followed with qemuDomainObjExitMonitor() once complete */ @@ -988,7 +957,7 @@ void qemuDomainObjExitMonitor(struct qemud_driver *driver, * To be called immediately before any QEMU monitor API call * Must have already either called qemuDomainObjBeginJobWithDriver() and * checked that the VM is still active or called qemuDomainObjBeginAsyncJob, - * in
Re: [libvirt] Memory leak of the remoteDomainSet* functions
于 2011年07月28日 03:19, Matthias Bolte 写道: 2011/7/27 Matthias Boltematthias.bo...@googlemail.com: 2011/7/27 Osier Yangjy...@redhat.com: Hello, there Per bug https://bugzilla.redhat.com/show_bug.cgi?id=725322, should we change the remoteDomainSet* functions into skipgen, and fix the leaks like below? (NB, new VIR_FREE statements) Why not fix the generator instead? An here's the patch that does this https://www.redhat.com/archives/libvir-list/2011-July/msg01929.html Thanks, Matthias, :) Regards Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: fix memory leak in cmdVolPath code
于 2011年07月27日 11:48, Osier Yang 写道: 于 2011年07月27日 11:33, Alex Jia 写道: * tools/virsh.c: avoid memory leak in cmdVolPath. * how to reproduce? % dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M % virsh pool-refresh default % valgrind -v --leak-check=full virsh vol-path --vol /var/lib/libvirt/images/foo.img * actual results: Detected in valgrind run: ==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22 ==16436==at 0x4A05FDE: malloc (vg_replace_malloc.c:236) ==16436==by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so) ==16436==by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:30) ==16436==by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret (remote_protocol.c:2952) ==16436==by 0x3DF8CDF161: virNetMessageDecodePayload (virnetmessage.c:286) ==16436==by 0x3DF8CDE9E5: virNetClientProgramCall (virnetclientprogram.c:318) ==16436==by 0x3DF8CC28A2: call (remote_driver.c:3929) ==16436==by 0x3DF8CC8412: remoteStorageVolGetPath (remote_client_bodies.h:5219) ==16436==by 0x3DF8C9BF14: virStorageVolGetPath (libvirt.c:11389) ==16436==by 0x418ECA: cmdVolPath (virsh.c:8754) ==16436==by 0x410CC2: vshCommandRun (virsh.c:12758) ==16436==by 0x41F286: main (virsh.c:14110) ==16436== ==16436== LEAK SUMMARY: ==16436==definitely lost: 32 bytes in 1 blocks Signed-off-by: Alex Jiaa...@redhat.com --- tools/virsh.c |9 - 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 841df61..d194a8b 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -9326,6 +9326,7 @@ cmdVolPath(vshControl *ctl, const vshCmd *cmd) { virStorageVolPtr vol; const char *name = NULL; +char * StorageVolPath; if (!vshConnectionUsability(ctl, ctl-conn)) return false; @@ -9334,7 +9335,13 @@ cmdVolPath(vshControl *ctl, const vshCmd *cmd) return false; } -vshPrint(ctl, %s\n, virStorageVolGetPath(vol)); +if ((StorageVolPath = virStorageVolGetPath(vol)) == NULL) { +virStorageVolFree(vol); +return false; +} + +vshPrint(ctl, %s\n, StorageVolPath); +VIR_FREE(StorageVolPath); virStorageVolFree(vol); return true; } ACK, but it will be better if docs of virStorageVolGetPath in src/libvirt.c can be updated, (to tell the returned path must be freed by caller). Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list Pushed with comments of virStorageVolGetPath updated. Thanks Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] libvirt-0.9.1 to 0.9.3-r1: managedsave/save won't start/restore at saved state
On 07/27/2011 04:37 AM, Nicolas Sebrecht wrote: I'm seeing strange behaviour, here. Any guests saved using both managedsave and save commands from virsh won't restore at saved state. A new full boot sequence happen. - Tested against libvirt v0.9.1, v0.9.2, v0.9.3-r1 (Gentoo) - Confirmed on three different hosts Gentoo amd64 systems. - Tested with gentoo and ubuntu guests. - Nothing relevant in /var/log/libvirt/libvirt.log or /var/log/libvirt/qemu/dom.log The state file /var/lib/libvirt/qemu/save/dom.save exists and is deleted when 'virsh start' is called. The new boot sequence is confirmed by : - VNC console checks - previous screen sessions lost - uptime I've open a bug at https://bugs.gentoo.org/show_bug.cgi?id=376333 but had no answer. Any idea on what could happen or how to inspect it? If you pause (virsh suspend) the guest before the save, can you then successfully start the domain (it should start in a paused state, and when the virsh commandline returns to the prompt, you can resume it with virsh resume.) If this is the case, it could be a race condition within qemu. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: fix nested job with driver lock held
On 07/27/2011 10:04 PM, Eric Blake wrote: qemuMigrationUpdateJobStatus (called in a loop by migration and save tasks) uses qemuDomainObjEnterMonitorWithDriver; however, that function ended up starting a nested job without releasing the driver. Since no one else is making nested calls, we can inline the internal functions to properly track driver_locked. ACK. * src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob) (qemuDomainObjBeginNestedJobWithDriver) (qemuDomainObjEndNestedJob): Drop unused prototypes. * src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Reflect driver lock to nested job. (qemuDomainObjBeginNestedJob) (qemuDomainObjBeginNestedJobWithDriver) (qemuDomainObjEndNestedJob): Drop unused functions. --- This does not solve the crash in 'virsh managedsave', but hopefully will make analysis easier in finding where we are freeing the monitor too early when probing to see if outgoing migration is completed. src/qemu/qemu_domain.c | 59 +++ src/qemu/qemu_domain.h |9 --- 2 files changed, 14 insertions(+), 54 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index fe88ce3..2eaaf3a 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -832,31 +832,6 @@ int qemuDomainObjBeginAsyncJobWithDriver(struct qemud_driver *driver, } /* - * Use this to protect monitor sections within active async job. - * - * The caller must call qemuDomainObjBeginAsyncJob{,WithDriver} before it can - * use this method. Never use this method if you only own non-async job, use - * qemuDomainObjBeginJob{,WithDriver} instead. - */ -int -qemuDomainObjBeginNestedJob(struct qemud_driver *driver, -virDomainObjPtr obj) -{ -return qemuDomainObjBeginJobInternal(driver, false, obj, - QEMU_JOB_ASYNC_NESTED, - QEMU_ASYNC_JOB_NONE); -} - -int -qemuDomainObjBeginNestedJobWithDriver(struct qemud_driver *driver, - virDomainObjPtr obj) -{ -return qemuDomainObjBeginJobInternal(driver, true, obj, - QEMU_JOB_ASYNC_NESTED, - QEMU_ASYNC_JOB_NONE); -} - -/* * obj must be locked before calling, qemud_driver does not matter * * To be called after completing the work associated with the @@ -888,21 +863,6 @@ qemuDomainObjEndAsyncJob(struct qemud_driver *driver, virDomainObjPtr obj) return virDomainObjUnref(obj); } -void -qemuDomainObjEndNestedJob(struct qemud_driver *driver, virDomainObjPtr obj) -{ -qemuDomainObjPrivatePtr priv = obj-privateData; - -qemuDomainObjResetJob(priv); -qemuDomainObjSaveJob(driver, obj); -virCondSignal(priv-job.cond); - -/* safe to ignore since the surrounding async job increased the reference - * counter as well */ -ignore_value(virDomainObjUnref(obj)); -} - - static int ATTRIBUTE_NONNULL(1) qemuDomainObjEnterMonitorInternal(struct qemud_driver *driver, bool driver_locked, @@ -911,7 +871,9 @@ qemuDomainObjEnterMonitorInternal(struct qemud_driver *driver, qemuDomainObjPrivatePtr priv = obj-privateData; if (priv-job.active == QEMU_JOB_NONE priv-job.asyncJob) { -if (qemuDomainObjBeginNestedJob(driver, obj) 0) +if (qemuDomainObjBeginJobInternal(driver, driver_locked, obj, + QEMU_JOB_ASYNC_NESTED, + QEMU_ASYNC_JOB_NONE) 0) return -1; if (!virDomainObjIsActive(obj)) { qemuReportError(VIR_ERR_OPERATION_FAILED, %s, @@ -952,8 +914,15 @@ qemuDomainObjExitMonitorInternal(struct qemud_driver *driver, priv-mon = NULL; } -if (priv-job.active == QEMU_JOB_ASYNC_NESTED) -qemuDomainObjEndNestedJob(driver, obj); +if (priv-job.active == QEMU_JOB_ASYNC_NESTED) { +qemuDomainObjResetJob(priv); +qemuDomainObjSaveJob(driver, obj); +virCondSignal(priv-job.cond); + +/* safe to ignore since the surrounding async job increased + * the reference counter as well */ +ignore_value(virDomainObjUnref(obj)); +} } /* @@ -962,7 +931,7 @@ qemuDomainObjExitMonitorInternal(struct qemud_driver *driver, * To be called immediately before any QEMU monitor API call * Must have already either called qemuDomainObjBeginJob() and checked * that the VM is still active or called qemuDomainObjBeginAsyncJob, in which - * case this will call qemuDomainObjBeginNestedJob. + * case this will start a nested job. * * To be followed with qemuDomainObjExitMonitor() once complete */ @@ -988,7 +957,7 @@ void qemuDomainObjExitMonitor(struct qemud_driver *driver, * To be called immediately before any QEMU monitor API call * Must have already either called qemuDomainObjBeginJobWithDriver() and *
Re: [libvirt] [PATCH] virsh: fix memory leak in cmdVolPath code
On 07/28/2011 11:06 AM, Osier Yang wrote: 于 2011年07月27日 11:48, Osier Yang 写道: 于 2011年07月27日 11:33, Alex Jia 写道: * tools/virsh.c: avoid memory leak in cmdVolPath. * how to reproduce? % dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M % virsh pool-refresh default % valgrind -v --leak-check=full virsh vol-path --vol /var/lib/libvirt/images/foo.img * actual results: Detected in valgrind run: ==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22 ==16436==at 0x4A05FDE: malloc (vg_replace_malloc.c:236) ==16436==by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so) ==16436==by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:30) ==16436==by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret (remote_protocol.c:2952) ==16436==by 0x3DF8CDF161: virNetMessageDecodePayload (virnetmessage.c:286) ==16436==by 0x3DF8CDE9E5: virNetClientProgramCall (virnetclientprogram.c:318) ==16436==by 0x3DF8CC28A2: call (remote_driver.c:3929) ==16436==by 0x3DF8CC8412: remoteStorageVolGetPath (remote_client_bodies.h:5219) ==16436==by 0x3DF8C9BF14: virStorageVolGetPath (libvirt.c:11389) ==16436==by 0x418ECA: cmdVolPath (virsh.c:8754) ==16436==by 0x410CC2: vshCommandRun (virsh.c:12758) ==16436==by 0x41F286: main (virsh.c:14110) ==16436== ==16436== LEAK SUMMARY: ==16436==definitely lost: 32 bytes in 1 blocks Signed-off-by: Alex Jiaa...@redhat.com --- tools/virsh.c |9 - 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 841df61..d194a8b 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -9326,6 +9326,7 @@ cmdVolPath(vshControl *ctl, const vshCmd *cmd) { virStorageVolPtr vol; const char *name = NULL; +char * StorageVolPath; if (!vshConnectionUsability(ctl, ctl-conn)) return false; @@ -9334,7 +9335,13 @@ cmdVolPath(vshControl *ctl, const vshCmd *cmd) return false; } -vshPrint(ctl, %s\n, virStorageVolGetPath(vol)); +if ((StorageVolPath = virStorageVolGetPath(vol)) == NULL) { +virStorageVolFree(vol); +return false; +} + +vshPrint(ctl, %s\n, StorageVolPath); +VIR_FREE(StorageVolPath); virStorageVolFree(vol); return true; } ACK, but it will be better if docs of virStorageVolGetPath in src/libvirt.c can be updated, (to tell the returned path must be freed by caller). Osier -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list Pushed with comments of virStorageVolGetPath updated. Thanks Osier Osier, thanks for your push and update. BTW, it seems other comments of function are also missing this introduction for whether caller should free this. Regards, Alex -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list