[libvirt] Entering freeze for libvirt 5.6.0

[Daniel Veillard]

  I completely forgot to send plans for this and already a bit late for
release schedule, so I just tagged RC1 in git and pushed the signed
tarball and source rpm to the usual place:

   https://libvirt.org/sources/

  Seems okay in my very limited tests here, there is a few red tests
on jenkins but nothing looking like core libvirt issues
   https://ci.centos.org/view/libvirt/

  I will try to cut RC2 once I'm back in Europe Thursday, and then
get the final release by the w.e. or Monday. In the meantime, please
give it some testing !

 thanks,

Daniel

-- 
Daniel Veillard  | Red Hat Developers Tools http://developer.redhat.com/
veill...@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 17/41] remote: refactor how list of systemd unit files is built

[Jim Fehlig]

On 7/29/19 8:18 AM, Andrea Bolognani wrote:
> On Mon, 2019-07-29 at 13:17 +0100, Daniel P. Berrangé wrote:
>> On Fri, Jul 26, 2019 at 08:01:52PM +0200, Andrea Bolognani wrote:
>>> Again IIUC there's nothing really stopping us from generating
>>> virtqemud*.service from libvirtd*.service.in, or at least from
>>> a common virtd*.service.in, since eg. virtqemud.service.in and
>>> virtlxcd.service.in are basically identical - it's just that you
>>> haven't unified the generation rules yet.
>>
>> I'm was not anticipating sharing the service.in file, as many of
>> the parameters will be driver specific.
> 
> It doesn't look to me like there's much more that's driver-specific
> in the .service files than there is in the .socket files, and we're
> generating the latter from a single template.

I have a downstream patch that adds

After=xencommons.service
Conflicts=xendomains.service

to libvirtd.service.in. IMO the patch needs to be improved before pushing 
upstream, e.g. conditionally adding those lines at build time when the xen 
driver is selected. With driver-specific service files we can trivially add 
those to virtxend.service.

Regards,
Jim


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [python PATCH v7] Add virDomainCheckpoint APIs

[Eric Blake]

On 4/3/19 4:49 AM, Daniel P. Berrangé wrote:
> On Wed, Mar 27, 2019 at 05:09:27AM -0500, Eric Blake wrote:
>> Copies heavily from existing virDomainSnapshot handling, regarding
>> what special cases the generator has to be taught and what overrides
>> need to be written.
>>
>> Signed-off-by: Eric Blake 
>> ---
>>
>> Python counterparts to my incremental backup patches. An earlier
>> version was already reviewed by Dan; the main diff here is the
>> addition of virDomainSnapshotCreateXML2 handling.

Now that 5.6.0 will have the virDomainCheckpoint API but not
virDomainSnapshotCreateXML2, I've reduced this patch down to the
portions still relevant and pushed.  When we later get around to
integrating snapshots and checkpoints, we'll tweak the python bindings
again at that time to cover any additional APIs.


> 
> Reviewed-by: Daniel P. Berrangé 
> 
> 
> Regards,
> Daniel
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] build: Fix checkpoint_conf on mingw

[Eric Blake]

CI flagged a failing mingw build, due to:
In file included from ../../src/conf/checkpoint_conf.c:24:
../gnulib/lib/configmake.h:8:17: error: expected identifier or '(' before 
string constant
8 | #define DATADIR "/usr/i686-w64-mingw32/sys-root/mingw/share"
  | ^~~~

As previously learned in commits bd205a90 and 976abdf6, gnulib's
configmake.h header does #define DATADIR "string...", while mingw's
 expects to declare a type named DATADIR. As long as the
mingw system header is included first before configmake.h, the two
uses do not conflict, but until gnulib is patched to make configmake.h
automatically work around the issue, our immediate fix is the
workaround of rearranging our include order to insure no conflict.
Copy the paradigm used in domain_conf.c of using  to trigger
the indirect inclusion of  on mingw.

Fixes: 1a4df34a
Signed-off-by: Eric Blake 
---

Pushing under the build-breaker rule

 src/conf/checkpoint_conf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/conf/checkpoint_conf.c b/src/conf/checkpoint_conf.c
index 5f4c275dd8..5ce4cc4853 100644
--- a/src/conf/checkpoint_conf.c
+++ b/src/conf/checkpoint_conf.c
@@ -21,6 +21,8 @@

 #include 

+#include 
+
 #include "configmake.h"
 #include "internal.h"
 #include "virbitmap.h"
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] util: Fix comment for virGetEnvAllowSUID()

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
Pushed as trivial.

 src/util/virutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virutil.c b/src/util/virutil.c
index 019009be8c..84ccc1a546 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -1738,7 +1738,7 @@ const char *virGetEnvBlockSUID(const char *name)
 
 
 /**
- * virGetEnvBlockSUID:
+ * virGetEnvAllowSUID:
  * @name: the environment variable name
  *
  * Obtain an environment variable which is safe to
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 48/48] remote: pass identity across to newly opened daemons

[Daniel P . Berrangé]

When opening a connection to a second driver inside the daemon, we must
ensure the identity of the current user is passed across. This allows
the second daemon to perform access control checks against the real end
users, instead of against the libvirt daemon that's proxying across the
API calls.

Signed-off-by: Daniel P. Berrangé 
---
 src/libvirt_remote.syms |   1 +
 src/remote/remote_daemon_dispatch.c | 110 +---
 src/remote/remote_driver.c  |   1 +
 src/remote/remote_protocol.x|  18 -
 src/remote_protocol-structs |   8 ++
 src/rpc/virnetserverclient.c|  12 +++
 src/rpc/virnetserverclient.h|   2 +
 7 files changed, 140 insertions(+), 12 deletions(-)

diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index 3307d74324..0493467f46 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -178,6 +178,7 @@ virNetServerClientSetAuthLocked;
 virNetServerClientSetAuthPendingLocked;
 virNetServerClientSetCloseHook;
 virNetServerClientSetDispatcher;
+virNetServerClientSetIdentity;
 virNetServerClientSetQuietEOF;
 virNetServerClientSetReadonly;
 virNetServerClientStartKeepAlive;
diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 9ef76daa55..f828b75f3b 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -51,6 +51,7 @@
 #include "virpolkit.h"
 #include "virthreadjob.h"
 #include "configmake.h"
+#include "access/viraccessapicheck.h"
 
 #define VIR_FROM_THIS VIR_FROM_RPC
 
@@ -1945,10 +1946,15 @@ static void remoteClientCloseFunc(virNetServerClientPtr 
client)
 static int
 remoteOpenConn(const char *uri,
bool readonly,
+   bool preserveIdentity,
virConnectPtr *conn)
 {
-VIR_DEBUG("Getting secondary uri=%s readonly=%d conn=%p",
-  NULLSTR(uri), readonly, conn);
+virTypedParameterPtr params = NULL;
+int nparams = 0;
+
+VIR_DEBUG("Getting secondary uri=%s readonly=%d preserveIdent=%d conn=%p",
+  NULLSTR(uri), readonly, preserveIdentity, conn);
+
 if (*conn)
 return 0;
 
@@ -1957,15 +1963,42 @@ remoteOpenConn(const char *uri,
 return -1;
 }
 
+if (preserveIdentity) {
+VIR_AUTOUNREF(virIdentityPtr) ident = NULL;
+
+if (!(ident = virIdentityGetCurrent()))
+return -1;
+
+if (virIdentityGetParameters(ident, , ) < 0)
+goto error;
+}
+
 VIR_DEBUG("Opening driver %s", uri);
 if (readonly)
 *conn = virConnectOpenReadOnly(uri);
 else
 *conn = virConnectOpen(uri);
 if (!*conn)
-return -1;
+goto error;
 VIR_DEBUG("Opened driver %p", *conn);
+
+if (preserveIdentity) {
+if (virConnectSetIdentity(*conn, params, nparams, 0) < 0)
+goto error;
+
+virTypedParamsFree(params, nparams);
+VIR_DEBUG("Forwarded current identity to secondary driver");
+}
+
 return 0;
+
+ error:
+virTypedParamsFree(params, nparams);
+if (*conn) {
+virConnectClose(*conn);
+*conn = NULL;
+}
+return -1;
 }
 
 
@@ -1992,6 +2025,7 @@ remoteGetInterfaceConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->interfaceURI,
priv->readonly,
+   true,
>interfaceConn) < 0)
 return NULL;
 
@@ -2007,6 +2041,7 @@ remoteGetNetworkConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->networkURI,
priv->readonly,
+   true,
>networkConn) < 0)
 return NULL;
 
@@ -2022,6 +2057,7 @@ remoteGetNodeDevConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->nodedevURI,
priv->readonly,
+   true,
>nodedevConn) < 0)
 return NULL;
 
@@ -2037,6 +2073,7 @@ remoteGetNWFilterConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->nwfilterURI,
priv->readonly,
+   true,
>nwfilterConn) < 0)
 return NULL;
 
@@ -2052,6 +2089,7 @@ remoteGetSecretConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->secretURI,
priv->readonly,
+   true,
>secretConn) < 0)
 return NULL;
 
@@ -2067,6 +2105,7 @@ remoteGetStorageConn(virNetServerClientPtr client)
 
 if (remoteOpenConn(priv->storageURI,
priv->readonly,
+   true,
>storageConn) < 0)
 return NULL;
 
@@ -2235,6 +2274,7 @@ remoteDispatchConnectOpen(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 #ifndef LIBVIRTD
 const char *type = NULL;
 #endif
+bool preserveIdentity = false;
 
 VIR_DEBUG("priv=%p conn=%p", priv, priv->conn);
 virMutexLock(>lock);
@@ -2264,14 +2304,16 

[libvirt] [PATCH v3 46/48] util: storage identity attrs as virTypedParameter internally

[Daniel P . Berrangé]

We'll shortly be exposing the identity as virTypedParameter in the
public header, so it simplifies life to use that as the internal
representation too.

Signed-off-by: Daniel P. Berrangé 
---
 src/libvirt_private.syms |   1 -
 src/util/viridentity.c   | 385 ++-
 src/util/viridentity.h   |   6 -
 tests/viridentitytest.c  |  62 +--
 4 files changed, 180 insertions(+), 274 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c7fb8c94e4..d42a939f5d 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2147,7 +2147,6 @@ virIdentityGetSASLUserName;
 virIdentityGetSELinuxContext;
 virIdentityGetSystem;
 virIdentityGetX509DName;
-virIdentityIsEqual;
 virIdentityNew;
 virIdentitySetCurrent;
 virIdentitySetOSGroupID;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index fe0c416bba..5324400650 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -41,24 +41,12 @@
 
 VIR_LOG_INIT("util.identity");
 
-typedef enum {
-  VIR_IDENTITY_ATTR_OS_USER_NAME,
-  VIR_IDENTITY_ATTR_OS_USER_ID,
-  VIR_IDENTITY_ATTR_OS_GROUP_NAME,
-  VIR_IDENTITY_ATTR_OS_GROUP_ID,
-  VIR_IDENTITY_ATTR_OS_PROCESS_ID,
-  VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
-  VIR_IDENTITY_ATTR_SASL_USER_NAME,
-  VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
-  VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
-
-  VIR_IDENTITY_ATTR_LAST,
-} virIdentityAttrType;
-
 struct _virIdentity {
 virObject parent;
 
-char *attrs[VIR_IDENTITY_ATTR_LAST];
+int nparams;
+int maxparams;
+virTypedParameterPtr params;
 };
 
 static virClassPtr virIdentityClass;
@@ -188,6 +176,7 @@ virIdentityPtr virIdentityGetSystem(void)
  _("Unable to lookup SELinux process 
context"));
 return ret;
 }
+VIR_DEBUG("Set con %s", con);
 if (virIdentitySetSELinuxContext(ret, con) < 0) {
 freecon(con);
 goto error;
@@ -229,131 +218,38 @@ virIdentityPtr virIdentityNew(void)
 static void virIdentityDispose(void *object)
 {
 virIdentityPtr ident = object;
-size_t i;
 
-for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++)
-VIR_FREE(ident->attrs[i]);
-}
-
-
-/**
- * virIdentitySetAttr:
- * @ident: the identity to modify
- * @attr: the attribute type to set
- * @value: the identifying value to associate with @attr
- *
- * Sets an identifying attribute @attr on @ident. Each
- * @attr type can only be set once.
- *
- * Returns: 0 on success, or -1 on error
- */
-static int
-virIdentitySetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char *value)
-{
-int ret = -1;
-VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value);
-
-if (ident->attrs[attr]) {
-virReportError(VIR_ERR_OPERATION_DENIED, "%s",
-   _("Identity attribute is already set"));
-goto cleanup;
-}
-
-if (VIR_STRDUP(ident->attrs[attr], value) < 0)
-goto cleanup;
-
-ret = 0;
-
- cleanup:
-return ret;
-}
-
-
-/**
- * virIdentityGetAttr:
- * @ident: the identity to query
- * @attr: the attribute to read
- * @value: filled with the attribute value
- *
- * Fills @value with a pointer to the value associated
- * with the identifying attribute @attr in @ident. If
- * @attr is not set, then it will simply be initialized
- * to NULL and considered as a successful read
- *
- * Returns 0 on success, -1 on error
- */
-static int
-virIdentityGetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char **value)
-{
-VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value);
-
-*value = ident->attrs[attr];
-
-return 0;
-}
-
-
-/**
- * virIdentityIsEqual:
- * @identA: the first identity
- * @identB: the second identity
- *
- * Compares every attribute in @identA and @identB
- * to determine if they refer to the same identity
- *
- * Returns true if they are equal, false if not equal
- */
-bool virIdentityIsEqual(virIdentityPtr identA,
-virIdentityPtr identB)
-{
-bool ret = false;
-size_t i;
-VIR_DEBUG("identA=%p identB=%p", identA, identB);
-
-for (i = 0; i < VIR_IDENTITY_ATTR_LAST; i++) {
-if (STRNEQ_NULLABLE(identA->attrs[i],
-identB->attrs[i]))
-goto cleanup;
-}
-
-ret = true;
- cleanup:
-return ret;
+virTypedParamsFree(ident->params, ident->nparams);
 }
 
 
 int virIdentityGetOSUserName(virIdentityPtr ident,
  const char **username)
 {
-return virIdentityGetAttr(ident,
-  VIR_IDENTITY_ATTR_OS_USER_NAME,
-  username);
+return virTypedParamsGetString(ident->params,
+   ident->nparams,
+   VIR_CONNECT_IDENTITY_OS_USER_NAME,
+   username);
 }
 

[libvirt] [PATCH v3 43/48] api: introduce virConnectSetIdentity for pasing uid, gid, selinux info

[Daniel P . Berrangé]

When using the fine grained access control mechanism for APIs, when a
client connects to libvirtd, it will fetch the uid, gid, selinux
info of the remote client on the UNIX domain socket. This is then used
as the identity when checking ACLs.

With the new split daemons things are a bit more complicated. The user
can connect to virtproxyd, which in turn connects to virtqemud. When
virtqemud requests the identity over the UNIX domain socket, it will
get the identity that the virtproxyd is running as, not the identity of
the real end user/application.

virproxyd knows what the real identity is, and needs to be able to
forward this information to virtqemud. The virConnectSetIdentity API
provides a mechanism for doing this. Obviously virtqemud should not
accept such identity overrides from any client, it must only honour it
from a trusted client, aka one running as the same uid/gid as itself.

The typed parameters exposed in the API are the same as those currently
supported by the internal virIdentity class.

Signed-off-by: Daniel P. Berrangé 
---
 include/libvirt/libvirt-host.h | 75 ++
 src/driver-hypervisor.h|  7 
 src/libvirt-host.c | 51 +++
 src/libvirt_public.syms|  1 +
 4 files changed, 134 insertions(+)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 7debb5f829..8ea3531750 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -579,6 +579,81 @@ virConnectPtr   virConnectOpenAuth  (const 
char *name,
  unsigned int flags);
 int virConnectRef   (virConnectPtr conn);
 int virConnectClose (virConnectPtr conn);
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_USER_NAME:
+ *
+ * The operating system user name as VIR_TYPED_PARAM_STRING
+ */
+# define VIR_CONNECT_IDENTITY_OS_USER_NAME "os-user-name"
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_USER_ID:
+ *
+ * The operating system user ID as VIR_TYPED_PARAM_ULLONG
+ */
+# define VIR_CONNECT_IDENTITY_OS_USER_ID "os-user-id"
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_GROUP_NAME:
+ *
+ * The operating system user ID as VIR_TYPED_PARAM_STRING
+ */
+# define VIR_CONNECT_IDENTITY_OS_GROUP_NAME "os-group-name"
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_GROUP_ID:
+ *
+ * The operating system user ID as VIR_TYPED_PARAM_ULLONG
+ */
+# define VIR_CONNECT_IDENTITY_OS_GROUP_ID "os-group-id"
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_PROCESS_ID:
+ *
+ * The operating system user ID as VIR_TYPED_PARAM_LLONG
+ */
+# define VIR_CONNECT_IDENTITY_OS_PROCESS_ID "os-process-id"
+
+/**
+ * VIR_CONNECT_IDENTITY_OS_PROCESS_TIME:
+ *
+ * The operating system process start time as VIR_TYPED_PARAM_ULLONG
+ *
+ * The units the time is measured in vary according to the
+ * host operating system. On Linux this is usually clock
+ * ticks (as reported in /proc/$PID/stat field 22).
+ */
+# define VIR_CONNECT_IDENTITY_OS_PROCESS_TIME "os-process-time"
+
+/**
+ * VIR_CONNECT_IDENTITY_SASL_USER_NAME:
+ *
+ * The SASL authenticated username as VIR_TYPED_PARAM_STRING
+ */
+# define VIR_CONNECT_IDENTITY_SASL_USER_NAME "sasl-user-name"
+
+/**
+ * VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME:
+ *
+ * The TLS x509 certificate distinguished named as VIR_TYPED_PARAM_STRING
+ */
+# define VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME "x509-distinguished-name"
+
+/**
+ * VIR_CONNECT_IDENTITY_SELINUX_CONTEXT:
+ *
+ * The application's SELinux context as VIR_TYPED_PARAM_STRING
+ *
+ */
+# define VIR_CONNECT_IDENTITY_SELINUX_CONTEXT "selinux-context"
+
+
+int virConnectSetIdentity   (virConnectPtr conn,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags);
+
 const char *virConnectGetType   (virConnectPtr conn);
 int virConnectGetVersion(virConnectPtr conn,
  unsigned long *hvVer);
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index c1632ae4c6..f1bc355b65 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -36,6 +36,12 @@ typedef virDrvOpenStatus
 typedef int
 (*virDrvConnectClose)(virConnectPtr conn);
 
+typedef int
+(*virDrvConnectSetIdentity)(virConnectPtr conn,
+virTypedParameterPtr params,
+int nparams,
+unsigned int flags);
+
 typedef int
 (*virDrvConnectSupportsFeature)(virConnectPtr conn,
 int feature);
@@ -1378,6 +1384,7 @@ struct _virHypervisorDriver {
 virDrvConnectURIProbe connectURIProbe;
 virDrvConnectOpen connectOpen;
 virDrvConnectClose connectClose;
+virDrvConnectSetIdentity connectSetIdentity;
 virDrvConnectSupportsFeature connectSupportsFeature;

[libvirt] [PATCH v3 45/48] util: make generic identity accessors private

[Daniel P . Berrangé]

Only expose the type safe getters/setters to other code in preparation
for changing the internal storage of data.

Signed-off-by: Daniel P. Berrangé 
---
 src/libvirt_private.syms   |  2 --
 src/util/viridentity.c | 28 -
 src/util/viridentity.h | 25 ---
 tests/viridentitytest.c| 45 +-
 tests/virnetserverclienttest.c | 45 +++---
 5 files changed, 54 insertions(+), 91 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index ac357583e4..c7fb8c94e4 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2136,7 +2136,6 @@ virHostMemSetParameters;
 
 
 # util/viridentity.h
-virIdentityGetAttr;
 virIdentityGetCurrent;
 virIdentityGetOSGroupID;
 virIdentityGetOSGroupName;
@@ -2150,7 +2149,6 @@ virIdentityGetSystem;
 virIdentityGetX509DName;
 virIdentityIsEqual;
 virIdentityNew;
-virIdentitySetAttr;
 virIdentitySetCurrent;
 virIdentitySetOSGroupID;
 virIdentitySetOSGroupName;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 2c6c0ee91f..fe0c416bba 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -41,6 +41,20 @@
 
 VIR_LOG_INIT("util.identity");
 
+typedef enum {
+  VIR_IDENTITY_ATTR_OS_USER_NAME,
+  VIR_IDENTITY_ATTR_OS_USER_ID,
+  VIR_IDENTITY_ATTR_OS_GROUP_NAME,
+  VIR_IDENTITY_ATTR_OS_GROUP_ID,
+  VIR_IDENTITY_ATTR_OS_PROCESS_ID,
+  VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
+  VIR_IDENTITY_ATTR_SASL_USER_NAME,
+  VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
+  VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
+
+  VIR_IDENTITY_ATTR_LAST,
+} virIdentityAttrType;
+
 struct _virIdentity {
 virObject parent;
 
@@ -233,9 +247,10 @@ static void virIdentityDispose(void *object)
  *
  * Returns: 0 on success, or -1 on error
  */
-int virIdentitySetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char *value)
+static int
+virIdentitySetAttr(virIdentityPtr ident,
+   unsigned int attr,
+   const char *value)
 {
 int ret = -1;
 VIR_DEBUG("ident=%p attribute=%u value=%s", ident, attr, value);
@@ -269,9 +284,10 @@ int virIdentitySetAttr(virIdentityPtr ident,
  *
  * Returns 0 on success, -1 on error
  */
-int virIdentityGetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char **value)
+static int
+virIdentityGetAttr(virIdentityPtr ident,
+   unsigned int attr,
+   const char **value)
 {
 VIR_DEBUG("ident=%p attribute=%d value=%p", ident, attr, value);
 
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 4b87506373..0925b740d9 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -26,20 +26,6 @@
 typedef struct _virIdentity virIdentity;
 typedef virIdentity *virIdentityPtr;
 
-typedef enum {
-  VIR_IDENTITY_ATTR_OS_USER_NAME,
-  VIR_IDENTITY_ATTR_OS_USER_ID,
-  VIR_IDENTITY_ATTR_OS_GROUP_NAME,
-  VIR_IDENTITY_ATTR_OS_GROUP_ID,
-  VIR_IDENTITY_ATTR_OS_PROCESS_ID,
-  VIR_IDENTITY_ATTR_OS_PROCESS_TIME,
-  VIR_IDENTITY_ATTR_SASL_USER_NAME,
-  VIR_IDENTITY_ATTR_X509_DISTINGUISHED_NAME,
-  VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
-
-  VIR_IDENTITY_ATTR_LAST,
-} virIdentityAttrType;
-
 virIdentityPtr virIdentityGetCurrent(void);
 int virIdentitySetCurrent(virIdentityPtr ident);
 
@@ -47,17 +33,6 @@ virIdentityPtr virIdentityGetSystem(void);
 
 virIdentityPtr virIdentityNew(void);
 
-int virIdentitySetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char *value)
-ATTRIBUTE_NONNULL(1)
-ATTRIBUTE_NONNULL(3);
-
-int virIdentityGetAttr(virIdentityPtr ident,
-   unsigned int attr,
-   const char **value)
-ATTRIBUTE_NONNULL(1)
-ATTRIBUTE_NONNULL(3);
 
 bool virIdentityIsEqual(virIdentityPtr identA,
 virIdentityPtr identB)
diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index 64b511c272..e57b68ec43 100644
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -45,14 +45,11 @@ static int testIdentityAttrs(const void *data 
ATTRIBUTE_UNUSED)
 if (!(ident = virIdentityNew()))
 goto cleanup;
 
-if (virIdentitySetAttr(ident,
-   VIR_IDENTITY_ATTR_OS_USER_NAME,
-   "fred") < 0)
+if (virIdentitySetOSUserName(ident, "fred") < 0)
 goto cleanup;
 
-if (virIdentityGetAttr(ident,
-   VIR_IDENTITY_ATTR_OS_USER_NAME,
-   ) < 0)
+if (virIdentityGetOSUserName(ident,
+ ) < 0)
 goto cleanup;
 
 if (STRNEQ_NULLABLE(val, "fred")) {
@@ -60,9 +57,7 @@ static int testIdentityAttrs(const void *data 
ATTRIBUTE_UNUSED)
 goto cleanup;
 }
 
-if 

[libvirt] [PATCH v3 47/48] util: allow identity to be imported/exported as typed parameters

[Daniel P . Berrangé]

Add ability to import/export all the parameters associated with an
identity, so that they can be exposed via the public API.

Signed-off-by: Daniel P. Berrangé 
---
 src/libvirt_private.syms |  2 ++
 src/util/viridentity.c   | 54 
 src/util/viridentity.h   |  8 ++
 3 files changed, 64 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d42a939f5d..a33b84efe0 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2143,6 +2143,7 @@ virIdentityGetOSProcessID;
 virIdentityGetOSProcessTime;
 virIdentityGetOSUserID;
 virIdentityGetOSUserName;
+virIdentityGetParameters;
 virIdentityGetSASLUserName;
 virIdentityGetSELinuxContext;
 virIdentityGetSystem;
@@ -2155,6 +2156,7 @@ virIdentitySetOSProcessID;
 virIdentitySetOSProcessTime;
 virIdentitySetOSUserID;
 virIdentitySetOSUserName;
+virIdentitySetParameters;
 virIdentitySetSASLUserName;
 virIdentitySetSELinuxContext;
 virIdentitySetX509DName;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 5324400650..461e41ec3d 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -36,6 +36,7 @@
 #include "virutil.h"
 #include "virstring.h"
 #include "virprocess.h"
+#include "virtypedparam.h"
 
 #define VIR_FROM_THIS VIR_FROM_IDENTITY
 
@@ -532,3 +533,56 @@ int virIdentitySetSELinuxContext(virIdentityPtr ident,
VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
context);
 }
+
+
+int virIdentitySetParameters(virIdentityPtr ident,
+ virTypedParameterPtr params,
+ int nparams)
+{
+if (virTypedParamsValidate(params, nparams,
+   VIR_CONNECT_IDENTITY_OS_USER_NAME,
+   VIR_TYPED_PARAM_STRING,
+   VIR_CONNECT_IDENTITY_OS_USER_ID,
+   VIR_TYPED_PARAM_ULLONG,
+   VIR_CONNECT_IDENTITY_OS_GROUP_NAME,
+   VIR_TYPED_PARAM_STRING,
+   VIR_CONNECT_IDENTITY_OS_GROUP_ID,
+   VIR_TYPED_PARAM_ULLONG,
+   VIR_CONNECT_IDENTITY_OS_PROCESS_ID,
+   VIR_TYPED_PARAM_LLONG,
+   VIR_CONNECT_IDENTITY_OS_PROCESS_TIME,
+   VIR_TYPED_PARAM_ULLONG,
+   VIR_CONNECT_IDENTITY_SASL_USER_NAME,
+   VIR_TYPED_PARAM_STRING,
+   VIR_CONNECT_IDENTITY_X509_DISTINGUISHED_NAME,
+   VIR_TYPED_PARAM_STRING,
+   VIR_CONNECT_IDENTITY_SELINUX_CONTEXT,
+   VIR_TYPED_PARAM_STRING,
+   NULL) < 0)
+return -1;
+
+virTypedParamsFree(ident->params, ident->nparams);
+ident->params = NULL;
+ident->nparams = 0;
+if (virTypedParamsCopy(>params, params, nparams) < 0)
+return -1;
+ident->nparams = nparams;
+
+return 0;
+}
+
+
+int virIdentityGetParameters(virIdentityPtr ident,
+ virTypedParameterPtr *params,
+ int *nparams)
+{
+*params = NULL;
+*nparams = 0;
+
+if (virTypedParamsCopy(params, ident->params, ident->nparams) < 0)
+return -1;
+
+*nparams = ident->nparams;
+
+return 0;
+}
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 6dc0393810..edb838cf17 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -71,3 +71,11 @@ int virIdentitySetX509DName(virIdentityPtr ident,
 const char *dname);
 int virIdentitySetSELinuxContext(virIdentityPtr ident,
  const char *context);
+
+int virIdentitySetParameters(virIdentityPtr ident,
+ virTypedParameterPtr params,
+ int nparams);
+
+int virIdentityGetParameters(virIdentityPtr ident,
+ virTypedParameterPtr *params,
+ int *nparams);
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 44/48] util: change identity class attribute names

[Daniel P . Berrangé]

Change the identity class attribute names with a "UNIX" tag to have a
more generic "OS" tag, since when we expose this in the public API we
want it to be more flexible for the future.

Signed-off-by: Daniel P. Berrangé 
---
 src/access/viraccessdriverpolkit.c | 12 ++---
 src/admin/admin_server.c   | 10 ++--
 src/libvirt_private.syms   | 24 -
 src/rpc/virnetserverclient.c   | 12 ++---
 src/util/viridentity.c | 84 +++---
 src/util/viridentity.h | 60 ++---
 tests/viridentitytest.c| 18 +++
 tests/virnetserverclienttest.c |  8 +--
 8 files changed, 114 insertions(+), 114 deletions(-)

diff --git a/src/access/viraccessdriverpolkit.c 
b/src/access/viraccessdriverpolkit.c
index b1473cd0a4..b98122d4a3 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -88,19 +88,19 @@ virAccessDriverPolkitGetCaller(const char *actionid,
 return -1;
 }
 
-if (virIdentityGetUNIXProcessID(identity, pid) < 0) {
+if (virIdentityGetOSProcessID(identity, pid) < 0) {
 virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-   _("No UNIX process ID available"));
+   _("No OS process ID available"));
 goto cleanup;
 }
-if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) {
+if (virIdentityGetOSProcessTime(identity, startTime) < 0) {
 virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-   _("No UNIX process start time available"));
+   _("No OS process start time available"));
 goto cleanup;
 }
-if (virIdentityGetUNIXUserID(identity, uid) < 0) {
+if (virIdentityGetOSUserID(identity, uid) < 0) {
 virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-   _("No UNIX caller UID available"));
+   _("No OS caller UID available"));
 goto cleanup;
 }
 
diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c
index f2a38f6dfa..b92eb2fdc6 100644
--- a/src/admin/admin_server.c
+++ b/src/admin/admin_server.c
@@ -257,29 +257,29 @@ adminClientGetInfo(virNetServerClientPtr client,
 pid_t pid;
 uid_t uid;
 gid_t gid;
-if (virIdentityGetUNIXUserID(identity, ) < 0 ||
+if (virIdentityGetOSUserID(identity, ) < 0 ||
 virTypedParamsAddInt(, nparams, ,
  VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0)
 goto cleanup;
 
-if (virIdentityGetUNIXUserName(identity, ) < 0 ||
+if (virIdentityGetOSUserName(identity, ) < 0 ||
 virTypedParamsAddString(, nparams, ,
 VIR_CLIENT_INFO_UNIX_USER_NAME,
 attr) < 0)
 goto cleanup;
 
-if (virIdentityGetUNIXGroupID(identity, ) < 0 ||
+if (virIdentityGetOSGroupID(identity, ) < 0 ||
 virTypedParamsAddInt(, nparams, ,
  VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0)
 goto cleanup;
 
-if (virIdentityGetUNIXGroupName(identity, ) < 0 ||
+if (virIdentityGetOSGroupName(identity, ) < 0 ||
 virTypedParamsAddString(, nparams, ,
 VIR_CLIENT_INFO_UNIX_GROUP_NAME,
 attr) < 0)
 goto cleanup;
 
-if (virIdentityGetUNIXProcessID(identity, ) < 0 ||
+if (virIdentityGetOSProcessID(identity, ) < 0 ||
 virTypedParamsAddInt(, nparams, ,
  VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0)
 goto cleanup;
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c323f679b3..ac357583e4 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2138,28 +2138,28 @@ virHostMemSetParameters;
 # util/viridentity.h
 virIdentityGetAttr;
 virIdentityGetCurrent;
+virIdentityGetOSGroupID;
+virIdentityGetOSGroupName;
+virIdentityGetOSProcessID;
+virIdentityGetOSProcessTime;
+virIdentityGetOSUserID;
+virIdentityGetOSUserName;
 virIdentityGetSASLUserName;
 virIdentityGetSELinuxContext;
 virIdentityGetSystem;
-virIdentityGetUNIXGroupID;
-virIdentityGetUNIXGroupName;
-virIdentityGetUNIXProcessID;
-virIdentityGetUNIXProcessTime;
-virIdentityGetUNIXUserID;
-virIdentityGetUNIXUserName;
 virIdentityGetX509DName;
 virIdentityIsEqual;
 virIdentityNew;
 virIdentitySetAttr;
 virIdentitySetCurrent;
+virIdentitySetOSGroupID;
+virIdentitySetOSGroupName;
+virIdentitySetOSProcessID;
+virIdentitySetOSProcessTime;
+virIdentitySetOSUserID;
+virIdentitySetOSUserName;
 virIdentitySetSASLUserName;
 virIdentitySetSELinuxContext;
-virIdentitySetUNIXGroupID;
-virIdentitySetUNIXGroupName;
-virIdentitySetUNIXProcessID;
-virIdentitySetUNIXProcessTime;
-virIdentitySetUNIXUserID;
-virIdentitySetUNIXUserName;
 virIdentitySetX509DName;
 
 
diff --git a/src/rpc/virnetserverclient.c 

[libvirt] [PATCH v3 31/48] bhyve: introduce virtbhyved daemon

[Daniel P . Berrangé]

The virtbhyved daemon will be responsible for providing the bhyve API
driver functionality. The bhyve driver is still loaded by the main
libvirtd daemon at this stage, so virtbhyved must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 
 src/bhyve/Makefile.inc.am | 38 ++
 2 files changed, 42 insertions(+)

diff --git a/.gitignore b/.gitignore
index a23828cce6..4e46adaa55 100644
--- a/.gitignore
+++ b/.gitignore
@@ -118,6 +118,9 @@
 /src/admin/admin_client.h
 /src/admin/admin_protocol.[ch]
 /src/admin/admin_server_dispatch_stubs.h
+/src/bhyve/test_virtbhyved.aug
+/src/bhyve/virtbhyved.aug
+/src/bhyve/virtbhyved.conf
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/interface/test_virtinterfaced.aug
@@ -199,6 +202,7 @@
 /src/vbox/virtvboxd.aug
 /src/vbox/virtvboxd.conf
 /src/virt-aa-helper
+/src/virtbhyved
 /src/virtinterfaced
 /src/virtxend
 /src/virtlockd
diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am
index 8b662e9775..210f04f240 100644
--- a/src/bhyve/Makefile.inc.am
+++ b/src/bhyve/Makefile.inc.am
@@ -47,6 +47,44 @@ libvirt_driver_bhyve_impl_la_CFLAGS = \
 libvirt_driver_bhyve_impl_la_LDFLAGS = $(AM_LDFLAGS)
 libvirt_driver_bhyve_impl_la_SOURCES = $(BHYVE_DRIVER_SOURCES)
 
+sbin_PROGRAMS += virtbhyved
+
+nodist_conf_DATA += bhyve/virtbhyved.conf
+augeas_DATA += bhyve/virtbhyved.aug
+augeastest_DATA += bhyve/test_virtbhyved.aug
+CLEANFILES += bhyve/virtbhyved.aug
+
+virtbhyved_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtbhyved_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtbhyved\"" \
+   -DMODULE_NAME="\"bhyve\"" \
+   $(NULL)
+virtbhyved_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtbhyved_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+bhyve/virtbhyved.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \
+   < $^ > $@
+
+bhyve/virtbhyved.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtbhyved/' \
+   $< > $@
+
+bhyve/test_virtbhyved.aug: remote/test_libvirtd.aug.in \
+   bhyve/virtbhyved.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) bhyve/virtbhyved.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtbhyved/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtbhyved/' \
+   > $@ || rm -f $@
+
 conf_DATA += bhyve/bhyve.conf
 augeas_DATA += bhyve/libvirtd_bhyve.aug
 augeastest_DATA += bhyve/test_libvirtd_bhyve.aug
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 39/48] remote: handle autoprobing of driver within virtproxyd

[Daniel P . Berrangé]

The virtproxyd daemon is merely responsible for forwarding RPC calls to
one of the other per-driver daemons. As such, it does not have any
drivers loaded and so regular auto-probing logic will not work. We need
it to be able to handle NULL URIs though, so must implement some kind of
alternative probing logic.

When running as root this is quite crude. If a per-driver daemon is
running, its UNIX socket will exist and we can assume it will accept
connections. If the per-driver daemon is not running, but socket
autostart is enabled, we again just assume it will accept connections.

The is not great, however, because a default install may well have
all sockets available for activation. IOW, the virtxend socket may
exist, despite the fact that the libxl driver will not actually work.

When running as non-root this is slightly easier as we only have two
drivers, QEMU and VirtualBox. These daemons will likely not be running
and socket activation won't be used either, as libvirt spawns the
daemon on demand. So we just check whether the daemon actually is
installed.

Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am  |   1 +
 src/remote/remote_daemon_dispatch.c | 137 
 2 files changed, 138 insertions(+)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 344f19311a..d100922a8d 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -235,6 +235,7 @@ virtproxyd_CFLAGS = \
-DSOCK_PREFIX="\"libvirt\"" \
-DDAEMON_NAME="\"virtproxyd\"" \
-DENABLE_IP \
+   -DVIRTPROXYD \
$(NULL)
 virtproxyd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
 virtproxyd_LDADD = $(REMOTE_DAEMON_LD_ADD)
diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 8c11bb3f6c..9ef76daa55 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -50,6 +50,7 @@
 #include "viraccessapicheckqemu.h"
 #include "virpolkit.h"
 #include "virthreadjob.h"
+#include "configmake.h"
 
 #define VIR_FROM_THIS VIR_FROM_RPC
 
@@ -2093,6 +2094,130 @@ void *remoteClientNew(virNetServerClientPtr client,
 
 /*- Functions. -*/
 
+#ifdef VIRTPROXYD
+/*
+ * When running in virtproxyd regular auto-probing of drivers
+ * does not work as we don't have any drivers present (except
+ * stateless ones inside libvirt.so). All the interesting
+ * drivers are in separate daemons. Thus when we get a NULL
+ * URI we need to simulate probing that virConnectOpen would
+ * previously do. We use the existance of the UNIX domain
+ * socket as our hook for probing.
+ *
+ * This assumes no stale sockets left over from a now dead
+ * daemon, but that's reasonable since libvirtd unlinks
+ * sockets it creates on shutdown, or uses systemd activation
+ *
+ * We only try to probe for primary hypervisor drivers,
+ * not the secondary drivers.
+ */
+static int
+remoteDispatchProbeURI(bool readonly, char **probeduri)
+{
+*probeduri = NULL;
+VIR_DEBUG("Probing for driver daemon sockets");
+
+/*
+ * If running root, either the daemon is running and the socket
+ * exists, or we're using socket activation so the socket exists
+ * too.
+ *
+ * If running non-root, chances are that the daemon won't be
+ * running, nor any socket activation is used. We need to
+ * be able to auto-spawn the daemon. We thus just check to
+ * see what daemons are installed. This is not a big deal as
+ * only QEMU & VBox run as non-root, anyway.
+ */
+if (geteuid() != 0) {
+/* Order these the same as virDriverLoadModule
+ * calls in daemonInitialize */
+const char *drivers[] = {
+# ifdef WITH_QEMU
+"qemu",
+# endif
+# ifdef WITH_VBOX
+"vbox",
+# endif
+};
+size_t i;
+
+for (i = 0; i < ARRAY_CARDINALITY(drivers) && !*probeduri; i++) {
+VIR_AUTOFREE(char *) daemonname = NULL;
+VIR_AUTOFREE(char *) daemonpath = NULL;
+
+if (virAsprintf(, "virt%sd", drivers[i]) < 0)
+return -1;
+
+if (!(daemonpath = virFileFindResource(daemonname, "src", 
SBINDIR)))
+return -1;
+
+if (!virFileExists(daemonpath)) {
+VIR_DEBUG("Missing daemon %s for driver %s", daemonpath, 
drivers[i]);
+continue;
+}
+
+if (virAsprintf(probeduri, "%s:///session", drivers[i]) < 0)
+return -1;
+
+VIR_DEBUG("Probed URI %s via daemon %s", *probeduri, daemonpath);
+return 0;
+}
+} else {
+/* Order these the same as virDriverLoadModule
+ * calls in daemonInitialize */
+const char *drivers[] = {
+# ifdef WITH_LIBXL
+"libxl",
+# endif
+# ifdef WITH_QEMU
+"qemu",
+# endif
+# ifdef WITH_LXC
+"lxc",
+# endif
+# ifdef WITH_VBOX
+"vbox",
+# endif
+# ifdef WITH_BHYVE
+"bhyve",

[libvirt] [PATCH v3 33/48] admin: add ability to connect to the per-driver daemon sockets

[Daniel P . Berrangé]

The admin client now supports addressing the per-driver daemons using
the obvious URI schemes for each daemon. eg virtqemud:///system
virtqemud:///session, etc.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/libvirt-admin.c | 32 +++-
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c
index 74dedf64d8..fa077d5a46 100644
--- a/src/libvirt-admin.c
+++ b/src/libvirt-admin.c
@@ -36,10 +36,6 @@
 
 #define VIR_FROM_THIS VIR_FROM_ADMIN
 
-#define LIBVIRTD_ADMIN_SOCK_NAME "libvirt-admin-sock"
-#define VIRTLOGD_ADMIN_SOCK_NAME "virtlogd-admin-sock"
-#define VIRTLOCKD_ADMIN_SOCK_NAME "virtlockd-admin-sock"
-
 
 VIR_LOG_INIT("libvirt-admin");
 
@@ -127,27 +123,29 @@ getSocketPath(virURIPtr uri)
 }
 
 if (!sock_path) {
-const char *sockbase = NULL;
-if (STREQ_NULLABLE(uri->scheme, "libvirtd")) {
-sockbase = LIBVIRTD_ADMIN_SOCK_NAME;
-} else if (STREQ_NULLABLE(uri->scheme, "virtlogd")) {
-sockbase = VIRTLOGD_ADMIN_SOCK_NAME;
-} else if (STREQ_NULLABLE(uri->scheme, "virtlockd")) {
-sockbase = VIRTLOCKD_ADMIN_SOCK_NAME;
-} else {
+bool legacy = false;
+if (!uri->scheme) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   "%s", _("No URI scheme specified"));
+goto error;
+}
+if (STREQ(uri->scheme, "libvirtd")) {
+legacy = true;
+} else if (!STRPREFIX(uri->scheme, "virt")) {
 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unsupported URI scheme '%s'"),
-   NULLSTR(uri->scheme));
+   uri->scheme);
 goto error;
 }
 
 if (STREQ_NULLABLE(uri->path, "/system")) {
-if (virAsprintf(_path, LOCALSTATEDIR "/run/libvirt/%s",
-sockbase) < 0)
+if (virAsprintf(_path, "%s/run/libvirt/%s-admin-sock",
+LOCALSTATEDIR,
+legacy ? "libvirt" : uri->scheme) < 0)
 goto error;
 } else if (STREQ_NULLABLE(uri->path, "/session")) {
-if (!rundir || virAsprintf(_path, "%s/%s", rundir,
-   sockbase) < 0)
+if (!rundir || virAsprintf(_path, "%s/%s-admin-sock", rundir,
+   legacy ? "libvirt" : uri->scheme) < 0)
 goto error;
 } else {
 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 41/48] remote: refactor the code for choosing the UNIX socket path

[Daniel P . Berrangé]

The ssh, libssh, libssh2 & unix transports all need to use a UNIX socket
path, and duplicate some of the same logic for error checking. Pull this
out into a separate method to increase code sharing.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_driver.c | 123 +++--
 1 file changed, 48 insertions(+), 75 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 706d9e6e14..e647a77f41 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -747,34 +747,35 @@ remoteConnectSupportsFeatureUnlocked(virConnectPtr conn,
 }
 
 
-#ifndef WIN32
-static char *remoteGetUNIXSocketNonRoot(void)
+static char *
+remoteGetUNIXSocket(remoteDriverTransport transport,
+unsigned int flags)
 {
 char *sockname = NULL;
-char *userdir = virGetUserRuntimeDirectory();
-
-if (!userdir)
-return NULL;
+VIR_AUTOFREE(char *) userdir = NULL;
+
+if (flags & VIR_DRV_OPEN_REMOTE_USER) {
+if (transport != REMOTE_DRIVER_TRANSPORT_UNIX) {
+virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
+   _("Connecting to session instance without "
+ "socket path is not supported by the %s "
+ "transport"),
+   remoteDriverTransportTypeToString(transport));
+return NULL;
+}
+if (!(userdir = virGetUserRuntimeDirectory()))
+return NULL;
 
-if (virAsprintf(, "%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0) {
-VIR_FREE(userdir);
-return NULL;
+if (virAsprintf(,
+"%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0)
+return NULL;
+} else {
+if (VIR_STRDUP(sockname,
+   flags & VIR_DRV_OPEN_REMOTE_RO ?
+   LIBVIRTD_PRIV_UNIX_SOCKET_RO :
+   LIBVIRTD_PRIV_UNIX_SOCKET) < 0)
+return NULL;
 }
-VIR_FREE(userdir);
-
-VIR_DEBUG("Chosen UNIX sockname %s", sockname);
-return sockname;
-}
-#endif /* WIN32 */
-
-static char *remoteGetUNIXSocketRoot(unsigned int flags)
-{
-char *sockname = NULL;
-
-if (VIR_STRDUP(sockname,
-   flags & VIR_DRV_OPEN_REMOTE_RO ?
-   LIBVIRTD_PRIV_UNIX_SOCKET_RO : LIBVIRTD_PRIV_UNIX_SOCKET) < 
0)
-return NULL;
 
 VIR_DEBUG("Chosen UNIX sockname %s", sockname);
 return sockname;
@@ -976,6 +977,29 @@ doRemoteOpen(virConnectPtr conn,
 }
 
 VIR_DEBUG("Connecting with transport %d", transport);
+
+switch ((remoteDriverTransport)transport) {
+case REMOTE_DRIVER_TRANSPORT_UNIX:
+case REMOTE_DRIVER_TRANSPORT_SSH:
+case REMOTE_DRIVER_TRANSPORT_LIBSSH:
+case REMOTE_DRIVER_TRANSPORT_LIBSSH2:
+if (!sockname &&
+!(sockname = remoteGetUNIXSocket(transport, flags)))
+goto failed;
+
+case REMOTE_DRIVER_TRANSPORT_TCP:
+case REMOTE_DRIVER_TRANSPORT_TLS:
+case REMOTE_DRIVER_TRANSPORT_EXT:
+break;
+
+case REMOTE_DRIVER_TRANSPORT_LAST:
+default:
+virReportEnumRangeError(remoteDriverTransport, transport);
+goto failed;
+}
+
+VIR_DEBUG("Chosen UNIX socket %s", NULLSTR(sockname));
+
 /* Connect to the remote service. */
 switch ((remoteDriverTransport)transport) {
 case REMOTE_DRIVER_TRANSPORT_TLS:
@@ -1017,20 +1041,6 @@ doRemoteOpen(virConnectPtr conn,
 break;
 
 case REMOTE_DRIVER_TRANSPORT_LIBSSH2:
-if (!sockname) {
-/* Right now we don't support default session connections */
-if (flags & VIR_DRV_OPEN_REMOTE_USER) {
-virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-   _("Connecting to session instance without "
- "socket path is not supported by the libssh2 "
- "connection driver"));
-goto failed;
-}
-
-if (!(sockname = remoteGetUNIXSocketRoot(flags)))
-goto failed;
-}
-
 VIR_DEBUG("Starting LibSSH2 session");
 
 priv->client = virNetClientNewLibSSH2(priv->hostname,
@@ -1052,20 +1062,6 @@ doRemoteOpen(virConnectPtr conn,
 break;
 
 case REMOTE_DRIVER_TRANSPORT_LIBSSH:
-if (!sockname) {
-/* Right now we don't support default session connections */
-if (flags & VIR_DRV_OPEN_REMOTE_USER) {
-virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-   _("Connecting to session instance without "
- "socket path is not supported by the libssh "
- "connection driver"));
-goto failed;
-}
-
-if (!(sockname = remoteGetUNIXSocketRoot(flags)))
-goto failed;
-}
-
 

[libvirt] [PATCH v3 35/48] remote: change generated methods to not directly access connection

[Daniel P . Berrangé]

The driver dispatch methods access the priv->conn variables directly.
In future we want to dynamically open the connections for the secondary
driver. Thus we want the methods to call a method to get the connection
handle instead of assuming the private variable is non-NULL.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/admin/admin_server_dispatch.c   |   9 +++
 src/remote/remote_daemon_dispatch.c | 121 
 src/rpc/gendispatch.pl  |  96 --
 3 files changed, 183 insertions(+), 43 deletions(-)

diff --git a/src/admin/admin_server_dispatch.c 
b/src/admin/admin_server_dispatch.c
index 6e3b99f97d..1973664488 100644
--- a/src/admin/admin_server_dispatch.c
+++ b/src/admin/admin_server_dispatch.c
@@ -206,6 +206,15 @@ adminConnectGetLibVersion(virNetDaemonPtr dmn 
ATTRIBUTE_UNUSED,
 return 0;
 }
 
+static virNetDaemonPtr
+adminGetConn(virNetServerClientPtr client)
+{
+struct daemonAdmClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+return priv->dmn;
+}
+
 static int
 adminDispatchServerGetThreadpoolParameters(virNetServerPtr server 
ATTRIBUTE_UNUSED,
virNetServerClientPtr client,
diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 0145279d72..90103f5093 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -112,6 +112,22 @@ remoteSerializeDomainDiskErrors(virDomainDiskErrorPtr 
errors,
 remote_domain_disk_error **ret_errors_val,
 u_int *ret_errors_len);
 
+static virConnectPtr
+remoteGetHypervisorConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetInterfaceConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetNetworkConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetNodeDevConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetNWFilterConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetSecretConn(virNetServerClientPtr client);
+static virConnectPtr
+remoteGetStorageConn(virNetServerClientPtr client);
+
+
 #include "remote_daemon_dispatch_stubs.h"
 #include "remote_daemon_dispatch_qemu_stubs.h"
 #include "remote_daemon_dispatch_lxc_stubs.h"
@@ -1925,6 +1941,111 @@ static void remoteClientCloseFunc(virNetServerClientPtr 
client)
 }
 
 
+static virConnectPtr
+remoteGetHypervisorConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->conn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->conn;
+}
+
+
+static virConnectPtr
+remoteGetInterfaceConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->interfaceConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->interfaceConn;
+}
+
+
+static virConnectPtr
+remoteGetNetworkConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->networkConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->networkConn;
+}
+
+
+static virConnectPtr
+remoteGetNodeDevConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->nodedevConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->nodedevConn;
+}
+
+
+static virConnectPtr
+remoteGetNWFilterConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->nwfilterConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->nwfilterConn;
+}
+
+
+static virConnectPtr
+remoteGetSecretConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->secretConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->secretConn;
+}
+
+
+static virConnectPtr
+remoteGetStorageConn(virNetServerClientPtr client)
+{
+struct daemonClientPrivate *priv =
+virNetServerClientGetPrivateData(client);
+
+if (!priv->storageConn) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+return NULL;
+}
+
+return priv->storageConn;
+}
+
+
 void 

[libvirt] [PATCH v3 38/48] remote: open secondary drivers via remote driver if needed

[Daniel P . Berrangé]

When the client has a connection to one of the hypervisor specific
daemons (eg virtqemud), the app may still expect to use the secondary
driver APIs (storage, network, etc). None of these will be registered in
the hypervisor daemon, so we must explicitly open a connection to each
of the daemons for the secondary drivers we need.

We don't want to open these secondary driver connections at the same
time as the primary connection is opened though. That would mean that
establishing a connection to virtqemud would immediately trigger
activation of virtnetworkd, virnwfilterd, etc despite that that these
drivers may never be used by the app.

Thus we only open the secondary driver connections at time of first use
by an API call.

Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon.h  |  13 +++
 src/remote/remote_daemon_dispatch.c | 162 ++--
 2 files changed, 145 insertions(+), 30 deletions(-)

diff --git a/src/remote/remote_daemon.h b/src/remote/remote_daemon.h
index a403d2593a..a2d9af4036 100644
--- a/src/remote/remote_daemon.h
+++ b/src/remote/remote_daemon.h
@@ -70,12 +70,25 @@ struct daemonClientPrivate {
  * called, it will be set back to NULL if that succeeds.
  */
 virConnectPtr conn;
+
+/* These secondary drivers may point back to 'conn'
+ * in the monolithic daemon setups. Otherwise they
+ * can be NULL and opened on first use, pointing
+ * to remote driver use of an external daemon
+ */
 virConnectPtr interfaceConn;
+const char *interfaceURI;
 virConnectPtr networkConn;
+const char *networkURI;
 virConnectPtr nodedevConn;
+const char *nodedevURI;
 virConnectPtr nwfilterConn;
+const char *nwfilterURI;
 virConnectPtr secretConn;
+const char *secretURI;
 virConnectPtr storageConn;
+const char *storageURI;
+bool readonly;
 
 daemonClientStreamPtr streams;
 };
diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 5609eb4caf..8c11bb3f6c 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -1941,6 +1941,33 @@ static void remoteClientCloseFunc(virNetServerClientPtr 
client)
 }
 
 
+static int
+remoteOpenConn(const char *uri,
+   bool readonly,
+   virConnectPtr *conn)
+{
+VIR_DEBUG("Getting secondary uri=%s readonly=%d conn=%p",
+  NULLSTR(uri), readonly, conn);
+if (*conn)
+return 0;
+
+if (!uri) {
+virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+return -1;
+}
+
+VIR_DEBUG("Opening driver %s", uri);
+if (readonly)
+*conn = virConnectOpenReadOnly(uri);
+else
+*conn = virConnectOpen(uri);
+if (!*conn)
+return -1;
+VIR_DEBUG("Opened driver %p", *conn);
+return 0;
+}
+
+
 static virConnectPtr
 remoteGetHypervisorConn(virNetServerClientPtr client)
 {
@@ -1962,10 +1989,10 @@ remoteGetInterfaceConn(virNetServerClientPtr client)
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
-if (!priv->interfaceConn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+if (remoteOpenConn(priv->interfaceURI,
+   priv->readonly,
+   >interfaceConn) < 0)
 return NULL;
-}
 
 return priv->interfaceConn;
 }
@@ -1977,10 +2004,10 @@ remoteGetNetworkConn(virNetServerClientPtr client)
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
-if (!priv->networkConn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+if (remoteOpenConn(priv->networkURI,
+   priv->readonly,
+   >networkConn) < 0)
 return NULL;
-}
 
 return priv->networkConn;
 }
@@ -1992,10 +2019,10 @@ remoteGetNodeDevConn(virNetServerClientPtr client)
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
-if (!priv->nodedevConn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+if (remoteOpenConn(priv->nodedevURI,
+   priv->readonly,
+   >nodedevConn) < 0)
 return NULL;
-}
 
 return priv->nodedevConn;
 }
@@ -2007,10 +2034,10 @@ remoteGetNWFilterConn(virNetServerClientPtr client)
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
-if (!priv->nwfilterConn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor connection 
not open"));
+if (remoteOpenConn(priv->nwfilterURI,
+   priv->readonly,
+   >nwfilterConn) < 0)
 return NULL;
-}
 
 return priv->nwfilterConn;
 }
@@ -2022,10 +2049,10 @@ remoteGetSecretConn(virNetServerClientPtr client)
 struct 

[libvirt] [PATCH v3 32/48] vz: introduce virtvzd daemon

[Daniel P . Berrangé]

The virtvzd daemon will be responsible for providing the vz API
driver functionality. The vz driver is still loaded by the main
libvirtd daemon at this stage, so virtvzd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 +++
 src/vz/Makefile.inc.am| 62 +++
 src/vz/virtvzd.service.in | 25 
 3 files changed, 91 insertions(+)
 create mode 100644 src/vz/virtvzd.service.in

diff --git a/.gitignore b/.gitignore
index 4e46adaa55..e35a3409f2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -216,7 +216,11 @@
 /src/virtsecretd
 /src/virtstoraged
 /src/virtvboxd
+/src/virtvzd
 /src/virt-guest-shutdown.target
+/src/vz/test_virtvzd.aug
+/src/vz/virtvzd.aug
+/src/vz/virtvzd.conf
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
diff --git a/src/vz/Makefile.inc.am b/src/vz/Makefile.inc.am
index a3a146c627..0176586d4c 100644
--- a/src/vz/Makefile.inc.am
+++ b/src/vz/Makefile.inc.am
@@ -37,4 +37,66 @@ libvirt_driver_vz_impl_la_LIBADD = \
$(PARALLELS_SDK_LIBS) \
$(LIBNL_LIBS) \
$(NULL)
+
+sbin_PROGRAMS += virtvzd
+
+nodist_conf_DATA += vz/virtvzd.conf
+augeas_DATA += vz/virtvzd.aug
+augeastest_DATA += vz/test_virtvzd.aug
+CLEANFILES += vz/virtvzd.aug
+
+virtvzd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtvzd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtvzd\"" \
+   -DMODULE_NAME="\"vz\"" \
+   $(NULL)
+virtvzd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtvzd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtvzd.service \
+   virtvzd.socket \
+   virtvzd-ro.socket \
+   virtvzd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   vz/virtvzd.service.in \
+   $(NULL)
+
+VIRTVZD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt vz|g' \
+   -e 's|[@]service[@]|virtvzd|g' \
+   -e 's|[@]sockprefix[@]|virtvzd|g' \
+   $(NULL)
+
+virtvzd.service: vz/virtvzd.service.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTVZD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtvz%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTVZD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+vz/virtvzd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvzd/' \
+   < $^ > $@
+
+vz/virtvzd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvzd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtvzd/' \
+   $< > $@
+
+vz/test_virtvzd.aug: remote/test_libvirtd.aug.in \
+   vz/virtvzd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) vz/virtvzd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvzd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtvzd/' \
+   > $@ || rm -f $@
+
 endif WITH_VZ
diff --git a/src/vz/virtvzd.service.in b/src/vz/virtvzd.service.in
new file mode 100644
index 00..cd0f558768
--- /dev/null
+++ b/src/vz/virtvzd.service.in
@@ -0,0 +1,25 @@
+[Unit]
+Description=Virtualization vz daemon
+Conflicts=libvirtd.service
+Requires=virtvzd.socket
+Requires=virtvzd-ro.socket
+Requires=virtvzd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+After=remote-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtvzd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtvzd.socket
+Also=virtvzd-ro.socket
+Also=virtvzd-admin.socket
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 30/48] vbox: introduce virtvboxd daemon

[Daniel P . Berrangé]

The virtvboxd daemon will be responsible for providing the vbox API
driver functionality. The vbox driver is still loaded by the main
libvirtd daemon at this stage, so virtvboxd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 +++
 libvirt.spec.in   |  8 +
 src/vbox/Makefile.inc.am  | 62 +++
 src/vbox/virtvboxd.service.in | 25 ++
 4 files changed, 99 insertions(+)
 create mode 100644 src/vbox/virtvboxd.service.in

diff --git a/.gitignore b/.gitignore
index d279c7bc1f..a23828cce6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -195,6 +195,9 @@
 /src/storage/virtstoraged.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
+/src/vbox/test_virtvboxd.aug
+/src/vbox/virtvboxd.aug
+/src/vbox/virtvboxd.conf
 /src/virt-aa-helper
 /src/virtinterfaced
 /src/virtxend
@@ -208,6 +211,7 @@
 /src/virtqemud
 /src/virtsecretd
 /src/virtstoraged
+/src/virtvboxd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 81fc1481e0..c1da28892a 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1802,6 +1802,14 @@ exit 0
 
 %if %{with_vbox}
 %files daemon-driver-vbox
+%config(noreplace) %{_sysconfdir}/libvirt/virtvboxd.conf
+%{_datadir}/augeas/lenses/virtvboxd.aug
+%{_datadir}/augeas/lenses/tests/test_virtvboxd.aug
+%{_unitdir}/virtvboxd.service
+%{_unitdir}/virtvboxd.socket
+%{_unitdir}/virtvboxd-ro.socket
+%{_unitdir}/virtvboxd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtvboxd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so
 %endif
 
diff --git a/src/vbox/Makefile.inc.am b/src/vbox/Makefile.inc.am
index 95407778f7..74f274eb6a 100644
--- a/src/vbox/Makefile.inc.am
+++ b/src/vbox/Makefile.inc.am
@@ -63,4 +63,66 @@ libvirt_driver_vbox_impl_la_LIBADD = \
$(LIBXML_LIBS) \
$(NULL)
 libvirt_driver_vbox_impl_la_SOURCES = $(VBOX_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtvboxd
+
+nodist_conf_DATA += vbox/virtvboxd.conf
+augeas_DATA += vbox/virtvboxd.aug
+augeastest_DATA += vbox/test_virtvboxd.aug
+CLEANFILES += vbox/virtvboxd.aug
+
+virtvboxd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtvboxd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtvboxd\"" \
+   -DMODULE_NAME="\"vbox\"" \
+   $(NULL)
+virtvboxd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtvboxd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtvboxd.service \
+   virtvboxd.socket \
+   virtvboxd-ro.socket \
+   virtvboxd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   vbox/virtvboxd.service.in \
+   $(NULL)
+
+VIRTVBOXD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt vbox|g' \
+   -e 's|[@]service[@]|virtvboxd|g' \
+   -e 's|[@]sockprefix[@]|virtvboxd|g' \
+   $(NULL)
+
+virtvboxd.service: vbox/virtvboxd.service.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTVBOXD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtvbox%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTVBOXD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+vbox/virtvboxd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \
+   < $^ > $@
+
+vbox/virtvboxd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtvboxd/' \
+   $< > $@
+
+vbox/test_virtvboxd.aug: remote/test_libvirtd.aug.in \
+   vbox/virtvboxd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) vbox/virtvboxd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtvboxd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtvboxd/' \
+   > $@ || rm -f $@
+
 endif WITH_VBOX
diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in
new file mode 100644
index 00..7e0f7518d6
--- /dev/null
+++ b/src/vbox/virtvboxd.service.in
@@ -0,0 +1,25 @@
+[Unit]
+Description=Virtualization vbox daemon
+Conflicts=libvirtd.service
+Requires=virtvboxd.socket
+Requires=virtvboxd-ro.socket
+Requires=virtvboxd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+After=remote-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtvboxd --timeout 120
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Also=virtvboxd.socket
+Also=virtvboxd-ro.socket
+Also=virtvboxd-admin.socket
-- 
2.21.0

--
libvir-list mailing list

[libvirt] [PATCH v3 34/48] remote: get rid of bogus ATTRIBUTE_UNUSED annotation client param

[Daniel P . Berrangé]

The client parameter is always used to get access to the private data
struct.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon_dispatch.c | 98 ++---
 1 file changed, 49 insertions(+), 49 deletions(-)

diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 444c03a644..0145279d72 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -2006,7 +2006,7 @@ remoteDispatchConnectOpen(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED,
-   virNetServerClientPtr client ATTRIBUTE_UNUSED,
+   virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED)
 {
@@ -2017,7 +2017,7 @@ remoteDispatchConnectClose(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchDomainGetSchedulerType(virNetServerPtr server ATTRIBUTE_UNUSED,
- virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
+ virNetServerClientPtr client,
  virNetMessagePtr msg ATTRIBUTE_UNUSED,
  virNetMessageErrorPtr rerr,
  remote_domain_get_scheduler_type_args 
*args,
@@ -2054,7 +2054,7 @@ remoteDispatchDomainGetSchedulerType(virNetServerPtr 
server ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server 
ATTRIBUTE_UNUSED,
-   virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
+   virNetServerClientPtr client,
virNetMessagePtr msg 
ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,

remote_domain_get_scheduler_parameters_args *args,
@@ -2104,7 +2104,7 @@ 
remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
 
 static int
 remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server 
ATTRIBUTE_UNUSED,
-virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
+virNetServerClientPtr client,
 virNetMessagePtr msg 
ATTRIBUTE_UNUSED,
 virNetMessageErrorPtr rerr,
 
remote_domain_get_scheduler_parameters_flags_args *args,
@@ -2155,7 +2155,7 @@ 
remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
 
 static int
 remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED,
-virNetServerClientPtr client ATTRIBUTE_UNUSED,
+virNetServerClientPtr client,
 virNetMessagePtr msg ATTRIBUTE_UNUSED,
 virNetMessageErrorPtr rerr,
 remote_domain_memory_stats_args *args,
@@ -2213,7 +2213,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchDomainBlockPeek(virNetServerPtr server ATTRIBUTE_UNUSED,
-  virNetServerClientPtr client ATTRIBUTE_UNUSED,
+  virNetServerClientPtr client,
   virNetMessagePtr msg ATTRIBUTE_UNUSED,
   virNetMessageErrorPtr rerr,
   remote_domain_block_peek_args *args,
@@ -2267,7 +2267,7 @@ remoteDispatchDomainBlockPeek(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED,
-virNetServerClientPtr client 
ATTRIBUTE_UNUSED,
+virNetServerClientPtr client,
 virNetMessagePtr msg ATTRIBUTE_UNUSED,
 virNetMessageErrorPtr rerr,
 remote_domain_block_stats_flags_args *args,
@@ -2330,7 +2330,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr 
server ATTRIBUTE_UNUSED,
 
 static int
 remoteDispatchDomainMemoryPeek(virNetServerPtr server ATTRIBUTE_UNUSED,
-   virNetServerClientPtr client ATTRIBUTE_UNUSED,
+   virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
remote_domain_memory_peek_args *args,
@@ -2382,7 +2382,7 @@ remoteDispatchDomainMemoryPeek(virNetServerPtr server 

[libvirt] [PATCH v3 27/48] libxl: introduce virtxend daemon

[Daniel P . Berrangé]

The virtxend daemon will be responsible for providing the libxl API
driver functionality. The libxl driver is still loaded by the main
libvirtd daemon at this stage, so virtxend must not be running at
the same time.

This naming is slightly different than other drivers. With the libxl
driver, the user still has a 'xen:///system' URI, and we provide it
in a libvirt-daemon-xen RPM, which pulls in a
libvirt-daemon-driver-libxl RPM.

Arguably we could rename the libxl driver to "xen" since it is the
only xen driver we have these days, and that matches how we expose it
to users in the URI naming.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 +++
 libvirt.spec.in   |  8 +
 src/libxl/Makefile.inc.am | 62 +++
 src/libxl/virtxend.service.in | 26 +++
 4 files changed, 100 insertions(+)
 create mode 100644 src/libxl/virtxend.service.in

diff --git a/.gitignore b/.gitignore
index b93fd1b044..1c746cec44 100644
--- a/.gitignore
+++ b/.gitignore
@@ -139,6 +139,9 @@
 /src/libvirtd
 /src/libvirtd*.logrotate
 /src/libxl/test_libvirtd_libxl.aug
+/src/libxl/test_virtxend.aug
+/src/libxl/virtxend.aug
+/src/libxl/virtxend.conf
 /src/locking/libxl-lockd.conf
 /src/locking/libxl-sanlock.conf
 /src/locking/lock_daemon_dispatch_stubs.h
@@ -188,6 +191,7 @@
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
 /src/virtinterfaced
+/src/virtxend
 /src/virtlockd
 /src/virtlogd
 /src/virtnetworkd
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 3c0194df29..a9d12faa2a 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1765,6 +1765,14 @@ exit 0
 
 %if %{with_libxl}
 %files daemon-driver-libxl
+%config(noreplace) %{_sysconfdir}/libvirt/virtxend.conf
+%{_datadir}/augeas/lenses/virtxend.aug
+%{_datadir}/augeas/lenses/tests/test_virtxend.aug
+%{_unitdir}/virtxend.service
+%{_unitdir}/virtxend.socket
+%{_unitdir}/virtxend-ro.socket
+%{_unitdir}/virtxend-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtxend
 %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.libxl
 %config(noreplace) %{_sysconfdir}/libvirt/libxl-lockd.conf
diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am
index 467c2720b2..6f303cc66c 100644
--- a/src/libxl/Makefile.inc.am
+++ b/src/libxl/Makefile.inc.am
@@ -65,6 +65,68 @@ libvirt_driver_libxl_impl_la_LIBADD = \
$(NULL)
 libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES)
 
+sbin_PROGRAMS += virtxend
+
+nodist_conf_DATA += libxl/virtxend.conf
+augeas_DATA += libxl/virtxend.aug
+augeastest_DATA += libxl/test_virtxend.aug
+CLEANFILES += libxl/virtxend.aug
+
+virtxend_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtxend_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtxend\"" \
+   -DMODULE_NAME="\"libxl\"" \
+   $(NULL)
+virtxend_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtxend_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtxend.service \
+   virtxend.socket \
+   virtxend-ro.socket \
+   virtxend-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   libxl/virtxend.service.in \
+   $(NULL)
+
+VIRTXEND_UNIT_VARS = \
+   $(COMMON_UNIT_VARS) \
+   -e 
's|[@]deps[@]|Conflicts=$(LIBVIRTD_SOCKET_UNIT_FILES)\nConditionPathExists=/proc/xen/capabilities|g'
 \
+   -e 's|[@]name[@]|Libvirt libxl|g' \
+   -e 's|[@]service[@]|virtxend|g' \
+   -e 's|[@]sockprefix[@]|virtxend|g' \
+   $(NULL)
+
+virtxend.service: libxl/virtxend.service.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTXEND_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtxen%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTXEND_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+libxl/virtxend.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtxend/' \
+   < $^ > $@
+
+libxl/virtxend.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtxend/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtxend/' \
+   $< > $@
+
+libxl/test_virtxend.aug: remote/test_libvirtd.aug.in \
+   libxl/virtxend.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) libxl/virtxend.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtxend/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtxend/' \
+   > $@ || rm -f $@
+
 conf_DATA += libxl/libxl.conf
 augeas_DATA += libxl/libvirtd_libxl.aug
 augeastest_DATA += libxl/test_libvirtd_libxl.aug
diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in
new file mode 100644
index 00..059d79be77
--- 

[libvirt] [PATCH v3 37/48] remote: change hand written methods to not directly access connection

[Daniel P . Berrangé]

The driver dispatch methods access the priv->conn variables directly.
In future we want to dynamically open the connections for the secondary
driver. Thus we want the methods to call a method to get the connection
handle instead of assuming the private variable is non-NULL.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon_dispatch.c | 718 ++--
 1 file changed, 257 insertions(+), 461 deletions(-)

diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 4a3312a944..5609eb4caf 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -2148,15 +2148,12 @@ remoteDispatchDomainGetSchedulerType(virNetServerPtr 
server ATTRIBUTE_UNUSED,
 char *type;
 int nparams;
 int rv = -1;
-struct daemonClientPrivate *priv =
-virNetServerClientGetPrivateData(client);
+virConnectPtr conn = remoteGetHypervisorConn(client);
 
-if (!priv->conn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+if (!conn)
 goto cleanup;
-}
 
-if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+if (!(dom = get_nonnull_domain(conn, args->dom)))
 goto cleanup;
 
 if (!(type = virDomainGetSchedulerType(dom, )))
@@ -2185,13 +2182,10 @@ 
remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
 virTypedParameterPtr params = NULL;
 int nparams = 0;
 int rv = -1;
-struct daemonClientPrivate *priv =
-virNetServerClientGetPrivateData(client);
+virConnectPtr conn = remoteGetHypervisorConn(client);
 
-if (!priv->conn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+if (!conn)
 goto cleanup;
-}
 
 if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
@@ -2201,7 +2195,7 @@ 
remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
 goto cleanup;
 nparams = args->nparams;
 
-if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+if (!(dom = get_nonnull_domain(conn, args->dom)))
 goto cleanup;
 
 if (virDomainGetSchedulerParameters(dom, params, ) < 0)
@@ -2235,13 +2229,10 @@ 
remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
 virTypedParameterPtr params = NULL;
 int nparams = 0;
 int rv = -1;
-struct daemonClientPrivate *priv =
-virNetServerClientGetPrivateData(client);
+virConnectPtr conn = remoteGetHypervisorConn(client);
 
-if (!priv->conn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+if (!conn)
 goto cleanup;
-}
 
 if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
@@ -2251,7 +2242,7 @@ 
remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
 goto cleanup;
 nparams = args->nparams;
 
-if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+if (!(dom = get_nonnull_domain(conn, args->dom)))
 goto cleanup;
 
 if (virDomainGetSchedulerParametersFlags(dom, params, ,
@@ -2287,13 +2278,10 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 int nr_stats;
 size_t i;
 int rv = -1;
-struct daemonClientPrivate *priv =
-virNetServerClientGetPrivateData(client);
+virConnectPtr conn = remoteGetHypervisorConn(client);
 
-if (!priv->conn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+if (!conn)
 goto cleanup;
-}
 
 if (args->maxStats > REMOTE_DOMAIN_MEMORY_STATS_MAX) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -2301,7 +2289,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 goto cleanup;
 }
 
-if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+if (!(dom = get_nonnull_domain(conn, args->dom)))
 goto cleanup;
 
 /* Allocate stats array for making dispatch call */
@@ -2346,15 +2334,12 @@ remoteDispatchDomainBlockPeek(virNetServerPtr server 
ATTRIBUTE_UNUSED,
 size_t size;
 unsigned int flags;
 int rv = -1;
-struct daemonClientPrivate *priv =
-virNetServerClientGetPrivateData(client);
+virConnectPtr conn = remoteGetHypervisorConn(client);
 
-if (!priv->conn) {
-virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
+if (!conn)
 goto cleanup;
-}
 
-if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
+if (!(dom = get_nonnull_domain(conn, args->dom)))
 goto cleanup;
 path = args->path;
 offset = args->offset;
@@ -2400,15 +2385,12 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr 
server ATTRIBUTE_UNUSED,
 int 

[libvirt] [PATCH v3 42/48] remote: enable connecting to the per-driver daemons

[Daniel P . Berrangé]

Historically URIs handled by the remote driver will always connect to
the libvirtd UNIX socket. There will now be one daemon per driver, and
each of these has its own UNIX sockets to connect to.

It will still be possible to run the traditional monolithic libvirtd
though, which will have the original UNIX socket path.

In addition there is a virproxyd daemon that doesn't run any drivers,
but provides proxying for clients accessing libvirt over IP sockets, or
tunnelling to the legacy libvirtd UNIX socket path.

Finally when running inside a daemon, the remote driver must not reject
connections unconditionally. For example, the QEMU driver needs to be
able to connect to the network driver. The remote driver must thus be
willing to handle connections even when inside the daemon, provided no
local driver is registered.

This refactoring enables the remote driver to be able to connect to the
per-driver daemons. The URI parameter "mode" accepts the values "auto",
"direct" and "legacy" to control which daemons are connected to.

The client side libvirt.conf config file also supports a "remote_mode"
setting which is used if the URI parameter is not set.

If neither the config file or URI parameter set a mode, then "auto"
is used, whereby the client looks to see which sockets actually exist
right now.

The remote driver will only ever spawn the per-driver daemons, or
the legacy libvirtd. It won't ever try to spawn virtproxyd, as
that is only there for IP based connectivity, or for access from
legacy remote clients.

If connecting to a remote host over any kind of ssh tunnel, for now we
must assume only the legacy socket exists. A future patch will introduce
a netcat replacement that is tailored for libvirt to make remote
tunnelling easier.

The configure arg '--with-remote-default-mode=legacy|direct' allows
packagers to set a default at build time. If not given, it will default
to legacy mode.

Eventually the default will switch to default mode. Distros can choose
todo the switch earlier if desired. The main blocker is testing and
suitable SELinux/AppArmor policies.

Signed-off-by: Daniel P. Berrangé 
---
 docs/remote.html.in|  18 
 libvirt.spec.in|   1 +
 m4/virt-driver-remote.m4   |  15 +++
 src/driver.h   |   2 +
 src/libvirt.c  |  27 +
 src/remote/remote_driver.c | 209 +
 src/remote/remote_driver.h |   3 -
 7 files changed, 250 insertions(+), 25 deletions(-)

diff --git a/docs/remote.html.in b/docs/remote.html.in
index fbcc8bf01c..78e071a898 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -206,6 +206,24 @@ Note that parameter values must be
 
  Example: tls_priority=NORMAL:-VERS-SSL3.0 
   
+  
+
+  mode
+
+ unix, ssh, libssh, libssh2 
+
+  
+autoautomatically determine the 
daemon
+directconnect to per-driver daemons
+legacyconnect to libvirtd
+  
+  Can also be set in libvirt.conf as 
remote_mode
+
+  
+  
+
+ Example: mode=direct 
+  
   
 
   command
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c1da28892a..112c3fe7c4 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1170,6 +1170,7 @@ rm -f po/stamp-po
--without-xenapi \
--without-vz \
--without-bhyve \
+   --with-remote-default-mode=legacy \
--with-interface \
--with-network \
--with-storage-fs \
diff --git a/m4/virt-driver-remote.m4 b/m4/virt-driver-remote.m4
index c7af5b3fc6..8d98e369b3 100644
--- a/m4/virt-driver-remote.m4
+++ b/m4/virt-driver-remote.m4
@@ -19,6 +19,7 @@ dnl
 
 AC_DEFUN([LIBVIRT_DRIVER_ARG_REMOTE], [
   LIBVIRT_ARG_WITH_FEATURE([REMOTE], [remote driver], [yes])
+  LIBVIRT_ARG_WITH([REMOTE_DEFAULT_MODE], [remote driver default mode], 
[legacy])
 ])
 
 AC_DEFUN([LIBVIRT_DRIVER_CHECK_REMOTE], [
@@ -26,6 +27,20 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_REMOTE], [
 AC_DEFINE_UNQUOTED([WITH_REMOTE], 1, [whether Remote driver is enabled])
   fi
   AM_CONDITIONAL([WITH_REMOTE], [test "$with_remote" = "yes"])
+
+  case "$with_remote_default_mode" in
+legacy)
+  REMOTE_DRIVER_MODE_DEFAULT=REMOTE_DRIVER_MODE_LEGACY
+  ;;
+direct)
+  REMOTE_DRIVER_MODE_DEFAULT=REMOTE_DRIVER_MODE_DIRECT
+  ;;
+*)
+  AC_MSG_ERROR([Unknown remote mode '$with_remote_default_mode'])
+  ;;
+  esac
+
+  
AC_DEFINE_UNQUOTED([REMOTE_DRIVER_MODE_DEFAULT],[$REMOTE_DRIVER_MODE_DEFAULT], 
[Default remote driver mode])
 ])
 
 AC_DEFUN([LIBVIRT_DRIVER_RESULT_REMOTE], [
diff --git a/src/driver.h b/src/driver.h
index 898fb96df4..f7d667a03c 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -108,6 +108,8 @@ int virSetSharedNWFilterDriver(virNWFilterDriverPtr driver) 
ATTRIBUTE_RETURN_CHE
 int virSetSharedSecretDriver(virSecretDriverPtr driver) ATTRIBUTE_RETURN_CHECK;
 int 

[libvirt] [PATCH v3 36/48] remote: fix lock ordering mistake in event registration

[Daniel P . Berrangé]

If the event (un)registration methods are invoked while no connection is
open, they jump to a cleanup block which unlocks a mutex which is not
currently locked.

Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon_dispatch.c | 64 ++---
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/remote/remote_daemon_dispatch.c 
b/src/remote/remote_daemon_dispatch.c
index 90103f5093..4a3312a944 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -4212,13 +4212,13 @@ 
remoteDispatchConnectDomainEventRegister(virNetServerPtr server ATTRIBUTE_UNUSED
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 /* If we call register first, we could append a complete callback
  * to our array, but on OOM append failure, we'd have to then hope
  * deregister works to undo our register.  So instead we append an
@@ -4276,13 +4276,13 @@ 
remoteDispatchConnectDomainEventDeregister(virNetServerPtr server ATTRIBUTE_UNUS
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 for (i = 0; i < priv->ndomainEventCallbacks; i++) {
 if (priv->domainEventCallbacks[i]->eventID == 
VIR_DOMAIN_EVENT_ID_LIFECYCLE) {
 callbackID = priv->domainEventCallbacks[i]->callbackID;
@@ -4440,13 +4440,13 @@ 
remoteDispatchConnectDomainEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any
  * new domain events added after this point should only use the
  * modern callback style of RPC.  */
@@ -4516,13 +4516,13 @@ 
remoteDispatchConnectDomainEventCallbackRegisterAny(virNetServerPtr server ATTRI
 virNetServerClientGetPrivateData(client);
 virDomainPtr dom = NULL;
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 if (args->dom &&
 !(dom = get_nonnull_domain(priv->conn, *args->dom)))
 goto cleanup;
@@ -4590,13 +4590,13 @@ 
remoteDispatchConnectDomainEventDeregisterAny(virNetServerPtr server ATTRIBUTE_U
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 /* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any
  * new domain events added after this point should only use the
  * modern callback style of RPC.  */
@@ -4647,13 +4647,13 @@ 
remoteDispatchConnectDomainEventCallbackDeregisterAny(virNetServerPtr server ATT
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->conn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 for (i = 0; i < priv->ndomainEventCallbacks; i++) {
 if (priv->domainEventCallbacks[i]->callbackID == args->callbackID)
 break;
@@ -6089,13 +6089,13 @@ 
remoteDispatchConnectNetworkEventRegisterAny(virNetServerPtr server ATTRIBUTE_UN
 virNetServerClientGetPrivateData(client);
 virNetworkPtr net = NULL;
 
+virMutexLock(>lock);
+
 if (!priv->networkConn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 if (args->net &&
 !(net = get_nonnull_network(priv->networkConn, *args->net)))
 goto cleanup;
@@ -6162,13 +6162,13 @@ 
remoteDispatchConnectNetworkEventDeregisterAny(virNetServerPtr server ATTRIBUTE_
 struct daemonClientPrivate *priv =
 virNetServerClientGetPrivateData(client);
 
+virMutexLock(>lock);
+
 if (!priv->networkConn) {
 virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open"));
 goto cleanup;
 }
 
-virMutexLock(>lock);
-
 for (i = 0; i < priv->nnetworkEventCallbacks; i++) {
 if (priv->networkEventCallbacks[i]->callbackID == args->callbackID)
 break;
@@ 

[libvirt] [PATCH v3 40/48] remote: use enum helpers for parsing remote driver transport

[Daniel P . Berrangé]

Instead of open-coding a string -> enum conversion, use the enum helpers
for the remote driver transport. The old code uses STRCASEEQ, so we must
force the URI transport to lowercase for sake of back-compatibility.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_driver.c | 123 +
 1 file changed, 69 insertions(+), 54 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 8e1024dca3..706d9e6e14 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -49,11 +49,35 @@
 #include "virauth.h"
 #include "virauthconfig.h"
 #include "virstring.h"
+#include "c-ctype.h"
 
 #define VIR_FROM_THIS VIR_FROM_REMOTE
 
 VIR_LOG_INIT("remote.remote_driver");
 
+typedef enum {
+REMOTE_DRIVER_TRANSPORT_TLS,
+REMOTE_DRIVER_TRANSPORT_UNIX,
+REMOTE_DRIVER_TRANSPORT_SSH,
+REMOTE_DRIVER_TRANSPORT_LIBSSH2,
+REMOTE_DRIVER_TRANSPORT_EXT,
+REMOTE_DRIVER_TRANSPORT_TCP,
+REMOTE_DRIVER_TRANSPORT_LIBSSH,
+
+REMOTE_DRIVER_TRANSPORT_LAST,
+} remoteDriverTransport;
+
+VIR_ENUM_DECL(remoteDriverTransport);
+VIR_ENUM_IMPL(remoteDriverTransport,
+  REMOTE_DRIVER_TRANSPORT_LAST,
+  "tls",
+  "unix",
+  "ssh",
+  "libssh2",
+  "ext",
+  "tcp",
+  "libssh");
+
 #if SIZEOF_LONG < 8
 # define HYPER_TO_TYPE(_type, _to, _from) \
 do { \
@@ -176,10 +200,17 @@ static int remoteSplitURIScheme(virURIPtr uri,
 if (VIR_STRNDUP(*driver, uri->scheme, p ? p - uri->scheme : -1) < 0)
 return -1;
 
-if (p &&
-VIR_STRDUP(*transport, p + 1) < 0) {
-VIR_FREE(*driver);
-return -1;
+if (p) {
+if (VIR_STRDUP(*transport, p + 1) < 0) {
+VIR_FREE(*driver);
+return -1;
+}
+
+p = *transport;
+while (*p) {
+*p = c_tolower(*p);
+p++;
+}
 }
 
 return 0;
@@ -778,15 +809,7 @@ doRemoteOpen(virConnectPtr conn,
  virConfPtr conf,
  unsigned int flags)
 {
-enum {
-trans_tls,
-trans_unix,
-trans_ssh,
-trans_libssh2,
-trans_ext,
-trans_tcp,
-trans_libssh,
-} transport;
+int transport;
 #ifndef WIN32
 VIR_AUTOFREE(char *) daemonPath = NULL;
 #endif
@@ -815,42 +838,29 @@ doRemoteOpen(virConnectPtr conn,
 if (conn->uri) {
 if (!transport_str) {
 if (conn->uri->server)
-transport = trans_tls;
+transport = REMOTE_DRIVER_TRANSPORT_TLS;
 else
-transport = trans_unix;
+transport = REMOTE_DRIVER_TRANSPORT_UNIX;
 } else {
-if (STRCASEEQ(transport_str, "tls")) {
-transport = trans_tls;
-} else if (STRCASEEQ(transport_str, "unix")) {
-if (conn->uri->server) {
-virReportError(VIR_ERR_INVALID_ARG,
-   _("using unix socket and remote "
- "server '%s' is not supported."),
-   conn->uri->server);
-return VIR_DRV_OPEN_ERROR;
-} else {
-transport = trans_unix;
-}
-} else if (STRCASEEQ(transport_str, "ssh")) {
-transport = trans_ssh;
-} else if (STRCASEEQ(transport_str, "libssh2")) {
-transport = trans_libssh2;
-} else if (STRCASEEQ(transport_str, "ext")) {
-transport = trans_ext;
-} else if (STRCASEEQ(transport_str, "tcp")) {
-transport = trans_tcp;
-} else if (STRCASEEQ(transport_str, "libssh")) {
-transport = trans_libssh;
-} else {
+if ((transport = 
remoteDriverTransportTypeFromString(transport_str)) < 0) {
 virReportError(VIR_ERR_INVALID_ARG, "%s",
_("remote_open: transport in URL not recognised 
"
  "(should be 
tls|unix|ssh|ext|tcp|libssh2|libssh)"));
 return VIR_DRV_OPEN_ERROR;
 }
+
+if (transport == REMOTE_DRIVER_TRANSPORT_UNIX &&
+conn->uri->server) {
+virReportError(VIR_ERR_INVALID_ARG,
+   _("using unix socket and remote "
+ "server '%s' is not supported."),
+   conn->uri->server);
+return VIR_DRV_OPEN_ERROR;
+}
 }
 } else {
 /* No URI, then must be probing so use UNIX socket */
-transport = trans_unix;
+transport = REMOTE_DRIVER_TRANSPORT_UNIX;
 }
 
 /*
@@ -861,7 +871,7 @@ doRemoteOpen(virConnectPtr conn,
  * not require any external libraries or command execution
  */
 if 

[libvirt] [PATCH v3 28/48] qemu: introduce virtqemud daemon

[Daniel P . Berrangé]

The virtqemud daemon will be responsible for providing the qemu API
driver functionality. The qemu driver is still loaded by the main
libvirtd daemon at this stage, so virtqemud must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 +++
 libvirt.spec.in   |  8 +
 src/qemu/Makefile.inc.am  | 61 +++
 src/qemu/virtqemud.service.in | 40 +++
 4 files changed, 113 insertions(+)
 create mode 100644 src/qemu/virtqemud.service.in

diff --git a/.gitignore b/.gitignore
index 1c746cec44..d23ffa94f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -170,6 +170,9 @@
 /src/nwfilter/virtnwfilterd.aug
 /src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
+/src/qemu/test_virtqemud.aug
+/src/qemu/virtqemud.aug
+/src/qemu/virtqemud.conf
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
@@ -198,6 +201,7 @@
 /src/virtnodedevd
 /src/virtnwfilterd
 /src/virtproxyd
+/src/virtqemud
 /src/virtsecretd
 /src/virtstoraged
 /src/virt-guest-shutdown.target
diff --git a/libvirt.spec.in b/libvirt.spec.in
index a9d12faa2a..f86b0212c7 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1735,6 +1735,14 @@ exit 0
 
 %if %{with_qemu}
 %files daemon-driver-qemu
+%config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+%{_datadir}/augeas/lenses/virtqemud.aug
+%{_datadir}/augeas/lenses/tests/test_virtqemud.aug
+%{_unitdir}/virtqemud.service
+%{_unitdir}/virtqemud.socket
+%{_unitdir}/virtqemud-ro.socket
+%{_unitdir}/virtqemud-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtqemud
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index 12236a9e7b..215283cecd 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -112,6 +112,67 @@ CLEANFILES += \
 
 endif WITH_DTRACE_PROBES
 
+sbin_PROGRAMS += virtqemud
+
+nodist_conf_DATA += qemu/virtqemud.conf
+augeas_DATA += qemu/virtqemud.aug
+augeastest_DATA += qemu/test_virtqemud.aug
+CLEANFILES += qemu/virtqemud.aug
+
+virtqemud_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtqemud_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtqemud\"" \
+   -DMODULE_NAME="\"qemu\"" \
+   $(NULL)
+virtqemud_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtqemud_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtqemud.service \
+   virtqemud.socket \
+   virtqemud-ro.socket \
+   virtqemud-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   qemu/virtqemud.service.in \
+   $(NULL)
+
+VIRTQEMUD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt qemu|g' \
+   -e 's|[@]service[@]|virtqemud|g' \
+   -e 's|[@]sockprefix[@]|virtqemud|g' \
+   $(NULL)
+
+virtqemud.service: qemu/virtqemud.service.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTQEMUD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtqemu%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTQEMUD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+qemu/virtqemud.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtqemud/' \
+   < $^ > $@
+
+qemu/virtqemud.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtqemud/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtqemud/' \
+   $< > $@
+
+qemu/test_virtqemud.aug: remote/test_libvirtd.aug.in \
+   qemu/virtqemud.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) qemu/virtqemud.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtqemud/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtqemud/' \
+   > $@ || rm -f $@
+
 conf_DATA += qemu/qemu.conf
 
 augeas_DATA += qemu/libvirtd_qemu.aug
diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in
new file mode 100644
index 00..44eb2a2bf7
--- /dev/null
+++ b/src/qemu/virtqemud.service.in
@@ -0,0 +1,40 @@
+[Unit]
+Description=Virtualization qemu daemon
+Conflicts=libvirtd.service
+Requires=virtqemud.socket
+Requires=virtqemud-ro.socket
+Requires=virtqemud-admin.socket
+Wants=systemd-machined.service
+Before=libvirt-guests.service
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+After=remote-fs.target
+After=systemd-logind.service
+After=systemd-machined.service
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtqemud 

[libvirt] [PATCH v3 17/48] remote: conditionalize systemd socket unit files

[Daniel P . Berrangé]

Prepare for reusing libvirtd socket unit files with other daemons by
making various parts of their config conditionally defined by the make
rules.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am  |  4 
 src/remote/libvirtd-admin.socket.in | 15 ---
 src/remote/libvirtd-ro.socket.in| 15 ---
 src/remote/libvirtd-tcp.socket.in   | 13 +++--
 src/remote/libvirtd-tls.socket.in   | 13 +++--
 src/remote/libvirtd.socket.in   | 11 ++-
 6 files changed, 40 insertions(+), 31 deletions(-)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 0c6d859a41..0e9c0b9e1b 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -294,6 +294,10 @@ endif WITH_SASL
 
 LIBVIRTD_UNIT_VARS = \
$(COMMON_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt|g' \
+   -e 's|[@]service[@]|libvirtd|g' \
+   -e 's|[@]sockprefix[@]|libvirt|g' \
+   -e 's|[@]deps[@]||g' \
$(NULL)
 
 libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status
diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index bbab4ea355..dcce7fdc93 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -1,14 +1,15 @@
 [Unit]
-Description=Libvirt admin socket
-Before=libvirtd.service
-BindsTo=libvirtd.socket
-After=libvirtd.socket
+Description=@name@ admin socket
+Before=@service@.service
+BindsTo=@service@.socket
+After=@service@.socket
+@deps@
 
 [Socket]
-# The directory must match the @sysconfdir@/libvirt/libvirtd.conf 
unix_sock_dir setting
+# The directory must match the @sysconfdir@/libvirt/@service@.conf 
unix_sock_dir setting
 # when using systemd version < 227
-ListenStream=@localstatedir@/run/libvirt/libvirt-admin-sock
-Service=libvirtd.service
+ListenStream=@localstatedir@/run/libvirt/@sockprefix@-admin-sock
+Service=@service@.service
 SocketMode=0600
 
 [Install]
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index 5f8b1892d5..a287f78201 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -1,14 +1,15 @@
 [Unit]
-Description=Libvirt local read-only socket
-Before=libvirtd.service
-BindsTo=libvirtd.socket
-After=libvirtd.socket
+Description=@name@ local read-only socket
+Before=@service@.service
+BindsTo=@service@.socket
+After=@service@.socket
+@deps@
 
 [Socket]
-# The directory must match the @sysconfdir@/libvirt/libvirtd.conf 
unix_sock_dir setting
+# The directory must match the @sysconfdir@/libvirt/@service@.conf 
unix_sock_dir setting
 # when using systemd version < 227
-ListenStream=@localstatedir@/run/libvirt/libvirt-sock-ro
-Service=libvirtd.service
+ListenStream=@localstatedir@/run/libvirt/@sockprefix@-sock-ro
+Service=@service@.service
 SocketMode=0666
 
 [Install]
diff --git a/src/remote/libvirtd-tcp.socket.in 
b/src/remote/libvirtd-tcp.socket.in
index 1103036c45..dd60317d47 100644
--- a/src/remote/libvirtd-tcp.socket.in
+++ b/src/remote/libvirtd-tcp.socket.in
@@ -1,14 +1,15 @@
 [Unit]
-Description=Libvirt non-TLS IP socket
-Before=libvirtd.service
-BindsTo=libvirtd.socket
-After=libvirtd.socket
+Description=@name@ non-TLS IP socket
+Before=@service@.service
+BindsTo=@service@.socket
+After=@service@.socket
+@deps@
 
 [Socket]
-# This must match the @sysconfdir@/libvirt/libvirtd.conf tcp_port setting
+# This must match the @sysconfdir@/libvirt/@service@.conf tcp_port setting
 # when using systemd version < 227
 ListenStream=16509
-Service=libvirtd.service
+Service=@service@.service
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd-tls.socket.in 
b/src/remote/libvirtd-tls.socket.in
index e2b1f839de..8b89737fff 100644
--- a/src/remote/libvirtd-tls.socket.in
+++ b/src/remote/libvirtd-tls.socket.in
@@ -1,14 +1,15 @@
 [Unit]
-Description=Libvirt TLS IP socket
-Before=libvirtd.service
-BindsTo=libvirtd.socket
-After=libvirtd.socket
+Description=@name@ TLS IP socket
+Before=@service@.service
+BindsTo=@service@.socket
+After=@service@.socket
+@deps@
 
 [Socket]
-# This must match the @sysconfdir@/libvirt/libvirtd.conf tls_port setting
+# This must match the @sysconfdir@/libvirt/@service@.conf tls_port setting
 # when using systemd version < 227
 ListenStream=16514
-Service=libvirtd.service
+Service=@service@.service
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index 872f70eb21..cb61409e23 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -1,12 +1,13 @@
 [Unit]
-Description=Libvirt local socket
-Before=libvirtd.service
+Description=@name@ local socket
+Before=@service@.service
+@deps@
 
 [Socket]
-# The directory must match the @sysconfdir@/libvirt/libvirtd.conf 
unix_sock_dir setting
+# The directory must match the @sysconfdir@/libvirt/@service@.conf 
unix_sock_dir setting
 # when using systemd version 

[libvirt] [PATCH v3 16/48] remote: reduce duplication in systemd unit file make rules into one

[Daniel P . Berrangé]

The make rules for the systemd socket unit files are all essentially
identical and can be collapsed into a single generic rule. The service
unit file rule can be simplified too.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/Makefile.am|  6 +
 src/remote/Makefile.inc.am | 49 +++---
 2 files changed, 14 insertions(+), 41 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 255e8e2b57..b4544b12a7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -89,6 +89,12 @@ man8_MANS =
 DRIVER_SOURCES =
 man7_MANS =
 
+COMMON_UNIT_VARS = \
+   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+   -e 's|[@]sbindir[@]|$(sbindir)|g' \
+   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
+   $(NULL)
+
 include util/Makefile.inc.am
 include conf/Makefile.inc.am
 include cpu/Makefile.inc.am
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index fc04af5cb5..0c6d859a41 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -292,48 +292,15 @@ INSTALL_DATA_LOCAL += install-sasl
 UNINSTALL_LOCAL += uninstall-sasl
 endif WITH_SASL
 
+LIBVIRTD_UNIT_VARS = \
+   $(COMMON_UNIT_VARS) \
+   $(NULL)
+
 libvirtd.service: remote/libvirtd.service.in $(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sbindir[@]|$(sbindir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
-
-libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
-
-libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
-
-libvirtd-admin.socket: remote/libvirtd-admin.socket.in 
$(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
-
-libvirtd-tcp.socket: remote/libvirtd-tcp.socket.in 
$(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
-
-libvirtd-tls.socket: remote/libvirtd-tls.socket.in 
$(top_builddir)/config.status
-   $(AM_V_GEN)sed \
-   -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-   < $< > $@-t && \
-   mv $@-t $@
+   $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+libvirt%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(LIBVIRTD_UNIT_VARS) < $< > $@-t && mv $@-t $@
 
 virt-guest-shutdown.target: remote/virt-guest-shutdown.target.in \
$(top_builddir)/config.status
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 24/48] storage: introduce virtstoraged daemon

[Daniel P . Berrangé]

The virtstoraged daemon will be responsible for providing the storage API
driver functionality. The storage driver is still loaded by the main
libvirtd daemon at this stage, so virtstoraged must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  4 ++
 libvirt.spec.in |  8 
 src/storage/Makefile.inc.am | 61 +
 src/storage/virtstoraged.service.in | 26 
 4 files changed, 99 insertions(+)
 create mode 100644 src/storage/virtstoraged.service.in

diff --git a/.gitignore b/.gitignore
index c361d87868..3b86183bee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -175,6 +175,9 @@
 /src/secret/test_virtsecretd.aug
 /src/secret/virtsecretd.aug
 /src/secret/virtsecretd.conf
+/src/storage/test_virtstoraged.aug
+/src/storage/virtstoraged.aug
+/src/storage/virtstoraged.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
@@ -184,6 +187,7 @@
 /src/virtnetworkd
 /src/virtproxyd
 /src/virtsecretd
+/src/virtstoraged
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index b4fab26ea4..c34445090d 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1663,6 +1663,14 @@ exit 0
 %files daemon-driver-storage
 
 %files daemon-driver-storage-core
+%config(noreplace) %{_sysconfdir}/libvirt/virtstoraged.conf
+%{_datadir}/augeas/lenses/virtstoraged.aug
+%{_datadir}/augeas/lenses/tests/test_virtstoraged.aug
+%{_unitdir}/virtstoraged.service
+%{_unitdir}/virtstoraged.socket
+%{_unitdir}/virtstoraged-ro.socket
+%{_unitdir}/virtstoraged-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtstoraged
 %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
 %{_libdir}/%{name}/connection-driver/libvirt_driver_storage.so
 %{_libdir}/%{name}/storage-backend/libvirt_storage_backend_fs.so
diff --git a/src/storage/Makefile.inc.am b/src/storage/Makefile.inc.am
index 538709256d..767875785a 100644
--- a/src/storage/Makefile.inc.am
+++ b/src/storage/Makefile.inc.am
@@ -142,6 +142,67 @@ mod_LTLIBRARIES += libvirt_driver_storage.la
 libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SOURCES)
 
+sbin_PROGRAMS += virtstoraged
+
+nodist_conf_DATA += storage/virtstoraged.conf
+augeas_DATA += storage/virtstoraged.aug
+augeastest_DATA += storage/test_virtstoraged.aug
+CLEANFILES += storage/virtstoraged.aug
+
+virtstoraged_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtstoraged_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtstoraged\"" \
+   -DMODULE_NAME="\"storage\"" \
+   $(NULL)
+virtstoraged_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtstoraged_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtstoraged.service \
+   virtstoraged.socket \
+   virtstoraged-ro.socket \
+   virtstoraged-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   storage/virtstoraged.service.in \
+   $(NULL)
+
+VIRTSTORAGED_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt storage|g' \
+   -e 's|[@]service[@]|virtstoraged|g' \
+   -e 's|[@]sockprefix[@]|virtstoraged|g' \
+   $(NULL)
+
+virtstoraged.service: storage/virtstoraged.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtstorage%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTSTORAGED_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+storage/virtstoraged.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \
+   < $^ > $@
+
+storage/virtstoraged.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \
+   $< > $@
+
+storage/test_virtstoraged.aug: remote/test_libvirtd.aug.in \
+   storage/virtstoraged.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) storage/virtstoraged.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtstoraged/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtstoraged/' \
+   > $@ || rm -f $@
+
 
 libvirt_storage_backend_fs_la_SOURCES = $(STORAGE_DRIVER_FS_SOURCES)
 libvirt_storage_backend_fs_la_CFLAGS = \
diff --git a/src/storage/virtstoraged.service.in 
b/src/storage/virtstoraged.service.in
new file mode 100644
index 00..9aa26764a9
--- /dev/null
+++ b/src/storage/virtstoraged.service.in
@@ -0,0 +1,26 @@
+[Unit]
+Description=Virtualization storage daemon
+Conflicts=libvirtd.service

[libvirt] [PATCH v3 29/48] lxc: introduce virtlxcd daemon

[Daniel P . Berrangé]

The virtlxcd daemon will be responsible for providing the lxc API
driver functionality. The lxc driver is still loaded by the main
libvirtd daemon at this stage, so virtlxcd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  4 +++
 libvirt.spec.in |  8 +
 src/lxc/Makefile.inc.am | 62 +
 src/lxc/virtlxcd.service.in | 40 
 4 files changed, 114 insertions(+)
 create mode 100644 src/lxc/virtlxcd.service.in

diff --git a/.gitignore b/.gitignore
index d23ffa94f0..d279c7bc1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -160,6 +160,9 @@
 /src/lxc/lxc_monitor_protocol.h
 /src/lxc/lxc_protocol.[ch]
 /src/lxc/test_libvirtd_lxc.aug
+/src/lxc/test_virtlxcd.aug
+/src/lxc/virtlxcd.aug
+/src/lxc/virtlxcd.conf
 /src/network/test_virtnetworkd.aug
 /src/network/virtnetworkd.aug
 /src/network/virtnetworkd.conf
@@ -197,6 +200,7 @@
 /src/virtxend
 /src/virtlockd
 /src/virtlogd
+/src/virtlxcd
 /src/virtnetworkd
 /src/virtnodedevd
 /src/virtnwfilterd
diff --git a/libvirt.spec.in b/libvirt.spec.in
index f86b0212c7..81fc1481e0 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1760,6 +1760,14 @@ exit 0
 
 %if %{with_lxc}
 %files daemon-driver-lxc
+%config(noreplace) %{_sysconfdir}/libvirt/virtlxcd.conf
+%{_datadir}/augeas/lenses/virtlxcd.aug
+%{_datadir}/augeas/lenses/tests/test_virtlxcd.aug
+%{_unitdir}/virtlxcd.service
+%{_unitdir}/virtlxcd.socket
+%{_unitdir}/virtlxcd-ro.socket
+%{_unitdir}/virtlxcd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtlxcd
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
 %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am
index 0c241fc5c1..4960ee4324 100644
--- a/src/lxc/Makefile.inc.am
+++ b/src/lxc/Makefile.inc.am
@@ -110,6 +110,68 @@ endif WITH_BLKID
 libvirt_driver_lxc_impl_la_LIBADD += $(SECDRIVER_LIBS)
 libvirt_driver_lxc_impl_la_SOURCES = $(LXC_DRIVER_SOURCES)
 
+
+sbin_PROGRAMS += virtlxcd
+
+nodist_conf_DATA += lxc/virtlxcd.conf
+augeas_DATA += lxc/virtlxcd.aug
+augeastest_DATA += lxc/test_virtlxcd.aug
+CLEANFILES += lxc/virtlxcd.aug
+
+virtlxcd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtlxcd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtlxcd\"" \
+   -DMODULE_NAME="\"lxc\"" \
+   $(NULL)
+virtlxcd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtlxcd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtlxcd.service \
+   virtlxcd.socket \
+   virtlxcd-ro.socket \
+   virtlxcd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   lxc/virtlxcd.service.in \
+   $(NULL)
+
+VIRTLXCD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt lxc|g' \
+   -e 's|[@]service[@]|virtlxcd|g' \
+   -e 's|[@]sockprefix[@]|virtlxcd|g' \
+   $(NULL)
+
+virtlxcd.service: lxc/virtlxcd.service.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTLXCD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtlxc%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTLXCD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+lxc/virtlxcd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \
+   < $^ > $@
+
+lxc/virtlxcd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtlxcd/' \
+   $< > $@
+
+lxc/test_virtlxcd.aug: remote/test_libvirtd.aug.in \
+   lxc/virtlxcd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) lxc/virtlxcd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtlxcd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtlxcd/' \
+   > $@ || rm -f $@
+
 libexec_PROGRAMS += libvirt_lxc
 
 libvirt_lxc_SOURCES = \
diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in
new file mode 100644
index 00..c732499a64
--- /dev/null
+++ b/src/lxc/virtlxcd.service.in
@@ -0,0 +1,40 @@
+[Unit]
+Description=Virtualization lxc daemon
+Conflicts=libvirtd.service
+Requires=virtlxcd.socket
+Requires=virtlxcd-ro.socket
+Requires=virtlxcd-admin.socket
+Wants=systemd-machined.service
+Before=libvirt-guests.service
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+After=remote-fs.target
+After=systemd-logind.service
+After=systemd-machined.service
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify
+ExecStart=@sbindir@/virtlxcd --timeout 120

[libvirt] [PATCH v3 14/48] remote: refactor & rename variables for building libvirtd

[Daniel P . Berrangé]

The same make variables will be useful for building both libvirtd and
the split daemons, so refactor & rename variables to facilitate reuse.

Automake gets annoyed if you define a variable ending LDFLAGS:

src/remote/Makefile.inc.am:53: warning: variable 'REMOTE_DAEMON_LDFLAGS' is 
defined but no program or
src/remote/Makefile.inc.am:53: library has 'REMOTE_DAEMON' as canonical name 
(possible typo)

So we trick it by using an LD_FLAGS or LD_ADD suffix instead.

LIBSOCKET is dropped as it is only set on Windows and we don't
build the libvirtd daemon under mingw.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am | 94 --
 1 file changed, 50 insertions(+), 44 deletions(-)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 45dd6cc1cb..0ec7abb880 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -18,13 +18,13 @@ REMOTE_DRIVER_SOURCES = \
$(REMOTE_DRIVER_GENERATED) \
$(NULL)
 
-LIBVIRTD_GENERATED = \
+REMOTE_DAEMON_GENERATED = \
remote/remote_daemon_dispatch_stubs.h \
remote/remote_daemon_dispatch_lxc_stubs.h \
remote/remote_daemon_dispatch_qemu_stubs.h \
$(NULL)
 
-LIBVIRTD_SOURCES = \
+REMOTE_DAEMON_SOURCES = \
remote/remote_daemon.c \
remote/remote_daemon.h \
remote/remote_daemon_config.c \
@@ -33,9 +33,49 @@ LIBVIRTD_SOURCES = \
remote/remote_daemon_dispatch.h \
remote/remote_daemon_stream.c \
remote/remote_daemon_stream.h \
-   $(LIBVIRTD_GENERATED) \
+   $(REMOTE_DAEMON_GENERATED) \
$(NULL)
 
+REMOTE_DAEMON_CFLAGS = \
+   $(LIBXML_CFLAGS) \
+   $(GNUTLS_CFLAGS) \
+   $(SASL_CFLAGS) \
+   $(XDR_CFLAGS) \
+   $(DBUS_CFLAGS) \
+   $(LIBNL_CFLAGS) \
+   $(WARN_CFLAGS) \
+   $(PIE_CFLAGS) \
+   -I$(srcdir)/access \
+   -I$(srcdir)/conf \
+   -I$(srcdir)/rpc \
+   $(NULL)
+
+REMOTE_DAEMON_LD_FLAGS = \
+   $(RELRO_LDFLAGS) \
+   $(PIE_LDFLAGS) \
+   $(NO_INDIRECT_LDFLAGS) \
+   $(NO_UNDEFINED_LDFLAGS) \
+   $(NULL)
+
+REMOTE_DAEMON_LD_ADD = \
+   libvirt_driver_admin.la \
+   libvirt-lxc.la \
+   libvirt-qemu.la \
+   libvirt.la \
+   $(LIBXML_LIBS) \
+   $(GNUTLS_LIBS) \
+   $(SASL_LIBS) \
+   $(DBUS_LIBS) \
+   $(LIBNL_LIBS) \
+   $(NULL)
+
+if WITH_DTRACE_PROBES
+REMOTE_DAEMON_LD_ADD += ../src/libvirt_probes.lo
+endif WITH_DTRACE_PROBES
+
+REMOTE_DAEMON_LD_ADD += \
+   ../gnulib/lib/libgnu.la \
+   $(NULL)
 
 LOGROTATE_FILES_IN += \
remote/libvirtd.qemu.logrotate.in \
@@ -73,7 +113,7 @@ DRIVER_SOURCE_FILES += $(REMOTE_DRIVER_SOURCES)
 EXTRA_DIST += \
$(REMOTE_DRIVER_PROTOCOL) \
$(REMOTE_DRIVER_SOURCES) \
-   $(LIBVIRTD_SOURCES) \
+   $(REMOTE_DAEMON_SOURCES) \
remote/test_libvirtd.aug.in \
remote/libvirtd.aug.in \
remote/libvirtd.conf.in \
@@ -87,11 +127,11 @@ EXTRA_DIST += \
 # the WITH_REMOTE/WITH_LIBVIRTD conditionals
 BUILT_SOURCES += \
$(REMOTE_DRIVER_GENERATED) \
-   $(LIBVIRTD_GENERATED) \
+   $(REMOTE_DAEMON_GENERATED) \
$(NULL)
 MAINTAINERCLEANFILES += \
$(REMOTE_DRIVER_GENERATED) \
-   $(LIBVIRTD_GENERATED) \
+   $(REMOTE_DAEMON_GENERATED) \
$(NULL)
 CLEANFILES += \
remote/libvirtd.conf \
@@ -137,52 +177,18 @@ CLEANFILES += remote/libvirtd.aug
 
 man8_MANS += libvirtd.8
 
-libvirtd_SOURCES = $(LIBVIRTD_SOURCES)
+libvirtd_SOURCES = $(REMOTE_DAEMON_SOURCES)
 
 libvirtd_CFLAGS = \
-   $(LIBXML_CFLAGS) \
-   $(GNUTLS_CFLAGS) \
-   $(SASL_CFLAGS) \
-   $(XDR_CFLAGS) \
-   $(DBUS_CFLAGS) \
-   $(LIBNL_CFLAGS) \
-   $(WARN_CFLAGS) \
-   $(PIE_CFLAGS) \
-   -I$(srcdir)/access \
-   -I$(srcdir)/conf \
-   -I$(srcdir)/rpc \
+   $(REMOTE_DAEMON_CFLAGS) \
-DSOCK_PREFIX="\"libvirt\"" \
-DDAEMON_NAME="\"libvirtd\"" \
-DENABLE_IP \
$(NULL)
 
-libvirtd_LDFLAGS = \
-   $(RELRO_LDFLAGS) \
-   $(PIE_LDFLAGS) \
-   $(NO_INDIRECT_LDFLAGS) \
-   $(NO_UNDEFINED_LDFLAGS) \
-   $(NULL)
+libvirtd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
 
-libvirtd_LDADD = \
-   libvirt_driver_admin.la \
-   libvirt-lxc.la \
-   libvirt-qemu.la \
-   libvirt.la \
-   $(LIBXML_LIBS) \
-   $(GNUTLS_LIBS) \
-   $(SASL_LIBS) \
-   $(DBUS_LIBS) \
-   $(LIBNL_LIBS) \
-   $(NULL)
-
-if WITH_DTRACE_PROBES
-libvirtd_LDADD += ../src/libvirt_probes.lo
-endif WITH_DTRACE_PROBES
-
-libvirtd_LDADD += \
-   ../gnulib/lib/libgnu.la \
-   $(LIBSOCKET) \
-   $(NULL)
+libvirtd_LDADD = $(REMOTE_DAEMON_LD_ADD)
 
 remote/libvirtd.conf: remote/libvirtd.conf.in
$(AM_V_GEN)$(SED) \
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 19/48] remote: in per-driver daemons ensure that state initialize succeeds

[Daniel P . Berrangé]

When running in libvirtd, we are happy for any of the drivers to simply
skip their initialization in virStateInitialize, as other drivers are
still potentially useful.

When running in per-driver daemons though, we want the daemon to abort
startup if the driver cannot initialize itself, as the daemon will be
useless without it.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/bhyve/bhyve_driver.c| 10 +-
 src/driver-state.h  |  8 +++-
 src/interface/interface_backend_netcf.c |  8 
 src/interface/interface_backend_udev.c  |  4 ++--
 src/libvirt.c   | 15 ---
 src/libvirt_internal.h  |  1 +
 src/libxl/libxl_driver.c| 10 +-
 src/lxc/lxc_driver.c| 12 ++--
 src/network/bridge_driver.c |  4 ++--
 src/node_device/node_device_hal.c   | 12 ++--
 src/node_device/node_device_udev.c  |  8 
 src/nwfilter/nwfilter_driver.c  | 12 ++--
 src/qemu/qemu_driver.c  |  8 
 src/remote/remote_daemon.c  |  6 ++
 src/remote/remote_driver.c  |  2 +-
 src/secret/secret_driver.c  |  8 
 src/storage/storage_driver.c|  8 
 src/vz/vz_driver.c  | 14 +++---
 18 files changed, 86 insertions(+), 64 deletions(-)

diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
index 5387ac5570..e2c1b00080 100644
--- a/src/bhyve/bhyve_driver.c
+++ b/src/bhyve/bhyve_driver.c
@@ -1220,16 +1220,16 @@ bhyveStateInitialize(bool privileged,
 {
 if (!privileged) {
 VIR_INFO("Not running privileged, disabling driver");
-return 0;
+return VIR_DRV_STATE_INIT_SKIPPED;
 }
 
 if (VIR_ALLOC(bhyve_driver) < 0)
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 
 bhyve_driver->lockFD = -1;
 if (virMutexInit(_driver->lock) < 0) {
 VIR_FREE(bhyve_driver);
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 }
 
 if (!(bhyve_driver->closeCallbacks = virCloseCallbacksNew()))
@@ -1303,11 +1303,11 @@ bhyveStateInitialize(bool privileged,
 
 bhyveAutostartDomains(bhyve_driver);
 
-return 0;
+return VIR_DRV_STATE_INIT_COMPLETE;
 
  cleanup:
 bhyveStateCleanup();
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 }
 
 unsigned
diff --git a/src/driver-state.h b/src/driver-state.h
index 974b2252ee..69e2678dfc 100644
--- a/src/driver-state.h
+++ b/src/driver-state.h
@@ -24,7 +24,13 @@
 # error "Don't include this file directly, only use driver.h"
 #endif
 
-typedef int
+typedef enum {
+VIR_DRV_STATE_INIT_ERROR = -1,
+VIR_DRV_STATE_INIT_SKIPPED,
+VIR_DRV_STATE_INIT_COMPLETE,
+} virDrvStateInitResult;
+
+typedef virDrvStateInitResult
 (*virDrvStateInitialize)(bool privileged,
  virStateInhibitCallback callback,
  void *opaque);
diff --git a/src/interface/interface_backend_netcf.c 
b/src/interface/interface_backend_netcf.c
index 587cee..eb509ccc13 100644
--- a/src/interface/interface_backend_netcf.c
+++ b/src/interface/interface_backend_netcf.c
@@ -93,10 +93,10 @@ netcfStateInitialize(bool privileged,
  void *opaque ATTRIBUTE_UNUSED)
 {
 if (virNetcfDriverStateInitialize() < 0)
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 
 if (!(driver = virObjectLockableNew(virNetcfDriverStateClass)))
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 
 driver->privileged = privileged;
 
@@ -129,12 +129,12 @@ netcfStateInitialize(bool privileged,
_("failed to initialize netcf"));
 goto error;
 }
-return 0;
+return VIR_DRV_STATE_INIT_COMPLETE;
 
  error:
 virObjectUnref(driver);
 driver = NULL;
-return -1;
+return VIR_DRV_STATE_INIT_ERROR;
 }
 
 
diff --git a/src/interface/interface_backend_udev.c 
b/src/interface/interface_backend_udev.c
index fea5108dbc..ef748540d1 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -1172,7 +1172,7 @@ udevStateInitialize(bool privileged,
 virStateInhibitCallback callback ATTRIBUTE_UNUSED,
 void *opaque ATTRIBUTE_UNUSED)
 {
-int ret = -1;
+int ret = VIR_DRV_STATE_INIT_ERROR;
 
 if (VIR_ALLOC(driver) < 0)
 goto cleanup;
@@ -1210,7 +1210,7 @@ udevStateInitialize(bool privileged,
 }
 driver->privileged = privileged;
 
-ret = 0;
+ret = VIR_DRV_STATE_INIT_COMPLETE;
 
  cleanup:
 if (ret < 0)
diff --git a/src/libvirt.c b/src/libvirt.c
index f0a768fc7e..9390a767f9 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -629,6 +629,7 @@ virRegisterStateDriver(virStateDriverPtr driver)
 /**
  * virStateInitialize:
  * @privileged: set to true if running with root privilege, false otherwise
+ * @mandatory: set 

[libvirt] [PATCH v3 26/48] nwfilter: introduce virtnwfilterd daemon

[Daniel P . Berrangé]

The virtnwfilterd daemon will be responsible for providing the nwfilter API
driver functionality. The nwfilter driver is still loaded by the main
libvirtd daemon at this stage, so virtnwfilterd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 ++
 libvirt.spec.in   |  8 
 src/nwfilter/Makefile.inc.am  | 62 +++
 src/nwfilter/virtnwfilterd.service.in | 24 +++
 4 files changed, 98 insertions(+)
 create mode 100644 src/nwfilter/virtnwfilterd.service.in

diff --git a/.gitignore b/.gitignore
index ada72fd618..b93fd1b044 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,6 +163,9 @@
 /src/node_device/test_virtnodedevd.aug
 /src/node_device/virtnodedevd.aug
 /src/node_device/virtnodedevd.conf
+/src/nwfilter/test_virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -189,6 +192,7 @@
 /src/virtlogd
 /src/virtnetworkd
 /src/virtnodedevd
+/src/virtnwfilterd
 /src/virtproxyd
 /src/virtsecretd
 /src/virtstoraged
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 7519ebebcf..3c0194df29 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1653,6 +1653,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
 
 %files daemon-driver-nwfilter
+%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf
+%{_datadir}/augeas/lenses/virtnwfilterd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug
+%{_unitdir}/virtnwfilterd.service
+%{_unitdir}/virtnwfilterd.socket
+%{_unitdir}/virtnwfilterd-ro.socket
+%{_unitdir}/virtnwfilterd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_localstatedir}/run/libvirt/network/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
diff --git a/src/nwfilter/Makefile.inc.am b/src/nwfilter/Makefile.inc.am
index 810ca54bcc..5c5e636ccc 100644
--- a/src/nwfilter/Makefile.inc.am
+++ b/src/nwfilter/Makefile.inc.am
@@ -41,4 +41,66 @@ libvirt_driver_nwfilter_impl_la_LIBADD = \
../gnulib/lib/libgnu.la \
$(NULL)
 libvirt_driver_nwfilter_impl_la_SOURCES = $(NWFILTER_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtnwfilterd
+
+nodist_conf_DATA += nwfilter/virtnwfilterd.conf
+augeas_DATA += nwfilter/virtnwfilterd.aug
+augeastest_DATA += nwfilter/test_virtnwfilterd.aug
+CLEANFILES += nwfilter/virtnwfilterd.aug
+
+virtnwfilterd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtnwfilterd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtnwfilterd\"" \
+   -DMODULE_NAME="\"nwfilter\"" \
+   $(NULL)
+virtnwfilterd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtnwfilterd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtnwfilterd.service \
+   virtnwfilterd.socket \
+   virtnwfilterd-ro.socket \
+   virtnwfilterd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   nwfilter/virtnwfilterd.service.in \
+   $(NULL)
+
+VIRTNWFILTERD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt nwfilter|g' \
+   -e 's|[@]service[@]|virtnwfilterd|g' \
+   -e 's|[@]sockprefix[@]|virtnwfilterd|g' \
+   $(NULL)
+
+virtnwfilterd.service: nwfilter/virtnwfilterd.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtnwfilter%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+nwfilter/virtnwfilterd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+   < $^ > $@
+
+nwfilter/virtnwfilterd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+   $< > $@
+
+nwfilter/test_virtnwfilterd.aug: remote/test_libvirtd.aug.in \
+   nwfilter/virtnwfilterd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) nwfilter/virtnwfilterd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+   > $@ || rm -f $@
+
 endif WITH_NWFILTER
diff --git a/src/nwfilter/virtnwfilterd.service.in 
b/src/nwfilter/virtnwfilterd.service.in
new file mode 100644
index 00..57c2fafe43
--- /dev/null
+++ b/src/nwfilter/virtnwfilterd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization nwfilter daemon
+Conflicts=libvirtd.service

[libvirt] [PATCH v3 25/48] nodedev: introduce virtnodedevd daemon

[Daniel P . Berrangé]

The virtnodedevd daemon will be responsible for providing the nodedev API
driver functionality. The nodedev driver is still loaded by the main
libvirtd daemon at this stage, so virtnodedevd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  4 ++
 libvirt.spec.in |  8 
 src/node_device/Makefile.inc.am | 62 +
 src/node_device/virtnodedevd.service.in | 24 ++
 4 files changed, 98 insertions(+)
 create mode 100644 src/node_device/virtnodedevd.service.in

diff --git a/.gitignore b/.gitignore
index 3b86183bee..ada72fd618 100644
--- a/.gitignore
+++ b/.gitignore
@@ -160,6 +160,9 @@
 /src/network/test_virtnetworkd.aug
 /src/network/virtnetworkd.aug
 /src/network/virtnetworkd.conf
+/src/node_device/test_virtnodedevd.aug
+/src/node_device/virtnodedevd.aug
+/src/node_device/virtnodedevd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -185,6 +188,7 @@
 /src/virtlockd
 /src/virtlogd
 /src/virtnetworkd
+/src/virtnodedevd
 /src/virtproxyd
 /src/virtsecretd
 /src/virtstoraged
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c34445090d..7519ebebcf 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1642,6 +1642,14 @@ exit 0
 %endif
 
 %files daemon-driver-nodedev
+%config(noreplace) %{_sysconfdir}/libvirt/virtnodedevd.conf
+%{_datadir}/augeas/lenses/virtnodedevd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnodedevd.aug
+%{_unitdir}/virtnodedevd.service
+%{_unitdir}/virtnodedevd.socket
+%{_unitdir}/virtnodedevd-ro.socket
+%{_unitdir}/virtnodedevd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnodedevd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
 
 %files daemon-driver-nwfilter
diff --git a/src/node_device/Makefile.inc.am b/src/node_device/Makefile.inc.am
index 3e04651e8c..e71b790735 100644
--- a/src/node_device/Makefile.inc.am
+++ b/src/node_device/Makefile.inc.am
@@ -64,4 +64,66 @@ libvirt_driver_nodedev_la_LIBADD += \
 endif WITH_UDEV
 
 libvirt_driver_nodedev_la_LIBADD += ../gnulib/lib/libgnu.la
+
+sbin_PROGRAMS += virtnodedevd
+
+nodist_conf_DATA += node_device/virtnodedevd.conf
+augeas_DATA += node_device/virtnodedevd.aug
+augeastest_DATA += node_device/test_virtnodedevd.aug
+CLEANFILES += node_device/virtnodedevd.aug
+
+virtnodedevd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtnodedevd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtnodedevd\"" \
+   -DMODULE_NAME="\"nodedev\"" \
+   $(NULL)
+virtnodedevd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtnodedevd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtnodedevd.service \
+   virtnodedevd.socket \
+   virtnodedevd-ro.socket \
+   virtnodedevd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   node_device/virtnodedevd.service.in \
+   $(NULL)
+
+VIRTNODEDEVD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt nodedev|g' \
+   -e 's|[@]service[@]|virtnodedevd|g' \
+   -e 's|[@]sockprefix[@]|virtnodedevd|g' \
+   $(NULL)
+
+virtnodedevd.service: node_device/virtnodedevd.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNODEDEVD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtnodedev%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNODEDEVD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+node_device/virtnodedevd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \
+   < $^ > $@
+
+node_device/virtnodedevd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnodedevd/' \
+   $< > $@
+
+node_device/test_virtnodedevd.aug: remote/test_libvirtd.aug.in \
+   node_device/virtnodedevd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) node_device/virtnodedevd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnodedevd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnodedevd/' \
+   > $@ || rm -f $@
+
 endif WITH_NODE_DEVICES
diff --git a/src/node_device/virtnodedevd.service.in 
b/src/node_device/virtnodedevd.service.in
new file mode 100644
index 00..132ee05a7f
--- /dev/null
+++ b/src/node_device/virtnodedevd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization nodedev daemon
+Conflicts=libvirtd.service
+Requires=virtnodedevd.socket
+Requires=virtnodedevd-ro.socket
+Requires=virtnodedevd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target

[libvirt] [PATCH v3 20/48] remote: introduce virtproxyd daemon to handle IP connectivity

[Daniel P . Berrangé]

The libvirtd daemon provides the traditional libvirt experience where
all the drivers are in a single daemon, and is accessible over both
local UNIX sockets and remote IP sockets.

In the new world we're having a set of per-driver daemons which will
primarily be accessed locally via their own UNIX sockets.

We still, however, need to allow for case of applications which will
connect to libvirt remotely. These remote connections can be done as
TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.

In the later case, the old libvirt.so clients will only know about
the path to the old libvirtd socket /var/run/libvirt/libvirt-sock,
and not the new driver sockets /var/run/libvirt/virtqemud-sock.

It is also not desirable to expose the main driver specific daemons
over IP directly to minimize their attack service.

Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets,
and back compat for the old libvirtd UNIX socket path(s). It will then
forward all RPC calls made to the appropriate driver specific daemon.

Essentially it is equivalent to the old libvirtd with absolutely no
drivers registered except for the remote driver (and other stateless
drivers in libvirt.so).

We could have modified libvirtd so none of the drivers are registed
to get the same end result. We could even add a libvirtd.conf parameter
to control whether the drivers are loaded to enable users to switch back
to the old world if we discover bugs in the split-daemon model. Using a
new daemon though has some advantages

 - We can make virtproxyd and the virtXXXd per-driver daemons all
   have "Conflicts: libvirtd.service" in their systemd unit files.
   This will guarantee that libvirtd is never started at the same
   time, as this would result in two daemons running the same driver.
   Fortunately drivers use locking to protect themselves, but it is
   better to avoid starting a daemon we know will conflict.

 - It allows us to break CLI compat to remove the --listen parameter.
   Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf
   will default to zero. Either TLS or TCP can be enabled exclusively
   though virtd.conf without requiring the extra step of adding --listen.

 - It allows us to set a strict SELinux policy over virtproxyd. For
   back compat the libvirtd policy must continue to allow all drivers
   to run. We can't easily give a second policy to libvirtd which
   locks it down. By introducing a new virtproxyd we can set a strict
   policy for that daemon only.

 - It gets rid of the wierd naming of having a daemon with "lib" in
   its name. Now all normal daemons libvirt ships will have "virt"
   as their prefix not "libvirt".

 - Distros can more easily choose their upgrade path. They can
   ship both sets of daemons in their packages, and choose to
   either enable libvirtd, or enable the per-driver daemons and
   virtproxyd out of the box. Users can easily override this if
   desired by just tweaking which systemd units are active.

After some time we can deprecate use of libvirtd and after some more
time delete it entirely, leaving us in a pretty world filled with
prancing unicorns.

The main downside with introducing a new daemon, and with the
per-driver daemons in general, is figuring out the correct upgrade
path.

The conservative option is to leave libvirtd running if it was
an existing installation. Only use the new daemons & virtproxyd
on completely new installs.

The aggressive option is to disable libvirtd if already running
and activate all the new daemons.

Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|   4 ++
 libvirt.spec.in   |  10 +++
 src/remote/Makefile.inc.am| 111 +++---
 src/remote/remote_daemon.c|  28 +---
 src/remote/remote_daemon_config.c |   6 +-
 src/remote/virtproxyd.service.in  |  24 +++
 6 files changed, 163 insertions(+), 20 deletions(-)
 create mode 100644 src/remote/virtproxyd.service.in

diff --git a/.gitignore b/.gitignore
index 4463660c85..05bc166860 100644
--- a/.gitignore
+++ b/.gitignore
@@ -161,6 +161,9 @@
 /src/remote/libvirtd.aug
 /src/remote/libvirtd.conf
 /src/remote/test_libvirtd.aug
+/src/remote/test_virtproxyd.aug
+/src/remote/virtproxyd.aug
+/src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
 /src/util/virkeycodetable*.h
@@ -168,6 +171,7 @@
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
+/src/virtproxyd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 045c0fed1a..c7f276b2bc 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1527,6 +1527,12 @@ exit 0
 %{_unitdir}/libvirtd-admin.socket
 %{_unitdir}/libvirtd-tcp.socket
 %{_unitdir}/libvirtd-tls.socket
+%{_unitdir}/virtproxyd.service
+%{_unitdir}/virtproxyd.socket
+%{_unitdir}/virtproxyd-ro.socket
+%{_unitdir}/virtproxyd-admin.socket
+%{_unitdir}/virtproxyd-tcp.socket

[libvirt] [PATCH v3 12/48] remote: conditionalize IP socket config in libvirtd.conf

[Daniel P . Berrangé]

Prepare for reusing libvirtd config to create other daemons by making
the config parameters for IP sockets conditionally defined by the make
rules.

The main libvirtd daemon will retain IP listen ability, but all the
driver specific daemons will be local UNIX sockets only. Apps needing
IP connectivity will connect via the libvirtd daemon which will proxy
to the driver specfic daemon.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  1 +
 src/remote/Makefile.inc.am| 16 +--
 .../{libvirtd.conf => libvirtd.conf.in}   | 42 +++
 src/remote/test_libvirtd.aug.in   |  2 +-
 4 files changed, 40 insertions(+), 21 deletions(-)
 rename src/remote/{libvirtd.conf => libvirtd.conf.in} (95%)

diff --git a/.gitignore b/.gitignore
index d75b24c743..a09f45af50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,6 +158,7 @@
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
+/src/remote/libvirtd.conf
 /src/remote/test_libvirtd.aug
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 2277bf49d2..93a7a6c14e 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -76,7 +76,7 @@ EXTRA_DIST += \
$(LIBVIRTD_SOURCES) \
remote/test_libvirtd.aug.in \
remote/libvirtd.aug \
-   remote/libvirtd.conf \
+   remote/libvirtd.conf.in \
remote/libvirtd.policy \
remote/libvirtd.rules \
remote/libvirtd.sasl \
@@ -93,6 +93,9 @@ MAINTAINERCLEANFILES += \
$(REMOTE_DRIVER_GENERATED) \
$(LIBVIRTD_GENERATED) \
$(NULL)
+CLEANFILES += \
+   remote/libvirtd.conf \
+   $(NULL)
 
 if WITH_REMOTE
 noinst_LTLIBRARIES += libvirt_driver_remote.la
@@ -128,7 +131,7 @@ augeas_DATA += remote/libvirtd.aug
 
 augeastest_DATA += remote/test_libvirtd.aug
 
-conf_DATA += remote/libvirtd.conf
+nodist_conf_DATA += remote/libvirtd.conf
 
 man8_MANS += libvirtd.8
 
@@ -179,6 +182,13 @@ libvirtd_LDADD += \
$(LIBSOCKET) \
$(NULL)
 
+remote/libvirtd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/d' \
+   -e '/[@]END[@]/d' \
+   -e 's|[@]DAEMON_NAME[@]|libvirtd|' \
+   < $< > $@
+
 INSTALL_DATA_DIRS += remote
 
 install-data-remote:
@@ -189,7 +199,7 @@ uninstall-data-remote:
 
 remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \
remote/libvirtd.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@
+   $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@
 
 if WITH_SYSCTL
 # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on
diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf.in
similarity index 95%
rename from src/remote/libvirtd.conf
rename to src/remote/libvirtd.conf.in
index b63b8d61b7..e351a8c190 100644
--- a/src/remote/libvirtd.conf
+++ b/src/remote/libvirtd.conf.in
@@ -1,13 +1,14 @@
 # Master libvirt daemon configuration file
 #
 
+@CUT_ENABLE_IP@
 #
 #
 # Network connectivity controls
 #
 
 # Flag listening for secure TLS connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
+# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
 # have any effect.
 #
 # This setting is not required or honoured if using systemd socket
@@ -20,7 +21,7 @@
 #listen_tls = 0
 
 # Listen for unencrypted TCP connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
+# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
 # have any effect.
 #
 # This setting is not required or honoured if using systemd socket
@@ -58,13 +59,14 @@
 # This setting is not required or honoured if using systemd socket
 # activation.
 #
-# If the libvirtd service is started in parallel with network
+# If the @DAEMON_NAME@ service is started in parallel with network
 # startup (e.g. with systemd), binding to addresses other than
 # the wildcards (0.0.0.0/::) might not be available yet.
 #
 #listen_addr = "192.168.0.1"
 
 
+@END@
 #
 #
 # UNIX socket access controls
@@ -157,6 +159,7 @@
 # If the unix_sock_rw_perms are changed you may wish to enable
 # an authentication mechanism here
 #auth_unix_rw = "none"
+@CUT_ENABLE_IP@
 
 # Change the authentication scheme for TCP sockets.
 #
@@ -174,6 +177,7 @@
 # It is possible to make use of any SASL authentication
 # mechanism as well, by using 'sasl' for this option
 #auth_tls = "none"
+@END@
 
 
 # Change the API access control scheme
@@ -182,10 +186,11 @@
 # to all APIs. Access drivers can place restrictions
 # on this. By default the 'nop' driver is enabled,

[libvirt] [PATCH v3 23/48] interface: introduce virtinterfaced daemon

[Daniel P . Berrangé]

The virtinterfaced daemon will be responsible for providing the interface API
driver functionality. The interface driver is still loaded by the main
libvirtd daemon at this stage, so virtinterfaced must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  4 ++
 libvirt.spec.in |  8 
 src/interface/Makefile.inc.am   | 62 +
 src/interface/virtinterfaced.service.in | 24 ++
 4 files changed, 98 insertions(+)
 create mode 100644 src/interface/virtinterfaced.service.in

diff --git a/.gitignore b/.gitignore
index 4101bb4564..c361d87868 100644
--- a/.gitignore
+++ b/.gitignore
@@ -120,6 +120,9 @@
 /src/admin/admin_server_dispatch_stubs.h
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
+/src/interface/test_virtinterfaced.aug
+/src/interface/virtinterfaced.aug
+/src/interface/virtinterfaced.conf
 /src/libvirt*.def
 /src/libvirt.syms
 /src/libvirt_access.syms
@@ -175,6 +178,7 @@
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
+/src/virtinterfaced
 /src/virtlockd
 /src/virtlogd
 /src/virtnetworkd
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 52a671d908..b4fab26ea4 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1609,6 +1609,14 @@ exit 0
 %ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
 
 %files daemon-driver-interface
+%config(noreplace) %{_sysconfdir}/libvirt/virtinterfaced.conf
+%{_datadir}/augeas/lenses/virtinterfaced.aug
+%{_datadir}/augeas/lenses/tests/test_virtinterfaced.aug
+%{_unitdir}/virtinterfaced.service
+%{_unitdir}/virtinterfaced.socket
+%{_unitdir}/virtinterfaced-ro.socket
+%{_unitdir}/virtinterfaced-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtinterfaced
 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
 
 %files daemon-driver-network
diff --git a/src/interface/Makefile.inc.am b/src/interface/Makefile.inc.am
index 339a92786b..4c989bebec 100644
--- a/src/interface/Makefile.inc.am
+++ b/src/interface/Makefile.inc.am
@@ -41,4 +41,66 @@ libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)
 libvirt_driver_interface_la_SOURCES += $(INTERFACE_DRIVER_UDEV_SOURCES)
 endif WITH_UDEV
 libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
+
+sbin_PROGRAMS += virtinterfaced
+
+nodist_conf_DATA += interface/virtinterfaced.conf
+augeas_DATA += interface/virtinterfaced.aug
+augeastest_DATA += interface/test_virtinterfaced.aug
+CLEANFILES += interface/virtinterfaced.aug
+
+virtinterfaced_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtinterfaced_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtinterfaced\"" \
+   -DMODULE_NAME="\"interface\"" \
+   $(NULL)
+virtinterfaced_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtinterfaced_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtinterfaced.service \
+   virtinterfaced.socket \
+   virtinterfaced-ro.socket \
+   virtinterfaced-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   interface/virtinterfaced.service.in \
+   $(NULL)
+
+VIRTINTERFACED_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt interface|g' \
+   -e 's|[@]service[@]|virtinterfaced|g' \
+   -e 's|[@]sockprefix[@]|virtinterfaced|g' \
+   $(NULL)
+
+virtinterfaced.service: interface/virtinterfaced.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtinterface%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTINTERFACED_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+interface/virtinterfaced.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \
+   < $^ > $@
+
+interface/virtinterfaced.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \
+   $< > $@
+
+interface/test_virtinterfaced.aug: remote/test_libvirtd.aug.in \
+   interface/virtinterfaced.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) interface/virtinterfaced.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtinterfaced/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtinterfaced/' \
+   > $@ || rm -f $@
+
 endif WITH_INTERFACE
diff --git a/src/interface/virtinterfaced.service.in 
b/src/interface/virtinterfaced.service.in
new file mode 100644
index 00..ff3a611d16
--- /dev/null
+++ b/src/interface/virtinterfaced.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization interface daemon
+Conflicts=libvirtd.service

[libvirt] [PATCH v3 13/48] remote: conditionalize IP socket config in augeas definitions

[Daniel P . Berrangé]

Prepare for reusing libvirtd augeas defintions with other daemons by
making the config parameters for IP sockets conditionally defined by
the make rules.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore   |  1 +
 src/remote/Makefile.inc.am   | 20 +--
 src/remote/{libvirtd.aug => libvirtd.aug.in} | 26 +---
 src/remote/test_libvirtd.aug.in  | 12 ++---
 4 files changed, 45 insertions(+), 14 deletions(-)
 rename src/remote/{libvirtd.aug => libvirtd.aug.in} (89%)

diff --git a/.gitignore b/.gitignore
index a09f45af50..4463660c85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,6 +158,7 @@
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
+/src/remote/libvirtd.aug
 /src/remote/libvirtd.conf
 /src/remote/test_libvirtd.aug
 /src/rpc/virkeepaliveprotocol.[ch]
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 93a7a6c14e..45dd6cc1cb 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -75,7 +75,7 @@ EXTRA_DIST += \
$(REMOTE_DRIVER_SOURCES) \
$(LIBVIRTD_SOURCES) \
remote/test_libvirtd.aug.in \
-   remote/libvirtd.aug \
+   remote/libvirtd.aug.in \
remote/libvirtd.conf.in \
remote/libvirtd.policy \
remote/libvirtd.rules \
@@ -133,6 +133,8 @@ augeastest_DATA += remote/test_libvirtd.aug
 
 nodist_conf_DATA += remote/libvirtd.conf
 
+CLEANFILES += remote/libvirtd.aug
+
 man8_MANS += libvirtd.8
 
 libvirtd_SOURCES = $(LIBVIRTD_SOURCES)
@@ -197,9 +199,23 @@ install-data-remote:
 uninstall-data-remote:
rmdir "$(DESTDIR)$(localstatedir)/log/libvirt" ||:
 
+remote/libvirtd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/d' \
+   -e '/[@]END[@]/d' \
+   -e 's|[@]DAEMON_NAME[@]|libvirtd|' \
+   -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \
+   $< > $@
+
 remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \
remote/libvirtd.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@
+   $(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \
+   -e '/[@]END[@]/d' \
+   -e 's|[@]DAEMON_NAME[@]|libvirtd|' \
+   -e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \
+   > $@ || rm -f $@
 
 if WITH_SYSCTL
 # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on
diff --git a/src/remote/libvirtd.aug b/src/remote/libvirtd.aug.in
similarity index 89%
rename from src/remote/libvirtd.aug
rename to src/remote/libvirtd.aug.in
index 0188c23dd7..eec3433f29 100644
--- a/src/remote/libvirtd.aug
+++ b/src/remote/libvirtd.aug.in
@@ -1,6 +1,6 @@
-(* /etc/libvirt/libvirtd.conf *)
+(* /etc/libvirt/@DAEMON_NAME@.conf *)
 
-module Libvirtd =
+module @DAEMON_NAME_UC@ =
autoload xfm
 
let eol   = del /[ \t]*\n/ "\n"
@@ -24,11 +24,13 @@ module Libvirtd =
 
 
(* Config entry grouped by function - same order as example config *)
+@CUT_ENABLE_IP@
let network_entry = bool_entry "listen_tls"
  | bool_entry "listen_tcp"
  | str_entry "tls_port"
  | str_entry "tcp_port"
  | str_entry "listen_addr"
+@END@
 
let sock_acl_entry = str_entry "unix_sock_group"
   | str_entry "unix_sock_ro_perms"
@@ -38,6 +40,7 @@ module Libvirtd =
 
let authentication_entry = str_entry "auth_unix_ro"
 | str_entry "auth_unix_rw"
+@CUT_ENABLE_IP@
 | str_entry "auth_tcp"
 | str_entry "auth_tls"
 
@@ -46,12 +49,14 @@ module Libvirtd =
  | str_entry "ca_file"
  | str_entry "crl_file"
 
-   let authorization_entry = bool_entry "tls_no_verify_certificate"
+   let tls_authorization_entry = bool_entry "tls_no_verify_certificate"
| bool_entry "tls_no_sanity_certificate"
| str_array_entry "tls_allowed_dn_list"
-   | str_array_entry "sasl_allowed_username_list"
-   | str_array_entry "access_drivers"
| str_entry "tls_priority"
+@END@
+
+   let misc_authorization_entry = str_array_entry "sasl_allowed_username_list"
+   | str_array_entry "access_drivers"
 
let processing_entry = int_entry "min_workers"
 | int_entry "max_workers"
@@ -87,11 +92,14 @@ module Libvirtd =
   | int_entry "ovs_timeout"
 
(* Each enty in the config is one of the following three ... *)
-   let entry = network_entry
- | sock_acl_entry
+   let entry = sock_acl_entry
  | authentication_entry

[libvirt] [PATCH v3 10/48] remote: conditionalize IP socket usage in libvirtd daemon

[Daniel P . Berrangé]

Prepare for reusing libvirtd source to create other daemons by making
the use of IP sockets conditionally defined by the make rules.

The main libvirtd daemon will retain IP listen ability, but all the
driver specific daemons will be local UNIX sockets only. Apps needing
IP connectivity will connect via the libvirtd daemon which will proxy
to the driver specfic daemon.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am|  1 +
 src/remote/remote_daemon.c| 39 ++-
 src/remote/remote_daemon_config.c | 36 
 src/remote/remote_daemon_config.h | 10 +++-
 4 files changed, 69 insertions(+), 17 deletions(-)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index b72186109a..2277bf49d2 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -148,6 +148,7 @@ libvirtd_CFLAGS = \
-I$(srcdir)/rpc \
-DSOCK_PREFIX="\"libvirt\"" \
-DDAEMON_NAME="\"libvirtd\"" \
+   -DENABLE_IP \
$(NULL)
 
 libvirtd_LDFLAGS = \
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 97621884b0..fadfc7c016 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -381,11 +381,13 @@ static int ATTRIBUTE_NONNULL(3)
 daemonSetupNetworking(virNetServerPtr srv,
   virNetServerPtr srvAdm,
   struct daemonConfig *config,
+#ifdef ENABLE_IP
+  bool ipsock,
+  bool privileged,
+#endif /* ! ENABLE_IP */
   const char *sock_path,
   const char *sock_path_ro,
-  const char *sock_path_adm,
-  bool ipsock,
-  bool privileged)
+  const char *sock_path_adm)
 {
 gid_t unix_sock_gid = 0;
 int unix_sock_ro_mask = 0;
@@ -397,15 +399,19 @@ daemonSetupNetworking(virNetServerPtr srv,
 { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path 
},
 { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = 
sock_path_ro },
 { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = 
sock_path_adm },
+#ifdef ENABLE_IP
 { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET },
 { .name = DAEMON_NAME "-tls.socket", .family = AF_INET },
+#endif /* ! ENABLE_IP */
 };
 
+#ifdef ENABLE_IP
 if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0)
 return -1;
 
 if ((actmap[4].port = virSocketAddrResolveService(config->tls_port)) < 0)
 return -1;
+#endif /* ! ENABLE_IP */
 
 if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), ) < 0)
 return -1;
@@ -470,6 +476,7 @@ daemonSetupNetworking(virNetServerPtr srv,
config->admin_max_client_requests) < 0)
 goto cleanup;
 
+#ifdef ENABLE_IP
 if (((ipsock && config->listen_tcp) || act) &&
 virNetServerAddServiceTCP(srv,
   act,
@@ -544,6 +551,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 }
 virObjectUnref(ctxt);
 }
+#endif /* ! ENABLE_IP */
 
 if (act &&
 virSystemdActivationComplete(act) < 0)
@@ -892,7 +900,9 @@ daemonUsage(const char *argv0, bool privileged)
 { "-h | --help", N_("Display program help") },
 { "-v | --verbose", N_("Verbose messages") },
 { "-d | --daemon", N_("Run as a daemon & write PID file") },
+#ifdef ENABLE_IP
 { "-l | --listen", N_("Listen for TCP/IP connections") },
+#endif /* ENABLE_IP */
 { "-t | --timeout ", N_("Exit after timeout period") },
 { "-f | --config ", N_("Configuration file") },
 { "-V | --version", N_("Display version information") },
@@ -929,6 +939,7 @@ daemonUsage(const char *argv0, bool privileged)
 LOCALSTATEDIR, SOCK_PREFIX);
 fprintf(stderr, "\n");
 
+#ifdef ENABLE_IP
 fprintf(stderr, "%s:\n", _("TLS"));
 fprintf(stderr, "  %s: %s\n",
 _("CA certificate"),
@@ -940,6 +951,7 @@ daemonUsage(const char *argv0, bool privileged)
 _("Server private key"),
 privileged ? LIBVIRT_SERVERKEY : 
"$HOME/.pki/libvirt/serverkey.pem");
 fprintf(stderr, "\n");
+#endif /* ENABLE_IP */
 
 fprintf(stderr, "%s:\n",
 _("PID file (unless overridden by -p)"));
@@ -966,7 +978,9 @@ int main(int argc, char **argv) {
 int timeout = -1;/* -t: Shutdown timeout */
 int verbose = 0;
 int godaemon = 0;
+#ifdef ENABLE_IP
 int ipsock = 0;
+#endif /* ! ENABLE_IP */
 struct daemonConfig *config;
 bool privileged = geteuid() == 0 ? true : false;
 bool implicit_conf = false;
@@ -976,7 +990,9 @@ int main(int argc, char **argv) {
 struct option opts[] = {
 { "verbose", no_argument, , 'v'},
 { "daemon", no_argument, , 'd'},
+#ifdef ENABLE_IP
  

[libvirt] [PATCH v3 22/48] network: introduce virtnetworkd daemon

[Daniel P . Berrangé]

The virtnetworkd daemon will be responsible for providing the network API
driver functionality. The network driver is still loaded by the main
libvirtd daemon at this stage, so virtnetworkd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  4 ++
 libvirt.spec.in |  8 
 src/network/Makefile.inc.am | 61 +
 src/network/virtnetworkd.service.in | 25 
 4 files changed, 98 insertions(+)
 create mode 100644 src/network/virtnetworkd.service.in

diff --git a/.gitignore b/.gitignore
index 162b017c4a..4101bb4564 100644
--- a/.gitignore
+++ b/.gitignore
@@ -154,6 +154,9 @@
 /src/lxc/lxc_monitor_protocol.h
 /src/lxc/lxc_protocol.[ch]
 /src/lxc/test_libvirtd_lxc.aug
+/src/network/test_virtnetworkd.aug
+/src/network/virtnetworkd.aug
+/src/network/virtnetworkd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -174,6 +177,7 @@
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
+/src/virtnetworkd
 /src/virtproxyd
 /src/virtsecretd
 /src/virt-guest-shutdown.target
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 7eeb2b4f07..52a671d908 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1612,6 +1612,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
 
 %files daemon-driver-network
+%config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf
+%{_datadir}/augeas/lenses/virtnetworkd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug
+%{_unitdir}/virtnetworkd.service
+%{_unitdir}/virtnetworkd.socket
+%{_unitdir}/virtnetworkd-ro.socket
+%{_unitdir}/virtnetworkd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnetworkd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
diff --git a/src/network/Makefile.inc.am b/src/network/Makefile.inc.am
index 23cf39b6f4..672142452e 100644
--- a/src/network/Makefile.inc.am
+++ b/src/network/Makefile.inc.am
@@ -49,6 +49,67 @@ libvirt_driver_network_impl_la_CFLAGS = \
 libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES)
 libvirt_driver_network_impl_la_LIBADD  = $(DBUS_LIBS) $(LIBXML_LIBS)
 
+sbin_PROGRAMS += virtnetworkd
+
+nodist_conf_DATA += network/virtnetworkd.conf
+augeas_DATA += network/virtnetworkd.aug
+augeastest_DATA += network/test_virtnetworkd.aug
+CLEANFILES += network/virtnetworkd.aug
+
+virtnetworkd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtnetworkd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtnetworkd\"" \
+   -DMODULE_NAME="\"network\"" \
+   $(NULL)
+virtnetworkd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtnetworkd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtnetworkd.service \
+   virtnetworkd.socket \
+   virtnetworkd-ro.socket \
+   virtnetworkd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   network/virtnetworkd.service.in \
+   $(NULL)
+
+VIRTNETWORKD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt network|g' \
+   -e 's|[@]service[@]|virtnetworkd|g' \
+   -e 's|[@]sockprefix[@]|virtnetworkd|g' \
+   $(NULL)
+
+virtnetworkd.service: network/virtnetworkd.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtnetwork%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTNETWORKD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+network/virtnetworkd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \
+   < $^ > $@
+
+network/virtnetworkd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \
+   $< > $@
+
+network/test_virtnetworkd.aug: remote/test_libvirtd.aug.in \
+   network/virtnetworkd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) network/virtnetworkd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtnetworkd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtnetworkd/' \
+   > $@ || rm -f $@
+
 libexec_PROGRAMS += libvirt_leaseshelper
 libvirt_leaseshelper_SOURCES = $(NETWORK_LEASES_HELPER_SOURCES)
 libvirt_leaseshelper_LDFLAGS = \
diff --git a/src/network/virtnetworkd.service.in 
b/src/network/virtnetworkd.service.in
new file mode 100644
index 00..656e8b4f84
--- /dev/null
+++ b/src/network/virtnetworkd.service.in
@@ -0,0 +1,25 @@
+[Unit]

[libvirt] [PATCH v3 09/48] remote: conditionalize driver loading in libvirtd daemon

[Daniel P . Berrangé]

Prepare for reusing libvirtd source to create other daemons by making
the driver(s) to load conditionally defined by the make rules.

If nothing is set, all drivers will be loaded, ignoring any missing ones
as historically done.

If MODULE_NAME is set only one driver will be loaded and that one must
succeed.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon.c | 55 +-
 1 file changed, 31 insertions(+), 24 deletions(-)

diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index f1daaeb944..97621884b0 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -311,60 +311,67 @@ static int daemonErrorLogFilter(virErrorPtr err, int 
priority)
 
 static int daemonInitialize(void)
 {
-/*
+#ifdef MODULE_NAME
+/* This a dedicated per-driver daemon build */
+if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0)
+return -1;
+#else
+/* This is the legacy monolithic libvirtd built with all drivers
+ *
  * Note that the order is important: the first ones have a higher
  * priority when calling virStateInitialize. We must register the
  * network, storage and nodedev drivers before any stateful domain
  * driver, since their resources must be auto-started before any
  * domains can be auto-started.
  */
-#ifdef WITH_NETWORK
+# ifdef WITH_NETWORK
 if (virDriverLoadModule("network", "networkRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_INTERFACE
+# endif
+# ifdef WITH_INTERFACE
 if (virDriverLoadModule("interface", "interfaceRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_SECRETS
+# endif
+# ifdef WITH_SECRETS
 if (virDriverLoadModule("secret", "secretRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_STORAGE
+# endif
+# ifdef WITH_STORAGE
 if (virDriverLoadModule("storage", "storageRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_NODE_DEVICES
+# endif
+# ifdef WITH_NODE_DEVICES
 if (virDriverLoadModule("nodedev", "nodedevRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_NWFILTER
+# endif
+# ifdef WITH_NWFILTER
 if (virDriverLoadModule("nwfilter", "nwfilterRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_LIBXL
+# endif
+# ifdef WITH_LIBXL
 if (virDriverLoadModule("libxl", "libxlRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_QEMU
+# endif
+# ifdef WITH_QEMU
 if (virDriverLoadModule("qemu", "qemuRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_LXC
+# endif
+# ifdef WITH_LXC
 if (virDriverLoadModule("lxc", "lxcRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_VBOX
+# endif
+# ifdef WITH_VBOX
 if (virDriverLoadModule("vbox", "vboxRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_BHYVE
+# endif
+# ifdef WITH_BHYVE
 if (virDriverLoadModule("bhyve", "bhyveRegister", false) < 0)
 return -1;
-#endif
-#ifdef WITH_VZ
+# endif
+# ifdef WITH_VZ
 if (virDriverLoadModule("vz", "vzRegister", false) < 0)
 return -1;
+# endif
 #endif
 return 0;
 }
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 21/48] secret: introduce virtsecretd daemon

[Daniel P . Berrangé]

The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore|  4 ++
 libvirt.spec.in   |  8 
 src/secret/Makefile.inc.am| 62 +++
 src/secret/virtsecretd.service.in | 24 
 4 files changed, 98 insertions(+)
 create mode 100644 src/secret/virtsecretd.service.in

diff --git a/.gitignore b/.gitignore
index 05bc166860..162b017c4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,12 +166,16 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c7f276b2bc..7eeb2b4f07 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a..5535fc5862 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD = \
$(NULL)
 libvirt_driver_secret_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS += virtsecretd
+
+nodist_conf_DATA += secret/virtsecretd.conf
+augeas_DATA += secret/virtsecretd.aug
+augeastest_DATA += secret/test_virtsecretd.aug
+CLEANFILES += secret/virtsecretd.aug
+
+virtsecretd_SOURCES = $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS = \
+   $(REMOTE_DAEMON_CFLAGS) \
+   -DDAEMON_NAME="\"virtsecretd\"" \
+   -DMODULE_NAME="\"secret\"" \
+   $(NULL)
+virtsecretd_LDFLAGS = $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD = $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES += \
+   virtsecretd.service \
+   virtsecretd.socket \
+   virtsecretd-ro.socket \
+   virtsecretd-admin.socket \
+   $(NULL)
+SYSTEMD_UNIT_FILES_IN += \
+   secret/virtsecretd.service.in \
+   $(NULL)
+
+VIRTSECRETD_UNIT_VARS = \
+   $(VIRTD_UNIT_VARS) \
+   -e 's|[@]name[@]|Libvirt secret|g' \
+   -e 's|[@]service[@]|virtsecretd|g' \
+   -e 's|[@]sockprefix[@]|virtsecretd|g' \
+   $(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in 
$(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+   $(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+   $(AM_V_GEN)sed \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+   < $^ > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+   $(AM_V_GEN)$(SED) \
+   -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+   $< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+   secret/virtsecretd.conf $(AUG_GENTEST)
+   $(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+   $(srcdir)/remote/test_libvirtd.aug.in | \
+   $(SED) -e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+   -e 's/[@]DAEMON_NAME[@]/virtsecretd/' \
+   -e 's/[@]DAEMON_NAME_UC[@]/Virtsecretd/' \
+   > $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in 
b/src/secret/virtsecretd.service.in
new file mode 100644
index 00..00cdc26b97
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=Virtualization secret daemon
+Conflicts=libvirtd.service
+Requires=virtsecretd.socket
+Requires=virtsecretd-ro.socket
+Requires=virtsecretd-admin.socket
+After=network.target
+After=dbus.service
+After=apparmor.service
+After=local-fs.target
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org
+
+[Service]
+Type=notify

[libvirt] [PATCH v3 08/48] remote: conditionalize daemon name in libvirtd daemon

[Daniel P . Berrangé]

Prepare for reusing libvirtd source to create other daemons by making
the daemon name conditionally defined by the make rules.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am|  1 +
 src/remote/remote_daemon.c| 50 +--
 src/remote/remote_daemon_config.c |  5 ++--
 3 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index ced940d3c1..b72186109a 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -147,6 +147,7 @@ libvirtd_CFLAGS = \
-I$(srcdir)/conf \
-I$(srcdir)/rpc \
-DSOCK_PREFIX="\"libvirt\"" \
+   -DDAEMON_NAME="\"libvirtd\"" \
$(NULL)
 
 libvirtd_LDFLAGS = \
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index f9d923b357..f1daaeb944 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -64,7 +64,11 @@
 
 #include "virdbus.h"
 
-VIR_LOG_INIT("daemon.libvirtd");
+VIR_LOG_INIT("daemon." DAEMON_NAME);
+
+#ifndef SOCK_PREFIX
+# define SOCK_PREFIX DAEMON_NAME
+#endif
 
 #if WITH_SASL
 virNetSASLContextPtr saslCtxt = NULL;
@@ -383,11 +387,11 @@ daemonSetupNetworking(virNetServerPtr srv,
 int ret = -1;
 VIR_AUTOPTR(virSystemdActivation) act = NULL;
 virSystemdActivationMap actmap[] = {
-{ .name = "libvirtd.socket", .family = AF_UNIX, .path = sock_path },
-{ .name = "libvirtd-ro.socket", .family = AF_UNIX, .path = 
sock_path_ro },
-{ .name = "libvirtd-admin.socket", .family = AF_UNIX, .path = 
sock_path_adm },
-{ .name = "libvirtd-tcp.socket", .family = AF_INET },
-{ .name = "libvirtd-tls.socket", .family = AF_INET },
+{ .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path 
},
+{ .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = 
sock_path_ro },
+{ .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = 
sock_path_adm },
+{ .name = DAEMON_NAME "-tcp.socket", .family = AF_INET },
+{ .name = DAEMON_NAME "-tls.socket", .family = AF_INET },
 };
 
 if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0)
@@ -421,7 +425,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 
 if (virNetServerAddServiceUNIX(srv,
act,
-   "libvirtd.socket",
+   DAEMON_NAME ".socket",
sock_path,
unix_sock_rw_mask,
unix_sock_gid,
@@ -434,7 +438,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 if (sock_path_ro &&
 virNetServerAddServiceUNIX(srv,
act,
-   "libvirtd-ro.socket",
+   DAEMON_NAME "-ro.socket",
sock_path_ro,
unix_sock_ro_mask,
unix_sock_gid,
@@ -448,7 +452,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 if (sock_path_adm &&
 virNetServerAddServiceUNIX(srvAdm,
act,
-   "libvirtd-admin.socket",
+   DAEMON_NAME "-admin.socket",
sock_path_adm,
unix_sock_adm_mask,
unix_sock_gid,
@@ -462,7 +466,7 @@ daemonSetupNetworking(virNetServerPtr srv,
 if (((ipsock && config->listen_tcp) || act) &&
 virNetServerAddServiceTCP(srv,
   act,
-  "libvirtd-tcp.socket",
+  DAEMON_NAME "-tcp.socket",
   config->listen_addr,
   config->tcp_port,
   AF_UNSPEC,
@@ -519,7 +523,7 @@ daemonSetupNetworking(virNetServerPtr srv,
   config->listen_addr, config->tls_port);
 if (virNetServerAddServiceTCP(srv,
   act,
-  "libvirtd-tls.socket",
+  DAEMON_NAME "-tls.socket",
   config->listen_addr,
   config->tls_port,
   AF_UNSPEC,
@@ -564,7 +568,7 @@ daemonSetupNetDevOpenvswitch(struct daemonConfig *config)
 
 /*
  * Set up the logging environment
- * By default if daemonized all errors go to the logfile libvirtd.log,
+ * By default if daemonized all errors go to journald/a logfile
  * but if verbose or error debugging is asked for then also output
  * informational and debug messages. Default size if 64 kB.
  */
@@ -577,7 +581,7 @@ daemonSetupLogging(struct daemonConfig *config,
 

[libvirt] [PATCH v3 04/48] build: use a common rule for checking augeas test data files

[Daniel P . Berrangé]

Instead of each subdir containing its own custom rule for checking the
augeas tests, use common rule for all.

The new rule searches both src + build dirs for include files, since
some augeas files will be auto-generated very shortly.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/Makefile.am | 18 +-
 src/bhyve/Makefile.inc.am   | 11 ---
 src/libxl/Makefile.inc.am   | 11 ---
 src/locking/Makefile.inc.am | 34 ++
 src/logging/Makefile.inc.am |  9 -
 src/lxc/Makefile.inc.am |  8 
 src/qemu/Makefile.inc.am|  8 
 src/remote/Makefile.inc.am  |  8 
 8 files changed, 15 insertions(+), 92 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 938c119f39..6bb33524cf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -74,7 +74,6 @@ GENERATED_SYM_FILES =
 augeas_DATA =
 augeastest_DATA =
 conf_DATA =
-AUGEAS_DIRS =
 if WITH_DTRACE_PROBES
 tapset_DATA =
 endif WITH_DTRACE_PROBES
@@ -397,13 +396,22 @@ GENERATED_SYM_FILES += \
 
 
 
-
-
-
+AUG_TEST_NAMES = $(subst /,-, $(augeastest_DATA))
 
 check-local: check-augeas
 
-check-augeas: $(AUGEAS_DIRS:%=check-augeas-%)
+check-augeas: $(augeas_DATA) $(augeastest_DATA)
+   $(AM_V_GEN) \
+   if test -x "$(AUGPARSE)"; then \
+   for f in $(augeastest_DATA); do \
+   DIR=$$(dirname "$$f"); \
+   FILE=$$(basename "$$f"); \
+   "$(AUGPARSE)" \
+   -I "$(srcdir)/$$DIR" -I "$(builddir)/$$DIR" \
+   "$$DIR/$$FILE"; \
+   done; \
+   fi
+.PHONY: check-augeas
 
 AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl
 
diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am
index 0aef5e17c7..8b662e9775 100644
--- a/src/bhyve/Makefile.inc.am
+++ b/src/bhyve/Makefile.inc.am
@@ -51,17 +51,10 @@ conf_DATA += bhyve/bhyve.conf
 augeas_DATA += bhyve/libvirtd_bhyve.aug
 augeastest_DATA += bhyve/test_libvirtd_bhyve.aug
 
-AUGEAS_DIRS += bhyve
-
 bhyve/test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \
$(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@
 
-check-augeas-bhyve: bhyve/test_libvirtd_bhyve.aug
-   $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/bhyve bhyve/test_libvirtd_bhyve.aug; \
-   fi
-
 endif WITH_BHYVE
 
 EXTRA_DIST += \
@@ -69,7 +62,3 @@ EXTRA_DIST += \
bhyve/libvirtd_bhyve.aug \
bhyve/test_libvirtd_bhyve.aug.in \
$(NULL)
-
-.PHONY: \
-   check-augeas-bhyve \
-   $(NULL)
diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am
index e73f34db8e..467c2720b2 100644
--- a/src/libxl/Makefile.inc.am
+++ b/src/libxl/Makefile.inc.am
@@ -69,17 +69,10 @@ conf_DATA += libxl/libxl.conf
 augeas_DATA += libxl/libvirtd_libxl.aug
 augeastest_DATA += libxl/test_libvirtd_libxl.aug
 
-AUGEAS_DIRS += libxl
-
 libxl/test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \
$(srcdir)/libxl/libxl.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@
 
-check-augeas-libxl: libxl/test_libvirtd_libxl.aug
-   $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/libxl libxl/test_libvirtd_libxl.aug; \
-   fi
-
 INSTALL_DATA_DIRS += libxl
 
 install-data-libxl:
@@ -94,10 +87,6 @@ uninstall-data-libxl:
 
 endif WITH_LIBXL
 
-.PHONY: \
-   check-augeas-libxl \
-   $(NULL)
-
 EXTRA_DIST += \
libxl/libxl.conf \
libxl/libvirtd_libxl.aug \
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 0f284faf25..24d83fdd80 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -227,16 +227,8 @@ locking/test_libvirt_sanlock.aug: 
locking/test_libvirt_sanlock.aug.in \
locking/qemu-sanlock.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< > $@
 
-check-augeas-sanlock: locking/test_libvirt_sanlock.aug
-   $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/locking 
locking/test_libvirt_sanlock.aug; \
-   fi
-else ! WITH_QEMU
-check-augeas-sanlock:
-endif ! WITH_QEMU
-else ! WITH_SANLOCK
-check-augeas-sanlock:
-endif ! WITH_SANLOCK
+endif WITH_QEMU
+endif WITH_SANLOCK
 
 if WITH_QEMU
 locking/test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \
@@ -248,33 +240,11 @@ locking/test_virtlockd.aug: locking/test_virtlockd.aug.in 
\
locking/virtlockd.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< > $@
 
-if WITH_QEMU
-check-augeas-lockd: locking/test_libvirt_lockd.aug
-   $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/locking locking/test_libvirt_lockd.aug; \
-   fi
-else ! WITH_QEMU
-check-augeas-lockd:
-endif ! WITH_QEMU
-

[libvirt] [PATCH v3 00/48] Split the libvirtd daemon into per-driver daemons

[Daniel P . Berrangé]

This is what all the driver refactoring I've done has been about
enabling.

We gain new daemons for each driver, for the primary virt drivers:

  virtlibxld
  virtlxcd
  virtqemud
  virtvboxd
  virtvzd

And again for the secondary drivers

  virtinterfaced
  virtnetworkd
  virtnodedevd
  virtnwfilterd
  virtsecretd
  virtstoraged

Finally to support IP connectivity, and also the legacy lbivirtd UNIX
domain socket (for the old libvirt remote driver SSH tunnelling):

  virtproxyd

The the sake of facilitating upgrades, the existing libvirtd still
exists and works the same way it always has.

You either run libvirtd, or you run the per-driver daemons, never both.

The remote driver will look to see whether libvirtd is running to figure
out whether to connect to libvirtd or the new per-driver daemons.

When auto-spawning daemons for nonroot users, we default to spawning the
per-driver daemons.

This can be controlled with a UR parameter "?mode=direct|legacy|auto",
where 'direct' means per-driver and 'legacy' means libvirtd (or indirect
via virtproxyd if that's running).

Changed in v3:

 - Add identity forwarding between daemons for polkit auth
 - Make virtxend sockets conditional on Xen kernel
 - Other misc review fixes

Changed in v2:

 - Added systemd unit files for service & sockets, ensuring
   conflicts with libvirtd
 - Fixed proxy to actually handle probing of URIs (still not
   quite perfect)
 - Renamed virtlibxld to virtxend as "xen" is the user facing
   name of the URI
 - Lazy loading of secondary drivers, so connecting to virtqemud
   does't auto-spawn all secondary driver daemons, until a
   relevant API is actually invoked
 - Actually generated config files / augeas files per daemon
 - Abort daemon startup if driver fails to load
 - Many other fixes

A few nice to have things, but not merge blocking

 - MAYBE make it possible to disable build of libvirtd, or of the per-driver
   daemons so downstream vendors can decide which to ship. Alternatively
   they can just not include the binary in the package file list ?
 - Tuning of the daemon defaults for worker threads to better suit
   the fact that we have per-driver daemons
 - More work on RPM packaging to allow install of per-driver daemosn
   without pulling in libvirtd too

Daniel P. Berrangé (48):
  build: make augeas-gentest.pl write to stdout
  build: collapse rules adding augeas tests to CLEANFILES
  build: create all augeas test files in same dir as their source
  build: use a common rule for checking augeas test data files
  build: centralize rule for handling generated config files
  remote: stop trying to print help as giant blocks of text
  remote: conditionalize socket names in libvirtd daemon
  remote: conditionalize daemon name in libvirtd daemon
  remote: conditionalize driver loading in libvirtd daemon
  remote: conditionalize IP socket usage in libvirtd daemon
  build: use @CONFIG@ instead of ::CONFIG:: in augeas tests
  remote: conditionalize IP socket config in libvirtd.conf
  remote: conditionalize IP socket config in augeas definitions
  remote: refactor & rename variables for building libvirtd
  build: don't hardcode /etc in the config related files
  remote: reduce duplication in systemd unit file make rules into one
  remote: conditionalize systemd socket unit files
  remote: refactor how list of systemd unit files is built
  remote: in per-driver daemons ensure that state initialize succeeds
  remote: introduce virtproxyd daemon to handle IP connectivity
  secret: introduce virtsecretd daemon
  network: introduce virtnetworkd daemon
  interface: introduce virtinterfaced daemon
  storage: introduce virtstoraged daemon
  nodedev: introduce virtnodedevd daemon
  nwfilter: introduce virtnwfilterd daemon
  libxl: introduce virtxend daemon
  qemu: introduce virtqemud daemon
  lxc: introduce virtlxcd daemon
  vbox: introduce virtvboxd daemon
  bhyve: introduce virtbhyved daemon
  vz: introduce virtvzd daemon
  admin: add ability to connect to the per-driver daemon sockets
  remote: get rid of bogus ATTRIBUTE_UNUSED annotation client param
  remote: change generated methods to not directly access connection
  remote: fix lock ordering mistake in event registration
  remote: change hand written methods to not directly access connection
  remote: open secondary drivers via remote driver if needed
  remote: handle autoprobing of driver within virtproxyd
  remote: use enum helpers for parsing remote driver transport
  remote: refactor the code for choosing the UNIX socket path
  remote: enable connecting to the per-driver daemons
  api: introduce virConnectSetIdentity for pasing uid, gid, selinux info
  util: change identity class attribute names
  util: make generic identity accessors private
  util: storage identity attrs as virTypedParameter internally
  util: allow identity to be imported/exported as typed parameters
  remote: pass identity across to newly opened daemons

 .gitignore|   62 +-
 

[libvirt] [PATCH v3 15/48] build: don't hardcode /etc in the config related files

[Daniel P . Berrangé]

Substitute in the @sysconfigdir@ value instead of /etc.

Signed-off-by: Daniel P. Berrangé 
---
 src/locking/Makefile.inc.am |  1 +
 src/locking/virtlockd.service.in|  2 +-
 src/logging/Makefile.inc.am |  1 +
 src/logging/virtlogd.service.in |  2 +-
 src/remote/Makefile.inc.am  |  8 
 src/remote/libvirtd-admin.socket.in |  2 +-
 src/remote/libvirtd-ro.socket.in|  2 +-
 src/remote/libvirtd-tcp.socket.in   |  2 +-
 src/remote/libvirtd-tls.socket.in   |  2 +-
 src/remote/libvirtd.aug.in  |  4 ++--
 src/remote/libvirtd.conf.in | 18 +-
 src/remote/libvirtd.service.in  |  2 +-
 src/remote/libvirtd.socket.in   |  2 +-
 src/remote/test_libvirtd.aug.in |  8 
 tools/libvirt-guests.service.in |  2 +-
 15 files changed, 34 insertions(+), 24 deletions(-)

diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 161410051c..bc1a05549a 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -258,6 +258,7 @@ locking/lock_daemon_dispatch_stubs.h: $(LOCK_PROTOCOL) \
 virtlockd.service: locking/virtlockd.service.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]sbindir[@]|$(sbindir)|g' \
+   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
< $< > $@-t && \
mv $@-t $@
 
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 3c9d587032..e7f8057c06 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlockd(8)
 Documentation=https://libvirt.org
 
 [Service]
-EnvironmentFile=-/etc/sysconfig/virtlockd
+EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd
 ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS
 ExecReload=/bin/kill -USR1 $MAINPID
 # Loosing the locks is a really bad thing that will
diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am
index f0c49330f5..18772fde2f 100644
--- a/src/logging/Makefile.inc.am
+++ b/src/logging/Makefile.inc.am
@@ -122,6 +122,7 @@ virtlogd.8.in: logging/virtlogd.pod
 virtlogd.service: logging/virtlogd.service.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]sbindir[@]|$(sbindir)|g' \
+   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
< $< > $@-t && \
mv $@-t $@
 
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 3d9ae36150..daff48e67d 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlogd(8)
 Documentation=https://libvirt.org
 
 [Service]
-EnvironmentFile=-/etc/sysconfig/virtlogd
+EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd
 ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
 ExecReload=/bin/kill -USR1 $MAINPID
 # Loosing the logs is a really bad thing that will
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 0ec7abb880..fc04af5cb5 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -194,6 +194,7 @@ remote/libvirtd.conf: remote/libvirtd.conf.in
$(AM_V_GEN)$(SED) \
-e '/[@]CUT_ENABLE_IP[@]/d' \
-e '/[@]END[@]/d' \
+   -e 's|[@]sysconfdir[@]|@sysconfdir@|' \
-e 's|[@]DAEMON_NAME[@]|libvirtd|' \
< $< > $@
 
@@ -209,6 +210,7 @@ remote/libvirtd.aug: remote/libvirtd.aug.in
$(AM_V_GEN)$(SED) \
-e '/[@]CUT_ENABLE_IP[@]/d' \
-e '/[@]END[@]/d' \
+   -e 's|[@]sysconfdir[@]|@sysconfdir@|' \
-e 's|[@]DAEMON_NAME[@]|libvirtd|' \
-e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \
$< > $@
@@ -219,6 +221,7 @@ remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \
$(srcdir)/remote/test_libvirtd.aug.in | \
$(SED) -e '/[@]CUT_ENABLE_IP[@]/d' \
-e '/[@]END[@]/d' \
+   -e 's|[@]sysconfdir[@]|@sysconfdir@|' \
-e 's|[@]DAEMON_NAME[@]|libvirtd|' \
-e 's|[@]DAEMON_NAME_UC[@]|Libvirtd|' \
> $@ || rm -f $@
@@ -300,30 +303,35 @@ libvirtd.service: remote/libvirtd.service.in 
$(top_builddir)/config.status
 libvirtd.socket: remote/libvirtd.socket.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
< $< > $@-t && \
mv $@-t $@
 
 libvirtd-ro.socket: remote/libvirtd-ro.socket.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+   -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
< $< > $@-t && \
mv $@-t $@
 
 libvirtd-admin.socket: remote/libvirtd-admin.socket.in 
$(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+   -e 

[libvirt] [PATCH v3 18/48] remote: refactor how list of systemd unit files is built

[Daniel P . Berrangé]

The make logic assumes that the SYSTEMD_UNIT_FILES var can be built from
SYSTEMD_UNIT_FILES_IN by simply dropping the directory prefix and the
.in suffix.

This won't work in future when a single .in unit file can be used to
generate multiple different units.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/Makefile.am | 2 +-
 src/locking/Makefile.inc.am | 5 -
 src/logging/Makefile.inc.am | 5 -
 src/remote/Makefile.inc.am  | 5 -
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index b4544b12a7..5bbd85ecef 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -82,6 +82,7 @@ RPC_PROBE_FILES =
 LOGROTATE_FILES_IN =
 PODFILES =
 MANINFILES =
+SYSTEMD_UNIT_FILES =
 SYSTEMD_UNIT_FILES_IN =
 SYSCONF_FILES =
 sbin_PROGRAMS =
@@ -838,7 +839,6 @@ if WITH_LIBVIRTD
 if LIBVIRT_INIT_SCRIPT_SYSTEMD
 
 SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-SYSTEMD_UNIT_FILES = $(notdir $(SYSTEMD_UNIT_FILES_IN:%.in=%))
 
 BUILT_SOURCES += $(SYSTEMD_UNIT_FILES)
 DISTCLEANFILES += $(SYSTEMD_UNIT_FILES)
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index bc1a05549a..37d0e79f40 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -77,12 +77,15 @@ MANINFILES += virtlockd.8.in
 CLEANFILES += $(man8_MANS)
 MAINTAINERCLEANFILES += $(MANINFILES)
 
-SYSTEMD_UNIT_FILES_IN += \
+VIRTLOCKD_UNIT_FILES_IN = \
locking/virtlockd.service.in \
locking/virtlockd.socket.in \
locking/virtlockd-admin.socket.in \
$(NULL)
 
+SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOCKD_UNIT_FILES_IN:%.in=%))
+SYSTEMD_UNIT_FILES_IN += $(VIRTLOCKD_UNIT_FILES_IN)
+
 lockdriverdir = $(libdir)/libvirt/lock-driver
 lockdriver_LTLIBRARIES =
 
diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am
index 18772fde2f..b952021d00 100644
--- a/src/logging/Makefile.inc.am
+++ b/src/logging/Makefile.inc.am
@@ -50,12 +50,15 @@ PODFILES += logging/virtlogd.pod
 MANINFILES += virtlogd.8.in
 SYSCONF_FILES += logging/virtlogd.sysconf
 
-SYSTEMD_UNIT_FILES_IN += \
+VIRTLOGD_UNIT_FILES_IN = \
logging/virtlogd.service.in \
logging/virtlogd.socket.in \
logging/virtlogd-admin.socket.in \
$(NULL)
 
+SYSTEMD_UNIT_FILES += $(notdir $(VIRTLOGD_UNIT_FILES_IN:%.in=%))
+SYSTEMD_UNIT_FILES_IN += $(VIRTLOGD_UNIT_FILES_IN)
+
 if WITH_LIBVIRTD
 sbin_PROGRAMS += virtlogd
 
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 0e9c0b9e1b..c9c3c7203a 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -89,7 +89,7 @@ SYSCONF_FILES += remote/libvirtd.sysconf
 PODFILES += remote/libvirtd.pod
 MANINFILES += libvirtd.8.in
 
-SYSTEMD_UNIT_FILES_IN += \
+LIBVIRTD_UNIT_FILES_IN = \
remote/libvirtd.service.in \
remote/libvirtd.socket.in \
remote/libvirtd-ro.socket.in \
@@ -99,6 +99,9 @@ SYSTEMD_UNIT_FILES_IN += \
remote/virt-guest-shutdown.target.in \
$(NULL)
 
+SYSTEMD_UNIT_FILES += $(notdir $(LIBVIRTD_UNIT_FILES_IN:%.in=%))
+SYSTEMD_UNIT_FILES_IN += $(LIBVIRTD_UNIT_FILES_IN)
+
 REMOTE_PROTOCOL = $(srcdir)/remote/remote_protocol.x
 LXC_PROTOCOL = $(srcdir)/remote/lxc_protocol.x
 QEMU_PROTOCOL = $(srcdir)/remote/qemu_protocol.x
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 05/48] build: centralize rule for handling generated config files

[Daniel P . Berrangé]

Instead of adding generated config files to CLEANFILES and BUILT_SOURCES
in each makefile, add them all at once.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/Makefile.am | 3 +++
 src/locking/Makefile.inc.am | 8 
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 6bb33524cf..255e8e2b57 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -144,6 +144,9 @@ moddir = $(libdir)/libvirt/connection-driver
 confdir = $(sysconfdir)/libvirt
 conf_DATA += libvirt.conf libvirt-admin.conf
 
+CLEANFILES += $(nodist_conf_DATA)
+BUILT_SOURCES += $(nodist_conf_DATA)
+
 augeasdir = $(datadir)/augeas/lenses
 
 augeastestdir = $(datadir)/augeas/lenses/tests
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 24d83fdd80..161410051c 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -116,14 +116,10 @@ endif WITH_SASL
 if WITH_QEMU
 augeastest_DATA += locking/test_libvirt_lockd.aug
 nodist_conf_DATA += locking/qemu-lockd.conf
-BUILT_SOURCES += locking/qemu-lockd.conf
-DISTCLEANFILES += locking/qemu-lockd.conf
 endif WITH_QEMU
 
 if WITH_LIBXL
 nodist_conf_DATA += locking/libxl-lockd.conf
-BUILT_SOURCES += locking/libxl-lockd.conf
-DISTCLEANFILES += locking/libxl-lockd.conf
 endif WITH_LIBXL
 
 sbin_PROGRAMS += virtlockd
@@ -171,14 +167,10 @@ augeas_DATA += locking/libvirt_sanlock.aug
 if WITH_QEMU
 augeastest_DATA += locking/test_libvirt_sanlock.aug
 nodist_conf_DATA += locking/qemu-sanlock.conf
-BUILT_SOURCES += locking/qemu-sanlock.conf
-DISTCLEANFILES += locking/qemu-sanlock.conf
 endif WITH_QEMU
 
 if WITH_LIBXL
 nodist_conf_DATA += locking/libxl-sanlock.conf
-BUILT_SOURCES += locking/libxl-sanlock.conf
-DISTCLEANFILES += locking/libxl-sanlock.conf
 endif WITH_LIBXL
 
 libexec_PROGRAMS += libvirt_sanlock_helper
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 01/48] build: make augeas-gentest.pl write to stdout

[Daniel P . Berrangé]

The augeas-gentest.pl program merges a config file into a augeas
file, saving the output to a new file. It is going to be useful
to further process the output file, and it would be easier if this can
be done with a pipeline, so change augeas-gentest.pl to write to stdout
instead of a file.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 build-aux/augeas-gentest.pl | 20 ++--
 src/bhyve/Makefile.inc.am   |  2 +-
 src/libxl/Makefile.inc.am   |  2 +-
 src/locking/Makefile.inc.am |  6 +++---
 src/logging/Makefile.inc.am |  2 +-
 src/lxc/Makefile.inc.am |  2 +-
 src/qemu/Makefile.inc.am|  2 +-
 src/remote/Makefile.inc.am  |  2 +-
 8 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/build-aux/augeas-gentest.pl b/build-aux/augeas-gentest.pl
index 567fc651f3..faf2fd593e 100755
--- a/build-aux/augeas-gentest.pl
+++ b/build-aux/augeas-gentest.pl
@@ -20,17 +20,10 @@
 use strict;
 use warnings;
 
-die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
+die "syntax: $0 CONFIG TEMPLATE\n" unless @ARGV == 2;
 
 my $config = shift @ARGV;
 my $template = shift @ARGV;
-my $augtest = shift @ARGV;
-
-open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
-
-$SIG{__DIE__} = sub {
-unlink $augtest;
-};
 
 open CONFIG, "<", $config or die "cannot read $config: $!";
 open TEMPLATE, "<", $template or die "cannot read $template: $!";
@@ -39,12 +32,12 @@ my $group = 0;
 while () {
 if (/::CONFIG::/) {
 my $group = 0;
-print AUGTEST "  let conf = \"";
+print "  let conf = \"";
 while () {
 if (/^#\w/) {
 s/^#//;
 s/\"/\\\"/g;
-print AUGTEST $_;
+print $_;
 $group = /\[\s$/;
 } elsif ($group) {
 s/\"/\\\"/g;
@@ -53,16 +46,15 @@ while () {
 }
 if (/^#/) {
 s/^#//;
-print AUGTEST $_;
+print $_;
 }
 }
 }
-print AUGTEST "\"\n";
+print "\"\n";
 } else {
-print AUGTEST $_;
+print $_;
 }
 }
 
 close TEMPLATE;
 close CONFIG;
-close AUGTEST or die "cannot save $augtest: $!";
diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am
index 36af5d7504..6e8e6ad5d8 100644
--- a/src/bhyve/Makefile.inc.am
+++ b/src/bhyve/Makefile.inc.am
@@ -55,7 +55,7 @@ AUGEAS_DIRS += bhyve
 
 test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \
$(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< $@
+   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@
 
 check-augeas-bhyve: test_libvirtd_bhyve.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am
index 7f60b449d8..abc65ede2c 100644
--- a/src/libxl/Makefile.inc.am
+++ b/src/libxl/Makefile.inc.am
@@ -74,7 +74,7 @@ AUGEAS_DIRS += libxl
 
 test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \
$(srcdir)/libxl/libxl.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< $@
+   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@
 
 check-augeas-libxl: test_libvirtd_libxl.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 46ab11c2a9..c44f74a529 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -228,7 +228,7 @@ if WITH_SANLOCK
 if WITH_QEMU
 test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \
locking/qemu-sanlock.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< $@
+   $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< > $@
 
 check-augeas-sanlock: test_libvirt_sanlock.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
@@ -244,14 +244,14 @@ endif ! WITH_SANLOCK
 if WITH_QEMU
 test_libvirt_lockd.aug: locking/test_libvirt_lockd.aug.in \
locking/qemu-lockd.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $< $@
+   $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-lockd.conf $< > $@
 else ! WITH_QEMU
 test_libvirt_lockd.aug:
 endif ! WITH_QEMU
 
 test_virtlockd.aug: locking/test_virtlockd.aug.in \
locking/virtlockd.conf $(AUG_GENTEST)
-   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< $@
+   $(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/locking/virtlockd.conf $< > $@
 
 if WITH_QEMU
 check-augeas-lockd: test_libvirt_lockd.aug
diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am
index d57394cbde..8527890eb0 100644
--- a/src/logging/Makefile.inc.am
+++ b/src/logging/Makefile.inc.am
@@ -101,7 +101,7 @@ augeastest_DATA += test_virtlogd.aug
 
 test_virtlogd.aug: logging/test_virtlogd.aug.in \
logging/virtlogd.conf 

[libvirt] [PATCH v3 07/48] remote: conditionalize socket names in libvirtd daemon

[Daniel P . Berrangé]

Prepare for reusing libvirtd source to create other daemons by making
the socket names conditionally defined by the make rules.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/remote/Makefile.inc.am |  1 +
 src/remote/remote_daemon.c | 34 +-
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 0400dabad9..ced940d3c1 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -146,6 +146,7 @@ libvirtd_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
-I$(srcdir)/rpc \
+   -DSOCK_PREFIX="\"libvirt\"" \
$(NULL)
 
 libvirtd_LDFLAGS = \
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 69385af1c4..f9d923b357 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -221,19 +221,25 @@ daemonUnixSocketPaths(struct daemonConfig *config,
 char *rundir = NULL;
 
 if (config->unix_sock_dir) {
-if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 
0)
+if (virAsprintf(sockfile, "%s/%s-sock",
+SOCK_PREFIX, config->unix_sock_dir) < 0)
 goto cleanup;
 
 if (privileged) {
-if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", 
config->unix_sock_dir) < 0 ||
-virAsprintf(admsockfile, "%s/libvirt-admin-sock", 
config->unix_sock_dir) < 0)
+if (virAsprintf(rosockfile, "%s/%s-sock-ro",
+SOCK_PREFIX, config->unix_sock_dir) < 0 ||
+virAsprintf(admsockfile, "%s/%s-admin-sock",
+SOCK_PREFIX, config->unix_sock_dir) < 0)
 goto cleanup;
 }
 } else {
 if (privileged) {
-if (VIR_STRDUP(*sockfile, LOCALSTATEDIR 
"/run/libvirt/libvirt-sock") < 0 ||
-VIR_STRDUP(*rosockfile, LOCALSTATEDIR 
"/run/libvirt/libvirt-sock-ro") < 0 ||
-VIR_STRDUP(*admsockfile, LOCALSTATEDIR 
"/run/libvirt/libvirt-admin-sock") < 0)
+if (virAsprintf(sockfile, "%s/run/libvirt/%s-sock",
+LOCALSTATEDIR, SOCK_PREFIX) < 0 ||
+virAsprintf(sockfile, "%s/run/libvirt/%s-sock-ro",
+LOCALSTATEDIR, SOCK_PREFIX) < 0 ||
+virAsprintf(sockfile, "%s/run/libvirt/%s-admin-sock",
+LOCALSTATEDIR, SOCK_PREFIX) < 0)
 goto cleanup;
 } else {
 mode_t old_umask;
@@ -248,8 +254,10 @@ daemonUnixSocketPaths(struct daemonConfig *config,
 }
 umask(old_umask);
 
-if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 ||
-virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0)
+if (virAsprintf(sockfile, "%s/%s-sock",
+rundir, SOCK_PREFIX) < 0 ||
+virAsprintf(admsockfile, "%s/%s-admin-sock",
+rundir, SOCK_PREFIX) < 0)
 goto cleanup;
 }
 }
@@ -902,12 +910,12 @@ daemonUsage(const char *argv0, bool privileged)
 fprintf(stderr, "\n");
 
 fprintf(stderr, "%s:\n", _("Sockets"));
-fprintf(stderr, "  %s\n",
-privileged ? LOCALSTATEDIR "/run/libvirt/libvirt-sock" :
-"$XDG_RUNTIME_DIR/libvirt/libvirt-sock");
+fprintf(stderr, "  %s/libvirt/%s-sock\n",
+privileged ? LOCALSTATEDIR "/run" : "$XDG_RUNTIME_DIR",
+SOCK_PREFIX);
 if (privileged)
-fprintf(stderr, "  %s\n",
-LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro");
+fprintf(stderr, "  %s/run/libvirt/%s-sock-ro\n",
+LOCALSTATEDIR, SOCK_PREFIX);
 fprintf(stderr, "\n");
 
 fprintf(stderr, "%s:\n", _("TLS"));
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 11/48] build: use @CONFIG@ instead of ::CONFIG:: in augeas tests

[Daniel P . Berrangé]

Using @VARNAME@ is a normal style of automake, so lets match that.

Signed-off-by: Daniel P. Berrangé 
---
 build-aux/augeas-gentest.pl | 2 +-
 src/bhyve/test_libvirtd_bhyve.aug.in| 2 +-
 src/libxl/test_libvirtd_libxl.aug.in| 2 +-
 src/locking/test_libvirt_lockd.aug.in   | 2 +-
 src/locking/test_libvirt_sanlock.aug.in | 2 +-
 src/locking/test_virtlockd.aug.in   | 2 +-
 src/logging/test_virtlogd.aug.in| 2 +-
 src/lxc/test_libvirtd_lxc.aug.in| 2 +-
 src/qemu/test_libvirtd_qemu.aug.in  | 2 +-
 src/remote/test_libvirtd.aug.in | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/build-aux/augeas-gentest.pl b/build-aux/augeas-gentest.pl
index faf2fd593e..65834b533b 100755
--- a/build-aux/augeas-gentest.pl
+++ b/build-aux/augeas-gentest.pl
@@ -30,7 +30,7 @@ open TEMPLATE, "<", $template or die "cannot read $template: 
$!";
 
 my $group = 0;
 while () {
-if (/::CONFIG::/) {
+if (/\@CONFIG\@/) {
 my $group = 0;
 print "  let conf = \"";
 while () {
diff --git a/src/bhyve/test_libvirtd_bhyve.aug.in 
b/src/bhyve/test_libvirtd_bhyve.aug.in
index f28e58614d..ec932b4b11 100644
--- a/src/bhyve/test_libvirtd_bhyve.aug.in
+++ b/src/bhyve/test_libvirtd_bhyve.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirtd_bhyve =
-  ::CONFIG::
+  @CONFIG@
 
   test Libvirtd_bhyve.lns get conf =
 { "firmware_dir" = "/usr/local/share/uefi-firmware" }
diff --git a/src/libxl/test_libvirtd_libxl.aug.in 
b/src/libxl/test_libvirtd_libxl.aug.in
index 372a43f94a..ac37de67eb 100644
--- a/src/libxl/test_libvirtd_libxl.aug.in
+++ b/src/libxl/test_libvirtd_libxl.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirtd_libxl =
-  ::CONFIG::
+  @CONFIG@
 
test Libvirtd_libxl.lns get conf =
 { "autoballoon" = "1" }
diff --git a/src/locking/test_libvirt_lockd.aug.in 
b/src/locking/test_libvirt_lockd.aug.in
index 52b37541cb..0f3b57eb34 100644
--- a/src/locking/test_libvirt_lockd.aug.in
+++ b/src/locking/test_libvirt_lockd.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirt_lockd =
-  ::CONFIG::
+  @CONFIG@
 
test Libvirt_lockd.lns get conf =
 { "auto_disk_leases" = "0" }
diff --git a/src/locking/test_libvirt_sanlock.aug.in 
b/src/locking/test_libvirt_sanlock.aug.in
index 7f66f8192b..5eabb6726d 100644
--- a/src/locking/test_libvirt_sanlock.aug.in
+++ b/src/locking/test_libvirt_sanlock.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirt_sanlock =
-  ::CONFIG::
+  @CONFIG@
 
test Libvirt_sanlock.lns get conf =
 { "auto_disk_leases" = "1" }
diff --git a/src/locking/test_virtlockd.aug.in 
b/src/locking/test_virtlockd.aug.in
index f2f6979ef5..fad0c418b9 100644
--- a/src/locking/test_virtlockd.aug.in
+++ b/src/locking/test_virtlockd.aug.in
@@ -1,5 +1,5 @@
 module Test_virtlockd =
-   ::CONFIG::
+   @CONFIG@
 
test Virtlockd.lns get conf =
 { "log_level" = "3" }
diff --git a/src/logging/test_virtlogd.aug.in b/src/logging/test_virtlogd.aug.in
index a29e7e3730..cd5b0d91f8 100644
--- a/src/logging/test_virtlogd.aug.in
+++ b/src/logging/test_virtlogd.aug.in
@@ -1,5 +1,5 @@
 module Test_virtlogd =
-   ::CONFIG::
+   @CONFIG@
 
test Virtlogd.lns get conf =
 { "log_level" = "3" }
diff --git a/src/lxc/test_libvirtd_lxc.aug.in b/src/lxc/test_libvirtd_lxc.aug.in
index 3eb25aa292..68db2e1c86 100644
--- a/src/lxc/test_libvirtd_lxc.aug.in
+++ b/src/lxc/test_libvirtd_lxc.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirtd_lxc =
-  ::CONFIG::
+  @CONFIG@
 
test Libvirtd_lxc.lns get conf =
 { "log_with_libvirtd" = "1" }
diff --git a/src/qemu/test_libvirtd_qemu.aug.in 
b/src/qemu/test_libvirtd_qemu.aug.in
index b3b44d42d9..9f81759cb5 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirtd_qemu =
-  ::CONFIG::
+  @CONFIG@
 
test Libvirtd_qemu.lns get conf =
 { "default_tls_x509_cert_dir" = "/etc/pki/qemu" }
diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in
index ad6450a569..6c51b7b9e7 100644
--- a/src/remote/test_libvirtd.aug.in
+++ b/src/remote/test_libvirtd.aug.in
@@ -1,5 +1,5 @@
 module Test_libvirtd =
-   ::CONFIG::
+   @CONFIG@
 
test Libvirtd.lns get conf =
 { "listen_tls" = "0" }
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 06/48] remote: stop trying to print help as giant blocks of text

[Daniel P . Berrangé]

The remote daemon tries to print out its help text in a couple of giant
blocks of text. This has already lead to duplication of the text for the
privileged vs unprivileged execution mode. With the introduction of more
daemons, this text is going to be duplicated many more times with small
variations. This is very unfriendly to translators as they have to
translate approximately the same text many times with small tweaks.

Splitting the text up into individual strings to print means that each
piece will only need translating once. It also gets rid of all the
layout information from the translated strings, so avoids the problem of
translators breaking formatting by mistake.

Signed-off-by: Daniel P. Berrangé 
---
 src/remote/remote_daemon.c | 128 ++---
 src/remote/remote_driver.h |   1 -
 2 files changed, 64 insertions(+), 65 deletions(-)

diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index d887b7abfb..69385af1c4 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -859,75 +859,75 @@ daemonSetupHostUUID(const struct daemonConfig *config)
 return 0;
 }
 
+typedef struct {
+const char *opts;
+const char *help;
+} virOptionHelp;
+
 /* Print command-line usage. */
 static void
 daemonUsage(const char *argv0, bool privileged)
 {
-fprintf(stderr,
-_("\n"
-  "Usage:\n"
-  "  %s [options]\n"
-  "\n"
-  "Options:\n"
-  "  -h | --helpDisplay program help:\n"
-  "  -v | --verbose Verbose messages.\n"
-  "  -d | --daemon  Run as a daemon & write PID file.\n"
-  "  -l | --listen  Listen for TCP/IP connections.\n"
-  "  -t | --timeout   Exit after timeout period.\n"
-  "  -f | --configConfiguration file.\n"
-  "  -V | --version Display version information.\n"
-  "  -p | --pid-file  Change name of PID file.\n"
-  "\n"
-  "libvirt management daemon:\n"),
-argv0);
+size_t i;
+virOptionHelp opthelp[] = {
+{ "-h | --help", N_("Display program help") },
+{ "-v | --verbose", N_("Verbose messages") },
+{ "-d | --daemon", N_("Run as a daemon & write PID file") },
+{ "-l | --listen", N_("Listen for TCP/IP connections") },
+{ "-t | --timeout ", N_("Exit after timeout period") },
+{ "-f | --config ", N_("Configuration file") },
+{ "-V | --version", N_("Display version information") },
+{ "-p | --pid-file ", N_("Change name of PID file") },
+};
 
-if (privileged) {
-fprintf(stderr,
-_("\n"
-  "  Default paths:\n"
-  "\n"
-  "Configuration file (unless overridden by -f):\n"
-  "  %s\n"
-  "\n"
-  "Sockets:\n"
-  "  %s\n"
-  "  %s\n"
-  "\n"
-  "TLS:\n"
-  "  CA certificate: %s\n"
-  "  Server certificate: %s\n"
-  "  Server private key: %s\n"
-  "\n"
-  "PID file (unless overridden by -p):\n"
-  "  %s/run/libvirtd.pid\n"
-  "\n"),
-LIBVIRTD_CONFIGURATION_FILE,
-LIBVIRTD_PRIV_UNIX_SOCKET,
-LIBVIRTD_PRIV_UNIX_SOCKET_RO,
-LIBVIRT_CACERT,
-LIBVIRT_SERVERCERT,
-LIBVIRT_SERVERKEY,
-LOCALSTATEDIR);
-} else {
-fprintf(stderr, "%s",
-_("\n"
-  "  Default paths:\n"
-  "\n"
-  "Configuration file (unless overridden by -f):\n"
-  "  $XDG_CONFIG_HOME/libvirt/libvirtd.conf\n"
-  "\n"
-  "Sockets:\n"
-  "  $XDG_RUNTIME_DIR/libvirt/libvirt-sock\n"
-  "\n"
-  "TLS:\n"
-  "  CA certificate: $HOME/.pki/libvirt/cacert.pem\n"
-  "  Server certificate: 
$HOME/.pki/libvirt/servercert.pem\n"
-  "  Server private key: 
$HOME/.pki/libvirt/serverkey.pem\n"
-  "\n"
-  "PID file:\n"
-  "  $XDG_RUNTIME_DIR/libvirt/libvirtd.pid\n"
-  "\n"));
-}
+fprintf(stderr, "\n");
+fprintf(stderr, "%s:\n", _("Usage"));
+fprintf(stderr, "  %s [%s]\n", argv0, _("options"));
+fprintf(stderr, "\n");
+
+fprintf(stderr, "%s:\n", _("Options"));
+for (i = 0; i < ARRAY_CARDINALITY(opthelp); i++)
+fprintf(stderr, "  %-22s %s\n", opthelp[i].opts, N_(opthelp[i].help));
+fprintf(stderr, "\n");
+
+fprintf(stderr, "%s:\n", _("libvirt management daemon"));
+
+

[libvirt] [PATCH v3 02/48] build: collapse rules adding augeas tests to CLEANFILES

[Daniel P . Berrangé]

We already have a variable that lists all augeas test files, so we can
add everything to CLEANFILES at once.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 src/Makefile.am | 1 +
 src/libxl/Makefile.inc.am   | 1 -
 src/locking/Makefile.inc.am | 4 +---
 src/logging/Makefile.inc.am | 2 --
 src/lxc/Makefile.inc.am | 1 -
 src/qemu/Makefile.inc.am| 1 -
 src/remote/Makefile.inc.am  | 2 --
 7 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 4a8cae11dc..938c119f39 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -149,6 +149,7 @@ augeasdir = $(datadir)/augeas/lenses
 
 augeastestdir = $(datadir)/augeas/lenses/tests
 
+CLEANFILES += $(augeastest_DATA)
 
 # Internal generic driver infrastructure
 DATATYPES_SOURCES = datatypes.h datatypes.c
diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am
index abc65ede2c..cfe136f07e 100644
--- a/src/libxl/Makefile.inc.am
+++ b/src/libxl/Makefile.inc.am
@@ -68,7 +68,6 @@ libvirt_driver_libxl_impl_la_SOURCES = $(LIBXL_DRIVER_SOURCES)
 conf_DATA += libxl/libxl.conf
 augeas_DATA += libxl/libvirtd_libxl.aug
 augeastest_DATA += test_libvirtd_libxl.aug
-CLEANFILES += test_libvirtd_libxl.aug
 
 AUGEAS_DIRS += libxl
 
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index c44f74a529..2c53cff190 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -74,7 +74,7 @@ SYSCONF_FILES += locking/virtlockd.sysconf
 PODFILES += locking/virtlockd.pod
 MANINFILES += virtlockd.8.in
 
-CLEANFILES += test_virtlockd.aug $(man8_MANS)
+CLEANFILES += $(man8_MANS)
 MAINTAINERCLEANFILES += $(MANINFILES)
 
 SYSTEMD_UNIT_FILES_IN += \
@@ -115,7 +115,6 @@ endif WITH_SASL
 
 if WITH_QEMU
 augeastest_DATA += test_libvirt_lockd.aug
-CLEANFILES += test_libvirt_lockd.aug
 nodist_conf_DATA += locking/qemu-lockd.conf
 BUILT_SOURCES += locking/qemu-lockd.conf
 DISTCLEANFILES += locking/qemu-lockd.conf
@@ -171,7 +170,6 @@ augeas_DATA += locking/libvirt_sanlock.aug
 
 if WITH_QEMU
 augeastest_DATA += test_libvirt_sanlock.aug
-CLEANFILES += test_libvirt_sanlock.aug
 nodist_conf_DATA += locking/qemu-sanlock.conf
 BUILT_SOURCES += locking/qemu-sanlock.conf
 DISTCLEANFILES += locking/qemu-sanlock.conf
diff --git a/src/logging/Makefile.inc.am b/src/logging/Makefile.inc.am
index 8527890eb0..bf89c47b3b 100644
--- a/src/logging/Makefile.inc.am
+++ b/src/logging/Makefile.inc.am
@@ -46,8 +46,6 @@ MAINTAINERCLEANFILES += \
$(LOG_DAEMON_GENERATED) \
$(NULL)
 
-CLEANFILES += test_virtlogd.aug
-
 PODFILES += logging/virtlogd.pod
 MANINFILES += virtlogd.8.in
 SYSCONF_FILES += logging/virtlogd.sysconf
diff --git a/src/lxc/Makefile.inc.am b/src/lxc/Makefile.inc.am
index 1c0b715a2f..df8d5db110 100644
--- a/src/lxc/Makefile.inc.am
+++ b/src/lxc/Makefile.inc.am
@@ -157,7 +157,6 @@ conf_DATA += lxc/lxc.conf
 
 augeas_DATA += lxc/libvirtd_lxc.aug
 augeastest_DATA += test_libvirtd_lxc.aug
-CLEANFILES += test_libvirtd_lxc.aug
 
 AUGEAS_DIRS += lxc
 
diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index e8c7d4b5b1..69aaeb46c2 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -116,7 +116,6 @@ conf_DATA += qemu/qemu.conf
 
 augeas_DATA += qemu/libvirtd_qemu.aug
 augeastest_DATA += test_libvirtd_qemu.aug
-CLEANFILES += test_libvirtd_qemu.aug
 
 AUGEAS_DIRS += qemu
 
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index 4f706f9743..7d5c90cff1 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -130,8 +130,6 @@ augeastest_DATA += test_libvirtd.aug
 
 conf_DATA += remote/libvirtd.conf
 
-CLEANFILES += test_libvirtd.aug
-
 man8_MANS += libvirtd.8
 
 libvirtd_SOURCES = $(LIBVIRTD_SOURCES)
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v3 03/48] build: create all augeas test files in same dir as their source

[Daniel P . Berrangé]

The current make rules are inconsistent about which directory the
augeas test files are created in. Put them all in the same dir as
their source.

Reviewed-by: Andrea Bolognani 
Signed-off-by: Daniel P. Berrangé 
---
 .gitignore  |  8 +---
 src/bhyve/Makefile.inc.am   |  8 
 src/libxl/Makefile.inc.am   |  8 
 src/locking/Makefile.inc.am | 29 +
 src/logging/Makefile.inc.am |  8 
 src/lxc/Makefile.inc.am |  8 
 src/qemu/Makefile.inc.am|  8 
 src/remote/Makefile.inc.am  |  8 
 8 files changed, 42 insertions(+), 43 deletions(-)

diff --git a/.gitignore b/.gitignore
index 727bfdb6ec..d75b24c743 100644
--- a/.gitignore
+++ b/.gitignore
@@ -135,6 +135,7 @@
 /src/libvirt_lxc
 /src/libvirtd
 /src/libvirtd*.logrotate
+/src/libxl/test_libvirtd_libxl.aug
 /src/locking/libxl-lockd.conf
 /src/locking/libxl-sanlock.conf
 /src/locking/lock_daemon_dispatch_stubs.h
@@ -142,8 +143,11 @@
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
+/src/locking/test_libvirt_lockd.aug
+/src/locking/test_virtlockd.aug
 /src/logging/log_daemon_dispatch_stubs.h
 /src/logging/log_protocol.[ch]
+/src/logging/test_virtlogd.aug
 /src/lxc/lxc_controller_dispatch.h
 /src/lxc/lxc_monitor_dispatch.h
 /src/lxc/lxc_monitor_protocol.c
@@ -154,11 +158,9 @@
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
+/src/remote/test_libvirtd.aug
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
-/src/test_libvirt*.aug
-/src/test_virtlockd.aug
-/src/test_virtlogd.aug
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
diff --git a/src/bhyve/Makefile.inc.am b/src/bhyve/Makefile.inc.am
index 6e8e6ad5d8..0aef5e17c7 100644
--- a/src/bhyve/Makefile.inc.am
+++ b/src/bhyve/Makefile.inc.am
@@ -49,17 +49,17 @@ libvirt_driver_bhyve_impl_la_SOURCES = 
$(BHYVE_DRIVER_SOURCES)
 
 conf_DATA += bhyve/bhyve.conf
 augeas_DATA += bhyve/libvirtd_bhyve.aug
-augeastest_DATA += test_libvirtd_bhyve.aug
+augeastest_DATA += bhyve/test_libvirtd_bhyve.aug
 
 AUGEAS_DIRS += bhyve
 
-test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \
+bhyve/test_libvirtd_bhyve.aug: bhyve/test_libvirtd_bhyve.aug.in \
$(srcdir)/bhyve/bhyve.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/bhyve/bhyve.conf $< > $@
 
-check-augeas-bhyve: test_libvirtd_bhyve.aug
+check-augeas-bhyve: bhyve/test_libvirtd_bhyve.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/bhyve test_libvirtd_bhyve.aug; \
+   '$(AUGPARSE)' -I $(srcdir)/bhyve bhyve/test_libvirtd_bhyve.aug; \
fi
 
 endif WITH_BHYVE
diff --git a/src/libxl/Makefile.inc.am b/src/libxl/Makefile.inc.am
index cfe136f07e..e73f34db8e 100644
--- a/src/libxl/Makefile.inc.am
+++ b/src/libxl/Makefile.inc.am
@@ -67,17 +67,17 @@ libvirt_driver_libxl_impl_la_SOURCES = 
$(LIBXL_DRIVER_SOURCES)
 
 conf_DATA += libxl/libxl.conf
 augeas_DATA += libxl/libvirtd_libxl.aug
-augeastest_DATA += test_libvirtd_libxl.aug
+augeastest_DATA += libxl/test_libvirtd_libxl.aug
 
 AUGEAS_DIRS += libxl
 
-test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \
+libxl/test_libvirtd_libxl.aug: libxl/test_libvirtd_libxl.aug.in \
$(srcdir)/libxl/libxl.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libxl/libxl.conf $< > $@
 
-check-augeas-libxl: test_libvirtd_libxl.aug
+check-augeas-libxl: libxl/test_libvirtd_libxl.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-   '$(AUGPARSE)' -I $(srcdir)/libxl test_libvirtd_libxl.aug; \
+   '$(AUGPARSE)' -I $(srcdir)/libxl libxl/test_libvirtd_libxl.aug; \
fi
 
 INSTALL_DATA_DIRS += libxl
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 2c53cff190..0f284faf25 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -114,7 +114,7 @@ lockd_la_CFLAGS += \
 endif WITH_SASL
 
 if WITH_QEMU
-augeastest_DATA += test_libvirt_lockd.aug
+augeastest_DATA += locking/test_libvirt_lockd.aug
 nodist_conf_DATA += locking/qemu-lockd.conf
 BUILT_SOURCES += locking/qemu-lockd.conf
 DISTCLEANFILES += locking/qemu-lockd.conf
@@ -169,7 +169,7 @@ sanlock_la_LIBADD = -lsanlock_client libvirt.la 
../gnulib/lib/libgnu.la
 augeas_DATA += locking/libvirt_sanlock.aug
 
 if WITH_QEMU
-augeastest_DATA += test_libvirt_sanlock.aug
+augeastest_DATA += locking/test_libvirt_sanlock.aug
 nodist_conf_DATA += locking/qemu-sanlock.conf
 BUILT_SOURCES += locking/qemu-sanlock.conf
 DISTCLEANFILES += locking/qemu-sanlock.conf
@@ -201,8 +201,7 @@ man8_MANS += virtlockd.8
 conf_DATA += locking/virtlockd.conf
 
 augeas_DATA += locking/virtlockd.aug
-augeastest_DATA += test_virtlockd.aug
-
+augeastest_DATA += locking/test_virtlockd.aug
 
 INSTALL_DATA_DIRS += locking
 
@@ -224,13 +223,13 @@ endif WITH_SANLOCK
 
 if WITH_SANLOCK
 if WITH_QEMU
-test_libvirt_sanlock.aug: 

Re: [libvirt] [PATCH 40/41] remote: switch to connect to per-driver daemons by default

[Andrea Bolognani]

On Mon, 2019-07-29 at 16:49 +0100, Daniel P. Berrangé wrote:
> On Mon, Jul 29, 2019 at 02:32:31PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > > -if (virAsprintf(,
> > > -"%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0)
> > > +if (virAsprintf(, "%s/%s-sock",
> > > +userdir, sock_prefix) < 0)
> > 
> > I kinda just noticed, but don't we support R/O connections in
> > session mode?
> 
> The client app is required to be the same user ID as the daemon.
> As such there's no meaningful security separation between the
> two from a DAC pov, so R/O socket was deemed to be a waste of
> time.
> 
> If you had SELinux strictly locking things down it could be
> considered slightly more secure, but no one has ever cared
> enough to enable it.

Alright.

> 
> 
> > > +if (!direct_sock_name) {
> > > +virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > > +   _("Cannot use direct socket mode if no URI is 
> > > set"));
> > > +return NULL;
> > > +}
> > 
> > Is the error message accurate? We should be way past making sure we
> > have a URI to work with by now.
> 
> We'll only hit  direct_sock_name == NULL, if driver == NULL.
> 
> We'll only hit driver == NULL, if the original URI was NULL.

Okay.

> > > +#ifndef WIN32
> > > +static const char *
> > > +remoteGetDaemonPathEnv(void)
> > > +{
> > > +/* We prefer a VIRTD_PATH env var to use for all daemons,
> > > + * but if it is not set we will fallback to LIBVIRTD_PATH
> > > + * for previous behaviour
> > > + */
> > > +if (virGetEnvBlockSUID("VIRTD_PATH") != NULL) {
> > > +return "VIRTD_PATH";
> > > +} else {
> > > +return "LIBVIRTD_PATH";
> > > +}
> > > +}
> > > +#endif /* WIN32 */
> > 
> > I don't think this function needs to be guarded by 'ifndef WIN32':
> > we already do so at the call site, and AFAICT there's nothing in the
> > helper itself that warrants compiling it out on Windows.
> 
> It is a static function, so will trigger an unused  function warning.

You've convinced me, so

  Reviewed-by: Andrea Bolognani 

if you address the style issues and most importantly switch the
default mode to legacy.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] mingw pollution of DATADIR vs. configmake.h [was: [PATCH v10 08/19] backup: Parse and output checkpoint XML]

[Eric Blake]

[adding bug-gnulib]

On 7/24/19 12:55 AM, Eric Blake wrote:
> Add a new file checkpoint_conf.c that performs the translation to and
> from new XML describing a checkpoint. The code shares a common base
> class with snapshots, since a checkpoint similarly represents the
> domain state at a moment in time. Add some basic testing of round trip
> XML handling through the new code.

> +++ b/src/conf/checkpoint_conf.c

> +#include 
> +
> +#include "configmake.h"
> +#include "internal.h"
> +#include "virbitmap.h"
> +#include "virbuffer.h"
> +#include "datatypes.h"

This causes a compilation failure on mingw, due to libvirt's
"datatypes.h" including  after the point at which gnulib's
"configmake.h" has already #define'd DATADIR into a string, but mingw's
winsock.h tries to use DATADIR as a data-type tag name:

make  all-am
make[1]: Entering directory '/home/berrange/src/virt/libvirt/src'
  CC   conf/libvirt_conf_la-checkpoint_conf.lo
In file included from
/usr/i686-w64-mingw32/sys-root/mingw/include/objbase.h:66,
 from
/usr/i686-w64-mingw32/sys-root/mingw/include/ole2.h:17,
 from
/usr/i686-w64-mingw32/sys-root/mingw/include/wtypes.h:12,
 from
/usr/i686-w64-mingw32/sys-root/mingw/include/winscard.h:10,
 from
/usr/i686-w64-mingw32/sys-root/mingw/include/windows.h:97,
 from
/usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:23,
 from ../gnulib/lib/unistd.h:48,
 from ./driver.h:24,
 from ./datatypes.h:26,
 from conf/checkpoint_conf.c:28:
/usr/i686-w64-mingw32/sys-root/mingw/include/objidl.h:12275:2: error:
expected identifier or '(' before string constant
 } DATADIR;
  ^
make[1]: *** [Makefile:10127: conf/libvirt_conf_la-checkpoint_conf.lo]
Error 1



And it's not the first time libvirt has run into this issue; I've found
the following commits in 2015 that worked around it:
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=976abdf6
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=bd205a90

Gnulib should work around this: perhaps "configmake.h" should include
 first when built on mingw, as that is sufficient to trigger
enough other headers to be included such that a later inclusion of
 after "configmake.h" no longer runs into an issue with the
DATADIR pollution breaking compilation, or perhaps gnulib can wrap
 in such a way that it no longer depends on a tag name
DATADIR.  In the meantime, I'll push an obvious fix to libvirt to
reorder the header inclusions to work around the problem.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 40/41] remote: switch to connect to per-driver daemons by default

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 02:32:31PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> [...]
> > If connecting to a remote host over any kind of ssh tunnel, for now we
> > must assume only the legacy socket exists. A future patch will introduce
> > a netcat replacement that is tailored for libvirt to make remote
> > tunnelling easier.
> > 
> > The configure arg '--with-remote-default-mode=legacy|direct' allows
> > packagers to set a default at build time. If not given, it will default
> > to direct mode.
> > 
> > In RPM builds this is overriden, because before we can default to the
> > new daemons, we must get SELinux policy written & the timeframe for that
> > is unclear at this stage.


> > @@ -758,21 +776,126 @@ remoteGetUNIXSocket(remoteDriverTransport transport,
> >  if (!(userdir = virGetUserRuntimeDirectory()))
> >  return NULL;
> >  
> > -if (virAsprintf(,
> > -"%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0)
> > +if (virAsprintf(, "%s/%s-sock",
> > +userdir, sock_prefix) < 0)
> 
> I kinda just noticed, but don't we support R/O connections in
> session mode?

The client app is required to be the same user ID as the daemon.
As such there's no meaningful security separation between the
two from a DAC pov, so R/O socket was deemed to be a waste of
time.

If you had SELinux strictly locking things down it could be
considered slightly more secure, but no one has ever cared
enough to enable it.


> > +if (!direct_sock_name) {
> > +virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > +   _("Cannot use direct socket mode if no URI is 
> > set"));
> > +return NULL;
> > +}
> 
> Is the error message accurate? We should be way past making sure we
> have a URI to work with by now.

We'll only hit  direct_sock_name == NULL, if driver == NULL.

We'll only hit driver == NULL, if the original URI was NULL.


> > +#ifndef WIN32
> > +static const char *
> > +remoteGetDaemonPathEnv(void)
> > +{
> > +/* We prefer a VIRTD_PATH env var to use for all daemons,
> > + * but if it is not set we will fallback to LIBVIRTD_PATH
> > + * for previous behaviour
> > + */
> > +if (virGetEnvBlockSUID("VIRTD_PATH") != NULL) {
> > +return "VIRTD_PATH";
> > +} else {
> > +return "LIBVIRTD_PATH";
> > +}
> > +}
> > +#endif /* WIN32 */
> 
> I don't think this function needs to be guarded by 'ifndef WIN32':
> we already do so at the call site, and AFAICT there's nothing in the
> helper itself that warrants compiling it out on Windows.

It is a static function, so will trigger an unused  function warning.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 19/41] remote: introduce virtproxyd daemon to handle IP connectivity

[Andrea Bolognani]

On Mon, 2019-07-29 at 13:30 +0100, Daniel P. Berrangé wrote:
> On Sun, Jul 28, 2019 at 04:42:52PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> > > +[Install]
> > > +WantedBy=multi-user.target
> > > +Also=virtproxyd.socket
> > > +Also=virtproxyd-ro.socket
> > 
> > Kind of a side note since it's pre-existing, but don't we want to
> > list virtproxyd-admin.socket here too?
> 
> It is redundant - the deps force virtproxyd-admin.socket to become
> enabled regardless.

Hm, yeah: we either want this to be socket activated, in which case
we'd have to enable the various sockets but not the service, or we
want it to start at boot, in which case enabling the sockets is
unnecessary.

Can you please drop the Also= lines for this as well as all other
virt*d.service files then?

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 19/41] remote: introduce virtproxyd daemon to handle IP connectivity

[Jim Fehlig]

On 7/23/19 10:02 AM, Daniel P. Berrangé  wrote:
> The libvirtd daemon provides the traditional libvirt experience where
> all the drivers are in a single daemon, and is accessible over both
> local UNIX sockets and remote IP sockets.
> 
> In the new world we're having a set of per-driver daemons which will
> primarily be accessed locally via their own UNIX sockets.
> 
> We still, however, need to allow for case of applications which will
> connect to libvirt remotely. These remote connections can be done as
> TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.
> 
> In the later case, the old libvirt.so clients will only know about
> the path to the old libvirtd socket /var/run/libvirt/libvirt-sock,
> and not the new driver sockets /var/run/libvirt/virtqemud-sock.
> 
> It is also not desirable to expose the main driver specific daemons
> over IP directly to minimize their attack service.
> 
> Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets,
> and back compat for the old libvirtd UNIX socket path(s). It will then
> forward all RPC calls made to the appropriate driver specific daemon.
> 
> Essentially it is equivalent to the old libvirtd with absolutely no
> drivers registered except for the remote driver (and other stateless
> drivers in libvirt.so).
> 
> We could have modified libvirtd so none of the drivers are registed
> to get the same end result. We could even add a libvirtd.conf parameter
> to control whether the drivers are loaded to enable users to switch back
> to the old world if we discover bugs in the split-daemon model. Using a
> new daemon though has some advantages
> 
>   - We can make virtproxyd and the virtXXXd per-driver daemons all
> have "Conflicts: libvirtd.service" in their systemd unit files.
> This will guarantee that libvirtd is never started at the same
> time, as this would result in two daemons running the same driver.
> Fortunately drivers use locking to protect themselves, but it is
> better to avoid starting a daemon we know will conflict.
> 
>   - It allows us to break CLI compat to remove the --listen parameter.
> Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf
> will default to zero. Either TLS or TCP can be enabled exclusively
> though virtd.conf without requiring the extra step of adding --listen.
> 
>   - It allows us to set a strict SELinux policy over virtproxyd. For
> back compat the libvirtd policy must continue to allow all drivers
> to run. We can't easily give a second policy to libvirtd which
> locks it down. By introducing a new virtproxyd we can set a strict
> policy for that daemon only.

Reading this paragraph reminds me that the apparmor profiles will need 
adjusting 
too.

Regards,
Jim

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] commandtest: Remove commandhelper.log in test27

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 04:17:17PM +0200, Michal Privoznik wrote:
> The recently added test27 spawns commandhelper. This is fine,
> except, one of the things that commandhelper does is it records
> arguments it was spawn with into commandhelper.log. Other test
> cases then use checkoutput() to compare the arguments against the
> expected ones and also unlink() the log file. However, test27()
> is not doing that and thus it leaves the file behind. This
> breaks distcheck.
> 
> Signed-off-by: Michal Privoznik 
> ---
> 
> Another approach would be to explicitly just unlink() the file somewhere
> in the cleanup label. But I figured, comparing the args and unlinking
> the file afterwards is more robust check IMO.
> 
>  tests/commanddata/test27.log | 20 
>  tests/commandtest.c  |  3 +++
>  2 files changed, 23 insertions(+)
>  create mode 100644 tests/commanddata/test27.log

Reviewed-by: Daniel P. Berrangé 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 17/41] remote: refactor how list of systemd unit files is built

[Andrea Bolognani]

On Mon, 2019-07-29 at 13:17 +0100, Daniel P. Berrangé wrote:
> On Fri, Jul 26, 2019 at 08:01:52PM +0200, Andrea Bolognani wrote:
> > Again IIUC there's nothing really stopping us from generating
> > virtqemud*.service from libvirtd*.service.in, or at least from
> > a common virtd*.service.in, since eg. virtqemud.service.in and
> > virtlxcd.service.in are basically identical - it's just that you
> > haven't unified the generation rules yet.
> 
> I'm was not anticipating sharing the service.in file, as many of
> the parameters will be driver specific.

It doesn't look to me like there's much more that's driver-specific
in the .service files than there is in the .socket files, and we're
generating the latter from a single template.

But it doesn't really matter anyway, as I said if there's room for
reducing duplication we can just do that after the fact :)

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] commandtest: Remove commandhelper.log in test27

[Michal Privoznik]

The recently added test27 spawns commandhelper. This is fine,
except, one of the things that commandhelper does is it records
arguments it was spawn with into commandhelper.log. Other test
cases then use checkoutput() to compare the arguments against the
expected ones and also unlink() the log file. However, test27()
is not doing that and thus it leaves the file behind. This
breaks distcheck.

Signed-off-by: Michal Privoznik 
---

Another approach would be to explicitly just unlink() the file somewhere
in the cleanup label. But I figured, comparing the args and unlinking
the file afterwards is more robust check IMO.

 tests/commanddata/test27.log | 20 
 tests/commandtest.c  |  3 +++
 2 files changed, 23 insertions(+)
 create mode 100644 tests/commanddata/test27.log

diff --git a/tests/commanddata/test27.log b/tests/commanddata/test27.log
new file mode 100644
index 00..40b2627c07
--- /dev/null
+++ b/tests/commanddata/test27.log
@@ -0,0 +1,20 @@
+ARG:--readfd
+ARG:5
+ARG:--readfd
+ARG:7
+ENV:DISPLAY=:0.0
+ENV:HOME=/home/test
+ENV:HOSTNAME=test
+ENV:LANG=C
+ENV:LOGNAME=test
+ENV:PATH=/usr/bin:/bin
+ENV:TMPDIR=/tmp
+ENV:USER=test
+FD:0
+FD:1
+FD:2
+FD:5
+FD:7
+DAEMON:no
+CWD:/tmp
+UMASK:0022
diff --git a/tests/commandtest.c b/tests/commandtest.c
index dfd15a2079..d7ab588969 100644
--- a/tests/commandtest.c
+++ b/tests/commandtest.c
@@ -1231,6 +1231,9 @@ static int test27(const void *unused ATTRIBUTE_UNUSED)
 goto cleanup;
 }
 
+if (checkoutput("test27", NULL) < 0)
+goto cleanup;
+
 ret = 0;
 
  cleanup:
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 36/41] remote: open secondary drivers via remote driver if needed

[Andrea Bolognani]

On Mon, 2019-07-29 at 14:46 +0100, Daniel P. Berrangé wrote:
> On Mon, Jul 29, 2019 at 10:33:08AM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > > +VIR_DEBUG("Pointing secondary drivers to primary");
> > > +priv->interfaceConn = virObjectRef(priv->conn);
> > > +priv->networkConn = virObjectRef(priv->conn);
> > > +priv->nodedevConn = virObjectRef(priv->conn);
> > > +priv->nwfilterConn = virObjectRef(priv->conn);
> > > +priv->secretConn = virObjectRef(priv->conn);
> > > +priv->storageConn = virObjectRef(priv->conn);
> > 
> > Do we even need this code for the non-libvirtd case? We have listed
> > all drivers, primary and secondary, above, so I can't think of any
> > valid reason we'd end up here unless there's a bug, and in that case
> > we'd just be masking it, no?
> 
> It is handling the remote driver case for virtproxyd, but we could
> make that more explicit.

Yeah, that'd be great! I didn't realize that was the case at all.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 35/41] remote: change hand written methods to not directly access connection

[Andrea Bolognani]

On Mon, 2019-07-29 at 14:36 +0100, Daniel P. Berrangé wrote:
> On Sun, Jul 28, 2019 at 08:19:40PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > [...]
> > > +++ b/src/remote/remote_daemon_dispatch.c
> > > @@ -4210,14 +4128,13 @@ 
> > > remoteDispatchConnectDomainEventRegister(virNetServerPtr server 
> > > ATTRIBUTE_UNUSED
> > >  daemonClientEventCallbackPtr ref;
> > >  struct daemonClientPrivate *priv =
> > >  virNetServerClientGetPrivateData(client);
> > > -
> > > -if (!priv->conn) {
> > > -virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not 
> > > open"));
> > > -goto cleanup;
> > > -}
> > > +virConnectPtr conn = remoteGetHypervisorConn(client);
> > >  
> > >  virMutexLock(>lock);
> > >  
> > > +if (!conn)
> > > +goto cleanup;
> > > +
> > 
> > Shouldn't this be *before* the virMutexLock() call? As far as I can
> > tell, that would match the existing behavior...
> 
> Looking at this I think the original code is broken. The "cleanup:"
> label calls virMutexUnlock().  So the original code was jumping to
> the cleanup label with an unlocked mutex and then unlocking it again.

Yeah, I thought the same but I'm not too familiar with this part of
libvirt. If the existing code is wrong, then I think we should have
a preparatory patch addressing the issue and only replace direct
struct member access with use of the newly-introduced helper function
in this one. What do you think?

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 34/41] remote: change generated methods to not directly access connection

[Andrea Bolognani]

On Mon, 2019-07-29 at 14:33 +0100, Daniel P. Berrangé wrote:
> On Sun, Jul 28, 2019 at 07:50:28PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > > +++ b/src/rpc/gendispatch.pl
> > > @@ -581,11 +599,11 @@ elsif ($mode eq "server") {
> > >   "virObjectUnref(snapshot);\n" .
> > >   "virObjectUnref(dom);");
> > >  } elsif ($args_member =~ 
> > > m/^(?:(?:admin|remote)_string|remote_uuid) (\S+)<\S+>;/) {
> > > -push(@args_list, $conn) if !@args_list;
> > > +push(@args_list, "$conn_var") if !@args_list;
> > 
> > I don't speak Perl, so asking mostly out of curiosity: why is the
> > argument quoted now? Especially since...
> > 
> > > @@ -1095,7 +1105,7 @@ elsif ($mode eq "server") {
> > >  } elsif (!$multi_ret) {
> > >  my $proc_name = $call->{ProcName};
> > >  
> > > -push(@args_list, $conn) if !@args_list;
> > > +push(@args_list, $conn_var) if !@args_list;
> > 
> > ... this code looks like it's performing the same operation, yet the
> > argument is not quoted here, which leads me to believe one of the two
> > is not correct.
> 
> Both styles are functionally identical in their result. The quoted
> form just adds wastefull string reallocation.

Alright, can you standardize on the non-quoted style before pushing
then?

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 2/2] test_driver: implement virDomainGetCPUStats

[Erik Skultety]

>
> > the "+ i" also seems unnecessary.
>
> I just added it in order for different CPUs to return different values.
> +1, +2 etc. are trivial quantities so the results still make sense imo

Well, I didn't see a use case in that, but someone may sort the returned stats
by the most utilized CPU, so it kinda makes sense, I'll leave it in then.

Erik

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 37/41] remote: handle autoprobing of driver within virtproxyd

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 12:25:08PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> [...]
> > +++ b/src/remote/remote_daemon_dispatch.c
> > +static int
> > +remoteDispatchProbeURI(bool readonly, char **probeduri)
> 
> Once again, there should be one argument per line and a personal
> preference I'd rather have readonly as the last one, but you can
> safely ignore the latter comment if you feel otherwise.

probeduri is an output parameter, and by convention those should
always be last.


> [...]
> > +/* Even if we didn't probe any socket, we won't
> > + * return error. Just let virConnectOpen's normal
> > + * logic run which will likely return an error anyway
> > + */
> 
> I didn't verify this myself, but I hope that when you wrote "likely"
> above what you really meant was "definitely", "certainly",
> "absolutely", "without any doubt" or something along those lines ;)

It could still fallback to open a stateless driver, so "likely" is
correct.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] Some windows hyperv features cannot be enabled after the patch 63acb7bfd56f117309e4fcaf438639d4d7bc7dcb

[Jiri Denemark]

On Mon, Jul 29, 2019 at 07:30:45 +, Changlimin wrote:
> When using with QEMU 
> v4.1.0-rc0 or newer, the 
> patch 
> https://libvirt.org/git/?p=libvirt.git;a=commit;h=63acb7bfd56f117309e4fcaf438639d4d7bc7dcb
>  cause some windows hyperv features cannot be enabled.
> 
> # virsh start win10
> error: Failed to start domain win10
> error: unsupported configuration: host doesn't support hyperv 'vpindex' 
> feature

Yes, this was already reported on Wednesday and patches fixing the issue
were sent to the list on Friday. And I just pushed them.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 36/41] remote: open secondary drivers via remote driver if needed

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 10:33:08AM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> [...]
> > +++ b/src/remote/remote_daemon_dispatch.c
> > @@ -1954,18 +1954,35 @@ remoteGetHypervisorConn(virNetServerClientPtr 
> > client)
> >  }
> >  
> >  
> > +static virConnectPtr
> > +remoteGetSecondaryConn(bool readonly, virConnectPtr *conn, const char *uri)
> 
> We seem to mostly have a single empty line between functions in this
> file, so please stick to that style. Also, have each argument on its
> own line.
> 
> Additional comments: it personally would make more sense to me if
> readonly was the last argument, though I won't object if you prefer
> keeping it this way; however, the way you return the connection
> pointer in addition to storing it in the user-provided location looks
> weird to me.
> 
> You could have
> 
>   static bool
>   remoteGetSecondaryConn(virConnectPtr *conn,
>  const char *uri,
>  bool readonly)
> 
> or actually even
> 
>   static void
>   remoteGetSecondaryConn(virConnectPtr *conn,
>  const char *uri,
>  bool readonly)
> 
> since you're not doing any additional check on the return value in
> the caller. Then...
> 
> [...]
> >  static virConnectPtr
> >  remoteGetInterfaceConn(virNetServerClientPtr client)
> >  {
> >  struct daemonClientPrivate *priv =
> >  virNetServerClientGetPrivateData(client);
> >  
> > -if (!priv->interfaceConn) {
> > -virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("hypervisor 
> > connection not open"));
> > -return NULL;
> > -}
> > -
> > -return priv->interfaceConn;
> > +return remoteGetSecondaryConn(priv->readonly, >interfaceConn, 
> > priv->interfaceURI);
> 
> ... you could leave the 'return' statement alone, and just replace
> the check on priv->xxxConn with a call to remoteGetSecondaryConn().
> 
> [...]
> >  }
> >  
> >  
> > +
> >  void *remoteClientNew(virNetServerClientPtr client,
> >void *opaque ATTRIBUTE_UNUSED)
> 
> Unrelated whitespace change.
> 
> [...]
> > @@ -2093,20 +2089,70 @@ remoteDispatchConnectOpen(virNetServerPtr server 
> > ATTRIBUTE_UNUSED,
> > +VIR_DEBUG("Opening driver %s", name);
> > +if (!(priv->conn = priv->readonly ?
> > +  virConnectOpenReadOnly(name) :
> > +  virConnectOpen(name)))
> > +goto cleanup;
> > +VIR_DEBUG("Opened %p", priv->conn);
> 
> Ewww. Please get rid of the Elvis operator and just use a regular
> if/else instead.
> 
> > +
> > +#ifndef LIBVIRTD
> > +if (!(type = virConnectGetType(priv->conn)))
> > +goto cleanup;
> > +
> > +VIR_DEBUG("Primary driver type is '%s'", type);
> > +if (STREQ(type, "QEMU") ||
> > +STREQ(type, "LIBXL") ||
> > +STREQ(type, "LXC") ||
> > +STREQ(type, "VBOX") ||
> > +STREQ(type, "bhyve") ||
> > +STREQ(type, "vz") ||
> > +STREQ(type, "Parallels")) {
> 
> Wait, we store the connection type as a string? Ewww.
> 
> > +VIR_DEBUG("Hypervisor driver found, setting URIs for secondary 
> > drivers");
> > +priv->interfaceURI =  getuid() == 0 ? "interface:///system" : 
> > "interface:///session";
> > +priv->networkURI = getuid() == 0 ? "network:///system" : 
> > "network:///session";
> > +priv->nodedevURI =  getuid() == 0 ? "nodedev:///system" : 
> > "nodedev:///session";
> > +if (getuid() == 0)
> > +priv->nwfilterURI = "nwfilter:///system";
> > +priv->secretURI = getuid() == 0 ? "secret:///system" : 
> > "secret:///session";
> > +priv->storageURI = getuid() == 0 ? "storage:///system" : 
> > "storage:///session";
> 
> Lots of repeated calls to getuid() and lots of Elvis operators
> here... I would rewrite it along the lines of
> 
>   if (getuid() == 0) {
>   priv->interfaceURI = "interface:///system";
>   priv->networkURI = "network:///system";
>   priv->nodedevURI = "nodedev:///system";
>   priv->secretURI = "secret:///system";
>   priv->storageURI = "storage:///system";
>   priv->nwfilterURI = "nwfilter:///system";
>   } else {
>   priv->interfaceURI = "interface:///session";
>   priv->networkURI = "network:///session";
>   priv->nodedevURI = "nodedev:///session";
>   priv->secretURI = "secret:///session";
>   priv->storageURI = "storage:///session";
>   /* No session URI for the nwfilter driver */
>   }
> 
> [...]
> > +} else if (STREQ(type, "storage")) {
> > +VIR_DEBUG("Storage driver found");
> > +priv->storageConn = virObjectRef(priv->conn);
> > +
> > +/* Co-open the secret driver, as apps using the storage driver may 
> > well
> > + * need access to secrets for storage auth
> > + */
> > +priv->secretURI = getuid() == 0 ? "secret:///system" : 
> > "secret:///session";
> 
> Again, lose the Elvis operator.
> 
> Could there be other 

Re: [libvirt] [PATCH v2 2/2] test_driver: implement virDomainGetCPUStats

[Ilias Stamatis]

On Mon, Jul 29, 2019 at 3:28 PM Erik Skultety  wrote:
>
> On Sun, Jul 28, 2019 at 12:02:21PM +0200, Ilias Stamatis wrote:
> > Signed-off-by: Ilias Stamatis 
> > ---
> >  src/test/test_driver.c | 132 +
> >  1 file changed, 132 insertions(+)
> >
> > diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> > index ab0f8b06d6..56f08fc3d2 100755
> > --- a/src/test/test_driver.c
> > +++ b/src/test/test_driver.c
> > @@ -3629,6 +3629,137 @@ static int testDomainSetMetadata(virDomainPtr dom,
> >  return ret;
> >  }
> >
> > +#define TEST_TOTAL_CPUTIME 48772617035
>
> Let's be explicit with ullong ^here by adding LL

Oops. I had seen Daniel's comment but forgot to apply.

>
> > +
> > +static int
> > +testDomainGetDomainTotalCpuStats(virTypedParameterPtr params,
> > +int nparams)
>
> indent is off
>
> > +{
> > +if (nparams == 0) /* return supported number of params */
> > +return 3;
> > +
> > +if (virTypedParameterAssign([0], VIR_DOMAIN_CPU_STATS_CPUTIME,
> > +VIR_TYPED_PARAM_ULLONG, 
> > TEST_TOTAL_CPUTIME) < 0)
> > +return -1;
> > +
> > +if (nparams > 1 &&
> > +virTypedParameterAssign([1],
> > +VIR_DOMAIN_CPU_STATS_USERTIME,
> > +VIR_TYPED_PARAM_ULLONG, 554000) < 0)
> > +return -1;
> > +
> > +if (nparams > 2 &&
> > +virTypedParameterAssign([2],
> > +VIR_DOMAIN_CPU_STATS_SYSTEMTIME,
> > +VIR_TYPED_PARAM_ULLONG, 646000) < 0)
> > +return -1;
> > +
> > +if (nparams > 3)
> > +nparams = 3;
> > +
> > +return nparams;
> > +}
> > +
> > +
> > +static int
> > +testDomainGetPercpuStats(virTypedParameterPtr params,
> > + unsigned int nparams,
> > + int start_cpu,
> > + unsigned int ncpus,
> > + int total_cpus)
> > +{
> > +size_t i;
> > +int need_cpus;
> > +int param_idx;
> > +int ret = -1;
>
> @ret is unnecessary, see below
>
> > +
> > +/* return the number of supported params */
> > +if (nparams == 0 && ncpus != 0)
> > +return 2;
> > +
> > +/* return total number of cpus */
> > +if (ncpus == 0) {
> > +ret = total_cpus;
> > +goto cleanup;
>
> return total_cpus;
>
> > +}
> > +
> > +if (start_cpu >= total_cpus) {
> > +virReportError(VIR_ERR_INVALID_ARG,
> > +   _("start_cpu %d larger than maximum of %d"),
> > +   start_cpu, total_cpus - 1);
> > +goto cleanup;
>
> return -1;
>
> > +}
> > +
> > +/* return percpu cputime in index 0 */
> > +param_idx = 0;
> > +
> > +/* number of cpus to compute */
> > +need_cpus = MIN(total_cpus, start_cpu + ncpus);
> > +
> > +for (i = 0; i < need_cpus; i++) {
> > +if (i < start_cpu)
> > +continue;
>
> How about initializing i = start_cpu straight away instead?
>
> > +int idx = (i - start_cpu) * nparams + param_idx;
> > +if (virTypedParameterAssign([idx],
> > +VIR_DOMAIN_CPU_STATS_CPUTIME,
> > +VIR_TYPED_PARAM_ULLONG,
> > +(TEST_TOTAL_CPUTIME / total_cpus) + i) 
> > < 0)
>
> I'd strongly prefer if we didn't perform the division in each iteration,

I think the compiler will be smart enough to optimize this? But ok
sure, let's not make assumptions.

> the "+ i" also seems unnecessary.

I just added it in order for different CPUs to return different values.
+1, +2 etc. are trivial quantities so the results still make sense imo


>
> > +goto cleanup;
>
> return -1;
>
> > +}
> > +
> > +/* return percpu vcputime in index 1 */
> > +param_idx = 1;
> > +
> > +if (param_idx < nparams) {
> > +for (i = start_cpu; i < need_cpus; i++) {
> > +int idx = (i - start_cpu) * nparams + param_idx;
> > +if (virTypedParameterAssign([idx],
> > +VIR_DOMAIN_CPU_STATS_VCPUTIME,
> > +VIR_TYPED_PARAM_ULLONG,
> > +(TEST_TOTAL_CPUTIME / total_cpus) 
> > - 1234567890 + i) < 0)
>
> Same as above...
>
> > +goto cleanup;
>
> return -1;
>
> > +}
> > +param_idx++;
> > +}
> > +
> > +ret = param_idx;
>
> return param_idx;
>
> > + cleanup:
> > +return ret;
>
> Drop the cleanup label.

Yeah, totally. That was a leftover from previous code and I didn't
realize it after adjusting.

>
> > +}
> > +
> > +
> > +static int
> > +testDomainGetCPUStats(virDomainPtr dom,
> > +  virTypedParameterPtr params,
> > +  unsigned int nparams,
> > +  

Re: [libvirt] [PATCH 35/41] remote: change hand written methods to not directly access connection

[Daniel P . Berrangé]

On Sun, Jul 28, 2019 at 08:19:40PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> [...]
> > +++ b/src/remote/remote_daemon_dispatch.c
> > @@ -4210,14 +4128,13 @@ 
> > remoteDispatchConnectDomainEventRegister(virNetServerPtr server 
> > ATTRIBUTE_UNUSED
> >  daemonClientEventCallbackPtr ref;
> >  struct daemonClientPrivate *priv =
> >  virNetServerClientGetPrivateData(client);
> > -
> > -if (!priv->conn) {
> > -virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not 
> > open"));
> > -goto cleanup;
> > -}
> > +virConnectPtr conn = remoteGetHypervisorConn(client);
> >  
> >  virMutexLock(>lock);
> >  
> > +if (!conn)
> > +goto cleanup;
> > +
> 
> Shouldn't this be *before* the virMutexLock() call? As far as I can
> tell, that would match the existing behavior...

Looking at this I think the original code is broken. The "cleanup:"
label calls virMutexUnlock().  So the original code was jumping to
the cleanup label with an unlocked mutex and then unlocking it again.

> The same is true for
> 
>   remoteDispatchConnectDomainEventDeregister()
>   remoteDispatchConnectDomainEventRegisterAny()
>   remoteDispatchConnectDomainEventDeregisterAny()
>   remoteDispatchConnectDomainEventCallbackRegisterAny()
>   remoteDispatchConnectDomainEventCallbackDeregisterAny()
>   remoteDispatchConnectNetworkEventRegisterAny()
>   remoteDispatchConnectNetworkEventDeregisterAny()
>   remoteDispatchConnectStoragePoolEventRegisterAny()
>   remoteDispatchConnectStoragePoolEventDeregisterAny()
>   remoteDispatchConnectNodeDeviceEventRegisterAny()
>   remoteDispatchConnectNodeDeviceEventDeregisterAny()
>   remoteDispatchConnectSecretEventRegisterAny()
>   remoteDispatchConnectSecretEventDeregisterAny()
>   qemuDispatchConnectDomainMonitorEventRegister()
>   qemuDispatchConnectDomainMonitorEventDeregister()
> 
> With either all of them updated, if my understanding of the situation
> as described above is correct, or left as is otherwise,
> 
>   Reviewed-by: Andrea Bolognani 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 34/41] remote: change generated methods to not directly access connection

[Daniel P . Berrangé]

On Sun, Jul 28, 2019 at 07:50:28PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > +++ b/src/remote/remote_daemon_dispatch.c
> > @@ -2013,6 +2134,7 @@ remoteDispatchConnectClose(virNetServerPtr server 
> > ATTRIBUTE_UNUSED,
> >  }
> >  
> >  
> > +
> >  static int
> >  remoteDispatchDomainGetSchedulerType(virNetServerPtr server 
> > ATTRIBUTE_UNUSED,
> >   virNetServerClientPtr client,
> 
> Unrelated whitespace change.
> 
> [...]
> > +++ b/src/rpc/gendispatch.pl
> > @@ -581,11 +599,11 @@ elsif ($mode eq "server") {
> >   "virObjectUnref(snapshot);\n" .
> >   "virObjectUnref(dom);");
> >  } elsif ($args_member =~ 
> > m/^(?:(?:admin|remote)_string|remote_uuid) (\S+)<\S+>;/) {
> > -push(@args_list, $conn) if !@args_list;
> > +push(@args_list, "$conn_var") if !@args_list;
> 
> I don't speak Perl, so asking mostly out of curiosity: why is the
> argument quoted now? Especially since...
> 
> > @@ -1095,7 +1105,7 @@ elsif ($mode eq "server") {
> >  } elsif (!$multi_ret) {
> >  my $proc_name = $call->{ProcName};
> >  
> > -push(@args_list, $conn) if !@args_list;
> > +push(@args_list, $conn_var) if !@args_list;
> 
> ... this code looks like it's performing the same operation, yet the
> argument is not quoted here, which leads me to believe one of the two
> is not correct.

Both styles are functionally identical in their result. The quoted
form just adds wastefull string reallocation.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 26/41] libxl: introduce virtxend daemon

[Daniel P . Berrangé]

On Fri, Jul 26, 2019 at 11:13:57PM +, Jim Fehlig wrote:
> On 7/23/19 10:03 AM, Daniel P. Berrangé  wrote:
> > The virtxend daemon will be responsible for providing the libxl API
> 
> Written that way, with the 'xen' and 'd' squashed together, revives 
> nightmares 
> of another thing with similar name :-). However I agree it is the correct 
> name 
> to use here and the 'virt' prefix helps settle my stomach.

Yeah, I can't say I was thrilled when I realized that this really
was the right name :-)


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 2/2] test_driver: implement virDomainGetCPUStats

[Erik Skultety]

On Sun, Jul 28, 2019 at 12:02:21PM +0200, Ilias Stamatis wrote:
> Signed-off-by: Ilias Stamatis 
> ---
>  src/test/test_driver.c | 132 +
>  1 file changed, 132 insertions(+)
>
> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> index ab0f8b06d6..56f08fc3d2 100755
> --- a/src/test/test_driver.c
> +++ b/src/test/test_driver.c
> @@ -3629,6 +3629,137 @@ static int testDomainSetMetadata(virDomainPtr dom,
>  return ret;
>  }
>
> +#define TEST_TOTAL_CPUTIME 48772617035

Let's be explicit with ullong ^here by adding LL

> +
> +static int
> +testDomainGetDomainTotalCpuStats(virTypedParameterPtr params,
> +int nparams)

indent is off

> +{
> +if (nparams == 0) /* return supported number of params */
> +return 3;
> +
> +if (virTypedParameterAssign([0], VIR_DOMAIN_CPU_STATS_CPUTIME,
> +VIR_TYPED_PARAM_ULLONG, TEST_TOTAL_CPUTIME) 
> < 0)
> +return -1;
> +
> +if (nparams > 1 &&
> +virTypedParameterAssign([1],
> +VIR_DOMAIN_CPU_STATS_USERTIME,
> +VIR_TYPED_PARAM_ULLONG, 554000) < 0)
> +return -1;
> +
> +if (nparams > 2 &&
> +virTypedParameterAssign([2],
> +VIR_DOMAIN_CPU_STATS_SYSTEMTIME,
> +VIR_TYPED_PARAM_ULLONG, 646000) < 0)
> +return -1;
> +
> +if (nparams > 3)
> +nparams = 3;
> +
> +return nparams;
> +}
> +
> +
> +static int
> +testDomainGetPercpuStats(virTypedParameterPtr params,
> + unsigned int nparams,
> + int start_cpu,
> + unsigned int ncpus,
> + int total_cpus)
> +{
> +size_t i;
> +int need_cpus;
> +int param_idx;
> +int ret = -1;

@ret is unnecessary, see below

> +
> +/* return the number of supported params */
> +if (nparams == 0 && ncpus != 0)
> +return 2;
> +
> +/* return total number of cpus */
> +if (ncpus == 0) {
> +ret = total_cpus;
> +goto cleanup;

return total_cpus;

> +}
> +
> +if (start_cpu >= total_cpus) {
> +virReportError(VIR_ERR_INVALID_ARG,
> +   _("start_cpu %d larger than maximum of %d"),
> +   start_cpu, total_cpus - 1);
> +goto cleanup;

return -1;

> +}
> +
> +/* return percpu cputime in index 0 */
> +param_idx = 0;
> +
> +/* number of cpus to compute */
> +need_cpus = MIN(total_cpus, start_cpu + ncpus);
> +
> +for (i = 0; i < need_cpus; i++) {
> +if (i < start_cpu)
> +continue;

How about initializing i = start_cpu straight away instead?

> +int idx = (i - start_cpu) * nparams + param_idx;
> +if (virTypedParameterAssign([idx],
> +VIR_DOMAIN_CPU_STATS_CPUTIME,
> +VIR_TYPED_PARAM_ULLONG,
> +(TEST_TOTAL_CPUTIME / total_cpus) + i) < 
> 0)

I'd strongly prefer if we didn't perform the division in each iteration,
the "+ i" also seems unnecessary.

> +goto cleanup;

return -1;

> +}
> +
> +/* return percpu vcputime in index 1 */
> +param_idx = 1;
> +
> +if (param_idx < nparams) {
> +for (i = start_cpu; i < need_cpus; i++) {
> +int idx = (i - start_cpu) * nparams + param_idx;
> +if (virTypedParameterAssign([idx],
> +VIR_DOMAIN_CPU_STATS_VCPUTIME,
> +VIR_TYPED_PARAM_ULLONG,
> +(TEST_TOTAL_CPUTIME / total_cpus) - 
> 1234567890 + i) < 0)

Same as above...

> +goto cleanup;

return -1;

> +}
> +param_idx++;
> +}
> +
> +ret = param_idx;

return param_idx;

> + cleanup:
> +return ret;

Drop the cleanup label.

> +}
> +
> +
> +static int
> +testDomainGetCPUStats(virDomainPtr dom,
> +  virTypedParameterPtr params,
> +  unsigned int nparams,
> +  int start_cpu,
> +  unsigned int ncpus,
> +  unsigned int flags)
> +{
> +virDomainObjPtr vm = NULL;
> +testDriverPtr privconn = dom->conn->privateData;
> +int ret = -1;
> +
> +virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
> +
> +if (!(vm = testDomObjFromDomain(dom)))
> +return -1;
> +
> +if (virDomainObjCheckActive(vm) < 0)
> +goto cleanup;
> +
> +if (start_cpu == -1)
> +ret = testDomainGetDomainTotalCpuStats(params, nparams);
> +else
> +ret = testDomainGetPercpuStats(params, nparams, start_cpu, ncpus,
> +   privconn->nodeInfo.cores);
> +
> + cleanup:
> +virDomainObjEndAPI();
> +return ret;
> 

Re: [libvirt] [PATCH 19/41] remote: introduce virtproxyd daemon to handle IP connectivity

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 01:50:22PM +0100, Daniel P. Berrangé wrote:
> On Mon, Jul 29, 2019 at 01:30:42PM +0100, Daniel P. Berrangé wrote:
> > On Sun, Jul 28, 2019 at 04:42:52PM +0200, Andrea Bolognani wrote:
> > > On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> > > [...]
> > > >  - We can make virtproxyd and the virtXXXd per-driver daemons all
> > > >have "Conflicts: libvirtd.service" in their systemd unit files.
> > > >This will guarantee that libvirtd is never started at the same
> > > >time, as this would result in two daemons running the same driver.
> > > >Fortunately drivers use locking to protect themselves, but it is
> > > >better to avoid starting a daemon we know will conflict.
> > > 
> > > I feel like this will need to be tested extensively to make sure
> > > we're always doing the right thing, including on non-systemd hosts.
> > 
> > Testing is quite easy - just try to start the two units and make
> > sure only one ends up running.  Similarly for non-systemd hosts,
> > start both daemons & see that only one succeeds - the others
> > fail with lock conflict.
> > 
> > 
> > > > +++ b/src/remote/virtproxyd.service.in
> > > > @@ -0,0 +1,24 @@
> > > > +[Unit]
> > > > +Description=Virtualization daemon
> > > > +Conflicts=libvirtd.service
> > > > +Requires=virtproxyd.socket
> > > > +Requires=virtproxyd-ro.socket
> > > > +Requires=virtproxyd-admin.socket
> > > > +After=network.target
> > > > +After=dbus.service
> > > > +After=apparmor.service
> > > > +After=local-fs.target
> > > > +After=remote-fs.target
> > > > +Documentation=man:libvirtd(8)
> > > > +Documentation=https://libvirt.org
> > > 
> > > There are a few non-obvious changes between libvirtd.service.in and
> > > this file:
> > > 
> > >   -Requires=virtlogd.socket
> > >   -Requires=virtlockd.socket
> > >   -Wants=systemd-machined.service
> > >   -Before=libvirt-guests.service
> > >   -After=iscsid.service
> > >   -After=systemd-logind.service
> > >   -After=systemd-machined.service
> > > 
> > > I can see why we'd move the relationships with iscsid and virtlockd
> > > to virtstoraged, except looking ahead to patch 23 I see you haven't
> > > actually done that; either way, I'm not so convinced about the
> > > remaining changes. Care to explain the rationale behind them?
> > 
> > virtproxdy contains no drivers, so it doesn't need to depend
> > on any of these services.
> > 
> > virtdstoraged/qemud/lxcd  should have gained some of these though.
> 
> I should have killed dbus.service and remote-fs.service too.

Doh, not. dbus must always be present for polkit to work. remote-fs.service
is ok as that's only needed for the hypervisor services (to access disk
images).


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] PCI domain space need be enlarge to support domain great than FFFF

[Changlimin]

For some servers, PCI domain is great than 

# lspci
1:00:00.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port A 
(rev 04)
1:00:01.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port B 
(rev 04)
1:00:02.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port C 
(rev 04)
1:00:03.0 PCI bridge: Intel Corporation Sky Lake-E PCI Express Root Port D 
(rev 04)
1:01:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe 
SSD Controller SM961/PM961
1:02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe 
SSD Controller SM961/PM961

So some code need to match the larger domain.

#define PCI_ADDR_LEN 13 /* ":XX:XX.X" */

snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
 domain, bus, slot, function)

if (addr->domain > 0x) {

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] Some windows hyperv features cannot be enabled after the patch 63acb7bfd56f117309e4fcaf438639d4d7bc7dcb

[Changlimin]

When using with QEMU 
v4.1.0-rc0 or newer, the 
patch 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=63acb7bfd56f117309e4fcaf438639d4d7bc7dcb
 cause some windows hyperv features cannot be enabled.

# virsh start win10
error: Failed to start domain win10
error: unsupported configuration: host doesn't support hyperv 'vpindex' feature

  

  
  
  
  
  
  
  
  
  
  
  
  


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 19/41] remote: introduce virtproxyd daemon to handle IP connectivity

[Daniel P . Berrangé]

On Mon, Jul 29, 2019 at 01:30:42PM +0100, Daniel P. Berrangé wrote:
> On Sun, Jul 28, 2019 at 04:42:52PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> > [...]
> > >  - We can make virtproxyd and the virtXXXd per-driver daemons all
> > >have "Conflicts: libvirtd.service" in their systemd unit files.
> > >This will guarantee that libvirtd is never started at the same
> > >time, as this would result in two daemons running the same driver.
> > >Fortunately drivers use locking to protect themselves, but it is
> > >better to avoid starting a daemon we know will conflict.
> > 
> > I feel like this will need to be tested extensively to make sure
> > we're always doing the right thing, including on non-systemd hosts.
> 
> Testing is quite easy - just try to start the two units and make
> sure only one ends up running.  Similarly for non-systemd hosts,
> start both daemons & see that only one succeeds - the others
> fail with lock conflict.
> 
> 
> > > +++ b/src/remote/virtproxyd.service.in
> > > @@ -0,0 +1,24 @@
> > > +[Unit]
> > > +Description=Virtualization daemon
> > > +Conflicts=libvirtd.service
> > > +Requires=virtproxyd.socket
> > > +Requires=virtproxyd-ro.socket
> > > +Requires=virtproxyd-admin.socket
> > > +After=network.target
> > > +After=dbus.service
> > > +After=apparmor.service
> > > +After=local-fs.target
> > > +After=remote-fs.target
> > > +Documentation=man:libvirtd(8)
> > > +Documentation=https://libvirt.org
> > 
> > There are a few non-obvious changes between libvirtd.service.in and
> > this file:
> > 
> >   -Requires=virtlogd.socket
> >   -Requires=virtlockd.socket
> >   -Wants=systemd-machined.service
> >   -Before=libvirt-guests.service
> >   -After=iscsid.service
> >   -After=systemd-logind.service
> >   -After=systemd-machined.service
> > 
> > I can see why we'd move the relationships with iscsid and virtlockd
> > to virtstoraged, except looking ahead to patch 23 I see you haven't
> > actually done that; either way, I'm not so convinced about the
> > remaining changes. Care to explain the rationale behind them?
> 
> virtproxdy contains no drivers, so it doesn't need to depend
> on any of these services.
> 
> virtdstoraged/qemud/lxcd  should have gained some of these though.

I should have killed dbus.service and remote-fs.service too.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 06/41] remote: stop trying to print help as giant blocks of text

[Andrea Bolognani]

On Mon, 2019-07-29 at 10:51 +0100, Daniel P. Berrangé wrote:
> On Fri, Jul 26, 2019 at 02:02:18PM +0200, Andrea Bolognani wrote:
> > On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> > > +fprintf(stderr, "%s:\n", _("TLS"));
> > > +fprintf(stderr, "  %s: %s\n",
> > > +_("CA certificate"),
> > > +privileged ? LIBVIRT_CACERT : 
> > > "$HOME/.pki/libvirt/cacert.pem");
> > > +fprintf(stderr, "  %s: %s\n",
> > > +_("Server certificate"),
> > > +privileged ? LIBVIRT_SERVERCERT : 
> > > "$HOME/.pki/libvirt/servercert.pem");
> > > +fprintf(stderr, "  %s: %s\n",
> > > +_("Server private key"),
> > > +privileged ? LIBVIRT_SERVERKEY : 
> > > "$HOME/.pki/libvirt/serverkey.pem");
> > > +fprintf(stderr, "\n");
> > 
> > I think the above would work better if you used
> > 
> >   "  %-18s  %s\n"
> > 
> > as the format string, which would result in
> > 
> >   TLS:
> > CA certificate  $HOME/.pki/libvirt/cacert.pem
> > Server certificate  $HOME/.pki/libvirt/servercert.pem
> > Server private key  $HOME/.pki/libvirt/serverkey.pem
> > 
> > instead of
> > 
> >   TLS:
> > CA certificate: $HOME/.pki/libvirt/cacert.pem
> > Server certificate: $HOME/.pki/libvirt/servercert.pem
> > Server private key: $HOME/.pki/libvirt/serverkey.pem
> 
> You're only thinking about this from POV of english text. When this
> is translated into other languages, all bets are off for such
> alignment, as translated text could easily be longer than 18 characters
> and I don't fancy guessing the max field width to cope with arbitrary
> languages.

Right, I was tricked by the fact that you use "%-22s" earlier in the
same function, but of course that's appropriate because you're
printing the option names and those are not subject to i18n...

We should move the vshTable API inside libvirt so that we can do this
kind of thing easily! (Only partially kidding.)

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/5] Fix hyperv and kvm features with QEMU 4.1

[Vitaly Kuznetsov]

Jiri Denemark  writes:

> Originally the names of the hyperv and kvm CPU features were only used
> internally for looking up their CPUID bits. But with QEMU 4.1 we check
> which features were enabled or disabled by a freshly started QEMU
> process using their names rather than their CPUID bits (mostly because
> of MSR features). Thus we need to change our made up internal names into
> the actual names used by QEMU.
>
> Otherwise libvirt would mistakenly report the features as unavailable
> and refuse to start any domain using them with QEMU 4.1.
>
> Reported-by: Vitaly Kuznetsov 
>

It seems to resolve my issue, so

Tested-by: Vitaly Kuznetsov 

I'll rebase my 'direct stimer' on top of this, thanks!

-- 
Vitaly

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 4/6] conf: add support for Direct Mode for Hyper-V Synthetic timers

[Vitaly Kuznetsov]

Ján Tomko  writes:

> On Thu, Jul 25, 2019 at 03:52:16PM +0200, Vitaly Kuznetsov wrote:
>>Support 'Direct Mode' for Hyper-V Synthetic Timers in domain config.
>>Make it 'stimer' enlightenment option as it is not a separate thing.
>>
>>Signed-off-by: Vitaly Kuznetsov 
>>---
>> docs/formatdomain.html.in |  10 ++-
>> docs/schemas/domaincommon.rng |  16 +++-
>> src/conf/domain_conf.c| 138 +++---
>> src/conf/domain_conf.h|   8 ++
>> src/cpu/cpu_x86.c |  51 +++--
>> src/cpu/cpu_x86_data.h|   2 +
>> src/libvirt_private.syms  |   2 +
>> 7 files changed, 187 insertions(+), 40 deletions(-)
>>
>>diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>>index 1aaddb6d9b..a0723edad1 100644
>>--- a/docs/formatdomain.html.in
>>+++ b/docs/formatdomain.html.in
>>@@ -2033,7 +2033,9 @@
>> vpindex state='on'/
>> runtime state='on'/
>> synic state='on'/
>>-stimer state='on'/
>>+stimer state='on'
>>+  direct state='on'/
>>+/stimer
>> reset state='on'/
>> vendor_id state='on' value='KVM Hv'/
>> frequencies state='on'/
>>@@ -2148,9 +2150,9 @@
>> 
>> 
>>   stimer
>>-  Enable SynIC timers
>>-  on, off
>>-  1.3.3 (QEMU 2.6)
>>+  Enable SynIC timers, optionally with Direct Mode support
>>+  on, off; direct - on,off
>>+  1.3.3 (QEMU 2.6), direct mode 5.6.0 (QEMU 
>>4.1)
>> 
>> 
>>   reset
>>diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>>index 763480440c..8cf1995748 100644
>>--- a/docs/schemas/domaincommon.rng
>>+++ b/docs/schemas/domaincommon.rng
>>@@ -5896,7 +5896,7 @@
>> 
>> 
>>   
>>-
>>+
>>   
>> 
>> 
>>@@ -5945,6 +5945,20 @@
>> 
>>   
>>
>>+  
>>+  
>>+
>>+  
>>+
>>+  
>>+  
>>+
>>+  
>>+
>>+  
>>+
>>+  
>>+
>>   
>>   
>> 
>>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>>index 0574c69a46..779b4ed880 100644
>>--- a/src/conf/domain_conf.c
>>+++ b/src/conf/domain_conf.c
>>@@ -197,6 +197,11 @@ VIR_ENUM_IMPL(virDomainHyperv,
>>   "evmcs",
>> );
>>
>>+VIR_ENUM_IMPL(virDomainHypervStimer,
>>+  VIR_DOMAIN_HYPERV_STIMER_LAST,
>>+  "direct",
>>+);
>
> Do you anticipate more stimer "sub"-features in the future?
> Having an enum with one value just to loop over an array with one
> element and then switch()-ing across all the possible value seems
> like overkill.
>

I don't anticipate any sub-features for stimer for the time being,
however, I wanted to make code look like what we already have
(e.g. virDomainKVM). We can, of course, simplify things if we consider
'direct' being the one and only.

>>+
>> VIR_ENUM_IMPL(virDomainKVM,
>>   VIR_DOMAIN_KVM_LAST,
>>   "hidden",
>>@@ -20359,6 +20364,51 @@ virDomainDefParseXML(xmlDocPtr xml,
>> ctxt->node = node;
>> }
>>
>>+if (def->features[VIR_DOMAIN_HYPERV_STIMER] == VIR_TRISTATE_SWITCH_ON) {
>>+int feature;
>>+int value;
>>+if ((n = virXPathNodeSet("./features/hyperv/stimer/*", ctxt, 
>>)) < 0)
>>+goto error;
>>+
>>+for (i = 0; i < n; i++) {
>>+feature = virDomainHypervStimerTypeFromString((const char 
>>*)nodes[i]->name);
>>+if (feature < 0) {
>>+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
>>+   _("unsupported Hyper-V stimer feature: %s"),
>>+   nodes[i]->name);
>>+goto error;
>>+}
>>+
>>+switch ((virDomainHypervStimer) feature) {
>>+case VIR_DOMAIN_HYPERV_STIMER_DIRECT:
>>+if (!(tmp = virXMLPropString(nodes[i], "state"))) {
>>+virReportError(VIR_ERR_XML_ERROR,
>>+   _("missing 'state' attribute for "
>>+ "Hyper-V stimer feature '%s'"),
>>+   nodes[i]->name);
>>+goto error;
>>+}
>>+
>>+if ((value = virTristateSwitchTypeFromString(tmp)) < 0) {
>>+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
>>+   _("invalid value of state argument "
>>+ "for Hyper-V stimer feature '%s'"),
>>+   nodes[i]->name);
>>+goto error;
>>+}
>>+
>>+VIR_FREE(tmp);
>>+def->hyperv_stimer_features[feature] = value;
>>+break;
>>+
>>+/* coverity[dead_error_begin] */
>>+case VIR_DOMAIN_HYPERV_STIMER_LAST:
>>+break;
>>+}
>>+}
>>+

Re: [libvirt] [PATCH 13/41] remote: refactor & rename variables for building libvirtd

[Andrea Bolognani]

On Mon, 2019-07-29 at 12:39 +0100, Daniel P. Berrangé wrote:
> On Fri, Jul 26, 2019 at 05:46:38PM +0200, Andrea Bolognani wrote:
> > On Fri, 2019-07-26 at 16:21 +0100, Daniel P. Berrangé wrote:
> > > On Fri, Jul 26, 2019 at 05:19:56PM +0200, Andrea Bolognani wrote:
> > > > [...]
> > > > > +REMOTE_DAEMON_LD_ADD += \
> > > > > + ../gnulib/lib/libgnu.la \
> > > > > + $(LIBSOCKET) \
> > > > > + $(NULL)
> > > > 
> > > > As an aside, it looks like $(LIBSOCKET) is a leftover of days long
> > > > gone and no longer used for anything.
> > > 
> > > It is something that gnulib defines. Whether it expands to a non-empty
> > > string on any of our supported build platforms though, I don't know.
> > 
> > I tried removing it and ran it through the full gauntlet without
> > getting any failures, so I'm pretty confident we don't need it. It'd
> > be pretty weird if we did, since we have at least two other daemons
> > already and neither of those is using it...
> 
> LIBSOCKET is set to -lws2_32 on Windows builds.
> 
> We don't build libvirtd on mingw though which is why you don't see
> a problem. Previously we would have needed this for cygwin I expect
> but that's not a supported build target

I guess anyone who wanted to (re?)introduce support for non-MinGW
builds will have to address many more issues, so as long as it's not
needed on any of our target build platforms we can safely drop it.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 41/41] libvirt: correctly print out URI returned from probing

[Andrea Bolognani]

On Mon, 2019-07-29 at 14:34 +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> > Turning a NULL URI instead the empty string is very misleading when
> > reading the debug logs as the distinction between the two is
> > functionally important.
> > 
> > Signed-off-by: Daniel P. Berrangé 
> > ---
> >  src/libvirt.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> This looks like it could have been waaay earlier in the series, or
> even pushed trivially outside of it... I guess you wanted to have a
> little treat for whoever made it to the end of the series! :)
> 
> Looking forward to v3!

And of course I forgot the most important bit:

  Reviewed-by: Andrea Bolognani 

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 41/41] libvirt: correctly print out URI returned from probing

[Andrea Bolognani]

On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> Turning a NULL URI instead the empty string is very misleading when
> reading the debug logs as the distinction between the two is
> functionally important.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/libvirt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

This looks like it could have been waaay earlier in the series, or
even pushed trivially outside of it... I guess you wanted to have a
little treat for whoever made it to the end of the series! :)

Looking forward to v3!

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 40/41] remote: switch to connect to per-driver daemons by default

[Andrea Bolognani]

On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
[...]
> If connecting to a remote host over any kind of ssh tunnel, for now we
> must assume only the legacy socket exists. A future patch will introduce
> a netcat replacement that is tailored for libvirt to make remote
> tunnelling easier.
> 
> The configure arg '--with-remote-default-mode=legacy|direct' allows
> packagers to set a default at build time. If not given, it will default
> to direct mode.
> 
> In RPM builds this is overriden, because before we can default to the
> new daemons, we must get SELinux policy written & the timeframe for that
> is unclear at this stage.

If direct mode is not ready to be the default for RPM builds, then
it's not ready to be the default for any build. Let's stick with
legacy mode as the default until we have the missing pieces you
mention and also the code has undergone more testing.

> +++ b/src/libvirt.c
> @@ -601,6 +601,30 @@ virRegisterConnectDriver(virConnectDriverPtr driver,
> +/**
> + * virHasDriverForURIScheme:
> + * @scheme: the URI scheme
> + *
> + * Determine if there is a driver registered that explicitly
> + * handles URIs with the scheme @scheme.
> + *
> + * Returns: true if a driver is registered
> + */
> +bool virHasDriverForURIScheme(const char *scheme)

Return type on a separate line.

> +{
> +size_t i, j;

One variable declaration per line. Also, leave an empty line between
variable declarations and the rest of the function.

[...]
> +++ b/src/remote/remote_driver.c
> +typedef enum {
> +/* Prefer per-driver virt*d daemons, but fallback to legacy libvirtd */
> +REMOTE_DRIVER_MODE_AUTO,

I mean, even with --with-remote-default-mode=direct this comment is
not really accurate, since the algorithm is more nuanced than this.
Please use a more neutral language.

[...]
> +VIR_ENUM_IMPL(remoteDriverMode,
> +  REMOTE_DRIVER_MODE_LAST,
> +  "auto", "legacy", "direct");

One enum value per line.

[...]
> @@ -92,6 +108,7 @@ VIR_ENUM_IMPL(remoteDriverTransport,
>  static bool inside_daemon;
>  
> +
>  struct private_data {
>  virMutex lock;

Unrelated whitespace change.

[...]
> +remoteGetUNIXSocketHelper(remoteDriverTransport transport,
> +  const char *sock_prefix,
> +  unsigned int flags)
>  {
>  char *sockname = NULL;
> -VIR_AUTOFREE(char *userdir);
> +VIR_AUTOFREE(char *) userdir = NULL;

Once you declare userdir correctly in the first place, this hunk
will go away :)

[...]
> @@ -758,21 +776,126 @@ remoteGetUNIXSocket(remoteDriverTransport transport,
>  if (!(userdir = virGetUserRuntimeDirectory()))
>  return NULL;
>  
> -if (virAsprintf(,
> -"%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0)
> +if (virAsprintf(, "%s/%s-sock",
> +userdir, sock_prefix) < 0)

I kinda just noticed, but don't we support R/O connections in
session mode?

[...]
> +static char *
> +remoteGetUNIXSocket(remoteDriverTransport transport,
> +remoteDriverMode mode,
> +const char *driver,
> +char **daemon,
> +unsigned int flags)
> +{
[...]
> +if (mode == REMOTE_DRIVER_MODE_LEGACY) {
> +sock_name = legacy_sock_name;
> +legacy_sock_name = NULL;
> +*daemon = legacy_daemon;
> +legacy_daemon = NULL;

This is

  VIR_STEAL_PTR(sock_name, legacy_sock_name);
  VIR_STEAL_PTR(*daemon, legacy_daemon);

> +} else if (mode == REMOTE_DRIVER_MODE_DIRECT) {
> +if (transport != REMOTE_DRIVER_TRANSPORT_UNIX) {
> +virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
> +   _("Cannot use direct socket mode for %s 
> transport"),
> +   remoteDriverTransportTypeToString(transport));
> +return NULL;
> +}
> +
> +if (!direct_sock_name) {
> +virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> +   _("Cannot use direct socket mode if no URI is 
> set"));
> +return NULL;
> +}

Is the error message accurate? We should be way past making sure we
have a URI to work with by now.

> +sock_name = direct_sock_name;
> +direct_sock_name = NULL;
> +*daemon = direct_daemon;
> +direct_daemon = NULL;

This is

  VIR_STEAL_PTR(sock_name, direct_sock_name);
  VIR_STEAL_PTR(*daemon, direct_daemon);

> +} else {
> +virReportEnumRangeError(remoteDriverMode, mode);
> +return NULL;
> +}

See, I was going to suggest you turn this into a switch statement
anyway, but the fact that you have used virReportEnumRangeError()
here definitely seals the deal :)

[...]
> +#ifndef WIN32
> +static const char *
> +remoteGetDaemonPathEnv(void)
> +{
> +/* We prefer a VIRTD_PATH env var to use for all daemons,
> + * but if it is not set we will fallback to LIBVIRTD_PATH
> + * for 

Re: [libvirt] [PATCH 19/41] remote: introduce virtproxyd daemon to handle IP connectivity

[Daniel P . Berrangé]

On Sun, Jul 28, 2019 at 04:42:52PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> [...]
> >  - We can make virtproxyd and the virtXXXd per-driver daemons all
> >have "Conflicts: libvirtd.service" in their systemd unit files.
> >This will guarantee that libvirtd is never started at the same
> >time, as this would result in two daemons running the same driver.
> >Fortunately drivers use locking to protect themselves, but it is
> >better to avoid starting a daemon we know will conflict.
> 
> I feel like this will need to be tested extensively to make sure
> we're always doing the right thing, including on non-systemd hosts.

Testing is quite easy - just try to start the two units and make
sure only one ends up running.  Similarly for non-systemd hosts,
start both daemons & see that only one succeeds - the others
fail with lock conflict.


> > +++ b/src/remote/virtproxyd.service.in
> > @@ -0,0 +1,24 @@
> > +[Unit]
> > +Description=Virtualization daemon
> > +Conflicts=libvirtd.service
> > +Requires=virtproxyd.socket
> > +Requires=virtproxyd-ro.socket
> > +Requires=virtproxyd-admin.socket
> > +After=network.target
> > +After=dbus.service
> > +After=apparmor.service
> > +After=local-fs.target
> > +After=remote-fs.target
> > +Documentation=man:libvirtd(8)
> > +Documentation=https://libvirt.org
> 
> There are a few non-obvious changes between libvirtd.service.in and
> this file:
> 
>   -Requires=virtlogd.socket
>   -Requires=virtlockd.socket
>   -Wants=systemd-machined.service
>   -Before=libvirt-guests.service
>   -After=iscsid.service
>   -After=systemd-logind.service
>   -After=systemd-machined.service
> 
> I can see why we'd move the relationships with iscsid and virtlockd
> to virtstoraged, except looking ahead to patch 23 I see you haven't
> actually done that; either way, I'm not so convinced about the
> remaining changes. Care to explain the rationale behind them?

virtproxdy contains no drivers, so it doesn't need to depend
on any of these services.

virtdstoraged/qemud/lxcd  should have gained some of these though.

> 
> > +[Service]
> > +Type=notify
> > +ExecStart=@sbindir@/virtproxyd --timeout 120
> > +ExecReload=/bin/kill -HUP $MAINPID
> > +Restart=on-failure
> 
> More changes in this section:
> 
>   -EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd
>   -KillMode=process
>   -LimitNOFILE=8192
>   -TasksMax=32768
> 
> EnvironmentFile is clearly no longer needed, while both LimitNOFILE
> and TasksMax probably belong to the hypervisor-specific daemons, but
> I'm unclear on why KillMode was changed.

The systemd default is fine as we don't need any other processes to
survive shutdown.

> > +[Install]
> > +WantedBy=multi-user.target
> > +Also=virtproxyd.socket
> > +Also=virtproxyd-ro.socket
> 
> Kind of a side note since it's pre-existing, but don't we want to
> list virtproxyd-admin.socket here too?

It is redundant - the deps force virtproxyd-admin.socket to become
enabled regardless.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] qemumonitorjsontest: Don't leak 'query-jobs' info

[Peter Krempa]

On Mon, Jul 29, 2019 at 14:23:14 +0200, Michal Privoznik wrote:
> The returned array of qemuMonitorJobInfo structs must be freed.
> 
> 164 (16 direct, 148 indirect) bytes in 1 blocks are definitely lost in loss 
> record 64 of 84
>at 0x4A3568B: realloc (vg_replace_malloc.c:826)
>by 0x4D888BD: virReallocN (viralloc.c:244)
>by 0x4D889B3: virExpandN (viralloc.c:293)
>by 0x4D88C87: virInsertElementsN (viralloc.c:435)
>by 0x214004: qemuMonitorJSONGetJobInfo (qemu_monitor_json.c:9185)
>by 0x148B3F: testQueryJobs (qemumonitorjsontest.c:2979)
>by 0x14C192: virTestRun (testutils.c:174)
>by 0x14BF36: mymain (qemumonitorjsontest.c:3286)
>by 0x14E256: virTestMain (testutils.c:1096)
>by 0x14BFD9: main (qemumonitorjsontest.c:3298)
> 
> Signed-off-by: Michal Privoznik 
> ---
>  tests/qemumonitorjsontest.c | 3 +++
>  1 file changed, 3 insertions(+)

ACK


signature.asc
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] qemumonitorjsontest: Don't leak 'query-jobs' info

[Michal Privoznik]

The returned array of qemuMonitorJobInfo structs must be freed.

164 (16 direct, 148 indirect) bytes in 1 blocks are definitely lost in loss 
record 64 of 84
   at 0x4A3568B: realloc (vg_replace_malloc.c:826)
   by 0x4D888BD: virReallocN (viralloc.c:244)
   by 0x4D889B3: virExpandN (viralloc.c:293)
   by 0x4D88C87: virInsertElementsN (viralloc.c:435)
   by 0x214004: qemuMonitorJSONGetJobInfo (qemu_monitor_json.c:9185)
   by 0x148B3F: testQueryJobs (qemumonitorjsontest.c:2979)
   by 0x14C192: virTestRun (testutils.c:174)
   by 0x14BF36: mymain (qemumonitorjsontest.c:3286)
   by 0x14E256: virTestMain (testutils.c:1096)
   by 0x14BFD9: main (qemumonitorjsontest.c:3298)

Signed-off-by: Michal Privoznik 
---
 tests/qemumonitorjsontest.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index bf89f49aca..522ff5a3d5 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -2996,6 +2996,9 @@ testQueryJobs(const void *opaque)
 ret = 0;
 
  cleanup:
+for (i = 0; i < njobs; i++)
+qemuMonitorJobInfoFree(jobs[i]);
+VIR_FREE(jobs);
 qemuMonitorTestFree(test);
 return ret;
 }
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 18/41] remote: in per-driver daemons ensure that state initialize succeeds

[Daniel P . Berrangé]

On Fri, Jul 26, 2019 at 08:25:05PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> [...]
> > @@ -648,15 +650,23 @@ virStateInitialize(bool privileged,
> [...]
> > +if (ret == VIR_DRV_STATE_INIT_ERROR) {
> >  VIR_ERROR(_("Initialization of %s state driver failed: 
> > %s"),
> >virStateDriverTab[i]->name,
> >virGetLastErrorMessage());
> >  return -1;
> > +} else if (ret == VIR_DRV_STATE_INIT_SKIPPED &&
> > +   mandatory) {
> 
> You can fit this entire condition on a single line.
> 
> [...]
> > +++ b/src/remote/remote_daemon.c
> > @@ -794,6 +794,11 @@ static void daemonRunStateInit(void *opaque)
> >   * we're ready, since it can take a long time and this will
> >   * seriously delay OS bootup process */
> >  if (virStateInitialize(virNetDaemonIsPrivileged(dmn),
> > +#ifdef MODULE_NAME
> > +   true,
> > +#else /* ! MODULE_NAME */
> > +   false,
> > +#endif /* ! MODULE_NAME */
> > daemonInhibitCallback,
> > dmn) < 0) {
> 
> Just like in patch 10, this is really ugly... Please change it to
> something like
> 
>   #ifdef MODULE_NAME
> bool mandatory = true;
>   #else /* ! MODULE_NAME */
> bool mandatory = false;
>   #endif /* ! MODULE_NAME */
> 
>   virStateInitialize(virNetDaemonIsPrivileged(dmn),
>  mandatory,
>  daemonInhibitCallback,
>  dmn);
> 
> [...]
> > +++ b/src/vz/vz_driver.c
> > @@ -4118,36 +4118,36 @@ vzStateInitialize(bool privileged,
> [...]
> >  /* Failing to create driver here is not fatal and only means
> >   * that next driver client will try once more when connecting */
> >  vz_driver = vzDriverObjNew();
> > -return 0;
> > +return VIR_DRV_STATE_INIT_COMPLETE;
> 
> Given the comment, are you sure we shouldn't do something like
> 
>   if (!(vz_driver = vzDriverObjNew()))
> return VIR_DRV_STATE_INIT_SKIPPED;
> 
>   return VIR_DRV_STATE_INIT_COMPLETE;
> 
> here instead?

Marking it as skipped would cause the daemon to exit which against
the semantics that the vz driver code was trying to achieve with
this startup behaviour. 

> With the nits above addressed, and assuming the logic in the vz
> driver either is confirmed to be fine as or is changed appropriately,
> 
>   Reviewed-by: Andrea Bolognani 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 17/41] remote: refactor how list of systemd unit files is built

[Daniel P . Berrangé]

On Fri, Jul 26, 2019 at 08:01:52PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:02 +0100, Daniel P. Berrangé wrote:
> > The make logic assumes that the SYSTEMD_UNIT_FILES var can be built from
> > SYSTEMD_UNIT_FILES_IN by simply dropping the directory prefix and the
> > .in suffix.
> > 
> > This won't work in future when a single .in unit file can be used to
> > generate multiple different units.
> 
> IIUC this is mostly for sockets, correct? As in, with the entire
> series applied we'll have eg.
> 
>   SYSTEMD_UNIT_FILES += \
> virtqemud.service \
> virtqemud.socket \
> virtqemud-ro.socket \
> virtqemud-admin.socket \
> $(NULL)
>   SYSTEMD_UNIT_FILES_IN += \
> qemu/virtqemud.service.in \
> $(NULL)
> 
> where virtqemud*.socket are not generated, as the current code
> would expect, from virtqemud*.socket.in, but rather from
> libvirtd*.socket.in - hence the need for this patch.

Yes

> Again IIUC there's nothing really stopping us from generating
> virtqemud*.service from libvirtd*.service.in, or at least from
> a common virtd*.service.in, since eg. virtqemud.service.in and
> virtlxcd.service.in are basically identical - it's just that you
> haven't unified the generation rules yet.

I'm was not anticipating sharing the service.in file, as many of
the parameters will be driver specific.

> Assuming I've understood the intent correctly, then the changes
> themselves look good, so
> 
>   Reviewed-by: Andrea Bolognani 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] UID/GID during kvm/qemu migrate

[Stephan von Krawczynski]

Hello,

is there some immanent code in libvirt that forces UID/GID of the libvirt
standard user to be the same on two boxes migrating qemu vms against each
other?
The migration itself uses root obviously (password is requested). But if a vm
xml does not contain any definition regarding UID/GID what else could
prevent this from working?

I believe I ran into such a problem trying to migrate and ending up in an
error, a vm still working on original host but its fs (netfs pool (nfs/raw))
being switched to read-only...

-- 
Regards,
Stephan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2 1/2] tests: virsh-optparse: remove no longer valid cpu-stats test cases

[Erik Skultety]

On Sun, Jul 28, 2019 at 12:02:20PM +0200, Ilias Stamatis wrote:
> These test cases are no longer valid since this series provides an
> implementation of the virDomainGetCPUStats API for the test driver.

"this series" is relevant only in context of the patches sent to the ML. Once
it's in the git history, it's essentially irrelevant information. I'll change
it before pushing.

Reviewed-by: Erik Skultety 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 5/6] qemu: add support for Direct Mode for Hyper-V Synthetic timers

[Ján Tomko]

On Thu, Jul 25, 2019 at 03:52:17PM +0200, Vitaly Kuznetsov wrote:

QEMU-4.1 supports 'Direct Mode' for Hyper-V synthetic timers
(hv-stimer-direct CPU flag): Windows guests can request that timer
expiration notifications are delivered as normal interrupts (and not
VMBus messages). This is used by Hyper-V on KVM.

Signed-off-by: Vitaly Kuznetsov 
---
src/qemu/qemu_command.c | 22 ++--
src/qemu/qemu_process.c | 39 +++--
tests/qemuxml2argvdata/hyperv.args  |  4 +--
tests/qemuxml2argvdata/hyperv.xml   |  4 ++-
tests/qemuxml2xmloutdata/hyperv.xml |  4 ++-
5 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 1cf165079f..12229e879e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7096,7 +7096,7 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
int ret = -1;
virBuffer cpu_buf = VIR_BUFFER_INITIALIZER;
virBuffer buf = VIR_BUFFER_INITIALIZER;
-size_t i;
+size_t i, j;

if (def->cpu &&
(def->cpu->mode != VIR_CPU_MODE_CUSTOM || def->cpu->model)) {
@@ -7158,7 +7158,6 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
case VIR_DOMAIN_HYPERV_VPINDEX:
case VIR_DOMAIN_HYPERV_RUNTIME:
case VIR_DOMAIN_HYPERV_SYNIC:
-case VIR_DOMAIN_HYPERV_STIMER:
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
@@ -7170,6 +7169,25 @@ qemuBuildCpuCommandLine(virCommandPtr cmd,
  virDomainHypervTypeToString(i));
break;

+case VIR_DOMAIN_HYPERV_STIMER:
+if (def->hyperv_features[i] == VIR_TRISTATE_SWITCH_ON)
+virBufferAsprintf(, ",hv_%s",
+  virDomainHypervTypeToString(i));





+for (j = 0; j < VIR_DOMAIN_HYPERV_STIMER_LAST; j++) {
+switch ((virDomainHypervStimer) j) {
+case VIR_DOMAIN_HYPERV_STIMER_DIRECT:
+if (def->hyperv_stimer_features[j] == 
VIR_TRISTATE_SWITCH_ON)
+virBufferAsprintf(, ",hv_stimer_%s",
+  
virDomainHypervStimerTypeToString(j));
+break;
+
+/* coverity[dead_error_begin] */
+case VIR_DOMAIN_HYPERV_STIMER_LAST:
+break;
+}
+}


if (def->hyperv_stimer_direct == VIR_TRISTATE_SWITCH_ON)
   virBufferAddLit(, "hv-stimer-direct");


+break;
+
case VIR_DOMAIN_HYPERV_SPINLOCKS:
if (def->hyperv_features[i] == VIR_TRISTATE_SWITCH_ON)
virBufferAsprintf(, ",hv_spinlocks=0x%x",
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 75205bc121..0235cfd022 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -4111,10 +4111,45 @@ qemuProcessVerifyHypervFeatures(virDomainDefPtr def,
rc = virCPUDataCheckFeature(cpu, cpuFeature);
VIR_FREE(cpuFeature);

-if (rc < 0)
+if (rc < 0) {
return -1;
-else if (rc == 1)
+} else if (rc == 1) {
+if ((i == VIR_DOMAIN_HYPERV_STIMER)) {
+size_t j;
+


Fails compilation with my Clang:
qemu/qemu_process.c:4117:20: error: equality comparison with extraneous 
parentheses [-Werror,-Wparentheses-equality]
   if ((i == VIR_DOMAIN_HYPERV_STIMER)) {
~~^~~
qemu/qemu_process.c:4117:20: note: remove extraneous parentheses around the 
comparison to silence this warning
   if ((i == VIR_DOMAIN_HYPERV_STIMER)) {
   ~  ^  ~
qemu/qemu_process.c:4117:20: note: use '=' to turn this equality comparison 
into an assignment
   if ((i == VIR_DOMAIN_HYPERV_STIMER)) {
  ^~
  =
1 error generated.
make[5]: *** [Makefile:11191: qemu/libvirt_driver_qemu_impl_la-qemu_process.lo] 
Error 1


+for (j = 0; j < VIR_DOMAIN_HYPERV_STIMER_LAST; j++) {
+switch ((virDomainHypervStimer) j) {
+case VIR_DOMAIN_HYPERV_STIMER_DIRECT:
+if (def->hyperv_stimer_features[j] != 
VIR_TRISTATE_SWITCH_ON)
+continue;
+
+if (virAsprintf(, "__kvm_hv_stimer_%s",
+virDomainHypervStimerTypeToString(j)) 
< 0)
+return -1;
+
+rc = virCPUDataCheckFeature(cpu, cpuFeature);
+VIR_FREE(cpuFeature);
+
+if (rc < 0)
+return -1;
+else if (rc == 1)
+continue;
+
+

Re: [libvirt] [PATCH 4/6] conf: add support for Direct Mode for Hyper-V Synthetic timers

[Ján Tomko]

On Thu, Jul 25, 2019 at 03:52:16PM +0200, Vitaly Kuznetsov wrote:

Support 'Direct Mode' for Hyper-V Synthetic Timers in domain config.
Make it 'stimer' enlightenment option as it is not a separate thing.

Signed-off-by: Vitaly Kuznetsov 
---
docs/formatdomain.html.in |  10 ++-
docs/schemas/domaincommon.rng |  16 +++-
src/conf/domain_conf.c| 138 +++---
src/conf/domain_conf.h|   8 ++
src/cpu/cpu_x86.c |  51 +++--
src/cpu/cpu_x86_data.h|   2 +
src/libvirt_private.syms  |   2 +
7 files changed, 187 insertions(+), 40 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 1aaddb6d9b..a0723edad1 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2033,7 +2033,9 @@
vpindex state='on'/
runtime state='on'/
synic state='on'/
-stimer state='on'/
+stimer state='on'
+  direct state='on'/
+/stimer
reset state='on'/
vendor_id state='on' value='KVM Hv'/
frequencies state='on'/
@@ -2148,9 +2150,9 @@


  stimer
-  Enable SynIC timers
-  on, off
-  1.3.3 (QEMU 2.6)
+  Enable SynIC timers, optionally with Direct Mode support
+  on, off; direct - on,off
+  1.3.3 (QEMU 2.6), direct mode 5.6.0 (QEMU 
4.1)


  reset
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 763480440c..8cf1995748 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -5896,7 +5896,7 @@


  
-
+
  


@@ -5945,6 +5945,20 @@

  

+  
+  
+
+  
+
+  
+  
+
+  
+
+  
+
+  
+
  
  

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0574c69a46..779b4ed880 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -197,6 +197,11 @@ VIR_ENUM_IMPL(virDomainHyperv,
  "evmcs",
);

+VIR_ENUM_IMPL(virDomainHypervStimer,
+  VIR_DOMAIN_HYPERV_STIMER_LAST,
+  "direct",
+);


Do you anticipate more stimer "sub"-features in the future?
Having an enum with one value just to loop over an array with one
element and then switch()-ing across all the possible value seems
like overkill.


+
VIR_ENUM_IMPL(virDomainKVM,
  VIR_DOMAIN_KVM_LAST,
  "hidden",
@@ -20359,6 +20364,51 @@ virDomainDefParseXML(xmlDocPtr xml,
ctxt->node = node;
}

+if (def->features[VIR_DOMAIN_HYPERV_STIMER] == VIR_TRISTATE_SWITCH_ON) {
+int feature;
+int value;
+if ((n = virXPathNodeSet("./features/hyperv/stimer/*", ctxt, )) 
< 0)
+goto error;
+
+for (i = 0; i < n; i++) {
+feature = virDomainHypervStimerTypeFromString((const char 
*)nodes[i]->name);
+if (feature < 0) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("unsupported Hyper-V stimer feature: %s"),
+   nodes[i]->name);
+goto error;
+}
+
+switch ((virDomainHypervStimer) feature) {
+case VIR_DOMAIN_HYPERV_STIMER_DIRECT:
+if (!(tmp = virXMLPropString(nodes[i], "state"))) {
+virReportError(VIR_ERR_XML_ERROR,
+   _("missing 'state' attribute for "
+ "Hyper-V stimer feature '%s'"),
+   nodes[i]->name);
+goto error;
+}
+
+if ((value = virTristateSwitchTypeFromString(tmp)) < 0) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("invalid value of state argument "
+ "for Hyper-V stimer feature '%s'"),
+   nodes[i]->name);
+goto error;
+}
+
+VIR_FREE(tmp);
+def->hyperv_stimer_features[feature] = value;
+break;
+
+/* coverity[dead_error_begin] */
+case VIR_DOMAIN_HYPERV_STIMER_LAST:
+break;
+}
+}
+VIR_FREE(nodes);
+}
+
if (def->features[VIR_DOMAIN_FEATURE_KVM] == VIR_TRISTATE_SWITCH_ON) {
int feature;
int value;
@@ -22583,6 +22633,29 @@ virDomainDefFeaturesCheckABIStability(virDomainDefPtr 
src,
}
}

+if (src->hyperv_features[VIR_DOMAIN_HYPERV_STIMER] == 
VIR_TRISTATE_SWITCH_ON) {
+for (i = 0; i < VIR_DOMAIN_HYPERV_STIMER_LAST; i++) {
+switch ((virDomainHypervStimer) i) {
+case VIR_DOMAIN_HYPERV_STIMER_DIRECT:
+if (src->hyperv_stimer_features[i] != 
dst->hyperv_stimer_features[i]) {
+  

Re: [libvirt] [PATCH 13/41] remote: refactor & rename variables for building libvirtd

[Daniel P . Berrangé]

On Fri, Jul 26, 2019 at 05:46:38PM +0200, Andrea Bolognani wrote:
> On Fri, 2019-07-26 at 16:21 +0100, Daniel P. Berrangé wrote:
> > On Fri, Jul 26, 2019 at 05:19:56PM +0200, Andrea Bolognani wrote:
> > > [...]
> > > > +REMOTE_DAEMON_LD_ADD += \
> > > > +   ../gnulib/lib/libgnu.la \
> > > > +   $(LIBSOCKET) \
> > > > +   $(NULL)
> > > 
> > > As an aside, it looks like $(LIBSOCKET) is a leftover of days long
> > > gone and no longer used for anything.
> > 
> > It is something that gnulib defines. Whether it expands to a non-empty
> > string on any of our supported build platforms though, I don't know.
> 
> I tried removing it and ran it through the full gauntlet without
> getting any failures, so I'm pretty confident we don't need it. It'd
> be pretty weird if we did, since we have at least two other daemons
> already and neither of those is using it...

LIBSOCKET is set to -lws2_32 on Windows builds.

We don't build libvirtd on mingw though which is why you don't see
a problem. Previously we would have needed this for cygwin I expect
but that's not a supported build target

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 3/6] docs: formatdomain: move 'msrs' out of Hyper-V Enlightenments

[Ján Tomko]

On Thu, Jul 25, 2019 at 03:52:15PM +0200, Vitaly Kuznetsov wrote:

'msrs' is a feature unrelated to Hyper-V Enlightenments, the commit message
which added it and the test have it right:


Introduced by:
commit e9528f41c612fff334e958d5e5df197aa8e83792



   
 ...
 
 ...
   

Signed-off-by: Vitaly Kuznetsov 
---
docs/formatdomain.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 39/41] remote: refactor the code for choosing the UNIX socket path

[Andrea Bolognani]

On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
[...]
> +++ b/src/remote/remote_driver.c
> @@ -739,34 +739,35 @@ remoteConnectSupportsFeatureUnlocked(virConnectPtr conn,
> +static char *
> +remoteGetUNIXSocket(remoteDriverTransport transport,
> +unsigned int flags)
>  {
>  char *sockname = NULL;
> -char *userdir = virGetUserRuntimeDirectory();
> -
> -if (!userdir)
> -return NULL;
> +VIR_AUTOFREE(char *userdir);

This should be

  VIR_AUTOFREE(char *) userdir = NULL;

> @@ -964,6 +965,17 @@ doRemoteOpen(virConnectPtr conn,
> +if ((transport == REMOTE_DRIVER_TRANSPORT_UNIX ||
> + transport == REMOTE_DRIVER_TRANSPORT_SSH ||
> + transport == REMOTE_DRIVER_TRANSPORT_LIBSSH ||
> + transport == REMOTE_DRIVER_TRANSPORT_LIBSSH2) &&
> +!sockname &&
> +!(sockname = remoteGetUNIXSocket(transport, flags)))
> +goto failed;

The check for transport type should be implemented as a switch
statement for maximum futureproofness.


With at least the "userdir" declaration fixed,

  Reviewed-by: Andrea Bolognani 

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/6] docs: formatdomain: fix 'SynIC' spelling

[Ján Tomko]

On Thu, Jul 25, 2019 at 03:52:14PM +0200, Vitaly Kuznetsov wrote:

SynIC stands for 'Synthetic Interrupt Controller', it is not a NIC. Fix the
spelling in accordance with Hypervisor Top Level Functional Specification.

Signed-off-by: Vitaly Kuznetsov 
---
docs/formatdomain.html.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/6] docs: formatdomain: add synic flag to the example xml

[Ján Tomko]

s/synic/stimer/ in the summary

On Thu, Jul 25, 2019 at 03:52:13PM +0200, Vitaly Kuznetsov wrote:

The example XML we have contains all other Hyper-V Enlightenments but
'stimer' is missing.

Signed-off-by: Vitaly Kuznetsov 
---
docs/formatdomain.html.in | 1 +
1 file changed, 1 insertion(+)



Reviewed-by: Ján Tomko 

Jano


signature.asc
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] UID/GID during kvm/qemu migrate

[Stephan von Krawczynski]

Hello,

is there some immanent code in libvirt that forces UID/GID of the libvirt
standard user to be the same on two boxes migrating qemu vms against each
other?
The migration itself uses root obviously (password is requested). But if a vm
xml does not contain any definition regarding UID/GID what else could
prevent this from working?

I believe I ran into such a problem trying to migrate and ending up in an
error, a vm still working on original host but its fs (netfs pool (nfs/raw))
being switched to read-only...

-- 
Regards,
Stephan

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list