[Libvir] Building libvirt-0.3.3 on CentOS4
by Carl Jones
Hi,
I'm trying to build libvirt-0.3.3 on a CentOS4 machine. But I'm hitting
this error while running 'make':
./configure --with-init-script=redhat --without-qemu --without-remote
--without-test --with-xen --without-openvz --without-avahi
[...]
make[2]: Entering directory `/usr/src/redhat/SOURCES/libvirt-0.3.3/src'
gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../include -I../qemud
-I/usr/include/libxml2 -DBINDIR=\""/usr/local/libexec"\"
-DSBINDIR=\""/usr/local/sbin"\" -DSYSCONF_DIR="\"/usr/local/etc\""
-DLOCALEBASEDIR=\""/usr/local/share/locale"\"
-DLOCAL_STATE_DIR=\""/usr/local/var"\" -DGETTEXT_PACKAGE=\"libvirt\"
-Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wextra
-Wshadow -Wcast-align -Wwrite-strings -Waggregate-return
-Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables
-DWITH_XEN -g -O2 -MT virsh-virsh.o -MD -MP -MF .deps/virsh-virsh.Tpo
-c -o virsh-virsh.o `test -f 'virsh.c' || echo './'`virsh.c
virsh.c: In function `vshOutputLogFile':
virsh.c:4577: warning: implicit declaration of function `localtime'
virsh.c:4577: warning: nested extern declaration of `localtime'
virsh.c:4577: warning: assignment makes pointer from integer without a cast
virsh.c:4578: error: dereferencing pointer to incomplete type
virsh.c:4578: error: dereferencing pointer to incomplete type
virsh.c:4578: error: dereferencing pointer to incomplete type
virsh.c:4578: error: dereferencing pointer to incomplete type
virsh.c:4578: error: dereferencing pointer to incomplete type
virsh.c:4578: error: dereferencing pointer to incomplete type
make[2]: *** [virsh-virsh.o] Error 1
make[2]: Leaving directory `/usr/src/redhat/SOURCES/libvirt-0.3.3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/redhat/SOURCES/libvirt-0.3.3'
make: *** [all] Error 2
I've tried building from CVS, but that fails also (different issue). Any
ideas? I've grabbed the newer gnutls from CentOS5, and other
dependencies are already installed.
Regards,
Carl
16 years, 11 months
[Libvir] [PATCH] BZ#251641: Allow to change the cpu pinning for inactive domain
by Saori Fukuta
Hi,
I want to change the cpu pinning for inactive domain on RHEL-5.1.
So, I just add the xenXMDomainPinVcpu to xm_internal.c.
We will be allowed to change "cpus" parameter in configuration file
with "vcpupin" command by this patch, like "setmem" or "setvcpus".
There is 2 things to note:
- This is an effective feature for inactive domain with
Xen3.0.3 (less than 3 of xendConfigVersion).
- On the above environment, the number which specified as
<vcpu> is ignored, because the virtual CPUs is not present
when domain is shut off. So, when executing "vcpupin" command
with this option
# virsh vcpupin Guest 0 1
"0"(vcpu) is ignored and "1"(cpulist) is set to configuration file
as "cpus".
# cat /etc/xen/Guest | grep cpus
cpus = "1"
Regards,
Saori Fukuta
16 years, 11 months
[Libvir] [PATCH] (vshCloseLogFile): Diagnose close/write failure.
by Jim Meyering
I noticed a minor problem in vshCloseLogFile.
Although callers do check for log-file write failure,
this function doesn't check for close failure (which
can happen, and indicates a write failure).
I considered changing the function to return an int
and propagating that success/failure "up" to callers,
but that change is more invasive, and I'm not sure it's
desirable. If any of you prefer it, let me know and
I'll rewrite accordingly:
Also slightly ugly: ctl->logfile may be null, so if/when it is
(however unlikely), the diagnostic prints "?" as the file name
rather than trying to dereference a NULL pointer.
* src/virsh.c (vshCloseLogFile): Diagnose close/write failure.
---
src/virsh.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/virsh.c b/src/virsh.c
index 5b50524..86f5b8b 100644
--- a/src/virsh.c
+++ b/src/virsh.c
@@ -4643,7 +4643,9 @@ vshCloseLogFile(vshControl *ctl)
{
/* log file close */
if (ctl->log_fd >= 0) {
- close(ctl->log_fd);
+ if (close(ctl->log_fd) < 0)
+ vshError(ctl, FALSE, _("%s: failed to write log file: %s")
+ ctl->logfile ? ctl->logfile : "?", strerror (errno));
ctl->log_fd = -1;
}
--
1.5.3.6.961.gecf4
16 years, 11 months
[Libvir] [PATCH] When reporting errors, use "conn" whenever possible.
by Jim Meyering
Here's a first cut at cleaning up.
There are more ab/uses in other files, but nowhere near as
many as in this one, so I'm starting here:
When reporting errors, use "conn" whenever possible.
* src/remote_internal.c: change all error (NULL, ... to error (conn, ...
(check_cert_file): Add+use parameter, conn.
Adjust callers.
(initialise_gnutls): The "conn" parameter *is* used, so remove
ATTRIBUTE_UNUSED.
Suggested by Richard Jones.
---
src/remote_internal.c | 90 ++++++++++++++++++++++++------------------------
1 files changed, 45 insertions(+), 45 deletions(-)
diff --git a/src/remote_internal.c b/src/remote_internal.c
index c365ff8..40c12c7 100644
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -280,7 +280,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
else if (strcasecmp (transport_str, "tcp") == 0)
transport = trans_tcp;
else {
- error (NULL, VIR_ERR_INVALID_ARG,
+ error (conn, VIR_ERR_INVALID_ARG,
"remote_open: transport in URL not recognised "
"(should be tls|unix|ssh|ext|tcp)");
return VIR_DRV_OPEN_ERROR;
@@ -308,7 +308,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
server = strdup (uri->server ? uri->server : "localhost");
if (!server) {
out_of_memory:
- error (NULL, VIR_ERR_NO_MEMORY, "duplicating server name");
+ error (conn, VIR_ERR_NO_MEMORY, "duplicating server name");
goto failed;
}
if (uri->port != 0) {
@@ -394,7 +394,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
/* For ext transport, command is required. */
if (transport == trans_ext && !command) {
- error (NULL, VIR_ERR_INVALID_ARG, "remote_open: for 'ext' transport, command is required");
+ error (conn, VIR_ERR_INVALID_ARG, "remote_open: for 'ext' transport, command is required");
goto failed;
}
@@ -438,7 +438,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
hints.ai_flags = AI_ADDRCONFIG;
int e = getaddrinfo (server, port, &hints, &res);
if (e != 0) {
- error (NULL, VIR_ERR_INVALID_ARG, gai_strerror (e));
+ error (conn, VIR_ERR_INVALID_ARG, gai_strerror (e));
goto failed;
}
@@ -458,7 +458,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
priv->sock = socket (r->ai_family, SOCK_STREAM, 0);
if (priv->sock == -1) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
continue;
}
@@ -468,7 +468,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
sizeof no_slow_start);
if (connect (priv->sock, r->ai_addr, r->ai_addrlen) == -1) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
close (priv->sock);
continue;
}
@@ -504,12 +504,12 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
uid_t uid = getuid();
if (!(pw = getpwuid(uid))) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
if (asprintf (&sockname, "@%s" LIBVIRTD_USER_UNIX_SOCKET, pw->pw_dir) < 0) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
} else {
@@ -518,7 +518,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
else
sockname = strdup (LIBVIRTD_PRIV_UNIX_SOCKET);
if (sockname == NULL) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
}
@@ -539,7 +539,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
autostart_retry:
priv->sock = socket (AF_UNIX, SOCK_STREAM, 0);
if (priv->sock == -1) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
if (connect (priv->sock, (struct sockaddr *) &addr, sizeof addr) == -1) {
@@ -561,7 +561,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
goto autostart_retry;
}
}
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
@@ -576,7 +576,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
command = command ? : strdup ("ssh");
if (command == NULL) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
@@ -584,7 +584,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
// ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL]
cmd_argv = malloc (nr_args * sizeof (char *));
if (cmd_argv == NULL) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
@@ -611,7 +611,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
assert (j == nr_args);
for (j = 0; j < nr_args; j++)
if (cmd_argv[j] == NULL) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (ENOMEM));
goto failed;
}
}
@@ -626,13 +626,13 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
* to faff around with two file descriptors (a la 'pipe(2)').
*/
if (socketpair (PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
pid = fork ();
if (pid == -1) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
} else if (pid == 0) { /* Child. */
close (sv[0]);
@@ -647,7 +647,7 @@ doRemoteOpen (virConnectPtr conn, struct private_data *priv,
if (!cmd_argv) {
cmd_argv = malloc (2 * sizeof (char *));
if (cmd_argv == NULL) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
goto failed;
}
cmd_argv[0] = command;
@@ -724,7 +724,7 @@ remoteOpen (virConnectPtr conn, xmlURIPtr uri, int flags)
priv = malloc (sizeof(struct private_data));
if (!priv) {
- error (NULL, VIR_ERR_NO_MEMORY, "struct private_data");
+ error (conn, VIR_ERR_NO_MEMORY, "struct private_data");
return VIR_DRV_OPEN_ERROR;
}
@@ -947,11 +947,11 @@ static gnutls_certificate_credentials_t x509_cred;
static int
-check_cert_file (const char *type, const char *file)
+check_cert_file (virConnectPtr conn, const char *type, const char *file)
{
struct stat sb;
if (stat(file, &sb) < 0) {
- __virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
+ __virRaiseError (conn, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
"Cannot access %s '%s': %s (%d)",
type, file, strerror(errno), errno);
@@ -962,7 +962,7 @@ check_cert_file (const char *type, const char *file)
static int
-initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
+initialise_gnutls (virConnectPtr conn)
{
static int initialised = 0;
int err;
@@ -974,16 +974,16 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
/* X509 stuff */
err = gnutls_certificate_allocate_credentials (&x509_cred);
if (err) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return -1;
}
- if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0)
+ if (check_cert_file(conn, "CA certificate", LIBVIRT_CACERT) < 0)
return -1;
- if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0)
+ if (check_cert_file(conn, "client key", LIBVIRT_CLIENTKEY) < 0)
return -1;
- if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0)
+ if (check_cert_file(conn, "client certificate", LIBVIRT_CLIENTCERT) < 0)
return -1;
/* Set the trusted CA cert. */
@@ -994,7 +994,7 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
gnutls_certificate_set_x509_trust_file (x509_cred, LIBVIRT_CACERT,
GNUTLS_X509_FMT_PEM);
if (err < 0) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return -1;
}
@@ -1009,7 +1009,7 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
LIBVIRT_CLIENTKEY,
GNUTLS_X509_FMT_PEM);
if (err < 0) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return -1;
}
@@ -1035,21 +1035,21 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
*/
err = gnutls_init (&session, GNUTLS_CLIENT);
if (err) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return NULL;
}
/* Use default priorities */
err = gnutls_set_default_priority (session);
if (err) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return NULL;
}
err =
gnutls_certificate_type_set_priority (session,
cert_type_priority);
if (err) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return NULL;
}
@@ -1057,7 +1057,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
*/
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
if (err) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return NULL;
}
@@ -1070,7 +1070,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
if (err < 0) {
if (err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
goto again;
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (err));
return NULL;
}
@@ -1091,11 +1091,11 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
if (len < 0 && len != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) {
if (len == GNUTLS_E_AGAIN || len == GNUTLS_E_INTERRUPTED)
goto again_2;
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (len));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (len));
return NULL;
}
if (len != 1 || buf[0] != '\1') {
- error (NULL, VIR_ERR_RPC,
+ error (conn, VIR_ERR_RPC,
"server verification (of our certificate or IP address) failed\n");
return NULL;
}
@@ -1120,12 +1120,12 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
time_t now;
if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
return -1;
}
if ((now = time(NULL)) == ((time_t)-1)) {
- error (NULL, VIR_ERR_SYSTEM_ERROR, strerror (errno));
+ error (conn, VIR_ERR_SYSTEM_ERROR, strerror (errno));
return -1;
}
@@ -1146,17 +1146,17 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
reason = "The certificate uses an insecure algorithm";
#endif
- error (NULL, VIR_ERR_RPC, reason);
+ error (conn, VIR_ERR_RPC, reason);
return -1;
}
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) {
- error (NULL, VIR_ERR_RPC, "Certificate type is not X.509");
+ error (conn, VIR_ERR_RPC, "Certificate type is not X.509");
return -1;
}
if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
- error (NULL, VIR_ERR_RPC, "gnutls_certificate_get_peers failed");
+ error (conn, VIR_ERR_RPC, "gnutls_certificate_get_peers failed");
return -1;
}
@@ -1165,25 +1165,25 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
ret = gnutls_x509_crt_init (&cert);
if (ret < 0) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
return -1;
}
ret = gnutls_x509_crt_import (cert, &certs[i], GNUTLS_X509_FMT_DER);
if (ret < 0) {
- error (NULL, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
+ error (conn, VIR_ERR_GNUTLS_ERROR, gnutls_strerror (ret));
gnutls_x509_crt_deinit (cert);
return -1;
}
if (gnutls_x509_crt_get_expiration_time (cert) < now) {
- error (NULL, VIR_ERR_RPC, "The certificate has expired");
+ error (conn, VIR_ERR_RPC, "The certificate has expired");
gnutls_x509_crt_deinit (cert);
return -1;
}
if (gnutls_x509_crt_get_activation_time (cert) > now) {
- error (NULL, VIR_ERR_RPC, "The certificate is not yet activated");
+ error (conn, VIR_ERR_RPC, "The certificate is not yet activated");
gnutls_x509_crt_deinit (cert);
return -1;
}
@@ -1191,7 +1191,7 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
if (i == 0) {
if (!gnutls_x509_crt_check_hostname (cert, hostname)) {
__virRaiseError
- (NULL, NULL, NULL,
+ (conn, NULL, NULL,
VIR_FROM_REMOTE, VIR_ERR_RPC,
VIR_ERR_ERROR, hostname, NULL, NULL,
0, 0,
@@ -2390,7 +2390,7 @@ remoteNetworkOpen (virConnectPtr conn,
struct private_data *priv = malloc (sizeof(struct private_data));
int ret, rflags = 0;
if (!priv) {
- error (NULL, VIR_ERR_NO_MEMORY, "struct private_data");
+ error (conn, VIR_ERR_NO_MEMORY, "struct private_data");
return VIR_DRV_OPEN_ERROR;
}
if (flags & VIR_DRV_OPEN_RO)
--
1.5.3.6.950.g92b7b
16 years, 11 months
[Libvir] [PATCH] add a gcc-printf attribute to remoteDispatchError
by Jim Meyering
Spotted this a week ago:
add a gcc-printf attribute to remoteDispatchError
diff --git a/qemud/remote.c b/qemud/remote.c
index f4d76a1..047cae7 100644
--- a/qemud/remote.c
+++ b/qemud/remote.c
@@ -54,7 +54,8 @@
static void remoteDispatchError (struct qemud_client *client,
remote_message_header *req,
- const char *fmt, ...);
+ const char *fmt, ...)
+ ATTRIBUTE_FORMAT(printf, 3, 4);
static virDomainPtr get_nonnull_domain (virConnectPtr conn, remote_nonnull_domain domain);
static virNetworkPtr get_nonnull_network (virConnectPtr conn, remote_nonnull_network network);
static void make_nonnull_domain (remote_nonnull_domain *dom_dst, virDomainPtr dom_src);
--
1.5.3.6.950.g92b7b
16 years, 11 months
[Libvir] [PATCH] Compile libvirt under Windows (Cygwin)
by Richard W.M. Jones
The following patchset allows an incomplete compilation of libvirt under
Windows using Cygwin. Current limitations are:
(1) Xen driver does not work. This is not an important limitation
because Windows cannot act as dom0 in a Xen hypervisor anyway (or if it
can, it's not a very common configuration).
(2) QEMU driver / libvirtd cannot be compiled. It's probably not too
hard to fix this. The major area of concern is networking, in
particular the very Linux-specific code in src/bridge.c.
(2b) I have assumed for the purposes of (2) above that ./configure
--without-qemu also disables libvirtd (server) support. QEMU and
libvirtd are too entangled at the moment.
(3) Cygwin is required. In other words, there is no true native
compilation using VC++ or anything like that. However you still get
*.exe files, so maybe this isn't an important limitation.
Attached is a screenshot showing virsh being used to list QEMU instances
over a TLS-encrypted remote connection.
To compile this yourself:
(a) Set up a Windows machine with plenty of free disk space (10GB+).
(b) Install Cygwin (http://www.cygwin.com/). Cygwin has an obscure,
unusable packaging system. The trick is to click the "recycling symbol"
next to "All". This will download and install everything. You may if
you prefer install just the packages you need, but the list of
dependencies is long and currently undocumented.
(c) Check out libvirt from CVS, apply these patches.
(d) rm qemud/remote_protocol.[ch] qemud/remote_dispatch_*.h
(e) ./configure --without-xen --without-qemu
(f) make -C qemud remote_protocol.c
(g) make
(h) make install
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
16 years, 11 months
[Libvir] Bindings for ruby
by Grabber
Yeah!
I'm new to list! I search in archive and google for infomartions about
bindings for ruby scripting language. I found some peoples saying ideas to
organize class and structs, others using SWIG to simple generate the .so
file compatible with ruby. But.... today how are the work? I'm confusing,
SWIG can generate really good codes or the better way is develop by hand?
--
Regards,
Luiz Vitor Martinez Cardoso [Grabber].
16 years, 11 months
[Libvir] PATCH: 0/4: Remote authentication support
by Daniel P. Berrange
This is the 2nd iteration of my remote authentication / SASL patches
previously provided here:
http://www.redhat.com/archives/libvir-list/2007-October/msg00131.html
In this iteration I've changed the wire protocol to give better compatability
with older libvirt clients. My previous version clients would get a cryptic
"unknown status 3"
if the server was mandating authentication. This is because I extended the
reply codes for RPC to include a specific 'auth required' code which old
clients are not expecting. The idea was that the new client would run the
REMOTE_PROC_OPEN rpc call & it would return a special NEED_AUTH code, the
client would then authenticate & redo the REMOTE_PROC_OPEN.
In the new way of doing things, instead of calling REMOTE_PROC_OPEN as the
first RPC, a new client will do REMOTE_PROC_AUTH_LIST to query auth types
required by the server. It will choose an auth method (there may be several
to choose from), then complete the auth sequence. Only then will it try to
do the REMOTE_PROC_OPEN. For compatability with older servers which do not
implement the REMOTE_PROC_AUTH_LIST rpc, it will catch & ignore the error
this may generate. Old clients which don't know to call REMOTE_PROC_AUTH_LIST
will get a proper virErrorPtr object returned from REMOTE_PROC_OPEN with
a clear 'authentication required' message.
The end result is that new client <-> new server has same level of functionality
as my previous patches, and old client <-> new server gets friendly errors
reported (if server mandates auth - if no auth is enabled old client works
just fine).
The main outstanding item to be finalized before these patches can be added
to CVS is the question of callbacks. For some auth methods we need to be
able to gather credentials from the user. There is no way for the caller
to know ahead of time what credentials are needed, because this is deterined
by the config of the server. Thus we need callbacks in some form.
I've come up with a couple of ideas...
1. A global method to supply a list of callbacks per credential type:
enum {
VIR_CONN_AUTH_PASSWORD,
VIR_CONN_AUTH_USERNAME,
VIR_CONN_AUTH_LANG,
VIR_CONN_AUTH_CHALLENGE,
VIR_CONN_AUTH_REALM,
} virConnectAuthToken;
typedef int (virConnectAuthCBSimple)(const char **result, unsigned *len);
typedef int (virConnectAuthCBPrompt)(const char *challenge, const char *prompt,
const char *defresult,
const char *result, unsigned *len);
typedef int (virConnetAuthCBRealm)(const char **availrealms, const char *result);
typedef struct {
int token;
union {
virConnectAuthCBSimple simple;
virConnectAuthCBPrompt prompt;
virConnectAuthCBRealm realm;
} cb;
} virConnectAuthCallback;
virConnectSetAuthCallbacks(virConnectAuthCallback *cbs, int ncbs)
This is described a little more here:
http://www.redhat.com/archives/libvir-list/2007-January/msg00024.html
2. A new variant of virConnectOpen which takes a callback. The callback
gives invoked with a list of required credentials
struct _virConnectInteract {
int type; /* One of virConnectInteractType constants */
const char *prompt;
const char *challenge;
const char *defresult;
char *result;
unsigned int resultlen;
};
typedef struct _virConnectInteract virConnectInteract;
typedef virConnectInteract *virConnectInteractPtr;
/**
* When authentication requires one or more interactions, this callback
* is invoked. For each interaction supplied, data must be gathered
* from the user and filled in to the 'result' and 'resultlen' fields.
* If an interaction can not be filled, fill in NULL and 0.
*
* Return 0 if all interactions were filled, or -1 upon error
*/
typedef int (*virConnectAuthCallbackPtr)(const char *uri,
virConnectInteractPtr interact,
unsigned int ninteract);
virConnectPtr virConnectOpenAuth (const char *name,
virConnectAuthCallbackPtr cb,
int flags);
Iternally the virConnectOpen & virConnectOpenReadOnly can both just be
delegating to this new virConnectOpenAuth call. Existing users of libvirt
won't know about this new call, but that doesn't matter because they're
not loosing any functionality - merely not able to put up UI to prompt
for auth credentials/
The compelling thing about the 2nd way of doing things is that the callback
gets a complete list of all required data items at once. This makes it
very easy to present a UI with form entry fields for all items. The first
way where there is a separate callback per item makes UI very hard.
There is one issue not addressed by those two options though - there may be
a choice of authentication methods to use. eg SASL vs PolicyKit. The callback
only provides a way to supply credentials, no way to choose between auth
types if a server offers more than one.
Again there's a couple of ways to address this.
1. A global method to set preferred auth type. Simply a sorted list of
auth types. Internally, we pick the first auth type in this list that
the server supports
virConnectSetAuthPriority(int types[], int ntypes);
2. A 2nd callback providing the int types[] and letting the client app
choose which one they want to use per connection.
3. Separate out the operation of creating a virConnectPtr object, from the
act of connecting, eg
/* Allocate a handle */
virConnectPtr virConnectNew(const char *uri);
/* List available auth methods */
int virConnectListAuth(virConnectPtr conn, int **types, int *ntypes);
/* Connect to HV, with a speciifc auth method */
int virConnectInit(virConnectPtr conn, int auth);
Any of these three, can be combined with either of the 2 options for supplying
auth credentials. So we've got a choice of 6 :-)
My preference, is to go for option 2, of the credentials choice, and
option 1 of the auth type priority choice. eg a static priority list for
auth types, and a single callback passed into a new virConnectOpenAuth()
call.
The final tedious bit, is the question of how we deal with underlying HV
which may need further authentication. eg, if connecting to XenAPI we may
need to provide a username & password. If the XenAPI connection is being
made through a local libvirt driver hooking up the callbacks as described
is fairly easy. If the XenAPI connection is made indirectly via the
remote driver, then we have two drivers requiring auth - the initial remote
driver, and then the remotely run XenAPi driver. This would need us to
figure out a way to hook up the callbacks to the REMOTE_PROC_OPEN api
call. Not pleasant !
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
16 years, 11 months