Re: [Libvir] [patch 1/2] Do not try and delete built-in iptables chains
by Daniel P. Berrange
On Mon, Jan 07, 2008 at 06:12:37PM +0000, Mark McLoughlin wrote:
> Previously, when we supported adding our rules to chains
> with a custom prefix (e.g. libvirt-Fedora-POSTROUTING)
> we needed to be able to handle adding and deleting these
> custom chains.
>
> Now that we only use built-in iptables chains, we don't
> need to add or delete them - in fact, deleting them is
> not allowed.
ACK
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
17 years
[Libvir] PATCH: BZ 426425: Fix truncated reading of config files
by Daniel P. Berrange
The virConfReadFile API has a fixed 4096 byte buffer it reads the config
file into, regardless of the config file size and silently drops any data
exceeding this.
This manifested itself in the 0.4.0 release by the fact that toggling the
'auth_unix_ro' config param from 'polkit' to 'none' had no effect at all.
It turns out that with the user friendly verbose comments I added to the
config file /etc/libvirt/libvirtd.cofn, the 'auth_unix_ro' param occurred
beyond the 4096 byte mark in the file and was thus never read.
In fixing this I decided to make virConfReadFile call to the recently
added virFileReadAll() method. Except the latter takes a pre-allocated
buffer as its input. So I've switched virFileReadAll() to pass in a
char **, and auto-allocate the file as needed. As a sanity check there
is also a 'maxlen' param to stop it reading stupidly huge files - for
reading large files virFileReadll() shouldn't be used - they should be
read incrementally.
Finally, also added a larger test data file to trap this error case
src/conf.c | 27 ++---
src/qemu_conf.c | 6 -
src/util.c | 22 ++--
src/util.h | 4
tests/confdata/libvirtd.conf | 222 +++++++++++++++++++++++++++++++++++++++++++
tests/confdata/libvirtd.out | 180 ++++++++++++++++++++++++++++++++++
tests/test_conf.sh | 3
7 files changed, 441 insertions(+), 23 deletions(-)
Index: src/conf.c
===================================================================
RCS file: /data/cvs/libvirt/src/conf.c,v
retrieving revision 1.15
diff -u -p -u -p -r1.15 conf.c
--- src/conf.c 11 Dec 2007 21:57:29 -0000 1.15
+++ src/conf.c 3 Jan 2008 18:58:47 -0000
@@ -21,6 +21,7 @@
#include "internal.h"
#include "buf.h"
#include "conf.h"
+#include "util.h"
/************************************************************************
* *
@@ -693,6 +694,9 @@ error:
* *
************************************************************************/
+/* 10 MB limit on config file size as a sanity check */
+#define MAX_CONFIG_FILE_SIZE (1024*1024*10)
+
/**
* __virConfReadFile:
* @filename: the path to the configuration file.
@@ -705,26 +709,25 @@ error:
virConfPtr
__virConfReadFile(const char *filename)
{
- char content[4096];
- int fd;
+ char *content;
int len;
+ virConfPtr conf;
if (filename == NULL) {
virConfError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__, 0);
return(NULL);
}
- fd = open(filename, O_RDONLY);
- if (fd < 0) {
+
+ if ((len = virFileReadAll(filename, MAX_CONFIG_FILE_SIZE, &content)) < 0) {
virConfError(NULL, VIR_ERR_OPEN_FAILED, filename, 0);
- return(NULL);
+ return NULL;
}
- len = read(fd, content, sizeof(content));
- close(fd);
- if (len <= 0) {
- virConfError(NULL, VIR_ERR_READ_FAILED, filename, 0);
- return(NULL);
- }
- return(virConfParse(filename, content, len));
+
+ conf = virConfParse(filename, content, len);
+
+ free(content);
+
+ return conf;
}
/**
Index: src/qemu_conf.c
===================================================================
RCS file: /data/cvs/libvirt/src/qemu_conf.c,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 qemu_conf.c
--- src/qemu_conf.c 11 Dec 2007 21:57:29 -0000 1.24
+++ src/qemu_conf.c 3 Jan 2008 18:58:48 -0000
@@ -2604,7 +2604,7 @@ int qemudScanConfigDir(struct qemud_driv
}
while ((entry = readdir(dir))) {
- char xml[QEMUD_MAX_XML_LEN];
+ char *xml;
char path[PATH_MAX];
char autostartLink[PATH_MAX];
@@ -2626,13 +2626,15 @@ int qemudScanConfigDir(struct qemud_driv
continue;
}
- if (virFileReadAll(path, xml, QEMUD_MAX_XML_LEN) < 0)
+ if (virFileReadAll(path, QEMUD_MAX_XML_LEN, &xml) < 0)
continue;
if (isGuest)
qemudLoadConfig(driver, entry->d_name, path, xml, autostartLink);
else
qemudLoadNetworkConfig(driver, entry->d_name, path, xml, autostartLink);
+
+ free(xml);
}
closedir(dir);
Index: src/util.c
===================================================================
RCS file: /data/cvs/libvirt/src/util.c,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 util.c
--- src/util.c 7 Dec 2007 14:45:39 -0000 1.10
+++ src/util.c 3 Jan 2008 18:58:48 -0000
@@ -272,8 +272,8 @@ ssize_t safewrite(int fd, const void *bu
int virFileReadAll(const char *path,
- char *buf,
- unsigned int buflen)
+ int maxlen,
+ char **buf)
{
FILE *fh;
struct stat st;
@@ -296,20 +296,28 @@ int virFileReadAll(const char *path,
goto error;
}
- if (st.st_size >= (buflen-1)) {
- virLog("File '%s' is too large", path);
+ if (st.st_size > maxlen) {
+ virLog("File '%s' is too large %d, max %d", path, st.st_size, maxlen);
goto error;
}
- if ((ret = fread(buf, st.st_size, 1, fh)) != 1) {
+ *buf = malloc(st.st_size + 1);
+ if (*buf == NULL) {
+ virLog("Failed to allocate data");
+ goto error;
+ }
+
+ if ((ret = fread(*buf, st.st_size, 1, fh)) != 1) {
+ free(buf);
+ buf = NULL;
virLog("Failed to read config file '%s': %s",
path, strerror(errno));
goto error;
}
- buf[st.st_size] = '\0';
+ (*buf)[st.st_size] = '\0';
- ret = 0;
+ ret = st.st_size;
error:
if (fh)
Index: src/util.h
===================================================================
RCS file: /data/cvs/libvirt/src/util.h,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 util.h
--- src/util.h 3 Dec 2007 14:30:47 -0000 1.4
+++ src/util.h 3 Jan 2008 18:58:48 -0000
@@ -33,8 +33,8 @@ int saferead(int fd, void *buf, size_t c
ssize_t safewrite(int fd, const void *buf, size_t count);
int virFileReadAll(const char *path,
- char *buf,
- unsigned int buflen);
+ int maxlen,
+ char **buf);
int virFileMatchesNameSuffix(const char *file,
const char *name,
Index: tests/test_conf.sh
===================================================================
RCS file: /data/cvs/libvirt/tests/test_conf.sh,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 test_conf.sh
--- tests/test_conf.sh 14 Nov 2007 10:35:59 -0000 1.2
+++ tests/test_conf.sh 3 Jan 2008 18:58:48 -0000
@@ -8,6 +8,9 @@ do
diff $outfile conftest.$$ > /dev/null
if [ $? != 0 ]
then
+ if [ -n "$DEBUG_TESTS" ]; then
+ diff -u $outfile conftest.$$
+ fi
echo "$f FAILED"
NOK=1
else
Index: tests/confdata/libvirtd.conf
===================================================================
RCS file: tests/confdata/libvirtd.conf
diff -N tests/confdata/libvirtd.conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ tests/confdata/libvirtd.conf 3 Jan 2008 18:58:48 -0000
@@ -0,0 +1,222 @@
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+
+
+#################################################################
+#
+# Network connectivitiy controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is neccessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+tls_port = "16514"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+tcp_port = "16509"
+
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+mdns_adv = 0
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+mdns_name = "Virtualization Host Joe Demo"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = "libvirt"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+unix_sock_ro_perms = "0777"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = "0770"
+
+
+
+#################################################################
+#
+# Authentication.
+#
+# - none: do not perform auth checks. If you can connect to the
+# socket you are allowed. This is suitable if there are
+# restrictions on connecting to the socket (eg, UNIX
+# socket permissions), or if there is a lower layer in
+# the network providing auth (eg, TLS/x509 certificates)
+#
+# - sasl: use SASL infrastructure. The actual auth scheme is then
+# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+# For non-TCP or TLS sockets, any scheme is allowed.
+#
+# - polkit: use PolicyKit to authenticate. This is only suitable
+# for use on the UNIX sockets. The default policy will
+# require a user to supply their own password to gain
+# full read/write access (aka sudo like), while anyone
+# is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = "none"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = "none"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+auth_tcp = "sasl"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+auth_tls = "none"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+key_file = "/etc/pki/libvirt/private/serverkey.pem"
+
+# Override the default server certificate file path
+#
+cert_file = "/etc/pki/libvirt/servercert.pem"
+
+# Override the default CA certificate path
+#
+ca_file = "/etc/pki/CA/cacert.pem"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+crl_file = "/etc/pki/CA/crl.pem"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+tls_no_verify_certificate = 1
+
+
+# A whitelist of allowed x509 Distinguished Names
+# This list may contain wildcards such as
+#
+# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+tls_allowed_dn_list = ["DN1", "DN2"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+# "*(a)EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+sasl_allowed_username_list = ["joe(a)EXAMPLE.COM", "fred(a)EXAMPLE.COM" ]
+
+
Index: tests/confdata/libvirtd.out
===================================================================
RCS file: tests/confdata/libvirtd.out
diff -N tests/confdata/libvirtd.out
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ tests/confdata/libvirtd.out 3 Jan 2008 18:58:48 -0000
@@ -0,0 +1,180 @@
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+#################################################################
+#
+# Network connectivitiy controls
+#
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is neccessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+tls_port = "16514"
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+tcp_port = "16509"
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+mdns_adv = 0
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+mdns_name = "Virtualization Host Joe Demo"
+#################################################################
+#
+# UNIX socket access controls
+#
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = "libvirt"
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+unix_sock_ro_perms = "0777"
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = "0770"
+#################################################################
+#
+# Authentication.
+#
+# - none: do not perform auth checks. If you can connect to the
+# socket you are allowed. This is suitable if there are
+# restrictions on connecting to the socket (eg, UNIX
+# socket permissions), or if there is a lower layer in
+# the network providing auth (eg, TLS/x509 certificates)
+#
+# - sasl: use SASL infrastructure. The actual auth scheme is then
+# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+# For non-TCP or TLS sockets, any scheme is allowed.
+#
+# - polkit: use PolicyKit to authenticate. This is only suitable
+# for use on the UNIX sockets. The default policy will
+# require a user to supply their own password to gain
+# full read/write access (aka sudo like), while anyone
+# is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = "none"
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = "none"
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+auth_tcp = "sasl"
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+auth_tls = "none"
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+# Override the default server key file path
+#
+key_file = "/etc/pki/libvirt/private/serverkey.pem"
+# Override the default server certificate file path
+#
+cert_file = "/etc/pki/libvirt/servercert.pem"
+# Override the default CA certificate path
+#
+ca_file = "/etc/pki/CA/cacert.pem"
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+crl_file = "/etc/pki/CA/crl.pem"
+#################################################################
+#
+# Authorization controls
+#
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+tls_no_verify_certificate = 1
+# A whitelist of allowed x509 Distinguished Names
+# This list may contain wildcards such as
+#
+# "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+tls_allowed_dn_list = [ "DN1", "DN2" ]
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+# "*(a)EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+sasl_allowed_username_list = [ "joe(a)EXAMPLE.COM", "fred(a)EXAMPLE.COM" ]
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
17 years
[Libvir] [PATCH] Xen: Support cpu_weight and cpu_cap for Xen.
by Tatsuro Enokura
Hi,
I set the information of cpu_weight/cpu_cap to configuration file or
sxp format, and execute "virsh start".
But the information of weight/cap is lost.
libvirt doesn't support cpu_weight and cpu_cap for XML format.
see also Bz#337591
https://bugzilla.redhat.com/show_bug.cgi?id=337591
I make a patch to add weight/cap attributes as vcpus element
(eg. <vcpus weight='512' cap='280'>4</vcpus>)
c.f. the thread at:
https://www.redhat.com/archives/libvir-list/2007-October/msg00044.html
Signed-off-by: Tatsuro Enokura <fj7716hz(a)aa.jp.fujitsu.com>
Thanks,
Tatsuro Enokura
Index: libvirt/src/xend_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/xend_internal.c,v
retrieving revision 1.151
diff -u -p -r1.151 xend_internal.c
--- libvirt/src/xend_internal.c 22 Oct 2007 20:28:55 -0000 1.151
+++ libvirt/src/xend_internal.c 24 Oct 2007 06:02:27 -0000
@@ -1438,8 +1438,19 @@ xend_parse_sexp_desc(virConnectPtr conn,
if ((cur_mem >= MIN_XEN_GUEST_SIZE) && (cur_mem != max_mem))
virBufferVSprintf(&buf, " <currentMemory>%d</currentMemory>\n",
cur_mem);
- virBufferVSprintf(&buf, " <vcpu>%d</vcpu>\n",
+ virBufferVSprintf(&buf, " <vcpu");
+ if (sexpr_node(root, "domain/cpu_weight") != NULL) {
+ virBufferVSprintf(&buf, " weight='%d'",
+ sexpr_int(root, "domain/cpu_weight"));
+ }
+ if (sexpr_node(root, "domain/cpu_cap") != NULL) {
+ virBufferVSprintf(&buf, " cap='%d'",
+ sexpr_int(root, "domain/cpu_cap"));
+ }
+ virBufferVSprintf(&buf, ">%d</vcpu>\n",
sexpr_int(root, "domain/vcpus"));
+
+
tmp = sexpr_node(root, "domain/on_poweroff");
if (tmp != NULL)
virBufferVSprintf(&buf, " <on_poweroff>%s</on_poweroff>\n", tmp);
Index: libvirt/src/xm_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/xm_internal.c,v
retrieving revision 1.41
diff -u -p -r1.41 xm_internal.c
--- libvirt/src/xm_internal.c 10 Oct 2007 17:55:38 -0000 1.41
+++ libvirt/src/xm_internal.c 24 Oct 2007 06:02:28 -0000
@@ -661,9 +661,14 @@ char *xenXMDomainFormatXML(virConnectPtr
virBufferVSprintf(buf, " <memory>%ld</memory>\n", val * 1024);
+ virBufferVSprintf(buf, " <vcpu");
+ if (xenXMConfigGetInt(conf, "cpu_weight", &val) == 0)
+ virBufferVSprintf(buf, " weight='%ld'", val);
+ if (xenXMConfigGetInt(conf, "cpu_cap", &val) == 0)
+ virBufferVSprintf(buf, " cap='%ld'", val);
if (xenXMConfigGetInt(conf, "vcpus", &val) < 0)
val = 1;
- virBufferVSprintf(buf, " <vcpu>%ld</vcpu>\n", val);
+ virBufferVSprintf(buf, ">%ld</vcpu>\n", val);
if (xenXMConfigGetString(conf, "on_poweroff", &str) < 0)
@@ -1820,6 +1825,12 @@ virConfPtr xenXMParseXMLToConfig(virConn
if (xenXMConfigSetIntFromXPath(conn, conf, ctxt, "vcpus", "string(/domain/vcpu)", 0, 1,
"cannot set vcpus config parameter") < 0)
goto error;
+ if (xenXMConfigSetIntFromXPath(conn, conf, ctxt, "cpu_weight", "string(/domain/vcpu/@weight)", 0, 1,
+ "cannot set cpu_weight config paramerter") < 0)
+ goto error;
+ if (xenXMConfigSetIntFromXPath(conn, conf, ctxt, "cpu_cap", "string(/domain/vcpu/@cap)", 0, 1,
+ "cannot set cpu_cap config paramerter") < 0)
+ goto error;
obj = xmlXPathEval(BAD_CAST "string(/domain/os/type)", ctxt);
if ((obj != NULL) && (obj->type == XPATH_STRING) &&
Index: libvirt/src/xml.c
===================================================================
RCS file: /data/cvs/libvirt/src/xml.c,v
retrieving revision 1.94
diff -u -p -r1.94 xml.c
--- libvirt/src/xml.c 23 Oct 2007 15:31:33 -0000 1.94
+++ libvirt/src/xml.c 24 Oct 2007 06:02:28 -0000
@@ -1529,6 +1529,12 @@ virDomainParseXMLDesc(virConnectPtr conn
vcpus = (unsigned int) f;
}
virBufferVSprintf(&buf, "(vcpus %u)", vcpus);
+ if (virXPathNumber("number(/domain/vcpu[1]/@weight)", ctxt, &f) == 0) {
+ virBufferVSprintf(&buf, "(cpu_weight %ld)", (long) f);
+ }
+ if (virXPathNumber("number(/domain/vcpu[1]/@cap)", ctxt, &f) == 0) {
+ virBufferVSprintf(&buf, "(cpu_cap %ld)", (long) f);
+ }
str = virXPathString("string(/domain/vcpu/@cpuset)", ctxt);
if (str != NULL) {
17 years
[Libvir] OCaml bindings - Windows installer
by Richard W.M. Jones
This is a Windows installer for the OCaml libvirt bindings and programs:
http://libvirt.org/sources/ocaml/ocaml-libvirt-0.4.0.1.exe
If someone has a 'virgin' Windows system and could test that the above
installer works, particularly for Windows < Vista and for Windows which
has not had any GTK/MinGW development tools installed. About 90% of the
size of the installer is down to the GTK DLLs and configuration files
which need to be carried along to support the GTK graphical program
(Virt Control). It's possible that I haven't placed the GTK files in
exactly the right place, so instead it is using my own GTK development
environment.
Screenshots showing the installer in action:
http://annexia.org/tmp/wininstaller-1-desktop.png
Desktop, nothing installed, showing the installer icon.
http://annexia.org/tmp/wininstaller-2-packages.png
List of required, recommended and optional subpackages.
http://annexia.org/tmp/wininstaller-3-instpath.png
Select the installation path.
http://annexia.org/tmp/wininstaller-4-installdone.png
Install complete. Notice the desktop icons, ...
http://annexia.org/tmp/wininstaller-5-menu.png
... and the menu entries and uninstaller program.
http://annexia.org/tmp/wininstaller-6-virtctrl.png
Running Virt Control.
http://annexia.org/tmp/wininstaller-7-uninstall.png
After uninstall. Notice that the desktop icons have gone.
The installer uses NSIS (the Nullsoft Scriptable Install System,
http://nsis.sf.net/) and is reasonably well integrated into the autoconf
/ make build system. In particular if you are compiling under Windows
and NSIS is installed, then a simple './configure --with-nsis; make
wininstaller' will build a Windows installer.
This is something to look at if libvirt wants/needs a Windows installer.
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
17 years
[Libvir] [patch 2/2] Enable stdout/stderr spew with --enable-debug
by Mark McLoughlin
Change virExec() such that with --enable-debug, stdout
and stderr no longer go to /dev/null.
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
Index: libvirt/src/util.c
===================================================================
--- libvirt.orig/src/util.c 2008-01-07 18:00:03.000000000 +0000
+++ libvirt.orig/src/util.c 2008-01-07 18:00:03.000000000 +0000
@@ -157,10 +157,17 @@ _virExec(virConnectPtr conn,
if (dup2(infd >= 0 ? infd : null, STDIN_FILENO) < 0)
_exit(1);
+#ifndef ENABLE_DEBUG
if (dup2(pipeout[1] > 0 ? pipeout[1] : null, STDOUT_FILENO) < 0)
_exit(1);
if (dup2(pipeerr[1] > 0 ? pipeerr[1] : null, STDERR_FILENO) < 0)
_exit(1);
+#else /* ENABLE_DEBUG */
+ if (pipeout[1] > 0 && dup2(pipeout[1], STDOUT_FILENO) < 0)
+ _exit(1);
+ if (pipeerr[1] > 0 && dup2(pipeerr[1], STDERR_FILENO) < 0)
+ _exit(1);
+#endif /* ENABLE_DEBUG */
close(null);
if (pipeout[1] > 0)
--
17 years
[Libvir] [patch 1/2] Do not try and delete built-in iptables chains
by Mark McLoughlin
Previously, when we supported adding our rules to chains
with a custom prefix (e.g. libvirt-Fedora-POSTROUTING)
we needed to be able to handle adding and deleting these
custom chains.
Now that we only use built-in iptables chains, we don't
need to add or delete them - in fact, deleting them is
not allowed.
(Note: this was the only user of the iptablesSpawn(NO_ERRORS)
stuff - we didn't want error spew when adding/deleting
the chains failed as expected in most cases)
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
Index: libvirt/src/iptables.c
===================================================================
--- libvirt.orig/src/iptables.c 2008-01-07 17:26:42.000000000 +0000
+++ libvirt.orig/src/iptables.c 2008-01-07 17:26:42.000000000 +0000
@@ -386,53 +386,6 @@ iptRulesNew(const char *table,
return NULL;
}
-static int
-iptablesAddRemoveChain(iptRules *rules, int action)
-{
- char **argv;
- int retval = ENOMEM;
- int n, status;
-
- n = 1 + /* /sbin/iptables */
- 2 + /* --table foo */
- 2; /* --new-chain bar */
-
- if (!(argv = calloc(n + 1, sizeof(*argv))))
- goto error;
-
- n = 0;
-
- if (!(argv[n++] = strdup(IPTABLES_PATH)))
- goto error;
-
- if (!(argv[n++] = strdup("--table")))
- goto error;
-
- if (!(argv[n++] = strdup(rules->table)))
- goto error;
-
- if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain")))
- goto error;
-
- if (!(argv[n++] = strdup(rules->chain)))
- goto error;
-
- if (virRun(NULL, argv, &status) < 0)
- retval = errno;
-
- retval = 0;
-
- error:
- if (argv) {
- n = 0;
- while (argv[n])
- free(argv[n++]);
- free(argv);
- }
-
- return retval;
-}
-
static char *
argvToString(char **argv)
{
@@ -521,19 +474,11 @@ iptablesAddRemoveRule(iptRules *rules, i
goto error;
}
- if (action == ADD &&
- (retval = iptablesAddRemoveChain(rules, action)))
- goto error;
-
if (virRun(NULL, argv, NULL) < 0) {
retval = errno;
goto error;
}
- if (action == REMOVE &&
- (retval = iptablesAddRemoveChain(rules, action)))
- goto error;
-
if (action == ADD) {
retval = iptRulesAppend(rules, rule, argv, command_idx);
rule = NULL;
@@ -641,11 +586,6 @@ iptRulesReload(iptRules *rules)
rule->argv[rule->command_idx] = orig;
}
- if ((retval = iptablesAddRemoveChain(rules, REMOVE)) ||
- (retval = iptablesAddRemoveChain(rules, ADD)))
- qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s",
- rules->chain, rules->table, strerror(retval));
-
for (i = 0; i < rules->nrules; i++)
if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",
--
17 years
[Libvir] [patch 0/2] Couple more misc iptables related patches
by Mark McLoughlin
Hey,
Dan's suggestion to enable debug spew from spawned
processes with --enable-debug reminded me that the only
reason I wanted the NO_ERRORS stuff in the iptables code
was to avoid spewage when trying to add/delete builtin
iptables chains.
Cheers,
Mark.
--
17 years
