January 2008 - Devel - libvirt List Archives

Re: [Libvir] [patch 7/9] Add support for lokkit
by Daniel P. Berrange 08 Jan '08

08 Jan '08

On Fri, Jan 04, 2008 at 03:57:32PM +0000, Mark McLoughlin wrote: > Add support for integrating our iptables support with Fedora's > iptables configuration using the lokkit --custom-rules command. > > Basically, we write out our rules to /var/lib/libvirt/iptables > and run lokkit --custom-rules so that if e.g. iptables is > restarted or the user edits their firewall configuration, then > libvirt's rules get reloaded. Ahh, that's very nice to have. > +dnl > +dnl ensure that Fedora's system-config-firewall knows > +dnl about libvirt's iptables rules > +dnl > +AC_ARG_ENABLE(iptables-lokkit, > + AC_HELP_STRING([--enable-iptables-lokkit=no/yes], > + [enable registering libvirt's iptables rules with Fedora's lokkit]), > + [],[enable_iptables_lokkit=no]) > +if test x"$enable_iptables_lokkit" = x"yes"; then > + AC_DEFINE(ENABLE_IPTABLES_LOKKIT, [], [whether support for Fedora's lokkit is enabled]) > + AC_PATH_PROG(LOKKIT_PATH, lokkit, /usr/sbin/lokkit) > + AC_DEFINE_UNQUOTED(LOKKIT_PATH, "$LOKKIT_PATH", [path to lokkit binary]) > +fi > + Could we make the configure script a little more clever so that it is a tri-state and can auto-detect whether lokkit is available. - enable_iptables_lokkit=no - force disable - enable_iptables_lokkit=yes - check if it is supported, and error if not - enable_iptables_lokkit=check - check if it is supported and enable or disable as needed With 'check' being the default. This makes it 'do the right' thing by default, and lets the user have a strict override if neccessary. ACK to the rest of the patch Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

2 2

Re: [Libvir] [patch 5/9] Include the iptables command and chain name in the saved rules file
by Daniel P. Berrange 08 Jan '08

08 Jan '08

On Fri, Jan 04, 2008 at 03:57:30PM +0000, Mark McLoughlin wrote: > lokkit --custom-rules expects the passed file to include the > iptables command and chain name (e.g. "--inset INPUT") rather > than just the rest of the arguments. > > Add both of those to what will be saved to the rules file > and simplify the resulting code by splitting out a > argvToString() helper function. > > The one complication is that when we're removing a rule > we need to make sure we don't search for it using > "--delete" rather than "--insert". For that reason, > only change the argument to "--delete" once we've > constructed the string we use to search through the > existing rules. ACK. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0

[Libvir] OCaml mlvirtmanager ported to Windows
by Richard W.M. Jones 06 Jan '08

06 Jan '08

(NB. This is _not_ the real virt-manager). Screenshots: http://www.annexia.org/tmp/mlvirtmanager-win-1.png http://www.annexia.org/tmp/mlvirtmanager-win-2.png http://www.annexia.org/tmp/mlvirtmanager-win-3.png The code is in the Mercurial repository, http://hg.et.redhat.com/virt/applications/virt-top--devel . You will need to install lablgtk2 binary from: http://wwwfun.kurims.kyoto-u.ac.jp/soft/olabl/lablgtk.html and Windows Gtk development binary from: http://gladewin32.sourceforge.net/ and then follow the installation instructions for lablgtk2 given here: http://wwwfun.kurims.kyoto-u.ac.jp/soft/olabl/install-win32.txt After that, ocaml-libvirt should automatically detect that you've got Gtk / lablgtk2 installed (you might need to restart the MSys shell so it gets the new $PATH), and will offer to compile mlvirtmanager. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903

1 0

[Libvir] [PATCH] A few more Windows / MinGW fixups
by Richard W.M. Jones 06 Jan '08

06 Jan '08

A few fairly miscellaneous fixups for Windows (MinGW) which fix shared library builds and fix error handling for sockets. (1) XDR functions on MinGW come from a library called 'libxdr', not 'librpc'. (2) To build a DLL under MinGW we need to pass the -no-undefined flag to the linker. (3) Socket compatibility header file replaces <winsock2.h> inclusion. This just defines a portable 'socket_errno()' function which returns errno in the normal case, or WSAGetLastError() in the Windows case. (4) Use socket_errno() instead of errno in a few cases (but only when the code can be compiled under Windows, ie. only in the remote client case). Example -- a dynamically linked virsh.exe (linked to libvirt-0.dll) accessing a remote libvirtd: $ src/.libs/virsh.exe -c test+tcp://192.168.2.128/default list Id Name State ---------------------------------- 1 test running If you want to compile this under Windows, you will need: (a) MinGW & MSYS (select the "candidate" versions of MinGW tools if you are using Vista or W2K8, since otherwise nothing works because of a known bug). (b) Install gcc 4 experimental package from MinGW site. It's called gcc-sjlj for reasons which escape me. (c) Install GnuTLS binary from http://www.gnu.org/software/gnutls/download.html. I'm using GnuTLS Windows binary 1.6.3 and I had to hand-hack the *.la files in that distribution because they contain incorrect paths. (d) Compile and install latest libxml2 from http://xmlsoft.org/. I'm using 2.6.30. (e) Compile and install my XDR package for Windows (http://www.annexia.org/tmp/xdr-4.0-mingw5.tar.gz) (f) ./configure --without-xen --without-qemu --without-sasl --without-libvirtd (g) make Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903

3 4

[Libvir] OCaml bindings now build and run under Windows (MinGW)
by Richard W.M. Jones 06 Jan '08

06 Jan '08

The OCaml bindings, examples, and mlvirsh tool, now build and run under Windows (MinGW), both for bytecode and native code. You'll need the libvirt patches for MinGW as in my previous email. OCaml bindings: http://hg.et.redhat.com/virt/applications/virt-top--devel Example of using mlvirsh (native code version) to access a remote libvirtd: rjones@WIN-MJ27YD6XBZI /c/d/virt-top--devel $ ./mlvirsh/mlvirsh.opt -c test+tcp://192.168.2.128/default list 1 test running rjones@WIN-MJ27YD6XBZI /c/d/virt-top--devel $ ./mlvirsh/mlvirsh.opt -c test+tcp://192.168.2.128/default nodeinfo model: i686 memory: 3145728 K cpus: 16 mhz: 1400 nodes: 2 sockets: 2 cores: 2 threads: 2 [Screenshot: http://www.annexia.org/tmp/Screenshot-VNC_win-mj27yd6xbzi.png ] Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903

1 0

Re: [Libvir] [patch 9/9] Remove --with-iptables-dir
by Daniel P. Berrange 05 Jan '08

05 Jan '08

On Fri, Jan 04, 2008 at 03:57:34PM +0000, Mark McLoughlin wrote: > --with-iptables-dir was added to integrate with > a proposed system for letting iptables know how to > reload our rules. > > The idea was that we'd save our rules to a file > under /etc/sysconfig/iptable.d and the iptables > init script would load the rules from there when > it was reloading. > > The proposed system wasn't accepted so, although > there might be some theoretical use for this other > than the lokkit support, let's just remove it > for now. ACK Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0

Re: [Libvir] [patch 8/9] Remove --with-iptables-prefix
by Daniel P. Berrange 05 Jan '08

05 Jan '08

On Fri, Jan 04, 2008 at 03:57:33PM +0000, Mark McLoughlin wrote: > --with-iptables-prefix was added to integrate with > a proposed system for letting iptables know how to > reload our rules. > > The idea was that we'd add our rules to a chain > like libvirt-INPUT rather than INPUT, and there'd > be a configuration file which would specify whether > INPUT should include libvirt-INPUT. > > The proposed system wasn't accepted so, although > there might be some other theoretical use for this, > let's just remove it. I rather doubt anyone's using it, so ACK to killing it off. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0

Re: [Libvir] [patch 4/9] Re-name the "flipflop" variable to "command_idx"
by Daniel P. Berrange 05 Jan '08

05 Jan '08

On Fri, Jan 04, 2008 at 03:57:29PM +0000, Mark McLoughlin wrote: > The "flipflop" variable marks the index into argv where > the "--insert" is at, so that when we're reloading the > rules we can easily change it to "--delete" and back > again. > > It's a rather silly name, and the next patch is going > to make more use out of it, so let's use the more sane > "command_idx" name. Fair, enough. ACK. Dan -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0

Re: [Libvir] [patch 3/9] Make iptables code use common utils
by Daniel P. Berrange 05 Jan '08

05 Jan '08

On Fri, Jan 04, 2008 at 03:57:28PM +0000, Mark McLoughlin wrote: > utils.c has grown some functions since the iptables code > was written - make use of virFileMakePath() and virFileBuildPath(). ACK. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0

Re: [Libvir] [patch 2/9] Fix minor iptables error logging issue
by Daniel P. Berrange 05 Jan '08

05 Jan '08

On Fri, Jan 04, 2008 at 03:57:27PM +0000, Mark McLoughlin wrote: > Fix a minor issue with some error reporting in the iptables > code - namely that we use errno after it may have been set > to something other than the error reported. ACK Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

1 0