[libvirt] PATCH: Fix ue of VIR_TEST_DEBUG var
by Daniel P. Berrange
The previous patch I did to add OOM testing accidentally disabled use of
the VIR_TEST_DEBUG env variable when OOM testing is #ifdef'd out. This
patch I just comitted makes sure its always used.
Daniel
diff -r d37150dc5895 tests/testutils.c
--- a/tests/testutils.c Tue Jul 08 16:17:52 2008 +0100
+++ b/tests/testutils.c Wed Jul 09 11:23:27 2008 +0100
@@ -321,20 +321,24 @@
char **argv,
int (*func)(int, char **))
{
+ char *debugStr;
#if TEST_OOM
int ret;
int approxAlloc = 0;
int n;
- char *oomStr = NULL, *debugStr;
+ char *oomStr = NULL;
int oomCount;
int mp = 0;
pid_t *workers;
int worker = 0;
+#endif
+
if ((debugStr = getenv("VIR_TEST_DEBUG")) != NULL) {
if (virStrToLong_ui(debugStr, NULL, 10, &testDebug) < 0)
testDebug = 0;
}
+#if TEST_OOM
if ((oomStr = getenv("VIR_TEST_OOM")) != NULL) {
if (virStrToLong_i(oomStr, NULL, 10, &oomCount) < 0)
oomCount = 0;
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 4 months
[libvirt] PATCH: Misc changes to policykit policy file
by Daniel P. Berrange
After discussions with policykit maintainers I've come to the conclusion
that it is better for security if we default to 'auth_admin_keep_sesion'
instead of 'auth_self_keep_session'. ie prompt for the root password (ala
'su') instead of the user's password (ala 'sudo'). This is because having
access to libvirtd gives you very significant power over the host machine.
Secondly, newer versions of policykit have imposed a naming constraint on
policy files, so when we install our policy it needs to be in a file called
org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
to the Makefile to support this.
Daniel
diff -r e17c1bd119fc libvirt.spec.in
--- a/libvirt.spec.in Wed Jul 09 09:26:26 2008 +0100
+++ b/libvirt.spec.in Wed Jul 09 10:32:24 2008 +0100
@@ -240,7 +240,7 @@
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
%if %{with_polkit}
-%{_datadir}/PolicyKit/policy/libvirtd.policy
+%{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
%endif
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
%if %{with_xen_proxy}
diff -r e17c1bd119fc qemud/Makefile.am
--- a/qemud/Makefile.am Wed Jul 09 09:26:26 2008 +0100
+++ b/qemud/Makefile.am Wed Jul 09 10:32:24 2008 +0100
@@ -13,7 +13,8 @@
remote_dispatch_proc_switch.h \
mdns.c mdns.h \
libvirtd.sasl \
- libvirtd.conf
+ libvirtd.conf \
+ libvirtd.policy
if RPCGEN
SUFFIXES = .x
@@ -75,9 +76,7 @@
if HAVE_POLKIT
policydir = $(datadir)/PolicyKit/policy
-policy_DATA = libvirtd.policy
endif
-EXTRA_DIST += libvirtd.policy
if HAVE_AVAHI
libvirtd_SOURCES += mdns.c mdns.h
@@ -86,7 +85,7 @@
endif
default_xml_dest = libvirt/qemu/networks/default.xml
-install-data-local: install-init install-data-sasl
+install-data-local: install-init install-data-sasl install-data-polkit
mkdir -p $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart
$(INSTALL_DATA) $(srcdir)/default-network.xml \
$(DESTDIR)$(sysconfdir)/$(default_xml_dest)
@@ -99,7 +98,7 @@
mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt
mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt
-uninstall-local:: uninstall-init uninstall-data-sasl
+uninstall-local:: uninstall-init uninstall-data-sasl install-data-polkit
rm -f $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml
rm -f $(DESTDIR)$(sysconfdir)/$(default_xml_dest)
rmdir $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart || :
@@ -119,6 +118,18 @@
install-data-sasl:
uninstall-data-sasl:
endif
+
+if HAVE_POLKIT
+install-data-polkit:: install-init
+ mkdir -p $(DESTDIR)$(policydir)
+ $(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+uninstall-data-polkit:: install-init
+ rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+else
+install-data-polkit::
+uninstall-data-polkit::
+endif
+
remote.c: remote_dispatch_prototypes.h \
remote_dispatch_localvars.h \
diff -r e17c1bd119fc qemud/libvirtd.policy
--- a/qemud/libvirtd.policy Wed Jul 09 09:26:26 2008 +0100
+++ b/qemud/libvirtd.policy Wed Jul 09 10:32:24 2008 +0100
@@ -36,7 +36,7 @@
read-write mode for management, and we require user password -->
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_self_keep_session</allow_active>
+ <allow_active>auth_admin_keep_session</allow_active>
</defaults>
</action>
-</policyconfig>
\ No newline at end of file
+</policyconfig>
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 4 months
[libvirt] monitor cpu & network load
by Zu
Hi,
I want to write a program to monitor the CPU and network usage of the Xen
domUs. But I don't know how to implement. Can the libvirt APIs help me to
do that? Does libvirt have the APIs to get the CPU and network usages? If
yes I'll study libvirt APIs.
Thanks
Zu
16 years, 4 months
[libvirt] PATCH: DOn't use policykit if running non-root
by Daniel P. Berrange
If the libvirtd daemon is running as non-root (ie a regular user) then
there is no point in defaulting policykit, since only clients of same
user account are able to connect to the UNIX socket anyway. This removes
the pointless login prompt when using qemu:///session.
Daniel
diff -r 9a457b847ffc qemud/qemud.c
--- a/qemud/qemud.c Tue Jul 08 16:17:52 2008 +0100
+++ b/qemud/qemud.c Wed Jul 09 09:24:53 2008 +0100
@@ -1926,6 +1926,14 @@
GET_CONF_STR (conf, filename, tcp_port);
GET_CONF_STR (conf, filename, listen_addr);
+#if HAVE_POLKIT
+ /* Change the default back to no auth for non-root */
+ if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT)
+ auth_unix_rw = REMOTE_AUTH_NONE;
+ if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT)
+ auth_unix_ro = REMOTE_AUTH_NONE;
+#endif
+
if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
goto free_and_fail;
#if HAVE_POLKIT
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 4 months
[libvirt] [PATCH] give a more useful diagnostic for tap-add failure w/ENOTSUP
by Jim Meyering
I invoked virt-isntall with --network=bridge:eth1
rather than --network=bridge:br1 and got the latter
(current) diagnostic below. This change makes it so
in this relatively common case people get a slightly
more understandable diagnostic.
>From 3d6dc8442fd9f1b0915c232040200154832fdf51 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 8 Jul 2008 13:58:10 +0200
Subject: [PATCH] give a more useful diagnostic for tap-add failure w/ENOTSUP
* src/qemu_conf.c (qemudNetworkIfaceConnect):
Suggestion from Daniel P. Berrange.
---
src/qemu_conf.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 17f0162..4b8c01e 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -2304,9 +2304,17 @@ qemudNetworkIfaceConnect(virConnectPtr conn,
if ((err = brAddTap(driver->brctl, brname,
ifname, BR_IFNAME_MAXLEN, &tapfd))) {
- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
- _("Failed to add tap interface '%s' to bridge '%s' : %s"),
- ifname, brname, strerror(err));
+ if (errno == ENOTSUP) {
+ /* In this particular case, give a better diagnostic. */
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("Failed to add tap interface to bridge. "
+ "%s is not a bridge device"), brname);
+ } else {
+ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("Failed to add tap interface '%s' "
+ "to bridge '%s' : %s"),
+ ifname, brname, strerror(err));
+ }
goto error;
}
--
1.5.6.2.221.gb589
16 years, 4 months
[libvirt] [PATCH] Missing htonl (etc) on MinGW
by Richard W.M. Jones
With the attached patch you can get all the way through a compile of
libvirt using the MinGW cross-compiler.
Basically MinGW lacks the htonl/ntohl/htons/ntohs functions. This
simply adds the same functions from glibc (which has a compatible
license) in a single file called "byteswap.h".
The reason it worked previously was that PortableXDR used to provide
these functions by linking to winsock2. However I have now removed
that dependency from PortableXDR because it prevented a DLL being
built of PortableXDR. This doesn't fully resolve dynamic linking of
libvirt yet, but it is one step (or rather, one library) closer to
happening.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 59 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
16 years, 4 months
[libvirt] incorrect VIR_DOMAIN_NONE usage
by Tóth István
As I was trying to understand exact semantics of the libvirt flags api,
I found an error in the xs_internal.c file.
When it wants to indicate that it cannot report the state of the domain,
it user VIR_DOMAIN_NONE as a return value, which does not, in fact,
refer to a domain state at all, but is a dummy flag for creating
domains, instead of VIR_DOMAIN_NOSTATE.
This patch does not affect the compiled code, only the readability.
On a related note, the defined enum flags seem inconstent to me, half of
them have explicitly named 0 default values, and half of them don't,
it's a bit confusing.
If
enum virStorageVolDeleteFlags {
VIR_STORAGE_VOL_DELETE_NORMAL = 0 : Delete metadata only (fast)
VIR_STORAGE_VOL_DELETE_ZEROED = 1 : Clear all data to zeros (slow)
}
then why not
enum virConnectFlags {
VIR_CONNECT_RW = 0 : A read-write connection
VIR_CONNECT_RO = 1 : A readonly connection
}
?
It would not affect existing code, and would make the library more
consistent.
regards
István
? .project
? xs_internal_constant_semantics.patch
Index: src/xs_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/xs_internal.c,v
retrieving revision 1.65
diff -u -p -r1.65 xs_internal.c
--- src/xs_internal.c 10 Apr 2008 16:54:54 -0000 1.65
+++ src/xs_internal.c 1 Jul 2008 19:46:41 -0000
@@ -399,7 +399,7 @@ xenStoreGetDomainInfo(virDomainPtr domai
info->state = VIR_DOMAIN_RUNNING;
free(tmp);
} else {
- info->state = VIR_DOMAIN_NONE;
+ info->state = VIR_DOMAIN_NOSTATE;
}
tmp = virDomainDoStoreQuery(domain->conn, domain->id, "memory/target");
if (tmp != NULL) {
16 years, 4 months
[libvirt] libvirt and linux vserver
by ADNET Ghislain
Hi,
i am new here , i looked on the web but cannot find anything about
linux vserver support in libvirt. I found that one of the main dev of
linux vserver submitted patches for the support but nothing seems to
have been integrated from his work into libvirt. Do you have reviewed
them ? Is libvirt a possibility to manage linux vservers ?
* /From/: "Daniel Hokka Zakrisson" <daniel hozac com>
* /To/: libvir-list redhat com
* /Subject/: [Libvir] [PATCH] Linux-VServer support
* /Date/: Wed, 9 Jan 2008 22:51:20 +0100 (CET)
http://www.redhat.com/archives/libvir-list/2008-January/msg00097.html
--
Cordialement,
Ghislain
16 years, 4 months
[libvirt] routed networking
by Ben Guthro
Hello
Perhaps this is my limited understanding of bridging, and I would
appreciate someone to educate me in the way this is supposed to work,
and/or point me to the documentation on where this is covered.
If I create a routed network using the following xml:
<network>
<name>mybr0</name>
<bridge name="mybr0" />
<ip address="10.1.220.1" netmask="255.255.255.0" />
<forward type="route" dev="eth1"/>
</network>
I would expect to see the eth1 interface enslaved to this bridge.
However, "brctl show" does not show any devices enslaved.
My goal is to have the guest get its IP address from a DHCP server not
on dom0, but out on the network attached to by eth1, but as my guest
comes up, I see its virtual NIC added to the bridge, but without the
connection to eth1, it never has the proper connectivity.
Any help understanding this would be appreciated.
Ben
16 years, 4 months
