August 2008 - Devel - Libvirt List Archives

[libvirt] [PATCH] Fix vnc port determining for xend

by Cole Robinson

Current libvirt checks xenstore for a xen guests fixed vnc port on xend > 3.0.3. At least on f8 though, hvm guests don't store the vnc port in xenstore, it is stored in the sexpr. Patch fixes the logic to look in the sexpr if the xenstore lookup appears to fail. This fixes setting static vnc ports for f8 xen hvm guests. Thanks, Cole diff --git a/src/xend_internal.c b/src/xend_internal.c index 2a687c3..0b62dd0 100644 --- a/src/xend_internal.c +++ b/src/xend_internal.c @@ -2121,6 +2121,10 @@ xenDaemonParseSxprGraphicsNew(virConnectPtr conn, goto no_memory; } else { int port = xenStoreDomainGetVNCPort(conn, def->id); + if (port == -1) { + // Didn't find port entry in xenstore + port = sexpr_int(node, "device/vfb/vncdisplay"); + } const char *listenAddr = sexpr_node(node, "device/vfb/vnclisten"); const char *vncPasswd = sexpr_node(node, "device/vfb/vncpasswd");; const char *keymap = sexpr_node(node, "device/vfb/keymap");

16 years, 2 months

3
5
0 / 0

[libvirt] PATCH: Add a augeas lens for libvirtd.conf

by Daniel P. Berrange

Augeas is a awesome config file manipulation tool. libvirtd has a config file. libvirtd meet augeas; augeas meet libvirt. Now instead of telling people 'edit /etc/libvirt/libvirtd.conf and change listen_tls to 1, and auth_tls to sasl' we can say run # augtool <<EOF set /files/etc/libvirt/libvirtd.conf/listen_tls 1 set /files/etc/libvirt/libvirtd.conf/auth_tls sasl save EOF THis patch is intended to be committed to libvirt, so the config file rules are distributed alongside libvirt. I'm CC'ing augeas-devel for feedback on the lens itself. libvirt.spec.in | 2 qemud/Makefile.am | 8 qemud/libvirtd.aug | 64 ++++++ qemud/test_libvirtd.aug | 484 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 558 insertions(+) Daniel Index: qemud/Makefile.am =================================================================== RCS file: /data/cvs/libvirt/qemud/Makefile.am,v retrieving revision 1.51 diff -u -p -r1.51 Makefile.am --- qemud/Makefile.am 20 Aug 2008 20:48:35 -0000 1.51 +++ qemud/Makefile.am 26 Aug 2008 20:03:48 -0000 @@ -24,6 +24,8 @@ EXTRA_DIST = \ libvirtd.policy \ libvirtd.sasl \ libvirtd.sysconf \ + libvirtd.aug \ + test_libvirtd.aug \ $(AVAHI_SOURCES) \ $(DAEMON_SOURCES) @@ -56,6 +58,12 @@ sbin_PROGRAMS = libvirtd confdir = $(sysconfdir)/libvirt/ conf_DATA = libvirtd.conf +augeasdir = $(datadir)/augeas/lenses +augeas_DATA = libvirtd.aug + +augeastestsdir = $(datadir)/augeas/lenses/tests +augeastests_DATA = test_libvirtd.aug + libvirtd_SOURCES = $(DAEMON_SOURCES) #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L Index: qemud/libvirtd.aug =================================================================== RCS file: qemud/libvirtd.aug diff -N qemud/libvirtd.aug --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ qemud/libvirtd.aug 26 Aug 2008 20:03:48 -0000 @@ -0,0 +1,64 @@ +(* /etc/libvirt/libvirtd.conf *) + +module Libvirtd = + autoload xfm + + let eol = del /[ \t]*\n/ "\n" + let value_sep = del /[ \t]*=[ \t]*/ " = " + let prespace = del /[ \t]*/ "" + + let array_sep = del /,[ \t\n]*/ ", " + let array_start = del /\[[ \t\n]*/ "[ " + let array_end = del /\]/ " ]" + + let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\"" + let bool_val = store /0|1/ + let str_array_element = [ str_val ] . del /[ \t\n]*/ "" + let str_array_val = array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end + + let str_entry (kw:string) = [ prespace . key kw . value_sep . str_val . eol ] + let bool_entry (kw:string) = [ prespace . key kw . value_sep . bool_val . eol ] + let str_array_entry (kw:string) = [ prespace . key kw . value_sep . str_array_val . eol ] + + let network_entry = bool_entry "listen_tls" + | bool_entry "listen_tcp" + | str_entry "tls_port" + | str_entry "tcp_port" + | str_entry "listen_addr" + | bool_entry "mdns_adv" + | str_entry "mdns_name" + + let sock_acl_entry = str_entry "unix_sock_group" + | str_entry "unix_sock_ro_perms" + | str_entry "unix_sock_rw_perms" + + let authentication_entry = str_entry "auth_unix_ro" + | str_entry "auth_unix_rw" + | str_entry "auth_tcp" + | str_entry "auth_tls" + + let certificate_entry = str_entry "key_file" + | str_entry "cert_file" + | str_entry "ca_file" + | str_entry "crl_file" + + let authorization_entry = bool_entry "tls_no_verify_certificate" + | str_array_entry "tls_allowed_dn_list" + | str_array_entry "sasl_allowed_username_list" + + let entry = network_entry + | sock_acl_entry + | authentication_entry + | certificate_entry + | authorization_entry + + let comment = [ label "comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] + let empty = [ label "empty" . del /[ \t]*\n/ "" ] + + let lns = ( entry | comment | empty ) + + + let filter = incl "/etc/libvirt/libvirtd.conf" + . Util.stdexcl + + let xfm = transform lns filter + Index: qemud/test_libvirtd.aug =================================================================== RCS file: qemud/test_libvirtd.aug diff -N qemud/test_libvirtd.aug --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ qemud/test_libvirtd.aug 26 Aug 2008 20:03:48 -0000 @@ -0,0 +1,484 @@ +module Test_libvirtd = + let conf1 = "# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html + + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +listen_tls = 0 +" + + let conf = "# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html + + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +tls_port = \"16514\" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +tcp_port = \"16509\" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +listen_addr = \"192.168.0.1\" + + +# Flag toggling mDNS advertizement of the libvirt service. +# +# Alternatively can disable for all services on a host by +# stopping the Avahi daemon +# +# This is enabled by default, uncomment this to disable it +mdns_adv = 0 + +# Override the default mDNS advertizement name. This must be +# unique on the immediate broadcast network. +# +# The default is \"Virtualization Host HOSTNAME\", where HOSTNAME +# is subsituted for the short hostname of the machine (without domain) +# +mdns_name = \"Virtualization Host Joe Demo\" + + +################################################################# +# +# UNIX socket access controls +# + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This is restricted to 'root' by default. +unix_sock_group = \"libvirt\" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# Default allows any user. If setting group ownership may want to +# restrict this to: +unix_sock_ro_perms = \"0777\" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control then you may want to relax this to: +unix_sock_rw_perms = \"0770\" + + + +################################################################# +# +# Authentication. +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# +# Set an authentication scheme for UNIX read-only sockets +# By default socket permissions allow anyone to connect +# +# To restrict monitoring of domains you may wish to enable +# an authentication mechanism here +auth_unix_ro = \"none\" + +# Set an authentication scheme for UNIX read-write sockets +# By default socket permissions only allow root. If PolicyKit +# support was compiled into libvirt, the default will be to +# use 'polkit' auth. +# +# If the unix_sock_rw_perms are changed you may wish to enable +# an authentication mechanism here +auth_unix_rw = \"none\" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +auth_tcp = \"sasl\" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +auth_tls = \"none\" + + + +################################################################# +# +# TLS x509 certificate configuration +# + + +# Override the default server key file path +# +key_file = \"/etc/pki/libvirt/private/serverkey.pem\" + +# Override the default server certificate file path +# +cert_file = \"/etc/pki/libvirt/servercert.pem\" + +# Override the default CA certificate path +# +ca_file = \"/etc/pki/CA/cacert.pem\" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +crl_file = \"/etc/pki/CA/crl.pem\" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +tls_no_verify_certificate = 1 + + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# \"C=GB,ST=London,L=London,O=Red Hat,CN=*\" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked + tls_allowed_dn_list = [\"DN1\", \"DN2\"] + + +# A whitelist of allowed SASL usernames. The format for usernames +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# \"*(a)EXAMPLE.COM\" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +sasl_allowed_username_list = [ + \"joe(a)EXAMPLE.COM\", + \"fred(a)EXAMPLE.COM\" +] +" + + test Libvirtd.lns get conf = + { "comment" = "Master libvirt daemon configuration file" } + { "comment" = "" } + { "comment" = "For further information consult http://libvirt.org/format.html" } + { "empty" } + { "empty" } + { "comment" = "################################################################" } + { "comment" = "" } + { "comment" = "Network connectivity controls" } + { "comment" = "" } + { "empty" } + { "comment" = "Flag listening for secure TLS connections on the public TCP/IP port." } + { "comment" = "NB, must pass the --listen flag to the libvirtd process for this to" } + { "comment" = "have any effect." } + { "comment" = "" } + { "comment" = "It is necessary to setup a CA and issue server certificates before" } + { "comment" = "using this capability." } + { "comment" = "" } + { "comment" = "This is enabled by default, uncomment this to disable it" } + { "listen_tls" = "0" } + { "empty" } + { "comment" = "Listen for unencrypted TCP connections on the public TCP/IP port." } + { "comment" = "NB, must pass the --listen flag to the libvirtd process for this to" } + { "comment" = "have any effect." } + { "comment" = "" } + { "comment" = "Using the TCP socket requires SASL authentication by default. Only" } + { "comment" = "SASL mechanisms which support data encryption are allowed. This is" } + { "comment" = "DIGEST_MD5 and GSSAPI (Kerberos5)" } + { "comment" = "" } + { "comment" = "This is disabled by default, uncomment this to enable it." } + { "listen_tcp" = "1" } + { "empty" } + { "empty" } + { "empty" } + { "comment" = "Override the port for accepting secure TLS connections" } + { "comment" = "This can be a port number, or service name" } + { "comment" = "" } + { "tls_port" = "16514" } + { "empty" } + { "comment" = "Override the port for accepting insecure TCP connections" } + { "comment" = "This can be a port number, or service name" } + { "comment" = "" } + { "tcp_port" = "16509" } + { "empty" } + { "empty" } + { "comment" = "Override the default configuration which binds to all network" } + { "comment" = "interfaces. This can be a numeric IPv4/6 address, or hostname" } + { "comment" = "" } + { "listen_addr" = "192.168.0.1" } + { "empty" } + { "empty" } + { "comment" = "Flag toggling mDNS advertizement of the libvirt service." } + { "comment" = "" } + { "comment" = "Alternatively can disable for all services on a host by" } + { "comment" = "stopping the Avahi daemon" } + { "comment" = "" } + { "comment" = "This is enabled by default, uncomment this to disable it" } + { "mdns_adv" = "0" } + { "empty" } + { "comment" = "Override the default mDNS advertizement name. This must be" } + { "comment" = "unique on the immediate broadcast network." } + { "comment" = "" } + { "comment" = "The default is \"Virtualization Host HOSTNAME\", where HOSTNAME" } + { "comment" = "is subsituted for the short hostname of the machine (without domain)" } + { "comment" = "" } + { "mdns_name" = "Virtualization Host Joe Demo" } + { "empty" } + { "empty" } + { "comment" = "################################################################" } + { "comment" = "" } + { "comment" = "UNIX socket access controls" } + { "comment" = "" } + { "empty" } + { "comment" = "Set the UNIX domain socket group ownership. This can be used to" } + { "comment" = "allow a 'trusted' set of users access to management capabilities" } + { "comment" = "without becoming root." } + { "comment" = "" } + { "comment" = "This is restricted to 'root' by default." } + { "unix_sock_group" = "libvirt" } + { "empty" } + { "comment" = "Set the UNIX socket permissions for the R/O socket. This is used" } + { "comment" = "for monitoring VM status only" } + { "comment" = "" } + { "comment" = "Default allows any user. If setting group ownership may want to" } + { "comment" = "restrict this to:" } + { "unix_sock_ro_perms" = "0777" } + { "empty" } + { "comment" = "Set the UNIX socket permissions for the R/W socket. This is used" } + { "comment" = "for full management of VMs" } + { "comment" = "" } + { "comment" = "Default allows only root. If PolicyKit is enabled on the socket," } + { "comment" = "the default will change to allow everyone (eg, 0777)" } + { "comment" = "" } + { "comment" = "If not using PolicyKit and setting group ownership for access" } + { "comment" = "control then you may want to relax this to:" } + { "unix_sock_rw_perms" = "0770" } + { "empty" } + { "empty" } + { "empty" } + { "comment" = "################################################################" } + { "comment" = "" } + { "comment" = "Authentication." } + { "comment" = "" } + { "comment" = "- none: do not perform auth checks. If you can connect to the" } + { "comment" = "socket you are allowed. This is suitable if there are" } + { "comment" = "restrictions on connecting to the socket (eg, UNIX" } + { "comment" = "socket permissions), or if there is a lower layer in" } + { "comment" = "the network providing auth (eg, TLS/x509 certificates)" } + { "comment" = "" } + { "comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" } + { "comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" } + { "comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." } + { "comment" = "For non-TCP or TLS sockets, any scheme is allowed." } + { "comment" = "" } + { "comment" = "- polkit: use PolicyKit to authenticate. This is only suitable" } + { "comment" = "for use on the UNIX sockets. The default policy will" } + { "comment" = "require a user to supply their own password to gain" } + { "comment" = "full read/write access (aka sudo like), while anyone" } + { "comment" = "is allowed read/only access." } + { "comment" = "" } + { "comment" = "Set an authentication scheme for UNIX read-only sockets" } + { "comment" = "By default socket permissions allow anyone to connect" } + { "comment" = "" } + { "comment" = "To restrict monitoring of domains you may wish to enable" } + { "comment" = "an authentication mechanism here" } + { "auth_unix_ro" = "none" } + { "empty" } + { "comment" = "Set an authentication scheme for UNIX read-write sockets" } + { "comment" = "By default socket permissions only allow root. If PolicyKit" } + { "comment" = "support was compiled into libvirt, the default will be to" } + { "comment" = "use 'polkit' auth." } + { "comment" = "" } + { "comment" = "If the unix_sock_rw_perms are changed you may wish to enable" } + { "comment" = "an authentication mechanism here" } + { "auth_unix_rw" = "none" } + { "empty" } + { "comment" = "Change the authentication scheme for TCP sockets." } + { "comment" = "" } + { "comment" = "If you don't enable SASL, then all TCP traffic is cleartext." } + { "comment" = "Don't do this outside of a dev/test scenario. For real world" } + { "comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" } + { "comment" = "mechanism in /etc/sasl2/libvirt.conf" } + { "auth_tcp" = "sasl" } + { "empty" } + { "comment" = "Change the authentication scheme for TLS sockets." } + { "comment" = "" } + { "comment" = "TLS sockets already have encryption provided by the TLS" } + { "comment" = "layer, and limited authentication is done by certificates" } + { "comment" = "" } + { "comment" = "It is possible to make use of any SASL authentication" } + { "comment" = "mechanism as well, by using 'sasl' for this option" } + { "auth_tls" = "none" } + { "empty" } + { "empty" } + { "empty" } + { "comment" = "################################################################" } + { "comment" = "" } + { "comment" = "TLS x509 certificate configuration" } + { "comment" = "" } + { "empty" } + { "empty" } + { "comment" = "Override the default server key file path" } + { "comment" = "" } + { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" } + { "empty" } + { "comment" = "Override the default server certificate file path" } + { "comment" = "" } + { "cert_file" = "/etc/pki/libvirt/servercert.pem" } + { "empty" } + { "comment" = "Override the default CA certificate path" } + { "comment" = "" } + { "ca_file" = "/etc/pki/CA/cacert.pem" } + { "empty" } + { "comment" = "Specify a certificate revocation list." } + { "comment" = "" } + { "comment" = "Defaults to not using a CRL, uncomment to enable it" } + { "crl_file" = "/etc/pki/CA/crl.pem" } + { "empty" } + { "empty" } + { "empty" } + { "comment" = "################################################################" } + { "comment" = "" } + { "comment" = "Authorization controls" } + { "comment" = "" } + { "empty" } + { "empty" } + { "comment" = "Flag to disable verification of client certificates" } + { "comment" = "" } + { "comment" = "Client certificate verification is the primary authentication mechanism." } + { "comment" = "Any client which does not present a certificate signed by the CA" } + { "comment" = "will be rejected." } + { "comment" = "" } + { "comment" = "Default is to always verify. Uncommenting this will disable" } + { "comment" = "verification - make sure an IP whitelist is set" } + { "tls_no_verify_certificate" = "1" } + { "empty" } + { "empty" } + { "comment" = "A whitelist of allowed x509 Distinguished Names" } + { "comment" = "This list may contain wildcards such as" } + { "comment" = "" } + { "comment" = "\"C=GB,ST=London,L=London,O=Red Hat,CN=*\"" } + { "comment" = "" } + { "comment" = "See the POSIX fnmatch function for the format of the wildcards." } + { "comment" = "" } + { "comment" = "NB If this is an empty list, no client can connect, so comment out" } + { "comment" = "entirely rather than using empty list to disable these checks" } + { "comment" = "" } + { "comment" = "By default, no DN's are checked" } + { "tls_allowed_dn_list" + { = "DN1"} + { = "DN2"} + } + { "empty" } + { "empty" } + { "comment" = "A whitelist of allowed SASL usernames. The format for usernames" } + { "comment" = "depends on the SASL authentication mechanism. Kerberos usernames" } + { "comment" = "look like username@REALM" } + { "comment" = "" } + { "comment" = "This list may contain wildcards such as" } + { "comment" = "" } + { "comment" = "\"*(a)EXAMPLE.COM\"" } + { "comment" = "" } + { "comment" = "See the POSIX fnmatch function for the format of the wildcards." } + { "comment" = "" } + { "comment" = "NB If this is an empty list, no client can connect, so comment out" } + { "comment" = "entirely rather than using empty list to disable these checks" } + { "comment" = "" } + { "comment" = "By default, no Username's are checked" } + { "sasl_allowed_username_list" + { = "joe(a)EXAMPLE.COM" } + { = "fred(a)EXAMPLE.COM" } + } Index: libvirt.spec.in =================================================================== RCS file: /data/cvs/libvirt/libvirt.spec.in,v retrieving revision 1.91 diff -u -p -r1.91 libvirt.spec.in --- libvirt.spec.in 21 Aug 2008 09:28:54 -0000 1.91 +++ libvirt.spec.in 26 Aug 2008 20:04:24 -0000 @@ -252,6 +252,8 @@ fi %dir %{_localstatedir}/lib/libvirt/ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/ +%{_datadir}/augeas/lenses/libvirtd.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd.aug %if %{with_polkit} %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy %endif -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

16 years, 2 months

5
15
0 / 0

[libvirt] [PATCH] virsh dump should not be live

by John Levon

Live dumps are much less likely to produce usable cores. They also trigger a Xen bug that crashes xend. Signed-off-by: John Levon <john.levon(a)sun.com> Index: src/xend_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xend_internal.c,v retrieving revision 1.211 diff -u -r1.211 xend_internal.c --- src/xend_internal.c 28 Aug 2008 11:59:07 -0000 1.211 +++ src/xend_internal.c 28 Aug 2008 14:10:45 -0000 @@ -3037,7 +3037,7 @@ if (domain->id < 0) return(-1); return xend_op(domain->conn, domain->name, "op", "dump", "file", filename, - "live", "1", "crash", "0", NULL); + "live", "0", "crash", "0", NULL); } /**

16 years, 2 months

4
4
0 / 0

[libvirt] [PATCH] use poweroff not halt for virsh shutdown

by John Levon

"halt" means just that, and we want to "poweroff". Linux doesn't care, but Solaris differentiates between the two. Signed-off-by: John Levon <john.levon(a)sun.com> Index: src/xend_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xend_internal.c,v retrieving revision 1.211 diff -u -r1.211 xend_internal.c --- src/xend_internal.c 28 Aug 2008 11:59:07 -0000 1.211 +++ src/xend_internal.c 28 Aug 2008 14:04:21 -0000 @@ -2884,7 +2884,7 @@ } if (domain->id < 0) return(-1); - return xend_op(domain->conn, domain->name, "op", "shutdown", "reason", "halt", NULL); + return xend_op(domain->conn, domain->name, "op", "shutdown", "reason", "poweroff", NULL); } /** Index: src/xs_internal.c =================================================================== RCS file: /data/cvs/libvirt/src/xs_internal.c,v retrieving revision 1.68 diff -u -r1.68 xs_internal.c --- src/xs_internal.c 20 Aug 2008 20:48:36 -0000 1.68 +++ src/xs_internal.c 28 Aug 2008 14:04:22 -0000 @@ -654,7 +654,7 @@ * this is very hackish, the domU kernel probes for a special * node in the xenstore and launch the shutdown command if found. */ - return(virDomainDoStoreWrite(domain, "control/shutdown", "halt")); + return(virDomainDoStoreWrite(domain, "control/shutdown", "poweroff")); } /**

16 years, 2 months

3
2
0 / 0

[libvirt] Java bindings

by Alejandro Berna Juan

Hi all, I'm Alejandro Berna from i2CAT (a non-profit foundation in Barcelona, Spain, www.i2cat.net). I'm collaborating in a Europena project called Federica ( www.fp7-*federica*.eu ). One of the branch of this project is to permit virtualization of different hosts in the Federica test-bed. We are doing some studies about the different management interfaces of Xen. Our objective is to create a software remote client for Xen tool (in java if it's possible) that can do (general functionalities): - Create virtual machines assigning virtual interfaces. - Permit choose the OS assigned to this virtual machine - Install new applications to be tested in the virtual machines - Configure a vm to become a router and permit to configure this router as it was a physical router. All these actions have to be performed remotelly. I have not found too much information about libvrt but I think that can be usefull for our achieves. If you agree that with libvrt we can perform these actions, maybe I can build the java bindings for libvrt inside the Federica work. I'm waiting for your opinions, thank you, -- Alejandro Berna Juan alejandro.berna(a)i2cat.net

16 years, 2 months

4
10
0 / 0

[libvirt] [PATCH] xen: fix domain lookup after define

by Cole Robinson

Defining a xen domain will succeed, but report error because we weren't properly passing the domain's name to the post-define lookup. Attached patch fixes this, and also adds a debug statement to show the sexpr we create from the passed xml. Thanks, Cole diff --git a/src/xend_internal.c b/src/xend_internal.c index 2a687c3..124ee8b 100644 --- a/src/xend_internal.c +++ b/src/xend_internal.c @@ -4270,7 +4270,6 @@ xenDaemonDomainMigratePerform (virDomainPtr domain, virDomainPtr xenDaemonDomainDefineXML(virConnectPtr conn, const char *xmlDesc) { int ret; char *sexpr; - char *name = NULL; virDomainPtr dom; xenUnifiedPrivatePtr priv; virDomainDefPtr def; @@ -4292,15 +4291,17 @@ virDomainPtr xenDaemonDomainDefineXML(virConnectPtr conn, const char *xmlDesc) { goto error; } + DEBUG("Defining w/ sexpr: \n%s", sexpr); + ret = xend_op(conn, "", "op", "new", "config", sexpr, NULL); VIR_FREE(sexpr); if (ret != 0) { virXendError(conn, VIR_ERR_XEN_CALL, - _("Failed to create inactive domain %s\n"), name); + _("Failed to create inactive domain %s\n"), def->name); goto error; } - dom = virDomainLookupByName(conn, name); + dom = virDomainLookupByName(conn, def->name); if (dom == NULL) { goto error; }

16 years, 2 months

3
2
0 / 0

[libvirt] [PATCH] [LXC] Add version implementation

by Dan Smith

This patch adds an implementation of the version function to the LXC driver. The providers use the hypervisor version in a field of one of the instances, so we need to have something meaningful here. AFAICT, the only real option we have (considering the limitations of the libvirt version information) is to use the kernel version. diff -r be3be31c94a2 -r 0cabead40d65 src/lxc_driver.c --- a/src/lxc_driver.c Fri Aug 29 07:11:15 2008 +0000 +++ b/src/lxc_driver.c Fri Aug 29 09:10:41 2008 -0700 @@ -1110,6 +1110,29 @@ return 0; } +static int lxcVersion(virConnectPtr conn, unsigned long *version) +{ + struct utsname ver; + int maj; + int min; + int rev; + + if (uname(&ver) != 0) { + lxcError(conn, NULL, VIR_ERR_INTERNAL_ERROR, + _("uname(): %m")); + return -1; + } + + if (sscanf(ver.release, "%i.%i.%i", &maj, &min, &rev) != 3) { + lxcError(conn, NULL, VIR_ERR_INTERNAL_ERROR, + _("Unknown release: %s"), ver.release); + return -1; + } + + *version = (maj * 1000 * 1000) + (min * 1000) + rev; + + return 0; +} /* Function Tables */ static virDriver lxcDriver = { @@ -1121,7 +1144,7 @@ lxcClose, /* close */ NULL, /* supports_feature */ NULL, /* type */ - NULL, /* version */ + lxcVersion, /* version */ NULL, /* getHostname */ NULL, /* getURI */ NULL, /* getMaxVcpus */

16 years, 2 months

2
1
0 / 0

[libvirt] [PATCH] Fix ejecting cdroms with latest qemu syntax

by Cole Robinson

Originally, ejecting a cdrom from a qemu guest entailed passing 'eject cdrom' to the monitor. But since qemu added the -drive option, more than one cdrom can be specified, so just using 'cdrom' isn't explicit enough. The attached patch updates media change/eject to use the current qemu syntax. The new generated commands look something like "eject ide0-cd1", with the name derived from device target and bus type. While I was in there I added support for inserting/ ejecting media from scsi cdroms and floppy devices. This is built around my previous two patches: - Fix cd eject segfault - Attempt to detect cdrom change failures Thanks, Cole

16 years, 2 months

4
11
0 / 0

[libvirt] [PATCH] Attempt to detect cdrom change failures

by Cole Robinson

If a 'change' or 'eject' qemu monitor command fails, an error message is printed to the monitor of the form "device {not found, is locked, is not removable"}. This is really the only indication we have that the command errored out, so scrape the monitor reply for "\ndevice " and fail if it is found. Thanks, Cole commit 8caba367b62b4fb961722cd641d8172bb441b84e Author: Cole Robinson <crobinso(a)dhcp-100-19-219.bos.redhat.com> Date: Fri Aug 22 16:35:24 2008 -0400 Scrape cdrom attach/eject monitor output to try and determine failure. diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 9a26375..05e7402 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -2994,6 +2994,19 @@ static int qemudDomainChangeCDROM(virDomainPtr dom, VIR_FREE(newsrc); return -1; } + + /* If the command failed qemu prints: + * device not found, device is locked ... + * No message is printed on success it seems */ + DEBUG ("cdrom change reply: %s", reply); + if (strstr(reply, "\ndevice ")) { + qemudReportError (dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + "%s", _("changing cdrom media failed)); + VIR_FREE(reply); + VIR_FREE(cmd); + return -1; + } + VIR_FREE(reply); VIR_FREE(cmd);

16 years, 2 months

2
3
0 / 0

[libvirt] [PATCH] Update domain xml after usb hotplug

by Cole Robinson

The recently added usb hostdev and mass storage device hotplug code doesn't append the devices to the running guests xml if the hotplug succeeds. The attached patch fixes this. Thanks, Cole commit 8df17db8b36a2c1e8efa430a0493f66825b6b80e Author: Cole (Work Acct) <crobinso(a)localhost.localdomain> Date: Thu Aug 21 23:08:04 2008 -0400 Add hotplugged usb devices to running domain xml. diff --git a/src/domain_conf.c b/src/domain_conf.c index 3c61039..dc5eb0c 100644 --- a/src/domain_conf.c +++ b/src/domain_conf.c @@ -481,8 +481,8 @@ void virDomainRemoveInactive(virDomainObjPtr *doms, } #ifndef PROXY -static int virDomainDiskCompare(virDomainDiskDefPtr a, - virDomainDiskDefPtr b) { +int virDomainDiskCompare(virDomainDiskDefPtr a, + virDomainDiskDefPtr b) { if (a->bus == b->bus) return virDiskNameToIndex(a->dst) - virDiskNameToIndex(b->dst); else diff --git a/src/domain_conf.h b/src/domain_conf.h index b98f7f3..cfa2a90 100644 --- a/src/domain_conf.h +++ b/src/domain_conf.h @@ -526,6 +526,8 @@ char *virDomainCpuSetFormat(virConnectPtr conn, char *cpuset, int maxcpu); +int virDomainDiskCompare(virDomainDiskDefPtr a, + virDomainDiskDefPtr b); int virDomainSaveConfig(virConnectPtr conn, const char *configDir, diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 769f34f..9a26375 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -62,6 +62,7 @@ #include "capabilities.h" #include "memory.h" #include "uuid.h" +#include "domain_conf.h" /* For storing short-lived temporary files. */ #define TEMPDIR LOCAL_STATE_DIR "/cache/libvirt" @@ -3044,6 +3045,7 @@ static int qemudDomainAttachUsbMassstorageDevice(virDomainPtr dom, virDomainDevi virDomainObjPtr vm = virDomainFindByUUID(driver->domains, dom->uuid); int ret; char *cmd, *reply; + virDomainDiskDefPtr *dest, *prev, ptr; if (!vm) { qemudReportError(dom->conn, dom, NULL, VIR_ERR_INVALID_DOMAIN, @@ -3051,6 +3053,28 @@ static int qemudDomainAttachUsbMassstorageDevice(virDomainPtr dom, virDomainDevi return -1; } + /* Find spot in domain definition where we will put the disk */ + ptr = vm->def->disks; + prev = &(vm->def->disks); + while (ptr) { + if (STREQ(dev->data.disk->dst, ptr->dst)) { + qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR, + _("duplicate disk target '%s'"), + dev->data.disk->dst); + return -1; + } + if (virDomainDiskCompare(dev->data.disk, ptr) < 0) { + dest = &(ptr); + break; + } + prev = &(ptr->next); + ptr = ptr->next; + } + + if (!ptr) { + dest = prev; + } + ret = asprintf(&cmd, "usb_add disk:%s", dev->data.disk->src); if (ret == -1) { qemudReportError(dom->conn, NULL, NULL, VIR_ERR_NO_MEMORY, NULL); @@ -3059,7 +3083,7 @@ static int qemudDomainAttachUsbMassstorageDevice(virDomainPtr dom, virDomainDevi if (qemudMonitorCommand(driver, vm, cmd, &reply) < 0) { qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, - "%s", _("cannot attach usb device")); + "%s", _("cannot attach usb disk")); VIR_FREE(cmd); return -1; } @@ -3070,11 +3094,16 @@ static int qemudDomainAttachUsbMassstorageDevice(virDomainPtr dom, virDomainDevi if (strstr(reply, "Could not add ")) { qemudReportError (dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, "%s", - _("adding usb device failed")); + _("adding usb disk failed")); VIR_FREE(reply); VIR_FREE(cmd); return -1; } + + /* Actually update the xml */ + dev->data.disk->next = *dest; + *prev = dev->data.disk; + VIR_FREE(reply); VIR_FREE(cmd); return 0; @@ -3125,6 +3154,11 @@ static int qemudDomainAttachHostDevice(virDomainPtr dom, virDomainDeviceDefPtr d VIR_FREE(cmd); return -1; } + + /* Update xml */ + dev->data.hostdev->next = vm->def->hostdevs; + vm->def->hostdevs = dev->data.hostdev; + VIR_FREE(reply); VIR_FREE(cmd); return 0; @@ -3167,7 +3201,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, ret = qemudDomainAttachHostDevice(dom, dev); } else { qemudReportError(dom->conn, dom, NULL, VIR_ERR_NO_SUPPORT, - "%s", _("this devicetype cannot be attached")); + "%s", _("this device type cannot be attached")); ret = -1; }

16 years, 2 months

3
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel August 2008