[libvirt] Re: [netcf-devel] Multiple interfaces with identical mac-addresses
by Laine Stump
(expanding Cc to include libvir-list, because this is more of a libvirt
issue)
On 06/24/2009 01:52 PM, David Lutterkort wrote:
> On Wed, 2009-06-24 at 18:22 +0100, Daniel P. Berrange wrote:
>
>> On Wed, Jun 24, 2009 at 10:20:00AM -0700, David Lutterkort wrote:
>>
>>> On Tue, 2009-06-23 at 21:47 +0100, Daniel P. Berrange wrote:
>>>
>>>> Why would we ever have duplicate MAC addresses?
>>>>
>>> VLANs:
>>>
>>> # vconfig add eth0 42
>>> # cat /sys/class/net/eth0.42/address
>>> 00:15:58:81:5b:0e
>>> # cat /sys/class/net/eth0/address
>>> 00:15:58:81:5b:0e
>>>
>> Ok, so for the libvirt API we should define that the lookup-by-mac API
>> will not return VLAN devices, since we cant provide a 1-1 lookup there
>>
>
> Why would you do that ? When the user asks for interfaces with a MAC,
> you don't know if they are looking for a VLAN or base device. If they
> want the VLAN, how would they look that up ?
>
I think we need to do one of two things:
1) Modify the existing virInterfaceLookupByMACString() api to return a
list of virInterfaces. Although the public API has been in one release,
there has been no functionality behind the API, so there's nobody using
it as it is, and nobody is going to expect to use it as it is either.
Because of that, "backward compatibility" isn't as much of an issue, and
maybe we could let this modification to the API slide.
2) If we want to be really anal, we could modify
virInterfaceLookupByMACString() to return an error if there are multiple
interfaces with that particular MAC address, then provide a new function
(name suggestion?) that would return a list of interfaces.
15 years, 5 months
[libvirt] [PATCH] fix virsh dominfo returns error when virNodeGetSecurityModel() is not supported.
by Tatsuro Enokura
Hi all
I try virsh dominfo in upstream libvirt on xen machine,
the commands returns -1 as follows:
[root@vmi20 ~]# virsh dominfo rhel53rc2_pv_sdb3
Id: 1
Name: rhel53rc2_pv_sdb3
UUID: 05ba9be8-f4e9-e208-11c7-fc936655cd8e
OS Type: linux
State: idle
CPU(s): 2
CPU time: 8.8s
Max memory: 1048576 kB
Used memory: 716800 kB
Autostart: disable
error: this function is not supported by the hypervisor:
virNodeGetSecurityModel
[root@vmi20 ~]# echo $?
1
The explanation of virNodeGetSecurityModel() and
virNodeGetSecurityModel() in libvirt.c is return -2
when hypervisor drivers don't support these operations.
But these functions return -1 in this case, and so
cmdDominfo() in virsh.c returns FALSE.
I make a patch.
- virNodeGetSecurityModel() and virNodeGetSecurityModel()
return -2 when drivers don't supprted these operations.
- In CmdDominfo(), it is no operation when virNodeGetSecurityModel()
and virNodeGetSecurityModel() return -2.
Signed-off-by: Tatsuro Enokura <fj2026af(a)aa.jp.fujitsu.com>
Thanks
Tatsuro Enokura
15 years, 5 months
[libvirt] [PATCH] OpenNebula driver changes
by Javier Fontan
Hello,
The first patch makes OpenNebula driver compilable in recent codebase.
The second one adds direct calls to xmlrpc library so it does not
depend on OpenNebula libraries and can be licensed as LGPL.
I have compiled libvirt with the modifications without errors but with
the current version I checked out from git repository I am having
problems:
--8<------
(LD) -o libvirtd libvirtd-event.o libvirtd-qemud.o libvirtd-remote.o
libvirtd-remote_protocol.o
../src/.libs/libvirt_driver_storage.a(storage_backend.o): In function
`virStorageBackendWaitForDevices':
/home/jfontan/git/libvirt.git/src/storage_backend.c:262: undefined
reference to `virNodeDeviceWaitForDevices'
------>8--
Patches are made from 0a29f59e3b8e2c1fb797d2fa93831f21a3e1711e
Bye
--
Javier Fontan, Grid & Virtualization Technology Engineer/Researcher
DSA Research Group: http://dsa-research.org
Globus GridWay Metascheduler: http://www.GridWay.org
OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org
15 years, 5 months
[libvirt] [PATCH 2/5] Add partition type
by Henrik Persson
This patch add the partition type (primary, extended, logical) in internal libvirt data structure.
This is important when deciding what kind of partition should be created.
15 years, 5 months
[libvirt] libvirt support for qemu downscript
by Shahar Klein
Hi
I'm using virsh to launch a VM.
the if-up script works perfectly
but I couldn't find any reference to using down script
I 'gueesed ' and put something like that:
<interface type='ethernet'>
.
.
<script path='ifup'/>
<downscript path='ifdwon'/>
.
.
</interface>
but the down script is not called on shutdown
am I missing something?
thanks
Shahar
15 years, 5 months
[libvirt] virsh hangs
by Garry Dolley
My system:
Ubuntu Jaunty 9.04
libvirt 0.6.4
kvm 0.8.4
qemu 0.10.0
I'm not sure what triggered this, I was working with several VMs,
and then found that virsh decided to hang:
garry@kvr02:~$ virsh list
Connecting to uri: qemu:///system
<hang>
I have to ^C out of it.
If I 'force-stop' and then 'start' libvirt-bin:
garry@kvr02:~$ sudo /etc/init.d/libvirt-bin force-stop
* Forcefully stopping libvirt management daemon libvirtd
...done.
garry@kvr02:~$ sudo /etc/init.d/libvirt-bin start
* Starting libvirt management daemon libvirtd
...done.
I can then get something:
garry@kvr02:~$ virsh list
Connecting to uri: qemu:///system
Id Name State
----------------------------------
1 vm1 running
4 s3-lax running
14 freebsd-test running
19 freebsd-2 running
<hang>
But it hangs after that 4th one. I must ^C it again.
If I do 'virsh list' again, it'll then show nothing (hangs like it
does above).
Any suggestions?
Thanks
--
Garry Dolley
ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181
Data center, VPS, and IP Transit solutions
Member Los Angeles County REACT, Unit 336 | WQGK336
Blog http://scie.nti.st
15 years, 5 months
Re: [libvirt] virsh hangs
by Garry Dolley
On Tue, Jun 23, 2009 at 04:08:25PM -0300, Itamar Reis Peixoto wrote:
> why you don't try Fedora 11
>
> it's have newer versions of libvirt and KVM
>
> and if you have problem's you can report a bug or talk with developers using IRC
Why don't I use Fedora? Let's not go there... ;)
--
Garry Dolley
ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181
Data center, VPS, and IP Transit solutions
Member Los Angeles County REACT, Unit 336 | WQGK336
Blog http://scie.nti.st
15 years, 5 months
[libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
by Ryota Ozaki
Hi,
Current lxc driver unexpectedly allows users inside containers to reboot
host physical machine. This patch prevents this by dropping CAP_SYS_BOOT
capability in the bounding set of the init processes in every containers.
Note that the patch intends to make it easy to add further capabilities
to drop if needed, although I'm not sure which capabilities should be
dropped. (We might need to drop CAP_SETFCAP as well to be strict...)
Thanks,
ozaki-r
Signed-off-by: Ryota Ozaki <ozaki.ryota(a)gmail.com>
>From 0e7a7622bc6411bbe76c05c63c6e6e61d379d97b Mon Sep 17 00:00:00 2001
From: Ryota Ozaki <ozaki.ryota(a)gmail.com>
Date: Fri, 8 May 2009 04:29:24 +0900
Subject: [PATCH] lxc: drop CAP_SYS_BOOT capability to prevent
rebooting from inside containers
Current lxc driver unexpectedly allows users inside containers to reboot
host physical machine. This patch prevents this by dropping CAP_SYS_BOOT
capability in the bounding set of the init processes in every containers.
---
src/lxc_container.c | 30 ++++++++++++++++++++++++++++++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/src/lxc_container.c b/src/lxc_container.c
index 3946b84..37ab216 100644
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -32,6 +32,8 @@
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/wait.h>
+#include <sys/prctl.h>
+#include <sys/capability.h>
#include <unistd.h>
#include <mntent.h>
@@ -639,6 +641,30 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
return lxcContainerSetupExtraMounts(vmDef);
}
+
+static int lxcContainerDropCapabilities( virDomainDefPtr vmDef )
+{
+ int i;
+ const struct {
+ int id;
+ const char *name;
+ } caps[] = {
+#define ID_STRING(name) name, #name
+ { ID_STRING(CAP_SYS_BOOT) },
+ };
+
+ for (i = 0 ; i < ARRAY_CARDINALITY(caps) ; i++) {
+ if (prctl(PR_CAPBSET_DROP, caps[i].id, 0, 0, 0)) {
+ lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ "%s", _("failed to drop %s"), caps[i].name);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
/**
* lxcChild:
* @argv: Pointer to container arguments
@@ -705,6 +731,10 @@ static int lxcContainerChild( void *data )
if (lxcContainerEnableInterfaces(argv->nveths, argv->veths) < 0)
return -1;
+ /* drop a set of root capabilities */
+ if (lxcContainerDropCapabilities(vmDef) < 0)
+ return -1;
+
/* this function will only return if an error occured */
return lxcContainerExecInit(vmDef);
}
--
1.6.0.6
15 years, 5 months
