November 2011 - Devel - libvirt List Archives

[libvirt] [PATCH 1/8] Add new API virDomain{Set, Get}BlockIoTune
by Lei Li 10 Nov '11

10 Nov '11

This patch add new pulic API virDomainSetBlockIoTune and virDomainGetBlockIoTune. Signed-off-by: Zhi Yong Wu <wuzhy(a)linux.vnet.ibm.com> Signed-off-by: Lei Li <lilei(a)linux.vnet.ibm.com> --- include/libvirt/libvirt.h.in | 26 +++++++++ src/driver.h | 19 +++++++ src/libvirt.c | 115 ++++++++++++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 2 + 4 files changed, 162 insertions(+), 0 deletions(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index aa320b6..a79c35e 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -1640,6 +1640,32 @@ int virDomainBlockJobSetSpeed(virDomainPtr dom, const char *path, int virDomainBlockPull(virDomainPtr dom, const char *path, unsigned long bandwidth, unsigned int flags); +/* + * Block I/O throttling support + */ + +typedef struct _virDomainBlockIoTuneInfo virDomainBlockIoTuneInfo; +struct _virDomainBlockIoTuneInfo { + unsigned long long total_bytes_sec; + unsigned long long read_bytes_sec; + unsigned long long write_bytes_sec; + unsigned long long total_iops_sec; + unsigned long long read_iops_sec; + unsigned long long write_iops_sec; +}; +typedef virDomainBlockIoTuneInfo *virDomainBlockIoTuneInfoPtr; + +int +virDomainSetBlockIoTune(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr info, + unsigned int flags); +int +virDomainGetBlockIoTune(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr reply, + unsigned int flags); + /* * NUMA support diff --git a/src/driver.h b/src/driver.h index 4c14aaa..9628ad7 100644 --- a/src/driver.h +++ b/src/driver.h @@ -741,6 +741,23 @@ typedef int unsigned long bandwidth, unsigned int flags); +/* + * Block I/O throttling support + */ + +typedef int + (*virDrvDomainSetBlockIoTune)(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr info, + unsigned int flags); + +typedef int + (*virDrvDomainGetBlockIoTune)(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr reply, + unsigned int flags); + + /** * _virDriver: * @@ -899,6 +916,8 @@ struct _virDriver { virDrvDomainGetBlockJobInfo domainGetBlockJobInfo; virDrvDomainBlockJobSetSpeed domainBlockJobSetSpeed; virDrvDomainBlockPull domainBlockPull; + virDrvDomainSetBlockIoTune domainSetBlockIoTune; + virDrvDomainGetBlockIoTune domainGetBlockIoTune; }; typedef int diff --git a/src/libvirt.c b/src/libvirt.c index b0d1e01..79ac84d 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -17083,3 +17083,118 @@ error: virDispatchError(dom->conn); return -1; } + +/** + * virDomainSetBlockIoTune: + * @dom: pointer to domain object + * @disk: Fully-qualified disk name + * @info: Specify block I/O limits in bytes + * @flags: An OR'ed set of virDomainModificationImpact + * + * This function is mainly to enable Block I/O throttling function in libvirt. + * It is used to change the block I/O throttling setting for specified domain. + * + * Returns 0 if the operation has started, -1 on failure. + */ +int virDomainSetBlockIoTune(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr info, + unsigned int flags) +{ + virConnectPtr conn; + + VIR_DOMAIN_DEBUG(dom, "disk=%p, info=%p, flags=%x", + disk, info, flags); + + virResetLastError(); + + if (!VIR_IS_CONNECTED_DOMAIN (dom)) { + virLibDomainError(VIR_ERR_INVALID_DOMAIN, __FUNCTION__); + virDispatchError(NULL); + return -1; + } + conn = dom->conn; + + if (dom->conn->flags & VIR_CONNECT_RO) { + virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } + + if (!disk) { + virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); + goto error; + } + + if (!info) { + virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); + goto error; + } + + if (conn->driver->domainSetBlockIoTune) { + int ret; + ret = conn->driver->domainSetBlockIoTune(dom, disk, info, flags); + if (ret < 0) + goto error; + return ret; + } + + virLibDomainError(VIR_ERR_NO_SUPPORT, __FUNCTION__); + +error: + virDispatchError(dom->conn); + return -1; +} + +/** + * virDomainGetBlockIoTune: + * @dom: pointer to domain object + * @disk: Fully-qualified disk name + * @reply: Specify block I/O info in bytes + * @flags: An OR'ed set of virDomainModificationImpact + * + * This function is mainly to enable Block I/O throttling function in libvirt. + * It is used to get the block I/O throttling setting for specified domain. + * + * Returns 0 if the operation has started, -1 on failure. + */ + +int virDomainGetBlockIoTune(virDomainPtr dom, + const char *disk, + virDomainBlockIoTuneInfoPtr reply, + unsigned int flags) +{ + virConnectPtr conn; + + VIR_DOMAIN_DEBUG(dom, "disk=%p, reply=%p, flags=%x", + disk, reply, flags); + + virResetLastError(); + + if (!VIR_IS_CONNECTED_DOMAIN (dom)) { + virLibDomainError(VIR_ERR_INVALID_DOMAIN, __FUNCTION__); + virDispatchError(NULL); + return -1; + } + conn = dom->conn; + + if (!disk) { + virLibDomainError(VIR_ERR_INVALID_ARG, __FUNCTION__); + goto error; + } + + if (conn->driver->domainGetBlockIoTune) { + int ret; + ret = conn->driver->domainGetBlockIoTune(dom, disk, reply, flags); + if (ret < 0) + goto error; + return ret; + } + + virLibDomainError(VIR_ERR_NO_SUPPORT, __FUNCTION__); + +error: + virDispatchError(dom->conn); + return -1; + +} + diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index bcefb10..4808891 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -496,6 +496,8 @@ LIBVIRT_0.9.7 { virDomainSnapshotGetParent; virDomainSnapshotListChildrenNames; virDomainSnapshotNumChildren; + virDomainSetBlockIoTune; + virDomainGetBlockIoTune; } LIBVIRT_0.9.5; # .... define new API here using predicted next version number .... -- 1.7.1

4 5

[libvirt] qemu: Remove code instantiating filters on direct interfaces
by Stefan Berger 10 Nov '11

10 Nov '11

Remove code that instantiates network filters on direct type of interfaces. The parser already does not accept filters on those type of interfaces. --- src/qemu/qemu_command.c | 26 +------------------------- src/qemu/qemu_command.h | 1 - src/qemu/qemu_hotplug.c | 2 +- 3 files changed, 2 insertions(+), 27 deletions(-) Index: libvirt-acl/src/qemu/qemu_command.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_command.c +++ libvirt-acl/src/qemu/qemu_command.c @@ -135,7 +135,6 @@ uname_normalize (struct utsname *ut) */ int qemuPhysIfaceConnect(virDomainDefPtr def, - virConnectPtr conn, struct qemud_driver *driver, virDomainNetDefPtr net, virBitmapPtr qemuCaps, @@ -145,7 +144,6 @@ qemuPhysIfaceConnect(virDomainDefPtr def #if WITH_MACVTAP char *res_ifname = NULL; int vnet_hdr = 0; - int err; if (qemuCapsGet(qemuCaps, QEMU_CAPS_VNET_HDR) && net->model && STREQ(net->model, "virtio")) @@ -165,28 +163,6 @@ qemuPhysIfaceConnect(virDomainDefPtr def net->ifname = res_ifname; } - if (rc >=0 && driver->macFilter) { - if ((err = networkAllowMacOnPort(driver, net->ifname, net->mac))) { - virReportSystemError(err, - _("failed to add ebtables rule to allow MAC address on '%s'"), - net->ifname); - } - } - - if (rc >= 0) { - if ((net->filter) && (net->ifname)) { - err = virDomainConfNWFilterInstantiate(conn, net); - if (err) { - VIR_FORCE_CLOSE(rc); - delMacvtap(net->ifname, net->mac, - virDomainNetGetActualDirectDev(net), - virDomainNetGetActualDirectMode(net), - virDomainNetGetActualDirectVirtPortProfile(net), - driver->stateDir); - VIR_FREE(net->ifname); - } - } - } #else (void)def; (void)conn; @@ -4173,7 +4149,7 @@ qemuBuildCommandLine(virConnectPtr conn, tapfd) >= sizeof(tapfd_name)) goto no_memory; } else if (actualType == VIR_DOMAIN_NET_TYPE_DIRECT) { - int tapfd = qemuPhysIfaceConnect(def, conn, driver, net, + int tapfd = qemuPhysIfaceConnect(def, driver, net, qemuCaps, vmop); if (tapfd < 0) goto error; Index: libvirt-acl/src/qemu/qemu_command.h =================================================================== --- libvirt-acl.orig/src/qemu/qemu_command.h +++ libvirt-acl/src/qemu/qemu_command.h @@ -132,7 +132,6 @@ int qemuNetworkIfaceConnect(virDomainDef ATTRIBUTE_NONNULL(2); int qemuPhysIfaceConnect(virDomainDefPtr def, - virConnectPtr conn, struct qemud_driver *driver, virDomainNetDefPtr net, virBitmapPtr qemuCaps, Index: libvirt-acl/src/qemu/qemu_hotplug.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_hotplug.c +++ libvirt-acl/src/qemu/qemu_hotplug.c @@ -676,7 +676,7 @@ int qemuDomainAttachNetDevice(virConnect if (qemuOpenVhostNet(vm->def, net, priv->qemuCaps, &vhostfd) < 0) goto cleanup; } else if (actualType == VIR_DOMAIN_NET_TYPE_DIRECT) { - if ((tapfd = qemuPhysIfaceConnect(vm->def, conn, driver, net, + if ((tapfd = qemuPhysIfaceConnect(vm->def, driver, net, priv->qemuCaps, VIR_VM_OP_CREATE)) < 0) goto cleanup;

2 2

[libvirt] [PATCH 0/4] Support macvlan devices for LXC containers
by Daniel P. Berrange 10 Nov '11

10 Nov '11

This series does the bare minimum required to support the network inteface type=direct for LXC containers, using macvlan devices as the implementation. There is a slight complication though... For bridged container NICs we create a veth pair of devices. One of the devices lives host side, and is enslaved in a bridge. The other veth device gets moved to the container namespace to form the eth0. So we both both a host & container side device visible. For direct container NICS we create a macvlan device, which is moved to the container namespace. There is no host side interface that is dedicated for the container - only the general ethernet device the macvlan is bound to. Since there is no host side interface for the container we are unable to create network filter rules, or network bandwidth controls. In addition while we could perform the 8021.Qb{gh} association during container startup, before moving the macvlan device to the container namespace, we can't perform any disassociation on container shutdown. By the time we see the container has shutdown, the macvlan device has already been killed off. The inability to setup iptables/tc rules against devices that are only visible in the container namespace is arguably a flaw in the Linux kernel's namespace code support for iptables/tc. There ought to be a syntax for iptables/tc to write rules which affect NICs in other namespaces

2 10

[libvirt] [PATCH 0/5] Support Blkio tune, CPU tune, NUMA, CPU affinity in LXC
by Daniel P. Berrange 10 Nov '11

10 Nov '11

The following patch series brings the LXC driver upto parity with the QEMU driver in terms of support for various performance tuning controls

1 5

[libvirt] [PATCH] Disable numactl on ARM architectures too
by Daniel P. Berrange 10 Nov '11

10 Nov '11

From: "Daniel P. Berrange" <berrange(a)redhat.com> Pushed under trivial rule - a backport from the Fedora spec * libvirt.spec.in: Disable numactl on ARM --- libvirt.spec.in | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 10280f0..d4e3e17 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -92,8 +92,8 @@ %define with_libxl 0 %endif -# Numactl is not available on s390[x] -%ifarch s390 s390x +# Numactl is not available on s390[x] and ARM +%ifarch s390 s390x %{arm} %define with_numactl 0 %endif -- 1.7.6.4

1 0

[libvirt] [PATCH] Add libvirt confdir to files section in mingw32 spec
by Daniel P. Berrange 10 Nov '11

10 Nov '11

From: "Daniel P. Berrange" <berrange(a)redhat.com> Pushed under the trivial rule - this fix pulled back from Fedora * mingw32-libvirt.spec.in: Ensure we own the confdir --- mingw32-libvirt.spec.in | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/mingw32-libvirt.spec.in b/mingw32-libvirt.spec.in index c2690f3..89d1d7f 100644 --- a/mingw32-libvirt.spec.in +++ b/mingw32-libvirt.spec.in @@ -126,6 +126,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) +%dir %{_mingw32_sysconfdir}/libvirt/ %config(noreplace) %{_mingw32_sysconfdir}/libvirt/libvirt.conf %{_mingw32_bindir}/libvirt-0.dll -- 1.7.6.4

1 0

[libvirt] nwfilter - limit VM traffic to specific mac address
by Shahar Havivi 10 Nov '11

10 Nov '11

Hi, I want to limit VM traffic to a specific MAC address, ie VMs cannot traffic each other other then a specific gateway. I am using custom nwfilter name: isolatedprivatevlan-vdsm.xml located in /etc/libvirt/nwfilter/: <filter name='isolatedprivatevlan-vdsm' chain='root'> <filterref filter='clean-traffic'/> <rule action='drop' direction='out' priority='500'> <mac match='no' dstmacaddr='$GATEWAY_MAC'/> </rule> </filter> VM1 domian xml portion: <interface type="bridge"> <mac address="00:1a:4a:16:01:53"/> <model type="virtio"/> <source bridge="red"/> <filterref filter="isolatedprivatevlan-vdsm"> <parameter name="GATEWAY_MAC" value="00:00:0c:07:ac:00"/> </filterref> </interface> VM2 domian xml portion: <interface type="bridge"> <mac address="00:1a:4a:16:01:52"/> <model type="virtio"/> <source bridge="red"/> <filterref filter="isolatedprivatevlan-vdsm"> <parameter name="GATEWAY_MAC" value="00:00:0c:07:ac:00"/> </filterref> </interface> in each VM (Fedora 15 LiveCD) I assign ip: # ifconfig eth0 10.35.1.240 netmask 255.255.254.0 # route add default gw 10.35.1.1 vm2: # ifconfig eth0 10.35.1.241 netmask 255.255.254.0 # route add default gw 10.35.1.1 but the filter is not working, I can ping the VMs from each other, Am I missing something? Thanks, Shahar Havivi.

2 11

Re: [libvirt] [PATCH] fix crash when starting network
by lvroyce 10 Nov '11

10 Nov '11

tested-by: Wen Ruo Lv<lvroyce(a)linux.vnet.ibm.com> tested 1.net-start cmd with bridge mac specified (failed) 2.attach-device cmd with a hot plug nic(ok) My network is as below: <network> <name>default</name> <uuid>361441af-e1f0-472d-a503-dfcbbefa03fb</uuid> <forward mode='nat'/> <bridge name='virbr0' stp='on' delay='0' /> <mac address='00:16:3E:5D:C7:9E'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254' /> </dhcp> </ip> </network> It fails at brSetInterfaceMac-->return ioctl(ctl->fd, SIOCSIFHWADDR, &ifr) but SIOCGIFHWADDR succeed. error msg is: cannot create dummy tap device 'virbr0-nic' to set mac address on bridge 'virbr0':no such device

1 0

[libvirt] [test-API][PATCH 1/3] add new "clean" keyword to clean environment after each testcase
by Guannan Ren 10 Nov '11

10 Nov '11

testcase1 option1 avalue option2 bvalue clean testcase2 option1 cvalue option2 dvalue clean --- generator.py | 44 ++++++++++++++++++++++++++++++++------------ 1 files changed, 32 insertions(+), 12 deletions(-) diff --git a/generator.py b/generator.py index 5a3a2ab..2d59353 100644 --- a/generator.py +++ b/generator.py @@ -41,6 +41,7 @@ class FuncGen(object): self.lockfile = lockfile self.bugstxt = bugstxt self.loglevel = loglevel + self.testcase_number = 0 self.fmt = format.Format(logfile) self.log_xml_parser = log_xml_parser @@ -49,19 +50,21 @@ class FuncGen(object): self.__case_info_save(activity, testrunid) mapper_obj = mapper.Mapper(activity) - pkg_tripped_cases = mapper_obj.get_package_tripped() + pkg_casename_func = mapper_obj.package_casename_func_map() - for test_procedure in pkg_tripped_cases: + for test_procedure in pkg_casename_func: log_xml_parser.add_testprocedure_xml(testrunid, testid, test_procedure) self.cases_ref_names = [] - for case in pkg_tripped_cases: + for case in pkg_casename_func: case_ref_name = case.keys()[0] + if case_ref_name[-6:] != "_clean": + self.testcase_number += 1 self.cases_ref_names.append(case_ref_name) self.cases_params_list = [] - for case in pkg_tripped_cases: + for case in pkg_casename_func: case_params = case.values()[0] self.cases_params_list.append(case_params) @@ -101,7 +104,7 @@ class FuncGen(object): envlog = log.EnvLog(self.logfile, self.loglevel) logger = envlog.env_log() - testcase_number = len(self.cases_ref_names) + loop_number = len(self.cases_ref_names) start_time = time.strftime("%Y-%m-%d %H:%M:%S") logger.info("Checking Testing Environment... ") @@ -111,7 +114,7 @@ class FuncGen(object): sys.exit(1) else: logger.info("\nStart Testing:") - logger.info(" Case Count: %s" % testcase_number) + logger.info(" Case Count: %s" % self.testcase_number) logger.info(" Log File: %s\n" % self.logfile) del envlog @@ -119,21 +122,31 @@ class FuncGen(object): logger = caselog.case_log() retflag = 0 - for i in range(testcase_number): + for i in range(loop_number): case_ref_name = self.cases_ref_names[i] - self.fmt.printf('start', case_ref_name) + pkg_casename = case_ref_name.rpartition(":")[0] + funcname = case_ref_name.rpartition(":")[-1] + + cleanoper = 0 if "_clean" not in funcname else 1 + + if not cleanoper: + self.fmt.printf('start', pkg_casename) + else: + self.fmt.printf('string', 12*" " + "Cleaning...") + case_params = self.cases_params_list[i] case_start_time = time.strftime("%Y-%m-%d %H:%M:%S") ret = -1 + clean_ret = -1 try: try: if case_ref_name != 'sleep': case_params['logger'] = logger - existed_bug_list = self.bug_check(case_ref_name) + existed_bug_list = self.bug_check(pkg_casename) if len(existed_bug_list) == 0: if case_ref_name == 'sleep': @@ -143,13 +156,16 @@ class FuncGen(object): ret = 0 else: ret = self.cases_func_ref_dict[case_ref_name](case_params) + if cleanoper: + clean_ret = ret + ret = 0 else: logger.info("about the testcase , bug existed:") for existed_bug in existed_bug_list: logger.info("%s" % existed_bug) ret = 100 - self.fmt.printf('end', case_ref_name, ret) + self.fmt.printf('end', pkg_casename, ret) continue except Exception, e: logger.error(traceback.format_exc()) @@ -163,7 +179,11 @@ class FuncGen(object): else: pass retflag += ret - self.fmt.printf('end', case_ref_name, ret) + + if not cleanoper: + self.fmt.printf('end', pkg_casename, ret) + else: + self.fmt.printf('string', 21*" " + "Done" if clean_ret < 1 else 21*" " + "Fail") end_time = time.strftime("%Y-%m-%d %H:%M:%S") del caselog @@ -172,7 +192,7 @@ class FuncGen(object): logger = envlog.env_log() logger.info("\nSummary:") logger.info(" Total:%s [Pass:%s Fail:%s]" % \ - (testcase_number, (testcase_number - retflag), retflag)) + (self.testcase_number, (self.testcase_number - retflag), retflag)) del envlog result = (retflag and "FAIL") or "PASS" -- 1.7.1

2 4

[libvirt] [PATCH 0/2] fix nwfilter when /tmp is mounted noexec
by Eric Blake 10 Nov '11

10 Nov '11

https://bugzilla.redhat.com/show_bug.cgi?id=752254 points out that libvirt cannot support nwfilter on a system with /tmp mounted noexec (which is a very common setup in security-conscious setups), all because we were trying to directly invoke a temporary script instead of invoking a shell to read the script. I've split this patch into 2 parts, on the off-chance that patch 2 would run afoul of command line length limits (if the total size of the generated nwfilter commands could possibly cause E2BIG, then we have to go through a temporary file). But my recollection is that modern Linux kernels support unlimited command-line length (that is, ARG_MAX is not a concern on Linux), and that nwfilter_ebiptables_driver only compiles on Linux, so my preference would be to squash these into a single commit, if others agree that we don't have to worry about length limits. At any rate, I'm quite impressed at the number of lines of code I was able to remove in order to fix a bug! Eric Blake (2): nwfilter: avoid failure with noexec /tmp nwfilter: simplify execution of ebiptables scripts src/nwfilter/nwfilter_ebiptables_driver.c | 134 ++-------------------------- 1 files changed, 10 insertions(+), 124 deletions(-) -- 1.7.4.4

3 10