March 2011 - Devel - Libvirt List Archives

[libvirt] [PATCH 2/2] Ignore backing file errors in FS storage pool (v3)

by Philipp Hahn

Currently a single storage volume with a broken backing file will disable the whole storage pool. This can happen when the backing file is on some unavailable network storage or if the backing volume is deleted, while the storage volumes using it are not. Since the storage pool then can not be re-activated, re-creating the missing or deleting the now useless volumes using libvirt only is impossible. To "fix" this case, all errors detected during storage pool activation are now (silently) ignored. Errors are still logged by the called functions, which have more knowledge on the detailed error condition. To reproduce: dir=$(mktemp -d) virsh pool-create-as tmp dir '' '' '' '' "$dir" virsh vol-create-as --format qcow2 tmp back 1G virsh vol-create-as --format qcow2 --backing-vol-format qcow2 --backing-vol back tmp cow 1G virsh vol-delete --pool tmp back virsh pool-refresh tmp After the last step, the pool will be gone (because it was not persistent). As long as the now broken image stays in the directory, you will not be able to re-create or re-start the pool. Signed-off-by: Philipp Hahn <hahn(a)univention.de> --- src/storage/storage_backend_fs.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-)

14 years

3
5
0 / 0

[libvirt] Question about PHP licencing for libvirt-php (php-libvirt for Fedora)

by Michal Novotny

Hi, I don't know who's the right person to ask so I'm posting this into the libvir-list. We're going to have the libvirt-php package in Fedora (but renamed to php-libvirt only) but I don't know about the licencing. The licence in the SPEC file (by Lyre) is set to "PHP" however the licence file describes the GPL licence. My question is whether somebody does know whether it's OK to write a PHP extension under GPL licence or whether we need the PHP licence for this. Anybody knows? Thanks a lot for your reply, Michal -- Michal Novotny<minovotn(a)redhat.com>, RHCE Virtualization Team (xen userspace), Red Hat

14 years

8
21
0 / 0

[libvirt] [PATCH 0/6] new virsh command "blkiotune" support

by Gui Jianfeng

Hi All, This series implements a new command "blkiotune" for virsh. A lot of code borrows from memtune. You are able to tune blkio cgroup tunables by this command as follows. Show tunables #virsh blkiotune My_guest weight : 900 Tune tunables(Set IO weight) #virsh blkiotune My_guest --weight 500 #virsh blkiotune My_guest weight : 500 Thanks, Gui

14 years

5
47
0 / 0

[libvirt] Fix umask on error path in qemudListenUnix

by Guido Günther

Hi, Attached patch makes sure we reset the umask in qemudListenUnix on the error path. O.k. to apply? -- Guido

14 years

2
2
0 / 0

[libvirt] [PATCHv3 0/2] more audit patches - audit network device fds

by Eric Blake

I hope this closes out my audit series. As promised in https://www.redhat.com/archives/libvir-list/2011-March/msg00415.html, here's the updated and tested network device auditing patches. This time, I've completed testing: in virt-manager, I attached a hypervisor default (non-virtio, so no /dev/vhost-net), then detached it, then attached a virtio interface in its place, and got the following audit messages: type=VIRT_RESOURCE msg=audit(1299702937.924:81114): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:80:C6:06' path="/dev/net/tun" rdev=0A:C8: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_RESOURCE msg=audit(1299702937.928:81115): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=attach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='?' new-net='52:54:00:80:C6:06': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_RESOURCE msg=audit(1299702995.378:81117): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=detach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='52:54:00:80:C6:06' new-net='?': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_RESOURCE msg=audit(1299703012.919:81119): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:31:26:F9' path="/dev/net/tun" rdev=0A:C8: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_RESOURCE msg=audit(1299703012.919:81120): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=open vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 net='52:54:00:31:26:F9' path="/dev/vhost-net" rdev=0A:39: exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_RESOURCE msg=audit(1299703013.002:81121): user pid=499 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=net reason=attach vm="fedora_12" uuid=51c6fc83-65a4-e627-b698-042b00145201 old-net='?' new-net='52:54:00:31:26:F9': exe="/home/dummy/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/0 res=success' Changes in v3: rename the audit method to qemuAuditNetDevice, and insert audit points after all attempts to open a network device that might later be passed to a qemu -netdev; document why I didn't audit closeout of said fds Eric Blake (2): qemu: support vhost in attach-interface audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net src/qemu/qemu_audit.c | 41 ++++++++++++++++++++++++++++++++ src/qemu/qemu_audit.h | 5 ++++ src/qemu/qemu_command.c | 43 ++++++++++++++++----------------- src/qemu/qemu_command.h | 14 ++++++++--- src/qemu/qemu_hotplug.c | 60 ++++++++++++++++++++++++++++++++++++++++------ 5 files changed, 129 insertions(+), 34 deletions(-) -- 1.7.4

14 years

2
9
0 / 0

[libvirt] [PATCH v3 0/5] qemu: Support domain snapshots with current QMP

by Jiri Denemark

This version 3 gets back to the second alternative for HMP passthrough implementation provided in version 1. Changes made sinve that version 1 was posted are: - separate HMP passthrough infrastructure into a standalone patch - use qemuMonitorHMPCommand* and qemuMonitorTextCommand* instead of just qemuMonitorCommand* to make it obvious they deal with HMP/text monitor - implement HMP fallback for {load,del}vm in addition to savevm - escape snapshot name Jiri Denemark (5): qemu: Setup infrastructure for HMP passthrough qemu: Rename qemuMonitorCommand{,WithFd} as qemuMonitorHMP* qemu: Rename qemuMonitorCommandWithHandler as qemuMonitorText* qemu: Fallback to HMP for snapshot commands qemu: Escape snapshot name passed to {save,load,del}vm src/qemu/qemu_monitor.c | 12 +++ src/qemu/qemu_monitor.h | 8 ++- src/qemu/qemu_monitor_json.c | 121 ++++++++++++++++++++++--------- src/qemu/qemu_monitor_json.h | 5 ++ src/qemu/qemu_monitor_text.c | 163 ++++++++++++++++++++++-------------------- src/qemu/qemu_monitor_text.h | 5 ++ 6 files changed, 200 insertions(+), 114 deletions(-) -- 1.7.4.1

14 years

2
12
0 / 0

[libvirt] [PATCH] qemu: Fix warnings in event handlers

by Jiri Denemark

Some qemu monitor event handlers were issuing inadequate warning when virDomainSaveStatus() failed. They copied the message from I/O error handler without customizing it to provide better information on why virDomainSaveStatus() was called. --- src/qemu/qemu_process.c | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ee1b4c4..4414a7c 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -339,15 +339,18 @@ qemuProcessHandleStop(qemuMonitorPtr mon ATTRIBUTE_UNUSED, virDomainObjLock(vm); if (vm->state == VIR_DOMAIN_RUNNING) { - VIR_DEBUG("Transitioned guest %s to paused state due to unknown event", vm->def->name); + VIR_DEBUG("Transitioned guest %s to paused state due to unknown event", + vm->def->name); vm->state = VIR_DOMAIN_PAUSED; event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_SUSPENDED, VIR_DOMAIN_EVENT_SUSPENDED_PAUSED); - if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) - VIR_WARN("Unable to save status on vm %s after IO error", vm->def->name); + if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) { + VIR_WARN("Unable to save status on vm %s after state change", + vm->def->name); + } } virDomainObjUnlock(vm); @@ -412,8 +415,10 @@ qemuProcessHandleWatchdog(qemuMonitorPtr mon ATTRIBUTE_UNUSED, VIR_DOMAIN_EVENT_SUSPENDED, VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG); - if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) - VIR_WARN("Unable to save status on vm %s after IO error", vm->def->name); + if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) { + VIR_WARN("Unable to save status on vm %s after watchdog event", + vm->def->name); + } } if (vm->def->watchdog->action == VIR_DOMAIN_WATCHDOG_ACTION_DUMP) { -- 1.7.4.1

14 years

2
2
0 / 0

[libvirt] [PATCH 0/3] Support domain snapshots with current QMP whithout savevm command

by Jiri Denemark

This is quite hacky since it involves falling back to HMP when savevm command is not found in QMP, which is something qemu monitor code was not designed to support. Hence, I'm providing 2 version of the first patch: 1.1/3 and 1.2/3. - 1.1/3 version only touches JSON monitor code but involves copy&paste of the snapshot code from text monitor - 1.2/3 touches more files but doesn't require duplicating the text monitor snapshot implementation into qemu_monitor_json.c. However, it results in somewhat funky call graphs: -> qemuMonitorJSONCreateSnapshot -> qemuMonitorTextCreateSnapshot -> qemuMonitorCommand (a macro expanding to qemuMonitorCommandWithFd) -> qemuMonitorJSONHumanCommandWithFd -> qemuMonitorJSONCommandWithFd The possibility to call qemuMonitorTextCreateSnapshot directly on JSON monitor is implemented by generalizing qemuMonitorCommandWithFd, which now either calls to qemuMonitorJSONHumanCommandWithFd or qemuMonitorTextCommandWithFd (former qemuMonitorCommandWithFd) depending on the monitor type. I prefer version 2 since it reuses text monitor implementation, but other may prefer version 1, which is a bit more local... Jiri Denemark (3): qemu: Fallback to HMP when savevm QMP command is not found qemu: Refactor qemuDomainSnapshotCreateXML qemu: Stop guest CPUs before creating a snapshot -- 1.7.4.1

14 years

2
11
0 / 0

[libvirt] [PATCH v2] Make LXC container startup/shutdown/I/O more robust

by Daniel P. Berrange

The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'cpuacct' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully --- docs/drvlxc.html.in | 18 +++++ src/lxc/lxc_controller.c | 42 +++++++++--- src/lxc/lxc_driver.c | 155 ++++++++++++++++++---------------------------- 3 files changed, 110 insertions(+), 105 deletions(-) diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index 35058c4..3e715b1 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -9,6 +9,24 @@ light-weight "application container" which does not have it's own root image. Y start it using </p> +<h2>Cgroups Requirements</h2> + +<p> +The libvirt LXC driver requires that certain cgroups controllers are +mounted on the host OS. The minimum required controllers are 'cpuacct', +'memory' and 'devices', while recommended extra controllers are +'cpu', 'freezer' and 'blkio'. The /etc/cgconfig.conf & cgconfig +init service used to mount cgroups at host boot time. To manually +mount them use. NB, the blkio controller in some kernels will not +allow creation of nested sub-directories which will prevent correct +operation of the libvirt LXC driver. On such kernels the blkio controller +must not be mounted. +</p> + +<pre> + # mount -t cgroup cgroup /dev/cgroup -o cpuacct,memory,devices,cpu,freezer,blkio +</pre> + <h3>Example config version 1</h3> <p></p> <pre> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index d2b113c..61e21c3 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -32,6 +32,7 @@ #include <sys/personality.h> #include <unistd.h> #include <paths.h> +#include <errno.h> #include <fcntl.h> #include <signal.h> #include <getopt.h> @@ -120,12 +121,10 @@ static int lxcSetContainerResources(virDomainDefPtr def) virReportSystemError(-rc, _("Unable to set memory limit for domain %s"), def->name); - /* Don't fail if we can't set memory due to lack of kernel support */ - if (rc != -ENOENT) - goto cleanup; + goto cleanup; } - if(def->mem.hard_limit) { + if (def->mem.hard_limit) { rc = virCgroupSetMemoryHardLimit(cgroup, def->mem.hard_limit); if (rc != 0) { virReportSystemError(-rc, @@ -135,7 +134,7 @@ static int lxcSetContainerResources(virDomainDefPtr def) } } - if(def->mem.soft_limit) { + if (def->mem.soft_limit) { rc = virCgroupSetMemorySoftLimit(cgroup, def->mem.soft_limit); if (rc != 0) { virReportSystemError(-rc, @@ -145,7 +144,7 @@ static int lxcSetContainerResources(virDomainDefPtr def) } } - if(def->mem.swap_hard_limit) { + if (def->mem.swap_hard_limit) { rc = virCgroupSetSwapHardLimit(cgroup, def->mem.swap_hard_limit); if (rc != 0) { virReportSystemError(-rc, @@ -324,6 +323,18 @@ ignorable_epoll_accept_errno(int errnum) || errnum == EWOULDBLOCK); } +static bool +lxcPidGone(pid_t container) +{ + waitpid(container, NULL, WNOHANG); + + if (kill(container, 0) < 0 && + errno == ESRCH) + return true; + + return false; +} + /** * lxcControllerMain * @monitor: server socket fd to accept client requests @@ -341,7 +352,8 @@ ignorable_epoll_accept_errno(int errnum) static int lxcControllerMain(int monitor, int client, int appPty, - int contPty) + int contPty, + pid_t container) { int rc = -1; int epollFd; @@ -447,7 +459,13 @@ static int lxcControllerMain(int monitor, ++numActive; } } else if (epollEvent.events & EPOLLHUP) { - VIR_DEBUG("EPOLLHUP from fd %d", epollEvent.data.fd); + if (lxcPidGone(container)) + goto cleanup; + curFdOff = epollEvent.data.fd == appPty ? 0 : 1; + if (fdArray[curFdOff].active) { + fdArray[curFdOff].active = 0; + --numActive; + } continue; } else { lxcError(VIR_ERR_INTERNAL_ERROR, @@ -486,7 +504,9 @@ static int lxcControllerMain(int monitor, --numActive; fdArray[curFdOff].active = 0; } else if (-1 == rc) { - goto cleanup; + if (lxcPidGone(container)) + goto cleanup; + continue; } } @@ -584,7 +604,7 @@ lxcControllerRun(virDomainDefPtr def, int rc = -1; int control[2] = { -1, -1}; int containerPty = -1; - char *containerPtyPath; + char *containerPtyPath = NULL; pid_t container = -1; virDomainFSDefPtr root; char *devpts = NULL; @@ -706,7 +726,7 @@ lxcControllerRun(virDomainDefPtr def, if (lxcControllerClearCapabilities() < 0) goto cleanup; - rc = lxcControllerMain(monitor, client, appPty, containerPty); + rc = lxcControllerMain(monitor, client, appPty, containerPty, container); cleanup: VIR_FREE(devptmx); diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 5b6f784..7aaa5cd 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -952,36 +952,16 @@ cleanup: * @driver: pointer to driver structure * @vm: pointer to VM to clean up * - * waitpid() on the container process. kill and wait the tty process - * This is called by both lxcDomainDestroy and lxcSigHandler when a - * container exits. - * - * Returns 0 on success or -1 in case of error + * Cleanout resources associated with the now dead VM + * */ -static int lxcVmCleanup(lxc_driver_t *driver, +static void lxcVmCleanup(lxc_driver_t *driver, virDomainObjPtr vm) { - int rc = 0; - int waitRc; - int childStatus = -1; virCgroupPtr cgroup; int i; lxcDomainObjPrivatePtr priv = vm->privateData; - while (((waitRc = waitpid(vm->pid, &childStatus, 0)) == -1) && - errno == EINTR) - ; /* empty */ - - if ((waitRc != vm->pid) && (errno != ECHILD)) { - virReportSystemError(errno, - _("waitpid failed to wait for container %d: %d"), - vm->pid, waitRc); - rc = -1; - } else if (WIFEXITED(childStatus)) { - VIR_DEBUG("container exited with rc: %d", WEXITSTATUS(childStatus)); - rc = -1; - } - /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); @@ -1021,8 +1001,6 @@ static int lxcVmCleanup(lxc_driver_t *driver, vm->def->id = -1; vm->newDef = NULL; } - - return rc; } /** @@ -1181,11 +1159,10 @@ error: static int lxcVmTerminate(lxc_driver_t *driver, - virDomainObjPtr vm, - int signum) + virDomainObjPtr vm) { - if (signum == 0) - signum = SIGINT; + virCgroupPtr group = NULL; + int rc; if (vm->pid <= 0) { lxcError(VIR_ERR_INTERNAL_ERROR, @@ -1193,18 +1170,29 @@ static int lxcVmTerminate(lxc_driver_t *driver, return -1; } - if (kill(vm->pid, signum) < 0) { - if (errno != ESRCH) { - virReportSystemError(errno, - _("Failed to kill pid %d"), - vm->pid); - return -1; - } + if (virCgroupForDomain(driver->cgroup, vm->def->name, &group, 0) != 0) + return -1; + + rc = virCgroupKillPainfully(group); + if (rc < 0) { + virReportSystemError(-rc, "%s", + _("Failed to kill container PIDs")); + rc = -1; + goto cleanup; } + if (rc == 1) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Some container PIDs refused to die")); + rc = -1; + goto cleanup; + } + lxcVmCleanup(driver, vm); - vm->state = VIR_DOMAIN_SHUTDOWN; + rc = 0; - return lxcVmCleanup(driver, vm); +cleanup: + virCgroupFree(&group); + return rc; } static void lxcMonitorEvent(int watch, @@ -1228,7 +1216,7 @@ static void lxcMonitorEvent(int watch, goto cleanup; } - if (lxcVmTerminate(driver, vm, SIGINT) < 0) { + if (lxcVmTerminate(driver, vm) < 0) { virEventRemoveHandle(watch); } else { event = virDomainEventNewFromObj(vm, @@ -1473,6 +1461,31 @@ static int lxcVmStart(virConnectPtr conn, char **veths = NULL; lxcDomainObjPrivatePtr priv = vm->privateData; + if (!lxc_driver->cgroup) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("The 'cpuacct', 'devices' & 'memory' cgroups controllers must be mounted")); + return -1; + } + + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_CPUACCT)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'cpuacct' cgroups controller mount")); + return -1; + } + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_DEVICES)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'devices' cgroups controller mount")); + return -1; + } + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_MEMORY)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'memory' cgroups controller mount")); + return -1; + } + if ((r = virFileMakePath(driver->logDir)) != 0) { virReportSystemError(r, _("Cannot create log directory '%s'"), @@ -1543,7 +1556,7 @@ static int lxcVmStart(virConnectPtr conn, VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, lxcMonitorEvent, vm, NULL)) < 0) { - lxcVmTerminate(driver, vm, 0); + lxcVmTerminate(driver, vm); goto cleanup; } @@ -1711,55 +1724,6 @@ cleanup: return dom; } -/** - * lxcDomainShutdown: - * @dom: pointer to domain to shutdown - * - * Sends SIGINT to container root process to request it to shutdown - * - * Returns 0 on success or -1 in case of error - */ -static int lxcDomainShutdown(virDomainPtr dom) -{ - lxc_driver_t *driver = dom->conn->privateData; - virDomainObjPtr vm; - virDomainEventPtr event = NULL; - int ret = -1; - - lxcDriverLock(driver); - vm = virDomainFindByUUID(&driver->domains, dom->uuid); - if (!vm) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - virUUIDFormat(dom->uuid, uuidstr); - lxcError(VIR_ERR_NO_DOMAIN, - _("No domain with matching uuid '%s'"), uuidstr); - goto cleanup; - } - - if (!virDomainObjIsActive(vm)) { - lxcError(VIR_ERR_OPERATION_INVALID, - "%s", _("Domain is not running")); - goto cleanup; - } - - ret = lxcVmTerminate(driver, vm, 0); - event = virDomainEventNewFromObj(vm, - VIR_DOMAIN_EVENT_STOPPED, - VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN); - if (!vm->persistent) { - virDomainRemoveInactive(&driver->domains, vm); - vm = NULL; - } - -cleanup: - if (vm) - virDomainObjUnlock(vm); - if (event) - lxcDomainEventQueue(driver, event); - lxcDriverUnlock(driver); - return ret; -} - static int lxcDomainEventRegister(virConnectPtr conn, @@ -1927,7 +1891,7 @@ static int lxcDomainDestroy(virDomainPtr dom) goto cleanup; } - ret = lxcVmTerminate(driver, vm, SIGKILL); + ret = lxcVmTerminate(driver, vm); event = virDomainEventNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_DESTROYED); @@ -2056,7 +2020,7 @@ lxcReconnectVM(void *payload, const void *name ATTRIBUTE_UNUSED, void *opaque) VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, lxcMonitorEvent, vm, NULL)) < 0) { - lxcVmTerminate(driver, vm, 0); + lxcVmTerminate(driver, vm); goto cleanup; } } else { @@ -2123,8 +2087,11 @@ static int lxcStartup(int privileged) rc = virCgroupForDriver("lxc", &lxc_driver->cgroup, privileged, 1); if (rc < 0) { char buf[1024]; - VIR_WARN("Unable to create cgroup for driver: %s", - virStrerror(-rc, buf, sizeof(buf))); + VIR_DEBUG("Unable to create cgroup for LXC driver: %s", + virStrerror(-rc, buf, sizeof(buf))); + /* Don't abort startup. We will explicitly report to + * the user when they try to start a VM + */ } /* Call function to load lxc driver configuration information */ @@ -2844,7 +2811,7 @@ static virDriver lxcDriver = { lxcDomainLookupByName, /* domainLookupByName */ lxcDomainSuspend, /* domainSuspend */ lxcDomainResume, /* domainResume */ - lxcDomainShutdown, /* domainShutdown */ + NULL, /* domainShutdown */ NULL, /* domainReboot */ lxcDomainDestroy, /* domainDestroy */ lxcGetOSType, /* domainGetOSType */ -- 1.7.4

14 years

2
3
0 / 0

[libvirt] [PATCH] Raise default limit on number of processes for qemu user

by Jiri Denemark

The daemon/libvirtd.limits file (which is supposed to be copied to /etc/security/limits.d/libvirtd.conf) is generated based on --qemu-user option passed at configure time. The file is intentionally not installed by make install since installing it on distributions with higher or no limit on number of process could actually result in lowering the limit. Packagers may choose whether to install the file or not. It is installed by libvirt.spec for RPM based distributions. --- configure.ac | 3 ++- daemon/libvirtd.limits.in | 6 ++++++ libvirt.spec.in | 7 +++++++ src/qemu/qemu.conf | 4 +++- 4 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 daemon/libvirtd.limits.in diff --git a/configure.ac b/configure.ac index a58ee4e..d8002b4 100644 --- a/configure.ac +++ b/configure.ac @@ -2237,6 +2237,7 @@ AC_ARG_WITH([qemu-group], [QEMU_GROUP=root]) AC_DEFINE_UNQUOTED([QEMU_USER], ["$QEMU_USER"], [QEMU user account]) AC_DEFINE_UNQUOTED([QEMU_GROUP], ["$QEMU_GROUP"], [QEMU group account]) +AC_SUBST([QEMU_USER]) AC_ARG_WITH([macvtap], @@ -2344,7 +2345,7 @@ AC_OUTPUT(Makefile src/Makefile include/Makefile docs/Makefile \ po/Makefile.in \ include/libvirt/Makefile include/libvirt/libvirt.h \ python/Makefile python/tests/Makefile \ - daemon/Makefile \ + daemon/Makefile daemon/libvirtd.limits \ tools/Makefile \ tests/Makefile \ examples/apparmor/Makefile \ diff --git a/daemon/libvirtd.limits.in b/daemon/libvirtd.limits.in new file mode 100644 index 0000000..7b580ae --- /dev/null +++ b/daemon/libvirtd.limits.in @@ -0,0 +1,6 @@ +# /etc/security/limits.d/libvirtd.conf +# +# Increase default limit for number of processes owned by qemu-user +# Also see @sysconfdir(a)/libvirt/qemu.conf where qemu-user can be overridden + +@QEMU_USER@ soft nproc 10000 diff --git a/libvirt.spec.in b/libvirt.spec.in index 45a8fe0..02be928 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -705,6 +705,12 @@ mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}/html \ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu %endif + +%if %{with_libvirtd} && %{with_qemu} +install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/ +cp daemon/libvirtd.limits \ + $RPM_BUILD_ROOT%{_sysconfdir}/security/limits.d/libvirtd.conf +%endif %if ! %{with_lxc} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc @@ -869,6 +875,7 @@ fi %if %{with_qemu} %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu +%config(noreplace) %{_sysconfdir}/security/limits.d/libvirtd.conf %endif %if %{with_lxc} %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 8c6b996..52c6ac7 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -139,7 +139,9 @@ # security_driver = "selinux" -# The user ID for QEMU processes run by the system instance. +# The user ID for QEMU processes run by the system instance. If you +# change this setting, /etc/security/limits.d/libvirtd.conf (if +# installed) needs to be changed to match this user ID. #user = "root" # The group ID for QEMU processes run by the system instance. -- 1.7.4.1

14 years

3
3
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel March 2011