Re: [libvirt] [Qemu-devel] [PATCH v2 0/4] file descriptor passing using passfd
by Corey Bryant
Please ignore this series. Something is amiss. I'll be resending.
--
Regards,
Corey
On 06/08/2012 10:49 AM, Corey Bryant wrote:
> libvirt's sVirt security driver provides SELinux MAC isolation for
> Qemu guest processes and their corresponding image files. In other
> words, sVirt uses SELinux to prevent a QEMU process from opening
> files that do not belong to it.
>
> sVirt provides this support by labeling guests and resources with
> security labels that are stored in file system extended attributes.
> Some file systems, such as NFS, do not support the extended
> attribute security namespace, and therefore cannot support sVirt
> isolation.
>
> A solution to this problem is to provide fd passing support, where
> libvirt opens files and passes file descriptors to QEMU. This,
> along with SELinux policy to prevent QEMU from opening files, can
> provide image file isolation for NFS files stored on the same NFS
> mount.
>
> This patch series adds the passfd QMP monitor command, which allows
> an fd to be passed via SCM_RIGHTS, and returns the received file
> descriptor. Support is also added to the block layer to allow QEMU
> to dup the fd when the filename is of the /dev/fd/X format. This
> is useful if MAC policy prevents QEMU from opening specific types
> of files.
>
> One nice thing about this approach is that no new SELinux policy is
> required to prevent open of NFS files (files with type nfs_t). The
> virt_use_nfs boolean type simply needs to be set to false, and open
> will be prevented (and dup will be allowed). For example:
>
> # setsebool virt_use_nfs 0
> # getsebool virt_use_nfs
> virt_use_nfs --> off
>
> Corey Bryant (4):
> qapi: Convert getfd and closefd
> qapi: Add passfd QMP command
> osdep: Enable qemu_open to dup pre-opened fd
> block: Convert open calls to qemu_open
>
> block/raw-posix.c | 18 +++++++++---------
> block/raw-win32.c | 4 ++--
> block/vdi.c | 5 +++--
> block/vmdk.c | 21 +++++++++------------
> block/vpc.c | 2 +-
> block/vvfat.c | 21 +++++++++++----------
> hmp-commands.hx | 6 ++----
> hmp.c | 18 ++++++++++++++++++
> hmp.h | 2 ++
> monitor.c | 36 ++++++++++++++++++++----------------
> osdep.c | 13 +++++++++++++
> qapi-schema.json | 44 ++++++++++++++++++++++++++++++++++++++++++++
> qmp-commands.hx | 33 +++++++++++++++++++++++++++++----
> 13 files changed, 163 insertions(+), 60 deletions(-)
>
--
Regards,
Corey
12 years, 5 months
[libvirt] pointless time-consuming test 'virsh-all'
by Eric Blake
The command 'make -C tests check' takes forever, because it is calling
this lengthy virsh command and ignoring the failures:
$ time tools/virsh -c test:///default connect
error: Failed to connect to the hypervisor
error: Failed to connect socket to
'/run/user/eblake/libvirt/libvirt-sock': No such file or directory
real 0m21.070s
user 0m0.027s
sys 0m0.036s
The test looks quite broken - ALL it is currently doing is wasting 21
seconds on this one iteration, because it ignores output and exit status
(what else _is_ there, besides effects to the file system)?
Any volunteers to clean this test up into something that actually does
something useful?
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
12 years, 5 months
[libvirt] daemon: Install libvirtd under 'bin' not 'sbin'
by Zeeshan Ali (Khattak)
From: "Zeeshan Ali (Khattak)" <zeeshanak(a)gnome.org>
This binary is not admin-only at all and launching it as normal user is
a supported use case: session.
---
daemon/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index fbb0ae1..472e523 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -70,7 +70,7 @@ if WITH_LIBVIRTD
man8_MANS = libvirtd.8
-sbin_PROGRAMS = libvirtd
+bin_PROGRAMS = libvirtd
confdir = $(sysconfdir)/libvirt/
conf_DATA = libvirtd.conf
--
1.7.10.2
12 years, 5 months
Re: [libvirt] [Qemu-devel] [PATCH qom-next 2/7] qom: Add get_id
by Andreas Färber
Am 08.06.2012 09:44, schrieb Anthony Liguori:
> On 06/08/2012 03:11 PM, Andreas Färber wrote:
>> Am 08.06.2012 03:22, schrieb Anthony Liguori:
>>> On 06/08/2012 03:31 AM, Andreas Färber wrote:
>>>> From: Paolo Bonzini<pbonzini(a)redhat.com>
>>>>
>>>> Some classes may present objects differently in errors, for example if
>>>> they
>>>> are not part of the composition tree or if they are not assigned an
>>>> id by
>>>> the user. Let them do this with a get_id method on Object, and use the
>>>> method consistently where a %(device) appears in the error.
>>>>
>>>> Signed-off-by: Paolo Bonzini<pbonzini(a)redhat.com>
>>>> [AF: Renamed _object_get_id() to object_instance_get_id(), avoid ?:.]
>>>> [AF: Use object_property_is_child().]
>>>> Signed-off-by: Andreas Färber<afaerber(a)suse.de>
>>>
>>> Nack.
>>
>> Unfortunately that comment comes a bit late (original submission May
>> 23rd, me specifically cc'ing you in my reply that it's new and not
>> covered by your carte blanche).
>
> Uh, that was a week before the release. Don't send significant things
> during the final part of a release and expect to get significant review.
Well, obviously we were hoping to get this series committed immediately
after the release, so we needed to get review before that. :)
>> The general idea as I understand it is to have a mechanism for having
>> devices fill in their ID into %(device) in the error messages once the
>> code emitting those errors is at Object level. Peter's improved error
>> message practically becomes "Property '.propertyname' ..." because
>> without it we'll need to fill in "" in lack of an actual value.
>
> Ambiguity is fundamentally bad. If you want to return the path, return
> the path. If you want to return the type, return the type. Returning
> the type because we're too lazy to implement the path properly is not
> acceptable and makes the error messages useless (because they're
> ambiguous).
>
> Have a separate 'path' and 'typename' attribute in the errors. With
> some cleverness, you can probably use '%p' and interpret the pointer an
> as Object * and automagically generate an embedded 'device': { 'path':
> '/path/to/device', 'typename': 'FancyType' }.
>
>>>
>>> We should use a canonical path IMHO instead of returning a partial name.
>>>
>>> Partial names are ambiguous.
>>
>> Possibly, but a partial name still is an improvement over the current
>> situation with no name at all. Also my previous request to not use
>> %(device) for Object-level API was rejected with reference to existing
>> QMP users, so by the same argument we cannot stuff a QOM path into
>> %(device) either and would need a new QMP field %(path) or so. Cc'ing
>> Luiz.
>
> Since qdev->id is NULL 90% of the time, I don't think a user can
> realistically rely on it. I don't think changing the type of the data
> in the error is going to be a problem.
>
> Doesn't libvirt ignore the contents of an error object?
I'm out of my field there, those questions are for Luiz and the libvirt
guys to answer. (Context is ongoing DeviceState -> Object transition on
qom-next branch, properties being moved to Object and what info to
include in Error objects then)
If you reach consensus how to handle this, I can refactor accordingly,
or Paolo could pick up my tweaked series again and refactor himself.
Regards,
Andreas
>> There is no guarantee that the object actually has a canonical path at
>> that point, and object_get_canonical_path() would g_assert() in such a
>> case.
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
12 years, 5 months
[libvirt] [PATCH v2] virsh: add keepalive protocol in virsh
by Guannan Ren
Bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=822839
add two general virsh options to support keepalive message protocol
-i | --keepalive_interval interval time value (default 5 seconds)
-n | --keepalive_count number of heartbeats (default 5 times)
For non-p2p migration, start keepalive for remote driver to
determine the status of network connection, aborting migrating job
after defined amount of interval time.
---
tools/virsh.c | 88 +++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 70 insertions(+), 18 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index 0e41d00..602e5a5 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -251,6 +251,8 @@ typedef struct __vshControl {
bool readonly; /* connect readonly (first time only, not
* during explicit connect command)
*/
+ int keepalive_interval; /* interval time value */
+ int keepalive_count; /* keepalive_count value */
char *logfile; /* log file name */
int log_fd; /* log file descriptor */
char *historydir; /* readline history directory name */
@@ -415,13 +417,14 @@ typedef struct __vshCtrlData {
vshControl *ctl;
const vshCmd *cmd;
int writefd;
+ virConnectPtr dconn;
} vshCtrlData;
typedef void (*jobWatchTimeoutFunc) (vshControl *ctl, virDomainPtr dom,
void *opaque);
static bool
-vshWatchJob(vshControl *ctl,
+vshWatchJob(vshCtrlData *data,
virDomainPtr dom,
bool verbose,
int pipe_fd,
@@ -3334,6 +3337,7 @@ cmdSave(vshControl *ctl, const vshCmd *cmd)
data.ctl = ctl;
data.cmd = cmd;
data.writefd = p[1];
+ data.dconn = NULL;
if (virThreadCreate(&workerThread,
true,
@@ -3341,7 +3345,7 @@ cmdSave(vshControl *ctl, const vshCmd *cmd)
&data) < 0)
goto cleanup;
- ret = vshWatchJob(ctl, dom, verbose, p[0], 0, NULL, NULL, _("Save"));
+ ret = vshWatchJob(&data, dom, verbose, p[0], 0, NULL, NULL, _("Save"));
virThreadJoin(&workerThread);
@@ -3608,6 +3612,7 @@ cmdManagedSave(vshControl *ctl, const vshCmd *cmd)
data.ctl = ctl;
data.cmd = cmd;
data.writefd = p[1];
+ data.dconn = NULL;
if (virThreadCreate(&workerThread,
true,
@@ -3615,7 +3620,7 @@ cmdManagedSave(vshControl *ctl, const vshCmd *cmd)
&data) < 0)
goto cleanup;
- ret = vshWatchJob(ctl, dom, verbose, p[0], 0,
+ ret = vshWatchJob(&data, dom, verbose, p[0], 0,
NULL, NULL, _("Managedsave"));
virThreadJoin(&workerThread);
@@ -4086,6 +4091,7 @@ cmdDump(vshControl *ctl, const vshCmd *cmd)
data.ctl = ctl;
data.cmd = cmd;
data.writefd = p[1];
+ data.dconn = NULL;
if (virThreadCreate(&workerThread,
true,
@@ -4093,7 +4099,7 @@ cmdDump(vshControl *ctl, const vshCmd *cmd)
&data) < 0)
goto cleanup;
- ret = vshWatchJob(ctl, dom, verbose, p[0], 0, NULL, NULL, _("Dump"));
+ ret = vshWatchJob(&data, dom, verbose, p[0], 0, NULL, NULL, _("Dump"));
virThreadJoin(&workerThread);
@@ -7213,6 +7219,12 @@ doMigrate (void *opaque)
dconn = virConnectOpenAuth (desturi, virConnectAuthPtrDefault, 0);
if (!dconn) goto out;
+ data->dconn = dconn;
+ if (virConnectSetKeepAlive(dconn,
+ ctl->keepalive_interval,
+ ctl->keepalive_count) < 0)
+ vshDebug(ctl, VSH_ERR_WARNING, "migrate: Failed to start keepalive\n");
+
ddom = virDomainMigrate2(dom, dconn, xml, flags, dname, migrateuri, 0);
if (ddom) {
virDomainFree(ddom);
@@ -7268,7 +7280,7 @@ vshMigrationTimeout(vshControl *ctl,
}
static bool
-vshWatchJob(vshControl *ctl,
+vshWatchJob(vshCtrlData *data,
virDomainPtr dom,
bool verbose,
int pipe_fd,
@@ -7286,6 +7298,7 @@ vshWatchJob(vshControl *ctl,
char retchar;
bool functionReturn = false;
sigset_t sigmask, oldsigmask;
+ vshControl *ctl = data->ctl;
sigemptyset(&sigmask);
sigaddset(&sigmask, SIGINT);
@@ -7329,6 +7342,13 @@ repoll:
goto cleanup;
}
+ if (data->dconn && virConnectIsAlive(data->dconn) <= 0) {
+ virDomainAbortJob(dom);
+ vshError(ctl, "%s",
+ _("Lost connection to destination host"));
+ goto cleanup;
+ }
+
GETTIMEOFDAY(&curr);
if (timeout && (((int)(curr.tv_sec - start.tv_sec) * 1000 +
(int)(curr.tv_usec - start.tv_usec) / 1000) >
@@ -7402,13 +7422,14 @@ cmdMigrate(vshControl *ctl, const vshCmd *cmd)
data.ctl = ctl;
data.cmd = cmd;
data.writefd = p[1];
+ data.dconn = NULL;
if (virThreadCreate(&workerThread,
true,
doMigrate,
&data) < 0)
goto cleanup;
- functionReturn = vshWatchJob(ctl, dom, verbose, p[0], timeout,
+ functionReturn = vshWatchJob(&data, dom, verbose, p[0], timeout,
vshMigrationTimeout, NULL, _("Migration"));
virThreadJoin(&workerThread);
@@ -18673,6 +18694,7 @@ vshCommandRun(vshControl *ctl, const vshCmd *cmd)
while (cmd) {
struct timeval before, after;
bool enable_timing = ctl->timing;
+ const char *driver = NULL;
if ((ctl->conn == NULL || disconnected) &&
!(cmd->def->flags & VSH_CMD_FLAG_NOCONNECT))
@@ -18681,6 +18703,18 @@ vshCommandRun(vshControl *ctl, const vshCmd *cmd)
if (enable_timing)
GETTIMEOFDAY(&before);
+ /* start keepalive for remote driver */
+ driver = virConnectGetType(ctl->conn);
+ if (STREQ_NULLABLE(driver, "QEMU") ||
+ STREQ_NULLABLE(driver, "xenlight") ||
+ STREQ_NULLABLE(driver, "UML") ||
+ STREQ_NULLABLE(driver, "LXC") ||
+ STREQ_NULLABLE(driver, "remote"))
+ if (virConnectSetKeepAlive(ctl->conn,
+ ctl->keepalive_interval,
+ ctl->keepalive_count) < 0)
+ vshDebug(ctl, VSH_ERR_WARNING, "migrate: Failed to start keepalive\n");
+
ret = cmd->def->handler(ctl, cmd);
if (enable_timing)
@@ -19959,17 +19993,19 @@ vshUsage(void)
fprintf(stdout, _("\n%s [options]... [<command_string>]"
"\n%s [options]... <command> [args...]\n\n"
" options:\n"
- " -c | --connect=URI hypervisor connection URI\n"
- " -r | --readonly connect readonly\n"
- " -d | --debug=NUM debug level [0-4]\n"
- " -h | --help this help\n"
- " -q | --quiet quiet mode\n"
- " -t | --timing print timing information\n"
- " -l | --log=FILE output logging to file\n"
- " -v short version\n"
- " -V long version\n"
- " --version[=TYPE] version, TYPE is short or long (default short)\n"
- " -e | --escape <char> set escape sequence for console\n\n"
+ " -c | --connect=URI hypervisor connection URI\n"
+ " -r | --readonly connect readonly\n"
+ " -d | --debug=NUM debug level [0-4]\n"
+ " -h | --help this help\n"
+ " -q | --quiet quiet mode\n"
+ " -t | --timing print timing information\n"
+ " -l | --log=FILE output logging to file\n"
+ " -v short version\n"
+ " -V long version\n"
+ " --version[=TYPE] version, TYPE is short or long (default short)\n"
+ " -e | --escape <char> set escape sequence for console\n"
+ " -i | --keepalive_interval interval time value (default 5 seconds)\n"
+ " -n | --keepalive_count number of heartbeats (default 5 times)\n\n"
" commands (non interactive mode):\n\n"), progname, progname);
for (grp = cmdGroups; grp->name; grp++) {
@@ -20146,13 +20182,15 @@ vshParseArgv(vshControl *ctl, int argc, char **argv)
{"readonly", no_argument, NULL, 'r'},
{"log", required_argument, NULL, 'l'},
{"escape", required_argument, NULL, 'e'},
+ {"keepalive_interval", required_argument, NULL, 'i'},
+ {"keepalive_count", required_argument, NULL, 'n'},
{NULL, 0, NULL, 0}
};
/* Standard (non-command) options. The leading + ensures that no
* argument reordering takes place, so that command options are
* not confused with top-level virsh options. */
- while ((arg = getopt_long(argc, argv, "+d:hqtc:vVrl:e:", opt, NULL)) != -1) {
+ while ((arg = getopt_long(argc, argv, "+d:hqtc:vVrl:e:i:n:", opt, NULL)) != -1) {
switch (arg) {
case 'd':
if (virStrToLong_i(optarg, NULL, 10, &ctl->debug) < 0) {
@@ -20201,6 +20239,18 @@ vshParseArgv(vshControl *ctl, int argc, char **argv)
exit(EXIT_FAILURE);
}
break;
+ case 'i':
+ if (virStrToLong_i(optarg, NULL, 10, &ctl->keepalive_interval) < 0) {
+ vshError(ctl, "%s", _("option -i takes a numeric argument"));
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 'n':
+ if (virStrToLong_i(optarg, NULL, 10, &ctl->keepalive_count) < 0) {
+ vshError(ctl, "%s", _("option -n takes a numeric argument"));
+ exit(EXIT_FAILURE);
+ }
+ break;
default:
vshError(ctl, _("unsupported option '-%c'. See --help."), arg);
exit(EXIT_FAILURE);
@@ -20232,6 +20282,8 @@ main(int argc, char **argv)
ctl->log_fd = -1; /* Initialize log file descriptor */
ctl->debug = VSH_DEBUG_DEFAULT;
ctl->escapeChar = CTRL_CLOSE_BRACKET;
+ ctl->keepalive_interval = 5;
+ ctl->keepalive_count = 5;
if (!setlocale(LC_ALL, "")) {
--
1.7.7.5
12 years, 5 months
[libvirt] [PATCH] add xhci support
by Gerd Hoffmann
qemu 1.1 features a xhci controller,
this patch adds support for it.
Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com>
---
src/conf/domain_conf.c | 3 ++-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_capabilities.c | 3 +++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 5 ++++-
5 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 221e1d0..66f649c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -256,7 +256,8 @@ VIR_ENUM_IMPL(virDomainControllerModelUSB, VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST,
"ich9-uhci2",
"ich9-uhci3",
"vt82c686b-uhci",
- "pci-ohci")
+ "pci-ohci",
+ "nec-xhci")
VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
"mount",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 8d5b35a..b13c3a5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -631,6 +631,7 @@ enum virDomainControllerModelUSB {
VIR_DOMAIN_CONTROLLER_MODEL_USB_ICH9_UHCI3,
VIR_DOMAIN_CONTROLLER_MODEL_USB_VT82C686B_UHCI,
VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI,
+ VIR_DOMAIN_CONTROLLER_MODEL_USB_NEC_XHCI,
VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST
};
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index b410648..506d368 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -164,6 +164,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST,
"no-user-config",
"hda-micro", /* 95 */
+ "nec-usb-xhci",
);
@@ -1419,6 +1420,8 @@ qemuCapsParseDeviceStr(const char *str, virBitmapPtr flags)
qemuCapsSet(flags, QEMU_CAPS_VT82C686B_USB_UHCI);
if (strstr(str, "name \"pci-ohci\""))
qemuCapsSet(flags, QEMU_CAPS_PCI_OHCI);
+ if (strstr(str, "name \"nec-usb-xhci\""))
+ qemuCapsSet(flags, QEMU_CAPS_NEC_USB_XHCI);
if (strstr(str, "name \"usb-redir\""))
qemuCapsSet(flags, QEMU_CAPS_USB_REDIR);
if (strstr(str, "name \"usb-hub\""))
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 64831e2..f9e62cb 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -131,6 +131,7 @@ enum qemuCapsFlags {
QEMU_CAPS_IDE_CD = 93, /* -device ide-cd */
QEMU_CAPS_NO_USER_CONFIG = 94, /* -no-user-config */
QEMU_CAPS_HDA_MICRO = 95, /* -device hda-micro */
+ QEMU_CAPS_NEC_USB_XHCI = 96, /* -device nec-usb-xhci */
QEMU_CAPS_LAST, /* this must always be the last item */
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fb8d9a3..908a24b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -106,7 +106,8 @@ VIR_ENUM_IMPL(qemuControllerModelUSB, VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST,
"ich9-usb-uhci2",
"ich9-usb-uhci3",
"vt82c686b-usb-uhci",
- "pci-ohci");
+ "pci-ohci",
+ "nec-usb-xhci");
VIR_ENUM_DECL(qemuDomainFSDriver)
VIR_ENUM_IMPL(qemuDomainFSDriver, VIR_DOMAIN_FS_DRIVER_TYPE_LAST,
@@ -2591,6 +2592,8 @@ qemuControllerModelUSBToCaps(int model)
return QEMU_CAPS_VT82C686B_USB_UHCI;
case VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI:
return QEMU_CAPS_PCI_OHCI;
+ case VIR_DOMAIN_CONTROLLER_MODEL_USB_NEC_XHCI:
+ return QEMU_CAPS_NEC_USB_XHCI;
default:
return -1;
}
--
1.7.1
12 years, 5 months
[libvirt] Libvirt Support Virtio-serail
by Pankaj Rawat
HI all,
I wanted to know whether libvirt has any kind of support for virt-io serial or not
If yes then how can I use it?
Regards
Pankaj Rawat
DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NECHCL or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NECHCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
-----------------------------------------------------------------------------------------------------------------------
12 years, 5 months
[libvirt] libvirt secret support password or encryption keys?
by Zhimou Peng
Hi all,
# man virsh
...
SECRET COMMMANDS
The following commands manipulate "secrets" (e.g. passwords, passphrases -----> secret-set-value only support "passphrases"
and encryption keys). Libvirt can store secrets independently from their So, will libvirt support other 2 kinds of secrets
use, and other objects (e.g. volumes or domains) can refer to the secrets in the future?
for encryption or possibly other uses. Secrets are identified using an
UUID. See <http://libvirt.org/formatsecret.html> for documentation of
the XML format used to represent properties of secrets.
...
zhpeng
BR
12 years, 5 months
[libvirt] CPU topology 'sockets' handling guest vs host
by Daniel P. Berrange
On my x86_64 host I have a pair of Quad core CPUs, each in a separate
NUMA node. The virsh capabilities
topology data reports this:
# virsh capabilities | xmllint --xpath /capabilities/host/cpu -
<cpu>
<arch>x86_64</arch>
<model>Opteron_G3</model>
<vendor>AMD</vendor>
<topology sockets="1" cores="4" threads="1"/>
<feature name="osvw"/>
<feature name="3dnowprefetch"/>
<feature name="cr8legacy"/>
<feature name="extapic"/>
<feature name="cmp_legacy"/>
<feature name="3dnow"/>
<feature name="3dnowext"/>
<feature name="pdpe1gb"/>
<feature name="fxsr_opt"/>
<feature name="mmxext"/>
<feature name="ht"/>
<feature name="vme"/>
</cpu>
# virsh capabilities | xmllint --xpath /capabilities/host/topology -
<topology>
<cells num="2">
<cell id="0">
<cpus num="4">
<cpu id="0"/>
<cpu id="1"/>
<cpu id="2"/>
<cpu id="3"/>
</cpus>
</cell>
<cell id="1">
<cpus num="4">
<cpu id="4"/>
<cpu id="5"/>
<cpu id="6"/>
<cpu id="7"/>
</cpus>
</cell>
</cells>
</topology>
Note, it is reporting sockets=1, because sockets is the number of sockets
*per* NUMA node.
Now I try to figure the guest to match the host using:
<cpu>
<topology sockets='1' cores='4' threads='1'/>
<numa>
<cell cpus='0-3' memory='512000'/>
<cell cpus='4-7' memory='512000'/>
</numa>
</cpu>
And I get:
error: Maximum CPUs greater than topology limit
So, the XML checker is mistaking 'sockets' as the total number of sockets,
rather than the per-node socket count. We need to fix this bogus check
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
12 years, 5 months
[libvirt] [PATCH] Fix missing ) in 2 strings
by Cole Robinson
https://bugzilla.redhat.com/show_bug.cgi?id=801656
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/conf/network_conf.c | 2 +-
src/conf/nwfilter_conf.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 6515efe..60cd888 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -1200,7 +1200,7 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
case VIR_NETWORK_FORWARD_PASSTHROUGH:
if (def->bridge) {
virNetworkReportError(VIR_ERR_XML_ERROR,
- _("bridge name not allowed in %s mode (network '%s'"),
+ _("bridge name not allowed in %s mode (network '%s')"),
virNetworkForwardTypeToString(def->forwardType),
def->name);
goto error;
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 0d6d0b6..8729f9c 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2663,7 +2663,7 @@ virNWFilterDefParse(virConnectPtr conn ATTRIBUTE_UNUSED,
virNWFilterDefPtr def = NULL;
xmlDocPtr xml;
- if ((xml = virXMLParse(filename, xmlStr, _("(nwfilter_definition")))) {
+ if ((xml = virXMLParse(filename, xmlStr, _("(nwfilter_definition)")))) {
def = virNWFilterDefParseNode(xml, xmlDocGetRootElement(xml));
xmlFreeDoc(xml);
}
--
1.7.7.6
12 years, 5 months
