[libvirt] [PATCH] Move FUSE mount to /var/lib/libvirt/lxc/$NAME.fuse
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Instead of using /var/lib/libvirt/lxc/$NAME for the FUSE
filesystem, use /var/lib/libvirt/lxc/$NAME.fuse. This allows
room for other temporary mounts in the same directory
---
src/lxc/lxc_container.c | 2 +-
src/lxc/lxc_fuse.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 4d09791..bf17a38 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -604,7 +604,7 @@ static int lxcContainerMountProcFuse(virDomainDefPtr def,
char *meminfo_path = NULL;
if ((ret = virAsprintf(&meminfo_path,
- "%s/%s/%s/meminfo",
+ "%s/%s/%s.fuse/meminfo",
srcprefix ? srcprefix : "", LXC_STATE_DIR,
def->name)) < 0)
return ret;
diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c
index c4be58e..fbd0d56 100644
--- a/src/lxc/lxc_fuse.c
+++ b/src/lxc/lxc_fuse.c
@@ -291,7 +291,7 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def)
if (virMutexInit(&fuse->lock) < 0)
goto cleanup2;
- if (virAsprintf(&fuse->mountpoint, "%s/%s/", LXC_STATE_DIR,
+ if (virAsprintf(&fuse->mountpoint, "%s/%s.fuse/", LXC_STATE_DIR,
def->name) < 0) {
virReportOOMError();
goto cleanup1;
--
1.7.11.7
12 years, 1 month
[libvirt] [PATCH] configure: fix incorrect AC_ENABLE_ARG([test-suite], ...)
by TJ
configure: fix incorrect AC_ENABLE_ARG([test-suite], ...)
Configure incorrectly required --with-test-suite instead of --enable-test-suite and it was
therefore impossible to disable/enable the test-suite option manually as it would always
adopt the 'check' value.
Signed-off-by: TJ <libvirt(a)iam.tj>
---
configure.ac | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index b62170e..f1b41a8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1945,24 +1945,24 @@ AC_SUBST([PYTHON_INCLUDES])
dnl Allow perl overrides
AC_PATH_PROG([PERL], [perl])
-AC_ARG_ENABLE([with-test-suite],
- AC_HELP_STRING([--with-test-suite], [build test suite by default @<:@default=check@:>@]),
- [case "${withval}" in
+AC_ARG_ENABLE([test-suite],
+ AC_HELP_STRING([--enable-test-suite=yes|no|check], [build test suite by default @<:@default=check@:>@]),
+ [case "${enable_test_suite}" in
yes|no|check) ;;
- *) AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
+ *) AC_MSG_ERROR([bad value ${enable_test_suite} for tests option]) ;;
esac],
- [withval=check])
+ [enable_test_suite=check])
AC_MSG_CHECKING([Whether to build test suite by default])
-if test "$withval" = "check" ; then
+if test "$enable_test_suite" = "check" ; then
if test -d $srcdir/.git ; then
- withval=yes
+ enable_test_suite=yes
else
- withval=no
+ enable_test_suite=no
fi
fi
-AC_MSG_RESULT([$withval])
-AM_CONDITIONAL([WITH_TESTS], [test "$withval" = "yes"])
+AC_MSG_RESULT([$enable_test_suite])
+AM_CONDITIONAL([WITH_TESTS], [test "$enable_test_suite" = "yes"])
AC_ARG_ENABLE([test-coverage],
AC_HELP_STRING([--enable-test-coverage], [turn on code coverage instrumentation @<:@default=no@:>@]),
--
1.8.1.2.433.g9808ce0.dirty
12 years, 1 month
[libvirt] Problems with <filesystem type='block'>
by Lars Kellogg-Stedman
Using libvirt 1.0.1, I'm trying to start an LXC container using the
'<filesytem type="block">' syntax, like this:
<filesystem type="block" accessmode="passthrough">
<source dev="/dev/vg_files/vm-foobar-root" />
<target dir="/" />
</filesystem>
The specified block device exists:
# ls -lL /dev/vg_files/vm-foobar-root
brw-rw---- 1 root disk 253, 19 Dec 21 22:23 /dev/vg_files/vm-foobar-root
If I start the domain, it appears to start without any errors...
# virsh start foobar
Domain foobar started
...but it's not actually running. The log files (with loglevel=2)
don't seem to be very interesting; this is everything from the
instance log file:
2012-12-22 04:10:57.862+0000: starting up
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin LIBVIRT_DEBUG=2 LIBVIRT_LOG_OUTPUTS=2:stderr /usr/lib/libvirt/libvirt_lxc --name foobar --console 22 --security=none --handshake 25 --background --veth veth1
2012-12-22 04:10:57.967+0000: 1468: info : libvirt version: 1.0.1
2012-12-22 04:10:57.967+0000: 1468: info : lxcCapsInit:151 : No driver, not initializing security driver
PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=9041e32e-1df2-00c2-4660-dfa5b41510b7 LIBVIRT_LXC_UUID=9041e32e-1df2-00c2-4660-dfa5b41510b7 LIBVIRT_LXC_NAME=foobar /sbin/init
2012-12-22 04:10:58.198+0000: 1: warning : lxcContainerDropCapabilities:1788 : libcap-ng support not compiled in, unable to clear capabilities
2012-12-22 04:10:58.198+0000: 1493: warning : lxcControllerClearCapabilities:679 : libcap-ng support not compiled in, unable to clear capabilities
Running an "strace" on the libvirtd process (strace -p <libvirtd_pid>
-f ...), it doesn't look like libvirt is ever trying to mount the
referenced filesystem.
Is this supposed to work? It seems like the support for having
libvirt mount the block device is relatively recent, and I haven't had
much luck finding examples of other folks using this capability.
Thanks,
-- Lars
12 years, 1 month
[libvirt] [PATCH 0/4] Multiple problems with saving to block devices
by Daniel P. Berrange
This patch series makes it possible to save to a block device,
instead of a plain file. There were multiple problems
- WHen save failed, we might de-reference a NULL pointer
- When save failed, we unlinked the device node !!
- The approach of using >> to append, doesn't work with block devices
- CGroups was blocking QEMU access to the block device when enabled
One remaining problem is not in libvirt, but rather QEMU. The QEMU
exec: based migration often fails to detect failure of the command
and will thus hang forever attempting a migration that'll never
succeed! Fortunately you can now work around this in libvirt using
the virsh domjobabort command
12 years, 1 month
[libvirt] [PATCH RFC 0/2] Report OOM on VIR_ALLOC failure
by Michal Privoznik
Currently, our code is plenty of following scheme:
if (VIR_ALLOC(dummyPtr) < 0) {
virReportOOMError();
goto cleanup;
}
or something similar. What if we just move the OOM reporting into
VIR_ALLOC? It would have three nice features:
1) sizeof(code base) gets lower. A lot lower.
2) even for callers which don't follow the schema described
above, there is no harm reporting so serious error in the
logs. No matter that the callee may fall back and return
success.
3) Removing virReportOOMError() from the schema does not need to
be done at once, but can be split into several patches. In the
worst case scenario - the error gets reported twice.
But before I start working on other areas of code, I want to make
sure there's an agreement if this is even desired. As an example,
how much the code base will lose on weight, I've done the
conversion under src/util/:
30 files changed, 81 insertions(+), 221 deletions(-)
Michal Privoznik (2):
viralloc: Report OOM error on failure
util: Don't report OOM twice
src/util/iohelper.c | 4 +---
src/util/viralloc.c | 23 ++++++++++++++++++-----
src/util/viralloc.h | 13 ++++++++-----
src/util/virauthconfig.c | 8 ++------
src/util/vircommand.c | 13 +++----------
src/util/virconf.c | 10 ++--------
src/util/virdnsmasq.c | 19 +++++++------------
src/util/virerror.c | 2 +-
src/util/vireventpoll.c | 4 +---
src/util/virfile.c | 4 +---
src/util/virhash.c | 10 ++--------
src/util/virkeyfile.c | 4 +---
src/util/virlockspace.c | 11 +++--------
src/util/virnetdev.c | 4 +---
src/util/virnetdevbandwidth.c | 12 +++---------
src/util/virnetdevmacvlan.c | 4 ++--
src/util/virnetdevvlan.c | 4 +---
src/util/virnetdevvportprofile.c | 4 +---
src/util/virnetlink.c | 8 ++------
src/util/virobject.c | 9 ++++-----
src/util/virpci.c | 13 +++----------
src/util/virprocess.c | 4 +---
src/util/virsexpr.c | 4 +---
src/util/virstoragefile.c | 24 ++++++------------------
src/util/virstring.c | 5 +++--
src/util/virsysinfo.c | 8 +++-----
src/util/virthreadpool.c | 21 +++++----------------
src/util/virtime.c | 8 ++------
src/util/virtypedparam.c | 36 +++++++++---------------------------
src/util/viruri.c | 2 +-
src/util/virusb.c | 8 ++------
src/util/virutil.c | 36 ++++++++----------------------------
src/util/virxml.c | 1 -
33 files changed, 108 insertions(+), 232 deletions(-)
--
1.8.1.5
12 years, 1 month
[libvirt] [PATCH] storage: fix unlikely memory leak in rbd backend
by Laine Stump
virStorageBackendRBDRefreshPool() first allocates an array big enough
to hold 1024 names, then calls rbd_list(), which returns ERANGE if the
array isn't big enough. When that happens, the VIR_ALLOC_N is called
again with a larger size. Unfortunately, the original array isn't
freed before allocating a new one.
---
src/storage/storage_backend_rbd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index 8a0e517..e815192 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -317,6 +317,7 @@ static int virStorageBackendRBDRefreshPool(virConnectPtr conn ATTRIBUTE_UNUSED,
VIR_WARN("%s", _("A problem occurred while listing RBD images"));
goto cleanup;
}
+ VIR_FREE(names);
}
for (i = 0, name = names; name < names + max_size; i++) {
--
1.7.11.7
12 years, 1 month
[libvirt] [PATCH] Make virsh support '~' and '$HOME' in interactive mode
by Zhang Xiaohe
This patch makes '~' and '$HOME' can be recognized by virsh in
interactive mode. These two variables are replaced with real
path.
eg:
virsh # pwd
/home/libvirt
virsh # cd ~/rpmbuild
virsh # pwd
/root/rpmbuild
see https://bugzilla.redhat.com/show_bug.cgi?id=806793
Signed-off-by: Zhang Xiaohe <zhangxh(a)cn.fujitsu.com>
---
tools/virsh.c | 25 +++++++++++++++++++++++++
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index b574d7e..5c8df6b 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -1232,6 +1232,27 @@ vshCmddefHelp(vshControl *ctl, const char *cmdname)
* ---------------
*/
static void
+vshExpandPath(vshControl *ctl, char **tkdata)
+{
+ char *argstr = NULL;
+ char *buf = NULL;
+ char *p = NULL;
+ const char *home = getenv("HOME");
+ size_t len = strlen(home) + strlen(*tkdata);
+
+ buf = vshMalloc(ctl, len);
+ p = buf;
+ buf = virStrcpy(buf, home, len);
+ argstr = strchr(*tkdata, '/');
+ if (argstr) {
+ buf += strlen(home);
+ buf = virStrcpy(buf, argstr, strlen(*tkdata));
+ }
+ VIR_FREE(*tkdata);
+ *tkdata = p;
+}
+
+static void
vshCommandOptFree(vshCmdOpt * arg)
{
vshCmdOpt *a = arg;
@@ -1855,6 +1876,10 @@ get_data:
/* save option */
vshCmdOpt *arg = vshMalloc(ctl, sizeof(vshCmdOpt));
+ /* replace the ~ or $HOME with real path */
+ if (tkdata[0] == '~' || STRPREFIX(tkdata, "$HOME"))
+ vshExpandPath(ctl, &tkdata);
+
arg->def = opt;
arg->data = tkdata;
arg->next = NULL;
--
1.7.1
12 years, 1 month
[libvirt] [PATCH v2] nwfilter: probe for inverted ctdir
by Stefan Berger
Linux netfilter at some point inverted the meaning of the '--ctdir reply'
and newer netfilter implementations now expect '--ctdir original'
instead and vice-versa.
We probe for this netfilter change via a UDP message over loopback and 3
filtering rules applied to INPUT. If the sent byte arrives, the newer
netfilter implementation has been detected.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
v1->v2:
- using virSocketAddrParseIPv4
---
src/nwfilter/nwfilter_ebiptables_driver.c | 121
++++++++++++++++++++++++++++++
1 file changed, 121 insertions(+)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -27,6 +27,10 @@
#include <string.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <arpa/inet.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <unistd.h>
#include "internal.h"
@@ -85,6 +89,12 @@ static char *iptables_cmd_path;
static char *ip6tables_cmd_path;
static char *grep_cmd_path;
+/*
+ * --ctdir original vs. --ctdir reply's meaning was inverted in netfilter
+ * at some point. We probe for it.
+ */
+static bool iptables_ctdir_corrected = false;
+
#define PRINT_ROOT_CHAIN(buf, prefix, ifname) \
snprintf(buf, sizeof(buf), "libvirt-%c-%s", prefix, ifname)
#define PRINT_CHAIN(buf, prefix, ifname, suffix) \
@@ -1262,6 +1272,9 @@ iptablesEnforceDirection(int directionIn
virNWFilterRuleDefPtr rule,
virBufferPtr buf)
{
+ if (iptables_ctdir_corrected)
+ directionIn = !directionIn;
+
if (rule->tt != VIR_NWFILTER_RULE_DIRECTION_INOUT)
virBufferAsprintf(buf, " -m conntrack --ctdir %s",
(directionIn) ? "Original"
@@ -4304,6 +4317,111 @@ ebiptablesDriverTestCLITools(void)
return ret;
}
+static void
+ebiptablesDriverProbeCtdir(void)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ static const char cmdline[] =
+ "$IPT -%c INPUT %c -i lo -p udp --dport %hu "
+ "-m state --state ESTABLISHED -j ACCEPT " CMD_SEPARATOR
+ "$IPT -%c INPUT %c -i lo -p udp --dport %hu "
+ "-m conntrack --ctdir original -j ACCEPT " CMD_SEPARATOR
+ "$IPT -%c INPUT %c -i lo -p udp --dport %hu -j DROP";
+ /*
+ * Above '--ctdir original' gets this test to receive a message on
+ * 'fixed' netfilter.
+ */
+ unsigned short port;
+ int ssockfd = -1, csockfd = -1;
+ virSocketAddr saddr;
+ struct sockaddr_in *serveraddr = &saddr.data.inet4;
+ fd_set readfds;
+ struct timeval timeout = {
+ .tv_sec = 0,
+ .tv_usec = 1000 * 200,
+ };
+ int n;
+
+ if (virSocketAddrParseIPv4(&saddr, "127.0.0.1") < 0) {
+ VIR_ERROR(_("Could not parse IP address"));
+ goto cleanup;
+ }
+
+ if ((ssockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ||
+ (csockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ VIR_ERROR(_("Could not open UDP socket"));
+ goto cleanup;
+ }
+
+ for (port = 0xffff; port > 1024; port--) {
+ serveraddr->sin_port = htons(port);
+ if (bind(ssockfd, (struct sockaddr *)serveraddr,
+ sizeof(*serveraddr)) == 0)
+ break;
+ }
+ if (port == 1024) {
+ VIR_ERROR(_("Could not bind to any UDP socket"));
+ goto cleanup;
+ }
+
+ NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+ virBufferAsprintf(&buf, cmdline,
+ 'I', '1', port,
+ 'I', '2', port,
+ 'I', '3', port);
+
+ if (virBufferError(&buf)) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ if (ebiptablesExecCLI(&buf, NULL, NULL) < 0) {
+ VIR_ERROR(_("Could not apply iptables rules"));
+ goto cleanup_iptables;
+ }
+
+ if (sendto(csockfd, cmdline, 1, 0, (struct sockaddr *)serveraddr,
+ sizeof(*serveraddr)) < 0) {
+ VIR_ERROR(_("Could not send to UDP socket"));
+ goto cleanup_iptables;
+ }
+
+ FD_ZERO(&readfds);
+ FD_SET(ssockfd, &readfds);
+
+ while (true) {
+ n = select(ssockfd + 1, &readfds, NULL, NULL, &timeout);
+ if (n < 0) {
+ if (errno == EINTR)
+ continue;
+ VIR_ERROR(_("Select failed"));
+ goto cleanup_iptables;
+ }
+ if (n == 0) {
+ VIR_INFO("Ctdir probing received no data -- 'old' netfilter");
+ goto cleanup_iptables;
+ }
+ VIR_INFO("Ctdir probing received data -- 'fixed' netfilter");
+ iptables_ctdir_corrected = true;
+ break;
+ }
+
+cleanup_iptables:
+ virBufferFreeAndReset(&buf);
+
+ NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+ virBufferAsprintf(&buf, cmdline,
+ 'D', ' ', port,
+ 'D', ' ', port,
+ 'D', ' ', port);
+ ebiptablesExecCLI(&buf, NULL, NULL);
+
+cleanup:
+ virBufferFreeAndReset(&buf);
+ VIR_FORCE_CLOSE(ssockfd);
+ VIR_FORCE_CLOSE(csockfd);
+}
+
static int
ebiptablesDriverInit(bool privileged)
{
@@ -4341,6 +4459,9 @@ ebiptablesDriverInit(bool privileged)
return -ENOTSUP;
}
+ if (iptables_cmd_path)
+ ebiptablesDriverProbeCtdir();
+
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;
return 0;
12 years, 1 month
[libvirt] [PATCH 0/5] Refactoring of cgroups usage
by Daniel P. Berrange
Currently libvirtd creates its basic cgroup hierarchy when it
starts up. This is bad because if people mount cgroups after
libvirtd it is running it doesn't detect this. The second
issue is that the driver code re-creates the virCgroupPtr
instance for a domain over & over again, which is inefficient
and bloats the code. Finally, if the driver is configured to
only use a couple of the cgroups controllers, we are still
creating the directories under all of them
12 years, 1 month
[libvirt] [PATCH] Fix free of uninitialized value in LXC numad setup
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The 'nodeset' variable was never initialized, causing a later
VIR_FREE(nodeset) to free uninitialized memory.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Pushed under trivial rule
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 37e3ce9..bb369e2 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -517,7 +517,7 @@ static int virLXCControllerGetNumadAdvice(virLXCControllerPtr ctrl,
virBitmapPtr *mask)
{
virBitmapPtr nodemask = NULL;
- char *nodeset;
+ char *nodeset = NULL;
int ret = -1;
/* Get the advisory nodeset from numad if 'placement' of
--
1.7.11.7
12 years, 1 month
