August 2013 - Devel - libvirt List Archives

[libvirt] [PATCH v2 0/3] Add tests for network update XML parsing
by Ján Tomko 07 Aug '13

07 Aug '13

v1: https://www.redhat.com/archives/libvir-list/2013-July/msg01971.html v2: remove the spaces from other elements instead of adding one Ján Tomko (3): Remove the space before the slash in network XML Reverse logic allowing partial DHCP host XML Test network XML update src/conf/network_conf.h | 9 + src/conf/network_conf.c | 47 +-- src/libvirt_private.syms | 1 + src/network/default.xml | 4 +- src/test/test_driver.c | 4 +- tests/Makefile.am | 9 +- tests/networkxml2xmltest.c | 3 + tests/networkxml2xmlupdatetest.c | 372 +++++++++++++++++++++ tests/networkxml2confdata/dhcp6-nat-network.xml | 20 +- tests/networkxml2confdata/dhcp6-network.xml | 14 +- .../dhcp6host-routed-network.xml | 16 +- tests/networkxml2confdata/isolated-network.xml | 4 +- .../networkxml2confdata/nat-network-dns-hosts.xml | 2 +- .../nat-network-dns-srv-record-minimal.xml | 10 +- .../nat-network-dns-srv-record.xml | 10 +- .../nat-network-dns-txt-record.xml | 10 +- tests/networkxml2confdata/nat-network.xml | 8 +- tests/networkxml2confdata/netboot-network.xml | 8 +- .../networkxml2confdata/netboot-proxy-network.xml | 6 +- tests/networkxml2confdata/routed-network.xml | 2 +- tests/networkxml2xmlin/bandwidth-network.xml | 4 +- .../networkxml2xmlin/dhcp6host-routed-network.xml | 16 +- tests/networkxml2xmlin/empty-allow-ipv6.xml | 2 +- tests/networkxml2xmlin/isolated-network.xml | 4 +- tests/networkxml2xmlin/nat-network-dns-hosts.xml | 2 +- .../nat-network-dns-srv-record-minimal.xml | 10 +- .../nat-network-dns-srv-record.xml | 10 +- .../nat-network-dns-srv-records.xml | 27 ++ .../nat-network-dns-txt-record.xml | 10 +- tests/networkxml2xmlin/nat-network.xml | 8 +- tests/networkxml2xmlin/netboot-network.xml | 6 +- tests/networkxml2xmlin/netboot-proxy-network.xml | 4 +- tests/networkxml2xmlin/routed-network.xml | 2 +- tests/networkxml2xmlout/bandwidth-network.xml | 4 +- .../networkxml2xmlout/dhcp6host-routed-network.xml | 16 +- tests/networkxml2xmlout/empty-allow-ipv6.xml | 2 +- tests/networkxml2xmlout/host-bridge-net.xml | 2 +- tests/networkxml2xmlout/isolated-network.xml | 4 +- tests/networkxml2xmlout/nat-network-dns-hosts.xml | 2 +- .../nat-network-dns-srv-record-minimal.xml | 10 +- .../nat-network-dns-srv-record.xml | 10 +- .../nat-network-dns-srv-records.xml | 27 ++ .../nat-network-dns-txt-record.xml | 10 +- tests/networkxml2xmlout/nat-network.xml | 8 +- tests/networkxml2xmlout/netboot-network.xml | 8 +- tests/networkxml2xmlout/netboot-proxy-network.xml | 6 +- tests/networkxml2xmlout/routed-network.xml | 2 +- .../networkxml2xmlupdatein/dhcp-range-existing.xml | 1 + tests/networkxml2xmlupdatein/dhcp-range.xml | 1 + .../dns-host-gateway-incomplete.xml | 3 + tests/networkxml2xmlupdatein/dns-host-pudding.xml | 3 + .../dns-txt-record-example.xml | 1 + .../dns-txt-record-snowman.xml | 1 + tests/networkxml2xmlupdatein/host-existing.xml | 1 + tests/networkxml2xmlupdatein/host-incomplete.xml | 1 + .../networkxml2xmlupdatein/host-new-incomplete.xml | 1 + tests/networkxml2xmlupdatein/host-new.xml | 1 + tests/networkxml2xmlupdatein/host-updated.xml | 1 + tests/networkxml2xmlupdatein/interface-eth1.xml | 1 + tests/networkxml2xmlupdatein/interface-eth47.xml | 1 + .../networkxml2xmlupdatein/portgroup-alice-new.xml | 10 + tests/networkxml2xmlupdatein/portgroup-alison.xml | 11 + tests/networkxml2xmlupdatein/srv-record-donkey.xml | 1 + .../networkxml2xmlupdatein/srv-record-invalid.xml | 1 + .../networkxml2xmlupdatein/srv-record-protocol.xml | 1 + .../networkxml2xmlupdatein/srv-record-service.xml | 1 + tests/networkxml2xmlupdatein/srv-record.xml | 1 + .../networkxml2xmlupdatein/unparsable-dns-host.xml | 1 + .../dhcp6host-routed-network-another-range.xml | 27 ++ .../dhcp6host-routed-network-range.xml | 27 ++ .../nat-network-dns-more-hosts.xml | 19 ++ .../nat-network-dns-srv-record.xml | 26 ++ .../nat-network-dns-srv-records.xml | 27 ++ .../nat-network-dns-txt-none.xml | 23 ++ .../nat-network-dns-txt-records.xml | 27 ++ .../nat-network-forward-ifaces.xml | 27 ++ .../nat-network-host-updated.xml | 23 ++ .../networkxml2xmlupdateout/nat-network-hosts.xml | 24 ++ .../nat-network-no-forward-ifaces.xml | 24 ++ .../nat-network-no-hosts.xml | 10 + .../nat-network-no-range.xml | 22 ++ .../nat-network-one-host.xml | 22 ++ tests/networkxml2xmlupdateout/nat-network.xml | 23 ++ .../openvswitch-net-modified.xml | 33 ++ .../openvswitch-net-more-portgroups.xml | 44 +++ .../openvswitch-net-without-alice.xml | 23 ++ 86 files changed, 1100 insertions(+), 170 deletions(-) create mode 100644 tests/networkxml2xmlupdatetest.c create mode 100644 tests/networkxml2xmlin/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlout/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlupdatein/dhcp-range-existing.xml create mode 100644 tests/networkxml2xmlupdatein/dhcp-range.xml create mode 100644 tests/networkxml2xmlupdatein/dns-host-gateway-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/dns-host-pudding.xml create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-example.xml create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-snowman.xml create mode 100644 tests/networkxml2xmlupdatein/host-existing.xml create mode 100644 tests/networkxml2xmlupdatein/host-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/host-new-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/host-new.xml create mode 100644 tests/networkxml2xmlupdatein/host-updated.xml create mode 100644 tests/networkxml2xmlupdatein/interface-eth1.xml create mode 100644 tests/networkxml2xmlupdatein/interface-eth47.xml create mode 100644 tests/networkxml2xmlupdatein/portgroup-alice-new.xml create mode 100644 tests/networkxml2xmlupdatein/portgroup-alison.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-donkey.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-invalid.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-protocol.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-service.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record.xml create mode 100644 tests/networkxml2xmlupdatein/unparsable-dns-host.xml create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-another-range.xml create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-range.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-more-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-record.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-none.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-records.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-forward-ifaces.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-host-updated.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-forward-ifaces.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-range.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-one-host.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-modified.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-more-portgroups.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-without-alice.xml -- 1.8.1.5

1 4

[libvirt] [PATCH 0/3] Add tests for network update XML parsing
by Ján Tomko 07 Aug '13

07 Aug '13

Ján Tomko (3): Add space before the slash in dns srv entries Reverse logic allowing partial DHCP host XML Test network XML update src/conf/network_conf.h | 9 + src/libvirt_private.syms | 1 + src/conf/network_conf.c | 25 +- tests/Makefile.am | 9 +- tests/networkxml2xmltest.c | 3 + tests/networkxml2xmlupdatetest.c | 372 +++++++++++++++++++++ .../nat-network-dns-srv-records.xml | 27 ++ .../nat-network-dns-srv-records.xml | 27 ++ .../networkxml2xmlupdatein/dhcp-range-existing.xml | 1 + tests/networkxml2xmlupdatein/dhcp-range.xml | 1 + .../dns-host-gateway-incomplete.xml | 3 + tests/networkxml2xmlupdatein/dns-host-pudding.xml | 3 + .../dns-txt-record-example.xml | 1 + .../dns-txt-record-snowman.xml | 1 + tests/networkxml2xmlupdatein/host-existing.xml | 1 + tests/networkxml2xmlupdatein/host-incomplete.xml | 1 + .../networkxml2xmlupdatein/host-new-incomplete.xml | 1 + tests/networkxml2xmlupdatein/host-new.xml | 1 + tests/networkxml2xmlupdatein/host-updated.xml | 1 + tests/networkxml2xmlupdatein/interface-eth1.xml | 1 + tests/networkxml2xmlupdatein/interface-eth47.xml | 1 + .../networkxml2xmlupdatein/portgroup-alice-new.xml | 10 + tests/networkxml2xmlupdatein/portgroup-alison.xml | 11 + tests/networkxml2xmlupdatein/srv-record-donkey.xml | 1 + .../networkxml2xmlupdatein/srv-record-invalid.xml | 1 + .../networkxml2xmlupdatein/srv-record-protocol.xml | 1 + .../networkxml2xmlupdatein/srv-record-service.xml | 1 + tests/networkxml2xmlupdatein/srv-record.xml | 1 + .../networkxml2xmlupdatein/unparsable-dns-host.xml | 1 + .../dhcp6host-routed-network-another-range.xml | 27 ++ .../dhcp6host-routed-network-range.xml | 27 ++ .../nat-network-dns-more-hosts.xml | 19 ++ .../nat-network-dns-srv-record.xml | 26 ++ .../nat-network-dns-srv-records.xml | 27 ++ .../nat-network-dns-txt-none.xml | 23 ++ .../nat-network-dns-txt-records.xml | 27 ++ .../nat-network-forward-ifaces.xml | 27 ++ .../nat-network-host-updated.xml | 23 ++ .../networkxml2xmlupdateout/nat-network-hosts.xml | 24 ++ .../nat-network-no-forward-ifaces.xml | 24 ++ .../nat-network-no-hosts.xml | 10 + .../nat-network-no-range.xml | 22 ++ .../nat-network-one-host.xml | 22 ++ tests/networkxml2xmlupdateout/nat-network.xml | 23 ++ .../openvswitch-net-modified.xml | 33 ++ .../openvswitch-net-more-portgroups.xml | 44 +++ .../openvswitch-net-without-alice.xml | 23 ++ 47 files changed, 949 insertions(+), 19 deletions(-) create mode 100644 tests/networkxml2xmlupdatetest.c create mode 100644 tests/networkxml2xmlin/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlout/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlupdatein/dhcp-range-existing.xml create mode 100644 tests/networkxml2xmlupdatein/dhcp-range.xml create mode 100644 tests/networkxml2xmlupdatein/dns-host-gateway-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/dns-host-pudding.xml create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-example.xml create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-snowman.xml create mode 100644 tests/networkxml2xmlupdatein/host-existing.xml create mode 100644 tests/networkxml2xmlupdatein/host-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/host-new-incomplete.xml create mode 100644 tests/networkxml2xmlupdatein/host-new.xml create mode 100644 tests/networkxml2xmlupdatein/host-updated.xml create mode 100644 tests/networkxml2xmlupdatein/interface-eth1.xml create mode 100644 tests/networkxml2xmlupdatein/interface-eth47.xml create mode 100644 tests/networkxml2xmlupdatein/portgroup-alice-new.xml create mode 100644 tests/networkxml2xmlupdatein/portgroup-alison.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-donkey.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-invalid.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-protocol.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-service.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record.xml create mode 100644 tests/networkxml2xmlupdatein/unparsable-dns-host.xml create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-another-range.xml create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-range.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-more-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-record.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-records.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-none.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-records.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-forward-ifaces.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-host-updated.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-forward-ifaces.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-hosts.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-range.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-one-host.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-modified.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-more-portgroups.xml create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-without-alice.xml -- 1.8.1.5

4 7

[libvirt] [sandbox][PATCH] Fix delete of running containers
by Wayne Sun 07 Aug '13

07 Aug '13

The stop function is removed since 0.5.0, update delete function using virsh destroy to stop container. Signed-off-by: Wayne Sun <gsun(a)redhat.com> --- bin/virt-sandbox-service | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service index 550d46c..926d1d5 100755 --- a/bin/virt-sandbox-service +++ b/bin/virt-sandbox-service @@ -254,9 +254,11 @@ class Container: def delete(self): self.connect() - # Stop service if it is running + # Stop container if it is running try: - self.stop() + p = Popen(["/usr/bin/virsh", "-c", self.uri, "destroy", self.name], + stdout=PIPE, stderr=PIPE) + p.communicate() except: pass -- 1.7.1

2 2

[libvirt] [PATCH v5 0/2] add startupPolicy support for harddisks
by Guannan Ren 07 Aug '13

07 Aug '13

These patches are based on code https://www.redhat.com/archives/libvir-list/2013-July/msg01741.html The set of patches is trying to add 'startupPolicy' support for guest hard disks. For the 'optional' policy, there is a little difference from CDROM and Floppy which only drop its source path, for disks, if missing, the checking function will drop their definitions, because qemu doesn't allow missing source path for hard disk. migration is not supported yet. Guannan Ren(2) [PATCH v5 1/2] conf: add startupPolicy attribute for harddisk [PATCH v5 2/2] qemu: support to drop disk with 'optional' startupPolicy docs/formatdomain.html.in | 8 ++++++-- docs/schemas/domaincommon.rng | 6 ++++++ include/libvirt/libvirt.h.in | 1 + src/conf/domain_conf.c | 31 +++++++++++++++++++++++-------- src/qemu/qemu_domain.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------- 5 files changed, 97 insertions(+), 26 deletions(-)

2 8

[libvirt] [PATCH v2] nwfilter: Use -m conntrack rather than -m state
by Stefan Berger 07 Aug '13

07 Aug '13

Since iptables version 1.4.16 '-m state --state NEW' is converted to '-m conntrack --ctstate NEW'. Therefore, when encountering this or later versions of iptables use '-m conntrack --ctstate'. Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- v1->v2: - Fixed a logic bug and adjusted version comparison to use '>=' rather than '>' --- src/nwfilter/nwfilter_ebiptables_driver.c | 50 +++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -188,6 +188,9 @@ static const char ebiptables_script_set_ static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED"; static const char *m_state_in_str = "-m state --state ESTABLISHED"; +static const char *m_state_out_str_new = "-m conntrack --ctstate NEW,ESTABLISHED"; +static const char *m_state_in_str_new = "-m conntrack --ctstate ESTABLISHED"; + static const char *m_physdev_in_str = "-m physdev " PHYSDEV_IN; static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT; static const char *m_physdev_out_old_str = "-m physdev " PHYSDEV_OUT_OLD; @@ -4353,6 +4356,49 @@ ebiptablesDriverProbeCtdir(void) iptables_ctdir_corrected = CTDIR_STATUS_OLD; } +static void +ebiptablesDriverProbeStateMatch(void) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + char *cmdout = NULL, *version; + unsigned long thisversion; + + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + virBufferAsprintf(&buf, + "$IPT --version"); + + if (ebiptablesExecCLI(&buf, NULL, &cmdout) < 0) { + VIR_ERROR(_("Testing of iptables command failed: %s"), + cmdout); + return; + } + + /* + * we expect output in the format + * iptables v1.4.16 + */ + if (!(version = strchr(cmdout, 'v')) || + virParseVersionString(version + 1, &thisversion, true) < 0) { + VIR_ERROR(_("Could not determine iptables version from string %s"), + cmdout); + goto cleanup; + } + + /* + * since version 1.4.16 '-m state --state ...' will be converted to + * '-m conntrack --ctstate ...' + */ + if (thisversion >= 1 * 1000000 + 4 * 1000 + 16) { + m_state_out_str = m_state_out_str_new; + m_state_in_str = m_state_in_str_new; + } + +cleanup: + VIR_FREE(cmdout); + return; +} + static int ebiptablesDriverInit(bool privileged) { @@ -4390,8 +4436,10 @@ ebiptablesDriverInit(bool privileged) return -ENOTSUP; } - if (iptables_cmd_path) + if (iptables_cmd_path) { ebiptablesDriverProbeCtdir(); + ebiptablesDriverProbeStateMatch(); + } ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;

2 2

[libvirt] [PATCH] nwfilter: Use -m conntrack rather than -m state
by Stefan Berger 07 Aug '13

07 Aug '13

Since iptables version 1.4.16 '-m state --state NEW' is converted to '-m conntrack --ctstate NEW'. Therefore, when encountering this or later versions of iptables use '-m conntrack --ctstate'. Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- src/nwfilter/nwfilter_ebiptables_driver.c | 50 +++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -188,6 +188,9 @@ static const char ebiptables_script_set_ static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED"; static const char *m_state_in_str = "-m state --state ESTABLISHED"; +static const char *m_state_out_str_new = "-m conntrack --ctstate NEW,ESTABLISHED"; +static const char *m_state_in_str_new = "-m conntrack --ctstate ESTABLISHED"; + static const char *m_physdev_in_str = "-m physdev " PHYSDEV_IN; static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT; static const char *m_physdev_out_old_str = "-m physdev " PHYSDEV_OUT_OLD; @@ -4353,6 +4356,49 @@ ebiptablesDriverProbeCtdir(void) iptables_ctdir_corrected = CTDIR_STATUS_OLD; } +static void +ebiptablesDriverProbeStateMatch(void) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + char *cmdout = NULL, *version; + unsigned long thisversion; + + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + virBufferAsprintf(&buf, + "$IPT --version"); + + if (ebiptablesExecCLI(&buf, NULL, &cmdout) < 0) { + VIR_ERROR(_("Testing of iptables command failed: %s"), + cmdout); + return; + } + + /* + * we expect output in the format + * iptables v1.4.16 + */ + if (!(version = strchr(cmdout, 'v')) && + virParseVersionString(version + 1, &thisversion, true) < 0) { + VIR_ERROR(_("Could not determine iptables version from string %s"), + cmdout); + goto cleanup; + } + + /* + * since version 1.4.16 '-m state --state ...' will be converted to + * '-m conntrack --ctstate ...' + */ + if (thisversion > 1 * 1000000 + 4 * 1000 + 16) { + m_state_out_str = m_state_out_str_new; + m_state_in_str = m_state_in_str_new; + } + +cleanup: + VIR_FREE(cmdout); + return; +} + static int ebiptablesDriverInit(bool privileged) { @@ -4390,8 +4436,10 @@ ebiptablesDriverInit(bool privileged) return -ENOTSUP; } - if (iptables_cmd_path) + if (iptables_cmd_path) { ebiptablesDriverProbeCtdir(); + ebiptablesDriverProbeStateMatch(); + } ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;

2 5

[libvirt] [TCK][PATCH v2] nwfilter: convert ctstate to state
by Stefan Berger 07 Aug '13

07 Aug '13

iptables version 1.4.16 and later automatically convert -m state --state ... to -m conntrack --ctstate ... In the test cases we will then only see 'ctstate' and convert that back to the older 'state'. Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- scripts/nwfilter/nwfilter2vmtest.sh | 5 +++++ 1 file changed, 5 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh +++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh @@ -181,6 +181,11 @@ checkExpectedOutput() { sed -i "s/ctdir _REPLY/ctdir REPLY/" ${tmpfile} fi + #iptables >= v1.4.16 converts -m state --state ... to + #-m conntrack --ctstate ... We now change ctstate back to + #state + sed -i "s/ctstate/state/" ${tmpfile} + diff -w ${tmpfile} ${tmpfile2} >/dev/null if [ $? -ne 0 ]; then

2 2

[libvirt] [PATCH] virGetGroupList: always include the primary group
by Guido Günther 07 Aug '13

07 Aug '13

The change from initgroups to virGetGroupList/setgroups in cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from processes group list iff the passed in group to virGetGroupList differs from the user's primary group. So always include the primary group to bring back the old behaviour. Debian has the kvm group as primary group but uses libvirt-qemu:libvirt-qemu as user:group to run the kvm process so without this change the /dev/kvm is inaccesible. --- src/util/virutil.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index 3abcd53..12e1467 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -983,29 +983,41 @@ virGetGroupID(const char *group, gid_t *gid) } -/* Compute the list of supplementary groups associated with @uid, and - * including @gid in the list (unless it is -1), storing a malloc'd - * result into @list. Return the size of the list on success, or -1 - * on failure with error reported and errno set. May not be called - * between fork and exec. */ +/* Compute the list of primary and supplementary groups associated + * with @uid, and including @gid in the list (unless it is -1), + * storing a malloc'd result into @list. Return the size of the list + * on success, or -1 on failure with error reported and errno set. May + * not be called between fork and exec. */ int virGetGroupList(uid_t uid, gid_t gid, gid_t **list) { int ret = -1; char *user = NULL; + gid_t primary; *list = NULL; if (uid == (uid_t)-1) return 0; - if (virGetUserEnt(uid, &user, - gid == (gid_t)-1 ? &gid : NULL, NULL) < 0) + if (virGetUserEnt(uid, &user, &primary, NULL) < 0) return -1; - ret = mgetgroups(user, gid, list); - if (ret < 0) + ret = mgetgroups(user, primary, list); + if (ret < 0) { virReportSystemError(errno, _("cannot get group list for '%s'"), user); + goto cleanup; + } + + if (gid != (gid_t)-1) { + if (VIR_REALLOC_N(*list, ++ret) < 0) { + VIR_FREE(*list); + goto cleanup; + } + (*list)[ret-1] = gid; + } + +cleanup: VIR_FREE(user); return ret; } -- 1.8.3.2

2 4

[libvirt] [PATCHv3 0/2] RESEND - remaining 2 q35 patches
by Laine Stump 07 Aug '13

07 Aug '13

Just to make it easier to keep straight what has been pushed, I'm resending the last two patches that still need an ACK. Doug had reviewed 1/2, but didn't ACK because he wanted to get more opinions on whether it's better to a) have a special case that doesn't specify any id for the primary sata controller (relying on qemu to imply the proper controller) or b) have a special case that uses "ide.0" for the primary sata controller (which we've been told will work by qemu people). There was a 3rd patch that we've decided not to patch, waiting for a qemu fix to be pushed instead - the patch that changed all i82801b11-bridge controllers into pci-bridge controllers to work around a qemu bug. Laine Stump (2): qemu: enable using implicit sata controller in q35 machines qemu: improve error reporting during PCI address validation src/qemu/qemu_command.c | 247 +++++++++++++++--------- tests/qemuxml2argvdata/qemuxml2argv-q35.args | 2 + tests/qemuxml2argvdata/qemuxml2argv-q35.xml | 5 + tests/qemuxml2argvtest.c | 2 +- tests/qemuxml2xmloutdata/qemuxml2xmlout-q35.xml | 5 + 5 files changed, 171 insertions(+), 90 deletions(-) -- 1.7.11.7

3 8

[libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus
by Stefan Bader 07 Aug '13

07 Aug '13

Based on Daniel's feedback I did a split for public/private functions for those that cause the lockup when getting XML. Maybe not complete but at least seems to allow basic usage again (through virt-manager). -Stefan --- >From f406c6891fb92a45dc5d5a4d794c5d667965d096 Mon Sep 17 00:00:00 2001 From: Stefan Bader <stefan.bader(a)canonical.com> Date: Mon, 15 Jul 2013 16:03:58 +0200 Subject: [PATCH] xen: Use internal interfaces in xenDomainUsedCpus Since commit 95e18efd most public interfaces (xenUnified...) obtain a virDomainDefPtr via xenGetDomainDefFor...() which take the unified lock. This is already taken before calling xenDomainUsedCpus(), so we get a deadlock for active guests. Avoid this by splitting up xenUnifiedDomainGetVcpusFlags() and xenUnifiedDomainGetVcpus() into public and private function calls (which get the virDomainDefPtr passed) and use those in xenDomainUsedCpus(). xenDomainUsedCpus ... nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom); return xenUnifiedDomainGetVcpusFlags(...) ... if (!(def = xenGetDomainDefForDom(dom))) return xenGetDomainDefForUUID(dom->conn, dom->uuid); ... ret = xenHypervisorLookupDomainByUUID(conn, uuid); ... xenUnifiedLock(priv); name = xenStoreDomainGetName(conn, id); xenUnifiedUnlock(priv); ... if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu, ... if (!(def = xenGetDomainDefForDom(dom))) [again like above] Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com> --- src/xen/xen_driver.c | 94 +++++++++++++++++++++++++++++++++----------------- src/xen/xen_driver.h | 2 +- 2 files changed, 64 insertions(+), 32 deletions(-) diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c index 39334b7..9ae728e 100644 --- a/src/xen/xen_driver.c +++ b/src/xen/xen_driver.c @@ -73,12 +73,14 @@ static int xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info); + static int -xenUnifiedDomainGetMaxVcpus(virDomainPtr dom); +__xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, virDomainDefPtr def, + unsigned int flags); static int -xenUnifiedDomainGetVcpus(virDomainPtr dom, - virVcpuInfoPtr info, int maxinfo, - unsigned char *cpumaps, int maplen); +__xenUnifiedDomainGetVcpus(virDomainPtr dom, virDomainDefPtr def, + virVcpuInfoPtr info, int maxinfo, + unsigned char *cpumaps, int maplen); static bool is_privileged = false; @@ -173,6 +175,7 @@ xenNumaInit(virConnectPtr conn) { /** * xenDomainUsedCpus: * @dom: the domain + * @def: the domain definition * * Analyze which set of CPUs are used by the domain and * return a string providing the ranges. @@ -181,7 +184,7 @@ xenNumaInit(virConnectPtr conn) { * NULL if the domain uses all CPU or in case of error. */ char * -xenDomainUsedCpus(virDomainPtr dom) +xenDomainUsedCpus(virDomainPtr dom, virDomainDefPtr def) { char *res = NULL; int ncpus; @@ -202,9 +205,14 @@ xenDomainUsedCpus(virDomainPtr dom) if (priv->nbNodeCpus <= 0) return NULL; - nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom); + nb_vcpu = __xenUnifiedDomainGetVcpusFlags(dom, def, + (VIR_DOMAIN_VCPU_LIVE | + VIR_DOMAIN_VCPU_MAXIMUM)); if (nb_vcpu <= 0) return NULL; + /* FIXME: To be consistent this should map to an internal interface, too. + * Currently it actually does map straight to xenDaemonNodeGetInfo(). + */ if (xenUnifiedNodeGetInfo(dom->conn, &nodeinfo) < 0) return NULL; @@ -217,8 +225,8 @@ xenDomainUsedCpus(virDomainPtr dom) VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0) goto done; - if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu, - cpumap, cpumaplen)) >= 0) { + if ((ncpus = __xenUnifiedDomainGetVcpus(dom, def, cpuinfo, nb_vcpu, + cpumap, cpumaplen)) >= 0) { for (n = 0; n < ncpus; n++) { for (m = 0; m < priv->nbNodeCpus; m++) { bool used; @@ -1410,54 +1418,57 @@ cleanup: } static int -xenUnifiedDomainGetVcpus(virDomainPtr dom, - virVcpuInfoPtr info, int maxinfo, - unsigned char *cpumaps, int maplen) +__xenUnifiedDomainGetVcpus(virDomainPtr dom, virDomainDefPtr def, + virVcpuInfoPtr info, int maxinfo, + unsigned char *cpumaps, int maplen) { xenUnifiedPrivatePtr priv = dom->conn->privateData; - virDomainDefPtr def = NULL; int ret = -1; - if (!(def = xenGetDomainDefForDom(dom))) - goto cleanup; - - if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0) - goto cleanup; - if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Cannot get VCPUs of inactive domain")); - goto cleanup; } else { - ret = xenDaemonDomainGetVcpus(dom->conn, def, info, maxinfo, cpumaps, maplen); + ret = xenDaemonDomainGetVcpus(dom->conn, def, info, maxinfo, + cpumaps, maplen); } } else { - ret = xenHypervisorGetVcpus(dom->conn, def, info, maxinfo, cpumaps, maplen); + ret = xenHypervisorGetVcpus(dom->conn, def, info, maxinfo, cpumaps, + maplen); } -cleanup: - virDomainDefFree(def); return ret; } static int -xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) +xenUnifiedDomainGetVcpus(virDomainPtr dom, + virVcpuInfoPtr info, int maxinfo, + unsigned char *cpumaps, int maplen) { - xenUnifiedPrivatePtr priv = dom->conn->privateData; virDomainDefPtr def = NULL; int ret = -1; - virCheckFlags(VIR_DOMAIN_VCPU_LIVE | - VIR_DOMAIN_VCPU_CONFIG | - VIR_DOMAIN_VCPU_MAXIMUM, -1); - if (!(def = xenGetDomainDefForDom(dom))) goto cleanup; - if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0) + if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0) goto cleanup; + ret = __xenUnifiedDomainGetVcpus(dom, def, info, maxinfo, cpumaps, maplen); + +cleanup: + virDomainDefFree(def); + return ret; +} + +static int +__xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, virDomainDefPtr def, + unsigned int flags) +{ + xenUnifiedPrivatePtr priv = dom->conn->privateData; + int ret = -1; + if (dom->id < 0) { if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags); @@ -1470,6 +1481,27 @@ xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) ret = xenDaemonDomainGetVcpusFlags(dom->conn, def, flags); } + return ret; +} + +static int +xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags) +{ + virDomainDefPtr def = NULL; + int ret = -1; + + virCheckFlags(VIR_DOMAIN_VCPU_LIVE | + VIR_DOMAIN_VCPU_CONFIG | + VIR_DOMAIN_VCPU_MAXIMUM, -1); + + if (!(def = xenGetDomainDefForDom(dom))) + goto cleanup; + + if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0) + goto cleanup; + + ret = __xenUnifiedDomainGetVcpusFlags(dom, def, flags); + cleanup: virDomainDefFree(def); return ret; @@ -1501,7 +1533,7 @@ xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) } else { char *cpus; xenUnifiedLock(priv); - cpus = xenDomainUsedCpus(dom); + cpus = xenDomainUsedCpus(dom, def); xenUnifiedUnlock(priv); def = xenDaemonDomainGetXMLDesc(dom->conn, minidef, cpus); VIR_FREE(cpus); diff --git a/src/xen/xen_driver.h b/src/xen/xen_driver.h index 3c7a8cd..a363161 100644 --- a/src/xen/xen_driver.h +++ b/src/xen/xen_driver.h @@ -187,7 +187,7 @@ struct _xenUnifiedPrivate { typedef struct _xenUnifiedPrivate *xenUnifiedPrivatePtr; -char *xenDomainUsedCpus(virDomainPtr dom); +char *xenDomainUsedCpus(virDomainPtr dom, virDomainDefPtr def); virDomainXMLOptionPtr xenDomainXMLConfInit(void); -- 1.7.9.5

2 4