[libvirt] [PATCH v1 0/5] Precreate storage on migration
by Michal Privoznik
Yet another attempt.
One thing that I'm not sure about is, whether this functionality
should be on by default or tunable via say flag to migrate APIs.
Thing is, in my approach I require disks to be in a storage pool
(see the last patch for reasoning). On the other hand, if users
still precreate storage themselves, they won't see any failure if
disks doesn't belong to any pool. So I'm undecided yet, thoughts?
Michal Privoznik (5):
qemu: Expose qemuOpenFile and qemuOpenFileAs
qemu: Split qemuDomainGetBlockInfo
storage: Introduce storagePoolLookupByPath
qemu_migration: Send disk sizes to the other side
qemu_migration: Precreate missing storage
src/qemu/qemu_domain.c | 319 ++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_domain.h | 16 ++
src/qemu/qemu_driver.c | 316 +-------------------------------------
src/qemu/qemu_migration.c | 354 ++++++++++++++++++++++++++++++++++++++++---
src/storage/storage_driver.c | 36 +++++
src/storage/storage_driver.h | 4 +
6 files changed, 711 insertions(+), 334 deletions(-)
--
2.0.4
9 years, 11 months
[libvirt] [PATCH 0/2] qemu: update jobinfo type if the job is not completed in qemuMigrationRun
by Wang Rui
In qemuMigrationRun the jobinfo type won't be updated until
qemuMigrationWaitForCompletion. If migration is failed or cancelled before
that(such as in qemuMigrationDriveMirror), we can't get the right jobinfo
type. The following patches fix it.
Wang Rui (2):
qemu: set jobinfo type to CANCELLED if migration is cancelled in all
conditions
qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun
src/qemu/qemu_migration.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--
1.7.12.4
9 years, 11 months
[libvirt] systemd-cgroups-agent not working in containers
by Richard Weinberger
Hi!
I run a Linux container setup with openSUSE 13.1/2 as guest distro.
After some time containers slow down.
An investigation showed that the containers slow down because a lot of stale
user sessions slow down almost all systemd tools, mostly systemctl.
loginctl reports many thousand sessions.
All in state "closing".
The vast majority of these sessions are from crond an ssh logins.
It turned out that sessions are never closed and stay around.
The control group of a said session contains zero tasks.
So I started to explore why systemd keeps it.
After another few hours of debugging I realized that systemd never
issues the release signal from cgroups.
Also calling the release agent by hand did not help. i.e.
/usr/lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice/session-c324.scope
Therefore systemd never recognizes that a server/session has no more tasks
and will close it.
First I thought it is an issue in libvirt combined with user namespaces.
But I can trigger this also without user namespaces and also with systemd-nspawn.
Tested with systemd 208 and 210 from openSUSE, their packages have all known bugfixes.
Any idea where to look further?
How do you run the most current systemd on your distro?
Thanks,
//richard
9 years, 11 months
[libvirt] [PATCH] conf: replace call to virNetworkFree() with virOjectUnref()
by Laine Stump
The function virNetworkObjListExport() in network_conf.c had a call to
the public API virNetworkFree() which was causing a link error:
CCLD libvirt_driver_vbox_network_impl.la
./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport':
/home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree'
This would happen when I added
#include "network_conf.h"
into domain_conf.c, then attempted to call a new function from that
file (and enum converter, similar to virNetworkForwardTypeToString())
In the end, virNetworkFree() ends up just calling virObjectUnref(obj)
anyway (after clearing all pending errors, which we probably *don't*
want to do in the cleanup of a utility function), so this is likely
more correct than the original code as well.
---
A quick look showed that there may be other places where we are
calling public APIs such as virNetworkFree and virDomainFree when we
really don't want to be clearning out the pending error - this would
result in the good old "an error was encountered but the cause is
unknown" type of log messages. It may warrant an audit...
src/conf/network_conf.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 067334e..a249e32 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -4463,10 +4463,8 @@ virNetworkObjListExport(virConnectPtr conn,
cleanup:
if (tmp_nets) {
- for (i = 0; i < nnets; i++) {
- if (tmp_nets[i])
- virNetworkFree(tmp_nets[i]);
- }
+ for (i = 0; i < nnets; i++)
+ virObjectUnref(tmp_nets[i]);
}
VIR_FREE(tmp_nets);
--
1.9.3
9 years, 11 months
[libvirt] [PATCH] Doc: some small issue in the document
by Luyao Huang
When i pasted some xml from libvirt.org, i found some small mistake.
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
docs/formatdomain.html.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 9c1d0f4..c08b244 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -3871,7 +3871,7 @@
<source>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</source>
- <mac address='52:54:00:6d:90:02'>
+ <mac address='52:54:00:6d:90:02'/>
<virtualport type='802.1Qbh'>
<parameters profileid='finance'/>
</virtualport>
@@ -3898,7 +3898,7 @@
...
<devices>
<interface type='mcast'>
- <mac address='52:54:00:6d:90:01'>
+ <mac address='52:54:00:6d:90:01'/>
<source address='230.0.0.1' port='5558'/>
</interface>
</devices>
@@ -4772,11 +4772,11 @@ qemu-kvm -net nic,model=? /dev/null
<source path='/dev/pts/3'/>
<target port='0'/>
</serial>
- <serial type='file>
+ <serial type='file'>
<source path='/tmp/file'>
<seclabel model='dac' relabel='no'/>
</source>
- <target port='0'>
+ <target port='0'/>
</serial>
<console type='pty'>
<source path='/dev/pts/4'/>
--
1.8.3.1
9 years, 11 months
Re: [libvirt] [GIT PULL] namespace updates for v3.17-rc1
by Richard Weinberger
On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman <ebiederm(a)xmission.com> wrote:
>
> Linus,
>
> Please pull the for-linus branch from the git tree:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus
>
> HEAD: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
>
> This is a bunch of small changes built against 3.16-rc6. The most
> significant change for users is the first patch which makes setns
> drmatically faster by removing unneded rcu handling.
>
> The next chunk of changes are so that "mount -o remount,.." will not
> allow the user namespace root to drop flags on a mount set by the system
> wide root. Aks this forces read-only mounts to stay read-only, no-dev
> mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to
> stay no exec and it prevents unprivileged users from messing with a
> mounts atime settings. I have included my test case as the last patch
> in this series so people performing backports can verify this change
> works correctly.
>
> The next change fixes a bug in NFS that was discovered while auditing
> nsproxy users for the first optimization. Today you can oops the kernel
> by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid
> namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case
> yesterday when a build bot caught my typo. Given that no one to my
> knowledge bases anything on my tree fixing the typo in place seems more
> responsible that requiring a typo-fix to be backported as well.
>
> The last change is a small semantic cleanup introducing
> /proc/thread-self and pointing /proc/mounts and /proc/net at it. This
> prevents several kinds of problemantic corner cases. It is a
> user-visible change so it has a minute chance of causing regressions so
> the change to /proc/mounts and /proc/net are individual one line commits
> that can be trivially reverted. Unfortunately I lost and could not find
> the email of the original reporter so he is not credited. From at least
> one perspective this change to /proc/net is a refgression fix to allow
> pthread /proc/net uses that were broken by the introduction of the network
> namespace.
>
> Eric
>
> Eric W. Biederman (11):
> namespaces: Use task_lock and not rcu to protect nsproxy
> mnt: Only change user settable mount flags in remount
> mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
> mnt: Correct permission checks in do_remount
This commit breaks libvirt-lxc.
libvirt does in lxcContainerMountBasicFS():
/*
* We can't immediately set the MS_RDONLY flag when mounting filesystems
* because (in at least some kernel versions) this will propagate back
* to the original mount in the host OS, turning it readonly too. Thus
* we mount the filesystem in read-write mode initially, and then do a
* separate read-only bind mount on top of that.
*/
bindOverReadonly = !!(mnt_mflags & MS_RDONLY);
VIR_DEBUG("Mount %s on %s type=%s flags=%x",
mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY);
if (mount(mnt_src, mnt->dst, mnt->type, mnt_mflags &
~MS_RDONLY, NULL) < 0) {
^^^^ Here it fails for sysfs because with user namespaces we bind the
existing /sys into the container
and would have to read out all existing mount flags from the current /sys mount.
Otherwise mount() fails with EPERM.
On my test system /sys is mounted with
"rw,nosuid,nodev,noexec,relatime" and libvirt
misses the realtime...
virReportSystemError(errno,
_("Failed to mount %s on %s type %s flags=%x"),
mnt_src, mnt->dst, NULLSTR(mnt->type),
mnt_mflags & ~MS_RDONLY);
goto cleanup;
}
if (bindOverReadonly &&
mount(mnt_src, mnt->dst, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
^^^ Here it fails because now we'd have to specify all flags as used
for the first
mount. For the procfs case MS_NOSUID|MS_NOEXEC|MS_NODEV.
See lxcBasicMounts[].
In this case the fix is easy, add mnt_mflags to the mount flags.
virReportSystemError(errno,
_("Failed to re-mount %s on %s flags=%x"),
mnt_src, mnt->dst,
MS_BIND|MS_REMOUNT|MS_RDONLY);
goto cleanup;
}
--
Thanks,
//richard
9 years, 12 months
[libvirt] [PATCH] docs: fix simple typo in TPM paragraph
by Martin Kletzander
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
Pushed under the 'super-trivial' rule.
docs/formatdomain.html.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 9c1d0f4..46b5b19 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -5596,7 +5596,7 @@ qemu-kvm -net nic,model=? /dev/null
</p>
<p>
The TPM passthrough device type provides access to the host's TPM
- for one QEMU guest. No other software may be is using the TPM device,
+ for one QEMU guest. No other software may be using the TPM device,
typically /dev/tpm0, at the time the QEMU guest is started.
<span class="since">'passthrough' since 1.0.5</span>
</p>
--
2.1.3
9 years, 12 months
[libvirt] [PATCH v3 00/12] parallels: rewrite driver with parallels SDK
by Dmitry Guryanov
This patch series replaces all code, which used prlctl command
to interact with parallels cloud server with calls to
parallels sdk functions.
The model of this driver remain almost the same - in creates a
list of virDomainObj objects on connect and then functions, which
returns different information get info from this list.
Changes in v2:
* Rebase to latest libvirt sources
* Use only "parallels" prefix for functions in parallelsDriver,
so that make check will pass
* Update privconn->domains in case we change something from current
connection.
Changes in v3:
* in parallels: get domain info with SDK:
replace
+ case VIR_ARCH_X86_64:
with
+ case PCM_CPU_MODE_64:
* in parallels: handle events from parallels server
fix make syntax-check error in:
+ if (PRL_FAILED(ret)) {
+ logPrlError(ret);
+ }
* in rewrite parallelsApplyConfig with SDK:
in prlsdkApplyConfig function, don't commit changes if
there is an error in parallelsDoApplyConfig
* in parallels: create VMs and containers with sdk
Handle error from parallelsDoApplyConfig in prlsdkCreateVm.
Alexander Burluka (4):
parallels: get domain info with SDK
parallels: handle events from parallels server
parallels: added function virDomainIsActive()
parallels: Add domainCreateWithFlags() function.
Dmitry Guryanov (8):
parallels: move IS_CT macro to parallels_utils.h
parallels: move parallelsDomNotFoundError to parallels_utils.h
parallels: reimplement functions, which change domain state
parallels: rewrite parallelsApplyConfig with SDK
parallels: create VMs and containers with sdk
parallels: refactor parallelsDomainDefineXML
parallels: add cdroms support
parallels: implement domainUndefine and domainUndefineFlags
src/parallels/parallels_driver.c | 2456 ++++++++------------------------------
src/parallels/parallels_sdk.c | 2454 +++++++++++++++++++++++++++++++++++++
src/parallels/parallels_sdk.h | 25 +
src/parallels/parallels_utils.h | 11 +
4 files changed, 2960 insertions(+), 1986 deletions(-)
--
1.9.3
9 years, 12 months
[libvirt] [PATCH] Fix usage of virReportSystemError
by Jiri Denemark
virReportSystemError is reserved for reporting system errors, calling it
with VIR_ERR_* error codes produces error messages that do not make any
sense, such as
internal error: guest failed to start: Kernel doesn't support user
namespace: Link has been severed
We should prohibit wrong usage with a syntax-check rule.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
cfg.mk | 5 +++++
src/lxc/lxc_container.c | 4 ++--
src/openvz/openvz_conf.c | 4 ++--
src/qemu/qemu_migration.c | 12 ++++++------
src/util/virnetdevopenvswitch.c | 22 +++++++++++-----------
src/util/virobject.c | 4 ++--
6 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/cfg.mk b/cfg.mk
index d829a3c..3f35479 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -983,6 +983,11 @@ sc_prohibit_devname:
halt='avoid using 'devname' as FreeBSD exports the symbol' \
$(_sc_search_regexp)
+sc_prohibit_system_error_with_vir_err:
+ @prohibit='\bvirReportSystemError *\(VIR_ERR_' \
+ halt='do not use virReportSystemError with VIR_ERR_* error codes' \
+ $(_sc_search_regexp)
+
# We don't use this feature of maint.mk.
prev_version_file = /dev/null
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 334a1df..3b08b86 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2309,8 +2309,8 @@ int lxcContainerStart(virDomainDefPtr def,
VIR_DEBUG("Enable user namespace");
cflags |= CLONE_NEWUSER;
} else {
- virReportSystemError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Kernel doesn't support user namespace"));
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Kernel doesn't support user namespace"));
VIR_FREE(stack);
return -1;
}
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
index edf37d0..4b918c0 100644
--- a/src/openvz/openvz_conf.c
+++ b/src/openvz/openvz_conf.c
@@ -405,8 +405,8 @@ openvzReadFSConf(virDomainDefPtr def,
/* Ensure that we can multiply by 1024 without overflowing. */
if (barrier > ULLONG_MAX / 1024 ||
limit > ULLONG_MAX / 1024) {
- virReportSystemError(VIR_ERR_OVERFLOW, "%s",
- _("Unable to parse quota"));
+ virReportError(VIR_ERR_OVERFLOW, "%s",
+ _("Unable to parse quota"));
goto error;
}
fs->space_soft_limit = barrier * 1024; /* unit is bytes */
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index a1b1458..74cda96 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -369,9 +369,9 @@ qemuMigrationCookieNetworkAlloc(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
case VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH:
if (virNetDevOpenvswitchGetMigrateData(&mig->net[i].portdata,
netptr->ifname) != 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to run command to get OVS port data for "
- "interface %s"), netptr->ifname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to run command to get OVS port data for "
+ "interface %s"), netptr->ifname);
goto error;
}
break;
@@ -2223,9 +2223,9 @@ qemuDomainMigrateOPDRelocate(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
case VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH:
if (virNetDevOpenvswitchSetMigrateData(cookie->network->net[i].portdata,
netptr->ifname) != 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to run command to set OVS port data for "
- "interface %s"), netptr->ifname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to run command to set OVS port data for "
+ "interface %s"), netptr->ifname);
goto cleanup;
}
break;
diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c
index 8ea1def..e5c87bb 100644
--- a/src/util/virnetdevopenvswitch.c
+++ b/src/util/virnetdevopenvswitch.c
@@ -147,9 +147,9 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname,
}
if (virCommandRun(cmd, NULL) < 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to add port %s to OVS bridge %s"),
- ifname, brname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to add port %s to OVS bridge %s"),
+ ifname, brname);
goto cleanup;
}
@@ -181,8 +181,8 @@ int virNetDevOpenvswitchRemovePort(const char *brname ATTRIBUTE_UNUSED, const ch
virCommandAddArgList(cmd, "--timeout=5", "--", "--if-exists", "del-port", ifname, NULL);
if (virCommandRun(cmd, NULL) < 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to delete port %s from OVS"), ifname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to delete port %s from OVS"), ifname);
goto cleanup;
}
@@ -213,9 +213,9 @@ int virNetDevOpenvswitchGetMigrateData(char **migrate, const char *ifname)
/* Run the command */
if (virCommandRun(cmd, NULL) < 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to run command to get OVS port data for "
- "interface %s"), ifname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to run command to get OVS port data for "
+ "interface %s"), ifname);
goto cleanup;
}
@@ -247,9 +247,9 @@ int virNetDevOpenvswitchSetMigrateData(char *migrate, const char *ifname)
/* Run the command */
if (virCommandRun(cmd, NULL) < 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR,
- _("Unable to run command to set OVS port data for "
- "interface %s"), ifname);
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to run command to set OVS port data for "
+ "interface %s"), ifname);
goto cleanup;
}
diff --git a/src/util/virobject.c b/src/util/virobject.c
index 6cb84b4..9ccd310 100644
--- a/src/util/virobject.c
+++ b/src/util/virobject.c
@@ -220,8 +220,8 @@ void *virObjectLockableNew(virClassPtr klass)
return NULL;
if (virMutexInit(&obj->lock) < 0) {
- virReportSystemError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Unable to initialize mutex"));
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Unable to initialize mutex"));
virObjectUnref(obj);
return NULL;
}
--
2.1.3
9 years, 12 months
[libvirt] [PATCH] Revert "ip link needs 'name' in 3.16 to create the veth pair"
by Martin Kletzander
This reverts commit 433b427ff853ab72d32573d415e6ec569b77c7cb.
The patch was added in order to overcome a bug in iproute2 and since it
was properly identified as a bug, particularly in openSUSE 13.2, and it
is being worked on [1], the best solution for libvirt seems to be to
keep the old behaviour.
[1] https://bugzilla.novell.com/show_bug.cgi?id=907093
---
src/util/virnetdevveth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virnetdevveth.c b/src/util/virnetdevveth.c
index ad30e1d..e9d6f9c 100644
--- a/src/util/virnetdevveth.c
+++ b/src/util/virnetdevveth.c
@@ -89,7 +89,7 @@ static int virNetDevVethGetFreeNum(int startDev)
* @veth2: pointer to return name for container end of veth pair
*
* Creates a veth device pair using the ip command:
- * ip link add name veth1 type veth peer name veth2
+ * ip link add veth1 type veth peer name veth2
* If veth1 points to NULL on entry, it will be a valid interface on
* return. veth2 should point to NULL on entry.
*
@@ -146,7 +146,7 @@ int virNetDevVethCreate(char** veth1, char** veth2)
}
cmd = virCommandNew("ip");
- virCommandAddArgList(cmd, "link", "add", "name",
+ virCommandAddArgList(cmd, "link", "add",
*veth1 ? *veth1 : veth1auto,
"type", "veth", "peer", "name",
*veth2 ? *veth2 : veth2auto,
--
2.1.3
9 years, 12 months
