July 2014 - Devel - libvirt List Archives

[libvirt] [PATCHv2 0/4] Another attempt at improving virsh autocompletion
by Solly Ross 18 Oct '14

18 Oct '14

Version 2: Electric Boogaloo Version 1: https://www.redhat.com/archives/libvir-list/2014-March/msg01898.html This version of the patch introduces the following new things: - Tests (a whole bunch of them, in fact)! - A new `complete` command to run get newline-separated completion results from the command line - Support for completing partial quotes (e.g. `virsh complete "fake-command ab \"i "`) - Passing the syntax checks (sorry about that) A brief overview of the patch set follows: 1. Extract parsing logic from the vshCommandParse so that it can be used elsewhere. The new method returns states and sets passed in pointers. Calling methods can interpret these states and deal with them as needed (completion ignores many, while vshCommandParse throws errors). 2. Implement (and test!) an improved completion engine with support for virsh quoting rules, flags, positional arguments, no duplication, and more. 3. Add (and test!) a method for retrieve a global vshControl object should readline be enabled. This allows for "smart completion" of options like "domain". 4. Extract the domain listing code from virsh-domain-monitor, and move it to virsh-completer. Implement a domain completer, which is then used for all the cases of "domain" options (note that it current does not have any flags specified for which commands should list active vs inactive domains, as this commit is mainly to allow people to test out "smart completion") Solly Ross (4): Improve virsh autocompletion (extract parser) Improve virsh autocompletion (base framework) Improve virsh autocompletion (global ctl object) Improve virsh autocompletion (domain completer) po/POTFILES.in | 1 + tests/virshtest.c | 268 +++++++++++++ tools/Makefile.am | 3 +- tools/virsh-completer.c | 355 +++++++++++++++++ tools/virsh-completer.h | 85 +++++ tools/virsh-domain-monitor.c | 287 +------------- tools/virsh-domain.c | 72 ++++ tools/virsh-snapshot.c | 11 + tools/virsh.c | 880 +++++++++++++++++++++++++++++++++++++------ tools/virsh.h | 20 + 10 files changed, 1582 insertions(+), 400 deletions(-) create mode 100644 tools/virsh-completer.c create mode 100644 tools/virsh-completer.h -- 1.8.3.2

2 6

[libvirt] [PATCH 0/2] esx: Add libcurl based stream driver and implement virDomainScreenshot
by Matthias Bolte 07 Oct '14

07 Oct '14

I had the code in these two patches bascially sitting around since 2012, yes 2012! But I never managed to get the code properly split into patches and touched up good enough to post it here. This was also hindered by the fact that I had no ESX test system at hand for the last year or so. Dawid Zamirski posted some patches [1] to implement virDomainScreenshot for ESX. So I finally managed to set up some ESX test system again this weekend and get my old code dusted up. His implementation has two disadvantages, namely storing the screenshot to a temporary file before feeding it to a stream and the method of creating the screenshot itself is availalbe since ESX 4.0 only. My implementation direcly feeds the screenshot data to a stream and screenshot creation uses a method available since ESX 2.5. [1] https://www.redhat.com/archives/libvir-list/2014-March/msg01786.html

4 8

[libvirt] [RFC] exclusive vcpu-cpu pinning
by Ján Tomko 25 Sep '14

25 Sep '14

Hello developers! Currently, our default cgroup layout is: -top level cgroup \-machine (machine.slice with systemd) `-vm1.libvirt-qemu (machine-qemu\x2dvm1.scope with systemd) `-emulator `-vcpu0 \-vcpu1 \-vm2.libvirt-qemu `-emulator `-vcpu0 `-vcpu1 To free some CPUs for exclusive use, either all processes from the top level cgroup should be moved to another one (which does not seem like a great idea) or isolcpus= should be specified on the kernel command line. The cpuset.cpu_exclusive option can be set on a cgroup if * all the groups up to the top level group have it set * the cpuset of the current group is a subset of the parent group and no siblings use any cpus from the current cpuset This would mean that to keep the existing nested structure, all vcpus and the emulator thread would need to have an exclusive CPU, e.g: <vcpu placement='static' cpuset='4-6'>2</vcpu> <cputune exclusive='yes'> <vcpupin vcpu='0' cpuset='5'/> <vcpupin vcpu='1' cpuset='6'/> <emulatorpin cpuset='4'/> </cputune> (The only two issues I found: 1) libvirt would have to mess with systemd's 'machine-scope' behind it's back (setting cpu_exclusive) 2) creating machines without explicit cpu pinning fails, as libvirt tries to write all the cpus to the cpuset, even those the other machine uses exclusively) I've also thought about just keeping track of the 'exclusived' CPUs in libvirt. This would not work across drivers. And it could possibly be needed to solve issue 2). Do you think any of these options would be useful? Bug: https://bugzilla.redhat.com/show_bug.cgi?id=996758 Jan

3 4

[libvirt] [PATCH 1/1] libvirtd crash when defining scsi storage pool
by Pradipta Kr. Banerjee 05 Sep '14

05 Sep '14

libvirtd crashes when there is an existing SCSI pool with adapter type as 'scsi_host' and defining a new SCSI pool with adapter type as 'fc_host' and parent attribute missing. For eg when defining a storage-pool with the following XML will crash libvirtd if there already exists a SCSI pool with adapter type 'scsi_host' <pool type='scsi'> <name>TEST_SCSI_FC_POOL</name> <source> <adapter type='fc_host' wwnn='1234567890abcdef' wwpn='abcdef1234567890'/> </source> <target> <path>/dev/disk/by-path</path> </target> </pool> This happens because for fc_host, adapter 'name' is not relevant whereas for scsi_host its mandatory attribute. However the check in libvirt for finding duplicate storage pools doesn't take that into account while comparing, resulting into crash This patch fixes the issue Signed-off-by: Pradipta Kr. Banerjee <bpradip(a)in.ibm.com> --- src/conf/storage_conf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c index 8b6fd79..54a4589 100644 --- a/src/conf/storage_conf.c +++ b/src/conf/storage_conf.c @@ -2126,8 +2126,10 @@ virStoragePoolSourceFindDuplicate(virStoragePoolObjListPtr pools, STREQ(pool->def->source.adapter.data.fchost.wwpn, def->source.adapter.data.fchost.wwpn)) matchpool = pool; - } else if (pool->def->source.adapter.type == - VIR_STORAGE_POOL_SOURCE_ADAPTER_TYPE_SCSI_HOST){ + } else if ((pool->def->source.adapter.type == + VIR_STORAGE_POOL_SOURCE_ADAPTER_TYPE_SCSI_HOST)\ + && (def->source.adapter.type == + VIR_STORAGE_POOL_SOURCE_ADAPTER_TYPE_SCSI_HOST)) { if (STREQ(pool->def->source.adapter.data.name, def->source.adapter.data.name)) matchpool = pool; -- 1.9.3

3 2

[libvirt] [PATCH RFC] LXC: add HOME environment variable
by Chen Hanxiao 04 Sep '14

04 Sep '14

We lacked of HOME environment variable, set 'HOME=/' as default. Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 1cf2c8f..9df9c04 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -236,6 +236,7 @@ static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef, virCommandAddEnvString(cmd, "PATH=/bin:/sbin"); virCommandAddEnvString(cmd, "TERM=linux"); virCommandAddEnvString(cmd, "container=lxc-libvirt"); + virCommandAddEnvString(cmd, "HOME=/"); virCommandAddEnvPair(cmd, "container_uuid", uuidstr); if (nttyPaths > 1) virCommandAddEnvPair(cmd, "container_ttys", virBufferCurrentContent(&buf)); -- 1.9.0

6 7

[libvirt] [PATCH] selinux: Avoid label reservations for type = none during restart
by Shivaprasad G Bhat 04 Sep '14

04 Sep '14

The problem is libvirt kills the guests during libvirt restart if more than guest has security type as none. This is because, libvirt as part of guest- reconnect tries to reserve the security labels. In case of type=none, the range of security context happen to be same for several guests. During reservation, the second attempt to reserve the same range fails and the Guests would be killed. The fix is to avoid reserving labels for type = none during libvirt restart. Signed-off-by: Shivaprasad G Bhat <sbhat(a)linux.vnet.ibm.com> --- src/security/security_selinux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 008c58c..2f8a7f2 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -739,7 +739,8 @@ virSecuritySELinuxReserveSecurityLabel(virSecurityManagerPtr mgr, virSecurityLabelDefPtr seclabel; seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); - if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC) + if (!seclabel || seclabel->type == VIR_DOMAIN_SECLABEL_STATIC || + seclabel->type == VIR_DOMAIN_SECLABEL_NONE) return 0; if (getpidcon_raw(pid, &pctx) == -1) {

3 3

[libvirt] [RFC] powerpc : Add support for VM in compat mode
by Prerna Saxena 19 Aug '14

19 Aug '14

PowerISA allows processors to run VMs in binary compatibility ("compat") mode supporting an older version of ISA. Eg,in compatibility mode, a POWER8 host can run a "Power7" VM,conforming to PowerISA v2.06, while a POWER7 host can run a "POWER6" VM, conforming to PowerISA v2.05. QEMU has recently added support to explicitly denote a VM running in compatibility mode through commit 6d9412ea. Now, a "compat" mode VM can be run by invoking this qemu commandline on a POWER8 host: -cpu host,compat=power7 as against the older specification of "-cpu power7". However, running in compatibility mode is not identical to running natively on an older processor. Hence the virtualization stack needs to explicitly provide for a compat-mode VM. This patch allows libvirt to extend the "fallback" semantics of cpu model to describe this new mode for PowerKVM guests. Additionally with the new scheme of things, qemu doesn't provide a way to query for the supported compat models and models returned when querying with '-cpu ?' are no longer valid. Hence removing the check cpuModelIsAllowed() for now. When a user wants to request a power7 vm to run in compatibility mode on a Power8 host, this can be described in XML as follows : <cpu mode='custom' match='exact'> <model fallback='compat'>power7</model> </cpu> An alternative approach could be to leave the libvirt XML intact, and merely change the backend qemu command generation when the VM-requested cpu does not match the host processor. Looking forward to suggestions on how this can best be implemented.. Signed-off-by: Li Zhang <zhlcindy(a)linux.vnet.ibm.com> Signed-off-by: Pradipta Kr. Banerjee <bpradip(a)in.ibm.com> Signed-off-by: Prerna Saxena <prerna(a)linux.vnet.ibm.com> diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c index ebdaa19..2f41bd7 100644 --- a/src/conf/cpu_conf.c +++ b/src/conf/cpu_conf.c @@ -47,7 +47,8 @@ VIR_ENUM_IMPL(virCPUMatch, VIR_CPU_MATCH_LAST, VIR_ENUM_IMPL(virCPUFallback, VIR_CPU_FALLBACK_LAST, "allow", - "forbid") + "forbid", + "compat") VIR_ENUM_IMPL(virCPUFeaturePolicy, VIR_CPU_FEATURE_LAST, "force", diff --git a/src/conf/cpu_conf.h b/src/conf/cpu_conf.h index 8c932ce..50354f2 100644 --- a/src/conf/cpu_conf.h +++ b/src/conf/cpu_conf.h @@ -65,6 +65,7 @@ VIR_ENUM_DECL(virCPUMatch) typedef enum { VIR_CPU_FALLBACK_ALLOW, VIR_CPU_FALLBACK_FORBID, + VIR_CPU_FALLBACK_COMPAT, VIR_CPU_FALLBACK_LAST } virCPUFallback; diff --git a/src/cpu/cpu_powerpc.c b/src/cpu/cpu_powerpc.c index b220448..218c013 100644 --- a/src/cpu/cpu_powerpc.c +++ b/src/cpu/cpu_powerpc.c @@ -457,8 +457,8 @@ ppcCompare(virCPUDefPtr host, static int ppcDecode(virCPUDefPtr cpu, const virCPUData *data, - const char **models, - unsigned int nmodels, + const char **models ATTRIBUTE_UNUSED, + unsigned int nmodels ATTRIBUTE_UNUSED, const char *preferred ATTRIBUTE_UNUSED, unsigned int flags) { @@ -478,13 +478,6 @@ ppcDecode(virCPUDefPtr cpu, goto cleanup; } - if (!cpuModelIsAllowed(model->name, models, nmodels)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("CPU model %s is not supported by hypervisor"), - model->name); - goto cleanup; - } - if (VIR_STRDUP(cpu->model, model->name) < 0 || (model->vendor && VIR_STRDUP(cpu->vendor, model->vendor->name) < 0)) { goto cleanup; @@ -498,7 +491,6 @@ ppcDecode(virCPUDefPtr cpu, return ret; } - static void ppcDataFree(virCPUDataPtr data) { @@ -561,8 +553,8 @@ ppcUpdate(virCPUDefPtr guest, static virCPUDefPtr ppcBaseline(virCPUDefPtr *cpus, unsigned int ncpus, - const char **models, - unsigned int nmodels, + const char **models ATTRIBUTE_UNUSED, + unsigned int nmodels ATTRIBUTE_UNUSED, unsigned int flags) { struct ppc_map *map = NULL; @@ -582,13 +574,6 @@ ppcBaseline(virCPUDefPtr *cpus, goto error; } - if (!cpuModelIsAllowed(model->name, models, nmodels)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("CPU model %s is not supported by hypervisor"), - model->name); - goto error; - } - for (i = 0; i < ncpus; i++) { const struct ppc_vendor *vnd; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1d5bce6..94e9b78 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -6176,7 +6176,9 @@ qemuBuildCpuArgStr(virQEMUDriverPtr driver, *hasHwVirt = hasSVM > 0 ? true : false; } - if (cpu->mode == VIR_CPU_MODE_HOST_PASSTHROUGH) { + if ((cpu->mode == VIR_CPU_MODE_HOST_PASSTHROUGH) || + ((cpu->mode == VIR_CPU_MODE_HOST_MODEL) && + (def->os.arch == VIR_ARCH_PPC64))) { const char *mode = virCPUModeTypeToString(cpu->mode); if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CPU_HOST)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -6208,7 +6210,13 @@ qemuBuildCpuArgStr(virQEMUDriverPtr driver, if (cpuDecode(guest, data, (const char **)cpus, ncpus, preferred) < 0) goto cleanup; - virBufferAdd(&buf, guest->model, -1); + if (def->os.arch == VIR_ARCH_PPC64 && + cpu->fallback == VIR_CPU_FALLBACK_COMPAT) { + virBufferAddLit(&buf, "host"); + virBufferAsprintf(&buf, ",compat=%s", guest->model); + } else + virBufferAdd(&buf, guest->model, -1); + if (guest->vendor_id) virBufferAsprintf(&buf, ",vendor=%s", guest->vendor_id); for (i = 0; i < guest->nfeatures; i++) { -- Prerna Saxena Linux Technology Centre, IBM Systems and Technology Lab, Bangalore, India

2 2

[libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
by Richard Weinberger 14 Aug '14

14 Aug '14

The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 ("fs,userns: Change inode_capable to capable_wrt_inode_uidgid") uncovered that issue. Signed-off-by: Richard Weinberger <richard(a)nod.at> --- src/lxc/lxc_controller.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb..82ecf12 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static uint32_t +virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, int num, + uint32_t src) +{ + int i; + + for (i = 0; i < num; i++) { + if (src > map[i].start && src < map[i].start + map[i].count) + return map[i].target + (src - map[i].start); + } + + return src; +} static int virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map, @@ -1930,6 +1943,7 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) char *opts = NULL; char *devpts = NULL; int ret = -1; + gid_t ptsgid = 5; VIR_DEBUG("Setting up private /dev/pts"); @@ -1949,10 +1963,17 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) goto cleanup; } + if (ctrl->def->idmap.ngidmap) + ptsgid = + virLXCControllerLookupUsernsMap(ctrl->def->idmap.gidmap, + ctrl->def->idmap.ngidmap, + ptsgid); + /* XXX should we support gid=X for X!=5 for distros which use * a different gid for tty? */ - if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=5%s", - (mount_options ? mount_options : "")) < 0) + if (virAsprintf + (&opts, "newinstance,ptmxmode=0666,mode=0620,gid=%u%s", ptsgid, + (mount_options ? mount_options : "")) < 0) goto cleanup; VIR_DEBUG("Mount devpts on %s type=tmpfs flags=%x, opts=%s", -- 2.0.1

3 5

[libvirt] [PATCH v3 0/9] Series on passing FDs to daemon
by Martin Kletzander 14 Aug '14

14 Aug '14

This started as a fix for virsh 20s timeout of waiting for session daemon that failed to start: http://www.redhat.com/archives/libvir-list/2013-April/msg01351.html Then there was a idea that we can pass some FDs around: http://www.redhat.com/archives/libvir-list/2013-April/msg01356.html So we did: https://www.redhat.com/archives/libvir-list/2014-July/msg00841.html And now we are even able to start with socket-activation with systemd; see patch 9/9. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369 Martin Kletzander (9): util: abstract parsing of passed FDs into virGetListenFDs() remote: create virNetServerServiceNewFDOrUNIX() wrapper rpc: set listen backlog on FDs as well as on other sockets daemon: support passing FDs from the calling process cfg.mk: allow integers to be assigned a value computed with i|j|k tests: support dynamic prefixes in commandtest util: add virCommandPassListenFDs() function rpc: pass listen FD to the daemon being started daemon: use socket activation with systemd .gitignore | 1 + cfg.mk | 2 +- daemon/Makefile.am | 14 +++++- daemon/libvirtd.c | 45 ++++++++++-------- daemon/libvirtd.conf | 5 ++ daemon/libvirtd.service.in | 5 -- daemon/libvirtd.socket.in | 6 +++ libvirt.spec.in | 26 +++++++++-- src/libvirt_private.syms | 2 + src/libvirt_remote.syms | 1 + src/locking/lock_daemon.c | 47 ++----------------- src/rpc/virnetserverservice.c | 55 +++++++++++++++++++++- src/rpc/virnetserverservice.h | 15 +++++- src/rpc/virnetsocket.c | 102 ++++++++++++++++++++++++++++++++-------- src/util/vircommand.c | 99 +++++++++++++++++++++++++++++++++++++++ src/util/vircommand.h | 4 +- src/util/virutil.c | 62 +++++++++++++++++++++++++ src/util/virutil.h | 2 + tests/commanddata/test24.log | 7 +++ tests/commandtest.c | 105 ++++++++++++++++++++++++++++++++++-------- 20 files changed, 491 insertions(+), 114 deletions(-) create mode 100644 daemon/libvirtd.socket.in create mode 100644 tests/commanddata/test24.log -- 2.0.2

2 30

[libvirt] [PATCH] To provide more accurate help messages of iface/net/pool-define in virsh help and man virsh
by Jianwei Hu 14 Aug '14

14 Aug '14

--- tools/virsh-interface.c | 4 ++-- tools/virsh-network.c | 4 ++-- tools/virsh-pool.c | 4 ++-- tools/virsh.pod | 8 +++++--- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/tools/virsh-interface.c b/tools/virsh-interface.c index d4ec854..6b4fd5f 100644 --- a/tools/virsh-interface.c +++ b/tools/virsh-interface.c @@ -507,10 +507,10 @@ cmdInterfaceDumpXML(vshControl *ctl, const vshCmd *cmd) */ static const vshCmdInfo info_interface_define[] = { {.name = "help", - .data = N_("define (but don't start) a physical host interface from an XML file") + .data = N_("define (but don't start) or update a physical host interface from an XML file") }, {.name = "desc", - .data = N_("Define a physical host interface.") + .data = N_("Define a physical host interface or update an existing one.") }, {.name = NULL} }; diff --git a/tools/virsh-network.c b/tools/virsh-network.c index fc08b09..0db333c 100644 --- a/tools/virsh-network.c +++ b/tools/virsh-network.c @@ -189,10 +189,10 @@ cmdNetworkCreate(vshControl *ctl, const vshCmd *cmd) */ static const vshCmdInfo info_network_define[] = { {.name = "help", - .data = N_("define (but don't start) a network from an XML file") + .data = N_("define (but don't start) or update a network from an XML file") }, {.name = "desc", - .data = N_("Define a network.") + .data = N_("Define a network or update an existing one.") }, {.name = NULL} }; diff --git a/tools/virsh-pool.c b/tools/virsh-pool.c index 7c40b5b..b0acd89 100644 --- a/tools/virsh-pool.c +++ b/tools/virsh-pool.c @@ -342,10 +342,10 @@ cmdPoolCreateAs(vshControl *ctl, const vshCmd *cmd) */ static const vshCmdInfo info_pool_define[] = { {.name = "help", - .data = N_("define (but don't start) a pool from an XML file") + .data = N_("define (but don't start) or update a pool from an XML file") }, {.name = "desc", - .data = N_("Define a pool.") + .data = N_("Define a pool or update an existing one.") }, {.name = NULL} }; diff --git a/tools/virsh.pod b/tools/virsh.pod index 849ae31..8086885 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -2472,7 +2472,8 @@ to get a description of the XML network format used by libvirt. =item B<net-define> I<file> Define a persistent virtual network from an XML I<file>, the network is just -defined but not instantiated (started). +defined but not instantiated (started). If a persistent virtual network with +the same name and UUID already exists, it will be replaced with the new XML. =item B<net-destroy> I<network> @@ -2631,7 +2632,7 @@ See also B<iface-unbridge> for undoing this operation. =item B<iface-define> I<file> Define a host interface from an XML I<file>, the interface is just defined but -not started. +not started. If a host interface with the same name already exists, it will be replaced with the new XML. =item B<iface-destroy> I<interface> @@ -2778,7 +2779,8 @@ I<type>. =item B<pool-define> I<file> -Create, but do not start, a pool object from the XML I<file>. +Create, but do not start, a pool object from the XML I<file>. If a pool object +with the same name and UUID already exists, it will be replaced with the new XML. =item B<pool-define-as> I<name> I<--print-xml> I<type> [I<source-host>] [I<source-path>] [I<source-dev>] [I<source-name>] [<target>] -- 1.8.1.4

4 4