September 2007 - Devel - libvirt List Archives

[Libvir] Hang with virt-install graphic=no on FC 6 6.93/F7 RC2
by libvirtuser 23 Dec '25

23 Dec '25

I had this problem and another user confirmed the same behavior on his machine: http://pastie.caboo.se/65417 Haven't tried it with *2925.10* yet. Also, is there a way to get more verbose info about what calls are causing the "configuration file syntax error" errors? Thanks. virt-install How large would you like the disk () to be (in gigabytes)? 4 ERROR: Must provide a file, not a directory for the disk What would you like to use as the disk (path)? /xen/images/x6.img Would you like to enable graphics support? (yes or no) no What is the install location? http://mirror.anl.gov/pub/fedora-linux-core/test/6.93/Fedora/i386/os/ Starting install... libvir: Xen Daemon error : GET operation failed: libvir: error : configuration file syntax error: expecting a name libvir: error : configuration file syntax error: expecting a name libvir: error : configuration file syntax error: expecting a name Retrieving Fedora... 276 kB 00:01 Retrieving vmlinuz... 100% |=========================| 2.1 MB 00:16 Retrieving initrd.img... 100% |=========================| 5.4 MB 00:28 libvir: Xen Daemon error : GET operation failed: libvir: error : configuration file syntax error: expecting a name libvir: error : configuration file syntax error: expecting a name libvir: error : configuration file syntax error: expecting a name Creating domain... 0 B 00:06 Linux version 2.6.20-2925.5.fc7xen (brewbuilder(a)ls20-bc1-14.build.redhat.com) (gcc version 4.1.2 20070317 (Red Hat 4.1.2-5)) #1 SMP Thu Mar 22 13:51:38 EDT 2007 BIOS-provided physical RAM map: sanitize start sanitize bail 0 copy_e820_map() start: 0000000000000000 size: 0000000020800000 end: 0000000020800000 type: 1 Xen: 0000000000000000 - 0000000020800000 (usable) 0MB HIGHMEM available. 520MB LOWMEM available. Using x86 segment limits to approximate NX protection Zone PFN ranges: DMA 0 -> 133120 Normal 133120 -> 133120 HighMem 133120 -> 133120 early_node_map[1] active PFN ranges 0: 0 -> 133120 ACPI in unprivileged domain disabled Built 1 zonelists. Total pages: 132080 Kernel command line: method=http://mirror.anl.gov/pub/fedora-linux-core/test/6.93/Fedora/i386/os/ Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Initializing CPU#0 CPU 0 irqstacks, hard=c135f000 soft=c133f000 PID hash table entries: 4096 (order: 12, 16384 bytes) Xen reported: 1694.994 MHz processor. Console: colour dummy device 80x25 Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar ... MAX_LOCKDEP_SUBCLASSES: 8 ... MAX_LOCK_DEPTH: 30 ... MAX_LOCKDEP_KEYS: 2048 ... CLASSHASH_SIZE: 1024 ... MAX_LOCKDEP_ENTRIES: 8192 ... MAX_LOCKDEP_CHAINS: 16384 ... CHAINHASH_SIZE: 8192 memory used by lock dependency info: 1064 kB per task-struct memory footprint: 1200 bytes Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) Software IO TLB disabled vmalloc area: e1000000-f4ffe000, maxmem 2d7fe000 Memory: 503936k/532480k available (2030k kernel code, 19948k reserved, 1079k data, 180k init, 0k highmem) virtual kernel memory layout: fixmap : 0xf5315000 - 0xf57fe000 (5028 kB) pkmap : 0xf5000000 - 0xf5200000 (2048 kB) vmalloc : 0xe1000000 - 0xf4ffe000 ( 319 MB) lowmem : 0xc0000000 - 0xe0800000 ( 520 MB) .init : 0xc130e000 - 0xc133b000 ( 180 kB) .data : 0xc11fb9d9 - 0xc1309714 (1079 kB) .text : 0xc1000000 - 0xc11fb9d9 (2030 kB) Checking if this processor honours the WP bit even in supervisor mode... Ok. Calibrating delay using timer specific routine.. 4262.67 BogoMIPS (lpj=8525343) Security Framework v1.0.0 initialized SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability Capability LSM initialized as secondary Mount-cache hash table entries: 512 CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 256K Checking 'hlt' instruction... OK. SMP alternatives: switching to UP code Freeing SMP alternatives: 11k freed Brought up 1 CPUs Grant table initialized NET: Registered protocol family 16 Brought up 1 CPUs PCI: Fatal: No config space access function found PCI: setting up Xen PCI frontend stub Setting up standard PCI resources ACPI: Interpreter disabled. Linux Plug and Play Support v0.97 (c) Adam Belay pnp: PnP ACPI: disabled xen_mem: Initialising balloon driver. usbcore: registered new interface driver usbfs usbcore: registered new interface driver hub usbcore: registered new device driver usb PCI: System does not support PCI PCI: System does not support PCI NetLabel: Initializing NetLabel: domain hash size = 128 NetLabel: protocols = UNLABELED CIPSOv4 NetLabel: unlabeled traffic allowed by default NET: Registered protocol family 2 IP route cache hash table entries: 32768 (order: 5, 131072 bytes) TCP established hash table entries: 131072 (order: 10, 4194304 bytes) TCP bind hash table entries: 65536 (order: 9, 2097152 bytes) TCP: Hash tables configured (established 131072 bind 65536) TCP reno registered checking if image is initramfs... it is Freeing initrd memory: 7256k freed IA-32 Microcode Update Driver: v1.14-xen <tigran(a)veritas.com> audit: initializing netlink socket (disabled) audit(1180379657.981:1): initialized VFS: Disk quotas dquot_6.5.1 Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) SELinux: Registering netfilter hooks io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered io scheduler cfq registered (default) pci_hotplug: PCI Hot Plug PCI Core version: 0.5 BUG: at kernel/fork.c:994 copy_process() [<c1005d9a>] show_trace_log_lvl+0x1a/0x2f [<c1006343>] show_trace+0x12/0x14 [<c10063be>] dump_stack+0x16/0x18 [<c101d044>] copy_process+0x195/0x1245 [<c101e144>] do_fork+0x50/0x117 [<c1003351>] kernel_thread+0x8e/0x96 [<c102c701>] __call_usermodehelper+0x2d/0x46 [<c102cd4f>] run_workqueue+0x89/0x145 [<c102d711>] worker_thread+0xd5/0x102 [<c102ff27>] kthread+0xb3/0xdc [<c10058db>] kernel_thread_helper+0x7/0x10 ======================= rtc: IRQ 8 is not free. Non-volatile memory driver v1.2 Linux agpgart interface v0.101 (c) Dave Jones RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize input: Macintosh mouse button emulation as /class/input/input0 Xen virtual console successfully installed as xvc0 Event-channel device installed. usbcore: registered new interface driver libusual usbcore: registered new interface driver hiddev usbcore: registered new interface driver usbhid drivers/usb/input/hid-core.c: v2.6:USB HID core driver PNP: No PS/2 controller found. Probing ports directly. i8042.c: No controller found. mice: PS/2 mouse device common for all mice TCP bic registered Initializing XFRM netlink socket NET: Registered protocol family 1 NET: Registered protocol family 17 Using IPI No-Shortcut mode XENBUS: Device with no driver: device/vbd/51712 XENBUS: Device with no driver: device/vif/0 Freeing unused kernel memory: 180k freed Write protecting the kernel read-only data: 762k ^[Domain installation still in progress. You can reconnect

3 2

[Libvir] RFC: Supporting serial & parallel ports for QEMU (and improving Xen)
by Daniel P. Berrange 26 Feb '08

26 Feb '08

One user's feature request for our QEMU driver is to support serial ports. Easy you might think... you'd be wrong :-) On Xen we have very simple approach. When creating a guest simply add <console/> And it'll cause a serial port to be setup with an autoallocated pty, so you get back <console pty='/dev/pts/5'/> In retrospect calling it 'console' was dumb, but hey we're stuck with that now and its only a tiny naming issue so I don't mind really. We can do the same thing with QEMU quite easily. QEMU, however, supports many many many more ways to hooking up the serial port to Dom0. Indeed so does Xen fullyvirt, but we don't expose this ability. Parallel ports have identical config syntax to serial ports so we might as well deal with both at once. So, here's a stripped down version of the QEMU docs: [quote http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC10] `-serial dev' Redirect the virtual serial port to host character device dev. The default device is vc in graphical mode and stdio in non graphical mode. This option can be used several times to simulate up to 4 serials ports. Use -serial none to disable all serial ports. Available character devices are: vc Virtual console pty [Linux only] Pseudo TTY (a new PTY is automatically allocated) none No device is allocated. null void device /dev/XXX [Linux only] Use host tty, e.g. `/dev/ttyS0'. The host serial port parameters are set according to the emulated ones. /dev/parportN [Linux only, parallel port only] Use host parallel port N. Currently only SPP parallel port features can be used. file:filename Write output to filename. No character can be read. stdio [Unix only] standard input/output pipe:filename name pipe filename COMn [Windows only] Use host serial port n udp:[remote_host]:remote_port[@[src_ip]:src_port] This implements UDP Net Console. tcp:[host]:port[,server][,nowait][,nodelay] The TCP Net Console has two modes of operation. telnet:host:port[,server][,nowait][,nodelay] The telnet protocol is used instead of raw tcp sockets. unix:path[,server][,nowait] A unix domain socket is used instead of a tcp socket. [/quote] I don't see any reason to not support all/most of these options. The things I don't like here is that /dev/XXX, vs /dev/parportN, vs COMn differences for connecting guest <-> host passthrough of the devices. I figure it could be simpler if it was just represented as 'n' and we'd translate that to be /dev/ttyS[n] or /dev/parport[n] or COM[n] as needed. The question as ever is how to represent this in XML. For serial ports we'll stick with '<console>', while parallel ports we might as well use a better named '<parallel>'. Next up, I think should use a 'type' attribute on this element to determine the main way ot connecting the device, and then more type specific attributes or sub-elements as needed. If 'type' was not specified then use a default of 'pty', since that gives compatability with existing practice. As an illustrative example /* * Parse the XML definition for a character device * * Top level node will be <console> or <parallel>, but all attributes * and sub-elements are identical. * * type=vc|pty|null|host|file|pipe|udp|tcp|telnet, default is pty * * <console type='vc'/> * * <console type='pty' pty='/dev/pts/3'/> * * <console type='null'/> * * <console type='host' port='3'/> * * <console type='file' path='/some/file'/> * * <console type='pipe' path='/some/file'/> * * <console type='udp'> * <sendto port='12356'/> * </console> * * <console type='udp'> * <sendto addr='127.0.0.1' port='12356'/> * </console> * * <console type='udp'> * <sendto addr='127.0.0.1' port='12356'/> * <bind port='12356'/> * </console> * * <console type='udp'> * <sendto addr='127.0.0.1' port='12356'/> * <bind addr='127.0.0.1' port='12356'/> * </console> * * <console type='tcp'> * <listen port='12356'/> * </console> * * <console type='tcp'> * <listen addr='127.0.0.1' port='12356'> * <nowait/> * <nodelay/> * </listen> * </console> * * <console type='tcp'> * <connect addr='127.0.0.1' port='12356'> * <nodelay/> * </connect> * </console> * * <console type='telnet'> * <listen addr='127.0.0.1' port='12356'/> * </console> * * <console type='telnet'> * <connect addr='127.0.0.1' port='12356'/> * </console> * */ BTW, the udp, tcp, telnet options are only available on QEMU >= 0.9.0. We already have ability to detect / validate that for both Xen & QEMU drivers. NB, whereever there are IP addresses, hostnames can be used too, hence I call the attriute 'addr' instead of 'ip' Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

5 8

[Libvir] [PATCH] Enhanced stats for fullvirt domains
by Richard W.M. Jones 14 Nov '07

14 Nov '07

This patch does a couple of primary things: Firstly it allows you to use "hda", etc. as a path for getting block device stats from fullvirt domains. Secondly it separates out the stats code into a new file called 'stats_linux.c'. The reasoning behind the name is that this code can be shared between Xen & QEMU, and that the code is Linux-specific (it never worked on Solaris, but now this is explicit). I anticipate a 'stats_solaris.c' file once I can get Solaris + Xen going on a test machine. Also we try to detect the case where the block dev stats of a fullvirt domain are stuck at 0 -- caused by there being no frontend driver connected. We detect the condition by a query to xenstore. XENVBD_MAJOR is no longer hard-coded if we can get it instead from Linux header files. This patch adds bytes written/read to block devices for Xen PV domains if available. This also corrects a bug where stats from xvdb, xvdc, .. could not be read out because the device number was being miscalculated. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903

3 7

[Libvir] problems using libvirt to mange "defined" domains.
by Evan Bigall 26 Oct '07

26 Oct '07

I'm having a problem using libvirt to manage "defined" domains (ie: domains for which it has XML, but are not running.) I have tried several debugging scenarios, but the simplest one is this. In a libvirt C program I define the following XML: char domxml[]="<domain type='xen' id='99'>" "<name>rhel5vm</name>" "<uuid>f948d7f4f36c4bfae8053bca535183b3</uuid>" "<os>" "<type>linux</type>" "<kernel>/var/lib/xen/boot/rhel5vm/vmlinuz-2.6.18-8.el5xen</kernel>" "<initrd>/var/lib/xen/boot/rhel5vm/initrd-2.6.18-8.el5xen.img</initrd>" "<root>/dev/xvda1</root>" "</os>" "<memory>512000</memory>" "<vcpu>1</vcpu>" "<on_poweroff>destroy</on_poweroff>" "<on_reboot>restart</on_reboot>" "<on_crash>restart</on_crash>" "<devices>" "<interface type='bridge'>" "<source bridge='xenbr0'/>" "<mac address='00:16:3e:09:ef:b0'/>" "<script path='vif-bridge'/>" "</interface>" "<disk type='block' device='disk'>" "<driver name='phy'/>" "<source dev='/dev/sda3'/>" "<target dev='xvda'/>" "</disk>" "<console tty='/dev/pts/2'/>" "</devices>" "</domain>"; (I've played with several values for the domain id). What I find is that when I use virDomainDefineXML() to define the domain, for some reason it drops, the "root" element from the "os" specification. Because of this the domain then crashes when I try to start it. I've also tried, using virsh to create the domain from an XML file, capture the XML with virDomainGetXMLDesc(), pause the C program, and then try to redefine the domain with the domain with the exact XML virDomainGetXMLDesc() gave me (after destroying the original of course), and I get the same behavior, it strips the root element from the OS specification. Here is the version information: [root@rhel5-xen tmp]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5 (Tikanga) [root@rhel5-xen tmp]# uname -a Linux rhel5-xen 2.6.18-8.1.8.el5xen #1 SMP Mon Jun 25 17:19:38 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux [root@rhel5-xen tmp]# virsh version Compiled against library: libvir 0.3.1 Using library: libvir 0.3.1 Using API: Xen 3.0.1 Running hypervisor: Xen 3.0.0 I am using rhel5 "out of the box" with libvirt upgraded to: libvirt-0.3.1-1.x86_64.rpm libvirt-devel-0.3.1-1.x86_64.rpm libvirt-python-0.3.1-1.x86_64.rpm I tried using libvirt-0.3.2-1, but sample code segv'd in virConnectClose(). All I'm really trying to do is build a primitive interface to list domains (both running, and non-running), and start and stop them. I'm open to suggestions as to whether I have this misconfigured or if there would be a better version with which to do this. Thanks, Evan

2 1

[Libvir] Thoughts on remote storage support
by Tóth István 16 Oct '07

16 Oct '07

Hello! I had a hobby project where I needed to manipulate xen disk images on remote systems, that used a model similar to libirt's remote support. Based on what I learnt from it, I came up with a possible model for libvirt's remote storage support. I present it here for discussion. We typically store the images in volumes on LVM, or in dedicated file system folders. The folders and volume groups usable by libvirt can be limited in a config file. It is probably not neccessary to differentiate between defined and created files, as you can not stop and start a file like a domain, you either have it on disk, or not. Libvirt should not store information on these files, everything should be checked/listed on the fly, so that if you just copy an image to a directory, libvirt can deduct all information (well, all it can) on it, and handle it just as if the file was created by it. The handle for the file is its path, plus its virConnect object (i.e. the host it is on). For consistency, it may be possible to create an object for it, but as disk images have no persistent properties apart from what is on the disk, and it can always be checked from there, it provides no extra functionality. I think there is no need to support remote files explicitly, as the domains mount local files/volumes. The file/volume may actually be mounted from a NAS or SAN, of course, but it does not matter because we use the local path names, and AFAIK all virtualization tools use local files or local devices as blockdevs. I have added compression to the mix because it is immensely useful. I have used lzop in my project, and a full backup and restore was much faster when using a compressed backup file, than with and uncrompessed one. It conserves disk space, as well as cpu/bus capacity. Zeroing out newly allocated files, helps with compressed backups, as well as security. It also means that no holey files can be used. The objects we are dealing with are disk images. They have the following properties: -Path: The unix path of the file ( /mnt/images/fc7.img or /dev/VG/fc7) -Compression: Mountable/compressed -Type: Plain file/LVM volume/ What else? -Size -Filesystem: swap/ext3/xfs/.... -Is it mounted? We can do the following operations on the images: Create -connection -filepath -size Allocates a new image of the given type, size, and name. Libvirt should parse the filepath, and determine the base path, check if it's a directory or a VG, check if libvirt is allowed to operate on the path/VG, then create the file/volume. For security reasons zeroing out the allocated space should be a non-optional step of the allocation. DirectoryList -connection -directorypath Plain ls functionality, that returns the list of files, and any subdirectories. If called on a VG, it returns the volumes in it. Info -connection -filepath Returns information on the given file/volume, including size, type, filesystem (if available), whether it is a snapshot (if a volume), and whether it is mounted or not. size can be determined by ls or lvinfo, filesystem by 'file' command. Delete -connection -filepath Delete the file/volume. Find out if it's a file or volume, and rm or lvremove it. Grow -connection -path -filename -newsize Grows the specified image to the given size. The newly added space is zeroed out. Shrink? -connection -path -filename -newsize Shrinks the specified image the the given size. It's very tricky, because to avoid data loss, we need to analyze the file system size. Of course, we can just say that it's the reponsibility of the user, after all, we allow him to outright delete the file as well. We may combine it with Grow, and call it Resize. Growfs -connection -path -filename -newsize? Grows the filesystem on the image to fill the size of the image, or the given newsize. Can only be used on umounted images. It is neccesary because some filesystems may not be grown while mounted, so the guest can not do it on its own. Shrinkfs -connection -path -filname -newsize Shrinks the filesystem to the given size. Same coniderations apply as with growfs, may be combined to Resizefs? Snapshot -connection -filepath -filesize Creates a snapshot of the given image. It is only possible with images on LVM. Should return the snapshot image name. The snapshot can later be deleted with Delete. CopyTo -connection -source filepath -target connection -target filepath -snapshot flag -archive flag -overwrite flag Copy the source image to the target image. If connection is on another machine, then it's a network copy. If the snapshot flag is true, then first create a snapshot of the source image, copy that, then delete the snapshot. If the archive flag is active, then the target file will be archive file (compressed). If the overwite flag is active, then the target file is overwitten, if it exists. Otherwise existing files are not changed. Even if the source file is compressed, the target file is uncompressed, unless the archive flag is set. CopyContents -connection -source filepath -target connection -target filepath -snapshot flag Copies the contents of the source file to the target file. The target file must already exist, and be no smaller than the source file. The contents of the target file are overwitten, and any extra space is zeroed out. Archive -connection -filepath compresses the given file. Makes sense only on files, not volumes. Unarchive -connection -filepath uncompresses the given file. Makes sense only on archved(compressed) files. StorageInfo - connection Returns information on the node's storage configuration. What kind of filesystems it can handle, What are the accessible file / VG paths, what's the free space on them, etc. A typical usage scenario could be something like this: Aconn=getVirconn("ssh:Ahost"); //Open the connection to host A Bconn=getVirconn("ssh:Bhost"); //Host B will hold our backup image Ainfo=StorageInfo(Aconn); //Get Ainfo AVGPath = <get the first usable VG path from VG info> Newimage = Create(Aconn, concat("AVGPath", "newimage", 100000); //A 100Mb volume is created and zeroed out. CopyContents(Aconn, NewImage, Aconn, "/images/ghost/FC7default.img", no); //Copy our pre-created FC7 image to the new image Growfs(Aconn, NewImage, 0); //Grow the copied filesystem to fill the whole volume. <Here we define a new domain, and use NewImage as the name of the backing image for the guest's block device> <Start the new domain> Copy(Aconn, NewImage, Bconn, "/mnt/backups/backup23image", snapshot=yes, archive=yes, overwrite=no); //Make an LVM snapshot of NewImage, and copy it to Host B on the given filename, compressing it on the fly, then remove the snapshot <Stop the domain> CopyContents(Bconn, "/mnt/backups/backup23image", Aconn, NewImage, snapshot=no); //Restore the backed-up image to NewImage, decompress it on the fly. <Start the domain> <Stop the domain> Grow(Aconn, NewImage, 200000); //Grow the volume to 200MBs Growfs(Aconn, NewImage); //Grow the fs on the volume to fill the volume <Start the domain> ..... Best regards István

3 4

[Libvir] PATCH: Updated patches for PolicyKit support
by Daniel P. Berrange 02 Oct '07

02 Oct '07

A few weeks back I posted some prototype patches for PolicyKit support to allow the main libvirt daemon socket to be made world-accessible. PolicyKit then can do ACLs on incoming connections, allowing definition of rules which could for example, allow only the user who owns the active X login sesion http://www.redhat.com/archives/libvir-list/2007-August/msg00027.html This is an updated patch which takes account of a change in the PolicyKit XML file syntax between 0.4 and 0.5 releases. The configure.in scripts has been tweaked to automatically disable PolicyKit if pkg-config is not available instead of aborting. The code for getting UNIX socket credentials has been factored out into its own method. There is still only a Linux implementation. I was going to take the code for other OS from DBus, but DBus is currently under a GPL/Academic license options, which is not compatible with LGPL. Fortunately DBus is in middle of re-licensing to X11 style which is LGPL compatible, so in a week or so's time we'll be able to safely take their OS portability code for socket credentials. I short-circuit the logic to always allow root. This allows existing people running libvirt tools as root to continue use without any regressions. There is one small issue still that the default policy I provide only allows the use of read-only connections if the user is logged into to the desktop. This is a partial regression - the admin can edit /etc/PolicyKit/PolicyKit.conf and add a site-local rule allowing all users access, regardless of whether they're in a session. I've spoken with David Zeuthan and he's going to add ability to specify rules for non-session clients in the default policy config files, which will fix this minor regression. Once this is done the libvirt default policy will be identical to current file permission based policy (root == full access, non-root == read only). As I mentioned previously, with this change it is now possible to open a full read-write connection from virt-manager running as non-root. Depending on site policy it will optionally prompt for root password (su style equiv) or the user's password (sudo style equiv) without needing virt-manager itself to gain any elevated privileges. When compiling with PolicyKit support, the default file permissions for both the main & readonly UNIX sockets in the daemon switch to 0777, instead of the previous 0700 & 0777. It is possible to turn off PolicyKit auth in the daemon config file, even if it is compiled in - in which case the default permissions get set back to 0700 & 0777. Although in previous feedback Daniel suggested I leave the LIBVIRTD_AUTH_POLKIT constant compiled in all the time, I feel it is better to remove it when the policykit support is disabled in configure. This removes the need to have extra switch/case statements to explicitly reject LIBVIRTD_AUTH_POLKIT auth, since it will be handle by the 'default:' statement which already has code to reject connections. I've done more extensive testing with virt-manager since my previous patch, and its working very nicely with the new UI which allows multiple hypervisor connections. Instead of asking for the root password up-front at app start time, we now only need ask for it if the user connects to a local HV. If they only ever manage remote connections we don't need to do anything with the local root password. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

3 4

[Libvir] Release of libvirt-0.3.3
by Daniel Veillard 30 Sep '07

30 Sep '07

More than a month without a release ... it was clearly time to push the bits out. Available as usual from ftp://libvirt.org/libvirt/ A lot of new things in the last month: * New features: - Avahi mDNS daemon export (Daniel Berrange) - NUMA support (Beth Kan) * Documentation: - cleanups (Toth Istvan) - typos (Eduardo Pereira) * Bug fixes: - memory corruption on large dumps (Masayuki Sunou) - fix virsh vncdisplay command exit (Masayuki Sunou) - Fix network stats TX/RX result (Richard Jones) - warning on Xen 3.0.3 (Richard Jones) - missing buffer check in virDomainXMLDevID (Hugh Brock) - avoid zombies when using remote (Daniel Berrange) - xend connection error message (Richard Jones) - avoid ssh tty prompt (Daniel Berrange) - username handling for remote URIs (Fabian Deutsch) - fix potential crash on multiple input XML tags (Daniel Berrange) - Solaris Xen hypercalls fixup (Mark Johnson) * Improvements: - OpenVZ support (Shuveb Hussain and Anoop Cyriac) - CD-Rom reload on XEn (Hugh Brock) - PXE boot got QEmu/KVM (Daniel Berrange) - QEmu socket permissions customization (Daniel Berrange) - more QEmu support (Richard Jones) - better path detection for qemu and dnsmasq (Richard Jones) - QEmu flags are per-Domain (Daniel Berrange) - virsh freecell command - Solaris portability fixes (Mark Johnson) - default bootloader support (Daniel Berrange) - new virNodeGetFreeMemory API - vncpasswd extraction in configuration files if secure (Mark Johnson and Daniel Berrange) - Python bindings for block and interface statistics * Code cleanups: - virDrvOpenRemoteFlags definition (Richard Jones) - configure tests and output (Daniel Berrange) Thanks to everybody who helped with sugegstion, bug reports patches and more ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

1 0

[Libvir] PATCH: vncpasswd
by Mark Johnson 30 Sep '07

30 Sep '07

This adds support for handling vncpasswd.. MRJ vncpasswd support diff --git a/src/xend_internal.c b/src/xend_internal.c --- a/src/xend_internal.c +++ b/src/xend_internal.c @@ -1657,11 +1657,14 @@ xend_parse_sexp_desc(virConnectPtr conn, } else if (tmp && !strcmp(tmp, "vnc")) { int port = xenStoreDomainGetVNCPort(conn, domid); const char *listenAddr = sexpr_node(node, "device/vfb/vnclisten"); + const char *vncPasswd = sexpr_node(node, "device/vfb/vncpasswd"); const char *keymap = sexpr_node(node, "device/vfb/keymap"); virBufferVSprintf(&buf, " <input type='mouse' bus='%s'/>\n", hvm ? "ps2": "xen"); virBufferVSprintf(&buf, " <graphics type='vnc' port='%d'", port); if (listenAddr) virBufferVSprintf(&buf, " listen='%s'", listenAddr); + if (vncPasswd) + virBufferVSprintf(&buf, " passwd='%s'", vncPasswd); if (keymap) virBufferVSprintf(&buf, " keymap='%s'", keymap); virBufferAdd(&buf, "/>\n", 3); @@ -1723,6 +1726,7 @@ xend_parse_sexp_desc(virConnectPtr conn, if (tmp[0] == '1') { int port = xenStoreDomainGetVNCPort(conn, domid); const char *listenAddr = sexpr_fmt_node(root, "domain/image/%s/vnclisten", hvm ? "hvm" : "linux"); + const char *vncPasswd = sexpr_fmt_node(root, "domain/image/%s/vncpasswd", hvm ? "hvm" : "linux"); const char *keymap = sexpr_fmt_node(root, "domain/image/%s/keymap", hvm ? "hvm" : "linux"); /* For Xen >= 3.0.3, don't generate a fixed port mapping * because it will almost certainly be wrong ! Just leave @@ -1736,6 +1740,8 @@ xend_parse_sexp_desc(virConnectPtr conn, virBufferVSprintf(&buf, " <graphics type='vnc' port='%d'", port); if (listenAddr) virBufferVSprintf(&buf, " listen='%s'", listenAddr); + if (vncPasswd) + virBufferVSprintf(&buf, " passwd='%s'", vncPasswd); if (keymap) virBufferVSprintf(&buf, " keymap='%s'", keymap); virBufferAdd(&buf, "/>\n", 3);

2 2

[Libvir] PATCH: Allow emptry bootloader
by Daniel P. Berrange 30 Sep '07

30 Sep '07

Latest XenD allows for default bootloader to be used if one is not defined for a paravirt OS. libvirt doesn't currently cope with this (see Solaris thread), since it requires either a bootloader or kernel to always be present. The attached patch allows for an emptry bootloader element to indicate that the domain should use the default. <domain type='xen' id='-1'> <name>rhel5pv</name> <uuid>614d7eb0-c6b1-5235-ac39-361b20f6cd49</uuid> <bootloader/> <os> <type>linux</type> </os> ...snip... </domain> The current API for looking up nodes in the SEXPR did not allow for the scenario where you might want to lookup a node with no content, eg (bootloader ) This distinction is needed here, so I added an sexpr_has() method to check for this. Second, it fixes a long standing bug where we'd record an error about the missing kernel or bootloader, but then continue generating (malformed) XML anyway. With this patch, it will correctly fail if the empty bootloader field is missing from the SEXPR. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

2 4

[Libvir] [RFC][PATCH 0/2] Tested NUMA patches for available memory and topology
by beth kon 30 Sep '07

30 Sep '07

I have tested the patches on a NUMA and a non-NUMA configuration, and they fundamentally appear to work. The first patch is for accessing available memory on a per-node basis. The second patch is for accessing NUMA node topology. I've gotten some helpful suggestions about my string parsing code, introducing me to sscanf :-). I've become convinced that there are more elegant ways to do this which would have about the same level of error checking. However, I am out of time if Daniel wants to check this in this week. So I offer what I do have, which functions, but is not elegant. I have been playing with other ways to do this and am not far from finished. So, Daniel, you need to tell me if you want to take this code, and possibly upgrade to something more compact later, or if you'd like to wait for the next revision. One point to comment on for posterity is that the string returned from xend is not what might be expected. An example: printf("string is %s\n", tempstr); would return string is node0:0\n node1:1 So, this means that the '\n' sent by the xend python code is somehow translated to "\n". And the trailing '\n' that should be there isn't. Instead there is a '\0'. Looking at the xend code, it would appear this string should look like: "node0:0\n node1:1\n" where these are '\n'. -- Elizabeth Kon (Beth) IBM Linux Technology Center Open Hypervisor Team email: eak(a)us.ibm.com

4 11