[libvirt] [PATCH 0/2] Filesystem pool probing & filesystem building
by David Allan
The following patches add support for building a filesystem on the
source device when building a filesystem pool.
The first patch adds mkfs and libblkid to the build system.
The second patch adds two flags to virStorageBackendFileSystemBuild.
The first flag causes the build operation to probe for an existing
filesystem of the type specified in the pool XML. If an existing
filesystem of the specified type is present, mkfs is not executed and
the build call returns an error. Any other data present on the source
device will be overwritten. The second flag causes the build to
execute mkfs unconditionally overwriting whatever is currently on the
source device.
Calling virStorageBackendFileSystemBuild without any flags preserves
the current behavior, which is to make the directory on which the
filesystem will be mounted, but to leave the source device untouched.
David Allan (2):
Add mkfs and libblkid to build system
Add fs pool formatting
configure.ac | 25 ++++++++
include/libvirt/libvirt.h.in | 6 +-
include/libvirt/virterror.h | 2 +
libvirt.spec.in | 5 ++
po/POTFILES.in | 1 +
src/Makefile.am | 5 ++
src/libvirt_private.syms | 4 +
src/storage/storage_backend_fs.c | 88 +++++++++++++++++++++++++-
src/storage/storage_backend_fs.h | 19 ++++++
src/storage/storage_backend_fs_libblkid.c | 97 +++++++++++++++++++++++++++++
src/util/virterror.c | 12 ++++
tools/virsh.c | 15 ++++-
12 files changed, 273 insertions(+), 6 deletions(-)
create mode 100644 src/storage/storage_backend_fs_libblkid.c
15 years, 1 month
[libvirt] [PATCH] Trivial virsh.pod additions --all for "list" command and similar
by Justin Clift
Hi all,
This is just a trivial patch to virsh.pod (from git master). It adds the
following pieces to the virsh man page:
+ Shows the --inactive and --all optional parameters for the list
command.
Closes Bugzilla #575512, reported by Renich Bon Ciric (CC'd)
https://bugzilla.redhat.com/show_bug.cgi?id=575512
+ Corrects the existing description of the list command, to now say
that only running domains are listed if no domains are specified.
The man page up until this point has said all domains are listed if
no domains are specified, which is incorrect.
+ Adds the "shut off" state to the list of states for the list
command.
+ Adds a missing =back around line 755, that pod2man was complaining
was missing.
Regards and best wishes,
Justin Clift
--
Salasaga - Open Source eLearning IDE
http://www.salasaga.org
15 years, 1 month
[libvirt] another AUTHORS update
by Eric Blake
Eduardo Otubo contacted me off-list, noticing that his name was not yet
in AUTHORS even though he has had commits in the past. I've rectified
this situation with an obvious commit; not worth posting the diff to the
list (to avoid unnecessary exposure of all the email addresses...).
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
15 years, 1 month
[libvirt] A few small libvirt build issues
by Cole Robinson
I've hit a few small build issues that I don't know how to fix.
daemon/libvirtd.init isn't regenerated if ./configure is re-run. If I do:
./configure --prefix=/foo && make && ./configure --prefix=/bar && make
daemon/libvirtd.init will reference /foo and not /bar. The logrotate
files are affected as well.
Second issue involves root squash homedir which I use regularly for
development. If I ./configure && make -j4 && sudo make install, I get
the following error:
Making install in python
make[1]: Entering directory
`/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python'
Making install in .
make[2]: Entering directory
`/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python'
make[3]: Entering directory
`/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python'
test -z "/usr/lib64/python2.6/site-packages" || /bin/mkdir -p
"/usr/lib64/python2.6/site-packages"
/bin/sh ../libtool --mode=install /usr/bin/install -c libvirtmod.la
'/usr/lib64/python2.6/site-packages'
libtool: install: warning: relinking `libvirtmod.la'
libtool: install: (cd
/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python;
/bin/sh
/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/libtool
--silent --tag CC --mode=relink gcc -Wno-redundant-decls -g -O2 -module
-avoid-version -shared -L../src/.libs -o libvirtmod.la -rpath
/usr/lib64/python2.6/site-packages libvirtmod_la-libvirt-override.lo
libvirtmod_la-typewrappers.lo libvirtmod_la-libvirt.lo ../src/libvirt.la
-ldl )
mv: cannot move `libvirtmod.so' to `libvirtmod.soU': Permission denied
libtool: install: error: relink `libvirtmod.la' with the above command
before installing it
My automake-fu is weak so I haven't had much luck decoding any of this.
'make install' seems to want to run that relink command every time,
running it by hand doesn't help any.
Anyone have any thoughts? Jim, Eric, I figure you guys would know best,
so any input appreciated.
Thanks,
Cole
15 years, 1 month
[libvirt] [PATCH v2] qemu: Add a qemu.conf option for clearing capabilities
by Cole Robinson
Currently there is no way to opt out of libvirt dropping POSIX
capabilities for qemu. This at least is a useful debugging tool, but
is also wanted by users (and distributors):
https://bugzilla.redhat.com/show_bug.cgi?id=559154
https://bugzilla.redhat.com/show_bug.cgi?id=573850
v2: Clarify qemu.conf comment, warn about security implications
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/qemu/qemu.conf | 9 +++++++++
src/qemu/qemu_conf.c | 5 +++++
src/qemu/qemu_conf.h | 2 +-
src/qemu/qemu_driver.c | 11 +++++++++--
4 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 98a1176..93934f3 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -178,3 +178,12 @@
# QEMU_AUDIO_DRV environment variable when using VNC.
#
# vnc_allow_host_audio = 0
+
+# If clear_emulator_capabilities is enabled, libvirt will drop all
+# privileged capabilities of the QEmu/KVM emulator. This is enabled by
+# default.
+#
+# Warning: Disabling this option means that a compromised guest can
+# exploit the privileges and possibly do damage to the host.
+#
+# clear_emulator_capabilities = 1
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 66a949e..d7e61d2 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -104,6 +104,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
/* Setup critical defaults */
driver->dynamicOwnership = 1;
+ driver->clearEmulatorCapabilities = 1;
if (!(driver->vncListen = strdup("127.0.0.1"))) {
virReportOOMError();
@@ -355,6 +356,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
CHECK_TYPE ("vnc_allow_host_audio", VIR_CONF_LONG);
if (p) driver->vncAllowHostAudio = p->l;
+ p = virConfGetValue (conf, "clear_emulator_capabilities");
+ CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG);
+ if (p) driver->clearEmulatorCapabilities = p->l;
+
virConfFree (conf);
return 0;
}
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7616d15..0f8a1b3 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -138,8 +138,8 @@ struct qemud_driver {
ebtablesContext *ebtables;
unsigned int relaxedACS : 1;
-
unsigned int vncAllowHostAudio : 1;
+ unsigned int clearEmulatorCapabilities : 1;
virCapsPtr caps;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ad7fb54..3faf31e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3287,7 +3287,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
int stdin_fd) {
const char **argv = NULL, **tmp;
const char **progenv = NULL;
- int i, ret;
+ int i, ret, runflags;
struct stat sb;
int *vmfds = NULL;
int nvmfds = 0;
@@ -3501,9 +3501,16 @@ static int qemudStartVMDaemon(virConnectPtr conn,
for (i = 0 ; i < nvmfds ; i++)
FD_SET(vmfds[i], &keepfd);
+ VIR_DEBUG("Clear emulator capabilities: %d",
+ driver->clearEmulatorCapabilities);
+ runflags = VIR_EXEC_NONBLOCK;
+ if (driver->clearEmulatorCapabilities) {
+ runflags |= VIR_EXEC_CLEAR_CAPS;
+ }
+
ret = virExecDaemonize(argv, progenv, &keepfd, &child,
stdin_fd, &logfile, &logfile,
- VIR_EXEC_NONBLOCK | VIR_EXEC_CLEAR_CAPS,
+ runflags,
qemudSecurityHook, &hookData,
pidfile);
VIR_FREE(pidfile);
--
1.6.6.1
15 years, 1 month
[libvirt] vol-list and other vol-* functions
by Eduardo Otubo
Hello all,
When implementing the vol-list function I came up with the concept of
'path' which I am not sure if I understood. Does 'path' in this case
represents where it is mounted on the guest system? On IBM Power
Hypervisor, there's some logical volumes which I can get the path and
there's some I can't, hence, I can't get LookUpByPath() function
implemented correctly. Any ideas?
Thanks,
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems & Technology Group
Mobile: +55 19 8135 0885
eotubo(a)linux.vnet.ibm.com
15 years, 1 month
[libvirt] [PATCH] [PATCH v13-pre1] add 802.1Qbh and 802.1Qbg handling
by Scott Feldman
From: Scott Feldman <scofeldm(a)cisco.com>
Stefan, I was doing more testing and have some fixes for the bh paths. This
patch is on top of your V12 patch...
- some minor cleanups
- if association fails due to timeout, disassociate the port profile,
otherwise association state-machine will be "in-progress" potentially
forever.
- don't pass mac/vlan/uuids/profile when disassociating. ifindex and vf
are enough
Signed-off-by: Scott Feldman <scofeldm(a)cisco.com>
---
src/util/macvtap.c | 75 ++++++++++++++++++++++++++++++----------------------
1 files changed, 43 insertions(+), 32 deletions(-)
diff --git a/src/util/macvtap.c b/src/util/macvtap.c
index 71c6169..9ca6203 100644
--- a/src/util/macvtap.c
+++ b/src/util/macvtap.c
@@ -963,11 +963,11 @@ getPortProfileStatus(struct nlattr **tb, int32_t vf,
if (tb[IFLA_PORT_SELF]) {
if (nla_parse_nested(tb_port, IFLA_PORT_MAX, tb[IFLA_PORT_SELF],
ifla_port_policy)) {
- msg = _("error parsing IFLA_VF_SELF part");
+ msg = _("error parsing IFLA_PORT_SELF part");
goto err_exit;
}
} else {
- msg = _("IFLA_VF_SELF is missing");
+ msg = _("IFLA_PORT_SELF is missing");
goto err_exit;
}
} else {
@@ -1266,7 +1266,7 @@ doPortProfileOpCommon(bool nltarget_kernel,
vf,
op);
- if (rc != 0) {
+ if (rc) {
macvtapError(VIR_ERR_INTERNAL_ERROR, "%s",
_("sending of PortProfileRequest failed."));
return rc;
@@ -1278,7 +1278,7 @@ doPortProfileOpCommon(bool nltarget_kernel,
goto err_exit;
rc = getPortProfileStatus(tb, vf, instanceId, nltarget_kernel,
is8021Qbg, &status);
- if (rc != 0)
+ if (rc)
goto err_exit;
if (status == PORT_PROFILE_RESPONSE_SUCCESS ||
status == PORT_VDP_RESPONSE_SUCCESS) {
@@ -1478,16 +1478,11 @@ doPortProfileOp8021Qbh(const char *ifname,
char *physfndev;
unsigned char hostuuid[VIR_UUID_BUFLEN];
int32_t vf;
- int op = PORT_REQUEST_ASSOCIATE;
bool nltarget_kernel = true;
int ifindex;
int vlanid = -1;
const unsigned char *macaddr = NULL;
- rc = virGetHostUUID(hostuuid);
- if (rc)
- goto err_exit;
-
rc = getPhysfn(ifname, &vf, &physfndev);
if (rc)
goto err_exit;
@@ -1499,35 +1494,51 @@ doPortProfileOp8021Qbh(const char *ifname,
switch (virtPortOp) {
case ASSOCIATE:
- op = PORT_REQUEST_ASSOCIATE;
+ rc = virGetHostUUID(hostuuid);
+ if (rc)
+ goto err_exit;
+
+ rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex,
+ macaddr,
+ vlanid,
+ virtPort->u.virtPort8021Qbh.profileID,
+ NULL,
+ vm_uuid,
+ hostuuid,
+ vf,
+ PORT_REQUEST_ASSOCIATE);
+ if (rc == -ETIMEDOUT)
+ /* Association timed out, disassociate */
+ doPortProfileOpCommon(nltarget_kernel, NULL, ifindex,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ vf,
+ PORT_REQUEST_DISASSOCIATE);
+ if (!rc)
+ ifaceUp(ifname);
break;
+
case DISASSOCIATE:
- op = PORT_REQUEST_DISASSOCIATE;
+ rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ vf,
+ PORT_REQUEST_DISASSOCIATE);
+ ifaceDown(ifname);
break;
+
default:
macvtapError(VIR_ERR_INTERNAL_ERROR,
- _("operation type %d not supported"), op);
+ _("operation type %d not supported"), virtPortOp);
rc = 1;
- goto err_exit;
- }
-
- rc = doPortProfileOpCommon(nltarget_kernel, NULL, ifindex,
- macaddr,
- vlanid,
- virtPort->u.virtPort8021Qbh.profileID,
- NULL,
- vm_uuid,
- hostuuid,
- vf,
- op);
-
- switch (virtPortOp) {
- case ASSOCIATE:
- ifaceUp(ifname);
- break;
- case DISASSOCIATE:
- ifaceDown(ifname);
- break;
}
err_exit:
15 years, 1 month
[libvirt] [PATCH 1/2] Add --source-format argument to virsh pool-define-as and pool-create-as
by Justin Clift
Hi all,
When creating pools from dedicated disks, the existing pool-define-as
and pool-create-as commands are a bit non-optimal.
Ideally, a person would be able to specify all of the required options
directly on the command line instead of having to edit the XML.
At the moment, there is no way to specify the format type (ie gpt) so it
gets included in the XML the pool is constructed with.
Please find attached a simple (tested) patch to add an optional
"--source-format 'type'" to virsh. This is patched against current git
master and will apply cleanly.
Also created a Red Hat BZ ticket for this (#597790) for tracking.
Regards and best wishes,
Justin Clift
--
Salasaga - Open Source eLearning IDE
http://www.salasaga.org
15 years, 1 month
