[libvirt] [PATCH] Fix startup with VNC password expiry on old QEMU
by Daniel P. Berrange
The code which set VNC passwords correctly had fallback for
the set_password command, but was lacking it for the
expire_password command. This made it impossible to start
a guest. It also failed to check whether QEMU was still
running after the initial 'set_password' command completed
* src/qemu/qemu_hotplug.c: Fix error handling when
password expiry fails
* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
return code for missing expire_password command
---
src/qemu/qemu_hotplug.c | 12 ++++++++++++
src/qemu/qemu_monitor_json.c | 10 +++++++++-
src/qemu/qemu_monitor_text.c | 4 ++--
3 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7abdd0f..125d9b5 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1869,6 +1869,15 @@ qemuDomainChangeGraphicsPasswords(struct qemud_driver *driver,
auth->passwd ? auth->passwd : defaultPasswd);
}
}
+ if (ret != 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ ret = -1;
+ qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("guest unexpectedly quit"));
+ goto cleanup;
+ }
if (auth->expires) {
time_t lifetime = auth->validTo - now;
@@ -1888,9 +1897,12 @@ qemuDomainChangeGraphicsPasswords(struct qemud_driver *driver,
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Expiry of passwords is not supported"));
ret = -1;
+ } else {
+ ret = 0;
}
}
+cleanup:
qemuDomainObjExitMonitorWithDriver(driver, vm);
return ret;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 7387089..2e159c7 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1298,6 +1298,7 @@ cleanup:
return ret;
}
+/* Returns -1 on error, -2 if not supported */
int qemuMonitorJSONExpirePassword(qemuMonitorPtr mon,
const char *protocol,
const char *expire_time)
@@ -1313,9 +1314,16 @@ int qemuMonitorJSONExpirePassword(qemuMonitorPtr mon,
ret = qemuMonitorJSONCommand(mon, cmd, &reply);
- if (ret == 0)
+ if (ret == 0) {
+ if (qemuMonitorJSONHasError(reply, "CommandNotFound")) {
+ ret = -2;
+ goto cleanup;
+ }
+
ret = qemuMonitorJSONCheckError(cmd, reply);
+ }
+cleanup:
virJSONValueFree(cmd);
virJSONValueFree(reply);
return ret;
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index 291d958..4cf87fe 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -803,6 +803,7 @@ cleanup:
return ret;
}
+/* Returns -1 on error, -2 if not supported */
int qemuMonitorTextExpirePassword(qemuMonitorPtr mon,
const char *protocol,
const char *expire_time)
@@ -824,8 +825,7 @@ int qemuMonitorTextExpirePassword(qemuMonitorPtr mon,
}
if (strstr(reply, "unknown command:")) {
- qemuReportError(VIR_ERR_NO_SUPPORT,
- _("expiring password not supported by this qemu: %s"), reply);
+ ret = -2;
goto cleanup;
}
--
1.7.3.4
13 years, 11 months
[libvirt] Libvirt Windows 0.8.7 installer available
by Justin Clift
Hi all,
The Libvirt 0.8.7 installer for Windows is now available online:
http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-2.exe
Changes for this release include:
+ VirtualBox support on Windows, as added to the main Libvirt
0.8.7 release.
I haven't personally tested this yet, so if someone has the time to
test and report/confirm it's working, that would be really helpful.
+ There is now an option to update the system PATH with the
libvirt binaries location, so they don't have to be copied around
if you're using the .dlls elsewhere.
+ The README text has been tweaked to be less confusing for
vSphere ESX users reading about TLS certificates
All thoughts and feedback are welcome. :)
Regards and best wishes,
Justin Clift
13 years, 11 months
[libvirt] [PATCH] docs: updated windows page for new 0.8.7 installer
by Justin Clift
---
docs/windows.html.in | 31 +++++++++++++++----------------
1 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/docs/windows.html.in b/docs/windows.html.in
index 9acf67d..4850a54 100644
--- a/docs/windows.html.in
+++ b/docs/windows.html.in
@@ -18,7 +18,7 @@
version is available here:
</p>
- <a href="http://libvirt.org/sources/win32_experimental/Libvirt-0.8.6-2.exe">http://libvirt.org/sources/win32_experimental/Libvirt-0.8.6-2.exe</a>
+ <a href="http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-2.exe">http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-2.exe</a>
<p>
<b>It is not production ready.</b>
@@ -77,15 +77,6 @@
<br /><br />
</li>
- <li>
- Libvirt dll files should be added to path
- <br /><br />
- At the moment, anything that needs to use the libvirt dll files
- (i.e. the C# bindings) won't automatically find them. This can be
- worked around by copying the dll files into the same directory as
- whatever needs them, but is probably not an optimal approach.
- There might be a better way and needs to be investigated.
- </li>
</ul>
<h2><a name="conntypes">Connection types</h2>
@@ -119,6 +110,12 @@
</p>
<p>
+ <b>Special note</b> - Support for VirtualBox *on windows* was added in
+ libvirt 0.8.7, so reports on success and failure if you're using that
+ would be really helpful and appreciated.
+ </p>
+
+ <p>
<b>WARNING - The qemu+tcp:// connection type passes all traffic
without encryption. This is a security hazard, and should <i>not</i>
be used in security sensitive environments.</b>
@@ -127,8 +124,9 @@
<h2><a name="esx">Connecting to VMware ESX/vSphere</h2>
<p>
- Details on the capabilities and connection string syntax used for
- connecting to VMware ESX and vSphere can be found online here:<br />
+ Details on the capabilities, certificates, and connection string
+ syntax used for connecting to VMware ESX and vSphere can be found
+ online here:<br />
</p>
<a href="http://libvirt.org/drvesx.html">http://libvirt.org/drvesx.html</a>
@@ -136,8 +134,9 @@
<h2><a name="tlscerts">TLS Certificates</h2>
<p>
- TLS certificates are needed prior to connecting to either QEMU
- instances with TLS, or connecting to VMware ESX/vSphere.
+ TLS certificates need to have been created and placed in the correct
+ locations, before you will be able to connect to QEMU servers over
+ TLS.
</p>
<p>
@@ -154,8 +153,8 @@
</p>
<p>
- The locations of the TLS certificates and key file are hard coded,
- rather than being configurable.
+ The locations of the TLS certificates and key file on Windows are hard
+ coded, rather than being configurable.
</p>
<p>
--
1.7.3.5
13 years, 11 months
[libvirt] [PATCH] Fix error reporting when machine type probe fails
by Daniel P. Berrange
Avoid overwriting the real error message with a generic
OOM failure message, when machine type probe fails
* src/qemu/qemu_driver.c: Don't overwrite error
---
src/qemu/qemu_driver.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a1b9d2a..90429e5 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6322,10 +6322,8 @@ qemudCanonicalizeMachineDirect(virDomainDefPtr def, char **canonical)
virCapsGuestMachinePtr *machines = NULL;
int i, nmachines = 0;
- if (qemuCapsProbeMachineTypes(def->emulator, &machines, &nmachines) < 0) {
- virReportOOMError();
+ if (qemuCapsProbeMachineTypes(def->emulator, &machines, &nmachines) < 0)
return -1;
- }
for (i = 0; i < nmachines; i++) {
if (!machines[i]->canonical)
--
1.7.3.4
13 years, 11 months
[libvirt] Libvirt 0.8.7 installer ready for testing
by Justin Clift
Hi guys,
Created the windows libvirt 0.8.7 installer using Matthias's updated scripting:
http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-0.exe
Does someone have time to test and confirm it's ok, before we point to it from
the website?
Arnaud, this version of the installer adds the virsh bin directory to the system PATH
variable. So I'm thinking don't need to copy the libvirt dll's around, when using
your C# bindings.
If you've have time to test that, it would be great. Could then update the web page
with that info. :)
Regards and best wishes,
Justin Clift
13 years, 11 months
[libvirt] [PATCH] Avoid crash in security driver if model is NULL
by Daniel P. Berrange
If the XML security model is NULL, it is assumed that the current
model will be used with dynamic labelling. The verify step is
meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify
---
src/security/security_manager.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 66cffb5..1bc0ebb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
int virSecurityManagerVerify(virSecurityManagerPtr mgr,
virDomainDefPtr def)
{
+ /* NULL model == dynamic labelling, with whatever drive
+ * is active, so we can short circuit verify check to
+ * avoid drivers dereferencing NULLs by accident
+ */
+ if (!secdef->model)
+ return 0;
+
if (mgr->drv->domainSecurityVerify)
return mgr->drv->domainSecurityVerify(mgr, def);
--
1.7.3.4
13 years, 11 months
[libvirt] [PATCH] handle DNS over IPv6
by Paweł Krześniak
Firstly: Add ip6tables rules to allow DNS over IPv6 in network.
Secondly: start dnsmasq with --interface option instead of --listen-address.
Dnsmasq currently uses "--listen-address IPv4_address" option, which
restricts DNS service to one IPv4 address only.
We could append --listen-address for every IPv[46] address defined on
interface, but it's cleaner to use "--interface brname".
There were some problems in the past with --interface option. Dnsmasq
version 2.46 and earlier exited with error when tired to bind() to IPv6
addresses on just brought up interfaces, because DAD (Duplicate
Address Detection) takes some time to finish and bind() returns
EADDRNOTAVAIL which caused dnsmasq to exit.
Dnsmasq version 2.47 (released on 05-Feb-2009) fixed this issue by
retrying bind() after getting EADDRNOTAVAIL error (as described in
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG;
loop itself is defined in dnsmasq-2.47/src/network.c:404)
* Using --interface option causes longer network startup:
$ time virsh -c qemu:///system net-start isolated1
Network isolated1 started
real 0m0.112s
user 0m0.013s
sys 0m0.009s
$ time virsh -c qemu:///system net-start isolated1
Network isolated1 started
real 0m2.101s
user 0m0.011s
sys 0m0.011s
* Dnsmasq exits after DAD complets which guarantees that radvd will no
more produces following warnings:
Dec 28 19:42:11 nemo radvd[14652]: sendmsg: Invalid argument
---
src/network/bridge_driver.c | 32 +++++++++++++++++++++++++-------
1 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 7d43ef5..a689c9f 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -469,16 +469,13 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
virCommandAddArgList(cmd, "--conf-file=", "", NULL);
/*
- * XXX does not actually work, due to some kind of
- * race condition setting up ipv6 addresses on the
- * interface. A sleep(10) makes it work, but that's
- * clearly not practical
+ * It's safe to use --interface option for dnsmasq 2.47 and later.
+ * With earlier versions we had to use --listen-address option.
*
- * virCommandAddArg(cmd, "--interface");
- * virCommandAddArg(cmd, ipdef->bridge);
+ * virCommandAddArgList(cmd, "--listen-address", bridgeaddr);
*/
virCommandAddArgList(cmd,
- "--listen-address", bridgeaddr,
+ "--interface", network->def->bridge,
"--except-interface", "lo",
NULL);
@@ -1157,9 +1154,30 @@ networkAddGeneralIptablesRules(struct
network_driver *driver,
goto err9;
}
+ /* allow DNS over IPv6 requests through to dnsmasq */
+ if (iptablesAddTcpInput(driver->iptables, AF_INET6,
+ network->def->bridge, 53) < 0) {
+ networkReportError(VIR_ERR_SYSTEM_ERROR,
+ _("failed to add ip6tables rule to allow
DNS requests from '%s'"),
+ network->def->bridge);
+ goto err10;
+ }
+
+ if (iptablesAddUdpInput(driver->iptables, AF_INET6,
+ network->def->bridge, 53) < 0) {
+ networkReportError(VIR_ERR_SYSTEM_ERROR,
+ _("failed to add ip6tables rule to allow
DNS requests from '%s'"),
+ network->def->bridge);
+ goto err11;
+ }
+
return 0;
/* unwind in reverse order from the point of failure */
+err11:
+ iptablesRemoveTcpInput(driver->iptables, AF_INET6,
network->def->bridge, 53);
+err10:
+ networkRemoveGeneralIp6tablesRules(driver, network);
err9:
iptablesRemoveForwardAllowCross(driver->iptables, AF_INET,
network->def->bridge);
err8:
13 years, 11 months
[libvirt] [PATCH 0/7] patch queue cleanup
by Eric Blake
I've been building up several (unrelated) patches that haven't been
reviewed yet; here they are in no particular order except that
6 depends on 5, and that 4 depends on 3.
Eric Blake (6):
datatypes: avoid redundant __FUNCTION__
maint: improve sc_prohibit_strncmp syntax check
build: let xgettext see strings in libvirt-guests
qemu: use -incoming fd:n to avoid qemu holding fd indefinitely
qemu: use lighter-weight fd:n on incoming tunneled migration
qemu: improve efficiency of dd during snapshots
Laurent Léonard (1):
libvirt-guests: remove bashisms
.gnulib | 2 +-
.x-sc_prohibit_strcmp | 1 -
.x-sc_prohibit_strncmp | 1 -
Makefile.am | 2 -
cfg.mk | 7 +-
po/POTFILES.in | 1 +
src/datatypes.c | 129 +++++++++++++++-----
src/qemu/qemu_command.c | 82 ++++++++-----
src/qemu/qemu_command.h | 1 +
src/qemu/qemu_driver.c | 56 +++------
src/qemu/qemu_monitor_json.c | 5 +-
src/qemu/qemu_monitor_text.c | 5 +-
.../qemuxml2argv-restore-v2-fd.args | 1 +
.../qemuxml2argv-restore-v2-fd.xml | 25 ++++
tests/qemuxml2argvtest.c | 30 +++--
tools/Makefile.am | 13 ++-
...bvirt-guests.init.in => libvirt-guests.init.sh} | 72 +++++++-----
17 files changed, 279 insertions(+), 154 deletions(-)
delete mode 100644 .x-sc_prohibit_strcmp
delete mode 100644 .x-sc_prohibit_strncmp
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml
rename tools/{libvirt-guests.init.in => libvirt-guests.init.sh} (76%)
--
1.7.3.4
13 years, 11 months
[libvirt] [PATCH v2 0/4] Explicit boot device ordering
by Jiri Denemark
Currently, boot order can be specified per device class but there is no
way to specify exact disk/NIC device to boot from. This patchset fixes
that.
There were two options suggested for how this should be modeled in
domain XML:
1)
<os>
<boot target='net1'/>
<boot target='net0'/>
<boot target='hdc'/>
<boot target='hdb'/>
<os>
Where target attributes would match /domain/devices/*/target@dev
2) Adding <boot order='n'/> elements into appropriate device elements.
In addition to the two options Rich suggested a more compact variant of
option 1.
Per former discussion this patchset implements the second option.
Version 2:
- "qemu: Refactor qemuCapsParsePCIDeviceStrs using virCommand" dropped
the rest was rebased on top of Eric's capabilities patches
- added support for floppy devices which was forgotten in v1
Jiri Denemark (4):
conf: Move boot parsing into a separate function
Introduce per-device boot element
qemu: Support per-device boot ordering
tests: Add tests for per-device boot elements
docs/formatcaps.html.in | 1 +
docs/formatdomain.html.in | 41 +++++-
docs/schemas/domain.rng | 20 +++-
src/conf/capabilities.c | 3 +-
src/conf/domain_conf.c | 148 ++++++++++++++------
src/conf/domain_conf.h | 2 +
src/qemu/qemu_capabilities.c | 9 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 24 +++-
src/qemu/qemu_command.h | 6 +-
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_hotplug.c | 8 +-
.../qemuxml2argvdata/qemuxml2argv-boot-order.args | 1 +
tests/qemuxml2argvdata/qemuxml2argv-boot-order.xml | 52 +++++++
tests/qemuxml2argvtest.c | 2 +
tests/qemuxml2xmltest.c | 1 +
16 files changed, 265 insertions(+), 56 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-boot-order.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-boot-order.xml
--
1.7.4.rc1
13 years, 11 months