[libvirt] [PATCH] virsh: Error prompt if one passes negative value for scheduler setting
by Osier Yang
As cgroup doesn't allow one writes negative into files like cpu.shares,
(e.g. echo -1> /cgroup/cpu/libvirt/qemu/rhel6/cpu.shares), user will be
confused if libvirt accepts negative value and converts it into unsigned
int (or long int, etc) silently.
* tools/virsh.c
---
tools/virsh.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index cd54174..a0f2527 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -1652,7 +1652,8 @@ cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd,
}
break;
case VIR_DOMAIN_SCHED_FIELD_UINT:
- if (virStrToLong_ui(val, NULL, 10, ¶m->value.ui) < 0) {
+ if (STRPREFIX(val, "-") ||
+ virStrToLong_ui(val, NULL, 10, ¶m->value.ui) < 0) {
vshError(ctl, "%s",
_("Invalid value for parameter, expecting an unsigned int"));
return -1;
@@ -1666,7 +1667,8 @@ cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd,
}
break;
case VIR_DOMAIN_SCHED_FIELD_ULLONG:
- if (virStrToLong_ull(val, NULL, 10, ¶m->value.ul) < 0) {
+ if (STRPREFIX(val, "-") ||
+ virStrToLong_ull(val, NULL, 10, ¶m->value.ul) < 0) {
vshError(ctl, "%s",
_("Invalid value for parameter, expecting an unsigned long long"));
return -1;
--
1.7.3.2
13 years, 10 months
[libvirt] [PATCH] qemu: Build command line for incoming tunneled migration
by Osier Yang
Command line building for imcoming tunneled migration is missed,
as a result, all the tunneled migration will fail with "unknown
migration protocol".
* src/qemu/qemu_command.c
---
src/qemu/qemu_command.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index a0f86a3..8f681fd 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -4067,6 +4067,14 @@ qemuBuildCommandLine(virConnectPtr conn,
}
virCommandAddArg(cmd, migrateFrom);
virCommandPreserveFD(cmd, migrateFd);
+ } else if (STRPREFIX(migrateFrom, "unix")) {
+ if (!(qemuCmdFlags & QEMUD_CMD_FLAG_MIGRATE_QEMU_UNIX)) {
+ qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("UNIX migration is not supported "
+ "with this QEMU binary"));
+ goto error;
+ }
+ virCommandAddArg(cmd, migrateFrom);
} else {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("unknown migration protocol"));
--
1.7.3.2
13 years, 10 months
[libvirt] [PATCHv3 0/5] smartcard: round 3
by Eric Blake
This series has hopefully taken into account all the feedback from v2
(https://www.redhat.com/archives/libvir-list/2011-January/msg00608.html).
Major changes:
- enhance the XML to support optional ccid <controller> (missing
controllers are added according to <address> elements) and optional
<address> per smartcard (missing address assume the next available
port on controller 0)
- enhance the XML to support an optional <source dev='/path'/> for
host mode. For now, this path is only used in SELinux labeling; I
suspect that this needs more work, since the point is that a single
device in the host should be shared among the NSS implementation of
multiple guests (so labeling the host device to belong to a single
guest is wrong); but fixing it correctly requires a better
understanding of what NSS actually needs to access, as well as
possibly modifying qemu's smartcard implementation to take the
host device either as a pathname or even as an already-opened fd.
- enhance the XML to support an optional <database> element for
host-certificates mode.
- enhance the qemu command line to fully populate all parameters,
rather than the bare minimum defaults, and reflect that in the tests.
It requires this pre-requisite patch for qemu -chardev aliases:
https://www.redhat.com/archives/libvir-list/2011-January/msg01032.html
Eric Blake (5):
smartcard: add XML support for <smartcard> device
smartcard: add domain conf support
smartcard: check for qemu capability
smartcard: enable SELinux support
smartcard: turn on qemu support
cfg.mk | 1 +
docs/formatdomain.html.in | 95 +++++-
docs/schemas/domain.rng | 73 ++++
src/conf/domain_conf.c | 396 +++++++++++++++++++-
src/conf/domain_conf.h | 53 +++-
src/libvirt_private.syms | 4 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 90 +++++-
src/security/security_selinux.c | 94 +++++
.../qemuxml2argv-smartcard-controller.args | 1 +
.../qemuxml2argv-smartcard-controller.xml | 20 +
.../qemuxml2argv-smartcard-host-certificates.args | 1 +
.../qemuxml2argv-smartcard-host-certificates.xml | 20 +
.../qemuxml2argv-smartcard-host.args | 1 +
.../qemuxml2argv-smartcard-host.xml | 16 +
.../qemuxml2argv-smartcard-passthrough-tcp.args | 1 +
.../qemuxml2argv-smartcard-passthrough-tcp.xml | 19 +
tests/qemuxml2argvtest.c | 13 +
19 files changed, 887 insertions(+), 14 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml
--
1.7.3.5
13 years, 10 months
[libvirt] [PATCH 2/4 v2] cgroup: Implement blkio.weight tuning API.
by Gui Jianfeng
Implement blkio.weight tuning API.
Signed-off-by: Gui Jianfeng <guijianfeng(a)cn.fujitsu.com>
---
src/libvirt_private.syms | 2 ++
src/util/cgroup.c | 39 +++++++++++++++++++++++++++++++++++++++
src/util/cgroup.h | 3 +++
3 files changed, 44 insertions(+), 0 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 2ce4bed..97b9851 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -77,6 +77,8 @@ virCgroupMounted;
virCgroupRemove;
virCgroupSetCpuShares;
virCgroupSetFreezerState;
+virCgroupSetWeight;
+virCgroupGetWeight;
virCgroupSetMemory;
virCgroupSetMemoryHardLimit;
virCgroupSetMemorySoftLimit;
diff --git a/src/util/cgroup.c b/src/util/cgroup.c
index 309f4e9..4b7e629 100644
--- a/src/util/cgroup.c
+++ b/src/util/cgroup.c
@@ -851,6 +851,45 @@ int virCgroupForDomain(virCgroupPtr driver ATTRIBUTE_UNUSED,
#endif
/**
+ * virCgroupSetWeight:
+ *
+ * @group: The cgroup to change io weight for
+ * @weight: The Weight for this cgroup
+ *
+ * Returns: 0 on success
+ */
+int virCgroupSetWeight(virCgroupPtr group, unsigned long weight)
+{
+ if (weight > 1000 || weight < 100)
+ return -EINVAL;
+
+ return virCgroupSetValueU64(group,
+ VIR_CGROUP_CONTROLLER_BLKIO,
+ "blkio.weight",
+ weight);
+}
+
+/**
+ * virCgroupGetWeight:
+ *
+ * @group: The cgroup to get weight for
+ * @Weight: Pointer to returned weight
+ *
+ * Returns: 0 on success
+ */
+int virCgroupGetWeight(virCgroupPtr group, unsigned long *weight)
+{
+ long long unsigned int __weight;
+ int ret;
+ ret = virCgroupGetValueU64(group,
+ VIR_CGROUP_CONTROLLER_BLKIO,
+ "blkio.weight", &__weight);
+ if (ret == 0)
+ *weight = (unsigned long) __weight;
+ return ret;
+}
+
+/**
* virCgroupSetMemory:
*
* @group: The cgroup to change memory for
diff --git a/src/util/cgroup.h b/src/util/cgroup.h
index 67b1299..99c1cfe 100644
--- a/src/util/cgroup.h
+++ b/src/util/cgroup.h
@@ -41,6 +41,9 @@ int virCgroupForDomain(virCgroupPtr driver,
int virCgroupAddTask(virCgroupPtr group, pid_t pid);
+int virCgroupSetWeight(virCgroupPtr group, unsigned long weight);
+int virCgroupGetWeight(virCgroupPtr group, unsigned long *weight);
+
int virCgroupSetMemory(virCgroupPtr group, unsigned long long kb);
int virCgroupGetMemoryUsage(virCgroupPtr group, unsigned long *kb);
--
1.7.1
13 years, 10 months
[libvirt] [PATCHv4] bridge_driver: handle DNS over IPv6
by Paweł Krześniak
* dnsmasq listens on all defined IPv[46] addresses for network
* Add ip6tables rules to allow DNS traffic to host
---
src/network/bridge_driver.c | 51 ++++++++++++++++++++++++++++++++++--------
1 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index c098ab5..24be0b7 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -432,6 +432,8 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
int r, ret = -1;
int nbleases = 0;
char *bridgeaddr;
+ int ii;
+ virNetworkIpDefPtr tmpipdef;
if (!(bridgeaddr = virSocketFormatAddr(&ipdef->address)))
goto cleanup;
@@ -468,20 +470,28 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
/* *no* conf file */
virCommandAddArgList(cmd, "--conf-file=", "", NULL);
- /*
- * XXX does not actually work, due to some kind of
- * race condition setting up ipv6 addresses on the
- * interface. A sleep(10) makes it work, but that's
- * clearly not practical
- *
- * virCommandAddArg(cmd, "--interface");
- * virCommandAddArg(cmd, ipdef->bridge);
- */
virCommandAddArgList(cmd,
- "--listen-address", bridgeaddr,
"--except-interface", "lo",
NULL);
+ /*
+ * --interface does not actually work with dnsmasq < 2.47,
+ * due to DAD for ipv6 addresses on the interface.
+ *
+ * virCommandAddArgList(cmd, "--interface", ipdef->bridge, NULL);
+ *
+ * So listen on all defined IPv[46] addresses
+ */
+ for (ii = 0;
+ (tmpipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
+ ii++) {
+ char *ipaddr = virSocketFormatAddr(&tmpipdef->address);
+ if (!ipaddr)
+ goto cleanup;
+ virCommandAddArgList(cmd, "--listen-address", ipaddr, NULL);
+ VIR_FREE(ipaddr);
+ }
+
for (r = 0 ; r < ipdef->nranges ; r++) {
char *saddr = virSocketFormatAddr(&ipdef->ranges[r].start);
if (!saddr)
@@ -1027,9 +1037,30 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver,
goto err3;
}
+ /* allow DNS over IPv6 */
+ if (iptablesAddTcpInput(driver->iptables, AF_INET6,
+ network->def->bridge, 53) < 0) {
+ networkReportError(VIR_ERR_SYSTEM_ERROR,
+ _("failed to add ip6tables rule to allow DNS requests from '%s'"),
+ network->def->bridge);
+ goto err4;
+ }
+
+ if (iptablesAddUdpInput(driver->iptables, AF_INET6,
+ network->def->bridge, 53) < 0) {
+ networkReportError(VIR_ERR_SYSTEM_ERROR,
+ _("failed to add ip6tables rule to allow DNS requests from '%s'"),
+ network->def->bridge);
+ goto err5;
+ }
+
return 0;
/* unwind in reverse order from the point of failure */
+err5:
+ iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
+err4:
+ iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
err3:
iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
err2:
--
1.7.3.5
13 years, 10 months