February 2011 - Devel - libvirt List Archives

[libvirt] NIC model in domain description
by arnaud.champion＠devatom.fr 01 Feb '11

01 Feb '11

?Hi, in domain xml description, for the NIC interfaces, there is a model that specify the model of NIC exposed to the domain. I've understand that the model is driver dependent. Is there a way to know what is the driver default model ? Regards, Arnaud

1 0

[libvirt] [PATCH] virsh: Error prompt if one passes negative value for scheduler setting
by Osier Yang 01 Feb '11

01 Feb '11

As cgroup doesn't allow one writes negative into files like cpu.shares, (e.g. echo -1> /cgroup/cpu/libvirt/qemu/rhel6/cpu.shares), user will be confused if libvirt accepts negative value and converts it into unsigned int (or long int, etc) silently. * tools/virsh.c --- tools/virsh.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index cd54174..a0f2527 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -1652,7 +1652,8 @@ cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd, } break; case VIR_DOMAIN_SCHED_FIELD_UINT: - if (virStrToLong_ui(val, NULL, 10, &param->value.ui) < 0) { + if (STRPREFIX(val, "-") || + virStrToLong_ui(val, NULL, 10, &param->value.ui) < 0) { vshError(ctl, "%s", _("Invalid value for parameter, expecting an unsigned int")); return -1; @@ -1666,7 +1667,8 @@ cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd, } break; case VIR_DOMAIN_SCHED_FIELD_ULLONG: - if (virStrToLong_ull(val, NULL, 10, &param->value.ul) < 0) { + if (STRPREFIX(val, "-") || + virStrToLong_ull(val, NULL, 10, &param->value.ul) < 0) { vshError(ctl, "%s", _("Invalid value for parameter, expecting an unsigned long long")); return -1; -- 1.7.3.2

3 9

[libvirt] [PATCH] qemu: Build command line for incoming tunneled migration
by Osier Yang 01 Feb '11

01 Feb '11

Command line building for imcoming tunneled migration is missed, as a result, all the tunneled migration will fail with "unknown migration protocol". * src/qemu/qemu_command.c --- src/qemu/qemu_command.c | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index a0f86a3..8f681fd 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -4067,6 +4067,14 @@ qemuBuildCommandLine(virConnectPtr conn, } virCommandAddArg(cmd, migrateFrom); virCommandPreserveFD(cmd, migrateFd); + } else if (STRPREFIX(migrateFrom, "unix")) { + if (!(qemuCmdFlags & QEMUD_CMD_FLAG_MIGRATE_QEMU_UNIX)) { + qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, + "%s", _("UNIX migration is not supported " + "with this QEMU binary")); + goto error; + } + virCommandAddArg(cmd, migrateFrom); } else { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("unknown migration protocol")); -- 1.7.3.2

2 4

[libvirt] [PATCHv3 0/5] smartcard: round 3
by Eric Blake 01 Feb '11

01 Feb '11

This series has hopefully taken into account all the feedback from v2 (https://www.redhat.com/archives/libvir-list/2011-January/msg00608.html) Major changes: - enhance the XML to support optional ccid <controller> (missing controllers are added according to <address> elements) and optional <address> per smartcard (missing address assume the next available port on controller 0) - enhance the XML to support an optional <source dev='/path'/> for host mode. For now, this path is only used in SELinux labeling; I suspect that this needs more work, since the point is that a single device in the host should be shared among the NSS implementation of multiple guests (so labeling the host device to belong to a single guest is wrong); but fixing it correctly requires a better understanding of what NSS actually needs to access, as well as possibly modifying qemu's smartcard implementation to take the host device either as a pathname or even as an already-opened fd. - enhance the XML to support an optional <database> element for host-certificates mode. - enhance the qemu command line to fully populate all parameters, rather than the bare minimum defaults, and reflect that in the tests. It requires this pre-requisite patch for qemu -chardev aliases: https://www.redhat.com/archives/libvir-list/2011-January/msg01032.html Eric Blake (5): smartcard: add XML support for <smartcard> device smartcard: add domain conf support smartcard: check for qemu capability smartcard: enable SELinux support smartcard: turn on qemu support cfg.mk | 1 + docs/formatdomain.html.in | 95 +++++- docs/schemas/domain.rng | 73 ++++ src/conf/domain_conf.c | 396 +++++++++++++++++++- src/conf/domain_conf.h | 53 +++- src/libvirt_private.syms | 4 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 90 +++++- src/security/security_selinux.c | 94 +++++ .../qemuxml2argv-smartcard-controller.args | 1 + .../qemuxml2argv-smartcard-controller.xml | 20 + .../qemuxml2argv-smartcard-host-certificates.args | 1 + .../qemuxml2argv-smartcard-host-certificates.xml | 20 + .../qemuxml2argv-smartcard-host.args | 1 + .../qemuxml2argv-smartcard-host.xml | 16 + .../qemuxml2argv-smartcard-passthrough-tcp.args | 1 + .../qemuxml2argv-smartcard-passthrough-tcp.xml | 19 + tests/qemuxml2argvtest.c | 13 + 19 files changed, 887 insertions(+), 14 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml -- 1.7.3.5

3 22

[libvirt] [PATCH 2/4 v2] cgroup: Implement blkio.weight tuning API.
by Gui Jianfeng 01 Feb '11

01 Feb '11

Implement blkio.weight tuning API. Signed-off-by: Gui Jianfeng <guijianfeng(a)cn.fujitsu.com> --- src/libvirt_private.syms | 2 ++ src/util/cgroup.c | 39 +++++++++++++++++++++++++++++++++++++++ src/util/cgroup.h | 3 +++ 3 files changed, 44 insertions(+), 0 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2ce4bed..97b9851 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -77,6 +77,8 @@ virCgroupMounted; virCgroupRemove; virCgroupSetCpuShares; virCgroupSetFreezerState; +virCgroupSetWeight; +virCgroupGetWeight; virCgroupSetMemory; virCgroupSetMemoryHardLimit; virCgroupSetMemorySoftLimit; diff --git a/src/util/cgroup.c b/src/util/cgroup.c index 309f4e9..4b7e629 100644 --- a/src/util/cgroup.c +++ b/src/util/cgroup.c @@ -851,6 +851,45 @@ int virCgroupForDomain(virCgroupPtr driver ATTRIBUTE_UNUSED, #endif /** + * virCgroupSetWeight: + * + * @group: The cgroup to change io weight for + * @weight: The Weight for this cgroup + * + * Returns: 0 on success + */ +int virCgroupSetWeight(virCgroupPtr group, unsigned long weight) +{ + if (weight > 1000 || weight < 100) + return -EINVAL; + + return virCgroupSetValueU64(group, + VIR_CGROUP_CONTROLLER_BLKIO, + "blkio.weight", + weight); +} + +/** + * virCgroupGetWeight: + * + * @group: The cgroup to get weight for + * @Weight: Pointer to returned weight + * + * Returns: 0 on success + */ +int virCgroupGetWeight(virCgroupPtr group, unsigned long *weight) +{ + long long unsigned int __weight; + int ret; + ret = virCgroupGetValueU64(group, + VIR_CGROUP_CONTROLLER_BLKIO, + "blkio.weight", &__weight); + if (ret == 0) + *weight = (unsigned long) __weight; + return ret; +} + +/** * virCgroupSetMemory: * * @group: The cgroup to change memory for diff --git a/src/util/cgroup.h b/src/util/cgroup.h index 67b1299..99c1cfe 100644 --- a/src/util/cgroup.h +++ b/src/util/cgroup.h @@ -41,6 +41,9 @@ int virCgroupForDomain(virCgroupPtr driver, int virCgroupAddTask(virCgroupPtr group, pid_t pid); +int virCgroupSetWeight(virCgroupPtr group, unsigned long weight); +int virCgroupGetWeight(virCgroupPtr group, unsigned long *weight); + int virCgroupSetMemory(virCgroupPtr group, unsigned long long kb); int virCgroupGetMemoryUsage(virCgroupPtr group, unsigned long *kb); -- 1.7.1

2 1

[libvirt] [PATCHv4] bridge_driver: handle DNS over IPv6
by Paweł Krześniak 01 Feb '11

01 Feb '11

* dnsmasq listens on all defined IPv[46] addresses for network * Add ip6tables rules to allow DNS traffic to host --- src/network/bridge_driver.c | 51 ++++++++++++++++++++++++++++++++++-------- 1 files changed, 41 insertions(+), 10 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index c098ab5..24be0b7 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -432,6 +432,8 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, int r, ret = -1; int nbleases = 0; char *bridgeaddr; + int ii; + virNetworkIpDefPtr tmpipdef; if (!(bridgeaddr = virSocketFormatAddr(&ipdef->address))) goto cleanup; @@ -468,20 +470,28 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, /* *no* conf file */ virCommandAddArgList(cmd, "--conf-file=", "", NULL); - /* - * XXX does not actually work, due to some kind of - * race condition setting up ipv6 addresses on the - * interface. A sleep(10) makes it work, but that's - * clearly not practical - * - * virCommandAddArg(cmd, "--interface"); - * virCommandAddArg(cmd, ipdef->bridge); - */ virCommandAddArgList(cmd, - "--listen-address", bridgeaddr, "--except-interface", "lo", NULL); + /* + * --interface does not actually work with dnsmasq < 2.47, + * due to DAD for ipv6 addresses on the interface. + * + * virCommandAddArgList(cmd, "--interface", ipdef->bridge, NULL); + * + * So listen on all defined IPv[46] addresses + */ + for (ii = 0; + (tmpipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii)); + ii++) { + char *ipaddr = virSocketFormatAddr(&tmpipdef->address); + if (!ipaddr) + goto cleanup; + virCommandAddArgList(cmd, "--listen-address", ipaddr, NULL); + VIR_FREE(ipaddr); + } + for (r = 0 ; r < ipdef->nranges ; r++) { char *saddr = virSocketFormatAddr(&ipdef->ranges[r].start); if (!saddr) @@ -1027,9 +1037,30 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver, goto err3; } + /* allow DNS over IPv6 */ + if (iptablesAddTcpInput(driver->iptables, AF_INET6, + network->def->bridge, 53) < 0) { + networkReportError(VIR_ERR_SYSTEM_ERROR, + _("failed to add ip6tables rule to allow DNS requests from '%s'"), + network->def->bridge); + goto err4; + } + + if (iptablesAddUdpInput(driver->iptables, AF_INET6, + network->def->bridge, 53) < 0) { + networkReportError(VIR_ERR_SYSTEM_ERROR, + _("failed to add ip6tables rule to allow DNS requests from '%s'"), + network->def->bridge); + goto err5; + } + return 0; /* unwind in reverse order from the point of failure */ +err5: + iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53); +err4: + iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge); err3: iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge); err2: -- 1.7.3.5

2 1