[libvirt] [PATCH] libvirtd: Enable private /tmp under systemd.
by Eric Blake
The last intentional use of /tmp by libvirt was patched in
commit bd6083c9b; we can add an extra measure of security
by explicitly requesting that libvirtd's /tmp is not visible
to arbitrary users. See https://bugzilla.redhat.com/782474
* daemon/libvirtd.service.in (Service): Enable PrivateTmp.
---
daemon/libvirtd.service.in | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index 8f2458a..cf68440 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -17,6 +17,7 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
# Override the maximum number of opened files
#LimitNOFILE=2048
+PrivateTmp=true
[Install]
WantedBy=multi-user.target
--
1.7.7.6
12 years, 10 months
[libvirt] [RFC] Specific vcpu hot-(un)plug API proposal
by Peter Krempa
Hypervisors are starting to support hot-(un)plugging of specific vcpus.
This adds more flexibility for the management tools to decide which CPU
should be added or removed.
Libvirt's API in current state does not allow to choose arbitrary vCPU
id's for the new vCPU's and does not support removing arbitrary vCPUs
either.
I propose a following API to enable working with specific vCPUs:
/**
* virDomainAddVcpu:
* @domain: pointer to domain object
* @vcpu: ID of the vcpu socket to plug the virtual CPU to
* @flags: bitwise-OR of virDomainModificationImpact
*
* Dynamicaly add a CPU to the domain. Attach the cpu to the ID specified
* by @vcpu. Note that this call may fail if the underlying virtualization
* hypervisor does not support adding cpu's with specific ID or if maximum
* number of CPUs is arbitrary limited.
*
* The @vcpu parameter identifies the vcpu ID the new vcpu should be
attached
* to. If -1 is specified, the new cpu is added to the first available ID.
*
* @flags may include VIR_DOMAIN_AFFECT_LIVE to affect a running
* domain (which may fail if domain is not active), or
* VIR_DOMAIN_AFFECT_CONFIG to affect the next boot via the XML
* description of the domain. Both flags may be set.
* If neither flag is specified (that is, @flags is
VIR_DOMAIN_AFFECT_CURRENT),
* then an inactive domain modifies persistent setup, while an active
domain
* is hypervisor-dependent on whether just live or both live and persistent
* state is changed.
*
* Returns 0 in case of success, -1 in case of failure.
*/
int
virDomainAddVcpu(virDomainPtr domain,
int vcpu,
unsigned int flags)
/**
* virDomainRemoveVcpu:
* @domain: pointer to domain object
* @vcpu: ID of the vcpu socket to plug the virtual CPU to
* @flags: bitwise-OR of virDomainModificationImpact
*
* Dynamicaly remove a CPU from the domain. Remove the the vcpu with ID
* specified by @vcpu. Note that this call may fail if the underlying
* virtualization hypervisor does not support hot-unplugging vcpus with
* specific ID or vcpus in general.
*
* The @vcpu parameter identifies the vcpu ID that should be removed.
* If -1 is specified, the cpu with the highest ID is removed.
*
* @flags may include VIR_DOMAIN_AFFECT_LIVE to affect a running
* domain (which may fail if domain is not active), or
* VIR_DOMAIN_AFFECT_CONFIG to affect the next boot via the XML
* description of the domain. Both flags may be set.
* If neither flag is specified (that is, @flags is
VIR_DOMAIN_AFFECT_CURRENT),
* then an inactive domain modifies persistent setup, while an active
domain
* is hypervisor-dependent on whether just live or both live and persistent
* state is changed.
*
* Returns 0 in case of success, -1 in case of failure.
*/
int
virDomainRemoveVcpu(virDomainPtr domain,
int vcpu,
unsigned int flags)
What are your thoughts on this?
Thanks
Peter
12 years, 10 months
[libvirt] segment fault from libvirtmod
by Guannan Ren
Hi,
The Makefile.am in python forget to add probes.o if WITH_DTRACE
but after I added it and tried to connect, using
libvirt.open("qemu:///system")
in python , it reported: "segment fault"
I tried to figure out, but failed. If anyone can help this, thanks.
The following is the backtrace:
#0 0x0000003c62a810a4 in free () from /lib64/libc.so.6
#1 0x00007ffff1836f29 in virFree (ptrptr=0x6a6a28) at
util/memory.c:310
#2 0x00007ffff1849692 in virResetError (err=0x6a6a20) at
util/virterror.c:387
#3 0x00007ffff13e2761 in do_open (name=0x7ffff7ed6444
"qemu:///system", auth=0x0, flags=0) at libvirt.c:1093
#4 0x00007ffff13e4d44 in virConnectOpen (name=0x7ffff7ed6444
"qemu:///system") at libvirt.c:1350
#5 0x00007ffff1824879 in libvirt_virConnectOpen
(self=<optimized out>, args=<optimized out>) at libvirt.c:3637
#6 0x0000003c652dffbb in PyEval_EvalFrameEx () from
/usr/lib64/libpython2.7.so.1.0
#7 0x0000003c652e0580 in PyEval_EvalFrameEx () from
/usr/lib64/libpython2.7.so.1.0
#8 0x0000003c652e15a5 in PyEval_EvalCodeEx () from
/usr/lib64/libpython2.7.so.1.0
#9 0x0000003c652e16d2 in PyEval_EvalCode () from
/usr/lib64/libpython2.7.so.1.0
#10 0x0000003c652fb9ec in ?? () from /usr/lib64/libpython2.7.so.1.0
#11 0x0000003c652fc7f0 in PyRun_FileExFlags () from
/usr/lib64/libpython2.7.so.1.0
#12 0x0000003c652fd26f in PyRun_SimpleFileExFlags () from
/usr/lib64/libpython2.7.so.1.0
#13 0x0000003c6530e745 in Py_Main () from
/usr/lib64/libpython2.7.so.1.0
#14 0x0000003c62a2169d in __libc_start_main () from /lib64/libc.so.6
#15 0x0000000000400651 in _start ()
Guannan Ren
12 years, 10 months
[libvirt] [test-API][PATCH] Add 8 new APIs in domainAPI
by Wayne Sun
* new APIs
reset(self, domname, flag = 0)
get_vcpu_pin_info(self, domname, flag)
is_updated(self, domname)
inject_NMI(self, domname, flag = 0)
open_console(self, domname, dev_name, stream, flag = 0)
open_graphics(self, domname, idx, fd, flag = 1)
screenshot(self, domname, stream, screen, flag = 0)
get_migrate_max_speed(self, domname, flag = 0)
A bug is filed to migrateGetMaxSpeed() about parameters, it'll
affect get_migrate_max_speed() function, but the parameters should
remain the status quo. Change will be followed up anyway.
open_graphics() will not work now for lack qemu support, missing
add_client qemu command.
for dev_name in open_console, pass the alias name of console, serial
or parallel port.
* deleted outdated function get_ref(self, domname)
---
lib/domainAPI.py | 91 +++++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 83 insertions(+), 8 deletions(-)
diff --git a/lib/domainAPI.py b/lib/domainAPI.py
index 91f2ba3..a8086ab 100644
--- a/lib/domainAPI.py
+++ b/lib/domainAPI.py
@@ -261,6 +261,16 @@ class DomainAPI(object):
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
+ def reset(self, domname, flag = 0):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ retval = dom_obj.reset(flag)
+ return retval
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
def get_info(self, domname):
try:
dom_obj = self.get_domain_by_name(domname)
@@ -335,36 +345,46 @@ class DomainAPI(object):
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def get_ref(self, domname):
+ def get_vcpus(self, domname):
try:
dom_obj = self.get_domain_by_name(domname)
- ref = dom_obj.ref()
- return ref
+ vcpu_info = dom_obj.vcpus()
+ return vcpu_info
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def get_vcpus(self, domname):
+ def set_pin_vcpu(self, domname, vcpu, cpumap):
try:
dom_obj = self.get_domain_by_name(domname)
- vcpu_info = dom_obj.vcpus()
- return vcpu_info
+ pin_vcpu = dom_obj.pinVcpu(vcpu, cpumap)
+ return pin_vcpu
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def set_pin_vcpu(self, domname, vcpu, cpumap):
+ def set_pin_vcpu_flags(self, domname, vcpu, cpumap, flag):
try:
dom_obj = self.get_domain_by_name(domname)
- pin_vcpu = dom_obj.pinVcpu(vcpu, cpumap)
+ pin_vcpu = dom_obj.pinVcpuFlags(vcpu, cpumap, flag)
return pin_vcpu
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
+ def get_vcpu_pin_info(self, domname, flag):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ pin_vcpu_info = dom_obj.vcpuPinInfo(flag)
+ return pin_vcpu_info
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
def get_uuid(self, domname):
try:
dom_obj = self.get_domain_by_name(domname)
@@ -716,6 +736,15 @@ class DomainAPI(object):
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
+ def is_updated(self, domname):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.isUpdated()
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
def job_info(self, domname):
try:
dom_obj = self.get_domain_by_name(domname)
@@ -878,6 +907,50 @@ class DomainAPI(object):
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
+ def inject_NMI(self, domname, flag = 0):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.injectNMI(flag)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def open_console(self, domname, dev_name, stream, flag = 0):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.openConsole(dev_name, stream, flag)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def open_graphics(self, domname, idx, fd, flag = 1):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.openGraphics(idx, fd, flag)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def screenshot(self, domname, stream, screen, flag = 0):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.screenshot(stream, screen, flag)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def get_migrate_max_speed(self, domname, flag = 0):
+ try:
+ dom_obj = self.get_domain_by_name(domname)
+ return dom_obj.migrateGetMaxSpeed(flag)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
# DomainState
VIR_DOMAIN_NOSTATE = 0
@@ -903,3 +976,5 @@ VIR_DOMAIN_AFFECT_CURRENT = 0
VIR_DOMAIN_AFFECT_LIVE = 1
VIR_DOMAIN_AFFECT_CONFIG = 2
+# virDomainOpenGraphicsFlags
+VIR_DOMAIN_OPEN_GRAPHICS_SKIPAUTH = 1
--
1.7.1
12 years, 10 months
[libvirt] [test-API][PATCH v2 2/2] Add and update functions in streamAPI
by Wayne Sun
* accpet connection object and stream flag as parameter in __init__
remove connect function for connction is given in as parameter.
* remove newStream() from each function
create new stream object in __init__.
function also need flags parameter.
* Add 5 new functions
screenshot(self, domain, screen, flags = 0)
download(self, vol, offset, length, flags = 0)
upload(self, vol, offset, length, flags = 0)
recvAll(self, handler, opaque)
sendAll(self, handler, opaque)
for recvAll and sendAll, handler is a user defined function which
write/read data to/from file.
---
lib/streamAPI.py | 75 ++++++++++++++++++++++++++++++++++++------------------
1 files changed, 50 insertions(+), 25 deletions(-)
diff --git a/lib/streamAPI.py b/lib/streamAPI.py
index bc7d217..4da57ca 100644
--- a/lib/streamAPI.py
+++ b/lib/streamAPI.py
@@ -38,76 +38,101 @@ append_path(result.group(0))
import exception
class StreamAPI(object):
- def __init__(self, connection):
+ def __init__(self, connection, flag = 0):
self.conn = connection
+ self.stream_obj = self.conn.newStream(flag)
- def abort(self, flag = 0):
+ def abort(self):
try:
- stream_obj = newStream(flag)
- return stream_obj.abort()
+ return self.stream_obj.abort()
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def connect(self, flag = 0):
+ def finish(self):
try:
- stream_obj = newStream(flag)
- return stream_obj.connect()
+ return self.stream_obj.finish()
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def finish(self, flag = 0):
+ def recv(self, nbytes):
try:
- stream_obj = newStream(flag)
- return stream_obj.finish()
+ return self.stream_obj.recv(nbytes)
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def recv(self, flag = 0, data, nbytes):
+ def send(self, data):
try:
- stream_obj = newStream(flag)
- return stream_obj.recv(data, nbytes)
+ return self.stream_obj.send(data)
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def send(self, flag = 0, data, nbytes):
+ def eventAddCallback(self, cb, opaque):
try:
- stream_obj = newStream(flag)
- return stream_obj.send(data, nbytes)
+ return self.stream_obj.eventAddCallback(cb, opaque)
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def eventAddCallback(self, flag = 0, cb, opaque):
+ def eventRemoveCallback(self):
try:
- stream_obj = newStream(flag)
- return stream_obj.eventAddCallback(cb, opaque)
+ return self.stream_obj.eventRemoveCallback()
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def eventRemoveCallback(self, flag = 0):
+ def eventUpdateCallback(self, events):
try:
- stream_obj = newStream(flag)
- return stream_obj.eventRemoveCallback()
+ return self.stream_obj.eventUpdateCallback(events)
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
raise exception.LibvirtAPI(message, code)
- def eventUpdateCallback(self, flag = 0, events)
+ def screenshot(self, domain, screen, flags = 0):
try:
- stream_obj = newStream(flag)
- return stream_obj.eventUpdateCallback(events)
+ return self.stream_obj.screenshot(domain, screen, flags)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def download(self, vol, offset, length, flags = 0):
+ try:
+ return self.stream_obj.download(vol, offset, length, flags)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def upload(self, vol, offset, length, flags = 0):
+ try:
+ return self.stream_obj.upload(vol, offset, length, flags)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def recvAll(self, handler, opaque):
+ try:
+ return self.stream_obj.recvAll(handler, opaque)
+ except libvirt.libvirtError, e:
+ message = e.get_error_message()
+ code = e.get_error_code()
+ raise exception.LibvirtAPI(message, code)
+
+ def sendAll(self, handler, opaque):
+ try:
+ return self.stream_obj.sendAll(handler, opaque)
except libvirt.libvirtError, e:
message = e.get_error_message()
code = e.get_error_code()
--
1.7.1
12 years, 10 months
[libvirt] [PATCH 1/1] Clarify the purpose of domxml-from-native (v2)
by Dave Allan
Someone mentioned to me that they interpreted this section of the KVM
driver page as suggesting that new guests should be created by
creating a qemu commandline and converting it to XML with
domxml-from-native. I don't think that's the intent of
domxml-from-native, so I added that clarification.
v2
Suggstion from eblake: Add link to the applications page
---
docs/drvqemu.html.in | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index fa5496c..fc76829 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -432,9 +432,16 @@ mount -t cgroup none /dev/cgroup -o devices
<h3><a name="xmlimport">Converting from QEMU args to domain XML</a></h3>
<p>
- The <code>virsh domxml-from-native</code> provides a way to convert an
- existing set of QEMU args into a guest description using libvirt Domain XML
- that can then be used by libvirt.
+ The <code>virsh domxml-from-native</code> provides a way to
+ convert an existing set of QEMU args into a guest description
+ using libvirt Domain XML that can then be used by libvirt.
+ Please note that this command is intended to be used to convert
+ existing qemu guests previously started from the command line to
+ be managed through libvirt. It should not be used a method of
+ creating new guests from scratch. New guests should be created
+ using an application calling the libvirt APIs (see
+ the <a href="apps.html">libvirt applications page</a> for some
+ examples) or by manually crafting XML to pass to virsh.
</p>
<pre>$ cat > demo.args <<EOF
--
1.7.7.6
12 years, 10 months
[libvirt] [PATCH] xen-xm: SIGSEGV in xenXMDomainDefineXML: filename
by Philipp Hahn
filename is not initialized to NULL while it's unconditionally freed in
the error path.
Signed-off-by: Philipp Hahn <hahn(a)univention.de>
---
src/xen/xm_internal.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
index 3cb315a..5acac8b 100644
--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
@@ -1070,7 +1070,7 @@ int xenXMDomainCreate(virDomainPtr domain) {
virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml)
{
virDomainPtr ret;
- char *filename;
+ char *filename = NULL;
const char *oldfilename;
virDomainDefPtr def = NULL;
virConfPtr conf = NULL;
--
1.7.1
12 years, 10 months
[libvirt] [PATCH] xen-xm: fix data loss in domain edit
by Philipp Hahn
On CentOS5:
If "virsh edit $DOM" is used and an error happens (for example changing
any live cycle action to a non-existing value), libvirt forgets that
$DOM exists, since it is already removed from the internal hash tables,
which are used for domain lookup.
In once case (unreproducible) even the persistent configuration
/etc/xen/$DOM was deleted.
Instead of using the compound function xenXMConfigSaveFile() explicitly
use xenFomatXM() and virConfWriteFile() to distinguish between a failure
in converting the libvirt definition to the xen-xm format and a problem
when writing the file.
Signed-off-by: Philipp Hahn <hahn(a)univention.de>
---
src/xen/xm_internal.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
index 02a0e1d..3cb315a 100644
--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
@@ -1073,6 +1073,7 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml)
char *filename;
const char *oldfilename;
virDomainDefPtr def = NULL;
+ virConfPtr conf = NULL;
xenXMConfCachePtr entry = NULL;
xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) conn->privateData;
@@ -1101,6 +1102,9 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml)
return (NULL);
}
+ if (!(conf = xenFormatXM(conn, def, priv->xendConfigVersion)))
+ goto error;
+
/*
* check that if there is another domain defined with the same uuid
* it has the same name
@@ -1156,7 +1160,7 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml)
if (!(filename = virFileBuildPath(priv->configDir, def->name, NULL)))
goto error;
- if (xenXMConfigSaveFile(conn, filename, def) < 0)
+ if (virConfWriteFile(filename, conf) < 0)
goto error;
if (VIR_ALLOC(entry) < 0) {
@@ -1199,6 +1203,7 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml)
if (entry)
VIR_FREE(entry->filename);
VIR_FREE(entry);
+ virConfFree(conf);
virDomainDefFree(def);
xenUnifiedUnlock(priv);
return (NULL);
--
1.7.1
12 years, 10 months
[libvirt] [PATCH 1/1] Clarify the purpose of domxml-from-native
by Dave Allan
Someone mentioned to me that they interpreted this section of the KVM
driver page as suggesting that new guests should be created by
creating a qemu commandline and converting it to XML with
domxml-from-native. I don't think that's the intent of
domxml-from-native, so I added that clarification.
---
docs/drvqemu.html.in | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index fa5496c..09c4f95 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -432,9 +432,15 @@ mount -t cgroup none /dev/cgroup -o devices
<h3><a name="xmlimport">Converting from QEMU args to domain XML</a></h3>
<p>
- The <code>virsh domxml-from-native</code> provides a way to convert an
- existing set of QEMU args into a guest description using libvirt Domain XML
- that can then be used by libvirt.
+ The <code>virsh domxml-from-native</code> provides a way to
+ convert an existing set of QEMU args into a guest description
+ using libvirt Domain XML that can then be used by libvirt.
+ Please note that this command is intended to be used to convert
+ existing qemu guests previously started from the command line to
+ be managed through libvirt. It should not be used a method of
+ creating new guests from scratch. New guests should be created
+ using an application calling the libvirt APIs or by manually
+ crafting XML to pass to virsh.
</p>
<pre>$ cat > demo.args <<EOF
--
1.7.7.6
12 years, 10 months