August 2012 - Devel - libvirt List Archives

Re: [libvirt] [PATCH v1 1/2] Backcompt for console devices in virDomainDeviceInfoIterate
by Li Zhang 22 Aug '12

22 Aug '12

Hi Daniel and Eric, Would you please help review this patch? This is one bug fix for pSeries. x86 doesn't have such a problem, because serial devices has no bus address on x86. I think this won't break x86. On 2012年08月08日 22:52, Li Zhang wrote: > Histrically, the first <console> element is treated as the > alias of a <serial> device. In the virDomainDeviceInfoIterate, > This situation is not considered. It still handles the first <console> > element as another devices, which means that for console[0] with > serial targetType, it calls callback function another time. > It will cause the problem of address conflicts when assigning > spapr-vio address for serial device on pSeries guest. > > The following describes the problem: > > For pSeries guest, the serial configuration in the xml file > is as the following: > <serial type='pty'> > <target port='0'/> > <address type='spapr-vio'/> > </serial> > > There is no console configuration in this file. The dumped xml file > is as the following: > <serial type='pty'> > <source path='/dev/pts/5'/> > <target port='0'/> > <alias name='serial0'/> > <address type='spapr-vio' reg='0x30000000'/> > </serial> > <console type='pty' tty='/dev/pts/5'> > <source path='/dev/pts/5'/> > <target type='serial' port='0'/> > <alias name='serial0'/> > <address type='spapr-vio' reg='0x30000000'/> > </console> > > It shows that the <console> device is the alias of serial device. > So its address is the same as the serial device. When dectecting > the conflicts in the qemuAssignSpaprVIOAddress the first console > and the serial device conflicts because virDomainDeviceInfoIterate() > still handle these are two different devices, and in the qemuAssignSpaprVIOAddress(), > it will compare these two devices' addressed. If they have same address, > it will report address error. Actually, they should have the same address, > and the error shouldn't be reported. > > So this patch is to handle the first console which targetType is serial > as the alias of serial device to avoid address conflicts error reported. > > Signed-off-by: Li Zhang <zhlcindy(a)linux.vnet.ibm.com> > --- > src/conf/domain_conf.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index d8c0969..cddf6ce 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -2035,6 +2035,9 @@ int virDomainDeviceInfoIterate(virDomainDefPtr def, > return -1; > } > for (i = 0; i < def->nconsoles ; i++) { > + if ((STREQ(def->os.type, "hvm")) && i == 0 && > + def->consoles[i]->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) > + continue; > device.data.chr = def->consoles[i]; > if (cb(def, &device, &def->consoles[i]->info, opaque) < 0) > return -1; -- Li Zhang IBM China Linux Technology Centre

2 1

[libvirt] [PATCH 0/2 v3] Storage: Allow pool building while creating it
by Osier Yang 22 Aug '12

22 Aug '12

v2 - v3: * Just rebase on the top. We tries to start the pool while creating a transicient pool, if the pool target is not existed yet, we must fail on starting, and thus we see many users raise up the problem on either list or bugzilla. Patch 2/3 and 3/3 are to fix the problem by introducing flags to allow the pool building for APIs virStoragePoolCreate and virStoragePoolCreateXML, and expose the flags to commands pool-create/pool-create-as/pool-start. Osier Yang (2): storage: New flags to allow building the pool while creating it virsh: New options for the 3 pool commands to allow pool building include/libvirt/libvirt.h.in | 13 +++++ src/libvirt.c | 4 +- src/storage/storage_driver.c | 38 +++++++++++++++- tools/virsh-pool.c | 100 +++++++++++++++++++++++++++++++++++++++--- tools/virsh.pod | 27 ++++++++++- 5 files changed, 169 insertions(+), 13 deletions(-) -- 1.7.7.3

2 4

[libvirt] [PATCH v4] network: use firewalld instead of iptables, when available
by Laine Stump 22 Aug '12

22 Aug '12

From: Thomas Woerner <twoerner(a)redhat.com> (This is Thomas v3 version of 1/2 of the firewalld patches, modified to check for firewall-cmd and firewalld state only once, rather than every time an iptables rule is added or removed. It's not intended to be pushed, because I'm still having issues with it, at least on my machine. I'm mostly concerned with item (1) on the list below; the others could be solved later or tolerated.) * configure.ac, spec file: firewalld defaults to enabled if dbus is available, otherwise is disabled. If --with_firewalld is explicitly requested and dbus is not available, configure will fail. * bridge_driver: add dbus filters to get the FirewallD1.Reloaded signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1. When these are encountered, reload all the iptables reuls of all libvirt's virtual networks (similar to what happens when libvirtd is restarted). * iptables, ebtables: use firewall-cmd's direct passthrough interface when available, otherwise use iptables and ebtables commands. This decision is made once the first time libvirt calls iptables/ebtables, and that decision is maintained for the life of libvirtd. * Note that the nwfilter part of this patch was separated out into another patch by Stefan in V2, so that needs to be revised and re-reviewed as well. ================ All the configure.ac and specfile changes are unchanged from Thomas' V3. V3 re-ran "firewall-cmd --state" every time a new rule was added, which was extremely inefficient. V4 uses VIR_ONCE_GLOBAL_INIT to set up a one-time initialization function. The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called vir(Ip|Eb)OnceInit(), which will then be called the first time that the static function vir(Ip|Eb)TablesInitialize() is called (that function is defined for you by the macro). This is thread-safe, so there is no chance of any race. IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init functions (one for iptables, on for ebtables) as VIR_WARN so that I don't have to turn on all the other debug message just to see these. Even if this patch doesn't need any other modification, those messages need to be changed to VIR_DEBUG before pushing. This one-time initialization works well. However, I've encountered problems with testing: 1) Whenever I have enabled the firewalld service, *all* attempts to call firewall-cmd from within libvirtd end with firewall-cmd hanging internally somewhere. This is *not* the case if firewall-cmd returns non-0 in response to "firewall-cmd --state" (i.e. *that* command runs and returns to libvirt successfully.) 2) If I start libvirtd while firewalld is stopped, then start firewalld later, this triggers libvirtd to reload its iptables rules, however it also spits out a *ton* of complaints about deletion failing (I suppose because firewalld has nuked all of libvirt's rules). I guess we need to suppress those messages (which is a more annoying problem to fix than you might think, but that's another story). 3) I noticed a few times during this long line of errors that firewalld made a complaint about "Resource Temporarily unavailable. Having libvirtd access iptables commands directly at the same time as firewalld is doing so is apparently problematic. 4) In general, I'm concerned about the "set it once and never change it" method - if firewalld is disabled at libvirtd startup, causing libvirtd to always use iptables/ebtables directly, this won't cause *terrible* problems, but if libvirtd decides to use firewall-cmd and firewalld is later disabled, libvirtd will not be able to recover. --- AUTHORS | 2 +- configure.ac | 17 +++++++++++++++ libvirt.spec.in | 11 ++++++++++ src/Makefile.am | 4 ++-- src/network/bridge_driver.c | 49 ++++++++++++++++++++++++++++++++++++++++++ src/util/ebtables.c | 52 ++++++++++++++++++++++++++++++++++++++++++++- src/util/iptables.c | 49 +++++++++++++++++++++++++++++++++++++++--- 7 files changed, 177 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index 8581aea..5dec3a2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -257,7 +257,7 @@ Patches have also been contributed by: Frido Roose <frido.roose(a)gmail.com> Asad Saeed <asad.saeed(a)acidseed.com> Sukadev Bhattiprolu <sukadev(a)linux.vnet.ibm.com> - + Thomas Woerner <twoerner(a)redhat.com> [....send patches to get your name here....] The libvirt Logo was designed by Diana Fong diff --git a/configure.ac b/configure.ac index ba5a3cd..0150f99 100644 --- a/configure.ac +++ b/configure.ac @@ -1321,6 +1321,22 @@ AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"]) AC_SUBST([POLKIT_CFLAGS]) AC_SUBST([POLKIT_LIBS]) +dnl firewalld +AC_ARG_WITH([firewalld], + AC_HELP_STRING([--with-firewalld], [enable firewalld support @<:@default=check@:>@]), + [], + [with_firewalld=check]) +if test "x$with_firewalld" = "xcheck" ; then + with_firewalld=$with_dbus +fi +if test "x$with_firewalld" == "xyes" ; then + if test "x$with_dbus" != "xyes" ; then + AC_MSG_ERROR([You must have dbus enabled for firewalld support]) + fi + AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled]) +fi +AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"]) + dnl Avahi library AC_ARG_WITH([avahi], AC_HELP_STRING([--with-avahi], [use avahi to advertise remote daemon @<:@default=check@:>@]), @@ -3028,6 +3044,7 @@ AC_MSG_NOTICE([ sanlock: $SANLOCK_CFLAGS $SANLOCK_LIBS]) else AC_MSG_NOTICE([ sanlock: no]) fi +AC_MSG_NOTICE([firewalld: $with_firewalld]) if test "$with_avahi" = "yes" ; then AC_MSG_NOTICE([ avahi: $AVAHI_CFLAGS $AVAHI_LIBS]) else diff --git a/libvirt.spec.in b/libvirt.spec.in index 67b955a..ea2fd88 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -106,6 +106,7 @@ %define with_sanlock 0%{!?_without_sanlock:0} %define with_systemd 0%{!?_without_systemd:0} %define with_numad 0%{!?_without_numad:0} +%define with_firewalld 0%{!?_without_firewalld:0} # Non-server/HV driver defaults which are always enabled %define with_python 0%{!?_without_python:1} @@ -146,6 +147,11 @@ %define with_systemd 1 %endif +# Fedora 18 / RHEL-7 are first where firewalld support is enabled +%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 +%define with_firewalld 1 +%endif + # RHEL-5 has restricted QEMU to x86_64 only and is too old for LXC %if 0%{?rhel} == 5 %define with_qemu_tcg 0 @@ -1182,6 +1188,10 @@ of recent versions of Linux (and other OSes). %define _without_driver_modules --without-driver-modules %endif +%if %{with_firewalld} +%define _with_firewalld --with-firewalld +%endif + %define when %(date +"%%F-%%T") %define where %(hostname) %define who %{?packager}%{!?packager:Unknown} @@ -1240,6 +1250,7 @@ autoreconf -if %{?_without_audit} \ %{?_without_dtrace} \ %{?_without_driver_modules} \ + %{?_with_firewalld} \ %{with_packager} \ %{with_packager_version} \ --with-qemu-user=%{qemu_user} \ diff --git a/src/Makefile.am b/src/Makefile.am index b5f8056..6a94ecc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -988,7 +988,7 @@ libvirt_driver_network_la_SOURCES = libvirt_driver_network_la_LIBADD = libvirt_driver_network_impl.la if WITH_DRIVER_MODULES mod_LTLIBRARIES += libvirt_driver_network.la -libvirt_driver_network_la_LIBADD += ../gnulib/lib/libgnu.la $(LIBNL_LIBS) +libvirt_driver_network_la_LIBADD += ../gnulib/lib/libgnu.la $(LIBNL_LIBS) $(DBUS_LIBS) libvirt_driver_network_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS) else noinst_LTLIBRARIES += libvirt_driver_network.la @@ -998,7 +998,7 @@ endif libvirt_driver_network_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ - -I$(top_srcdir)/src/conf $(AM_CFLAGS) + -I$(top_srcdir)/src/conf $(AM_CFLAGS) $(DBUS_CFLAGS) libvirt_driver_network_impl_la_SOURCES = $(NETWORK_DRIVER_SOURCES) endif EXTRA_DIST += network/default.xml diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 474bbfa..e3f0c1c 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -62,6 +62,7 @@ #include "virnetdevbridge.h" #include "virnetdevtap.h" #include "virnetdevvportprofile.h" +#include "virdbus.h" #define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network" #define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network" @@ -249,6 +250,25 @@ networkAutostartConfigs(struct network_driver *driver) { } } +#if HAVE_FIREWALLD +static DBusHandlerResult +firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED, + DBusMessage *message, void *user_data) { + struct network_driver *_driverState = user_data; + + if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, + "NameOwnerChanged") || + dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", + "Reloaded")) + { + VIR_DEBUG("Reload in bridge_driver because of firewalld."); + networkReloadIptablesRules(_driverState); + } + + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; +} +#endif + /** * networkStartup: * @@ -257,6 +277,9 @@ networkAutostartConfigs(struct network_driver *driver) { static int networkStartup(int privileged) { char *base = NULL; +#ifdef HAVE_FIREWALLD + DBusConnection *sysbus = NULL; +#endif if (VIR_ALLOC(driverState) < 0) goto error; @@ -323,6 +346,32 @@ networkStartup(int privileged) { networkDriverUnlock(driverState); +#ifdef HAVE_FIREWALLD + if (!(sysbus = virDBusGetSystemBus())) { + virErrorPtr err = virGetLastError(); + VIR_WARN("DBus not available, disabling firewalld support " + "in bridge_driver: %s", err->message); + } else { + /* add matches for + * NameOwnerChanged on org.freedesktop.DBus for firewalld start/stop + * Reloaded on org.fedoraproject.FirewallD1 for firewalld reload + */ + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='"DBUS_INTERFACE_DBUS"'" + ",member='NameOwnerChanged'" + ",arg0='org.fedoraproject.FirewallD1'", + NULL); + dbus_bus_add_match(sysbus, + "type='signal'" + ",interface='org.fedoraproject.FirewallD1'" + ",member='Reloaded'", + NULL); + dbus_connection_add_filter(sysbus, firewalld_dbus_filter_bridge, + driverState, NULL); + } +#endif + return 0; out_of_memory: diff --git a/src/util/ebtables.c b/src/util/ebtables.c index ca056b1..1a78f89 100644 --- a/src/util/ebtables.c +++ b/src/util/ebtables.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2010 Red Hat, Inc. + * Copyright (C) 2007-2012 Red Hat, Inc. * Copyright (C) 2009 IBM Corp. * * This library is free software; you can redistribute it and/or @@ -45,6 +45,38 @@ #include "memory.h" #include "virterror_internal.h" #include "logging.h" +#include "threads.h" + +#if HAVE_FIREWALLD +static char *firewall_cmd_path = NULL; + +static int +virEbTablesOnceInit(void) +{ + firewall_cmd_path = virFindFileInPath("firewall-cmd"); + if (!firewall_cmd_path) { + VIR_WARN("firewall-cmd not found on system. " + "firewalld support disabled for ebtables."); + } else { + virCommandPtr cmd = virCommandNew(firewall_cmd_path); + int status; + + virCommandAddArgList(cmd, "--state", NULL); + if (virCommandRun(cmd, &status) < 0 || status != 0) { + VIR_WARN("firewall-cmd found but disabled for ebtables"); + VIR_FREE(firewall_cmd_path); + firewall_cmd_path = NULL; + } else { + VIR_WARN("using firewalld for ebtables commands"); + } + virCommandFree(cmd); + } + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virEbTables) + +#endif struct _ebtablesContext { @@ -181,6 +213,12 @@ ebtablesAddRemoveRule(ebtRules *rules, int action, const char *arg, ...) 2 + /* --insert bar */ 1; /* arg */ +#if HAVE_FIREWALLD + virEbTablesInitialize(); + if (firewall_cmd_path) + n += 3; /* --direct --passthrough eb */ +#endif + va_start(args, arg); while (va_arg(args, const char *)) n++; @@ -192,6 +230,18 @@ ebtablesAddRemoveRule(ebtRules *rules, int action, const char *arg, ...) n = 0; +#if HAVE_FIREWALLD + if (firewall_cmd_path) { + if (!(argv[n++] = strdup(firewall_cmd_path))) + goto error; + if (!(argv[n++] = strdup("--direct"))) + goto error; + if (!(argv[n++] = strdup("--passthrough"))) + goto error; + if (!(argv[n++] = strdup("eb"))) + goto error; + } else +#endif if (!(argv[n++] = strdup(EBTABLES_PATH))) goto error; diff --git a/src/util/iptables.c b/src/util/iptables.c index b23aca9..d8fdd3b 100644 --- a/src/util/iptables.c +++ b/src/util/iptables.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2011 Red Hat, Inc. + * Copyright (C) 2007-2012 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -43,6 +43,38 @@ #include "memory.h" #include "virterror_internal.h" #include "logging.h" +#include "threads.h" + +#if HAVE_FIREWALLD +static char *firewall_cmd_path = NULL; + +static int +virIpTablesOnceInit(void) +{ + firewall_cmd_path = virFindFileInPath("firewall-cmd"); + if (!firewall_cmd_path) { + VIR_WARN("firewall-cmd not found on system. " + "firewalld support disabled for iptables."); + } else { + virCommandPtr cmd = virCommandNew(firewall_cmd_path); + int status; + + virCommandAddArgList(cmd, "--state", NULL); + if (virCommandRun(cmd, &status) < 0 || status != 0) { + VIR_WARN("firewall-cmd found but disabled for iptables"); + VIR_FREE(firewall_cmd_path); + firewall_cmd_path = NULL; + } else { + VIR_WARN("using firewalld for iptables commands"); + } + virCommandFree(cmd); + } + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virIpTables) + +#endif #define VIR_FROM_THIS VIR_FROM_NONE @@ -101,11 +133,22 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action, { va_list args; int ret; - virCommandPtr cmd; + virCommandPtr cmd = NULL; const char *s; - cmd = virCommandNew((family == AF_INET6) +#if HAVE_FIREWALLD + virIpTablesInitialize(); + if (firewall_cmd_path) { + cmd = virCommandNew(firewall_cmd_path); + virCommandAddArgList(cmd, "--direct", "--passthrough", + (family == AF_INET6) ? "ipv6" : "ipv4", NULL); + } +#endif + + if (cmd == NULL) { + cmd = virCommandNew((family == AF_INET6) ? IP6TABLES_PATH : IPTABLES_PATH); + } virCommandAddArgList(cmd, "--table", rules->table, action == ADD ? "--insert" : "--delete", -- 1.7.11.4

3 5

[libvirt] [PATCH V2 0/2] (Basic) FirewallD support
by Stefan Berger 22 Aug '12

22 Aug '12

The following two patches provide basic firewalld support for libvirt. I took Thomas Woerner's patches and modified them where needed. Stefan

5 9

[libvirt] [PATCH] command: avoid double close in virExecWithHook
by Ján Tomko 22 Aug '12

22 Aug '12

Fix possible double close in the child process after the fork in case infd and outfd are equal, just like they are after being called from virNetSocketNewConnectCommand. --- src/util/command.c | 14 +++++--------- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/src/util/command.c b/src/util/command.c index 7755572..49ec178 100644 --- a/src/util/command.c +++ b/src/util/command.c @@ -547,17 +547,13 @@ virExecWithHook(const char *const*argv, goto fork_error; } - if (infd != STDIN_FILENO && infd != null) + if (infd != STDIN_FILENO && infd != null && infd != childerr && + infd != childout) VIR_FORCE_CLOSE(infd); - if (childout > STDERR_FILENO && childout != null) { - tmpfd = childout; /* preserve childout value */ - VIR_FORCE_CLOSE(tmpfd); - } - if (childerr > STDERR_FILENO && - childerr != childout && - childerr != null) { + if (childout > STDERR_FILENO && childout != null && childout != childerr) + VIR_FORCE_CLOSE(childout); + if (childerr > STDERR_FILENO && childerr != null) VIR_FORCE_CLOSE(childerr); - } VIR_FORCE_CLOSE(null); /* Initialize full logging for a while */ -- 1.7.8.6

3 2

[libvirt] [PATCH] sanlock: Provide better error if lockspace directory is missing
by Jiri Denemark 22 Aug '12

22 Aug '12

Generating "Unable to add lockspace /lock/space/dir/__LIBVIRT__DISKS__: No such file or directory" is correct but not exactly clear. This patch changes the error message to "Unable to create lockspace /lock/space/dir/__LIBVIRT__DISKS__: parent directory does not exist or is not a directory". --- src/locking/lock_driver_sanlock.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c index f046102..7700b31 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -35,6 +35,7 @@ #include <sanlock_resource.h> #include <sanlock_admin.h> +#include "dirname.h" #include "lock_driver.h" #include "logging.h" #include "virterror_internal.h" @@ -150,6 +151,7 @@ static int virLockManagerSanlockSetupLockspace(void) int rv; struct sanlk_lockspace ls; char *path = NULL; + char *dir = NULL; if (virAsprintf(&path, "%s/%s", driver->autoDiskLeasePath, @@ -174,6 +176,19 @@ static int virLockManagerSanlockSetupLockspace(void) */ if (stat(path, &st) < 0) { VIR_DEBUG("Lockspace %s does not yet exist", path); + + if (!(dir = mdir_name(path))) { + virReportOOMError(); + goto error; + } + if (stat(dir, &st) < 0 || !S_ISDIR(st.st_mode)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to create lockspace %s: parent directory" + " does not exist or is not a directory"), + path); + goto error; + } + if ((fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) { if (errno != EEXIST) { virReportSystemError(errno, @@ -257,6 +272,7 @@ error_unlink: error: VIR_FORCE_CLOSE(fd); VIR_FREE(path); + VIR_FREE(dir); return -1; } -- 1.7.11.1

2 2

[libvirt] [PATCH] daemon: Autodetect lock driver directory
by Jiri Denemark 22 Aug '12

22 Aug '12

When running libvirtd from a build directory, libvirtd would load lock drivers from system directory unless explicitly overridden by setting LIBVIRT_LOCK_MANAGER_PLUGIN_DIR environment variable. Since we already autodetect driver directory if libvirt is build with driver modules, we can use the same trick to automagically set lock driver directory. --- daemon/libvirtd.c | 6 ++++-- src/libvirt_private.syms | 1 + src/locking/lock_manager.c | 12 +++++++++++- src/locking/lock_manager.h | 1 + 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index f0b0a3c..5245740 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -55,6 +55,7 @@ #include "hooks.h" #include "uuid.h" #include "viraudit.h" +#include "locking/lock_manager.h" #ifdef WITH_DRIVER_MODULES # include "driver.h" @@ -971,7 +972,6 @@ int main(int argc, char **argv) { /* initialize early logging */ virLogSetFromEnv(); -#ifdef WITH_DRIVER_MODULES if (strstr(argv[0], "lt-libvirtd") || strstr(argv[0], "/daemon/.libs/libvirtd")) { char *tmp = strrchr(argv[0], '/'); @@ -990,11 +990,13 @@ int main(int argc, char **argv) { argv[0], driverdir); exit(EXIT_FAILURE); } + virLockManagerSetPluginDir(driverdir); +#ifdef WITH_DRIVER_MODULES virDriverModuleInitialize(driverdir); +#endif *tmp = '/'; /* Must not free 'driverdir' - it is still used */ } -#endif while (1) { int optidx = 0; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4cfa95f..e2d6d27 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -757,6 +757,7 @@ virLockManagerPluginUnref; virLockManagerPluginUsesState; virLockManagerPluginGetName; virLockManagerRelease; +virLockManagerSetPluginDir; # logging.h diff --git a/src/locking/lock_manager.c b/src/locking/lock_manager.c index 1d9c1bf..068327f 100644 --- a/src/locking/lock_manager.c +++ b/src/locking/lock_manager.c @@ -64,6 +64,16 @@ struct _virLockManagerPlugin { #define DEFAULT_LOCK_MANAGER_PLUGIN_DIR LIBDIR "/libvirt/lock-driver" +static const char *virLockManagerPluginDir = DEFAULT_LOCK_MANAGER_PLUGIN_DIR; + +void +virLockManagerSetPluginDir(const char *dir) +{ + if (dir) + virLockManagerPluginDir = dir; +} + + static void virLockManagerLogParams(size_t nparams, virLockManagerParamPtr params) { @@ -128,7 +138,7 @@ virLockManagerPluginPtr virLockManagerPluginNew(const char *name, driver = &virLockDriverNop; } else { if (moddir == NULL) - moddir = DEFAULT_LOCK_MANAGER_PLUGIN_DIR; + moddir = virLockManagerPluginDir; VIR_DEBUG("Module load %s from %s", name, moddir); diff --git a/src/locking/lock_manager.h b/src/locking/lock_manager.h index 25c7f7f..6a779f0 100644 --- a/src/locking/lock_manager.h +++ b/src/locking/lock_manager.h @@ -28,6 +28,7 @@ typedef struct _virLockManagerPlugin virLockManagerPlugin; typedef virLockManagerPlugin *virLockManagerPluginPtr; +void virLockManagerSetPluginDir(const char *dir); virLockManagerPluginPtr virLockManagerPluginNew(const char *name, const char *configFile, unsigned int flags); -- 1.7.11.1

2 2

[libvirt] [PATCH 00/23] Introduce a virtlockd daemon for disk locking
by Daniel P. Berrange 22 Aug '12

22 Aug '12

This is a long overdue update to a patch series I posted about a year ago https://www.redhat.com/archives/libvir-list/2011-July/msg00337.html There have been some major changes since that series - A general purpose lockspace module has been created (virLockSpacePtr in src/util/virlockspace.[ch]) - The virtlockd daemon protocol has been re-written so it only operates at the level of virLockSpacePtr APIs, and knows nothing of the usage wrt to virDomainObjPtrs - The lock driver client now translates requests for disk locks on a virDomainObjPtr into requests for resources in a lockspace managed by virtlockd. - The virtlockd daemon now has the ability to re-exec() itself to upgrade software without loosing active locks or clients - By default the locks are held directly on the file paths, rather than in a parallel "locks" directory based on sha256 checksums of the filename Still todo - Add ability to quiesce all server/client I/O when doing re-exec() - Add ability to save/restore data in any virNetMessagePtr structs in the client rx or tx queues - Add ability to use custom lockspaces for LVM and SCSI/ISCSI block devices, instead of locking based on path, to gain cross-node safety, instead of node-local safety. NB, the current re-exec() support works, but is not race safe without those first 2 todo items being completed .gitignore | 5 cfg.mk | 9 daemon/libvirtd.c | 2 daemon/remote.c | 15 daemon/remote.h | 6 include/libvirt/virterror.h | 2 libvirt.spec.in | 16 po/POTFILES.in | 5 src/Makefile.am | 182 ++++- src/internal.h | 22 src/libvirt_private.syms | 32 src/locking/domain_lock.c | 26 src/locking/lock_daemon.c | 1336 +++++++++++++++++++++++++++++++++++++ src/locking/lock_daemon.h | 56 + src/locking/lock_daemon_dispatch.c | 370 ++++++++++ src/locking/lock_daemon_dispatch.h | 31 src/locking/lock_driver_lockd.c | 561 +++++++++++++++ src/locking/lock_manager.c | 31 src/locking/lock_manager.h | 3 src/locking/lock_protocol.x | 89 ++ src/locking/virtlockd.init.in | 93 ++ src/locking/virtlockd.service.in | 13 src/locking/virtlockd.socket.in | 8 src/locking/virtlockd.sysconf | 3 src/lxc/lxc_controller.c | 24 src/lxc/lxc_monitor.c | 2 src/qemu/qemu.conf | 17 src/qemu/qemu_agent.c | 10 src/qemu/qemu_conf.c | 2 src/qemu/qemu_monitor_json.c | 12 src/qemu/test_libvirtd_qemu.aug.in | 2 src/remote/remote_driver.c | 9 src/rpc/virnetclient.c | 81 +- src/rpc/virnetclient.h | 3 src/rpc/virnetserver.c | 308 ++++++++ src/rpc/virnetserver.h | 20 src/rpc/virnetserverclient.c | 198 ++++- src/rpc/virnetserverclient.h | 28 src/rpc/virnetserverservice.c | 211 +++++ src/rpc/virnetserverservice.h | 13 src/rpc/virnetsocket.c | 128 +++ src/rpc/virnetsocket.h | 9 src/util/json.c | 9 src/util/json.h | 3 src/util/threadpool.c | 19 src/util/threadpool.h | 4 src/util/virlockspace.c | 784 +++++++++++++++++++++ src/util/virlockspace.h | 62 + src/util/virterror.c | 9 tests/Makefile.am | 7 tests/virlockspacetest.c | 363 ++++++++++ 51 files changed, 5080 insertions(+), 173 deletions(-)

2 52

[libvirt] [PATCH 0/5] support guest agent general command
by MATSUDA, Daiki 22 Aug '12

22 Aug '12

Hi, All. I rewrote the patches as Eric suggested. virsh # help qemu-agent-command NAME qemu-agent-command - Qemu Guest Agent Command SYNOPSIS qemu-agent-command <domain> [--timeout <number>] {[--cmd] <string>}... DESCRIPTION Qemu Guest Agent Command OPTIONS [--domain] <string> domain name, id or uuid --timeout <number> timeout [--cmd] <string> command virsh # qemu-agent-command RHEL58_64 '{"execute":"guest-info"}' {"return":{"version":"1.1.50","supported_commands":[{"enabled":true,"name":"guest-network-get-interfaces"},{"enabled":true,"name":"guest-suspend-hybrid"},{"enabled":true,"name":"guest-suspend-ram"},{"enabled":true,"name":"guest-suspend-disk"},{"enabled":true,"name":"guest-fsfreeze-thaw"},{"enabled":true,"name":"guest-fsfreeze-freeze"},{"enabled":true,"name":"guest-fsfreeze-status"},{"enabled":true,"name":"guest-file-flush"},{"enabled":true,"name":"guest-file-seek"},{"enabled":true,"name":"guest-file-write"},{"enabled":true,"name":"guest-file-read"},{"enabled":true,"name":"guest-file-close"},{"enabled":true,"name":"guest-file-open"},{"enabled":true,"name":"guest-shutdown"},{"enabled":true,"name":"guest-info"},{"enabled":true,"name":"guest-ping"},{"enabled":true,"name":"guest-sync"},{"enabled":true,"name":"guest-sync-delimited"}]}} virsh # qemu-agent-command RHEL58_64 '{"execute":"guest-sync", "arguments":{"id":123}}' {"return":123}

3 3

[libvirt] [PATCH] build: split driver_storage into convenience library
by Eric Blake 22 Aug '12

22 Aug '12

Commit 1d22ba95 was complete at the time, but we have since reintroduced a warning that is fixed in the same manner: CCLD storagebackendsheepdogtest *** Warning: Linking the executable storagebackendsheepdogtest against the loadable module *** libvirt_driver_storage.so is not portable! * src/Makefile.am (libvirt_driver_storage.la): Factor into new convenience library. * tests/Makefile.am (storagebackendsheepdogtest_LDADD): Link to convenience library, not shared library. --- src/Makefile.am | 49 +++++++++++++++++++++++++------------------------ tests/Makefile.am | 3 ++- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index d35edd6..2827e86 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1050,66 +1050,67 @@ libvirt_driver_secret_la_SOURCES = $(SECRET_DRIVER_SOURCES) endif # Needed to keep automake quiet about conditionals -libvirt_driver_storage_la_SOURCES = -libvirt_driver_storage_la_CFLAGS = \ +libvirt_driver_storage_impl_la_SOURCES = +libvirt_driver_storage_impl_la_CFLAGS = \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) -libvirt_driver_storage_la_LDFLAGS = $(AM_LDFLAGS) -libvirt_driver_storage_la_LIBADD = +libvirt_driver_storage_impl_la_LDFLAGS = $(AM_LDFLAGS) +libvirt_driver_storage_impl_la_LIBADD = if WITH_SECDRIVER_SELINUX -libvirt_driver_storage_la_LIBADD += $(SELINUX_LIBS) +libvirt_driver_storage_impl_la_LIBADD += $(SELINUX_LIBS) endif if WITH_SECDRIVER_APPARMOR -libvirt_driver_storage_la_LIBADD += $(APPARMOR_LIBS) +libvirt_driver_storage_impl_la_LIBADD += $(APPARMOR_LIBS) endif if HAVE_LIBBLKID -libvirt_driver_storage_la_CFLAGS += $(BLKID_CFLAGS) -libvirt_driver_storage_la_LIBADD += $(BLKID_LIBS) +libvirt_driver_storage_impl_la_CFLAGS += $(BLKID_CFLAGS) +libvirt_driver_storage_impl_la_LIBADD += $(BLKID_LIBS) endif if WITH_STORAGE +noinst_LTLIBRARIES += libvirt_driver_storage_impl.la +libvirt_driver_storage_la_SOURCES = +libvirt_driver_storage_la_LIBADD = libvirt_driver_storage_impl.la if WITH_DRIVER_MODULES mod_LTLIBRARIES += libvirt_driver_storage.la +libvirt_driver_storage_la_LIBADD += ../gnulib/lib/libgnu.la +libvirt_driver_storage_la_LDFOAGS = -module -avoid-version else noinst_LTLIBRARIES += libvirt_driver_storage.la # Stateful, so linked to daemon instead #libvirt_la_BUILT_LIBADD += libvirt_driver_storage.la endif -if WITH_DRIVER_MODULES -libvirt_driver_storage_la_LIBADD += ../gnulib/lib/libgnu.la -libvirt_driver_storage_la_LDFLAGS += -module -avoid-version -endif -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_SOURCES) -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_FS_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_FS_SOURCES) endif if WITH_STORAGE_LVM -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_LVM_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_LVM_SOURCES) endif if WITH_STORAGE_ISCSI -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_ISCSI_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_ISCSI_SOURCES) endif if WITH_STORAGE_SCSI -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_SCSI_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SCSI_SOURCES) endif if WITH_STORAGE_MPATH -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_MPATH_SOURCES) -libvirt_driver_storage_la_CFLAGS += $(DEVMAPPER_CFLAGS) -libvirt_driver_storage_la_LIBADD += $(DEVMAPPER_LIBS) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_MPATH_SOURCES) +libvirt_driver_storage_impl_la_CFLAGS += $(DEVMAPPER_CFLAGS) +libvirt_driver_storage_impl_la_LIBADD += $(DEVMAPPER_LIBS) endif if WITH_STORAGE_DISK -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_DISK_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_DISK_SOURCES) endif if WITH_STORAGE_RBD -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_RBD_SOURCES) -libvirt_driver_storage_la_LIBADD += $(LIBRBD_LIBS) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_RBD_SOURCES) +libvirt_driver_storage_impl_la_LIBADD += $(LIBRBD_LIBS) endif if WITH_STORAGE_SHEEPDOG -libvirt_driver_storage_la_SOURCES += $(STORAGE_DRIVER_SHEEPDOG_SOURCES) +libvirt_driver_storage_impl_la_SOURCES += $(STORAGE_DRIVER_SHEEPDOG_SOURCES) endif if WITH_NODE_DEVICES diff --git a/tests/Makefile.am b/tests/Makefile.am index e97a487..8cf8015 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -412,7 +412,8 @@ if WITH_STORAGE_SHEEPDOG storagebackendsheepdogtest_SOURCES = \ storagebackendsheepdogtest.c \ testutils.c testutils.h -storagebackendsheepdogtest_LDADD = ../src/libvirt_driver_storage.la $(LDADDS) +storagebackendsheepdogtest_LDADD = \ + ../src/libvirt_driver_storage_impl.la $(LDADDS) else EXTRA_DIST += storagebackendsheepdogtest.c endif -- 1.7.11.4

2 2