September 2012 - Devel - libvirt List Archives

[libvirt] [PATCH 0/7 v4] Atomic API to list networks
by Osier Yang 11 Sep '12

11 Sep '12

v3 - v4: - Just rebase on top, and split the API from the big set Osier Yang (7): list: Define new API virConnectListAllNetworks list: Implement RPC calls for virConnectListAllNetworks list: Add helpers to list network objects list: Implement listAllNetworks for network driver list: Implement listAllNetworks for test driver list: Use virConnectListAllNetworks in virsh list: Expose virConnectListAllNetworks to Python binding daemon/remote.c | 55 +++++ include/libvirt/libvirt.h.in | 20 ++ python/generator.py | 1 + python/libvirt-override-api.xml | 6 + python/libvirt-override-virConnect.py | 12 ++ python/libvirt-override.c | 48 +++++ src/conf/network_conf.c | 91 +++++++++ src/conf/network_conf.h | 22 ++ src/driver.h | 5 + src/libvirt.c | 86 ++++++++- src/libvirt_private.syms | 1 + src/libvirt_public.syms | 1 + src/network/bridge_driver.c | 17 ++ src/remote/remote_driver.c | 64 ++++++ src/remote/remote_protocol.x | 13 ++- src/remote_protocol-structs | 12 ++ src/test/test_driver.c | 17 ++ tools/virsh-network.c | 352 ++++++++++++++++++++++++-------- tools/virsh.pod | 12 +- 19 files changed, 743 insertions(+), 92 deletions(-) -- 1.7.7.3

3 20

[libvirt] libvirt use of dnsmasq to provide dhcp-ipv6 service
by Gene Czarcinski 11 Sep '12

11 Sep '12

Since around the 2.61 dnsmasq supports providing dhcp-ipv6 services. Yes, I am aware that F17, F18, and rawhide all currently have dnsmasq 2.59 ... I am currently running dnsmasq-2.63. What are the plans for supporting dhcp-ipv6 from dnsmasq? I noticed that if you plug in a dhcp range specification under an ipv6 definition in the xml configuration file that virsh net-edit does not complain about it ... it just makes it disappear! Is the code there but not enabled because you need to support earlier versions of dnsmasq? If the code is there, what is the "magic switch" to turn it on? I understand that if I do that I may well be on my own. Gene

3 3

[libvirt] RFC: take two on live update of network configuration
by Laine Stump 11 Sep '12

11 Sep '12

We need a way to update the elements of a <network> without being required to restart the network before the changes take effect. I had previously thought I could just use a new virNetworkDefineXMLFlags with an optional flag set to mean "take effect immediately", but have been discouraged from that approach. Instead, I'm considering something similar to virDomain(Attach|Update|Detach)DeviceFlags, but this could be more complicated because I would like to be able to update *anything* within the network definition hierarchy, not just the direct subelements of one level in the hierarchy (as is the case for those existing functions). Here's an example of an existing network (note that this isn't a legal network - you can't have an <ip> element and an interface pool (or a bridge name and an interface pool) in the same network; this is just so I can use a single example), and some of the things we might want to do with it: <network> <name>test1</name> <uuid>2d39a0ba-ac4b-6097-114c-50f8bccc277c</uuid> <forward mode='bridge'/> <bridge name='virbr5' stp='on' delay='0' /> <mac address='52:54:00:38:81:4D'/> <domain name='example.com'/> <forward mode='private'/> <interface dev="eth20"/> <interface dev="eth21"/> <interface dev="eth22"/> <interface dev="eth23"/> <interface dev="eth24"/> </forward> <portgroup name='engineering' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='test'/> </virtualport> <bandwidth> <inbound average='1000' peak='5000' burst='5120'/> <outbound average='1000' peak='5000' burst='5120'/> </bandwidth> </portgroup> <portgroup name='sales'> <virtualport type='802.1Qbh'> <parameters profileid='salestest'/> </virtualport> <bandwidth> <inbound average='500' peak='2000' burst='2560'/> <outbound average='128' peak='256' burst='256'/> </bandwidth> </portgroup> <dns> <txt name="example" value="example value" /> <srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/> <host ip='192.168.122.2'> <hostname>myhost</hostname> <hostname>myhostalias</hostname> </host> </dns> <ip address='10.24.75.1' netmask='255.255.255.0'> <dhcp> <range start='10.24.75.128' end='10.24.75.254' /> <host mac='52:54:3e:77:e2:ed' name='X.example.com' ip='10.24.75.10' /> <host mac='52:54:3e:77:e2:ef' name='Y.example.com' ip='10.24.75.11' /> <host mac='52:54:34:77:e2:f0' name='Z.example.com' ip='10.24.75.12' /> <host mac='52:54:3e:77:e2:f1' name='A.example.com' ip='10.24.75.13' /> </dhcp> </ip> <ip address='192.168.4.1' netmask='255.255.255.0'/> </network> Some things we might want to do to this (the first three have already been requested): 1) add or remove an interface from the interface pool, i.e. a particular <interface> sub-element of the (one and only) <forward> element. 2) add/remove/modify a portgroup entry (i.e. a specific sub-element of <network>) 3) add/remove/modify a static host entry from the <dhcp> section of a particular <ip> (so, a particular <host> sub-element of a particular <ip> element) Some others: 4) add/modify/remove a <host> (or a <txt> or an <srv> in the <dns> section 4) add/modify/remove the <domain> 5) add/modify/remove an entire <ip> element 6) turn stp on/off in the <bridge> element I can see three possible methods of providing this functionality: =========== OPTION 1) Have a single API: virNetworkUpdate(virNetworkPtr network, const char *xml, unsigned, int flags) This function would take an entire <network> specification as an arg, and replace the entire existing config. This would allow changing anything, but would also require reading the entire config beforehand. =========== OPTION 2) have a separate API for each different type of element we may want to change, e.g.: virNetworkUpdateForwardInterface(virNetworkPtr network, const char *xml, unsigned int flags); virNetworkUpdatePortgroup(virNetworkPtr network, const char *xml, unsigned int flags); virNetworkUpdateIpDhcpHost(virNetworkPtr network, const char *xml, unsigned int flags); virNetworkUpdateDnsEntry(virNetworkPtr network, const char *xml, unsigned int flags); /* The name of this one may confuse... */ virNetworkUpdateDomain(virNetworkPtr network, const char *xml, unsigned int flags); virNetworkUpdateBridge(virNetworkPtr network, const char *xml, unsigned int flags); virNetworkUpdateIpDnsHost(virNetworkPtr network, const char *xml, unsigned int flags); etc. (etc. etc.) "flags" would include: /* force add if object with matching key doesn't exist */ VIR_NETWORK_UPDATE_ADD /* delete existing object(s) that matches the xml */ VIR_NETWORK_UPDATE_DELETE /* take effect immediately */ VIR_NETWORK_UPDATE_LIVE /* persistent change */ VIR_NETWORK_UPDATE_CONFIG This method could be problematic, e.g., for something like virNetworkUpdateIpDhcpHost() - although currently only a single <ip> element can have a <dhcp> entries, in the future we could allow any/all of them to have dhcp entries. Another downside is that we would need to add an new function for each new element we decide we want to be able to update. =========== OPTION 3) Again, a single API, but with an added "nodespec" arg which would be used to describe the parent node you of the node you want added/updated to: int virNetworkUpdate(virNetworkPtr network, const char *nodeSpec, const char *xml, unsigned int flags); For example, if you wanted to add a new <host> entry to <ip address='10.24.75.1' ...>'s dhcp element, you would do this: /* nodespec obviously uses an XPath expression */ virNetworkUpdate("/ip[address='10.24.75.1']/dhcp", /* full text of <host> element to add */ "<host mac='00:16:3e:77:e2:ed' " "name='X.example.com' ip='10.24.75.10'/>" VIR_NETWORK_UPDATE_ADD | VIR_NETWORK_UPDATE_LIVE | VIR_NETWORK_UPDATE_CONFIG); Or, to change the contents of the exiting portgroup "engineering" you would use: virNetworkUpdate("/", /* full text of portgroup */, "<portgroup name='engineering'> ..... </portgroup>" VIR_NETWORK_UPDATE_LIVE|VIR_NETWORK_UPDATE_CONFIG); To delete a static dhcp host entry, you would use this: virNetworkUpdate("/ip[address='10.24.75.1']/dhcp", /* just enough to match existing entry */ "<host mac='00:16:3e:77:e2:ed'/>", VIR_NETWORK_UPDATE_DELETE | VIR_NETWORK_UPDATE_LIVE | VIR_NETWORK_UPDATE_CONFIG); or if you preferred: virNetworkUpdate("/ip[address='10.24.75.1']/dhcp", /* again, just enough to match */ "<host ip='10.24.75.10'/>", VIR_NETWORK_UPDATE_DELETE |VIR_NETWORK_UPDATE_LIVE | VIR_NETWORK_UPDATE_CONFIG); To remove an interface from the interface pool: virNetworkUpdate("/forward", "<interface dev='eth20'/>", VIR_NETWORK_UPDATE_DELETE | VIR_NETWORK_UPDATE_LIVE | VIR_NETWORK_UPDATE_CONFIG) (adding an interface would be identical, except the flag). (An alternate implementation would be to have nodeSpec specify the node that is being updated/removed rather than its parent. This may make more logical sense, (although not for ADD) and would even make the rest of the code simpler for update/remove (we wouldn't have to do a manual search within the node). The positive side of this is that the one API function allows you to modify *anything* (even stuff not yet invented, so it's future-proof). The negative side is that the code that implements it would need to go to quite a bit of extra trouble to determine what has been changed (basically, it would a) generate XML for the current state of the network, b) parse that into an xmlNode, c) perform the operation on xmlNode using nodeset to figure out where, and adding in the new xml (or removing any nodes matching it), d) convert modified xmlNode back to xml text, e) parse the xml text into a virNetworkDef, f) compare it to the original virNetworkDef to determine what to do. ========== Which OPTION? 1, 2, or 3? ========================= I'm discounting option (1) for now. Here's the scorecard for (2) vs. (3): 2) Pros: easier to understand, more exactly defined. Cons: requires a new API each time we find a different node we want to be able to update 3) Pros: one API covers everything, should never need any new API Cons: more complex for user to understand, me to implement. Possibly more trouble to do fine grained access control (e.g. if you want to allow adding dhcp static hosts, but not allow changing the domain name or interface pool) (actually, in practice, I guess it shouldn't be any more trouble to do fine grained access control, as long as you can make the decision of whether or not to allow later on in the function that implements the API (at step (6) above), rather than at the top level when the API is first called). I'm leaning towards (3). If it raises a technical boundary, or people don't like the idea of having an arg in the public API that takes an XPath expression, then maybe I could switch to (2). Any opinions on which direction I should take? Some way different from what I'm suggesting? Specific questions: 1) Does having a single public API that is used to update many different parts of the object raise any hurdles wrt. fine grained access control? (knowing that there will be "some point" in that code that we know exactly what the user is attempting to change). 2) any problems / reservations about accepting XPatch expressions in the args of a public API? 3) Can you think of a situation where this wouldn't work?

4 8

[libvirt] A bug or a "feature"
by Gene Czarcinski 10 Sep '12

10 Sep '12

I recently updated libvirt* on my test system and found out something interesting. Although libvirtd is restarted , the dnsmasq instantiations it has are not restarted. In fact, if you remove virtualization from the system, the dnsmasq instantiations are still running. In fact, you have to manually kill them or reboot the system to remove them. If you are updated libvirt*, then you can do a "virsh net-destroy <whatever>" AND THEN A "virsh net-start <whatever>" OK, is this a bug (which I will report) or simply a "feature" that I do not like? Gene

3 3

[libvirt] [PATCHv2 0/2] interface driver build cleanup and udev backend addition
by Doug Goldstein 10 Sep '12

10 Sep '12

Refactored the cross use of netcf and interface for the interface driver into only interface driver references. Made netcf the primary backend provider for the interface driver. Added a udev based read-only interface driver backend to be used when netcf support is not built in. Change from v1: * rebased against master * Fixed copyright header * Added libvirt.spec.in modification * Changed virsh -V output Untested: * udev: Devices that are part of a bond. * libvirt.spec: Need some feedback from DV and the RH guys on how they want it packaged Unknown: * Should virInterfaceGetXMLDesc() be implemented for the udev backend? It will as a result contain a lot less info than the netcf based backend would for the same device (e.g. does the device start on boot). Doug Goldstein (2): build: define WITH_INTERFACE for the driver interface: add udev based backend for virInterface .gnulib | 2 +- configure.ac | 37 ++- daemon/Makefile.am | 2 +- daemon/libvirtd.c | 8 +- libvirt.spec.in | 13 +- src/Makefile.am | 34 ++- .../{netcf_driver.c => interface_backend_netcf.c} | 2 +- src/interface/interface_backend_udev.c | 395 ++++++++++++++++++++ .../{netcf_driver.h => interface_driver.h} | 0 tests/virdrivermoduletest.c | 2 +- tools/virsh.c | 8 +- 11 files changed, 480 insertions(+), 23 deletions(-) rename src/interface/{netcf_driver.c => interface_backend_netcf.c} (99%) create mode 100644 src/interface/interface_backend_udev.c rename src/interface/{netcf_driver.h => interface_driver.h} (100%) -- 1.7.8.6

3 5

[libvirt] [PATCH 0/5] Fix multiple issues related to authentication
by Daniel P. Berrange 10 Sep '12

10 Sep '12

This series fixes a load of minor bugs related to authentication of libvirt connections

2 10

[libvirt] [PATCH] docs: point out git send-email location, be more stern about make check
by Laine Stump 10 Sep '12

10 Sep '12

An email came to libvir-list wondering why the git send-email command was missing in spite of having git installed; this is due to the send-email command being in a sub-package of the main git package. While touching the hacking file, I thought it would be useful to 1) indicate the location of the source (docs/hacking.html.in) in the message at the top of HACKING, and also to make the note about running "make check" and "make syntax-check" a bit more stern. --- HACKING | 22 ++++++++++++++-------- docs/hacking.html.in | 29 ++++++++++++++++++----------- docs/hacking2.xsl | 3 ++- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/HACKING b/HACKING index 804d54c..ab1a329 100644 --- a/HACKING +++ b/HACKING @@ -1,5 +1,6 @@ -*- buffer-read-only: t -*- vi: set ro: -DO NOT EDIT THIS FILE! IT IS GENERATED AUTOMATICALLY! +DO NOT EDIT THIS FILE! IT IS GENERATED AUTOMATICALLY +from docs/hacking.html.in! @@ -32,11 +33,14 @@ Then, when you want to post your patches: git pull --rebase (fix any conflicts) - git send-email --cover-letter --no-chain-reply-to --annotate --to=libvir-list(a)redhat.com master + git send-email --cover-letter --no-chain-reply-to --annotate \ + --to=libvir-list(a)redhat.com master -For a single patch you can omit "--cover-letter", but series of a two or more -patches needs a cover letter. If you get tired of typing -"--to=libvir-list(a)redhat.com" designation you can set it in git config: +(Note that the "git send-email" subcommand is usually not in the main git +package, but part of a sub-package called "git-email".) For a single patch you +can omit "--cover-letter", but series of a two or more patches needs a cover +letter. If you get tired of typing "--to=libvir-list(a)redhat.com" designation +you can set it in git config: git config sendemail.to libvir-list(a)redhat.com @@ -56,9 +60,11 @@ though). (3) Split large changes into a series of smaller patches, self-contained if possible, with an explanation of each patch and an explanation of how the sequence of patches fits together. Moreover, please keep in mind that it's -required to be able to compile cleanly after each patch. A feature does not -have to work until the end of a series, as long as intermediate patches don't -cause test-suite failures. +required to be able to compile cleanly (*including* "make check" and "make +syntax-check") after each patch. A feature does not have to work until the end +of a series, but intermediate patches must compile and not cause test-suite +failures (this is to preserve the usefulness of "git bisect", among other +things). diff --git a/docs/hacking.html.in b/docs/hacking.html.in index ca02669..1917b78 100644 --- a/docs/hacking.html.in +++ b/docs/hacking.html.in @@ -31,11 +31,15 @@ <pre> git pull --rebase (fix any conflicts) - git send-email --cover-letter --no-chain-reply-to --annotate --to=libvir-list(a)redhat.com master -</pre> - For a single patch you can omit <code>--cover-letter</code>, but - series of a two or more patches needs a cover letter. If you get tired - of typing <code>--to=libvir-list(a)redhat.com</code> designation you can + git send-email --cover-letter --no-chain-reply-to --annotate \ + --to=libvir-list(a)redhat.com master +</pre> + (Note that the "git send-email" subcommand is usually not + in the main git package, but part of a sub-package called + "git-email".) For a single patch you can omit + <code>--cover-letter</code>, but series of a two or more + patches needs a cover letter. If you get tired of typing + <code>--to=libvir-list(a)redhat.com</code> designation you can set it in git config: <pre> git config sendemail.to libvir-list(a)redhat.com @@ -55,12 +59,15 @@ </li> <li>Split large changes into a series of smaller patches, - self-contained if possible, with an explanation of each patch and an - explanation of how the sequence of patches fits together. Moreover, - please keep in mind that it's required to be able to compile cleanly - after each patch. A feature does not have to work until the end of a - series, as long as intermediate patches don't cause test-suite - failures. + self-contained if possible, with an explanation of each patch + and an explanation of how the sequence of patches fits + together. Moreover, please keep in mind that it's required to + be able to compile cleanly (including <code>make + check</code> and <code>make syntax-check</code>) after each + patch. A feature does not have to work until the end of a + series, but intermediate patches must compile and not cause + test-suite failures (this is to preserve the usefulness + of <code>git bisect</code>, among other things). </li> <li>Make sure your patches apply against libvirt GIT. Developers diff --git a/docs/hacking2.xsl b/docs/hacking2.xsl index 89e777b..cd1712c 100644 --- a/docs/hacking2.xsl +++ b/docs/hacking2.xsl @@ -18,7 +18,8 @@ <xsl:template match="/"> <xsl:text>-*- buffer-read-only: t -*- vi: set ro: -DO NOT EDIT THIS FILE! IT IS GENERATED AUTOMATICALLY! +DO NOT EDIT THIS FILE! IT IS GENERATED AUTOMATICALLY +from docs/hacking.html.in! -- 1.7.11.4

2 2

[libvirt] [PATCH] Fix unwanted closing of libvirt client connection
by Christophe Fergeau 10 Sep '12

10 Sep '12

e5a1bee07 introduced a regression in Boxes: when Boxes is left idle (it's still doing some libvirt calls in the background), the libvirt connection gets closed after a few minutes. What happens is that this code in virNetClientIOHandleOutput gets triggered: if (!thecall) return -1; /* Shouldn't happen, but you never know... */ and after the changes in e5a1bee07, this causes the libvirt connection to be closed. Upon further investigation, what happens is that virNetClientIOHandleOutput is called from gvir_event_handle_dispatch in libvirt-glib, which is triggered because the client fd became writable. However, between the times gvir_event_handle_dispatch is called, and the time the client lock is grabbed and virNetClientIOHandleOutput is called, another thread runs and completes the current call. 'thecall' is then NULL when the first thread gets to run virNetClientIOHandleOutput. After describing this situation on IRC, danpb suggested this: 11:37 < danpb> In that case I think the correct thing would be to change 'return -1' above to 'return 0' since that's not actually an error - its a rare, but expected event which is what this patch is doing. I've tested it against master libvirt, and I didn't get disconnected in ~10 minutes while this happens in less than 5 minutes without this patch. --- src/rpc/virnetclient.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 43a9814..727ed67 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -1205,7 +1205,10 @@ virNetClientIOHandleOutput(virNetClientPtr client) thecall = thecall->next; if (!thecall) - return -1; /* Shouldn't happen, but you never know... */ + return 0; /* This can happen if another thread raced with us and + * completed the call between the time this thread woke + * up from poll()ing and the time we locked the client + */ while (thecall) { ssize_t ret = virNetClientIOWriteMessage(client, thecall); -- 1.7.11.4

2 2

[libvirt] [libvirt-glib 1/4] config: Allow NULL node name to gvir_config_object_set_content
by Christophe Fergeau 10 Sep '12

10 Sep '12

This is useful when you want to set the content of the current node. --- libvirt-gconfig/libvirt-gconfig-object.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libvirt-gconfig/libvirt-gconfig-object.c b/libvirt-gconfig/libvirt-gconfig-object.c index a7352a5..ac0545c 100644 --- a/libvirt-gconfig/libvirt-gconfig-object.c +++ b/libvirt-gconfig/libvirt-gconfig-object.c @@ -534,7 +534,6 @@ gvir_config_object_set_node_content(GVirConfigObject *object, GVirConfigObject *node; g_return_if_fail(GVIR_CONFIG_IS_OBJECT(object)); - g_return_if_fail(node_name != NULL); if (value == NULL) { gvir_config_object_delete_child(object, node_name, NULL); @@ -542,8 +541,12 @@ gvir_config_object_set_node_content(GVirConfigObject *object, return; } - node = gvir_config_object_replace_child(object, node_name); - g_return_if_fail(node != NULL); + if (node_name != NULL) { + node = gvir_config_object_replace_child(object, node_name); + g_return_if_fail(node != NULL); + } else { + node = g_object_ref(G_OBJECT(object)); + } encoded_data = xmlEncodeEntitiesReentrant(node->priv->node->doc, (xmlChar *)value); xmlNodeSetContent(node->priv->node, encoded_data); @@ -559,7 +562,6 @@ gvir_config_object_set_node_content_uint64(GVirConfigObject *object, char *str; g_return_if_fail(GVIR_CONFIG_IS_OBJECT(object)); - g_return_if_fail(node_name != NULL); str = g_strdup_printf("%"G_GUINT64_FORMAT, value); gvir_config_object_set_node_content(object, node_name, str); -- 1.7.11.4

2 8

[libvirt] [PATCH] qemu: Remove limit enforcing when setting processor count
by Peter Krempa 10 Sep '12

10 Sep '12

When setting processor count for a domain using the API libvirt enforced a maximum processor count that was determined using an IOCTL on /dev/kvm. Unfortunately this value isn't representative enough and qemu happily accepts and starts with values greater than the reported value. This patch removes the check so that users are able to use full potential of their big boxes also when setting processor counts with the API not just in XML. --- src/qemu/qemu_driver.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 8e8e00c..6be3e5f 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3595,7 +3595,6 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, virDomainObjPtr vm; virDomainDefPtr persistentDef; const char * type; - int max; int ret = -1; bool maximum; @@ -3645,20 +3644,11 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus, goto endjob; } - if ((max = qemudGetMaxVCPUs(NULL, type)) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("could not determine max vcpus for the domain")); - goto endjob; - } - - if (!maximum && vm->def->maxvcpus < max) { - max = vm->def->maxvcpus; - } - - if (nvcpus > max) { + if (!maximum && nvcpus > vm->def->maxvcpus) { virReportError(VIR_ERR_INVALID_ARG, _("requested vcpus is greater than max allowable" - " vcpus for the domain: %d > %d"), nvcpus, max); + " vcpus for the domain: %d > %d"), + nvcpus, vm->def->maxvcpus); goto endjob; } -- 1.7.12

4 7