Re: [libvirt] [PATCH virt-manager] details: Add UI for enabling UEFI via 'customize before install'
by Laszlo Ersek
Hi Cole and Michal,
I'm attaching three patches:
On 09/20/14 02:37, Cole Robinson wrote:
> On 09/17/2014 06:55 PM, Cole Robinson wrote:
>> We expose a simple combobox with two entries: BIOS, and UEFI. The
>> UEFI option is only selectable if 1) libvirt supports the necessary
>> domcapabilities bits, 2) it detects that qemu supports the necessary
>> command line options, and 3) libvirt detects a UEFI binary on the
>> host that maps to a known template via qemu.conf
>>
>> If those conditions aren't met, we disable the UEFI option, and show
>> a small warning icon with an explanatory tooltip.
>>
>> The option can only be changed via New VM->Customize Before Install.
>> For existing x86 VMs, it's a readonly label.
>
> I've pushed this now, with follow up patches to handle a couple points
> we discussed:
>
> - Remove the nvram deletion from delete.py, since it won't work in the
> non-root case, and all uses of nvram should also be with a libvirt +
> driver that provides UNDEFINE_NVRAM
>
> - Before using UNDEFINE_NVRAM, match the same condition that libvirt
> uses: loader_ro is True and loader_type == "pflash" and bool(nvram)
(1) unfortunately virt-manager commit 3feedb76 ("domain: Match
UNDEFINE_NVRAM conditions with libvirt") is not correct (it doesn't
work), and not what I had in mind:
> diff --git a/virtManager/domain.py b/virtManager/domain.py
> index 29f3861..abf3146 100644
> --- a/virtManager/domain.py
> +++ b/virtManager/domain.py
> @@ -1403,7 +1403,9 @@ class vmmDomain(vmmLibvirtObject):
> flags |= getattr(libvirt,
> "VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA", 0)
> flags |= getattr(libvirt, "VIR_DOMAIN_UNDEFINE_MANAGED_SAVE", 0)
> - if self.get_xmlobj().os.nvram:
> + if (self.get_xmlobj().os.loader_ro is True and
> + self.get_xmlobj().os.loader_type == "pflash" and
> + self.get_xmlobj().os.nvram):
> flags |= getattr(libvirt, "VIR_DOMAIN_UNDEFINE_NVRAM", 0)
> try:
> self._backend.undefineFlags(flags)
Before virt-manager commit 3feedb76, the condition on which to set the
flag was:
self.get_xmlobj().os.nvram
and it didn't work for all possible cases.
After the patch, what you have is
self.get_xmlobj().os.nvram *and* blah
The commit only constrains (further tightens, further restricts) the
original condition, which had been too restrictive to begin with. Again,
the nvram element (or its text() child) can be completely absent from
the domain XML -- libvirtd will generate the pathname of the varstore
file on the fly, and it need not be part of the serialized XML file. So
in the XML all you'll have is
<os>
<type arch='x86_64' machine='pc-i440fx-rhel7.0.0'>hvm</type>
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<boot dev='cdrom'/>
</os>
or
<os>
<type arch='x86_64' machine='pc-i440fx-rhel7.0.0'>hvm</type>
<loader readonly='yes' type='pflash'>/custom/OVMF_CODE.fd</loader>
<nvram template='/custom/OVMF_VARS.fd'/>
<boot dev='cdrom'/>
</os>
My suggestion was to *replace* the original condition with the
(loader_ro && loader_type=="pflash") one. If you check my earlier
message, I wrote *iff*, meaning "if and only if".
Cole, can you please apply the first attached patch?
(2) Unfortunately, even libvirtd needs to be modified, in addition.
My patch for (1) *does* pass VIR_DOMAIN_UNDEFINE_NVRAM to libvirtd (I
verified that with gdb), but libvirtd doesn't act upon it correctly.
Namely, in the libvirtd source code, in qemuDomainUndefineFlags(),
commit 273b6581 added:
if (!virDomainObjIsActive(vm) &&
vm->def->os.loader && vm->def->os.loader->nvram &&
virFileExists(vm->def->os.loader->nvram)) {
if (!(flags & VIR_DOMAIN_UNDEFINE_NVRAM)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("cannot delete inactive domain with nvram"));
goto cleanup;
}
if (unlink(vm->def->os.loader->nvram) < 0) {
virReportSystemError(errno,
_("failed to remove nvram: %s"),
vm->def->os.loader->nvram);
goto cleanup;
}
}
Here "vm->def->os.loader->nvram" evaluates to NULL:
6468 if (!virDomainObjIsActive(vm) &&
6469 vm->def->os.loader && vm->def->os.loader->nvram &&
6470 virFileExists(vm->def->os.loader->nvram)) {
6471 if (!(flags & VIR_DOMAIN_UNDEFINE_NVRAM)) {
6472 virReportError(VIR_ERR_OPERATION_INVALID, "%s",
(gdb) print vm->def->os.loader
$1 = (virDomainLoaderDefPtr) 0x7ff59c00bf20
(gdb) print vm->def->os.loader->nvram
$2 = 0x0
I thought that the auto-generation of the nvram pathname (internal to
libvirtd, ie. not visible in the XML file) would occur on the undefine
path as well. Apparently this is not the case.
Indeed, the only call to qemuPrepareNVRAM() is from qemuProcessStart().
Michal, would it be possible generate the *pathname* of the separate
varstore in qemuDomainUndefineFlags() too?
Please see the second attached patch; it works for me. (This patch is
best looked at with "git diff -b" (or "git show -b").)
(3) I just realized that a domain's name can change during its lifetime.
Renaming a domain becomes a problem when the varstore's pathname is
deduced from the domain's name. For this reason, the auto-generation
should use the domain's UUID (which never changes). Michal, what do you
think of the 3rd attached patch?
I can resubmit these as standalone patches / series as well (the first
to virt-tools-list, and the last two to libvir-list), if that's
necessary.
Thanks,
Laszlo
10 years, 9 months
[libvirt] [PATCH v4 0/2] parallels: use parallels SDK instead of prlctl tool
by Dmitry Guryanov
This patchset begins reworking of parallels driver. We have
published Opensource version of parallels SDK (under LGPL license),
so libvirt can link with it.
Changes in v4:
* Remove reference counting for PrlApi_InitEx and PrlApi_Deinit
* remove Parallels SDK prefix in log messages
* rename 'out' labels to 'cleanup'
Dmitry Guryanov (2):
parallels: build with parallels SDK
parallels: login to parallels SDK
configure.ac | 24 ++--
po/POTFILES.in | 1 +
src/Makefile.am | 8 +-
src/parallels/parallels_driver.c | 16 ++-
src/parallels/parallels_sdk.c | 241 +++++++++++++++++++++++++++++++++++++++
src/parallels/parallels_sdk.h | 30 +++++
src/parallels/parallels_utils.h | 4 +
7 files changed, 310 insertions(+), 14 deletions(-)
create mode 100644 src/parallels/parallels_sdk.c
create mode 100644 src/parallels/parallels_sdk.h
--
1.9.3
10 years, 9 months
[libvirt] [PATCH] storage: Fix logical pool fmt type unknown->auto
by Erik Skultety
According to our documentation logical pool supports formats 'auto' and
'lvm2'. However, in storage_conf.c we prevously defined storage pool
formats: unknown, lvm2. Format 'auto' does make more sense than
format 'unknown', so we should probably stay consistent with the
documentation
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1123767
---
src/conf/storage_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 36696a4..75004fe 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -81,7 +81,7 @@ VIR_ENUM_IMPL(virStoragePoolFormatDisk,
VIR_ENUM_IMPL(virStoragePoolFormatLogical,
VIR_STORAGE_POOL_LOGICAL_LAST,
- "unknown", "lvm2")
+ "auto", "lvm2")
VIR_ENUM_IMPL(virStorageVolFormatDisk,
--
1.9.3
10 years, 9 months
[libvirt] [PATCH 0/6] Post-copy live migration support
by Cristian Klein
Qemu currently implements pre-copy live migration. VM memory pages are
first copied from the source hypervisor to the destination, potentially
multiple times as pages get dirtied during transfer, then VCPU state
is migrated. Unfortunately, if the VM dirties memory faster than the
network bandwidth, then pre-copy cannot finish. `virsh` currently
includes an option to suspend a VM after a timeout, so that migration
may finish, but at the expense of downtime.
A future version of qemu will implement post-copy live migration. The
VCPU state is first migrated to the destination hypervisor, then
memory pages are pulled from the source hypervisor. Post-copy has the
potential to do migration with zero-downtime, despite the VM dirtying
pages fast, with minimum performance impact. On the other hand, one
post-copy is in progress, any network failure would render the VM
unusable, as its memory is partitioned between the source and
destination hypervisor. Therefore, post-copy should only be used when
necessary.
Post-copy migration in qemu will work as follows:
(1) The `x-postcopy-ram` migration capability needs to be set.
(2) Migration is started.
(3) When the user decides so, post-copy migration is activated by
sending the `migrate-start-postcopy` command. Qemu acknowledges by
setting migration status to `postcopy-active`.
Cristian Klein (6):
Added qemu postcopy-active migration status
Added public API to enable post-copy migration
Added new public API virDomainMigrateStartPostCopy
Added domainMigrateStartPostCopy in qemu driver
Added domainMigrateStartPostCopy in remote driver
virsh: added migrate --postcopy-after
include/libvirt/libvirt.h.in | 3 ++
src/driver.h | 4 +++
src/libvirt.c | 44 +++++++++++++++++++++++++++
src/libvirt_public.syms | 5 +++
src/qemu/qemu_driver.c | 44 +++++++++++++++++++++++++++
src/qemu/qemu_migration.c | 44 +++++++++++++++++++++++++++
src/qemu/qemu_migration.h | 3 +-
src/qemu/qemu_monitor.c | 21 ++++++++++++-
src/qemu/qemu_monitor.h | 3 ++
src/qemu/qemu_monitor_json.c | 21 ++++++++++++-
src/qemu/qemu_monitor_json.h | 1 +
src/qemu/qemu_monitor_text.c | 14 ++++++++-
src/qemu/qemu_monitor_text.h | 2 ++
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 12 +++++++-
tools/virsh-domain.c | 72 ++++++++++++++++++++++++++++++++++++++++++--
tools/virsh.pod | 5 +++
17 files changed, 292 insertions(+), 7 deletions(-)
--
1.9.1
10 years, 9 months
[libvirt] [PATCH] virnetserver: Raise log level of max_clients related messages
by Michal Privoznik
We have these configuration knobs, like max_clients and
max_anonymous_clients. They limit the number of clients
connected. Whenever the limit is reached, the daemon stops
accepting new ones and resumes if one of the connected clients
disconnects. If that's the case, a debug message is printed into
the logs. And when the daemon starts over to accept new clients
too. However, the problem is the messages have debug priority.
This may be unfortunate, because if the daemon stops accepting
new clients all of a sudden, and users don't have debug logs
enabled they have no idea what's going on. Raise the messages
level to INFO at least.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/rpc/virnetserver.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 7e3fc0a..762c185 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -285,14 +285,14 @@ static int virNetServerAddClient(virNetServerPtr srv,
if (srv->nclients_unauth_max &&
srv->nclients_unauth == srv->nclients_unauth_max) {
/* Temporarily stop accepting new clients */
- VIR_DEBUG("Temporarily suspending services "
- "due to max_anonymous_clients");
+ VIR_INFO("Temporarily suspending services "
+ "due to max_anonymous_clients");
virNetServerUpdateServicesLocked(srv, false);
}
if (srv->nclients == srv->nclients_max) {
/* Temporarily stop accepting new clients */
- VIR_DEBUG("Temporarily suspending services due to max_clients");
+ VIR_INFO("Temporarily suspending services due to max_clients");
virNetServerUpdateServicesLocked(srv, false);
}
@@ -1080,7 +1080,7 @@ virNetServerCheckLimits(virNetServerPtr srv)
(!srv->nclients_unauth_max ||
srv->nclients_unauth < srv->nclients_unauth_max)) {
/* Now it makes sense to accept() a new client. */
- VIR_DEBUG("Re-enabling services");
+ VIR_INFO("Re-enabling services");
virNetServerUpdateServicesLocked(srv, true);
}
}
--
1.8.5.5
10 years, 9 months
[libvirt] [PATCH 0/7] Improve performance of polkit checks
by Daniel P. Berrange
This series improves the performance of the polkit driver by
switching from use of the pk-check command, to the DBus APIs.
As a convenient side effect, this means we are no longer
vulnerable to CVE-2013-4311, on any polkit version, since we
no longer need pk-check (which is what had the flaw).
In terms of performance, with access control checking turned
on for all APIs, the time to list 100 VMs dropps from 2.7 secs
to 1 sec on my machine. To improve on this further, we would
need to find a way to parallelize the issuing of DBus calls
for each VM, instead of serialize the access checks.
Daniel P. Berrange (7):
Add common API for doing polkit authentication
Add typesafe APIs for virIdentity attributes
Convert callers to use typesafe APIs for setting identity attrs
Convert callers to use typesafe APIs for getting identity attrs
Convert remote daemon & acl code to use polkit API
Support passing dict by reference for dbus messages
Convert polkit code to use DBus API instead of CLI helper
cfg.mk | 3 +
daemon/remote.c | 235 ++----------------------
include/libvirt/virterror.h | 2 +
po/POTFILES.in | 2 +
src/Makefile.am | 1 +
src/access/viraccessdriverpolkit.c | 97 ++++------
src/libvirt_private.syms | 22 +++
src/rpc/virnetserverclient.c | 115 +++---------
src/util/virdbus.c | 274 +++++++++++++++++++---------
src/util/virerror.c | 2 +
src/util/viridentity.c | 320 +++++++++++++++++++++++++++------
src/util/viridentity.h | 40 +++++
src/util/virpolkit.c | 255 ++++++++++++++++++++++++++
src/util/virpolkit.h | 34 ++++
src/util/virstring.c | 14 ++
src/util/virstring.h | 2 +
tests/Makefile.am | 9 +-
tests/virdbustest.c | 218 +++++++++++++++++++++-
tests/virpolkittest.c | 360 +++++++++++++++++++++++++++++++++++++
19 files changed, 1485 insertions(+), 520 deletions(-)
create mode 100644 src/util/virpolkit.c
create mode 100644 src/util/virpolkit.h
create mode 100644 tests/virpolkittest.c
--
1.9.3
10 years, 9 months
[libvirt] [PATCH] conf: report error in virCPUDefParseXML
by Jincheng Miao
When detected invalid 'memAccess', virCPUDefParseXML should report error.
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1146334
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
src/conf/cpu_conf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c
index 116aa58..a1081b9 100644
--- a/src/conf/cpu_conf.c
+++ b/src/conf/cpu_conf.c
@@ -510,13 +510,13 @@ virCPUDefParseXML(xmlNodePtr node,
def->cells[cur_cell].memAccess =
virMemAccessTypeFromString(memAccessStr);
- if (def->cells[cur_cell].memAccess <= 0) {
+ if ((int)def->cells[cur_cell].memAccess <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Invalid 'memAccess' attribute "
"value '%s'"),
memAccessStr);
VIR_FREE(memAccessStr);
- goto cleanup;
+ goto error;
}
VIR_FREE(memAccessStr);
}
--
1.9.3
10 years, 9 months
[libvirt] [PATCH v2] polkit_driver: fix possible segfault
by Pavel Hrdina
The changes in commit c7542573 introduced possible segfault. Looking
deeper into the code and the original code before the patch series were
applied I think that we should report error for each function failure
and also we shouldn't call some of the function twice.
Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/access/viraccessdriverpolkit.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 2bc1842..3136be7 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -87,24 +87,22 @@ virAccessDriverPolkitGetCaller(const char *actionid,
actionid);
return -1;
}
- if (virIdentityGetUNIXProcessID(identity, pid) < 0)
- goto cleanup;
- if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
- goto cleanup;
- if (virIdentityGetUNIXUserID(identity, uid) < 0)
- goto cleanup;
- if (!pid) {
+ if (virIdentityGetUNIXProcessID(identity, pid) < 0) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process ID available"));
goto cleanup;
}
-
- if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
+ if (virIdentityGetUNIXProcessTime(identity, startTime) < 0) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process start time available"));
goto cleanup;
-
- if (virIdentityGetUNIXUserID(identity, uid) < 0)
+ }
+ if (virIdentityGetUNIXUserID(identity, uid) < 0) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX caller UID available"));
goto cleanup;
+ }
ret = 0;
--
1.8.5.5
10 years, 9 months
[libvirt] [PATCHv5 0/8] bulk stats: QEMU implementation
by Francesco Romani
This patchset enhances the QEMU support
for the new bulk stats API to include
equivalents of these APIs:
virDomainBlockInfo
virDomainGetInfo - for balloon stats
virDomainGetCPUStats
virDomainBlockStatsFlags
virDomainInterfaceStats
virDomainGetVcpusFlags
virDomainGetVcpus
This subset of API is the one oVirt relies on.
Scale/stress test on an oVirt test environment is in progress.
The patchset is organized as follows:
- the first patch enhances the internal stats gathering API
to accomodate the needs of the groups which extract information
using QEMU monitor jobs.
- the next five patches implement the bulk stats groups, extracting
helpers where do refactoring to extract internal helpers every time
it is feasible and convenient.
- the seventh patch enhances the virsh domstats command with options
to use the new bulk stats.
- the last patch enhances the block stats group adding the wr_highest_offset
information, needed by oVirt for thin provisioned disks.
ChangeLog
v5: address reviewer's comment
- Eric pointed out a possible flaw in balloon stats if QEMU monitor needs
to be queried. A proper fix require further discussion and API changes
(possbily just a new flag); However, since the balloon event is available
in QEMU >= 1.2, I just dropped the query and relied on the event instead.
Support for older QEMUs will be reintroduced, if needed, with following
patches.
- fix: per-domain monitor check and reporting. (pointed out by Peter)
- reset last error when fail silently. (pointed out by Peter)
v4: address reviewer's comment
- addressed reviewers comments (Peter, Wang Rui).
- pushed domain check into group stats functions. This follows
the strategy to gather and report as much data as possible,
silently skipping errors along the way.
- moved the block allocation patch to the end of the series.
v3: more polishing and fixes after first review
- addressed Eric's comments.
- squashed patches which extracts helpers with patches which
use them.
- changed gathering strategy: now code tries to reap as much
information as possible instead to give up and bail out with
error. Only critical errors cause the bulk stats to fail.
- moved away from the transfer semantics. I find it error-prone
and not flexible enough, I'd like to avoid as much as possible.
- rearranged helpers to have one single QEMU query job with
many monitor jobs nested inside.
- fixed docs.
- implemented missing virsh domstats bits.
in v2: polishing and optimizations.
- incorporated feedback from Li Wei (thanks).
- added documentation.
- optimized block group to gather all the information with just
one call to QEMU monitor.
- stripped to bare bones merged the 'block info' group into the
'block' group - oVirt actually needs just one stat from there.
- reorganized the keys to be more consistent and shorter.
Francesco Romani (8):
qemu: bulk stats: extend internal collection API
qemu: bulk stats: implement CPU stats group
qemu: bulk stats: implement balloon group
qemu: bulk stats: implement VCPU group
qemu: bulk stats: implement interface group
qemu: bulk stats: implement block group
virsh: add options to query bulk stats group
qemu: bulk stats: add block allocation information
include/libvirt/libvirt.h.in | 5 +
src/libvirt.c | 61 +++++
src/qemu/qemu_driver.c | 530 +++++++++++++++++++++++++++++++++++++------
src/qemu/qemu_monitor.c | 26 +++
src/qemu/qemu_monitor.h | 21 ++
src/qemu/qemu_monitor_json.c | 227 +++++++++++++-----
src/qemu/qemu_monitor_json.h | 4 +
tools/virsh-domain-monitor.c | 35 +++
tools/virsh.pod | 4 +-
9 files changed, 777 insertions(+), 136 deletions(-)
--
1.9.3
10 years, 9 months
[libvirt] [PATCH] polkit_driver: fix possible segfault
by Pavel Hrdina
The changes in commit c7542573 introduced a segfault. Found by coverity.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/access/viraccessdriverpolkit.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 2bc1842..2fd4fed 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -87,6 +87,12 @@ virAccessDriverPolkitGetCaller(const char *actionid,
actionid);
return -1;
}
+ if (!pid) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process ID available"));
+ goto cleanup;
+ }
+
if (virIdentityGetUNIXProcessID(identity, pid) < 0)
goto cleanup;
if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
@@ -94,12 +100,6 @@ virAccessDriverPolkitGetCaller(const char *actionid,
if (virIdentityGetUNIXUserID(identity, uid) < 0)
goto cleanup;
- if (!pid) {
- virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("No UNIX process ID available"));
- goto cleanup;
- }
-
if (virIdentityGetUNIXProcessTime(identity, startTime) < 0)
goto cleanup;
--
1.8.5.5
10 years, 9 months
