February 2015 - Devel - libvirt List Archives

[libvirt] securityselinuxlabeltest test fails on v1.2.5
by Scott Sullivan 09 Apr '15

09 Apr '15

I am trying to build v1.2.5-maint, however I have one test failing causing the build to fail: TEST: securityselinuxlabeltest !!!. 4 FAIL PASS: virsh-undefine ======================================= 1 of 112 tests failed Please report to libvir-list(a)redhat.com ======================================= make[2]: *** [check-TESTS] Error 1 make[2]: Leaving directory `/home/rpmbuild/packages/libvirt/tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/home/rpmbuild/packages/libvirt/tests' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.UGNUaq (%build) Is anyone else having this problem? Im building on CentOS 6.5. Im happy to provide any further information as needed.

7 12

[libvirt] [PATCH] maint: update to latest gnulib
by Eric Blake 26 Mar '15

26 Mar '15

Needed to silence a valgrind detection of uninitialized memory: https://bugzilla.redhat.com/show_bug.cgi?id=1174147 * .gnulib: Update to latest. * bootstrap: Resync to gnulib. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- I've missed RC1, so I'll wait for a review on this one (are we sure that RC2 will be enough time to ensure the gnulib update doesn't cause regressions, basically). .gnulib | 2 +- bootstrap | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gnulib b/.gnulib index c27f1a3..8be5f2c 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit c27f1a356f2f321daa7f971ef276a1dbfa873bf8 +Subproject commit 8be5f2c10eeb05e52cc4a33cdcd37078742ff5db diff --git a/bootstrap b/bootstrap index 2fdf267..e72894c 100755 --- a/bootstrap +++ b/bootstrap @@ -915,7 +915,8 @@ if test $use_libtool = 1; then esac fi echo "$0: $gnulib_tool $gnulib_tool_options --import ..." -$gnulib_tool $gnulib_tool_options --import $gnulib_modules && +$gnulib_tool $gnulib_tool_options --import $gnulib_modules \ + || die "gnulib-tool failed" for file in $gnulib_files; do symlink_to_dir "$GNULIB_SRCDIR" $file \ -- 2.1.0

4 6

[libvirt] [libvirt-test-API][PATCH 0/2] network event callback testing
by Jincheng Miao 26 Mar '15

26 Mar '15

Here is the network event callback testing, the case employed native libvirt eventLoop, and multi-thread for event trigger. Jincheng Miao (2): Add test case for network event callback Add cases to basic_network.conf cases/basic_network.conf | 24 ++++ repos/network/event_callback.py | 245 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 269 insertions(+), 0 deletions(-) create mode 100644 repos/network/event_callback.py

2 3

[libvirt] [PATCH 00/10] libxl: switch driver to use a single libxl_ctx
by Jim Fehlig 24 Mar '15

24 Mar '15

This series is a follow up to https://www.redhat.com/archives/libvir-list/2015-February/msg00024.html It goes a step further and changes the libxl driver to use one, driver-wide libxl_ctx. Currently the libxl driver has one driver-wide ctx for operations that are not domain-specific and a ctx for each domain. This approach was necessary back in the old Xen4.1 libxl days, but with the newer libxl it is more of a hinderance than benefit. Ian Jackson suggested moving to a single ctx while discussing some deadlocks and assertions encountered in the libxl driver when under load from tests such as OpenStack Tempest. Making such a change involves quite a bit of code movement. I've tried to split that up into a reviewable series, the result of which are the 9 patches that follow. I've ran this through all of my automated tests as well as some hacky tests I created to reproduce failures revealed by Tempest. One downside of moving to a single ctx is losing the per-domain log files. Currently, a single log stream can be associated with ctx, hence all logging from libxl will go to a single file. Ian is going to investigate possibilities to accommodate per-domain log files in libxl, but in the meantime folks using Xen are accustomed to a single log file from the xend days. I've been testing this series on xen-unstable and Xen 4.4.1 + commits 2ffeb5d7, 4b9143e4, 5a968257, 60ce518a, 66bff9fd, 77a1bf37, f49f9b41, 6b5a5bba, 93699882d, f1335f0d, and 8bc64413. Results are much better than before applying the series, but I do notice a stuck hypercall after many (hundreds) concurrent domain create/destroy operations. The single libxl_ctx is locked in the callpath, essentially deadlocking the driver. Thread 1 (Thread 0x7f0649a198c0 (LWP 2235)): 0 0x00007f0645272397 in ioctl () from /lib64/libc.so.6 1 0x00007f0645d8e353 in linux_privcmd_hypercall (xch=<optimized out>, h=<optimized out>, hypercall=<optimized out>) at xc_linux_osdep.c:134 2 0x00007f0645d854b8 in do_xen_hypercall (xch=xch@entry=0x7f0630039390, hypercall=hypercall@entry=0x7fffd53f80e0) at xc_private.c:249 3 0x00007f0645d86aa4 in do_sysctl (sysctl=sysctl@entry=0x7fffd53f8080, xch=xch@entry=0x7f0630039390) at xc_private.h:281 4 xc_sysctl (xch=xch@entry=0x7f0630039390, sysctl=sysctl@entry=0x7fffd53f8170) at xc_private.c:656 5 0x00007f0645d7bfbf in xc_domain_getinfolist (xch=0x7f0630039390, first_domain=first_domain@entry=119, max_domains=max_domains@entry=1, info=info@entry=0x7fffd53f8260) at xc_domain.c:382 6 0x00007f0645fabca6 in domain_death_xswatch_callback (egc=0x7fffd53f83f0, w=<optimized out>, wpath=<optimized out>, epath=<optimized out>) at libxl.c:1041 7 0x00007f0645fd75a8 in watchfd_callback (egc=0x7fffd53f83f0, ev=<optimized out>, fd=<optimized out>, events=<optimized out>, revents=<optimized out>) at libxl_event.c:515 8 0x00007f0645fd8ac3 in libxl_osevent_occurred_fd (ctx=<optimized out>, for_libxl=<optimized out>, fd=<optimized out>, events_ign=<optimized out>, revents_ign=<optimized out>) at libxl_event.c:1259 9 0x00007f063a23402c in libxlFDEventCallback (watch=454, fd=33, vir_events=1, fd_info=0x7f0608007e70) at libxl/libxl_driver.c:123 There is no hint in any logs or dmesg suggesting a cause for the stuck hypercall. Any suggestions for further debugging tips appreciated. Jim Fehlig (10): libxl: remove redundant calls to libxl_evdisable_domain_death libxl: use libxl_ctx passed to libxlConsoleCallback libxl: use driver-wide ctx in fd and timer event handling libxl: Move setup of child processing code to driver initialization libxl: move event registration to driver initialization libxl: use global libxl_ctx in event handler libxl: remove unnecessary libxlDomainEventsRegister libxl: make libxlDomainFreeMem static libxl: remove per-domain libxl_ctx libxl: change libxl log stream to ERROR log level src/libxl/libxl_conf.c | 2 +- src/libxl/libxl_domain.c | 438 ++++++--------------------------------- src/libxl/libxl_domain.h | 27 +-- src/libxl/libxl_driver.c | 484 +++++++++++++++++++++++++++++++------------- src/libxl/libxl_migration.c | 17 +- 5 files changed, 426 insertions(+), 542 deletions(-) -- 1.8.4.5

2 12

[libvirt] [RFC PATCH v2 00/12] qemu: add support to hot-plug/unplug cpu device
by Zhu Guihua 24 Mar '15

24 Mar '15

If you apply the folowing patchset in order [PATCH v3 0/7] cpu: add device_add foo-x86_64-cpu support https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg01552.html, [PATCH v2 0/5] Common unplug and unplug request cb for memory and CPU hot-unplug https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg03929.html and [PATCH v2 00/11] cpu: add i386 cpu hot remove support https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg01557.html, qemu can support hotplug and hot-unplug cpu device. So this patch series will make libvirt support hotplug and hot-unplug cpu device for qemu driver. This patch series add a new API to support cpu hot-plug/unplug, and leave the existing API by invoking qemu command 'cpu-add' as a legacy. This patch series realize cpu hot-plug/unplug by libvirt command 'attach-device' and 'detach-device', and invoke qemu command 'device_add' and 'device_del' to support this feature. v2: - update cpu device's definition, and cpu's apic_id is hidded to users. - add check for compatibility between host cpu and hot added cpu - add a capability for *-x86_64-cpu Zhu Guihua (12): domain_conf: add support for cpu device configuration in XML domain_conf: introduce cpu def helpers domain_conf: introduce cpu device hotplug helpers qemu_driver: implement cpu device hotplug on config level qemu_command: introduce a func for cpu device alias assignment domain_conf: allocate cpu's apic id dynamically qemu: add a capability for x86_64-cpu qemu: introduce qemuBuildCPUDeviceStr qemu: implement cpu device hotplug on live level qemu: implement cpu device hotunplug on live level qemu_monitor_json: sort JSON array of cpu info qemu_driver: detect threads corresponding to Vcpus docs/formatdomain.html.in | 28 ++++ docs/schemas/domaincommon.rng | 3 + src/conf/domain_conf.c | 189 +++++++++++++++++++++++++- src/conf/domain_conf.h | 33 +++++ src/libvirt_private.syms | 6 + src/qemu/qemu_capabilities.c | 3 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 120 +++++++++++++++++ src/qemu/qemu_command.h | 10 ++ src/qemu/qemu_driver.c | 299 ++++++++++++++++++++++++------------------ src/qemu/qemu_driver.h | 8 ++ src/qemu/qemu_hotplug.c | 140 ++++++++++++++++++++ src/qemu/qemu_hotplug.h | 12 ++ src/qemu/qemu_monitor_json.c | 31 ++++- src/util/virbitmap.c | 2 +- src/util/virbitmap.h | 2 + 16 files changed, 753 insertions(+), 134 deletions(-) -- 1.9.3

4 20

[libvirt] libvirt/libxl implemetation of get_online_cpu / virNodeGetCPUMap?
by Anthony PERARD 24 Mar '15

24 Mar '15

Hi, A recent OpenStack nova commit make use of virNodeGetCPUMap to get the list of online cpu of a host. But this API is not implemented for the libvirt xen driver. The commit: Add handling for offlined CPUs to the nova libvirt driver. https://review.openstack.org/gitweb?p=openstack/nova.git;a=commitdiff;h=069… Is there a need to use this under Xen? (Is it possible to have offline CPU?). What libxl API those provide this information, if it exist? I found libxl_get_online_cpus() but that not enough. They want a bitmap. Thanks, -- Anthony PERARD

5 13

[libvirt] [PATCH v4] Automaticly create tap device for VIR_DOMAIN_NET_TYPE_ETHERNET
by Vasiliy Tolstov 20 Mar '15

20 Mar '15

If a user specify ehernet device create it via libvirt and run script if it provided. After this commit user does not need to run external script to create tap device or add root to qemu process. Signed-off-by: Vasiliy Tolstov <v.tolstov(a)selfip.ru> --- src/qemu/qemu_command.c | 135 +++++++++++++++++++++++++++++------------------- src/qemu/qemu_hotplug.c | 13 ++--- src/qemu/qemu_process.c | 6 +++ 3 files changed, 93 insertions(+), 61 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 24b2ad9..284a97c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -278,10 +278,41 @@ static int qemuCreateInBridgePortWithHelper(virQEMUDriverConfigPtr cfg, return *tapfd < 0 ? -1 : 0; } +/** + * qemuExecuteEthernetScript: + * @ifname: the interface name + * @script: the script name + * This function executes script for new tap device created by libvirt. + * Returns 0 in case of success or -1 on failure + */ +static int qemuExecuteEthernetScript(const char *ifname, const char *script) +{ + virCommandPtr cmd; + int ret; + + cmd = virCommandNew(script); + virCommandAddArgFormat(cmd, "%s", ifname); + virCommandClearCaps(cmd); +#ifdef CAP_NET_ADMIN + virCommandAllowCap(cmd, CAP_NET_ADMIN); +#endif + virCommandAddEnvPassCommon(cmd); + + if (virCommandRun(cmd, NULL) < 0) { + ret = -1; + } else { + ret = 0; + } + + virCommandFree(cmd); + return ret; +} + /* qemuNetworkIfaceConnect - *only* called if actualType is - * VIR_DOMAIN_NET_TYPE_NETWORK or VIR_DOMAIN_NET_TYPE_BRIDGE (i.e. if - * the connection is made with a tap device connecting to a bridge - * device) + * VIR_DOMAIN_NET_TYPE_NETWORK, VIR_DOMAIN_NET_TYPE_BRIDGE or + * VIR_DOMAIN_NET_TYPE_ETHERNET (i.e. if the connection is + * made with a tap device connecting to a bridge device or + * used ethernet tap device) */ int qemuNetworkIfaceConnect(virDomainDefPtr def, @@ -307,11 +338,6 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, } } - if (!(brname = virDomainNetGetActualBridgeName(net))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing bridge name")); - goto cleanup; - } - if (!net->ifname || STRPREFIX(net->ifname, VIR_NET_GENERATED_PREFIX) || strchr(net->ifname, '%')) { @@ -327,45 +353,61 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR; } - if (cfg->privileged) { - if (virNetDevTapCreateInBridgePort(brname, &net->ifname, &net->mac, - def->uuid, tunpath, tapfd, *tapfdSize, - virDomainNetGetActualVirtPortProfile(net), - virDomainNetGetActualVlan(net), - tap_create_flags) < 0) { + if (actualType == VIR_DOMAIN_NET_TYPE_ETHERNET) { + if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, *tapfdSize, + tap_create_flags) < 0) { virDomainAuditNetDevice(def, net, tunpath, false); goto cleanup; } - if (virDomainNetGetActualBridgeMACTableManager(net) - == VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_LIBVIRT) { - /* libvirt is managing the FDB of the bridge this device - * is attaching to, so we need to turn off learning and - * unicast_flood on the device to prevent the kernel from - * adding any FDB entries for it. We will add add an fdb - * entry ourselves (during qemuInterfaceStartDevices(), - * using the MAC address from the interface config. - */ - if (virNetDevBridgePortSetLearning(brname, net->ifname, false) < 0) - goto cleanup; - if (virNetDevBridgePortSetUnicastFlood(brname, net->ifname, false) < 0) + if (net->script) { + if (qemuExecuteEthernetScript(net->ifname, net->script) < 0) goto cleanup; } } else { - if (qemuCreateInBridgePortWithHelper(cfg, brname, - &net->ifname, - tapfd, tap_create_flags) < 0) { - virDomainAuditNetDevice(def, net, tunpath, false); + if (!(brname = virDomainNetGetActualBridgeName(net))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing bridge name")); goto cleanup; } - /* qemuCreateInBridgePortWithHelper can only create a single FD */ - if (*tapfdSize > 1) { - VIR_WARN("Ignoring multiqueue network request"); - *tapfdSize = 1; + + if (cfg->privileged) { + if (virNetDevTapCreateInBridgePort(brname, &net->ifname, &net->mac, + def->uuid, tunpath, tapfd, *tapfdSize, + virDomainNetGetActualVirtPortProfile(net), + virDomainNetGetActualVlan(net), + tap_create_flags) < 0) { + virDomainAuditNetDevice(def, net, tunpath, false); + goto cleanup; + } + if (virDomainNetGetActualBridgeMACTableManager(net) + == VIR_NETWORK_BRIDGE_MAC_TABLE_MANAGER_LIBVIRT) { + /* libvirt is managing the FDB of the bridge this device + * is attaching to, so we need to turn off learning and + * unicast_flood on the device to prevent the kernel from + * adding any FDB entries for it. We will add add an fdb + * entry ourselves (during qemuInterfaceStartDevices(), + * using the MAC address from the interface config. + */ + if (virNetDevBridgePortSetLearning(brname, net->ifname, false) < 0) + goto cleanup; + if (virNetDevBridgePortSetUnicastFlood(brname, net->ifname, false) < 0) + goto cleanup; + } + } else { + if (qemuCreateInBridgePortWithHelper(cfg, brname, + &net->ifname, + tapfd, tap_create_flags) < 0) { + virDomainAuditNetDevice(def, net, tunpath, false); + goto cleanup; + } + /* qemuCreateInBridgePortWithHelper can only create a single FD */ + if (*tapfdSize > 1) { + VIR_WARN("Ignoring multiqueue network request"); + *tapfdSize = 1; + } } + virDomainAuditNetDevice(def, net, tunpath, true); } - virDomainAuditNetDevice(def, net, tunpath, true); - if (cfg->macFilter && ebtablesAddForwardAllowIn(driver->ebtables, net->ifname, @@ -4959,6 +5001,7 @@ qemuBuildHostNetStr(virDomainNetDefPtr net, case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_DIRECT: + case VIR_DOMAIN_NET_TYPE_ETHERNET: virBufferAsprintf(&buf, "tap%c", type_sep); /* for one tapfd 'fd=' shall be used, * for more than one 'fds=' is the right choice */ @@ -4976,20 +5019,6 @@ qemuBuildHostNetStr(virDomainNetDefPtr net, is_tap = true; break; - case VIR_DOMAIN_NET_TYPE_ETHERNET: - virBufferAddLit(&buf, "tap"); - if (net->ifname) { - virBufferAsprintf(&buf, "%cifname=%s", type_sep, net->ifname); - type_sep = ','; - } - if (net->script) { - virBufferAsprintf(&buf, "%cscript=%s", type_sep, - net->script); - type_sep = ','; - } - is_tap = true; - break; - case VIR_DOMAIN_NET_TYPE_CLIENT: virBufferAsprintf(&buf, "socket%cconnect=%s:%d", type_sep, @@ -7785,7 +7814,8 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, /* Currently nothing besides TAP devices supports multiqueue. */ if (net->driver.virtio.queues > 0 && !(actualType == VIR_DOMAIN_NET_TYPE_NETWORK || - actualType == VIR_DOMAIN_NET_TYPE_BRIDGE)) { + actualType == VIR_DOMAIN_NET_TYPE_BRIDGE || + actualType == VIR_DOMAIN_NET_TYPE_ETHERNET)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Multiqueue network is not supported for: %s"), virDomainNetTypeToString(actualType)); @@ -7802,7 +7832,8 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, } if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK || - actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) { + actualType == VIR_DOMAIN_NET_TYPE_BRIDGE || + actualType == VIR_DOMAIN_NET_TYPE_ETHERNET) { tapfdSize = net->driver.virtio.queues; if (!tapfdSize) tapfdSize = 1; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 08047ce..c34486a 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -896,7 +896,8 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, /* Currently nothing besides TAP devices supports multiqueue. */ if (net->driver.virtio.queues > 0 && !(actualType == VIR_DOMAIN_NET_TYPE_NETWORK || - actualType == VIR_DOMAIN_NET_TYPE_BRIDGE)) { + actualType == VIR_DOMAIN_NET_TYPE_BRIDGE || + actualType == VIR_DOMAIN_NET_TYPE_ETHERNET)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Multiqueue network is not supported for: %s"), virDomainNetTypeToString(actualType)); @@ -904,7 +905,8 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, } if (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE || - actualType == VIR_DOMAIN_NET_TYPE_NETWORK) { + actualType == VIR_DOMAIN_NET_TYPE_NETWORK || + actualType == VIR_DOMAIN_NET_TYPE_ETHERNET) { tapfdSize = vhostfdSize = net->driver.virtio.queues; if (!tapfdSize) tapfdSize = vhostfdSize = 1; @@ -935,13 +937,6 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, iface_connected = true; if (qemuOpenVhostNet(vm->def, net, priv->qemuCaps, vhostfd, &vhostfdSize) < 0) goto cleanup; - } else if (actualType == VIR_DOMAIN_NET_TYPE_ETHERNET) { - vhostfdSize = 1; - if (VIR_ALLOC(vhostfd) < 0) - goto cleanup; - *vhostfd = -1; - if (qemuOpenVhostNet(vm->def, net, priv->qemuCaps, vhostfd, &vhostfdSize) < 0) - goto cleanup; } /* Set device online immediately */ diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 515402e..468e509 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5288,6 +5288,12 @@ void qemuProcessStop(virQEMUDriverPtr driver, cfg->stateDir)); VIR_FREE(net->ifname); break; + case VIR_DOMAIN_NET_TYPE_ETHERNET: + if (net->ifname) { + ignore_value(virNetDevTapDelete(net->ifname, net->backend.tap)); + VIR_FREE(net->ifname); + } + break; case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: #ifdef VIR_NETDEV_TAP_REQUIRE_MANUAL_CLEANUP -- 2.2.2

2 3

[libvirt] [PATCH] LXC: create a bind mount for sysfs when enable userns but disable netns
by Chen Hanxiao 20 Mar '15

20 Mar '15

kernel commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e forbid us doing a fresh mount for sysfs when enable userns but disable netns. This patch will create a bind mount in this senario. Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> --- src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 4d89677..8a27215 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -815,10 +815,13 @@ static int lxcContainerSetReadOnly(void) } -static int lxcContainerMountBasicFS(bool userns_enabled) +static int lxcContainerMountBasicFS(bool userns_enabled, + bool netns_disabled) { size_t i; int rc = -1; + char* mnt_src = NULL; + int mnt_mflags; VIR_DEBUG("Mounting basic filesystems"); @@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool userns_enabled) bool bindOverReadonly; virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; + /* When enable userns but disable netns, kernel will + * forbid us doing a new fresh mount for sysfs. + * So we had to do a bind mount for sysfs instead. + */ + if (userns_enabled && netns_disabled && + STREQ(mnt->src, "sysfs")) { + if (VIR_STRDUP(mnt_src, "/sys") < 0) { + goto cleanup; + } + mnt_mflags = MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY|MS_BIND; + } else { + if (VIR_STRDUP(mnt_src, mnt->src) < 0) { + goto cleanup; + } + mnt_mflags = mnt->mflags; + } + VIR_DEBUG("Processing %s -> %s", - mnt->src, mnt->dst); + mnt_src, mnt->dst); if (mnt->skipUnmounted) { char *hostdir; @@ -856,7 +876,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) if (virFileMakePath(mnt->dst) < 0) { virReportSystemError(errno, _("Failed to mkdir %s"), - mnt->src); + mnt_src); goto cleanup; } @@ -867,24 +887,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled) * we mount the filesystem in read-write mode initially, and then do a * separate read-only bind mount on top of that. */ - bindOverReadonly = !!(mnt->mflags & MS_RDONLY); + bindOverReadonly = !!(mnt_mflags & MS_RDONLY); VIR_DEBUG("Mount %s on %s type=%s flags=%x", - mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY); - if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY, NULL) < 0) { + mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY); + if (mount(mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY, NULL) < 0) { virReportSystemError(errno, _("Failed to mount %s on %s type %s flags=%x"), - mnt->src, mnt->dst, NULLSTR(mnt->type), - mnt->mflags & ~MS_RDONLY); + mnt_src, mnt->dst, NULLSTR(mnt->type), + mnt_mflags & ~MS_RDONLY); goto cleanup; } if (bindOverReadonly && - mount(mnt->src, mnt->dst, NULL, + mount(mnt_src, mnt->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { virReportSystemError(errno, _("Failed to re-mount %s on %s flags=%x"), - mnt->src, mnt->dst, + mnt_src, mnt->dst, MS_BIND|MS_REMOUNT|MS_RDONLY); goto cleanup; } @@ -893,6 +913,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) rc = 0; cleanup: + VIR_FREE(mnt_src); VIR_DEBUG("rc=%d", rc); return rc; } @@ -1643,7 +1664,8 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, goto cleanup; /* Mounts the core /proc, /sys, etc filesystems */ - if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap) < 0) + if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap, + !vmDef->nnets) < 0) goto cleanup; /* Ensure entire root filesystem (except /.oldroot) is readonly */ -- 1.9.0

7 13

[libvirt] Enhancing block/disk migration in libvirt
by Tony Breeds 18 Mar '15

18 Mar '15

Hello all, I'm new to both openstack and libvirt so I may get some of this slightly wrong[1]. Here is some context form the openstack world (which at least some of you are aware of). There are at least 2 open bug against openstack (nova) in the area of block/disk migration. 1) Live migration fails when the instance has a config-drive[2] Here openstack(nova) fails because a drive that nova expects to be migrated isn't migrated. 2) libvirt live_snapshot periodically explodes on libvirt 1.2.2 in the gate[3] Here openstack(nova) fails because a drive that nova expects NOT to be migrated is migrated. To me these are essentially the same bug/issue. There is no way to communicate with libvirt the users expectations around block/disk mirgration. My idea so far would be to add an options element to the 'disk' XML node. This element could start with 3 possible states block_migration="default": Let libvirt decide block_migration="yes": This device should be block migrated block_migration="no": This device should *NOT* be block migrated The absence of this element would be treated as "default" above. This would mean that all existing domain XML would still be valid and have the expected behaviour and users (such as opensatck) can be explicit about deviced that do/do not need to be block migrated. While I'm certainly open to discussing the finer points of the implementation, right now I'm interested in getting a feel for is this idea generally ok? Yours Tony. [1] I'm happy to be corrected / pointed at community guidelines that I may have missed. [2] https://bugs.launchpad.net/nova/+bug/1246201 [3] https://bugs.launchpad.net/nova/+bug/1334398

4 9

[libvirt] [PATCH] Add support for Midonet virtual ports
by Antoni Segura Puimedon 17 Mar '15

17 Mar '15

Up until now, to plug VMs into the Midonet virtual networks it was necessary to use the 'last resort' 'ethernet' type. That implied having the domain tainted and having to deal witht the tap lifecycle outside of libvirt/VM lifecycle. With the patch I submit, a new virtualport type will be accepted by libvirt that will always require an interfaceid (as it is essential for binding a tap device to a virtual port that the virtual port itself exists and has a UUID). With that interfaceid, libvirt will delegate the binding on the Midonet userspace tools. Antoni Segura Puimedon (1): Add support for the midonet virtualport type configure.ac | 4 ++ docs/schemas/networkcommon.rng | 12 +++++ src/Makefile.am | 1 + src/conf/domain_conf.h | 1 + src/conf/netdev_vport_profile_conf.c | 3 +- src/libvirt_private.syms | 5 ++ src/qemu/qemu_hotplug.c | 25 +++++++--- src/qemu/qemu_process.c | 13 +++-- src/util/virnetdevmidonet.c | 97 ++++++++++++++++++++++++++++++++++++ src/util/virnetdevmidonet.h | 37 ++++++++++++++ src/util/virnetdevtap.c | 11 ++-- src/util/virnetdevvportprofile.c | 1 + src/util/virnetdevvportprofile.h | 5 +- 13 files changed, 197 insertions(+), 18 deletions(-) create mode 100644 src/util/virnetdevmidonet.c create mode 100644 src/util/virnetdevmidonet.h -- 2.3.0

5 32