April 2016 - Devel - libvirt List Archives

[libvirt] [libvirt-python][PATCH] sanitytest: Sanitize VIR_TYPED_PARAM_*
by Michal Privoznik 25 Apr '16

25 Apr '16

This test checks whether all enums that we produce in libvirt.py have some reasonable value. But because of some crazy backcompat we have the following in libvirt-domain.h: VIR_DOMAIN_SCHED_FIELD_UINT = VIR_TYPED_PARAM_UINT VIR_DOMAIN_SCHED_FIELD_ULLONG = VIR_TYPED_PARAM_ULLONG with repetitions for other types. Now, when generating libvirt.py those values are special cased and thus assigned correct integer values. But sanitytest is missing the special treatment of VIR_TYPED_PARAM_* and therefore produces following error: /usr/bin/python sanitytest.py build/lib.linux-x86_64-2.7 /home/jenkins/build/libvirt/share/libvirt/api/libvirt-api.xml Cannot get a value of enum VIR_TYPED_PARAM_UINT (originally VIR_DOMAIN_SCHED_FIELD_UINT) Cannot get a value of enum VIR_TYPED_PARAM_ULLONG (originally VIR_DOMAIN_SCHED_FIELD_ULLONG) While the test is technically correct, "VIR_TYPED_PARAM_UINT" is not an integer value, it's a name for an enum value. Yet again, special handling is missing here, as VIR_DOMAIN_SCHED_FIELD_* has correct integer value in libvirt.py. Same applies for VIR_DOMAIN_BLKIO_PARAM_* and VIR_DOMAIN_MEMORY_PARAM_* which are fixed by this too. This has been exposed by previous commit of 3026a0593bd040 which started to generate values for symbols from libvirt-common.h too. The symbols I'm mentioning above live just in that very file. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- sanitytest.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) mode change 100644 => 100755 sanitytest.py diff --git a/sanitytest.py b/sanitytest.py old mode 100644 new mode 100755 index faabccb..23163f1 --- a/sanitytest.py +++ b/sanitytest.py @@ -22,6 +22,21 @@ def get_libvirt_api_xml_path(): sys.exit(proc.returncode) return stdout.splitlines()[0] +def sanitize_enum_val(value): + if value == 'VIR_TYPED_PARAM_INT': + value = 1 + elif value == 'VIR_TYPED_PARAM_UINT': + value = 2 + elif value == 'VIR_TYPED_PARAM_LLONG': + value = 3 + elif value == 'VIR_TYPED_PARAM_ULLONG': + value = 4 + elif value == 'VIR_TYPED_PARAM_DOUBLE': + value = 5 + elif value == 'VIR_TYPED_PARAM_BOOLEAN': + value = 6 + return value + # Path to the libvirt API XML file if len(sys.argv) >= 3: xml = sys.argv[2] @@ -66,7 +81,7 @@ for n in set: for n in second_pass: typ = n.attrib['type'] name = n.attrib['name'] - val = n.attrib['value'] + val = sanitize_enum_val(n.attrib['value']) for v in enumvals.values(): if val in v: -- 2.7.3

2 3

[libvirt] [PATCH v2] tools: Fix connect command
by Martin Kletzander 25 Apr '16

25 Apr '16

The man page says: "(Re)-Connect to the hypervisor. When the shell is first started, this is automatically run with the URI parameter requested by the "-c" option on the command line." However, if you run: virsh -c 'test://default' 'connect; uri' the output will not be 'test://default'. That's because the 'connect' command does not care about any virsh-only related settings and if it is run without parameters, it connects with @uri == NULL. Not only that doesn't comply to what the man page describes, but it also doesn't make sense. It also means you aren't able to reconnect to whatever you are connected currently. So let's fix that in both virsh and virt-admin add a test case for it. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- v2: - rebased on top of Cole's changes v1: - https://www.redhat.com/archives/libvir-list/2016-April/msg01462.html tests/test-lib.sh | 6 ++++++ tests/virsh-uriprecedence | 54 +++++++++++++++++++++++++++++++++++------------ tools/virsh.c | 48 ++++++++++------------------------------- tools/virt-admin.c | 6 ++++-- 4 files changed, 62 insertions(+), 52 deletions(-) diff --git a/tests/test-lib.sh b/tests/test-lib.sh index 8e0ce83e118c..49e8d2209572 100644 --- a/tests/test-lib.sh +++ b/tests/test-lib.sh @@ -232,6 +232,12 @@ if test -n "$VIR_TEST_DEBUG" || test -n "$VIR_TEST_VERBOSE" ; then verbose=1 fi +debug() { :; } + +if test "$VIR_TEST_DEBUG" = "2"; then + debug() { echo "$@"; } +fi + # This is a stub function that is run upon trap (upon regular exit and # interrupt). Override it with a per-test function, e.g., to unmount # a partition, or to undo any other global state changes. diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence index f9e325658900..4bcce3aeb08f 100755 --- a/tests/virsh-uriprecedence +++ b/tests/virsh-uriprecedence @@ -8,7 +8,8 @@ test_intro "virsh-uriprecedence" virsh_bin="$abs_top_builddir/tools/virsh" -counter=1 +virsh_cmd="$virsh_bin" +counter=0 ret=0 cleanup_() { rm -rf "$tmphome"; } @@ -23,16 +24,44 @@ mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh" mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh" mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh" -# Main function checking for the proper uri being returned +is_uri_good() +{ + echo "$1" | grep -q -F "$good_uri" +} + +test_uri_internal() +{ + test_name=$1 + test_cmd="$virsh_cmd \"$2\"" + result=0 + + debug "Running '$test_cmd'" + out="$($virsh_cmd "$2")" + + if ! is_uri_good "$out"; then + debug "Invalid output: '$out'" + result=1 + ret=1 + fi + + counter="$((counter+1))" + test_result "$counter" "$1" "$result" +} + +test_uri_connect() +{ + test_uri_internal "$1" "connect; uri" +} + +test_uri_noconnect() +{ + test_uri_internal "$1" "uri" +} + test_uri() { - result=0 - if [ "$($virsh_bin uri)" != "$good_uri" ]; then - result=1 - ret=1 - fi - test_result "$counter" "$1" "$result" - counter="$((counter+1))" + test_uri_connect "$1" + test_uri_noconnect "$1" } # Precedence is the following (lowest priority first): @@ -57,6 +86,7 @@ good_uri="test:///default?good_uri" printf "uri_default=\"%s\"\n" "$good_uri" >"$XDG_CONFIG_HOME/libvirt/libvirt.conf" if uid_is_privileged_; then + counter="$((counter+1))" test_skip_case "$counter" "User config file" "must not be run as root" else test_uri "User config file" @@ -71,10 +101,8 @@ export VIRSH_DEFAULT_CONNECT_URI="$good_uri" test_uri "VIRSH_DEFAULT_CONNECT_URI" export VIRSH_DEFAULT_CONNECT_URI="$bad_uri" -virsh_bin="$virsh_bin --connect $good_uri" +virsh_cmd="$virsh_bin --connect $good_uri" test_uri "Parameter" -# test_uri() increases $counter even for the last test, so we must -# decrement it -test_final "$((counter-1))" "$ret" +test_final "$counter" "$ret" (exit "$ret"); exit "$ret" diff --git a/tools/virsh.c b/tools/virsh.c index af072510870d..00330db23d0a 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -211,10 +211,11 @@ virshConnect(vshControl *ctl, const char *uri, bool readonly) * */ static void -virshReconnect(vshControl *ctl) +virshReconnect(vshControl *ctl, const char *name, bool readonly) { bool connected = false; virshControlPtr priv = ctl->privData; + bool ro = name ? readonly : priv->readonly; if (priv->conn) { int ret; @@ -229,7 +230,7 @@ virshReconnect(vshControl *ctl) "disconnect from the hypervisor")); } - priv->conn = virshConnect(ctl, ctl->connname, priv->readonly); + priv->conn = virshConnect(ctl, name ? name : ctl->connname, ro); if (!priv->conn) { if (disconnected) @@ -237,6 +238,11 @@ virshReconnect(vshControl *ctl) else vshError(ctl, "%s", _("failed to connect to the hypervisor")); } else { + if (name) { + VIR_FREE(ctl->connname); + ctl->connname = vshStrdup(ctl, name); + priv->readonly = readonly; + } if (virConnectRegisterCloseCallback(priv->conn, virshCatchDisconnect, ctl, NULL) < 0) vshError(ctl, "%s", _("Unable to register disconnect callback")); @@ -291,43 +297,11 @@ cmdConnect(vshControl *ctl, const vshCmd *cmd) { bool ro = vshCommandOptBool(cmd, "readonly"); const char *name = NULL; - virshControlPtr priv = ctl->privData; - virConnectPtr conn; if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0) return false; - conn = virshConnect(ctl, name, ro); - - if (!conn) { - vshError(ctl, "%s", _("Failed to connect to the hypervisor")); - return false; - } - - if (priv->conn) { - int ret; - - virConnectUnregisterCloseCallback(priv->conn, virshCatchDisconnect); - ret = virConnectClose(priv->conn); - if (ret < 0) - vshError(ctl, "%s", _("Failed to disconnect from the hypervisor")); - else if (ret > 0) - vshError(ctl, "%s", _("One or more references were leaked after " - "disconnect from the hypervisor")); - } - priv->conn = conn; - - VIR_FREE(ctl->connname); - ctl->connname = vshStrdup(ctl, name); - - priv->useGetInfo = false; - priv->useSnapshotOld = false; - priv->blockJobNoBytes = false; - priv->readonly = ro; - - if (virConnectRegisterCloseCallback(priv->conn, virshCatchDisconnect, - ctl, NULL) < 0) - vshError(ctl, "%s", _("Unable to register disconnect callback")); + virshReconnect(ctl, name, ro); return true; } @@ -360,7 +334,7 @@ virshConnectionHandler(vshControl *ctl) virshControlPtr priv = ctl->privData; if (!priv->conn || disconnected) - virshReconnect(ctl); + virshReconnect(ctl, NULL, false); if (virshConnectionUsability(ctl, priv->conn)) return priv->conn; @@ -431,7 +405,7 @@ virshInit(vshControl *ctl) return false; if (ctl->connname) { - virshReconnect(ctl); + virshReconnect(ctl, NULL, false); /* Connecting to a named connection must succeed, but we delay * connecting to the default connection until we need it * (since the first command might be 'connect' which allows a diff --git a/tools/virt-admin.c b/tools/virt-admin.c index 22160ad929d0..4275aa37a1bf 100644 --- a/tools/virt-admin.c +++ b/tools/virt-admin.c @@ -291,8 +291,10 @@ cmdConnect(vshControl *ctl, const vshCmd *cmd) if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0) return false; - VIR_FREE(ctl->connname); - ctl->connname = vshStrdup(ctl, name); + if (name) { + VIR_FREE(ctl->connname); + ctl->connname = vshStrdup(ctl, name); + } vshAdmReconnect(ctl); if (!connected) -- 2.8.1

2 2

[libvirt] Printing runtime DAC seclabel in the XML
by Cole Robinson 25 Apr '16

25 Apr '16

I'm looking in the code to see why runtime VM dac seclabel values aren't printed in the active XML. They are filled in, but the domain XML formatter explicitly skips it: /* To avoid backward compatibility issues, suppress DAC and 'none' labels * that are automatically generated. */ if ((STREQ_NULLABLE(def->model, "dac") || STREQ_NULLABLE(def->model, "none")) && def->implicit) return; The relevant bit is from here: commit 990e46c4542349f838e001d30638872576c389e9 Author: Marcelo Cerri <mhcerri(a)linux.vnet.ibm.com> Date: Fri Aug 31 13:40:41 2012 +0200 conf: Avoid formatting auto-generated DAC labels And I think comment elsewhere in domain_conf.c explains what that's all about: /* libvirt versions prior to 0.10.0 support just a single seclabel element * in guest's XML and model attribute can be suppressed if type is none or * type is dynamic, baselabel is not defined and INACTIVE flag is set. * * To avoid compatibility issues, for this specific case the first model * defined in host's capabilities is used as model for the seclabel. */ Just dropping the the model == "dac" check above seems to accomplish what I'm after, but it's not strictly back compatible. That said, libvirt has supported multiple seclabels for a loooong time now, so I wonder do we even care? Do we have a target for how far back we try to maintain XML compat? Or does anyone else have other ideas? (ccing jiri and michal who have had patches in this area) Thanks, Cole

2 5

[libvirt] [PATCH 0/5] tests: misc cleanups
by Cole Robinson 23 Apr '16

23 Apr '16

A collection of misc cleanups to the test suite. They apply on top of my config file fix here: http://www.redhat.com/archives/libvir-list/2016-April/msg01515.html Cole Robinson (5): tests: build: Remove duplicate libvirtd test list tests: consistently name virsh tests with 'virsh-' prefix tests: rename test_conf -> virconftest tests: consistently source test-lib.sh in scripts tests: remove 'reconnect' and 'statstest' cfg.mk | 2 +- tests/Makefile.am | 64 +++---- tests/capabilityschematest | 3 +- tests/domaincapsschematest | 3 +- tests/domainschematest | 3 +- tests/domainsnapshotschematest | 3 +- tests/interfaceschematest | 3 +- tests/libvirtd-fail | 6 +- tests/libvirtd-pool | 6 +- tests/networkschematest | 3 +- tests/nodedevschematest | 3 +- tests/nwfilterschematest | 3 +- tests/reconnect.c | 71 ------- tests/secretschematest | 3 +- tests/statstest.c | 210 --------------------- tests/storagepoolschematest | 3 +- tests/storagevolschematest | 3 +- tests/{confdata => virconfdata}/fc4.conf | 0 tests/{confdata => virconfdata}/fc4.out | 0 tests/{confdata => virconfdata}/libvirtd.conf | 0 tests/{confdata => virconfdata}/libvirtd.out | 0 tests/{confdata => virconfdata}/no-newline.conf | 0 tests/{confdata => virconfdata}/no-newline.out | 0 tests/{test_conf.c => virconftest.c} | 0 tests/{test_conf.sh => virconftest.sh} | 4 +- tests/virsh-all | 4 +- tests/{cpuset => virsh-cpuset} | 6 +- ...fine-dev-segfault => virsh-define-dev-segfault} | 6 +- tests/{int-overflow => virsh-int-overflow} | 6 +- tests/virsh-optparse | 6 +- tests/{read-bufsiz => virsh-read-bufsiz} | 6 +- .../{read-non-seekable => virsh-read-non-seekable} | 6 +- tests/virsh-schedinfo | 6 +- tests/{start => virsh-start} | 6 +- tests/virsh-synopsis | 6 +- tests/virsh-undefine | 6 +- tests/virsh-uriprecedence | 3 +- tests/{vcpupin => virsh-vcpupin} | 6 +- 38 files changed, 49 insertions(+), 420 deletions(-) delete mode 100644 tests/reconnect.c delete mode 100644 tests/statstest.c rename tests/{confdata => virconfdata}/fc4.conf (100%) rename tests/{confdata => virconfdata}/fc4.out (100%) rename tests/{confdata => virconfdata}/libvirtd.conf (100%) rename tests/{confdata => virconfdata}/libvirtd.out (100%) rename tests/{confdata => virconfdata}/no-newline.conf (100%) rename tests/{confdata => virconfdata}/no-newline.out (100%) rename tests/{test_conf.c => virconftest.c} (100%) rename tests/{test_conf.sh => virconftest.sh} (88%) rename tests/{cpuset => virsh-cpuset} (89%) rename tests/{define-dev-segfault => virsh-define-dev-segfault} (90%) rename tests/{int-overflow => virsh-int-overflow} (74%) rename tests/{read-bufsiz => virsh-read-bufsiz} (90%) rename tests/{read-non-seekable => virsh-read-non-seekable} (89%) rename tests/{start => virsh-start} (86%) rename tests/{vcpupin => virsh-vcpupin} (94%) -- 2.7.3

2 12

[libvirt] [PATCH] configure: Remove build time checks for (ip|ip6|eb)tables
by Cole Robinson 23 Apr '16

23 Apr '16

And the 'ip' tool. There isn't much benefit to checking this at configure time when we have infrastructure nowadays for looking up binaries in the PATH https://bugzilla.redhat.com/show_bug.cgi?id=661262 --- configure.ac | 12 ------ src/util/virfirewall.c | 18 +++++---- src/util/virnetdev.c | 6 +-- tests/virfirewalltest.c | 98 ++++++++++++++++++++++++------------------------- 4 files changed, 62 insertions(+), 72 deletions(-) diff --git a/configure.ac b/configure.ac index de5f430..35ae16e 100644 --- a/configure.ac +++ b/configure.ac @@ -694,18 +694,6 @@ if test x"$with_rhel5_api" = x"yes"; then AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API]) fi -AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary]) - -AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary]) - -AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary]) - -AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary]) - dnl dnl Checks for the OpenVZ driver diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index f26fd86..63f9709 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -47,9 +47,9 @@ typedef virFirewallGroup *virFirewallGroupPtr; VIR_ENUM_DECL(virFirewallLayerCommand) VIR_ENUM_IMPL(virFirewallLayerCommand, VIR_FIREWALL_LAYER_LAST, - EBTABLES_PATH, - IPTABLES_PATH, - IP6TABLES_PATH); + "ebtables", + "iptables", + "ip6tables"); VIR_ENUM_DECL(virFirewallLayerFirewallD) VIR_ENUM_IMPL(virFirewallLayerFirewallD, VIR_FIREWALL_LAYER_LAST, @@ -134,13 +134,13 @@ static void virFirewallCheckUpdateLocking(void) { const char *iptablesArgs[] = { - IPTABLES_PATH, "-w", "-L", "-n", NULL, + "iptables", "-w", "-L", "-n", NULL, }; const char *ip6tablesArgs[] = { - IP6TABLES_PATH, "-w", "-L", "-n", NULL, + "ip6tables", "-w", "-L", "-n", NULL, }; const char *ebtablesArgs[] = { - EBTABLES_PATH, "--concurrent", "-L", NULL, + "ebtables", "--concurrent", "-L", NULL, }; if (lockOverride) return; @@ -182,17 +182,19 @@ virFirewallValidateBackend(virFirewallBackend backend) if (backend == VIR_FIREWALL_BACKEND_DIRECT) { const char *commands[] = { - IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH + "iptables", "ip6tables", "ebtables" }; size_t i; for (i = 0; i < ARRAY_CARDINALITY(commands); i++) { - if (!virFileIsExecutable(commands[i])) { + char *path = virFindFileInPath(commands[i]); + if (!path) { virReportSystemError(errno, _("direct firewall backend requested, but %s is not available"), commands[i]); return -1; } + VIR_FREE(path); } VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend"); } diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index bb17b84..75e45fd 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1469,7 +1469,7 @@ int virNetDevSetIPAddress(const char *ifname, virCommandAddArgList(cmd, "broadcast", bcaststr, NULL); virCommandAddArg(cmd, "alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); if (peerstr) @@ -1506,7 +1506,7 @@ virNetDevAddRoute(const char *ifname, goto cleanup; if (!(gatewaystr = virSocketAddrFormat(gateway))) goto cleanup; - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "route", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "via", gatewaystr, "dev", ifname, @@ -1544,7 +1544,7 @@ int virNetDevClearIPAddress(const char *ifname, virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArg(cmd, "-alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "del", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "dev", ifname, NULL); diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index f1f29c6..976e883 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -128,11 +128,11 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block, if (fwBuf) { if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IPTABLES_PATH); + virBufferAddLit(fwBuf, "iptables"); else if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IP6TABLES_PATH); + virBufferAddLit(fwBuf, "ip6tables"); else - virBufferAddLit(fwBuf, EBTABLES_PATH); + virBufferAddLit(fwBuf, "ebtables"); } for (i = 0; i < nargs; i++) { if (fwBuf) { @@ -204,8 +204,8 @@ testFirewallSingleGroup(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -263,8 +263,8 @@ testFirewallRemoveRule(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; virFirewallRulePtr fwrule; @@ -329,10 +329,10 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -423,10 +423,10 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -498,10 +498,10 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -572,8 +572,8 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -642,11 +642,11 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -732,10 +732,10 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -825,14 +825,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -976,11 +976,11 @@ testFirewallQueryHook(const char *const*args, int *status, void *opaque ATTRIBUTE_UNUSED) { - if (STREQ(args[0], IPTABLES_PATH) && + if (STREQ(args[0], "iptables") && STREQ(args[1], "-L")) { if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0) *status = 127; - } else if (STREQ(args[0], IPTABLES_PATH) && + } else if (STREQ(args[0], "iptables") && STREQ(args[1], "-t") && STREQ(args[2], "nat") && STREQ(args[3], "-L")) { @@ -1026,15 +1026,15 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -L\n" - IPTABLES_PATH " -t nat -L\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -L\n" + "iptables -t nat -L\n" + "iptables -A INPUT --source-host 192.168.122.130 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.128 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; expectedLineNum = 0; -- 2.7.3

3 5

[libvirt] [PATCH 0/3] docs: Some fixes and improvements
by Andrea Bolognani 23 Apr '16

23 Apr '16

See individual patches for details. Andrea Bolognani (3): syntax-check: Enforce <code> inside <dt> elements docs: Fix some formatting oddities docs: Use bold font for symbols cfg.mk | 14 ++++ docs/formatdomain.html.in | 193 +++++++++++++++++++++++--------------------- docs/formatnetwork.html.in | 7 +- docs/formatsnapshot.html.in | 6 +- docs/generic.css | 4 + docs/remote.html.in | 2 +- 6 files changed, 127 insertions(+), 99 deletions(-) -- 2.5.5

2 5

[libvirt] [PATCH v2 00/14] Convert secret driver to use hashed object
by John Ferlan 23 Apr '16

23 Apr '16

v1: http://www.redhat.com/archives/libvir-list/2016-March/msg00099.html Differences high level: - Use virsecretobj.{c,h} instead of secret_conf.{c,h} - Work in v1 review comments Difference details for those that care to know: Note: Former patch2 has already been pushed. Patch 1: Is combination of v1's patch1 and patch3 w/ adjustments: - Create virsecretobj.c and virsecretobj.h and move sources there. - Add virsecretobj.{c,h} to src/Makefile.am - Use order as suggested by eblake review of patch3 for forward static decls, removed the != NULL from virSecretObjDispose, and add comment regarding why memset() is being done Patch 2: Former patch4 - Move code to virsecretobj.{c,h} instead of secret_conf.{c,h} - Change the virSecretObjFindByUUIDLocked to use the construct "return virObjectRef(virHashLookup(...));" as suggested by eblake Patch3: Former patch5 (split) - Split the format patch5 to have virSecretUsageIDForDef changes in one patch and the remainder in the followup patch. Patch4: Former patch5 (split) - The rest of former patch5 - Removed the extraneous "VIR_FREE(configFile);" as noted by eblake. - NOTE: eblake queried about the condition: if (secret->def->private && !def->private) in virSecretObjListAddLocked. This same check came from the former secretDefineXML in the else of the "secretFindByUUID(new_attrs->uuid)". IOW: Redefining a secret. The code didn't allow a "new" secret to be not private if the currently defined one was private. I left it as is. Patch5->Patch9: Former patch6->patch10: - All that's different is using virsecretobj instead of secret_conf Patch10: Former patch11 - Using virsecretobj instead of secret_conf Patch11: Former patch10 - Adjusted and moved the comment from virSecretObjDeleteConfig to virSecretObjDeleteData - Added a virReportSystemError for the DeleteConfig error Patch12: Former patch13: - All that's different is using virsecretobj instead of secret_conf Patch13: Former patch14 - Delete the extra space in the "return 0" as noted by Cole's review. Patch14: Former patch15: - All that's different is using virsecretobj instead of secret_conf After all is said done, I did a sdiff between the v1 secret_conf.h and v2 virsecretobj.h as well as the v1 secret_conf.c and v2 virsecretobj.c and found only the differences as noted above, plus removed a duplicated virSecretUsageIDForDef prototype I found in secret_conf.h. I also went through the painful process of make check syntax-check at each step of the way and built using Coverity. John Ferlan (14): secret: Create virsecretobj.c and virsecretconf.h secret: Introduce virSecretObjListFindBy{UUID|Usage} support secret: Introduce virSecretUsageIDForDef secret: Introduce virSecretObjListAdd* and virSecretObjListRemove secret: Introduce virSecretObjListNumOfSecrets secret: Introduce virSecretObjListExport secret: Introduce virSecretObjListGetUUIDs secret: Use the hashed virSecretObjList secret: Move and rename secretLoadAllConfigs secret: Introduce virSecretObjDelete{Config|Data} secret: Introduce virSecretObjSave{Config|Data} secret: Introduce virSecretObj{Get|Set}Def secret: Introduce virSecretObjGetValue and virSecretObjGetValueSize secret: Change virSecretDef variable names po/POTFILES.in | 1 + src/Makefile.am | 3 +- src/conf/secret_conf.c | 37 +- src/conf/secret_conf.h | 9 +- src/conf/virsecretobj.c | 1011 +++++++++++++++++++++++++++++++++++++++++ src/conf/virsecretobj.h | 110 +++++ src/libvirt_private.syms | 24 + src/secret/secret_driver.c | 823 ++++----------------------------- src/storage/storage_backend.c | 4 +- 9 files changed, 1279 insertions(+), 743 deletions(-) create mode 100644 src/conf/virsecretobj.c create mode 100644 src/conf/virsecretobj.h -- 2.5.5

2 15

[libvirt] [PATCH 0/4] qemu: handle ',' and '=' in VM names
by Cole Robinson 23 Apr '16

23 Apr '16

This series adds qemu cli comma escaping to several places that are dependent on the VM name, to enable names with embedded commas. Patch 4 makes use of qemu -name guest=X value to allow names with '=' in them. There's likely other places that are VM name dependent that need escaping too, but this hits the mandatory ones. I'm going to through the remaining list on the BiteSizedTasks page Cole Robinson (4): qemu: command: escape commas in VM name qemu: command: escape commas in secret master path qemu: command: escape commas in chardev socket path qemu: command: Use -name guest= if available src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 22 ++++++++++++-------- tests/qemucapabilitiesdata/caps_2.1.1-1.caps | 1 + tests/qemucapabilitiesdata/caps_2.4.0-1.caps | 1 + tests/qemucapabilitiesdata/caps_2.5.0-1.caps | 1 + tests/qemucapabilitiesdata/caps_2.6.0-1.caps | 1 + .../qemuxml2argvdata/qemuxml2argv-name-escape.args | 24 ++++++++++++++++++++++ .../qemuxml2argvdata/qemuxml2argv-name-escape.xml | 18 ++++++++++++++++ tests/qemuxml2argvtest.c | 2 ++ 10 files changed, 65 insertions(+), 8 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-name-escape.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-name-escape.xml -- 2.7.3

2 6

[libvirt] [PATCH] vbox: VIR_WARN if we don't support the API version
by Cole Robinson 22 Apr '16

22 Apr '16

We presently don't give any indication if the VirtualBox version isn't in our support whitelist. --- src/vbox/vbox_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c index 0cead10..50ebdba 100644 --- a/src/vbox/vbox_common.c +++ b/src/vbox/vbox_common.c @@ -7856,7 +7856,11 @@ virHypervisorDriverPtr vboxGetHypervisorDriver(uint32_t uVersion) /* Install gVBoxAPI according to the vbox API version. */ int result = 0; installUniformedAPI(gVBoxAPI, result); - if (result < 0) return NULL; + if (result < 0) { + VIR_WARN(_("Libvirt doesn't support VirtualBox API version %u"), + uVersion); + return NULL; + } updateDriver(); return &vboxCommonDriver; } -- 2.7.3

2 1

[libvirt] [RFC] move host uuid out of libvirtd.conf (effectively)
by Nikolay Shirokovskiy 22 Apr '16

22 Apr '16

Hi, all. I hope RFC flow from me are not hitting some rate limiting. Integration tests in our compary undercover that host uuid provided thru dmi is not as unique as it should be. This is probably a manufacturer mistake but still the case. Here libvirt's config field host uuid comes to the rescue. It is a good option in case of tweaking a few machines. In case of full-fledged mgmt it is probably enough too. But in case your managment is managment of packages thru you package manager it is not that convinent. The problem is that if one generates uuid on package install then package update will not be easy. One probably wants for updates to go smoothly in case user does not tweak anything but now it is not possible as changing host uuid is visible as user intervention by package managment. I'm talking now from my rpm based managment experience but I imagine this could be no different in other packaging systems too. This is probably could be overcomed thru some kind of reserse patching before update and patching again after if package system is wise enougth to check file hashes and not timestamps for example. But then this is should be done in this and every packaging system. So my proposition is simple - make it possible to take host uuid from distinct file. I think keeping uuid could be the sole purpuse of it. Then we can generate uuid on package installation and later updates need no any extra actions at all. Another benefit of keeping uuid in distinct place is that one can just copy daemon configuration to a different host not being aware it needs to be changed.

2 1