[libvirt] [PATCH v2] tools: Fix connect command
by Martin Kletzander
The man page says: "(Re)-Connect to the hypervisor. When the shell is
first started, this is automatically run with the URI parameter
requested by the "-c" option on the command line." However, if you run:
virsh -c 'test://default' 'connect; uri'
the output will not be 'test://default'. That's because the 'connect'
command does not care about any virsh-only related settings and if it is
run without parameters, it connects with @uri == NULL. Not only that
doesn't comply to what the man page describes, but it also doesn't make
sense. It also means you aren't able to reconnect to whatever you are
connected currently.
So let's fix that in both virsh and virt-admin add a test case for it.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
v2:
- rebased on top of Cole's changes
v1:
- https://www.redhat.com/archives/libvir-list/2016-April/msg01462.html
tests/test-lib.sh | 6 ++++++
tests/virsh-uriprecedence | 54 +++++++++++++++++++++++++++++++++++------------
tools/virsh.c | 48 ++++++++++-------------------------------
tools/virt-admin.c | 6 ++++--
4 files changed, 62 insertions(+), 52 deletions(-)
diff --git a/tests/test-lib.sh b/tests/test-lib.sh
index 8e0ce83e118c..49e8d2209572 100644
--- a/tests/test-lib.sh
+++ b/tests/test-lib.sh
@@ -232,6 +232,12 @@ if test -n "$VIR_TEST_DEBUG" || test -n "$VIR_TEST_VERBOSE" ; then
verbose=1
fi
+debug() { :; }
+
+if test "$VIR_TEST_DEBUG" = "2"; then
+ debug() { echo "$@"; }
+fi
+
# This is a stub function that is run upon trap (upon regular exit and
# interrupt). Override it with a per-test function, e.g., to unmount
# a partition, or to undo any other global state changes.
diff --git a/tests/virsh-uriprecedence b/tests/virsh-uriprecedence
index f9e325658900..4bcce3aeb08f 100755
--- a/tests/virsh-uriprecedence
+++ b/tests/virsh-uriprecedence
@@ -8,7 +8,8 @@
test_intro "virsh-uriprecedence"
virsh_bin="$abs_top_builddir/tools/virsh"
-counter=1
+virsh_cmd="$virsh_bin"
+counter=0
ret=0
cleanup_() { rm -rf "$tmphome"; }
@@ -23,16 +24,44 @@ mkdir -p "$XDG_CONFIG_HOME/libvirt" "$XDG_CONFIG_HOME/virsh"
mkdir -p "$XDG_CACHE_HOME/libvirt" "$XDG_CACHE_HOME/virsh"
mkdir -p "$XDG_RUNTIME_HOME/libvirt" "$XDG_RUNTIME_HOME/virsh"
-# Main function checking for the proper uri being returned
+is_uri_good()
+{
+ echo "$1" | grep -q -F "$good_uri"
+}
+
+test_uri_internal()
+{
+ test_name=$1
+ test_cmd="$virsh_cmd \"$2\""
+ result=0
+
+ debug "Running '$test_cmd'"
+ out="$($virsh_cmd "$2")"
+
+ if ! is_uri_good "$out"; then
+ debug "Invalid output: '$out'"
+ result=1
+ ret=1
+ fi
+
+ counter="$((counter+1))"
+ test_result "$counter" "$1" "$result"
+}
+
+test_uri_connect()
+{
+ test_uri_internal "$1" "connect; uri"
+}
+
+test_uri_noconnect()
+{
+ test_uri_internal "$1" "uri"
+}
+
test_uri()
{
- result=0
- if [ "$($virsh_bin uri)" != "$good_uri" ]; then
- result=1
- ret=1
- fi
- test_result "$counter" "$1" "$result"
- counter="$((counter+1))"
+ test_uri_connect "$1"
+ test_uri_noconnect "$1"
}
# Precedence is the following (lowest priority first):
@@ -57,6 +86,7 @@ good_uri="test:///default?good_uri"
printf "uri_default=\"%s\"\n" "$good_uri" >"$XDG_CONFIG_HOME/libvirt/libvirt.conf"
if uid_is_privileged_; then
+ counter="$((counter+1))"
test_skip_case "$counter" "User config file" "must not be run as root"
else
test_uri "User config file"
@@ -71,10 +101,8 @@ export VIRSH_DEFAULT_CONNECT_URI="$good_uri"
test_uri "VIRSH_DEFAULT_CONNECT_URI"
export VIRSH_DEFAULT_CONNECT_URI="$bad_uri"
-virsh_bin="$virsh_bin --connect $good_uri"
+virsh_cmd="$virsh_bin --connect $good_uri"
test_uri "Parameter"
-# test_uri() increases $counter even for the last test, so we must
-# decrement it
-test_final "$((counter-1))" "$ret"
+test_final "$counter" "$ret"
(exit "$ret"); exit "$ret"
diff --git a/tools/virsh.c b/tools/virsh.c
index af072510870d..00330db23d0a 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -211,10 +211,11 @@ virshConnect(vshControl *ctl, const char *uri, bool readonly)
*
*/
static void
-virshReconnect(vshControl *ctl)
+virshReconnect(vshControl *ctl, const char *name, bool readonly)
{
bool connected = false;
virshControlPtr priv = ctl->privData;
+ bool ro = name ? readonly : priv->readonly;
if (priv->conn) {
int ret;
@@ -229,7 +230,7 @@ virshReconnect(vshControl *ctl)
"disconnect from the hypervisor"));
}
- priv->conn = virshConnect(ctl, ctl->connname, priv->readonly);
+ priv->conn = virshConnect(ctl, name ? name : ctl->connname, ro);
if (!priv->conn) {
if (disconnected)
@@ -237,6 +238,11 @@ virshReconnect(vshControl *ctl)
else
vshError(ctl, "%s", _("failed to connect to the hypervisor"));
} else {
+ if (name) {
+ VIR_FREE(ctl->connname);
+ ctl->connname = vshStrdup(ctl, name);
+ priv->readonly = readonly;
+ }
if (virConnectRegisterCloseCallback(priv->conn, virshCatchDisconnect,
ctl, NULL) < 0)
vshError(ctl, "%s", _("Unable to register disconnect callback"));
@@ -291,43 +297,11 @@ cmdConnect(vshControl *ctl, const vshCmd *cmd)
{
bool ro = vshCommandOptBool(cmd, "readonly");
const char *name = NULL;
- virshControlPtr priv = ctl->privData;
- virConnectPtr conn;
if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0)
return false;
- conn = virshConnect(ctl, name, ro);
-
- if (!conn) {
- vshError(ctl, "%s", _("Failed to connect to the hypervisor"));
- return false;
- }
-
- if (priv->conn) {
- int ret;
-
- virConnectUnregisterCloseCallback(priv->conn, virshCatchDisconnect);
- ret = virConnectClose(priv->conn);
- if (ret < 0)
- vshError(ctl, "%s", _("Failed to disconnect from the hypervisor"));
- else if (ret > 0)
- vshError(ctl, "%s", _("One or more references were leaked after "
- "disconnect from the hypervisor"));
- }
- priv->conn = conn;
-
- VIR_FREE(ctl->connname);
- ctl->connname = vshStrdup(ctl, name);
-
- priv->useGetInfo = false;
- priv->useSnapshotOld = false;
- priv->blockJobNoBytes = false;
- priv->readonly = ro;
-
- if (virConnectRegisterCloseCallback(priv->conn, virshCatchDisconnect,
- ctl, NULL) < 0)
- vshError(ctl, "%s", _("Unable to register disconnect callback"));
+ virshReconnect(ctl, name, ro);
return true;
}
@@ -360,7 +334,7 @@ virshConnectionHandler(vshControl *ctl)
virshControlPtr priv = ctl->privData;
if (!priv->conn || disconnected)
- virshReconnect(ctl);
+ virshReconnect(ctl, NULL, false);
if (virshConnectionUsability(ctl, priv->conn))
return priv->conn;
@@ -431,7 +405,7 @@ virshInit(vshControl *ctl)
return false;
if (ctl->connname) {
- virshReconnect(ctl);
+ virshReconnect(ctl, NULL, false);
/* Connecting to a named connection must succeed, but we delay
* connecting to the default connection until we need it
* (since the first command might be 'connect' which allows a
diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 22160ad929d0..4275aa37a1bf 100644
--- a/tools/virt-admin.c
+++ b/tools/virt-admin.c
@@ -291,8 +291,10 @@ cmdConnect(vshControl *ctl, const vshCmd *cmd)
if (vshCommandOptStringReq(ctl, cmd, "name", &name) < 0)
return false;
- VIR_FREE(ctl->connname);
- ctl->connname = vshStrdup(ctl, name);
+ if (name) {
+ VIR_FREE(ctl->connname);
+ ctl->connname = vshStrdup(ctl, name);
+ }
vshAdmReconnect(ctl);
if (!connected)
--
2.8.1
8 years, 8 months
[libvirt] Printing runtime DAC seclabel in the XML
by Cole Robinson
I'm looking in the code to see why runtime VM dac seclabel values aren't
printed in the active XML. They are filled in, but the domain XML formatter
explicitly skips it:
/* To avoid backward compatibility issues, suppress DAC and 'none' labels
* that are automatically generated.
*/
if ((STREQ_NULLABLE(def->model, "dac") ||
STREQ_NULLABLE(def->model, "none")) && def->implicit)
return;
The relevant bit is from here:
commit 990e46c4542349f838e001d30638872576c389e9
Author: Marcelo Cerri <mhcerri(a)linux.vnet.ibm.com>
Date: Fri Aug 31 13:40:41 2012 +0200
conf: Avoid formatting auto-generated DAC labels
And I think comment elsewhere in domain_conf.c explains what that's all about:
/* libvirt versions prior to 0.10.0 support just a single seclabel element
* in guest's XML and model attribute can be suppressed if type is none or
* type is dynamic, baselabel is not defined and INACTIVE flag is set.
*
* To avoid compatibility issues, for this specific case the first model
* defined in host's capabilities is used as model for the seclabel.
*/
Just dropping the the model == "dac" check above seems to accomplish what I'm
after, but it's not strictly back compatible. That said, libvirt has supported
multiple seclabels for a loooong time now, so I wonder do we even care? Do we
have a target for how far back we try to maintain XML compat? Or does anyone
else have other ideas?
(ccing jiri and michal who have had patches in this area)
Thanks,
Cole
8 years, 8 months
[libvirt] [PATCH 0/5] tests: misc cleanups
by Cole Robinson
A collection of misc cleanups to the test suite. They apply on top of
my config file fix here:
http://www.redhat.com/archives/libvir-list/2016-April/msg01515.html
Cole Robinson (5):
tests: build: Remove duplicate libvirtd test list
tests: consistently name virsh tests with 'virsh-' prefix
tests: rename test_conf -> virconftest
tests: consistently source test-lib.sh in scripts
tests: remove 'reconnect' and 'statstest'
cfg.mk | 2 +-
tests/Makefile.am | 64 +++----
tests/capabilityschematest | 3 +-
tests/domaincapsschematest | 3 +-
tests/domainschematest | 3 +-
tests/domainsnapshotschematest | 3 +-
tests/interfaceschematest | 3 +-
tests/libvirtd-fail | 6 +-
tests/libvirtd-pool | 6 +-
tests/networkschematest | 3 +-
tests/nodedevschematest | 3 +-
tests/nwfilterschematest | 3 +-
tests/reconnect.c | 71 -------
tests/secretschematest | 3 +-
tests/statstest.c | 210 ---------------------
tests/storagepoolschematest | 3 +-
tests/storagevolschematest | 3 +-
tests/{confdata => virconfdata}/fc4.conf | 0
tests/{confdata => virconfdata}/fc4.out | 0
tests/{confdata => virconfdata}/libvirtd.conf | 0
tests/{confdata => virconfdata}/libvirtd.out | 0
tests/{confdata => virconfdata}/no-newline.conf | 0
tests/{confdata => virconfdata}/no-newline.out | 0
tests/{test_conf.c => virconftest.c} | 0
tests/{test_conf.sh => virconftest.sh} | 4 +-
tests/virsh-all | 4 +-
tests/{cpuset => virsh-cpuset} | 6 +-
...fine-dev-segfault => virsh-define-dev-segfault} | 6 +-
tests/{int-overflow => virsh-int-overflow} | 6 +-
tests/virsh-optparse | 6 +-
tests/{read-bufsiz => virsh-read-bufsiz} | 6 +-
.../{read-non-seekable => virsh-read-non-seekable} | 6 +-
tests/virsh-schedinfo | 6 +-
tests/{start => virsh-start} | 6 +-
tests/virsh-synopsis | 6 +-
tests/virsh-undefine | 6 +-
tests/virsh-uriprecedence | 3 +-
tests/{vcpupin => virsh-vcpupin} | 6 +-
38 files changed, 49 insertions(+), 420 deletions(-)
delete mode 100644 tests/reconnect.c
delete mode 100644 tests/statstest.c
rename tests/{confdata => virconfdata}/fc4.conf (100%)
rename tests/{confdata => virconfdata}/fc4.out (100%)
rename tests/{confdata => virconfdata}/libvirtd.conf (100%)
rename tests/{confdata => virconfdata}/libvirtd.out (100%)
rename tests/{confdata => virconfdata}/no-newline.conf (100%)
rename tests/{confdata => virconfdata}/no-newline.out (100%)
rename tests/{test_conf.c => virconftest.c} (100%)
rename tests/{test_conf.sh => virconftest.sh} (88%)
rename tests/{cpuset => virsh-cpuset} (89%)
rename tests/{define-dev-segfault => virsh-define-dev-segfault} (90%)
rename tests/{int-overflow => virsh-int-overflow} (74%)
rename tests/{read-bufsiz => virsh-read-bufsiz} (90%)
rename tests/{read-non-seekable => virsh-read-non-seekable} (89%)
rename tests/{start => virsh-start} (86%)
rename tests/{vcpupin => virsh-vcpupin} (94%)
--
2.7.3
8 years, 8 months
[libvirt] [PATCH] configure: Remove build time checks for (ip|ip6|eb)tables
by Cole Robinson
And the 'ip' tool. There isn't much benefit to checking this at
configure time when we have infrastructure nowadays for looking up
binaries in the PATH
https://bugzilla.redhat.com/show_bug.cgi?id=661262
---
configure.ac | 12 ------
src/util/virfirewall.c | 18 +++++----
src/util/virnetdev.c | 6 +--
tests/virfirewalltest.c | 98 ++++++++++++++++++++++++-------------------------
4 files changed, 62 insertions(+), 72 deletions(-)
diff --git a/configure.ac b/configure.ac
index de5f430..35ae16e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -694,18 +694,6 @@ if test x"$with_rhel5_api" = x"yes"; then
AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API])
fi
-AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary])
-
-AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary])
-
-AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary])
-
-AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary])
-
dnl
dnl Checks for the OpenVZ driver
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f26fd86..63f9709 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -47,9 +47,9 @@ typedef virFirewallGroup *virFirewallGroupPtr;
VIR_ENUM_DECL(virFirewallLayerCommand)
VIR_ENUM_IMPL(virFirewallLayerCommand, VIR_FIREWALL_LAYER_LAST,
- EBTABLES_PATH,
- IPTABLES_PATH,
- IP6TABLES_PATH);
+ "ebtables",
+ "iptables",
+ "ip6tables");
VIR_ENUM_DECL(virFirewallLayerFirewallD)
VIR_ENUM_IMPL(virFirewallLayerFirewallD, VIR_FIREWALL_LAYER_LAST,
@@ -134,13 +134,13 @@ static void
virFirewallCheckUpdateLocking(void)
{
const char *iptablesArgs[] = {
- IPTABLES_PATH, "-w", "-L", "-n", NULL,
+ "iptables", "-w", "-L", "-n", NULL,
};
const char *ip6tablesArgs[] = {
- IP6TABLES_PATH, "-w", "-L", "-n", NULL,
+ "ip6tables", "-w", "-L", "-n", NULL,
};
const char *ebtablesArgs[] = {
- EBTABLES_PATH, "--concurrent", "-L", NULL,
+ "ebtables", "--concurrent", "-L", NULL,
};
if (lockOverride)
return;
@@ -182,17 +182,19 @@ virFirewallValidateBackend(virFirewallBackend backend)
if (backend == VIR_FIREWALL_BACKEND_DIRECT) {
const char *commands[] = {
- IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
+ "iptables", "ip6tables", "ebtables"
};
size_t i;
for (i = 0; i < ARRAY_CARDINALITY(commands); i++) {
- if (!virFileIsExecutable(commands[i])) {
+ char *path = virFindFileInPath(commands[i]);
+ if (!path) {
virReportSystemError(errno,
_("direct firewall backend requested, but %s is not available"),
commands[i]);
return -1;
}
+ VIR_FREE(path);
}
VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend");
}
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index bb17b84..75e45fd 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -1469,7 +1469,7 @@ int virNetDevSetIPAddress(const char *ifname,
virCommandAddArgList(cmd, "broadcast", bcaststr, NULL);
virCommandAddArg(cmd, "alias");
# else
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "addr", "add", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
if (peerstr)
@@ -1506,7 +1506,7 @@ virNetDevAddRoute(const char *ifname,
goto cleanup;
if (!(gatewaystr = virSocketAddrFormat(gateway)))
goto cleanup;
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "route", "add", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArgList(cmd, "via", gatewaystr, "dev", ifname,
@@ -1544,7 +1544,7 @@ int virNetDevClearIPAddress(const char *ifname,
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArg(cmd, "-alias");
# else
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "addr", "del", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArgList(cmd, "dev", ifname, NULL);
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index f1f29c6..976e883 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -128,11 +128,11 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
if (fwBuf) {
if (STREQ(type, "ipv4"))
- virBufferAddLit(fwBuf, IPTABLES_PATH);
+ virBufferAddLit(fwBuf, "iptables");
else if (STREQ(type, "ipv4"))
- virBufferAddLit(fwBuf, IP6TABLES_PATH);
+ virBufferAddLit(fwBuf, "ip6tables");
else
- virBufferAddLit(fwBuf, EBTABLES_PATH);
+ virBufferAddLit(fwBuf, "ebtables");
}
for (i = 0; i < nargs; i++) {
if (fwBuf) {
@@ -204,8 +204,8 @@ testFirewallSingleGroup(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -263,8 +263,8 @@ testFirewallRemoveRule(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
virFirewallRulePtr fwrule;
@@ -329,10 +329,10 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -423,10 +423,10 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -498,10 +498,10 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -572,8 +572,8 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -642,11 +642,11 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -732,10 +732,10 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -825,14 +825,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -976,11 +976,11 @@ testFirewallQueryHook(const char *const*args,
int *status,
void *opaque ATTRIBUTE_UNUSED)
{
- if (STREQ(args[0], IPTABLES_PATH) &&
+ if (STREQ(args[0], "iptables") &&
STREQ(args[1], "-L")) {
if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0)
*status = 127;
- } else if (STREQ(args[0], IPTABLES_PATH) &&
+ } else if (STREQ(args[0], "iptables") &&
STREQ(args[1], "-t") &&
STREQ(args[2], "nat") &&
STREQ(args[3], "-L")) {
@@ -1026,15 +1026,15 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
- IPTABLES_PATH " -L\n"
- IPTABLES_PATH " -t nat -L\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -L\n"
+ "iptables -t nat -L\n"
+ "iptables -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+ "iptables -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
const struct testFirewallData *data = opaque;
expectedLineNum = 0;
--
2.7.3
8 years, 8 months
[libvirt] [PATCH 0/3] docs: Some fixes and improvements
by Andrea Bolognani
See individual patches for details.
Andrea Bolognani (3):
syntax-check: Enforce <code> inside <dt> elements
docs: Fix some formatting oddities
docs: Use bold font for symbols
cfg.mk | 14 ++++
docs/formatdomain.html.in | 193 +++++++++++++++++++++++---------------------
docs/formatnetwork.html.in | 7 +-
docs/formatsnapshot.html.in | 6 +-
docs/generic.css | 4 +
docs/remote.html.in | 2 +-
6 files changed, 127 insertions(+), 99 deletions(-)
--
2.5.5
8 years, 8 months
[libvirt] [PATCH v2 00/14] Convert secret driver to use hashed object
by John Ferlan
v1: http://www.redhat.com/archives/libvir-list/2016-March/msg00099.html
Differences high level:
- Use virsecretobj.{c,h} instead of secret_conf.{c,h}
- Work in v1 review comments
Difference details for those that care to know:
Note: Former patch2 has already been pushed.
Patch 1: Is combination of v1's patch1 and patch3 w/ adjustments:
- Create virsecretobj.c and virsecretobj.h and move sources there.
- Add virsecretobj.{c,h} to src/Makefile.am
- Use order as suggested by eblake review of patch3 for forward
static decls, removed the != NULL from virSecretObjDispose, and
add comment regarding why memset() is being done
Patch 2: Former patch4
- Move code to virsecretobj.{c,h} instead of secret_conf.{c,h}
- Change the virSecretObjFindByUUIDLocked to use the construct
"return virObjectRef(virHashLookup(...));" as suggested by eblake
Patch3: Former patch5 (split)
- Split the format patch5 to have virSecretUsageIDForDef changes in one
patch and the remainder in the followup patch.
Patch4: Former patch5 (split)
- The rest of former patch5
- Removed the extraneous "VIR_FREE(configFile);" as noted by eblake.
- NOTE: eblake queried about the condition:
if (secret->def->private && !def->private)
in virSecretObjListAddLocked. This same check came from the former
secretDefineXML in the else of the "secretFindByUUID(new_attrs->uuid)".
IOW: Redefining a secret. The code didn't allow a "new" secret to
be not private if the currently defined one was private. I left it as is.
Patch5->Patch9: Former patch6->patch10:
- All that's different is using virsecretobj instead of secret_conf
Patch10: Former patch11
- Using virsecretobj instead of secret_conf
Patch11: Former patch10
- Adjusted and moved the comment from virSecretObjDeleteConfig to
virSecretObjDeleteData
- Added a virReportSystemError for the DeleteConfig error
Patch12: Former patch13:
- All that's different is using virsecretobj instead of secret_conf
Patch13: Former patch14
- Delete the extra space in the "return 0" as noted by Cole's review.
Patch14: Former patch15:
- All that's different is using virsecretobj instead of secret_conf
After all is said done, I did a sdiff between the v1 secret_conf.h
and v2 virsecretobj.h as well as the v1 secret_conf.c and v2 virsecretobj.c
and found only the differences as noted above, plus removed a duplicated
virSecretUsageIDForDef prototype I found in secret_conf.h.
I also went through the painful process of make check syntax-check at each
step of the way and built using Coverity.
John Ferlan (14):
secret: Create virsecretobj.c and virsecretconf.h
secret: Introduce virSecretObjListFindBy{UUID|Usage} support
secret: Introduce virSecretUsageIDForDef
secret: Introduce virSecretObjListAdd* and virSecretObjListRemove
secret: Introduce virSecretObjListNumOfSecrets
secret: Introduce virSecretObjListExport
secret: Introduce virSecretObjListGetUUIDs
secret: Use the hashed virSecretObjList
secret: Move and rename secretLoadAllConfigs
secret: Introduce virSecretObjDelete{Config|Data}
secret: Introduce virSecretObjSave{Config|Data}
secret: Introduce virSecretObj{Get|Set}Def
secret: Introduce virSecretObjGetValue and virSecretObjGetValueSize
secret: Change virSecretDef variable names
po/POTFILES.in | 1 +
src/Makefile.am | 3 +-
src/conf/secret_conf.c | 37 +-
src/conf/secret_conf.h | 9 +-
src/conf/virsecretobj.c | 1011 +++++++++++++++++++++++++++++++++++++++++
src/conf/virsecretobj.h | 110 +++++
src/libvirt_private.syms | 24 +
src/secret/secret_driver.c | 823 ++++-----------------------------
src/storage/storage_backend.c | 4 +-
9 files changed, 1279 insertions(+), 743 deletions(-)
create mode 100644 src/conf/virsecretobj.c
create mode 100644 src/conf/virsecretobj.h
--
2.5.5
8 years, 8 months
[libvirt] [PATCH 0/4] qemu: handle ',' and '=' in VM names
by Cole Robinson
This series adds qemu cli comma escaping to several places that
are dependent on the VM name, to enable names with embedded commas.
Patch 4 makes use of qemu -name guest=X value to allow names with
'=' in them.
There's likely other places that are VM name dependent that need
escaping too, but this hits the mandatory ones. I'm going to through
the remaining list on the BiteSizedTasks page
Cole Robinson (4):
qemu: command: escape commas in VM name
qemu: command: escape commas in secret master path
qemu: command: escape commas in chardev socket path
qemu: command: Use -name guest= if available
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 22 ++++++++++++--------
tests/qemucapabilitiesdata/caps_2.1.1-1.caps | 1 +
tests/qemucapabilitiesdata/caps_2.4.0-1.caps | 1 +
tests/qemucapabilitiesdata/caps_2.5.0-1.caps | 1 +
tests/qemucapabilitiesdata/caps_2.6.0-1.caps | 1 +
.../qemuxml2argvdata/qemuxml2argv-name-escape.args | 24 ++++++++++++++++++++++
.../qemuxml2argvdata/qemuxml2argv-name-escape.xml | 18 ++++++++++++++++
tests/qemuxml2argvtest.c | 2 ++
10 files changed, 65 insertions(+), 8 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-name-escape.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-name-escape.xml
--
2.7.3
8 years, 8 months
[libvirt] [PATCH] vbox: VIR_WARN if we don't support the API version
by Cole Robinson
We presently don't give any indication if the VirtualBox version
isn't in our support whitelist.
---
src/vbox/vbox_common.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c
index 0cead10..50ebdba 100644
--- a/src/vbox/vbox_common.c
+++ b/src/vbox/vbox_common.c
@@ -7856,7 +7856,11 @@ virHypervisorDriverPtr vboxGetHypervisorDriver(uint32_t uVersion)
/* Install gVBoxAPI according to the vbox API version. */
int result = 0;
installUniformedAPI(gVBoxAPI, result);
- if (result < 0) return NULL;
+ if (result < 0) {
+ VIR_WARN(_("Libvirt doesn't support VirtualBox API version %u"),
+ uVersion);
+ return NULL;
+ }
updateDriver();
return &vboxCommonDriver;
}
--
2.7.3
8 years, 8 months
[libvirt] [RFC] move host uuid out of libvirtd.conf (effectively)
by Nikolay Shirokovskiy
Hi, all. I hope RFC flow from me are not hitting some rate limiting.
Integration tests in our compary undercover that host uuid provided thru dmi
is not as unique as it should be. This is probably a manufacturer mistake but
still the case.
Here libvirt's config field host uuid comes to the rescue. It is a good option
in case of tweaking a few machines. In case of full-fledged mgmt it is probably
enough too. But in case your managment is managment of packages thru you
package manager it is not that convinent. The problem is that if one generates
uuid on package install then package update will not be easy. One probably
wants for updates to go smoothly in case user does not tweak anything but now
it is not possible as changing host uuid is visible as user intervention by
package managment. I'm talking now from my rpm based managment experience but
I imagine this could be no different in other packaging systems too. This is
probably could be overcomed thru some kind of reserse patching before update
and patching again after if package system is wise enougth to check file hashes
and not timestamps for example. But then this is should be done in this and
every packaging system.
So my proposition is simple - make it possible to take host uuid from distinct
file. I think keeping uuid could be the sole purpuse of it. Then we can
generate uuid on package installation and later updates need no any extra
actions at all.
Another benefit of keeping uuid in distinct place is that one can just copy
daemon configuration to a different host not being aware it needs to be
changed.
8 years, 8 months
[libvirt] [PATCH v2] docs: Add bold style for <dt><code> elements
by John Ferlan
Add bolding for <dt><code> elements to make them "stick out" on the
page rather that just a stream of text where the elements only differ
by slightly different font style.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
Based on Andrea's feedback to my v1 patch:
http://www.redhat.com/archives/libvir-list/2016-April/msg01450.html
Also considered adding "color: rgb(256,0,0);" to really make them
pop out, but then thought that could lead down the treacherous path
of customized color on pages (besides, for those red colorblind folks
it's a no win)
docs/generic.css | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/docs/generic.css b/docs/generic.css
index 208e31e..ac39f32 100644
--- a/docs/generic.css
+++ b/docs/generic.css
@@ -27,6 +27,10 @@ dt {
margin-right: 2em;
}
+dt code {
+ font-weight: bold;
+}
+
dl dd {
margin-left: 2em;
margin-right: 2em;
--
2.5.5
8 years, 8 months