[libvirt] linux guest time synchronization
by John L. Magee
We have recently updated some servers to CentOS 7 qemu kvm hosts and have been replacing older CentOS 5 and 6 guests with new CentOS 7 guests. Somehow, I thought we no longer had to run NTP/Chrony on the guests if we had the proper timer configuration. It turns out that the guest hwclock stays up to date with the host, where we are running Chrony, but the guest system time is drifting significantly. Is there no way to keep guest system time synchronized to the hwclock? It seems like a waste of resources to run Chrony on all the guests.
Please redirect me to the correct group if this is not the right one. Thanks in advance.
John L Magee jlmagee(a)mageenet.net<mailto:jlmagee@mageenet.net>
8 years, 10 months
[libvirt] [PATCH] Don't error when attaching security label of model "none"
by Daniel P. Berrange
If you invoke virDomainLxcEnterSecurityLabel() on security
model of "none" it will report an error. Logically a "none"
security model should be treated as a no-op, so we should
just return success immediately, instead of an error.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/libvirt-lxc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c
index 16e08e9..c487ece 100644
--- a/src/libvirt-lxc.c
+++ b/src/libvirt-lxc.c
@@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model,
_("Support for AppArmor is not enabled"));
goto error;
#endif
+ } else if (STREQ(model->model, "none")) {
+ /* nothing todo */
} else {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
_("Security model %s cannot be entered"),
--
2.7.4
8 years, 10 months
[libvirt] [PATCH] Make really sure we don't access non-existing vCPUs
by Martin Kletzander
MinGW complained that we might be dereferencing a NULL pointer. While
that's most probably not going to be true (now), the logic certainly
allows for that and we might actually do this a lot in the future with
sparse vcpu mapping.
../../src/conf/domain_conf.c: In function 'virDomainDefGetVcpuPinInfoHelper':
../../src/conf/domain_conf.c:1545:17: error: potential null pointer
dereference [-Werror=null-dereference]
if (vcpu->cpumask)
~~~~^~~~~~~~~
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
I could've pushed this as a build breaker, but I'm not really sure
everyone will like this to be handled this way. I also did another
fix for this where we don't do int->size_t->int casting all the time,
but it's probably not worth the hassle. Also I don't know whether
Peter has more stuff for this in his pockets now, so I figured I
rather submit this for review.
src/conf/domain_conf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 16e0736e09db..308073897880 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1542,6 +1542,9 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def,
virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(def, i);
virBitmapPtr bitmap = NULL;
+ if (!vcpu)
+ continue;
+
if (vcpu->cpumask)
bitmap = vcpu->cpumask;
else if (def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO &&
--
2.9.0
8 years, 10 months
[libvirt] [PATCHv2 0/2] disable default gateway in IPv6 RA for isolated networks
by Maxim Perevedentsev
In case of DHCPv6 in isolated network, we start dnsmasq
which sends Router Advertisements (RA). If RA containts no gateway
then the link-local address of the source of RA is considered
a gateway (and guest installs a corresponding default route).
If a guest has two network interfaces (public and isolated network)
and the user installs a default route through "public" interface,
the guest will have something like
default via fe80::ffff:1:1 dev eth2 metric 1024
default via fe80::5054:ff:fe0a:d808 dev eth3 proto ra metric 1024 expires 1789sec
RA route metric may vary, and it is preferred.
The validity of default route is controlled by
"default [route] lifetime" field in RA. If it is 0, then
the default gateway announced is considered invalid,
and no default route is installed into guest.
dnsmasq 2.67+ supports "ra-param=<interface>,<RA interval>,<default lifetime>"
option. We can pass "ra-param=*,0,0" (here, RA_interval=0 means default)
to disable default gateway in RA.
This patchset adds detection for "ra-param" in dnsmasq and
sets "ra-param=*,0,0" for isolated network if dnsmasq supports it.
Maxim Perevedentsev (2):
Fix message about dnsmasq BINDTODEVICE capability.
dnsmasq: disable IPv6 default gateway in RA for isolated networks
src/network/bridge_driver.c | 7 +++++++
src/util/virdnsmasq.c | 8 ++++++--
src/util/virdnsmasq.h | 1 +
3 files changed, 14 insertions(+), 2 deletions(-)
--
1.8.3.1
8 years, 10 months
[libvirt] [PATCH V2] systemd: fix ready notification on abstract socket
by Jim Fehlig
At least with systemd v210, NOTIFY_SOCKET is abstact, e.g.
@/org/freedesktop/systemd1/notify. sendmsg() fails on such a socket
with "Connection refused". The unix(7) man page contains the following
details wrt abstract socket addresses
abstract: an abstract socket address is distinguished (from a
pathname socket) by the fact that sun_path[0] is a null byte
('\0'). The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the specified
length of the address structure. (Null bytes in the name have
no special significance.)
So we need to be more precise about the address length, setting it to
the sizeof sa_family_t + length of address copied to sun_path instead
of setting it to the sizeof the entire sockaddr_un struct.
Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=987668
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
V2:
Use offsetof() to calculate size of sa_family_t field of the
sockaddr_un structure instead of sizeof().
src/util/virsystemd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
index 871db7e..969cd68 100644
--- a/src/util/virsystemd.c
+++ b/src/util/virsystemd.c
@@ -495,7 +495,6 @@ virSystemdNotifyStartup(void)
};
struct msghdr mh = {
.msg_name = &un,
- .msg_namelen = sizeof(un),
.msg_iov = &iov,
.msg_iovlen = 1,
};
@@ -515,6 +514,8 @@ virSystemdNotifyStartup(void)
if (un.sun_path[0] == '@')
un.sun_path[0] = '\0';
+ mh.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+
fd = socket(AF_UNIX, SOCK_DGRAM, 0);
if (fd < 0) {
VIR_WARN("Unable to create socket FD");
--
2.8.4
8 years, 10 months
[libvirt] [PATCH] systemd: fix ready notification on abstract socket
by Jim Fehlig
At least with systemd v210, NOTIFY_SOCKET is abstact, e.g.
@/org/freedesktop/systemd1/notify. sendmsg() fails on such a socket
with "Connection refused". The unix(7) man page contains the following
details wrt abstract socket addresses
abstract: an abstract socket address is distinguished (from a
pathname socket) by the fact that sun_path[0] is a null byte
('\0'). The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the specified
length of the address structure. (Null bytes in the name have
no special significance.)
So we need to be more precise about the address length, setting it to
the sizeof sa_family_t + length of address copied to sun_path instead
of setting it to the sizeof the entire sockaddr_un struct.
Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=987668
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/util/virsystemd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
index 871db7e..1b5e9fe 100644
--- a/src/util/virsystemd.c
+++ b/src/util/virsystemd.c
@@ -495,7 +495,6 @@ virSystemdNotifyStartup(void)
};
struct msghdr mh = {
.msg_name = &un,
- .msg_namelen = sizeof(un),
.msg_iov = &iov,
.msg_iovlen = 1,
};
@@ -521,6 +520,7 @@ virSystemdNotifyStartup(void)
return;
}
+ mh.msg_namelen = sizeof(sa_family_t) + strlen(path);
if (sendmsg(fd, &mh, MSG_NOSIGNAL) < 0)
VIR_WARN("Failed to notify systemd");
--
2.1.4
8 years, 10 months
[libvirt] [PATCH] esx: Fetch snapshot info directly for filtering
by Tomáš Golembiovský
When fetching domains with virConnectListAllDomains() and when filtering
by snapshot existence is requested the ESX driver first lists all the
domains and then check one-by-one for snapshot existence. This process
takes unnecessarily long time.
To significantly improve the time necessary to finish the query we can
request the snapshot related info directly when querying the list of
domains from VMware.
Signed-off-by: Tomáš Golembiovský <tgolembi(a)redhat.com>
---
src/esx/esx_driver.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index eae015a..3d90b69 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -4924,6 +4924,7 @@ esxConnectListAllDomains(virConnectPtr conn,
int count = 0;
bool autostart;
int state;
+ esxVI_DynamicProperty *dynamicProperty = NULL;
virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1);
@@ -4985,6 +4986,13 @@ esxConnectListAllDomains(virConnectPtr conn,
}
}
+ if (MATCH(VIR_CONNECT_LIST_DOMAINS_FILTERS_SNAPSHOT)) {
+ if (esxVI_String_AppendValueToList(&propertyNameList,
+ "snapshot.rootSnapshotList") < 0) {
+ goto cleanup;
+ }
+ }
+
if (esxVI_LookupVirtualMachineList(priv->primary, propertyNameList,
&virtualMachineList) < 0)
goto cleanup;
@@ -5023,11 +5031,19 @@ esxConnectListAllDomains(virConnectPtr conn,
/* filter by snapshot existence */
if (MATCH(VIR_CONNECT_LIST_DOMAINS_FILTERS_SNAPSHOT)) {
+
esxVI_VirtualMachineSnapshotTree_Free(&rootSnapshotTreeList);
- if (esxVI_LookupRootSnapshotTreeList(priv->primary, uuid,
- &rootSnapshotTreeList) < 0) {
- goto cleanup;
+ for (dynamicProperty = virtualMachine->propSet; dynamicProperty;
+ dynamicProperty = dynamicProperty->_next) {
+ if (STREQ(dynamicProperty->name, "snapshot.rootSnapshotList")) {
+ if (esxVI_VirtualMachineSnapshotTree_CastListFromAnyType
+ (dynamicProperty->val, &rootSnapshotTreeList) < 0) {
+ goto cleanup;
+ }
+
+ break;
+ }
}
if (!((MATCH(VIR_CONNECT_LIST_DOMAINS_HAS_SNAPSHOT) &&
--
2.9.0
8 years, 10 months
[libvirt] [PATCH 0/2] mingw build fixes
by Eric Blake
If I don't get a review in a couple of days, I can probably
justify them under the build-breaker rule; on the other hand,
since mingw doesn't get as much testing, I'm not in a rush
to push right away.
Eric Blake (2):
build: virrandommock.c not needed on mingw
build: drop hack for old mingw ssize_t
gnulib/local/m4/ssize_t.m4.diff | 34 ----------------------------------
tests/virrandommock.c | 19 ++++++++++++-------
2 files changed, 12 insertions(+), 41 deletions(-)
delete mode 100644 gnulib/local/m4/ssize_t.m4.diff
--
2.5.5
8 years, 10 months
[libvirt] [PATCH] examples: If parameters count is zero we have nothing to do
by Marc Hartmayer
The virDomainGetCPUStats() API contract permits nparams ==
0. print_cpu_usage() assumes nparams > 0 because the domtop example
application isn't very useful if there are no statistics. Explicitly
error out to avoid potentially using the local variable pos
uninitialized.
Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe(a)linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.vnet.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com>
---
examples/domtop/domtop.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/examples/domtop/domtop.c b/examples/domtop/domtop.c
index 2283994..f8e250b 100644
--- a/examples/domtop/domtop.c
+++ b/examples/domtop/domtop.c
@@ -203,6 +203,11 @@ print_cpu_usage(const char *dom_name,
size_t nparams = now_nparams;
bool delim = false;
+ if (nparams == 0) {
+ ERROR("parameter count is zero");
+ return;
+ }
+
if (then_nparams != now_nparams) {
/* this should not happen (TM) */
ERROR("parameters counts don't match");
--
2.5.5
8 years, 10 months
