July 2016 - Devel - libvirt List Archives

[libvirt] linux guest time synchronization
by John L. Magee 13 Jul '16

13 Jul '16

We have recently updated some servers to CentOS 7 qemu kvm hosts and have been replacing older CentOS 5 and 6 guests with new CentOS 7 guests. Somehow, I thought we no longer had to run NTP/Chrony on the guests if we had the proper timer configuration. It turns out that the guest hwclock stays up to date with the host, where we are running Chrony, but the guest system time is drifting significantly. Is there no way to keep guest system time synchronized to the hwclock? It seems like a waste of resources to run Chrony on all the guests. Please redirect me to the correct group if this is not the right one. Thanks in advance. John L Magee jlmagee(a)mageenet.net<mailto:jlmagee@mageenet.net>

1 0

[libvirt] [PATCH] Don't error when attaching security label of model "none"
by Daniel P. Berrange 13 Jul '16

13 Jul '16

If you invoke virDomainLxcEnterSecurityLabel() on security model of "none" it will report an error. Logically a "none" security model should be treated as a no-op, so we should just return success immediately, instead of an error. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/libvirt-lxc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 16e08e9..c487ece 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model, _("Support for AppArmor is not enabled")); goto error; #endif + } else if (STREQ(model->model, "none")) { + /* nothing todo */ } else { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, _("Security model %s cannot be entered"), -- 2.7.4

2 2

[libvirt] [PATCH] Make really sure we don't access non-existing vCPUs
by Martin Kletzander 13 Jul '16

13 Jul '16

MinGW complained that we might be dereferencing a NULL pointer. While that's most probably not going to be true (now), the logic certainly allows for that and we might actually do this a lot in the future with sparse vcpu mapping. ../../src/conf/domain_conf.c: In function 'virDomainDefGetVcpuPinInfoHelper': ../../src/conf/domain_conf.c:1545:17: error: potential null pointer dereference [-Werror=null-dereference] if (vcpu->cpumask) ~~~~^~~~~~~~~ Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- I could've pushed this as a build breaker, but I'm not really sure everyone will like this to be handled this way. I also did another fix for this where we don't do int->size_t->int casting all the time, but it's probably not worth the hassle. Also I don't know whether Peter has more stuff for this in his pockets now, so I figured I rather submit this for review. src/conf/domain_conf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 16e0736e09db..308073897880 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1542,6 +1542,9 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def, virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(def, i); virBitmapPtr bitmap = NULL; + if (!vcpu) + continue; + if (vcpu->cpumask) bitmap = vcpu->cpumask; else if (def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO && -- 2.9.0

2 5

[libvirt] [PATCHv2 0/2] disable default gateway in IPv6 RA for isolated networks
by Maxim Perevedentsev 13 Jul '16

13 Jul '16

In case of DHCPv6 in isolated network, we start dnsmasq which sends Router Advertisements (RA). If RA containts no gateway then the link-local address of the source of RA is considered a gateway (and guest installs a corresponding default route). If a guest has two network interfaces (public and isolated network) and the user installs a default route through "public" interface, the guest will have something like default via fe80::ffff:1:1 dev eth2 metric 1024 default via fe80::5054:ff:fe0a:d808 dev eth3 proto ra metric 1024 expires 1789sec RA route metric may vary, and it is preferred. The validity of default route is controlled by "default [route] lifetime" field in RA. If it is 0, then the default gateway announced is considered invalid, and no default route is installed into guest. dnsmasq 2.67+ supports "ra-param=<interface>,<RA interval>,<default lifetime>" option. We can pass "ra-param=*,0,0" (here, RA_interval=0 means default) to disable default gateway in RA. This patchset adds detection for "ra-param" in dnsmasq and sets "ra-param=*,0,0" for isolated network if dnsmasq supports it. Maxim Perevedentsev (2): Fix message about dnsmasq BINDTODEVICE capability. dnsmasq: disable IPv6 default gateway in RA for isolated networks src/network/bridge_driver.c | 7 +++++++ src/util/virdnsmasq.c | 8 ++++++-- src/util/virdnsmasq.h | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) -- 1.8.3.1

3 5

[libvirt] [PATCH] qemu: getAutoDumpPath() return value should be dumpfile not domname.
by Yan Fu 13 Jul '16

13 Jul '16

Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=1354238 --- src/qemu/qemu_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f8d9afe..55a5404 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3869,7 +3869,7 @@ getAutoDumpPath(virQEMUDriverPtr driver, timestr)); virObjectUnref(cfg); - return domname; + return dumpfile; } static void -- 1.8.3.1

2 1

[libvirt] [PATCH V2] systemd: fix ready notification on abstract socket
by Jim Fehlig 12 Jul '16

12 Jul '16

At least with systemd v210, NOTIFY_SOCKET is abstact, e.g. @/org/freedesktop/systemd1/notify. sendmsg() fails on such a socket with "Connection refused". The unix(7) man page contains the following details wrt abstract socket addresses abstract: an abstract socket address is distinguished (from a pathname socket) by the fact that sun_path[0] is a null byte ('\0'). The socket's address in this namespace is given by the additional bytes in sun_path that are covered by the specified length of the address structure. (Null bytes in the name have no special significance.) So we need to be more precise about the address length, setting it to the sizeof sa_family_t + length of address copied to sun_path instead of setting it to the sizeof the entire sockaddr_un struct. Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=987668 Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- V2: Use offsetof() to calculate size of sa_family_t field of the sockaddr_un structure instead of sizeof(). src/util/virsystemd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index 871db7e..969cd68 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -495,7 +495,6 @@ virSystemdNotifyStartup(void) }; struct msghdr mh = { .msg_name = &un, - .msg_namelen = sizeof(un), .msg_iov = &iov, .msg_iovlen = 1, }; @@ -515,6 +514,8 @@ virSystemdNotifyStartup(void) if (un.sun_path[0] == '@') un.sun_path[0] = '\0'; + mh.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(path); + fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) { VIR_WARN("Unable to create socket FD"); -- 2.8.4

2 2

[libvirt] [PATCH] systemd: fix ready notification on abstract socket
by Jim Fehlig 12 Jul '16

12 Jul '16

At least with systemd v210, NOTIFY_SOCKET is abstact, e.g. @/org/freedesktop/systemd1/notify. sendmsg() fails on such a socket with "Connection refused". The unix(7) man page contains the following details wrt abstract socket addresses abstract: an abstract socket address is distinguished (from a pathname socket) by the fact that sun_path[0] is a null byte ('\0'). The socket's address in this namespace is given by the additional bytes in sun_path that are covered by the specified length of the address structure. (Null bytes in the name have no special significance.) So we need to be more precise about the address length, setting it to the sizeof sa_family_t + length of address copied to sun_path instead of setting it to the sizeof the entire sockaddr_un struct. Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=987668 Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- src/util/virsystemd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index 871db7e..1b5e9fe 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -495,7 +495,6 @@ virSystemdNotifyStartup(void) }; struct msghdr mh = { .msg_name = &un, - .msg_namelen = sizeof(un), .msg_iov = &iov, .msg_iovlen = 1, }; @@ -521,6 +520,7 @@ virSystemdNotifyStartup(void) return; } + mh.msg_namelen = sizeof(sa_family_t) + strlen(path); if (sendmsg(fd, &mh, MSG_NOSIGNAL) < 0) VIR_WARN("Failed to notify systemd"); -- 2.1.4

2 2

[libvirt] [PATCH] esx: Fetch snapshot info directly for filtering
by Tomáš Golembiovský 12 Jul '16

12 Jul '16

When fetching domains with virConnectListAllDomains() and when filtering by snapshot existence is requested the ESX driver first lists all the domains and then check one-by-one for snapshot existence. This process takes unnecessarily long time. To significantly improve the time necessary to finish the query we can request the snapshot related info directly when querying the list of domains from VMware. Signed-off-by: Tomáš Golembiovský <tgolembi(a)redhat.com> --- src/esx/esx_driver.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index eae015a..3d90b69 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c @@ -4924,6 +4924,7 @@ esxConnectListAllDomains(virConnectPtr conn, int count = 0; bool autostart; int state; + esxVI_DynamicProperty *dynamicProperty = NULL; virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); @@ -4985,6 +4986,13 @@ esxConnectListAllDomains(virConnectPtr conn, } } + if (MATCH(VIR_CONNECT_LIST_DOMAINS_FILTERS_SNAPSHOT)) { + if (esxVI_String_AppendValueToList(&propertyNameList, + "snapshot.rootSnapshotList") < 0) { + goto cleanup; + } + } + if (esxVI_LookupVirtualMachineList(priv->primary, propertyNameList, &virtualMachineList) < 0) goto cleanup; @@ -5023,11 +5031,19 @@ esxConnectListAllDomains(virConnectPtr conn, /* filter by snapshot existence */ if (MATCH(VIR_CONNECT_LIST_DOMAINS_FILTERS_SNAPSHOT)) { + esxVI_VirtualMachineSnapshotTree_Free(&rootSnapshotTreeList); - if (esxVI_LookupRootSnapshotTreeList(priv->primary, uuid, - &rootSnapshotTreeList) < 0) { - goto cleanup; + for (dynamicProperty = virtualMachine->propSet; dynamicProperty; + dynamicProperty = dynamicProperty->_next) { + if (STREQ(dynamicProperty->name, "snapshot.rootSnapshotList")) { + if (esxVI_VirtualMachineSnapshotTree_CastListFromAnyType + (dynamicProperty->val, &rootSnapshotTreeList) < 0) { + goto cleanup; + } + + break; + } } if (!((MATCH(VIR_CONNECT_LIST_DOMAINS_HAS_SNAPSHOT) && -- 2.9.0

2 1

[libvirt] [PATCH 0/2] mingw build fixes
by Eric Blake 12 Jul '16

12 Jul '16

If I don't get a review in a couple of days, I can probably justify them under the build-breaker rule; on the other hand, since mingw doesn't get as much testing, I'm not in a rush to push right away. Eric Blake (2): build: virrandommock.c not needed on mingw build: drop hack for old mingw ssize_t gnulib/local/m4/ssize_t.m4.diff | 34 ---------------------------------- tests/virrandommock.c | 19 ++++++++++++------- 2 files changed, 12 insertions(+), 41 deletions(-) delete mode 100644 gnulib/local/m4/ssize_t.m4.diff -- 2.5.5

3 9

[libvirt] [PATCH] examples: If parameters count is zero we have nothing to do
by Marc Hartmayer 12 Jul '16

12 Jul '16

The virDomainGetCPUStats() API contract permits nparams == 0. print_cpu_usage() assumes nparams > 0 because the domtop example application isn't very useful if there are no statistics. Explicitly error out to avoid potentially using the local variable pos uninitialized. Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com> Reviewed-by: Sascha Silbe <silbe(a)linux.vnet.ibm.com> Reviewed-by: Bjoern Walk <bwalk(a)linux.vnet.ibm.com> Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com> --- examples/domtop/domtop.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/examples/domtop/domtop.c b/examples/domtop/domtop.c index 2283994..f8e250b 100644 --- a/examples/domtop/domtop.c +++ b/examples/domtop/domtop.c @@ -203,6 +203,11 @@ print_cpu_usage(const char *dom_name, size_t nparams = now_nparams; bool delim = false; + if (nparams == 0) { + ERROR("parameter count is zero"); + return; + } + if (then_nparams != now_nparams) { /* this should not happen (TM) */ ERROR("parameters counts don't match"); -- 2.5.5

2 3