[libvirt] [PATCH v3 0/6] Add setting CPU features (CPUID) with libxenlight driver.
by Marek Marczykowski-Górecki
Add support for CPUID setting based on <cpu> element. Since libxl format
support only adjusting specific bits over host CPU, only
mode='host-passthrough' is supported - other values are rejected (including
default 'custom'). This will break some configurations working before (bare
<cpu> element with for example NUMA configuration), but libxl driver never
supported full 'custom' mode - it was silently ignored, which might lead to
some unexpected effects.
Since mode='host-passthrough' is now necessary to specify CPU options, do not
enable nested HVM feature by mere presence of this element, require explicit
enabling "vmx" or "svm" bits. Nested HVM is still in "preview" state, so better
be explicit here.
v2 of this patch series:
https://www.redhat.com/archives/libvir-list/2017-July/msg00050.html
Marek Marczykowski-Górecki (6):
libxl: error out on not supported CPU mode, instead of silently ignoring
libxl: do not enable nested HVM by mere presence of <cpu> element
libxl: add support for CPUID features policy
tests: check CPU features handling in libxl driver
xenconfig: add CPUID handling to domXML <-> xl.cfg conversion
tests: add test case for CPUID in xenconfig driver
src/libxl/libxl_conf.c | 53 +-
src/xenconfig/xen_xl.c | 260 ++++++++-
src/xenconfig/xen_xl.h | 2 +-
tests/libxlxml2domconfigdata/fullvirt-cpuid.json | 64 ++-
tests/libxlxml2domconfigdata/fullvirt-cpuid.xml | 37 +-
tests/libxlxml2domconfigdata/vnuma-hvm.json | 1 +-
tests/libxlxml2domconfigtest.c | 1 +-
tests/xlconfigdata/test-fullvirt-cpuid.cfg | 25 +-
tests/xlconfigdata/test-fullvirt-cpuid.xml | 36 +-
tests/xlconfigdata/test-fullvirt-nestedhvm.xml | 4 +-
tests/xlconfigdata/test-fullvirt-vnuma-autocomplete.xml | 2 +-
tests/xlconfigdata/test-fullvirt-vnuma-nodistances.xml | 2 +-
tests/xlconfigdata/test-fullvirt-vnuma-partialdist.xml | 2 +-
tests/xlconfigdata/test-fullvirt-vnuma.xml | 2 +-
tests/xlconfigtest.c | 1 +-
15 files changed, 453 insertions(+), 39 deletions(-)
create mode 100644 tests/libxlxml2domconfigdata/fullvirt-cpuid.json
create mode 100644 tests/libxlxml2domconfigdata/fullvirt-cpuid.xml
create mode 100644 tests/xlconfigdata/test-fullvirt-cpuid.cfg
create mode 100644 tests/xlconfigdata/test-fullvirt-cpuid.xml
base-commit: 984c534a3f2219444f4cb4df61d77b8c6e5054d7
--
git-series 0.9.1
6 years, 11 months
[libvirt] [PATCH] qemu_hotplug: use VIR_ERR_NO_DEVICE when target detaching device is not found
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
We used VIR_ERR_OPERATION_FAILED when target detaching device
is not found.
That error code VIR_ERR_OPERATION_FAILED is widely used,
so the tools powered by libvirt, such as nova,
can't catch the exact errors from libvirt.
This patch uses VIR_ERR_NO_DEVICE instead.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/libvirt_private.syms | 2 ++
src/qemu/qemu_hotplug.c | 51 +++++++++++++++++++++++++++++++-----------------
2 files changed, 35 insertions(+), 18 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d5c3b9abb..31e83f152 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -203,6 +203,7 @@ virDomainChrConsoleTargetTypeToString;
virDomainChrDefForeach;
virDomainChrDefFree;
virDomainChrDefNew;
+virDomainChrDeviceTypeToString;
virDomainChrEquals;
virDomainChrFind;
virDomainChrGetDomainPtrs;
@@ -427,6 +428,7 @@ virDomainMemoryDefFree;
virDomainMemoryFindByDef;
virDomainMemoryFindInactiveByDef;
virDomainMemoryInsert;
+virDomainMemoryModelTypeToString;
virDomainMemoryRemove;
virDomainMemorySourceTypeFromString;
virDomainMemorySourceTypeToString;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7de04c85a..0fa3c54c0 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3454,7 +3454,7 @@ qemuDomainChangeGraphics(virQEMUDriverPtr driver,
int ret = -1;
if (!olddev) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ virReportError(VIR_ERR_NO_DEVICE, "%s",
_("cannot find existing graphics device to modify"));
goto cleanup;
}
@@ -4743,7 +4743,7 @@ int qemuDomainDetachControllerDevice(virQEMUDriverPtr driver,
if ((idx = virDomainControllerFind(vm->def,
dev->data.controller->type,
dev->data.controller->idx)) < 0) {
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("controller %s:%d not found"),
virDomainControllerTypeToString(dev->data.controller->type),
dev->data.controller->idx);
@@ -4972,18 +4972,18 @@ int qemuDomainDetachHostDevice(virQEMUDriverPtr driver,
if (idx < 0) {
switch (subsys->type) {
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("host pci device %.4x:%.2x:%.2x.%.1x not found"),
pcisrc->addr.domain, pcisrc->addr.bus,
pcisrc->addr.slot, pcisrc->addr.function);
break;
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB:
if (usbsrc->bus && usbsrc->device) {
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("host usb device %03d.%03d not found"),
usbsrc->bus, usbsrc->device);
} else {
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("host usb device vendor=0x%.4x product=0x%.4x not found"),
usbsrc->vendor, usbsrc->product);
}
@@ -4992,13 +4992,13 @@ int qemuDomainDetachHostDevice(virQEMUDriverPtr driver,
if (scsisrc->protocol ==
VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) {
virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc = &scsisrc->u.iscsi;
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("host scsi iSCSI path %s not found"),
iscsisrc->src->path);
} else {
virDomainHostdevSubsysSCSIHostPtr scsihostsrc =
&scsisrc->u.host;
- virReportError(VIR_ERR_OPERATION_FAILED,
+ virReportError(VIR_ERR_NO_DEVICE,
_("host scsi device %s:%u:%u.%llu not found"),
scsihostsrc->adapter, scsihostsrc->bus,
scsihostsrc->target, scsihostsrc->unit);
@@ -5036,8 +5036,10 @@ qemuDomainDetachShmemDevice(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData;
if ((idx = virDomainShmemDefFind(vm->def, dev)) < 0) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("Shmem device of model '%s' not found "
+ "in domain configuration"),
+ virDomainShmemModelTypeToString(dev->model));
return -1;
}
@@ -5093,8 +5095,10 @@ qemuDomainDetachWatchdog(virQEMUDriverPtr driver,
watchdog->model == dev->model &&
watchdog->action == dev->action &&
virDomainDeviceInfoAddressIsEqual(&dev->info, &watchdog->info))) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("watchdog device not present in domain configuration"));
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("watchdog device of model '%s' is not "
+ "found in domain configuration"),
+ virDomainWatchdogModelTypeToString(watchdog->model));
return -1;
}
@@ -5134,8 +5138,13 @@ qemuDomainDetachNetDevice(virQEMUDriverPtr driver,
virDomainNetDefPtr detach = NULL;
qemuDomainObjPrivatePtr priv = vm->privateData;
- if ((detachidx = virDomainNetFindIdx(vm->def, dev->data.net)) < 0)
+ if ((detachidx = virDomainNetFindIdx(vm->def, dev->data.net)) < 0) {
+ char mac[VIR_MAC_STRING_BUFLEN];
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("netdev '%s' not found in domain configuration"),
+ virMacAddrFormat(&dev->data.net->mac, mac));
goto cleanup;
+ }
detach = vm->def->nets[detachidx];
@@ -5321,8 +5330,10 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
char *devstr = NULL;
if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("Chr device of type '%s' not found "
+ "in domain configuration"),
+ virDomainChrDeviceTypeToString(chr->deviceType));
goto cleanup;
}
@@ -5368,8 +5379,10 @@ qemuDomainDetachRNGDevice(virQEMUDriverPtr driver,
int ret = -1;
if ((idx = virDomainRNGFind(vm->def, rng)) < 0) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("RNG device of model '%s' not found "
+ "in domain configuration"),
+ virDomainRNGBackendTypeToString(rng->model));
return -1;
}
@@ -5411,8 +5424,10 @@ qemuDomainDetachMemoryDevice(virQEMUDriverPtr driver,
qemuDomainMemoryDeviceAlignSize(vm->def, memdef);
if ((idx = virDomainMemoryFindByDef(vm->def, memdef)) < 0) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("device not present in domain configuration"));
+ virReportError(VIR_ERR_NO_DEVICE,
+ _("memory device of model '%s' not found "
+ "in domain configuration"),
+ virDomainMemoryModelTypeToString(memdef->model));
return -1;
}
--
2.14.3
6 years, 11 months
[libvirt] [PATCH v2 0/3] Storage pool common object fixes
by John Ferlan
v1: https://www.redhat.com/archives/libvir-list/2017-December/msg00543.html
Changes since v1...
* Added a patch to handle a NULL return with pool obj lock
* Alter the IsDuplicate API to use a bool parameter
* Use the IsDuplicate API from the test driver. This would have generated
the correct error message about a duplicate UUID instead of the Duplicate
key that was generated. Ran virt-manager tests prior to Cole's fixes and
of course after.
John Ferlan (3):
conf: Need to unlock pools on object allocation failure
conf: Use bool for @check_active parameter
test: Use virStoragePoolObjIsDuplicate for storage define/create
src/conf/virstorageobj.c | 4 ++--
src/conf/virstorageobj.h | 2 +-
src/storage/storage_driver.c | 4 ++--
src/test/test_driver.c | 11 ++++-------
4 files changed, 9 insertions(+), 12 deletions(-)
--
2.13.6
6 years, 11 months
[libvirt] [PATCH 0/4] Resolve issue with duplicated SCSI hostdev addresses
by John Ferlan
Details in the various patches.
John Ferlan (4):
qemu: Tolerate storage source private data being NULL for hotplug SCSI
hostdev
qemu: Use same model when adding hostdev SCSI controller
conf: Use existing SCSI hostdev model to create new
conf: Fix generating addresses for SCSI hostdev
src/conf/domain_conf.c | 44 ++++++++++++----------
src/qemu/qemu_hotplug.c | 19 +++++++---
.../hostdev-scsi-autogen-address.xml | 2 +-
3 files changed, 39 insertions(+), 26 deletions(-)
--
2.13.6
6 years, 11 months
[libvirt] [PATCH] vhost-user: no need to remove chardev when remove netdev
by linzhecheng
We use virsh detach-device to hot-unplug a vhost-user net card,
and libvirtd will issue qmp_netdev_del, qmp_chardev_remove and
qmp_netdev_del. However, in qmp_netdev_del, qemu will remove
the chardev when cleanup the netdev. So libvirtd has no need to issue
qmp_chardev_remove to qemu any more.
Change-Id: I4883c17bbb8dce088406f6a8a9ca4e02612d21f4
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7de04c85a..c4787dd60 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -4014,7 +4014,6 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData;
virObjectEventPtr event;
char *hostnet_name = NULL;
- char *charDevAlias = NULL;
size_t i;
int ret = -1;
int actualType = virDomainNetGetActualType(net);
@@ -4029,8 +4028,7 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
VIR_DEBUG("Removing network interface %s from domain %p %s",
net->info.alias, vm, vm->def->name);
- if (virAsprintf(&hostnet_name, "host%s", net->info.alias) < 0 ||
- !(charDevAlias = qemuAliasChardevFromDevAlias(net->info.alias)))
+ if (virAsprintf(&hostnet_name, "host%s", net->info.alias) < 0)
goto cleanup;
@@ -4057,15 +4055,6 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
}
}
- if (actualType == VIR_DOMAIN_NET_TYPE_VHOSTUSER) {
- /* vhostuser has a chardev too */
- if (qemuMonitorDetachCharDev(priv->mon, charDevAlias) < 0) {
- /* well, this is a messy situation. Guest visible PCI device has
- * been removed, netdev too but chardev not. The best seems to be
- * to just ignore the error and carry on.
- */
- }
- }
if (qemuDomainObjExitMonitor(driver, vm) < 0)
goto cleanup;
@@ -4108,7 +4097,6 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
cleanup:
virObjectUnref(cfg);
- VIR_FREE(charDevAlias);
VIR_FREE(hostnet_name);
return ret;
}
--
2.12.2.windows.2
6 years, 11 months
[libvirt] [PATCH 0/2] Introducing testDomainRename().
by Julio Faracco
This commit introduces the testDomainRename() for test driver. It includes:
- testDomainRename() implementation.
- Testcase script to test 'domrename' command.
Julio Faracco (2):
test: Implementing testDomainRename().
tests: Adding test case for virsh 'domrename' command.
src/test/test_driver.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++
tests/Makefile.am | 1 +
tests/virsh-rename | 43 ++++++++++++++++++++++
3 files changed, 140 insertions(+)
create mode 100755 tests/virsh-rename
--
2.7.4
6 years, 11 months
[libvirt] [PATCH] qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls
by Eduardo Habkost
All calls to virDomainAuditCgroupPath() were passing 'rc == 0' as
argument, when it was supposed to pass the 'rc' value directly.
As a consequence, the audit events that were supposed to be
logged (actual cgroup changes) were never being logged, and bogus
audit events were logged when using regular files as disk image.
Fix all calls to use the return value of
virCgroup{Allow,Deny}Device*() directly as the 'rc' argument.
Signed-off-by: Eduardo Habkost <ehabkost(a)redhat.com>
---
src/qemu/qemu_cgroup.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 19252ea23..1f8fd870c 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -75,7 +75,7 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm,
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
virCgroupGetDevicePermsString(perms),
- ret == 0);
+ ret);
return ret;
}
@@ -129,7 +129,7 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
virDomainAuditCgroupPath(vm, priv->cgroup, "deny", src->path,
- virCgroupGetDevicePermsString(perms), ret == 0);
+ virCgroupGetDevicePermsString(perms), ret);
return ret;
}
@@ -187,7 +187,7 @@ qemuSetupChrSourceCgroup(virDomainObjPtr vm,
ret = virCgroupAllowDevicePath(priv->cgroup, source->data.file.path,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
- source->data.file.path, "rw", ret == 0);
+ source->data.file.path, "rw", ret);
return ret;
}
@@ -211,7 +211,7 @@ qemuTeardownChrSourceCgroup(virDomainObjPtr vm,
ret = virCgroupDenyDevicePath(priv->cgroup, source->data.file.path,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
- source->data.file.path, "rw", ret == 0);
+ source->data.file.path, "rw", ret);
return ret;
}
@@ -261,7 +261,7 @@ qemuSetupInputCgroup(virDomainObjPtr vm,
VIR_DEBUG("Process path '%s' for input device", dev->source.evdev);
ret = virCgroupAllowDevicePath(priv->cgroup, dev->source.evdev,
VIR_CGROUP_DEVICE_RW, false);
- virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.evdev, "rw", ret == 0);
+ virDomainAuditCgroupPath(vm, priv->cgroup, "allow", dev->source.evdev, "rw", ret);
break;
}
@@ -284,7 +284,7 @@ qemuTeardownInputCgroup(virDomainObjPtr vm,
VIR_DEBUG("Process path '%s' for input device", dev->source.evdev);
ret = virCgroupDenyDevicePath(priv->cgroup, dev->source.evdev,
VIR_CGROUP_DEVICE_RWM, false);
- virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evdev, "rwm", ret == 0);
+ virDomainAuditCgroupPath(vm, priv->cgroup, "deny", dev->source.evdev, "rwm", ret);
break;
}
@@ -313,7 +313,7 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm,
rv = virCgroupAllowDevicePath(priv->cgroup, path[i], perms[i], false);
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path[i],
virCgroupGetDevicePermsString(perms[i]),
- ret == 0);
+ ret);
if (rv < 0)
goto cleanup;
}
@@ -357,7 +357,7 @@ qemuTeardownHostdevCgroup(virDomainObjPtr vm,
rv = virCgroupDenyDevicePath(priv->cgroup, path[i],
VIR_CGROUP_DEVICE_RWM, false);
virDomainAuditCgroupPath(vm, priv->cgroup,
- "deny", path[i], "rwm", rv == 0);
+ "deny", path[i], "rwm", rv);
if (rv < 0)
goto cleanup;
}
@@ -388,7 +388,7 @@ qemuSetupMemoryDevicesCgroup(virDomainObjPtr vm,
rv = virCgroupAllowDevicePath(priv->cgroup, mem->nvdimmPath,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
- mem->nvdimmPath, "rw", rv == 0);
+ mem->nvdimmPath, "rw", rv);
return rv;
}
@@ -410,7 +410,7 @@ qemuTeardownMemoryDevicesCgroup(virDomainObjPtr vm,
rv = virCgroupDenyDevicePath(priv->cgroup, mem->nvdimmPath,
VIR_CGROUP_DEVICE_RWM, false);
virDomainAuditCgroupPath(vm, priv->cgroup,
- "deny", mem->nvdimmPath, "rwm", rv == 0);
+ "deny", mem->nvdimmPath, "rwm", rv);
return rv;
}
@@ -434,7 +434,7 @@ qemuSetupGraphicsCgroup(virDomainObjPtr vm,
ret = virCgroupAllowDevicePath(priv->cgroup, rendernode,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "allow", rendernode,
- "rw", ret == 0);
+ "rw", ret);
return ret;
}
@@ -573,7 +573,7 @@ qemuSetupRNGCgroup(virDomainObjPtr vm,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
rng->source.file,
- "rw", rv == 0);
+ "rw", rv);
if (rv < 0 &&
!virLastErrorIsSystemErrno(ENOENT))
return -1;
@@ -600,7 +600,7 @@ qemuTeardownRNGCgroup(virDomainObjPtr vm,
VIR_CGROUP_DEVICE_RW, false);
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
rng->source.file,
- "rw", rv == 0);
+ "rw", rv);
if (rv < 0 &&
!virLastErrorIsSystemErrno(ENOENT))
return -1;
@@ -693,7 +693,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm)
rv = virCgroupAllowDevicePath(priv->cgroup, deviceACL[i],
VIR_CGROUP_DEVICE_RW, false);
- virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv == 0);
+ virDomainAuditCgroupPath(vm, priv->cgroup, "allow", deviceACL[i], "rw", rv);
if (rv < 0 &&
!virLastErrorIsSystemErrno(ENOENT))
goto cleanup;
--
2.14.3
6 years, 11 months
[libvirt] [PATCH] util: fix a wrong description
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
We don't have @result. Use the right one: @matches
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/util/virstring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virstring.c b/src/util/virstring.c
index b2ebce27f..0cb06bdc9 100644
--- a/src/util/virstring.c
+++ b/src/util/virstring.c
@@ -1038,7 +1038,7 @@ int virStringSortRevCompare(const void *a, const void *b)
* @str: string to search
* @regexp: POSIX Extended regular expression pattern used for matching
* @max_matches: maximum number of substrings to return
- * @result: pointer to an array to be filled with NULL terminated list of matches
+ * @matches: pointer to an array to be filled with NULL terminated list of matches
*
* Performs a POSIX extended regex search against a string and return all matching substrings.
* The @result value should be freed with virStringListFree() when no longer
--
2.14.3
6 years, 11 months
[libvirt] [PATCH 0/2] qemu: Don't log partial buffer reads from qemu monitor
by Peter Krempa
I was debugging a case where 200 snapshots of a disk would result in a
VERY long reconnect time after libvirtd restart when debug logging was
enabled.
I've figured out that qemu responds with 9MiB of json after calling
"query-named-block-nodes" and this resulted in > 26 GiB of libvirtd
debug log just to process the message.
I'll report the qemu flaw separately.
Peter Krempa (2):
util: probe: Add quiet versions of the "PROBE" macro
qemu: monitor: Decrease logging verbosity
src/qemu/qemu_monitor.c | 4 ++--
src/qemu/qemu_monitor_json.c | 3 +++
src/util/virprobe.h | 8 ++++++++
3 files changed, 13 insertions(+), 2 deletions(-)
--
2.15.0
6 years, 11 months
[libvirt] [PATCH] apparmor: allow unix stream for p2p migrations
by Christian Ehrhardt
On live migration with --p2p like:
$ virsh migrate --live --p2p kvmguest-bionic-normal \
qemu+ssh://10.6.221.80/system
We hit an apparmor deny like:
apparmor="DENIED" operation="file_inherit"
profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send" addr=none peer_addr=none peer="unconfined"
The rule is not perfect, but can't be restricted further at the moment
(new upstream kernel features needed). For now the lack of a profile on the
peer as well as comm not being a conditional on rules do not allow to filter
further.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
examples/apparmor/usr.sbin.libvirtd | 3 +++
1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 8d61d15..febe8a4 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -53,6 +53,9 @@
network packet dgram,
network packet raw,
+ # for --p2p migrations
+ unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
+
ptrace (trace) peer=unconfined,
ptrace (trace) peer=/usr/sbin/libvirtd,
ptrace (trace) peer=/usr/sbin/dnsmasq,
--
2.7.4
6 years, 11 months