On Wed, Nov 04, 2015 at 09:17:00AM +0100, Peter Krempa wrote:
On Tue, Nov 03, 2015 at 16:04:24 +0000, Daniel Berrange wrote:
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr.
This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- cfg.mk | 2 +- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 15 +++++++++++++ src/qemu/qemu_conf.c | 18 ++++++++++++++++ src/qemu/qemu_conf.h | 1 + src/qemu/qemu_domain.c | 43 +++++++++++++++++++++++++++++++------- src/qemu/qemu_process.c | 42 +++++++++++++++++++++---------------- src/qemu/test_libvirtd_qemu.aug.in | 1 + 8 files changed, 96 insertions(+), 27 deletions(-)
[...]
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f744419..e72ca20 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -4774,7 +4774,10 @@ int qemuProcessStart(virConnectPtr conn,
qemuDomainObjCheckTaint(driver, vm, logfile);
- if ((pos = lseek(logfile, 0, SEEK_END)) < 0) + /* When using logd, the logfile FD is a pipe which is + * not seekable... */ + if (!cfg->stdioLogD && + (pos = lseek(logfile, 0, SEEK_END)) < 0) VIR_WARN("Unable to seek to end of logfile: %s", virStrerror(errno, ebuf, sizeof(ebuf)));
This will break the code that is in place to read the qemu log file in case of a early qemu startup failure so that we can report a semi-useful error message.
Additionally in case where you don't use QMP and qemu does not support chardev info retrieval, this will also break the lookup of the PTYs for serials/parallels/channels. As a solution here I'd rather see that we drop support for such old qemus finally and not have to care about it any more.
We probably need a set of APIs here, that will allow you to mark a place in the logfile and a second API that will allow to retrieve the data between the marker and the end.
Well, solving all that was incredibly painful :-) After re-writing it 3 times, I've now got a satisfactory solution that refactors all this log handling code in the QEMU driver.... Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|