> @@ -1636,17 +1657,21 @@ void virNetClientIncomingEvent(virNetSocketPtr sock, > VIR_DEBUG("%s : VIR_EVENT_HANDLE_HANGUP or " > "VIR_EVENT_HANDLE_ERROR encountered", __FUNCTION__); > virNetSocketRemoveIOCallback(sock); > - goto done; > + goto eof; > } > > if (events & VIR_EVENT_HANDLE_WRITABLE) { > - if (virNetClientIOHandleOutput(client) < 0) > + if (virNetClientIOHandleOutput(client) < 0) { > virNetSocketRemoveIOCallback(sock); > + goto eof; > + } > } > > if (events & VIR_EVENT_HANDLE_READABLE) { > - if (virNetClientIOHandleInput(client) < 0) > + if (virNetClientIOHandleInput(client) < 0) { > virNetSocketRemoveIOCallback(sock); > + goto eof; > + } > } What about the case ? if (client->haveTheBuck || client->wantClose) ? sure it's induced locally instead of getting raised by an eof

On Thu, Jul 19, 2012 at 09:58:58AM +0100, Daniel P. Berrange wrote: > On Thu, Jul 19, 2012 at 04:18:33PM +0800, Daniel Veillard wrote: > > > @@ -1636,17 +1657,21 @@ void virNetClientIncomingEvent(virNetSocketPtr sock, > > > VIR_DEBUG("%s : VIR_EVENT_HANDLE_HANGUP or " > > > "VIR_EVENT_HANDLE_ERROR encountered", __FUNCTION__); > > > virNetSocketRemoveIOCallback(sock); > > > - goto done; > > > + goto eof; > > > } > > > > > > if (events & VIR_EVENT_HANDLE_WRITABLE) { > > > - if (virNetClientIOHandleOutput(client) < 0) > > > + if (virNetClientIOHandleOutput(client) < 0) { > > > virNetSocketRemoveIOCallback(sock); > > > + goto eof; > > > + } > > > } > > > > > > if (events & VIR_EVENT_HANDLE_READABLE) { > > > - if (virNetClientIOHandleInput(client) < 0) > > > + if (virNetClientIOHandleInput(client) < 0) { > > > virNetSocketRemoveIOCallback(sock); > > > + goto eof; > > > + } > > > } > > > > > > What about the case ? > > if (client->haveTheBuck || client->wantClose) ? > > sure it's induced locally instead of getting raised by an eof > > If either of those conditions are true, the virNetClientIncomingEvent > method should not be invoked - we just have a check for those at the > top as a sanity check. In the haveTheBuck==true case, this callback > will be activated again once the buck is released, so we'll deal with > EOF callbacks correctly. In the wantClose==true case, we might miss > out invoking the EOF callback - I suspect this is only a problem if > the app code explicitly asked for a close itself, or if the keepalive > code triggers. > > I'll check into this and if there are any fixes required, I'll do them > as a followup patch. Okay, ACK !

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; In the delayed close mode, we're just waiting for final data to be written back to the client. While waiting, we should not bother to read more data from the client. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/rpc/virnetserverclient.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 30f0cc8..d6b348b 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -152,9 +152,10 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client) { mode |= VIR_EVENT_HANDLE_WRITABLE; } } else { - /* If there is a message on the rx queue then + /* If there is a message on the rx queue, and + * we're not in middle of a delayedClose, then * we're wanting more input */ - if (client->rx) + if (client->rx && !client->delayedClose) mode |= VIR_EVENT_HANDLE_READABLE; /* If there are one or more messages to send back to client,

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; To allow virNetServerRun/virNetServerQuit to be invoked multiple times, we must reset the 'quit' flag in virNetServerRun Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/rpc/virnetserver.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 16846c5..257cef7 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -700,6 +700,8 @@ void virNetServerRun(virNetServerPtr srv) goto cleanup; #endif + srv->quit = 0; + if (srv->autoShutdownTimeout && (timerid = virEventAddTimeout(-1, virNetServerAutoShutdownTimer,

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; In the socket event handler for the RPC client we must deal with read/write events, before checking for EOF, otherwise we might close the socket before we've read & acted upon the last RPC messages Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/rpc/virnetclient.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 326efb2..ec82da7 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -1653,13 +1653,6 @@ void virNetClientIncomingEvent(virNetSocketPtr sock, VIR_DEBUG("Event fired %p %d", sock, events); - if (events & (VIR_EVENT_HANDLE_HANGUP | VIR_EVENT_HANDLE_ERROR)) { - VIR_DEBUG("%s : VIR_EVENT_HANDLE_HANGUP or " - "VIR_EVENT_HANDLE_ERROR encountered", __FUNCTION__); - virNetSocketRemoveIOCallback(sock); - goto eof; - } - if (events & VIR_EVENT_HANDLE_WRITABLE) { if (virNetClientIOHandleOutput(client) < 0) { virNetSocketRemoveIOCallback(sock); @@ -1674,6 +1667,13 @@ void virNetClientIncomingEvent(virNetSocketPtr sock, } } + if (events & (VIR_EVENT_HANDLE_HANGUP | VIR_EVENT_HANDLE_ERROR)) { + VIR_DEBUG("%s : VIR_EVENT_HANDLE_HANGUP or " + "VIR_EVENT_HANDLE_ERROR encountered", __FUNCTION__); + virNetSocketRemoveIOCallback(sock); + goto eof; + } + /* Remove completed calls or signal their threads. */ virNetClientCallRemovePredicate(&client->waitDispatch, virNetClientIOEventLoopRemoveDone, @@ -1687,6 +1687,7 @@ done: eof: if (client->eofCb) { + VIR_DEBUG("EOF %p %d", sock, events); virNetClientEOFCallback eofCb = client->eofCb; void *eofOpaque = client->eofOpaque; virNetClientUnlock(client);

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; Make sure that libvirt_private.syms has all the internal symbols from APIs in src/rpc/*.h and src/util/cgroup.h, since the LXC controller/driver will shortly need them Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/libvirt_private.syms | 140 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 03f7f3e..734c881 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -60,11 +60,14 @@ virCapabilitiesSetMacPrefix; # cgroup.h virCgroupAddTask; +virCgroupAllowDevice; virCgroupAllowDeviceMajor; virCgroupAllowDevicePath; virCgroupControllerTypeFromString; virCgroupControllerTypeToString; virCgroupDenyAllDevices; +virCgroupDenyDevice; +virCgroupDenyDeviceMajor; virCgroupDenyDevicePath; virCgroupForDomain; virCgroupForDriver; @@ -1291,7 +1294,61 @@ virMacAddrSetRaw; # virnetclient.h +virNetClientAddProgram; +virNetClientAddStream; +virNetClientClose; +virNetClientDupFD; +virNetClientFree; +virNetClientGetFD; +virNetClientGetTLSKeySize; virNetClientHasPassFD; +virNetClientIsEncrypted; +virNetClientIsOpen; +virNetClientKeepAliveIsSupported; +virNetClientKeepAliveStart; +virNetClientKeepAliveStop; +virNetClientLocalAddrString; +virNetClientNewExternal; +virNetClientNewSSH; +virNetClientNewTCP; +virNetClientNewUNIX; +virNetClientRef; +virNetClientRemoteAddrString; +virNetClientRemoveStream; +virNetClientSendNoReply; +virNetClientSendNonBlock; +virNetClientSendWithReply; +virNetClientSendWithReplyStream; +virNetClientSetEOFNotify; +virNetClientSetSASLSession; +virNetClientSetTLSSession; + + +# virnetclientprogram.h +virNetClientProgramCall; +virNetClientProgramDispatch; +virNetClientProgramFree; +virNetClientProgramGetProgram; +virNetClientProgramGetVersion; +virNetClientProgramMatches; +virNetClientProgramNew; +virNetClientProgramRef; + + +# virnetclientstream.h +virNetClientStreamEOF; +virNetClientStreamEventAddCallback; +virNetClientStreamEventRemoveCallback; +virNetClientStreamEventUpdateCallback; +virNetClientStreamFree; +virNetClientStreamMatches; +virNetClientStreamNew; +virNetClientStreamQueuePacket; +virNetClientStreamRaiseError; +virNetClientStreamRecvPacket; +virNetClientStreamRef; +virNetClientStreamSendPacket; +virNetClientStreamSetError; # virnetdev.h @@ -1406,6 +1463,30 @@ virNetMessageSaveError; xdr_virNetMessageError; +# virnetsaslcontext.h +virNetSASLContextCheckIdentity; +virNetSASLContextFree; +virNetSASLContextNewClient; +virNetSASLContextNewServer; +virNetSASLContextRef; +virNetSASLSessionClientStart; +virNetSASLSessionClientStep; +virNetSASLSessionDecode; +virNetSASLSessionEncode; +virNetSASLSessionExtKeySize; +virNetSASLSessionFree; +virNetSASLSessionGetIdentity; +virNetSASLSessionGetKeySize; +virNetSASLSessionGetMaxBufSize; +virNetSASLSessionListMechanisms; +virNetSASLSessionNewClient; +virNetSASLSessionNewServer; +virNetSASLSessionRef; +virNetSASLSessionSecProps; +virNetSASLSessionServerStart; +virNetSASLSessionServerStep; + + # virnetserver.h virNetServerAddProgram; virNetServerAddService; @@ -1422,6 +1503,7 @@ virNetServerRun; virNetServerServiceFree; virNetServerServiceNewTCP; virNetServerServiceNewUNIX; +virNetServerSetTLSContext; virNetServerUpdateServices; @@ -1432,27 +1514,51 @@ virNetServerClientDelayedClose; virNetServerClientFree; virNetServerClientGetAuth; virNetServerClientGetFD; +virNetServerClientGetIdentity; virNetServerClientGetPrivateData; virNetServerClientGetReadonly; virNetServerClientGetTLSKeySize; virNetServerClientGetUNIXIdentity; virNetServerClientHasTLSSession; virNetServerClientImmediateClose; +virNetServerClientInit; +virNetServerClientInitKeepAlive; +virNetServerClientIsClosed; virNetServerClientIsSecure; virNetServerClientLocalAddrString; +virNetServerClientNeedAuth; +virNetServerClientNew; virNetServerClientRef; virNetServerClientRemoteAddrString; virNetServerClientRemoveFilter; virNetServerClientSendMessage; virNetServerClientSetCloseHook; +virNetServerClientSetDispatcher; virNetServerClientSetIdentity; virNetServerClientSetPrivateData; +virNetServerClientSetSASLSession; virNetServerClientStartKeepAlive; +virNetServerClientWantClose; + + +# virnetservermdns.h +virNetServerMDNSAddEntry; +virNetServerMDNSAddGroup; +virNetServerMDNSEntryFree; +virNetServerMDNSFree; +virNetServerMDNSGroupFree; +virNetServerMDNSNew; +virNetServerMDNSRemoveEntry; +virNetServerMDNSRemoveGroup; +virNetServerMDNSStart; +virNetServerMDNSStop; # virnetserverprogram.h +virNetServerProgramDispatch; virNetServerProgramFree; virNetServerProgramGetID; +virNetServerProgramGetPriority; virNetServerProgramGetVersion; virNetServerProgramMatches; virNetServerProgramNew; @@ -1460,18 +1566,39 @@ virNetServerProgramRef; virNetServerProgramSendReplyError; virNetServerProgramSendStreamData; virNetServerProgramSendStreamError; +virNetServerProgramUnknownError; + + +# virnetserverservice.h +virNetServerServiceClose; +virNetServerServiceFree; +virNetServerServiceGetAuth; +virNetServerServiceGetPort; +virNetServerServiceIsReadonly; +virNetServerServiceNewTCP; +virNetServerServiceNewUNIX; +virNetServerServiceRef; +virNetServerServiceSetDispatcher; +virNetServerServiceToggle; # virnetsocket.h virNetSocketAccept; +virNetSocketAddIOCallback; +virNetSocketClose; virNetSocketDupFD; virNetSocketFree; virNetSocketGetFD; +virNetSocketGetPort; +virNetSocketGetUNIXIdentity; +virNetSocketHasCachedData; virNetSocketHasPassFD; +virNetSocketHasPendingData; virNetSocketIsLocal; virNetSocketListen; virNetSocketLocalAddrString; virNetSocketNewConnectCommand; +virNetSocketNewConnectExternal; virNetSocketNewConnectSSH; virNetSocketNewConnectTCP; virNetSocketNewConnectUNIX; @@ -1479,9 +1606,14 @@ virNetSocketNewListenTCP; virNetSocketNewListenUNIX; virNetSocketRead; virNetSocketRecvFD; +virNetSocketRef; virNetSocketRemoteAddrString; +virNetSocketRemoveIOCallback; virNetSocketSendFD; virNetSocketSetBlocking; +virNetSocketSetSASLSession; +virNetSocketSetTLSSession; +virNetSocketUpdateIOCallback; virNetSocketWrite; @@ -1489,12 +1621,20 @@ virNetSocketWrite; virNetTLSContextCheckCertificate; virNetTLSContextFree; virNetTLSContextNewClient; +virNetTLSContextNewClientPath; virNetTLSContextNewServer; virNetTLSContextNewServerPath; +virNetTLSContextRef; +virNetTLSInit; virNetTLSSessionFree; +virNetTLSSessionGetHandshakeStatus; +virNetTLSSessionGetKeySize; virNetTLSSessionHandshake; virNetTLSSessionNew; +virNetTLSSessionRead; +virNetTLSSessionRef; virNetTLSSessionSetIOCallbacks; +virNetTLSSessionWrite; # virnodesuspend.h

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; Move the LXC driver code related to the virDomainObjPtr private data into separate lxc_domain.{c,h} files to reduce the size of lxc_driver.c Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/Makefile.am | 1 + src/lxc/lxc_domain.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/lxc/lxc_domain.h | 37 +++++++++++++++++++++++++++++++++++ src/lxc/lxc_driver.c | 33 ++-----------------------------

4 files changed, 93 insertions(+), 31 deletions(-) create mode 100644 src/lxc/lxc_domain.c create mode 100644 src/lxc/lxc_domain.h diff --git a/src/Makefile.am b/src/Makefile.am index bfe74d3..e18b0dc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -350,6 +350,7 @@ endif LXC_DRIVER_SOURCES = \ lxc/lxc_conf.c lxc/lxc_conf.h \ lxc/lxc_container.c lxc/lxc_container.h \ + lxc/lxc_domain.c lxc/lxc_domain.h \ lxc/lxc_driver.c lxc/lxc_driver.h LXC_CONTROLLER_SOURCES = \ diff --git a/src/lxc/lxc_domain.c b/src/lxc/lxc_domain.c new file mode 100644 index 0000000..75fd74f --- /dev/null +++ b/src/lxc/lxc_domain.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_domain.h: LXC domain helpers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <config.h> + +#include "lxc_domain.h" + +#include "memory.h" + +static void *lxcDomainObjPrivateAlloc(void) +{ + lxcDomainObjPrivatePtr priv; + + if (VIR_ALLOC(priv) < 0) + return NULL; + + priv->monitor = -1; + priv->monitorWatch = -1; + + return priv; +} + +static void lxcDomainObjPrivateFree(void *data) +{ + lxcDomainObjPrivatePtr priv = data; + + VIR_FREE(priv); +} + + +void lxcDomainSetPrivateDataHooks(virCapsPtr caps) +{ + caps->privateDataAllocFunc = lxcDomainObjPrivateAlloc; + caps->privateDataFreeFunc = lxcDomainObjPrivateFree; +} diff --git a/src/lxc/lxc_domain.h b/src/lxc/lxc_domain.h new file mode 100644 index 0000000..e97b2b4 --- /dev/null +++ b/src/lxc/lxc_domain.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_domain.h: LXC domain helpers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef __LXC_DOMAIN_H__ +# define __LXC_DOMAIN_H__ + +# include "lxc_conf.h" + +typedef struct _lxcDomainObjPrivate lxcDomainObjPrivate; +typedef lxcDomainObjPrivate *lxcDomainObjPrivatePtr; +struct _lxcDomainObjPrivate { + int monitor; + int monitorWatch; +}; + +void lxcDomainSetPrivateDataHooks(virCapsPtr caps); + +#endif /* __LXC_DOMAIN_H__ */ diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index c341125..d3895d5 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -40,6 +40,7 @@ #include "datatypes.h" #include "lxc_conf.h" #include "lxc_container.h" +#include "lxc_domain.h" #include "lxc_driver.h" #include "memory.h" #include "util.h" @@ -69,14 +70,6 @@ #define LXC_NB_MEM_PARAM 3 -typedef struct _lxcDomainObjPrivate lxcDomainObjPrivate; -typedef lxcDomainObjPrivate *lxcDomainObjPrivatePtr; -struct _lxcDomainObjPrivate { - int monitor; - int monitorWatch; -}; - - static int lxcStartup(int privileged); static int lxcShutdown(void); static lxc_driver_t *lxc_driver = NULL; @@ -92,27 +85,6 @@ static void lxcDriverUnlock(lxc_driver_t *driver) virMutexUnlock(&driver->lock); } -static void *lxcDomainObjPrivateAlloc(void) -{ - lxcDomainObjPrivatePtr priv; - - if (VIR_ALLOC(priv) < 0) - return NULL; - - priv->monitor = -1; - priv->monitorWatch = -1; - - return priv; -} - -static void lxcDomainObjPrivateFree(void *data) -{ - lxcDomainObjPrivatePtr priv = data; - - VIR_FREE(priv); -} - - static void lxcDomainEventQueue(lxc_driver_t *driver, virDomainEventPtr event); @@ -2678,8 +2650,7 @@ static int lxcStartup(int privileged) if ((lxc_driver->caps = lxcCapsInit(lxc_driver)) == NULL) goto cleanup; - lxc_driver->caps->privateDataAllocFunc = lxcDomainObjPrivateAlloc; - lxc_driver->caps->privateDataFreeFunc = lxcDomainObjPrivateFree; + lxcDomainSetPrivateDataHooks(lxc_driver->caps); if (lxcProcessAutoDestroyInit(lxc_driver) < 0) goto cleanup;

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; Move the cgroup setup code out of the lxc_controller.c file and into lxc_cgroup.{c,h}. This reduces the size of the lxc_controller.c file and paves the way to invoke cgroup setup from lxc_driver.c instead of lxc_controller.c in the future Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- po/POTFILES.in | 1 + src/Makefile.am | 2 + src/lxc/lxc_cgroup.c | 272 ++++++++++++++++++++++++++++++++++++++++++++++ src/lxc/lxc_cgroup.h | 29 +++++ src/lxc/lxc_controller.c | 232 +-------------------------------------- 5 files changed, 306 insertions(+), 230 deletions(-) create mode 100644 src/lxc/lxc_cgroup.c create mode 100644 src/lxc/lxc_cgroup.h diff --git a/po/POTFILES.in b/po/POTFILES.in index 6ca40d9..2d5735a 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -42,6 +42,7 @@ src/libvirt.c src/libvirt-qemu.c src/locking/lock_driver_sanlock.c src/locking/lock_manager.c +src/lxc/lxc_cgroup.c src/lxc/lxc_container.c src/lxc/lxc_conf.c src/lxc/lxc_controller.c diff --git a/src/Makefile.am b/src/Makefile.am index e18b0dc..9e16d06 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -350,12 +350,14 @@ endif LXC_DRIVER_SOURCES = \ lxc/lxc_conf.c lxc/lxc_conf.h \ lxc/lxc_container.c lxc/lxc_container.h \ + lxc/lxc_cgroup.c lxc/lxc_cgroup.h \ lxc/lxc_domain.c lxc/lxc_domain.h \ lxc/lxc_driver.c lxc/lxc_driver.h LXC_CONTROLLER_SOURCES = \ lxc/lxc_conf.c lxc/lxc_conf.h \ lxc/lxc_container.c lxc/lxc_container.h \ + lxc/lxc_cgroup.c lxc/lxc_cgroup.h \ lxc/lxc_controller.c SECURITY_DRIVER_APPARMOR_HELPER_SOURCES = \ diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c new file mode 100644 index 0000000..ddd4901 --- /dev/null +++ b/src/lxc/lxc_cgroup.c @@ -0,0 +1,272 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_cgroup.c: LXC cgroup helpers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <config.h> + +#include "lxc_cgroup.h" +#include "lxc_container.h" +#include "virterror_internal.h" +#include "logging.h" +#include "memory.h" +#include "cgroup.h" + +#define VIR_FROM_THIS VIR_FROM_LXC + +static int virLXCCgroupSetupCpuTune(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + if (def->cputune.shares != 0) { + int rc = virCgroupSetCpuShares(cgroup, def->cputune.shares); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set io cpu shares for domain %s"), + def->name); + goto cleanup; + } + } + if (def->cputune.quota != 0) { + int rc = virCgroupSetCpuCfsQuota(cgroup, def->cputune.quota); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set io cpu quota for domain %s"), + def->name); + goto cleanup; + } + } + if (def->cputune.period != 0) { + int rc = virCgroupSetCpuCfsPeriod(cgroup, def->cputune.period); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set io cpu period for domain %s"), + def->name); + goto cleanup; + } + } + ret = 0; +cleanup: + return ret; +} + + +static int virLXCCgroupSetupBlkioTune(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + + if (def->blkio.weight) { + int rc = virCgroupSetBlkioWeight(cgroup, def->blkio.weight); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set Blkio weight for domain %s"), + def->name); + goto cleanup; + } + } + + ret = 0; +cleanup: + return ret; +} + + +static int virLXCCgroupSetupMemTune(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + int rc; + + rc = virCgroupSetMemory(cgroup, def->mem.max_balloon); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set memory limit for domain %s"), + def->name); + goto cleanup; + } + + if (def->mem.hard_limit) { + rc = virCgroupSetMemoryHardLimit(cgroup, def->mem.hard_limit); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set memory hard limit for domain %s"), + def->name); + goto cleanup; + } + } + + if (def->mem.soft_limit) { + rc = virCgroupSetMemorySoftLimit(cgroup, def->mem.soft_limit); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set memory soft limit for domain %s"), + def->name); + goto cleanup; + } + } + + if (def->mem.swap_hard_limit) { + rc = virCgroupSetMemSwapHardLimit(cgroup, def->mem.swap_hard_limit); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to set swap hard limit for domain %s"), + def->name); + goto cleanup; + } + } + + ret = 0; +cleanup: + return ret; +} + + +typedef struct _virLXCCgroupDevicePolicy virLXCCgroupDevicePolicy; +typedef virLXCCgroupDevicePolicy *virLXCCgroupDevicePolicyPtr; + +struct _virLXCCgroupDevicePolicy { + char type; + int major; + int minor; +}; + + + +static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def, + virCgroupPtr cgroup) +{ + int ret = -1; + int rc; + size_t i; + static virLXCCgroupDevicePolicy devices[] = { + {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL}, + {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO}, + {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL}, + {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM}, + {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM}, + {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY}, + {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX}, + {0, 0, 0}}; + + rc = virCgroupDenyAllDevices(cgroup); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to deny devices for domain %s"), + def->name); + goto cleanup; + } + + for (i = 0; devices[i].type != 0; i++) { + virLXCCgroupDevicePolicyPtr dev = &devices[i]; + rc = virCgroupAllowDevice(cgroup, + dev->type, + dev->major, + dev->minor, + VIR_CGROUP_DEVICE_RWM); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to allow device %c:%d:%d for domain %s"), + dev->type, dev->major, dev->minor, def->name); + goto cleanup; + } + } + + for (i = 0 ; i < def->nfss ; i++) { + if (def->fss[i]->type != VIR_DOMAIN_FS_TYPE_BLOCK) + continue; + + rc = virCgroupAllowDevicePath(cgroup, + def->fss[i]->src, + def->fss[i]->readonly ? + VIR_CGROUP_DEVICE_READ : + VIR_CGROUP_DEVICE_RW); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to allow device %s for domain %s"), + def->fss[i]->src, def->name); + goto cleanup; + } + } + + rc = virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY, + VIR_CGROUP_DEVICE_RWM); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to allow PTY devices for domain %s"), + def->name); + goto cleanup; + } + + ret = 0; +cleanup: + return ret; +} + + +int virLXCCgroupSetup(virDomainDefPtr def) +{ + virCgroupPtr driver = NULL; + virCgroupPtr cgroup = NULL; + int rc = -1; + + rc = virCgroupForDriver("lxc", &driver, 1, 0); + if (rc != 0) { + /* Skip all if no driver cgroup is configured */ + if (rc == -ENXIO || rc == -ENOENT) + return 0; + + virReportSystemError(-rc, "%s", + _("Unable to get cgroup for driver")); + return rc; + } + + rc = virCgroupForDomain(driver, def->name, &cgroup, 1); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to create cgroup for domain %s"), + def->name); + goto cleanup; + } + + if (virLXCCgroupSetupCpuTune(def, cgroup) < 0) + goto cleanup; + + if (virLXCCgroupSetupBlkioTune(def, cgroup) < 0) + goto cleanup; + + if (virLXCCgroupSetupMemTune(def, cgroup) < 0) + goto cleanup; + + if (virLXCCgroupSetupDeviceACL(def, cgroup) < 0) + goto cleanup; + + rc = virCgroupAddTask(cgroup, getpid()); + if (rc != 0) { + virReportSystemError(-rc, + _("Unable to add task %d to cgroup for domain %s"), + getpid(), def->name); + } + +cleanup: + virCgroupFree(&cgroup); + virCgroupFree(&driver); + + return rc; +} diff --git a/src/lxc/lxc_cgroup.h b/src/lxc/lxc_cgroup.h new file mode 100644 index 0000000..97bb12a --- /dev/null +++ b/src/lxc/lxc_cgroup.h @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_cgroup.c: LXC cgroup helpers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __VIR_LXC_CGROUP_H__ +# define __VIR_LXC_CGROUP_H__ + +# include "domain_conf.h" + +int virLXCCgroupSetup(virDomainDefPtr def); + +#endif /* __VIR_LXC_CGROUP_H__ */ diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 7a1ce14..4777d51 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -58,6 +58,7 @@ #include "lxc_conf.h" #include "lxc_container.h" +#include "lxc_cgroup.h" #include "virnetdev.h" #include "virnetdevveth.h" #include "memory.h" @@ -72,13 +73,6 @@ #define VIR_FROM_THIS VIR_FROM_LXC -struct cgroup_device_policy { - char type; - int major; - int minor; -}; - - typedef struct _virLXCControllerConsole virLXCControllerConsole; typedef virLXCControllerConsole *virLXCControllerConsolePtr; struct _virLXCControllerConsole { @@ -127,8 +121,6 @@ struct _virLXCController { /* Server socket */ virNetServerPtr server; - - virCgroupPtr cgroup; }; static void virLXCControllerFree(virLXCControllerPtr ctrl); @@ -201,8 +193,6 @@ static void virLXCControllerStopInit(virLXCControllerPtr ctrl) virLXCControllerCloseLoopDevices(ctrl, true); virPidAbort(ctrl->initpid); ctrl->initpid = 0; - - virCgroupFree(&ctrl->cgroup); }

@@ -527,181 +517,6 @@ static int virLXCControllerSetupCpuAffinity(virLXCControllerPtr ctrl) } -static int virLXCControllerSetupCgroupsCpuTune(virLXCControllerPtr ctrl) -{ - int ret = -1; - if (ctrl->def->cputune.shares != 0) { - int rc = virCgroupSetCpuShares(ctrl->cgroup, ctrl->def->cputune.shares); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set io cpu shares for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - if (ctrl->def->cputune.quota != 0) { - int rc = virCgroupSetCpuCfsQuota(ctrl->cgroup, ctrl->def->cputune.quota); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set io cpu quota for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - if (ctrl->def->cputune.period != 0) { - int rc = virCgroupSetCpuCfsPeriod(ctrl->cgroup, ctrl->def->cputune.period); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set io cpu period for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - ret = 0; -cleanup: - return ret; -} - - -static int virLXCControllerSetupCgroupsBlkioTune(virLXCControllerPtr ctrl) -{ - int ret = -1; - - if (ctrl->def->blkio.weight) { - int rc = virCgroupSetBlkioWeight(ctrl->cgroup, ctrl->def->blkio.weight); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set Blkio weight for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - - ret = 0; -cleanup: - return ret; -} - - -static int virLXCControllerSetupCgroupsMemTune(virLXCControllerPtr ctrl) -{ - int ret = -1; - int rc; - - rc = virCgroupSetMemory(ctrl->cgroup, ctrl->def->mem.max_balloon); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set memory limit for domain %s"), - ctrl->def->name); - goto cleanup; - } - - if (ctrl->def->mem.hard_limit) { - rc = virCgroupSetMemoryHardLimit(ctrl->cgroup, ctrl->def->mem.hard_limit); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set memory hard limit for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - - if (ctrl->def->mem.soft_limit) { - rc = virCgroupSetMemorySoftLimit(ctrl->cgroup, ctrl->def->mem.soft_limit); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set memory soft limit for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - - if (ctrl->def->mem.swap_hard_limit) { - rc = virCgroupSetMemSwapHardLimit(ctrl->cgroup, ctrl->def->mem.swap_hard_limit); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to set swap hard limit for domain %s"), - ctrl->def->name); - goto cleanup; - } - } - - ret = 0; -cleanup: - return ret; -} - - -static int virLXCControllerSetupCgroupsDeviceACL(virLXCControllerPtr ctrl) -{ - int ret = -1; - int rc; - size_t i; - static const struct cgroup_device_policy devices[] = { - {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL}, - {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO}, - {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL}, - {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM}, - {'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM}, - {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY}, - {'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX}, - {0, 0, 0}}; - - rc = virCgroupDenyAllDevices(ctrl->cgroup); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to deny devices for domain %s"), - ctrl->def->name); - goto cleanup; - } - - for (i = 0; devices[i].type != 0; i++) { - const struct cgroup_device_policy *dev = &devices[i]; - rc = virCgroupAllowDevice(ctrl->cgroup, - dev->type, - dev->major, - dev->minor, - VIR_CGROUP_DEVICE_RWM); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to allow device %c:%d:%d for domain %s"), - dev->type, dev->major, dev->minor, ctrl->def->name); - goto cleanup; - } - } - - for (i = 0 ; i < ctrl->def->nfss ; i++) { - if (ctrl->def->fss[i]->type != VIR_DOMAIN_FS_TYPE_BLOCK) - continue; - - rc = virCgroupAllowDevicePath(ctrl->cgroup, - ctrl->def->fss[i]->src, - ctrl->def->fss[i]->readonly ? - VIR_CGROUP_DEVICE_READ : - VIR_CGROUP_DEVICE_RW); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to allow device %s for domain %s"), - ctrl->def->fss[i]->src, ctrl->def->name); - goto cleanup; - } - } - - rc = virCgroupAllowDeviceMajor(ctrl->cgroup, 'c', LXC_DEV_MAJ_PTY, - VIR_CGROUP_DEVICE_RWM); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to allow PTY devices for domain %s"), - ctrl->def->name); - goto cleanup; - } - - ret = 0; -cleanup: - return ret; -} - - /** * virLXCControllerSetupResourceLimits * @ctrl: the controller state @@ -713,8 +528,6 @@ cleanup: */ static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) { - virCgroupPtr driver; - int rc = -1; if (virLXCControllerSetupCpuAffinity(ctrl) < 0) return -1; @@ -722,48 +535,7 @@ static int virLXCControllerSetupResourceLimits(virLXCControllerPtr ctrl) if (virLXCControllerSetupNUMAPolicy(ctrl) < 0) return -1; - rc = virCgroupForDriver("lxc", &driver, 1, 0); - if (rc != 0) { - /* Skip all if no driver cgroup is configured */ - if (rc == -ENXIO || rc == -ENOENT) - return 0; - - virReportSystemError(-rc, "%s", - _("Unable to get cgroup for driver")); - return rc; - } - - rc = virCgroupForDomain(driver, ctrl->def->name, &ctrl->cgroup, 1); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to create cgroup for domain %s"), - ctrl->def->name); - goto cleanup; - } - - if (virLXCControllerSetupCgroupsCpuTune(ctrl) < 0) - goto cleanup; - - if (virLXCControllerSetupCgroupsBlkioTune(ctrl) < 0) - goto cleanup; - - if (virLXCControllerSetupCgroupsMemTune(ctrl) < 0) - goto cleanup; - - if (virLXCControllerSetupCgroupsDeviceACL(ctrl) < 0) - goto cleanup; - - rc = virCgroupAddTask(ctrl->cgroup, getpid()); - if (rc != 0) { - virReportSystemError(-rc, - _("Unable to add task %d to cgroup for domain %s"), - getpid(), ctrl->def->name); - } - -cleanup: - virCgroupFree(&driver); - - return rc; + return virLXCCgroupSetup(ctrl->def); }

On Thu, Jul 19, 2012 at 04:37:14PM +0800, Daniel Veillard wrote: > On Wed, Jul 18, 2012 at 05:32:30PM +0100, Daniel P. Berrange wrote: > > From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; > > > > Move the cgroup setup code out of the lxc_controller.c file > > and into lxc_cgroup.{c,h}. This reduces the size of the > > lxc_controller.c file and paves the way to invoke cgroup > > setup from lxc_driver.c instead of lxc_controller.c in the > > future > > > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; > > --- > > po/POTFILES.in | 1 + > > src/Makefile.am | 2 + > > src/lxc/lxc_cgroup.c | 272 ++++++++++++++++++++++++++++++++++++++++++++++ > > src/lxc/lxc_cgroup.h | 29 +++++ > > src/lxc/lxc_controller.c | 232 +-------------------------------------- > > 5 files changed, 306 insertions(+), 230 deletions(-) > > create mode 100644 src/lxc/lxc_cgroup.c > > create mode 100644 src/lxc/lxc_cgroup.h > > +int virLXCCgroupSetup(virDomainDefPtr def) > > +{ > > + virCgroupPtr driver = NULL; > > + virCgroupPtr cgroup = NULL; > > + int rc = -1; > > + > > + rc = virCgroupForDriver("lxc", &driver, 1, 0); > > + if (rc != 0) { > > + /* Skip all if no driver cgroup is configured */ > > + if (rc == -ENXIO || rc == -ENOENT) > > + return 0; > > + > > + virReportSystemError(-rc, "%s", > > + _("Unable to get cgroup for driver")); > > + return rc; > > + } > > + > > + rc = virCgroupForDomain(driver, def->name, &cgroup, 1); > > + if (rc != 0) { > > + virReportSystemError(-rc, > > + _("Unable to create cgroup for domain %s"), > > + def->name); > > + goto cleanup; > > + } > > + > > + if (virLXCCgroupSetupCpuTune(def, cgroup) < 0) > > + goto cleanup; > > + > > + if (virLXCCgroupSetupBlkioTune(def, cgroup) < 0) > > + goto cleanup; > > + > > + if (virLXCCgroupSetupMemTune(def, cgroup) < 0) > > + goto cleanup; > > + > > + if (virLXCCgroupSetupDeviceACL(def, cgroup) < 0) > > + goto cleanup; > > + > > + rc = virCgroupAddTask(cgroup, getpid()); > > + if (rc != 0) { > > + virReportSystemError(-rc, > > + _("Unable to add task %d to cgroup for domain %s"), > > + getpid(), def->name); > > + } > > + > > +cleanup: > > + virCgroupFree(&cgroup); > > + virCgroupFree(&driver); > > + > > + return rc; > > +} > > diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c > > index 7a1ce14..4777d51 100644 > > --- a/src/lxc/lxc_controller.c > > +++ b/src/lxc/lxc_controller.c > > @@ -58,6 +58,7 @@ > > > > #include "lxc_conf.h" > > #include "lxc_container.h" > > +#include "lxc_cgroup.h" > > #include "virnetdev.h" > > #include "virnetdevveth.h" > > #include "memory.h" > > @@ -72,13 +73,6 @@ > > > > #define VIR_FROM_THIS VIR_FROM_LXC > > > > -struct cgroup_device_policy { > > - char type; > > - int major; > > - int minor; > > -}; > > - > > - > > typedef struct _virLXCControllerConsole virLXCControllerConsole; > > typedef virLXCControllerConsole *virLXCControllerConsolePtr; > > struct _virLXCControllerConsole { > > @@ -127,8 +121,6 @@ struct _virLXCController { > > > > /* Server socket */ > > virNetServerPtr server; > > - > > - virCgroupPtr cgroup; > > }; > > > > static void virLXCControllerFree(virLXCControllerPtr ctrl); > > @@ -201,8 +193,6 @@ static void virLXCControllerStopInit(virLXCControllerPtr ctrl) > > virLXCControllerCloseLoopDevices(ctrl, true); > > virPidAbort(ctrl->initpid); > > ctrl->initpid = 0; > > - > > - virCgroupFree(&ctrl->cgroup); > > } > > > > I'm a bit surprized there. The cgroup is moved out of that structure > so that's fine, but i would have expected to see somewhere in the patch > another chunk of code outside of the 2 new modules calling the free of > the new structure, but it's nowhere to be found in src/lxc/lxc_controller.c > diff. Something escapes me, where do we free those now ? If you look at the virLXCControllerSetupResourceLimits() method below, you'll see we call virCgroupForDomain in the old code to create 'ctrl->cgroup', and free it in virLXCControllerStopInit(). In the new virLXCCgroupSetup() method above, we create & free the cgroup object within the scope of that method. So we don't need final cleanup when stopping the controler anymore.

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; Move all the code that manages stop/start of LXC processes into separate lxc_process.{c,h} file to make the lxc_driver.c file smaller Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- po/POTFILES.in | 1 + src/Makefile.am | 1 + src/lxc/lxc_conf.h | 10 + src/lxc/lxc_driver.c | 1236 +----------------------------------------------- src/lxc/lxc_process.c | 1242 +++++++++++++++++++++++++++++++++++++++++++++++++ src/lxc/lxc_process.h | 49 ++ 6 files changed, 1313 insertions(+), 1226 deletions(-) create mode 100644 src/lxc/lxc_process.c create mode 100644 src/lxc/lxc_process.h diff --git a/po/POTFILES.in b/po/POTFILES.in index 2d5735a..dc46941 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -47,6 +47,7 @@ src/lxc/lxc_container.c src/lxc/lxc_conf.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c +src/lxc/lxc_process.c src/libxl/libxl_driver.c src/libxl/libxl_conf.c src/network/bridge_driver.c diff --git a/src/Makefile.am b/src/Makefile.am index 9e16d06..59f1ac8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -352,6 +352,7 @@ LXC_DRIVER_SOURCES = \ lxc/lxc_container.c lxc/lxc_container.h \ lxc/lxc_cgroup.c lxc/lxc_cgroup.h \ lxc/lxc_domain.c lxc/lxc_domain.h \ + lxc/lxc_process.c lxc/lxc_process.h \ lxc/lxc_driver.c lxc/lxc_driver.h LXC_CONTROLLER_SOURCES = \ diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h index cc279b2..937da16 100644 --- a/src/lxc/lxc_conf.h +++ b/src/lxc/lxc_conf.h @@ -78,4 +78,14 @@ virCapsPtr lxcCapsInit(lxc_driver_t *driver); virReportErrorHelper(VIR_FROM_LXC, code, __FILE__, \ __FUNCTION__, __LINE__, __VA_ARGS__) +static inline void lxcDriverLock(lxc_driver_t *driver) +{ + virMutexLock(&driver->lock); +} +static inline void lxcDriverUnlock(lxc_driver_t *driver) +{ + virMutexUnlock(&driver->lock); +} + + #endif /* LXC_CONF_H */ diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d3895d5..d7f052f 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -42,6 +42,7 @@ #include "lxc_container.h" #include "lxc_domain.h" #include "lxc_driver.h" +#include "lxc_process.h" #include "memory.h" #include "util.h" #include "virnetdevbridge.h" @@ -66,7 +67,6 @@ #define VIR_FROM_THIS VIR_FROM_LXC -#define START_POSTFIX ": starting up\n" #define LXC_NB_MEM_PARAM 3 @@ -76,31 +76,6 @@ static lxc_driver_t *lxc_driver = NULL; /* Functions */ -static void lxcDriverLock(lxc_driver_t *driver) -{ - virMutexLock(&driver->lock); -} -static void lxcDriverUnlock(lxc_driver_t *driver) -{ - virMutexUnlock(&driver->lock); -} - -static void lxcDomainEventQueue(lxc_driver_t *driver, - virDomainEventPtr event); - -static int lxcVmTerminate(lxc_driver_t *driver, - virDomainObjPtr vm, - virDomainShutoffReason reason); -static int lxcProcessAutoDestroyInit(lxc_driver_t *driver); -static void lxcProcessAutoDestroyRun(lxc_driver_t *driver, - virConnectPtr conn); -static void lxcProcessAutoDestroyShutdown(lxc_driver_t *driver); -static int lxcProcessAutoDestroyAdd(lxc_driver_t *driver, - virDomainObjPtr vm, - virConnectPtr conn); -static int lxcProcessAutoDestroyRemove(lxc_driver_t *driver, - virDomainObjPtr vm); - static virDrvOpenStatus lxcOpen(virConnectPtr conn, virConnectAuthPtr auth ATTRIBUTE_UNUSED, @@ -451,7 +426,7 @@ cleanup: if (vm) virDomainObjUnlock(vm); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); lxcDriverUnlock(driver); return dom; } @@ -504,7 +479,7 @@ cleanup: if (vm) virDomainObjUnlock(vm); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); lxcDriverUnlock(driver); return ret; } @@ -963,1075 +938,6 @@ cleanup: } -static int lxcProcessAutoDestroyInit(lxc_driver_t *driver) -{ - if (!(driver->autodestroy = virHashCreate(5, NULL))) - return -1; - - return 0; -} - -struct lxcProcessAutoDestroyData { - lxc_driver_t *driver; - virConnectPtr conn; -}; - -static void lxcProcessAutoDestroyDom(void *payload, - const void *name, - void *opaque) -{ - struct lxcProcessAutoDestroyData *data = opaque; - virConnectPtr conn = payload; - const char *uuidstr = name; - unsigned char uuid[VIR_UUID_BUFLEN]; - virDomainObjPtr dom; - virDomainEventPtr event = NULL; - - VIR_DEBUG("conn=%p uuidstr=%s thisconn=%p", conn, uuidstr, data->conn); - - if (data->conn != conn) - return; - - if (virUUIDParse(uuidstr, uuid) < 0) { - VIR_WARN("Failed to parse %s", uuidstr); - return; - } - - if (!(dom = virDomainFindByUUID(&data->driver->domains, - uuid))) { - VIR_DEBUG("No domain object to kill"); - return; - } - - VIR_DEBUG("Killing domain"); - lxcVmTerminate(data->driver, dom, VIR_DOMAIN_SHUTOFF_DESTROYED); - virDomainAuditStop(dom, "destroyed"); - event = virDomainEventNewFromObj(dom, - VIR_DOMAIN_EVENT_STOPPED, - VIR_DOMAIN_EVENT_STOPPED_DESTROYED); - - if (dom && !dom->persistent) - virDomainRemoveInactive(&data->driver->domains, dom); - - if (dom) - virDomainObjUnlock(dom); - if (event) - lxcDomainEventQueue(data->driver, event); - virHashRemoveEntry(data->driver->autodestroy, uuidstr); -} - -/* - * Precondition: driver is locked - */ -static void lxcProcessAutoDestroyRun(lxc_driver_t *driver, virConnectPtr conn) -{ - struct lxcProcessAutoDestroyData data = { - driver, conn - }; - VIR_DEBUG("conn=%p", conn); - virHashForEach(driver->autodestroy, lxcProcessAutoDestroyDom, &data); -} - -static void lxcProcessAutoDestroyShutdown(lxc_driver_t *driver) -{ - virHashFree(driver->autodestroy); -} - -static int lxcProcessAutoDestroyAdd(lxc_driver_t *driver, - virDomainObjPtr vm, - virConnectPtr conn) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - virUUIDFormat(vm->def->uuid, uuidstr); - VIR_DEBUG("vm=%s uuid=%s conn=%p", vm->def->name, uuidstr, conn); - if (virHashAddEntry(driver->autodestroy, uuidstr, conn) < 0) - return -1; - return 0; -} - -static int lxcProcessAutoDestroyRemove(lxc_driver_t *driver, - virDomainObjPtr vm) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - virUUIDFormat(vm->def->uuid, uuidstr); - VIR_DEBUG("vm=%s uuid=%s", vm->def->name, uuidstr); - if (virHashRemoveEntry(driver->autodestroy, uuidstr) < 0) - return -1; - return 0; -} - - -/** - * lxcVmCleanup: - * @driver: pointer to driver structure - * @vm: pointer to VM to clean up - * @reason: reason for switching the VM to shutoff state - * - * Cleanout resources associated with the now dead VM - * - */ -static void lxcVmCleanup(lxc_driver_t *driver, - virDomainObjPtr vm, - virDomainShutoffReason reason) -{ - virCgroupPtr cgroup; - int i; - lxcDomainObjPrivatePtr priv = vm->privateData; - virNetDevVPortProfilePtr vport = NULL; - - /* now that we know it's stopped call the hook if present */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - - /* we can't stop the operation even if the script raised an error */ - virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_STOPPED, VIR_HOOK_SUBOP_END, - NULL, xml, NULL); - VIR_FREE(xml); - } - - /* Stop autodestroy in case guest is restarted */ - lxcProcessAutoDestroyRemove(driver, vm); - - virEventRemoveHandle(priv->monitorWatch); - VIR_FORCE_CLOSE(priv->monitor); - - virPidFileDelete(driver->stateDir, vm->def->name); - virDomainDeleteConfig(driver->stateDir, NULL, vm); - - virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, reason); - vm->pid = -1; - vm->def->id = -1; - priv->monitor = -1; - priv->monitorWatch = -1; - - for (i = 0 ; i < vm->def->nnets ; i++) { - virDomainNetDefPtr iface = vm->def->nets[i]; - vport = virDomainNetGetActualVirtPortProfile(iface); - ignore_value(virNetDevSetOnline(iface->ifname, false)); - if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) - ignore_value(virNetDevOpenvswitchRemovePort( - virDomainNetGetActualBridgeName(iface), - iface->ifname)); - ignore_value(virNetDevVethDelete(iface->ifname)); - networkReleaseActualDevice(iface); - } - - virDomainConfVMNWFilterTeardown(vm); - - if (driver->cgroup && - virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) { - virCgroupRemove(cgroup); - virCgroupFree(&cgroup); - } - - /* now that we know it's stopped call the hook if present */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - - /* we can't stop the operation even if the script raised an error */ - virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_RELEASE, VIR_HOOK_SUBOP_END, - NULL, xml, NULL); - VIR_FREE(xml); - } - - if (vm->newDef) { - virDomainDefFree(vm->def); - vm->def = vm->newDef; - vm->def->id = -1; - vm->newDef = NULL; - } -} - - -static int lxcSetupInterfaceBridged(virConnectPtr conn, - virDomainDefPtr vm, - virDomainNetDefPtr net, - const char *brname, - unsigned int *nveths, - char ***veths) -{ - int ret = -1; - char *parentVeth; - char *containerVeth = NULL; - const virNetDevVPortProfilePtr vport = virDomainNetGetActualVirtPortProfile(net); - - VIR_DEBUG("calling vethCreate()"); - parentVeth = net->ifname; - if (virNetDevVethCreate(&parentVeth, &containerVeth) < 0) - goto cleanup; - VIR_DEBUG("parentVeth: %s, containerVeth: %s", parentVeth, containerVeth); - - if (net->ifname == NULL) - net->ifname = parentVeth; - - if (VIR_REALLOC_N(*veths, (*nveths)+1) < 0) { - virReportOOMError(); - VIR_FREE(containerVeth); - goto cleanup; - } - (*veths)[(*nveths)] = containerVeth; - (*nveths)++; - - if (virNetDevSetMAC(containerVeth, &net->mac) < 0) - goto cleanup; - - if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) - ret = virNetDevOpenvswitchAddPort(brname, parentVeth, &net->mac, - vm->uuid, vport); - else - ret = virNetDevBridgeAddPort(brname, parentVeth); - if (ret < 0) - goto cleanup; - - if (virNetDevSetOnline(parentVeth, true) < 0) - goto cleanup; - - if (virNetDevBandwidthSet(net->ifname, - virDomainNetGetActualBandwidth(net)) < 0) { - lxcError(VIR_ERR_INTERNAL_ERROR, - _("cannot set bandwidth limits on %s"), - net->ifname); - goto cleanup; - } - - if (net->filter && - virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) - goto cleanup; - - ret = 0; - -cleanup: - return ret; -} - - -static int lxcSetupInterfaceDirect(virConnectPtr conn, - virDomainDefPtr def, - virDomainNetDefPtr net, - unsigned int *nveths, - char ***veths) -{ - int ret = 0; - char *res_ifname = NULL; - lxc_driver_t *driver = conn->privateData; - virNetDevBandwidthPtr bw; - virNetDevVPortProfilePtr prof; - - /* XXX how todo bandwidth controls ? - * Since the 'net-ifname' is about to be moved to a different - * namespace & renamed, there will be no host side visible - * interface for the container to attach rules to - */ - bw = virDomainNetGetActualBandwidth(net); - if (bw) { - lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Unable to set network bandwidth on direct interfaces")); - return -1; - } - - /* XXX how todo port profiles ? - * Although we can do the association during container - * startup, at shutdown we are unable to disassociate - * because the macvlan device was moved to the container - * and automagically dies when the container dies. So - * we have no dev to perform disassociation with. - */ - prof = virDomainNetGetActualVirtPortProfile(net); - if (prof) { - lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Unable to set port profile on direct interfaces")); - return -1; - } - - if (VIR_REALLOC_N(*veths, (*nveths)+1) < 0) { - virReportOOMError(); - return -1; - } - (*veths)[(*nveths)] = NULL; - - if (virNetDevMacVLanCreateWithVPortProfile( - net->ifname, &net->mac, - virDomainNetGetActualDirectDev(net), - virDomainNetGetActualDirectMode(net), - false, false, def->uuid, - virDomainNetGetActualVirtPortProfile(net), - &res_ifname, - VIR_NETDEV_VPORT_PROFILE_OP_CREATE, - driver->stateDir, - virDomainNetGetActualBandwidth(net)) < 0) - goto cleanup; - - (*veths)[(*nveths)] = res_ifname; - (*nveths)++; - - ret = 0; - -cleanup: - return ret; -} - - -/** - * lxcSetupInterfaces: - * @conn: pointer to connection - * @def: pointer to virtual machine structure - * @nveths: number of interfaces - * @veths: interface names - * - * Sets up the container interfaces by creating the veth device pairs and - * attaching the parent end to the appropriate bridge. The container end - * will moved into the container namespace later after clone has been called. - * - * Returns 0 on success or -1 in case of error - */ -static int lxcSetupInterfaces(virConnectPtr conn, - virDomainDefPtr def, - unsigned int *nveths, - char ***veths) -{ - int ret = -1; - size_t i; - - for (i = 0 ; i < def->nnets ; i++) { - /* If appropriate, grab a physical device from the configured - * network's pool of devices, or resolve bridge device name - * to the one defined in the network definition. - */ - if (networkAllocateActualDevice(def->nets[i]) < 0) - goto cleanup; - - switch (virDomainNetGetActualType(def->nets[i])) { - case VIR_DOMAIN_NET_TYPE_NETWORK: { - virNetworkPtr network; - char *brname = NULL; - - if (!(network = virNetworkLookupByName(conn, - def->nets[i]->data.network.name))) - goto cleanup; - - brname = virNetworkGetBridgeName(network); - virNetworkFree(network); - if (!brname) - goto cleanup; - - if (lxcSetupInterfaceBridged(conn, - def, - def->nets[i], - brname, - nveths, - veths) < 0) { - VIR_FREE(brname); - goto cleanup; - } - VIR_FREE(brname); - break; - } - case VIR_DOMAIN_NET_TYPE_BRIDGE: { - const char *brname = virDomainNetGetActualBridgeName(def->nets[i]); - if (!brname) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No bridge name specified")); - goto cleanup; - } - if (lxcSetupInterfaceBridged(conn, - def, - def->nets[i], - brname, - nveths, - veths) < 0) - goto cleanup; - } break; - - case VIR_DOMAIN_NET_TYPE_DIRECT: - if (lxcSetupInterfaceDirect(conn, - def, - def->nets[i], - nveths, - veths) < 0) - goto cleanup; - break; - - case VIR_DOMAIN_NET_TYPE_USER: - case VIR_DOMAIN_NET_TYPE_ETHERNET: - case VIR_DOMAIN_NET_TYPE_SERVER: - case VIR_DOMAIN_NET_TYPE_CLIENT: - case VIR_DOMAIN_NET_TYPE_MCAST: - case VIR_DOMAIN_NET_TYPE_INTERNAL: - case VIR_DOMAIN_NET_TYPE_LAST: - lxcError(VIR_ERR_INTERNAL_ERROR, - _("Unsupported network type %s"), - virDomainNetTypeToString( - virDomainNetGetActualType(def->nets[i]) - )); - goto cleanup; - } - } - - ret= 0; - -cleanup: - if (ret != 0) { - for (i = 0 ; i < def->nnets ; i++) { - virDomainNetDefPtr iface = def->nets[i]; - virNetDevVPortProfilePtr vport = virDomainNetGetActualVirtPortProfile(iface); - if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) - ignore_value(virNetDevOpenvswitchRemovePort( - virDomainNetGetActualBridgeName(iface), - iface->ifname)); - networkReleaseActualDevice(iface); - } - } - return ret; -} - - -static int lxcMonitorClient(lxc_driver_t * driver, - virDomainObjPtr vm) -{ - char *sockpath = NULL; - int fd = -1; - struct sockaddr_un addr; - - if (virAsprintf(&sockpath, "%s/%s.sock", - driver->stateDir, vm->def->name) < 0) { - virReportOOMError(); - return -1; - } - - if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) { - VIR_ERROR(_("Failed to set security context for monitor for %s"), - vm->def->name); - goto error; - } - - fd = socket(PF_UNIX, SOCK_STREAM, 0); - - if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) { - VIR_ERROR(_("Failed to clear security context for monitor for %s"), - vm->def->name); - goto error; - } - - if (fd < 0) { - virReportSystemError(errno, "%s", - _("Failed to create client socket")); - goto error; - } - - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - if (virStrcpyStatic(addr.sun_path, sockpath) == NULL) { - lxcError(VIR_ERR_INTERNAL_ERROR, - _("Socket path %s too big for destination"), sockpath); - goto error; - } - - if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { - virReportSystemError(errno, "%s", - _("Failed to connect to client socket")); - goto error; - } - - VIR_FREE(sockpath); - return fd; - -error: - VIR_FREE(sockpath); - VIR_FORCE_CLOSE(fd); - return -1; -} - - -static int lxcVmTerminate(lxc_driver_t *driver, - virDomainObjPtr vm, - virDomainShutoffReason reason) -{ - virCgroupPtr group = NULL; - int rc; - - if (vm->pid <= 0) { - lxcError(VIR_ERR_INTERNAL_ERROR, - _("Invalid PID %d for container"), vm->pid); - return -1; - } - - virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false); - virSecurityManagerReleaseLabel(driver->securityManager, vm->def); - /* Clear out dynamically assigned labels */ - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { - VIR_FREE(vm->def->seclabel.model); - VIR_FREE(vm->def->seclabel.label); - VIR_FREE(vm->def->seclabel.imagelabel); - } - - if (virCgroupForDomain(driver->cgroup, vm->def->name, &group, 0) == 0) { - rc = virCgroupKillPainfully(group); - if (rc < 0) { - virReportSystemError(-rc, "%s", - _("Failed to kill container PIDs")); - rc = -1; - goto cleanup; - } - if (rc == 1) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Some container PIDs refused to die")); - rc = -1; - goto cleanup; - } - } else { - /* If cgroup doesn't exist, the VM pids must have already - * died and so we're just cleaning up stale state - */ - } - - lxcVmCleanup(driver, vm, reason); - - rc = 0; - -cleanup: - virCgroupFree(&group); - return rc; -} - -static void lxcMonitorEvent(int watch, - int fd, - int events ATTRIBUTE_UNUSED, - void *data) -{ - lxc_driver_t *driver = lxc_driver; - virDomainObjPtr vm = data; - virDomainEventPtr event = NULL; - lxcDomainObjPrivatePtr priv; - - lxcDriverLock(driver); - virDomainObjLock(vm); - lxcDriverUnlock(driver); - - priv = vm->privateData; - - if (priv->monitor != fd || priv->monitorWatch != watch) { - virEventRemoveHandle(watch); - goto cleanup; - } - - if (lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN) < 0) { - virEventRemoveHandle(watch); - } else { - event = virDomainEventNewFromObj(vm, - VIR_DOMAIN_EVENT_STOPPED, - VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN); - virDomainAuditStop(vm, "shutdown"); - } - if (!vm->persistent) { - virDomainRemoveInactive(&driver->domains, vm); - vm = NULL; - } - -cleanup: - if (vm) - virDomainObjUnlock(vm); - if (event) { - lxcDriverLock(driver); - lxcDomainEventQueue(driver, event); - lxcDriverUnlock(driver); - } -} - - -static virCommandPtr -lxcBuildControllerCmd(lxc_driver_t *driver, - virDomainObjPtr vm, - int nveths, - char **veths, - int *ttyFDs, - size_t nttyFDs, - int handshakefd) -{ - size_t i; - char *filterstr; - char *outputstr; - virCommandPtr cmd; - - cmd = virCommandNew(vm->def->emulator); - - /* The controller may call ip command, so we have to retain PATH. */ - virCommandAddEnvPass(cmd, "PATH"); - - virCommandAddEnvFormat(cmd, "LIBVIRT_DEBUG=%d", - virLogGetDefaultPriority()); - - if (virLogGetNbFilters() > 0) { - filterstr = virLogGetFilters(); - if (!filterstr) { - virReportOOMError(); - goto cleanup; - } - - virCommandAddEnvPair(cmd, "LIBVIRT_LOG_FILTERS", filterstr); - VIR_FREE(filterstr); - } - - if (driver->log_libvirtd) { - if (virLogGetNbOutputs() > 0) { - outputstr = virLogGetOutputs(); - if (!outputstr) { - virReportOOMError(); - goto cleanup; - } - - virCommandAddEnvPair(cmd, "LIBVIRT_LOG_OUTPUTS", outputstr); - VIR_FREE(outputstr); - } - } else { - virCommandAddEnvFormat(cmd, - "LIBVIRT_LOG_OUTPUTS=%d:stderr", - virLogGetDefaultPriority()); - } - - virCommandAddArgList(cmd, "--name", vm->def->name, NULL); - for (i = 0 ; i < nttyFDs ; i++) { - virCommandAddArg(cmd, "--console"); - virCommandAddArgFormat(cmd, "%d", ttyFDs[i]); - virCommandPreserveFD(cmd, ttyFDs[i]); - } - - virCommandAddArgPair(cmd, "--security", - virSecurityManagerGetModel(driver->securityManager)); - - virCommandAddArg(cmd, "--handshake"); - virCommandAddArgFormat(cmd, "%d", handshakefd); - virCommandAddArg(cmd, "--background"); - - for (i = 0 ; i < nveths ; i++) { - virCommandAddArgList(cmd, "--veth", veths[i], NULL); - } - - virCommandPreserveFD(cmd, handshakefd); - - return cmd; -cleanup: - virCommandFree(cmd); - return NULL; -} - -static int -lxcReadLogOutput(virDomainObjPtr vm, - char *logfile, - off_t pos, - char *buf, - size_t buflen) -{ - int fd; - off_t off; - int whence; - int got = 0, ret = -1; - int retries = 10; - - if ((fd = open(logfile, O_RDONLY)) < 0) { - virReportSystemError(errno, _("failed to open logfile %s"), - logfile); - goto cleanup; - } - - if (pos < 0) { - off = 0; - whence = SEEK_END; - } else { - off = pos; - whence = SEEK_SET; - } - - if (lseek(fd, off, whence) < 0) { - if (whence == SEEK_END) - virReportSystemError(errno, - _("unable to seek to end of log for %s"), - logfile); - else - virReportSystemError(errno, - _("unable to seek to %lld from start for %s"), - (long long)off, logfile); - goto cleanup; - } - - while (retries) { - ssize_t bytes; - int isdead = 0; - - if (kill(vm->pid, 0) == -1 && errno == ESRCH) - isdead = 1; - - /* Any failures should be detected before we read the log, so we - * always have something useful to report on failure. */ - bytes = saferead(fd, buf+got, buflen-got-1); - if (bytes < 0) { - virReportSystemError(errno, "%s", - _("Failure while reading guest log output")); - goto cleanup; - } - - got += bytes; - buf[got] = '\0'; - - if ((got == buflen-1) || isdead) { - break; - } - - usleep(100*1000); - retries--; - } - - - ret = got; -cleanup: - VIR_FORCE_CLOSE(fd); - return ret; -} - -/** - * lxcVmStart: - * @conn: pointer to connection - * @driver: pointer to driver structure - * @vm: pointer to virtual machine structure - * @autoDestroy: mark the domain for auto destruction - * @reason: reason for switching vm to running state - * - * Starts a vm - * - * Returns 0 on success or -1 in case of error - */ -static int lxcVmStart(virConnectPtr conn, - lxc_driver_t * driver, - virDomainObjPtr vm, - bool autoDestroy, - virDomainRunningReason reason) -{ - int rc = -1, r; - size_t nttyFDs = 0; - int *ttyFDs = NULL; - size_t i; - char *logfile = NULL; - int logfd = -1; - unsigned int nveths = 0; - char **veths = NULL; - int handshakefds[2] = { -1, -1 }; - off_t pos = -1; - char ebuf[1024]; - char *timestamp; - virCommandPtr cmd = NULL; - lxcDomainObjPrivatePtr priv = vm->privateData; - virErrorPtr err = NULL; - - if (!lxc_driver->cgroup) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("The 'cpuacct', 'devices' & 'memory' cgroups controllers must be mounted")); - return -1; - } - - if (!virCgroupMounted(lxc_driver->cgroup, - VIR_CGROUP_CONTROLLER_CPUACCT)) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to find 'cpuacct' cgroups controller mount")); - return -1; - } - if (!virCgroupMounted(lxc_driver->cgroup, - VIR_CGROUP_CONTROLLER_DEVICES)) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to find 'devices' cgroups controller mount")); - return -1; - } - if (!virCgroupMounted(lxc_driver->cgroup, - VIR_CGROUP_CONTROLLER_MEMORY)) { - lxcError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to find 'memory' cgroups controller mount")); - return -1; - } - - if (virFileMakePath(driver->logDir) < 0) { - virReportSystemError(errno, - _("Cannot create log directory '%s'"), - driver->logDir); - return -1; - } - - if (virAsprintf(&logfile, "%s/%s.log", - driver->logDir, vm->def->name) < 0) { - virReportOOMError(); - return -1; - } - - /* Do this up front, so any part of the startup process can add - * runtime state to vm->def that won't be persisted. This let's us - * report implicit runtime defaults in the XML, like vnc listen/socket - */ - VIR_DEBUG("Setting current domain def as transient"); - if (virDomainObjSetDefTransient(driver->caps, vm, true) < 0) - goto cleanup; - - /* Run an early hook to set-up missing devices */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - int hookret; - - hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_PREPARE, VIR_HOOK_SUBOP_BEGIN, - NULL, xml, NULL); - VIR_FREE(xml); - - /* - * If the script raised an error abort the launch - */ - if (hookret < 0) - goto cleanup; - } - - /* Here we open all the PTYs we need on the host OS side. - * The LXC controller will open the guest OS side PTYs - * and forward I/O between them. - */ - nttyFDs = vm->def->nconsoles; - if (VIR_ALLOC_N(ttyFDs, nttyFDs) < 0) { - virReportOOMError(); - goto cleanup; - } - - /* If you are using a SecurityDriver with dynamic labelling, - then generate a security label for isolation */ - VIR_DEBUG("Generating domain security label (if required)"); - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DEFAULT) - vm->def->seclabel.type = VIR_DOMAIN_SECLABEL_NONE; - - if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { - virDomainAuditSecurityLabel(vm, false); - goto cleanup; - } - virDomainAuditSecurityLabel(vm, true); - - VIR_DEBUG("Setting domain security labels"); - if (virSecurityManagerSetAllLabel(driver->securityManager, - vm->def, NULL) < 0) - goto cleanup; - - for (i = 0 ; i < vm->def->nconsoles ; i++) - ttyFDs[i] = -1; - - for (i = 0 ; i < vm->def->nconsoles ; i++) { - char *ttyPath; - if (vm->def->consoles[i]->source.type != VIR_DOMAIN_CHR_TYPE_PTY) { - lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Only PTY console types are supported")); - goto cleanup; - } - - if (virFileOpenTty(&ttyFDs[i], &ttyPath, 1) < 0) { - virReportSystemError(errno, "%s", - _("Failed to allocate tty")); - goto cleanup; - } - - VIR_FREE(vm->def->consoles[i]->source.data.file.path); - vm->def->consoles[i]->source.data.file.path = ttyPath; - - VIR_FREE(vm->def->consoles[i]->info.alias); - if (virAsprintf(&vm->def->consoles[i]->info.alias, "console%zu", i) < 0) { - virReportOOMError(); - goto cleanup; - } - } - - if (lxcSetupInterfaces(conn, vm->def, &nveths, &veths) != 0) - goto cleanup; - - /* Save the configuration for the controller */ - if (virDomainSaveConfig(driver->stateDir, vm->def) < 0) - goto cleanup; - - if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, - S_IRUSR|S_IWUSR)) < 0) { - virReportSystemError(errno, - _("Failed to open '%s'"), - logfile); - goto cleanup; - } - - if (pipe(handshakefds) < 0) { - virReportSystemError(errno, "%s", - _("Unable to create pipe")); - goto cleanup; - } - - if (!(cmd = lxcBuildControllerCmd(driver, - vm, - nveths, veths, - ttyFDs, nttyFDs, - handshakefds[1]))) - goto cleanup; - virCommandSetOutputFD(cmd, &logfd); - virCommandSetErrorFD(cmd, &logfd); - - /* now that we know it is about to start call the hook if present */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - int hookret; - - hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_START, VIR_HOOK_SUBOP_BEGIN, - NULL, xml, NULL); - VIR_FREE(xml); - - /* - * If the script raised an error abort the launch - */ - if (hookret < 0) - goto cleanup; - } - - /* Log timestamp */ - if ((timestamp = virTimeStringNow()) == NULL) { - virReportOOMError(); - goto cleanup; - } - if (safewrite(logfd, timestamp, strlen(timestamp)) < 0 || - safewrite(logfd, START_POSTFIX, strlen(START_POSTFIX)) < 0) { - VIR_WARN("Unable to write timestamp to logfile: %s", - virStrerror(errno, ebuf, sizeof(ebuf))); - } - VIR_FREE(timestamp); - - /* Log generated command line */ - virCommandWriteArgLog(cmd, logfd); - if ((pos = lseek(logfd, 0, SEEK_END)) < 0) - VIR_WARN("Unable to seek to end of logfile: %s", - virStrerror(errno, ebuf, sizeof(ebuf))); - - if (virCommandRun(cmd, NULL) < 0) - goto cleanup; - - if (VIR_CLOSE(handshakefds[1]) < 0) { - virReportSystemError(errno, "%s", _("could not close handshake fd")); - goto cleanup; - } - - /* Connect to the controller as a client *first* because - * this will block until the child has written their - * pid file out to disk */ - if ((priv->monitor = lxcMonitorClient(driver, vm)) < 0) - goto cleanup; - - /* And get its pid */ - if ((r = virPidFileRead(driver->stateDir, vm->def->name, &vm->pid)) < 0) { - virReportSystemError(-r, - _("Failed to read pid file %s/%s.pid"), - driver->stateDir, vm->def->name); - goto cleanup; - } - - vm->def->id = vm->pid; - virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason); - - if (lxcContainerWaitForContinue(handshakefds[0]) < 0) { - char out[1024]; - - if (!(lxcReadLogOutput(vm, logfile, pos, out, 1024) < 0)) { - lxcError(VIR_ERR_INTERNAL_ERROR, - _("guest failed to start: %s"), out); - } - - goto error; - } - - if ((priv->monitorWatch = virEventAddHandle( - priv->monitor, - VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, - lxcMonitorEvent, - vm, NULL)) < 0) { - goto error; - } - - if (autoDestroy && - lxcProcessAutoDestroyAdd(driver, vm, conn) < 0) - goto error; - - if (virDomainObjSetDefTransient(driver->caps, vm, false) < 0) - goto error; - - /* Write domain status to disk. - * - * XXX: Earlier we wrote the plain "live" domain XML to this - * location for the benefit of libvirt_lxc. We're now overwriting - * it with the live status XML instead. This is a (currently - * harmless) inconsistency we should fix one day */ - if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) - goto error; - - /* finally we can call the 'started' hook script if any */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - int hookret; - - hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_STARTED, VIR_HOOK_SUBOP_BEGIN, - NULL, xml, NULL); - VIR_FREE(xml); - - /* - * If the script raised an error abort the launch - */ - if (hookret < 0) - goto error; - } - - rc = 0; - -cleanup: - if (rc != 0 && !err) - err = virSaveLastError(); - virCommandFree(cmd); - if (VIR_CLOSE(logfd) < 0) { - virReportSystemError(errno, "%s", _("could not close logfile")); - rc = -1; - } - for (i = 0 ; i < nveths ; i++) { - if (rc != 0) - ignore_value(virNetDevVethDelete(veths[i])); - VIR_FREE(veths[i]); - } - if (rc != 0) { - VIR_FORCE_CLOSE(priv->monitor); - virDomainConfVMNWFilterTeardown(vm); - - virSecurityManagerRestoreAllLabel(driver->securityManager, - vm->def, false); - virSecurityManagerReleaseLabel(driver->securityManager, vm->def); - /* Clear out dynamically assigned labels */ - if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { - VIR_FREE(vm->def->seclabel.model); - VIR_FREE(vm->def->seclabel.label); - VIR_FREE(vm->def->seclabel.imagelabel); - } - } - for (i = 0 ; i < nttyFDs ; i++) - VIR_FORCE_CLOSE(ttyFDs[i]); - VIR_FREE(ttyFDs); - VIR_FORCE_CLOSE(handshakefds[0]); - VIR_FORCE_CLOSE(handshakefds[1]); - VIR_FREE(logfile); - - if (err) { - virSetError(err); - virFreeError(err); - } - - return rc; - -error: - err = virSaveLastError(); - lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); - goto cleanup; -} - /** * lxcDomainStartWithFlags: * @dom: domain to start @@ -2089,7 +995,7 @@ cleanup: if (vm) virDomainObjUnlock(vm); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); lxcDriverUnlock(driver); return ret; } @@ -2176,7 +1082,7 @@ cleanup: if (vm) virDomainObjUnlock(vm); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); lxcDriverUnlock(driver); return dom; } @@ -2354,13 +1260,6 @@ lxcDomainEventDeregisterAny(virConnectPtr conn, } -/* driver must be locked before calling */ -static void lxcDomainEventQueue(lxc_driver_t *driver, - virDomainEventPtr event) -{ - virDomainEventStateQueue(driver->domainEventState, event); -} - /** * lxcDomainDestroyFlags: * @dom: pointer to domain to destroy @@ -2411,7 +1310,7 @@ cleanup: if (vm) virDomainObjUnlock(vm); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); lxcDriverUnlock(driver); return ret; } @@ -2446,121 +1345,6 @@ static int lxcCheckNetNsSupport(void) } -struct lxcAutostartData { - lxc_driver_t *driver; - virConnectPtr conn; -}; - -static void -lxcAutostartDomain(void *payload, const void *name ATTRIBUTE_UNUSED, void *opaque) -{ - virDomainObjPtr vm = payload; - const struct lxcAutostartData *data = opaque; - - virDomainObjLock(vm); - if (vm->autostart && - !virDomainObjIsActive(vm)) { - int ret = lxcVmStart(data->conn, data->driver, vm, false, - VIR_DOMAIN_RUNNING_BOOTED); - virDomainAuditStart(vm, "booted", ret >= 0); - if (ret < 0) { - virErrorPtr err = virGetLastError(); - VIR_ERROR(_("Failed to autostart VM '%s': %s"), - vm->def->name, - err ? err->message : ""); - } else { - virDomainEventPtr event = - virDomainEventNewFromObj(vm, - VIR_DOMAIN_EVENT_STARTED, - VIR_DOMAIN_EVENT_STARTED_BOOTED); - if (event) - lxcDomainEventQueue(data->driver, event); - } - } - virDomainObjUnlock(vm); -} - -static void -lxcAutostartConfigs(lxc_driver_t *driver) { - /* XXX: Figure out a better way todo this. The domain - * startup code needs a connection handle in order - * to lookup the bridge associated with a virtual - * network - */ - virConnectPtr conn = virConnectOpen("lxc:///"); - /* Ignoring NULL conn which is mostly harmless here */ - - struct lxcAutostartData data = { driver, conn }; - - lxcDriverLock(driver); - virHashForEach(driver->domains.objs, lxcAutostartDomain, &data); - lxcDriverUnlock(driver); - - if (conn) - virConnectClose(conn); -} - -static void -lxcReconnectVM(void *payload, const void *name ATTRIBUTE_UNUSED, void *opaque) -{ - virDomainObjPtr vm = payload; - lxc_driver_t *driver = opaque; - lxcDomainObjPrivatePtr priv; - - virDomainObjLock(vm); - VIR_DEBUG("Reconnect %d %d %d\n", vm->def->id, vm->pid, vm->state.state); - - priv = vm->privateData; - - if (vm->pid != 0) { - vm->def->id = vm->pid; - virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, - VIR_DOMAIN_RUNNING_UNKNOWN); - - if ((priv->monitor = lxcMonitorClient(driver, vm)) < 0) - goto error; - - if ((priv->monitorWatch = virEventAddHandle( - priv->monitor, - VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, - lxcMonitorEvent, - vm, NULL)) < 0) - goto error; - - if (virSecurityManagerReserveLabel(driver->securityManager, - vm->def, vm->pid) < 0) - goto error; - - /* now that we know it's reconnected call the hook if present */ - if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { - char *xml = virDomainDefFormat(vm->def, 0); - int hookret; - - /* we can't stop the operation even if the script raised an error */ - hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, - VIR_HOOK_LXC_OP_RECONNECT, VIR_HOOK_SUBOP_BEGIN, - NULL, xml, NULL); - VIR_FREE(xml); - if (hookret < 0) - goto error; - } - - } else { - vm->def->id = -1; - VIR_FORCE_CLOSE(priv->monitor); - } - -cleanup: - virDomainObjUnlock(vm); - return; - -error: - lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); - virDomainAuditStop(vm, "failed"); - goto cleanup; -} - - static int lxcSecurityInit(lxc_driver_t *driver) { @@ -2664,7 +1448,7 @@ static int lxcStartup(int privileged) NULL, NULL) < 0) goto cleanup; - virHashForEach(lxc_driver->domains.objs, lxcReconnectVM, lxc_driver); + lxcReconnectAll(lxc_driver, &lxc_driver->domains); /* Then inactive persistent configs */ if (virDomainLoadAllConfigs(lxc_driver->caps, @@ -2697,7 +1481,7 @@ static void lxcNotifyLoadDomain(virDomainObjPtr vm, int newVM, void *opaque) VIR_DOMAIN_EVENT_DEFINED, VIR_DOMAIN_EVENT_DEFINED_ADDED); if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); } } @@ -3706,7 +2490,7 @@ static int lxcDomainSuspend(virDomainPtr dom) cleanup: if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); if (vm) virDomainObjUnlock(vm); lxcDriverUnlock(driver); @@ -3772,7 +2556,7 @@ static int lxcDomainResume(virDomainPtr dom) cleanup: if (event) - lxcDomainEventQueue(driver, event); + virDomainEventStateQueue(driver->domainEventState, event); if (vm) virDomainObjUnlock(vm); lxcDriverUnlock(driver); diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c new file mode 100644 index 0000000..12f6ae6 --- /dev/null +++ b/src/lxc/lxc_process.c @@ -0,0 +1,1242 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_process.c: LXC process lifecycle management + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <config.h> + +#include <unistd.h> +#include <fcntl.h> +#include <signal.h> + +#include "lxc_process.h" +#include "lxc_domain.h" +#include "lxc_container.h" +#include "datatypes.h" +#include "virfile.h" +#include "virpidfile.h" +#include "virnetdev.h" +#include "virnetdevveth.h" +#include "virnetdevbridge.h" +#include "virtime.h" +#include "domain_nwfilter.h" +#include "network/bridge_driver.h" +#include "memory.h" +#include "domain_audit.h" +#include "virterror_internal.h" +#include "logging.h" +#include "command.h" +#include "hooks.h" + +#define VIR_FROM_THIS VIR_FROM_LXC + +#define START_POSTFIX ": starting up\n" + +int lxcProcessAutoDestroyInit(lxc_driver_t *driver) +{ + if (!(driver->autodestroy = virHashCreate(5, NULL))) + return -1; + + return 0; +} + +struct lxcProcessAutoDestroyData { + lxc_driver_t *driver; + virConnectPtr conn; +}; + +static void lxcProcessAutoDestroyDom(void *payload, + const void *name, + void *opaque) +{ + struct lxcProcessAutoDestroyData *data = opaque; + virConnectPtr conn = payload; + const char *uuidstr = name; + unsigned char uuid[VIR_UUID_BUFLEN]; + virDomainObjPtr dom; + virDomainEventPtr event = NULL; + + VIR_DEBUG("conn=%p uuidstr=%s thisconn=%p", conn, uuidstr, data->conn); + + if (data->conn != conn) + return; + + if (virUUIDParse(uuidstr, uuid) < 0) { + VIR_WARN("Failed to parse %s", uuidstr); + return; + } + + if (!(dom = virDomainFindByUUID(&data->driver->domains, + uuid))) { + VIR_DEBUG("No domain object to kill"); + return; + } + + VIR_DEBUG("Killing domain"); + lxcVmTerminate(data->driver, dom, VIR_DOMAIN_SHUTOFF_DESTROYED); + virDomainAuditStop(dom, "destroyed"); + event = virDomainEventNewFromObj(dom, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_DESTROYED); + + if (dom && !dom->persistent) + virDomainRemoveInactive(&data->driver->domains, dom); + + if (dom) + virDomainObjUnlock(dom); + if (event) + virDomainEventStateQueue(data->driver->domainEventState, event); + virHashRemoveEntry(data->driver->autodestroy, uuidstr); +} + +/* + * Precondition: driver is locked + */ +void lxcProcessAutoDestroyRun(lxc_driver_t *driver, virConnectPtr conn) +{ + struct lxcProcessAutoDestroyData data = { + driver, conn + }; + VIR_DEBUG("conn=%p", conn); + virHashForEach(driver->autodestroy, lxcProcessAutoDestroyDom, &data); +} + +void lxcProcessAutoDestroyShutdown(lxc_driver_t *driver) +{ + virHashFree(driver->autodestroy); +} + +int lxcProcessAutoDestroyAdd(lxc_driver_t *driver, + virDomainObjPtr vm, + virConnectPtr conn) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + virUUIDFormat(vm->def->uuid, uuidstr); + VIR_DEBUG("vm=%s uuid=%s conn=%p", vm->def->name, uuidstr, conn); + if (virHashAddEntry(driver->autodestroy, uuidstr, conn) < 0) + return -1; + return 0; +} + +int lxcProcessAutoDestroyRemove(lxc_driver_t *driver, + virDomainObjPtr vm) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + virUUIDFormat(vm->def->uuid, uuidstr); + VIR_DEBUG("vm=%s uuid=%s", vm->def->name, uuidstr); + if (virHashRemoveEntry(driver->autodestroy, uuidstr) < 0) + return -1; + return 0; +} + + +/** + * lxcVmCleanup: + * @driver: pointer to driver structure + * @vm: pointer to VM to clean up + * @reason: reason for switching the VM to shutoff state + * + * Cleanout resources associated with the now dead VM + * + */ +static void lxcVmCleanup(lxc_driver_t *driver, + virDomainObjPtr vm, + virDomainShutoffReason reason) +{ + virCgroupPtr cgroup; + int i; + lxcDomainObjPrivatePtr priv = vm->privateData; + virNetDevVPortProfilePtr vport = NULL; + + /* now that we know it's stopped call the hook if present */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + + /* we can't stop the operation even if the script raised an error */ + virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_STOPPED, VIR_HOOK_SUBOP_END, + NULL, xml, NULL); + VIR_FREE(xml); + } + + /* Stop autodestroy in case guest is restarted */ + lxcProcessAutoDestroyRemove(driver, vm); + + virEventRemoveHandle(priv->monitorWatch); + VIR_FORCE_CLOSE(priv->monitor); + + virPidFileDelete(driver->stateDir, vm->def->name); + virDomainDeleteConfig(driver->stateDir, NULL, vm); + + virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, reason); + vm->pid = -1; + vm->def->id = -1; + priv->monitor = -1; + priv->monitorWatch = -1; + + for (i = 0 ; i < vm->def->nnets ; i++) { + virDomainNetDefPtr iface = vm->def->nets[i]; + vport = virDomainNetGetActualVirtPortProfile(iface); + ignore_value(virNetDevSetOnline(iface->ifname, false)); + if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) + ignore_value(virNetDevOpenvswitchRemovePort( + virDomainNetGetActualBridgeName(iface), + iface->ifname)); + ignore_value(virNetDevVethDelete(iface->ifname)); + networkReleaseActualDevice(iface); + } + + virDomainConfVMNWFilterTeardown(vm); + + if (driver->cgroup && + virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) { + virCgroupRemove(cgroup); + virCgroupFree(&cgroup); + } + + /* now that we know it's stopped call the hook if present */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + + /* we can't stop the operation even if the script raised an error */ + virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_RELEASE, VIR_HOOK_SUBOP_END, + NULL, xml, NULL); + VIR_FREE(xml); + } + + if (vm->newDef) { + virDomainDefFree(vm->def); + vm->def = vm->newDef; + vm->def->id = -1; + vm->newDef = NULL; + } +} + + +static int lxcSetupInterfaceBridged(virConnectPtr conn, + virDomainDefPtr vm, + virDomainNetDefPtr net, + const char *brname, + unsigned int *nveths, + char ***veths) +{ + int ret = -1; + char *parentVeth; + char *containerVeth = NULL; + const virNetDevVPortProfilePtr vport = virDomainNetGetActualVirtPortProfile(net); + + VIR_DEBUG("calling vethCreate()"); + parentVeth = net->ifname; + if (virNetDevVethCreate(&parentVeth, &containerVeth) < 0) + goto cleanup; + VIR_DEBUG("parentVeth: %s, containerVeth: %s", parentVeth, containerVeth); + + if (net->ifname == NULL) + net->ifname = parentVeth; + + if (VIR_REALLOC_N(*veths, (*nveths)+1) < 0) { + virReportOOMError(); + VIR_FREE(containerVeth); + goto cleanup; + } + (*veths)[(*nveths)] = containerVeth; + (*nveths)++; + + if (virNetDevSetMAC(containerVeth, &net->mac) < 0) + goto cleanup; + + if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) + ret = virNetDevOpenvswitchAddPort(brname, parentVeth, &net->mac, + vm->uuid, vport); + else + ret = virNetDevBridgeAddPort(brname, parentVeth); + if (ret < 0) + goto cleanup; + + if (virNetDevSetOnline(parentVeth, true) < 0) + goto cleanup; + + if (virNetDevBandwidthSet(net->ifname, + virDomainNetGetActualBandwidth(net)) < 0) { + lxcError(VIR_ERR_INTERNAL_ERROR, + _("cannot set bandwidth limits on %s"), + net->ifname); + goto cleanup; + } + + if (net->filter && + virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) + goto cleanup; + + ret = 0; + +cleanup: + return ret; +} + + +static int lxcSetupInterfaceDirect(virConnectPtr conn, + virDomainDefPtr def, + virDomainNetDefPtr net, + unsigned int *nveths, + char ***veths) +{ + int ret = 0; + char *res_ifname = NULL; + lxc_driver_t *driver = conn->privateData; + virNetDevBandwidthPtr bw; + virNetDevVPortProfilePtr prof; + + /* XXX how todo bandwidth controls ? + * Since the 'net-ifname' is about to be moved to a different + * namespace & renamed, there will be no host side visible + * interface for the container to attach rules to + */ + bw = virDomainNetGetActualBandwidth(net); + if (bw) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Unable to set network bandwidth on direct interfaces")); + return -1; + } + + /* XXX how todo port profiles ? + * Although we can do the association during container + * startup, at shutdown we are unable to disassociate + * because the macvlan device was moved to the container + * and automagically dies when the container dies. So + * we have no dev to perform disassociation with. + */ + prof = virDomainNetGetActualVirtPortProfile(net); + if (prof) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Unable to set port profile on direct interfaces")); + return -1; + } + + if (VIR_REALLOC_N(*veths, (*nveths)+1) < 0) { + virReportOOMError(); + return -1; + } + (*veths)[(*nveths)] = NULL; + + if (virNetDevMacVLanCreateWithVPortProfile( + net->ifname, &net->mac, + virDomainNetGetActualDirectDev(net), + virDomainNetGetActualDirectMode(net), + false, false, def->uuid, + virDomainNetGetActualVirtPortProfile(net), + &res_ifname, + VIR_NETDEV_VPORT_PROFILE_OP_CREATE, + driver->stateDir, + virDomainNetGetActualBandwidth(net)) < 0) + goto cleanup; + + (*veths)[(*nveths)] = res_ifname; + (*nveths)++; + + ret = 0; + +cleanup: + return ret; +} + + +/** + * lxcSetupInterfaces: + * @conn: pointer to connection + * @def: pointer to virtual machine structure + * @nveths: number of interfaces + * @veths: interface names + * + * Sets up the container interfaces by creating the veth device pairs and + * attaching the parent end to the appropriate bridge. The container end + * will moved into the container namespace later after clone has been called. + * + * Returns 0 on success or -1 in case of error + */ +static int lxcSetupInterfaces(virConnectPtr conn, + virDomainDefPtr def, + unsigned int *nveths, + char ***veths) +{ + int ret = -1; + size_t i; + + for (i = 0 ; i < def->nnets ; i++) { + /* If appropriate, grab a physical device from the configured + * network's pool of devices, or resolve bridge device name + * to the one defined in the network definition. + */ + if (networkAllocateActualDevice(def->nets[i]) < 0) + goto cleanup; + + switch (virDomainNetGetActualType(def->nets[i])) { + case VIR_DOMAIN_NET_TYPE_NETWORK: { + virNetworkPtr network; + char *brname = NULL; + + if (!(network = virNetworkLookupByName(conn, + def->nets[i]->data.network.name))) + goto cleanup; + + brname = virNetworkGetBridgeName(network); + virNetworkFree(network); + if (!brname) + goto cleanup; + + if (lxcSetupInterfaceBridged(conn, + def, + def->nets[i], + brname, + nveths, + veths) < 0) { + VIR_FREE(brname); + goto cleanup; + } + VIR_FREE(brname); + break; + } + case VIR_DOMAIN_NET_TYPE_BRIDGE: { + const char *brname = virDomainNetGetActualBridgeName(def->nets[i]); + if (!brname) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No bridge name specified")); + goto cleanup; + } + if (lxcSetupInterfaceBridged(conn, + def, + def->nets[i], + brname, + nveths, + veths) < 0) + goto cleanup; + } break; + + case VIR_DOMAIN_NET_TYPE_DIRECT: + if (lxcSetupInterfaceDirect(conn, + def, + def->nets[i], + nveths, + veths) < 0) + goto cleanup; + break; + + case VIR_DOMAIN_NET_TYPE_USER: + case VIR_DOMAIN_NET_TYPE_ETHERNET: + case VIR_DOMAIN_NET_TYPE_SERVER: + case VIR_DOMAIN_NET_TYPE_CLIENT: + case VIR_DOMAIN_NET_TYPE_MCAST: + case VIR_DOMAIN_NET_TYPE_INTERNAL: + case VIR_DOMAIN_NET_TYPE_LAST: + lxcError(VIR_ERR_INTERNAL_ERROR, + _("Unsupported network type %s"), + virDomainNetTypeToString( + virDomainNetGetActualType(def->nets[i]) + )); + goto cleanup; + } + } + + ret= 0; + +cleanup: + if (ret != 0) { + for (i = 0 ; i < def->nnets ; i++) { + virDomainNetDefPtr iface = def->nets[i]; + virNetDevVPortProfilePtr vport = virDomainNetGetActualVirtPortProfile(iface); + if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) + ignore_value(virNetDevOpenvswitchRemovePort( + virDomainNetGetActualBridgeName(iface), + iface->ifname)); + networkReleaseActualDevice(iface); + } + } + return ret; +} + + +static int lxcMonitorClient(lxc_driver_t * driver, + virDomainObjPtr vm) +{ + char *sockpath = NULL; + int fd = -1; + struct sockaddr_un addr; + + if (virAsprintf(&sockpath, "%s/%s.sock", + driver->stateDir, vm->def->name) < 0) { + virReportOOMError(); + return -1; + } + + if (virSecurityManagerSetSocketLabel(driver->securityManager, vm->def) < 0) { + VIR_ERROR(_("Failed to set security context for monitor for %s"), + vm->def->name); + goto error; + } + + fd = socket(PF_UNIX, SOCK_STREAM, 0); + + if (virSecurityManagerClearSocketLabel(driver->securityManager, vm->def) < 0) { + VIR_ERROR(_("Failed to clear security context for monitor for %s"), + vm->def->name); + goto error; + } + + if (fd < 0) { + virReportSystemError(errno, "%s", + _("Failed to create client socket")); + goto error; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (virStrcpyStatic(addr.sun_path, sockpath) == NULL) { + lxcError(VIR_ERR_INTERNAL_ERROR, + _("Socket path %s too big for destination"), sockpath); + goto error; + } + + if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + virReportSystemError(errno, "%s", + _("Failed to connect to client socket")); + goto error; + } + + VIR_FREE(sockpath); + return fd; + +error: + VIR_FREE(sockpath); + VIR_FORCE_CLOSE(fd); + return -1; +} + + +int lxcVmTerminate(lxc_driver_t *driver, + virDomainObjPtr vm, + virDomainShutoffReason reason) +{ + virCgroupPtr group = NULL; + int rc; + + if (vm->pid <= 0) { + lxcError(VIR_ERR_INTERNAL_ERROR, + _("Invalid PID %d for container"), vm->pid); + return -1; + } + + virSecurityManagerRestoreAllLabel(driver->securityManager, + vm->def, false); + virSecurityManagerReleaseLabel(driver->securityManager, vm->def); + /* Clear out dynamically assigned labels */ + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { + VIR_FREE(vm->def->seclabel.model); + VIR_FREE(vm->def->seclabel.label); + VIR_FREE(vm->def->seclabel.imagelabel); + } + + if (virCgroupForDomain(driver->cgroup, vm->def->name, &group, 0) == 0) { + rc = virCgroupKillPainfully(group); + if (rc < 0) { + virReportSystemError(-rc, "%s", + _("Failed to kill container PIDs")); + rc = -1; + goto cleanup; + } + if (rc == 1) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Some container PIDs refused to die")); + rc = -1; + goto cleanup; + } + } else { + /* If cgroup doesn't exist, the VM pids must have already + * died and so we're just cleaning up stale state + */ + } + + lxcVmCleanup(driver, vm, reason); + + rc = 0; + +cleanup: + virCgroupFree(&group); + return rc; +} + +extern lxc_driver_t *lxc_driver; +static void lxcMonitorEvent(int watch, + int fd, + int events ATTRIBUTE_UNUSED, + void *data) +{ + lxc_driver_t *driver = lxc_driver; + virDomainObjPtr vm = data; + virDomainEventPtr event = NULL; + lxcDomainObjPrivatePtr priv; + + lxcDriverLock(driver); + virDomainObjLock(vm); + lxcDriverUnlock(driver); + + priv = vm->privateData; + + if (priv->monitor != fd || priv->monitorWatch != watch) { + virEventRemoveHandle(watch); + goto cleanup; + } + + if (lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN) < 0) { + virEventRemoveHandle(watch); + } else { + event = virDomainEventNewFromObj(vm, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN); + virDomainAuditStop(vm, "shutdown"); + } + if (!vm->persistent) { + virDomainRemoveInactive(&driver->domains, vm); + vm = NULL; + } + +cleanup: + if (vm) + virDomainObjUnlock(vm); + if (event) { + lxcDriverLock(driver); + virDomainEventStateQueue(driver->domainEventState, event); + lxcDriverUnlock(driver); + } +} + + +static virCommandPtr +lxcBuildControllerCmd(lxc_driver_t *driver, + virDomainObjPtr vm, + int nveths, + char **veths, + int *ttyFDs, + size_t nttyFDs, + int handshakefd) +{ + size_t i; + char *filterstr; + char *outputstr; + virCommandPtr cmd; + + cmd = virCommandNew(vm->def->emulator); + + /* The controller may call ip command, so we have to retain PATH. */ + virCommandAddEnvPass(cmd, "PATH"); + + virCommandAddEnvFormat(cmd, "LIBVIRT_DEBUG=%d", + virLogGetDefaultPriority()); + + if (virLogGetNbFilters() > 0) { + filterstr = virLogGetFilters(); + if (!filterstr) { + virReportOOMError(); + goto cleanup; + } + + virCommandAddEnvPair(cmd, "LIBVIRT_LOG_FILTERS", filterstr); + VIR_FREE(filterstr); + } + + if (driver->log_libvirtd) { + if (virLogGetNbOutputs() > 0) { + outputstr = virLogGetOutputs(); + if (!outputstr) { + virReportOOMError(); + goto cleanup; + } + + virCommandAddEnvPair(cmd, "LIBVIRT_LOG_OUTPUTS", outputstr); + VIR_FREE(outputstr); + } + } else { + virCommandAddEnvFormat(cmd, + "LIBVIRT_LOG_OUTPUTS=%d:stderr", + virLogGetDefaultPriority()); + } + + virCommandAddArgList(cmd, "--name", vm->def->name, NULL); + for (i = 0 ; i < nttyFDs ; i++) { + virCommandAddArg(cmd, "--console"); + virCommandAddArgFormat(cmd, "%d", ttyFDs[i]); + virCommandPreserveFD(cmd, ttyFDs[i]); + } + + virCommandAddArgPair(cmd, "--security", + virSecurityManagerGetModel(driver->securityManager)); + + virCommandAddArg(cmd, "--handshake"); + virCommandAddArgFormat(cmd, "%d", handshakefd); + virCommandAddArg(cmd, "--background"); + + for (i = 0 ; i < nveths ; i++) { + virCommandAddArgList(cmd, "--veth", veths[i], NULL); + } + + virCommandPreserveFD(cmd, handshakefd); + + return cmd; +cleanup: + virCommandFree(cmd); + return NULL; +} + +static int +lxcReadLogOutput(virDomainObjPtr vm, + char *logfile, + off_t pos, + char *buf, + size_t buflen) +{ + int fd; + off_t off; + int whence; + int got = 0, ret = -1; + int retries = 10; + + if ((fd = open(logfile, O_RDONLY)) < 0) { + virReportSystemError(errno, _("failed to open logfile %s"), + logfile); + goto cleanup; + } + + if (pos < 0) { + off = 0; + whence = SEEK_END; + } else { + off = pos; + whence = SEEK_SET; + } + + if (lseek(fd, off, whence) < 0) { + if (whence == SEEK_END) + virReportSystemError(errno, + _("unable to seek to end of log for %s"), + logfile); + else + virReportSystemError(errno, + _("unable to seek to %lld from start for %s"), + (long long)off, logfile); + goto cleanup; + } + + while (retries) { + ssize_t bytes; + int isdead = 0; + + if (kill(vm->pid, 0) == -1 && errno == ESRCH) + isdead = 1; + + /* Any failures should be detected before we read the log, so we + * always have something useful to report on failure. */ + bytes = saferead(fd, buf+got, buflen-got-1); + if (bytes < 0) { + virReportSystemError(errno, "%s", + _("Failure while reading guest log output")); + goto cleanup; + } + + got += bytes; + buf[got] = '\0'; + + if ((got == buflen-1) || isdead) { + break; + } + + usleep(100*1000); + retries--; + } + + + ret = got; +cleanup: + VIR_FORCE_CLOSE(fd); + return ret; +} + +/** + * lxcVmStart: + * @conn: pointer to connection + * @driver: pointer to driver structure + * @vm: pointer to virtual machine structure + * @autoDestroy: mark the domain for auto destruction + * @reason: reason for switching vm to running state + * + * Starts a vm + * + * Returns 0 on success or -1 in case of error + */ +int lxcVmStart(virConnectPtr conn, + lxc_driver_t * driver, + virDomainObjPtr vm, + bool autoDestroy, + virDomainRunningReason reason) +{ + int rc = -1, r; + size_t nttyFDs = 0; + int *ttyFDs = NULL; + size_t i; + char *logfile = NULL; + int logfd = -1; + unsigned int nveths = 0; + char **veths = NULL; + int handshakefds[2] = { -1, -1 }; + off_t pos = -1; + char ebuf[1024]; + char *timestamp; + virCommandPtr cmd = NULL; + lxcDomainObjPrivatePtr priv = vm->privateData; + virErrorPtr err = NULL; + + if (!lxc_driver->cgroup) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("The 'cpuacct', 'devices' & 'memory' cgroups controllers must be mounted")); + return -1; + } + + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_CPUACCT)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'cpuacct' cgroups controller mount")); + return -1; + } + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_DEVICES)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'devices' cgroups controller mount")); + return -1; + } + if (!virCgroupMounted(lxc_driver->cgroup, + VIR_CGROUP_CONTROLLER_MEMORY)) { + lxcError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find 'memory' cgroups controller mount")); + return -1; + } + + if (virFileMakePath(driver->logDir) < 0) { + virReportSystemError(errno, + _("Cannot create log directory '%s'"), + driver->logDir); + return -1; + } + + if (virAsprintf(&logfile, "%s/%s.log", + driver->logDir, vm->def->name) < 0) { + virReportOOMError(); + return -1; + } + + /* Do this up front, so any part of the startup process can add + * runtime state to vm->def that won't be persisted. This let's us + * report implicit runtime defaults in the XML, like vnc listen/socket + */ + VIR_DEBUG("Setting current domain def as transient"); + if (virDomainObjSetDefTransient(driver->caps, vm, true) < 0) + goto cleanup; + + /* Run an early hook to set-up missing devices */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + int hookret; + + hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_PREPARE, VIR_HOOK_SUBOP_BEGIN, + NULL, xml, NULL); + VIR_FREE(xml); + + /* + * If the script raised an error abort the launch + */ + if (hookret < 0) + goto cleanup; + } + + /* Here we open all the PTYs we need on the host OS side. + * The LXC controller will open the guest OS side PTYs + * and forward I/O between them. + */ + nttyFDs = vm->def->nconsoles; + if (VIR_ALLOC_N(ttyFDs, nttyFDs) < 0) { + virReportOOMError(); + goto cleanup; + } + + /* If you are using a SecurityDriver with dynamic labelling, + then generate a security label for isolation */ + VIR_DEBUG("Generating domain security label (if required)"); + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DEFAULT) + vm->def->seclabel.type = VIR_DOMAIN_SECLABEL_NONE; + + if (virSecurityManagerGenLabel(driver->securityManager, vm->def) < 0) { + virDomainAuditSecurityLabel(vm, false); + goto cleanup; + } + virDomainAuditSecurityLabel(vm, true); + + VIR_DEBUG("Setting domain security labels"); + if (virSecurityManagerSetAllLabel(driver->securityManager, + vm->def, NULL) < 0) + goto cleanup; + + for (i = 0 ; i < vm->def->nconsoles ; i++) + ttyFDs[i] = -1; + + for (i = 0 ; i < vm->def->nconsoles ; i++) { + char *ttyPath; + if (vm->def->consoles[i]->source.type != VIR_DOMAIN_CHR_TYPE_PTY) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only PTY console types are supported")); + goto cleanup; + } + + if (virFileOpenTty(&ttyFDs[i], &ttyPath, 1) < 0) { + virReportSystemError(errno, "%s", + _("Failed to allocate tty")); + goto cleanup; + } + + VIR_FREE(vm->def->consoles[i]->source.data.file.path); + vm->def->consoles[i]->source.data.file.path = ttyPath; + + VIR_FREE(vm->def->consoles[i]->info.alias); + if (virAsprintf(&vm->def->consoles[i]->info.alias, "console%zu", i) < 0) { + virReportOOMError(); + goto cleanup; + } + } + + if (lxcSetupInterfaces(conn, vm->def, &nveths, &veths) != 0) + goto cleanup; + + /* Save the configuration for the controller */ + if (virDomainSaveConfig(driver->stateDir, vm->def) < 0) + goto cleanup; + + if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, + S_IRUSR|S_IWUSR)) < 0) { + virReportSystemError(errno, + _("Failed to open '%s'"), + logfile); + goto cleanup; + } + + if (pipe(handshakefds) < 0) { + virReportSystemError(errno, "%s", + _("Unable to create pipe")); + goto cleanup; + } + + if (!(cmd = lxcBuildControllerCmd(driver, + vm, + nveths, veths, + ttyFDs, nttyFDs, + handshakefds[1]))) + goto cleanup; + virCommandSetOutputFD(cmd, &logfd); + virCommandSetErrorFD(cmd, &logfd); + + /* now that we know it is about to start call the hook if present */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + int hookret; + + hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_START, VIR_HOOK_SUBOP_BEGIN, + NULL, xml, NULL); + VIR_FREE(xml); + + /* + * If the script raised an error abort the launch + */ + if (hookret < 0) + goto cleanup; + } + + /* Log timestamp */ + if ((timestamp = virTimeStringNow()) == NULL) { + virReportOOMError(); + goto cleanup; + } + if (safewrite(logfd, timestamp, strlen(timestamp)) < 0 || + safewrite(logfd, START_POSTFIX, strlen(START_POSTFIX)) < 0) { + VIR_WARN("Unable to write timestamp to logfile: %s", + virStrerror(errno, ebuf, sizeof(ebuf))); + } + VIR_FREE(timestamp); + + /* Log generated command line */ + virCommandWriteArgLog(cmd, logfd); + if ((pos = lseek(logfd, 0, SEEK_END)) < 0) + VIR_WARN("Unable to seek to end of logfile: %s", + virStrerror(errno, ebuf, sizeof(ebuf))); + + if (virCommandRun(cmd, NULL) < 0) + goto cleanup; + + if (VIR_CLOSE(handshakefds[1]) < 0) { + virReportSystemError(errno, "%s", _("could not close handshake fd")); + goto cleanup; + } + + /* Connect to the controller as a client *first* because + * this will block until the child has written their + * pid file out to disk */ + if ((priv->monitor = lxcMonitorClient(driver, vm)) < 0) + goto cleanup; + + /* And get its pid */ + if ((r = virPidFileRead(driver->stateDir, vm->def->name, &vm->pid)) < 0) { + virReportSystemError(-r, + _("Failed to read pid file %s/%s.pid"), + driver->stateDir, vm->def->name); + goto cleanup; + } + + vm->def->id = vm->pid; + virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, reason); + + if (lxcContainerWaitForContinue(handshakefds[0]) < 0) { + char out[1024]; + + if (!(lxcReadLogOutput(vm, logfile, pos, out, 1024) < 0)) { + lxcError(VIR_ERR_INTERNAL_ERROR, + _("guest failed to start: %s"), out); + } + + goto error; + } + + if ((priv->monitorWatch = virEventAddHandle( + priv->monitor, + VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, + lxcMonitorEvent, + vm, NULL)) < 0) { + goto error; + } + + if (autoDestroy && + lxcProcessAutoDestroyAdd(driver, vm, conn) < 0) + goto error; + + if (virDomainObjSetDefTransient(driver->caps, vm, false) < 0) + goto error; + + /* Write domain status to disk. + * + * XXX: Earlier we wrote the plain "live" domain XML to this + * location for the benefit of libvirt_lxc. We're now overwriting + * it with the live status XML instead. This is a (currently + * harmless) inconsistency we should fix one day */ + if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) + goto error; + + /* finally we can call the 'started' hook script if any */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + int hookret; + + hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_STARTED, VIR_HOOK_SUBOP_BEGIN, + NULL, xml, NULL); + VIR_FREE(xml); + + /* + * If the script raised an error abort the launch + */ + if (hookret < 0) + goto error; + } + + rc = 0; + +cleanup: + if (rc != 0 && !err) + err = virSaveLastError(); + virCommandFree(cmd); + if (VIR_CLOSE(logfd) < 0) { + virReportSystemError(errno, "%s", _("could not close logfile")); + rc = -1; + } + for (i = 0 ; i < nveths ; i++) { + if (rc != 0) + ignore_value(virNetDevVethDelete(veths[i])); + VIR_FREE(veths[i]); + } + if (rc != 0) { + VIR_FORCE_CLOSE(priv->monitor); + virDomainConfVMNWFilterTeardown(vm); + + virSecurityManagerRestoreAllLabel(driver->securityManager, + vm->def, false); + virSecurityManagerReleaseLabel(driver->securityManager, vm->def); + /* Clear out dynamically assigned labels */ + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC) { + VIR_FREE(vm->def->seclabel.model); + VIR_FREE(vm->def->seclabel.label); + VIR_FREE(vm->def->seclabel.imagelabel); + } + } + for (i = 0 ; i < nttyFDs ; i++) + VIR_FORCE_CLOSE(ttyFDs[i]); + VIR_FREE(ttyFDs); + VIR_FORCE_CLOSE(handshakefds[0]); + VIR_FORCE_CLOSE(handshakefds[1]); + VIR_FREE(logfile); + + if (err) { + virSetError(err); + virFreeError(err); + } + + return rc; + +error: + err = virSaveLastError(); + lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); + goto cleanup; +} + +struct lxcAutostartData { + lxc_driver_t *driver; + virConnectPtr conn; +}; + +static void +lxcAutostartDomain(void *payload, const void *name ATTRIBUTE_UNUSED, void *opaque) +{ + virDomainObjPtr vm = payload; + const struct lxcAutostartData *data = opaque; + + virDomainObjLock(vm); + if (vm->autostart && + !virDomainObjIsActive(vm)) { + int ret = lxcVmStart(data->conn, data->driver, vm, false, + VIR_DOMAIN_RUNNING_BOOTED); + virDomainAuditStart(vm, "booted", ret >= 0); + if (ret < 0) { + virErrorPtr err = virGetLastError(); + VIR_ERROR(_("Failed to autostart VM '%s': %s"), + vm->def->name, + err ? err->message : ""); + } else { + virDomainEventPtr event = + virDomainEventNewFromObj(vm, + VIR_DOMAIN_EVENT_STARTED, + VIR_DOMAIN_EVENT_STARTED_BOOTED); + if (event) + virDomainEventStateQueue(data->driver->domainEventState, event); + } + } + virDomainObjUnlock(vm); +} + + +void +lxcAutostartConfigs(lxc_driver_t *driver) { + /* XXX: Figure out a better way todo this. The domain + * startup code needs a connection handle in order + * to lookup the bridge associated with a virtual + * network + */ + virConnectPtr conn = virConnectOpen("lxc:///"); + /* Ignoring NULL conn which is mostly harmless here */ + + struct lxcAutostartData data = { driver, conn }; + + lxcDriverLock(driver); + virHashForEach(driver->domains.objs, lxcAutostartDomain, &data); + lxcDriverUnlock(driver); + + if (conn) + virConnectClose(conn); +} + +static void +lxcReconnectVM(void *payload, const void *name ATTRIBUTE_UNUSED, void *opaque) +{ + virDomainObjPtr vm = payload; + lxc_driver_t *driver = opaque; + lxcDomainObjPrivatePtr priv; + + virDomainObjLock(vm); + VIR_DEBUG("Reconnect %d %d %d\n", vm->def->id, vm->pid, vm->state.state); + + priv = vm->privateData; + + if (vm->pid != 0) { + vm->def->id = vm->pid; + virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, + VIR_DOMAIN_RUNNING_UNKNOWN); + + if ((priv->monitor = lxcMonitorClient(driver, vm)) < 0) + goto error; + + if ((priv->monitorWatch = virEventAddHandle( + priv->monitor, + VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP, + lxcMonitorEvent, + vm, NULL)) < 0) + goto error; + + if (virSecurityManagerReserveLabel(driver->securityManager, + vm->def, vm->pid) < 0) + goto error; + + /* now that we know it's reconnected call the hook if present */ + if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { + char *xml = virDomainDefFormat(vm->def, 0); + int hookret; + + /* we can't stop the operation even if the script raised an error */ + hookret = virHookCall(VIR_HOOK_DRIVER_LXC, vm->def->name, + VIR_HOOK_LXC_OP_RECONNECT, VIR_HOOK_SUBOP_BEGIN, + NULL, xml, NULL); + VIR_FREE(xml); + if (hookret < 0) + goto error; + } + + } else { + vm->def->id = -1; + VIR_FORCE_CLOSE(priv->monitor); + } + +cleanup: + virDomainObjUnlock(vm); + return; + +error: + lxcVmTerminate(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); + virDomainAuditStop(vm, "failed"); + goto cleanup; +} + + +int lxcReconnectAll(lxc_driver_t *driver, + virDomainObjListPtr doms) +{ + virHashForEach(doms->objs, lxcReconnectVM, driver); + return 0; +} diff --git a/src/lxc/lxc_process.h b/src/lxc/lxc_process.h new file mode 100644 index 0000000..b4b707b --- /dev/null +++ b/src/lxc/lxc_process.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright IBM Corp. 2008 + * + * lxc_process.h: LXC process lifecycle management + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __LXC_PROCESS_H__ +# define __LXC_PROCESS_H__ + +# include "lxc_conf.h" + +int lxcVmStart(virConnectPtr conn, + lxc_driver_t * driver, + virDomainObjPtr vm, + bool autoDestroy, + virDomainRunningReason reason); +int lxcVmTerminate(lxc_driver_t *driver, + virDomainObjPtr vm, + virDomainShutoffReason reason); +int lxcProcessAutoDestroyInit(lxc_driver_t *driver); +void lxcProcessAutoDestroyRun(lxc_driver_t *driver, + virConnectPtr conn); +void lxcProcessAutoDestroyShutdown(lxc_driver_t *driver); +int lxcProcessAutoDestroyAdd(lxc_driver_t *driver, + virDomainObjPtr vm, + virConnectPtr conn); +int lxcProcessAutoDestroyRemove(lxc_driver_t *driver, + virDomainObjPtr vm); + +void lxcAutostartConfigs(lxc_driver_t *driver); +int lxcReconnectAll(lxc_driver_t *driver, + virDomainObjListPtr doms); + +#endif /* __LXC_PROCESS_H__ */