[libvirt] [PATCH 0/2] Add support of SASL authentication for QEMU migration
This is a first contribution, I have tried to follow the most as possible rules marked in HACKING. I hope this commit will be conform with the specifications. make check OK make syntax-check OK make -C tests valgrind OK Currently with peer to peer migration provided by virDomainMigrateToURI, QEMU migration code uses virConnectOpen() which means that all authentication callbacks are disabled. Since no auth callback is present, SASL doesn't find any mechanisms and thus auth fails with the error: "authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)" The PATCH 1/2 adds a new example to illustrate how to use peer to peer migration. This patch is not necessary to fix the problem and can be removed. It is provided to help reviewers by avoiding the necessary to create code that use this feature. Also as it demonstrates the performance of libvirt I have thought it could be interesting to keep it for new users. The PATCH 2/2 fixes the problem by configuring QEMU migration code to use virConnectOpenAuth instead of virConnectOpen. Indeed this function will call if necessary a callback responsible to fetching credentials. Sahid Orentino Ferdjaoui (2): Add a new example to illustrate domain migration Add support for QEMU migration to use SASL authentication .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 26 ++++++++++++++ examples/dommigrate/dommigrate.c | 78 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- src/qemu/qemu_migration.c | 14 +++++++- 7 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c -- 1.9.0
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 26 ++++++++++++++ examples/dommigrate/dommigrate.c | 78 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- 6 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c diff --git a/.gitignore b/.gitignore index 0513a33..8c3b870 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,7 @@ /examples/object-events/event-test /examples/dominfo/info1 /examples/domsuspend/suspend +/examples/dommigrate/dommigrate /examples/hellolibvirt/hellolibvirt /examples/openauth/openauth /gnulib/lib/* diff --git a/Makefile.am b/Makefile.am index 9847ff0..b961c0e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ tests po examples/object-events examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ - tools/wireshark + tools/wireshark examples/dommigrate ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index ea85851..e461001 100644 --- a/configure.ac +++ b/configure.ac @@ -2724,6 +2724,7 @@ AC_CONFIG_FILES([\ examples/object-events/Makefile \ examples/domsuspend/Makefile \ examples/dominfo/Makefile \ + examples/dommigrate/Makefile \ examples/openauth/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ diff --git a/examples/dommigrate/Makefile.am b/examples/dommigrate/Makefile.am new file mode 100644 index 0000000..43b55fc --- /dev/null +++ b/examples/dommigrate/Makefile.am @@ -0,0 +1,26 @@ +## Copyright (C) 2014 Cloudwatt +## Copyright (C) 2005-2013 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>. + +INCLUDES = \ + -I$(top_builddir)/include -I$(top_srcdir)/include \ + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir)/src -I$(top_srcdir)/src/util \ + -I$(top_srcdir) +noinst_PROGRAMS = dommigrate +dommigrate_CFLAGS = $(WARN_CFLAGS) +dommigrate_SOURCES = dommigrate.c +dommigrate_LDADD = $(top_builddir)/src/libvirt.la diff --git a/examples/dommigrate/dommigrate.c b/examples/dommigrate/dommigrate.c new file mode 100644 index 0000000..a8f951e --- /dev/null +++ b/examples/dommigrate/dommigrate.c @@ -0,0 +1,78 @@ +/* This file is largely inspired from hellolibvirt and contains a trivial + example that illustrate p2p domain migration with libvirt. */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <libvirt/libvirt.h> +#include <libvirt/virterror.h> + +#include "virstring.h" + +static int +usage(char *prgn, int ret) +{ + printf("Usage: %s <src_uri> <dst_uri> <domain>\n", prgn); + return ret; +} + +int +main(int argc, char *argv[]) +{ + char *src_uri, *dst_uri; + int ret = 0, id; + virConnectPtr conn = NULL; + virDomainPtr dom = NULL; + + if (argc < 4) { + ret = usage(argv[0], 1); + goto out; + } + + src_uri = argv[1]; + dst_uri = argv[2]; + virStrToLong_i(argv[3], NULL, 10, &id); + + printf("Attempting to connect to the source hypervisor\n"); + conn = virConnectOpenAuth(src_uri, virConnectAuthPtrDefault, 0); + if (!conn) { + ret = 1; + fprintf(stderr, "No connection to the source hypervisor: %s\n", + virGetLastErrorMessage()); + goto out; + } + src_uri = virConnectGetURI(conn); + if (!src_uri) { + ret = 1; + fprintf(stderr, "Failed to get uri for the source connection: %s\n", + virGetLastErrorMessage()); + goto disconnect; + } + + printf("Attempting to retrieve domain id: %d\n", id); + dom = virDomainLookupByID(conn, id); + if (!dom) { + fprintf(stderr, "Failed to find domain %d\n", id); + goto disconnect; + } + + printf("Attempting to migrate to: %s\n", dst_uri); + if ((ret = virDomainMigrateToURI(dom, dst_uri, + VIR_MIGRATE_PEER2PEER, + NULL, 0)) != 0) { + fprintf(stderr, "Failed to migrate domain %d\n", id); + goto disconnect; + } + + printf("Migration finished\n"); + + disconnect: + if (dom != NULL) + virDomainFree(dom); + if (conn != NULL) + virConnectClose(conn); + + out: + return ret; +} diff --git a/libvirt.spec.in b/libvirt.spec.in index 4e70a41..a7d277b 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1498,7 +1498,7 @@ rm -fr %{buildroot} # on RHEL 5, thus we need to expand it here. make install DESTDIR=%{?buildroot} SYSTEMD_UNIT_DIR=%{_unitdir} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -2223,6 +2223,7 @@ exit 0 %doc examples/object-events %doc examples/dominfo %doc examples/domsuspend +%doc examples/dommigrate %doc examples/openauth %doc examples/xml %doc examples/systemtap -- 1.9.0
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 26 ++++++++++++++ examples/dommigrate/dommigrate.c | 78 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- 6 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c diff --git a/.gitignore b/.gitignore index 0513a33..8c3b870 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,7 @@ /examples/object-events/event-test /examples/dominfo/info1 /examples/domsuspend/suspend +/examples/dommigrate/dommigrate /examples/hellolibvirt/hellolibvirt /examples/openauth/openauth /gnulib/lib/* diff --git a/Makefile.am b/Makefile.am index 9847ff0..b961c0e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ tests po examples/object-events examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ - tools/wireshark + tools/wireshark examples/dommigrate ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index ea85851..e461001 100644 --- a/configure.ac +++ b/configure.ac @@ -2724,6 +2724,7 @@ AC_CONFIG_FILES([\ examples/object-events/Makefile \ examples/domsuspend/Makefile \ examples/dominfo/Makefile \ + examples/dommigrate/Makefile \ examples/openauth/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ diff --git a/examples/dommigrate/Makefile.am b/examples/dommigrate/Makefile.am new file mode 100644 index 0000000..43b55fc --- /dev/null +++ b/examples/dommigrate/Makefile.am @@ -0,0 +1,26 @@ +## Copyright (C) 2014 Cloudwatt +## Copyright (C) 2005-2013 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>. + +INCLUDES = \ + -I$(top_builddir)/include -I$(top_srcdir)/include \ + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir)/src -I$(top_srcdir)/src/util \ + -I$(top_srcdir) +noinst_PROGRAMS = dommigrate +dommigrate_CFLAGS = $(WARN_CFLAGS) +dommigrate_SOURCES = dommigrate.c +dommigrate_LDADD = $(top_builddir)/src/libvirt.la diff --git a/examples/dommigrate/dommigrate.c b/examples/dommigrate/dommigrate.c new file mode 100644 index 0000000..a8f951e --- /dev/null +++ b/examples/dommigrate/dommigrate.c @@ -0,0 +1,78 @@ +/* This file is largely inspired from hellolibvirt and contains a trivial + example that illustrate p2p domain migration with libvirt. */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <libvirt/libvirt.h> +#include <libvirt/virterror.h> + +#include "virstring.h" + +static int +usage(char *prgn, int ret) +{ + printf("Usage: %s <src_uri> <dst_uri> <domain>\n", prgn); + return ret; +} + +int +main(int argc, char *argv[]) +{ + char *src_uri, *dst_uri; + int ret = 0, id; + virConnectPtr conn = NULL; + virDomainPtr dom = NULL; + + if (argc < 4) { + ret = usage(argv[0], 1); + goto out; + } + + src_uri = argv[1]; + dst_uri = argv[2]; + virStrToLong_i(argv[3], NULL, 10, &id); + + printf("Attempting to connect to the source hypervisor\n"); + conn = virConnectOpenAuth(src_uri, virConnectAuthPtrDefault, 0); + if (!conn) { + ret = 1; + fprintf(stderr, "No connection to the source hypervisor: %s\n", + virGetLastErrorMessage()); + goto out; + } + src_uri = virConnectGetURI(conn); + if (!src_uri) { + ret = 1; + fprintf(stderr, "Failed to get uri for the source connection: %s\n", + virGetLastErrorMessage()); + goto disconnect; + } + + printf("Attempting to retrieve domain id: %d\n", id); + dom = virDomainLookupByID(conn, id); + if (!dom) { + fprintf(stderr, "Failed to find domain %d\n", id); + goto disconnect; + } + + printf("Attempting to migrate to: %s\n", dst_uri); + if ((ret = virDomainMigrateToURI(dom, dst_uri, + VIR_MIGRATE_PEER2PEER, + NULL, 0)) != 0) { + fprintf(stderr, "Failed to migrate domain %d\n", id); + goto disconnect; + } + + printf("Migration finished\n"); + + disconnect: + if (dom != NULL) + virDomainFree(dom); + if (conn != NULL) + virConnectClose(conn); + + out: + return ret; +} diff --git a/libvirt.spec.in b/libvirt.spec.in index 4e70a41..a7d277b 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1498,7 +1498,7 @@ rm -fr %{buildroot} # on RHEL 5, thus we need to expand it here. make install DESTDIR=%{?buildroot} SYSTEMD_UNIT_DIR=%{_unitdir} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -2223,6 +2223,7 @@ exit 0 %doc examples/object-events %doc examples/dominfo %doc examples/domsuspend +%doc examples/dommigrate %doc examples/openauth %doc examples/xml %doc examples/systemtap -- 1.9.0
On Sun, Apr 13, 2014 at 01:52:47PM +0200, Sahid Orentino Ferdjaoui wrote:
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI.
diff --git a/examples/dommigrate/Makefile.am b/examples/dommigrate/Makefile.am new file mode 100644 index 0000000..43b55fc --- /dev/null +++ b/examples/dommigrate/Makefile.am @@ -0,0 +1,26 @@ +## Copyright (C) 2014 Cloudwatt +## Copyright (C) 2005-2013 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>.
IMHO Makefile.am rules aren't really copyright-able material so we don't include copyright headers in them....
+INCLUDES = \ + -I$(top_builddir)/include -I$(top_srcdir)/include \ + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir)/src -I$(top_srcdir)/src/util \ + -I$(top_srcdir) +noinst_PROGRAMS = dommigrate +dommigrate_CFLAGS = $(WARN_CFLAGS) +dommigrate_SOURCES = dommigrate.c +dommigrate_LDADD = $(top_builddir)/src/libvirt.la diff --git a/examples/dommigrate/dommigrate.c b/examples/dommigrate/dommigrate.c new file mode 100644 index 0000000..a8f951e --- /dev/null +++ b/examples/dommigrate/dommigrate.c @@ -0,0 +1,78 @@ +/* This file is largely inspired from hellolibvirt and contains a trivial + example that illustrate p2p domain migration with libvirt. */
But you should add the copyright header to this example code.
+ +#include <config.h>
You want to leave out config.h in the example programs, because we intend that the example code can be compiler outside the libvirt source tree.
+ +#include <stdio.h> +#include <stdlib.h> +#include <libvirt/libvirt.h> +#include <libvirt/virterror.h> + +#include "virstring.h"
Likewise don't use virstring.h header, or the functions it contains - the examples should restrict themselves to the main POSIX <string.h> function It seems you only include this so you can use virStrToLong_i to parse the domain ID number. I suggest just making the example use the domain name instead of ID.
+ +static int +usage(char *prgn, int ret) +{ + printf("Usage: %s <src_uri> <dst_uri> <domain>\n", prgn); + return ret; +} + +int +main(int argc, char *argv[]) +{ + char *src_uri, *dst_uri; + int ret = 0, id; + virConnectPtr conn = NULL; + virDomainPtr dom = NULL; + + if (argc < 4) { + ret = usage(argv[0], 1); + goto out; + } + + src_uri = argv[1]; + dst_uri = argv[2]; + virStrToLong_i(argv[3], NULL, 10, &id); + + printf("Attempting to connect to the source hypervisor\n"); + conn = virConnectOpenAuth(src_uri, virConnectAuthPtrDefault, 0); + if (!conn) { + ret = 1; + fprintf(stderr, "No connection to the source hypervisor: %s\n", + virGetLastErrorMessage()); + goto out; + } + src_uri = virConnectGetURI(conn); + if (!src_uri) { + ret = 1; + fprintf(stderr, "Failed to get uri for the source connection: %s\n", + virGetLastErrorMessage()); + goto disconnect; + }
You don't do anything with 'src_uri' here, so I think you could probably just remove these few lines.
+ + printf("Attempting to retrieve domain id: %d\n", id); + dom = virDomainLookupByID(conn, id); + if (!dom) { + fprintf(stderr, "Failed to find domain %d\n", id); + goto disconnect; + } + + printf("Attempting to migrate to: %s\n", dst_uri); + if ((ret = virDomainMigrateToURI(dom, dst_uri, + VIR_MIGRATE_PEER2PEER, + NULL, 0)) != 0) { + fprintf(stderr, "Failed to migrate domain %d\n", id); + goto disconnect; + } + + printf("Migration finished\n"); + + disconnect:
Can you rename 'disconnect' to 'cleanup' since that's our more usual naming convention
+ if (dom != NULL) + virDomainFree(dom); + if (conn != NULL) + virConnectClose(conn); + + out: + return ret; +}
Basically looks like a good example to have though. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
From 0f43b11ee1d1c4a2134f3e475846ac494d2471a3 Mon Sep 17 00:00:00 2001 From: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> Date: Fri, 11 Apr 2014 18:44:32 +0000 Subject: [PATCH 1/2] Add a new example to illustrate domain migration
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 5 +++ examples/dommigrate/dommigrate.c | 89 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- 6 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c diff --git a/.gitignore b/.gitignore index 0513a33..8c3b870 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,7 @@ /examples/object-events/event-test /examples/dominfo/info1 /examples/domsuspend/suspend +/examples/dommigrate/dommigrate /examples/hellolibvirt/hellolibvirt /examples/openauth/openauth /gnulib/lib/* diff --git a/Makefile.am b/Makefile.am index 9847ff0..b961c0e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,7 @@ SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \ tests po examples/object-events examples/hellolibvirt \ examples/dominfo examples/domsuspend examples/apparmor \ examples/xml/nwfilter examples/openauth examples/systemtap \ - tools/wireshark + tools/wireshark examples/dommigrate ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index 3371b46..12338d4 100644 --- a/configure.ac +++ b/configure.ac @@ -2730,6 +2730,7 @@ AC_CONFIG_FILES([\ examples/object-events/Makefile \ examples/domsuspend/Makefile \ examples/dominfo/Makefile \ + examples/dommigrate/Makefile \ examples/openauth/Makefile \ examples/hellolibvirt/Makefile \ examples/systemtap/Makefile \ diff --git a/examples/dommigrate/Makefile.am b/examples/dommigrate/Makefile.am new file mode 100644 index 0000000..db271bb --- /dev/null +++ b/examples/dommigrate/Makefile.am @@ -0,0 +1,5 @@ +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) +noinst_PROGRAMS = dommigrate +dommigrate_CFLAGS = $(WARN_CFLAGS) +dommigrate_SOURCES = dommigrate.c +dommigrate_LDADD = $(top_builddir)/src/libvirt.la diff --git a/examples/dommigrate/dommigrate.c b/examples/dommigrate/dommigrate.c new file mode 100644 index 0000000..3fd078d --- /dev/null +++ b/examples/dommigrate/dommigrate.c @@ -0,0 +1,89 @@ +/* + * dommigrate.c: This file is largely inspired from hellolibvirt and + * contains a trivial example that illustrate p2p domain + * migration with libvirt. + * + * Copyright (C) 2014 Cloudwatt + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + * Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <libvirt/libvirt.h> +#include <libvirt/virterror.h> + + +static int +usage(char *prgn, int ret) +{ + printf("Usage: %s <src uri> <dst uri> <domain name>\n", prgn); + return ret; +} + +int +main(int argc, char *argv[]) +{ + char *src_uri, *dst_uri, *domname; + int ret = 0; + virConnectPtr conn = NULL; + virDomainPtr dom = NULL; + + if (argc < 4) { + ret = usage(argv[0], 1); + goto out; + } + + src_uri = argv[1]; + dst_uri = argv[2]; + domname = argv[3]; + + printf("Attempting to connect to the source hypervisor...\n"); + conn = virConnectOpenAuth(src_uri, virConnectAuthPtrDefault, 0); + if (!conn) { + ret = 1; + fprintf(stderr, "No connection to the source hypervisor: %s.\n", + virGetLastErrorMessage()); + goto out; + } + + printf("Attempting to retrieve domain %s...\n", domname); + dom = virDomainLookupByName(conn, domname); + if (!dom) { + fprintf(stderr, "Failed to find domain %s.\n", domname); + goto cleanup; + } + + printf("Attempting to migrate %s to %s...\n", domname, dst_uri); + if ((ret = virDomainMigrateToURI(dom, dst_uri, + VIR_MIGRATE_PEER2PEER, + NULL, 0)) != 0) { + fprintf(stderr, "Failed to migrate domain %s.\n", domname); + goto cleanup; + } + + printf("Migration finished with success.\n"); + + cleanup: + if (dom != NULL) + virDomainFree(dom); + if (conn != NULL) + virConnectClose(conn); + + out: + return ret; +} diff --git a/libvirt.spec.in b/libvirt.spec.in index 520561d..c597d15 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1498,7 +1498,7 @@ rm -fr %{buildroot} # on RHEL 5, thus we need to expand it here. make install DESTDIR=%{?buildroot} SYSTEMD_UNIT_DIR=%{_unitdir} -for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap dommigrate do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -2222,6 +2222,7 @@ exit 0 %doc examples/object-events %doc examples/dominfo %doc examples/domsuspend +%doc examples/dommigrate %doc examples/openauth %doc examples/xml %doc examples/systemtap -- 1.9.0 ----- Original Message ----- From: "Daniel P. Berrange" <berrange@redhat.com> To: "Sahid Orentino Ferdjaoui" <sahid.ferdjaoui@gmail.com> Cc: libvir-list@redhat.com, "Sahid Orentino Ferdjaoui" <sahid.ferdjaoui@cloudwatt.com> Sent: Wednesday, April 23, 2014 12:06:18 PM Subject: Re: [libvirt] [PATCH 1/2] Add a new example to illustrate domain migration On Sun, Apr 13, 2014 at 01:52:47PM +0200, Sahid Orentino Ferdjaoui wrote:
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI.
diff --git a/examples/dommigrate/Makefile.am b/examples/dommigrate/Makefile.am new file mode 100644 index 0000000..43b55fc --- /dev/null +++ b/examples/dommigrate/Makefile.am @@ -0,0 +1,26 @@ +## Copyright (C) 2014 Cloudwatt +## Copyright (C) 2005-2013 Red Hat, Inc. +## +## This library is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2.1 of the License, or (at your option) any later version. +## +## This library is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## Lesser General Public License for more details. +## +## You should have received a copy of the GNU Lesser General Public +## License along with this library. If not, see +## <http://www.gnu.org/licenses/>.
IMHO Makefile.am rules aren't really copyright-able material so we don't include copyright headers in them....
+INCLUDES = \ + -I$(top_builddir)/include -I$(top_srcdir)/include \ + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir)/src -I$(top_srcdir)/src/util \ + -I$(top_srcdir) +noinst_PROGRAMS = dommigrate +dommigrate_CFLAGS = $(WARN_CFLAGS) +dommigrate_SOURCES = dommigrate.c +dommigrate_LDADD = $(top_builddir)/src/libvirt.la diff --git a/examples/dommigrate/dommigrate.c b/examples/dommigrate/dommigrate.c new file mode 100644 index 0000000..a8f951e --- /dev/null +++ b/examples/dommigrate/dommigrate.c @@ -0,0 +1,78 @@ +/* This file is largely inspired from hellolibvirt and contains a trivial + example that illustrate p2p domain migration with libvirt. */
But you should add the copyright header to this example code.
+ +#include <config.h>
You want to leave out config.h in the example programs, because we intend that the example code can be compiler outside the libvirt source tree.
+ +#include <stdio.h> +#include <stdlib.h> +#include <libvirt/libvirt.h> +#include <libvirt/virterror.h> + +#include "virstring.h"
Likewise don't use virstring.h header, or the functions it contains - the examples should restrict themselves to the main POSIX <string.h> function It seems you only include this so you can use virStrToLong_i to parse the domain ID number. I suggest just making the example use the domain name instead of ID.
+ +static int +usage(char *prgn, int ret) +{ + printf("Usage: %s <src_uri> <dst_uri> <domain>\n", prgn); + return ret; +} + +int +main(int argc, char *argv[]) +{ + char *src_uri, *dst_uri; + int ret = 0, id; + virConnectPtr conn = NULL; + virDomainPtr dom = NULL; + + if (argc < 4) { + ret = usage(argv[0], 1); + goto out; + } + + src_uri = argv[1]; + dst_uri = argv[2]; + virStrToLong_i(argv[3], NULL, 10, &id); + + printf("Attempting to connect to the source hypervisor\n"); + conn = virConnectOpenAuth(src_uri, virConnectAuthPtrDefault, 0); + if (!conn) { + ret = 1; + fprintf(stderr, "No connection to the source hypervisor: %s\n", + virGetLastErrorMessage()); + goto out; + } + src_uri = virConnectGetURI(conn); + if (!src_uri) { + ret = 1; + fprintf(stderr, "Failed to get uri for the source connection: %s\n", + virGetLastErrorMessage()); + goto disconnect; + }
You don't do anything with 'src_uri' here, so I think you could probably just remove these few lines.
+ + printf("Attempting to retrieve domain id: %d\n", id); + dom = virDomainLookupByID(conn, id); + if (!dom) { + fprintf(stderr, "Failed to find domain %d\n", id); + goto disconnect; + } + + printf("Attempting to migrate to: %s\n", dst_uri); + if ((ret = virDomainMigrateToURI(dom, dst_uri, + VIR_MIGRATE_PEER2PEER, + NULL, 0)) != 0) { + fprintf(stderr, "Failed to migrate domain %d\n", id); + goto disconnect; + } + + printf("Migration finished\n"); + + disconnect:
Can you rename 'disconnect' to 'cleanup' since that's our more usual naming convention
+ if (dom != NULL) + virDomainFree(dom); + if (conn != NULL) + virConnectClose(conn); + + out: + return ret; +}
Basically looks like a good example to have though. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Tue, Apr 29, 2014 at 04:42:06PM +0000, sahid wrote:
From 0f43b11ee1d1c4a2134f3e475846ac494d2471a3 Mon Sep 17 00:00:00 2001 From: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> Date: Fri, 11 Apr 2014 18:44:32 +0000 Subject: [PATCH 1/2] Add a new example to illustrate domain migration
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 5 +++ examples/dommigrate/dommigrate.c | 89 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- 6 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c
ACK will push shortly. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 593d2d3..e2010e0 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, } +static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */ qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED, -- 1.9.0
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 593d2d3..e2010e0 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, } +static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */ qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED, -- 1.9.0
On Sun, Apr 13, 2014 at 01:52:48PM +0200, Sahid Orentino Ferdjaoui wrote:
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 593d2d3..e2010e0 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, }
+static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */
qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED,
Ok, so we don't have any way to pass in username/passwords to the migrate API, but this change does let virConnectOpenAuth lookup the passwords in the libvirt client config file, which is a reasonable thing todo I reckon, so ACK. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
From a43dc307c3014d70a01035313cd763ee13e9d219 Mon Sep 17 00:00:00 2001 From: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> Date: Fri, 11 Apr 2014 19:17:47 +0000 Subject: [PATCH 2/2] Add support for QEMU migration to use SASL authentication
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU. Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 3d005a0..a9f7fea 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, } +static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */ qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED, -- 1.9.0 ----- Original Message ----- From: "Daniel P. Berrange" <berrange@redhat.com> To: "Sahid Orentino Ferdjaoui" <sahid.ferdjaoui@gmail.com> Cc: libvir-list@redhat.com, "Sahid Orentino Ferdjaoui" <sahid.ferdjaoui@cloudwatt.com> Sent: Wednesday, April 23, 2014 12:08:04 PM Subject: Re: [libvirt] [PATCH 2/2] Add support for QEMU migration to use SASL authentication On Sun, Apr 13, 2014 at 01:52:48PM +0200, Sahid Orentino Ferdjaoui wrote:
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 593d2d3..e2010e0 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, }
+static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */
qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED,
Ok, so we don't have any way to pass in username/passwords to the migrate API, but this change does let virConnectOpenAuth lookup the passwords in the libvirt client config file, which is a reasonable thing todo I reckon, so ACK. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Tue, Apr 29, 2014 at 04:44:09PM +0000, sahid wrote:
From a43dc307c3014d70a01035313cd763ee13e9d219 Mon Sep 17 00:00:00 2001 From: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> Date: Fri, 11 Apr 2014 19:17:47 +0000 Subject: [PATCH 2/2] Add support for QEMU migration to use SASL authentication
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com> --- src/qemu/qemu_migration.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 3d005a0..a9f7fea 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -4020,6 +4020,18 @@ doPeer2PeerMigrate3(virQEMUDriverPtr driver, }
+static int virConnectCredType[] = { + VIR_CRED_AUTHNAME, + VIR_CRED_PASSPHRASE, +}; + + +static virConnectAuth virConnectAuthConfig = { + .credtype = virConnectCredType, + .ncredtype = ARRAY_CARDINALITY(virConnectCredType), +}; + + static int doPeer2PeerMigrate(virQEMUDriverPtr driver, virConnectPtr sconn, virDomainObjPtr vm, @@ -4053,7 +4065,7 @@ static int doPeer2PeerMigrate(virQEMUDriverPtr driver, */
qemuDomainObjEnterRemote(vm); - dconn = virConnectOpen(dconnuri); + dconn = virConnectOpenAuth(dconnuri, &virConnectAuthConfig, 0); qemuDomainObjExitRemote(vm); if (dconn == NULL) { virReportError(VIR_ERR_OPERATION_FAILED, -- 1.9.0
ACK, I've tested this with p2p migration + SASL and it is sufficient to let you configure a /etc/libvirt/auth.conf to make migration succeeed. Will push it shortly. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
This is a first contribution, I have tried to follow the most as possible rules marked in HACKING. I hope this commit will be conform with the specifications. make check OK make syntax-check OK make -C tests valgrind OK Currently with peer to peer migration provided by virDomainMigrateToURI, QEMU migration code uses virConnectOpen() which means that all authentication callbacks are disabled. Since no auth callback is present, SASL doesn't find any mechanisms and thus auth fails with the error: "authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs found)" The PATCH 1/2 adds a new example to illustrate how to use peer to peer migration. This patch is not necessary to fix the problem and can be removed. It is provided to help reviewers by avoiding the necessary to create code that use this feature. Also as it demonstrates the performance of libvirt I have thought it could be interesting to keep it for new users. The PATCH 2/2 fixes the problem by configuring QEMU migration code to use virConnectOpenAuth instead of virConnectOpen. Indeed this function will call if necessary a callback responsible to fetching credentials. Sahid Orentino Ferdjaoui (2): Add a new example to illustrate domain migration Add support for QEMU migration to use SASL authentication .gitignore | 1 + Makefile.am | 2 +- configure.ac | 1 + examples/dommigrate/Makefile.am | 26 ++++++++++++++ examples/dommigrate/dommigrate.c | 78 ++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 3 +- src/qemu/qemu_migration.c | 14 +++++++- 7 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 examples/dommigrate/Makefile.am create mode 100644 examples/dommigrate/dommigrate.c -- 1.9.0
On Sun, Apr 13, 2014 at 01:50:32PM +0000, sahid wrote:
This is a first contribution, I have tried to follow the most as possible rules marked in HACKING. I hope this commit will be conform with the specifications.
make check OK make syntax-check OK make -C tests valgrind OK
Yes, top marks for reading the HACKING file - your patch is looking good :-) Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (3)
-
Daniel P. Berrange -
sahid -
Sahid Orentino Ferdjaoui