9 a.m.
This part focuses on 'internals' documents along comes simplification of
the XSL usage for 'href_base' and conversion of the 'docs/docs'
directory page to RST as I was modifying it in the process.
Additionally this series actually makes use of the 'internals' page
which was not linked previously.
Peter Krempa (11):
kbase: index: Split off 'internals' section
docs: Simplify passing of 'href_base' XSL variable
docs: kbase: Section of 'internals' documents into a subfolder
docs: Convert 'docs' index page to rst
docs: Convert 'internals/command' to rst and move it to
'kbase/internals'
docs: Convert 'internals/eventloop' page to rst and move it to
'kbase/internals'
docs: Convert 'internals/locking' page to rst and move it to
'kbase/internals'
docs: Convert 'internals/rpc' page to RST and move it to
'kbase/internals'
docs: Remove empty 'internals' subfolder
docs: Convert 'internals' to RST and move it to
'kbase/internal/overview.rst'
docs: kbase: internals: Make 'overview' page useful and link to it
docs/api.rst | 2 +-
docs/css/libvirt.css | 17 +-
docs/docs.html.in | 188 ----
docs/docs.rst | 163 ++++
docs/go/meson.build | 5 +-
docs/internals.html.in | 119 ---
docs/internals/command.html.in | 596 ------------
docs/internals/eventloop.html.in | 106 --
docs/internals/locking.html.in | 267 -----
docs/internals/rpc.html.in | 914 ------------------
docs/kbase/index.rst | 34 +-
docs/kbase/internals/command.rst | 465 +++++++++
docs/kbase/internals/eventloop.rst | 84 ++
.../incremental-backup.rst} | 0
docs/kbase/internals/locking.rst | 190 ++++
docs/{ => kbase}/internals/meson.build | 20 +-
.../migration.rst} | 0
docs/kbase/internals/overview.rst | 102 ++
docs/kbase/internals/rpc.rst | 781 +++++++++++++++
docs/kbase/meson.build | 10 +-
docs/manpages/meson.build | 5 +-
docs/meson.build | 16 +-
docs/site.xsl | 12 +-
docs/subsite.xsl | 24 -
24 files changed, 1860 insertions(+), 2260 deletions(-)
delete mode 100644 docs/docs.html.in
create mode 100644 docs/docs.rst
delete mode 100644 docs/internals.html.in
delete mode 100644 docs/internals/command.html.in
delete mode 100644 docs/internals/eventloop.html.in
delete mode 100644 docs/internals/locking.html.in
delete mode 100644 docs/internals/rpc.html.in
create mode 100644 docs/kbase/internals/command.rst
create mode 100644 docs/kbase/internals/eventloop.rst
rename docs/kbase/{incrementalbackupinternals.rst => internals/incremental-backup.rst}
(100%)
create mode 100644 docs/kbase/internals/locking.rst
rename docs/{ => kbase}/internals/meson.build (69%)
rename docs/kbase/{migrationinternals.rst => internals/migration.rst} (100%)
create mode 100644 docs/kbase/internals/overview.rst
create mode 100644 docs/kbase/internals/rpc.rst
delete mode 100644 docs/subsite.xsl
--
2.35.1
9 a.m.
New subject: [PATCH 01/11] kbase: index: Split off 'internals' section
Add a separate column of documents regarding internals of libvirt and
move the 'migrationinternals' and 'incrementalbackupinternals' pages
under the new heading.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/kbase/index.rst | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 9c4e921f1f..4e18acd4d9 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -62,8 +62,8 @@ Usage
Details about snapshotting a VM
-Internals / Debugging
----------------------
+Debugging
+---------
`Debug logs <debuglogs.html>`__
Configuration of logging and tips on how to file a good bug report.
@@ -71,13 +71,17 @@ Internals / Debugging
`Systemtap <systemtap.html>`__
Explanation of how to use systemtap for libvirt tracing.
+`Capturing core dumps for QEMU <qemu-core-dump.html>`__
+ How to configure libvirt to enable capture of core dumps from
+ QEMU virtual machines
+
+
+Internals
+---------
+
`Incremental backup internals <incrementalbackupinternals.html>`__
Incremental backup implementation details relevant for users
`VM migration internals <migrationinternals.html>`__
VM migration implementation details, complementing the info in
`migration <../migration.html>`__
-
-`Capturing core dumps for QEMU <qemu-core-dump.html>`__
- How to configure libvirt to enable capture of core dumps from
- QEMU virtual machines
--
2.35.1
9 a.m.
New subject: [PATCH 02/11] docs: Simplify passing of 'href_base' XSL variable
Historically we had two top level XSL files for top level and nested
documents which only differ in what they pass for 'href_base' to the
main 'page.xsl' file.
We can instead pass the variable as argument from the build system so
that we have just one XSL file and also allow for more nested document
trees in the future.
The '404' page is special even with the current XSL way so we add a
special case for it.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/go/meson.build | 5 +++--
docs/internals/meson.build | 5 +++--
docs/kbase/meson.build | 5 +++--
docs/manpages/meson.build | 5 +++--
docs/meson.build | 12 ++++++++----
docs/site.xsl | 12 +-----------
docs/subsite.xsl | 24 ------------------------
7 files changed, 21 insertions(+), 47 deletions(-)
delete mode 100644 docs/subsite.xsl
diff --git a/docs/go/meson.build b/docs/go/meson.build
index 0ae0216ce3..c0e19c4182 100644
--- a/docs/go/meson.build
+++ b/docs/go/meson.build
@@ -3,7 +3,6 @@ docs_go_files = [
'libvirtxml',
]
-html_xslt_gen_xslt = subsite_xsl
html_xslt_gen_install_dir = docs_html_dir / 'go'
html_xslt_gen = []
@@ -14,6 +13,7 @@ foreach name : docs_go_files
'name': name,
'file': docs_rst2html5_gen.process(rst_file),
'source': 'docs' / 'go' / rst_file,
+ 'href_base': '../',
}
endforeach
@@ -33,8 +33,9 @@ foreach data : html_xslt_gen
'--stringparam', 'pagesrc', data.get('source',
''),
'--stringparam', 'builddir', meson.build_root(),
'--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
'--nonet',
- html_xslt_gen_xslt,
+ site_xsl,
'@INPUT@',
],
depends: data.get('depends', []),
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
index 2d0ae6195c..298a55dd88 100644
--- a/docs/internals/meson.build
+++ b/docs/internals/meson.build
@@ -5,7 +5,6 @@ internals_in_files = [
'rpc',
]
-html_xslt_gen_xslt = subsite_xsl
html_xslt_gen_install_dir = docs_html_dir / 'internals'
html_xslt_gen = []
@@ -13,6 +12,7 @@ foreach name : internals_in_files
html_xslt_gen += {
'name': name,
'source': 'docs' / 'internals' / name + '.html.in',
+ 'href_base': '../'
}
endforeach
@@ -32,8 +32,9 @@ foreach data : html_xslt_gen
'--stringparam', 'pagesrc', data.get('source',
''),
'--stringparam', 'builddir', meson.build_root(),
'--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
'--nonet',
- html_xslt_gen_xslt,
+ site_xsl,
'@INPUT@',
],
depends: data.get('depends', []),
diff --git a/docs/kbase/meson.build b/docs/kbase/meson.build
index 4114fc81d1..e37feb6d30 100644
--- a/docs/kbase/meson.build
+++ b/docs/kbase/meson.build
@@ -24,7 +24,6 @@ docs_kbase_files = [
'virtiofs',
]
-html_xslt_gen_xslt = subsite_xsl
html_xslt_gen_install_dir = docs_html_dir / 'kbase'
html_xslt_gen = []
@@ -35,6 +34,7 @@ foreach name : docs_kbase_files
'name': name,
'file': docs_rst2html5_gen.process(rst_file),
'source': 'docs' / 'kbase' / rst_file,
+ 'href_base': '../',
}
endforeach
@@ -54,8 +54,9 @@ foreach data : html_xslt_gen
'--stringparam', 'pagesrc', data.get('source',
''),
'--stringparam', 'builddir', meson.build_root(),
'--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
'--nonet',
- html_xslt_gen_xslt,
+ site_xsl,
'@INPUT@',
],
depends: data.get('depends', []),
diff --git a/docs/manpages/meson.build b/docs/manpages/meson.build
index d9fcb6b057..ba673cf472 100644
--- a/docs/manpages/meson.build
+++ b/docs/manpages/meson.build
@@ -1,4 +1,3 @@
-html_xslt_gen_xslt = subsite_xsl
html_xslt_gen_install_dir = docs_html_dir / 'manpages'
html_xslt_gen = []
@@ -130,6 +129,7 @@ foreach data : docs_man_files
'name': data['name'],
'file': html_in,
'source': 'docs' / 'manpages' / rst_in_file,
+ 'href_base': '../',
}
endforeach
@@ -149,8 +149,9 @@ foreach data : html_xslt_gen
'--stringparam', 'pagesrc', data.get('source',
''),
'--stringparam', 'builddir', meson.build_root(),
'--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
'--nonet',
- html_xslt_gen_xslt,
+ site_xsl,
'@INPUT@',
],
depends: data.get('depends', []),
diff --git a/docs/meson.build b/docs/meson.build
index 2295fbf752..75b5e4c08f 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -18,7 +18,6 @@ docs_assets = [
]
docs_html_in_files = [
- '404',
'docs',
'formatcaps',
'formatdomaincaps',
@@ -132,7 +131,6 @@ docs_timestamp = run_command(
).stdout().strip()
site_xsl = files('site.xsl')
-subsite_xsl = files('subsite.xsl')
page_xsl = files('page.xsl')
newapi_xsl = files('newapi.xsl')
@@ -218,7 +216,6 @@ docs_rst2html5_gen = generator(
# html_xslt_gen config
-html_xslt_gen_xslt = site_xsl
html_xslt_gen_install_dir = docs_html_dir
html_xslt_gen = []
@@ -251,6 +248,12 @@ html_xslt_gen += {
'depends': aclperms_gen,
}
+html_xslt_gen += {
+ 'name': '404',
+ 'source': 'docs' / '404.html.in',
+ 'href_base': '/',
+}
+
hvsupport_html_in = custom_target(
'hvsupport.html.in',
output: 'hvsupport.html.in',
@@ -302,8 +305,9 @@ foreach data : html_xslt_gen
'--stringparam', 'pagesrc', data.get('source',
''),
'--stringparam', 'builddir', meson.build_root(),
'--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
'--nonet',
- html_xslt_gen_xslt,
+ site_xsl,
'@INPUT@',
],
depends: data.get('depends', []),
diff --git a/docs/site.xsl b/docs/site.xsl
index 931e26272f..f56eb67b8a 100644
--- a/docs/site.xsl
+++ b/docs/site.xsl
@@ -13,21 +13,11 @@
encoding="UTF-8"
indent="yes"/>
- <xsl:variable name="href_base">
- <xsl:choose>
- <xsl:when test="$pagesrc = 'docs/404.html.in'">
- <xsl:value-of select="'/'"/>
- </xsl:when>
- <xsl:otherwise>
- <xsl:value-of select="''"/>
- </xsl:otherwise>
- </xsl:choose>
- </xsl:variable>
-
<xsl:template match="/">
<xsl:apply-templates select="." mode="page">
<xsl:with-param name="pagesrc" select="$pagesrc"/>
<xsl:with-param name="timestamp" select="$timestamp"/>
+ <xsl:with-param name="href_base" select="$href_base"/>
</xsl:apply-templates>
</xsl:template>
diff --git a/docs/subsite.xsl b/docs/subsite.xsl
deleted file mode 100644
index 2bdfcbb9b1..0000000000
--- a/docs/subsite.xsl
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:exsl="http://exslt.org/common"
- exclude-result-prefixes="xsl exsl"
- version="1.0">
-
- <xsl:import href="page.xsl"/>
-
- <xsl:output
- method="xml"
- encoding="UTF-8"
- indent="yes"/>
-
- <xsl:variable name="href_base" select="'../'"/>
-
- <xsl:template match="/">
- <xsl:apply-templates select="." mode="page">
- <xsl:with-param name="pagesrc" select="$pagesrc"/>
- <xsl:with-param name="timestamp" select="$timestamp"/>
- </xsl:apply-templates>
- </xsl:template>
-
-</xsl:stylesheet>
--
2.35.1
9 a.m.
New subject: [PATCH 03/11] docs: kbase: Section of 'internals' documents into a subfolder
Add an 'internals' subfolder to 'docs/kbase' to house all the documents
under internals. The output files are still under 'docs/kbase'.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/kbase/index.rst | 4 +-
.../incremental-backup.rst} | 0
docs/kbase/internals/meson.build | 55 +++++++++++++++++++
.../migration.rst} | 0
docs/kbase/meson.build | 4 +-
5 files changed, 59 insertions(+), 4 deletions(-)
rename docs/kbase/{incrementalbackupinternals.rst => internals/incremental-backup.rst}
(100%)
create mode 100644 docs/kbase/internals/meson.build
rename docs/kbase/{migrationinternals.rst => internals/migration.rst} (100%)
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 4e18acd4d9..c6748e8883 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -79,9 +79,9 @@ Debugging
Internals
---------
-`Incremental backup internals <incrementalbackupinternals.html>`__
+`Incremental backup internals <internals/incremental-backup.html>`__
Incremental backup implementation details relevant for users
-`VM migration internals <migrationinternals.html>`__
+`VM migration internals <internals/migration.html>`__
VM migration implementation details, complementing the info in
`migration <../migration.html>`__
diff --git a/docs/kbase/incrementalbackupinternals.rst
b/docs/kbase/internals/incremental-backup.rst
similarity index 100%
rename from docs/kbase/incrementalbackupinternals.rst
rename to docs/kbase/internals/incremental-backup.rst
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
new file mode 100644
index 0000000000..923e262706
--- /dev/null
+++ b/docs/kbase/internals/meson.build
@@ -0,0 +1,55 @@
+docs_kbase_internals_files = [
+ 'incremental-backup',
+ 'migration',
+]
+
+
+html_xslt_gen_install_dir = docs_html_dir / 'kbase' / 'internals'
+html_xslt_gen = []
+
+foreach name : docs_kbase_internals_files
+ rst_file = '@0@.rst'.format(name)
+
+ html_xslt_gen += {
+ 'name': name,
+ 'file': docs_rst2html5_gen.process(rst_file),
+ 'source': 'docs' / 'kbase' / 'internals' / rst_file,
+ 'href_base': '../../',
+ }
+endforeach
+
+# keep the XSLT processing code block in sync with docs/meson.build
+
+# --- begin of XSLT processing ---
+
+foreach data : html_xslt_gen
+ html_filename = data['name'] + '.html'
+
+ html_file = custom_target(
+ html_filename,
+ input: data.get('file', data['name'] + '.html.in'),
+ output: html_filename,
+ command: [
+ xsltproc_prog,
+ '--stringparam', 'pagesrc', data.get('source',
''),
+ '--stringparam', 'builddir', meson.build_root(),
+ '--stringparam', 'timestamp', docs_timestamp,
+ '--stringparam', 'href_base', data.get('href_base',
''),
+ '--nonet',
+ site_xsl,
+ '@INPUT@',
+ ],
+ depends: data.get('depends', []),
+ depend_files: [ page_xsl ],
+ capture: true,
+ install: true,
+ install_dir: html_xslt_gen_install_dir,
+ )
+
+ install_web_deps += html_file
+ install_web_files += html_file.full_path() + ':' + html_xslt_gen_install_dir
+endforeach
+
+html_xslt_gen = []
+
+# --- end of XSLT processing ---
diff --git a/docs/kbase/migrationinternals.rst b/docs/kbase/internals/migration.rst
similarity index 100%
rename from docs/kbase/migrationinternals.rst
rename to docs/kbase/internals/migration.rst
diff --git a/docs/kbase/meson.build b/docs/kbase/meson.build
index e37feb6d30..269bf64a94 100644
--- a/docs/kbase/meson.build
+++ b/docs/kbase/meson.build
@@ -2,7 +2,6 @@ docs_kbase_files = [
'backing_chains',
'debuglogs',
'domainstatecapture',
- 'incrementalbackupinternals',
'index',
'kvm-realtime',
'launch_security_sev',
@@ -12,7 +11,6 @@ docs_kbase_files = [
'locking-sanlock',
'memorydevices',
'merging_disk_image_chains',
- 'migrationinternals',
'qemu-core-dump',
'qemu-passthrough-security',
'rpm-deployment',
@@ -73,3 +71,5 @@ endforeach
html_xslt_gen = []
# --- end of XSLT processing ---
+
+subdir('internals')
--
2.35.1
9 a.m.
New subject: [PATCH 04/11] docs: Convert 'docs' index page to rst
Along with the conversion we need to adapt the stylesheets to apply to
the new document similarly to how we do that in the knowledge base.
Note that one visible difference is that now a 'Documentation' heading
is visible on top of the page.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/css/libvirt.css | 17 ++--
docs/docs.html.in | 188 -------------------------------------------
docs/docs.rst | 175 ++++++++++++++++++++++++++++++++++++++++
docs/meson.build | 2 +-
4 files changed, 188 insertions(+), 194 deletions(-)
delete mode 100644 docs/docs.html.in
create mode 100644 docs/docs.rst
diff --git a/docs/css/libvirt.css b/docs/css/libvirt.css
index b08271ea4d..2ae80f8595 100644
--- a/docs/css/libvirt.css
+++ b/docs/css/libvirt.css
@@ -105,8 +105,8 @@
}
#index.document,
-#docs.document,
#hvsupport.document,
+#documentation.document,
#knowledge-base.document
{
width: inherit;
@@ -397,6 +397,7 @@ h6:hover > a.headerlink {
}
div.panel,
+#documentation .section,
#knowledge-base .section
{
width: 24%;
@@ -406,6 +407,7 @@ div.panel,
}
div.panel h2,
+#documentation .section h1,
#knowledge-base .section h1 {
margin-top: 0px;
padding: 0.5em;
@@ -423,15 +425,12 @@ div.panel h2,
height: 300px;
}
+#documentation.document > h1,
#knowledge-base.document > h1 {
text-align: center;
padding: 1em;
}
-#docs.document h1 {
- visibility: hidden;
-}
-
br.clear {
clear: both;
border: 0px;
@@ -485,11 +484,13 @@ br.clear {
}
div.panel dd,
+#documentation dd,
#knowledge-base dd {
font-size: smaller;
}
div.panel a,
+#documentation a,
#knowledge-base a {
text-decoration: none;
}
@@ -497,6 +498,9 @@ div.panel a,
div.panel ul,
div.panel p,
div.panel dl,
+#documentation ul,
+#documentation p,
+#documentation dl,
#knowledge-base ul,
#knowledge-base p,
#knowledge-base dl {
@@ -505,16 +509,19 @@ div.panel dl,
}
div.panel ul,
+#documentation ul,
#knowledge-base ul {
margin-left: 1em;
}
div.panel dt,
+#documentation dt,
#knowledge-base dt {
margin: 0px;
}
div.panel dd,
+#documentation dd,
#knowledge-base dd {
margin: 0px;
margin-bottom: 1em;
diff --git a/docs/docs.html.in b/docs/docs.html.in
deleted file mode 100644
index ff7a95fae7..0000000000
--- a/docs/docs.html.in
+++ /dev/null
@@ -1,188 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body id="docs">
- <h1>Documentation</h1>
- <div class="panel">
- <h2>Deployment / operation</h2>
-
- <dl>
- <dt><a href="apps.html">Applications</a></dt>
- <dd>Applications known to use libvirt</dd>
-
- <dt><a href="manpages/index.html">Manual
pages</a></dt>
- <dd>Manual pages for libvirt tools / daemons</dd>
-
- <dt><a href="windows.html">Windows</a></dt>
- <dd>Downloads for Windows</dd>
-
- <dt><a href="macos.html">macOS</a></dt>
- <dd>Working with libvirt on macOS</dd>
-
- <dt><a
href="migration.html">Migration</a></dt>
- <dd>Migrating guests between machines</dd>
-
- <dt><a href="daemons.html">Daemons</a></dt>
- <dd>Overview of the daemons provided by libvirt</dd>
-
- <dt><a href="remote.html">Remote
access</a></dt>
- <dd>Enable remote access over TCP</dd>
-
- <dt><a
href="auth.html">Authentication</a></dt>
- <dd>Configure authentication for the libvirt daemon</dd>
-
- <dt><a href="acl.html">Access control</a></dt>
- <dd>Configure access control libvirt APIs with <a
href="aclpolkit.html">polkit</a></dd>
-
- <dt><a href="logging.html">Logging</a></dt>
- <dd>The library and the daemon logging support</dd>
-
- <dt><a href="auditlog.html">Audit log</a></dt>
- <dd>Audit trail logs for host operations</dd>
-
- <dt><a href="firewall.html">Firewall</a></dt>
- <dd>Firewall and network filter configuration</dd>
-
- <dt><a href="hooks.html">Hooks</a></dt>
- <dd>Hooks for system specific management</dd>
-
- <dt><a href="nss.html">NSS module</a></dt>
- <dd>Enable domain host name translation to IP addresses</dd>
-
- <dt><a
href="https://wiki.libvirt.org/page/FAQ">FAQ</a></d...
- <dd>Frequently asked questions</dd>
- </dl>
-
- </div>
-
- <div class="panel">
- <h2>Application development</h2>
- <dl>
- <dt><a href="html/index.html">API
reference</a></dt>
- <dd>Reference manual for the C public API, split in
- <a href="html/libvirt-libvirt-common.html">common</a>,
- <a href="html/libvirt-libvirt-domain.html">domain</a>,
- <a href="html/libvirt-libvirt-domain-checkpoint.html">domain
checkpoint</a>,
- <a href="html/libvirt-libvirt-domain-snapshot.html">domain
snapshot</a>,
- <a href="html/libvirt-virterror.html">error</a>,
- <a href="html/libvirt-libvirt-event.html">event</a>,
- <a href="html/libvirt-libvirt-host.html">host</a>,
- <a
href="html/libvirt-libvirt-interface.html">interface</a>,
- <a href="html/libvirt-libvirt-network.html">network</a>,
- <a href="html/libvirt-libvirt-nodedev.html">node
device</a>,
- <a href="html/libvirt-libvirt-nwfilter.html">network
filter</a>,
- <a href="html/libvirt-libvirt-secret.html">secret</a>,
- <a href="html/libvirt-libvirt-storage.html">storage</a>,
- <a href="html/libvirt-libvirt-stream.html">stream</a>
- and
- <a href="html/index-admin.html">admin</a>,
- <a href="html/index-qemu.html">QEMU</a>,
- <a href="html/index-lxc.html">LXC</a> libs
- </dd>
-
- <dt><a href="bindings.html">Language bindings and API
modules</a></dt>
- <dd>Bindings of the libvirt API for
- <a href="csharp.html">c#</a>,
- <a
href="https://pkg.go.dev/libvirt.org/go/libvirt">go</a>;,
- <a href="java.html">java</a>,
- <a href="https://libvirt.org/ocaml/">ocaml</a>;,
- <a
href="https://search.cpan.org/dist/Sys-Virt/">perl</a>;,
- <a href="python.html">python</a>,
- <a href="php.html">php</a>,
- <a href="https://libvirt.org/ruby/">ruby</a>
- and integration API modules for
- <a href="dbus.html">D-Bus</a></dd>
-
-
- <dt><a href="format.html">XML schemas</a></dt>
- <dd>Description of the XML schemas for
- <a href="formatdomain.html">domains</a>,
- <a href="formatnetwork.html">networks</a>,
- <a href="formatnetworkport.html">network ports</a>,
- <a href="formatnwfilter.html">network filtering</a>,
- <a href="formatstorage.html">storage</a>,
- <a href="formatstorageencryption.html">storage
encryption</a>,
- <a href="formatcaps.html">capabilities</a>,
- <a href="formatdomaincaps.html">domain capabilities</a>,
- <a href="formatstoragecaps.html">storage pool
capabilities</a>,
- <a href="formatnode.html">node devices</a>,
- <a href="formatsecret.html">secrets</a>,
- <a href="formatsnapshot.html">snapshots</a>,
- <a href="formatcheckpoint.html">checkpoints</a>,
- <a href="formatbackup.html">backup jobs</a></dd>
-
- <dt><a href="uri.html">URI format</a></dt>
- <dd>The URI formats used for connecting to libvirt</dd>
-
- <dt><a href="cgroups.html">CGroups</a></dt>
- <dd>Control groups integration</dd>
-
- <dt><a href="drivers.html">Drivers</a></dt>
- <dd>Hypervisor specific driver information</dd>
-
- <dt><a href="support.html">Support
guarantees</a></dt>
- <dd>Details of support status for various interfaces</dd>
-
- <dt><a href="hvsupport.html">Driver
support</a></dt>
- <dd>matrix of API support per hypervisor per release</dd>
-
- <dt><a href="kbase/index.html">Knowledge
Base</a></dt>
- <dd>Task oriented guides to key features</dd>
- </dl>
- </div>
-
- <div class="panel">
- <h2>Project development</h2>
- <dl>
- <dt><a href="hacking.html">Contributor
guidelines</a></dt>
- <dd>General hacking guidelines for contributors</dd>
-
- <dt><a href="styleguide.html">Docs style
guide</a></dt>
- <dd>Style guidelines for reStructuredText docs</dd>
-
- <dt><a href="strategy.html">Project
strategy</a></dt>
- <dd>Sets a vision for future direction & technical
choices</dd>
-
- <dt><a href="ci.html">CI Testing</a></dt>
- <dd>Details of the Continuous Integration testing strategy</dd>
-
- <dt><a href="bugs.html">Bug reports</a></dt>
- <dd>How and where to report bugs and request features</dd>
-
- <dt><a
href="compiling.html">Compiling</a></dt>
- <dd>How to compile libvirt</dd>
-
- <dt><a href="goals.html">Goals</a></dt>
- <dd>Terminology and goals of libvirt API</dd>
-
- <dt><a href="api.html">API concepts</a></dt>
- <dd>The libvirt API concepts</dd>
-
- <dt><a href="api_extension.html">API
extensions</a></dt>
- <dd>Adding new public libvirt APIs</dd>
-
- <dt><a href="internals/eventloop.html">Event loop and
worker pool</a></dt>
- <dd>Libvirt's event loop and worker pool mode</dd>
-
- <dt><a href="internals/command.html">Spawning
commands</a></dt>
- <dd>Spawning commands from libvirt driver code</dd>
-
- <dt><a href="internals/rpc.html">RPC protocol &
APIs</a></dt>
- <dd>RPC protocol information and API / dispatch guide</dd>
-
- <dt><a href="internals/locking.html">Lock
managers</a></dt>
- <dd>Use lock managers to protect disk content</dd>
-
- <dt><a href="testsuites.html">Functional
testing</a></dt>
- <dd>Testing libvirt with <a href="testtck.html">TCK test
suite</a> and
- <a href="testapi.html">Libvirt-test-API</a></dd>
-
- <dt><a href="newreposetup.html">New repo
setup</a></dt>
- <dd>Procedure for configuring new git repositories for libvirt</dd>
- </dl>
- </div>
-
- <br class="clear"/>
-
- </body>
-</html>
diff --git a/docs/docs.rst b/docs/docs.rst
new file mode 100644
index 0000000000..299c26d09b
--- /dev/null
+++ b/docs/docs.rst
@@ -0,0 +1,175 @@
+=============
+Documentation
+=============
+
+Deployment / operation
+----------------------
+
+`Applications <apps.html>`__
+ Applications known to use libvirt
+
+`Manual pages <manpages/index.html>`__
+ Manual pages for libvirt tools / daemons
+
+`Windows <windows.html>`__
+ Downloads for Windows
+
+`macOS <macos.html>`__
+ Working with libvirt on macOS
+
+`Migration <migration.html>`__
+ Migrating guests between machines
+
+`Daemons <daemons.html>`__
+ Overview of the daemons provided by libvirt
+
+`Remote access <remote.html>`__
+ Enable remote access over TCP
+
+`TLS certs <tlscerts.html>`__
+ Generate and deploy x509 certificates for TLS
+
+`Authentication <auth.html>`__
+ Configure authentication for the libvirt daemon
+
+`Access control <acl.html>`__
+ Configure access control libvirt APIs with `polkit <aclpolkit.html>`__
+
+`Logging <logging.html>`__
+ The library and the daemon logging support
+
+`Audit log <auditlog.html>`__
+ Audit trail logs for host operations
+
+`Firewall <firewall.html>`__
+ Firewall and network filter configuration
+
+`Hooks <hooks.html>`__
+ Hooks for system specific management
+
+`NSS module <nss.html>`__
+ Enable domain host name translation to IP addresses
+
+`FAQ <https://wiki.libvirt.org/page/FAQ>`__
+ Frequently asked questions
+
+Application development
+-----------------------
+
+`API reference <html/index.html>`__
+ Reference manual for the C public API, split in
+ `common <html/libvirt-libvirt-common.html>`__,
+ `domain <html/libvirt-libvirt-domain.html>`__,
+ `domain checkpoint <html/libvirt-libvirt-domain-checkpoint.html>`__,
+ `domain snapshot <html/libvirt-libvirt-domain-snapshot.html>`__,
+ `error <html/libvirt-virterror.html>`__,
+ `event <html/libvirt-libvirt-event.html>`__,
+ `host <html/libvirt-libvirt-host.html>`__,
+ `interface <html/libvirt-libvirt-interface.html>`__,
+ `network <html/libvirt-libvirt-network.html>`__,
+ `node device <html/libvirt-libvirt-nodedev.html>`__,
+ `network filter <html/libvirt-libvirt-nwfilter.html>`__,
+ `secret <html/libvirt-libvirt-secret.html>`__,
+ `storage <html/libvirt-libvirt-storage.html>`__,
+ `stream <html/libvirt-libvirt-stream.html>`__ and
+ `admin <html/index-admin.html>`__,
+ `QEMU <html/index-qemu.html>`__,
+ `LXC <html/index-lxc.html>`__ libs
+
+`Language bindings and API modules <bindings.html>`__
+ Bindings of the libvirt API for
+ `c# <csharp.html>`__,
+ `go <https://pkg.go.dev/libvirt.org/go/libvirt>`__,
+ `java <java.html>`__,
+ `ocaml <https://libvirt.org/ocaml/>`__,
+ `perl <https://search.cpan.org/dist/Sys-Virt/>`__,
+ `python <python.html>`__,
+ `php <php.html>`__,
+ `ruby <https://libvirt.org/ruby/>`__
+ and integration API modules for
+ `D-Bus <dbus.html>`__
+
+`XML schemas <format.html>`__
+ Description of the XML schemas for
+ `domains <formatdomain.html>`__,
+ `networks <formatnetwork.html>`__,
+ `network ports <formatnetworkport.html>`__,
+ `network filtering <formatnwfilter.html>`__,
+ `storage <formatstorage.html>`__,
+ `storage encryption <formatstorageencryption.html>`__,
+ `capabilities <formatcaps.html>`__,
+ `domain capabilities <formatdomaincaps.html>`__,
+ `storage pool capabilities <formatstoragecaps.html>`__,
+ `node devices <formatnode.html>`__,
+ `secrets <formatsecret.html>`__,
+ `snapshots <formatsnapshot.html>`__,
+ `checkpoints <formatcheckpoint.html>`__,
+ `backup jobs <formatbackup.html>`__
+
+`URI format <uri.html>`__
+ The URI formats used for connecting to libvirt
+
+`CGroups <cgroups.html>`__
+ Control groups integration
+
+`Drivers <drivers.html>`__
+ Hypervisor specific driver information
+
+`Support guarantees <support.html>`__
+ Details of support status for various interfaces
+
+`Driver support <hvsupport.html>`__
+ matrix of API support per hypervisor per release
+
+`Knowledge Base <kbase/index.html>`__
+ Task oriented guides to key features
+
+Project development
+-------------------
+
+`Contributor guidelines <hacking.html>`__
+ General hacking guidelines for contributors
+
+`Docs style guide <styleguide.html>`__
+ Style guidelines for reStructuredText docs
+
+`Project strategy <strategy.html>`__
+ Sets a vision for future direction & technical choices
+
+`CI Testing <ci.html>`__
+ Details of the Continuous Integration testing strategy
+
+`Bug reports <bugs.html>`__
+ How and where to report bugs and request features
+
+`Compiling <compiling.html>`__
+ How to compile libvirt
+
+`Goals <goals.html>`__
+ Terminology and goals of libvirt API
+
+`API concepts <api.html>`__
+ The libvirt API concepts
+
+`API extensions <api_extension.html>`__
+ Adding new public libvirt APIs
+
+`Event loop and worker pool <internals/eventloop.html>`__
+ Libvirt's event loop and worker pool mode
+
+`Spawning commands <internals/command.html>`__
+ Spawning commands from libvirt driver code
+
+`RPC protocol & APIs <internals/rpc.html>`__
+ RPC protocol information and API / dispatch guide
+
+`Lock managers <internals/locking.html>`__
+ Use lock managers to protect disk content
+
+`Functional testing <testsuites.html>`__
+ Testing libvirt with
+ `TCK test suite <testtck.html>`__ and
+ `Libvirt-test-API <testapi.html>`__
+
+`New repo setup <newreposetup.html>`__
+ Procedure for configuring new git repositories for libvirt
diff --git a/docs/meson.build b/docs/meson.build
index 75b5e4c08f..9e69a0dc05 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -18,7 +18,6 @@ docs_assets = [
]
docs_html_in_files = [
- 'docs',
'formatcaps',
'formatdomaincaps',
'formatnetwork',
@@ -53,6 +52,7 @@ docs_rst_files = [
'csharp',
'daemons',
'dbus',
+ 'docs',
'downloads',
'drivers',
'drvbhyve',
--
2.35.1
9 a.m.
New subject: [PATCH 05/11] docs: Convert 'internals/command' to rst and move it to 'kbase/internals'
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/docs.rst | 3 -
docs/internals/command.html.in | 596 -------------------------------
docs/internals/meson.build | 1 -
docs/kbase/index.rst | 3 +
docs/kbase/internals/command.rst | 465 ++++++++++++++++++++++++
docs/kbase/internals/meson.build | 1 +
6 files changed, 469 insertions(+), 600 deletions(-)
delete mode 100644 docs/internals/command.html.in
create mode 100644 docs/kbase/internals/command.rst
diff --git a/docs/docs.rst b/docs/docs.rst
index 299c26d09b..a92c7c26ab 100644
--- a/docs/docs.rst
+++ b/docs/docs.rst
@@ -157,9 +157,6 @@ Project development
`Event loop and worker pool <internals/eventloop.html>`__
Libvirt's event loop and worker pool mode
-`Spawning commands <internals/command.html>`__
- Spawning commands from libvirt driver code
-
`RPC protocol & APIs <internals/rpc.html>`__
RPC protocol information and API / dispatch guide
diff --git a/docs/internals/command.html.in b/docs/internals/command.html.in
deleted file mode 100644
index d9f53933c6..0000000000
--- a/docs/internals/command.html.in
+++ /dev/null
@@ -1,596 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>Spawning processes / commands from libvirt drivers</h1>
-
- <ul id="toc"></ul>
-
- <p>
- This page describes the usage of libvirt APIs for
- spawning processes / commands from libvirt drivers.
- All code is required to use these APIs
- </p>
-
- <h2><a id="posix">Problems with standard POSIX
APIs</a></h2>
-
- <p>
- The POSIX specification includes a number of APIs for
- spawning processes / commands, but they suffer from
- a number of flaws
- </p>
-
- <ul>
- <li><code>fork+exec</code>: The lowest & most flexible
- level, but very hard to use correctly / safely. It
- is easy to leak file descriptors, have unexpected
- signal handler behaviour and not handle edge cases.
- Furthermore, it is not portable to mingw.
- </li>
- <li><code>system</code>: Convenient if you don't care
- about capturing command output, but has the serious
- downside that the command string is interpreted by
- the shell. This makes it very dangerous to use, because
- improperly validated user input can lead to exploits
- via shell meta characters.
- </li>
- <li><code>popen</code>: Inherits the flaws of
- <code>system</code>, and has no option for bi-directional
- communication.
- </li>
- <li><code>posix_spawn</code>: A half-way house between
- simplicity of system() and the flexibility of fork+exec.
- It does not allow for a couple of important features
- though, such as running a hook between the fork+exec
- stage, or closing all open file descriptors.</li>
- </ul>
-
- <p>
- Due to the problems mentioned with each of these,
- libvirt driver code <strong>must not use</strong> any
- of the above APIs. Historically libvirt provided a
- higher level API known as virExec. This was wrapper
- around fork+exec, in a similar style to posix_spawn,
- but with a few more features.
- </p>
-
- <p>
- This wrapper still suffered from a number of problems.
- Handling command cleanup via waitpid() is overly
- complex & error prone for most usage. Building up the
- argv[] + env[] string arrays is quite cumbersome and
- error prone, particularly wrt memory leak / OOM handling.
- </p>
-
- <h2><a id="api">The libvirt command execution
API</a></h2>
-
- <p>
- There is now a high level API that provides a safe and
- flexible way to spawn commands, which prevents the most
- common errors & is easy to code against. This
- code is provided in the <code>src/util/vircommand.h</code>
- header which can be imported using <code>#include
"vircommand.h"</code>
- </p>
-
- <h3><a id="initial">Defining commands in
libvirt</a></h3>
-
- <p>
- The first step is to declare what command is to be
- executed. The command name can be either a fully
- qualified path, or a bare command name. In the latter
- case it will be resolved wrt the <code>$PATH</code>
- environment variable.
- </p>
-
-<pre>
-virCommand *cmd = virCommandNew("/usr/bin/dnsmasq");
-</pre>
-
- <p>
- There is no need to check for allocation failure after
- <code>virCommandNew</code>. This will be detected and
- reported at a later time.
- </p>
-
- <h3><a id="args">Adding arguments to the
command</a></h3>
-
- <p>
- There are a number of APIs for adding arguments to a
- command. To add a direct string arg
- </p>
-
-<pre>
-virCommandAddArg(cmd, "-strict-order");
-</pre>
-
- <p>
- If an argument takes an attached value of the form
- <code>-arg=val</code>, then this can be done using
- </p>
-
-<pre>
-virCommandAddArgPair(cmd, "--conf-file", "/etc/dnsmasq.conf");
-</pre>
-
- <p>
- If an argument needs to be formatted as if by
- <code>printf</code>:
- </p>
-
-<pre>
-virCommandAddArgFormat(cmd, "%d", count);
-</pre>
-
- <p>
- To add an entire NULL terminated array of arguments in one go,
- there are two options.
- </p>
-
-<pre>
-const char *const args[] = {
- "--strict-order", "--except-interface", "lo", NULL
-};
-virCommandAddArgSet(cmd, args);
-virCommandAddArgList(cmd, "--domain", "localdomain", NULL);
-</pre>
-
- <p>
- This can also be done at the time of initial construction of
- the <code>virCommand *</code> object:
- </p>
-
-<pre>
-const char *const args[] = {
- "/usr/bin/dnsmasq",
- "--strict-order", "--except-interface",
- "lo", "--domain", "localdomain", NULL
-};
-virCommand *cmd1 = virCommandNewArgs(cmd, args);
-virCommand *cmd2 = virCommandNewArgList("/usr/bin/dnsmasq",
- "--domain", "localdomain",
NULL);
-</pre>
-
- <h3><a id="env">Setting up the
environment</a></h3>
-
- <p>
- By default a command will inherit all environment variables
- from the current process. Generally this is not desirable
- and a customized environment will be more suitable. Any
- customization done via the following APIs will prevent
- inheritance of any existing environment variables unless
- explicitly allowed. The first step is usually to pass through
- a small number of variables from the current process.
- </p>
-
-<pre>
-virCommandAddEnvPassCommon(cmd);
-</pre>
-
- <p>
- This has now set up a clean environment for the child, passing
- through <code>PATH</code>, <code>LD_PRELOAD</code>,
- <code>LD_LIBRARY_PATH</code>, <code>HOME</code>,
- <code>USER</code>, <code>LOGNAME</code> and
<code>TMPDIR</code>.
- Furthermore it will explicitly set <code>LC_ALL=C</code> to
- avoid unexpected localization of command output. Further
- variables can be passed through from parent explicitly:
- </p>
-
-<pre>
-virCommandAddEnvPass(cmd, "DISPLAY");
-virCommandAddEnvPass(cmd, "XAUTHORITY");
-</pre>
-
- <p>
- To define an environment variable in the child with an
- separate key / value:
- </p>
-
-<pre>
-virCommandAddEnvPair(cmd, "TERM", "xterm");
-</pre>
-
- <p>
- If the key/value pair is pre-formatted in the right
- format, it can be set directly
- </p>
-
-<pre>
-virCommandAddEnvString(cmd, "TERM=xterm");
-</pre>
-
- <h3><a id="misc">Miscellaneous other
options</a></h3>
-
- <p>
- Normally the spawned command will retain the current
- process and process group as its parent. If the current
- process dies, the child will then (usually) be terminated
- too. If this cleanup is not desired, then the command
- should be marked as daemonized:
- </p>
-
-<pre>
-virCommandDaemonize(cmd);
-</pre>
-
- <p>
- When daemonizing a command, the PID visible from the
- caller will be that of the intermediate process, not
- the actual damonized command. If the PID of the real
- command is required then a pidfile can be requested
- </p>
-
-<pre>
-virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
-</pre>
-
- <p>
- This PID file is guaranteed to be written before
- the intermediate process exits. Moreover, the daemonized
- process will inherit the FD of the opened and locked PID
- file.
- </p>
-
- <h3><a id="privs">Reducing command
privileges</a></h3>
-
- <p>
- Normally a command will inherit all privileges of
- the current process. To restrict what a command can
- do, it is possible to request that all its capabilities
- are cleared. With this done it will only be able to
- access resources for which it has explicit DAC permissions
- </p>
-
-<pre>
-virCommandClearCaps(cmd);
-</pre>
-
- <h3><a id="fds">Managing file handles</a></h3>
-
- <p>
- To prevent unintended resource leaks to child processes, the
- child defaults to closing all open file handles, and setting
- stdin/out/err to <code>/dev/null</code>. It is possible to
- allow an open file handle to be passed into the child, while
- controlling whether that handle remains open in the parent or
- guaranteeing that the handle will be closed in the parent after
- virCommandRun, virCommandRunAsync, or virCommandFree.
- </p>
-
-<pre>
-int sharedfd = open("cmd.log", "w+");
-int childfd = open("conf.txt", "r");
-virCommandPassFD(cmd, sharedfd, 0);
-virCommandPassFD(cmd, childfd,
- VIR_COMMAND_PASS_FD_CLOSE_PARENT);
-if (VIR_CLOSE(sharedfd) < 0)
- goto cleanup;
-</pre>
-
- <p>
- With this, both file descriptors sharedfd and childfd in the
- current process remain open as the same file descriptors in the
- child. Meanwhile, after the child is spawned, sharedfd remains
- open in the parent, while childfd is closed.
- </p>
-
- <p>
- For stdin/out/err it is sometimes necessary to map a file
- handle. If a mapped file handle is a pipe fed or consumed by
- the caller, then the caller should use virCommandDaemonize or
- virCommandRunAsync rather than virCommandRun to avoid deadlock
- (mapping a regular file is okay with virCommandRun). To attach
- file descriptor 7 in the current process to stdin in the child:
- </p>
-
-<pre>
-virCommandSetInputFD(cmd, 7);
-</pre>
-
- <p>
- Equivalently to redirect stdout or stderr in the child,
- pass in a pointer to the desired handle
- </p>
-
-<pre>
-int outfd = open("out.log", "w+");
-int errfd = open("err.log", "w+");
-virCommandSetOutputFD(cmd, &outfd);
-virCommandSetErrorFD(cmd, &errfd);
-</pre>
-
- <p>
- Alternatively it is possible to request that a pipe be
- created to fetch stdout/err in the parent, by initializing
- the FD to -1.
- </p>
-
-<pre>
-int outfd = -1;
-int errfd = -1
-virCommandSetOutputFD(cmd, &outfd);
-virCommandSetErrorFD(cmd, &errfd);
-</pre>
-
- <p>
- Once the command is running, <code>outfd</code>
- and <code>errfd</code> will be initialized with
- valid file handles that can be read from. It is
- permissible to pass the same pointer for both outfd
- and errfd, in which case both standard streams in
- the child will share the same fd in the parent.
- </p>
-
- <p>
- Normally, file descriptors opened to collect output from a child
- process perform blocking I/O, but the parent process can request
- non-blocking mode:
- </p>
-
-<pre>
-virCommandNonblockingFDs(cmd);
-</pre>
-
- <h3><a id="buffers">Feeding & capturing strings to/from
the child</a></h3>
-
- <p>
- Often dealing with file handles for stdin/out/err is
- unnecessarily complex; an alternative is to let virCommandRun
- perform the I/O and interact via string buffers. Use of a buffer
- only works with virCommandRun, and cannot be mixed with pipe
- file descriptors. That is, the choice is generally between
- managing all I/O in the caller (any fds not specified are tied
- to /dev/null), or letting virCommandRun manage all I/O via
- strings (unspecified stdin is tied to /dev/null, and unspecified
- output streams get logged but are otherwise discarded).
- </p>
-
- <p>
- It is possible to specify a string buffer to act as the data
- source for the child's stdin, if there are no embedded NUL
- bytes, and if the command will be run with virCommandRun:
- </p>
-
-<pre>
-const char *input = "Hello World\n";
-virCommandSetInputBuffer(cmd, input);
-</pre>
-
- <p>
- Similarly it is possible to request that the child's
- stdout/err be redirected into a string buffer, if the
- output is not expected to contain NUL bytes, and if
- the command will be run with virCommandRun:
- </p>
-
-<pre>
-char *output = NULL, *errors = NULL;
-virCommandSetOutputBuffer(cmd, &output);
-virCommandSetErrorBuffer(cmd, &errors);
-</pre>
-
- <p>
- Once the command has finished executing, these buffers will
- contain the output. Allocation is guaranteed if virCommandRun
- or virCommandWait succeed (if there was no output, then the
- buffer will contain an allocated empty string); if the command
- failed, then the buffers usually contain a best-effort
- allocation of collected information (however, on an
- out-of-memory condition, the buffer may still be NULL). The
- caller is responsible for freeing registered buffers, since the
- buffers are designed to persist beyond virCommandFree. It
- is possible to pass the same pointer to both
- virCommandSetOutputBuffer and virCommandSetErrorBuffer, in which
- case the child process interleaves output into a single string.
- </p>
-
- <h3><a id="directory">Setting working
directory</a></h3>
-
- <p>
- Daemonized commands are always run with "/" as the current
- working directory. All other commands default to running in the
- same working directory as the parent process, but an alternate
- directory can be specified:
- </p>
-
-<pre>
-virCommandSetWorkingDirectory(cmd, LOCALSTATEDIR);
-</pre>
-
- <h3><a id="hooks">Any additional hooks</a></h3>
-
- <p>
- If anything else is needed, it is possible to request a hook
- function that is called in the child after the fork, as the
- last thing before changing directories, dropping capabilities,
- and executing the new process. If hook(opaque) returns
- non-zero, then the child process will not be run.
- </p>
-
-<pre>
-virCommandSetPreExecHook(cmd, hook, opaque);
-</pre>
-
- <h3><a id="logging">Logging commands</a></h3>
-
- <p>
- Sometimes, it is desirable to log what command will be run, or
- even to use virCommand solely for creation of a single
- consolidated string without running anything.
- </p>
-
-<pre>
-int logfd = ...;
-char *timestamp = virTimestamp();
-char *string = NULL;
-
-dprintf(logfd, "%s: ", timestamp);
-VIR_FREE(timestamp);
-virCommandWriteArgLog(cmd, logfd);
-
-string = virCommandToString(cmd, false);
-if (string)
- VIR_DEBUG("about to run %s", string);
-VIR_FREE(string);
-if (virCommandRun(cmd, NULL) < 0)
- return -1;
-</pre>
-
- <h3><a id="sync">Running commands
synchronously</a></h3>
-
- <p>
- For most commands, the desired behaviour is to spawn
- the command, wait for it to complete & exit and then
- check that its exit status is zero
- </p>
-
-<pre>
-if (virCommandRun(cmd, NULL) < 0)
- return -1;
-</pre>
-
- <p>
- <strong>Note:</strong> if the command has been daemonized
- this will only block & wait for the intermediate process,
- not the real command. <code>virCommandRun</code> will
- report on any errors that have occurred upon this point
- with all previous API calls. If the command fails to
- run, or exits with non-zero status an error will be
- reported via normal libvirt error infrastructure. If a
- non-zero exit status can represent a success condition,
- it is possible to request the exit status and perform
- that check manually instead of letting <code>virCommandRun</code>
- raise the error. By default, the captured status is only
- for a normal exit (death from a signal is treated as an error),
- but a caller can use <code>virCommandRawStatus</code> to get
- encoded status that includes any terminating signals.
- </p>
-
-<pre>
-int status;
-if (virCommandRun(cmd, &status) < 0)
- return -1;
-if (status == 1) {
- ...do stuff...
-}
-
-virCommandRawStatus(cmd2);
-if (virCommandRun(cmd2, &status) < 0)
- return -1;
-if (WIFEXITED(status) && WEXITSTATUS(status) == 1) {
- ...do stuff...
-}
-</pre>
-
- <h3><a id="async">Running commands
asynchronously</a></h3>
-
- <p>
- In certain complex scenarios, particularly special
- I/O handling is required for the child's stdin/err/out
- it will be necessary to run the command asynchronously
- and wait for completion separately.
- </p>
-
-<pre>
-pid_t pid;
-if (virCommandRunAsync(cmd, &pid) < 0)
- return -1;
-
-... do something while pid is running ...
-
-int status;
-if (virCommandWait(cmd, &status) < 0)
- return -1;
-
-if (WEXITSTATUS(status)...) {
- ..do stuff..
-}
-</pre>
-
- <p>
- As with <code>virCommandRun</code>, the
<code>status</code>
- arg for <code>virCommandWait</code> can be omitted, in which
- case it will validate that exit status is zero and raise an
- error if not.
- </p>
-
- <p>
- There are two approaches to child process cleanup, determined by
- how long you want to keep the virCommand object in scope.
- </p>
-
- <p>1. If the virCommand object will outlast the child process,
- then pass NULL for the pid argument, and the child process will
- automatically be reaped at virCommandFree, unless you reap it
- sooner via virCommandWait or virCommandAbort.
- </p>
-
- <p>2. If the child process must exist on at least one code path
- after virCommandFree, then pass a pointer for the pid argument.
- Later, to clean up the child, call virPidWait or virPidAbort.
- Before virCommandFree, you can still use virCommandWait or
- virCommandAbort to reap the process.
- </p>
-
- <h3><a id="release">Releasing resources</a></h3>
-
- <p>
- Once the command has been executed, or if execution
- has been abandoned, it is necessary to release
- resources associated with the <code>virCommand *</code>
- object. This is done with:
- </p>
-
-<pre>
-virCommandFree(cmd);
-</pre>
-
- <p>
- There is no need to check if <code>cmd</code> is NULL
- before calling <code>virCommandFree</code>. This scenario
- is handled automatically. If the command is still running,
- it will be forcibly killed and cleaned up (via waitpid).
- </p>
-
- <h2><a id="example">Complete examples</a></h2>
-
- <p>
- This shows a complete example usage of the APIs roughly
- using the libvirt source src/util/hooks.c
- </p>
-
-<pre>
-int runhook(const char *drvstr, const char *id,
- const char *opstr, const char *subopstr,
- const char *extra)
-{
- g_autofree char *path = NULL;
- g_autoptr(virCommand) cmd = NULL;
-
- virBuildPath(&path, LIBVIRT_HOOK_DIR, drvstr);
-
- cmd = virCommandNew(path);
-
- virCommandAddEnvPassCommon(cmd);
-
- virCommandAddArgList(cmd, id, opstr, subopstr, extra, NULL);
-
- virCommandSetInputBuffer(cmd, input);
-
- return virCommandRun(cmd, NULL);
-}
-</pre>
-
- <p>
- In this example, the command is being run synchronously.
- A pre-formatted string is being fed to the command as
- its stdin. The command takes four arguments, and has a
- minimal set of environment variables passed down. In
- this example, the code does not require any error checking.
- All errors are reported by the <code>virCommandRun</code>
- method, and the exit status from this is returned to
- the caller to handle as desired.
- </p>
-
- </body>
-</html>
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
index 298a55dd88..e5f4bb0a4b 100644
--- a/docs/internals/meson.build
+++ b/docs/internals/meson.build
@@ -1,5 +1,4 @@
internals_in_files = [
- 'command',
'eventloop',
'locking',
'rpc',
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index c6748e8883..01ec5a070d 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -85,3 +85,6 @@ Internals
`VM migration internals <internals/migration.html>`__
VM migration implementation details, complementing the info in
`migration <../migration.html>`__
+
+`Spawning commands <internals/command.html>`__
+ Spawning commands from libvirt driver code
diff --git a/docs/kbase/internals/command.rst b/docs/kbase/internals/command.rst
new file mode 100644
index 0000000000..738fb5930a
--- /dev/null
+++ b/docs/kbase/internals/command.rst
@@ -0,0 +1,465 @@
+==================================================
+Spawning processes / commands from libvirt drivers
+==================================================
+
+.. contents::
+
+This page describes the usage of libvirt APIs for spawning processes / commands
+from libvirt drivers. All code is required to use these APIs
+
+Problems with standard POSIX APIs
+---------------------------------
+
+The POSIX specification includes a number of APIs for spawning processes /
+commands, but they suffer from a number of flaws
+
+- ``fork+exec``: The lowest & most flexible level, but very hard to use
+ correctly / safely. It is easy to leak file descriptors, have unexpected
+ signal handler behaviour and not handle edge cases. Furthermore, it is not
+ portable to mingw.
+- ``system``: Convenient if you don't care about capturing command output, but
+ has the serious downside that the command string is interpreted by the shell.
+ This makes it very dangerous to use, because improperly validated user input
+ can lead to exploits via shell meta characters.
+- ``popen``: Inherits the flaws of ``system``, and has no option for
+ bi-directional communication.
+- ``posix_spawn``: A half-way house between simplicity of system() and the
+ flexibility of fork+exec. It does not allow for a couple of important
+ features though, such as running a hook between the fork+exec stage, or
+ closing all open file descriptors.
+
+Due to the problems mentioned with each of these, libvirt driver code **must not
+use** any of the above APIs. Historically libvirt provided a higher level API
+known as virExec. This was wrapper around fork+exec, in a similar style to
+posix_spawn, but with a few more features.
+
+This wrapper still suffered from a number of problems. Handling command cleanup
+via waitpid() is overly complex & error prone for most usage. Building up the
+argv[] + env[] string arrays is quite cumbersome and error prone, particularly
+wrt memory leak / OOM handling.
+
+The libvirt command execution API
+---------------------------------
+
+There is now a high level API that provides a safe and flexible way to spawn
+commands, which prevents the most common errors & is easy to code against. This
+code is provided in the ``src/util/vircommand.h`` header which can be imported
+using ``#include "vircommand.h"``
+
+Defining commands in libvirt
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The first step is to declare what command is to be executed. The command name
+can be either a fully qualified path, or a bare command name. In the latter case
+it will be resolved wrt the ``$PATH`` environment variable.
+
+::
+
+ virCommand *cmd = virCommandNew("/usr/bin/dnsmasq");
+
+There is no need to check for allocation failure after ``virCommandNew``. This
+will be detected and reported at a later time.
+
+Adding arguments to the command
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+There are a number of APIs for adding arguments to a command. To add a direct
+string arg
+
+::
+
+ virCommandAddArg(cmd, "-strict-order");
+
+If an argument takes an attached value of the form ``-arg=val``, then this can
+be done using
+
+::
+
+ virCommandAddArgPair(cmd, "--conf-file", "/etc/dnsmasq.conf");
+
+If an argument needs to be formatted as if by ``printf``:
+
+::
+
+ virCommandAddArgFormat(cmd, "%d", count);
+
+To add an entire NULL terminated array of arguments in one go, there are two
+options.
+
+::
+
+ const char *const args[] = {
+ "--strict-order", "--except-interface", "lo", NULL
+ };
+ virCommandAddArgSet(cmd, args);
+ virCommandAddArgList(cmd, "--domain", "localdomain", NULL);
+
+This can also be done at the time of initial construction of the
+``virCommand *`` object:
+
+::
+
+ const char *const args[] = {
+ "/usr/bin/dnsmasq",
+ "--strict-order", "--except-interface",
+ "lo", "--domain", "localdomain", NULL
+ };
+ virCommand *cmd1 = virCommandNewArgs(cmd, args);
+ virCommand *cmd2 = virCommandNewArgList("/usr/bin/dnsmasq",
+ "--domain",
"localdomain", NULL);
+
+Setting up the environment
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default a command will inherit all environment variables from the current
+process. Generally this is not desirable and a customized environment will be
+more suitable. Any customization done via the following APIs will prevent
+inheritance of any existing environment variables unless explicitly allowed. The
+first step is usually to pass through a small number of variables from the
+current process.
+
+::
+
+ virCommandAddEnvPassCommon(cmd);
+
+This has now set up a clean environment for the child, passing through ``PATH``,
+``LD_PRELOAD``, ``LD_LIBRARY_PATH``, ``HOME``, ``USER``, ``LOGNAME`` and
+``TMPDIR``. Furthermore it will explicitly set ``LC_ALL=C`` to avoid unexpected
+localization of command output. Further variables can be passed through from
+parent explicitly:
+
+::
+
+ virCommandAddEnvPass(cmd, "DISPLAY");
+ virCommandAddEnvPass(cmd, "XAUTHORITY");
+
+To define an environment variable in the child with an separate key / value:
+
+::
+
+ virCommandAddEnvPair(cmd, "TERM", "xterm");
+
+If the key/value pair is pre-formatted in the right format, it can be set
+directly
+
+::
+
+ virCommandAddEnvString(cmd, "TERM=xterm");
+
+Miscellaneous other options
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Normally the spawned command will retain the current process and process group
+as its parent. If the current process dies, the child will then (usually) be
+terminated too. If this cleanup is not desired, then the command should be
+marked as daemonized:
+
+::
+
+ virCommandDaemonize(cmd);
+
+When daemonizing a command, the PID visible from the caller will be that of the
+intermediate process, not the actual damonized command. If the PID of the real
+command is required then a pidfile can be requested
+
+::
+
+ virCommandSetPidFile(cmd, "/var/run/dnsmasq.pid");
+
+This PID file is guaranteed to be written before the intermediate process exits.
+Moreover, the daemonized process will inherit the FD of the opened and locked
+PID file.
+
+Reducing command privileges
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Normally a command will inherit all privileges of the current process. To
+restrict what a command can do, it is possible to request that all its
+capabilities are cleared. With this done it will only be able to access
+resources for which it has explicit DAC permissions
+
+::
+
+ virCommandClearCaps(cmd);
+
+Managing file handles
+~~~~~~~~~~~~~~~~~~~~~
+
+To prevent unintended resource leaks to child processes, the child defaults to
+closing all open file handles, and setting stdin/out/err to ``/dev/null``. It is
+possible to allow an open file handle to be passed into the child, while
+controlling whether that handle remains open in the parent or guaranteeing that
+the handle will be closed in the parent after virCommandRun, virCommandRunAsync,
+or virCommandFree.
+
+::
+
+ int sharedfd = open("cmd.log", "w+");
+ int childfd = open("conf.txt", "r");
+ virCommandPassFD(cmd, sharedfd, 0);
+ virCommandPassFD(cmd, childfd,
+ VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+ if (VIR_CLOSE(sharedfd) < 0)
+ goto cleanup;
+
+With this, both file descriptors sharedfd and childfd in the current process
+remain open as the same file descriptors in the child. Meanwhile, after the
+child is spawned, sharedfd remains open in the parent, while childfd is closed.
+
+For stdin/out/err it is sometimes necessary to map a file handle. If a mapped
+file handle is a pipe fed or consumed by the caller, then the caller should use
+virCommandDaemonize or virCommandRunAsync rather than virCommandRun to avoid
+deadlock (mapping a regular file is okay with virCommandRun). To attach file
+descriptor 7 in the current process to stdin in the child:
+
+::
+
+ virCommandSetInputFD(cmd, 7);
+
+Equivalently to redirect stdout or stderr in the child, pass in a pointer to the
+desired handle
+
+::
+
+ int outfd = open("out.log", "w+");
+ int errfd = open("err.log", "w+");
+ virCommandSetOutputFD(cmd, &outfd);
+ virCommandSetErrorFD(cmd, &errfd);
+
+Alternatively it is possible to request that a pipe be created to fetch
+stdout/err in the parent, by initializing the FD to -1.
+
+::
+
+ int outfd = -1;
+ int errfd = -1
+ virCommandSetOutputFD(cmd, &outfd);
+ virCommandSetErrorFD(cmd, &errfd);
+
+Once the command is running, ``outfd`` and ``errfd`` will be initialized with
+valid file handles that can be read from. It is permissible to pass the same
+pointer for both outfd and errfd, in which case both standard streams in the
+child will share the same fd in the parent.
+
+Normally, file descriptors opened to collect output from a child process perform
+blocking I/O, but the parent process can request non-blocking mode:
+
+::
+
+ virCommandNonblockingFDs(cmd);
+
+Feeding & capturing strings to/from the child
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Often dealing with file handles for stdin/out/err is unnecessarily complex; an
+alternative is to let virCommandRun perform the I/O and interact via string
+buffers. Use of a buffer only works with virCommandRun, and cannot be mixed with
+pipe file descriptors. That is, the choice is generally between managing all I/O
+in the caller (any fds not specified are tied to /dev/null), or letting
+virCommandRun manage all I/O via strings (unspecified stdin is tied to
+/dev/null, and unspecified output streams get logged but are otherwise
+discarded).
+
+It is possible to specify a string buffer to act as the data source for the
+child's stdin, if there are no embedded NUL bytes, and if the command will be
+run with virCommandRun:
+
+::
+
+ const char *input = "Hello World\n";
+ virCommandSetInputBuffer(cmd, input);
+
+Similarly it is possible to request that the child's stdout/err be redirected
+into a string buffer, if the output is not expected to contain NUL bytes, and if
+the command will be run with virCommandRun:
+
+::
+
+ char *output = NULL, *errors = NULL;
+ virCommandSetOutputBuffer(cmd, &output);
+ virCommandSetErrorBuffer(cmd, &errors);
+
+Once the command has finished executing, these buffers will contain the output.
+Allocation is guaranteed if virCommandRun or virCommandWait succeed (if there
+was no output, then the buffer will contain an allocated empty string); if the
+command failed, then the buffers usually contain a best-effort allocation of
+collected information (however, on an out-of-memory condition, the buffer may
+still be NULL). The caller is responsible for freeing registered buffers, since
+the buffers are designed to persist beyond virCommandFree. It is possible to
+pass the same pointer to both virCommandSetOutputBuffer and
+virCommandSetErrorBuffer, in which case the child process interleaves output
+into a single string.
+
+Setting working directory
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Daemonized commands are always run with "/" as the current working directory.
+All other commands default to running in the same working directory as the
+parent process, but an alternate directory can be specified:
+
+::
+
+ virCommandSetWorkingDirectory(cmd, LOCALSTATEDIR);
+
+Any additional hooks
+~~~~~~~~~~~~~~~~~~~~
+
+If anything else is needed, it is possible to request a hook function that is
+called in the child after the fork, as the last thing before changing
+directories, dropping capabilities, and executing the new process. If
+hook(opaque) returns non-zero, then the child process will not be run.
+
+::
+
+ virCommandSetPreExecHook(cmd, hook, opaque);
+
+Logging commands
+~~~~~~~~~~~~~~~~
+
+Sometimes, it is desirable to log what command will be run, or even to use
+virCommand solely for creation of a single consolidated string without running
+anything.
+
+::
+
+ int logfd = ...;
+ char *timestamp = virTimestamp();
+ char *string = NULL;
+
+ dprintf(logfd, "%s: ", timestamp);
+ VIR_FREE(timestamp);
+ virCommandWriteArgLog(cmd, logfd);
+
+ string = virCommandToString(cmd, false);
+ if (string)
+ VIR_DEBUG("about to run %s", string);
+ VIR_FREE(string);
+ if (virCommandRun(cmd, NULL) < 0)
+ return -1;
+
+Running commands synchronously
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For most commands, the desired behaviour is to spawn the command, wait for it to
+complete & exit and then check that its exit status is zero
+
+::
+
+ if (virCommandRun(cmd, NULL) < 0)
+ return -1;
+
+**Note:** if the command has been daemonized this will only block & wait for the
+intermediate process, not the real command. ``virCommandRun`` will report on any
+errors that have occurred upon this point with all previous API calls. If the
+command fails to run, or exits with non-zero status an error will be reported
+via normal libvirt error infrastructure. If a non-zero exit status can represent
+a success condition, it is possible to request the exit status and perform that
+check manually instead of letting ``virCommandRun`` raise the error. By default,
+the captured status is only for a normal exit (death from a signal is treated as
+an error), but a caller can use ``virCommandRawStatus`` to get encoded status
+that includes any terminating signals.
+
+::
+
+ int status;
+ if (virCommandRun(cmd, &status) < 0)
+ return -1;
+ if (status == 1) {
+ ...do stuff...
+ }
+
+ virCommandRawStatus(cmd2);
+ if (virCommandRun(cmd2, &status) < 0)
+ return -1;
+ if (WIFEXITED(status) && WEXITSTATUS(status) == 1) {
+ ...do stuff...
+ }
+
+Running commands asynchronously
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In certain complex scenarios, particularly special I/O handling is required for
+the child's stdin/err/out it will be necessary to run the command asynchronously
+and wait for completion separately.
+
+::
+
+ pid_t pid;
+ if (virCommandRunAsync(cmd, &pid) < 0)
+ return -1;
+
+ ... do something while pid is running ...
+
+ int status;
+ if (virCommandWait(cmd, &status) < 0)
+ return -1;
+
+ if (WEXITSTATUS(status)...) {
+ ..do stuff..
+ }
+
+As with ``virCommandRun``, the ``status`` arg for ``virCommandWait`` can be
+omitted, in which case it will validate that exit status is zero and raise an
+error if not.
+
+There are two approaches to child process cleanup, determined by how long you
+want to keep the virCommand object in scope.
+
+1. If the virCommand object will outlast the child process, then pass NULL for
+the pid argument, and the child process will automatically be reaped at
+virCommandFree, unless you reap it sooner via virCommandWait or virCommandAbort.
+
+2. If the child process must exist on at least one code path after
+virCommandFree, then pass a pointer for the pid argument. Later, to clean up the
+child, call virPidWait or virPidAbort. Before virCommandFree, you can still use
+virCommandWait or virCommandAbort to reap the process.
+
+Releasing resources
+~~~~~~~~~~~~~~~~~~~
+
+Once the command has been executed, or if execution has been abandoned, it is
+necessary to release resources associated with the ``virCommand *`` object. This
+is done with:
+
+::
+
+ virCommandFree(cmd);
+
+There is no need to check if ``cmd`` is NULL before calling ``virCommandFree``.
+This scenario is handled automatically. If the command is still running, it will
+be forcibly killed and cleaned up (via waitpid).
+
+Complete examples
+-----------------
+
+This shows a complete example usage of the APIs roughly using the libvirt source
+src/util/hooks.c
+
+::
+
+ int runhook(const char *drvstr, const char *id,
+ const char *opstr, const char *subopstr,
+ const char *extra)
+ {
+ g_autofree char *path = NULL;
+ g_autoptr(virCommand) cmd = NULL;
+
+ virBuildPath(&path, LIBVIRT_HOOK_DIR, drvstr);
+
+ cmd = virCommandNew(path);
+
+ virCommandAddEnvPassCommon(cmd);
+
+ virCommandAddArgList(cmd, id, opstr, subopstr, extra, NULL);
+
+ virCommandSetInputBuffer(cmd, input);
+
+ return virCommandRun(cmd, NULL);
+ }
+
+In this example, the command is being run synchronously. A pre-formatted string
+is being fed to the command as its stdin. The command takes four arguments, and
+has a minimal set of environment variables passed down. In this example, the
+code does not require any error checking. All errors are reported by the
+``virCommandRun`` method, and the exit status from this is returned to the
+caller to handle as desired.
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
index 923e262706..3486b21852 100644
--- a/docs/kbase/internals/meson.build
+++ b/docs/kbase/internals/meson.build
@@ -1,4 +1,5 @@
docs_kbase_internals_files = [
+ 'command',
'incremental-backup',
'migration',
]
--
2.35.1
9 a.m.
New subject: [PATCH 06/11] docs: Convert 'internals/eventloop' page to rst and move it to 'kbase/internals'
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/docs.rst | 3 -
docs/internals/eventloop.html.in | 106 -----------------------------
docs/internals/meson.build | 1 -
docs/kbase/index.rst | 3 +
docs/kbase/internals/eventloop.rst | 84 +++++++++++++++++++++++
docs/kbase/internals/meson.build | 1 +
6 files changed, 88 insertions(+), 110 deletions(-)
delete mode 100644 docs/internals/eventloop.html.in
create mode 100644 docs/kbase/internals/eventloop.rst
diff --git a/docs/docs.rst b/docs/docs.rst
index a92c7c26ab..4496206d6a 100644
--- a/docs/docs.rst
+++ b/docs/docs.rst
@@ -154,9 +154,6 @@ Project development
`API extensions <api_extension.html>`__
Adding new public libvirt APIs
-`Event loop and worker pool <internals/eventloop.html>`__
- Libvirt's event loop and worker pool mode
-
`RPC protocol & APIs <internals/rpc.html>`__
RPC protocol information and API / dispatch guide
diff --git a/docs/internals/eventloop.html.in b/docs/internals/eventloop.html.in
deleted file mode 100644
index 1a24254fc5..0000000000
--- a/docs/internals/eventloop.html.in
+++ /dev/null
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>Libvirt's event loop</h1>
-
- <ul id="toc"></ul>
-
- <p>
- This page describes the event loop approach used in
- libvirt. Both server and client.
- </p>
-
- <h2><a id="event_loop">Event driven
programming</a></h2>
-
- <p>Traditionally, a program simply ran once, then terminated.
- This type of program was very common in the early days of
- computing, and lacked any form of user interactivity. This is
- still used frequently, particularly in small one purpose
- programs.</p>
-
- <p>However, that approach is not suitable for all the types
- of applications. For instance graphical applications spend
- most of their run time waiting for an input from user. Only
- after it happened (in our example a button was clicked, a key
- pressed, etc.) an event is generated to which they respond
- by executing desired function. If generalized, this is how
- many long running programs (daemons) work. Even those who are
- not waiting for direct user input and have no graphical
- interface. Such as Libvirt.</p>
-
- <img alt="event loop"
src="../images/event_loop_simple.png"/>
-
- <p>In Libvirt this approach is used in combination with
- <code>poll(2)</code> as all the communication with its
- clients (and domains it manages too) happens through sockets.
- Therefore whenever new client connects, it is given exclusive
- file descriptor which is then watched for incoming events,
- e.g. messages. </p>
-
- <h2><a id="api">The event loop API</a></h2>
-
- <p>To work with event loop from our code we have plenty of
- APIs.</p>
-
- <ul>
- <li><code>virEventAddHandle</code>: Registers a
- callback for monitoring file handle events.</li>
- <li><code>virEventUpdateHandle</code>: Change set of events
- monitored file handle is being watched for.</li>
- <li><code>virEventRemoveHandle</code>: Unregisters
- previously registered file handle so that it is no
- longer monitored for any events.</li>
- <li><code>virEventAddTimeout</code>: Registers a
- callback for timer event.</li>
- <li><code>virEventUpdateTimeout</code>: Changes frequency
- for a timer.</li>
- <li><code>virEventRemoveTimeout</code>: Unregisters
- a timer.</li>
- </ul>
-
- <p>For more information on these APIs continue reading <a
- href="../html/libvirt-libvirt-event.html">here</a>.</p>
-
- <h2><a id="worker_pool">Worker pool</a></h2>
-
- <p>Looking back at the image above we can see one big
- limitation. While processing a message event loop is blocked
- and for an outside observer unresponsive. This is not
- acceptable for Libvirt. Therefore we have came up with the
- following solution.</p>
-
- <img alt="event loop"
src="../images/event_loop_worker.png"/>
-
- <p>The event loop does only necessary minimum and hand over
- message processing to another thread. In fact, there can be
- as many processing threads as configured increasing
- processing power.</p>
-
- <p>To break this high level description into smaller pieces,
- here is what happens when user calls an API:</p>
- <ol>
- <li>User (or management application) calls a Libvirt API.
- Depending on the connection URI, this may or may not
- involve server. Well, for the sake of our
- demonstration we assume the former.</li>
- <li>Remote driver encodes the API among it's arguments
- into an <a href="rpc.html">RPC message</a> and sends
- it to the server.</li>
- <li>Here, server is waiting in <code>poll(2)</code> for
- an event, like incoming message.</li>
- <li>As soon as the first bytes of message are received,
- even loop wakes up and server starts reading the
- whole message.</li>
- <li>Once fully read, the event loop notifies threads
- known as worker threads from which one picks the incoming
- message, decodes and process it.</li>
- <li>As soon as API execution is finished, a reply is sent
- to the client.</li>
- </ol>
-
- <p>In case that there's no free worker to process an incoming
- message in step 5, message is placed at the end of a message
- queue and is processed in next iteration.</p>
- </body>
-</html>
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
index e5f4bb0a4b..5baf444bf9 100644
--- a/docs/internals/meson.build
+++ b/docs/internals/meson.build
@@ -1,5 +1,4 @@
internals_in_files = [
- 'eventloop',
'locking',
'rpc',
]
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 01ec5a070d..47cfc0505c 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -88,3 +88,6 @@ Internals
`Spawning commands <internals/command.html>`__
Spawning commands from libvirt driver code
+
+`Event loop and worker pool <internals/eventloop.html>`__
+ Libvirt's event loop and worker pool mode
diff --git a/docs/kbase/internals/eventloop.rst b/docs/kbase/internals/eventloop.rst
new file mode 100644
index 0000000000..f25e97ab14
--- /dev/null
+++ b/docs/kbase/internals/eventloop.rst
@@ -0,0 +1,84 @@
+====================
+Libvirt's event loop
+====================
+
+.. contents::
+
+This page describes the event loop approach used in libvirt. Both server and
+client.
+
+Event driven programming
+------------------------
+
+Traditionally, a program simply ran once, then terminated. This type of program
+was very common in the early days of computing, and lacked any form of user
+interactivity. This is still used frequently, particularly in small one purpose
+programs.
+
+However, that approach is not suitable for all the types of applications. For
+instance graphical applications spend most of their run time waiting for an
+input from user. Only after it happened (in our example a button was clicked, a
+key pressed, etc.) an event is generated to which they respond by executing
+desired function. If generalized, this is how many long running programs
+(daemons) work. Even those who are not waiting for direct user input and have no
+graphical interface. Such as Libvirt.
+
+.. image:: ../images/event_loop_simple.png
+ :alt: event loop
+
+In Libvirt this approach is used in combination with ``poll(2)`` as all the
+communication with its clients (and domains it manages too) happens through
+sockets. Therefore whenever new client connects, it is given exclusive file
+descriptor which is then watched for incoming events, e.g. messages.
+
+The event loop API
+------------------
+
+To work with event loop from our code we have plenty of APIs.
+
+- ``virEventAddHandle``: Registers a callback for monitoring file handle
+ events.
+- ``virEventUpdateHandle``: Change set of events monitored file handle is being
+ watched for.
+- ``virEventRemoveHandle``: Unregisters previously registered file handle so
+ that it is no longer monitored for any events.
+- ``virEventAddTimeout``: Registers a callback for timer event.
+- ``virEventUpdateTimeout``: Changes frequency for a timer.
+- ``virEventRemoveTimeout``: Unregisters a timer.
+
+For more information on these APIs continue reading
+`here <../html/libvirt-libvirt-event.html>`__.
+
+Worker pool
+-----------
+
+Looking back at the image above we can see one big limitation. While processing
+a message event loop is blocked and for an outside observer unresponsive. This
+is not acceptable for Libvirt. Therefore we have came up with the following
+solution.
+
+.. image:: ../images/event_loop_worker.png
+ :alt: event loop
+
+The event loop does only necessary minimum and hand over message processing to
+another thread. In fact, there can be as many processing threads as configured
+increasing processing power.
+
+To break this high level description into smaller pieces, here is what happens
+when user calls an API:
+
+#. User (or management application) calls a Libvirt API. Depending on the
+ connection URI, this may or may not involve server. Well, for the sake of our
+ demonstration we assume the former.
+#. Remote driver encodes the API among it's arguments into an `RPC
+ message <rpc.html>`__ and sends it to the server.
+#. Here, server is waiting in ``poll(2)`` for an event, like incoming message.
+#. As soon as the first bytes of message are received, even loop wakes up and
+ server starts reading the whole message.
+#. Once fully read, the event loop notifies threads known as worker threads from
+ which one picks the incoming message, decodes and process it.
+#. As soon as API execution is finished, a reply is sent to the client.
+
+In case that there's no free worker to process an incoming message in step 5,
+message is placed at the end of a message queue and is processed in next
+iteration.
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
index 3486b21852..5f61f5dba4 100644
--- a/docs/kbase/internals/meson.build
+++ b/docs/kbase/internals/meson.build
@@ -1,5 +1,6 @@
docs_kbase_internals_files = [
'command',
+ 'eventloop',
'incremental-backup',
'migration',
]
--
2.35.1
9 a.m.
New subject: [PATCH 07/11] docs: Convert 'internals/locking' page to rst and move it to 'kbase/internals'
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/docs.rst | 3 -
docs/internals/locking.html.in | 267 -------------------------------
docs/internals/meson.build | 1 -
docs/kbase/index.rst | 3 +
docs/kbase/internals/locking.rst | 190 ++++++++++++++++++++++
docs/kbase/internals/meson.build | 1 +
docs/kbase/meson.build | 1 -
7 files changed, 194 insertions(+), 272 deletions(-)
delete mode 100644 docs/internals/locking.html.in
create mode 100644 docs/kbase/internals/locking.rst
diff --git a/docs/docs.rst b/docs/docs.rst
index 4496206d6a..3387dacce8 100644
--- a/docs/docs.rst
+++ b/docs/docs.rst
@@ -157,9 +157,6 @@ Project development
`RPC protocol & APIs <internals/rpc.html>`__
RPC protocol information and API / dispatch guide
-`Lock managers <internals/locking.html>`__
- Use lock managers to protect disk content
-
`Functional testing <testsuites.html>`__
Testing libvirt with
`TCK test suite <testtck.html>`__ and
diff --git a/docs/internals/locking.html.in b/docs/internals/locking.html.in
deleted file mode 100644
index d10efdf26e..0000000000
--- a/docs/internals/locking.html.in
+++ /dev/null
@@ -1,267 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>Resource Lock Manager</h1>
-
- <ul id="toc"></ul>
-
- <p>
- This page describes the design of the resource lock manager
- that is used for locking disk images, to ensure exclusive
- access to content.
- </p>
-
- <h2><a id="goals">Goals</a></h2>
-
- <p>
- The high level goal is to prevent the same disk image being
- used by more than one QEMU instance at a time (unless the
- disk is marked as shareable, or readonly). The scenarios
- to be prevented are thus:
- </p>
-
- <ol>
- <li>
- Two different guests running configured to point at the
- same disk image.
- </li>
- <li>
- One guest being started more than once on two different
- machines due to admin mistake
- </li>
- <li>
- One guest being started more than once on a single machine
- due to libvirt driver bug on a single machine.
- </li>
- </ol>
-
- <h2><a id="requirement">Requirements</a></h2>
-
- <p>
- The high level goal leads to a set of requirements
- for the lock manager design
- </p>
-
- <ol>
- <li>
- A lock must be held on a disk whenever a QEMU process
- has the disk open
- </li>
- <li>
- The lock scheme must allow QEMU to be configured with
- readonly, shared write, or exclusive writable disks
- </li>
- <li>
- A lock handover must be performed during the migration
- process where 2 QEMU processes will have the same disk
- open concurrently.
- </li>
- <li>
- The lock manager must be able to identify and kill the
- process accessing the resource if the lock is revoked.
- </li>
- <li>
- Locks can be acquired for arbitrary VM related resources,
- as determined by the management application.
- </li>
- </ol>
-
- <h2><a id="design">Design</a></h2>
-
- <p>
- Within a lock manager the following series of operations
- will need to be supported.
- </p>
-
- <ul>
- <li>
- <strong>Register object</strong>
- Register the identity of an object against which
- locks will be acquired
- </li>
- <li>
- <strong>Add resource</strong>
- Associate a resource with an object for future
- lock acquisition / release
- </li>
- <li>
- <strong>Acquire locks</strong>
- Acquire the locks for all resources associated
- with the object
- </li>
- <li>
- <strong>Release locks</strong>
- Release the locks for all resources associated
- with the object
- </li>
- <li>
- <strong>Inquire locks</strong>
- Get a representation of the state of the locks
- for all resources associated with the object
- </li>
- </ul>
-
- <h2><a id="impl">Plugin Implementations</a></h2>
-
- <p>
- Lock manager implementations are provided as LGPLv2+
- licensed, dlopen()able library modules. The plugins
- will be loadable from the following location:
- </p>
-
- <pre>
-/usr/{lib,lib64}/libvirt/lock_manager/$NAME.so
-</pre>
-
- <p>
- The lock manager plugin must export a single ELF
- symbol named <code>virLockDriverImpl</code>, which is
- a static instance of the <code>virLockDriver</code>
- struct. The struct is defined in the header file
- </p>
-
- <pre>
-#include <libvirt/plugins/lock_manager.h>
- </pre>
-
- <p>
- All callbacks in the struct must be initialized
- to non-NULL pointers. The semantics of each
- callback are defined in the API docs embedded
- in the previously mentioned header file
- </p>
-
- <h2><a id="qemuIntegrate">QEMU Driver
integration</a></h2>
-
- <p>
- With the QEMU driver, the lock plugin will be set
- in the <code>/etc/libvirt/qemu.conf</code> configuration
- file by specifying the lock manager name.
- </p>
-
- <pre>
-lockManager="sanlock"
- </pre>
-
- <p>
- By default the lock manager will be a 'no op' implementation
- for backwards compatibility
- </p>
-
- <h2><a id="usagePatterns">Lock usage
patterns</a></h2>
-
- <p>
- The following pseudo code illustrates the common
- patterns of operations invoked on the lock
- manager plugin callbacks.
- </p>
-
- <h3><a id="usageLockAcquire">Lock
acquisition</a></h3>
-
- <p>
- Initial lock acquisition will be performed from the
- process that is to own the lock. This is typically
- the QEMU child process, in between the fork+exec
- pairing. When adding further resources on the fly,
- to an existing object holding locks, this will be
- done from the libvirtd process.
- </p>
-
- <pre>
-virLockManagerParam params[] = {
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
- .key = "uuid",
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
- .key = "name",
- .value = { .str = dom->def->name },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
- .key = "id",
- .value = { .i = dom->def->id },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
- .key = "pid",
- .value = { .i = dom->pid },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
- .key = "uri",
- .value = { .cstr = driver->uri },
- },
-};
-mgr = virLockManagerNew(lockPlugin,
- VIR_LOCK_MANAGER_TYPE_DOMAIN,
- ARRAY_CARDINALITY(params),
- params,
- 0)));
-
-foreach (initial disks)
- virLockManagerAddResource(mgr,
- VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
- $path, 0, NULL, $flags);
-
-if (virLockManagerAcquire(lock, NULL, 0) < 0);
- ...abort...
- </pre>
-
- <h3><a id="usageLockAttach">Lock release</a></h3>
-
- <p>
- The locks are all implicitly released when the process
- that acquired them exits, however, a process may
- voluntarily give up the lock by running
- </p>
-
- <pre>
-char *state = NULL;
-virLockManagerParam params[] = {
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
- .key = "uuid",
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
- .key = "name",
- .value = { .str = dom->def->name },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
- .key = "id",
- .value = { .i = dom->def->id },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
- .key = "pid",
- .value = { .i = dom->pid },
- },
- { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
- .key = "uri",
- .value = { .cstr = driver->uri },
- },
-};
-mgr = virLockManagerNew(lockPlugin,
- VIR_LOCK_MANAGER_TYPE_DOMAIN,
- ARRAY_CARDINALITY(params),
- params,
- 0)));
-
-foreach (initial disks)
- virLockManagerAddResource(mgr,
- VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
- $path, 0, NULL, $flags);
-
-virLockManagerRelease(mgr, & state, 0);
- </pre>
-
- <p>
- The returned state string can be passed to the
- <code>virLockManagerAcquire</code> method to
- later re-acquire the exact same locks. This
- state transfer is commonly used when performing
- live migration of virtual machines. By validating
- the state the lock manager can ensure no other
- VM has re-acquire the same locks on a different
- host. The state can also be obtained without
- releasing the locks, by calling the
- <code>virLockManagerInquire</code> method.
- </p>
-
- </body>
-</html>
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
index 5baf444bf9..68a2e70a3d 100644
--- a/docs/internals/meson.build
+++ b/docs/internals/meson.build
@@ -1,5 +1,4 @@
internals_in_files = [
- 'locking',
'rpc',
]
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 47cfc0505c..2125bf4252 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -91,3 +91,6 @@ Internals
`Event loop and worker pool <internals/eventloop.html>`__
Libvirt's event loop and worker pool mode
+
+`Lock managers <internals/locking.html>`__
+ Use lock managers to protect disk content
diff --git a/docs/kbase/internals/locking.rst b/docs/kbase/internals/locking.rst
new file mode 100644
index 0000000000..50d2b92d57
--- /dev/null
+++ b/docs/kbase/internals/locking.rst
@@ -0,0 +1,190 @@
+=====================
+Resource Lock Manager
+=====================
+
+.. contents::
+
+This page describes the design of the resource lock manager that is used for
+locking disk images, to ensure exclusive access to content.
+
+Goals
+-----
+
+The high level goal is to prevent the same disk image being used by more than
+one QEMU instance at a time (unless the disk is marked as shareable, or
+readonly). The scenarios to be prevented are thus:
+
+#. Two different guests running configured to point at the same disk image.
+#. One guest being started more than once on two different machines due to admin
+ mistake
+#. One guest being started more than once on a single machine due to libvirt
+ driver bug on a single machine.
+
+Requirements
+------------
+
+The high level goal leads to a set of requirements for the lock manager design
+
+#. A lock must be held on a disk whenever a QEMU process has the disk open
+#. The lock scheme must allow QEMU to be configured with readonly, shared write,
+ or exclusive writable disks
+#. A lock handover must be performed during the migration process where 2 QEMU
+ processes will have the same disk open concurrently.
+#. The lock manager must be able to identify and kill the process accessing the
+ resource if the lock is revoked.
+#. Locks can be acquired for arbitrary VM related resources, as determined by
+ the management application.
+
+Design
+------
+
+Within a lock manager the following series of operations will need to be
+supported.
+
+- **Register object** Register the identity of an object against which locks
+ will be acquired
+- **Add resource** Associate a resource with an object for future lock
+ acquisition / release
+- **Acquire locks** Acquire the locks for all resources associated with the
+ object
+- **Release locks** Release the locks for all resources associated with the
+ object
+- **Inquire locks** Get a representation of the state of the locks for all
+ resources associated with the object
+
+Plugin Implementations
+----------------------
+
+Lock manager implementations are provided as LGPLv2+ licensed, dlopen()able
+library modules. The plugins will be loadable from the following location:
+
+::
+
+ /usr/{lib,lib64}/libvirt/lock_manager/$NAME.so
+
+The lock manager plugin must export a single ELF symbol named
+``virLockDriverImpl``, which is a static instance of the ``virLockDriver``
+struct. The struct is defined in the header file
+
+::
+
+ #include <libvirt/plugins/lock_manager.h>
+
+All callbacks in the struct must be initialized to non-NULL pointers. The
+semantics of each callback are defined in the API docs embedded in the
+previously mentioned header file
+
+QEMU Driver integration
+-----------------------
+
+With the QEMU driver, the lock plugin will be set in the
+``/etc/libvirt/qemu.conf`` configuration file by specifying the lock manager
+name.
+
+::
+
+ lockManager="sanlock"
+
+By default the lock manager will be a 'no op' implementation for backwards
+compatibility
+
+Lock usage patterns
+-------------------
+
+The following pseudo code illustrates the common patterns of operations invoked
+on the lock manager plugin callbacks.
+
+Lock acquisition
+~~~~~~~~~~~~~~~~
+
+Initial lock acquisition will be performed from the process that is to own the
+lock. This is typically the QEMU child process, in between the fork+exec
+pairing. When adding further resources on the fly, to an existing object holding
+locks, this will be done from the libvirtd process.
+
+::
+
+ virLockManagerParam params[] = {
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
+ .key = "uuid",
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
+ .key = "name",
+ .value = { .str = dom->def->name },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+ .key = "id",
+ .value = { .i = dom->def->id },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+ .key = "pid",
+ .value = { .i = dom->pid },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
+ .key = "uri",
+ .value = { .cstr = driver->uri },
+ },
+ };
+ mgr = virLockManagerNew(lockPlugin,
+ VIR_LOCK_MANAGER_TYPE_DOMAIN,
+ ARRAY_CARDINALITY(params),
+ params,
+ 0)));
+
+ foreach (initial disks)
+ virLockManagerAddResource(mgr,
+ VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
+ $path, 0, NULL, $flags);
+
+ if (virLockManagerAcquire(lock, NULL, 0) < 0);
+ ...abort...
+
+Lock release
+~~~~~~~~~~~~
+
+The locks are all implicitly released when the process that acquired them exits,
+however, a process may voluntarily give up the lock by running
+
+::
+
+ char *state = NULL;
+ virLockManagerParam params[] = {
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
+ .key = "uuid",
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
+ .key = "name",
+ .value = { .str = dom->def->name },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+ .key = "id",
+ .value = { .i = dom->def->id },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
+ .key = "pid",
+ .value = { .i = dom->pid },
+ },
+ { .type = VIR_LOCK_MANAGER_PARAM_TYPE_CSTRING,
+ .key = "uri",
+ .value = { .cstr = driver->uri },
+ },
+ };
+ mgr = virLockManagerNew(lockPlugin,
+ VIR_LOCK_MANAGER_TYPE_DOMAIN,
+ ARRAY_CARDINALITY(params),
+ params,
+ 0)));
+
+ foreach (initial disks)
+ virLockManagerAddResource(mgr,
+ VIR_LOCK_MANAGER_RESOURCE_TYPE_DISK,
+ $path, 0, NULL, $flags);
+
+ virLockManagerRelease(mgr, & state, 0);
+
+The returned state string can be passed to the ``virLockManagerAcquire`` method
+to later re-acquire the exact same locks. This state transfer is commonly used
+when performing live migration of virtual machines. By validating the state the
+lock manager can ensure no other VM has re-acquire the same locks on a different
+host. The state can also be obtained without releasing the locks, by calling the
+``virLockManagerInquire`` method.
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
index 5f61f5dba4..8195d7caf0 100644
--- a/docs/kbase/internals/meson.build
+++ b/docs/kbase/internals/meson.build
@@ -2,6 +2,7 @@ docs_kbase_internals_files = [
'command',
'eventloop',
'incremental-backup',
+ 'locking',
'migration',
]
diff --git a/docs/kbase/meson.build b/docs/kbase/meson.build
index 269bf64a94..eb9c9544d6 100644
--- a/docs/kbase/meson.build
+++ b/docs/kbase/meson.build
@@ -36,7 +36,6 @@ foreach name : docs_kbase_files
}
endforeach
-# keep the XSLT processing code block in sync with docs/meson.build
# --- begin of XSLT processing ---
--
2.35.1
9 a.m.
New subject: [PATCH 08/11] docs: Convert 'internals/rpc' page to RST and move it to 'kbase/internals'
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/api.rst | 2 +-
docs/docs.rst | 3 -
docs/internals/meson.build | 1 -
docs/internals/rpc.html.in | 914 -------------------------------
docs/kbase/index.rst | 3 +
docs/kbase/internals/meson.build | 1 +
docs/kbase/internals/rpc.rst | 781 ++++++++++++++++++++++++++
7 files changed, 786 insertions(+), 919 deletions(-)
delete mode 100644 docs/internals/rpc.html.in
create mode 100644 docs/kbase/internals/rpc.rst
diff --git a/docs/api.rst b/docs/api.rst
index d9f01fb403..325b9b840c 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -219,7 +219,7 @@ Daemon and Remote Access
Access to libvirt drivers is primarily handled by the libvirtd daemon
through the `remote <remote.html>`__ driver via an
-`RPC <internals/rpc.html>`__. Some hypervisors do support client-side
+`RPC <kbase/internals/rpc.html>`__. Some hypervisors do support client-side
connections and responses, such as Test, OpenVZ, VMware, VirtualBox
(vbox), ESX, Hyper-V, Xen, and Virtuozzo. The libvirtd daemon service is
started on the host at system boot time and can also be restarted at any
diff --git a/docs/docs.rst b/docs/docs.rst
index 3387dacce8..0a698913be 100644
--- a/docs/docs.rst
+++ b/docs/docs.rst
@@ -154,9 +154,6 @@ Project development
`API extensions <api_extension.html>`__
Adding new public libvirt APIs
-`RPC protocol & APIs <internals/rpc.html>`__
- RPC protocol information and API / dispatch guide
-
`Functional testing <testsuites.html>`__
Testing libvirt with
`TCK test suite <testtck.html>`__ and
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
index 68a2e70a3d..cbf0623c08 100644
--- a/docs/internals/meson.build
+++ b/docs/internals/meson.build
@@ -1,5 +1,4 @@
internals_in_files = [
- 'rpc',
]
html_xslt_gen_install_dir = docs_html_dir / 'internals'
diff --git a/docs/internals/rpc.html.in b/docs/internals/rpc.html.in
deleted file mode 100644
index ceb7dba5f2..0000000000
--- a/docs/internals/rpc.html.in
+++ /dev/null
@@ -1,914 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>libvirt RPC infrastructure</h1>
-
- <ul id="toc"></ul>
-
- <p>
- libvirt includes a basic protocol and code to implement
- an extensible, secure client/server RPC service. This was
- originally designed for communication between the libvirt
- client library and the libvirtd daemon, but the code is
- now isolated to allow reuse in other areas of libvirt code.
- This document provides an overview of the protocol and
- structure / operation of the internal RPC library APIs.
- </p>
-
-
- <h2><a id="protocol">RPC protocol</a></h2>
-
- <p>
- libvirt uses a simple, variable length, packet based RPC protocol.
- All structured data within packets is encoded using the
- <a
href="https://en.wikipedia.org/wiki/External_Data_Representation&quo...
standard</a>
- as currently defined by <a
href="https://tools.ietf.org/html/rfc4506">RFC 4506</a>.
- On any connection running the RPC protocol, there can be multiple
- programs active, each supporting one or more versions. A program
- defines a set of procedures that it supports. The procedures can
- support call+reply method invocation, asynchronous events,
- and generic data streams. Method invocations can be overlapped,
- so waiting for a reply to one will not block the receipt of the
- reply to another outstanding method. The protocol was loosely
- inspired by the design of SunRPC. The definition of the RPC
- protocol is in the file <code>src/rpc/virnetprotocol.x</code>
- in the libvirt source tree.
- </p>
-
- <h3><a href="protocolframing">Packet
framing</a></h3>
-
- <p>
- On the wire, there is no explicit packet framing marker. Instead
- each packet is preceded by an unsigned 32-bit integer giving
- the total length of the packet in bytes. This length includes
- the 4-bytes of the length word itself. Conceptually the framing
- looks like this:
- </p>
-
-<pre>
-|~~~ Packet 1 ~~~|~~~ Packet 2 ~~~|~~~ Packet 3 ~~~|~~~
-
-+-------+------------+-------+------------+-------+------------+...
-| n=U32 | (n-4) * U8 | n=U32 | (n-4) * U8 | n=U32 | (n-4) * U8 |
-+-------+------------+-------+------------+-------+------------+...
-
-|~ Len ~|~ Data ~|~ Len ~|~ Data ~|~ Len ~|~ Data ~|~
-
-</pre>
-
- <h3><a href="protocoldata">Packet data</a></h3>
-
- <p>
- The data in each packet is split into two parts, a short
- fixed length header, followed by a variable length payload.
- So a packet from the illustration above is more correctly
- shown as
- </p>
-
-<pre>
-
-+-------+-------------+---------------....---+
-| n=U32 | 6*U32 | (n-(7*4))*U8 |
-+-------+-------------+---------------....---+
-
-|~ Len ~|~ Header ~|~ Payload .... ~|
-</pre>
-
-
- <h3><a href="protocolheader">Packet
header</a></h3>
- <p>
- The header contains 6 fields, encoded as signed/unsigned 32-bit
- integers.
- </p>
-
- <pre>
-+---------------+
-| program=U32 |
-+---------------+
-| version=U32 |
-+---------------+
-| procedure=S32 |
-+---------------+
-| type=S32 |
-+---------------+
-| serial=U32 |
-+---------------+
-| status=S32 |
-+---------------+
- </pre>
-
- <dl>
- <dt><code>program</code></dt>
- <dd>
- This is an arbitrarily chosen number that will uniquely
- identify the "service" running over the stream.
- </dd>
- <dt><code>version</code></dt>
- <dd>
- This is the version number of the program, by convention
- starting from '1'. When an incompatible change is made
- to a program, the version number is incremented. Ideally
- both versions will then be supported on the wire in
- parallel for backwards compatibility.
- </dd>
- <dt><code>procedure</code></dt>
- <dd>
- This is an arbitrarily chosen number that will uniquely
- identify the method call, or event associated with the
- packet. By convention, procedure numbers start from 1
- and are assigned monotonically thereafter.
- </dd>
- <dt><code>type</code></dt>
- <dd>
- <p>
- This can be one of the following enumeration values
- </p>
- <ol>
- <li>call: invocation of a method call</li>
- <li>reply: completion of a method call</li>
- <li>event: an asynchronous event</li>
- <li>stream: control info or data from a stream</li>
- </ol>
- </dd>
- <dt><code>serial</code></dt>
- <dd>
- This is a number that starts from 1 and increases
- each time a method call packet is sent. A reply or
- stream packet will have a serial number matching the
- original method call packet serial. Events always
- have the serial number set to 0.
- </dd>
- <dt><code>status</code></dt>
- <dd>
- <p>
- This can one of the following enumeration values
- </p>
- <ol>
- <li>ok: a normal packet. this is always set for method calls or events.
- For replies it indicates successful completion of the method. For
- streams it indicates confirmation of the end of file on the
stream.</li>
- <li>error: for replies this indicates that the method call failed
- and error information is being returned. For streams this indicates
- that not all data was sent and the stream has aborted</li>
- <li>continue: for streams this indicates that further data packets
- will be following</li>
- </ol>
- </dd>
- </dl>
-
- <h3><a href="protocolpayload">Packet
payload</a></h3>
-
- <p>
- The payload of a packet will vary depending on the <code>type</code>
- and <code>status</code> fields from the header.
- </p>
-
- <ul>
- <li>type=call: the in parameters for the method call, XDR encoded</li>
- <li>type=call-with-fds: number of file handles, then the in parameters for
the method call, XDR encoded, followed by the file handles</li>
- <li>type=reply+status=ok: the return value and/or out parameters for the
method call, XDR encoded</li>
- <li>type=reply+status=error: the error information for the method, a
virErrorPtr XDR encoded</li>
- <li>type=reply-with-fds+status=ok: number of file handles, the return value
and/or out parameters for the method call, XDR encoded, followed by the file
handles</li>
- <li>type=reply-with-fds+status=error: number of file handles, the error
information for the method, a virErrorPtr XDR encoded, followed by the file
handles</li>
- <li>type=event: the parameters for the event, XDR encoded</li>
- <li>type=stream+status=ok: no payload</li>
- <li>type=stream+status=error: the error information for the method, a
virErrorPtr XDR encoded</li>
- <li>type=stream+status=continue: the raw bytes of data for the stream. No XDR
encoding</li>
- </ul>
-
- <p>
- With the two packet types that support passing file descriptors, in
- between the header and the payload there will be a 4-byte integer
- specifying the number of file descriptors which are being sent.
- The actual file handles are sent after the payload has been sent.
- Each file handle has a single dummy byte transmitted as a carrier
- for the out of band file descriptor. While the sender should always
- send '\0' as the dummy byte value, the receiver ought to ignore the
- value for the sake of robustness.
- </p>
-
- <p>
- For the exact payload information for each procedure, consult the XDR protocol
- definition for the program+version in question
- </p>
-
- <h3><a id="wireexamples">Wire examples</a></h3>
-
- <p>
- The following diagrams illustrate some example packet exchanges
- between a client and server
- </p>
-
- <h4><a id="wireexamplescall">Method call</a></h4>
-
- <p>
- A single method call and successful
- reply, for a program=8, version=1, procedure=3, which 10 bytes worth
- of input args, and 4 bytes worth of return values. The overall input
- packet length is 4 + 24 + 10 == 38, and output packet length 32
- </p>
-
- <pre>
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
- +--+-----------------------+-----------+
-
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
- +--+-----------------------+--------+
- </pre>
-
- <h4><a id="wireexamplescallerr">Method call with
error</a></h4>
-
- <p>
- An unsuccessful method call will instead return an error object
- </p>
-
- <pre>
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
- +--+-----------------------+-----------+
-
- +--+-----------------------+--------------------------+
-C <-- |48| 8 | 1 | 3 | 2 | 1 | 0 | .o.oOo.o.oOo.o.oOo.o.oOo | <-- S
(error)
- +--+-----------------------+--------------------------+
- </pre>
-
- <h4><a id="wireexamplescallup">Method call with upload
stream</a></h4>
-
- <p>
- A method call which also involves uploading some data over
- a stream will result in
- </p>
-
- <pre>
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
- +--+-----------------------+-----------+
-
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
- +--+-----------------------+--------+
-
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- ...
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+
-C --> |24| 8 | 1 | 3 | 3 | 1 | 0 | --> S (stream finish)
- +--+-----------------------+
- +--+-----------------------+
-C <-- |24| 8 | 1 | 3 | 3 | 1 | 0 | <-- S (stream finish)
- +--+-----------------------+
- </pre>
-
- <h4><a id="wireexamplescallbi">Method call bidirectional
stream</a></h4>
-
- <p>
- A method call which also involves a bi-directional stream will
- result in
- </p>
-
- <pre>
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
- +--+-----------------------+-----------+
-
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
- +--+-----------------------+--------+
-
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S
(stream data down)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S
(stream data down)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S
(stream data down)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S
(stream data down)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- ..
- +--+-----------------------+-------------....-------+
-C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S
(stream data up)
- +--+-----------------------+-------------....-------+
- +--+-----------------------+
-C --> |24| 8 | 1 | 3 | 3 | 1 | 0 | --> S (stream finish)
- +--+-----------------------+
- +--+-----------------------+
-C <-- |24| 8 | 1 | 3 | 3 | 1 | 0 | <-- S (stream finish)
- +--+-----------------------+
- </pre>
-
-
- <h4><a id="wireexamplescallmany">Method calls
overlapping</a></h4>
- <pre>
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call 1)
- +--+-----------------------+-----------+
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 2 | 0 | .o.oOo.o. | --> S (call 2)
- +--+-----------------------+-----------+
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 2 | 0 | .o.oOo | <-- S (reply 2)
- +--+-----------------------+--------+
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 3 | 0 | .o.oOo.o. | --> S (call 3)
- +--+-----------------------+-----------+
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 3 | 0 | .o.oOo | <-- S (reply 3)
- +--+-----------------------+--------+
- +--+-----------------------+-----------+
-C --> |38| 8 | 1 | 3 | 0 | 4 | 0 | .o.oOo.o. | --> S (call 4)
- +--+-----------------------+-----------+
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply 1)
- +--+-----------------------+--------+
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 4 | 0 | .o.oOo | <-- S (reply 4)
- +--+-----------------------+--------+
- </pre>
-
- <h4><a id="wireexamplescallfd">Method call with passed
FD</a></h4>
-
- <p>
- A single method call with 2 passed file descriptors and successful
- reply, for a program=8, version=1, procedure=3, which 10 bytes worth
- of input args, and 4 bytes worth of return values. The number of
- file descriptors is encoded as a 32-bit int. Each file descriptor
- then has a 1 byte dummy payload. The overall input
- packet length is 4 + 24 + 4 + 2 + 10 == 44, and output packet length 32.
- </p>
-
- <pre>
- +--+-----------------------+---------------+-------+
-C --> |44| 8 | 1 | 3 | 0 | 1 | 0 | 2 | .o.oOo.o. | 0 | 0 | --> S (call)
- +--+-----------------------+---------------+-------+
-
- +--+-----------------------+--------+
-C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
- +--+-----------------------+--------+
- </pre>
-
-
- <h2><a id="security">RPC security</a></h2>
-
- <p>
- There are various things to consider to ensure an implementation
- of the RPC protocol can be satisfactorily secured
- </p>
-
- <h3><a
id="securitytls">Authentication/encryption</a></h3>
-
- <p>
- The basic RPC protocol does not define or require any specific
- authentication/encryption capabilities. A generic solution to
- providing encryption for the protocol is to run the protocol
- over a TLS encrypted data stream. x509 certificate checks can
- be done to form a crude authentication mechanism. It is also
- possible for an RPC program to negotiate an encryption /
- authentication capability, such as SASL, which may then also
- provide per-packet data encryption. Finally the protocol data
- stream can of course be tunnelled over transports such as SSH.
- </p>
-
- <h3><a id="securitylimits">Data limits</a></h3>
-
- <p>
- Although the protocol itself defines many arbitrary sized data values in the
- payloads, to avoid denial of service attack there are a number of size limit
- checks prior to encoding or decoding data. There is a limit on the maximum
- size of a single RPC message, limit on the maximum string length, and limits
- on any other parameter which uses a variable length array. These limits can
- be raised, subject to agreement between client/server, without otherwise
- breaking compatibility of the RPC data on the wire.
- </p>
-
- <h3><a id="securityvalidate">Data
validation</a></h3>
-
- <p>
- It is important that all data be fully validated before performing
- any actions based on the data. When reading an RPC packet, the
- first four bytes must be read and the max packet size limit validated,
- before any attempt is made to read the variable length packet data.
- After a complete packet has been read, the header must be decoded
- and all 6 fields fully validated, before attempting to dispatch
- the payload. Once dispatched, the payload can be decoded and passed
- on to the appropriate API for execution. The RPC code must not take
- any action based on the payload, since it has no way to validate
- the semantics of the payload data. It must delegate this to the
- execution API (e.g. corresponding libvirt public API).
- </p>
-
- <h2><a id="internals">RPC internal APIs</a></h2>
-
- <p>
- The generic internal RPC library code lives in the
<code>src/rpc/</code>
- directory of the libvirt source tree. Unless otherwise noted, the
- objects are all threadsafe. The core object types and their
- purposes are:
- </p>
-
- <h3><a id="apioverview">Overview of RPC
objects</a></h3>
-
- <p>
- The following is a high level overview of the role of each
- of the main RPC objects
- </p>
-
- <dl>
- <dt><code>virNetSASLContext *</code>
(virnetsaslcontext.h)</dt>
- <dd>The virNetSASLContext APIs maintain SASL state for a network
- service (server or client). This is primarily used on the server
- to provide an access control list of SASL usernames permitted as
- clients.
- </dd>
-
- <dt><code>virNetSASLSession *</code>
(virnetsaslcontext.h)</dt>
- <dd>The virNetSASLSession APIs maintain SASL state for a single
- network connection (socket). This is used to perform the multi-step
- SASL handshake and perform encryption/decryption of data once
- authenticated, via integration with virNetSocket.
- </dd>
-
- <dt><code>virNetTLSContext *</code>
(virnettlscontext.h)</dt>
- <dd>The virNetTLSContext APIs maintain TLS state for a network
- service (server or client). This is primarily used on the server
- to provide an access control list of x509 distinguished names, as
- well as diffie-hellman keys. It can also do validation of
- x509 certificates prior to initiating a connection, in order
- to improve detection of configuration errors.
- </dd>
-
- <dt><code>virNetTLSSession *</code>
(virnettlscontext.h)</dt>
- <dd>The virNetTLSSession APIs maintain TLS state for a single
- network connection (socket). This is used to perform the multi-step
- TLS handshake and perform encryption/decryption of data once
- authenticated, via integration with virNetSocket.
- </dd>
-
- <dt><code>virNetSocket *</code> (virnetsocket.h)</dt>
- <dd>The virNetSocket APIs provide a higher level wrapper around
- the raw BSD sockets and getaddrinfo APIs. They allow for creation
- of both server and client sockets. Data transports supported are
- TCP, UNIX, SSH tunnel or external command tunnel. Internally the
- TCP socket impl uses the getaddrinfo info APIs to ensure correct
- protocol-independent behaviour, thus supporting both IPv4 and IPv6.
- The socket APIs can be associated with a virNetSASLSession *or
- virNetTLSSession *object to allow seamless encryption/decryption
- of all writes and reads. For UNIX sockets it is possible to obtain
- the remote client user ID and process ID. Integration with the
- libvirt event loop also allows use of callbacks for notification
- of various I/O conditions
- </dd>
-
- <dt><code>virNetMessage *</code> (virnetmessage.h)</dt>
- <dd>The virNetMessage APIs provide a wrapper around the libxdr
- API calls, to facilitate processing and creation of RPC
- packets. There are convenience APIs for encoding/encoding the
- packet headers, encoding/decoding the payload using an XDR
- filter, encoding/decoding a raw payload (for streams), and
- encoding a virErrorPtr object. There is also a means to
- add to/serve from a linked-list queue of messages.</dd>
-
- <dt><code>virNetClient *</code> (virnetclient.h)</dt>
- <dd>The virNetClient APIs provide a way to connect to a
- remote server and run one or more RPC protocols over
- the connection. Connections can be made over TCP, UNIX
- sockets, SSH tunnels, or external command tunnels. There
- is support for both TLS and SASL session encryption.
- The client also supports management of multiple data streams
- over each connection. Each client object can be used from
- multiple threads concurrently, with method calls/replies
- being interleaved on the wire as required.
- </dd>
-
- <dt><code>virNetClientProgram *</code>
(virnetclientprogram.h)</dt>
- <dd>The virNetClientProgram APIs are used to register a
- program+version with the connection. This then enables
- invocation of method calls, receipt of asynchronous
- events and use of data streams, within that program+version.
- When created a set of callbacks must be supplied to take
- care of dispatching any incoming asynchronous events.
- </dd>
-
- <dt><code>virNetClientStream *</code>
(virnetclientstream.h)</dt>
- <dd>The virNetClientStream APIs are used to control transmission and
- receipt of data over a stream active on a client. Streams provide
- a low latency, unlimited length, bi-directional raw data exchange
- mechanism layered over the RPC connection
- </dd>
-
- <dt><code>virNetServer *</code> (virnetserver.h)</dt>
- <dd>The virNetServer APIs are used to manage a network server. A
- server exposed one or more programs, over one or more services.
- It manages multiple client connections invoking multiple RPC
- calls in parallel, with dispatch across multiple worker threads.
- </dd>
-
- <dt><code>virNetDaemon *</code> (virnetdaemon.h)</dt>
- <dd>The virNetDaemon APIs are used to manage a daemon process. A
- daemon is a process that might expose one or more servers. It
- handles most process-related details, network-related should
- be part of the underlying server.
- </dd>
-
- <dt><code>virNetServerClient *</code>
(virnetserverclient.h)</dt>
- <dd>The virNetServerClient APIs are used to manage I/O related
- to a single client network connection. It handles initial
- validation and routing of incoming RPC packets, and transmission
- of outgoing packets.
- </dd>
-
- <dt><code>virNetServerProgram *</code>
(virnetserverprogram.h)</dt>
- <dd>The virNetServerProgram APIs are used to provide the implementation
- of a single program/version set. Primarily this includes a set of
- callbacks used to actually invoke the APIs corresponding to
- program procedure numbers. It is responsible for all the serialization
- of payloads to/from XDR.</dd>
-
- <dt><code>virNetServerService *</code>
(virnetserverservice.h)</dt>
- <dd>The virNetServerService APIs are used to connect the server to
- one or more network protocols. A single service may involve multiple
- sockets (ie both IPv4 and IPv6). A service also has an associated
- authentication policy for incoming clients.
- </dd>
- </dl>
-
- <h3><a id="apiclientdispatch">Client RPC
dispatch</a></h3>
-
- <p>
- The client RPC code must allow for multiple overlapping RPC method
- calls to be invoked, transmission and receipt of data for multiple
- streams and receipt of asynchronous events. Understandably this
- involves coordination of multiple threads.
- </p>
-
- <p>
- The core requirement in the client dispatch code is that only
- one thread is allowed to be performing I/O on the socket at
- any time. This thread is said to be "holding the buck". When
- any other thread comes along and needs to do I/O it must place
- its packets on a queue and delegate processing of them to the
- thread that has the buck. This thread will send out the method
- call, and if it sees a reply will pass it back to the waiting
- thread. If the other thread's reply hasn't arrived, by the time
- the main thread has got its own reply, then it will transfer
- responsibility for I/O to the thread that has been waiting the
- longest. It is said to be "passing the buck" for I/O.
- </p>
-
- <p>
- When no thread is performing any RPC method call, or sending
- stream data there is still a need to monitor the socket for
- incoming I/O related to asynchronous events, or stream data
- receipt. For this task, a watch is registered with the event
- loop which triggers whenever the socket is readable. This
- watch is automatically disabled whenever any other thread
- grabs the buck, and re-enabled when the buck is released.
- </p>
-
- <h4><a id="apiclientdispatchex1">Example with buck
passing</a></h4>
-
- <p>
- In the first example, a second thread issues an API call
- while the first thread holds the buck. The reply to the
- first call arrives first, so the buck is passed to the
- second thread.
- </p>
-
- <pre>
- Thread-1
- |
- V
- Call API1()
- |
- V
- Grab Buck
- | Thread-2
- V |
- Send method1 V
- | Call API2()
- V |
- Wait I/O V
- |<--------Queue method2
- V |
- Send method2 V
- | Wait for buck
- V |
- Wait I/O |
- | |
- V |
- Recv reply1 |
- | |
- V |
- Pass the buck----->|
- | V
- V Wait I/O
- Return API1() |
- V
- Recv reply2
- |
- V
- Release the buck
- |
- V
- Return API2()
- </pre>
-
- <h4><a id="apiclientdispatchex2">Example without buck
passing</a></h4>
-
- <p>
- In this second example, a second thread issues an API call
- which is sent and replied to, before the first thread's
- API call has completed. The first thread thus notifies
- the second that its reply is ready, and there is no need
- to pass the buck
- </p>
-
- <pre>
- Thread-1
- |
- V
- Call API1()
- |
- V
- Grab Buck
- | Thread-2
- V |
- Send method1 V
- | Call API2()
- V |
- Wait I/O V
- |<--------Queue method2
- V |
- Send method2 V
- | Wait for buck
- V |
- Wait I/O |
- | |
- V |
- Recv reply2 |
- | |
- V |
- Notify reply2------>|
- | V
- V Return API2()
- Wait I/O
- |
- V
- Recv reply1
- |
- V
- Release the buck
- |
- V
- Return API1()
- </pre>
-
- <h4><a id="apiclientdispatchex3">Example with async
events</a></h4>
-
- <p>
- In this example, only one thread is present and it has to
- deal with some async events arriving. The events are actually
- dispatched to the application from the event loop thread
- </p>
-
- <pre>
- Thread-1
- |
- V
- Call API1()
- |
- V
- Grab Buck
- |
- V
- Send method1
- |
- V
- Wait I/O
- | Event thread
- V ...
- Recv event1 |
- | V
- V Wait for timer/fd
- Queue event1 |
- | V
- V Timer fires
- Wait I/O |
- | V
- V Emit event1
- Recv reply1 |
- | V
- V Wait for timer/fd
- Return API1() |
- ...
- </pre>
-
- <h3><a id="apiserverdispatch">Server RPC
dispatch</a></h3>
-
- <p>
- The RPC server code must support receipt of incoming RPC requests from
- multiple client connections, and parallel processing of all RPC
- requests, even many from a single client. This goal is achieved through
- a combination of event driven I/O, and multiple processing threads.
- </p>
-
- <p>
- The main libvirt event loop thread is responsible for performing all
- socket I/O. It will read incoming packets from clients and will
- transmit outgoing packets to clients. It will handle the I/O to/from
- streams associated with client API calls. When doing client I/O it
- will also pass the data through any applicable encryption layer
- (through use of the virNetSocket / virNetTLSSession and virNetSASLSession
- integration). What is paramount is that the event loop thread never
- do any task that can take a non-trivial amount of time.
- </p>
-
- <p>
- When reading packets, the event loop will first read the 4 byte length
- word. This is validated to make sure it does not exceed the maximum
- permissible packet size, and the client is set to allow receipt of the
- rest of the packet data. Once a complete packet has been received, the
- next step is to decode the RPC header. The header is validated to
- ensure the request is sensible, ie the server should not receive a
- method reply from a client. If the client has not yet authenticated,
- an access control list check is also performed to make sure the procedure
- is one of those allowed prior to auth. If the packet is a method
- call, it will be placed on a global processing queue. The event loop
- thread is now done with the packet for the time being.
- </p>
-
- <p>
- The server has a pool of worker threads, which wait for method call
- packets to be queued. One of them will grab the new method call off
- the queue for processing. The first step is to decode the payload of
- the packet to extract the method call arguments. The worker does not
- attempt to do any semantic validation of the arguments, except to make
- sure the size of any variable length fields is below defined limits.
- </p>
-
- <p>
- The worker now invokes the libvirt API call that corresponds to the
- procedure number in the packet header. The worker is thus kept busy
- until the API call completes. The implementation of the API call
- is responsible for doing semantic validation of parameters and any
- MAC security checks on the objects affected.
- </p>
-
- <p>
- Once the API call has completed, the worker thread will take the
- return value and output parameters, or error object and encode
- them into a reply packet. Again it does not attempt to do any
- semantic validation of output data, aside from variable length
- field limit checks. The worker thread puts the reply packet on
- the transmission queue for the client. The worker is now finished
- and goes back to wait for another incoming method call.
- </p>
-
- <p>
- The main event loop is back in charge and when the client socket
- becomes writable, it will start sending the method reply packet
- back to the client.
- </p>
-
- <p>
- At any time the libvirt connection object can emit asynchronous
- events. These are handled by callbacks in the main event thread.
- The callback will simply encode the event parameters into a new
- data packet and place the packet on the client transmission
- queue.
- </p>
-
- <p>
- Incoming and outgoing stream packets are also directly handled
- by the main event thread. When an incoming stream packet is
- received, instead of placing it in the global dispatch queue
- for the worker threads, it is sidetracked into a per-stream
- processing queue. When the stream becomes writable, queued
- incoming stream packets will be processed, passing their data
- payload on the stream. Conversely when the stream becomes
- readable, chunks of data will be read from it, encoded into
- new outgoing packets, and placed on the client's transmit
- queue.
- </p>
-
- <h4><a id="apiserverdispatchex1">Example with overlapping
methods</a></h4>
-
- <p>
- This example illustrates processing of two incoming methods with
- overlapping execution
- </p>
-
- <pre>
- Event thread Worker 1 Worker 2
- | | |
- V V V
- Wait I/O Wait Job Wait Job
- | | |
- V | |
- Recv method1 | |
- | | |
- V | |
- Queue method1 V |
- | Serve method1 |
- V | |
- Wait I/O V |
- | Call API1() |
- V | |
- Recv method2 | |
- | | |
- V | |
- Queue method2 | V
- | | Serve method2
- V V |
- Wait I/O Return API1() V
- | | Call API2()
- | V |
- V Queue reply1 |
- Send reply1 | |
- | V V
- V Wait Job Return API2()
- Wait I/O | |
- | ... V
- V Queue reply2
- Send reply2 |
- | V
- V Wait Job
- Wait I/O |
- | ...
- ...
- </pre>
-
- <h4><a id="apiserverdispatchex2">Example with stream
data</a></h4>
-
- <p>
- This example illustrates processing of stream data
- </p>
-
- <pre>
- Event thread
- |
- V
- Wait I/O
- |
- V
- Recv stream1
- |
- V
- Queue stream1
- |
- V
- Wait I/O
- |
- V
- Recv stream2
- |
- V
- Queue stream2
- |
- V
- Wait I/O
- |
- V
- Write stream1
- |
- V
- Write stream2
- |
- V
- Wait I/O
- |
- ...
- </pre>
-
- </body>
-</html>
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 2125bf4252..31711d908b 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -94,3 +94,6 @@ Internals
`Lock managers <internals/locking.html>`__
Use lock managers to protect disk content
+
+`RPC protocol & APIs <internals/rpc.html>`__
+ RPC protocol information and API / dispatch guide
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
index 8195d7caf0..879c4b2de8 100644
--- a/docs/kbase/internals/meson.build
+++ b/docs/kbase/internals/meson.build
@@ -4,6 +4,7 @@ docs_kbase_internals_files = [
'incremental-backup',
'locking',
'migration',
+ 'rpc',
]
diff --git a/docs/kbase/internals/rpc.rst b/docs/kbase/internals/rpc.rst
new file mode 100644
index 0000000000..02bc880044
--- /dev/null
+++ b/docs/kbase/internals/rpc.rst
@@ -0,0 +1,781 @@
+==========================
+libvirt RPC infrastructure
+==========================
+
+.. contents::
+
+libvirt includes a basic protocol and code to implement an extensible, secure
+client/server RPC service. This was originally designed for communication
+between the libvirt client library and the libvirtd daemon, but the code is now
+isolated to allow reuse in other areas of libvirt code. This document provides
+an overview of the protocol and structure / operation of the internal RPC
+library APIs.
+
+RPC protocol
+------------
+
+libvirt uses a simple, variable length, packet based RPC protocol. All
+structured data within packets is encoded using the `XDR
+standard <https://en.wikipedia.org/wiki/External_Data_Representation>`__ as
+currently defined by `RFC 4506 <https://tools.ietf.org/html/rfc4506>`__. On any
+connection running the RPC protocol, there can be multiple programs active, each
+supporting one or more versions. A program defines a set of procedures that it
+supports. The procedures can support call+reply method invocation, asynchronous
+events, and generic data streams. Method invocations can be overlapped, so
+waiting for a reply to one will not block the receipt of the reply to another
+outstanding method. The protocol was loosely inspired by the design of SunRPC.
+The definition of the RPC protocol is in the file ``src/rpc/virnetprotocol.x``
+in the libvirt source tree.
+
+`Packet framing <protocolframing>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+On the wire, there is no explicit packet framing marker. Instead each packet is
+preceded by an unsigned 32-bit integer giving the total length of the packet in
+bytes. This length includes the 4-bytes of the length word itself. Conceptually
+the framing looks like this:
+
+::
+
+ |~~~ Packet 1 ~~~|~~~ Packet 2 ~~~|~~~ Packet 3 ~~~|~~~
+
+ +-------+------------+-------+------------+-------+------------+...
+ | n=U32 | (n-4) * U8 | n=U32 | (n-4) * U8 | n=U32 | (n-4) * U8 |
+ +-------+------------+-------+------------+-------+------------+...
+
+ |~ Len ~|~ Data ~|~ Len ~|~ Data ~|~ Len ~|~ Data ~|~
+
+`Packet data <protocoldata>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The data in each packet is split into two parts, a short fixed length header,
+followed by a variable length payload. So a packet from the illustration above
+is more correctly shown as
+
+::
+
+
+ +-------+-------------+---------------....---+
+ | n=U32 | 6*U32 | (n-(7*4))*U8 |
+ +-------+-------------+---------------....---+
+
+ |~ Len ~|~ Header ~|~ Payload .... ~|
+
+`Packet header <protocolheader>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The header contains 6 fields, encoded as signed/unsigned 32-bit integers.
+
+::
+
+ +---------------+
+ | program=U32 |
+ +---------------+
+ | version=U32 |
+ +---------------+
+ | procedure=S32 |
+ +---------------+
+ | type=S32 |
+ +---------------+
+ | serial=U32 |
+ +---------------+
+ | status=S32 |
+ +---------------+
+
+``program``
+ This is an arbitrarily chosen number that will uniquely identify the
+ "service" running over the stream.
+``version``
+ This is the version number of the program, by convention starting from '1'.
+ When an incompatible change is made to a program, the version number is
+ incremented. Ideally both versions will then be supported on the wire in
+ parallel for backwards compatibility.
+``procedure``
+ This is an arbitrarily chosen number that will uniquely identify the method
+ call, or event associated with the packet. By convention, procedure numbers
+ start from 1 and are assigned monotonically thereafter.
+``type``
+ This can be one of the following enumeration values
+
+ #. call: invocation of a method call
+ #. reply: completion of a method call
+ #. event: an asynchronous event
+ #. stream: control info or data from a stream
+
+``serial``
+ This is a number that starts from 1 and increases each time a method call
+ packet is sent. A reply or stream packet will have a serial number matching
+ the original method call packet serial. Events always have the serial number
+ set to 0.
+``status``
+ This can one of the following enumeration values
+
+ #. ok: a normal packet. this is always set for method calls or events. For
+ replies it indicates successful completion of the method. For streams it
+ indicates confirmation of the end of file on the stream.
+ #. error: for replies this indicates that the method call failed and error
+ information is being returned. For streams this indicates that not all
+ data was sent and the stream has aborted
+ #. continue: for streams this indicates that further data packets will be
+ following
+
+`Packet payload <protocolpayload>`__
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The payload of a packet will vary depending on the ``type`` and ``status``
+fields from the header.
+
+- type=call: the in parameters for the method call, XDR encoded
+- type=call-with-fds: number of file handles, then the in parameters for the
+ method call, XDR encoded, followed by the file handles
+- type=reply+status=ok: the return value and/or out parameters for the method
+ call, XDR encoded
+- type=reply+status=error: the error information for the method, a virErrorPtr
+ XDR encoded
+- type=reply-with-fds+status=ok: number of file handles, the return value
+ and/or out parameters for the method call, XDR encoded, followed by the file
+ handles
+- type=reply-with-fds+status=error: number of file handles, the error
+ information for the method, a virErrorPtr XDR encoded, followed by the file
+ handles
+- type=event: the parameters for the event, XDR encoded
+- type=stream+status=ok: no payload
+- type=stream+status=error: the error information for the method, a virErrorPtr
+ XDR encoded
+- type=stream+status=continue: the raw bytes of data for the stream. No XDR
+ encoding
+
+With the two packet types that support passing file descriptors, in between the
+header and the payload there will be a 4-byte integer specifying the number of
+file descriptors which are being sent. The actual file handles are sent after
+the payload has been sent. Each file handle has a single dummy byte transmitted
+as a carrier for the out of band file descriptor. While the sender should always
+send '\0' as the dummy byte value, the receiver ought to ignore the value for
+the sake of robustness.
+
+For the exact payload information for each procedure, consult the XDR protocol
+definition for the program+version in question
+
+Wire examples
+~~~~~~~~~~~~~
+
+The following diagrams illustrate some example packet exchanges between a client
+and server
+
+Method call
+^^^^^^^^^^^
+
+A single method call and successful reply, for a program=8, version=1,
+procedure=3, which 10 bytes worth of input args, and 4 bytes worth of return
+values. The overall input packet length is 4 + 24 + 10 == 38, and output packet
+length 32
+
+::
+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
+ +--+-----------------------+-----------+
+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
+ +--+-----------------------+--------+
+
+Method call with error
+^^^^^^^^^^^^^^^^^^^^^^
+
+An unsuccessful method call will instead return an error object
+
+::
+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
+ +--+-----------------------+-----------+
+
+ +--+-----------------------+--------------------------+
+ C <-- |48| 8 | 1 | 3 | 2 | 1 | 0 | .o.oOo.o.oOo.o.oOo.o.oOo | <-- S (error)
+ +--+-----------------------+--------------------------+
+
+Method call with upload stream
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A method call which also involves uploading some data over a stream will result
+in
+
+::
+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
+ +--+-----------------------+-----------+
+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
+ +--+-----------------------+--------+
+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ ...
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+
+ C --> |24| 8 | 1 | 3 | 3 | 1 | 0 | --> S (stream finish)
+ +--+-----------------------+
+ +--+-----------------------+
+ C <-- |24| 8 | 1 | 3 | 3 | 1 | 0 | <-- S (stream finish)
+ +--+-----------------------+
+
+Method call bidirectional stream
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A method call which also involves a bi-directional stream will result in
+
+::
+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call)
+ +--+-----------------------+-----------+
+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
+ +--+-----------------------+--------+
+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S (stream
data down)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S (stream
data down)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S (stream
data down)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C <-- |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | <-- S (stream
data down)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ ..
+ +--+-----------------------+-------------....-------+
+ C --> |38| 8 | 1 | 3 | 3 | 1 | 2 | .o.oOo.o.oOo....o.oOo. | --> S (stream
data up)
+ +--+-----------------------+-------------....-------+
+ +--+-----------------------+
+ C --> |24| 8 | 1 | 3 | 3 | 1 | 0 | --> S (stream finish)
+ +--+-----------------------+
+ +--+-----------------------+
+ C <-- |24| 8 | 1 | 3 | 3 | 1 | 0 | <-- S (stream finish)
+ +--+-----------------------+
+
+Method calls overlapping
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+::
+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 1 | 0 | .o.oOo.o. | --> S (call 1)
+ +--+-----------------------+-----------+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 2 | 0 | .o.oOo.o. | --> S (call 2)
+ +--+-----------------------+-----------+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 2 | 0 | .o.oOo | <-- S (reply 2)
+ +--+-----------------------+--------+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 3 | 0 | .o.oOo.o. | --> S (call 3)
+ +--+-----------------------+-----------+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 3 | 0 | .o.oOo | <-- S (reply 3)
+ +--+-----------------------+--------+
+ +--+-----------------------+-----------+
+ C --> |38| 8 | 1 | 3 | 0 | 4 | 0 | .o.oOo.o. | --> S (call 4)
+ +--+-----------------------+-----------+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply 1)
+ +--+-----------------------+--------+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 4 | 0 | .o.oOo | <-- S (reply 4)
+ +--+-----------------------+--------+
+
+Method call with passed FD
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A single method call with 2 passed file descriptors and successful reply, for a
+program=8, version=1, procedure=3, which 10 bytes worth of input args, and 4
+bytes worth of return values. The number of file descriptors is encoded as a
+32-bit int. Each file descriptor then has a 1 byte dummy payload. The overall
+input packet length is 4 + 24 + 4 + 2 + 10 == 44, and output packet length 32.
+
+::
+
+ +--+-----------------------+---------------+-------+
+ C --> |44| 8 | 1 | 3 | 0 | 1 | 0 | 2 | .o.oOo.o. | 0 | 0 | --> S (call)
+ +--+-----------------------+---------------+-------+
+
+ +--+-----------------------+--------+
+ C <-- |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo | <-- S (reply)
+ +--+-----------------------+--------+
+
+RPC security
+------------
+
+There are various things to consider to ensure an implementation of the RPC
+protocol can be satisfactorily secured
+
+Authentication/encryption
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The basic RPC protocol does not define or require any specific
+authentication/encryption capabilities. A generic solution to providing
+encryption for the protocol is to run the protocol over a TLS encrypted data
+stream. x509 certificate checks can be done to form a crude authentication
+mechanism. It is also possible for an RPC program to negotiate an encryption /
+authentication capability, such as SASL, which may then also provide per-packet
+data encryption. Finally the protocol data stream can of course be tunnelled
+over transports such as SSH.
+
+Data limits
+~~~~~~~~~~~
+
+Although the protocol itself defines many arbitrary sized data values in the
+payloads, to avoid denial of service attack there are a number of size limit
+checks prior to encoding or decoding data. There is a limit on the maximum size
+of a single RPC message, limit on the maximum string length, and limits on any
+other parameter which uses a variable length array. These limits can be raised,
+subject to agreement between client/server, without otherwise breaking
+compatibility of the RPC data on the wire.
+
+Data validation
+~~~~~~~~~~~~~~~
+
+It is important that all data be fully validated before performing any actions
+based on the data. When reading an RPC packet, the first four bytes must be read
+and the max packet size limit validated, before any attempt is made to read the
+variable length packet data. After a complete packet has been read, the header
+must be decoded and all 6 fields fully validated, before attempting to dispatch
+the payload. Once dispatched, the payload can be decoded and passed on to the
+appropriate API for execution. The RPC code must not take any action based on
+the payload, since it has no way to validate the semantics of the payload data.
+It must delegate this to the execution API (e.g. corresponding libvirt public
+API).
+
+RPC internal APIs
+-----------------
+
+The generic internal RPC library code lives in the ``src/rpc/`` directory of the
+libvirt source tree. Unless otherwise noted, the objects are all threadsafe. The
+core object types and their purposes are:
+
+Overview of RPC objects
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The following is a high level overview of the role of each of the main RPC
+objects
+
+``virNetSASLContext *`` (virnetsaslcontext.h)
+ The virNetSASLContext APIs maintain SASL state for a network service (server
+ or client). This is primarily used on the server to provide an access control
+ list of SASL usernames permitted as clients.
+``virNetSASLSession *`` (virnetsaslcontext.h)
+ The virNetSASLSession APIs maintain SASL state for a single network
+ connection (socket). This is used to perform the multi-step SASL handshake
+ and perform encryption/decryption of data once authenticated, via integration
+ with virNetSocket.
+``virNetTLSContext *`` (virnettlscontext.h)
+ The virNetTLSContext APIs maintain TLS state for a network service (server or
+ client). This is primarily used on the server to provide an access control
+ list of x509 distinguished names, as well as diffie-hellman keys. It can also
+ do validation of x509 certificates prior to initiating a connection, in order
+ to improve detection of configuration errors.
+``virNetTLSSession *`` (virnettlscontext.h)
+ The virNetTLSSession APIs maintain TLS state for a single network connection
+ (socket). This is used to perform the multi-step TLS handshake and perform
+ encryption/decryption of data once authenticated, via integration with
+ virNetSocket.
+``virNetSocket *`` (virnetsocket.h)
+ The virNetSocket APIs provide a higher level wrapper around the raw BSD
+ sockets and getaddrinfo APIs. They allow for creation of both server and
+ client sockets. Data transports supported are TCP, UNIX, SSH tunnel or
+ external command tunnel. Internally the TCP socket impl uses the getaddrinfo
+ info APIs to ensure correct protocol-independent behaviour, thus supporting
+ both IPv4 and IPv6. The socket APIs can be associated with a
+ virNetSASLSession \*or virNetTLSSession \*object to allow seamless
+ encryption/decryption of all writes and reads. For UNIX sockets it is
+ possible to obtain the remote client user ID and process ID. Integration with
+ the libvirt event loop also allows use of callbacks for notification of
+ various I/O conditions
+``virNetMessage *`` (virnetmessage.h)
+ The virNetMessage APIs provide a wrapper around the libxdr API calls, to
+ facilitate processing and creation of RPC packets. There are convenience APIs
+ for encoding/encoding the packet headers, encoding/decoding the payload using
+ an XDR filter, encoding/decoding a raw payload (for streams), and encoding a
+ virErrorPtr object. There is also a means to add to/serve from a linked-list
+ queue of messages.
+``virNetClient *`` (virnetclient.h)
+ The virNetClient APIs provide a way to connect to a remote server and run one
+ or more RPC protocols over the connection. Connections can be made over TCP,
+ UNIX sockets, SSH tunnels, or external command tunnels. There is support for
+ both TLS and SASL session encryption. The client also supports management of
+ multiple data streams over each connection. Each client object can be used
+ from multiple threads concurrently, with method calls/replies being
+ interleaved on the wire as required.
+``virNetClientProgram *`` (virnetclientprogram.h)
+ The virNetClientProgram APIs are used to register a program+version with the
+ connection. This then enables invocation of method calls, receipt of
+ asynchronous events and use of data streams, within that program+version.
+ When created a set of callbacks must be supplied to take care of dispatching
+ any incoming asynchronous events.
+``virNetClientStream *`` (virnetclientstream.h)
+ The virNetClientStream APIs are used to control transmission and receipt of
+ data over a stream active on a client. Streams provide a low latency,
+ unlimited length, bi-directional raw data exchange mechanism layered over the
+ RPC connection
+``virNetServer *`` (virnetserver.h)
+ The virNetServer APIs are used to manage a network server. A server exposed
+ one or more programs, over one or more services. It manages multiple client
+ connections invoking multiple RPC calls in parallel, with dispatch across
+ multiple worker threads.
+``virNetDaemon *`` (virnetdaemon.h)
+ The virNetDaemon APIs are used to manage a daemon process. A daemon is a
+ process that might expose one or more servers. It handles most
+ process-related details, network-related should be part of the underlying
+ server.
+``virNetServerClient *`` (virnetserverclient.h)
+ The virNetServerClient APIs are used to manage I/O related to a single client
+ network connection. It handles initial validation and routing of incoming RPC
+ packets, and transmission of outgoing packets.
+``virNetServerProgram *`` (virnetserverprogram.h)
+ The virNetServerProgram APIs are used to provide the implementation of a
+ single program/version set. Primarily this includes a set of callbacks used
+ to actually invoke the APIs corresponding to program procedure numbers. It is
+ responsible for all the serialization of payloads to/from XDR.
+``virNetServerService *`` (virnetserverservice.h)
+ The virNetServerService APIs are used to connect the server to one or more
+ network protocols. A single service may involve multiple sockets (ie both
+ IPv4 and IPv6). A service also has an associated authentication policy for
+ incoming clients.
+
+Client RPC dispatch
+~~~~~~~~~~~~~~~~~~~
+
+The client RPC code must allow for multiple overlapping RPC method calls to be
+invoked, transmission and receipt of data for multiple streams and receipt of
+asynchronous events. Understandably this involves coordination of multiple
+threads.
+
+The core requirement in the client dispatch code is that only one thread is
+allowed to be performing I/O on the socket at any time. This thread is said to
+be "holding the buck". When any other thread comes along and needs to do I/O
it
+must place its packets on a queue and delegate processing of them to the thread
+that has the buck. This thread will send out the method call, and if it sees a
+reply will pass it back to the waiting thread. If the other thread's reply
+hasn't arrived, by the time the main thread has got its own reply, then it will
+transfer responsibility for I/O to the thread that has been waiting the longest.
+It is said to be "passing the buck" for I/O.
+
+When no thread is performing any RPC method call, or sending stream data there
+is still a need to monitor the socket for incoming I/O related to asynchronous
+events, or stream data receipt. For this task, a watch is registered with the
+event loop which triggers whenever the socket is readable. This watch is
+automatically disabled whenever any other thread grabs the buck, and re-enabled
+when the buck is released.
+
+Example with buck passing
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In the first example, a second thread issues an API call while the first thread
+holds the buck. The reply to the first call arrives first, so the buck is passed
+to the second thread.
+
+::
+
+ Thread-1
+ |
+ V
+ Call API1()
+ |
+ V
+ Grab Buck
+ | Thread-2
+ V |
+ Send method1 V
+ | Call API2()
+ V |
+ Wait I/O V
+ |<--------Queue method2
+ V |
+ Send method2 V
+ | Wait for buck
+ V |
+ Wait I/O |
+ | |
+ V |
+ Recv reply1 |
+ | |
+ V |
+ Pass the buck----->|
+ | V
+ V Wait I/O
+ Return API1() |
+ V
+ Recv reply2
+ |
+ V
+ Release the buck
+ |
+ V
+ Return API2()
+
+Example without buck passing
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this second example, a second thread issues an API call which is sent and
+replied to, before the first thread's API call has completed. The first thread
+thus notifies the second that its reply is ready, and there is no need to pass
+the buck
+
+::
+
+ Thread-1
+ |
+ V
+ Call API1()
+ |
+ V
+ Grab Buck
+ | Thread-2
+ V |
+ Send method1 V
+ | Call API2()
+ V |
+ Wait I/O V
+ |<--------Queue method2
+ V |
+ Send method2 V
+ | Wait for buck
+ V |
+ Wait I/O |
+ | |
+ V |
+ Recv reply2 |
+ | |
+ V |
+ Notify reply2------>|
+ | V
+ V Return API2()
+ Wait I/O
+ |
+ V
+ Recv reply1
+ |
+ V
+ Release the buck
+ |
+ V
+ Return API1()
+
+Example with async events
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this example, only one thread is present and it has to deal with some async
+events arriving. The events are actually dispatched to the application from the
+event loop thread
+
+::
+
+ Thread-1
+ |
+ V
+ Call API1()
+ |
+ V
+ Grab Buck
+ |
+ V
+ Send method1
+ |
+ V
+ Wait I/O
+ | Event thread
+ V ...
+ Recv event1 |
+ | V
+ V Wait for timer/fd
+ Queue event1 |
+ | V
+ V Timer fires
+ Wait I/O |
+ | V
+ V Emit event1
+ Recv reply1 |
+ | V
+ V Wait for timer/fd
+ Return API1() |
+ ...
+
+Server RPC dispatch
+~~~~~~~~~~~~~~~~~~~
+
+The RPC server code must support receipt of incoming RPC requests from multiple
+client connections, and parallel processing of all RPC requests, even many from
+a single client. This goal is achieved through a combination of event driven
+I/O, and multiple processing threads.
+
+The main libvirt event loop thread is responsible for performing all socket I/O.
+It will read incoming packets from clients and will transmit outgoing packets to
+clients. It will handle the I/O to/from streams associated with client API
+calls. When doing client I/O it will also pass the data through any applicable
+encryption layer (through use of the virNetSocket / virNetTLSSession and
+virNetSASLSession integration). What is paramount is that the event loop thread
+never do any task that can take a non-trivial amount of time.
+
+When reading packets, the event loop will first read the 4 byte length word.
+This is validated to make sure it does not exceed the maximum permissible packet
+size, and the client is set to allow receipt of the rest of the packet data.
+Once a complete packet has been received, the next step is to decode the RPC
+header. The header is validated to ensure the request is sensible, ie the server
+should not receive a method reply from a client. If the client has not yet
+authenticated, an access control list check is also performed to make sure the
+procedure is one of those allowed prior to auth. If the packet is a method call,
+it will be placed on a global processing queue. The event loop thread is now
+done with the packet for the time being.
+
+The server has a pool of worker threads, which wait for method call packets to
+be queued. One of them will grab the new method call off the queue for
+processing. The first step is to decode the payload of the packet to extract the
+method call arguments. The worker does not attempt to do any semantic validation
+of the arguments, except to make sure the size of any variable length fields is
+below defined limits.
+
+The worker now invokes the libvirt API call that corresponds to the procedure
+number in the packet header. The worker is thus kept busy until the API call
+completes. The implementation of the API call is responsible for doing semantic
+validation of parameters and any MAC security checks on the objects affected.
+
+Once the API call has completed, the worker thread will take the return value
+and output parameters, or error object and encode them into a reply packet.
+Again it does not attempt to do any semantic validation of output data, aside
+from variable length field limit checks. The worker thread puts the reply packet
+on the transmission queue for the client. The worker is now finished and goes
+back to wait for another incoming method call.
+
+The main event loop is back in charge and when the client socket becomes
+writable, it will start sending the method reply packet back to the client.
+
+At any time the libvirt connection object can emit asynchronous events. These
+are handled by callbacks in the main event thread. The callback will simply
+encode the event parameters into a new data packet and place the packet on the
+client transmission queue.
+
+Incoming and outgoing stream packets are also directly handled by the main event
+thread. When an incoming stream packet is received, instead of placing it in the
+global dispatch queue for the worker threads, it is sidetracked into a
+per-stream processing queue. When the stream becomes writable, queued incoming
+stream packets will be processed, passing their data payload on the stream.
+Conversely when the stream becomes readable, chunks of data will be read from
+it, encoded into new outgoing packets, and placed on the client's transmit
+queue.
+
+Example with overlapping methods
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This example illustrates processing of two incoming methods with overlapping
+execution
+
+::
+
+ Event thread Worker 1 Worker 2
+ | | |
+ V V V
+ Wait I/O Wait Job Wait Job
+ | | |
+ V | |
+ Recv method1 | |
+ | | |
+ V | |
+ Queue method1 V |
+ | Serve method1 |
+ V | |
+ Wait I/O V |
+ | Call API1() |
+ V | |
+ Recv method2 | |
+ | | |
+ V | |
+ Queue method2 | V
+ | | Serve method2
+ V V |
+ Wait I/O Return API1() V
+ | | Call API2()
+ | V |
+ V Queue reply1 |
+ Send reply1 | |
+ | V V
+ V Wait Job Return API2()
+ Wait I/O | |
+ | ... V
+ V Queue reply2
+ Send reply2 |
+ | V
+ V Wait Job
+ Wait I/O |
+ | ...
+ ...
+
+Example with stream data
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+This example illustrates processing of stream data
+
+::
+
+ Event thread
+ |
+ V
+ Wait I/O
+ |
+ V
+ Recv stream1
+ |
+ V
+ Queue stream1
+ |
+ V
+ Wait I/O
+ |
+ V
+ Recv stream2
+ |
+ V
+ Queue stream2
+ |
+ V
+ Wait I/O
+ |
+ V
+ Write stream1
+ |
+ V
+ Write stream2
+ |
+ V
+ Wait I/O
+ |
+ ...
--
2.35.1
9 a.m.
New subject: [PATCH 09/11] docs: Remove empty 'internals' subfolder
All documents were now moved away so we don't need this any more.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/internals/meson.build | 49 --------------------------------------
docs/meson.build | 1 -
2 files changed, 50 deletions(-)
delete mode 100644 docs/internals/meson.build
diff --git a/docs/internals/meson.build b/docs/internals/meson.build
deleted file mode 100644
index cbf0623c08..0000000000
--- a/docs/internals/meson.build
+++ /dev/null
@@ -1,49 +0,0 @@
-internals_in_files = [
-]
-
-html_xslt_gen_install_dir = docs_html_dir / 'internals'
-html_xslt_gen = []
-
-foreach name : internals_in_files
- html_xslt_gen += {
- 'name': name,
- 'source': 'docs' / 'internals' / name + '.html.in',
- 'href_base': '../'
- }
-endforeach
-
-# keep the XSLT processing code block in sync with docs/meson.build
-
-# --- begin of XSLT processing ---
-
-foreach data : html_xslt_gen
- html_filename = data['name'] + '.html'
-
- html_file = custom_target(
- html_filename,
- input: data.get('file', data['name'] + '.html.in'),
- output: html_filename,
- command: [
- xsltproc_prog,
- '--stringparam', 'pagesrc', data.get('source',
''),
- '--stringparam', 'builddir', meson.build_root(),
- '--stringparam', 'timestamp', docs_timestamp,
- '--stringparam', 'href_base', data.get('href_base',
''),
- '--nonet',
- site_xsl,
- '@INPUT@',
- ],
- depends: data.get('depends', []),
- depend_files: [ page_xsl ],
- capture: true,
- install: true,
- install_dir: html_xslt_gen_install_dir,
- )
-
- install_web_deps += html_file
- install_web_files += html_file.full_path() + ':' + html_xslt_gen_install_dir
-endforeach
-
-html_xslt_gen = []
-
-# --- end of XSLT processing ---
diff --git a/docs/meson.build b/docs/meson.build
index 9e69a0dc05..4291dea6f5 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -330,7 +330,6 @@ subdir('fonts')
subdir('go')
subdir('html')
subdir('images')
-subdir('internals')
subdir('js')
subdir('kbase')
subdir('logos')
--
2.35.1
9 a.m.
New subject: [PATCH 10/11] docs: Convert 'internals' to RST and move it to 'kbase/internal/overview.rst'
Note that this document was not referenced from any top level page. This
patch does a straight conversion and leaves it unreferenced.
Next patch will then modify it to serve as an overview (hence the new
name) of how an API call happens.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/internals.html.in | 119 ------------------------------
docs/kbase/internals/meson.build | 1 +
docs/kbase/internals/overview.rst | 117 +++++++++++++++++++++++++++++
docs/meson.build | 1 -
4 files changed, 118 insertions(+), 120 deletions(-)
delete mode 100644 docs/internals.html.in
create mode 100644 docs/kbase/internals/overview.rst
diff --git a/docs/internals.html.in b/docs/internals.html.in
deleted file mode 100644
index e474f7ddd7..0000000000
--- a/docs/internals.html.in
+++ /dev/null
@@ -1,119 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>libvirt internals</h1>
-
- <p>
- This section provides documents useful to those working on the libvirt
- internals, adding new public APIs, new hypervisor drivers or extending
- the libvirtd daemon code.
- </p>
-
- <ul>
- <li>Introduction to basic rules and guidelines for
- <a href="hacking.html">hacking</a> on libvirt
code</li>
- <li>Guide to adding <a href="api_extension.html">public
APIs</a></li>
- <li>Insight into libvirt <a
href="internals/eventloop.html">event loop and worker
pool</a></li>
- <li>Approach for <a href="internals/command.html">spawning
commands</a>
- from libvirt driver code</li>
- <li>The libvirt <a href="internals/rpc.html">RPC
infrastructure</a></li>
- <li>The <a href="internals/locking.html">Resource Lock
Manager</a></li>
- </ul>
-
- <p>Before adding new code it will be important to get a basic understanding
- of the many elements involved with making any call or change to the libvirt
- code. The architecture <a href="goals.html">goals</a> must be
adhered to
- when submitting new code. Understanding the many places that need to be
- touched and the interactions between various subsystems within libvirt
- will directly correlate to the ability to be successful in getting new
- code accepted.</p>
- <p>The following diagram depicts code flow from a client application, in
- this case the libvirt provided <code>virsh</code> command through the
- various layers to elicit a response from some chosen hypervisor.
- </p>
-
- <p class="image">
- <img alt="virConnectOpen calling sequence"
- src="images/libvirt-virConnect-example.png"/>
- </p>
- <ul>
- <li>"virsh -c qemu:///system list --all"
- <p>After the virsh code processes the input arguments, it eventually
- will make a call to open the connection using a default set of
- authentication credentials (virConnectAuthDefault). </p></li>
- <li>virConnectOpenAuth()
- <p>Each of the virConnectOpen APIs will first call virInitialize() and
- then revector through the local "do_open():" call.</p>
- <ul>
- <li>virInitialize()
- <p>Calls the registration API for each of the drivers with
- client-side only capabilities and then call the remoteRegister()
- API last. This ensures the virDriverTab[] tries local drivers
- first before using the remote driver.</p></li>
- <li>Loop through virDriverTab[] entries trying to call their
- respective "open" entry point (in our case
remoteOpen())</li>
- <li>After successful return from the virDriverTab[] open()
- API, attempt to find and open other drivers (network, interface,
- storage, etc.)</li>
- </ul>
- </li>
- <li>remoteOpen()
- <p>After a couple of URI checks, a call to doRemoteOpen() is
made</p>
- <ul>
- <li>Determine network transport and host/port to use from URI
- <p>The transport will be either tls, unix, ssh, libssh2, ext,
- or tcp with the default of tls. Decode the host/port if provided
- or default to "localhost".</p></li>
- <li>virNetClientRegisterAsyncIO()
- <p>Register an I/O callback mechanism to get returned data via
- virNetClientIncomingEvent()</p></li>
- <li>"call(...REMOTE_PROC_OPEN...)"
- <p>Eventually routes into virNetClientProgramCall() which will
- call virNetClientSendWithReply() and eventually uses
- virNetClientIO()to send the message to libvirtd and
- then waits for a response using
virNetClientIOEventLoop()</p></li>
- <li>virNetClientIncomingEvent()
- <p>Receives the returned packet and processes through
- virNetClientIOUpdateCallback()</p></li>
- </ul>
- </li>
- <li>libvirtd Daemon
- <p></p>
- <ul>
- <li>Daemon Startup
- <p>The daemon initialization processing will declare itself
- as a daemon via a virNetDaemonNew() call, then creates new server
- using virNetServerNew() and adds that server to the main daemon
- struct with virNetDaemonAddServer() call. It will then use
- virDriverLoadModule() to find/load all known drivers,
- set up an RPC server program using the
<code>remoteProcs[]</code>
- table via a virNetServerProgramNew() call. The table is the
- corollary to the <code>remote_procedure</code> enum list in
- the client. It lists all the functions to be called in
- the same order. Once RPC is set up, networking server sockets
- are opened, the various driver state initialization routines
- are run from the <code>virStateDriverTab[]</code>, the network
- links are enabled, and the daemon waits for work.</p></li>
- <li>RPC
- <p>When a message is received, the
<code>remoteProcs[]</code>
- table is referenced for the 'REMOTE_PROC_OPEN' call entry.
- This results in remoteDispatchOpen() being called via the
- virNetServerProgramDispatchCall().</p></li>
- <li>remoteDispatchOpen()
- <p>The API will read the argument passed picking out the
- <code>name</code> of the driver to be opened. The code
- will then call virConnectOpen() or virConnectOpenReadOnly()
- depending on the argument
<code>flags</code>.</p></li>
- <li>virConnectOpen() or virConnectOpenReadOnly()
- <p>Just like the client except that upon entry the URI
- is what was passed from the client and will be found
- and opened to process the data.</p>
- <p>The returned structure data is returned via the
- virNetServer interfaces to the remote driver which then
- returns it to the client application.</p></li>
- </ul>
- </li>
- </ul>
- </body>
-</html>
diff --git a/docs/kbase/internals/meson.build b/docs/kbase/internals/meson.build
index 879c4b2de8..8b5daad1f9 100644
--- a/docs/kbase/internals/meson.build
+++ b/docs/kbase/internals/meson.build
@@ -4,6 +4,7 @@ docs_kbase_internals_files = [
'incremental-backup',
'locking',
'migration',
+ 'overview',
'rpc',
]
diff --git a/docs/kbase/internals/overview.rst b/docs/kbase/internals/overview.rst
new file mode 100644
index 0000000000..84ea7858db
--- /dev/null
+++ b/docs/kbase/internals/overview.rst
@@ -0,0 +1,117 @@
+==========================
+libvirt internals overview
+==========================
+
+This section provides documents useful to those working on the libvirt
+internals, adding new public APIs, new hypervisor drivers or extending the
+libvirtd daemon code.
+
+- Introduction to basic rules and guidelines for `hacking <../../hacking.html>`__
on
+ libvirt code
+- Guide to adding `public APIs <../../api_extension.html>`__
+- Insight into libvirt `event loop and worker
+ pool <eventloop.html>`__
+- Approach for `spawning commands <command.html>`__ from libvirt
+ driver code
+- The libvirt `RPC infrastructure <rpc.html>`__
+- The `Resource Lock Manager <locking.html>`__
+
+Before adding new code it will be important to get a basic understanding of the
+many elements involved with making any call or change to the libvirt code. The
+architecture `goals <../../goals.html>`__ must be adhered to when submitting new
code.
+Understanding the many places that need to be touched and the interactions
+between various subsystems within libvirt will directly correlate to the ability
+to be successful in getting new code accepted.
+
+The following diagram depicts code flow from a client application, in this case
+the libvirt provided ``virsh`` command through the various layers to elicit a
+response from some chosen hypervisor.
+
+.. image:: ../../images/libvirt-virConnect-example.png
+ :alt: virConnectOpen calling sequence
+
+- "virsh -c qemu:///system list --all"
+
+ After the virsh code processes the input arguments, it eventually will make a
+ call to open the connection using a default set of authentication credentials
+ (virConnectAuthDefault).
+
+- virConnectOpenAuth()
+
+ Each of the virConnectOpen APIs will first call virInitialize() and then
+ revector through the local "do_open():" call.
+
+ - virInitialize()
+
+ Calls the registration API for each of the drivers with client-side only
+ capabilities and then call the remoteRegister() API last. This ensures the
+ virDriverTab[] tries local drivers first before using the remote driver.
+
+ - Loop through virDriverTab[] entries trying to call their respective
"open"
+ entry point (in our case remoteOpen())
+
+ - After successful return from the virDriverTab[] open() API, attempt to
+ find and open other drivers (network, interface, storage, etc.)
+
+- remoteOpen()
+
+ After a couple of URI checks, a call to doRemoteOpen() is made
+
+ - Determine network transport and host/port to use from URI
+
+ The transport will be either tls, unix, ssh, libssh2, ext, or tcp with the
+ default of tls. Decode the host/port if provided or default to
+ "localhost".
+
+ - virNetClientRegisterAsyncIO()
+
+ Register an I/O callback mechanism to get returned data via
+ virNetClientIncomingEvent()
+
+ - "call(...REMOTE_PROC_OPEN...)"
+
+ Eventually routes into virNetClientProgramCall() which will call
+ virNetClientSendWithReply() and eventually uses virNetClientIO()to send
+ the message to libvirtd and then waits for a response using
+ virNetClientIOEventLoop()
+
+ - virNetClientIncomingEvent()
+
+ Receives the returned packet and processes through
+ virNetClientIOUpdateCallback()
+
+- libvirtd Daemon
+
+ - Daemon Startup
+
+ The daemon initialization processing will declare itself as a daemon via a
+ virNetDaemonNew() call, then creates new server using virNetServerNew()
+ and adds that server to the main daemon struct with
+ virNetDaemonAddServer() call. It will then use virDriverLoadModule() to
+ find/load all known drivers, set up an RPC server program using the
+ ``remoteProcs[]`` table via a virNetServerProgramNew() call. The table is
+ the corollary to the ``remote_procedure`` enum list in the client. It
+ lists all the functions to be called in the same order. Once RPC is set
+ up, networking server sockets are opened, the various driver state
+ initialization routines are run from the ``virStateDriverTab[]``, the
+ network links are enabled, and the daemon waits for work.
+
+ - RPC
+
+ When a message is received, the ``remoteProcs[]`` table is referenced for
+ the 'REMOTE_PROC_OPEN' call entry. This results in remoteDispatchOpen()
+ being called via the virNetServerProgramDispatchCall().
+
+ - remoteDispatchOpen()
+
+ The API will read the argument passed picking out the ``name`` of the
+ driver to be opened. The code will then call virConnectOpen() or
+ virConnectOpenReadOnly() depending on the argument ``flags``.
+
+ - virConnectOpen() or virConnectOpenReadOnly()
+
+ Just like the client except that upon entry the URI is what was passed
+ from the client and will be found and opened to process the data.
+
+ The returned structure data is returned via the virNetServer interfaces to
+ the remote driver which then returns it to the client application.
diff --git a/docs/meson.build b/docs/meson.build
index 4291dea6f5..9f1f1ed80d 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -25,7 +25,6 @@ docs_html_in_files = [
'formatnwfilter',
'formatstoragecaps',
'index',
- 'internals',
'remote',
'storage',
'uri',
--
2.35.1
9 a.m.
New subject: [PATCH 11/11] docs: kbase: internals: Make 'overview' page useful and link to it
While the content is slightly outdated it's still a good primer on how
an API call traverses through the client library and to the remote
driver.
To make the page useful, this commit:
- removes the paragraphs which were intended to serve as a directory
page for the 'internals' subdirectory
- adds a note saying that some facts might not be up to date
- adds linking to this page from the kbase directory page
- adds more monospace formatting around function names
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/kbase/index.rst | 4 +
docs/kbase/internals/overview.rst | 121 +++++++++++++-----------------
2 files changed, 57 insertions(+), 68 deletions(-)
diff --git a/docs/kbase/index.rst b/docs/kbase/index.rst
index 31711d908b..0848467d51 100644
--- a/docs/kbase/index.rst
+++ b/docs/kbase/index.rst
@@ -86,6 +86,10 @@ Internals
VM migration implementation details, complementing the info in
`migration <../migration.html>`__
+`API call flow overview <internals/overview.html>`__
+ Overview of how an API call is handled by the ``libvirt`` library and passed
+ over RPC to the daemon.
+
`Spawning commands <internals/command.html>`__
Spawning commands from libvirt driver code
diff --git a/docs/kbase/internals/overview.rst b/docs/kbase/internals/overview.rst
index 84ea7858db..7887e16667 100644
--- a/docs/kbase/internals/overview.rst
+++ b/docs/kbase/internals/overview.rst
@@ -1,117 +1,102 @@
-==========================
-libvirt internals overview
-==========================
-
-This section provides documents useful to those working on the libvirt
-internals, adding new public APIs, new hypervisor drivers or extending the
-libvirtd daemon code.
-
-- Introduction to basic rules and guidelines for `hacking <../../hacking.html>`__
on
- libvirt code
-- Guide to adding `public APIs <../../api_extension.html>`__
-- Insight into libvirt `event loop and worker
- pool <eventloop.html>`__
-- Approach for `spawning commands <command.html>`__ from libvirt
- driver code
-- The libvirt `RPC infrastructure <rpc.html>`__
-- The `Resource Lock Manager <locking.html>`__
-
-Before adding new code it will be important to get a basic understanding of the
-many elements involved with making any call or change to the libvirt code. The
-architecture `goals <../../goals.html>`__ must be adhered to when submitting new
code.
-Understanding the many places that need to be touched and the interactions
-between various subsystems within libvirt will directly correlate to the ability
-to be successful in getting new code accepted.
+=========================
+libvirt API call overview
+=========================
The following diagram depicts code flow from a client application, in this case
the libvirt provided ``virsh`` command through the various layers to elicit a
response from some chosen hypervisor.
+**Note:** Some aspects of this document may be outdated.
+
.. image:: ../../images/libvirt-virConnect-example.png
:alt: virConnectOpen calling sequence
-- "virsh -c qemu:///system list --all"
+- ``virsh -c qemu:///system list --all``
After the virsh code processes the input arguments, it eventually will make a
call to open the connection using a default set of authentication credentials
- (virConnectAuthDefault).
+ (``virConnectAuthDefault``).
-- virConnectOpenAuth()
+- ``virConnectOpenAuth()``
- Each of the virConnectOpen APIs will first call virInitialize() and then
- revector through the local "do_open():" call.
+ Each of the ``virConnectOpen`` APIs will first call ``virInitialize()`` and
+ then revector through the local "``do_open()``" call.
- - virInitialize()
+ - ``virInitialize()``
Calls the registration API for each of the drivers with client-side only
- capabilities and then call the remoteRegister() API last. This ensures the
- virDriverTab[] tries local drivers first before using the remote driver.
+ capabilities and then call the ``remoteRegister()`` API last. This
+ ensures the ``virDriverTab[]`` tries local drivers first before using the
+ remote driver.
- - Loop through virDriverTab[] entries trying to call their respective
"open"
- entry point (in our case remoteOpen())
+ - Loop through ``virDriverTab[]`` entries trying to call their respective
+ "open" entry point (in our case ``remoteOpen()``)
- - After successful return from the virDriverTab[] open() API, attempt to
- find and open other drivers (network, interface, storage, etc.)
+ - After successful return from the ``virDriverTab[]`` ``open()`` API,
+ attempt to find and open other drivers (network, interface, storage, etc.)
-- remoteOpen()
+- ``remoteOpen()``
- After a couple of URI checks, a call to doRemoteOpen() is made
+ After a couple of URI checks, a call to ``doRemoteOpen()`` is made
- Determine network transport and host/port to use from URI
- The transport will be either tls, unix, ssh, libssh2, ext, or tcp with the
- default of tls. Decode the host/port if provided or default to
- "localhost".
+ The transport will be either ``tls``, ``unix``, ``ssh``, ``libssh2``,
+ ``ext``, or ``tcp`` with the default of ``tls``. Decode the host/port if
+ provided or default to ``localhost``.
- - virNetClientRegisterAsyncIO()
+ - ``virNetClientRegisterAsyncIO()``
Register an I/O callback mechanism to get returned data via
- virNetClientIncomingEvent()
+ ``virNetClientIncomingEvent()``
- - "call(...REMOTE_PROC_OPEN...)"
+ - ``call(...REMOTE_PROC_OPEN...)``
- Eventually routes into virNetClientProgramCall() which will call
- virNetClientSendWithReply() and eventually uses virNetClientIO()to send
- the message to libvirtd and then waits for a response using
- virNetClientIOEventLoop()
+ Eventually routes into ``virNetClientProgramCall()`` which will call
+ ``virNetClientSendWithReply()`` and eventually uses ``virNetClientIO()``
+ to send the message to libvirtd and then waits for a response using
+ ``virNetClientIOEventLoop()``
- - virNetClientIncomingEvent()
+ - ``virNetClientIncomingEvent()``
Receives the returned packet and processes through
- virNetClientIOUpdateCallback()
+ ``virNetClientIOUpdateCallback()``
- libvirtd Daemon
- Daemon Startup
The daemon initialization processing will declare itself as a daemon via a
- virNetDaemonNew() call, then creates new server using virNetServerNew()
- and adds that server to the main daemon struct with
- virNetDaemonAddServer() call. It will then use virDriverLoadModule() to
- find/load all known drivers, set up an RPC server program using the
- ``remoteProcs[]`` table via a virNetServerProgramNew() call. The table is
- the corollary to the ``remote_procedure`` enum list in the client. It
- lists all the functions to be called in the same order. Once RPC is set
- up, networking server sockets are opened, the various driver state
- initialization routines are run from the ``virStateDriverTab[]``, the
- network links are enabled, and the daemon waits for work.
+ ``virNetDaemonNew()`` call, then creates new server using
+ ``virNetServerNew()`` and adds that server to the main daemon struct with
+ ``virNetDaemonAddServer()`` call. It will then use
+ ``virDriverLoadModule()`` to find/load all known drivers, set up an RPC
+ server program using the ``remoteProcs[]`` table via a
+ ``virNetServerProgramNew()`` call. The table is the corollary to the
+ ``remote_procedure`` enum list in the client. It lists all the functions
+ to be called in the same order. Once RPC is set up, networking server
+ sockets are opened, the various driver state initialization routines are
+ run from the ``virStateDriverTab[]``, the network links are enabled, and
+ the daemon waits for work.
- RPC
When a message is received, the ``remoteProcs[]`` table is referenced for
- the 'REMOTE_PROC_OPEN' call entry. This results in remoteDispatchOpen()
- being called via the virNetServerProgramDispatchCall().
+ the ``REMOTE_PROC_OPEN`` call entry. This results in
+ ``remoteDispatchOpen()`` being called via the
+ ``virNetServerProgramDispatchCall()``.
- - remoteDispatchOpen()
+ - ``remoteDispatchOpen()``
The API will read the argument passed picking out the ``name`` of the
- driver to be opened. The code will then call virConnectOpen() or
- virConnectOpenReadOnly() depending on the argument ``flags``.
+ driver to be opened. The code will then call ``virConnectOpen()`` or
+ ``virConnectOpenReadOnly()`` depending on the argument ``flags``.
- - virConnectOpen() or virConnectOpenReadOnly()
+ - ``virConnectOpen()`` or ``virConnectOpenReadOnly()``
Just like the client except that upon entry the URI is what was passed
from the client and will be found and opened to process the data.
- The returned structure data is returned via the virNetServer interfaces to
- the remote driver which then returns it to the client application.
+ The returned structure data is returned via the ``virNetServer``
+ interfaces to the remote driver which then returns it to the client
+ application.
--
2.35.1
6:23 a.m.
On 4/7/22 16:00, Peter Krempa wrote:
This part focuses on 'internals' documents along comes
simplification of
the XSL usage for 'href_base' and conversion of the 'docs/docs'
directory page to RST as I was modifying it in the process.
Additionally this series actually makes use of the 'internals' page
which was not linked previously.
Peter Krempa (11):
kbase: index: Split off 'internals' section
docs: Simplify passing of 'href_base' XSL variable
docs: kbase: Section of 'internals' documents into a subfolder
docs: Convert 'docs' index page to rst
docs: Convert 'internals/command' to rst and move it to
'kbase/internals'
docs: Convert 'internals/eventloop' page to rst and move it to
'kbase/internals'
docs: Convert 'internals/locking' page to rst and move it to
'kbase/internals'
docs: Convert 'internals/rpc' page to RST and move it to
'kbase/internals'
docs: Remove empty 'internals' subfolder
docs: Convert 'internals' to RST and move it to
'kbase/internal/overview.rst'
docs: kbase: internals: Make 'overview' page useful and link to it
docs/api.rst | 2 +-
docs/css/libvirt.css | 17 +-
docs/docs.html.in | 188 ----
docs/docs.rst | 163 ++++
docs/go/meson.build | 5 +-
docs/internals.html.in | 119 ---
docs/internals/command.html.in | 596 ------------
docs/internals/eventloop.html.in | 106 --
docs/internals/locking.html.in | 267 -----
docs/internals/rpc.html.in | 914 ------------------
docs/kbase/index.rst | 34 +-
docs/kbase/internals/command.rst | 465 +++++++++
docs/kbase/internals/eventloop.rst | 84 ++
.../incremental-backup.rst} | 0
docs/kbase/internals/locking.rst | 190 ++++
docs/{ => kbase}/internals/meson.build | 20 +-
.../migration.rst} | 0
docs/kbase/internals/overview.rst | 102 ++
docs/kbase/internals/rpc.rst | 781 +++++++++++++++
docs/kbase/meson.build | 10 +-
docs/manpages/meson.build | 5 +-
docs/meson.build | 16 +-
docs/site.xsl | 12 +-
docs/subsite.xsl | 24 -
24 files changed, 1860 insertions(+), 2260 deletions(-)
delete mode 100644 docs/docs.html.in
create mode 100644 docs/docs.rst
delete mode 100644 docs/internals.html.in
delete mode 100644 docs/internals/command.html.in
delete mode 100644 docs/internals/eventloop.html.in
delete mode 100644 docs/internals/locking.html.in
delete mode 100644 docs/internals/rpc.html.in
create mode 100644 docs/kbase/internals/command.rst
create mode 100644 docs/kbase/internals/eventloop.rst
rename docs/kbase/{incrementalbackupinternals.rst =>
internals/incremental-backup.rst} (100%)
create mode 100644 docs/kbase/internals/locking.rst
rename docs/{ => kbase}/internals/meson.build (69%)
rename docs/kbase/{migrationinternals.rst => internals/migration.rst} (100%)
create mode 100644 docs/kbase/internals/overview.rst
create mode 100644 docs/kbase/internals/rpc.rst
delete mode 100644 docs/subsite.xsl
I'm going to miss docs.html that fits into one screen, but I can live
with long version too.
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
9:10 a.m.
On Fri, Apr 08, 2022 at 13:23:38 +0200, Michal Prívozník wrote:
On 4/7/22 16:00, Peter Krempa wrote:
> This part focuses on 'internals' documents along comes simplification of
> the XSL usage for 'href_base' and conversion of the 'docs/docs'
> directory page to RST as I was modifying it in the process.
>
> Additionally this series actually makes use of the 'internals' page
> which was not linked previously.
[...]
>
I'm going to miss docs.html that fits into one screen, but I can live
with long version too.
After some off-line debugging with Michal we've figured out that a newer
version of docutils generates a '<section>' instead of a '<div
class="section">', so this problem shows up only on some instances.
I'll post a fix later.
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
961
days inactive
962
days old
13 comments
2 participants
participants (2)
-
Michal Prívozník -
Peter Krempa