Commit Graph

11625 Commits

Author SHA1 Message Date
Jiri Denemark b4f20d07e2 spec: Include lockd files in libvirt-daemon package 2012-12-14 11:59:37 +01:00
Jiri Denemark 2e59e1207a build: Install both qemu-lockd.conf and qemu-sanlock.conf
With sanlock enabled, only one of those files was installed.
2012-12-14 11:59:37 +01:00
Eric Blake c0a8056ee2 build: use fewer cat processes
* src/Makefile.am (libvirt.syms): Let cat loop for us.
2012-12-13 15:45:40 -07:00
Ján Tomko b28fb61fd7 selinux: fix NULL dereference in GetSecurityMountOptions
In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
is set to NULL, then dereferenced while printing the debug message.
2012-12-13 15:41:44 -07:00
Jiri Denemark 912a4e9c06 build: Distribute more files 2012-12-13 23:17:34 +01:00
Jiri Denemark 809473ba6c locking: Fix VPATH build and distribute generated files 2012-12-13 23:17:34 +01:00
Laine Stump d66eb78667 network: prevent dnsmasq from listening on localhost
This patch resolves the problem reported in:

   https://bugzilla.redhat.com/show_bug.cgi?id=886663

The source of the problem was the fix for CVE 2011-3411:

   https://bugzilla.redhat.com/show_bug.cgi?id=833033

which was originally committed upstream in commit
753ff83a50. That commit improperly
removed the "--except-interface lo" from dnsmasq commandlines when
--bind-dynamic was used (based on comments in the latter bug).

It turns out that the problem reported in the CVE could be eliminated
without removing "--except-interface lo", and removing it actually
caused each instance of dnsmasq to listen on localhost on port 53,
which created a new problem:

If another instance of dnsmasq using "bind-interfaces" (instead of
"bind-dynamic") had already been started (or if another instance
started later used "bind-dynamic"), this wouldn't have any immediately
visible ill effects, but if you tried to start another dnsmasq
instance using "bind-interfaces" *after* starting any libvirt
networks, the new dnsmasq would fail to start, because there was
already another process listening on port 53.

(Subsequent to the CVE fix, another patch changed the network driver
to put dnsmasq options in a conf file rather than directly on the
dnsmasq commandline, but preserved the same options.)

This patch changes the network driver to *always* add
"except-interface=lo" to dnsmasq conf files, regardless of whether we use
bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
are listening on localhost (and the CVE is still fixed).

The actual code change is miniscule, but must be propogated through all
of the test files as well.
2012-12-13 12:15:03 -05:00
Jiri Denemark d0d3e92d0b build: Fix VPATH build
$(srcdir) is already part of $$file since commit f1f9a7ac7e.
2012-12-13 17:06:36 +01:00
Ján Tomko 8d0e7eb4c1 virsh: use vshReconnect for non-default connections too
For non-default connections (specified by the environment variable or
the command line option) we call virConnectOpenAuth without registering
the vshCatchDisconnect callback.

This calls vshReconnect instead which takes care of it.
2012-12-13 16:39:38 +01:00
Ján Tomko d94b501b7b virsh: don't lie about reconnection in vshReconnect
Since we (ab)use vshReconnect for the default URI connection, if it
fails it might print 'Failed to reconnect to the hypervisor' even if we
were never connected before.

This changes it to only mention reconnection on the first try after
getting disconnected.
2012-12-13 16:39:38 +01:00
Daniel P. Berrange 64f0e145c1 Add support for locking based on SCSI volume ID 2012-12-13 15:26:58 +00:00
Daniel P. Berrange 565d040f43 Add support for locking based on LVM volume uuid 2012-12-13 15:26:58 +00:00
Daniel P. Berrange f14fdae368 Add ability to maintain disk leases indirectly
The default lockd driver behavour is to acquire leases
directly on the disk files. This introduces an alternative
mode, where leases are acquire indirectly on a file that
is based on a SHA256 hash of the disk filename.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange eb8268a4f6 Add a virtlockd client as a lock driver impl
This adds a 'lockd' lock driver which is just a client which
talks to the lockd daemon to perform all locking. This will
be the default lock driver for any hypervisor which needs one.

* src/Makefile.am: Add lockd.so plugin
* src/locking/lock_driver_lockd.c: Lockd driver impl

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange f234dc9366 Add support for re-exec() of virtlockd upon SIGUSR1
The virtlockd daemon maintains file locks on behalf of libvirtd
and any VMs it is running. These file locks must be held for as
long as any VM is running. If virtlockd itself ever quits, then
it is expected that a node would be fenced/rebooted. Thus to
allow for software upgrads on live systemd, virtlockd needs the
ability to re-exec() itself.

Upon receipt of SIGUSR1, virtlockd will save its current live
state out to a file /var/run/virtlockd-restart-exec.json
It then re-exec()'s itself with exactly the same argv as it
originally had, and loads the state file, reconstructing any
objects as appropriate.

The state file contains information about all locks held and
all network services and clients currently active. An example
state document is

 {
    "server": {
        "min_workers": 1,
        "max_workers": 20,
        "priority_workers": 0,
        "max_clients": 20,
        "keepaliveInterval": 4294967295,
        "keepaliveCount": 0,
        "keepaliveRequired": false,
        "services": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_client_max": 1,
                "socks": [
                    {
                        "fd": 6,
                        "errfd": -1,
                        "pid": 0,
                        "isClient": false
                    }
                ]
            }
        ],
        "clients": [
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 9,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1722,
                    "ownerId": 6,
                    "ownerName": "f18x86_64",
                    "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
                }
            },
            {
                "auth": 0,
                "readonly": false,
                "nrequests_max": 1,
                "sock": {
                    "fd": 10,
                    "errfd": -1,
                    "pid": 0,
                    "isClient": true
                },
                "privateData": {
                    "restricted": true,
                    "ownerPid": 1784,
                    "ownerId": 7,
                    "ownerName": "f16x86_64",
                    "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
                }
            }
        ]
    },
    "defaultLockspace": {
        "resources": [
            {
                "name": "/var/lib/libvirt/images/f16x86_64.raw",
                "path": "/var/lib/libvirt/images/f16x86_64.raw",
                "fd": 14,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/shared.img",
                "path": "/var/lib/libvirt/images/shared.img",
                "fd": 12,
                "lockHeld": true,
                "flags": 1,
                "owners": [
                    1722,
                    1784
                ]
            },
            {
                "name": "/var/lib/libvirt/images/f18x86_64.img",
                "path": "/var/lib/libvirt/images/f18x86_64.img",
                "fd": 11,
                "lockHeld": true,
                "flags": 0,
                "owners": [
                    1722
                ]
            }
        ]
    },
    "lockspaces": [

    ],
    "magic": "30199"
 }

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange 74c0353e4f Enable systemd socket activation with virtlockd
This enhancement virtlockd so that it can receive a pre-opened
UNIX domain socket from systemd at launch time, and adds the
systemd service/socket unit files

* daemon/libvirtd.service.in: Require virtlockd to be running
* libvirt.spec.in: Add virtlockd systemd files
* src/Makefile.am: Install systemd files
* src/locking/lock_daemon.c: Support socket activation
* src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
  systemd unit files
* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
  Add virNetServerServiceNewFD() method
* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
  method

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange 0e49b83912 Implement dispatch functions for lock protocol in virtlockd
Introduce a lock_daemon_dispatch.c file which implements the
server side dispatcher the RPC APIs previously defined in the
lock protocol.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange ad39fd83a8 Define a wire protocol for talking to the virtlockd daemon
The virtlockd daemon will be responsible for managing locks
on virtual machines. Communication will be via the standard
RPC infrastructure. This provides the XDR protocol definition

* src/locking/lock_protocol.x: Wire protocol for virtlockd
* src/Makefile.am: Include lock_protocol.[ch] in virtlockd

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange c57e3d8994 Introduce basic infrastructure for virtlockd daemon
The virtlockd daemon will maintain locks on behalf of libvirtd.
There are two reasons for it to be separate

 - Avoid risk of other libvirtd threads accidentally
   releasing fcntl() locks by opening + closing a file
   that is locked
 - Ensure locks can be preserved across libvirtd restarts.
   virtlockd will need to be able to re-exec itself while
   maintaining locks. This is simpler to achieve if its
   sole job is maintaining locks

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange f199f75e9b Refactor creation of lock manager plugins
Refactor virLockManagerPluginNew() so that the caller does
not need to pass in the config file path itself - just the
config directory and driver name.

Fix QEMU to actually pass in a config file when creating the
default lock manager plugin, rather than NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Daniel P. Berrange 41ac222e52 Fix error reporting when fetching SCSI/LVM keys
The current  virStorageFileGet{LVM,SCSI}Key methods return
the key as the return value. Unfortunately it is desirable
for "NULL" to be a valid return value, as well as an error
indicator. Thus the returned key must instead be provided
as an out-parameter.

When we invoke lvs or scsi_id to extract ID for block devices,
we don't want virCommandWait logging errors messages. Thus we
must explicitly check 'status != 0', rather than letting
virCommandWait do it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:26:57 +00:00
Jim Fehlig f6b5ed5ef0 Support network boot for HVM guests in libxl
The libxl driver ignored boot devices in the domain config,
preventing PXE booting HVM domains.  This patch accounts for
user-specified boot devices when building the libxl domain
configuration.
2012-12-13 08:05:12 -07:00
Daniel P. Berrange 32bef82a2d Fix probing of QED file format
The QED file format is non-versioned, so although the magic
value matched, libvirt rejected it due to lack of a version
number to compare against. We need to distinguish this case
by allowing a value of '-2' to indicate a non-versioned file
where only the magic is required to match

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:01:38 +00:00
Daniel P. Berrange 24643c780b Add lots of debugging to storage file probing code
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:01:25 +00:00
Daniel P. Berrange dfba37048a Log warning if storage magic matches, but version does not
To help us detect when new storage file versions come into
existance log a warning if the storage file magic matches,
but the version does not

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-13 15:00:12 +00:00
Daniel P. Berrange f6bd0a8899 Fix memory leak in QEMU QMP capabilities initialization
The qemuCapsInitQMP method never frees the QEMU 'package'
version string.
2012-12-13 14:45:53 +00:00
Daniel P. Berrange cc5c7f9865 Change virCgroupGetAppRoot stub on non-Linux to avoid unused param warning
Fully stub out the virCgroupGetAppRoot method as done with other
methods in the file, rather than just the body. This lets us
annotate the unused parameter to avoid a warning
2012-12-13 13:11:44 +00:00
Eric Blake 7339bc4ced network: match xml warning message
I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
it was intended to match the wording in src/util/xml.c.

* src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
* tests/networkxml2confdata/*.conf: Update accordingly.
2012-12-12 15:12:58 -07:00
Roman Bogorodskiy 9a2f36ec04 Qemu FreeBSD: fix compilation
* Autotools changes:
  - Don't assume Qemu is Linux-only
  - Check Linux headers only on Linux
  - Disable firewalld on FreeBSD
* Initctl:
  Initctl seem to present only on Linux, so stub it on other platforms
* Raw I/O: Linux-only as well
* Headers cleanup
2012-12-12 11:59:53 -07:00
Roman Bogorodskiy b467e9323c Drop mntent.h include.
It's no longer used and also causes build fail on FreeBSD.
2012-12-12 11:07:24 -07:00
Viktor Mihajlovski f1f9a7ac7e Fix make check with different object directory
make check fails in check-symsorting if configure is not run in
the source directory. Prefixing symfile names with $(srcdir)
fixes this.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2012-12-12 16:15:25 +00:00
Peter Krempa ed0bfd04f8 qemu: Improve error reporting from qemuDomainManagedSaveRemove
Report an error if unlink of the managedsave file fails.
2012-12-12 14:34:12 +01:00
Peter Krempa a02579141e qemu: Small code cleanups in the managedsave functions
Save a few lines moving assignments into conditions and fix braces
position.
2012-12-12 14:34:12 +01:00
Peter Krempa 2745177b34 qemu: Refactor managed save functions to use domain lookup helpers 2012-12-12 14:34:12 +01:00
Peter Krempa 7fc06b0480 qemu: Add a new domain lookup helper and improve the docs
This patch adds a new domain lookup helper qemuDomObjFromDomainDriver
that lookups the domain and leaves the driver locked. The driver is
returned as the second argument of that function. If the lookup fails
the driver is unlocked to help avoid cleanup codepaths.

This patch also improves docs for the helpers.
2012-12-12 14:34:12 +01:00
Peter Krempa ab8d323319 util: Fix warning message in previous patch
I didn't notice the extra "does" in the previous patch. Remove it.
2012-12-12 14:19:03 +01:00
Peter Krempa 96460a1987 util: rework error reporting in virGet(User|Group)IDByName
This patch gets rid of the undeterministic error reporting code done on
return values of get(pw|gr)nam_r. With this patch, if the group record
is not returned by the corresponding function this error is not
considered fatal even if errno != 0. The error is logged in such case.
2012-12-12 14:06:59 +01:00
Daniel P. Berrange 9cdd9ea20e Refactor virDomainHostdevFind method
Move the code for matching hostdev instances out of virDomainHostdevFind
and into virDomainHostdevMatch method, which in turn calls out to other
helper methods depending on the type of hostdev.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 12:27:53 +00:00
Daniel P. Berrange 50897ffbb6 Slightly refactor hostdev parsing / formating
Rename virDomainHostdevPartsParse to virDomainHostdevDefParseSubsys
to reflect the fact that it only deals with hostdevs uing the
traditional mode=subsystem, and not mode=capabilities

Rename virDomainHostSourceFormat to virDomainHostdevDefFormatSubsys
for the same reason.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 12:26:53 +00:00
Daniel P. Berrange 3f0010a673 Remove bogus const return values in storage file APIs
virStorageFileGetLVMKey and virStorageFileGetSCSIKey
both return heap allocated strings, so the return value
should not be marked const.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 10:50:55 +00:00
Daniel P. Berrange 64212ed20e Add missing export of virStorageFileGetLVMKey & virStorageFileGetSCSIKey 2012-12-12 10:50:11 +00:00
Daniel P. Berrange a8c8685eaa Fix sorting of libvirt_private.syms and add syntax check rule
Add check-symsorting.pl to perform case-insensitive alphabetical
sorting of groups of symbols. Fix all violations it reports

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-12 10:45:37 +00:00
Cole Robinson 7b97030ad4 uml: Report error if inotify fails on driver startup 2012-12-11 20:03:08 -05:00
Cole Robinson d13155c20c tools: Only install guests init script if --with-init=script=redhat
Most of this deals with moving the libvirt-guests.sh script which
does all the work to /usr/libexec, so it can be shared by both
systemd and traditional init. Previously systemd depended on
the script being in /etc/init.d

Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747
2012-12-11 19:54:37 -05:00
Serge Hallyn a4e44e674e add vnc unix sockets to apparmor policy
When using vnc gaphics over a unix socket, virt-aa-helper needs to provide
access for the qemu domain to access the sockfile.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2012-12-11 14:32:39 -07:00
Serge Hallyn 88bd1a644b add security hook for permitting hugetlbfs access
When a qemu domain is backed by huge pages, apparmor needs to grant the domain
rw access to files under the hugetlbfs mount point.  Add a hook, called in
qemu_process.c, which ends up adding the read-write access through
virt-aa-helper.  Qemu will be creating a randomly named file under the
mountpoint and unlinking it as soon as it has mmap()d it, therefore we
cannot predict the full pathname, but for the same reason it is generally
safe to provide access to $path/**.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2012-12-11 14:27:20 -07:00
Eric Blake cdf1a372c6 maint: mention when HACKING is rebuilt during make
I noticed that on Fedora 18, xlstproc decides to regenerate
HACKING with additional whitespace.  I haven't figured out why
that is happening (although fixing it would probably be a task
for xlstproc), but in the process of investigating, I noticed
that 'make HACKING' was completely silent, for no good reason.

* Makefile.am (gen-ChangeLog, gen-AUTHORS, NEWS)
($(top_srcdir)/HACKING): Mention which files we are generating.
2012-12-11 13:35:33 -07:00
Jiri Denemark 748f6dd0c3 docs: Document offline migration 2012-12-11 20:46:31 +01:00
Peter Krempa 08379dbd45 qemu: reuse qemuMigrationIsAllowed when doing save and managedsave
Save and managedsave both use migration to file. This patch reuses
qemuMigrationIsAllowed to check if the migration could happen before
trying.
2012-12-11 19:48:37 +01:00
Peter Krempa 98e92ba83b qemu: snapshot: Report better error message if migration isn't allowed
Qemu doesn't support migration on guests with host devices. This patch
adds a check to ensure migration is safe before actually doing so.
2012-12-11 19:48:37 +01:00