From nobody Sun Feb 8 11:44:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) client-ip=63.128.21.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1584711640; cv=none; d=zohomail.com; s=zohoarc; b=UdlWvm6B4DJnM+2zhWVdF0AMlfTXXtCRZsKfmEYr6X4LRfMTsL47sFBBwmyw5rNfPhJpb1jXjb5WpCeQMrmLnPKPjXbaniqiTHOS2KFEqOINx7/r8p8AFgJTWIxGQ3Uuw39qMPVQHqcpO2tZCs9cNd6n+upmjKaypMdsqB2QQQM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1584711640; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=BQWJygJNP6t3/GxFGJBrcQP8vhrXqoo6XfDgMo7fkBA=; b=fV+aWCQd8aYtEAUeAuYQsdLZqzmYYZrXvRxvtpz7q5d0E+8zhhYR46YlbqJgW3TNf8ZuIJiwXCVsNkM8q43Ju0t0T2oux3UklTzv0VTQ1+LvOlIVXb+T+KblXLgT05MaVoyFnsuL3n525krniwWK/SejMItNvkDSdrXuS/K3FFk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [63.128.21.74]) by mx.zohomail.com with SMTPS id 1584711640301378.96773144058193; Fri, 20 Mar 2020 06:40:40 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-72-MybwJSeeOoGL8TE7_18XYQ-1; Fri, 20 Mar 2020 09:40:36 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8C72318FF661; Fri, 20 Mar 2020 13:40:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BF2405C1D8; Fri, 20 Mar 2020 13:40:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B651018089CF; Fri, 20 Mar 2020 13:40:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02KDeOgJ020331 for ; Fri, 20 Mar 2020 09:40:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id 78FB46EFB0; Fri, 20 Mar 2020 13:40:24 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-114-3.ams2.redhat.com [10.36.114.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 794D062937; Fri, 20 Mar 2020 13:40:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1584711638; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=BQWJygJNP6t3/GxFGJBrcQP8vhrXqoo6XfDgMo7fkBA=; b=NUiVPmQ2D+tgHjVgfRRoXLXVtgd4vK88mfhdrbihGL0Tm06Gn64mhRVwIWwg3/qX/BHmJz hOWuJ5Jrgjf1dOC40Anc1CtKL6/SiQD/+U8vDTd+oFWbIu6bdcD++nN8HtktKWRHE3eRxR B+5l/f6ltJ7DuO7oVMhUlLeEWE52Gw8= X-MC-Unique: MybwJSeeOoGL8TE7_18XYQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 1/4] conf: allow different resource registration modes Date: Fri, 20 Mar 2020 13:40:11 +0000 Message-Id: <20200320134014.3123811-2-berrange@redhat.com> In-Reply-To: <20200320134014.3123811-1-berrange@redhat.com> References: <20200320134014.3123811-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" From: "Daniel P. Berrange" Currently the QEMU driver has three ways of setting up cgroups. It either skips them entirely (if non-root), or uses systemd-machined, or uses cgroups directly. This change adds ability to configure the mechanism for registering resources between all these options explicitly. via It is further possible to register directly with systemd and bypass machined. We don't support this but systemd-nsspawn does and we ought to consider this at some point. This would involve a new "systemd" backend type alongside "machined". Signed-off-by: Daniel P. Berrange --- docs/formatdomain.html.in | 24 +++++++++++- docs/schemas/domaincommon.rng | 17 +++++++-- src/conf/domain_conf.c | 46 ++++++++++++++++++----- src/conf/domain_conf.h | 13 +++++++ src/libvirt_private.syms | 2 + src/lxc/lxc_cgroup.c | 8 ++++ src/lxc/lxc_process.c | 1 + src/qemu/qemu_cgroup.c | 14 +++++++ tests/lxcxml2xmldata/lxc-capabilities.xml | 2 +- tests/lxcxml2xmldata/lxc-idmap.xml | 2 +- 10 files changed, 113 insertions(+), 16 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 0d229386eb..a016e789f1 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1445,7 +1445,7 @@ 

 ...
-<resource>
+<resource backend=3D'none|cgroupfs|machined'>
   <partition>/virtualmachines/production</partition>
 </resource>
 ...
@@ -1455,8 +1455,30 @@
       Resource partitions are currently supported by the QEMU and
       LXC drivers, which map partition paths to cgroups directories,
       in all mounted controllers. Since 1.0.5
+      There is a choice of implementations to use for resource partitions
+      controlled via the optional backend attribute.
+      Since 6.2.0. It accepts the values
     

=20
+    
    
+      
    none
    
+      
    Resource management in libvirt is disabled, with the APIs
+        returning an error indicating the functionality is not available.
+        The QEMU will will remain in whatever cgroup the libvirt daemon
+        was in. On systemd hosts, this will result in QEMU being
+        terminated at the same time as the privileged libvirt management
+        daemon which launched them.
    
+      
    cgroupfs
    
+      
    Cgroups will be directly created via the cgroups virtual filesys=
tem.
+        This is not recommended for use in scenarios where systemd is in
+        charge of the cgroup hierarchy, unless the resource partition poin=
ts
+        to a subtree that systemd has delegated administrative for.
    
+      
    machined
    
+      
    Systemd machined will be called to indirectly create cgroups.
+        This is recommended for any host where systemd is managing the
+        cgroup hierarchy.
    
+    

+
     
CPU model and topology

=20
     

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 6805420451..29ffc3a3cf 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1126,9 +1126,20 @@
=20
   
     
-      
-        
-      
+      
+        
+          
+            none
+            cgroupfs
+            machined
+          
+        
+      
+      
+        
+          
+        
+      
     
   
=20
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e0432fc47d..ae512283d0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1244,6 +1244,13 @@ VIR_ENUM_IMPL(virDomainOsDefFirmware,
               "efi",
 );
=20
+VIR_ENUM_IMPL(virDomainResourceBackend,
+              VIR_DOMAIN_RESOURCE_BACKEND_LAST,
+              "default",
+              "none",
+              "cgroupfs",
+              "machined");
+
 /* Internal mapping: subset of block job types that can be present in
  *  XML (remaining types are not two-phase). */
 VIR_ENUM_DECL(virDomainBlockJob);
@@ -19100,17 +19107,24 @@ virDomainResourceDefParse(xmlNodePtr node,
 {
     VIR_XPATH_NODE_AUTORESTORE(ctxt);
     virDomainResourceDefPtr def =3D NULL;
+    g_autofree char *reg =3D NULL;
=20
     ctxt->node =3D node;
=20
     if (VIR_ALLOC(def) < 0)
         goto error;
=20
-    /* Find out what type of virtualization to use */
-    if (!(def->partition =3D virXPathString("string(./partition)", ctxt)))=
 {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       "%s", _("missing resource partition attribute"));
-        goto error;
+    def->partition =3D virXPathString("string(./partition)", ctxt);
+
+    reg =3D virXMLPropString(node, "backend");
+    if (reg !=3D NULL) {
+        if ((def->backend =3D virDomainResourceBackendTypeFromString(reg))=
 <=3D 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           "%s", _("Invalid backend attribute"));
+            goto error;
+        }
+    } else {
+        def->backend =3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT;
     }
=20
     return def;
@@ -27983,11 +27997,23 @@ static void
 virDomainResourceDefFormat(virBufferPtr buf,
                            virDomainResourceDefPtr def)
 {
-    virBufferAddLit(buf, "\n");
-    virBufferAdjustIndent(buf, 2);
-    virBufferEscapeString(buf, "%s\n", def->partiti=
on);
-    virBufferAdjustIndent(buf, -2);
-    virBufferAddLit(buf, "\n");
+    if (def->backend =3D=3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT &&
+        def->partition =3D=3D NULL)
+        return;
+
+    virBufferAddLit(buf, "backend !=3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT)
+        virBufferAsprintf(buf, " backend=3D'%s'", virDomainResourceBackend=
TypeToString(def->backend));
+
+    if (def->partition) {
+        virBufferAddLit(buf, ">\n");
+        virBufferAdjustIndent(buf, 2);
+        virBufferEscapeString(buf, "%s\n", def->par=
tition);
+        virBufferAdjustIndent(buf, -2);
+        virBufferAddLit(buf, "\n");
+    } else {
+        virBufferAddLit(buf, "/>\n");
+    }
 }
=20
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 73bd097cf8..4bfda29dee 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2228,7 +2228,19 @@ struct _virDomainPanicDef {
 void virBlkioDeviceArrayClear(virBlkioDevicePtr deviceWeights,
                               int ndevices);
=20
+typedef enum {
+    VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT,
+    VIR_DOMAIN_RESOURCE_BACKEND_NONE,
+    VIR_DOMAIN_RESOURCE_BACKEND_CGROUPFS,
+    VIR_DOMAIN_RESOURCE_BACKEND_MACHINED,
+
+    VIR_DOMAIN_RESOURCE_BACKEND_LAST,
+} virDomainResourceBackend;
+
+typedef struct _virDomainResourceDef virDomainResourceDef;
+typedef virDomainResourceDef *virDomainResourceDefPtr;
 struct _virDomainResourceDef {
+    int backend;    /* enum virDomainResourceBackend */
     char *partition;
 };
=20
@@ -3525,6 +3537,7 @@ VIR_ENUM_DECL(virDomainIOMMUModel);
 VIR_ENUM_DECL(virDomainVsockModel);
 VIR_ENUM_DECL(virDomainShmemModel);
 VIR_ENUM_DECL(virDomainLaunchSecurity);
+VIR_ENUM_DECL(virDomainResourceBackend);
 /* from libvirt.h */
 VIR_ENUM_DECL(virDomainState);
 VIR_ENUM_DECL(virDomainNostateReason);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 6b305bdd0e..6e5cc201ff 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -575,6 +575,8 @@ virDomainRedirdevBusTypeToString;
 virDomainRedirdevDefFind;
 virDomainRedirdevDefFree;
 virDomainRedirdevDefRemove;
+virDomainResourceBackendTypeFromString;
+virDomainResourceBackendTypeToString;
 virDomainRNGBackendTypeToString;
 virDomainRNGDefFree;
 virDomainRNGFind;
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 7df723a4da..326d33981c 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -392,6 +392,14 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def,
     if (!machineName)
         goto cleanup;
=20
+    if (def->resource->backend !=3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Resource backend '%s' not available"),
+                       virDomainResourceBackendTypeToString(
+                           def->resource->backend));
+        goto cleanup;
+    }
+
     if (def->resource->partition[0] !=3D '/') {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("Resource partition '%s' must start with '/'"),
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index 5199f3806e..4ec3cc5619 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -1260,6 +1260,7 @@ int virLXCProcessStart(virConnectPtr conn,
         if (VIR_ALLOC(res) < 0)
             goto cleanup;
=20
+        res->backend =3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT;
         res->partition =3D g_strdup("/machine");
=20
         vm->def->resource =3D res;
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index c0e30f6152..c407431f6b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -940,11 +940,20 @@ qemuInitCgroup(virDomainObjPtr vm,
         if (VIR_ALLOC(res) < 0)
             goto cleanup;
=20
+        res->backend =3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAULT;
         res->partition =3D g_strdup("/machine");
=20
         vm->def->resource =3D res;
     }
=20
+    if (vm->def->resource->backend !=3D VIR_DOMAIN_RESOURCE_BACKEND_DEFAUL=
T) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Resource backend '%s' not available"),
+                       virDomainResourceBackendTypeToString(
+                           vm->def->resource->backend));
+        goto cleanup;
+    }
+
     if (vm->def->resource->partition[0] !=3D '/') {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("Resource partition '%s' must start with '/'"),
@@ -1061,6 +1070,11 @@ qemuConnectCgroup(virDomainObjPtr vm)
     virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(priv->driver);
     int ret =3D -1;
=20
+    if (vm->def->resource &&
+        vm->def->resource->backend =3D=3D VIR_DOMAIN_RESOURCE_BACKEND_NONE=
) {
+        goto done;
+    }
+
     if (!virQEMUDriverIsPrivileged(priv->driver))
         goto done;
=20
diff --git a/tests/lxcxml2xmldata/lxc-capabilities.xml b/tests/lxcxml2xmlda=
ta/lxc-capabilities.xml
index 04d64e3e41..335fdf8b91 100644
--- a/tests/lxcxml2xmldata/lxc-capabilities.xml
+++ b/tests/lxcxml2xmldata/lxc-capabilities.xml
@@ -4,7 +4,7 @@
   1048576
   1048576
   1
-  
+  
     /machine
   
   
diff --git a/tests/lxcxml2xmldata/lxc-idmap.xml b/tests/lxcxml2xmldata/lxc-=
idmap.xml
index b477636c30..d618d69706 100644
--- a/tests/lxcxml2xmldata/lxc-idmap.xml
+++ b/tests/lxcxml2xmldata/lxc-idmap.xml
@@ -4,7 +4,7 @@
   1048576
   1048576
   1
-  
+  
     /machine
   
   
--=20
2.24.1