On Mon, Feb 03, 2014 at 12:36:32PM +0100, Michal Privoznik wrote:
> On 31.01.2014 17:43, Michal Privoznik wrote:
> >There might be some use cases, where user wants to prepare the host or
> >its environment prior to starting a network and do some cleanup after
> >the network has been shut down. Consider all the functionality that
> >libvirt doesn't currently have as an example what a hook script can
> >possibly do.
> >
> >Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> >---
> > docs/hooks.html.in | 43 +++++++++++++++++++++++++++++--------------
> > src/network/bridge_driver.c | 29 +++++++++++++++++++++++++++++
> > src/util/virhook.c | 10 +++++++++-
> > src/util/virhook.h | 8 ++++++++
> > 4 files changed, 75 insertions(+), 15 deletions(-)
> >
>
> >diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> >index 53c2274..2bca5bc 100644
> >--- a/src/network/bridge_driver.c
> >+++ b/src/network/bridge_driver.c
> >@@ -71,6 +71,7 @@
> > #include "virstring.h"
> > #include "viraccessapicheck.h"
> > #include "network_event.h"
> >+#include "virhook.h"
> >
> > #define VIR_FROM_THIS VIR_FROM_NETWORK
> >
> >@@ -2011,6 +2012,23 @@ networkStartNetwork(virNetworkDriverStatePtr driver,
> > if (virNetworkObjSetDefTransient(network, true) < 0)
> > goto cleanup;
> >
> >+ /* Run an early hook to set-up missing devices */
> >+ if (virHookPresent(VIR_HOOK_DRIVER_NETWORK)) {
> >+ char *xml = virNetworkDefFormat(network->def, 0);
> >+ int hookret;
> >+
> >+ hookret = virHookCall(VIR_HOOK_DRIVER_NETWORK, network->def->name,
> >+ VIR_HOOK_NETWORK_OP_START, VIR_HOOK_SUBOP_BEGIN,
> >+ NULL, xml, NULL);
> >+ VIR_FREE(xml);
> >+
> >+ /*
> >+ * If the script raised an error abort the launch
> >+ */
> >+ if (hookret < 0)
> >+ goto cleanup;
> >+ }
> >+
> > switch (network->def->forward.type) {
>
> I've just realized, that if the hook is going to be used to
> insert/delete some iptables rules or some tc work, maybe it's
> desired to have yet another hook that is executed *after*
> networkStartNetworkVirtual or networkStartNetworkExternal. Moreover,
> do we want to taint such networks that use hook scripts (bearing in
> mind that we don't do nothing like that for domains)? Any thoughts?
We use 'tainting' as a way to identify anything which could alter the
operation/behaviour of the VM in a way that isn't obvious from the XML
config. As such I'd say that use of hooks should cause tainting, and
likewise we should have a tainting concept for networks too.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list