From Fedora Project Wiki

< FWN

Fedora Weekly News Issue 152

Welcome to Fedora Weekly News Issue 152 for the week ending November 16th, 2008.

http://fedoraproject.org/wiki/FWN/Issue152

This week's exciting issue features extensive coverage of a Server SIG formation in the Developments beat, along with clarifications from the Fedora Engineering leadership on feature freeze policies. In announcements, reminders of this Tuesday's public Fedora Board meeting on #fedora-board-meeting at irc.freenode.net. The Translation beat features various Fedora 10 milestones and an introduction of three new members to the translation team. In Artwork, some history on the genesis of the Fedora infinity bubble is saved, and more feedback on Fedora 10 themes. Virtualization includes updates of dom0 support in the upstream kernel, and a RFC on including greater detail in domain events. Finally, Fedora 9 and 8 updates for the week in Security Advisories. These are but a few highlights in this week's Fedora Weekly News!

If you are interested in contributing to Fedora Weekly News, please see our 'join' page[1].

FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala

[1] http://fedoraproject.org/wiki/NewsProject/Join

Announcements

In this section, we cover announcements from the Fedora Project.

http://www.redhat.com/archives/fedora-announce-list/

http://www.redhat.com/archives/fedora-devel-announce/

Contributing Writer: Max Spevack

Public Fedora Board Meeting on IRC

Paul Frields reminded[1] the community about the upcoming Fedora Board meeting on IRC. The meeting will be on 2008-11-18 (Tuesday) at 19:00 UTC.

"Join #fedora-board-meeting to see the Board's conversation. This channel is read-only for non-Board members. Join #fedora-board-public to discuss topics and post questions. This channel is read/write for everyone.

The moderator will direct questions from the #fedora-board-public channel to the Board members at #fedora-board-meeting. This should limit confusion and ensure our logs are useful to everyone."

[1] http://www.redhat.com/archives/fedora-announce-list/2008-November/msg00010.html

Upcoming Bugzilla Activities

Jon Stanley wrote[2] about some upcoming Bugzilla changes, that will coincide with Fedora 10's release. There are two things of which people should be aware: First, "we will be rebasing all rawhide bugs to F10. This will result in regular bugs reported against rawhide during the Fedora 10 development cycle being changed to version '10' instead of their current assignment, 'rawhide'."; Second, "all bugs for EOL releases (at this point, Fedora 8) will get a comment on or about GA of Fedora 10, explaining that one month of maintenance remains, and to either move the bug to a later version if still applicable, or they will be automatically closed in one month with a resolution of WONTFIX."

See the link below[2] for the complete announcement.

[2] http://www.redhat.com/archives/fedora-devel-announce/2008-November/msg00008.html

Developments

In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

Features Policy Modified

The latest FESCo discussions (2008-11-12) clarified[1] the Features[2] process. The changes make explicit the need for testing to be complete one week prior to the final freeze. Failure to meet that condition can result in FESCo deciding to drop the feature or implement a contingency plan or other suitable action.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00847.html

[2] Features are "a significant change or enhancement to the version of Fedora currently under development": http://fedoraproject.org/wiki/Features/Policy/Definitions

The spur to these discussions was several last-minute changes for Fedora 10 which included dropping the instant-messaging client Empathy as the default, and the late addition of LiveConnect (see FWN#151[3]) and AMQP[4]. Earlier confusion about the Feature process and difficulties with communication had also been expressed (see FWN#147[5]) after the decision to drop the Lightweight X11 Desktop Environment as a feature.

[3] http://fedoraproject.org/wiki/FWN/Issue151#LiveConnect_Feature_Approved_for_Fedora_10

[4] The Advanced Messaging Queue Protocol is a vendor-neutral middleware transport for business processes: http://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol

[5] http://fedoraproject.org/wiki/FWN/Issue147#LXDE_Feature_Removal_Disappointment_-_How_to_Avoid

The other major changes to the process include the emailing of the Feature owner to inform them when their feature is being discussed by FESCo and any decisions made concerning said feature. The extra work involved in tracking down email addresses was anticipated to be an over-burdening of the committee chair, Brian Pepple. To ease this problem it was decided that Feature owners must include current email addresses on their Feature pages.

Server SIG

DanHorák announced[1] that a "[...] formal entity to coordinate [...] the server fundamentals that later create a successful enterprise product [...]" had been launched as a SIG. He invited constructive ideas and the wiki page[2] suggests that the SIG has many important initial goals including: a spin for headless servers, CLI equivalents of GUI tools, a lightweight installer and maintenance of the /etc/sysconfig/network-scripts.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00645.html

[2] https://fedoraproject.org/wiki/DanHorak/ServerSIG

The extensive discussion which followed mostly consisted of approval for the idea. Dennis Gilmore expressed[3] enthusiasm for the general idea and specifically requested kickstart files for different types of servers and "best practice" whitepapers. An example of one of the issues the SIG might deal with was[4] the observation by Chris Adams that an installation of ntop had resulted in seventy dependencies, including metacity, being pulled down. Peter Robinson attributed[5] this to graphviz and suggested that while such problems were declining in number it would be useful for the ServerSIG to co-ordinate bug filing for these issues. Chris provided[6] a script which allowed test installs into a subdirectory to determine "what gets pulled in." Later James Antill mentioned two useful scripts written by himself and Seth Vidal which show package dependencies and provides as a tree structure. Dominik "rathan" Mierzejewski added[7] a mention of rpmreaper, a utility which eases the removal of unnecessary dependencies.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00652.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00730.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00736.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00778.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00932.html

After Chris observed that "[w]ith rawhide, it appears impossible to install a kernel without pulling in X libraries (because of plymouth), so I guess the base X libraries can be considered "core" now" the conversation took a more adversarial turn. The accuracy of this statement turned out[8] to depend on whether libpng and pango were considered to be "X libraries" and Chris demonstrated the dependency chain as originating with the plymouth-plugin-solar. Les Mikesell commented[9]: "This is all pretty strange from a server perspective. And plymouth is there to keep the screen from blinking while you boot?" When Jesse Keating replied that Plymouth "handl[ed] the passphrase prompting for encrypted volumes" Les argued[10] that it should be optional for remote, headless boxes. Dominik "rathann" Mierzejewski was shocked[11] when Jesse Keating pointed out that plymouth also provided working /var/log/boot.logs: " Hm, you're right, all my boot.log files are 0 bytes (F-9). So instead of fixing the bug, a new package was introduced? Amazing." Dominik's dissatisfaction continued[12] to be unabated when he was informed that the absence of the kernel commandline parameter "rhgb" would result in plymouthd running but without any graphical plugins.

[8] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00787.html

[9] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00787.html

[10] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00795.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00814.html

[12] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00859.html

The automatic selection of plymouth-plugin-solar as opposed to the alternate "plymouth-text-and-details-only" resulted[13] in a discussion around whether it was possible to make yum behave differently in such ambiguous situations. Enrico Scholz wished to add a "fail, warn and/or prompt when multiple packages satisfy a (virtual) dependency[.]" Seth Vidal reminded[14] him that the constraint of non-interactive defaults meant that this might not work. James Antill posted[15] that he had a patch to yum which "[...] would allow Fedora (or any active repo.) to configure these choices manually. We could then also easily have different defaults for the desktop vs. the server spins." James received some questions from Jesse Keating and Bill Nottingham who asked how per-spin defaults would be stored and how to deal with conflicting information from multiple repositories. His answer suggested[16] that introducing new repositories for the metadata or changing its syntax would be necessary.

[13] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00858.html

[14] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00907.html

[15] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00995.html

[16] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg01030.html

Dan Horák's desire to remove plymouth entirely was dismissed[17] as non-optional by Bill Nottingham as it will take on an even more important role in storage handling in the future. Bill suggested that the default plugin was optional however. He reassured[18] Dan that as regards headless machines there had been "[...] some testing on PPC boxes via serial/hvc consoles. Please test that it works in your scenarios as well, of course." When Enrico Scholz rejected disk encryption as important for servers Jesse Keating made[19] the case that "In a colo environment I /would/ want some encryption on the disk, and if I have to use a remote kvm to input the passphrase at reboot time, that's OK. Reboots are either planned events, or emergencies, both of which are going to require the attention of the people who have the passphrase." Alan Cox backed[20] this up: "If you are storing personal data on a system in a colo its practically mandatory to have encryption, and if you are storing anything sensitive its a big deal indeed - at least in those parts of the world with real data and privacy law ;)"

[17] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00784.html

[18] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00792.html

[19] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00798.html

[20] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00823.html

The thread continued in fits and starts. Adam Tkac raised[21] the problem of handling static IPs with NetworkManager (see this same FWN#152 "NetworkManager keyfiles for Pre-login Static Routes" for a discussion of as yet undocumented features). Chuck Anderson disputed[22] that the problem existed and provided commandline and GUI solutions: "[...] for system-wide connections which you would presumably want for a server, you edit /etc/sysconfig/networkscripts/ifcfg-* as usual and NM will bring the interface up at boot. From the desktop, you can Edit Connections and create a new static connection and select it instead of the System or Auto connection which is very handy when moving between networks that don't support DHCP."

An important addendum was provided[23] by Olivier Galibert "Try a "chkconfig -list network". It should be on for levels 2-5. If it isn't, you haven't enabled the old-style networking [.]" The same point was made by Chuck[24] "Are you using NetworkManager or network service? chkconfig -list NetworkManager; chkconfig -list network If NetworkManager is enabled and network is not, then you need to change ifcfg-eth0: NM_CONTROLLED=yes" and by Bill Nottingham[25] "You need to either set NM_CONTROLLED to something other than 'no', or enable the 'network' service. In either case, NM's static network support is not your problem."

[21] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00863.html

[22] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00871.html

[23] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00892.html

[24] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00887.html

[25] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00938.html

The LSB[26] also came in for a bashing due to infrequently used, old tools (such as ypbind and the insecure r-commands) being installed to achieve compliance. Patrice Dumas clarified[27] that ypbind was necessary in @base to provide NIS functionality. Later discussion separated[28] out LSB-Core and LSB-Desktop which should simplify making a minimal install LSB compliant. Bill Nottingham and Chris Adams performed[29] a dissection of @core with the intent of separating out items such as hdparm , prelink , dhclient , ed and others into @base.

[26] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00718.html

[27] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00753.html

[28] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00759.html

[29] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00802.html

Jeremy Katz outlined[30][31] a perspective from the Quality Assurance point of view. The burden imposed by preserving the modularity that many of the participants advocated sounds quite high: "[...] trying to preserve that modularity combinatorially adds to the testing matrix and also makes it significantly more difficult to write code since you can no longer depend on functionality. It also makes things slower as you have to conditionally check for things constantly [...] It's more than just /etc/init.d/network that has to be maintained. There's oodles of stuff in install-time configuration that will have to be maintained, tested, and have things fixed when people report them." Seth Vidal acknowledged[32] this but cautioned against dismissing the objections to particular changes as merely "neoluddite".

[30] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg01023.html

[31] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg01025.html

[32] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg01027.html

The massive thread included much more discussion and resists easy summary. Those interested should probably plow through the messages. Among the issues raised were finding DBus documentation[33] and contention between class devices to set default routes[34].

A quote from DanHorak which seems to offer the perspective of the ServerSIG concisely is appropriate in closing: "It is really time to look back at the roots of Unix systems. It should be a combination of small pieces with well defined interfaces doing well their tasks. Only the time had changed those pieces from simple command line utilities to more complex ones."

[33] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg01071.html

[34] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00911.html

NetworkManager keyfiles for Pre-login Static Routes

In the course of the ServerSIG discussions (see this same FWN#152 "Server SIG") an interesting question about NetworkManager was asked[1] by Les Mikesell: "If you bring up a mix of static and dynamically assigned interfaces, can you control which gets to assign the default route and DNS servers?"

[1] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00872.html

Dan Williams provided[2] a useful description of how NetworkManager currently decides the default route. In response to Olivier Galibert he added[3] that static routes could be set up using the "[...] connection editor see the "Routes..." button in the IPv4 tab. Routes from ifcfg files aren't yet supported, but could be. Routes from keyfile-based system connections (ie, prelogin) are supported." After this tidbit Chuck Anderson prodded[4] Dan into explaining that keyfiles were a way to support things like "VPN, 3G, WPA" which were difficult or impossible to support with the ifcfg files in /etc/sysconfig/network-scripts. "NM has a system settings 'keyfile' plugin that allows editing system connections from the connection editor, or your favorite text editor if you don't use a GUI at all. Add `,keyfile' to the --plugins argument in the /usr/share/dbus-1/systemservices/org.freedesktop.NetworkManagerSystemSettings.service file, and then 'killall -TERM nm-system-settings'."

[2] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00880.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00897.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00900.html

Jesse Keating wondered when and where the documentation for this was placed and Dan replied[5] "[w]hen I struggle up for air from the tarpit that is the concurrent release of NM 0.7 + F10 + RHEL 5.3? :) "

[5] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00912.html

Flash 10 in 64-bit Fedora 9

Jos Vos asked[1] for comparative data on using nspluginwrapper with Firefox to access Flash content in 64-bit Fedora 9. He was experiencing "[...] error messages about not finding 'soundwrapper' in my $PATH [.]"

[1] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00432.html

Although Chris Adams reported success Orcan Ogetbil described[2] a "gray rectangle bug" which seemed to be manifested mostly when multiple tabs were open. Brennan Ashton claimed[3] that it was due to a PulseAudio "bug".

[2] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00439.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00443.html

Ignacio Vazquez-Abrams and others reported[4] no problems and Jos posted[5] that there appeared to be a dependency on libcurl.i386 in the Adobe supplied rpm. This was later stated[6] by Paul Howarth to be changed so that either libcurl.so.3 or libcurl.so.4 will be used via a dlopen() and there is no explicit requires:libcurl in the rpm. Gianluca Szforna supplied[7] a link[8] which suggests that libflashsupport should be completely removed as it may cause crashes.

[4] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00437.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00445.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00479.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-November/msg00484.html

[8] http://macromedia.mplug.org/

Translation

This section covers the news surrounding the Fedora Translation (L10n) Project.

http://fedoraproject.org/wiki/L10N

Contributing Writer: Runa Bhattacharjee

Fedora 10 Release Notes Translation Over

The translation task for the Release Notes to be packaged with Fedora 10 came to an end on 13th November 2008. However, translations for the web version can continue until 21st November 2008[1].

Additionally, the Colophon section has been updated to include the names of the new translators[2] and other contributors[3].


[1] http://www.redhat.com/archives/fedora-trans-list/2008-November/msg00013.html

[2] https://fedorahosted.org/release-notes/ticket/34

[3] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00118.html

Fedora Website Translations for F10

Ricky Zhou announced the start of the translations for the Fedora website, for Fedora 10[4]. The counter is also available for translation[5].

The due date for the Fedora Web translations is November 24th 2008[6] and can be submitted via translate.fedoraproject.org[7].


[4] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00058.html

[5] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00070.html

[6] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00087.html

[7] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00092.html

Few System-config tools to be migrated

Nils Philippsen announced the plans for the migration of a few system-config tools (date, nfs, samba, services, users) from the mercurial to the git repository. Additionally, the documentation and the software would be segregated[8][9]. During the migration, these modules will not be available for updation in translate.fedoraproject.org.


[8] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00065.html

[9] https://fedorahosted.org/fedora-infrastructure/ticket/970

New members in FLP

Three new members joined the Fedora Translation Project last week. Christopher Grebs (German)[10], Muhammad Panji (Indonesian)[11], Rui Gouveia (Portuguese)[12].


[10] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00106.html

[11] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00076.html

[12] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00075.html

Confusion over Hindi Release Notes

There was a confusion while building the hindi release notes for Fedora 10, due to the presence of an obsolete file for the same locale[13]. A bug has been filed for this matter by Rejesh Ranjan[14].

[13] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00102.html

[14] https://bugzilla.redhat.com/show_bug.cgi?id=471028

Docs-Homepage module is now obsolete

The module docs-homepage is now obsolete and does not require further translation[15]. This query was raised by Xavier Conde Rueda and clarified by Paul Frields. A bug has been filed by Noriko Mizumoto for the removal of this module from translate.fedoraproject.org[16].

[15] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00108.html

[16 https://bugzilla.redhat.com/show_bug.cgi?id=471322

FLSco review

Dimitris Glezos, the current chair of the Fedora Localization Steering Committee (FLSCo) has initiated a discussion to evaluate the Committee's present method of functioning and any changes that can be made to improve it [17]. It is to be noted that the next elections for the Steering Committee would be held in December 2009[18].

[17] https://www.redhat.com/archives/fedora-trans-list/2008-November/msg00115.html

[18] http://fedoraproject.org/wiki/L10N/SteeringCommittee/Elections#Upcomming_election

Artwork

In this section, we cover the Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Contributing Writer: Nicu Buculei

Keeping the History Alive

A few years ago, when the Fedora "Infinity Bubble" logo was created, it was accompanied by an insightful set of slides, describing the process which led to its creation. As the original page hosting the slides closed some months ago this particular piece of history was lost. Lost, that is, until now when Máirín Duffy posted[1] on @fedora-art the results of her recovery work "I took some time to grab what I could from archive.org and reconstruct it here: [2]"

[1] https://www.redhat.com/archives/fedora-art-list/2008-November/msg00040.html

[2] https://fedoraproject.org/wiki/Logo/History

Feedback on the Fedora 10 themes

With the final release for Fedora 10 closing, more and more previews are published on the web and in most of them the artwork is praised. This week Jayme Ayres linked[1] to yet another such praising review "I was giving a look at the blog Rodrigo Menezes [2] and saw on the analysis done by 10 Fedora dual blog JupiterBroadcasting [3] (who particularly did not know), said some puerility on Fedora, but praised highly the work of Artwork and then I'd like to share with you. Congratulations to all!"

[1] https://www.redhat.com/archives/fedora-art-list/2008-November/msg00036.html

[2] http://rmenezes.com/2008/11/in-depth-fedora-10-preview/

[3] http://www.jupiterbroadcasting.com/?p=326

Virtualization

In this section, we cover discussion on the @et-mgmnt-tools-list, @fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora virtualization technologies.

Contributing Writer: Dale Bewley

Enterprise Management Tools List

This section contains the discussion happening on the et-mgmt-tools list

Using VirtIO Network Driver for Windows KVM Guest

Working on Ubuntu, Arutyunyan Ruben provisioned Windows KVM guests using virt-manger, and wanted to use virtio[2] drivers to speed up network access. After successfully using a howto[3] to install this support, it was found to be missing after restarting the guest.

Cole Robinson answered[4] that virt-manager does not support setting this option, but it can be accomplished manually by using virsh dumpxml and virsh define.

[1] http://www.redhat.com/archives/et-mgmt-tools/2008-November/msg00033.html

[2] http://wiki.libvirt.org/page/Virtio

[3] http://www.linux-kvm.com/content/tip-how-setup-windows-guest-paravirtual-network-drivers

[4] http://www.redhat.com/archives/et-mgmt-tools/2008-November/msg00034.html

Mounting virt-p2v Disk Images

Paras Pradhan asked[1] how to mount images created by virt-p2v. Joey Boggs described[2] the process.

  • Setup a loop device to the imagefile
losetup /dev/loopX domain.img
  • Read the partitions
kpartx -av /dev/loopX
  • Mount each partition as required
mount /dev/mapper/loopXpX /MOUNTPOINT

After unmounting the partitions, the loopback devices should be removed with kpartx -d and losetup -d.[3]

[1] http://www.redhat.com/archives/et-mgmt-tools/2008-November/msg00026.html

[2] http://www.redhat.com/archives/et-mgmt-tools/2008-November/msg00029.html

[3] http://fedoraproject.org/wiki/Virtualization_Quick_Start#Accessing_data_on_guest_disk_images

Fedora Xen List

This section contains the discussion happening on the fedora-xen list.

Status of dom0 Support in Upstream Kernel

Pasi Kärkkäinen forwarded[1] a message[2] from Jeremy Fitzhardinge, originally to the @xen-devel list, describing the state of dom0 support in the upstream kernel.

".28 was a bit optimistic; (FWN#137[3]) .29 seems reasonable. The current dom0 kernel patches can boot up to a fully functional dom0 usersmode, and you can start xend to see that domain 0 is running. I *think* in theory you can create a deviceless domain, but I haven't tried it. I'm currently working on blktap support.

I really need to put together a proper status update. Now that dom0 usermode is working, its a much better base for other people start contributing."

[1] http://www.redhat.com/archives/fedora-xen/2008-November/msg00011.html

[2] http://lists.xensource.com/archives/html/xen-devel/2008-11/msg00205.html

[3] http://fedoraproject.org/wiki/FWN/Issue137#State_of_Xen_in_Upstream_Linux

Just two days later Jeremy posted[4] a large set of patches to @xen-devel with the following explaination.

"A dom0 Xen domain is basically the same as a normal domU domain, but it has extra privileges to directly access hardware. There are two issues to deal with:

  • translating to and from the domain's pseudo-physical addresses and real machine addresses (for ioremap and setting up DMA)
  • routing hardware interrupts into the domain

ioremap is relatively easy to deal with. ..."

"... Interrupts are a very different affair. The descriptions in each patch describe how it all fits together in detail, but the overview is:

  1. Xen owns the local APICs; the dom0 kernel controls the IO APICs
  2. Hardware interrupts are delivered on event channels like everything else
  3. To set this up, we intercept at pcibios_enable_irq:
  • given a dev+pin, we use ACPI to get a gsi
  • hook acpi_register_gsi to call xen_register_gsi, which
  • allocates an irq (generally not 1:1 with the gsi)
  • asks Xen for a vector and event channel for the irq
  • program the IO APIC to deliver the hardware interrupt to the allocated vector

The upshot is that the device driver gets an irq, and when the hardware raises an interrupt, it gets delivered on that irq.

We maintain our own irq allocation space, since the hardware-bound event channel irqs are intermixed with all the other normal Xen event channel irqs (inter-domain, timers, IPIs, etc). For compatibility the irqs 0-15 are reserved for legacy device interrupts, but the rest of the range is dynamically allocated.

Initialization also requires care. The dom0 kernel parses the ACPI tables as usual, in order to discover the local and IO APICs, and all the rest of the ACPI-provided data the kernel requires. However, because the kernel doesn't own the local APICs and can't directly map the IO APICs, we must be sure to avoid actually touching the hardware when running under Xen.

TODO: work out how to fit MSI[5] into all this.

So, in summary, this series contains:

  • dom0 console support
  • dom0 xenbus support
  • CPU features and IO access for a privleged domain
  • mtrrs
  • making ioremap work on machine addresses
  • swiotlb allocation hooks
  • interrupts:
    • introduce PV io_apic operations
    • add Xen-specific IRQ allocator
    • switch to using all-Xen event delivery
    • add pirq Xen interrupt type
    • table parsing and setup
    • intercept driver interrupt registration

All this code will compile away to nothing when CONFIG_XEN_DOM0 is not enabled. If it is enabled, it will only have an effect if booted as a dom0 kernel; normal native execution and domU execution should be unaffected."

[4] http://lists.xensource.com/archives/html/xen-devel/2008-11/msg00268.html

[5] http://lwn.net/Articles/44139/

Libvirt List

This section contains the discussion happening on the libvir-list.

OpenVZ Bridge Support Committed

Daniel P. Berrange updated[1] a previous patch[2] designed to "enable bridge support in the OpenVZ driver. As well as the fixes suggested last time, it includes an initial bit of HTML doc for the OpenVZ driver, covering example XML, and the bridge configuration requirements."

[1] http://www.redhat.com/archives/libvir-list/2008-November/msg00117.html

[2] http://www.redhat.com/archives/libvir-list/2008-October/msg00326.html

Qemu/KVM Live Migration Implemented

Chris Lalancette posted[1] the patch to implement Qemu/KVM live migration. After a little upstream cleanup[2], the patch was committed.

"Now that upstream Qemu has settled on an interface that is friendly to libvirt (i.e. one that doesn't block the monitor on -incoming), we can implement it here. Note that the bulk of this patch was written by Rich Jones quite a while ago. My hand in it has mostly been to forward port it to current libvirt CVS, tweak it for the new Qemu style, and test it out with a recent KVM (kvm-78, in particular)."

[1] http://www.redhat.com/archives/libvir-list/2008-November/msg00087.html

[2] http://www.redhat.com/archives/libvir-list/2008-November/msg00092.html

Fix Logical Volume Scanning of Encrypted Volumes

Cole Robinson fixed[1] a bug[2] that prevented logical volume scanning of an encrypted volume in a storage pool[3].

[1] http://www.redhat.com/archives/libvir-list/2008-November/msg00138.html

[2] http://bugzilla.redhat.com/show_bug.cgi?id=470693

[3] http://www.libvirt.org/archstorage.html

Greater Details from Domain Events

Daniel P. Berrange posted[1] an RFC on adding greater detail to domain events. "...I'd like to have more information about STOPPED & STARTED events in general.

eg, there are a number of reasons why an domain may have started:

  • explicitly booted on the host
  • restored from a saved image
  • incoming migration operation

and there are a number of reasons why a domain might have stopped:

  • forcably destroyed by host admin
  • shutdown by host admin
  • shutdown by guest admin
  • host emulator process crashed
  • killed by mgmt after host emulation hung
  • migrated to another host
  • saved to a memory image

We have explicit events for the SAVED/RESTORED reasons, but what should we do about the other reasons ?"

One option "is to provide a generic 'char * reason' with each event with provides scope on the cause of the lifecycle operation. So you'd get"

  VIR_DOMAIN_STOPPED  ("crashed", "shutdown", "destroyed",
                       "quit", "hung", "migrated", "saved")
  VIR_DOMAIN_STARTED  ("booted", "migrated", "restored")

Ben Guthro suggested[2] an alternative option of introducing "an event 'sub-type' enum to be passed alongside of the event-type, passed as a second integer", arguing this would be more consistent with the API and would reduce the size of the wire protocol.


[1] http://www.redhat.com/archives/libvir-list/2008-November/msg00164.html

[2] http://www.redhat.com/archives/libvir-list/2008-November/msg00171.html

Daniel agreed, and supplied[3] a patch which "expands the callback for domain events so that it also gets a event type specific 'detail' field. This is also kept as an int, and we define enumerations for the possible values associated with each type. If a event type has no detail, 0 is passed.

The RESTORED and SAVED event types disappear in this patch and just become another piece of 'detail' to the STOPPED and STARTED events. I have also renamed ADDED & REMOVED to DEFINED and UNDEFINED to match terminology we have elsewhere & because the names were confusing me."


[3] http://www.redhat.com/archives/libvir-list/2008-November/msg00197.html


Security Advisories

In this section, we cover Security Advisories from fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: David Nalley

Fedora 9 Security Advisories

Fedora 8 Security Advisories