June 2012 - Devel - Libvirt List Archives

Re: [libvirt] [Qemu-devel] [PATCH v2 0/4] file descriptor passing using passfd

by Corey Bryant

Please ignore this series as well. Something is amiss. I'll be resending. -- Regards, Corey On 06/08/2012 10:53 AM, Corey Bryant wrote: > libvirt's sVirt security driver provides SELinux MAC isolation for > Qemu guest processes and their corresponding image files. In other > words, sVirt uses SELinux to prevent a QEMU process from opening > files that do not belong to it. > > sVirt provides this support by labeling guests and resources with > security labels that are stored in file system extended attributes. > Some file systems, such as NFS, do not support the extended > attribute security namespace, and therefore cannot support sVirt > isolation. > > A solution to this problem is to provide fd passing support, where > libvirt opens files and passes file descriptors to QEMU. This, > along with SELinux policy to prevent QEMU from opening files, can > provide image file isolation for NFS files stored on the same NFS > mount. > > This patch series adds the passfd QMP monitor command, which allows > an fd to be passed via SCM_RIGHTS, and returns the received file > descriptor. Support is also added to the block layer to allow QEMU > to dup the fd when the filename is of the /dev/fd/X format. This > is useful if MAC policy prevents QEMU from opening specific types > of files. > > One nice thing about this approach is that no new SELinux policy is > required to prevent open of NFS files (files with type nfs_t). The > virt_use_nfs boolean type simply needs to be set to false, and open > will be prevented (and dup will be allowed). For example: > > # setsebool virt_use_nfs 0 > # getsebool virt_use_nfs > virt_use_nfs --> off > > Corey Bryant (4): > qapi: Convert getfd and closefd > qapi: Add passfd QMP command > osdep: Enable qemu_open to dup pre-opened fd > block: Convert open calls to qemu_open > > block/raw-posix.c | 18 +++++++++--------- > block/raw-win32.c | 4 ++-- > block/vdi.c | 5 +++-- > block/vmdk.c | 21 +++++++++------------ > block/vpc.c | 2 +- > block/vvfat.c | 21 +++++++++++---------- > hmp-commands.hx | 6 ++---- > hmp.c | 18 ++++++++++++++++++ > hmp.h | 2 ++ > monitor.c | 36 ++++++++++++++++++++---------------- > osdep.c | 13 +++++++++++++ > qapi-schema.json | 44 ++++++++++++++++++++++++++++++++++++++++++++ > qmp-commands.hx | 33 +++++++++++++++++++++++++++++---- > 13 files changed, 163 insertions(+), 60 deletions(-) > -- Regards, Corey

13 years

1
0
0 / 0

Re: [libvirt] [Qemu-devel] [PATCH v2 0/4] file descriptor passing using passfd

by Corey Bryant

Please ignore this series. Something is amiss. I'll be resending. -- Regards, Corey On 06/08/2012 10:49 AM, Corey Bryant wrote: > libvirt's sVirt security driver provides SELinux MAC isolation for > Qemu guest processes and their corresponding image files. In other > words, sVirt uses SELinux to prevent a QEMU process from opening > files that do not belong to it. > > sVirt provides this support by labeling guests and resources with > security labels that are stored in file system extended attributes. > Some file systems, such as NFS, do not support the extended > attribute security namespace, and therefore cannot support sVirt > isolation. > > A solution to this problem is to provide fd passing support, where > libvirt opens files and passes file descriptors to QEMU. This, > along with SELinux policy to prevent QEMU from opening files, can > provide image file isolation for NFS files stored on the same NFS > mount. > > This patch series adds the passfd QMP monitor command, which allows > an fd to be passed via SCM_RIGHTS, and returns the received file > descriptor. Support is also added to the block layer to allow QEMU > to dup the fd when the filename is of the /dev/fd/X format. This > is useful if MAC policy prevents QEMU from opening specific types > of files. > > One nice thing about this approach is that no new SELinux policy is > required to prevent open of NFS files (files with type nfs_t). The > virt_use_nfs boolean type simply needs to be set to false, and open > will be prevented (and dup will be allowed). For example: > > # setsebool virt_use_nfs 0 > # getsebool virt_use_nfs > virt_use_nfs --> off > > Corey Bryant (4): > qapi: Convert getfd and closefd > qapi: Add passfd QMP command > osdep: Enable qemu_open to dup pre-opened fd > block: Convert open calls to qemu_open > > block/raw-posix.c | 18 +++++++++--------- > block/raw-win32.c | 4 ++-- > block/vdi.c | 5 +++-- > block/vmdk.c | 21 +++++++++------------ > block/vpc.c | 2 +- > block/vvfat.c | 21 +++++++++++---------- > hmp-commands.hx | 6 ++---- > hmp.c | 18 ++++++++++++++++++ > hmp.h | 2 ++ > monitor.c | 36 ++++++++++++++++++++---------------- > osdep.c | 13 +++++++++++++ > qapi-schema.json | 44 ++++++++++++++++++++++++++++++++++++++++++++ > qmp-commands.hx | 33 +++++++++++++++++++++++++++++---- > 13 files changed, 163 insertions(+), 60 deletions(-) > -- Regards, Corey

13 years

1
0
0 / 0

[libvirt] pointless time-consuming test 'virsh-all'

by Eric Blake

The command 'make -C tests check' takes forever, because it is calling this lengthy virsh command and ignoring the failures: $ time tools/virsh -c test:///default connect error: Failed to connect to the hypervisor error: Failed to connect socket to '/run/user/eblake/libvirt/libvirt-sock': No such file or directory real 0m21.070s user 0m0.027s sys 0m0.036s The test looks quite broken - ALL it is currently doing is wasting 21 seconds on this one iteration, because it ignores output and exit status (what else _is_ there, besides effects to the file system)? Any volunteers to clean this test up into something that actually does something useful? -- Eric Blake eblake(a)redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

13 years

5
9
0 / 0

[libvirt] daemon: Install libvirtd under 'bin' not 'sbin'

by Zeeshan Ali (Khattak)

From: "Zeeshan Ali (Khattak)" <zeeshanak(a)gnome.org> This binary is not admin-only at all and launching it as normal user is a supported use case: session. --- daemon/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index fbb0ae1..472e523 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -70,7 +70,7 @@ if WITH_LIBVIRTD man8_MANS = libvirtd.8 -sbin_PROGRAMS = libvirtd +bin_PROGRAMS = libvirtd confdir = $(sysconfdir)/libvirt/ conf_DATA = libvirtd.conf -- 1.7.10.2

13 years

4
7
0 / 0

Re: [libvirt] [Qemu-devel] [PATCH qom-next 2/7] qom: Add get_id

by Andreas Färber

Am 08.06.2012 09:44, schrieb Anthony Liguori: > On 06/08/2012 03:11 PM, Andreas Färber wrote: >> Am 08.06.2012 03:22, schrieb Anthony Liguori: >>> On 06/08/2012 03:31 AM, Andreas Färber wrote: >>>> From: Paolo Bonzini<pbonzini(a)redhat.com> >>>> >>>> Some classes may present objects differently in errors, for example if >>>> they >>>> are not part of the composition tree or if they are not assigned an >>>> id by >>>> the user. Let them do this with a get_id method on Object, and use the >>>> method consistently where a %(device) appears in the error. >>>> >>>> Signed-off-by: Paolo Bonzini<pbonzini(a)redhat.com> >>>> [AF: Renamed _object_get_id() to object_instance_get_id(), avoid ?:.] >>>> [AF: Use object_property_is_child().] >>>> Signed-off-by: Andreas Färber<afaerber(a)suse.de> >>> >>> Nack. >> >> Unfortunately that comment comes a bit late (original submission May >> 23rd, me specifically cc'ing you in my reply that it's new and not >> covered by your carte blanche). > > Uh, that was a week before the release. Don't send significant things > during the final part of a release and expect to get significant review. Well, obviously we were hoping to get this series committed immediately after the release, so we needed to get review before that. :) >> The general idea as I understand it is to have a mechanism for having >> devices fill in their ID into %(device) in the error messages once the >> code emitting those errors is at Object level. Peter's improved error >> message practically becomes "Property '.propertyname' ..." because >> without it we'll need to fill in "" in lack of an actual value. > > Ambiguity is fundamentally bad. If you want to return the path, return > the path. If you want to return the type, return the type. Returning > the type because we're too lazy to implement the path properly is not > acceptable and makes the error messages useless (because they're > ambiguous). > > Have a separate 'path' and 'typename' attribute in the errors. With > some cleverness, you can probably use '%p' and interpret the pointer an > as Object * and automagically generate an embedded 'device': { 'path': > '/path/to/device', 'typename': 'FancyType' }. > >>> >>> We should use a canonical path IMHO instead of returning a partial name. >>> >>> Partial names are ambiguous. >> >> Possibly, but a partial name still is an improvement over the current >> situation with no name at all. Also my previous request to not use >> %(device) for Object-level API was rejected with reference to existing >> QMP users, so by the same argument we cannot stuff a QOM path into >> %(device) either and would need a new QMP field %(path) or so. Cc'ing >> Luiz. > > Since qdev->id is NULL 90% of the time, I don't think a user can > realistically rely on it. I don't think changing the type of the data > in the error is going to be a problem. > > Doesn't libvirt ignore the contents of an error object? I'm out of my field there, those questions are for Luiz and the libvirt guys to answer. (Context is ongoing DeviceState -> Object transition on qom-next branch, properties being moved to Object and what info to include in Error objects then) If you reach consensus how to handle this, I can refactor accordingly, or Paolo could pick up my tweaked series again and refactor himself. Regards, Andreas >> There is no guarantee that the object actually has a canonical path at >> that point, and object_get_canonical_path() would g_assert() in such a >> case. -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

13 years

2
1
0 / 0

[libvirt] [PATCH v2] virsh: add keepalive protocol in virsh

by Guannan Ren

Bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=822839 add two general virsh options to support keepalive message protocol -i | --keepalive_interval interval time value (default 5 seconds) -n | --keepalive_count number of heartbeats (default 5 times) For non-p2p migration, start keepalive for remote driver to determine the status of network connection, aborting migrating job after defined amount of interval time. --- tools/virsh.c | 88 +++++++++++++++++++++++++++++++++++++++++++++----------- 1 files changed, 70 insertions(+), 18 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index 0e41d00..602e5a5 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -251,6 +251,8 @@ typedef struct __vshControl { bool readonly; /* connect readonly (first time only, not * during explicit connect command) */ + int keepalive_interval; /* interval time value */ + int keepalive_count; /* keepalive_count value */ char *logfile; /* log file name */ int log_fd; /* log file descriptor */ char *historydir; /* readline history directory name */ @@ -415,13 +417,14 @@ typedef struct __vshCtrlData { vshControl *ctl; const vshCmd *cmd; int writefd; + virConnectPtr dconn; } vshCtrlData; typedef void (*jobWatchTimeoutFunc) (vshControl *ctl, virDomainPtr dom, void *opaque); static bool -vshWatchJob(vshControl *ctl, +vshWatchJob(vshCtrlData *data, virDomainPtr dom, bool verbose, int pipe_fd, @@ -3334,6 +3337,7 @@ cmdSave(vshControl *ctl, const vshCmd *cmd) data.ctl = ctl; data.cmd = cmd; data.writefd = p[1]; + data.dconn = NULL; if (virThreadCreate(&workerThread, true, @@ -3341,7 +3345,7 @@ cmdSave(vshControl *ctl, const vshCmd *cmd) &data) < 0) goto cleanup; - ret = vshWatchJob(ctl, dom, verbose, p[0], 0, NULL, NULL, _("Save")); + ret = vshWatchJob(&data, dom, verbose, p[0], 0, NULL, NULL, _("Save")); virThreadJoin(&workerThread); @@ -3608,6 +3612,7 @@ cmdManagedSave(vshControl *ctl, const vshCmd *cmd) data.ctl = ctl; data.cmd = cmd; data.writefd = p[1]; + data.dconn = NULL; if (virThreadCreate(&workerThread, true, @@ -3615,7 +3620,7 @@ cmdManagedSave(vshControl *ctl, const vshCmd *cmd) &data) < 0) goto cleanup; - ret = vshWatchJob(ctl, dom, verbose, p[0], 0, + ret = vshWatchJob(&data, dom, verbose, p[0], 0, NULL, NULL, _("Managedsave")); virThreadJoin(&workerThread); @@ -4086,6 +4091,7 @@ cmdDump(vshControl *ctl, const vshCmd *cmd) data.ctl = ctl; data.cmd = cmd; data.writefd = p[1]; + data.dconn = NULL; if (virThreadCreate(&workerThread, true, @@ -4093,7 +4099,7 @@ cmdDump(vshControl *ctl, const vshCmd *cmd) &data) < 0) goto cleanup; - ret = vshWatchJob(ctl, dom, verbose, p[0], 0, NULL, NULL, _("Dump")); + ret = vshWatchJob(&data, dom, verbose, p[0], 0, NULL, NULL, _("Dump")); virThreadJoin(&workerThread); @@ -7213,6 +7219,12 @@ doMigrate (void *opaque) dconn = virConnectOpenAuth (desturi, virConnectAuthPtrDefault, 0); if (!dconn) goto out; + data->dconn = dconn; + if (virConnectSetKeepAlive(dconn, + ctl->keepalive_interval, + ctl->keepalive_count) < 0) + vshDebug(ctl, VSH_ERR_WARNING, "migrate: Failed to start keepalive\n"); + ddom = virDomainMigrate2(dom, dconn, xml, flags, dname, migrateuri, 0); if (ddom) { virDomainFree(ddom); @@ -7268,7 +7280,7 @@ vshMigrationTimeout(vshControl *ctl, } static bool -vshWatchJob(vshControl *ctl, +vshWatchJob(vshCtrlData *data, virDomainPtr dom, bool verbose, int pipe_fd, @@ -7286,6 +7298,7 @@ vshWatchJob(vshControl *ctl, char retchar; bool functionReturn = false; sigset_t sigmask, oldsigmask; + vshControl *ctl = data->ctl; sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); @@ -7329,6 +7342,13 @@ repoll: goto cleanup; } + if (data->dconn && virConnectIsAlive(data->dconn) <= 0) { + virDomainAbortJob(dom); + vshError(ctl, "%s", + _("Lost connection to destination host")); + goto cleanup; + } + GETTIMEOFDAY(&curr); if (timeout && (((int)(curr.tv_sec - start.tv_sec) * 1000 + (int)(curr.tv_usec - start.tv_usec) / 1000) > @@ -7402,13 +7422,14 @@ cmdMigrate(vshControl *ctl, const vshCmd *cmd) data.ctl = ctl; data.cmd = cmd; data.writefd = p[1]; + data.dconn = NULL; if (virThreadCreate(&workerThread, true, doMigrate, &data) < 0) goto cleanup; - functionReturn = vshWatchJob(ctl, dom, verbose, p[0], timeout, + functionReturn = vshWatchJob(&data, dom, verbose, p[0], timeout, vshMigrationTimeout, NULL, _("Migration")); virThreadJoin(&workerThread); @@ -18673,6 +18694,7 @@ vshCommandRun(vshControl *ctl, const vshCmd *cmd) while (cmd) { struct timeval before, after; bool enable_timing = ctl->timing; + const char *driver = NULL; if ((ctl->conn == NULL || disconnected) && !(cmd->def->flags & VSH_CMD_FLAG_NOCONNECT)) @@ -18681,6 +18703,18 @@ vshCommandRun(vshControl *ctl, const vshCmd *cmd) if (enable_timing) GETTIMEOFDAY(&before); + /* start keepalive for remote driver */ + driver = virConnectGetType(ctl->conn); + if (STREQ_NULLABLE(driver, "QEMU") || + STREQ_NULLABLE(driver, "xenlight") || + STREQ_NULLABLE(driver, "UML") || + STREQ_NULLABLE(driver, "LXC") || + STREQ_NULLABLE(driver, "remote")) + if (virConnectSetKeepAlive(ctl->conn, + ctl->keepalive_interval, + ctl->keepalive_count) < 0) + vshDebug(ctl, VSH_ERR_WARNING, "migrate: Failed to start keepalive\n"); + ret = cmd->def->handler(ctl, cmd); if (enable_timing) @@ -19959,17 +19993,19 @@ vshUsage(void) fprintf(stdout, _("\n%s [options]... [<command_string>]" "\n%s [options]... <command> [args...]\n\n" " options:\n" - " -c | --connect=URI hypervisor connection URI\n" - " -r | --readonly connect readonly\n" - " -d | --debug=NUM debug level [0-4]\n" - " -h | --help this help\n" - " -q | --quiet quiet mode\n" - " -t | --timing print timing information\n" - " -l | --log=FILE output logging to file\n" - " -v short version\n" - " -V long version\n" - " --version[=TYPE] version, TYPE is short or long (default short)\n" - " -e | --escape <char> set escape sequence for console\n\n" + " -c | --connect=URI hypervisor connection URI\n" + " -r | --readonly connect readonly\n" + " -d | --debug=NUM debug level [0-4]\n" + " -h | --help this help\n" + " -q | --quiet quiet mode\n" + " -t | --timing print timing information\n" + " -l | --log=FILE output logging to file\n" + " -v short version\n" + " -V long version\n" + " --version[=TYPE] version, TYPE is short or long (default short)\n" + " -e | --escape <char> set escape sequence for console\n" + " -i | --keepalive_interval interval time value (default 5 seconds)\n" + " -n | --keepalive_count number of heartbeats (default 5 times)\n\n" " commands (non interactive mode):\n\n"), progname, progname); for (grp = cmdGroups; grp->name; grp++) { @@ -20146,13 +20182,15 @@ vshParseArgv(vshControl *ctl, int argc, char **argv) {"readonly", no_argument, NULL, 'r'}, {"log", required_argument, NULL, 'l'}, {"escape", required_argument, NULL, 'e'}, + {"keepalive_interval", required_argument, NULL, 'i'}, + {"keepalive_count", required_argument, NULL, 'n'}, {NULL, 0, NULL, 0} }; /* Standard (non-command) options. The leading + ensures that no * argument reordering takes place, so that command options are * not confused with top-level virsh options. */ - while ((arg = getopt_long(argc, argv, "+d:hqtc:vVrl:e:", opt, NULL)) != -1) { + while ((arg = getopt_long(argc, argv, "+d:hqtc:vVrl:e:i:n:", opt, NULL)) != -1) { switch (arg) { case 'd': if (virStrToLong_i(optarg, NULL, 10, &ctl->debug) < 0) { @@ -20201,6 +20239,18 @@ vshParseArgv(vshControl *ctl, int argc, char **argv) exit(EXIT_FAILURE); } break; + case 'i': + if (virStrToLong_i(optarg, NULL, 10, &ctl->keepalive_interval) < 0) { + vshError(ctl, "%s", _("option -i takes a numeric argument")); + exit(EXIT_FAILURE); + } + break; + case 'n': + if (virStrToLong_i(optarg, NULL, 10, &ctl->keepalive_count) < 0) { + vshError(ctl, "%s", _("option -n takes a numeric argument")); + exit(EXIT_FAILURE); + } + break; default: vshError(ctl, _("unsupported option '-%c'. See --help."), arg); exit(EXIT_FAILURE); @@ -20232,6 +20282,8 @@ main(int argc, char **argv) ctl->log_fd = -1; /* Initialize log file descriptor */ ctl->debug = VSH_DEBUG_DEFAULT; ctl->escapeChar = CTRL_CLOSE_BRACKET; + ctl->keepalive_interval = 5; + ctl->keepalive_count = 5; if (!setlocale(LC_ALL, "")) { -- 1.7.7.5

13 years

3
3
0 / 0

[libvirt] [PATCH] add xhci support

by Gerd Hoffmann

qemu 1.1 features a xhci controller, this patch adds support for it. Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com> --- src/conf/domain_conf.c | 3 ++- src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 3 +++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 5 ++++- 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 221e1d0..66f649c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -256,7 +256,8 @@ VIR_ENUM_IMPL(virDomainControllerModelUSB, VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST, "ich9-uhci2", "ich9-uhci3", "vt82c686b-uhci", - "pci-ohci") + "pci-ohci", + "nec-xhci") VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST, "mount", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 8d5b35a..b13c3a5 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -631,6 +631,7 @@ enum virDomainControllerModelUSB { VIR_DOMAIN_CONTROLLER_MODEL_USB_ICH9_UHCI3, VIR_DOMAIN_CONTROLLER_MODEL_USB_VT82C686B_UHCI, VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI, + VIR_DOMAIN_CONTROLLER_MODEL_USB_NEC_XHCI, VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST }; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b410648..506d368 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -164,6 +164,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST, "no-user-config", "hda-micro", /* 95 */ + "nec-usb-xhci", ); @@ -1419,6 +1420,8 @@ qemuCapsParseDeviceStr(const char *str, virBitmapPtr flags) qemuCapsSet(flags, QEMU_CAPS_VT82C686B_USB_UHCI); if (strstr(str, "name \"pci-ohci\"")) qemuCapsSet(flags, QEMU_CAPS_PCI_OHCI); + if (strstr(str, "name \"nec-usb-xhci\"")) + qemuCapsSet(flags, QEMU_CAPS_NEC_USB_XHCI); if (strstr(str, "name \"usb-redir\"")) qemuCapsSet(flags, QEMU_CAPS_USB_REDIR); if (strstr(str, "name \"usb-hub\"")) diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 64831e2..f9e62cb 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -131,6 +131,7 @@ enum qemuCapsFlags { QEMU_CAPS_IDE_CD = 93, /* -device ide-cd */ QEMU_CAPS_NO_USER_CONFIG = 94, /* -no-user-config */ QEMU_CAPS_HDA_MICRO = 95, /* -device hda-micro */ + QEMU_CAPS_NEC_USB_XHCI = 96, /* -device nec-usb-xhci */ QEMU_CAPS_LAST, /* this must always be the last item */ }; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fb8d9a3..908a24b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -106,7 +106,8 @@ VIR_ENUM_IMPL(qemuControllerModelUSB, VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST, "ich9-usb-uhci2", "ich9-usb-uhci3", "vt82c686b-usb-uhci", - "pci-ohci"); + "pci-ohci", + "nec-usb-xhci"); VIR_ENUM_DECL(qemuDomainFSDriver) VIR_ENUM_IMPL(qemuDomainFSDriver, VIR_DOMAIN_FS_DRIVER_TYPE_LAST, @@ -2591,6 +2592,8 @@ qemuControllerModelUSBToCaps(int model) return QEMU_CAPS_VT82C686B_USB_UHCI; case VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI: return QEMU_CAPS_PCI_OHCI; + case VIR_DOMAIN_CONTROLLER_MODEL_USB_NEC_XHCI: + return QEMU_CAPS_NEC_USB_XHCI; default: return -1; } -- 1.7.1

13 years

2
1
0 / 0

[libvirt] Libvirt Support Virtio-serail

by Pankaj Rawat

HI all, I wanted to know whether libvirt has any kind of support for virt-io serial or not If yes then how can I use it? Regards Pankaj Rawat DISCLAIMER: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NECHCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NECHCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. . -----------------------------------------------------------------------------------------------------------------------

13 years

4
12
0 / 0

[libvirt] libvirt secret support password or encryption keys?

by Zhimou Peng

Hi all, # man virsh ... SECRET COMMMANDS The following commands manipulate "secrets" (e.g. passwords, passphrases -----> secret-set-value only support "passphrases" and encryption keys). Libvirt can store secrets independently from their So, will libvirt support other 2 kinds of secrets use, and other objects (e.g. volumes or domains) can refer to the secrets in the future? for encryption or possibly other uses. Secrets are identified using an UUID. See <http://libvirt.org/formatsecret.html> for documentation of the XML format used to represent properties of secrets. ... zhpeng BR

13 years

1
0
0 / 0

[libvirt] CPU topology 'sockets' handling guest vs host

by Daniel P. Berrange

On my x86_64 host I have a pair of Quad core CPUs, each in a separate NUMA node. The virsh capabilities topology data reports this: # virsh capabilities | xmllint --xpath /capabilities/host/cpu - <cpu> <arch>x86_64</arch> <model>Opteron_G3</model> <vendor>AMD</vendor> <topology sockets="1" cores="4" threads="1"/> <feature name="osvw"/> <feature name="3dnowprefetch"/> <feature name="cr8legacy"/> <feature name="extapic"/> <feature name="cmp_legacy"/> <feature name="3dnow"/> <feature name="3dnowext"/> <feature name="pdpe1gb"/> <feature name="fxsr_opt"/> <feature name="mmxext"/> <feature name="ht"/> <feature name="vme"/> </cpu> # virsh capabilities | xmllint --xpath /capabilities/host/topology - <topology> <cells num="2"> <cell id="0"> <cpus num="4"> <cpu id="0"/> <cpu id="1"/> <cpu id="2"/> <cpu id="3"/> </cpus> </cell> <cell id="1"> <cpus num="4"> <cpu id="4"/> <cpu id="5"/> <cpu id="6"/> <cpu id="7"/> </cpus> </cell> </cells> </topology> Note, it is reporting sockets=1, because sockets is the number of sockets *per* NUMA node. Now I try to figure the guest to match the host using: <cpu> <topology sockets='1' cores='4' threads='1'/> <numa> <cell cpus='0-3' memory='512000'/> <cell cpus='4-7' memory='512000'/> </numa> </cpu> And I get: error: Maximum CPUs greater than topology limit So, the XML checker is mistaking 'sockets' as the total number of sockets, rather than the per-node socket count. We need to fix this bogus check Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

13 years

3
4
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel June 2012