[libvirt] [PATCH] virschematest: Link with libxml2
by Michal Privoznik
We use libxml2 APIs in the test (e.g. xmlFreeDoc) but not link
with -lxml2 which can cause problems:
/usr/bin/ld: virschematest.o: undefined reference to symbol 'xmlFreeDoc@(a)LIBXML2_2.4.30'
//usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
Makefile:4702: recipe for target 'virschematest' failed
Reported-by: Katerina Koukiou <k.koukiou(a)googlemail.com>
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Pushed under build breaker rule.
tests/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9238a73..28070ea 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1000,7 +1000,7 @@ virtimetest_LDADD = $(LDADDS)
virschematest_SOURCES = \
virschematest.c testutils.h testutils.c
-virschematest_LDADD = $(LDADDS)
+virschematest_LDADD = $(LDADDS) $(LIBXML_LIBS)
virstringtest_SOURCES = \
virstringtest.c testutils.h testutils.c
--
2.8.3
8 years, 5 months
[libvirt] [PATCH 0/9] Make TLS priority choice configurable
by Daniel P. Berrange
Historically libvirt has used gnutls_set_default_priority()
to tell GNUTLS to use its standard protocol/cipher config
settings. Since Fedora >= 21, this has caused gnutls to
lookup the conf in /etc/crypto-policies/back-end/gnutls.conf,
while previously it was hardcoded at gnutls build time.
Using the global config is good, but sometimes there might
be a need to have libvirt use a different config than
everything else on the host. eg the global config must
need to be weakened for back-compat usage in non-libvirt
apps. We should allow libvirt to maintain a strong config
despite this.
Ideally gnutls would let us express a preference for multiple
config file settings, and would pick the first one it found.
That would let us request "@LIBVIRT,SYSTEM" to say use the
"LIBVIRT" priority if set, otherwise use the "SYSTEM" priority.
This is proposed in upstream GNUTLS
http://lists.gnutls.org/pipermail/gnutls-devel/2016-June/008007.html
and if accepted will be the best way to configure things. Until
that feature is accepted though, we should allow a local override
in libvirtd.conf (servers) and libvirt.conf (clients). This series
of patches does that.
NB, we also need to do similar for the QEMU VNC TLS configuration
but that's going to be a followup series.
Daniel P. Berrange (9):
tls: remove support for gnutls 1.x.x, require 2.2.0
rpc: set gnutls log function at global init time
configure: allow setting default TLS priority string
rpc: allow priority string to be passed to TLS context
libvirtd: add config option for TLS priority
remote: allow TLS protocol/cipher priority override in URI
Pass config file object through to driver open methods
remote: allow TLS priority to be customized
Use @SYSTEM priority for TLS on Fedora >= 21
configure.ac | 12 ++++++++-
daemon/libvirtd-config.c | 2 ++
daemon/libvirtd-config.h | 1 +
daemon/libvirtd.aug | 1 +
daemon/libvirtd.c | 2 ++
daemon/libvirtd.conf | 9 ++++++-
daemon/test_libvirtd.aug.in | 1 +
docs/remote.html.in | 13 ++++++++++
libvirt.spec.in | 7 ++++++
src/Makefile.am | 1 -
src/bhyve/bhyve_driver.c | 1 +
src/driver-hypervisor.h | 1 +
src/esx/esx_driver.c | 1 +
src/gnutls_1_0_compat.h | 43 --------------------------------
src/hyperv/hyperv_driver.c | 4 ++-
src/libvirt.c | 2 +-
src/libxl/libxl_driver.c | 1 +
src/lxc/lxc_driver.c | 1 +
src/openvz/openvz_driver.c | 1 +
src/phyp/phyp_driver.c | 4 ++-
src/qemu/qemu_driver.c | 1 +
src/remote/remote_driver.c | 20 ++++++++++++++-
src/rpc/virnettlscontext.c | 59 ++++++++++++++++++++++----------------------
src/rpc/virnettlscontext.h | 4 +++
src/test/test_driver.c | 1 +
src/uml/uml_driver.c | 1 +
src/vbox/vbox_common.c | 1 +
src/vbox/vbox_driver.c | 1 +
src/vmware/vmware_driver.c | 1 +
src/vz/vz_driver.c | 1 +
src/xen/xen_driver.c | 4 ++-
tests/virnettlscontexttest.c | 2 ++
tests/virnettlshelpers.h | 1 -
tests/virnettlssessiontest.c | 2 ++
34 files changed, 126 insertions(+), 81 deletions(-)
delete mode 100644 src/gnutls_1_0_compat.h
--
2.5.5
8 years, 5 months
[libvirt] [PATCH] virschematest: Access the right directory containing XMLs
by Michal Privoznik
So the story goes like this. The testSchemaDirs() function is
called with: a) the schema file, b) list of the directories that
contains XMLs documents that should be checked against the schema
file from a). However, the directories in the list are really
just their names and it's up to testSchemaDirs to construct the
absolute path and call testSchemaDir() which then does the actual
validation. The absolute path is constructed, but never actually
used (maybe due to a typo). Thus a VPATH build is broken.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tests/virschematest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/virschematest.c b/tests/virschematest.c
index f4d41bd..c173037 100644
--- a/tests/virschematest.c
+++ b/tests/virschematest.c
@@ -140,7 +140,7 @@ testSchemaDirs(const char *schema, ...)
ret = -1;
goto cleanup;
}
- if (testSchemaDir(schema, validator, dir) < 0)
+ if (testSchemaDir(schema, validator, dir_path) < 0)
ret = -1;
VIR_FREE(dir_path);
}
--
2.8.3
8 years, 5 months
[libvirt] [PATCH] virsh: domdisplay: if listen is 0.0.0.0 or [::] print address from URI
by Pavel Hrdina
Currently if a guest has listen address 0.0.0.0 or [::] and you run
"virsh domdisplay $domain" you always get "spice://localhost:$port".
We want to print better address if someone is connected from a different
computer using "virsh -c qemu+ssh://some.host/system". This patch fixes the
behavior of virsh to print in this case "spice://some.host:$port".
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1332446
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
tools/virsh-domain.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 8d7ff61..93c7050 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -57,6 +57,7 @@
#include "virtypedparam.h"
#include "virxml.h"
#include "virsh-nodedev.h"
+#include "viruri.h"
/* Gnulib doesn't guarantee SA_SIGINFO support. */
#ifndef SA_SIGINFO
@@ -10617,6 +10618,23 @@ cmdDomDisplay(vshControl *ctl, const vshCmd *cmd)
VIR_FREE(xpath);
}
+ /* If listen_addr is 0.0.0.0 or [::] we should try to parse URI and set
+ * listen_addr based on current URI. */
+ if (listen_addr) {
+ if (virSocketAddrParse(&addr, listen_addr, AF_UNSPEC) > 0 &&
+ virSocketAddrIsWildcard(&addr)) {
+
+ virURIPtr uri = virURIParse(ctl->connname);
+
+ /* It's safe to free the listen_addr even if parsing of URI
+ * fails, if there is no listen_addr we will print "localhost". */
+ VIR_FREE(listen_addr);
+
+ if (uri && VIR_STRDUP(listen_addr, uri->server) < 0)
+ goto cleanup;
+ }
+ }
+
/* We can query this info for all the graphics types since we'll
* get nothing for the unsupported ones (just rdp for now).
* Also the parameter '--include-password' was already taken
@@ -10638,9 +10656,7 @@ cmdDomDisplay(vshControl *ctl, const vshCmd *cmd)
virBufferAsprintf(&buf, ":%s@", passwd);
/* Then host name or IP */
- if (!listen_addr ||
- (virSocketAddrParse(&addr, listen_addr, AF_UNSPEC) > 0 &&
- virSocketAddrIsWildcard(&addr)))
+ if (!listen_addr)
virBufferAddLit(&buf, "localhost");
else if (strchr(listen_addr, ':'))
virBufferAsprintf(&buf, "[%s]", listen_addr);
--
2.8.3
8 years, 5 months
[libvirt] [PATCH] qemu_process: print generic error if qemu exit without printing any error
by Pavel Hrdina
In this case we would print only the libvirt part of error message without any
explanation what happened:
"error: internal error: process exited while connecting to monitor:"
Let's print a generic error if this happens.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335617
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/qemu/qemu_process.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e847cd1..86701da 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1808,6 +1808,13 @@ qemuProcessReportLogError(qemuDomainLogContextPtr logCtxt,
if (qemuProcessReadLog(logCtxt, &logmsg) < 0)
return -1;
+ if (virStringIsEmpty(logmsg)) {
+ VIR_FREE(logmsg);
+ if (VIR_STRDUP(logmsg, _("qemu process exited without any "
+ "error printed out")) < 0)
+ return -1;
+ }
+
virResetLastError();
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s: %s"), msgprefix, logmsg);
--
2.8.3
8 years, 5 months
[libvirt] [PATCH RFC 00/16] Add support for LUKS encrypted devices
by John Ferlan
Patches 1-3 were posted separately:
http://www.redhat.com/archives/libvir-list/2016-June/msg00256.html
But perhaps seeing the final direction will make things more clear as
to why a "real" flag system wasn't used and keeping the current paradigm
of constant value returns still works just fine.
Patches 4-5 were posted separately:
http://www.redhat.com/archives/libvir-list/2016-June/msg00091.html (4)
http://www.redhat.com/archives/libvir-list/2016-June/msg00094.html (5)
Although at one point patch 4 had an ACK:
http://www.redhat.com/archives/libvir-list/2016-May/msg02115.html
It wasn't clear if the more recent review rescinded that, so it still
remains "in the list". I understand the concern about adding secret to
cfg.mk checking, but without a better idea of how to handle - I left
things as they were.
Patches 6-16 are all new. Some parts are separable, but rather than continue
piecemeal I just figured going with an RFC will at least
Patch 6 is only there to "prove" that using the current encryption paradigm
XML still works, although if I've read the tea leaves correctly, the qemu
support isn't working as desired/expected.
Patch 7 adds "usage" as an XML attribute for encryption and the associated
tests with that. I've chosen to "reuse" the <encryption> XML element rather
than inventing something new. I'm not opposed to something new, but let's
decide up a name quickly...
Patch 8-9 adds the ability for the storage backend to create/recognize a
luks volume
Patches 10-13 adds support for luks encryption in the storage backend.
The new "<secret>" format uses "luks" as the usage type and "<key>" as
the 'name'. If those names cause angst, I'm fine with changing, but just
give a better suggestion! Adding <cipher> and <ivgen> were a result of
using qemu constructs from qemu commit id '3e308f20'. Since we are parsing
something new, I figure failing in the domain parse code for this new type
was acceptible as opposed to some post processing check.
Patches 14-16 adds support for luks encryption to the domain using
<encryption type='luks'... <secret format='key' usage/uuid='xxx'>>
I've tested using a "good" and "bad" password and got the expected results
for starting a domain. I did not add 'virsh vol-create-as' support just
yet. I figured that would be less to go back and redo if the names of
elements changes. I've also run the changes through Coverity with no
new issues detected.
The whole series is a result of the following bz:
https://bugzilla.redhat.com/show_bug.cgi?id=1301021
John Ferlan (16):
storage: Adjust qemu-img switches check
storage: Create helper to set backing for CreateQemuImg code
storage: Create helper to set options for CreateQemuImg code
storage: Use virSecretGetSecretString
secret: Move virStorageSecretType to secret_util and rename
tests: Adjust tests for encrypted storage
util: Add 'usage' for encryption
util: Modify the FileTypeInfo for meta data checks
util: Add 'luks' to the FileTypeInfo
conf: Add new secret type "luks"
encryption: Add luks parsing for storageencryption
encryption: Add <cipher> and <ivgen> to encryption
storage: Add support to create a luks volume
qemu: Change protocol parameter for secret setup
qemu: Remove authdef from secret setup
qemu: Add luks support for domain disk
cfg.mk | 2 +-
docs/aclpolkit.html.in | 4 +
docs/formatsecret.html.in | 60 ++-
docs/formatstorageencryption.html.in | 115 ++++-
docs/schemas/secret.rng | 10 +
docs/schemas/storagecommon.rng | 58 ++-
include/libvirt/libvirt-secret.h | 3 +-
src/Makefile.am | 1 +
src/access/viraccessdriverpolkit.c | 13 +
src/conf/domain_conf.c | 11 +
src/conf/secret_conf.c | 26 +-
src/conf/secret_conf.h | 3 +-
src/conf/virsecretobj.c | 5 +
src/libvirt_private.syms | 1 +
src/libxl/libxl_conf.c | 2 +-
src/qemu/qemu_command.c | 8 +-
src/qemu/qemu_domain.c | 154 ++++---
src/qemu/qemu_process.c | 18 +-
src/secret/secret_util.c | 18 +-
src/secret/secret_util.h | 22 +-
src/storage/storage_backend.c | 480 +++++++++++++++------
src/storage/storage_backend.h | 3 +-
src/storage/storage_backend_fs.c | 10 +-
src/storage/storage_backend_gluster.c | 2 +
src/storage/storage_backend_iscsi.c | 55 +--
src/storage/storage_backend_rbd.c | 49 +--
src/util/virendian.h | 24 ++
src/util/virqemu.c | 23 +
src/util/virqemu.h | 6 +
src/util/virstorageencryption.c | 166 ++++++-
src/util/virstorageencryption.h | 18 +-
src/util/virstoragefile.c | 125 ++++--
src/util/virstoragefile.h | 18 +-
tests/qemuargv2xmltest.c | 4 +-
.../qemuxml2argv-encrypted-disk-usage.args | 24 ++
.../qemuxml2argv-encrypted-disk-usage.xml | 32 ++
.../qemuxml2argv-encrypted-disk.args | 26 +-
.../qemuxml2argv-encrypted-disk.xml | 4 +-
.../qemuxml2argv-luks-disk-cipher.args | 36 ++
.../qemuxml2argv-luks-disk-cipher.xml | 41 ++
.../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 ++
tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++
tests/qemuxml2argvtest.c | 14 +-
.../qemuxml2xmlout-encrypted-disk-usage.xml | 36 ++
.../qemuxml2xmlout-encrypted-disk.xml | 4 +-
.../qemuxml2xmlout-luks-disk-cipher.xml | 45 ++
.../qemuxml2xmlout-luks-disks.xml | 45 ++
tests/qemuxml2xmltest.c | 3 +
tests/secretxml2xmlin/usage-luks.xml | 7 +
tests/secretxml2xmltest.c | 1 +
tests/storagevolxml2argvdata/qcow2-flag.argv | 2 -
.../qcow2-nobacking-convert-flag.argv | 2 -
.../qcow2-nobacking-convert-none.argv | 2 -
.../qcow2-nobacking-flag.argv | 1 -
.../qcow2-nobacking-none.argv | 1 -
tests/storagevolxml2argvdata/qcow2-none.argv | 1 -
tests/storagevolxml2argvtest.c | 25 +-
tests/storagevolxml2xmlin/vol-luks-cipher.xml | 23 +
tests/storagevolxml2xmlin/vol-luks.xml | 21 +
tests/storagevolxml2xmlout/vol-luks-cipher.xml | 23 +
tests/storagevolxml2xmlout/vol-luks.xml | 21 +
tests/storagevolxml2xmltest.c | 2 +
tests/virendiantest.c | 18 +
63 files changed, 1619 insertions(+), 435 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
create mode 100644 tests/secretxml2xmlin/usage-luks.xml
delete mode 100644 tests/storagevolxml2argvdata/qcow2-flag.argv
delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-convert-flag.argv
delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-convert-none.argv
delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-flag.argv
delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-none.argv
delete mode 100644 tests/storagevolxml2argvdata/qcow2-none.argv
create mode 100644 tests/storagevolxml2xmlin/vol-luks-cipher.xml
create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
create mode 100644 tests/storagevolxml2xmlout/vol-luks-cipher.xml
create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml
--
2.5.5
8 years, 5 months
[libvirt] [PATCH 0/3] qemu: fix startup policy checking
by Peter Krempa
One of the recent refactors broke disk startup policy checking. Fix it with a
few cleanups.
Peter Krempa (3):
qemu: domain: Sanitize return value handling in disk presence checker
qemu: process: Unexport qemuProcessStartValidate
qemu: process: Call disk startup policy check after cloning domain def
src/qemu/qemu_domain.c | 16 +++++-----------
src/qemu/qemu_process.c | 14 +++++++++-----
src/qemu/qemu_process.h | 7 -------
3 files changed, 14 insertions(+), 23 deletions(-)
--
2.8.3
8 years, 5 months
[libvirt] [PATCH] qemu: driver: Unset log file watcher after restoring a VM save file
by Peter Krempa
qemuProcessStart does not unset the infrastructure that retrieves errors
from the qemu log file in case of migration. As this wasn't handled
properly in qemuDomainSaveImageStartVM we kept the logging context/fd
open for the lifetime of the VM rather than closing it after it's not
needed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325080
---
src/qemu/qemu_driver.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 10d3e3d..4f09630 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6509,6 +6509,11 @@ qemuDomainSaveImageStartVM(virConnectPtr conn,
if (!restored)
goto cleanup;
+ /* qemuProcessStart doesn't unsed the qemu error reporting infrastructure
+ * in case of migration (which is used in this case) so we need to reset it
+ * so that the handle to virtlogd is not held open unnecessarily */
+ qemuMonitorSetDomainLog(qemuDomainGetMonitor(vm), NULL, NULL, NULL);
+
event = virDomainEventLifecycleNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
VIR_DOMAIN_EVENT_STARTED_RESTORED);
--
2.8.3
8 years, 5 months
[libvirt] [PATCH] xen: Also add sub-type for driver=tap2 in xen-xm
by Philipp Hahn
tap2 only handles 'aio', but not 'raw', which must be explicitly given:
| $ virsh domxml-to-native yyy.xml > yyy.xm
| $ xm new yyy.xm
| Error: tap:/srv/xen/xxx.img not a valid disk type
| $ sed -i -e 's/tap2:/&aio:/' yyy.xm
| $ xm new yyy.xm
Fix reading and writing "xen-xm" format for "tap2" by handling it the
same as "tap".
---
src/xenconfig/xen_xm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/xenconfig/xen_xm.c b/src/xenconfig/xen_xm.c
index e09d97e..6556886 100644
--- a/src/xenconfig/xen_xm.c
+++ b/src/xenconfig/xen_xm.c
@@ -196,7 +196,8 @@ xenParseXMDisk(virConfPtr conf, virDomainDefPtr def)
}
/* And the sub-type for tap:XXX: type */
- if (STREQ_NULLABLE(virDomainDiskGetDriver(disk), "tap")) {
+ if (STREQ_NULLABLE(virDomainDiskGetDriver(disk), "tap") ||
+ STREQ_NULLABLE(virDomainDiskGetDriver(disk), "tap2")) {
char *driverType;
if (!(tmp = strchr(src, ':')))
@@ -298,7 +299,7 @@ xenFormatXMDisk(virConfValuePtr list,
else
type = virStorageFileFormatTypeToString(format);
virBufferAsprintf(&buf, "%s:", driver);
- if (STREQ(driver, "tap"))
+ if (STREQ(driver, "tap") || STREQ(driver, "tap2"))
virBufferAsprintf(&buf, "%s:", type);
} else {
switch (virDomainDiskGetType(disk)) {
--
2.1.4
8 years, 5 months
