[libvirt] [jenkins-ci PATCH] guests: Reduce boot delay for FreeBSD
by Andrea Bolognani
Set it to 1 second instead of the default 10 seconds. This brings
it in line with Linux guests and makes boot faster.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/tasks/base.yml | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml
index a25420a..a71e66d 100644
--- a/guests/tasks/base.yml
+++ b/guests/tasks/base.yml
@@ -181,9 +181,12 @@
- name: Configure the FreeBSD bootloader
lineinfile:
path: /boot/loader.conf
- regexp: '^console=.*$'
- line: 'console="comconsole"'
+ regexp: '^{{ item.key }}=.*$'
+ line: '{{ item.key }}="{{ item.value }}"'
create: yes
backup: yes
+ with_items:
+ - { key: 'console', value: 'comconsole' }
+ - { key: 'autoboot_delay', value: '1' }
when:
- os_name == 'FreeBSD'
--
2.13.6
7 years, 1 month
[libvirt] [PATCH] qemu_domain: Error out eariler when adding an IDE controller to a q35-based vm
by Lin Ma
Signed-off-by: Lin Ma <lma(a)suse.com>
---
src/qemu/qemu_domain.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index ece8ee7..120d31c 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3975,10 +3975,18 @@ qemuDomainControllerDefPostParse(virDomainControllerDefPtr cont,
}
break;
+ case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
+ if (qemuDomainIsQ35(def)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("IDE controllers are unsupported for q35 "
+ "machine type"));
+ return -1;
+ }
+ break;
+
case VIR_DOMAIN_CONTROLLER_TYPE_SATA:
case VIR_DOMAIN_CONTROLLER_TYPE_VIRTIO_SERIAL:
case VIR_DOMAIN_CONTROLLER_TYPE_CCID:
- case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
case VIR_DOMAIN_CONTROLLER_TYPE_LAST:
break;
--
2.9.2
7 years, 1 month
[libvirt] [jenkins-ci PATCH] guests: Use OpenJDK 8 on Debian 8 too
by Andrea Bolognani
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/files/jessie-backports.preferences | 3 +++
guests/files/jessie-backports.sources | 1 +
guests/tasks/base.yml | 20 ++++++++++++++++++++
guests/vars/mappings.yml | 1 -
4 files changed, 24 insertions(+), 1 deletion(-)
create mode 100644 guests/files/jessie-backports.preferences
create mode 100644 guests/files/jessie-backports.sources
diff --git a/guests/files/jessie-backports.preferences b/guests/files/jessie-backports.preferences
new file mode 100644
index 0000000..5e657f6
--- /dev/null
+++ b/guests/files/jessie-backports.preferences
@@ -0,0 +1,3 @@
+Package: openjdk-8-jre-headless java-common ca-certificates-java
+Pin: release a=jessie-backports
+Pin-Priority: 900
diff --git a/guests/files/jessie-backports.sources b/guests/files/jessie-backports.sources
new file mode 100644
index 0000000..6e6d261
--- /dev/null
+++ b/guests/files/jessie-backports.sources
@@ -0,0 +1 @@
+deb http://deb.debian.org/debian/ jessie-backports main
diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml
index 6acd967..a25420a 100644
--- a/guests/tasks/base.yml
+++ b/guests/tasks/base.yml
@@ -33,6 +33,26 @@
- ( os_name == 'CentOS' or
os_name == 'Fedora' )
+- name: Enable jessie-backports repository
+ copy:
+ src: files/jessie-backports.sources
+ dest: /etc/apt/sources.list.d/jessie-backports.list
+ owner: root
+ group: root
+ when:
+ - os_name == 'Debian'
+ - os_version == '8'
+
+- name: Configure APT pinning for jessie-backports
+ copy:
+ src: files/jessie-backports.preferences
+ dest: /etc/apt/preferences.d/jessie-backports
+ owner: root
+ group: root
+ when:
+ - os_name == 'Debian'
+ - os_version == '8'
+
- name: Bootstrap the package module
command: apt-get install -y python-apt
args:
diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml
index cae9d23..d620b5d 100644
--- a/guests/vars/mappings.yml
+++ b/guests/vars/mappings.yml
@@ -175,7 +175,6 @@ mappings:
deb: openjdk-8-jre-headless
pkg: openjdk8-jre
rpm: java-1.8.0-openjdk-headless
- Debian8: openjdk-7-jre-headless
Ubuntu12: openjdk-7-jre-headless
Ubuntu14: openjdk-7-jre-headless
--
2.13.6
7 years, 1 month
[libvirt] [PATCH] Add output of local time when adding the option of "--pretty" for virsh domtime
by ZhiPeng Lu
Add more human-friendly output of domain's system time.
Signed-off-by: ZhiPeng Lu <lu.zhipeng(a)zte.com.cn>
Reviewed-by: Jiyun Fan <fan.jiyun(a)zte.com.cn>
---
tools/virsh-domain-monitor.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c
index 35d04b2..d9520ff 100644
--- a/tools/virsh-domain-monitor.c
+++ b/tools/virsh-domain-monitor.c
@@ -1384,17 +1384,22 @@ cmdDomTime(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
if (pretty) {
- char timestr[100];
+ char timestr[100], localtimestr[100];
time_t cur_time = seconds;
- struct tm time_info;
+ struct tm time_info, local_time_info;
if (!gmtime_r(&cur_time, &time_info)) {
vshError(ctl, _("Unable to format time"));
goto cleanup;
}
+ if (!localtime_r(&cur_time, &local_time_info)) {
+ vshError(ctl, _("Unable to format local time"));
+ goto cleanup;
+ }
strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", &time_info);
+ strftime(localtimestr, sizeof(localtimestr), "%Y-%m-%d %H:%M:%S", &local_time_info);
- vshPrint(ctl, _("Time: %s"), timestr);
+ vshPrint(ctl, _("Time: %s\n Local time: %s"), timestr, localtimestr);
} else {
vshPrint(ctl, _("Time: %lld"), seconds);
}
--
1.8.3.1
7 years, 1 month
[libvirt] [PATCH v6 0/8] Use secret objects to pass iSCSI passwords
by John Ferlan
v5: https://www.redhat.com/archives/libvir-list/2017-October/msg00228.html
FWIW: AFAICT this series does not need/require changes that Peter has
posted for continuing blocked-add saga related to user-specified
backing chains:
https://www.redhat.com/archives/libvir-list/2017-October/msg00956.html
Changes since v5:
* Some patches pushed as part of Peter Krempa's work and the two patches
to perform the parsing of auth and encryption data in virStorageSource
were pushed separately
* Removed patches dealing with qemuDomainStorageSourceCopy and
virDomainDiskStorageSourceNew
Patches 9->16 reworked
Patch1: (previous patch 10)
- Rework logic to remove the need to pass around the @xmlopt for
virStorageSourcePtr allocation and instead VIR_ALLOC(iscsisrc->src)
directly as other consumers do.
Patch2: (previous patch 11)
- Use the qemuDomainStorageSourcePrivatePtr and friend macro
QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE to manage the iscsisrc->src data
making sure to ensure that srcPriv (e.g. privateData) exists.
Patch3: (previous patch 12)
- Only minor merge related changes.
Patch4: (previous patch 13)
- Merge related plus additional check to ensure srcPriv exists before
dereference secinfo
Patch5: (previous patch 14)
- No change
Patch 6: (previous patch 15)
- Merge related changes, plus checks for srcPriv before deref secinfo
NB: Testing note - I did ensure at this point if the password secret
capability check fails that the code will still do the right thing.
Patch7: (previous patch 9)
- No change... Presented since it wasn't ACK'd before
Patch8: (previous patch16)
- No change
John Ferlan (8):
conf,qemu: Replace iscsisrc fields with virStorageSourcePtr
qemu: Use private storage source for iscsi instead of private hostdev
qemu: Remove private hostdev
qemu: Refactor qemuBuildSCSIiSCSIHostdevDrvStr slightly
qemu: Get capabilities to use iscsi password-secret argument
qemu: Use secret objects to pass iSCSI passwords
docs: Add news article regarding auth/encryption placement
docs: Add news article to describe iSCSI usage of secret object
docs/news.xml | 23 ++++++
src/conf/domain_conf.c | 58 ++++++++--------
src/conf/domain_conf.h | 9 +--
src/lxc/lxc_native.c | 2 +-
src/qemu/qemu_block.c | 65 ++++++++++++++++-
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 75 +++++++++++++++-----
src/qemu/qemu_command.h | 3 +-
src/qemu/qemu_domain.c | 81 +++++++---------------
src/qemu/qemu_domain.h | 14 ----
src/qemu/qemu_hotplug.c | 52 +++++++++++++-
src/qemu/qemu_parse_command.c | 4 +-
src/vbox/vbox_common.c | 2 +-
src/xenconfig/xen_common.c | 2 +-
src/xenconfig/xen_sxpr.c | 2 +-
src/xenconfig/xen_xl.c | 2 +-
tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 +
...xml2argv-disk-drive-network-iscsi-auth-AES.args | 41 +++++++++++
...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 ++++++++++++
...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 45 ++++++++++++
...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 +++++++++++++
tests/qemuxml2argvtest.c | 10 +++
tests/virhostdevtest.c | 2 +-
28 files changed, 451 insertions(+), 140 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml
--
2.13.6
7 years, 1 month
[libvirt] [jenkins-ci PATCH] guests: use su instead of sudo in rc.local to start Jenkins agent
by Pavel Hrdina
On FreeBSD the sudo command cleans the new environment too much
and Jenkins is not able to run properly.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
guests/group_vars/all/main.yml | 2 +-
guests/host_vars/libvirt-freebsd-10/main.yml | 2 +-
guests/host_vars/libvirt-freebsd-11/main.yml | 2 +-
guests/tasks/jenkins.yml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml
index d24af59..9bf5d05 100644
--- a/guests/group_vars/all/main.yml
+++ b/guests/group_vars/all/main.yml
@@ -12,4 +12,4 @@ jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent
bash: /bin/bash
java: /usr/bin/java
make: /usr/bin/make
-sudo: /usr/bin/sudo
+su: /bin/su
diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml
index 1547802..2931fe3 100644
--- a/guests/host_vars/libvirt-freebsd-10/main.yml
+++ b/guests/host_vars/libvirt-freebsd-10/main.yml
@@ -4,7 +4,7 @@ ansible_python_interpreter: /usr/local/bin/python2
bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
-sudo: /usr/local/bin/sudo
+su: /usr/bin/su
projects:
- base
diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml
index 1547802..2931fe3 100644
--- a/guests/host_vars/libvirt-freebsd-11/main.yml
+++ b/guests/host_vars/libvirt-freebsd-11/main.yml
@@ -4,7 +4,7 @@ ansible_python_interpreter: /usr/local/bin/python2
bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
-sudo: /usr/local/bin/sudo
+su: /usr/bin/su
projects:
- base
diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml
index a1b8f46..87ebafa 100644
--- a/guests/tasks/jenkins.yml
+++ b/guests/tasks/jenkins.yml
@@ -19,7 +19,7 @@
create: yes
backup: yes
regexp: '^nohup.*jenkins.*java.*slave\.jar.*&$'
- line: "nohup {{ sudo }} -u jenkins {{ bash }} -l -c '{{ java }} -jar /home/jenkins/slave.jar -jnlpUrl \"{{ jenkins_url }}\" -secret \"{{ jenkins_secret }}\"' >/var/log/jenkins.log 2>&1 &"
+ line: "nohup {{ su }} - jenkins -c '{{ java }} -jar /home/jenkins/slave.jar -jnlpUrl \"{{ jenkins_url }}\" -secret \"{{ jenkins_secret }}\"' >/var/log/jenkins.log 2>&1 &"
insertbefore: '^exit .*$'
when:
- ansible_service_mgr != 'systemd'
--
2.13.6
7 years, 1 month
[libvirt] [PATCH] conf: Rename [n]macs and maxmacs to [n]names and maxnames
by John Ferlan
To avoid further confusion - rename the array elements to what they are.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
Pushing as trivial as noted by:
https://www.redhat.com/archives/libvir-list/2017-October/msg00981.html
src/conf/virinterfaceobj.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/conf/virinterfaceobj.c b/src/conf/virinterfaceobj.c
index 21d76e7507..f90c0bd9c4 100644
--- a/src/conf/virinterfaceobj.c
+++ b/src/conf/virinterfaceobj.c
@@ -160,9 +160,9 @@ virInterfaceObjListNew(void)
struct _virInterfaceObjFindMACData {
const char *matchStr;
bool error;
- int nmacs;
- int maxmacs;
- char **const macs;
+ int nnames;
+ int maxnames;
+ char **const names;
};
static int
@@ -176,17 +176,17 @@ virInterfaceObjListFindByMACStringCb(void *payload,
if (data->error)
return 0;
- if (data->nmacs == data->maxmacs)
+ if (data->nnames == data->maxnames)
return 0;
virObjectLock(obj);
if (STRCASEEQ(obj->def->mac, data->matchStr)) {
- if (VIR_STRDUP(data->macs[data->nmacs], obj->def->name) < 0) {
+ if (VIR_STRDUP(data->names[data->nnames], obj->def->name) < 0) {
data->error = true;
goto cleanup;
}
- data->nmacs++;
+ data->nnames++;
}
cleanup:
@@ -203,9 +203,9 @@ virInterfaceObjListFindByMACString(virInterfaceObjListPtr interfaces,
{
struct _virInterfaceObjFindMACData data = { .matchStr = mac,
.error = false,
- .nmacs = 0,
- .maxmacs = maxmatches,
- .macs = matches };
+ .nnames = 0,
+ .maxnames = maxmatches,
+ .names = matches };
virObjectRWLockRead(interfaces);
virHashForEach(interfaces->objsName, virInterfaceObjListFindByMACStringCb,
@@ -215,11 +215,11 @@ virInterfaceObjListFindByMACString(virInterfaceObjListPtr interfaces,
if (data.error)
goto error;
- return data.nmacs;
+ return data.nnames;
error:
- while (--data.nmacs >= 0)
- VIR_FREE(data.macs[data.nmacs]);
+ while (--data.nnames >= 0)
+ VIR_FREE(data.names[data.nnames]);
return -1;
}
--
2.13.6
7 years, 1 month
[libvirt] [jenkins-ci PATCH] projects: build on new debian-9 and freebsd-11 guests
by Pavel Hrdina
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
projects/libvirt.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/projects/libvirt.yaml b/projects/libvirt.yaml
index a70a58c..1b31c1b 100644
--- a/projects/libvirt.yaml
+++ b/projects/libvirt.yaml
@@ -16,16 +16,19 @@
- libvirt-centos-6
- libvirt-centos-7
- libvirt-debian-8
+ - libvirt-debian-9
- libvirt-fedora-25
- libvirt-fedora-26
- libvirt-fedora-rawhide
- libvirt-freebsd-10
+ - libvirt-freebsd-11
- autotools-syntax-check-job:
parent_jobs: 'libvirt-master-build'
machines:
- libvirt-centos-6
- libvirt-centos-7
- libvirt-debian-8
+ - libvirt-debian-9
- libvirt-fedora-25
- libvirt-fedora-26
- libvirt-fedora-rawhide
--
2.13.6
7 years, 1 month
[libvirt] [PATCH] conf: duplicate interface name instead of MAC provided to lookup the interface
by Pavel Hrdina
Introduced by 6094d6ec7fc9ea3e28c18c880b76858f06a8b129.
Found by running libvirt-perl tests.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/conf/virinterfaceobj.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/virinterfaceobj.c b/src/conf/virinterfaceobj.c
index a6814a6aee..21d76e7507 100644
--- a/src/conf/virinterfaceobj.c
+++ b/src/conf/virinterfaceobj.c
@@ -182,7 +182,7 @@ virInterfaceObjListFindByMACStringCb(void *payload,
virObjectLock(obj);
if (STRCASEEQ(obj->def->mac, data->matchStr)) {
- if (VIR_STRDUP(data->macs[data->nmacs], data->matchStr) < 0) {
+ if (VIR_STRDUP(data->macs[data->nmacs], obj->def->name) < 0) {
data->error = true;
goto cleanup;
}
--
2.13.6
7 years, 1 month
[libvirt] libvirt/QEMU/SEV interaction
by Brijesh Singh
Hi All,
(sorry for the long message)
CPUs from AMD EPYC family supports Secure Encrypted Virtualization (SEV)
feature - the feature allows running encrypted VMs. To enable the feature,
I have been submitting patches to Linux kernel [1], Qemu [2] and OVMF [3].
We have been making some good progress in getting patches accepted upstream
in Linux and OVMF trees. SEV builds upon SME (Secure Memory Encryption)
feature -- SME support just got pulled into 4.14 merge window. The base
SEV patches are accepted in OVMF tree -- now we have SEV aware guest BIOS.
I am getting ready to take off "RFC" tag from remaining patches to get them
reviewed and accepted.
The boot flow for launching an SEV guest is a bit different from a typical
guest launch. In order to launch SEV guest from virt-manager or other
high-level VM management tools, we need to design and implement new
interface between libvirt and qemu, and probably add new APIs in libvirt
to be used by VM management tools. I am new to the libvirt and need some
expert advice while designing this interface. A pictorial representation
for a SEV guest launch flow is available in SEV Spec Appendix A [4].
A typical flow looks like this:
1. Guest owner (GO) asks the cloud provider to launch SEV guest.
2. VM tool asks libvirt to provide its Platform Diffie-Hellman (PDH) key.
3. libvirt opens /dev/sev device to get its PDH and return the blob to the
caller.
4. VM tool gives its PDH to GO.
5. GO provides its DH key, session-info and guest policy.
6. VM tool somehow communicates the GO provided information to libvirt.
7. libvirt adds "sev-guest" object in its xml file with all the information
obtained from #5
(currently my xml file looks like this)
<qemu:arg value='-object'>
<qemu:arg
value='sev-guest,id=sev0,policy=<GO_policy>,dh-key-file=<filename>,session-file=<filename>/>
<qemu:arg value='-machine'/>
<qemu:arg value='memory-encryption=sev0'/>
8. libvirt launches the guest with "-S"
9. While creating the SEV guest qemu does the following
i) create encryption context using GO's DH, session-info and guest policy
(LAUNCH_START)
ii) encrypts the guest bios (LAUNCH_UPDATE_DATA)
iii) calls LAUNCH_MEASUREMENT to get the encrypted bios measurement
10. By some interface we must propagate the measurement all the way to GO
before libvirt starts the guest.
11. GO verifies the measurement and if measurement matches then it may
give a secret blob -- which must be injected into the guest before
libvirt starts the VM. If verification failed, GO will request cloud
provider to destroy the VM.
12. After secret blob is injected into guest, we call LAUNCH_FINISH
to destory the encryption context.
13. libvirt issues "continue" command to resume the guest boot.
Please note that the measurement value is protected with transport
encryption key (TIK) and it changes on each run. Similarly the secret blob
provided by GO does not need to be protected using libvirt/qemu APIs. The
secret is protected by TIK. From qemu and libvirt point of view these are
blobs and must be passed as-is to the SEV FW.
Questions:
a) Do we need to add a new set of APIs in libvirt to return the PDH from
libvirt and VM tool ? Or can we use some pre-existing APIs to pass the
opaque blobs ? (this is mainly for step 3 and 6)
b) do we need to define a new xml tag to for memory-encryption ? or just
use the qemu:args tag ? (step 6)
c) what existing communicate interface can be used between libvirt and qemu
to get the measurement ? can we add a new qemu monitor command
'get_sev_measurement' to get the measurement ? (step 10)
d) how to pass the secret blob from libvirt to qemu ? should we consider
adding a new object (sev-guest-secret) -- libvirt can add the object through
qemu monitor.
[1] https://marc.info/?l=kvm&m=150092661105069&w=2
[2] https://marc.info/?l=qemu-devel&m=148901186615642&w=2
[3] https://lists.01.org/pipermail/edk2-devel/2017-July/012220.html
[4] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Thanks
Brijesh
7 years, 1 month
