[libvirt] [PATCH] docs: remove outdated link to Fedora mingw staging repo
by Daniel P. Berrange
The Fedora mingw support is all merged in Fedora repos, so remove the
outdated link.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/windows.html.in | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/docs/windows.html.in b/docs/windows.html.in
index df60940750..3f012d18da 100644
--- a/docs/windows.html.in
+++ b/docs/windows.html.in
@@ -169,9 +169,7 @@
<p>
You can also cross-compile to a Windows target from a Fedora machine
- using the packages available
- <a href="http://hg.et.redhat.com/misc/fedora-mingw--devel/">from the Fedora MinGW project</a>
- (which includes a working libvirt specfile).
+ using the packages available in the Fedora repos.
</p>
<h3><a id="configure">By hand</a></h3>
--
2.14.3
7 years, 4 months
[libvirt] [PATCH] docs: update entries in the apps page
by Daniel P. Berrange
Change all links to https:// where the remote site supports it. Fix URLs for
a few packages that moved, and delete entries which appear to be dead.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/apps.html.in | 70 ++++++++++++++++++++++++-------------------------------
1 file changed, 30 insertions(+), 40 deletions(-)
diff --git a/docs/apps.html.in b/docs/apps.html.in
index 60edeb3af4..863be4ff23 100644
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -65,21 +65,21 @@
management tasks on all libvirt managed domains, networks and
storage. This is part of the libvirt core distribution.
</dd>
- <dt><a href="http://virt-manager.org/">virt-clone</a></dt>
+ <dt><a href="https://virt-manager.org/">virt-clone</a></dt>
<dd>
Allows the disk image(s) and configuration for an existing
virtual machine to be cloned to form a new virtual machine.
It automates copying of data across to new disk images, and
updates the UUID, MAC address, and name in the configuration.
</dd>
- <dt><a href="http://et.redhat.com/~rjones/virt-df/">virt-df</a></dt>
+ <dt><a href="https://people.redhat.com/rjones/virt-df/">virt-df</a></dt>
<dd>
Examine the utilization of each filesystem in a virtual machine
from the comfort of the host machine. This tool peeks into the
guest disks and determines how much space is used. It can cope
with common Linux filesystems and LVM volumes.
</dd>
- <dt><a href="http://virt-manager.org/">virt-image</a></dt>
+ <dt><a href="https://virt-manager.org/">virt-image</a></dt>
<dd>
Provides a way to deploy virtual appliances. It defines a
simplified portable XML format describing the pre-requisites
@@ -87,26 +87,26 @@
into the domain XML format for execution under any libvirt
hypervisor meeting the pre-requisites.
</dd>
- <dt><a href="http://virt-manager.org/">virt-install</a></dt>
+ <dt><a href="https://virt-manager.org/">virt-install</a></dt>
<dd>
Provides a way to provision new virtual machines from a
OS distribution install tree. It supports provisioning from
local CD images, and the network over NFS, HTTP and FTP.
</dd>
- <dt><a href="http://et.redhat.com/~rjones/virt-top/">virt-top</a></dt>
+ <dt><a href="https://people.redhat.com/rjones/virt-top/">virt-top</a></dt>
<dd>
Watch the CPU, memory, network and disk utilization of all
virtual machines running on a host.
</dd>
<dt>
- <a href="http://people.redhat.com/~rjones/virt-what/">virt-what</a>
+ <a href="https://people.redhat.com/~rjones/virt-what/">virt-what</a>
</dt>
<dd>
virt-what is a shell script for detecting if the program is running
in a virtual machine. It prints out a list of facts about the
virtual machine, derived from heuristics.
</dd>
- <dt><a href="http://sourceware.org/systemtap/">stap</a></dt>
+ <dt><a href="https://sourceware.org/systemtap/">stap</a></dt>
<dd>
SystemTap is a tool used to gather rich information about a running
system through the use of scripts. Starting from v2.4, the front-end
@@ -142,7 +142,7 @@
<h2><a id="continuousintegration">Continuous Integration</a></h2>
<dl>
- <dt><a href="http://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt>
+ <dt><a href="https://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt>
<dd>
BuildBot is a system to automate the compile/test cycle required
by most software projects. CVS commits trigger new builds, run on
@@ -152,7 +152,7 @@
</dl>
<dl>
- <dt><a href="http://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plugin">Jenkins</a></dt>
+ <dt><a href="https://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plugin">Jenkins</a></dt>
<dd>
This plugin for Jenkins adds a way to control guest domains hosted
on Xen or QEMU/KVM. You configure a Jenkins Slave,
@@ -197,28 +197,28 @@
<h2><a id="desktop">Desktop applications</a></h2>
<dl>
- <dt><a href="http://virt-manager.org/">virt-manager</a></dt>
+ <dt><a href="https://virt-manager.org/">virt-manager</a></dt>
<dd>
A general purpose desktop management tool, able to manage
virtual machines across both local and remotely accessed
hypervisors. It is targeted at home and small office usage
up to managing 10-20 hosts and their VMs.
</dd>
- <dt><a href="http://virt-manager.org/">virt-viewer</a></dt>
+ <dt><a href="https://virt-manager.org/">virt-viewer</a></dt>
<dd>
A lightweight tool for accessing the graphical console
associated with a virtual machine. It can securely connect
to remote consoles supporting the VNC protocol. Also provides
an optional mozilla browser plugin.
</dd>
- <dt><a href="http://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
+ <dt><a href="https://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
<dd>
The Qt GUI for create and control VMs and another virtual entities
(aka networks, storages, interfaces, secrets, network filters).
Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
text console associated with a virtual machine or container.
</dd>
- <dt><a href="http://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
+ <dt><a href="https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
<dd>
The Qt VNC/SPICE viewer for access to remote desktops or VMs.
</dd>
@@ -234,17 +234,7 @@
it easy to benefit from private Cloud Computing technology.
</dd>
- <dt><a href="http://www.emotivecloud.net">EMOTIVE Cloud</a></dt>
- <dd>The EMOTIVE (Elastic Management Of Tasks In Virtualized
- Environments) middleware allows executing tasks and providing
- virtualized environments to the users with Xen, KVM or
- VirtualBox hypervisor. EMOTIVE's main feature is VM management
- with different scheduling policies. It can be also used as a
- cloud provider and is very easy to extend thanks to its
- modular Web Services architecture.
- </dd>
-
- <dt><a href="http://www.eucalyptus.com">Eucalyptus</a></dt>
+ <dt><a href="https://github.com/eucalyptus/eucalyptus">Eucalyptus</a></dt>
<dd>
Eucalyptus is an on-premise Infrastructure as a Service cloud
software platform that is open source and
@@ -268,7 +258,7 @@
management.
</dd>
- <dt><a href="http://www.openstack.org">OpenStack</a></dt>
+ <dt><a href="https://www.openstack.org">OpenStack</a></dt>
<dd>
OpenStack is a "cloud operating system" usable for both public
and private clouds. Its various parts take care of compute,
@@ -314,7 +304,7 @@
Windows Registry in Windows guests.
</dd>
- <dt><a href="http://sandbox.libvirt.org">libvirt-sandbox</a></dt>
+ <dt><a href="https://sandbox.libvirt.org">libvirt-sandbox</a></dt>
<dd>
A library and command line tools for simplifying the creation of
application sandboxes using virtualization technology. It currently
@@ -334,7 +324,7 @@
<h2><a id="livecd">LiveCD / Appliances</a></h2>
<dl>
- <dt><a href="http://et.redhat.com/~rjones/virt-p2v/">virt-p2v</a></dt>
+ <dt><a href="http://libguestfs.org/virt-v2v/">virt-p2v</a></dt>
<dd>
An older tool for converting a physical machine into a virtual
machine. It is a LiveCD which is booted on the machine to be
@@ -346,7 +336,7 @@
<h2><a id="monitoring">Monitoring</a></h2>
<dl>
- <dt><a href="http://collectd.org/plugins/libvirt.shtml">collectd</a></dt>
+ <dt><a href="https://collectd.org/plugins/libvirt.shtml">collectd</a></dt>
<dd>
The libvirt-plugin is part of <a href="http://collectd.org/">collectd</a>
and gathers statistics about virtualized guests on a system. This
@@ -355,19 +345,19 @@
For a full description, please refer to the libvirt section in the
collectd.conf(5) manual page.
</dd>
- <dt><a href="http://host-sflow.sourceforge.net/">Host sFlow</a></dt>
+ <dt><a href="http://www.sflow.net/">Host sFlow</a></dt>
<dd>
Host sFlow is a lightweight agent running on KVM hypervisors that
links to libvirt library and exports standardized cpu, memory, network
and disk metrics for all virtual machines.
</dd>
- <dt><a href="http://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
+ <dt><a href="https://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
<dd>
The plugins provided by Guido Günther allow to monitor various things
like network and block I/O with
<a href="http://munin.projects.linpro.no/">Munin</a>.
</dd>
- <dt><a href="http://et.redhat.com/~rjones/nagios-virt/">Nagios-virt</a></dt>
+ <dt><a href="http://people.redhat.com/rjones/nagios-virt/">Nagios-virt</a></dt>
<dd>
Nagios-virt is a configuration tool to add monitoring of your
virtualised domains to <a href="http://www.nagios.org/">Nagios</a>.
@@ -383,7 +373,7 @@
metrics. It supports pCPU, vCPU, memory, block device, network interface,
and performance event metrics for each virtual guest.
</dd>
- <dt><a href="http://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
+ <dt><a href="https://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
<dd>
The Zenoss libvirt Zenpack adds support for monitoring virtualization
servers. It has been tested with KVM, QEMU, VMware ESX, and VMware
@@ -394,7 +384,7 @@
<h2><a id="provisioning">Provisioning</a></h2>
<dl>
- <dt><a href="http://www.ibm.com/software/tivoli/products/prov-mgr/">Tivoli Provisioning Manager</a></dt>
+ <dt><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Ti...">Tivoli Provisioning Manager</a></dt>
<dd>
Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is
an IT lifecycle automation product. It
@@ -404,7 +394,7 @@
</dl>
<dl>
- <dt><a href="http://theforeman.org">Foreman</a></dt>
+ <dt><a href="https://theforeman.org">Foreman</a></dt>
<dd>
Foreman is an open source web based application aimed to be a
Single Address For All Machines Life Cycle Management. Foreman:
@@ -428,7 +418,7 @@
<h2><a id="web">Web applications</a></h2>
<dl>
- <dt><a href="http://community.abiquo.com/display/AbiCloud">AbiCloud</a></dt>
+ <dt><a href="http://www.abiquo.com/">AbiCloud</a></dt>
<dd>
AbiCloud is an open source cloud platform manager which allows to
easily deploy a private cloud in your datacenter. One of the key
@@ -444,14 +434,14 @@
Kimchi manages KVM guests through libvirt. The management interface is accessed
over the web using a browser that supports HTML5.
</dd>
- <dt><a href="http://ovirt.org/">oVirt</a></dt>
+ <dt><a href="https://ovirt.org/">oVirt</a></dt>
<dd>
oVirt provides the ability to manage large numbers of virtual
machines across an entire data center of hosts. It integrates
with FreeIPA for Kerberos authentication, and in the future,
certificate management.
</dd>
- <dt><a href="http://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
+ <dt><a href="https://ispsystem.com/en/software/vmmanager">VMmanager</a></dt>
<dd>
VMmanager is a software solution for virtualization management
that can be used both for hosting virtual machines and
@@ -460,7 +450,7 @@
functions, such as live migration that allows for load
balancing between cluster nodes, monitoring CPU, memory.
</dd>
- <dt><a href="http://mist.io/">mist.io</a></dt>
+ <dt><a href="https://mist.io/">mist.io</a></dt>
<dd>
Mist.io is an open source project and a service that can assist you in
managing your virtual machines on a unified way, providing a simple
@@ -468,7 +458,7 @@
providers, OpenStack based public/private clouds, Docker servers, bare
metal servers and now KVM hypervisors).
</dd>
- <dt><a href="http://ravada.upc.edu/">Ravada</a></dt>
+ <dt><a href="https://ravada.upc.edu/">Ravada</a></dt>
<dd>
Ravada is an open source tool for managing Virtual Desktop
Infrastructure (VDI). It is very easy to install and use. Following
@@ -492,7 +482,7 @@
<h2><a id="other">Other</a></h2>
<dl>
- <dt><a href="http://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
+ <dt><a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
<dd>
Cuckoo Sandbox is a malware analysis system. You can throw
any suspicious file at it and in a matter of seconds Cuckoo
--
2.14.3
7 years, 4 months
[libvirt] [PATCH] docs: update instructions for TLS cert generation
by Daniel P. Berrange
Currently we only describe setting the CN field for server certs. This leads
to inevitable pain for users who set it to the fully qualified hostname and
then use a unqualified hostname or IP address to connect in the URI. Describe
the usage of Subject Alt Name extensions, to provide multiple hostnames and
IP addresses. This will help users avoid the classic mistake and is important
future proofing, since at least in browsers, TLS libraries no longer use the
CN field for validation, mandating use of SAN info instead.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/remote.html.in | 72 ++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 52 insertions(+), 20 deletions(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 9bafd9de67..6ae40b2bb2 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -30,7 +30,7 @@ to <code>virConnectOpen</code> (or <code>virsh -c ...</code>).
For example, if you normally use <code>qemu:///system</code>
to access the system-wide QEMU daemon, then to access
the system-wide QEMU daemon on a remote machine called
-<code>oirase</code> you would use <code>qemu://oirase/system</code>.
+<code>compute1.libvirt.org</code> you would use <code>qemu://compute1.libvirt.org/system</code>.
</p>
<p>
The <a href="#Remote_URI_reference">section on remote URIs</a>
@@ -412,7 +412,9 @@ next section.
<td> Server's certificate signed by the CA.
(<a href="#Remote_TLS_server_certificates">more info</a>) </td>
<td> CommonName (CN) must be the hostname of the server as it
- is seen by clients. </td>
+ is seen by clients. All hostname and IP address variants that might
+ be used to reach the server should be lkisted in Subject Alt Name
+ fields.</td>
</tr>
<tr>
<td>
@@ -564,8 +566,8 @@ X.509 certificate info:
Version: 3
Serial Number (hex): 00
-Subject: CN=Red Hat Emerging Technologies
-Issuer: CN=Red Hat Emerging Technologies
+Subject: CN=Libvirt Project
+Issuer: CN=Libvirt Project
Signature Algorithm: RSA-SHA
Validity:
Not Before: Mon Jun 18 16:22:18 2007
@@ -582,14 +584,20 @@ for your clients and servers.
</h3>
<p>
For each server (libvirtd) you need to issue a certificate
-with the X.509 CommonName (CN) field set to the hostname
-of the server. The CN must match the hostname which
-clients will be using to connect to the server.
+containing one or more hostnames and/or IP addresses.
+Historically the CommonName (CN) field would contain the
+hostname of the server, and would match the hostname used
+in the URI that clients pass to libvirt. In most TLS impls
+the CN field is considered legacy data, the Subject Alt Name
+(SAN) extension fields we be preferentially validated against.
+In the future use of the CN field for validation may be
+discontinuned entirely, so it is strongly recommended to
+include the SAN fields.
</p>
<p>
In the example below, clients will be connecting to the
server using a <a href="#Remote_URI_reference">URI</a> of
-<code>xen://oirase/</code>, so the CN must be "<code>oirase</code>".
+<code>xen://virt.example/</code>, so the CN must be "<code>oirase</code>".
</p>
<p>
Make a private key for the server:
@@ -599,13 +607,25 @@ certtool --generate-privkey > serverkey.pem
</pre>
<p>
and sign that key with the CA's private key by first
-creating a template file called <code>server.info</code>
-(only the CN field matters, which as explained above must
-be the server's hostname):
+creating a template file called <code>server.info</code>.
+The 'cn' field should refer to the fully qualified public
+hostname of the server. For the SAN extension data, there
+must also be one or more 'dns_name' fields that contain all
+possible hostnames that can be reasonably used by clients
+to reach the server, both with and without domain name
+qualifiers. If clients are likely to connect to the server
+by IP address, then one or 'ip_address' fields should also
+be added.
</p>
<pre>
organization = <i>Name of your organization</i>
-cn = oirase
+cn = compute1.libvirt.org
+dns_name = compute1
+dns_name = compute1.libvirt.org
+ip_address = 10.0.0.74
+ip_address = 192.168.1.24
+ip_address = 2001:cafe::74
+ip_address = fe20::24
tls_www_server
encryption_key
signing_key
@@ -635,16 +655,28 @@ X.509 certificate info:
Version: 3
Serial Number (hex): 00
-Subject: O=Red Hat Emerging Technologies,CN=oirase
-Issuer: CN=Red Hat Emerging Technologies
+Subject: O=Libvirt Project,CN=compute1.libvirt.org
+Issuer: CN=Libvirt Project
Signature Algorithm: RSA-SHA
Validity:
Not Before: Mon Jun 18 16:34:49 2007
Not After: Tue Jun 17 16:34:49 2008
+Extensions:
+ Basic Constraints (critical):
+ Certificate Authority (CA): FALSE
+ Subject Alternative Name (not critical):
+ DNSname: compute1
+ DNSname: compute1.libvirt.org
+ IPAddress: 10.0.0.74
+ IPAddress: 192.168.1.24
+ IPAddress: 2001:cafe::74
+ IPAddress: fe20::24
</pre>
<p>
-Note the "Issuer" CN is "Red Hat Emerging Technologies" (the CA) and
-the "Subject" CN is "oirase" (the server).
+Note the "Issuer" CN is "Libvirt Project" (the CA) and
+the "Subject" CN is "compute1.libvirt.org" (the server).
+Notice that the hostname listed in the CN must also
+be duplicated as a DNSname entry
</p>
<p>
Finally we have two files to install:
@@ -665,13 +697,13 @@ which can be installed on the server as
</h3>
<p>
For each client (ie. any program linked with libvirt, such as
-<a href="http://virt-manager.et.redhat.com/">virt-manager</a>)
+<a href="http://virt-manager.org/">virt-manager</a>)
you need to issue a certificate with the X.509 Distinguished Name (DN)
set to a suitable name. You can decide this on a company / organisation
policy. For example, I use:
</p>
<pre>
-C=GB,ST=London,L=London,O=Red Hat,CN=<i>name_of_client</i>
+C=GB,ST=London,L=London,O=Libvirt Project,CN=<i>name_of_client</i>
</pre>
<p>
The process is the same as for
@@ -692,7 +724,7 @@ Act as CA and sign the certificate. Create client.info containing:
country = GB
state = London
locality = London
-organization = Red Hat
+organization = Libvirt Project
cn = client1
tls_www_client
encryption_key
@@ -884,7 +916,7 @@ Blank lines and comments beginning with <code>#</code> are ignored.
The default is that DNs are not checked.
</p>
<p>
- This list may contain wildcards such as <code>"C=GB,ST=London,L=London,O=Red Hat,CN=*"</code>
+ This list may contain wildcards such as <code>"C=GB,ST=London,L=London,O=Libvirt Project,CN=*"</code>
See the POSIX <code>fnmatch</code> function for the format
of the wildcards.
</p>
--
2.14.3
7 years, 4 months
[libvirt] [PATCH] rng: fix nwfilter rule contents
by Daniel P. Berrange
The contents of a <rule> are a choice of exactly one union member. The
RNG schema, however, was allowing an arbitrary number of instances of every
union member at once.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
docs/schemas/nwfilter.rng | 98 +----------------------------------------------
1 file changed, 2 insertions(+), 96 deletions(-)
diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng
index 7cfc05fa2e..cca6ff2954 100644
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -19,58 +19,37 @@
</element>
<element name="rule">
<ref name="rule-node-attributes"/>
- <optional>
- <zeroOrMore>
+ <choice>
<element name="mac">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="mac-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="vlan">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="vlan-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="stp">
<ref name="match-attribute"/>
<ref name="srcmacandmask-attributes"/>
<ref name="stp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="arp">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="arp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="rarp">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
<ref name="arp-attributes"/> <!-- same as arp -->
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ip">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
@@ -80,10 +59,6 @@
<ref name="dscp-attribute"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ipv6">
<ref name="match-attribute"/>
<ref name="common-l2-attributes"/>
@@ -93,10 +68,6 @@
<ref name="icmp-attribute-ranges"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="tcp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -106,10 +77,6 @@
<ref name="tcp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -118,10 +85,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="sctp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -130,10 +93,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="icmp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -142,10 +101,6 @@
<ref name="icmp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="igmp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -153,10 +108,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="all">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -164,10 +115,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="esp">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -175,10 +122,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ah">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -186,10 +129,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udplite">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -197,10 +136,6 @@
<ref name="common-ip-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="tcp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -210,10 +145,6 @@
<ref name="tcp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -222,10 +153,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="sctp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -234,10 +161,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="icmpv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -246,10 +169,6 @@
<ref name="icmp-attributes"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="all-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -257,10 +176,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="esp-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -268,10 +183,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="ah-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -279,10 +190,6 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
- <optional>
- <zeroOrMore>
<element name="udplite-ipv6">
<ref name="match-attribute"/>
<ref name="srcmac-attribute"/>
@@ -290,8 +197,7 @@
<ref name="common-ipv6-attributes-p2"/>
<ref name="comment-attribute"/>
</element>
- </zeroOrMore>
- </optional>
+ </choice>
</element>
</choice>
</zeroOrMore>
--
2.14.3
7 years, 4 months
[libvirt] [PATCH] nwfilter: remove bogus 'protocolid' attribute on arp/rarp fields
by Daniel P. Berrange
Various example XML documents for arp/rarp filtering have a protocolid
XML attribute defined. This is never parsed or output by the libvirt XML
handling code, so shouldn't be present in example XML files either
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/nwfilterxml2firewalldata/arp.xml | 1 -
tests/nwfilterxml2firewalldata/rarp.xml | 1 -
tests/nwfilterxml2xmlin/arp-test.xml | 1 -
tests/nwfilterxml2xmlin/chain_prefixtest1.xml | 1 -
tests/nwfilterxml2xmlin/rarp-test.xml | 1 -
5 files changed, 5 deletions(-)
diff --git a/tests/nwfilterxml2firewalldata/arp.xml b/tests/nwfilterxml2firewalldata/arp.xml
index d0abf946ad..657c4958a6 100644
--- a/tests/nwfilterxml2firewalldata/arp.xml
+++ b/tests/nwfilterxml2firewalldata/arp.xml
@@ -2,7 +2,6 @@
<uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
<rule action='accept' direction='out'>
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
- protocolid='arp'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12'
protocoltype='34'
diff --git a/tests/nwfilterxml2firewalldata/rarp.xml b/tests/nwfilterxml2firewalldata/rarp.xml
index 77c1127efc..15f1ac92d1 100644
--- a/tests/nwfilterxml2firewalldata/rarp.xml
+++ b/tests/nwfilterxml2firewalldata/rarp.xml
@@ -2,7 +2,6 @@
<uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
<rule action='accept' direction='out'>
<rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
- protocolid='rarp'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12'
protocoltype='34'
diff --git a/tests/nwfilterxml2xmlin/arp-test.xml b/tests/nwfilterxml2xmlin/arp-test.xml
index e9d3768361..02bf4a8857 100644
--- a/tests/nwfilterxml2xmlin/arp-test.xml
+++ b/tests/nwfilterxml2xmlin/arp-test.xml
@@ -2,7 +2,6 @@
<uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
<rule action='accept' direction='out'>
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
- protocolid='arp'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12'
protocoltype='34'
diff --git a/tests/nwfilterxml2xmlin/chain_prefixtest1.xml b/tests/nwfilterxml2xmlin/chain_prefixtest1.xml
index c2f3f77791..bd7f76f7d1 100644
--- a/tests/nwfilterxml2xmlin/chain_prefixtest1.xml
+++ b/tests/nwfilterxml2xmlin/chain_prefixtest1.xml
@@ -2,7 +2,6 @@
<uuid>e5700920-a333-4c05-8016-b669e46b7599</uuid>
<rule action='accept' direction='out'>
<arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
- protocolid='arp'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12'
protocoltype='34'
diff --git a/tests/nwfilterxml2xmlin/rarp-test.xml b/tests/nwfilterxml2xmlin/rarp-test.xml
index e08722204f..0e3ee91db5 100644
--- a/tests/nwfilterxml2xmlin/rarp-test.xml
+++ b/tests/nwfilterxml2xmlin/rarp-test.xml
@@ -2,7 +2,6 @@
<uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid>
<rule action='accept' direction='out'>
<rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff'
- protocolid='rarp'
dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff'
hwtype='12'
protocoltype='34'
--
2.14.3
7 years, 4 months
[libvirt] [libvirt-php PATCH] Fix crash in VIRT_HASH_CURRENT_KEY_INFO macro
by Dawid Zamirski
The PHP7 variant of the macro wasn't safe if the hash key was not a
string type. This was found when running php script with just
libvirt_connect call under xdebug session which segfaulted. This patch
makes the following changes:
* make sure that tmp_name is initialized to NULL
* set the key name only when zend_hash_get_current_key_ex did set it to
something which happens only when type is HASH_KEY_IS_STRING
* stash the key index in out php_libvirt_hash_key_info struct because it
wasn't there before and separate variable had to be used.
---
src/libvirt-connection.c | 8 +++-----
src/libvirt-php.c | 6 ++----
src/libvirt-php.h | 1 +
src/util.h | 16 +++++++++-------
4 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/src/libvirt-connection.c b/src/libvirt-connection.c
index 181b266..2d59d82 100644
--- a/src/libvirt-connection.c
+++ b/src/libvirt-connection.c
@@ -131,8 +131,6 @@ PHP_FUNCTION(libvirt_connect)
HashPosition pointer;
int array_count;
- zend_ulong index;
-
unsigned long libVer;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sba", &url, &url_len, &readonly, &zcreds) == FAILURE) {
@@ -176,13 +174,13 @@ PHP_FUNCTION(libvirt_connect)
VIRT_FOREACH(arr_hash, pointer, data) {
if (Z_TYPE_P(data) == IS_STRING) {
php_libvirt_hash_key_info info;
- VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info);
+ VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info);
if (info.type == HASH_KEY_IS_STRING) {
PHPWRITE(info.name, info.length);
} else {
- DPRINTF("%s: credentials index %d\n", PHPFUNC, (int)index);
- creds[j].type = index;
+ DPRINTF("%s: credentials index %d\n", PHPFUNC, info.index);
+ creds[j].type = info.index;
creds[j].result = (char *)emalloc(Z_STRLEN_P(data) + 1);
memset(creds[j].result, 0, Z_STRLEN_P(data) + 1);
creds[j].resultlen = Z_STRLEN_P(data);
diff --git a/src/libvirt-php.c b/src/libvirt-php.c
index ef057fe..efbef58 100644
--- a/src/libvirt-php.c
+++ b/src/libvirt-php.c
@@ -1921,7 +1921,6 @@ long get_next_free_numeric_value(virDomainPtr domain, char *xpath)
HashPosition pointer;
// int array_count;
zval *data;
- unsigned long index;
long max_slot = -1;
xml = virDomainGetXMLDesc(domain, VIR_DOMAIN_XML_INACTIVE);
@@ -1934,7 +1933,7 @@ long get_next_free_numeric_value(virDomainPtr domain, char *xpath)
VIRT_FOREACH(arr_hash, pointer, data) {
if (Z_TYPE_P(data) == IS_STRING) {
php_libvirt_hash_key_info info;
- VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info);
+ VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info);
if (info.type != HASH_KEY_IS_STRING) {
long num = -1;
@@ -2439,7 +2438,6 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork *network)
zval *data;
php_libvirt_hash_key_info key;
HashPosition pointer;
- unsigned long index;
arr_hash = Z_ARRVAL_P(arr);
//array_count = zend_hash_num_elements(arr_hash);
@@ -2451,7 +2449,7 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork *network)
VIRT_FOREACH(arr_hash, pointer, data) {
if ((Z_TYPE_P(data) == IS_STRING) || (Z_TYPE_P(data) == IS_LONG)) {
- VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, key);
+ VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, key);
if (key.type == HASH_KEY_IS_STRING) {
if (disk != NULL) {
if ((Z_TYPE_P(data) == IS_STRING) && strcmp(key.name, "path") == 0)
diff --git a/src/libvirt-php.h b/src/libvirt-php.h
index 8d13a6b..f24a329 100644
--- a/src/libvirt-php.h
+++ b/src/libvirt-php.h
@@ -137,6 +137,7 @@ typedef struct tVMNetwork {
typedef struct _php_libvirt_hash_key_info {
char *name;
unsigned int length;
+ unsigned int index;
unsigned int type;
} php_libvirt_hash_key_info;
diff --git a/src/util.h b/src/util.h
index ecb3a1f..72cfa91 100644
--- a/src/util.h
+++ b/src/util.h
@@ -135,12 +135,14 @@
# define VIRT_FOREACH_END(_dummy)
-# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \
+# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \
do { \
- zend_string *tmp_key_info; \
- _info.type = zend_hash_get_current_key_ex(_ht, &tmp_key_info, &_idx, &_pos); \
- _info.name = ZSTR_VAL(tmp_key_info); \
- _info.length = ZSTR_LEN(tmp_key_info); \
+ zend_string *tmp_name = NULL; \
+ _info.type = zend_hash_get_current_key_ex(_ht, &tmp_name, (zend_ulong *) &_info.index, &_pos); \
+ if (tmp_name) { \
+ _info.name = ZSTR_VAL(tmp_name); \
+ _info.length = ZSTR_LEN(tmp_name); \
+ } \
} while(0)
# define VIRT_ARRAY_INIT(_name) do { \
@@ -213,9 +215,9 @@
# define VIRT_FOREACH_END(_dummy) \
}}
-# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \
+# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \
do { \
- _info.type = zend_hash_get_current_key_ex(_ht, &_info.name, &_info.length, &_idx, 0, &_pos); \
+ _info.type = zend_hash_get_current_key_ex(_ht, &_info.name, &_info.length, &_info.index, 0, &_pos); \
} while(0)
# define VIRT_ARRAY_INIT(_name) do {\
--
2.14.3
7 years, 4 months
[libvirt] [PATCH 00/17] Move qemu command line controller checks to qemuDomainDeviceDefValidateController* checks
by John Ferlan
Recent series to just move IDE checks:
(v4: https://www.redhat.com/archives/libvir-list/2017-December/msg00049.html)
gave me enough "push" in order to move the bulk of qemu_command controller
command line build "validation" checks into their own Validation helpers.
The IDE only checks are essentially incorporated into this series.
John Ferlan (14):
qemu: Introduce qemuDomainDeviceDefValidateController
qemu: Introduce qemuDomainDeviceDefSkipController
qemu: Use virDomainControllerType in qemuBuildControllerDevStr switch
qemu: Move CCW S390 Address check to controller def validate
qemu: Introduce qemuDomainDeviceDefValidateControllerSCSI
qemu: Introduce qemuDomainDeviceDefValidateControllerPCI
qemu: Use virDomainPCIControllerOpts in qemuBuildControllerDevStr
qemu: Move PCI command modelName check to controller def validate
qemu: Move PCI command modelName TypeToString to controller def
validate
qemu: Move PCI more command checks to controller def validate
qemu: Complete PCI command checks to controller def validate
qemu: Introduce qemuDomainDeviceDefValidateControllerSATA
qemu: Introduce qemuDomainDeviceDefValidateControllerUSB
qemu: Complete move USB command checks to controller def validate
Lin Ma (3):
tests: Remove use of IDE disk for pseries floppy test
tests: Drop IDE controller in CCW
qemu: Introduce qemuDomainDeviceDefValidateControllerIDE
src/qemu/qemu_command.c | 566 ++------------------
src/qemu/qemu_command.h | 2 +
src/qemu/qemu_domain.c | 590 ++++++++++++++++++++-
src/qemu/qemu_domain.h | 12 +
.../qemuhotplug-base-ccw-live+ccw-virtio.xml | 4 -
...ive-with-2-ccw-virtio+ccw-virtio-1-explicit.xml | 4 -
...live-with-2-ccw-virtio+ccw-virtio-1-reverse.xml | 4 -
...qemuhotplug-base-ccw-live-with-2-ccw-virtio.xml | 4 -
...-live-with-ccw-virtio+ccw-virtio-2-explicit.xml | 4 -
...-base-ccw-live-with-ccw-virtio+ccw-virtio-2.xml | 4 -
.../qemuhotplug-base-ccw-live-with-ccw-virtio.xml | 4 -
.../qemuhotplug-base-ccw-live.xml | 4 -
tests/qemumemlocktest.c | 14 +
.../qemuxml2argv-disk-floppy-pseries.args | 24 -
.../qemuxml2argv-disk-floppy-pseries.xml | 7 -
tests/qemuxml2argvtest.c | 18 +-
tests/qemuxml2xmltest.c | 20 +-
17 files changed, 689 insertions(+), 596 deletions(-)
delete mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-floppy-pseries.args
--
2.13.6
7 years, 4 months
[libvirt] [sandbox 0/6] Misc patches
by Cédric Bosdonnat
Hi all,
Here are a few patches I found sitting on my local copy. I also added a
few patches to convert to python3.
Cédric Bosdonnat (6):
Pass debug and verbose values to init
machine: use squash security mode for non-root virt-sandbox mounts
Add tests .log and .trs files to gitignore
service: fix bad ConfigMountHostImage constructor call
Convert to python3
Don't hardcode interpreter path
.gitignore | 2 +
bin/virt-sandbox-image | 2 +-
bin/virt-sandbox-service | 75 +++++++++++++----------
bin/virt-sandbox.c | 3 +
examples/demo.py | 2 +-
examples/shell.py | 2 +-
examples/virt-sandbox-mkinitrd.py | 2 +-
examples/virt-sandbox.py | 2 +-
libvirt-sandbox/image/cli.py | 20 +++---
libvirt-sandbox/image/sources/base.py | 1 -
libvirt-sandbox/image/sources/docker.py | 42 ++++++-------
libvirt-sandbox/image/sources/virtbuilder.py | 1 -
libvirt-sandbox/image/template.py | 8 +--
libvirt-sandbox/libvirt-sandbox-builder-machine.c | 5 +-
libvirt-sandbox/libvirt-sandbox-config.c | 75 +++++++++++++++++++++++
libvirt-sandbox/libvirt-sandbox-config.h | 6 ++
libvirt-sandbox/libvirt-sandbox-init-common.c | 3 +
libvirt-sandbox/libvirt-sandbox.sym | 4 ++
18 files changed, 179 insertions(+), 76 deletions(-)
--
2.15.1
7 years, 4 months
[libvirt] [PATCH jenkins-ci] Trigger rebuild of libvirt-go-xml when libvirt changes
by Daniel P. Berrange
Although the core code in libvirt-go-xml doesn't depend on libvirt, the test
suite pulls in libvirt.git to validate XML parsing against all XML files found
under libvirt.git/tests. We should thus have a dependancy in jenkins to trigger
rebuilds when libvirt changes.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
projects/libvirt-go-xml.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/projects/libvirt-go-xml.yaml b/projects/libvirt-go-xml.yaml
index 3083b9f..126058b 100644
--- a/projects/libvirt-go-xml.yaml
+++ b/projects/libvirt-go-xml.yaml
@@ -15,6 +15,6 @@
export TEST_ARGS="-tags xmlroundtrip"
jobs:
- go-build-job:
- parent_jobs:
+ parent_jobs: 'libvirt-master-build'
- go-check-job:
parent_jobs: 'libvirt-go-xml-master-build'
--
2.14.3
7 years, 4 months
[libvirt] [jenkins-ci PATCH] guests: install additional debugging tools
by Pavel Hrdina
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
guests/vars/mappings.yml | 14 ++++++++++++++
guests/vars/projects/base.yml | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml
index eca8dbe..ff97231 100644
--- a/guests/vars/mappings.yml
+++ b/guests/vars/mappings.yml
@@ -100,6 +100,9 @@ mappings:
default: gcc
FreeBSD:
+ gdb:
+ default: gdb
+
gettext:
default: gettext
@@ -306,6 +309,9 @@ mappings:
pkg: libxslt
rpm: libxslt-devel
+ lsof:
+ default: lsof
+
lvm2:
default: lvm2
FreeBSD:
@@ -390,6 +396,10 @@ mappings:
deb: libnetcf-dev
rpm: netcf-devel
+ netstat:
+ default: net-tools
+ FreeBSD:
+
numad:
default: numad
FreeBSD:
@@ -631,6 +641,10 @@ mappings:
rpm: spice-gtk3-devel
CentOS6:
+ strace:
+ default: strace
+ FreeBSD:
+
unzip:
default: unzip
FreeBSD:
diff --git a/guests/vars/projects/base.yml b/guests/vars/projects/base.yml
index d82f6b9..352e85a 100644
--- a/guests/vars/projects/base.yml
+++ b/guests/vars/projects/base.yml
@@ -6,12 +6,16 @@ packages:
- ccache
- cppi
- gcc
+ - gdb
- gettext
- glibc
- libtool
- libtoolize
+ - lsof
- make
+ - netstat
- patch
- perl
- pkg-config
- rpmbuild
+ - strace
--
2.13.6
7 years, 4 months