December 2017 - Devel - libvirt List Archives

[libvirt] [PATCH] docs: remove outdated link to Fedora mingw staging repo
by Daniel P. Berrange 07 Dec '17

07 Dec '17

The Fedora mingw support is all merged in Fedora repos, so remove the outdated link. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- docs/windows.html.in | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/windows.html.in b/docs/windows.html.in index df60940750..3f012d18da 100644 --- a/docs/windows.html.in +++ b/docs/windows.html.in @@ -169,9 +169,7 @@ <p> You can also cross-compile to a Windows target from a Fedora machine - using the packages available - <a href="http://hg.et.redhat.com/misc/fedora-mingw--devel/">from the Fedora MinGW project</a> - (which includes a working libvirt specfile). + using the packages available in the Fedora repos. </p> <h3><a id="configure">By hand</a></h3> -- 2.14.3

2 1

[libvirt] [PATCH] docs: update entries in the apps page
by Daniel P. Berrange 07 Dec '17

07 Dec '17

Change all links to https:// where the remote site supports it. Fix URLs for a few packages that moved, and delete entries which appear to be dead. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- docs/apps.html.in | 70 ++++++++++++++++++++++++------------------------------- 1 file changed, 30 insertions(+), 40 deletions(-) diff --git a/docs/apps.html.in b/docs/apps.html.in index 60edeb3af4..863be4ff23 100644 --- a/docs/apps.html.in +++ b/docs/apps.html.in @@ -65,21 +65,21 @@ management tasks on all libvirt managed domains, networks and storage. This is part of the libvirt core distribution. </dd> - <dt><a href="http://virt-manager.org/">virt-clone</a></dt> + <dt><a href="https://virt-manager.org/">virt-clone</a></dt> <dd> Allows the disk image(s) and configuration for an existing virtual machine to be cloned to form a new virtual machine. It automates copying of data across to new disk images, and updates the UUID, MAC address, and name in the configuration. </dd> - <dt><a href="http://et.redhat.com/~rjones/virt-df/">virt-df</a></dt> + <dt><a href="https://people.redhat.com/rjones/virt-df/">virt-df</a></dt> <dd> Examine the utilization of each filesystem in a virtual machine from the comfort of the host machine. This tool peeks into the guest disks and determines how much space is used. It can cope with common Linux filesystems and LVM volumes. </dd> - <dt><a href="http://virt-manager.org/">virt-image</a></dt> + <dt><a href="https://virt-manager.org/">virt-image</a></dt> <dd> Provides a way to deploy virtual appliances. It defines a simplified portable XML format describing the pre-requisites @@ -87,26 +87,26 @@ into the domain XML format for execution under any libvirt hypervisor meeting the pre-requisites. </dd> - <dt><a href="http://virt-manager.org/">virt-install</a></dt> + <dt><a href="https://virt-manager.org/">virt-install</a></dt> <dd> Provides a way to provision new virtual machines from a OS distribution install tree. It supports provisioning from local CD images, and the network over NFS, HTTP and FTP. </dd> - <dt><a href="http://et.redhat.com/~rjones/virt-top/">virt-top</a></dt> + <dt><a href="https://people.redhat.com/rjones/virt-top/">virt-top</a></dt> <dd> Watch the CPU, memory, network and disk utilization of all virtual machines running on a host. </dd> <dt> - <a href="http://people.redhat.com/~rjones/virt-what/">virt-what</a> + <a href="https://people.redhat.com/~rjones/virt-what/">virt-what</a> </dt> <dd> virt-what is a shell script for detecting if the program is running in a virtual machine. It prints out a list of facts about the virtual machine, derived from heuristics. </dd> - <dt><a href="http://sourceware.org/systemtap/">stap</a></dt> + <dt><a href="https://sourceware.org/systemtap/">stap</a></dt> <dd> SystemTap is a tool used to gather rich information about a running system through the use of scripts. Starting from v2.4, the front-end @@ -142,7 +142,7 @@ <h2><a id="continuousintegration">Continuous Integration</a></h2> <dl> - <dt><a href="http://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt> + <dt><a href="https://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt> <dd> BuildBot is a system to automate the compile/test cycle required by most software projects. CVS commits trigger new builds, run on @@ -152,7 +152,7 @@ </dl> <dl> - <dt><a href="http://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plugin">Jenkins</a></dt> + <dt><a href="https://wiki.jenkins-ci.org/display/JENKINS/Libvirt+Slaves+Plugin">Jenkins</a></dt> <dd> This plugin for Jenkins adds a way to control guest domains hosted on Xen or QEMU/KVM. You configure a Jenkins Slave, @@ -197,28 +197,28 @@ <h2><a id="desktop">Desktop applications</a></h2> <dl> - <dt><a href="http://virt-manager.org/">virt-manager</a></dt> + <dt><a href="https://virt-manager.org/">virt-manager</a></dt> <dd> A general purpose desktop management tool, able to manage virtual machines across both local and remotely accessed hypervisors. It is targeted at home and small office usage up to managing 10-20 hosts and their VMs. </dd> - <dt><a href="http://virt-manager.org/">virt-viewer</a></dt> + <dt><a href="https://virt-manager.org/">virt-viewer</a></dt> <dd> A lightweight tool for accessing the graphical console associated with a virtual machine. It can securely connect to remote consoles supporting the VNC protocol. Also provides an optional mozilla browser plugin. </dd> - <dt><a href="http://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt> + <dt><a href="https://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt> <dd> The Qt GUI for create and control VMs and another virtual entities (aka networks, storages, interfaces, secrets, network filters). Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or text console associated with a virtual machine or container. </dd> - <dt><a href="http://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt> + <dt><a href="https://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt> <dd> The Qt VNC/SPICE viewer for access to remote desktops or VMs. </dd> @@ -234,17 +234,7 @@ it easy to benefit from private Cloud Computing technology. </dd> - <dt><a href="http://www.emotivecloud.net">EMOTIVE Cloud</a></dt> - <dd>The EMOTIVE (Elastic Management Of Tasks In Virtualized - Environments) middleware allows executing tasks and providing - virtualized environments to the users with Xen, KVM or - VirtualBox hypervisor. EMOTIVE's main feature is VM management - with different scheduling policies. It can be also used as a - cloud provider and is very easy to extend thanks to its - modular Web Services architecture. - </dd> - - <dt><a href="http://www.eucalyptus.com">Eucalyptus</a></dt> + <dt><a href="https://github.com/eucalyptus/eucalyptus">Eucalyptus</a></dt> <dd> Eucalyptus is an on-premise Infrastructure as a Service cloud software platform that is open source and @@ -268,7 +258,7 @@ management. </dd> - <dt><a href="http://www.openstack.org">OpenStack</a></dt> + <dt><a href="https://www.openstack.org">OpenStack</a></dt> <dd> OpenStack is a "cloud operating system" usable for both public and private clouds. Its various parts take care of compute, @@ -314,7 +304,7 @@ Windows Registry in Windows guests. </dd> - <dt><a href="http://sandbox.libvirt.org">libvirt-sandbox</a></dt> + <dt><a href="https://sandbox.libvirt.org">libvirt-sandbox</a></dt> <dd> A library and command line tools for simplifying the creation of application sandboxes using virtualization technology. It currently @@ -334,7 +324,7 @@ <h2><a id="livecd">LiveCD / Appliances</a></h2> <dl> - <dt><a href="http://et.redhat.com/~rjones/virt-p2v/">virt-p2v</a></dt> + <dt><a href="http://libguestfs.org/virt-v2v/">virt-p2v</a></dt> <dd> An older tool for converting a physical machine into a virtual machine. It is a LiveCD which is booted on the machine to be @@ -346,7 +336,7 @@ <h2><a id="monitoring">Monitoring</a></h2> <dl> - <dt><a href="http://collectd.org/plugins/libvirt.shtml">collectd</a></dt> + <dt><a href="https://collectd.org/plugins/libvirt.shtml">collectd</a></dt> <dd> The libvirt-plugin is part of <a href="http://collectd.org/">collectd</a> and gathers statistics about virtualized guests on a system. This @@ -355,19 +345,19 @@ For a full description, please refer to the libvirt section in the collectd.conf(5) manual page. </dd> - <dt><a href="http://host-sflow.sourceforge.net/">Host sFlow</a></dt> + <dt><a href="http://www.sflow.net/">Host sFlow</a></dt> <dd> Host sFlow is a lightweight agent running on KVM hypervisors that links to libvirt library and exports standardized cpu, memory, network and disk metrics for all virtual machines. </dd> - <dt><a href="http://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt> + <dt><a href="https://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt> <dd> The plugins provided by Guido Günther allow to monitor various things like network and block I/O with <a href="http://munin.projects.linpro.no/">Munin</a>. </dd> - <dt><a href="http://et.redhat.com/~rjones/nagios-virt/">Nagios-virt</a></dt> + <dt><a href="http://people.redhat.com/rjones/nagios-virt/">Nagios-virt</a></dt> <dd> Nagios-virt is a configuration tool to add monitoring of your virtualised domains to <a href="http://www.nagios.org/">Nagios</a>. @@ -383,7 +373,7 @@ metrics. It supports pCPU, vCPU, memory, block device, network interface, and performance event metrics for each virtual guest. </dd> - <dt><a href="http://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt> + <dt><a href="https://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt> <dd> The Zenoss libvirt Zenpack adds support for monitoring virtualization servers. It has been tested with KVM, QEMU, VMware ESX, and VMware @@ -394,7 +384,7 @@ <h2><a id="provisioning">Provisioning</a></h2> <dl> - <dt><a href="http://www.ibm.com/software/tivoli/products/prov-mgr/">Tivoli Provisioning Manager</a></dt> + <dt><a href="https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivo…">Tivoli Provisioning Manager</a></dt> <dd> Part of the IBM Tivoli family, Tivoli Provisioning Manager (TPM) is an IT lifecycle automation product. It @@ -404,7 +394,7 @@ </dl> <dl> - <dt><a href="http://theforeman.org">Foreman</a></dt> + <dt><a href="https://theforeman.org">Foreman</a></dt> <dd> Foreman is an open source web based application aimed to be a Single Address For All Machines Life Cycle Management. Foreman: @@ -428,7 +418,7 @@ <h2><a id="web">Web applications</a></h2> <dl> - <dt><a href="http://community.abiquo.com/display/AbiCloud">AbiCloud</a></dt> + <dt><a href="http://www.abiquo.com/">AbiCloud</a></dt> <dd> AbiCloud is an open source cloud platform manager which allows to easily deploy a private cloud in your datacenter. One of the key @@ -444,14 +434,14 @@ Kimchi manages KVM guests through libvirt. The management interface is accessed over the web using a browser that supports HTML5. </dd> - <dt><a href="http://ovirt.org/">oVirt</a></dt> + <dt><a href="https://ovirt.org/">oVirt</a></dt> <dd> oVirt provides the ability to manage large numbers of virtual machines across an entire data center of hosts. It integrates with FreeIPA for Kerberos authentication, and in the future, certificate management. </dd> - <dt><a href="http://ispsystem.com/en/software/vmmanager">VMmanager</a></dt> + <dt><a href="https://ispsystem.com/en/software/vmmanager">VMmanager</a></dt> <dd> VMmanager is a software solution for virtualization management that can be used both for hosting virtual machines and @@ -460,7 +450,7 @@ functions, such as live migration that allows for load balancing between cluster nodes, monitoring CPU, memory. </dd> - <dt><a href="http://mist.io/">mist.io</a></dt> + <dt><a href="https://mist.io/">mist.io</a></dt> <dd> Mist.io is an open source project and a service that can assist you in managing your virtual machines on a unified way, providing a simple @@ -468,7 +458,7 @@ providers, OpenStack based public/private clouds, Docker servers, bare metal servers and now KVM hypervisors). </dd> - <dt><a href="http://ravada.upc.edu/">Ravada</a></dt> + <dt><a href="https://ravada.upc.edu/">Ravada</a></dt> <dd> Ravada is an open source tool for managing Virtual Desktop Infrastructure (VDI). It is very easy to install and use. Following @@ -492,7 +482,7 @@ <h2><a id="other">Other</a></h2> <dl> - <dt><a href="http://cuckoosandbox.org/">Cuckoo Sandbox</a></dt> + <dt><a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a></dt> <dd> Cuckoo Sandbox is a malware analysis system. You can throw any suspicious file at it and in a matter of seconds Cuckoo -- 2.14.3

2 1

[libvirt] [PATCH] docs: update instructions for TLS cert generation
by Daniel P. Berrange 07 Dec '17

07 Dec '17

Currently we only describe setting the CN field for server certs. This leads to inevitable pain for users who set it to the fully qualified hostname and then use a unqualified hostname or IP address to connect in the URI. Describe the usage of Subject Alt Name extensions, to provide multiple hostnames and IP addresses. This will help users avoid the classic mistake and is important future proofing, since at least in browsers, TLS libraries no longer use the CN field for validation, mandating use of SAN info instead. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- docs/remote.html.in | 72 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 20 deletions(-) diff --git a/docs/remote.html.in b/docs/remote.html.in index 9bafd9de67..6ae40b2bb2 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -30,7 +30,7 @@ to <code>virConnectOpen</code> (or <code>virsh -c ...</code>). For example, if you normally use <code>qemu:///system</code> to access the system-wide QEMU daemon, then to access the system-wide QEMU daemon on a remote machine called -<code>oirase</code> you would use <code>qemu://oirase/system</code>. +<code>compute1.libvirt.org</code> you would use <code>qemu://compute1.libvirt.org/system</code>. </p> <p> The <a href="#Remote_URI_reference">section on remote URIs</a> @@ -412,7 +412,9 @@ next section. <td> Server's certificate signed by the CA. (<a href="#Remote_TLS_server_certificates">more info</a>) </td> <td> CommonName (CN) must be the hostname of the server as it - is seen by clients. </td> + is seen by clients. All hostname and IP address variants that might + be used to reach the server should be lkisted in Subject Alt Name + fields.</td> </tr> <tr> <td> @@ -564,8 +566,8 @@ X.509 certificate info: Version: 3 Serial Number (hex): 00 -Subject: CN=Red Hat Emerging Technologies -Issuer: CN=Red Hat Emerging Technologies +Subject: CN=Libvirt Project +Issuer: CN=Libvirt Project Signature Algorithm: RSA-SHA Validity: Not Before: Mon Jun 18 16:22:18 2007 @@ -582,14 +584,20 @@ for your clients and servers. </h3> <p> For each server (libvirtd) you need to issue a certificate -with the X.509 CommonName (CN) field set to the hostname -of the server. The CN must match the hostname which -clients will be using to connect to the server. +containing one or more hostnames and/or IP addresses. +Historically the CommonName (CN) field would contain the +hostname of the server, and would match the hostname used +in the URI that clients pass to libvirt. In most TLS impls +the CN field is considered legacy data, the Subject Alt Name +(SAN) extension fields we be preferentially validated against. +In the future use of the CN field for validation may be +discontinuned entirely, so it is strongly recommended to +include the SAN fields. </p> <p> In the example below, clients will be connecting to the server using a <a href="#Remote_URI_reference">URI</a> of -<code>xen://oirase/</code>, so the CN must be "<code>oirase</code>". +<code>xen://virt.example/</code>, so the CN must be "<code>oirase</code>". </p> <p> Make a private key for the server: @@ -599,13 +607,25 @@ certtool --generate-privkey > serverkey.pem </pre> <p> and sign that key with the CA's private key by first -creating a template file called <code>server.info</code> -(only the CN field matters, which as explained above must -be the server's hostname): +creating a template file called <code>server.info</code>. +The 'cn' field should refer to the fully qualified public +hostname of the server. For the SAN extension data, there +must also be one or more 'dns_name' fields that contain all +possible hostnames that can be reasonably used by clients +to reach the server, both with and without domain name +qualifiers. If clients are likely to connect to the server +by IP address, then one or 'ip_address' fields should also +be added. </p> <pre> organization = <i>Name of your organization</i> -cn = oirase +cn = compute1.libvirt.org +dns_name = compute1 +dns_name = compute1.libvirt.org +ip_address = 10.0.0.74 +ip_address = 192.168.1.24 +ip_address = 2001:cafe::74 +ip_address = fe20::24 tls_www_server encryption_key signing_key @@ -635,16 +655,28 @@ X.509 certificate info: Version: 3 Serial Number (hex): 00 -Subject: O=Red Hat Emerging Technologies,CN=oirase -Issuer: CN=Red Hat Emerging Technologies +Subject: O=Libvirt Project,CN=compute1.libvirt.org +Issuer: CN=Libvirt Project Signature Algorithm: RSA-SHA Validity: Not Before: Mon Jun 18 16:34:49 2007 Not After: Tue Jun 17 16:34:49 2008 +Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + DNSname: compute1 + DNSname: compute1.libvirt.org + IPAddress: 10.0.0.74 + IPAddress: 192.168.1.24 + IPAddress: 2001:cafe::74 + IPAddress: fe20::24 </pre> <p> -Note the "Issuer" CN is "Red Hat Emerging Technologies" (the CA) and -the "Subject" CN is "oirase" (the server). +Note the "Issuer" CN is "Libvirt Project" (the CA) and +the "Subject" CN is "compute1.libvirt.org" (the server). +Notice that the hostname listed in the CN must also +be duplicated as a DNSname entry </p> <p> Finally we have two files to install: @@ -665,13 +697,13 @@ which can be installed on the server as </h3> <p> For each client (ie. any program linked with libvirt, such as -<a href="http://virt-manager.et.redhat.com/">virt-manager</a>) +<a href="http://virt-manager.org/">virt-manager</a>) you need to issue a certificate with the X.509 Distinguished Name (DN) set to a suitable name. You can decide this on a company / organisation policy. For example, I use: </p> <pre> -C=GB,ST=London,L=London,O=Red Hat,CN=<i>name_of_client</i> +C=GB,ST=London,L=London,O=Libvirt Project,CN=<i>name_of_client</i> </pre> <p> The process is the same as for @@ -692,7 +724,7 @@ Act as CA and sign the certificate. Create client.info containing: country = GB state = London locality = London -organization = Red Hat +organization = Libvirt Project cn = client1 tls_www_client encryption_key @@ -884,7 +916,7 @@ Blank lines and comments beginning with <code>#</code> are ignored. The default is that DNs are not checked. </p> <p> - This list may contain wildcards such as <code>"C=GB,ST=London,L=London,O=Red Hat,CN=*"</code> + This list may contain wildcards such as <code>"C=GB,ST=London,L=London,O=Libvirt Project,CN=*"</code> See the POSIX <code>fnmatch</code> function for the format of the wildcards. </p> -- 2.14.3

2 1

[libvirt] [PATCH] rng: fix nwfilter rule contents
by Daniel P. Berrange 07 Dec '17

07 Dec '17

The contents of a <rule> are a choice of exactly one union member. The RNG schema, however, was allowing an arbitrary number of instances of every union member at once. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- docs/schemas/nwfilter.rng | 98 +---------------------------------------------- 1 file changed, 2 insertions(+), 96 deletions(-) diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng index 7cfc05fa2e..cca6ff2954 100644 --- a/docs/schemas/nwfilter.rng +++ b/docs/schemas/nwfilter.rng @@ -19,58 +19,37 @@ </element> <element name="rule"> <ref name="rule-node-attributes"/> - <optional> - <zeroOrMore> + <choice> <element name="mac"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> <ref name="mac-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="vlan"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> <ref name="vlan-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="stp"> <ref name="match-attribute"/> <ref name="srcmacandmask-attributes"/> <ref name="stp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="arp"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> <ref name="arp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="rarp"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> <ref name="arp-attributes"/>  <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="ip"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> @@ -80,10 +59,6 @@ <ref name="dscp-attribute"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="ipv6"> <ref name="match-attribute"/> <ref name="common-l2-attributes"/> @@ -93,10 +68,6 @@ <ref name="icmp-attribute-ranges"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="tcp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -106,10 +77,6 @@ <ref name="tcp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="udp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -118,10 +85,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="sctp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -130,10 +93,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="icmp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -142,10 +101,6 @@ <ref name="icmp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="igmp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -153,10 +108,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="all"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -164,10 +115,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="esp"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -175,10 +122,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="ah"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -186,10 +129,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="udplite"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -197,10 +136,6 @@ <ref name="common-ip-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="tcp-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -210,10 +145,6 @@ <ref name="tcp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="udp-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -222,10 +153,6 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="sctp-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -234,10 +161,6 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="icmpv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -246,10 +169,6 @@ <ref name="icmp-attributes"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="all-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -257,10 +176,6 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="esp-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -268,10 +183,6 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="ah-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -279,10 +190,6 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> - <optional> - <zeroOrMore> <element name="udplite-ipv6"> <ref name="match-attribute"/> <ref name="srcmac-attribute"/> @@ -290,8 +197,7 @@ <ref name="common-ipv6-attributes-p2"/> <ref name="comment-attribute"/> </element> - </zeroOrMore> - </optional> + </choice> </element> </choice> </zeroOrMore> -- 2.14.3

2 1

[libvirt] [PATCH] nwfilter: remove bogus 'protocolid' attribute on arp/rarp fields
by Daniel P. Berrange 07 Dec '17

07 Dec '17

Various example XML documents for arp/rarp filtering have a protocolid XML attribute defined. This is never parsed or output by the libvirt XML handling code, so shouldn't be present in example XML files either Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- tests/nwfilterxml2firewalldata/arp.xml | 1 - tests/nwfilterxml2firewalldata/rarp.xml | 1 - tests/nwfilterxml2xmlin/arp-test.xml | 1 - tests/nwfilterxml2xmlin/chain_prefixtest1.xml | 1 - tests/nwfilterxml2xmlin/rarp-test.xml | 1 - 5 files changed, 5 deletions(-) diff --git a/tests/nwfilterxml2firewalldata/arp.xml b/tests/nwfilterxml2firewalldata/arp.xml index d0abf946ad..657c4958a6 100644 --- a/tests/nwfilterxml2firewalldata/arp.xml +++ b/tests/nwfilterxml2firewalldata/arp.xml @@ -2,7 +2,6 @@ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> <rule action='accept' direction='out'> <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - protocolid='arp' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' diff --git a/tests/nwfilterxml2firewalldata/rarp.xml b/tests/nwfilterxml2firewalldata/rarp.xml index 77c1127efc..15f1ac92d1 100644 --- a/tests/nwfilterxml2firewalldata/rarp.xml +++ b/tests/nwfilterxml2firewalldata/rarp.xml @@ -2,7 +2,6 @@ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> <rule action='accept' direction='out'> <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - protocolid='rarp' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' diff --git a/tests/nwfilterxml2xmlin/arp-test.xml b/tests/nwfilterxml2xmlin/arp-test.xml index e9d3768361..02bf4a8857 100644 --- a/tests/nwfilterxml2xmlin/arp-test.xml +++ b/tests/nwfilterxml2xmlin/arp-test.xml @@ -2,7 +2,6 @@ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> <rule action='accept' direction='out'> <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - protocolid='arp' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' diff --git a/tests/nwfilterxml2xmlin/chain_prefixtest1.xml b/tests/nwfilterxml2xmlin/chain_prefixtest1.xml index c2f3f77791..bd7f76f7d1 100644 --- a/tests/nwfilterxml2xmlin/chain_prefixtest1.xml +++ b/tests/nwfilterxml2xmlin/chain_prefixtest1.xml @@ -2,7 +2,6 @@ <uuid>e5700920-a333-4c05-8016-b669e46b7599</uuid> <rule action='accept' direction='out'> <arp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - protocolid='arp' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' diff --git a/tests/nwfilterxml2xmlin/rarp-test.xml b/tests/nwfilterxml2xmlin/rarp-test.xml index e08722204f..0e3ee91db5 100644 --- a/tests/nwfilterxml2xmlin/rarp-test.xml +++ b/tests/nwfilterxml2xmlin/rarp-test.xml @@ -2,7 +2,6 @@ <uuid>5c6d49af-b071-6127-b4ec-6f8ed4b55335</uuid> <rule action='accept' direction='out'> <rarp srcmacaddr='1:2:3:4:5:6' srcmacmask='ff:ff:ff:ff:ff:ff' - protocolid='rarp' dstmacaddr='aa:bb:cc:dd:ee:ff' dstmacmask='ff:ff:ff:ff:ff:ff' hwtype='12' protocoltype='34' -- 2.14.3

2 1

[libvirt] [libvirt-php PATCH] Fix crash in VIRT_HASH_CURRENT_KEY_INFO macro
by Dawid Zamirski 07 Dec '17

07 Dec '17

The PHP7 variant of the macro wasn't safe if the hash key was not a string type. This was found when running php script with just libvirt_connect call under xdebug session which segfaulted. This patch makes the following changes: * make sure that tmp_name is initialized to NULL * set the key name only when zend_hash_get_current_key_ex did set it to something which happens only when type is HASH_KEY_IS_STRING * stash the key index in out php_libvirt_hash_key_info struct because it wasn't there before and separate variable had to be used. --- src/libvirt-connection.c | 8 +++----- src/libvirt-php.c | 6 ++---- src/libvirt-php.h | 1 + src/util.h | 16 +++++++++------- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/libvirt-connection.c b/src/libvirt-connection.c index 181b266..2d59d82 100644 --- a/src/libvirt-connection.c +++ b/src/libvirt-connection.c @@ -131,8 +131,6 @@ PHP_FUNCTION(libvirt_connect) HashPosition pointer; int array_count; - zend_ulong index; - unsigned long libVer; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|sba", &url, &url_len, &readonly, &zcreds) == FAILURE) { @@ -176,13 +174,13 @@ PHP_FUNCTION(libvirt_connect) VIRT_FOREACH(arr_hash, pointer, data) { if (Z_TYPE_P(data) == IS_STRING) { php_libvirt_hash_key_info info; - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info); if (info.type == HASH_KEY_IS_STRING) { PHPWRITE(info.name, info.length); } else { - DPRINTF("%s: credentials index %d\n", PHPFUNC, (int)index); - creds[j].type = index; + DPRINTF("%s: credentials index %d\n", PHPFUNC, info.index); + creds[j].type = info.index; creds[j].result = (char *)emalloc(Z_STRLEN_P(data) + 1); memset(creds[j].result, 0, Z_STRLEN_P(data) + 1); creds[j].resultlen = Z_STRLEN_P(data); diff --git a/src/libvirt-php.c b/src/libvirt-php.c index ef057fe..efbef58 100644 --- a/src/libvirt-php.c +++ b/src/libvirt-php.c @@ -1921,7 +1921,6 @@ long get_next_free_numeric_value(virDomainPtr domain, char *xpath) HashPosition pointer; // int array_count; zval *data; - unsigned long index; long max_slot = -1; xml = virDomainGetXMLDesc(domain, VIR_DOMAIN_XML_INACTIVE); @@ -1934,7 +1933,7 @@ long get_next_free_numeric_value(virDomainPtr domain, char *xpath) VIRT_FOREACH(arr_hash, pointer, data) { if (Z_TYPE_P(data) == IS_STRING) { php_libvirt_hash_key_info info; - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, info); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, info); if (info.type != HASH_KEY_IS_STRING) { long num = -1; @@ -2439,7 +2438,6 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork *network) zval *data; php_libvirt_hash_key_info key; HashPosition pointer; - unsigned long index; arr_hash = Z_ARRVAL_P(arr); //array_count = zend_hash_num_elements(arr_hash); @@ -2451,7 +2449,7 @@ void parse_array(zval *arr, tVMDisk *disk, tVMNetwork *network) VIRT_FOREACH(arr_hash, pointer, data) { if ((Z_TYPE_P(data) == IS_STRING) || (Z_TYPE_P(data) == IS_LONG)) { - VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, index, key); + VIRT_HASH_CURRENT_KEY_INFO(arr_hash, pointer, key); if (key.type == HASH_KEY_IS_STRING) { if (disk != NULL) { if ((Z_TYPE_P(data) == IS_STRING) && strcmp(key.name, "path") == 0) diff --git a/src/libvirt-php.h b/src/libvirt-php.h index 8d13a6b..f24a329 100644 --- a/src/libvirt-php.h +++ b/src/libvirt-php.h @@ -137,6 +137,7 @@ typedef struct tVMNetwork { typedef struct _php_libvirt_hash_key_info { char *name; unsigned int length; + unsigned int index; unsigned int type; } php_libvirt_hash_key_info; diff --git a/src/util.h b/src/util.h index ecb3a1f..72cfa91 100644 --- a/src/util.h +++ b/src/util.h @@ -135,12 +135,14 @@ # define VIRT_FOREACH_END(_dummy) -# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \ +# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \ do { \ - zend_string *tmp_key_info; \ - _info.type = zend_hash_get_current_key_ex(_ht, &tmp_key_info, &_idx, &_pos); \ - _info.name = ZSTR_VAL(tmp_key_info); \ - _info.length = ZSTR_LEN(tmp_key_info); \ + zend_string *tmp_name = NULL; \ + _info.type = zend_hash_get_current_key_ex(_ht, &tmp_name, (zend_ulong *) &_info.index, &_pos); \ + if (tmp_name) { \ + _info.name = ZSTR_VAL(tmp_name); \ + _info.length = ZSTR_LEN(tmp_name); \ + } \ } while(0) # define VIRT_ARRAY_INIT(_name) do { \ @@ -213,9 +215,9 @@ # define VIRT_FOREACH_END(_dummy) \ }} -# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _idx, _info) \ +# define VIRT_HASH_CURRENT_KEY_INFO(_ht, _pos, _info) \ do { \ - _info.type = zend_hash_get_current_key_ex(_ht, &_info.name, &_info.length, &_idx, 0, &_pos); \ + _info.type = zend_hash_get_current_key_ex(_ht, &_info.name, &_info.length, &_info.index, 0, &_pos); \ } while(0) # define VIRT_ARRAY_INIT(_name) do {\ -- 2.14.3

2 3

[libvirt] [PATCH 00/17] Move qemu command line controller checks to qemuDomainDeviceDefValidateController* checks
by John Ferlan 07 Dec '17

07 Dec '17

Recent series to just move IDE checks: (v4: https://www.redhat.com/archives/libvir-list/2017-December/msg00049.html) gave me enough "push" in order to move the bulk of qemu_command controller command line build "validation" checks into their own Validation helpers. The IDE only checks are essentially incorporated into this series. John Ferlan (14): qemu: Introduce qemuDomainDeviceDefValidateController qemu: Introduce qemuDomainDeviceDefSkipController qemu: Use virDomainControllerType in qemuBuildControllerDevStr switch qemu: Move CCW S390 Address check to controller def validate qemu: Introduce qemuDomainDeviceDefValidateControllerSCSI qemu: Introduce qemuDomainDeviceDefValidateControllerPCI qemu: Use virDomainPCIControllerOpts in qemuBuildControllerDevStr qemu: Move PCI command modelName check to controller def validate qemu: Move PCI command modelName TypeToString to controller def validate qemu: Move PCI more command checks to controller def validate qemu: Complete PCI command checks to controller def validate qemu: Introduce qemuDomainDeviceDefValidateControllerSATA qemu: Introduce qemuDomainDeviceDefValidateControllerUSB qemu: Complete move USB command checks to controller def validate Lin Ma (3): tests: Remove use of IDE disk for pseries floppy test tests: Drop IDE controller in CCW qemu: Introduce qemuDomainDeviceDefValidateControllerIDE src/qemu/qemu_command.c | 566 ++------------------ src/qemu/qemu_command.h | 2 + src/qemu/qemu_domain.c | 590 ++++++++++++++++++++- src/qemu/qemu_domain.h | 12 + .../qemuhotplug-base-ccw-live+ccw-virtio.xml | 4 - ...ive-with-2-ccw-virtio+ccw-virtio-1-explicit.xml | 4 - ...live-with-2-ccw-virtio+ccw-virtio-1-reverse.xml | 4 - ...qemuhotplug-base-ccw-live-with-2-ccw-virtio.xml | 4 - ...-live-with-ccw-virtio+ccw-virtio-2-explicit.xml | 4 - ...-base-ccw-live-with-ccw-virtio+ccw-virtio-2.xml | 4 - .../qemuhotplug-base-ccw-live-with-ccw-virtio.xml | 4 - .../qemuhotplug-base-ccw-live.xml | 4 - tests/qemumemlocktest.c | 14 + .../qemuxml2argv-disk-floppy-pseries.args | 24 - .../qemuxml2argv-disk-floppy-pseries.xml | 7 - tests/qemuxml2argvtest.c | 18 +- tests/qemuxml2xmltest.c | 20 +- 17 files changed, 689 insertions(+), 596 deletions(-) delete mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-floppy-pseries.args -- 2.13.6

2 26

[libvirt] [sandbox 0/6] Misc patches
by Cédric Bosdonnat 06 Dec '17

06 Dec '17

Hi all, Here are a few patches I found sitting on my local copy. I also added a few patches to convert to python3. Cédric Bosdonnat (6): Pass debug and verbose values to init machine: use squash security mode for non-root virt-sandbox mounts Add tests .log and .trs files to gitignore service: fix bad ConfigMountHostImage constructor call Convert to python3 Don't hardcode interpreter path .gitignore | 2 + bin/virt-sandbox-image | 2 +- bin/virt-sandbox-service | 75 +++++++++++++---------- bin/virt-sandbox.c | 3 + examples/demo.py | 2 +- examples/shell.py | 2 +- examples/virt-sandbox-mkinitrd.py | 2 +- examples/virt-sandbox.py | 2 +- libvirt-sandbox/image/cli.py | 20 +++--- libvirt-sandbox/image/sources/base.py | 1 - libvirt-sandbox/image/sources/docker.py | 42 ++++++------- libvirt-sandbox/image/sources/virtbuilder.py | 1 - libvirt-sandbox/image/template.py | 8 +-- libvirt-sandbox/libvirt-sandbox-builder-machine.c | 5 +- libvirt-sandbox/libvirt-sandbox-config.c | 75 +++++++++++++++++++++++ libvirt-sandbox/libvirt-sandbox-config.h | 6 ++ libvirt-sandbox/libvirt-sandbox-init-common.c | 3 + libvirt-sandbox/libvirt-sandbox.sym | 4 ++ 18 files changed, 179 insertions(+), 76 deletions(-) -- 2.15.1

3 16

[libvirt] [PATCH jenkins-ci] Trigger rebuild of libvirt-go-xml when libvirt changes
by Daniel P. Berrange 06 Dec '17

06 Dec '17

Although the core code in libvirt-go-xml doesn't depend on libvirt, the test suite pulls in libvirt.git to validate XML parsing against all XML files found under libvirt.git/tests. We should thus have a dependancy in jenkins to trigger rebuilds when libvirt changes. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- projects/libvirt-go-xml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/libvirt-go-xml.yaml b/projects/libvirt-go-xml.yaml index 3083b9f..126058b 100644 --- a/projects/libvirt-go-xml.yaml +++ b/projects/libvirt-go-xml.yaml @@ -15,6 +15,6 @@ export TEST_ARGS="-tags xmlroundtrip" jobs: - go-build-job: - parent_jobs: + parent_jobs: 'libvirt-master-build' - go-check-job: parent_jobs: 'libvirt-go-xml-master-build' -- 2.14.3

2 1

[libvirt] [jenkins-ci PATCH] guests: install additional debugging tools
by Pavel Hrdina 06 Dec '17

06 Dec '17

Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- guests/vars/mappings.yml | 14 ++++++++++++++ guests/vars/projects/base.yml | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml index eca8dbe..ff97231 100644 --- a/guests/vars/mappings.yml +++ b/guests/vars/mappings.yml @@ -100,6 +100,9 @@ mappings: default: gcc FreeBSD: + gdb: + default: gdb + gettext: default: gettext @@ -306,6 +309,9 @@ mappings: pkg: libxslt rpm: libxslt-devel + lsof: + default: lsof + lvm2: default: lvm2 FreeBSD: @@ -390,6 +396,10 @@ mappings: deb: libnetcf-dev rpm: netcf-devel + netstat: + default: net-tools + FreeBSD: + numad: default: numad FreeBSD: @@ -631,6 +641,10 @@ mappings: rpm: spice-gtk3-devel CentOS6: + strace: + default: strace + FreeBSD: + unzip: default: unzip FreeBSD: diff --git a/guests/vars/projects/base.yml b/guests/vars/projects/base.yml index d82f6b9..352e85a 100644 --- a/guests/vars/projects/base.yml +++ b/guests/vars/projects/base.yml @@ -6,12 +6,16 @@ packages: - ccache - cppi - gcc + - gdb - gettext - glibc - libtool - libtoolize + - lsof - make + - netstat - patch - perl - pkg-config - rpmbuild + - strace -- 2.13.6

2 1