[libvirt] [PATCH] xenconfig: Remove references to my name and email
by David Kiarie
Replace references to my name and email with a pseudonym
Signed-off-by: David Kiarie <davidkiarie4(a)gmail.com>
---
src/xenconfig/xen_xl.c | 2 +-
src/xenconfig/xen_xl.h | 2 +-
tests/xlconfigtest.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 35d52f8a..0343a73c 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -17,7 +17,7 @@
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
- * Author: Kiarie Kahurani <davidkiarie4(a)gmail.com>
+ * Author: Oneko <kawaiii.nekomata(a)gmail.com>
* Author: Jim Fehlig <jfehlig(a)suse.com>
*/
diff --git a/src/xenconfig/xen_xl.h b/src/xenconfig/xen_xl.h
index 68f332ac..4ce13f05 100644
--- a/src/xenconfig/xen_xl.h
+++ b/src/xenconfig/xen_xl.h
@@ -17,7 +17,7 @@
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
- * Author: Kiarie Kahurani<davidkiarie4(a)gmail.com>
+ * Author: Oneko <kawaiii.nekomata(a)gmail.com>
*/
#ifndef __VIR_XEN_XL_H__
diff --git a/tests/xlconfigtest.c b/tests/xlconfigtest.c
index 39f51e2d..1bbc0b72 100644
--- a/tests/xlconfigtest.c
+++ b/tests/xlconfigtest.c
@@ -19,7 +19,7 @@
* <http://www.gnu.org/licenses/>.
*
* Author: Daniel P. Berrange <berrange(a)redhat.com>
- * Author: Kiarie Kahurani <davidkiarie4(a)gmail.com>
+ * Author: Oneko <kawaiii.nekomata(a)gmail.com>
*
*/
--
2.17.0
6 years, 6 months
Re: [libvirt] Question about verifying same uid:gid in src and dstfor live migration
by Fei Li
Hi Daniel,
On 05/09/2018 03:55 PM, Daniel P. Berrangé wrote:
> On Wed, May 09, 2018 at 01:45:53PM +0800, Fei Li wrote:
>> Hi,
>>
>> When I do live migration using virsh command line based on NFS shared
>> storage between two systems
>> having the same security mechanism and having the same kvm/qemu/libvirt
>> version, I encounter the
>> following error:
>>
>> debug : qemuMonitorJSONIOProcessLine:193 : Line [{"timestamp": {"seconds": 1524893525, "microseconds": 522686},
>> "event": "BLOCK_IO_ERROR", "data": {"device": "drive-virtio-disk0", "nospace": false, "node-name": "#block120",
>> "reason": "Permission denied", "operation": "write", "action": "report"}}]
>> ...
>> error: internal error: qemu unexpectedly closed the monitor:
>> qemu-system-x86_64: load of migration failed: Input/output error
>> ...
>>
>> According to the "Permission denied" && "write" information, I find the
>> below 2 ways can fix this error:
>> - Change the mode of guest's .qcow2 file from 644 to 646
> Absolutely no - any process or user that can access the mount can
> then compromise your disk images
Right, this should not be a fix. :)
>
>> - Keep qemu's uid the same one between src host and dst host (They are not
>> same before I change them)
> You *must* have the same uid+gid between source and dest hosts
>
>> After confirming that keeping qemu's uid identical between src host and dst
>> host can fix such issue,
>> my question is whether a fix in libvirt should be pursued or just document
>> the requirement for same
>> uid:gid across host systems in a migration cluster is ok?
> In Fedora and RHEL at least the system is setup so that these users get
> a fixed uid:gid upon installation to avoid this kind of problem.
Thanks for the "fixed uid:gid" advice, this helps a lot.
Have a nice day, thanks again
Fei
>
> Regards,
> Daniel
6 years, 6 months
[libvirt] [qemu PATCH] docs/interop: add "firmware.json"
by Laszlo Ersek
Add a schema that describes the different uses and properties of virtual
machine firmware.
Each firmware executable installed on a host system should come with at
least one JSON file that conforms to this schema. Each file informs the
management applications about
- the firmware's properties and one possible use case / feature set,
- configuration bits that are required to run the firmware binary.
In addition, define rules for management apps for picking the highest
priority firmware JSON file when multiple such files match the search
criteria.
Cc: "Daniel P. Berrange" <berrange(a)redhat.com>
Cc: David Gibson <dgibson(a)redhat.com>
Cc: Eric Blake <eblake(a)redhat.com>
Cc: Gerd Hoffmann <kraxel(a)redhat.com>
Cc: Kashyap Chamarthy <kchamart(a)redhat.com>
Cc: Markus Armbruster <armbru(a)redhat.com>
Cc: Paolo Bonzini <pbonzini(a)redhat.com>
Cc: Thomas Huth <thuth(a)redhat.com>
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
Notes:
PATCH:
- previous version (RFCv3) was posted at:
<http://mid.mail-archive.com/20180420231246.23130-4-lersek@redhat.com>
- move "firmware.json" under docs/interop/; drop earlier development
artifacts
- no changes to the schema (received no comments on RFCv3)
RFCv3:
- Previous version (RFCv2) was posted at:
<http://mid.mail-archive.com/20180417224054.26363-1-lersek@redhat.com>
- Trim the CC list a little.
- Wrap to a 72-char margin, for an easier reading. [Markus]
- Run spell-checker. [Markus]
- Rename @FirmwareType to @FirmwareOSInterface, to better express the
concept. Update the enum constants accordingly (incl. documentation);
in particular replace @slof with @openfirmware. Rename the @type field
in @Firmware to @interface-type. [David, Gerd, Paolo, Thomas]
- Better yet, rename @interface-type to @interface-types (plural), and
turn it into a list of @FirmwareOSInterface entries, to express an
ordered compat list with multiple firmware<->OS interface types. [Dan,
Eric, Gerd, Paolo]
- Drop @FirmwareArchitecture, and switch the type of
@FirmwareTarget.@architecture to @SysEmuTarget (now defined in
"common.json"). [Dan, Gerd, Markus]
- Switch elements of @FirmwareTarget.@machines from aliases ("pc",
"q35", "virt") to concrete machine types, with glob patterns
understood. [Dan, Gerd]
- Rename @secure-boot-enrolled-keys to @enrolled-keys, and drop the
dependency on @secure-boot in its documentation. [Gerd]
- Describe the firmware JSON directories and the search rules to
management apps, under the @Firmware element. Relatedly, remove the
language on any concrete certificates under @enrolled-keys, as these
can be customized through the overrides. Also refresh the commit
message. [Dan, Gerd]
- Rename @pathname fields to @filename. [Markus]
- Don't replace "@executable.@filename" with "@executable.filename"
(that is, keep the second @ sign), because removing the 2nd @ sign
messes up the documentation ("filename" stops being type-set in
monospace in the HTML, for example). [Markus]
- Rename @nvram_template to @nvram-template. [Thomas]
- Keep @x-check-firmware for a while longer. [Dan, Gerd, Markus, Paolo]
RFCv2:
- previous version (RFCv1) was posted at
<http://mid.mail-archive.com/20180407000117.25640-1-lersek@redhat.com>
- v2 is basically a rewrite from scratch, starting out with Dan's
definitions from
<http://mid.mail-archive.com/20180410102033.GL5155@redhat.com> and
<http://mid.mail-archive.com/20180410110357.GP5155@redhat.com>,
hopefully addressing others' feedback as well
RFCv1:
- Folks on the CC list, please try to see if the suggested schema is
flexible enough to describe the virtual firmware(s) that you are
familiar with. Thanks!
docs/interop/firmware.json | 554 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 554 insertions(+)
create mode 100644 docs/interop/firmware.json
diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json
new file mode 100644
index 000000000000..2add6fd8afe7
--- /dev/null
+++ b/docs/interop/firmware.json
@@ -0,0 +1,554 @@
+# -*- Mode: Python -*-
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# Authors:
+# Daniel P. Berrange <berrange(a)redhat.com>
+# Laszlo Ersek <lersek(a)redhat.com>
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later. See the COPYING file in the top-level directory.
+
+##
+# = Firmware
+##
+
+{ 'include' : 'common.json' }
+{ 'include' : 'block-core.json' }
+
+##
+# @FirmwareOSInterface:
+#
+# Lists the firmware-OS interface types provided by various firmware
+# that is commonly used with QEMU virtual machines.
+#
+# @bios: Traditional x86 BIOS interface. For example, firmware built
+# from the SeaBIOS project usually provides this interface.
+#
+# @openfirmware: The interface is defined by the (historical) IEEE
+# 1275-1994 standard. Examples for firmware projects that
+# provide this interface are: OpenBIOS, OpenHackWare,
+# SLOF.
+#
+# @uboot: Firmware interface defined by the U-Boot project.
+#
+# @uefi: Firmware interface defined by the UEFI specification. For
+# example, firmware built from the edk2 (EFI Development Kit II)
+# project usually provides this interface.
+#
+# Since: 2.13
+##
+{ 'enum' : 'FirmwareOSInterface',
+ 'data' : [ 'bios', 'openfirmware', 'uboot', 'uefi' ] }
+
+##
+# @FirmwareDevice:
+#
+# Defines the device types that firmware can be mapped into.
+#
+# @flash: The firmware executable and its accompanying NVRAM file are to
+# be mapped into a pflash chip each.
+#
+# @kernel: The firmware is to be loaded like a Linux kernel. This is
+# similar to @memory but may imply additional processing that
+# is specific to the target architecture and machine type.
+#
+# @memory: The firmware is to be mapped into memory.
+#
+# Since: 2.13
+##
+{ 'enum' : 'FirmwareDevice',
+ 'data' : [ 'flash', 'kernel', 'memory' ] }
+
+##
+# @FirmwareTarget:
+#
+# Defines the machine types that firmware may execute on.
+#
+# @architecture: Determines the emulation target (the QEMU system
+# emulator) that can execute the firmware.
+#
+# @machines: Lists the machine types (known by the emulator that is
+# specified through @architecture) that can execute the
+# firmware. Elements of @machines are supposed to be concrete
+# machine types, not aliases. Glob patterns are understood,
+# which is especially useful for versioned machine types.
+# (For example, the glob pattern "pc-i440fx-*" matches
+# "pc-i440fx-2.12".) On the QEMU command line, "-machine
+# type=..." specifies the requested machine type (but that
+# option does not accept glob patterns).
+#
+# Since: 2.13
+##
+{ 'struct' : 'FirmwareTarget',
+ 'data' : { 'architecture' : 'SysEmuTarget',
+ 'machines' : [ 'str' ] } }
+
+##
+# @FirmwareFeature:
+#
+# Defines the features that firmware may support, and the platform
+# requirements that firmware may present.
+#
+# @acpi-s3: The firmware supports S3 sleep (suspend to RAM), as defined
+# in the ACPI specification. On the "pc-i440fx-*" machine
+# types of the @i386 and @x86_64 emulation targets, S3 can be
+# enabled with "-global PIIX4_PM.disable_s3=0" and disabled
+# with "-global PIIX4_PM.disable_s3=1". On the "pc-q35-*"
+# machine types of the @i386 and @x86_64 emulation targets, S3
+# can be enabled with "-global ICH9-LPC.disable_s3=0" and
+# disabled with "-global ICH9-LPC.disable_s3=1".
+#
+# @acpi-s4: The firmware supports S4 hibernation (suspend to disk), as
+# defined in the ACPI specification. On the "pc-i440fx-*"
+# machine types of the @i386 and @x86_64 emulation targets, S4
+# can be enabled with "-global PIIX4_PM.disable_s4=0" and
+# disabled with "-global PIIX4_PM.disable_s4=1". On the
+# "pc-q35-*" machine types of the @i386 and @x86_64 emulation
+# targets, S4 can be enabled with "-global
+# ICH9-LPC.disable_s4=0" and disabled with "-global
+# ICH9-LPC.disable_s4=1".
+#
+# @amd-sev: The firmware supports running under AMD Secure Encrypted
+# Virtualization, as specified in the AMD64 Architecture
+# Programmer's Manual. QEMU command line options related to
+# this feature are documented in
+# "docs/amd-memory-encryption.txt".
+#
+# @enrolled-keys: The variable store (NVRAM) template associated with
+# the firmware binary has the UEFI Secure Boot
+# operational mode turned on, with certificates
+# enrolled.
+#
+# @requires-smm: The firmware requires the platform to emulate SMM
+# (System Management Mode), as defined in the AMD64
+# Architecture Programmer's Manual, and in the Intel(R)64
+# and IA-32 Architectures Software Developer's Manual. On
+# the "pc-q35-*" machine types of the @i386 and @x86_64
+# emulation targets, SMM emulation can be enabled with
+# "-machine smm=on". (On the "pc-q35-*" machine types of
+# the @i386 emulation target, @requires-smm presents
+# further CPU requirements; one combination known to work
+# is "-cpu coreduo,-nx".) If the firmware is marked as
+# both @secure-boot and @requires-smm, then write
+# accesses to the pflash chip (NVRAM) that holds the UEFI
+# variable store must be restricted to code that executes
+# in SMM, using the additional option "-global
+# driver=cfi.pflash01,property=secure,value=on".
+# Furthermore, a large guest-physical address space
+# (comprising guest RAM, memory hotplug range, and 64-bit
+# PCI MMIO aperture), and/or a high VCPU count, may
+# present high SMRAM requirements from the firmware. On
+# the "pc-q35-*" machine types of the @i386 and @x86_64
+# emulation targets, the SMRAM size may be increased
+# above the default 16MB with the "-global
+# mch.extended-tseg-mbytes=uint16" option. As a rule of
+# thumb, the default 16MB size suffices for 1TB of
+# guest-phys address space and a few tens of VCPUs; for
+# every further TB of guest-phys address space, add 8MB
+# of SMRAM. 48MB should suffice for 4TB of guest-phys
+# address space and 2-3 hundred VCPUs.
+#
+# @secure-boot: The firmware implements the software interfaces for UEFI
+# Secure Boot, as defined in the UEFI specification. Note
+# that without @requires-smm, guest code running with
+# kernel privileges can undermine the security of Secure
+# Boot.
+#
+# @verbose-dynamic: When firmware log capture is enabled, the firmware
+# logs a large amount of debug messages, which may
+# impact boot performance. With log capture disabled,
+# there is no boot performance impact. On the
+# "pc-i440fx-*" and "pc-q35-*" machine types of the
+# @i386 and @x86_64 emulation targets, firmware log
+# capture can be enabled with the QEMU command line
+# options "-chardev file,id=fwdebug,path=LOGFILEPATH
+# -device isa-debugcon,iobase=0x402,chardev=fwdebug".
+# @verbose-dynamic is mutually exclusive with
+# @verbose-static.
+#
+# @verbose-static: The firmware unconditionally produces a large amount
+# of debug messages, which may impact boot performance.
+# This feature may typically be carried by certain UEFI
+# firmware for the "virt-*" machine types of the @arm
+# and @aarch64 emulation targets, where the debug
+# messages are written to the first (always present)
+# PL011 UART. @verbose-static is mutually exclusive
+# with @verbose-dynamic.
+#
+# Since: 2.13
+##
+{ 'enum' : 'FirmwareFeature',
+ 'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'enrolled-keys',
+ 'requires-smm', 'secure-boot', 'verbose-dynamic',
+ 'verbose-static' ] }
+
+##
+# @FirmwareFlashFile:
+#
+# Defines common properties that are necessary for loading a firmware
+# file into a pflash chip. The corresponding QEMU command line option is
+# "-drive file=@filename,format=@format". Note however that the
+# option-argument shown here is incomplete; it is completed under
+# @FirmwareMappingFlash.
+#
+# @filename: Specifies the filename on the host filesystem where the
+# firmware file can be found.
+#
+# @format: Specifies the block format of the file pointed-to by
+# @filename, such as @raw or @qcow2.
+#
+# Since: 2.13
+##
+{ 'struct' : 'FirmwareFlashFile',
+ 'data' : { 'filename' : 'str',
+ 'format' : 'BlockdevDriver' } }
+
+##
+# @FirmwareMappingFlash:
+#
+# Describes loading and mapping properties for the firmware executable
+# and its accompanying NVRAM file, when @FirmwareDevice is @flash.
+#
+# @executable: Identifies the firmware executable. The firmware
+# executable may be shared by multiple virtual machine
+# definitions. The corresponding QEMU command line option
+# is "-drive
+# if=pflash,unit=0,readonly=on,file=@executable.@filename,format=@executable.(a)format".
+#
+# @nvram-template: Identifies the NVRAM template compatible with
+# @executable. Management software instantiates an
+# individual copy -- a specific NVRAM file -- from
+# @nvram-template.@filename for each new virtual
+# machine definition created. @nvram-template.@filename
+# itself is never mapped into virtual machines, only
+# individual copies of it are. An NVRAM file is
+# typically used for persistently storing the
+# non-volatile UEFI variables of a virtual machine
+# definition. The corresponding QEMU command line
+# option is "-drive
+# if=pflash,unit=1,readonly=off,file=FILENAME_OF_PRIVATE_NVRAM_FILE,format=@nvram-template.(a)format".
+#
+# Since: 2.13
+##
+{ 'struct' : 'FirmwareMappingFlash',
+ 'data' : { 'executable' : 'FirmwareFlashFile',
+ 'nvram-template' : 'FirmwareFlashFile' } }
+
+##
+# @FirmwareMappingKernel:
+#
+# Describes loading and mapping properties for the firmware executable,
+# when @FirmwareDevice is @kernel.
+#
+# @filename: Identifies the firmware executable. The firmware executable
+# may be shared by multiple virtual machine definitions. The
+# corresponding QEMU command line option is "-kernel
+# @filename".
+#
+# Since: 2.13
+##
+{ 'struct' : 'FirmwareMappingKernel',
+ 'data' : { 'filename' : 'str' } }
+
+##
+# @FirmwareMappingMemory:
+#
+# Describes loading and mapping properties for the firmware executable,
+# when @FirmwareDevice is @memory.
+#
+# @filename: Identifies the firmware executable. The firmware executable
+# may be shared by multiple virtual machine definitions. The
+# corresponding QEMU command line option is "-bios
+# @filename".
+#
+# Since: 2.13
+##
+{ 'struct' : 'FirmwareMappingMemory',
+ 'data' : { 'filename' : 'str' } }
+
+##
+# @FirmwareMapping:
+#
+# Provides a discriminated structure for firmware to describe its
+# loading / mapping properties.
+#
+# @device: Selects the device type that the firmware must be mapped
+# into.
+#
+# Since: 2.13
+##
+{ 'union' : 'FirmwareMapping',
+ 'base' : { 'device' : 'FirmwareDevice' },
+ 'discriminator' : 'device',
+ 'data' : { 'flash' : 'FirmwareMappingFlash',
+ 'kernel' : 'FirmwareMappingKernel',
+ 'memory' : 'FirmwareMappingMemory' } }
+
+##
+# @Firmware:
+#
+# Describes a firmware (or a firmware use case) to management software.
+#
+# It is possible for multiple @Firmware elements to match the search
+# criteria of management software. Applications thus need rules to pick
+# one of the many matches, and users need the ability to override distro
+# defaults.
+#
+# It is recommended to create firmware JSON files (each containing a
+# single @Firmware root element) with a double-digit prefix, for example
+# "50-ovmf.json", "50-seabios-256k.json", etc, so they can be sorted in
+# predictable order. The firmware JSON files should be searched for in
+# three directories:
+#
+# - /usr/share/qemu/firmware -- populated by distro-provided firmware
+# packages (XDG_DATA_DIRS covers
+# /usr/share by default),
+#
+# - /etc/qemu/firmware -- exclusively for sysadmins' local additions,
+#
+# - $XDG_CONFIG_HOME/qemu/firmware -- exclusively for per-user local
+# additions (XDG_CONFIG_HOME
+# defaults to $HOME/.config).
+#
+# Top-down, the list of directories goes from general to specific.
+#
+# Management software should build a list of files from all three
+# locations, then sort the list by filename (i.e., last pathname
+# component). Management software should choose the first JSON file on
+# the sorted list that matches the search criteria. If a more specific
+# directory has a file with same name as a less specific directory, then
+# the file in the more specific directory takes effect. If the more
+# specific file is zero length, it hides the less specific one.
+#
+# For example, if a distro ships
+#
+# - /usr/share/qemu/firmware/50-ovmf.json
+#
+# - /usr/share/qemu/firmware/50-seabios-256k.json
+#
+# then the sysadmin can prevent the default OVMF being used at all with
+#
+# $ touch /etc/qemu/firmware/50-ovmf.json
+#
+# The sysadmin can replace/alter the distro default OVMF with
+#
+# $ vim /etc/qemu/firmware/50-ovmf.json
+#
+# or they can provide a parallel OVMF with higher priority
+#
+# $ vim /etc/qemu/firmware/10-ovmf.json
+#
+# or they can provide a parallel OVMF with lower priority
+#
+# $ vim /etc/qemu/firmware/99-ovmf.json
+#
+# @description: Provides a human-readable description of the firmware.
+# Management software may or may not display @description.
+#
+# @interface-types: Lists the types of interfaces that the firmware can
+# expose to the guest OS. This is a non-empty, ordered
+# list; entries near the beginning of @interface-types
+# are considered more native to the firmware, and/or
+# to have a higher quality implementation in the
+# firmware, than entries near the end of
+# @interface-types.
+#
+# @mapping: Describes the loading / mapping properties of the firmware.
+#
+# @targets: Collects the target architectures (QEMU system emulators)
+# and their machine types that may execute the firmware.
+#
+# @features: Lists the features that the firmware supports, and the
+# platform requirements it presents.
+#
+# @tags: A list of auxiliary strings associated with the firmware for
+# which @description is not appropriate, due to the latter's
+# possible exposure to the end-user. @tags serves development and
+# debugging purposes only, and management software shall
+# explicitly ignore it.
+#
+# Since: 2.13
+#
+# Examples:
+#
+# {
+# "description": "SeaBIOS",
+# "interface-types": [
+# "bios"
+# ],
+# "mapping": {
+# "device": "memory",
+# "filename": "/usr/share/seabios/bios-256k.bin"
+# },
+# "targets": [
+# {
+# "architecture": "i386",
+# "machines": [
+# "pc-i440fx-*",
+# "pc-q35-*"
+# ]
+# },
+# {
+# "architecture": "x86_64",
+# "machines": [
+# "pc-i440fx-*",
+# "pc-q35-*"
+# ]
+# }
+# ],
+# "features": [
+# "acpi-s3",
+# "acpi-s4"
+# ],
+# "tags": [
+# "CONFIG_BOOTSPLASH=n",
+# "CONFIG_ROM_SIZE=256",
+# "CONFIG_USE_SMM=n"
+# ]
+# }
+#
+# {
+# "description": "OVMF with SB+SMM, empty varstore",
+# "interface-types": [
+# "uefi"
+# ],
+# "mapping": {
+# "device": "flash",
+# "executable": {
+# "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd",
+# "format": "raw"
+# },
+# "nvram-template": {
+# "filename": "/usr/share/OVMF/OVMF_VARS.fd",
+# "format": "raw"
+# }
+# },
+# "targets": [
+# {
+# "architecture": "x86_64",
+# "machines": [
+# "pc-q35-*"
+# ]
+# }
+# ],
+# "features": [
+# "acpi-s3",
+# "amd-sev",
+# "requires-smm",
+# "secure-boot",
+# "verbose-dynamic"
+# ],
+# "tags": [
+# "-a IA32",
+# "-a X64",
+# "-p OvmfPkg/OvmfPkgIa32X64.dsc",
+# "-t GCC48",
+# "-b DEBUG",
+# "-D SMM_REQUIRE",
+# "-D SECURE_BOOT_ENABLE",
+# "-D FD_SIZE_4MB"
+# ]
+# }
+#
+# {
+# "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
+# "interface-types": [
+# "uefi"
+# ],
+# "mapping": {
+# "device": "flash",
+# "executable": {
+# "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd",
+# "format": "raw"
+# },
+# "nvram-template": {
+# "filename": "/usr/share/OVMF/OVMF_VARS.secboot.fd",
+# "format": "raw"
+# }
+# },
+# "targets": [
+# {
+# "architecture": "x86_64",
+# "machines": [
+# "pc-q35-*"
+# ]
+# }
+# ],
+# "features": [
+# "acpi-s3",
+# "amd-sev",
+# "enrolled-keys",
+# "requires-smm",
+# "secure-boot",
+# "verbose-dynamic"
+# ],
+# "tags": [
+# "-a IA32",
+# "-a X64",
+# "-p OvmfPkg/OvmfPkgIa32X64.dsc",
+# "-t GCC48",
+# "-b DEBUG",
+# "-D SMM_REQUIRE",
+# "-D SECURE_BOOT_ENABLE",
+# "-D FD_SIZE_4MB"
+# ]
+# }
+#
+# {
+# "description": "UEFI firmware for ARM64 virtual machines",
+# "interface-types": [
+# "uefi"
+# ],
+# "mapping": {
+# "device": "flash",
+# "executable": {
+# "filename": "/usr/share/AAVMF/AAVMF_CODE.fd",
+# "format": "raw"
+# },
+# "nvram-template": {
+# "filename": "/usr/share/AAVMF/AAVMF_VARS.fd",
+# "format": "raw"
+# }
+# },
+# "targets": [
+# {
+# "architecture": "aarch64",
+# "machines": [
+# "virt-*"
+# ]
+# }
+# ],
+# "features": [
+#
+# ],
+# "tags": [
+# "-a AARCH64",
+# "-p ArmVirtPkg/ArmVirtQemu.dsc",
+# "-t GCC48",
+# "-b DEBUG",
+# "-D DEBUG_PRINT_ERROR_LEVEL=0x80000000"
+# ]
+# }
+##
+{ 'struct' : 'Firmware',
+ 'data' : { 'description' : 'str',
+ 'interface-types' : [ 'FirmwareOSInterface' ],
+ 'mapping' : 'FirmwareMapping',
+ 'targets' : [ 'FirmwareTarget' ],
+ 'features' : [ 'FirmwareFeature' ],
+ 'tags' : [ 'str' ] } }
+
+##
+# @x-check-firmware:
+#
+# Accept a @Firmware object and do nothing, successfully. This command
+# can be used in the QMP shell to validate @Firmware JSON against the
+# schema.
+#
+# @fw: ignored
+#
+# Since: 2.13
+##
+{ 'command' : 'x-check-firmware',
+ 'data' : { 'fw' : 'Firmware' } }
--
2.14.1.3.gb7cf6e02401b
6 years, 6 months
[libvirt] [PATCH python] Implement virDomainCreateWithParams API
by Marc Hartmayer
This patch adds the Python binding for virDomainCreateWithParams API.
The Python side can be generated automatically, the C side not.
Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
---
generator.py | 1 +
libvirt-override-api.xml | 19 ++++++++++++++++
libvirt-override.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 77 insertions(+)
diff --git a/generator.py b/generator.py
index 74150b72388f..9d12218a0aef 100755
--- a/generator.py
+++ b/generator.py
@@ -488,6 +488,7 @@ skip_impl = (
'virDomainGetPerfEvents',
'virDomainSetPerfEvents',
'virDomainGetGuestVcpus',
+ 'virDomainCreateWithParams',
)
lxc_skip_impl = (
diff --git a/libvirt-override-api.xml b/libvirt-override-api.xml
index b63a40378437..34af14df0a62 100644
--- a/libvirt-override-api.xml
+++ b/libvirt-override-api.xml
@@ -717,5 +717,24 @@
<arg name='flags' type='unsigned int' info='extra flags; not used yet, so callers should always pass 0'/>
<return type='int' info="dictionary of vcpu data returned by the guest agent"/>
</function>
+ <function name='virDomainCreateWithParams' file='python'>
+ <info>Launch a defined domain. If the call succeeds the domain moves
+from the defined to the running domains pools.
+
+@params provides a dictionary. This dictionary will be used to
+configure the domain to be temporary started from the device
+specified by the value of the key 'bootdevice'. With the values
+of the keys 'kernel', 'initrd', and 'cmdline' it's possible to
+temporarily override the corresponding values. The dictionary
+and all dictionary items are optional.
+
+For more control over @flags, see createWithFlags().
+
+Returns 0 in case of success, -1 in case of error</info>
+ <arg name='domain' type='virDomainPtr' info='a domain object'/>
+ <arg name='params' type='char *' info='dictionary with parameters'/>
+ <arg name='flags' type='unsigned int' info='an OR'ed set of virDomainCreateFlags'/>
+ <return type='int' info='0 on success, -1 on error'/>
+ </function>
</symbols>
</api>
diff --git a/libvirt-override.c b/libvirt-override.c
index b4c1529f621d..2a4e91d640df 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -9708,6 +9708,60 @@ libvirt_virStreamRecvFlags(PyObject *self ATTRIBUTE_UNUSED,
#endif /* LIBVIR_CHECK_VERSION(3, 4, 0) */
+#if LIBVIR_CHECK_VERSION(4, 4, 0)
+static virPyTypedParamsHint virPyDomainCreateWithParams[] = {
+ { VIR_DOMAIN_CREATE_PARM_KERNEL, VIR_TYPED_PARAM_STRING },
+ { VIR_DOMAIN_CREATE_PARM_CMDLINE, VIR_TYPED_PARAM_STRING },
+ { VIR_DOMAIN_CREATE_PARM_INITRD, VIR_TYPED_PARAM_STRING },
+ { VIR_DOMAIN_CREATE_PARM_DEVICE_IDENTIFIER, VIR_TYPED_PARAM_STRING },
+};
+
+
+static PyObject *
+libvirt_virDomainCreateWithParams(PyObject *self ATTRIBUTE_UNUSED,
+ PyObject *args)
+{
+ PyObject *pyobj_domain;
+ PyObject *pyobj_dict;
+ virDomainPtr domain;
+ int nparams;
+ virTypedParameterPtr params;
+ unsigned int flags;
+ int c_retval;
+
+ if (!PyArg_ParseTuple(args, (char *)"OOI:virDomainCreateWithParams",
+ &pyobj_domain, &pyobj_dict, &flags))
+ return NULL;
+ domain = (virDomainPtr) PyvirDomain_Get(pyobj_domain);
+
+ if (PyDict_Check(pyobj_dict)) {
+ if (virPyDictToTypedParams(pyobj_dict, ¶ms, &nparams,
+ virPyDomainCreateWithParams,
+ VIR_N_ELEMENTS(virPyDomainCreateWithParams)) < 0) {
+ return NULL;
+ }
+ } else if (pyobj_dict == Py_None) {
+ /* Since 'None' is a Singleton, testing for object identity is
+ * sufficient */
+ params = NULL;
+ nparams = 0;
+ } else {
+ PyErr_SetString(PyExc_ValueError,
+ "Only dictionaries or None arguments"
+ " are allowed for the parameter 'params'");
+ return NULL;
+ }
+
+ LIBVIRT_BEGIN_ALLOW_THREADS;
+ c_retval = virDomainCreateWithParams(domain, params, nparams, flags);
+ LIBVIRT_END_ALLOW_THREADS;
+
+ virTypedParamsFree(params, nparams);
+ return libvirt_intWrap(c_retval);
+}
+#endif /* LIBVIR_CHECK_VERSION(4, 4, 0) */
+
+
/************************************************************************
* *
* The registration stuff *
@@ -9941,6 +9995,9 @@ static PyMethodDef libvirtMethods[] = {
{(char *) "virStreamSendHole", libvirt_virStreamSendHole, METH_VARARGS, NULL},
{(char *) "virStreamRecvFlags", libvirt_virStreamRecvFlags, METH_VARARGS, NULL},
#endif /* LIBVIR_CHECK_VERSION(3, 4, 0) */
+#if LIBVIR_CHECK_VERSION(4, 4, 0)
+ {(char *) "virDomainCreateWithParams", libvirt_virDomainCreateWithParams, METH_VARARGS, NULL},
+#endif /* LIBVIR_CHECK_VERSION(4, 4, 0) */
{NULL, NULL, 0, NULL}
};
--
2.13.4
6 years, 6 months
[libvirt] [PATCH v2] rpc: fixing compilation error due to deprecated ssh_get_publickey().
by Julio Faracco
After 0.7.5 release, libssh deprecated ssh_get_publickey() method to
introduce ssh_get_server_publickey(). This commit check the current
version of libssh and use the proper method during the compilation.
See the error:
make[3]: Entering directory '/home/julio/Desktop/virt/libvirt/src'
CC rpc/libvirt_net_rpc_la-virnetlibsshsession.lo
rpc/virnetlibsshsession.c:217:9: error: 'ssh_get_publickey' is deprecated [-Werror,-Wdeprecated-declarations]
if (ssh_get_publickey(sess->session, &key) != SSH_OK) {
^
/usr/include/libssh/libssh.h:489:1: note: 'ssh_get_publickey' has been explicitly marked deprecated here
SSH_DEPRECATED LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
^
/usr/include/libssh/libssh.h:99:40: note: expanded from macro 'SSH_DEPRECATED'
^
1 error generated.
Makefile:8604: recipe for target 'rpc/libvirt_net_rpc_la-virnetlibsshsession.lo' failed
Signed-off-by: Julio Faracco <jcfaracco(a)gmail.com>
---
src/rpc/virnetlibsshsession.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c
index 309e8a9340..9dc7976828 100644
--- a/src/rpc/virnetlibsshsession.c
+++ b/src/rpc/virnetlibsshsession.c
@@ -214,7 +214,11 @@ virLibsshServerKeyAsString(virNetLibsshSessionPtr sess)
size_t keyhashlen;
char *str;
- if (ssh_get_publickey(sess->session, &key) != SSH_OK) {
+#if LIBSSH_VERSION_INT <= 0x0705 /* 0.7.5 */
+# define ssh_get_server_publickey ssh_get_publickey
+#endif
+
+ if (ssh_get_server_publickey(sess->session, &key) != SSH_OK) {
virReportError(VIR_ERR_LIBSSH, "%s",
_("failed to get the key of the current "
"session"));
--
2.17.0
6 years, 6 months
[libvirt] [PATCH 0/3] spec: drop deprecated el5 bits
by Cole Robinson
2 patches from a Fedora contributor, 1 from me, dropping spec bits
that aren't required on el6 and later builds
Cole Robinson (1):
spec: Remove Group: tags
Igor Gnatenko (2):
spec: Remove BuildRoot definition
spec: Remove %clean section
libvirt.spec.in | 45 ---------------------------------------------
1 file changed, 45 deletions(-)
--
2.17.0
6 years, 6 months
[libvirt] [RFC 0/3] LXC with block device and enabled userns
by Radostin Stoyanov
Problem background
------------------
The LXC driver has support for the filesystem types "file" and "block"
that allow a disk image to be mounted in the guest (container). [1]
However, when user-namespace is enabled (uid/gid mapping is used) the
mount of the root filesystem block device fails. [2]
According to "man 7 user_namespaces":
Mounting block-based filesystems can be done only by a process that holds
CAP_SYS_ADMIN in the initial user namespace.
Suggested approach
------------------
Mount the root file system block device before the clone() call, then set
filesystem type to VIR_DOMAIN_FS_TYPE_MOUNT and filesystem source to the folder
where it was mounted.
Issues encountered
--------------------
This patch series implements the basic idea of the mentioned approach.
In result, a container with configured idmap and NBD filesystem is able to start.
However, on guest shutdown this kernel error [3] occurs.
Similar messages [4] occur on shutdown when NBD filesystem is used with LXC
container without idmap.
Perhaps, one reason could be that on guest shutdown the LXC driver kills qemu-nbd
process without sending disconnect for the specified device.
References
----------
[1] https://libvirt.org/formatdomain.html#elementsFilesystems
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1328946
[3] https://pastebin.com/raw/jMBk5mtG
[4] https://pastebin.com/raw/wTKbuRP9
Radostin Stoyanov (3):
lxc: Make lxcContainerMountFSBlock non static
lxc: Move up virLXCControllerAppendNBDPids
lxc: Mount NBD devices before clone
src/lxc/lxc_container.c | 58 +------------------
src/lxc/lxc_container.h | 4 ++
src/lxc/lxc_controller.c | 145 +++++++++++++++++++++++++++--------------------
3 files changed, 87 insertions(+), 120 deletions(-)
--
2.14.3
6 years, 6 months
[libvirt] [dbus PATCH 00/19] StoragePool APIs till libvirt 3.0
by Katerina Koukiou
Katerina Koukiou (19):
Introduce StoragePool Interface
Implement ListStoragePools method for Connect Interface
Register StoragePool Lifecycle Events
Implement Destroy method for StoragePool Interface
Implement Build method for StoragePool Interface
Implement Create method for StoragePool Interface
Implement Delete method for StoragePool Interface
Implement getter for Autostart property for StoragePool Interface
Implement GetInfo method for StoragePool Interface
Implement Name property for StoragePool Interface
Implement UUID property for StoragePool Interface
Implement GetXMLDesc method for StoragePool Interface
Implement Active property for StoragePool Interface
Implement Persistent property for StoragePool Interface
Implement StoragePoolLookupByName method for Connect Interface
Implement StoragePoolLookupByUUID method for Connect Interface
Implement Refresh method for StoragePool Interface
Implement setter for Autostart property for StoragePool Interface
Implement Undefine method for StoragePool Interface
data/Makefile.am | 3 +-
data/org.libvirt.Connect.xml | 24 +++
data/org.libvirt.StoragePool.xml | 69 +++++++
src/Makefile.am | 3 +-
src/connect.c | 120 +++++++++++
src/connect.h | 2 +
src/events.c | 43 ++++
src/storagepool.c | 422 +++++++++++++++++++++++++++++++++++++++
src/storagepool.h | 9 +
src/util.c | 33 +++
src/util.h | 15 ++
tests/libvirttest.py | 29 +++
tests/test_connect.py | 28 +++
tests/test_storage.py | 112 +++++++++++
14 files changed, 910 insertions(+), 2 deletions(-)
create mode 100644 data/org.libvirt.StoragePool.xml
create mode 100644 src/storagepool.c
create mode 100644 src/storagepool.h
create mode 100755 tests/test_storage.py
--
2.15.0
6 years, 6 months
[libvirt] [jenkins-ci PATCH] Build libosinfo and osinfo-db-tools on mingw platform
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 ++
guests/vars/mappings.yml | 6 ++++++
guests/vars/projects/libosinfo+mingw.yml | 8 ++++++++
guests/vars/projects/osinfo-db-tools+mingw.yml | 10 ++++++++++
projects/libosinfo.yaml | 12 ++++++++++++
projects/osinfo-db-tools.yaml | 12 ++++++++++++
6 files changed, 50 insertions(+)
create mode 100644 guests/vars/projects/libosinfo+mingw.yml
create mode 100644 guests/vars/projects/osinfo-db-tools+mingw.yml
diff --git a/guests/host_vars/libvirt-fedora-rawhide/main.yml b/guests/host_vars/libvirt-fedora-rawhide/main.yml
index 43555d0..82d46e8 100644
--- a/guests/host_vars/libvirt-fedora-rawhide/main.yml
+++ b/guests/host_vars/libvirt-fedora-rawhide/main.yml
@@ -4,6 +4,7 @@ PYTHONPATH: $VIRT_PREFIX/lib64/python3.6/site-packages
projects:
- libosinfo
+ - libosinfo+mingw
- libvirt
- libvirt+mingw
- libvirt-cim
@@ -18,6 +19,7 @@ projects:
- libvirt-tck
- osinfo-db
- osinfo-db-tools
+ - osinfo-db-tools+mingw
- virt-manager
- virt-viewer
- virt-viewer+mingw
diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml
index f1777fe..3e33bf1 100644
--- a/guests/vars/mappings.yml
+++ b/guests/vars/mappings.yml
@@ -368,6 +368,9 @@ mappings:
mingw32-gtk-vnc2:
FedoraRawhide: mingw32-gtk-vnc2
+ mingw32-libarchive:
+ FedoraRawhide: mingw32-libarchive
+
mingw32-libgovirt:
FedoraRawhide: mingw32-libgovirt
@@ -437,6 +440,9 @@ mappings:
mingw64-gtk-vnc2:
FedoraRawhide: mingw64-gtk-vnc2
+ mingw64-libarchive:
+ FedoraRawhide: mingw64-libarchive
+
mingw64-libgovirt:
FedoraRawhide: mingw64-libgovirt
diff --git a/guests/vars/projects/libosinfo+mingw.yml b/guests/vars/projects/libosinfo+mingw.yml
new file mode 100644
index 0000000..e3fc3cb
--- /dev/null
+++ b/guests/vars/projects/libosinfo+mingw.yml
@@ -0,0 +1,8 @@
+---
+packages:
+ - mingw32-glib2
+ - mingw32-libxml2
+ - mingw32-libxslt
+ - mingw64-glib2
+ - mingw64-libxml2
+ - mingw64-libxslt
diff --git a/guests/vars/projects/osinfo-db-tools+mingw.yml b/guests/vars/projects/osinfo-db-tools+mingw.yml
new file mode 100644
index 0000000..578e185
--- /dev/null
+++ b/guests/vars/projects/osinfo-db-tools+mingw.yml
@@ -0,0 +1,10 @@
+---
+packages:
+ - mingw32-glib2
+ - mingw32-libxml2
+ - mingw32-libxslt
+ - mingw32-libarchive
+ - mingw64-glib2
+ - mingw64-libxml2
+ - mingw64-libxslt
+ - mingw64-libarchive
diff --git a/projects/libosinfo.yaml b/projects/libosinfo.yaml
index 0d25447..8e3d105 100644
--- a/projects/libosinfo.yaml
+++ b/projects/libosinfo.yaml
@@ -13,3 +13,15 @@
- autotools-rpm-job:
parent_jobs: 'libosinfo-master-check'
machines: '{rpm_machines}'
+ - autotools-build-job:
+ parent_jobs: 'osinfo-db-tools-master-build-mingw32'
+ variant: -mingw32
+ local_env: '{mingw32_local_env}'
+ autogen_args: '{mingw32_autogen_args}'
+ machines: '{mingw_machines}'
+ - autotools-build-job:
+ parent_jobs: 'osinfo-db-tools-master-build-mingw64'
+ variant: -mingw64
+ local_env: '{mingw64_local_env}'
+ autogen_args: '{mingw64_autogen_args}'
+ machines: '{mingw_machines}'
diff --git a/projects/osinfo-db-tools.yaml b/projects/osinfo-db-tools.yaml
index 6b451ef..cab85af 100644
--- a/projects/osinfo-db-tools.yaml
+++ b/projects/osinfo-db-tools.yaml
@@ -13,3 +13,15 @@
- autotools-rpm-job:
parent_jobs: 'osinfo-db-tools-master-check'
machines: '{rpm_machines}'
+ - autotools-build-job:
+ parent_jobs:
+ variant: -mingw32
+ local_env: '{mingw32_local_env}'
+ autogen_args: '{mingw32_autogen_args}'
+ machines: '{mingw_machines}'
+ - autotools-build-job:
+ parent_jobs:
+ variant: -mingw64
+ local_env: '{mingw64_local_env}'
+ autogen_args: '{mingw64_autogen_args}'
+ machines: '{mingw_machines}'
--
2.17.0
6 years, 6 months
[libvirt] [PATCH] qemu: domain: Replace qemuDomainFilePathIsHostCDROM with virFileIsCDROM
by Peter Krempa
Use the new helper when checking that the VM needs to be tainted as a
host-cdrom passthrough.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_domain.c | 31 +------------------------------
1 file changed, 1 insertion(+), 30 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b13e6d8ca4..ec865e68c8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6483,35 +6483,6 @@ qemuDomainDefFormatLive(virQEMUDriverPtr driver,
}
-/* qemuDomainFilePathIsHostCDROM
- * @path: Supplied path.
- *
- * Determine if the path is a host CD-ROM path. Typically this is
- * either /dev/cdrom[n] or /dev/srN, so those are easy checks, but
- * it's also possible that @path resolves to /dev/srN, so check for
- * those conditions on @path in order to emit the tainted message.
- *
- * Returns true if the path is a CDROM, false otherwise or on error.
- */
-static bool
-qemuDomainFilePathIsHostCDROM(const char *path)
-{
- bool ret = false;
- char *linkpath = NULL;
-
- if (virFileResolveLink(path, &linkpath) < 0)
- goto cleanup;
-
- if (STRPREFIX(path, "/dev/cdrom") || STRPREFIX(path, "/dev/sr") ||
- STRPREFIX(linkpath, "/dev/sr"))
- ret = true;
-
- cleanup:
- VIR_FREE(linkpath);
- return ret;
-}
-
-
void qemuDomainObjTaint(virQEMUDriverPtr driver,
virDomainObjPtr obj,
virDomainTaintFlags taint,
@@ -6630,7 +6601,7 @@ void qemuDomainObjCheckDiskTaint(virQEMUDriverPtr driver,
if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM &&
virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
- disk->src->path && qemuDomainFilePathIsHostCDROM(disk->src->path))
+ disk->src->path && virFileIsCDROM(disk->src->path))
qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_CDROM_PASSTHROUGH,
logCtxt);
--
2.16.2
6 years, 6 months
