7:52 a.m.
This commit defines a set of YAML rules that result in the same set of
logical checks as the existing hardcoded virt-host-validate
implementation does.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
tools/host-validate/rules/builtin.yaml | 20 +
tools/host-validate/rules/cpu.yaml | 50 ++
tools/host-validate/rules/freebsd-kernel.yaml | 77 +++
tools/host-validate/rules/linux-acpi.yaml | 39 ++
tools/host-validate/rules/linux-cgroups.yaml | 470 ++++++++++++++++++
tools/host-validate/rules/linux-cpu.yaml | 134 +++++
tools/host-validate/rules/linux-devices.yaml | 71 +++
tools/host-validate/rules/linux-iommu.yaml | 113 +++++
.../host-validate/rules/linux-namespaces.yaml | 119 +++++
tools/host-validate/rules/linux-pci.yaml | 10 +
10 files changed, 1103 insertions(+)
create mode 100644 tools/host-validate/rules/builtin.yaml
create mode 100644 tools/host-validate/rules/cpu.yaml
create mode 100644 tools/host-validate/rules/freebsd-kernel.yaml
create mode 100644 tools/host-validate/rules/linux-acpi.yaml
create mode 100644 tools/host-validate/rules/linux-cgroups.yaml
create mode 100644 tools/host-validate/rules/linux-cpu.yaml
create mode 100644 tools/host-validate/rules/linux-devices.yaml
create mode 100644 tools/host-validate/rules/linux-iommu.yaml
create mode 100644 tools/host-validate/rules/linux-namespaces.yaml
create mode 100644 tools/host-validate/rules/linux-pci.yaml
diff --git a/tools/host-validate/rules/builtin.yaml
b/tools/host-validate/rules/builtin.yaml
new file mode 100644
index 0000000000..f69b069e09
--- /dev/null
+++ b/tools/host-validate/rules/builtin.yaml
@@ -0,0 +1,20 @@
+#
+# Define boilerplate to activate various built-in facts
+#
+
+facts:
+- name: libvirt.driver
+ value:
+ builtin: {}
+- name: cpu.arch
+ value:
+ builtin: {}
+- name: os.kernel
+ value:
+ builtin: {}
+- name: os.release
+ value:
+ builtin: {}
+- name: os.version
+ value:
+ builtin: {}
diff --git a/tools/host-validate/rules/cpu.yaml b/tools/host-validate/rules/cpu.yaml
new file mode 100644
index 0000000000..5af61b1ea1
--- /dev/null
+++ b/tools/host-validate/rules/cpu.yaml
@@ -0,0 +1,50 @@
+#
+# Define facts related to host CPU properties
+#
+
+facts:
+- name: cpu.family.x86
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: cpu.arch
+ value: x86_64
+ - fact:
+ name: cpu.arch
+ value: i386
+ - fact:
+ name: cpu.arch
+ value: i486
+ - fact:
+ name: cpu.arch
+ value: i586
+ - fact:
+ name: cpu.arch
+ value: i686
+- name: cpu.family.arm
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: cpu.arch
+ value: aarch64
+ - fact:
+ name: cpu.arch
+ value: armv6
+ - fact:
+ name: cpu.arch
+ value: armv7
+- name: cpu.family.s390
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: cpu.arch
+ value: s390
+ - fact:
+ name: cpu.arch
+ value: s390x
diff --git a/tools/host-validate/rules/freebsd-kernel.yaml
b/tools/host-validate/rules/freebsd-kernel.yaml
new file mode 100644
index 0000000000..345e78dbc2
--- /dev/null
+++ b/tools/host-validate/rules/freebsd-kernel.yaml
@@ -0,0 +1,77 @@
+#
+# Define facts related to BHyve on FreeBSD
+#
+
+facts:
+- name: os.kmod
+ filter:
+ fact:
+ name: os.kernel
+ value: FreeBSD
+ value:
+ command:
+ name: kldstat
+ parse:
+ set:
+ separator: \n
+ skiphead: 1
+ skiptail: 1
+ regex: \s+\d+\s+\d+\s+0x[0-9a-f]+\s+[0-9a-f]+\s+(\w+)
+ match: 1
+- name: kmod.vmm
+ filter:
+ fact:
+ name: libvirt.driver.bhyve
+ value: "true"
+ report:
+ message: BHyve VMs can be run
+ hint:
+ message: load the 'vmm' kernel module
+ value:
+ bool:
+ fact:
+ name: os.kmod.vmm
+ value: "true"
+- name: kmod.if_tap
+ filter:
+ fact:
+ name: libvirt.driver.bhyve
+ value: "true"
+ report:
+ message: BHyve VMs can use networking
+ hint:
+ message: load the 'if_tap' kernel module
+ value:
+ bool:
+ fact:
+ name: os.kmod.if_tap
+ value: "true"
+- name: kmod.if_bridge
+ filter:
+ fact:
+ name: libvirt.driver.bhyve
+ value: "true"
+ report:
+ message: BHyve VMs can use bridged network
+ hint:
+ message: load the 'if_bridge' kernel module
+ value:
+ bool:
+ fact:
+ name: os.kmod.if_bridge
+ value: "true"
+- name: kmod.nmdm
+ filter:
+ fact:
+ name: libvirt.driver.bhyve
+ value: "true"
+ report:
+ message: BHyve VMs can use nmdm console
+ level: warn
+ hint:
+ message: load the 'nmdm' kernel module
+ value:
+ bool:
+ fact:
+ name: os.kmod.nmdm
+ value: "true"
diff --git a/tools/host-validate/rules/linux-acpi.yaml
b/tools/host-validate/rules/linux-acpi.yaml
new file mode 100644
index 0000000000..cad324dd96
--- /dev/null
+++ b/tools/host-validate/rules/linux-acpi.yaml
@@ -0,0 +1,39 @@
+#
+# Define facts for interesting ACPI tables on the host
+#
+
+facts:
+- name: cpu.acpi.dmar
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: cpu.family.x86
+ value: "true"
+ - fact:
+ name: cpu.vendor.intel
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/firmware/acpi/tables/DMAR
+- name: cpu.acpi.ivrs
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: cpu.family.x86
+ value: "true"
+ - fact:
+ name: cpu.vendor.amd
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/firmware/acpi/tables/IVRS
diff --git a/tools/host-validate/rules/linux-cgroups.yaml
b/tools/host-validate/rules/linux-cgroups.yaml
new file mode 100644
index 0000000000..e886bccd17
--- /dev/null
+++ b/tools/host-validate/rules/linux-cgroups.yaml
@@ -0,0 +1,470 @@
+#
+# Define facts for Linux control cgroups v1/v2
+#
+
+facts:
+- name: os.cgroup.controller
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ file:
+ path: /proc/cgroups
+ parse:
+ set:
+ separator: \n
+ skiphead: 1
+ skiptail: 1
+ regex: ^(\w+)
+ match: 1
+- name: os.cgroup.v2only
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/cgroup.subtree_control
+- name: os.cgroup.v2hybrid
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ file:
+ path: /sys/fs/cgroup/unified/cgroup.controllers
+ ignoreMissing: true
+ parse:
+ whitespace: trim
+ set:
+ skiphead: 0
+ skiptail: 0
+ separator: ' '
+- name: os.cgroup.mount.v2
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ file:
+ path: /sys/fs/cgroup/cgroup.controllers
+ ignoreMissing: true
+ parse:
+ whitespace: trim
+ set:
+ skiphead: 0
+ skiptail: 0
+ separator: ' '
+- name: os.cgroup.mount.v1.blkio
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/blkio/cgroup.procs
+- name: os.cgroup.mount.v1.cpu
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/cpu/cgroup.procs
+- name: os.cgroup.mount.v1.cpuacct
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/cpuacct/cgroup.procs
+- name: os.cgroup.mount.v1.cpuset
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/cpuset/cgroup.procs
+- name: os.cgroup.mount.v1.devices
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/devices/cgroup.procs
+- name: os.cgroup.mount.v1.freezer
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/freezer/cgroup.procs
+- name: os.cgroup.mount.v1.hugetlb
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/hugetlb/cgroup.procs
+- name: os.cgroup.mount.v1.memory
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/memory/cgroup.procs
+- name: os.cgroup.mount.v1.net_cls
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/net_cls/cgroup.procs
+- name: os.cgroup.mount.v1.net_prio
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/net_prio/cgroup.procs
+- name: os.cgroup.mount.v1.perf_event
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/perf_event/cgroup.procs
+- name: os.cgroup.mount.v1.pids
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/pids/cgroup.procs
+- name: os.cgroup.mount.unified
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ access:
+ check: exists
+ path: /sys/fs/cgroup/unified/cgroup.procs
+- name: os.cgroup.memory.present
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup memory controller present
+ hint:
+ message: enable memory cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.memory
+ value: "true"
+- name: os.cgroup.memory.mounted
+ filter:
+ fact:
+ name: os.cgroup.memory.present
+ value: "true"
+ report:
+ message: cgroup memory controller mounted
+ hint:
+ message: mount the memory cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.memory
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.memory
+ value: "true"
+- name: os.cgroup.cpu.present
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup cpu controller present
+ hint:
+ message: enable cpu cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.cpu
+ value: "true"
+- name: os.cgroup.cpu.mounted
+ filter:
+ fact:
+ name: os.cgroup.cpu.present
+ value: "true"
+ report:
+ message: cgroup cpu controller mounted
+ hint:
+ message: mount the cpu cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.cpu
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.cpu
+ value: "true"
+- name: os.cgroup.cpuacct.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup cpuacct controller present
+ hint:
+ message: enable cpuacct cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.cpuacct
+ value: "true"
+- name: os.cgroup.cpuacct.mounted
+ filter:
+ fact:
+ name: os.cgroup.cpuacct.present
+ value: "true"
+ report:
+ message: cgroup cpuacct controller mounted
+ hint:
+ message: mount the cpuacct cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.cpuacct
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.cpuacct
+ value: "true"
+- name: os.cgroup.cpuset.present
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup cpuset controller present
+ hint:
+ message: enable cpuset cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.cpuset
+ value: "true"
+- name: os.cgroup.cpuset.mounted
+ filter:
+ fact:
+ name: os.cgroup.cpuset.present
+ value: "true"
+ report:
+ message: cgroup cpuset controller mounted
+ hint:
+ message: mount the cpuset cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.cpuset
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.cpuset
+ value: "true"
+- name: os.cgroup.devices.present
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup devices controller present
+ hint:
+ message: enable devices cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.devices
+ value: "true"
+- name: os.cgroup.devices.mounted
+ filter:
+ fact:
+ name: os.cgroup.devices.present
+ value: "true"
+ report:
+ message: cgroup devices controller mounted
+ hint:
+ message: mount the devices cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.devices
+ value: "true"
+ - fact:
+ name: os.cgroup.v2hybrid
+ value: "true"
+ - fact:
+ name: os.cgroup.v2only
+ value: "true"
+- name: os.cgroup.blkio.present
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup blkio controller present
+ hint:
+ message: enable blkio cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.blkio
+ value: "true"
+- name: os.cgroup.blkio.mounted
+ filter:
+ fact:
+ name: os.cgroup.blkio.present
+ value: "true"
+ report:
+ message: cgroup blkio controller mounted
+ hint:
+ message: mount the blkio cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.blkio
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.io
+ value: "true"
+- name: os.cgroup.freezer.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: cgroup freezer controller present
+ hint:
+ message: enable freezer cgroup controller in Kconfig
+ value:
+ bool:
+ fact:
+ name: os.cgroup.controller.freezer
+ value: "true"
+- name: os.cgroup.freezer.mounted
+ filter:
+ fact:
+ name: os.cgroup.freezer.present
+ value: "true"
+ report:
+ message: cgroup freezer controller mounted
+ hint:
+ message: mount the freezer cgroup controller under /sys/fs/cgroup
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: os.cgroup.mount.v1.freezer
+ value: "true"
+ - fact:
+ name: os.cgroup.mount.v2.freezer
+ value: "true"
diff --git a/tools/host-validate/rules/linux-cpu.yaml
b/tools/host-validate/rules/linux-cpu.yaml
new file mode 100644
index 0000000000..81aee516bf
--- /dev/null
+++ b/tools/host-validate/rules/linux-cpu.yaml
@@ -0,0 +1,134 @@
+#
+# Define facts related to host CPU properties
+#
+
+facts:
+- name: cpu.info
+ filter:
+ fact:
+ name: os.kernel
+ value: Linux
+ value:
+ file:
+ path: /proc/cpuinfo
+ parse:
+ list:
+ limit: 1
+ separator: \n\n
+ parse:
+ whitespace: trim
+ dict:
+ separator: \n
+ delimiter: ':'
+ parse:
+ whitespace: trim
+ scalar: {}
+- name: cpu.vendor.intel
+ filter:
+ fact:
+ name: cpu.family.x86
+ value: "true"
+ value:
+ bool:
+ fact:
+ name: cpu.info.0.vendor_id
+ value: GenuineIntel
+- name: cpu.vendor.amd
+ filter:
+ fact:
+ name: cpu.family.x86
+ value: "true"
+ value:
+ bool:
+ fact:
+ name: cpu.info.0.vendor_id
+ value: AuthenticAMD
+- name: cpu.features.x86
+ filter:
+ fact:
+ name: cpu.family.x86
+ value: "true"
+ value:
+ string:
+ fact: cpu.info.0.flags
+ parse:
+ whitespace: trim
+ set:
+ skiphead: 0
+ skiptail: 0
+ separator: ' '
+- name: cpu.features.arm
+ filter:
+ fact:
+ name: cpu.family.arm
+ value: "true"
+ value:
+ string:
+ fact: cpu.info.0.Features
+ parse:
+ whitespace: trim
+ set:
+ skiphead: 0
+ skiptail: 0
+ separator: ' '
+- name: cpu.features.s390
+ filter:
+ fact:
+ name: cpu.family.s390
+ value: "true"
+ value:
+ string:
+ fact: cpu.info.0.features
+ parse:
+ whitespace: trim
+ set:
+ skiphead: 0
+ skiptail: 0
+ separator: ' '
+- name: cpu.virt.possible
+ filter:
+ fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ report:
+ message: hardware virt possible
+ value:
+ bool:
+ any:
+ expressions:
+ - fact:
+ name: cpu.family.x86
+ value: "true"
+- name: cpu.virt.present
+ filter:
+ fact:
+ name: cpu.virt.possible
+ value: "true"
+ report:
+ message: hardware virt present
+ level: warn
+ hint:
+ message: only emulated CPUs are available, performance will be significantly limited
+ value:
+ bool:
+ any:
+ expressions:
+ - all:
+ expressions:
+ - fact:
+ name: cpu.vendor.amd
+ value: "true"
+ - fact:
+ name: cpu.features.x86.svm
+ value: "true"
+ - all:
+ expressions:
+ - fact:
+ name: cpu.vendor.intel
+ value: "true"
+ - fact:
+ name: cpu.features.x86.vmx
+ value: "true"
+ - fact:
+ name: cpu.features.s390.sie
+ value: "true"
diff --git a/tools/host-validate/rules/linux-devices.yaml
b/tools/host-validate/rules/linux-devices.yaml
new file mode 100644
index 0000000000..791f35a0b6
--- /dev/null
+++ b/tools/host-validate/rules/linux-devices.yaml
@@ -0,0 +1,71 @@
+#
+# Define facts related to device nodes on the host
+#
+
+facts:
+- name: os.kvm.loaded
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: cpu.virt.present
+ value: "true"
+ report:
+ message: /dev/kvm loaded
+ value:
+ access:
+ check: exists
+ path: /dev/kvm
+- name: os.kvm.accessible
+ filter:
+ fact:
+ name: os.kvm.loaded
+ value: "true"
+ report:
+ message: /dev/kvm accessible
+ hint:
+ message: Check /dev/kvm is world writable or you are in a group that is allowed
+ to access it
+ value:
+ access:
+ check: writable
+ path: /dev/kvm
+- name: os.vhostnet.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kvm.loaded
+ value: "true"
+ report:
+ message: /dev/vhost-net present
+ hint:
+ message: Load the 'vhost_net' module to improve performance of virtio
networking
+ value:
+ access:
+ check: exists
+ path: /dev/vhost-net
+- name: os.tun.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kvm.loaded
+ value: "true"
+ report:
+ message: /dev/net/tun present
+ hint:
+ message: Load the 'tun' module to enable networking for QEMU guests
+ value:
+ access:
+ check: exists
+ path: /dev/net/tun
diff --git a/tools/host-validate/rules/linux-iommu.yaml
b/tools/host-validate/rules/linux-iommu.yaml
new file mode 100644
index 0000000000..4f056e92ba
--- /dev/null
+++ b/tools/host-validate/rules/linux-iommu.yaml
@@ -0,0 +1,113 @@
+#
+# Define facts related to IOMMU availability
+#
+
+facts:
+- name: cpu.iommu.x86.intel.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: cpu.family.x86
+ value: "true"
+ - fact:
+ name: cpu.vendor.intel
+ value: "true"
+ report:
+ message: Intel device assignment IOMMU present
+ level: note
+ hint:
+ message: IOMMU either disabled in BIOS or not supported by this hardware
+ value:
+ bool:
+ fact:
+ name: cpu.acpi.dmar
+ value: "true"
+- name: cpu.iommu.x86.amd.present
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: cpu.family.x86
+ value: "true"
+ - fact:
+ name: cpu.vendor.amd
+ value: "true"
+ report:
+ message: AMD device assignment IOMMU present
+ level: note
+ hint:
+ message: IOMMU either disabled in BIOS or not supported by this hardware
+ value:
+ bool:
+ fact:
+ name: cpu.acpi.ivrs
+ value: "true"
+- name: cpu.iommu.s390x.present
+ filter:
+ fact:
+ name: cpu.family.s390
+ value: "true"
+ report:
+ message: s390x device assignment IOMMU present
+ level: note
+ hint:
+ message: IOMMU either disabled in BIOS or not supported by this hardware
+ value:
+ bool:
+ fact:
+ match: exists
+ name: os.pci.devices.0
+- name: os.iommu.groups
+ value:
+ dirent:
+ ignoreMissing: true
+ path: /sys/kernel/iommu_groups
+- name: os.iommu.x86.intel.enabled
+ filter:
+ fact:
+ name: cpu.iommu.x86.intel.present
+ value: "true"
+ report:
+ message: Intel device assignment IOMMU enabled
+ level: warn
+ hint:
+ message: IOMMU disabled by the kernel. Pass 'intel_iommu=on' on the kernel
command line
+ value:
+ bool:
+ fact:
+ name: os.iommu.groups.0
+ match: exists
+- name: os.iommu.x86.amd.enabled
+ filter:
+ fact:
+ name: cpu.iommu.x86.amd.present
+ value: "true"
+ report:
+ message: AMD device assignment IOMMU enabled
+ level: warn
+ hint:
+ message: IOMMU disabled by the kernel. Pass 'iommu=pt iommu=1' on the kernel
command line
+ value:
+ bool:
+ fact:
+ name: os.iommu.groups.0
+ match: exists
+- name: os.iommu.s390x.enabled
+ filter:
+ fact:
+ name: cpu.iommu.s390x.present
+ value: "true"
+ report:
+ message: s390x device assignment IOMMU enabled
+ level: warn
+ hint:
+ message: IOMMU disabled by the kernel
+ value:
+ bool:
+ fact:
+ name: os.iommu.groups.0
+ match: exists
diff --git a/tools/host-validate/rules/linux-namespaces.yaml
b/tools/host-validate/rules/linux-namespaces.yaml
new file mode 100644
index 0000000000..239d0c58e4
--- /dev/null
+++ b/tools/host-validate/rules/linux-namespaces.yaml
@@ -0,0 +1,119 @@
+#
+# Define facts related to Linux kernel namespaces
+#
+
+facts:
+- name: os.namespace.ipc
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: ipc process namespace
+ hint:
+ message: Enable ipc namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/ipc
+ check: exists
+- name: os.namespace.mnt
+ filter:
+ all:
+ expressions:
+ - any:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: libvirt.driver.qemu
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: mnt process namespace
+ hint:
+ message: Enable mnt namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/mnt
+ check: exists
+- name: os.namespace.pid
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: pid process namespace
+ hint:
+ message: Enable pid namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/pid
+ check: exists
+- name: os.namespace.uts
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: uts process namespace
+ hint:
+ message: Enable uts namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/uts
+ check: exists
+- name: os.namespace.net
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ message: net process namespace
+ hint:
+ message: Enable net namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/net
+ check: exists
+- name: os.namespace.user
+ filter:
+ all:
+ expressions:
+ - fact:
+ name: libvirt.driver.lxc
+ value: "true"
+ - fact:
+ name: os.kernel
+ value: Linux
+ report:
+ level: warn
+ message: user process namespace
+ hint:
+ message: Enable user namespace in Kconfig
+ value:
+ access:
+ path: /proc/self/ns/user
+ check: exists
diff --git a/tools/host-validate/rules/linux-pci.yaml
b/tools/host-validate/rules/linux-pci.yaml
new file mode 100644
index 0000000000..facb67f4e9
--- /dev/null
+++ b/tools/host-validate/rules/linux-pci.yaml
@@ -0,0 +1,10 @@
+#
+# Define facts related to physical PCI devices on the host system
+#
+
+facts:
+- name: os.pci.devices
+ value:
+ dirent:
+ path: /sys/bus/pci/devices
+ ignoreMissing: true
--
2.21.0