A few days late after some travel, but everything is now pushed, freeze is
over ! The release is tagged in git, signed tarball and rpms are available
from the usual place:
ftp://libvirt.org/libvirt/
I also pushed the Python bindings release at:
ftp://libvirt.org/libvirt/python/
This is a rather large release, with a fair amount of new features,
improvement and bug fixes:
New features:
- bhyve: Add support for additional command-line arguments
The bhyve driver now supports passing additional command-line arguments
to the bhyve process using the new <bhyve:commandline> element in
domain configuration.
- network: Support setting a firewalld "zone" for virtual network bridges
All libvirt virtual networks with bridges managed by libvirt (i.e.
those with forward mode of "nat", "route", "open", or no
forward mode)
will now be placed in a special firewalld zone called "libvirt" by
default. The zone of any network bridge can be changed using the zone
attribute of the network's bridge element.
- bhyve: Support for ignoring unknown MSRs reads and writes
A new <features> element <msrs unknown='ignore'/> was introduced and
the bhyve driver supports it to control unknown Model Specific
Registers (MSRs) reads and writes.
- qemu: Add support for encrypted VNC TLS keys
Use the password stored in the secret driver under the uuid specified
by the vnc_tls_x509_secret_uuid option in qemu.conf.
- Add storage pool namespace options
Allow for adjustment of RBD configuration options via Storage Pool XML
Namespace adjustments.
- qemu: Add support for setting post-copy migration bandwidth
Users can now limit the bandwidth of post-copy migration, e.g. via
virsh migrate --postcopy-bandwidth.
Improvements:
- Create private chains for virtual network firewall rules
Historically firewall rules for virtual networks were added straight
into the base chains. This works but has a number of bugs and design
limitations. To address them, libvirt now puts firewall rules into its
own chains.
- Detect CEPH and GPFS as shared FS
When starting a migration libvirt performs some sanity checks to make
sure domain will be able to run on the destination. One of the
requirements is that the disk has to either be migrated too or be
accessible from a network filesystem. CEPH and GPFS weren't detected as
a network filesystem.
- Advertise network MTU via DHCP when specified
If network MTU is set and the network has DHCP enabled, advertise the
MTU in DHCP transaction too so that clients can adjust their link
accordingly.
- qemu: Allocate memory at the configured NUMA nodes from start
Libvirt used to just start QEMU, let it allocate memory for the guest,
and then use CGroups to move the memory to configured NUMA nodes. This
is suboptimal as huge chunks of memory have to be moved. Moreover, this
relies on ability to move memory later which is not always true. A
change was made to set process affinity correctly from the start so
that memory is allocated on the configured nodes from the beginning.
- Support for newer Wireshark
Adapt libvirt to use the more recent release requiring a source build
configuration of libvirt --with-wireshark to upgrade to the more recent
version.
- Batch mode virsh and virt-admin parsing improvements
When parsing a single-argument command_string in batch mode, virsh and
virt-admin now permit newlines in addition to semicolons for splitting
commands, and backslash-newline for splitting long lines, to be more
like shell parsing.
Bug fixes:
- qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing
By default, libvirt runs the QEMU process as qemu:qemu which could
cause issues during probing as some features like AMD SEV might be
inaccessible to QEMU because of file system permissions. Therefore,
CAP_DAC_OVERRIDE is granted to overcome these for the purposes of
probing.
- storage: Add default mount options for fs/netfs storage pools
Altered the command line generation for fs/netfs storage pools to add
some default options. For Linux based systems, the options added are
"nodev, nosuid, noexec". For FreeBSD based systems, the options added
are "nosuid, noexec".
- qemu: Allow use of PCI for RISC-V guests
This works with QEMU 4.0.0+ only and is opt-in at the moment, since it
requires users to manually assign PCI addresses, but is otherwise fully
functional.
- network: Fix virtual networks on systems using firewalld+nftables
Because of the transitional state of firewalld's new support for
nftables, not all iptables features required by libvirt are yet
available, so libvirt must continue to use iptables for its own packet
filtering rules even when the firewalld backend is set to use nftables.
However, due to the way iptables support is implemented in kernels
using nftables (iptables rules are converted to nftables rules and
processed in a separate hook from the native nftables rules), guest
networking was broken on hosts with firewalld configured to use
nftables as the backend. This has been fixed by putting libvirt-managed
bridges in their own firewalld zone, so that guest traffic can be
forwarded beyond the host and host services can be exposed to guests on
the virtual network without opening up those same services to the rest
of the physical network. This means that host access from virtual
machines is no longer controlled by the firewalld default zone (usually
"public"), but rather by the new firewalld zone called "libvirt"
(unless configured otherwise using the new zone attribute of the
network bridge element).
- qemu: Fix i6300esb watchdog hotplug on Q35
Ensure that libvirt allocates a PCI address for the device so that QEMU
did not default to an address that would not allow for device hotplug.
- lxc: Don't reboot host on virDomainReboot
If the container is really a simple one (init is just bash and the
whole root is passed through) then virDomainReboot and
virDomainShutdown would reboot or shutdown the host. The solution is to
use different method to reboot or shutdown the container in that case
(e.g. signal).
- rpc: Various stream fixes
One particular race was fixed, one locking problem and error reporting
from streams was made better.
- qemu: Fix guestfwd hotplug/hotunplug
Fixed the generation of the guestfwd hotplug/unplug command sent to
QEMU to match the syntax used when creating the initial command line.
- qemu: Forbid CDROMs on virtio bus
Attempting to create an empty virtio-blk drive or attempting to eject
it results into an error. Forbid configurations where users would
attempt to use CDROMs in virtio bus.
- qemu: Use 'raw' for 'volume' disks without format
Storage pools might want to specify format of the image when
translating the volume thus libvirt can't add any default format when
parsing the XML. Add an explicit format when starting the VM and format
is not present neither by user specifying it nor by the storage pool
translation function.
- qemu: Assume 'raw' default storage format also for network storage
Post parse callback adds the 'raw' type only for local files. Remote
files can also have backing store (even local) so we should do this
also for network backed storage.
- qemu: Fix block job progress reporting and advocate for READY event
In some cases QEMU can get to 100% and still not reach the synchronised
phase. Initiating a pivot in that case will fail. Therefore it is
strongly advised to wait for VIR_DOMAIN_BLOCK_JOB_READY event which
does not suffer from this problem.
- qemu: Don't format image properties for empty drive
If a -drive has no image, then formatting attributes such as cache,
readonly, etc. would cause errors to be reported from QEMU. This was
fixed by not supplying the attributes for devices without an image.
- External snapshot metadata redefinition is fixed
Attempting to use VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE to reinstate the
metadata describing an external snapshot created earlier for an offline
domain no longer fails.
Thanks everybody for your contributions to this new release,
enjoy !
Daniel
--
Daniel Veillard | Red Hat Developers Tools
http://developer.redhat.com/
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | virtualization library
http://libvirt.org/