[libvirt] [PATCHv2] Error out when using SPICE TLS with spice_tls=0
by Christophe Fergeau
It's possible to disable SPICE TLS in qemu.conf. When this happens,
libvirt ignores any SPICE TLS port or x509 directory that may have
been set when it builds the qemu command line to use. However, it's
not ignoring the secure channels that may have been set and adds
tls-channel arguments to qemu command line.
Current qemu versions don't report an error when this happens, and try to use
TLS for the specified channels.
Before this patch
<domain type='kvm'>
<name>auto-tls-port</name>
<memory>65536</memory>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
</os>
<devices>
<graphics type='spice' port='5900' tlsPort='-1' autoport='yes' listen='0' ke
<listen type='address' address='0'/>
<channel name='main' mode='secure'/>
<channel name='inputs' mode='secure'/>
</graphics>
</devices>
</domain>
generates
-spice port=5900,addr=0,disable-ticketing,tls-channel=main,tls-channel=inputs
and starts QEMU.
After this patch, an error is reported if a TLS port is set in the XML
or if secure channels are specified but TLS is disabled in qemu.conf.
This is the behaviour the oVirt people (where I spotted this issue) said
they would expect.
This fixes bug #790436
---
src/qemu/qemu_command.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5a34504..4f3e61e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5231,7 +5231,12 @@ qemuBuildCommandLine(virConnectPtr conn,
virBufferAsprintf(&opt, "port=%u", def->graphics[0]->data.spice.port);
- if (driver->spiceTLS && def->graphics[0]->data.spice.tlsPort != -1)
+ if (def->graphics[0]->data.spice.tlsPort != -1)
+ if (!driver->spiceTLS) {
+ qemuReportError(VIR_ERR_XML_ERROR,
+ _("spice TLS port set in XML configuration, but TLS is disabled in qemu.conf"));
+ goto error;
+ }
virBufferAsprintf(&opt, ",tls-port=%u", def->graphics[0]->data.spice.tlsPort);
switch (virDomainGraphicsListenGetType(def->graphics[0], 0)) {
@@ -5287,6 +5292,11 @@ qemuBuildCommandLine(virConnectPtr conn,
int mode = def->graphics[0]->data.spice.channels[i];
switch (mode) {
case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
+ if (!driver->spiceTLS) {
+ qemuReportError(VIR_ERR_XML_ERROR,
+ _("spice secure channels set in XML configuration, but TLS is disabled in qemu.conf"));
+ goto error;
+ }
virBufferAsprintf(&opt, ",tls-channel=%s",
virDomainGraphicsSpiceChannelNameTypeToString(i));
break;
--
1.7.7.6
12 years, 9 months
[libvirt] [PATCH 0/4] libvirt-guests: improve behavior of the guests script
by Peter Krempa
This patchset tweaks the libvirt guest script to enable parallel shutdown of
guests and fix some bugs that appeared through time.
Peter Krempa (4):
libvirt-guests: Add documentation and clean up to use virsh's
improved list
libvirt-guests: Don't try to do a managed-save of transient guests
libvirt-guests: Check if URI is reachable before launching commands
libvirt-guests: Add parallel startup and shutdown of guests
tools/libvirt-guests.init.sh | 261 ++++++++++++++++++++++++++++++++++++------
tools/libvirt-guests.sysconf | 10 ++-
2 files changed, 235 insertions(+), 36 deletions(-)
--
1.7.3.4
12 years, 9 months
[libvirt] [PATCH] storage: fix typo
by Michal Privoznik
* src/storage/storage_driver.c (storageVolumeWipeInternal):
s/ pfitzner33/pfitzner33/.
---
src/storage/storage_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 540e5d7..9130a40 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1937,7 +1937,7 @@ storageVolumeWipeInternal(virStorageVolDefPtr def,
alg_char = "pfitzner7";
break;
case VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33:
- alg_char = " pfitzner33";
+ alg_char = "pfitzner33";
break;
case VIR_STORAGE_VOL_WIPE_ALG_RANDOM:
alg_char = "random";
--
1.7.3.4
12 years, 9 months
[libvirt] [PATCH] qemu: Don't emit tls-port spice option if port is -1
by Jiri Denemark
Bug introduced by commit eda0fc7a.
---
src/qemu/qemu_command.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 01adf0d..5e0ca95 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5345,13 +5345,16 @@ qemuBuildCommandLine(virConnectPtr conn,
virBufferAsprintf(&opt, "port=%u", def->graphics[0]->data.spice.port);
- if (def->graphics[0]->data.spice.tlsPort != -1)
+ if (def->graphics[0]->data.spice.tlsPort != -1) {
if (!driver->spiceTLS) {
qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("spice TLS port set in XML configuration, but TLS is disabled in qemu.conf"));
+ _("spice TLS port set in XML configuration,"
+ " but TLS is disabled in qemu.conf"));
goto error;
}
- virBufferAsprintf(&opt, ",tls-port=%u", def->graphics[0]->data.spice.tlsPort);
+ virBufferAsprintf(&opt, ",tls-port=%u",
+ def->graphics[0]->data.spice.tlsPort);
+ }
switch (virDomainGraphicsListenGetType(def->graphics[0], 0)) {
case VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS:
--
1.7.8.5
12 years, 9 months
[libvirt] Fwd: Re: [libvirt-users] [need your help] Sys::Virt
by Alex Jia
Hi all,
Anybody has the same experience? Evaggelos need your help.
Thanks & Regards,
Alex
> # uname -a
> Linux mylaptop 3.2.7-1-ARCH #1 SMP PREEMPT Tue Feb 21 16:59:04 UTC
> 2012 i686 Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz GenuineIntel
> GNU/Linux
>
> # perl -v
> This is perl 5, version 14, subversion 2 (v5.14.2) built for
> i686-linux-thread-multi
>
> # libvirt 0.9.10-1
> # libxml-enno-1.02
> # XML-XPathEngine-0.13
> # XML-DOM-XPath-0.14
> # CPAN-Changes-0.18
>
> # perl-test-pod-coverage 1.08-2
> # perl-time-hires 1.9725-1
> # perl-xml-xpath 1.13-6
> # perl-test-pod 1.45-1
>
> # gcc --version
> gcc (GCC) 4.6.2 20120120 (prerelease)
>
> Plz advice
>
> Evaggelos Balaskas - Unix System Engineer
> http://gr.linkedin.com/in/evaggelosbalaskas
-------- Original Message --------
Subject: Re: [libvirt-users] Sys::Virt
Date: Sun, 26 Feb 2012 21:59:16 -0500 (EST)
From: Alex Jia <ajia(a)redhat.com>
To: ebalaskas(a)ebalaskas.gr
CC: libvirt-users(a)redhat.com
Hi Evaggelos,
I used latest libvirt-perl git tree, then compile it on RHEL,
however, I haven't met the issue, everything is okay for me,
so I want to know your platform and compilation environment.
Is it okay to compile latest libvirt-perl for you?
% git clone git://libvirt.org/libvirt-perl.git
% perl Makefile.PL
% make
----- Original Message -----
From: "Evaggelos Balaskas"<ebalaskas(a)ebalaskas.gr>
To: libvirt-users(a)redhat.com
Sent: Sunday, February 26, 2012 12:59:30 AM
Subject: [libvirt-users] Sys::Virt
Can anyone help me:
$ perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for Sys::Virt
Writing MYMETA.yml and MYMETA.json
$ make
/usr/bin/perl "-Iblib/arch" "-Iblib/lib" perl-Sys-Virt.spec.PL
perl-Sys-Virt.spec
make: *** [perl-Sys-Virt.spec] Segmentation fault
make: *** Deleting file `perl-Sys-Virt.spec'
Evaggelos Balaskas - Unix System Engineer
http://gr.linkedin.com/in/evaggelosbalaskas
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
12 years, 9 months
[libvirt] [PATCH] docs: comments wiping supported algorithms
by Alex Jia
The current scrub version doesn't support pfitzner7, pfitzner33 and schneier patterns
on RHEL, we should comment it in virsh man page.
* tools/virsh.pod: update wiping algorithms docs.
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
tools/virsh.pod | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
index c306a38..eba9389 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2081,6 +2081,8 @@ B<Supported algorithms>
pfitzner33 - Roy Pfitzner's 33-random-pass method: random x33.
random - 1-pass pattern: random.
+B<Note>: Not all algorithms of wiping are expected to work, it depends on concrete B<srub> version.
+
=item B<vol-dumpxml> [I<--pool> I<pool-or-uuid>] I<vol-name-or-key-or-path>
Output the volume information as an XML dump to stdout.
--
1.7.1
12 years, 9 months
[libvirt] [PATCH] util: fix a typo
by Alex Jia
* src/util/event_poll.c: (virEventPollRunOnce): s/imeout/timeout/.
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
src/util/event_poll.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/event_poll.c b/src/util/event_poll.c
index 30dec74..038e75f 100644
--- a/src/util/event_poll.c
+++ b/src/util/event_poll.c
@@ -615,7 +615,7 @@ int virEventPollRunOnce(void) {
retry:
PROBE(EVENT_POLL_RUN,
- "nhandles=%d imeout=%d",
+ "nhandles=%d timeout=%d",
nfds, timeout);
ret = poll(fds, nfds, timeout);
if (ret < 0) {
--
1.7.1
12 years, 9 months
[libvirt] [PATCH] storage: fix a typo
by Alex Jia
* src/storage/storage_driver.c (storageVolumeWipeInternal): s/shneier/schneier.
http://code.google.com/p/diskscrub/
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
src/storage/storage_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index df0e291..540e5d7 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1931,7 +1931,7 @@ storageVolumeWipeInternal(virStorageVolDefPtr def,
alg_char = "gutmann";
break;
case VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER:
- alg_char = "shneier";
+ alg_char = "schneier";
break;
case VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7:
alg_char = "pfitzner7";
--
1.7.1
12 years, 9 months
Re: [libvirt] Need your help with virsh desc
by Zhimou Peng
Hi Eric,
I discussed this in my team.
And i don't think refuse newlines is a good idea. Description can contains several lines is better.
I agree with you of the second one, keep the format of user's input is better(virt-manager shows description too).
And i need more information from upstream libvirt list, pls help.
Thanks.
zhpeng
BR
----- Original Message -----
From: "Eric Blake" <eblake(a)redhat.com>
To: "Zhimou Peng" <zhpeng(a)redhat.com>
Cc: "Alex Jia" <ajia(a)redhat.com>, "Rita Wu" <rwu(a)redhat.com>
Sent: Wednesday, February 29, 2012 12:28:48 AM
Subject: Re: Need your help with virsh desc
On 02/27/2012 10:49 PM, Zhimou Peng wrote:
> Hi Eric,
>
> I try to add some description to my guest, and i find xml format isn't like good.
>
> For example:
> When i add/edit description with:
>
> # virsh desc kvm1 asdfsadfssafsadfa
> Domain description updated successfully
> # virsh dumpxml kvm1
> <domain type='kvm'>
> <name>kvm1</name>
> <uuid>d5cd1756-eb3b-fd9b-1f91-0cc801dfc622</uuid>
> <description>asdfsadfssafsadfa</description> ------> looks good
>
> # virsh desc --edit --config kvm1
> This is a test desc of kvm1
>
> # virsh dumpxml kvm1
> <domain type='kvm'>
> <name>kvm1</name>
> <uuid>d5cd1756-eb3b-fd9b-1f91-0cc801dfc622</uuid>
> <description>This is a test desc of kvm1 --------> I think the end of line *$* should be delete
> </description>
>
This is a case where your editor added a trailing newline, and libvirt
passed that newline on through to the xml.
We are already deleting the newline for <title> (which refuses
newlines), but <description> allows newlines. I think we should open a
BZ to have virsh strip the trailing newline always, and not just for
<title>.
> Expect result:
> <domain type='kvm'>
> <name>kvm1</name>
> <uuid>d5cd1756-eb3b-fd9b-1f91-0cc801dfc622</uuid>
> <description>This is a test desc of kvm1</description>
>
> ----------------------------------------------------------
> Description can contain several lines:
>
> # virsh desc --edit --config kvm2
> This is a test desc of kvm2
> We have 3 lines
> test test test
>
> # virsh dumpxml kvm2
> <domain type='kvm'>
> <name>kvm1</name>
> <uuid>d5cd1756-eb3b-fd9b-1f91-0cc801dfc622</uuid>
> <description>This is a test desc of kvm2
> We have 3 lines
> test test test
> </description> ---------------------> I think libvirt should uniform XML format in guest configuration.
>
> Expect result:
> <domain type='kvm'>
> <name>kvm1</name>
> <uuid>d5cd1756-eb3b-fd9b-1f91-0cc801dfc622</uuid>
> <description>
> This is a test desc of kvm2
> We have 3 lines
> test test test
> </description>
Sorry. We _cannot_ alter the whitespace of the text in the element.
While whitespace in between <> tags is flexible (and thus we format
things to make it look nested), whitespace within the text surrounded by
a <description></description> block is significant, because it was
provided by the user, and must be given back to the user in the same
format. Perhaps we could encode things using �a; instead of a literal
newline, as in:
<description>Line 1�a;Line 2</description>
but I don't know if libxml2 can be made to do that reliably. This
question would be better asked on the upstream libvirt list.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
12 years, 9 months