[libvirt] [PATCH v10 0/4] Add native TLS encrypted chardev TCP support
by John Ferlan
v9: http://www.redhat.com/archives/libvir-list/2016-October/msg00726.html
"Theorically speaking" patch #2 is "separate" from patches 1, 3, & 4. That
is patch 3 and 4 are adding the secret uuid processing handling which is
different than the enable/disable property logic for patch 2. I've left
them all together though since just to be consistent with previous series.
Differences in v10
... Pushed the previous series 2/5 and 3/5 since they were ACK'd
... Create a new patch 1 to have helper qemuDomainSupportTLSChardevTCP
It's mostly unnecessary without patch 2 though, but it made adding
or "separating" patch 2 from patches 3 & 4 a whole lot easier...
... Modified former patch 1 (now patch 2) to accommodate for a paradigm
where tls='yes' and chardev_tls=0 might be possible. The new helper
is used to whether to add the TLS information or not.
... Modified former patch 4 (now patch 3) to accommodate for the
changes Pavel has made to the code and to generate the secalias
using the "charAlias"
... Modified former patch 4 (now patch 4) to use the "charAlias" as well
and merge in Pavel's changes
NOTE: Even though 'yes' is a now possibility, it is an option that's assuming
chardev_tls=0 so I don't feel the issues raised during review of v8
regarding needing to consider a currently running 2.3.0 domain that
still needs to work when 2.4.0 is applied. I believe it will be with
the way the optional property is being used, thus with respect to
the points in:
http://www.redhat.com/archives/libvir-list/2016-October/msg00732.html
The proposed qemuProcessPrepareDomain change is invalid since haveTLS
is a tristate and chardevTLS is a bistate. This is what I meant about being
a bit dangerous (e.g. BOOL_NO=2, BOOL_YES=1, and BOOL_ABSENT=0); however,
"chardevTLS=1" is enabled (yes) and "chardevTLS=0" is disabled (absent).
While it looks good when typing, when you get down to the details sometimes
you find those 'gotchas'. Even if the shorthand logic were fixed, it's
not going to be good to assume that setting the domain property or
disabling the domain property is the desired action.
The qemuProcessAttach is for qemu-attach and not the path that libvirt
uses to reconnect to running domains (which is qemuProcessReconnect).
There's so much broken from the qemu-attach right now - I doubt it
really works at all.
With respect to the reconnect processing (since that's really what you
were thinking about)... There is no "options" provided/found in that code.
New code could possibly "read" the '/proc/$pid/cmdline' file and look for
'tls-creds', but the only purpose of that would be to manage 'assumptions'
with how the "tls='{yes|no}'" property is used.
Altering virDomainChrSourceDefParseXML and virDomainChrSourceDefFormat
to manage some new boolean 'tlsFromConfig' that I'm not sure could be
set properly is something I think is outside these patches.
John Ferlan (4):
qemu: Introduce qemuDomainSupportTLSChardevTCP
domain: Add optional 'tls' attribute for TCP chardev
qemu: Add a secret object to/for a chardev tcp with secret
qemu: Add secret object hotplug for TCP chardev TLS
docs/formatdomain.html.in | 28 +++++
docs/schemas/domaincommon.rng | 5 +
src/conf/domain_conf.c | 22 +++-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 33 ++++-
src/qemu/qemu_command.h | 1 +
src/qemu/qemu_domain.c | 133 ++++++++++++++++++++-
src/qemu/qemu_domain.h | 18 ++-
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_hotplug.c | 58 ++++++++-
src/qemu/qemu_hotplug.h | 3 +-
src/qemu/qemu_process.c | 4 +-
tests/qemuhotplugtest.c | 2 +-
...uxml2argv-serial-tcp-tlsx509-chardev-notls.args | 30 +++++
...muxml2argv-serial-tcp-tlsx509-chardev-notls.xml | 50 ++++++++
...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 ++++++
...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 ++++++++
tests/qemuxml2argvtest.c | 20 ++++
...xml2xmlout-serial-tcp-tlsx509-chardev-notls.xml | 1 +
tests/qemuxml2xmltest.c | 1 +
20 files changed, 483 insertions(+), 17 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
create mode 120000 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev-notls.xml
--
2.7.4
8 years, 2 months
[libvirt] [PATCH] vz: set localhost as vnc address
by Mikhail Feoktistov
We should set localhost as vnc address in case of empty string.
Because Virtuozzo sets 0.0.0.0 as default vnc address.
---
src/vz/vz_sdk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vz/vz_sdk.c b/src/vz/vz_sdk.c
index f2a5c96..7235172 100644
--- a/src/vz/vz_sdk.c
+++ b/src/vz/vz_sdk.c
@@ -2967,7 +2967,7 @@ static int prlsdkApplyGraphicsParams(PRL_HANDLE sdkdom,
glisten = virDomainGraphicsGetListen(gr, 0);
pret = PrlVmCfg_SetVNCHostName(sdkdom, glisten && glisten->address ?
- glisten->address : "");
+ glisten->address : "127.0.0.1");
prlsdkCheckRetGoto(pret, cleanup);
ret = 0;
--
1.8.3.1
8 years, 2 months
[libvirt] [PATCH v4 0/3] Forbid new-line char in name of networks
by Sławek Kapłoński
v3: http://www.redhat.com/archives/libvir-list/2016-October/msg00627.html
Differences in v4:
* function to check string moved from src/util/virstring to src/util/virxml
Sławek Kapłoński (3):
util: Add function to check if string contains some illegal chars
Use new util function to check network name
Forbid new-line char in name of new networks
src/conf/network_conf.c | 5 +----
src/libvirt_private.syms | 1 +
src/network/bridge_driver.c | 3 +++
src/util/virxml.c | 28 ++++++++++++++++++++++++++++
src/util/virxml.h | 3 +++
5 files changed, 36 insertions(+), 4 deletions(-)
--
2.10.0
8 years, 2 months
[libvirt] [PATCH 0/2] qemu: util: vz: support setting disk serial number
by Maxim Nestratov
The first patch is a preparation moving qemuSafeSerialParamValue to util,
the second implements disk serial number setting in vz driver.
Maxim Nestratov (2):
util: qemu: make qemuSafeSerialParamValue function usable by other
drivers
vz: support setting disk serial number
src/libvirt_private.syms | 1 +
src/qemu/qemu_command.c | 19 +------------------
src/util/virutil.c | 16 ++++++++++++++++
src/util/virutil.h | 2 ++
src/vz/vz_sdk.c | 19 +++++++++++++++++++
src/vz/vz_utils.c | 5 -----
6 files changed, 39 insertions(+), 23 deletions(-)
--
2.4.11
8 years, 2 months
[libvirt] [PATCH jenkins-ci] Remove builders for Fedora 21/22 and add 24
by Daniel P. Berrange
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
Pushed as a CI build fix due to RPM spec dropping 21/22
projects/libosinfo.yaml | 3 +--
projects/libvirt-cim.yaml | 3 +--
projects/libvirt-glib.yaml | 3 +--
projects/libvirt-perl.yaml | 3 +--
projects/libvirt-python.yaml | 3 +--
projects/libvirt-sandbox.yaml | 3 +--
projects/libvirt-tck.yaml | 3 +--
projects/libvirt.yaml | 9 +++------
projects/osinfo-db-tools.yaml | 3 +--
projects/osinfo-db.yaml | 3 +--
projects/virt-manager.yaml | 3 +--
projects/virt-viewer.yaml | 3 +--
12 files changed, 14 insertions(+), 28 deletions(-)
diff --git a/projects/libosinfo.yaml b/projects/libosinfo.yaml
index e48b6fb..49639f3 100644
--- a/projects/libosinfo.yaml
+++ b/projects/libosinfo.yaml
@@ -3,9 +3,8 @@
name: libosinfo
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: libosinfo
make_env: |
diff --git a/projects/libvirt-cim.yaml b/projects/libvirt-cim.yaml
index 58cfb1a..d1705af 100644
--- a/projects/libvirt-cim.yaml
+++ b/projects/libvirt-cim.yaml
@@ -4,9 +4,8 @@
machines:
- libvirt-centos-6
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: libvirt CIM
jobs:
diff --git a/projects/libvirt-glib.yaml b/projects/libvirt-glib.yaml
index 11c0ec9..38bcded 100644
--- a/projects/libvirt-glib.yaml
+++ b/projects/libvirt-glib.yaml
@@ -3,9 +3,8 @@
name: libvirt-glib
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt GLib
jobs:
diff --git a/projects/libvirt-perl.yaml b/projects/libvirt-perl.yaml
index d117d0f..2bad51d 100644
--- a/projects/libvirt-perl.yaml
+++ b/projects/libvirt-perl.yaml
@@ -3,9 +3,8 @@
name: libvirt-perl
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt Perl
jobs:
diff --git a/projects/libvirt-python.yaml b/projects/libvirt-python.yaml
index b4c9496..baca308 100644
--- a/projects/libvirt-python.yaml
+++ b/projects/libvirt-python.yaml
@@ -4,9 +4,8 @@
machines:
- libvirt-centos-6
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt Python
jobs:
diff --git a/projects/libvirt-sandbox.yaml b/projects/libvirt-sandbox.yaml
index 0dda524..eee249c 100644
--- a/projects/libvirt-sandbox.yaml
+++ b/projects/libvirt-sandbox.yaml
@@ -2,9 +2,8 @@
- project:
name: libvirt-sandbox
machines:
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt Sandbox
jobs:
diff --git a/projects/libvirt-tck.yaml b/projects/libvirt-tck.yaml
index 3a2e555..571f3ce 100644
--- a/projects/libvirt-tck.yaml
+++ b/projects/libvirt-tck.yaml
@@ -2,9 +2,8 @@
- project:
name: libvirt-tck
machines:
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt TCK
jobs:
diff --git a/projects/libvirt.yaml b/projects/libvirt.yaml
index 22a46ac..20de27c 100644
--- a/projects/libvirt.yaml
+++ b/projects/libvirt.yaml
@@ -4,9 +4,8 @@
machines:
- libvirt-centos-6
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Libvirt
archive_format: xz
@@ -17,9 +16,8 @@
- libvirt-centos-6
- libvirt-centos-7
- libvirt-debian
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
- libvirt-freebsd
- autotools-syntax-check-job:
@@ -28,9 +26,8 @@
- libvirt-centos-6
- libvirt-centos-7
- libvirt-debian
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
check_env: |
export VIR_TEST_EXPENSIVE=1
diff --git a/projects/osinfo-db-tools.yaml b/projects/osinfo-db-tools.yaml
index 9414ed8..bcb63da 100644
--- a/projects/osinfo-db-tools.yaml
+++ b/projects/osinfo-db-tools.yaml
@@ -3,9 +3,8 @@
name: osinfo-db-tools
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: osinfo database tools
jobs:
diff --git a/projects/osinfo-db.yaml b/projects/osinfo-db.yaml
index 941326b..f48aa3f 100644
--- a/projects/osinfo-db.yaml
+++ b/projects/osinfo-db.yaml
@@ -3,9 +3,8 @@
name: osinfo-db
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: osinfo database
jobs:
diff --git a/projects/virt-manager.yaml b/projects/virt-manager.yaml
index a66a016..737e37d 100644
--- a/projects/virt-manager.yaml
+++ b/projects/virt-manager.yaml
@@ -3,9 +3,8 @@
name: virt-manager
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Virtual Machine Manager
jobs:
diff --git a/projects/virt-viewer.yaml b/projects/virt-viewer.yaml
index e4ede56..d7b7108 100644
--- a/projects/virt-viewer.yaml
+++ b/projects/virt-viewer.yaml
@@ -3,9 +3,8 @@
name: virt-viewer
machines:
- libvirt-centos-7
- - libvirt-fedora-21
- - libvirt-fedora-22
- libvirt-fedora-23
+ - libvirt-fedora-24
- libvirt-fedora-rawhide
title: Virt Viewer
jobs:
--
2.7.4
8 years, 2 months
[libvirt] [PATCH] xl: don't output (null) target in domxml-to-native
by Cédric Bosdonnat
When converting a domain xml containing a CDROM device without
any attached source, don't add a target=(null) to the libxl config
disk definition: xen doesn't like it at all and would fail to start
the domain.
---
src/xenconfig/xen_xl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index a06983e..db8cbf1 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -1068,7 +1068,7 @@ xenFormatXLDisk(virConfValuePtr list, virDomainDiskDefPtr disk)
/* devtype */
if (disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM)
- virBufferAddLit(&buf, "devtype=cdrom,");
+ virBufferAddLit(&buf, "devtype=cdrom");
/*
* target
@@ -1081,7 +1081,9 @@ xenFormatXLDisk(virConfValuePtr list, virDomainDiskDefPtr disk)
if (xenFormatXLDiskSrc(disk->src, &target) < 0)
goto cleanup;
- virBufferAsprintf(&buf, "target=%s", target);
+ if (target) {
+ virBufferAsprintf(&buf, ",target=%s", target);
+ }
if (virBufferCheckError(&buf) < 0)
goto cleanup;
--
2.10.1
8 years, 2 months
[libvirt] [PATCH] support auth for qemu SCSI hotplug
by Gema Gomez
Hi all,
commit fceeeda2 added support for adding key objects on hotplug based on a disk's secinfo for normal drives, but missed out SCSI drives. This patch adds the same support for SCSI drives, so that it's possible to hotplug SCSI drives requiring authentication (e.g. rbd-backed drives).
Cheers,
Gema
Gema Gomez (1):
qemu: hotplug: support auth for scsi hotplug
src/qemu/qemu_hotplug.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--
2.10.0
8 years, 2 months
[libvirt] [PATCH] cpu_conf: add comments about sockets in cpu_conf
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)gmail.com>
'sockets' in output of `virsh capabilities' means
the sockets per NUMA node,
which is a special case.
discuss in:
https://www.redhat.com/archives/libvir-list/2012-March/msg01123.html
Signed-off-by: Chen Hanxiao <chenhanxiao(a)gmail.com>
---
src/conf/cpu_conf.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/conf/cpu_conf.h b/src/conf/cpu_conf.h
index e084392..95d6b3e 100644
--- a/src/conf/cpu_conf.h
+++ b/src/conf/cpu_conf.h
@@ -95,15 +95,15 @@ struct _virCPUFeatureDef {
typedef struct _virCPUDef virCPUDef;
typedef virCPUDef *virCPUDefPtr;
struct _virCPUDef {
- int type; /* enum virCPUType */
- int mode; /* enum virCPUMode */
- int match; /* enum virCPUMatch */
+ int type; /* enum virCPUType */
+ int mode; /* enum virCPUMode */
+ int match; /* enum virCPUMatch */
virArch arch;
char *model;
- char *vendor_id; /* vendor id returned by CPUID in the guest */
- int fallback; /* enum virCPUFallback */
+ char *vendor_id; /* vendor id returned by CPUID in the guest */
+ int fallback; /* enum virCPUFallback */
char *vendor;
- unsigned int sockets;
+ unsigned int sockets; /* sockets per NUMA node */
unsigned int cores;
unsigned int threads;
size_t nfeatures;
--
1.8.3.1
8 years, 2 months
[libvirt] [PATCH 0/3] Make UEFI firmware config simpler
by Daniel P. Berrange
This series lets apps enabled UEFI for a guest by
simply doing
<loader firmware='uefi'/>
with the other (existing) attributes being auto-filled
with correct QEMU specific defaults.
Daniel P. Berrange (3):
firmware: include arch and features in firmware file list
conf: add support for choosing firmware type
qemu: add support for simpler UEFI config
docs/formatdomain.html.in | 9 ++-
docs/schemas/domaincommon.rng | 12 ++-
src/conf/domain_conf.c | 70 ++++++++++++++--
src/conf/domain_conf.h | 11 +++
src/libvirt_private.syms | 1 +
src/qemu/qemu.conf | 14 +++-
src/qemu/qemu_command.c | 6 +-
src/qemu/qemu_conf.c | 12 ++-
src/qemu/qemu_conf.h | 7 ++
src/qemu/qemu_domain.c | 60 ++++++++++++--
src/qemu/test_libvirtd_qemu.aug.in | 6 +-
src/util/virfirmware.c | 94 +++++++++++++++++++---
src/util/virfirmware.h | 7 ++
.../qemuxml2argv-bios-firmware.args | 26 ++++++
.../qemuxml2argv-bios-firmware.xml | 41 ++++++++++
tests/qemuxml2argvtest.c | 1 +
.../qemuxml2xmlout-bios-firmware.xml | 48 +++++++++++
tests/qemuxml2xmltest.c | 1 +
tests/testutilsqemu.c | 30 ++++++-
19 files changed, 412 insertions(+), 44 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-firmware.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-firmware.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-bios-firmware.xml
--
2.7.4
8 years, 2 months
[libvirt] [PATCH v2] spec: Drop support for Fedora < 23
by Andrea Bolognani
We only claim support for OSs that are still supported by the
respective vendors, which means anything older than Fedora 23
is out. Reword the comment a bit to highlight the criteria.
---
Changes from v1:
* drop version checks that are now obsolete (thanks Dan)
libvirt.spec.in | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 00b95b8..545990c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1,9 +1,10 @@
# -*- rpm-spec -*-
-# This spec file assumes you are building for Fedora 20 or newer,
-# or for RHEL 6 or newer. It may need some tweaks for other distros.
+# This spec file assumes you are building on a Fedora or RHEL version
+# that's still supported by the vendor: that means Fedora 23 or newer,
+# or RHEL 6 or newer. It may need some tweaks for other distros.
# If neither fedora nor rhel was defined, try to guess them from dist
-%if (0%{?fedora} && 0%{?fedora} >= 20) || (0%{?rhel} && 0%{?rhel} >= 6)
+%if (0%{?fedora} && 0%{?fedora} >= 23) || (0%{?rhel} && 0%{?rhel} >= 6)
%define supported_platform 1
%else
%define supported_platform 0
@@ -167,7 +168,7 @@
%endif
# Enable wireshark plugins for all distros shipping libvirt 1.2.2 or newer
-%if 0%{?fedora} >= 21
+%if 0%{?fedora}
%define with_wireshark 0%{!?_without_wireshark:1}
%endif
@@ -209,7 +210,7 @@
%if 0%{?fedora} >= 25
%define tls_priority "@LIBVIRT,SYSTEM"
%else
- %if 0%{?fedora} >= 21
+ %if 0%{?fedora}
%define tls_priority "@SYSTEM"
%else
%define tls_priority "NORMAL"
--
2.7.4
8 years, 2 months