December 2017 - Devel - libvirt List Archives

[libvirt] Release of libvirt-3.10.0
by Daniel Veillard 04 Dec '17

04 Dec '17

A little bit late but it's out, the new release is tagged in git and signed tarball and rpms have been pushed to the usual place: ftp://libvirt.org/libvirt/ I also pushed the corresponding release of python bindings at ftp://libvirt.org/libvirt/python/ This release brings a significant set of new features and noticeable improvements in addition to bug fixes: New features: - conf: Support defining distances between virtual NUMA cells A NUMA hardware architecture supports the notion of distances between NUMA cells. This can now be specified using the <distances> element within the NUMA cell configuration. Drivers which support this include Xen and QEMU. - Xen: Support defining vNUMA topology Xen now supports defining a virtual NUMA topology for VMs, including specifying distances between NUMA cells. - qemu: Add the ability to configure HPT resizing for pSeries guests The user can now decide whether HPT (Hash Page Table) resizing should be enabled, disabled or required instead of leaving it up to hypervisor defaults and negotiation between the guest and the host. - qemu: Add vmcoreinfo feature Starting with QEMU 2.11, the guest can save kernel debug details when this feature is enabled and the kernel supports it. It is useful to process kernel dump with KASLR enabled, and also provides various kernel details to crash tools. - conf: Move the auth and encryption definitions to disk source Allow parsing and formatting of the auth and encryption sub-elements to be a child of the source element. This will allow adding an auth sub-element to a backingStore or mirror elements as a means to track specific authentication and/or encryption needs. Improvements: - vbox: Add VirtualBox 5.2 support - vbox: Add support for configuring storage controllers The VirtualBox driver now supports the <controller> element in the domain XML for configuring storage controllers in VBOX VMs. Additionally, libvirt's domain XML schema was updated to allow optional model attribute for <controller type='ide'> which is used by the VBOX driver to set the IDE controller model to be one of 'piix4', 'piix4' (default), or 'ich6'. Finally, with this change dumpxml generates <controller> elements that correspond to current VBOX VM storage controller configuration. - vbox: Add support for attaching empty removable disks The VirutalBox driver now supports adding CD-ROM and floppy disk devices that do not have the disk source specified. Previously such devices were silently ignored. - vbox: Add support for attaching SAS storage controllers In VirtualBox, SCSI and SAS are distinct controller types whereas libvirt does not make such distinction. Therefore, the VBOX driver was updated to allow attaching SAS controllers via <controller type='scsi' model='lsisas1068'> element. If there are both SCSI and SAS controllers present in the VBOX VM, the domain XML can associate the disk device using the <address> element with the controller attribute, and optionally, set the port via unit attribute. - qemu: Generate predictable paths for qemu memory backends In some cases management applications need to know paths passed to memory-backend-file objects upfront. Libvirt now generates predictable paths so applications can prepare the files if they need to do so. - Shareable disks work properly with recent qemu Recent qemu versions added image locking to avoid potential corruption of disk images. This broke shareable disks with libvirt since the feature was turned on by default in qemu. Libvirt now enables sharing of those disks in qemu so that the image locking is not applied in that case. Additionally libvirt now checks that shareable disks have supported format (raw) to avoid metadata corruption. - Improve serial console behavior on non-x86 architectures ppc64, aarch64 and s390x guests were treating the <serial> and <console> elements differently from x86, in some cases presenting misleading information to the user. The behavior is now consistent across all architectures and the information reported is always accurate. Bug fixes: - vbox: Do not ignore failures to attach disk devices when defining The define now fails and reports an error if any of the controller or disk devices specified in the domain XML fail to attach to the VirtualBox VM. - vbox: Fix dumpxml to always output disk devices The VirtualBox driver was ignoring any disk devices in dumpxml output if there was a SAS storage controller attached to the VM. - vbox: Fix dumpxml to always generate valid domain XML When a VirtualBox VM has multiple disks attached, each to a different storage controller that uses 'sd' prefix for block device names e.g. one disk attached to SATA and one to SCSI controller, it no longer generates XML where both would have 'sda' device name assigned. Instead it properly assigns 'sda' and 'sdb' to those disks in the order of appearance. - Securely pass iSCSI authentication data Rather than supplying the authentication data as part of the iSCSI URL for a disk or host device, utilize the encrypted secret object to securely pass the authentication data. Thanks everybody for your help getting this release out, with ideas, patches, reviews, documentations, bug reports ... Enjoy this release, and please not that the next one (4.0.0) is scheduled for mid january ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt] [PATCH] apparmor: allow qemu abstraction to read /proc/pid/cmdline
by Jim Fehlig 04 Dec '17

04 Dec '17

Noticed the following denial in audit.log when shutting down an apparmor confined domain type=AVC msg=audit(1512002299.742:131): apparmor="DENIED" operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff" name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=469 ouid=0 Squelch the denial by allowing read access to /proc/<pid>/cmdline. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- Note: In the audit.log snippet, PID 1475 is libvirtd and 2958 is the qemu process. I must admit it is not clear to me why /proc/<libvirtd-pid>/cmdline is read on domain shutdown. examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 73bdbae87..3d9eed9ec 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -25,6 +25,7 @@ /dev/ptmx rw, /dev/kqemu rw, @{PROC}/*/status r, + @{PROC}/@{pid}/cmdline r, # Per man(5) proc, the kernel enforces that a thread may # only modify its comm value or those in its thread group. owner @{PROC}/@{pid}/task/@{tid}/comm rw, -- 2.15.0

4 7

[libvirt] [PATCH v2] libvirt: Adding POWER9 DD1.0/DD2.0 PVR value to cpu_map.xml
by Seeteena Thoufeek 04 Dec '17

04 Dec '17

DD1.0/DD2.0 PVR value is missing from cpu_map.xml. This patch provides those details Signed-off-by: Seeteena Thoufeek <s1seetee(a)linux.vnet.ibm.com> --- src/cpu/cpu_map.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml index e5da7a8..be4e215 100644 --- a/src/cpu/cpu_map.xml +++ b/src/cpu/cpu_map.xml @@ -1729,6 +1729,8 @@ <model name='POWER9'> <vendor name='IBM'/> <pvr value='0x004e0000' mask='0xffff0000'/> + <pvr value='0x004e0100' mask='0xffff0000'/> + <pvr value='0x004e1200' mask='0xffff0000'/> </model>  -- 1.8.3.1

3 3

[libvirt] CFP deadline extended for FOSDEM18 Virt & IaaS Devroom
by Stefan Hajnoczi 04 Dec '17

04 Dec '17

The call for papers for the Virtualization and IaaS Devroom at FOSDEM18 is extended until December 7 midnight UTC. All other dates remain the same as you can read below. On behalf of oVirt and the Xen Project, we are excited to announce that the call for proposals is now open for the Virtualization & IaaS devroom at the upcoming FOSDEM 2018, to be hosted on February 3 and 4, 2017. This year will mark FOSDEM’s 18th anniversary as one of the longest-running free and open source software developer events, attracting thousands of developers and users from all over the world. FOSDEM will be held once again in Brussels, Belgium, on February 3 & 4, 2018. This devroom is a collaborative effort, and is organized by dedicated folks from projects such as OpenStack, Xen Project,, oVirt, QEMU, and Foreman. We would like to invite all those who are involved in these fields to submit your proposals by December 1st, 2017. About the Devroom The Virtualization & IaaS devroom will feature session topics such as open source hypervisors and virtual machine managers such as Xen Project, KVM, bhyve, and VirtualBox, and Infrastructure-as-a-Service projects such as Apache CloudStack, OpenStack, oVirt, QEMU, OpenNebula, and Ganeti. This devroom will host presentations that focus on topics of shared interest, such as KVM; libvirt; shared storage; virtualized networking; cloud security; clustering and high availability; interfacing with multiple hypervisors; hyperconverged deployments; and scaling across hundreds or thousands of servers. Presentations in this devroom will be aimed at developers working on these platforms who are looking to collaborate and improve shared infrastructure or solve common problems. We seek topics that encourage dialog between projects and continued work post-FOSDEM. Important Dates Submission deadline: 07 December 2017 Acceptance notifications: 14 December 2017 Final schedule announcement: 21 December 2017 Devroom: 03 and 04 February 2018 (two days- different rooms) Submit Your Proposal All submissions must be made via the Pentabarf event planning site[1]. If you have not used Pentabarf before, you will need to create an account. If you submitted proposals for FOSDEM in previous years, you can use your existing account. After creating the account, select Create Event to start the submission process. Make sure to select Virtualization and IaaS devroom from the Track list. Please fill out all the required fields, and provide a meaningful abstract and description of your proposed session. Submission Guidelines We expect more proposals than we can possibly accept, so it is vitally important that you submit your proposal on or before the deadline. Late submissions are unlikely to be considered. All presentation slots are 45 minutes, with 35 minutes planned for presentations, and 10 minutes for Q&A. All presentations will be recorded and made available under Creative Commons licenses. In the Submission notes field, please indicate that you agree that your presentation will be licensed under the CC-By-SA-4.0 or CC-By-4.0 license and that you agree to have your presentation recorded. For example: "If my presentation is accepted for FOSDEM, I hereby agree to license all recordings, slides, and other associated materials under the Creative Commons Attribution Share-Alike 4.0 International License. Sincerely, <NAME>." In the Submission notes field, please also confirm that if your talk is accepted, you will be able to attend FOSDEM and deliver your presentation. We will not consider proposals from prospective speakers who are unsure whether they will be able to secure funds for travel and lodging to attend FOSDEM. (Sadly, we are not able to offer travel funding for prospective speakers.) Speaker Mentoring Program As a part of the rising efforts to grow our communities and encourage a diverse and inclusive conference ecosystem, we're happy to announce that we'll be offering mentoring for new speakers. Our mentors can help you with tasks such as reviewing your abstract, reviewing your presentation outline or slides, or practicing your talk with you. You may apply to the mentoring program as a newcomer speaker if you: Never presented before or Presented only lightning talks or Presented full-length talks at small meetups (<50 ppl) Submission Guidelines Mentored presentations will have 25-minute slots, where 20 minutes will include the presentation and 5 minutes will be reserved for questions. The number of newcomer session slots is limited, so we will probably not be able to accept all applications. You must submit your talk and abstract to apply for the mentoring program, our mentors are volunteering their time and will happily provide feedback but won't write your presentation for you! If you are experiencing problems with Pentabarf, the proposal submission interface, or have other questions, you can email our devroom mailing list[2] and we will try to help you. How to Apply In addition to agreeing to video recording and confirming that you can attend FOSDEM in case your session is accepted, please write "speaker mentoring program application" in the "Submission notes" field, and list any prior speaking experience or other relevant information for your application. Call for Mentors Interested in mentoring newcomer speakers? We'd love to have your help! Please email iaas-virt-devroom at lists.fosdem.org with a short speaker biography and any specific fields of expertise (for example, KVM, OpenStack, storage, etc.) so that we can match you with a newcomer speaker from a similar field. Estimated time investment can be as low as a 5-10 hours in total, usually distributed weekly or bi-weekly. Never mentored a newcomer speaker but interested to try? As the mentoring program coordinator, email Brian Proffitt[3] and he will be happy to answer your questions! Code of Conduct Following the release of the updated code of conduct for FOSDEM, we'd like to remind all speakers and attendees that all of the presentations and discussions in our devroom are held under the guidelines set in the CoC and we expect attendees, speakers, and volunteers to follow the CoC at all times. If you submit a proposal and it is accepted, you will be required to confirm that you accept the FOSDEM CoC. If you have any questions about the CoC or wish to have one of the devroom organizers review your presentation slides or any other content for CoC compliance, please email us and we will do our best to assist you. Call for Volunteers We are also looking for volunteers to help run the devroom. We need assistance watching time for the speakers, and helping with video for the devroom. Please contact me, Brian Proffitt, for more information. Questions? If you have any questions about this devroom, please send your questions to our devroom mailing list. You can also subscribe to the list to receive updates about important dates, session announcements, and to connect with other attendees. See you all at FOSDEM! [1] https://penta.fosdem.org/submission/FOSDEM18 [2] iaas-virt-devroom at lists.fosdem.org [3] bkp at redhat.com

1 0

[libvirt] [PATCH] Adjust backslash alignment syntax-check
by Martin Kletzander 04 Dec '17

04 Dec '17

We have a check for backslash alignment that checks for two blanks preceding a backslash. However there can be alignment done using a tabulator and in some cases one might be enough. There are none currently, but I found out that was the case before. at some point. so let's check for \t preceding the final backslash as well. Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> --- cfg.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index 5321a52b7ee2..ea10ca19f512 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1038,7 +1038,7 @@ sc_prohibit_http_urls: $(_sc_search_regexp) sc_prohibit_backslash_alignment: - @prohibit='[[:blank:]][[:blank:]]\\$$' \ + @prohibit='([[:blank:]][[:blank:]]| )\\$$' \ in_vc_files='*\.([chx]|am|mk)$$' \ halt='Do not attempt to right-align backslashes' \ $(_sc_search_regexp) -- 2.15.0

3 2

[libvirt] Entering freeze for libvirt-3.10.0
by Daniel Veillard 01 Dec '17

01 Dec '17

As planned yesterday (but a bit late) I tagged Release Candidate 1 in git and pushed the signed tarball and rpms to the usual place: ftp://libvirt.org/libvirt/ Seems to work fine in my limited testing, but please give them a try especially for portability accross arches and platforms ! If things go well (and https://ci.centos.org/view/libvirt/ looks good !) then I will push RC2 on Fraiday and get the final 3.10.0 out on Monday, but please give it some testing and report ! thanks, Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

2 4

[libvirt] [PATCH 0/2] fix chardev security labels
by Pavel Hrdina 01 Dec '17

01 Dec '17

Pavel Hrdina (2): security: introduce virSecurityManager(Set|Restore)ChardevLabel qemu: fix security labeling for attach/detach of char devices src/libvirt_private.syms | 2 ++ src/qemu/qemu_hotplug.c | 10 +++++++ src/qemu/qemu_security.c | 60 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_security.h | 8 ++++++ src/security/security_dac.c | 3 +++ src/security/security_driver.h | 11 ++++++++ src/security/security_manager.c | 40 +++++++++++++++++++++++++++ src/security/security_manager.h | 10 +++++++ src/security/security_nop.c | 20 ++++++++++++++ src/security/security_selinux.c | 3 +++ src/security/security_stack.c | 43 +++++++++++++++++++++++++++++ 11 files changed, 210 insertions(+) -- 2.14.3

2 3

[libvirt] [PATCH v3 0/4] Move ide validation from qemuBuildControllerDevStr to qemuDomainDeviceDefValidate
by Lin Ma 01 Dec '17

01 Dec '17

Validate IDE controllers in qemuDomainDeviceDefValidate for reminding users earlier. v2->v3: * split original patch to multiple patches. * making the validation is preferred over the PostParse for avoiding guests disappear. * remove ide from the pseries and the ccw tests. Lin Ma (4): tests: qemuxml2argv: Use scsi controller instead of ide in pseries tests: qemuhotplugtest: Drop ide controller in ccw qemu_command: Drop IDE validation code in qemuBuildControllerDevStr qemu_domain: Error out earlier when configuring IDE controller incorrectly src/qemu/qemu_command.c | 10 +------ src/qemu/qemu_domain.c | 35 +++++++++++++++++++++- .../qemuhotplug-base-ccw-live+ccw-virtio.xml | 4 --- ...ive-with-2-ccw-virtio+ccw-virtio-1-explicit.xml | 4 --- ...live-with-2-ccw-virtio+ccw-virtio-1-reverse.xml | 4 --- ...qemuhotplug-base-ccw-live-with-2-ccw-virtio.xml | 4 --- ...-live-with-ccw-virtio+ccw-virtio-2-explicit.xml | 4 --- ...-base-ccw-live-with-ccw-virtio+ccw-virtio-2.xml | 4 --- .../qemuhotplug-base-ccw-live-with-ccw-virtio.xml | 4 --- .../qemuhotplug-base-ccw-live.xml | 4 --- .../qemuxml2argv-disk-floppy-pseries.args | 2 +- .../qemuxml2argv-disk-floppy-pseries.xml | 4 +-- 12 files changed, 38 insertions(+), 45 deletions(-) -- 2.9.2

4 8

[libvirt] [PATCH jenkins-ci] Make args to 'go test' configurable
by Daniel P. Berrange 01 Dec '17

01 Dec '17

Each module has its own set of tags it may wish to pass to 'go test', so set it based on an env variable Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- jobs/go.yaml | 2 +- projects/libvirt-go-xml.yaml | 2 ++ projects/libvirt-go.yaml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/jobs/go.yaml b/jobs/go.yaml index 93b61ca..29a9f51 100644 --- a/jobs/go.yaml +++ b/jobs/go.yaml @@ -80,7 +80,7 @@ - shell: | {global_env} {local_env} - go test -tags api + go test $TEST_ARGS publishers: - email: recipients: '{obj:spam}' diff --git a/projects/libvirt-go-xml.yaml b/projects/libvirt-go-xml.yaml index 1c42e3d..3083b9f 100644 --- a/projects/libvirt-go-xml.yaml +++ b/projects/libvirt-go-xml.yaml @@ -11,6 +11,8 @@ - libvirt-freebsd-10 - libvirt-freebsd-11 title: Libvirt Go XML + local_env: | + export TEST_ARGS="-tags xmlroundtrip" jobs: - go-build-job: parent_jobs: diff --git a/projects/libvirt-go.yaml b/projects/libvirt-go.yaml index faa5265..141c862 100644 --- a/projects/libvirt-go.yaml +++ b/projects/libvirt-go.yaml @@ -11,6 +11,8 @@ - libvirt-freebsd-10 - libvirt-freebsd-11 title: Libvirt Go + local_env: | + export TEST_ARGS="-tags api" jobs: - go-build-job: parent_jobs: 'libvirt-master-build' -- 2.14.3

2 1

[libvirt] [PATCH 0/3] Couple of memleak fixes
by Michal Privoznik 01 Dec '17

01 Dec '17

Ideally, I'd like to merge these to the release. Michal Privoznik (3): virDomainDiskSourceNetworkParse: Don't leak @tlsCfg or @haveTLS virDomainDiskBackingStoreParse: Don't leak @idx qemuStateInitialize: Don't leak @memoryBackingPath src/conf/domain_conf.c | 3 +++ src/qemu/qemu_driver.c | 1 + 2 files changed, 4 insertions(+) -- 2.13.6

2 6