[libvirt] [PATCH v2 0/3] qemu: Add TLS transport for NBD
by Peter Krempa
v2:
- added qemu.conf knobs
- added docs
- fixed test case for changes in ACKed patches
This applies on top of my branch collecting all ACKed postings of
recent blockdev-related work. Current version can be fetched by:
git fetch git://pipo.sk/pipo/libvirt.git blockdev-staging
Peter Krempa (3):
qemu: conf: Add qemu.conf knobs for setting up TLS for NBD
qemu: domain: Add support for TLS for NBD
tests: qemublock: Test NBD with TLS in the JSON generator
docs/formatdomain.html.in | 8 ++++-
docs/schemas/domaincommon.rng | 5 +++
src/qemu/libvirtd_qemu.aug | 4 +++
src/qemu/qemu.conf | 34 +++++++++++++++++++
src/qemu/qemu_command.c | 5 +++
src/qemu/qemu_conf.c | 15 +++++++++
src/qemu/qemu_conf.h | 3 ++
src/qemu/qemu_domain.c | 38 ++++++++++++++++++++--
src/qemu/test_libvirtd_qemu.aug.in | 2 ++
tests/qemublocktest.c | 1 +
.../xml2json/network-nbd-tls.json | 19 +++++++++++
.../qemublocktestdata/xml2json/network-nbd-tls.xml | 18 ++++++++++
.../disk-drive-network-tlsx509.args | 9 ++++-
.../disk-drive-network-tlsx509.xml | 8 +++++
tests/qemuxml2argvtest.c | 2 +-
.../disk-drive-network-tlsx509.xml | 8 +++++
16 files changed, 174 insertions(+), 5 deletions(-)
create mode 100644 tests/qemublocktestdata/xml2json/network-nbd-tls.json
create mode 100644 tests/qemublocktestdata/xml2json/network-nbd-tls.xml
--
2.16.2
6 years, 4 months
[libvirt] [PATCH] libxl: fix leaking logfile fds
by Jim Fehlig
Per-domain log files were introduced in commit a30b08b7179. The FILE
objects associated with these log files are stored in a hash table
using domid as a key. When a domain is shutdown, destroyed, or
otherwise powered-off, the FILE object is removed from the hash table,
where the free function will close the FILE.
Unfortunately the call to remove the FILE from the hash table occurs
after setting domid=-1 in the libxlDomainCleanup() function. The
object is never removed from the hash table, the free function is
never called, and the underlying fd is leaked. Fix by removing the
FILE object from the hash table before setting domid=-1.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/libxl/libxl_domain.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index d4859d6707..d12b1b1b4b 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -769,6 +769,7 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver,
VIR_WARN("Unable to release lease on %s", vm->def->name);
VIR_DEBUG("Preserving lock state '%s'", NULLSTR(priv->lockState));
+ libxlLoggerCloseFile(cfg->logger, vm->def->id);
vm->def->id = -1;
if (priv->deathW) {
@@ -822,8 +823,6 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver,
VIR_FREE(xml);
}
- libxlLoggerCloseFile(cfg->logger, vm->def->id);
-
virDomainObjRemoveTransientDef(vm);
virObjectUnref(cfg);
}
--
2.16.3
6 years, 4 months
[libvirt] [PATCH] qemu.conf: Change the example user from 'root' to 'qemu'
by Kashyap Chamarthy
Signed-off-by: Kashyap Chamarthy <kchamart(a)redhat.com>
---
src/qemu/qemu.conf | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 31738ff19c..444247cf31 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -403,13 +403,14 @@
#
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
+# user = 'root' # The 'root' user
# user = "100" # A user named "100" or a user with uid=100
#
-#user = "root"
+#user = "qemu"
# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
-#group = "root"
+#group = "qemu"
# Whether libvirt should dynamically change file ownership
# to match the configured user/group above. Defaults to 1.
--
2.17.0
6 years, 4 months
[libvirt] [PATCH] qemu: hotplug: Fix TLS setup on disk hotplug
by Peter Krempa
We need to check if TLS is enabled as the variable is a tristate.
Currently we'd setup TLS even if it was explicitly turned off.
Thankfully TLS for disks was only used with the vxhs protocol so hardly
anybody would ever be able to hit the problem.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
This applies on top of my branch collecting all ACKed postings of
recent blockdev-related work. Current version can be fetched by:
git fetch git://pipo.sk/pipo/libvirt.git blockdev-staging
src/qemu/qemu_hotplug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 2f76c048aa..2b0d5df3bf 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -468,7 +468,7 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver,
else if (rv > 0)
prdStarted = true;
- if (disk->src->haveTLS &&
+ if (disk->src->haveTLS == VIR_TRISTATE_BOOL_YES &&
qemuDomainAddDiskSrcTLSObject(driver, vm, disk->src) < 0)
goto error;
--
2.16.2
6 years, 4 months
[libvirt] [PATCH] spec: Fix requirement for "tc" on new distros
by Jiri Denemark
At least since Fedora 26 (maybe earlier, but we don't support older
Fedora releases), the "tc" tool is provided by a separate iproute-tc
package.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
libvirt.spec.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 17d5d4dff7..55057e353c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -482,8 +482,14 @@ Requires: %{name}-libs = %{version}-%{release}
# for modprobe of pci devices
Requires: module-init-tools
+
# for /sbin/ip & /sbin/tc
Requires: iproute
+# tc is provided by iproute-tc since at least Fedora 26
+%if 0%{?fedora} || 0%{?rhel} > 7
+Requires: iproute-tc
+%endif
+
Requires: avahi-libs
%if 0%{?fedora} || 0%{?rhel} >= 7
Requires: polkit >= 0.112
--
2.17.1
6 years, 4 months
Re: [libvirt] [libvirt-users] virRandomBits - not very random
by Eric Blake
Reviving an ancient thread:
On 11/04/2014 02:18 AM, Daniel P. Berrange wrote:
> On Mon, Nov 03, 2014 at 11:09:12AM -0500, Brian Rak wrote:
>> I just ran into an issue where I had about 30 guests get duplicate mac
>> addresses assigned. These were scattered across 30 different machines.
>>
>> Some debugging revealed that:
>>
>> 1) All the host machines were restarted within a couple seconds of each
>> other
>> 2) All the host machines had fairly similar libvirtd pids (within ~100 PIDs
>> of each other)
>> 3) Libvirt seeds the RNG using 'time(NULL) ^ getpid()'
>>
>> This perfectly explains why I saw so many duplicate mac addresses.
>>
>> Why is the RNG seed such a predictable value? Surely there has to be a
>> better source of a random seed then the timestamp and the pid?
>>
>> The PID seems to me to be a very bad source of any randomness. I just ran a
>> test across 60 of our hosts. 43 of them shared their PID with at least one
>> other machine.
>
> We should probably seed it with data from /dev/urandom, and/or the new
> Linux getrandom() syscall (or BSD equivalent).
Did anyone ever open a BZ to track this? As far as I can tell, we still
have a very predictable (meaning bad) seeding algorithm that permits
large clusters to create collisions when their random number sequences
sync up.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
6 years, 4 months
[libvirt] [PATCH 0/2] last minute vsock tune-ups
by Ján Tomko
Last-minute change of the element name suggested by Dan:
https://www.redhat.com/archives/libvir-list/2018-June/msg00034.html
The news patch is rebased on top of Michal's addition:
[PATCH for 4.4.0] news: Document two new features introduced in this release
<ede7ef017a0a7621c29f01321d1ac4ca436f1ce6.1527839220.git.mprivozn(a)redhat.com>
Ján Tomko (2):
conf: rename <vsock><source> to <vsock><cid>
news: add vsock
docs/formatdomain.html.in | 6 +++---
docs/news.xml | 9 +++++++++
docs/schemas/domaincommon.rng | 4 ++--
src/conf/domain_conf.c | 20 ++++++++++----------
tests/qemuxml2argvdata/vhost-vsock-auto.xml | 2 +-
tests/qemuxml2argvdata/vhost-vsock.xml | 2 +-
tests/qemuxml2xmloutdata/vhost-vsock-auto.xml | 2 +-
7 files changed, 27 insertions(+), 18 deletions(-)
--
2.16.1
6 years, 4 months