[libvirt] [PATCH 0/3] virnetworkobj: Couple of small fixes and improvements
by Michal Privoznik
Almost trivial, not pushed though.
Michal Prívozník (3):
virnetworkobj: Free retval of virNetworkObjGetPortStatusDir()
virnetworkobj: Drop needless cleanup label in virNetworkObjAddPort
virnetworkobj: Drop needless cleanup label in virNetworkObjDeletePort
src/conf/virnetworkobj.c | 37 ++++++++++++++-----------------------
1 file changed, 14 insertions(+), 23 deletions(-)
--
2.21.0
5 years, 5 months
[libvirt] Problem configuring selective dropping of root
by Stephan von Krawczynski
Hello list,
I came across a fundamental flaw in the libvirt user configuration lately and
try to find a solution now. Here is the problem:
I run several qemu instances on arch linux all configured via libvirt. The
default config as user nobody:kvm was fine up to the day I tried to use a host
filesystem via 9p. If you want to gain all user rights on the guest inside
that fs you have to run qemu as root. So far so good. But if you have several
qemus running and only one needs to be root, what to do? You can try to give a
-runas by using <qemu:args>. But that does not work, qemu instantly crashes. I
think this is because to have _one_ root qemu, you have to configure libvirt
to use root user. This means all rights to fs and so on are set to root and
this is what lets qemu probably go crazy if dropping root by -runas.
The whole thing would be a lot easier and more transparent if the user in
libvirt wouldn't be a global config, but instead be part of the domain xml.
This way every qemu started could use a different user and have different
rights.
In my case all but one could be nobody:kvm, and one root:root.
This should not be to complicated based on whats already there, is it?
--
Regards,
Stephan
5 years, 5 months
[libvirt] [PATCH 0/4] qemu: blockdev-related cleanups and refactors (blockdev-add saga)
by Peter Krempa
Peter Krempa (4):
qemu: blockjob: Don't reset state when entering sync blockjob
qemu: blockjob: Don't emit traditional disk events for jobs without
disk
qemu: Refactor variables for extracting flags in
qemuDomainBlockCopyCommon
qemu: block: Split up qemuBlockStorageSourceAttachApply
src/qemu/qemu_block.c | 86 +++++++++++++++++++++++++++++-----------
src/qemu/qemu_blockjob.c | 5 ++-
src/qemu/qemu_driver.c | 20 +++++-----
3 files changed, 77 insertions(+), 34 deletions(-)
--
2.21.0
5 years, 5 months
[libvirt] [jenkins-ci PATCH] guests: Always install the freshest point release
by Andrea Bolognani
Sometimes the original URL might even stop working, as is the
case for Ubuntu 16.04 this very moment. We want the lastest
point release anyway.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/host_vars/libvirt-debian-10/install.yml | 2 +-
guests/host_vars/libvirt-debian-9/install.yml | 2 +-
guests/host_vars/libvirt-ubuntu-16/install.yml | 2 +-
guests/host_vars/libvirt-ubuntu-18/install.yml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/guests/host_vars/libvirt-debian-10/install.yml b/guests/host_vars/libvirt-debian-10/install.yml
index 0a30571..d6452b6 100644
--- a/guests/host_vars/libvirt-debian-10/install.yml
+++ b/guests/host_vars/libvirt-debian-10/install.yml
@@ -1,2 +1,2 @@
---
-install_url: http://deb.debian.org/debian/dists/buster/main/installer-amd64/
+install_url: http://deb.debian.org/debian/dists/buster-updates/main/installer-amd64/
diff --git a/guests/host_vars/libvirt-debian-9/install.yml b/guests/host_vars/libvirt-debian-9/install.yml
index 7641753..a8c5d25 100644
--- a/guests/host_vars/libvirt-debian-9/install.yml
+++ b/guests/host_vars/libvirt-debian-9/install.yml
@@ -1,2 +1,2 @@
---
-install_url: http://deb.debian.org/debian/dists/stretch/main/installer-amd64/
+install_url: http://deb.debian.org/debian/dists/stretch-updates/main/installer-amd64/
diff --git a/guests/host_vars/libvirt-ubuntu-16/install.yml b/guests/host_vars/libvirt-ubuntu-16/install.yml
index d8ce841..c3edf40 100644
--- a/guests/host_vars/libvirt-ubuntu-16/install.yml
+++ b/guests/host_vars/libvirt-ubuntu-16/install.yml
@@ -1,2 +1,2 @@
---
-install_url: http://archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/
+install_url: http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/installer-amd64/
diff --git a/guests/host_vars/libvirt-ubuntu-18/install.yml b/guests/host_vars/libvirt-ubuntu-18/install.yml
index 544b3f2..f8a18f6 100644
--- a/guests/host_vars/libvirt-ubuntu-18/install.yml
+++ b/guests/host_vars/libvirt-ubuntu-18/install.yml
@@ -1,2 +1,2 @@
---
-install_url: http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/
+install_url: http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/
--
2.21.0
5 years, 5 months
[libvirt] [PATCH v4 00/23] Add support for vTPM state encryption
by Stefan Berger
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.
The TPM's domain XML looks to enable state encryption looks like this:
<tpm model='tpm-tis'>
<backend type='emulator' version='1.2'>
<encryption format='vtpm'>
<secret type='passphrase' uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
</encryption>
</backend>
<alias name='tpm0'/>
</tpm>
The vTPM secret holding the passphrase looks like this:
<secret ephemeral='no' private='yes'>
<uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
<description>vTPM passphrase example</description>
<usage type='vtpm'>
<name>vtpm_example</name>
</usage>
</secret>
The swtpm v0.2 (upcoming) is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.
The patches do some refactoring of existing code on the way.
Stefan
v1->v2:
- Added Marc-André's R-bs
- Addressed comments
- Added patches to extend virCommand to be able to write contents of multiple
buffers to file descriptors for a spawned process to read from
v2->v3:
- Fixed some pointer issues following conversion to use VIR_AUTOFREE
v3->v4:
- Added test case for virCommandSetSendBuffer() to commantest.c
- Addressed other issues raised by Marc-André
Stefan Berger (23):
secret: Add support for usage type vTPM, extend schema and test case
tests: Add already existing test case tpm-emulator-tpm2
util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
conf: Extend TPM XML parser with encryption support
schema: Extend the TPM XML schema with support for encryption
tests: Add test for TPM XML encryption parser and formatter
tests: Add tests for QEMU command line generation with encrypted TPM
tpm: Move virtpm.c from utils dir to own tpm dir
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
tpm: Refactor virTPMEmulatorInit to use loop
tpm: Check whether previously found executables were updated
tpm: Parse the capabilities supported by swtpm and swtpm_setup
utils: Implement function to pass a buffer to send via a fd to
virCommand
utils: Convert pollfd array to be allocated
utils: Write a maximum of MAX_PIPE_WRITE_BYTES into a pipe
utils: Mark inpipe as non-blocking
utils: Extend virCommandProcessIO to include the send buffers
tests: Extend command test to transfer large data to process on
multiple fds
tpm: Use fd to pass password to swtpm_setup and swtpm
tpm: Pass migration key passphrase via fd to swtpm
tpm: Check TPM XML device configuration changes after edit
docs: Extend Secret XML documentation with vtpm usage type
docs: Extend TPM docs with new encryption element
docs/formatdomain.html.in | 16 +
docs/formatsecret.html.in | 61 +++-
docs/schemas/domaincommon.rng | 30 ++
docs/schemas/secret.rng | 10 +
include/libvirt/libvirt-secret.h | 1 +
po/POTFILES | 2 +-
src/Makefile.am | 1 +
src/conf/Makefile.inc.am | 7 +
src/conf/domain_conf.c | 96 +++++-
src/conf/domain_conf.h | 5 +
src/conf/secret_conf.c | 13 +
src/conf/virtpm_conf.c | 36 ++
src/conf/virtpm_conf.h | 36 ++
src/libvirt_private.syms | 21 +-
src/qemu/Makefile.inc.am | 1 +
src/qemu/qemu_block.c | 1 +
src/qemu/qemu_driver.c | 28 ++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +
src/qemu/qemu_tpm.c | 196 ++++++-----
src/security/Makefile.inc.am | 1 +
src/tpm/Makefile.inc.am | 20 ++
src/tpm/virtpm.c | 326 ++++++++++++++++++
src/{util => tpm}/virtpm.h | 8 +
src/util/Makefile.inc.am | 2 -
src/util/vircommand.c | 153 +++++++-
src/util/vircommand.h | 5 +
src/util/virsecret.c | 2 +-
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
src/util/virtpm.c | 74 ----
tests/Makefile.am | 1 +
tests/commandhelper.c | 64 +++-
tests/commandtest.c | 112 ++++++
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++
.../tpm-emulator-tpm2-enc.xml | 34 ++
tests/qemuxml2argvtest.c | 1 +
.../tpm-emulator-tpm2-enc.xml | 38 ++
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
41 files changed, 1283 insertions(+), 172 deletions(-)
create mode 100644 src/conf/virtpm_conf.c
create mode 100644 src/conf/virtpm_conf.h
create mode 100644 src/tpm/Makefile.inc.am
create mode 100644 src/tpm/virtpm.c
rename src/{util => tpm}/virtpm.h (77%)
delete mode 100644 src/util/virtpm.c
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
--
2.20.1
5 years, 5 months
[libvirt] [PATCH v2 00/19] Enable proper use of systemd socket activation with libvirtd
by Daniel P. Berrangé
The libvirtd daemon has some support for systemd socket activation
from:
commit 27a7081c2968ca0d7fbd590629b5a5303851f4a3
Author: Martin Kletzander <mkletzan(a)redhat.com>
Date: Tue Jul 15 15:28:53 2014 +0200
daemon: support passing FDs from the calling process
First FD is the RW unix socket to listen on, second one (if
applicable) is the RO unix socket.
This was originally intended for use by the libvirt client when doing
auto-spawning of libvirtd, but we later deleted that client side code
in
commit be78814ae07f092d9c4e71fd82dd1947aba2f029
Author: Michal Privoznik <mprivozn(a)redhat.com>
Date: Thu Apr 2 14:41:17 2015 +0200
virNetSocketNewConnectUNIX: Use flocks when spawning a daemon
We never added systemd socket units before as we need libvirtd to start
on boot to perform autostart.
It was recently pointed out by Lennart that these two features are not
mutually exclusive though. Libvirtd can be set to start on boot, and
also have socket unit files.
The idea is that we start libvirtd on boot, perform autostart, and then
libvirtd can exit if nothing is running. The socket unit files are then
there to start it again when a mgmt app connects.
This series implements that strategy. In doing so the current socket
activation support was rewritten to be more flexible, able to cope with
the admin socket and the TCP/TLS sockets, all passed in any order.
NB, I don't believe I have got the RPM upgrade procedure right yet. As
there are alot of scenario to test for upgrades, I need more validation
of that. The series is long enough now though, that it would benefit
from code review already
This socket activation is also going to be important when we split out
the daemons, as we will use the same libvirtd codebase for these new
daemons, simply compiled with different options.
Changed in v2:
- Merge 4 patches already ACKd by Jan
- Drop VIR_AUTOSTRUCT patch
- Fix patch ordering to be bisectable with "make check"
Daniel P. Berrangé (19):
rpc: ensure all sockets bind to same port when service is NULL
util: add APIs for facilitating use of systemd activation FDs
rpc: refactor RPC service constructors to share more code
rpc: allow creating RPC service from an array of FDs
rpc: avoid unlinking sockets passed in from systemd
rpc: add helper APIs for adding services with systemd activation
rpc: add API for checking whether an auth scheme is in use on a server
remote: simplify libvirtd code for deciding if SASL auth is needed
remote: fix handling of systemd activation wrt socket ordering
rpc: remove unused API for creating services from FDs
remote: add systemd socket units for UNIX/TCP sockets
remote: make system libvirtd exit when idle via timeout
remote: update config files to note usage wrt systemd socket
activation
util: remove code spawning with systemd activation env vars
locking: convert lock daemon to use systemd activation APIs
logging: convert log daemon to use systemd activation APIs
util: move code for getting listen FDs into systemd module
util: remove unused helper for getting UNIX socket path
rpc: remove unused typedef for auto shutdown function callback
libvirt.spec.in | 24 +-
src/libvirt_private.syms | 8 +-
src/libvirt_remote.syms | 6 +-
src/locking/lock_daemon.c | 121 ++---
src/logging/log_daemon.c | 121 ++---
src/remote/Makefile.inc.am | 35 ++
src/remote/libvirtd-admin.socket.in | 15 +
src/remote/libvirtd-ro.socket.in | 15 +
src/remote/libvirtd-tcp.socket.in | 14 +
src/remote/libvirtd-tls.socket.in | 14 +
src/remote/libvirtd.conf | 31 ++
src/remote/libvirtd.service.in | 16 +-
src/remote/libvirtd.socket.in | 13 +
src/remote/libvirtd.sysconf | 3 +-
src/remote/remote_daemon.c | 255 +++++-----
src/rpc/virnetdaemon.h | 2 -
src/rpc/virnetserver.c | 162 +++++++
src/rpc/virnetserver.h | 26 ++
src/rpc/virnetserverservice.c | 238 ++++------
src/rpc/virnetserverservice.h | 24 +-
src/rpc/virnetsocket.c | 83 +++-
src/rpc/virnetsocket.h | 1 +
src/util/vircommand.c | 99 ----
src/util/vircommand.h | 2 -
src/util/virsystemd.c | 434 ++++++++++++++++++
src/util/virsystemd.h | 32 ++
src/util/virutil.c | 116 -----
src/util/virutil.h | 3 -
tests/commanddata/test24.log | 8 -
tests/commandtest.c | 58 ---
.../input-data-anon-clients.json | 12 +-
.../output-data-admin-server-names.json | 24 +-
tests/virnetdaemondata/output-data-admin.json | 24 +-
.../output-data-anon-clients.json | 12 +-
.../output-data-client-auth-pending.json | 12 +-
.../output-data-client-ids.json | 12 +-
.../output-data-client-timestamp.json | 12 +-
.../virnetdaemondata/output-data-initial.json | 12 +-
.../output-data-no-keepalive-required.json | 24 +-
tests/virsystemdtest.c | 169 +++++++
40 files changed, 1464 insertions(+), 828 deletions(-)
create mode 100644 src/remote/libvirtd-admin.socket.in
create mode 100644 src/remote/libvirtd-ro.socket.in
create mode 100644 src/remote/libvirtd-tcp.socket.in
create mode 100644 src/remote/libvirtd-tls.socket.in
create mode 100644 src/remote/libvirtd.socket.in
delete mode 100644 tests/commanddata/test24.log
--
2.21.0
5 years, 5 months
[libvirt] [PATCH v2] logging: ensure virtlogd rollover takes priority over logrotate
by Daniel P. Berrangé
The virtlogd config is set to rollover logs every 2 MB.
Normally a logrotate config file is also installed to handle cases where
virtlogd is disabled. This is set to rollover weekly with no size
constraint.
As a result logrotate can interfere with virtlogd's, rolling over files
that virtlogd has already taken care of.
This changes logrotate configs to rollover based on a max size
constraint of 2 MB + 1 byte. When virtlogd is running the log files will
never get this large, making logrotate a no-op.
If the user changes the size in virtlogd's config to something larger,
they are responsible for also changing the logrotate config suitably.
The LXC driver doesn't use virtlogd, but its logrotate config is altered
to match the QEMU driver logrotate, just for the sake of consistency.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/logging/virtlogd.conf | 6 ++++++
src/remote/libvirtd.libxl.logrotate.in | 2 +-
src/remote/libvirtd.lxc.logrotate.in | 2 +-
src/remote/libvirtd.qemu.logrotate.in | 10 +++++++++-
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/logging/virtlogd.conf b/src/logging/virtlogd.conf
index 72da7f0705..bc41edbc6b 100644
--- a/src/logging/virtlogd.conf
+++ b/src/logging/virtlogd.conf
@@ -90,6 +90,12 @@
#admin_max_clients = 5
# Maximum file size before rolling over. Defaults to 2 MB
+#
+# Beware that a logrotate config file might be installed too,
+# to handle cases where virtlogd is disabled. To ensure that
+# the logrotate config is a no-op when virtlogd is running,
+# make sure that max_size here is smaller than size listed
+# in the logrotate config.
#max_size = 2097152
# Maximum number of backup files to keep. Defaults to 3,
diff --git a/src/remote/libvirtd.libxl.logrotate.in b/src/remote/libvirtd.libxl.logrotate.in
index cb7f07d846..1461c1efa1 100644
--- a/src/remote/libvirtd.libxl.logrotate.in
+++ b/src/remote/libvirtd.libxl.logrotate.in
@@ -1,5 +1,5 @@
@localstatedir(a)/log/libvirt/libxl/*.log {
- weekly
+ size 2097153
missingok
rotate 4
compress
diff --git a/src/remote/libvirtd.lxc.logrotate.in b/src/remote/libvirtd.lxc.logrotate.in
index 2bb9dfba12..b88dabb58e 100644
--- a/src/remote/libvirtd.lxc.logrotate.in
+++ b/src/remote/libvirtd.lxc.logrotate.in
@@ -1,5 +1,5 @@
@localstatedir(a)/log/libvirt/lxc/*.log {
- weekly
+ size 2097153
missingok
rotate 4
compress
diff --git a/src/remote/libvirtd.qemu.logrotate.in b/src/remote/libvirtd.qemu.logrotate.in
index cdb399ef23..78f2ca875e 100644
--- a/src/remote/libvirtd.qemu.logrotate.in
+++ b/src/remote/libvirtd.qemu.logrotate.in
@@ -1,5 +1,13 @@
@localstatedir(a)/log/libvirt/qemu/*.log {
- weekly
+ # The QEMU driver is configured to use virtlogd by
+ # default, which will perform log rollover.
+ # This logrotate config is still installed for cases
+ # where the user has switched off virtlogd.
+ #
+ # If virtlogd is active, ensure that size here is
+ # larger than 'max_size' in the virtlogd config
+ # so that logrotate becomes a no-op
+ size 2097153
missingok
rotate 4
compress
--
2.21.0
5 years, 5 months
[libvirt] [PATCH v2 00/21] Add support for vTPM state encryption
by Stefan Berger
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.
The TPM's domain XML looks to enable state encryption looks like this:
<tpm model='tpm-tis'>
<backend type='emulator' version='1.2'>
<encryption format='vtpm'>
<secret type='passphrase' uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
</encryption>
</backend>
<alias name='tpm0'/>
</tpm>
The vTPM secret holding the passphrase looks like this:
<secret ephemeral='no' private='yes'>
<uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
<description>vTPM passphrase example</description>
<usage type='vtpm'>
<name>vtpm_example</name>
</usage>
</secret>
The swtpm v0.2 (upcoming) is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.
The patches do some refactoring of existing code on the way.
Stefan
v1->v2:
- Added Marc-André's R-bs
- Addressed comments
- Added patches to extend virCommand to be able to write contents of multiple
buffers to file descriptors for a spawned process to read from
Stefan Berger (21):
secret: Add support for usage type vTPM, extend schema and test case
tests: Add already existing test case tpm-emulator-tpm2
util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
conf: Extend TPM XML parser with encryption support
schema: Extend the TPM XML schema with support for encryption
tests: Add test for TPM XML encryption parser and formatter
tests: Add tests for QEMU command line generation with encrypted TPM
tpm: Move virtpm.c from utils dir to own tpm dir
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
tpm: Refactor virTPMEmulatorInit to use loop
tpm: Check whether previously found executables were updated
tpm: Parse the capabilities supported by swtpm and swtpm_setup
utils: Implement function to pass a buffer to send via a fd to
virCommand
utils: Convert pollfd array to be allocated
utils: Write a maximum of MAX_PIPE_FEED_BYTES into a pipe
utils: Extend virCommandProcessIO to including the send buffers
tpm: Use fd to pass password to swtpm_setup and swtpm
tpm: Pass migration key passphrase via fd to swtpm
tpm: Check TPM XML device configuration changes after edit
docs: Extend Secret XML documentation with vtpm usage type
docs: Extend TPM docs with new encryption element
docs/formatdomain.html.in | 16 +
docs/formatsecret.html.in | 61 +++-
docs/schemas/domaincommon.rng | 30 ++
docs/schemas/secret.rng | 10 +
include/libvirt/libvirt-secret.h | 1 +
po/POTFILES | 2 +-
src/Makefile.am | 1 +
src/conf/Makefile.inc.am | 7 +
src/conf/domain_conf.c | 96 +++++-
src/conf/domain_conf.h | 5 +
src/conf/secret_conf.c | 13 +
src/conf/virtpm_conf.c | 36 ++
src/conf/virtpm_conf.h | 36 ++
src/libvirt_private.syms | 21 +-
src/qemu/Makefile.inc.am | 1 +
src/qemu/qemu_block.c | 1 +
src/qemu/qemu_driver.c | 28 ++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +
src/qemu/qemu_tpm.c | 197 ++++++-----
src/security/Makefile.inc.am | 1 +
src/tpm/Makefile.inc.am | 20 ++
src/tpm/virtpm.c | 325 ++++++++++++++++++
src/{util => tpm}/virtpm.h | 8 +
src/util/Makefile.inc.am | 2 -
src/util/vircommand.c | 139 +++++++-
src/util/vircommand.h | 5 +
src/util/virsecret.c | 2 +-
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
src/util/virtpm.c | 74 ----
tests/Makefile.am | 1 +
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++
.../tpm-emulator-tpm2-enc.xml | 34 ++
tests/qemuxml2argvtest.c | 1 +
.../tpm-emulator-tpm2-enc.xml | 38 ++
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
39 files changed, 1099 insertions(+), 166 deletions(-)
create mode 100644 src/conf/virtpm_conf.c
create mode 100644 src/conf/virtpm_conf.h
create mode 100644 src/tpm/Makefile.inc.am
create mode 100644 src/tpm/virtpm.c
rename src/{util => tpm}/virtpm.h (77%)
delete mode 100644 src/util/virtpm.c
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
--
2.20.1
5 years, 5 months
[libvirt] [PATCH] virsh emulatorpin, vcpupin: omit offline CPUs from affinity map
by Scott Cheloha
Each host CPU is not necessarily online. Including CPUs that are
known to be offline in the default affinity map doesn't make much
sense. We can try to omit those CPUs if the host supports CPU
bitmaps, i.e. virHostCPUHasBitmap() is true. Otherwise we can
return a full map as we do now.
For example, given the following lscpu(1):
Architecture: ppc64le
Byte Order: Little Endian
CPU(s): 128
On-line CPU(s) list: 0,8,16,24,32,40,48,56,64,72,80,88,96,104,112,120
Off-line CPU(s) list: 1-7,9-15,17-23,25-31,33-39,41-47,49-55,57-63,65-71,73-79,81-87,89-95,97-103,105-111,113-119,121-127
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 4
NUMA node(s): 4
Model: 2.1 (pvr 004b 0201)
Model name: POWER8E (raw), altivec supported
CPU max MHz: 4322.0000
CPU min MHz: 2061.0000
L1d cache: 64K
L1i cache: 32K
L2 cache: 512K
L3 cache: 8192K
NUMA node0 CPU(s): 0,8,16,24
NUMA node1 CPU(s): 32,40,48,56
NUMA node16 CPU(s): 64,72,80,88
NUMA node17 CPU(s): 96,104,112,120
the current behavior for a guest with no VCPU configuration is:
$ virsh vcpupin myvm
----------------------------------
0: 0-127
but this patch instead you get:
VCPU CPU Affinity
----------------------------------
0 0,8,16,24,32,40,48,56,64,72,80,88,96,104,112,120
which is more consistent with the lscpu(1) output.
Fixes: ibm bz174632 (rhbz#1434276)
Signed-off-by: Scott Cheloha <cheloha(a)linux.vnet.ibm.com>
---
I'm unsure whether it's better to automatically fall back
to the full map if virHostCPUGetOnlineBitmap() fails, or to
fail loudly as I do in this patch.
Preferences?
src/conf/domain_conf.c | 8 ++++++++
src/qemu/qemu_driver.c | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3323c9a5b1..0ea6f69574 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1989,6 +1989,7 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def,
int maxvcpus = virDomainDefGetVcpusMax(def);
size_t i;
VIR_AUTOPTR(virBitmap) allcpumap = NULL;
+ VIR_AUTOPTR(virBitmap) onlinemap = NULL;
if (hostcpus < 0)
return -1;
@@ -1998,6 +1999,11 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def,
virBitmapSetAll(allcpumap);
+ if (virHostCPUHasBitmap()) {
+ if (!(onlinemap = virHostCPUGetOnlineBitmap()))
+ return -1;
+ }
+
for (i = 0; i < maxvcpus && i < ncpumaps; i++) {
virDomainVcpuDefPtr vcpu = virDomainDefGetVcpu(def, i);
virBitmapPtr bitmap = NULL;
@@ -2009,6 +2015,8 @@ virDomainDefGetVcpuPinInfoHelper(virDomainDefPtr def,
bitmap = autoCpuset;
else if (def->cpumask)
bitmap = def->cpumask;
+ else if (onlinemap)
+ bitmap = onlinemap;
else
bitmap = allcpumap;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5a75f23981..2c59513929 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5377,6 +5377,10 @@ qemuDomainGetEmulatorPinInfo(virDomainPtr dom,
} else if (vm->def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO &&
autoCpuset) {
cpumask = autoCpuset;
+ } else if (virHostCPUHasBitmap()) {
+ if (!(bitmap = virHostCPUGetOnlineBitmap()))
+ goto cleanup;
+ cpumask = bitmap;
} else {
if (!(bitmap = virBitmapNew(hostcpus)))
goto cleanup;
--
2.20.1
5 years, 5 months
[libvirt] [jenkins-ci PATCH 0/3] Enable building of the VZ driver on CentOS 7
by Daniel P. Berrangé
The VZ driver in libvirt periodically gets broken by refactoring in
libvirt. This is not noticed either before or after merge because none
of our CI tests nor common developer build hosts includ the deps needed
for the VZ driver.
The OpenVZ project, however, does provide builds of the required
packages for RHEL-7. We can use these packages in our CentOS 7 CI VMs to
enable build testing of the VZ driver. This closes the only hole we have
in driver build coverage for CI.
Daniel P. Berrangé (3):
guests: add openvz repository on CentOS 7
guests: define mapping for the libprlsdk package
guests: add libprlsdk package to libvirt project
guests/playbooks/update/tasks/base.yml | 10 ++++++++++
guests/playbooks/update/templates/openvz.repo.j2 | 9 +++++++++
guests/vars/mappings.yml | 4 ++++
guests/vars/projects/libvirt.yml | 1 +
4 files changed, 24 insertions(+)
create mode 100644 guests/playbooks/update/templates/openvz.repo.j2
--
2.21.0
5 years, 5 months
