8:08 a.m.
Daniel P. Berrangé (3):
conf: add support for VNC power control setting
qemu: probe for -vnc power-control option support
qemu: wire up support for VNC power control options
docs/formatdomain.rst | 5 +++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 12 ++++++++++++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 9 +++++++++
tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 +
tests/qemuxml2argvdata/graphics-vnc-policy.args | 2 +-
tests/qemuxml2argvdata/graphics-vnc-policy.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
11 files changed, 39 insertions(+), 3 deletions(-)
--
2.29.2
8:08 a.m.
New subject: [libvirt PATCH 1/3] conf: add support for VNC power control setting
The <graphics type="vnc" .... powerControl="on"/> option
instructs the
VNC server to enable an extension that lets the client perform a
graceful shutdown, reboot and hard reset.
This is enabled by default since it cannot be assumed that the VNC
client user has administrator rights over the guest OS. In the case
where the VNC user is a guest administrator though, it is reasonable
to allow direct power control host side too.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatdomain.rst | 5 +++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 12 ++++++++++++
src/conf/domain_conf.h | 1 +
4 files changed, 23 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index eafd6b3396..580319365c 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -5791,6 +5791,11 @@ interaction with the admin.
``autoport`` having no effect due to security reasons) :since:`Since
1.0.6` .
+ For VNC, the ``powerControl`` attribute can be used to enable VM shutdown,
+ reboot and reset power control features for the VNC client. This is
+ appropriate if the authenticated VNC client user already has administrator
+ privileges in the guest :since:`Since 7.1.0`.
+
Although VNC doesn't support OpenGL natively, it can be paired with
graphics type ``egl-headless`` (see below) which will instruct QEMU to
open and use drm nodes for OpenGL rendering.
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index e6de934456..49dc4b5130 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3663,6 +3663,11 @@
</choice>
</attribute>
</optional>
+ <optional>
+ <attribute name="powerControl">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
</group>
<group>
<optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b731744f04..91933bf292 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -13150,6 +13150,7 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
g_autofree char *websocketGenerated = virXMLPropString(node,
"websocketGenerated");
g_autofree char *sharePolicy = virXMLPropString(node, "sharePolicy");
g_autofree char *autoport = virXMLPropString(node, "autoport");
+ g_autofree char *powerControl = virXMLPropString(node, "powerControl");
if (virDomainGraphicsListensParseXML(def, node, ctxt, flags) < 0)
return -1;
@@ -13206,6 +13207,13 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
}
}
+ if (powerControl &&
+ virStringParseYesNo(powerControl, &def->data.vnc.powerControl) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot parse vnc power control '%s'"),
powerControl);
+ return -1;
+ }
+
def->data.vnc.keymap = virXMLPropString(node, "keymap");
if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
@@ -27148,6 +27156,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
virDomainGraphicsVNCSharePolicyTypeToString(
def->data.vnc.sharePolicy));
+ if (def->data.vnc.powerControl)
+ virBufferAsprintf(buf, " powerControl='%s'",
+ def->data.vnc.powerControl ? "yes" :
"no");
+
virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930eed60de..544ec1b2fa 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1712,6 +1712,7 @@ struct _virDomainGraphicsDef {
char *keymap;
virDomainGraphicsAuthDef auth;
int sharePolicy;
+ bool powerControl;
} vnc;
struct {
char *display;
--
2.29.2
8:23 a.m.
New subject: [libvirt PATCH 1/3] conf: add support for VNC power control setting
On Tue, Feb 16, 2021 at 14:08:50 +0000, Daniel Berrange wrote:
The <graphics type="vnc" ....
powerControl="on"/> option instructs the
VNC server to enable an extension that lets the client perform a
graceful shutdown, reboot and hard reset.
This is enabled by default since it cannot be assumed that the VNC
client user has administrator rights over the guest OS. In the case
where the VNC user is a guest administrator though, it is reasonable
to allow direct power control host side too.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatdomain.rst | 5 +++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 12 ++++++++++++
src/conf/domain_conf.h | 1 +
4 files changed, 23 insertions(+)
[...]
A XML2XML test case would show that 'no' is useless in this impl, see
below.
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930eed60de..544ec1b2fa 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1712,6 +1712,7 @@ struct _virDomainGraphicsDef {
char *keymap;
virDomainGraphicsAuthDef auth;
int sharePolicy;
+ bool powerControl;
This is declared as bool.
} vnc;
struct {
char *display;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b731744f04..91933bf292 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
[...]
@@ -13206,6 +13207,13 @@
virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
}
}
+ if (powerControl &&
+ virStringParseYesNo(powerControl, &def->data.vnc.powerControl) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot parse vnc power control '%s'"),
powerControl);
+ return -1;
+ }
+
def->data.vnc.keymap = virXMLPropString(node, "keymap");
if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
@@ -27148,6 +27156,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
virDomainGraphicsVNCSharePolicyTypeToString(
def->data.vnc.sharePolicy));
+ if (def->data.vnc.powerControl)
+ virBufferAsprintf(buf, " powerControl='%s'",
+ def->data.vnc.powerControl ? "yes" :
"no");
So this doesn't make much sense. You can't use 'no' since it will vanish
from the XML.
Did you want to use a Tristate?
+
virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
break;
--
2.29.2
8:26 a.m.
New subject: [libvirt PATCH 1/3] conf: add support for VNC power control setting
On a Tuesday in 2021, Daniel P. Berrangé wrote:
The <graphics type="vnc" ....
powerControl="on"/> option instructs the
VNC server to enable an extension that lets the client perform a
graceful shutdown, reboot and hard reset.
This is enabled by default since it cannot be assumed that the VNC
client user has administrator rights over the guest OS. In the case
where the VNC user is a guest administrator though, it is reasonable
to allow direct power control host side too.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/formatdomain.rst | 5 +++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_conf.c | 12 ++++++++++++
src/conf/domain_conf.h | 1 +
4 files changed, 23 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index eafd6b3396..580319365c 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -5791,6 +5791,11 @@ interaction with the admin.
``autoport`` having no effect due to security reasons) :since:`Since
1.0.6` .
+ For VNC, the ``powerControl`` attribute can be used to enable VM shutdown,
+ reboot and reset power control features for the VNC client. This is
+ appropriate if the authenticated VNC client user already has administrator
+ privileges in the guest :since:`Since 7.1.0`.
+
Although VNC doesn't support OpenGL natively, it can be paired with
graphics type ``egl-headless`` (see below) which will instruct QEMU to
open and use drm nodes for OpenGL rendering.
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index e6de934456..49dc4b5130 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3663,6 +3663,11 @@
</choice>
</attribute>
</optional>
+ <optional>
+ <attribute name="powerControl">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
</group>
<group>
<optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index b731744f04..91933bf292 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -13150,6 +13150,7 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
g_autofree char *websocketGenerated = virXMLPropString(node,
"websocketGenerated");
g_autofree char *sharePolicy = virXMLPropString(node, "sharePolicy");
g_autofree char *autoport = virXMLPropString(node, "autoport");
+ g_autofree char *powerControl = virXMLPropString(node, "powerControl");
if (virDomainGraphicsListensParseXML(def, node, ctxt, flags) < 0)
return -1;
@@ -13206,6 +13207,13 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDefPtr def,
}
}
+ if (powerControl &&
+ virStringParseYesNo(powerControl, &def->data.vnc.powerControl) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot parse vnc power control '%s'"),
powerControl);
+ return -1;
+ }
+
def->data.vnc.keymap = virXMLPropString(node, "keymap");
if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
@@ -27148,6 +27156,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
virDomainGraphicsVNCSharePolicyTypeToString(
def->data.vnc.sharePolicy));
+ if (def->data.vnc.powerControl)
+ virBufferAsprintf(buf, " powerControl='%s'",
+ def->data.vnc.powerControl ? "yes" :
"no");
The "no" branch is dead code. If you don't want to format "no"
unless it
was explicitly requested, use virTristateBool.
Jano
+
virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags);
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930eed60de..544ec1b2fa 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1712,6 +1712,7 @@ struct _virDomainGraphicsDef {
char *keymap;
virDomainGraphicsAuthDef auth;
int sharePolicy;
+ bool powerControl;
} vnc;
struct {
char *display;
--
2.29.2
8:08 a.m.
New subject: [libvirt PATCH 2/3] qemu: probe for -vnc power-control option support
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 3f8593a9e5..8fa23f14be 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -617,6 +617,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
"cpu-max",
"memory-backend-file.x-use-canonical-path-for-ramblock-id",
"vnc-opts",
+ "vnc-power-control",
);
@@ -3297,6 +3298,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] =
{
{ "fw_cfg", "file", QEMU_CAPS_FW_CFG },
{ "fsdev", "fmode", QEMU_CAPS_FSDEV_CREATEMODE }, /* Could have
also checked fsdev->dmode */
{ "vnc", "display", QEMU_CAPS_VNC_OPTS },
+ { "vnc", "power-control", QEMU_CAPS_VNC_POWER_CONTROL },
};
static int
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 38574eef16..e327db0148 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -597,6 +597,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check
*/
QEMU_CAPS_CPU_MAX, /* -cpu max */
QEMU_CAPS_X_USE_CANONICAL_PATH_FOR_RAMBLOCK_ID, /* -object
memory-backend-file,x-use-canonical-path-for-ramblock-id= */
QEMU_CAPS_VNC_OPTS, /* -vnc uses QemuOpts parser instead of custom code */
+ QEMU_CAPS_VNC_POWER_CONTROL, /* -vnc power-control option */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
index 23fb5b7393..3ef05ec94e 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
@@ -256,6 +256,7 @@
<flag name='cpu-max'/>
<flag name='memory-backend-file.x-use-canonical-path-for-ramblock-id'/>
<flag name='vnc-opts'/>
+ <flag name='vnc-power-control'/>
<version>5002050</version>
<kvmVersion>0</kvmVersion>
<microcodeVersion>43100242</microcodeVersion>
--
2.29.2
8:24 a.m.
New subject: [libvirt PATCH 2/3] qemu: probe for -vnc power-control option support
On Tue, Feb 16, 2021 at 14:08:51 +0000, Daniel Berrange wrote:
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 +
3 files changed, 4 insertions(+)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
8:08 a.m.
New subject: [libvirt PATCH 3/3] qemu: wire up support for VNC power control options
This allows the VNC client user to perform a shutdown, reboot and reset
of the VM from the host side.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_command.c | 9 +++++++++
tests/qemuxml2argvdata/graphics-vnc-policy.args | 2 +-
tests/qemuxml2argvdata/graphics-vnc-policy.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d801018aa2..266cf7332e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7700,6 +7700,15 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
/* TODO: Support ACLs later */
}
+ if (graphics->data.vnc.powerControl) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_VNC_POWER_CONTROL)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("VNC power control is not available"));
+ return -1;
+ }
+ virBufferAddLit(&opt, ",power-control=on");
+ }
+
virCommandAddArg(cmd, "-vnc");
virCommandAddArgBuffer(cmd, &opt);
if (graphics->data.vnc.keymap)
diff --git a/tests/qemuxml2argvdata/graphics-vnc-policy.args
b/tests/qemuxml2argvdata/graphics-vnc-policy.args
index 85b7d722e0..d3a8d66161 100644
--- a/tests/qemuxml2argvdata/graphics-vnc-policy.args
+++ b/tests/qemuxml2argvdata/graphics-vnc-policy.args
@@ -26,5 +26,5 @@ server=on,wait=off \
-usb \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--vnc '[::]:59630,share=allow-exclusive' \
+-vnc '[::]:59630,share=allow-exclusive,power-control=on' \
-vga cirrus
diff --git a/tests/qemuxml2argvdata/graphics-vnc-policy.xml
b/tests/qemuxml2argvdata/graphics-vnc-policy.xml
index 344f019079..4bee773438 100644
--- a/tests/qemuxml2argvdata/graphics-vnc-policy.xml
+++ b/tests/qemuxml2argvdata/graphics-vnc-policy.xml
@@ -25,7 +25,7 @@
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
- <graphics type='vnc' port='65530' autoport='no'
listen='::' sharePolicy='allow-exclusive'>
+ <graphics type='vnc' port='65530' autoport='no'
listen='::' sharePolicy='allow-exclusive' powerControl='yes'>
<listen type='address' address='::'/>
</graphics>
<video>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index db438c5466..b4df042fea 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1364,7 +1364,7 @@ mymain(void)
QEMU_CAPS_VNC,
QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-policy", QEMU_CAPS_VNC,
- QEMU_CAPS_DEVICE_CIRRUS_VGA);
+ QEMU_CAPS_DEVICE_CIRRUS_VGA, QEMU_CAPS_VNC_POWER_CONTROL);
DO_TEST("graphics-vnc-no-listen-attr", QEMU_CAPS_VNC,
QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-remove-generated-socket", QEMU_CAPS_VNC,
--
2.29.2
8:25 a.m.
New subject: [libvirt PATCH 3/3] qemu: wire up support for VNC power control options
On Tue, Feb 16, 2021 at 14:08:52 +0000, Daniel Berrange wrote:
This allows the VNC client user to perform a shutdown, reboot and
reset
of the VM from the host side.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_command.c | 9 +++++++++
tests/qemuxml2argvdata/graphics-vnc-policy.args | 2 +-
tests/qemuxml2argvdata/graphics-vnc-policy.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d801018aa2..266cf7332e 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7700,6 +7700,15 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
/* TODO: Support ACLs later */
}
+ if (graphics->data.vnc.powerControl) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_VNC_POWER_CONTROL)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("VNC power control is not available"));
+ return -1;
+ }
Invoking this check from qemuValidateDomainDeviceDefGraphics will give
you define-time check whether the VM supports this rather than
startup-time.
+ virBufferAddLit(&opt, ",power-control=on");
+ }
So we don't want to be able to explicitly turn this off?
+
virCommandAddArg(cmd, "-vnc");
virCommandAddArgBuffer(cmd, &opt);
if (graphics->data.vnc.keymap)
[...]
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index db438c5466..b4df042fea 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1364,7 +1364,7 @@ mymain(void)
QEMU_CAPS_VNC,
QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-policy", QEMU_CAPS_VNC,
- QEMU_CAPS_DEVICE_CIRRUS_VGA);
+ QEMU_CAPS_DEVICE_CIRRUS_VGA, QEMU_CAPS_VNC_POWER_CONTROL);
Rather than adding the capability, either convert the test case to
DO_TEST_CAPS_LATEST or add a separate _LATEST() case for it.
DO_TEST("graphics-vnc-no-listen-attr", QEMU_CAPS_VNC,
QEMU_CAPS_DEVICE_CIRRUS_VGA);
DO_TEST("graphics-vnc-remove-generated-socket", QEMU_CAPS_VNC,
--
2.29.2
1365
days inactive
1365
days old
7 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Ján Tomko -
Peter Krempa