From: Daniel P. Berrange Date: Wed, 16 Sep 2009 11:31:13 +0000 (+0100) Subject: Move config files to align with driver sources X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=ec171c529a11a1c9a06ba3d85a23ced1ed162dae;p=libvirt.git Move config files to align with driver sources * daemon/default-network.xml: Move to src/network/default.xml * daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move to src/qemu/ * src/qemu.conf: Move to src/qemu/qemu.conf * daemon/Makefile.am: Remove rules for default-nmetwork.xml and libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in uninstall-local that would install polkit again. * src/Makefile.am: Add rules for installing network/default.xml and the qemu/*.aug files. Add test case for QEMU augeas files. Add uninstall-local rule for files/directories created during install. Rename install-exec-local to install-data-local. Only install qemu.conf if WITH_QEMU is set. * tests/networkschematest: Update for XML location move --- diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 7ebd3caa09..89c94b3306 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -16,7 +16,6 @@ AVAHI_SOURCES = \ DISTCLEANFILES = EXTRA_DIST = \ - default-network.xml \ remote_generate_stubs.pl rpcgen_fix.pl \ remote_protocol.x \ libvirtd.conf \ @@ -26,10 +25,8 @@ EXTRA_DIST = \ libvirtd.sasl \ libvirtd.sysconf \ libvirtd.aug \ - libvirtd_qemu.aug \ libvirtd.logrotate.in \ test_libvirtd.aug \ - test_libvirtd_qemu.aug \ $(AVAHI_SOURCES) \ $(DAEMON_SOURCES) @@ -69,18 +66,16 @@ remote_protocol.c: remote_protocol.h if WITH_LIBVIRTD -UUID=$(shell uuidgen 2>/dev/null) - sbin_PROGRAMS = libvirtd confdir = $(sysconfdir)/libvirt/ conf_DATA = libvirtd.conf augeasdir = $(datadir)/augeas/lenses -augeas_DATA = libvirtd.aug libvirtd_qemu.aug +augeas_DATA = libvirtd.aug augeastestsdir = $(datadir)/augeas/lenses/tests -augeastests_DATA = test_libvirtd.aug test_libvirtd_qemu.aug +augeastests_DATA = test_libvirtd.aug libvirtd_SOURCES = $(DAEMON_SOURCES) @@ -164,27 +159,14 @@ libvirtd_LDADD += $(AVAHI_LIBS) endif -default_xml_dest = libvirt/qemu/networks/default.xml install-data-local: install-init install-data-sasl install-data-polkit \ install-logrotate - mkdir -p $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart - $(INSTALL_DATA) $(srcdir)/default-network.xml \ - $(DESTDIR)$(sysconfdir)/$(default_xml_dest) - test -z "$(UUID)" || \ - sed -i -e "s,,\n $(UUID)," \ - $(DESTDIR)$(sysconfdir)/$(default_xml_dest) - test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ - ln -s ../default.xml \ - $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml - mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/qemu + mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt -uninstall-local:: uninstall-init install-data-sasl install-data-polkit - rm -f $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml - rm -f $(DESTDIR)$(sysconfdir)/$(default_xml_dest) - rmdir $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart || : - rmdir $(DESTDIR)$(localstatedir)/log/libvirt/qemu || : +uninstall-local:: uninstall-init uninstall-data-sasl uninstall-data-polkit + rmdir $(DESTDIR)$(localstatedir)/log/libvirt || : rmdir $(DESTDIR)$(localstatedir)/run/libvirt || : rmdir $(DESTDIR)$(localstatedir)/lib/libvirt || : @@ -257,8 +239,6 @@ libvirtd.init: libvirtd.init.in check-local: test -x '$(AUGPARSE)' \ && '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd.aug || : - test -x '$(AUGPARSE)' \ - && '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd_qemu.aug || : else diff --git a/daemon/default-network.xml b/daemon/default-network.xml deleted file mode 100644 index 9cfc01ed78..0000000000 --- a/daemon/default-network.xml +++ /dev/null @@ -1,10 +0,0 @@ - - default - - - - - - - - diff --git a/daemon/libvirtd_qemu.aug b/daemon/libvirtd_qemu.aug deleted file mode 100644 index f0b2a5e3c1..0000000000 --- a/daemon/libvirtd_qemu.aug +++ /dev/null @@ -1,52 +0,0 @@ -(* /etc/libvirt/qemu.conf *) - -module Libvirtd_qemu = - autoload xfm - - let eol = del /[ \t]*\n/ "\n" - let value_sep = del /[ \t]*=[ \t]*/ " = " - let indent = del /[ \t]*/ "" - - let array_sep = del /,[ \t\n]*/ ", " - let array_start = del /\[[ \t\n]*/ "[ " - let array_end = del /\]/ "]" - - let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\"" - let bool_val = store /0|1/ - let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ "" - let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end - - let str_entry (kw:string) = [ key kw . value_sep . str_val ] - let bool_entry (kw:string) = [ key kw . value_sep . bool_val ] - let str_array_entry (kw:string) = [ key kw . value_sep . str_array_val ] - - - (* Config entry grouped by function - same order as example config *) - let vnc_entry = str_entry "vnc_listen" - | bool_entry "vnc_tls" - | str_entry "vnc_tls_x509_cert_dir" - | bool_entry "vnc_tls_x509_verify" - | str_entry "vnc_password" - | bool_entry "vnc_sasl" - | str_entry "vnc_sasl_dir" - | str_entry "security_driver" - | str_entry "user" - | str_entry "group" - | str_array_entry "cgroup_controllers" - | str_array_entry "cgroup_device_acl" - | str_entry "save_image_format" - | str_entry "hugetlbfs_mount" - - (* Each enty in the config is one of the following three ... *) - let entry = vnc_entry - let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] - let empty = [ label "#empty" . eol ] - - let record = indent . entry . eol - - let lns = ( record | comment | empty ) * - - let filter = incl "/etc/libvirt/qemu.conf" - . Util.stdexcl - - let xfm = transform lns filter diff --git a/daemon/test_libvirtd_qemu.aug b/daemon/test_libvirtd_qemu.aug deleted file mode 100644 index ac89438651..0000000000 --- a/daemon/test_libvirtd_qemu.aug +++ /dev/null @@ -1,198 +0,0 @@ -module Test_libvirtd_qemu = - - let conf = "# Master configuration file for the QEMU driver. -# All settings described here are optional - if omitted, sensible -# defaults are used. - -# VNC is configured to listen on 127.0.0.1 by default. -# To make it listen on all public interfaces, uncomment -# this next option. -# -# NB, strong recommendation to enable TLS + x509 certificate -# verification when allowing public access -# -vnc_listen = \"0.0.0.0\" - - -# Enable use of TLS encryption on the VNC server. This requires -# a VNC client which supports the VeNCrypt protocol extension. -# Examples include vinagre, virt-viewer, virt-manager and vencrypt -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to setup CA and issue a server certificate -# before enabling this. -# -vnc_tls = 1 - - -# Use of TLS requires that x509 certificates be issued. The -# default it to keep them in /etc/pki/libvirt-vnc. This directory -# must contain -# -# ca-cert.pem - the CA master certificate -# server-cert.pem - the server certificate signed with ca-cert.pem -# server-key.pem - the server private key -# -# This option allows the certificate directory to be changed -# -vnc_tls_x509_cert_dir = \"/etc/pki/libvirt-vnc\" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# and encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing a x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client who does not have a -# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem -# -vnc_tls_x509_verify = 1 - - -# The default VNC password. Only 8 letters are significant for -# VNC passwords. This parameter is only used if the per-domain -# XML config does not already provide a password. To allow -# access without passwords, leave this commented out. An empty -# string will still enable passwords, but be rejected by QEMU -# effectively preventing any use of VNC. Obviously change this -# example here before you set this -# -vnc_password = \"XYZ12345\" - - -# Enable use of SASL encryption on the VNC server. This requires -# a VNC client which supports the SASL protocol extension. -# Examples include vinagre, virt-viewer and virt-manager -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to configure /etc/sasl2/qemu.conf to choose -# the desired SASL plugin (eg, GSSPI for Kerberos) -# -vnc_sasl = 1 - - -# The default SASL configuration file is located in /etc/sasl2/ -# When running libvirtd unprivileged, it may be desirable to -# override the configs in this location. Set this parameter to -# point to the directory, and create a qemu.conf in that location -# -vnc_sasl_dir = \"/some/directory/sasl2\" - -security_driver = \"selinux\" - -user = \"root\" - -group = \"root\" - -cgroup_controllers = [ \"cpu\", \"devices\" ] - -cgroup_device_acl = [ \"/dev/null\", \"/dev/full\", \"/dev/zero\" ] - -save_image_format = \"gzip\" - -hugetlbfs_mount = \"/dev/hugepages\" -" - - test Libvirtd_qemu.lns get conf = -{ "#comment" = "Master configuration file for the QEMU driver." } -{ "#comment" = "All settings described here are optional - if omitted, sensible" } -{ "#comment" = "defaults are used." } -{ "#empty" } -{ "#comment" = "VNC is configured to listen on 127.0.0.1 by default." } -{ "#comment" = "To make it listen on all public interfaces, uncomment" } -{ "#comment" = "this next option." } -{ "#comment" = "" } -{ "#comment" = "NB, strong recommendation to enable TLS + x509 certificate" } -{ "#comment" = "verification when allowing public access" } -{ "#comment" = "" } -{ "vnc_listen" = "0.0.0.0" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "Enable use of TLS encryption on the VNC server. This requires" } -{ "#comment" = "a VNC client which supports the VeNCrypt protocol extension." } -{ "#comment" = "Examples include vinagre, virt-viewer, virt-manager and vencrypt" } -{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" } -{ "#comment" = "" } -{ "#comment" = "It is necessary to setup CA and issue a server certificate" } -{ "#comment" = "before enabling this." } -{ "#comment" = "" } -{ "vnc_tls" = "1" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "Use of TLS requires that x509 certificates be issued. The" } -{ "#comment" = "default it to keep them in /etc/pki/libvirt-vnc. This directory" } -{ "#comment" = "must contain" } -{ "#comment" = "" } -{ "#comment" = "ca-cert.pem - the CA master certificate" } -{ "#comment" = "server-cert.pem - the server certificate signed with ca-cert.pem" } -{ "#comment" = "server-key.pem - the server private key" } -{ "#comment" = "" } -{ "#comment" = "This option allows the certificate directory to be changed" } -{ "#comment" = "" } -{ "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "The default TLS configuration only uses certificates for the server" } -{ "#comment" = "allowing the client to verify the server's identity and establish" } -{ "#comment" = "and encrypted channel." } -{ "#comment" = "" } -{ "#comment" = "It is possible to use x509 certificates for authentication too, by" } -{ "#comment" = "issuing a x509 certificate to every client who needs to connect." } -{ "#comment" = "" } -{ "#comment" = "Enabling this option will reject any client who does not have a" } -{ "#comment" = "certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem" } -{ "#comment" = "" } -{ "vnc_tls_x509_verify" = "1" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "The default VNC password. Only 8 letters are significant for" } -{ "#comment" = "VNC passwords. This parameter is only used if the per-domain" } -{ "#comment" = "XML config does not already provide a password. To allow" } -{ "#comment" = "access without passwords, leave this commented out. An empty" } -{ "#comment" = "string will still enable passwords, but be rejected by QEMU" } -{ "#comment" = "effectively preventing any use of VNC. Obviously change this" } -{ "#comment" = "example here before you set this" } -{ "#comment" = "" } -{ "vnc_password" = "XYZ12345" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" } -{ "#comment" = "a VNC client which supports the SASL protocol extension." } -{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" } -{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" } -{ "#comment" = "" } -{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" } -{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" } -{ "#comment" = "" } -{ "vnc_sasl" = "1" } -{ "#empty" } -{ "#empty" } -{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" } -{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" } -{ "#comment" = "override the configs in this location. Set this parameter to" } -{ "#comment" = "point to the directory, and create a qemu.conf in that location" } -{ "#comment" = "" } -{ "vnc_sasl_dir" = "/some/directory/sasl2" } -{ "#empty" } -{ "security_driver" = "selinux" } -{ "#empty" } -{ "user" = "root" } -{ "#empty" } -{ "group" = "root" } -{ "#empty" } -{ "cgroup_controllers" - { "1" = "cpu" } - { "2" = "devices" } -} -{ "#empty" } -{ "cgroup_device_acl" - { "1" = "/dev/null" } - { "2" = "/dev/full" } - { "3" = "/dev/zero" } -} -{ "#empty" } -{ "save_image_format" = "gzip" } -{ "#empty" } -{ "hugetlbfs_mount" = "/dev/hugepages" } \ No newline at end of file diff --git a/src/Makefile.am b/src/Makefile.am index 31aad5fe5f..f2c0545f35 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -19,11 +19,11 @@ INCLUDES = \ $(WARN_CFLAGS) \ $(LOCK_CHECKING_CFLAGS) -confdir = $(sysconfdir)/libvirt/ -conf_DATA = qemu.conf - EXTRA_DIST = $(conf_DATA) +if WITH_NETWORK +UUID=$(shell uuidgen 2>/dev/null) +endif lib_LTLIBRARIES = libvirt.la @@ -358,7 +358,23 @@ if WITH_DRIVER_MODULES libvirt_driver_qemu_la_LDFLAGS += -module -avoid-version endif libvirt_driver_qemu_la_SOURCES = $(QEMU_DRIVER_SOURCES) + +confdir = $(sysconfdir)/libvirt/ +conf_DATA = qemu/qemu.conf + +augeasdir = $(datadir)/augeas/lenses +augeas_DATA = qemu/libvirtd_qemu.aug + +augeastestdir = $(datadir)/augeas/lenses/tests +augeastest_DATA = qemu/test_libvirtd_qemu.aug + +check-local: + test -x '$(AUGPARSE)' \ + && '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd_qemu.aug || : + endif +EXTRA_DIST += qemu/qemu.conf qemu/libvirtd_qemu.aug qemu/test_libvirtd_qemu.aug + if WITH_LXC if WITH_DRIVER_MODULES @@ -438,6 +454,10 @@ libvirt_driver_network_la_LDFLAGS = -module -avoid-version endif libvirt_driver_network_la_SOURCES = $(NETWORK_DRIVER_SOURCES) endif +EXTRA_DIST += network/default.xml + + + if WITH_NETCF libvirt_driver_interface_la_LDFLAGS = $(NETCF_LIBS) @@ -688,7 +708,7 @@ endif endif EXTRA_DIST += $(LXC_CONTROLLER_SOURCES) -install-exec-local: +install-data-local: $(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/images" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/boot" @@ -696,6 +716,7 @@ if WITH_QEMU $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/qemu" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" + $(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" endif if WITH_LXC $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/lxc" @@ -710,8 +731,46 @@ if WITH_NETWORK $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/iptables/nat" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/network" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/network" + $(MKDIR_P) "$(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart" + $(INSTALL_DATA) $(srcdir)/network/default.xml \ + $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml + test -z "$(UUID)" || \ + sed -i -e "s,,\n $(UUID)," \ + $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml + test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ + ln -s ../default.xml \ + $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml +endif + +uninstall-local:: + rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt" ||: + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/images" ||: + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/boot" ||: +if WITH_QEMU + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/qemu" ||: + rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/qemu" ||: + rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt/qemu" ||: + rmdir "$(DESTDIR)$(localstatedir)/log/libvirt/qemu" ||: endif - +if WITH_LXC + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/lxc" ||: + rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/lxc" ||: +endif +if WITH_UML + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/uml" ||: + rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/uml" ||: +endif +if WITH_NETWORK + rm -f $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + rm -f $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml + rmdir "$(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart" || : + rmdir "$(DESTDIR)$(sysconfdir)/libvirt/qemu/networks" || : + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/iptables/filter" ||: + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/iptables/nat" ||: + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/network" ||: + rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/network" ||: +endif + rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt" ||: CLEANFILES = *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda *.i *.s DISTCLEANFILES = $(BUILT_SOURCES) diff --git a/src/network/default.xml b/src/network/default.xml new file mode 100644 index 0000000000..9cfc01ed78 --- /dev/null +++ b/src/network/default.xml @@ -0,0 +1,10 @@ + + default + + + + + + + + diff --git a/src/qemu.conf b/src/qemu.conf deleted file mode 100644 index 6d6b86afdb..0000000000 --- a/src/qemu.conf +++ /dev/null @@ -1,154 +0,0 @@ -# Master configuration file for the QEMU driver. -# All settings described here are optional - if omitted, sensible -# defaults are used. - -# VNC is configured to listen on 127.0.0.1 by default. -# To make it listen on all public interfaces, uncomment -# this next option. -# -# NB, strong recommendation to enable TLS + x509 certificate -# verification when allowing public access -# -# vnc_listen = "0.0.0.0" - - -# Enable use of TLS encryption on the VNC server. This requires -# a VNC client which supports the VeNCrypt protocol extension. -# Examples include vinagre, virt-viewer, virt-manager and vencrypt -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to setup CA and issue a server certificate -# before enabling this. -# -# vnc_tls = 1 - - -# Use of TLS requires that x509 certificates be issued. The -# default it to keep them in /etc/pki/libvirt-vnc. This directory -# must contain -# -# ca-cert.pem - the CA master certificate -# server-cert.pem - the server certificate signed with ca-cert.pem -# server-key.pem - the server private key -# -# This option allows the certificate directory to be changed -# -# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# and encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing a x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client who does not have a -# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem -# -# vnc_tls_x509_verify = 1 - - -# The default VNC password. Only 8 letters are significant for -# VNC passwords. This parameter is only used if the per-domain -# XML config does not already provide a password. To allow -# access without passwords, leave this commented out. An empty -# string will still enable passwords, but be rejected by QEMU -# effectively preventing any use of VNC. Obviously change this -# example here before you set this -# -# vnc_password = "XYZ12345" - - -# Enable use of SASL encryption on the VNC server. This requires -# a VNC client which supports the SASL protocol extension. -# Examples include vinagre, virt-viewer and virt-manager -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to configure /etc/sasl2/qemu.conf to choose -# the desired SASL plugin (eg, GSSPI for Kerberos) -# -# vnc_sasl = 1 - - -# The default SASL configuration file is located in /etc/sasl2/ -# When running libvirtd unprivileged, it may be desirable to -# override the configs in this location. Set this parameter to -# point to the directory, and create a qemu.conf in that location -# -# vnc_sasl_dir = "/some/directory/sasl2" - - - - -# The default security driver is SELinux. If SELinux is disabled -# on the host, then the security driver will automatically disable -# itself. If you wish to disable QEMU SELinux security driver while -# leaving SELinux enabled for the host in general, then set this -# to 'none' instead -# -# security_driver = "selinux" - - -# The user ID for QEMU processes run by the system instance -#user = "root" - -# The group ID for QEMU processes run by the system instance -#group = "root" - - -# What cgroup controllers to make use of with QEMU guests -# -# - 'cpu' - use for schedular tunables -# - 'devices' - use for device whitelisting -# -# NB, even if configured here, they won't be used unless -# the adminsitrator has mounted cgroups. eg -# -# mkdir /dev/cgroup -# mount -t cgroup -o devices,cpu none /dev/cgroup -# -# They can be mounted anywhere, and different controlers -# can be mounted in different locations. libvirt will detect -# where they are located. -# -# cgroup_controllers = [ "cpu", "devices" ] - -# This is the basic set of devices allowed / required by -# all virtual machines. -# -# As well as this, any configured block backed disks, -# all sound device, and all PTY devices are allowed. -# -# This will only need setting if newer QEMU suddenly -# wants some device we don't already know a bout. -# -#cgroup_device_acl = [ -# "/dev/null", "/dev/full", "/dev/zero", -# "/dev/random", "/dev/urandom", -# "/dev/ptmx", "/dev/kvm", "/dev/kqemu", -# "/dev/rtc", "/dev/hpet", "/dev/net/tun", -#] - -# The default format for Qemu/KVM guest save images is raw; that is, the -# memory from the domain is dumped out directly to a file. If you have -# guests with a large amount of memory, however, this can take up quite -# a bit of space. If you would like to compress the images while they -# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" -# for save_image_format. Note that this means you slow down the process of -# saving a domain in order to save disk space; the list above is in descending -# order by performance and ascending order by compression ratio. -# -# save_image_format = "raw" - -# If provided by the host and a hugetlbfs mount point is configured, -# a guest may request huge page backing. When this mount point is -# unspecified here, determination of a host mount point in /proc/mounts -# will be attempted. Specifying an explicit mount overrides detection -# of the same in /proc/mounts. Setting the mount point to "" will -# disable guest hugepage backing. -# -# NB, within this mount point, guests will create memory backing files -# in a location of $MOUNTPOINT/libvirt/qemu - -# hugetlbfs_mount = "/dev/hugepages" diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug new file mode 100644 index 0000000000..f0b2a5e3c1 --- /dev/null +++ b/src/qemu/libvirtd_qemu.aug @@ -0,0 +1,52 @@ +(* /etc/libvirt/qemu.conf *) + +module Libvirtd_qemu = + autoload xfm + + let eol = del /[ \t]*\n/ "\n" + let value_sep = del /[ \t]*=[ \t]*/ " = " + let indent = del /[ \t]*/ "" + + let array_sep = del /,[ \t\n]*/ ", " + let array_start = del /\[[ \t\n]*/ "[ " + let array_end = del /\]/ "]" + + let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\"" + let bool_val = store /0|1/ + let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ "" + let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end + + let str_entry (kw:string) = [ key kw . value_sep . str_val ] + let bool_entry (kw:string) = [ key kw . value_sep . bool_val ] + let str_array_entry (kw:string) = [ key kw . value_sep . str_array_val ] + + + (* Config entry grouped by function - same order as example config *) + let vnc_entry = str_entry "vnc_listen" + | bool_entry "vnc_tls" + | str_entry "vnc_tls_x509_cert_dir" + | bool_entry "vnc_tls_x509_verify" + | str_entry "vnc_password" + | bool_entry "vnc_sasl" + | str_entry "vnc_sasl_dir" + | str_entry "security_driver" + | str_entry "user" + | str_entry "group" + | str_array_entry "cgroup_controllers" + | str_array_entry "cgroup_device_acl" + | str_entry "save_image_format" + | str_entry "hugetlbfs_mount" + + (* Each enty in the config is one of the following three ... *) + let entry = vnc_entry + let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] + let empty = [ label "#empty" . eol ] + + let record = indent . entry . eol + + let lns = ( record | comment | empty ) * + + let filter = incl "/etc/libvirt/qemu.conf" + . Util.stdexcl + + let xfm = transform lns filter diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf new file mode 100644 index 0000000000..6d6b86afdb --- /dev/null +++ b/src/qemu/qemu.conf @@ -0,0 +1,154 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +# vnc_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +# vnc_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-vnc. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed +# +# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# and encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing a x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem +# +# vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 letters are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU +# effectively preventing any use of VNC. Obviously change this +# example here before you set this +# +# vnc_password = "XYZ12345" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +# vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +# vnc_sasl_dir = "/some/directory/sasl2" + + + + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead +# +# security_driver = "selinux" + + +# The user ID for QEMU processes run by the system instance +#user = "root" + +# The group ID for QEMU processes run by the system instance +#group = "root" + + +# What cgroup controllers to make use of with QEMU guests +# +# - 'cpu' - use for schedular tunables +# - 'devices' - use for device whitelisting +# +# NB, even if configured here, they won't be used unless +# the adminsitrator has mounted cgroups. eg +# +# mkdir /dev/cgroup +# mount -t cgroup -o devices,cpu none /dev/cgroup +# +# They can be mounted anywhere, and different controlers +# can be mounted in different locations. libvirt will detect +# where they are located. +# +# cgroup_controllers = [ "cpu", "devices" ] + +# This is the basic set of devices allowed / required by +# all virtual machines. +# +# As well as this, any configured block backed disks, +# all sound device, and all PTY devices are allowed. +# +# This will only need setting if newer QEMU suddenly +# wants some device we don't already know a bout. +# +#cgroup_device_acl = [ +# "/dev/null", "/dev/full", "/dev/zero", +# "/dev/random", "/dev/urandom", +# "/dev/ptmx", "/dev/kvm", "/dev/kqemu", +# "/dev/rtc", "/dev/hpet", "/dev/net/tun", +#] + +# The default format for Qemu/KVM guest save images is raw; that is, the +# memory from the domain is dumped out directly to a file. If you have +# guests with a large amount of memory, however, this can take up quite +# a bit of space. If you would like to compress the images while they +# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" +# for save_image_format. Note that this means you slow down the process of +# saving a domain in order to save disk space; the list above is in descending +# order by performance and ascending order by compression ratio. +# +# save_image_format = "raw" + +# If provided by the host and a hugetlbfs mount point is configured, +# a guest may request huge page backing. When this mount point is +# unspecified here, determination of a host mount point in /proc/mounts +# will be attempted. Specifying an explicit mount overrides detection +# of the same in /proc/mounts. Setting the mount point to "" will +# disable guest hugepage backing. +# +# NB, within this mount point, guests will create memory backing files +# in a location of $MOUNTPOINT/libvirt/qemu + +# hugetlbfs_mount = "/dev/hugepages" diff --git a/src/qemu/test_libvirtd_qemu.aug b/src/qemu/test_libvirtd_qemu.aug new file mode 100644 index 0000000000..ac89438651 --- /dev/null +++ b/src/qemu/test_libvirtd_qemu.aug @@ -0,0 +1,198 @@ +module Test_libvirtd_qemu = + + let conf = "# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +vnc_listen = \"0.0.0.0\" + + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +vnc_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-vnc. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed +# +vnc_tls_x509_cert_dir = \"/etc/pki/libvirt-vnc\" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# and encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing a x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem +# +vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 letters are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU +# effectively preventing any use of VNC. Obviously change this +# example here before you set this +# +vnc_password = \"XYZ12345\" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +vnc_sasl_dir = \"/some/directory/sasl2\" + +security_driver = \"selinux\" + +user = \"root\" + +group = \"root\" + +cgroup_controllers = [ \"cpu\", \"devices\" ] + +cgroup_device_acl = [ \"/dev/null\", \"/dev/full\", \"/dev/zero\" ] + +save_image_format = \"gzip\" + +hugetlbfs_mount = \"/dev/hugepages\" +" + + test Libvirtd_qemu.lns get conf = +{ "#comment" = "Master configuration file for the QEMU driver." } +{ "#comment" = "All settings described here are optional - if omitted, sensible" } +{ "#comment" = "defaults are used." } +{ "#empty" } +{ "#comment" = "VNC is configured to listen on 127.0.0.1 by default." } +{ "#comment" = "To make it listen on all public interfaces, uncomment" } +{ "#comment" = "this next option." } +{ "#comment" = "" } +{ "#comment" = "NB, strong recommendation to enable TLS + x509 certificate" } +{ "#comment" = "verification when allowing public access" } +{ "#comment" = "" } +{ "vnc_listen" = "0.0.0.0" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "Enable use of TLS encryption on the VNC server. This requires" } +{ "#comment" = "a VNC client which supports the VeNCrypt protocol extension." } +{ "#comment" = "Examples include vinagre, virt-viewer, virt-manager and vencrypt" } +{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" } +{ "#comment" = "" } +{ "#comment" = "It is necessary to setup CA and issue a server certificate" } +{ "#comment" = "before enabling this." } +{ "#comment" = "" } +{ "vnc_tls" = "1" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "Use of TLS requires that x509 certificates be issued. The" } +{ "#comment" = "default it to keep them in /etc/pki/libvirt-vnc. This directory" } +{ "#comment" = "must contain" } +{ "#comment" = "" } +{ "#comment" = "ca-cert.pem - the CA master certificate" } +{ "#comment" = "server-cert.pem - the server certificate signed with ca-cert.pem" } +{ "#comment" = "server-key.pem - the server private key" } +{ "#comment" = "" } +{ "#comment" = "This option allows the certificate directory to be changed" } +{ "#comment" = "" } +{ "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "The default TLS configuration only uses certificates for the server" } +{ "#comment" = "allowing the client to verify the server's identity and establish" } +{ "#comment" = "and encrypted channel." } +{ "#comment" = "" } +{ "#comment" = "It is possible to use x509 certificates for authentication too, by" } +{ "#comment" = "issuing a x509 certificate to every client who needs to connect." } +{ "#comment" = "" } +{ "#comment" = "Enabling this option will reject any client who does not have a" } +{ "#comment" = "certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem" } +{ "#comment" = "" } +{ "vnc_tls_x509_verify" = "1" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "The default VNC password. Only 8 letters are significant for" } +{ "#comment" = "VNC passwords. This parameter is only used if the per-domain" } +{ "#comment" = "XML config does not already provide a password. To allow" } +{ "#comment" = "access without passwords, leave this commented out. An empty" } +{ "#comment" = "string will still enable passwords, but be rejected by QEMU" } +{ "#comment" = "effectively preventing any use of VNC. Obviously change this" } +{ "#comment" = "example here before you set this" } +{ "#comment" = "" } +{ "vnc_password" = "XYZ12345" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" } +{ "#comment" = "a VNC client which supports the SASL protocol extension." } +{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" } +{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" } +{ "#comment" = "" } +{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" } +{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" } +{ "#comment" = "" } +{ "vnc_sasl" = "1" } +{ "#empty" } +{ "#empty" } +{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" } +{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" } +{ "#comment" = "override the configs in this location. Set this parameter to" } +{ "#comment" = "point to the directory, and create a qemu.conf in that location" } +{ "#comment" = "" } +{ "vnc_sasl_dir" = "/some/directory/sasl2" } +{ "#empty" } +{ "security_driver" = "selinux" } +{ "#empty" } +{ "user" = "root" } +{ "#empty" } +{ "group" = "root" } +{ "#empty" } +{ "cgroup_controllers" + { "1" = "cpu" } + { "2" = "devices" } +} +{ "#empty" } +{ "cgroup_device_acl" + { "1" = "/dev/null" } + { "2" = "/dev/full" } + { "3" = "/dev/zero" } +} +{ "#empty" } +{ "save_image_format" = "gzip" } +{ "#empty" } +{ "hugetlbfs_mount" = "/dev/hugepages" } \ No newline at end of file diff --git a/tests/networkschematest b/tests/networkschematest index 1d7cffc207..ac22bc1557 100755 --- a/tests/networkschematest +++ b/tests/networkschematest @@ -3,7 +3,7 @@ test -z "$srcdir" && srcdir=`pwd` test -z "$abs_srcdir" && abs_srcdir=`pwd` -DIRS="../qemud" +DIRS="../src/network" n=0 f=0