Otherwise we can get misleading error messages. One example is when connection
is broken we got "this function is not supported by the connection driver:
virDomainMigrate3" from virDomainMigrate3.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: Restore default root qdisc when QoS is cleared out
When an interface has some bandwidth limitation set (it's root
qdisc is htb in that case) but this gets cleared out via public
API call (virDomainSetInterfaceParameters() or
virDomainUpdateDeviceFlags()) then virNetDevBandwidthSet() clears
out whatever qdiscs were set on the interface and kernel places
the default qdisc at the root. What we need to do next is to
replace the root qdisc with the one we want.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329644 Fixes: 0b66196d86ea375234cb0ee99289c486f9921820 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
While the code that's setting default qdisc is clever enough to
not overwrite any bandwidth (potentially) set by
virNetDevBandwidthSet() (and thus the root qdisc htb is not
replaced with noqueue), it does print a debug message when that's
the case. It's needless. We can set the root qdisc beforehand and
let virNetDevBandwidthSet() overwrite it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu_process: Release domain seclabel later in qemuProcessStop()
Some secdrivers (typically SELinux driver) generate unique
dynamic seclabel for each domain (unless a static one is
requested in domain XML). This is achieved by calling
qemuSecurityGenLabel() from qemuProcessPrepareDomain() which
allocates unique seclabel and stores it in domain def->seclabels.
The counterpart is qemuSecurityReleaseLabel() which releases the
label and removes it from def->seclabels. Problem is, that with
current code the qemuProcessStop() may still want to use the
seclabel after it was released, e.g. when it wants to restore the
label of a disk mirror.
What is happening now, is that in qemuProcessStop() the
qemuSecurityReleaseLabel() is called, which removes the SELinux
seclabel from def->seclabels, yada yada yada and eventually
qemuSecurityRestoreImageLabel() is called. This bubbles down to
virSecuritySELinuxRestoreImageLabelSingle() which find no SELinux
seclabel (using virDomainDefGetSecurityLabelDef()) and this
returns early doing nothing.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1751664 Fixes: 8fa0374c5b8e834fcbdeae674cc6cc9e6bf9019f Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Pavel Hrdina [Wed, 6 Jan 2021 12:02:38 +0000 (13:02 +0100)]
virfile: refactor virFileNBDDeviceAssociate
The only reason why virstoragefile.h needs to be included in virfile.h
is that virFileNBDDeviceAssociate() takes virStorageFileFormat argument.
The function doesn't need the enum value as it converts the value to
string and uses only that.
Change the argument to string which will allow us to remove that
include.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
According to our parser (virDomainTPMDefParseXML()) the version
is an optional attribute and independent of TPM backend type.
Therefore, it's not a choice group, which is what our RNG schema
suggests.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Eiichi Tsukata [Mon, 4 Jan 2021 02:31:59 +0000 (02:31 +0000)]
conf: Add support for keeping TPM emulator state
Currently, swtpm TPM state file is removed when a transient domain is
powered off or undefined. When we store TPM state on a shared storage
such as NFS and use transient domain, TPM states should be kept as it is.
Add per-TPM emulator option `persistent_sate` for keeping TPM state.
This option only works for the emulator type backend and looks as follows:
Jiri Denemark [Tue, 5 Jan 2021 22:53:25 +0000 (23:53 +0100)]
qemu: The TSC tolerance interval should be closed
The kernel refuses to set guest TSC frequency less than a minimum
frequency or greater than maximum frequency (both computed based on the
host TSC frequency). When writing the libvirt code with a reversed logic
(return success when the requested frequency falls within the tolerance
interval) I forgot to include the boundaries.
Peter Krempa [Tue, 5 Jan 2021 14:43:21 +0000 (15:43 +0100)]
qemu: backup: Properly delete temporary bitmap after push-mode incremental backup
Refactor in 0316c28a453ac used incorrect source variable to initialize
the variable which holds the name of the bitmap which needs to be
deleted after the backup job finishes. This resulted into deleting the
source bitmap of the backup rather than the temporary one.
Use 'dd->incrementalBitmap' which holds the temporary bitmap name
instead of 'dd->backupdisk->incremental' which holds the name of the
source bitmap which is used by the backup.
Fixes: 0316c28a453ac15f58c61f30359f66ab9a649884
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1908647 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 5 Jan 2021 12:02:34 +0000 (13:02 +0100)]
virsh-domain: Add quotes around '%s' formatting domain name
Domain name can contain spaces in which case it's not immediately clear
from virsh messages where the boundary of the name is. Enclose all %s
formatters in apostrophes as delimiters.
Done via the following vim regex:
%s/omain %s/omain '%s'/g
This patch changes:
$ virsh undefine --snapshots-metadata 'OWASP Broken Web Apps VM v1.2'
Domain OWASP Broken Web Apps VM v1.2 has been undefined
to:
$ virsh undefine --snapshots-metadata 'OWASP Broken Web Apps VM v1.2'
Domain 'OWASP Broken Web Apps VM v1.2' has been undefined
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This is perfectly valid in VMWare and the VM just boots with an empty drive. We
used to just skip the whole drive before, but since we changed how we parse
empty cdrom drives this results in an error. Make it behave more closer to
VMWare.
There's only one variable to clean-up, others are just tokens inside that
variable, but it is nicer anyway. Positive returns have not been converted
because the function will change soon and it would not make much sense.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
As soon as a guest using a <tpm> device is launched, libvirt will change
the ownership to 'tss' user and group, with mode 0730, which will cause
RPM verify to then fail.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Mon, 30 Nov 2020 10:06:14 +0000 (11:06 +0100)]
qemu: Don't prealloc mem for real NVDIMMs
Currently, we configure QEMU to prealloc memory almost by
default. Well, by default for NVDIMMs, hugepages and if user
asked us to (via memoryBacking <allocation mode="immediate"/>).
However, when guest's NVDIMM is backed by real life NVDIMM this
approach is not the best. In this case users should put <pmem/>
into the <memory/> device <source/>, like this:
Instructing QEMU to do prealloc in this case means that each
page of the NVDIMM is "touched" (the first byte is read and
written back - see QEMU commit v2.9.0-rc1~26^2) which cripples
device wear.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1894053 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
which enabled the driver by default. But in meson we are checking
whether the 'driver_vmware' option is enabled without anything
enabling it automagically.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Wed, 21 Aug 2019 11:07:57 +0000 (13:07 +0200)]
domain_conf: Parse full length of some <seclabel/> attributes
In virSecurityLabelDefParseXML() we are parsing the <seclabel/>
element among with its attributes. Some of the attributes are
limited in length (because of virNodeGetSecurityModel()), however
some are not. And for the latter ones we don't need to use
virXMLPropStringLimit() to parse them. Moreover, using
VIR_SECURITY_LABEL_BUFLEN as the limit is wrong - we are not
storing the parsed strings into a static buffer of that size
rather than checking if the string passes string -> enum
conversion.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Wed, 21 Aug 2019 09:47:56 +0000 (11:47 +0200)]
qemu: Obtain @caps only after ACL check in qemuNodeGetSecurityModel
Even though we are getting driver capabilities with
refresh=false (so that it is not expensive), we still should do
ACL check first because there is no point in bothering with the
capabilities if caller doesn't have permissions to call the API.
Also, this way the comment makes more sense.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:16 +0000 (16:09 +0100)]
nss: handle leases with infinite expiry time
After v6.3.0-rc1~64 a lease can have infinite expiry time. This
means that the expiration time will appear as a value of zero.
Do the expiration check only if the expiration time is not zero.
Fixes: 97a0aa246799c97d0a9ca9ecd6b4fd932ae4756c Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:15 +0000 (16:09 +0100)]
networkGetDHCPLeases: Handle leases with infinite expiry time
After v6.3.0-rc1~64 a lease can have infinite expiry time. This
means that the expiration time will appear as a value of zero.
Do the expiration check only if the expiration time is not zero.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1908053 Fixes: 97a0aa246799c97d0a9ca9ecd6b4fd932ae4756c Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:14 +0000 (16:09 +0100)]
network: Rework networkGetDHCPLeases()
Firstly, bring variables that are used only within loops into
their respective loops. Secondly, drop 'error' label which is
redundant since we have @rv which holds the return value.
Thirdly, fix indendation in one case, the rest is indented
properly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:12 +0000 (16:09 +0100)]
network: Drop @custom_lease_file_len variable from networkGetDHCPLeases()
We don't need to track the lease file size. Instead, we can
simply check if the file was empty by comparing the buffer the
file was read into with an empty string.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:11 +0000 (16:09 +0100)]
virlease: Allow infinite lease expiry time
When adding a new lease by our leaseshelper then virLeaseNew() is
called. Here, we check for DNSMASQ_LEASE_EXPIRES environment
variable which is the expiration time for the lease. For infinite
lease time the value is zero. However, our code is not prepared
for that and adds "expiry-time" into the JSON file only if lease
expiry time is non-zero. This breaks the assumption that the
"expiry-time" attribute is always present (as can be seen in
virLeaseReadCustomLeaseFile() and virLeasePrintLeases()).
Store "expiry-time" always.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:10 +0000 (16:09 +0100)]
virlease: Use virTrimSpaces() instead of open coded alternative
In virLeaseNew() we are trying to remove trailing space (per
comment it may happen that older versions of dnsmasq put it into
an env variable). Well, instead of open coding it, we can use
virTrimSpaces().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:09 +0000 (16:09 +0100)]
virlease: Rework virLeaseReadCustomLeaseFile()
There are some variables which are used only inside the single
loop the function has. Let's declare them inside the loop body to
make that obvious. Also, fix indendation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:08 +0000 (16:09 +0100)]
leaseshelper: Report errors on failure
If leasehelper fails all that we are left with is a simple error
message produced by dnsmasq:
lease-init script returned exit code 1
This is because the leasehelper did not write any message to
stderr. According to dnsmasq's manpage, whenever it's invoking
leasehelper the stderr is kept open:
All file descriptors are closed except stdin, which is open to
/dev/null, and stdout and stderr which capture output for
logging by dnsmasq.
As debugging leasehelper is not trivial (because dnsmasq invokes
it with plenty of env vars set - that's how data is passed onto
helper), let's print an error into stderr if exiting with an
error. And since we are not calling public APIs, we have to call
virDispatchError() explicitly and since we don't have any
connection open, we have to pass NULL.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Fri, 18 Dec 2020 15:09:07 +0000 (16:09 +0100)]
docs: Document ability to configure lease time
In v6.3.0-rc1~64 we've introduced ability to configure lease
time, but forgot to document the feature. Let's fix that.
Fixes: 97a0aa246799c97d0a9ca9ecd6b4fd932ae4756c
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1908631 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Thu, 10 Dec 2020 11:37:26 +0000 (12:37 +0100)]
qemu: Drop has_ccw_address from _qemuAgentDiskAddress
In recent patches new mambers to _qemuAgentDiskAddress struct
were introduced to keep optional CCW address sent by the guest
agent. These two members are a struct to store CCW address into
and a boolean to keep track whether the CCW address is valid.
Well, we can hold the same information with a pointer - instead
of storing the CCW address structure let's keep just a pointer to
it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Thomas Huth [Wed, 25 Nov 2020 11:06:48 +0000 (12:06 +0100)]
domain_conf: Allow to look up scsi disks when controller uses a CCW address
On s390x, devices are attached to the channel IO subsytem by default,
so we need to look up scsi controllers via their CCW address there
instead of using PCI.
This fixes "virsh domfsinfo" on s390x for virtio-scsi devices (the first
attempt from commit f8333b3b0a7 did it in the wrong way, reporting the
device name on the guest side instead of the target name on the host side).
Fixes: f8333b3b0a ("qemu: Fix domfsinfo for non-PCI device information ...") Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1858771 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Thomas Huth [Wed, 25 Nov 2020 11:06:47 +0000 (12:06 +0100)]
domain_conf: Allow to look up virtio-block devices by their CCW address
On s390x, devices are accessed via the channel subsystem by default,
so we need to look up the devices via their CCW address there instead
of using PCI.
This fixes "virsh domfsinfo" on s390x for virtio-block devices (the first
attempt from commit f8333b3b0a7 did it in the wrong way, reporting the
device name on the guest side instead of the target name on the host side).
Fixes: f8333b3b0a ("qemu: Fix domfsinfo for non-PCI device information ...")
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858771 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Thomas Huth [Wed, 25 Nov 2020 11:06:46 +0000 (12:06 +0100)]
qemu: agent: Store CCW address in qemuAgentDiskInfo if provided by the guest
Newer versions of the QEMU guest agent will provide the CCW address
of devices on s390x. Store this information in the qemuAgentDiskInfo
so that we can use this later.
We also map the CSSID 0 from the guest to the value 0xfe on the host,
see https://www.qemu.org/docs/master/system/s390x/css.html for details.
Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Tue, 15 Dec 2020 16:24:53 +0000 (17:24 +0100)]
cpu-gather: Move msr decoding to new script
Fixes the leaking file descriptors. Does not silently ignore errors
(e.g. permission denied on /dev/cpu/0/msr if run as non-root) and
always attempt to read from /dev/kvm if /dev/cpu/0/msr failed.
'gather_msr()' returns a dictionary of values, as a later patch will
add more registers to be interrogated.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Tue, 15 Dec 2020 16:24:50 +0000 (17:24 +0100)]
cpu-gather: Allow overwriting model name
Some hardware, e.g. exotic platforms or pre-production hardware, may
report wrong or random data for the cpu model name. As the name of
the created files is derived from that name, this may lead to issues.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Tue, 15 Dec 2020 16:24:48 +0000 (17:24 +0100)]
cpu-gather: Create python wrapper for shell script
This changes the invocation from
./cpu-gather.sh | ./cpu-parse.sh
to
./cpu-gather.py | ./cpu-parse.sh
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Tue, 15 Dec 2020 12:16:48 +0000 (13:16 +0100)]
schema: Allow counter element in host cpu definition
If the capabilities include a counter element, e.g.
<counter name='tsc' frequency='2591999000' scaling='no'/>
the XML could not be validated:
$ virsh capabilities > cap.xml
$ virsh [hypervisor-]cpu-compare cap.xml --validate
error: Failed to compare hypervisor CPU with cap.txt
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/cpu.rng
Did not expect element counter there
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Wiederhake [Tue, 15 Dec 2020 12:16:47 +0000 (13:16 +0100)]
schemas: Deduplicate cpuTopology in cputypes.rng
The duplicate had the "dies" attribute missing, causing
$ virsh capabilities > cap.xml
$ virsh [hypervisor-]cpu-compare cap.xml --validate
to fail with
error: Failed to compare hypervisor CPU with cap.xml
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/cpu.rng
Invalid attribute dies for element topology
Signed-off-by: Tim Wiederhake <twiederh@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
projects / libvirt.git / log