Jiri Denemark [Thu, 19 Nov 2020 20:35:41 +0000 (21:35 +0100)]
cpu: Run arch specific code for virCPUUpdate for all custom CPUs
Until now, the function returned immediately when the guest CPU
definition did not use optional features or minimum match. Clearly,
there's nothing to be updated according to the host CPU in this case,
but the arch specific code may still want to do some compatibility
updates based on the model and features used in the guest CPU
definition.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Jiri Denemark [Thu, 19 Nov 2020 17:24:01 +0000 (18:24 +0100)]
conf: Rename virCPUDefUpdateFeatureInternal
The function is supposed to add a feature to a CPU definition, let's
name it virCPUDefAddFeatureInternal. The behavior in case the feature is
already present in the CPU def is configurable and we will soon add a
new option to not do anything in that case, which wouldn't really work
well with the current *Update* name.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Matt Coleman [Mon, 23 Nov 2020 17:39:52 +0000 (12:39 -0500)]
hyperv: XML parsing of storage volumes
dumpxml can now serialize:
* floppy drives
* file-backed and device-backed disk drives
* images mounted to virtual CD/DVD drives
* IDE and SCSI controllers
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Co-authored-by: Sri Ramanujam <sramanujam@datto.com> Signed-off-by: Matt Coleman <matt@datto.com>
Forgetting to use the VIR_MIGRATE_TLS flag with migration can lead to
leak of sensitive information. Add an administrative knob to force use
of the flag.
Note that without VIR_MIGRATE_PEER2PEER, the migration is driven by an
instance of the client library which doesn't necessarily run on either
of the hosts so the flag can't be used to assume VIR_MIGRATE_TLS even
if it wasn't provided by the user instead of rejecting if it's not.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/67 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 24 Nov 2020 07:32:32 +0000 (08:32 +0100)]
qemu: migration: Forbid tunnelled non-shared storage migration with -blockdev
qemu's internals were not prepared for switching to -blockdev for the
legacy storage migration. Add a proper error message since qemu is
unlikely to attempt fixing the old protocol.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/65 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 24 Nov 2020 07:11:18 +0000 (08:11 +0100)]
qemu: migration: Aggregate logic depending on tunnelled migration
Move and aggregate all the logic which is switched based on whether the
migration is tunnelled or not before other checks. Further checks will
be added later.
While the code is being moved the error message is put on a single line
per new coding style.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 24 Nov 2020 07:04:36 +0000 (08:04 +0100)]
qemu: migration: Remove TODO about implementing NBD for TUNNELLED migration
Our streams are not the best transport for migration data and we support
TLS for security now. It's unlikely that there will be enough motivation
to add a new migration protocol to tunnel NBD too.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 24 Nov 2020 13:44:05 +0000 (14:44 +0100)]
docs: migration: Fix example for unix socket migration
Fix the following issues:
1) the very long line is overflowing the code box
2) '--migrateuri' was missing for the qemu data stream
3) '--desturi' was not used making it non-obvious what the argument
corresponds to
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Nov 2020 11:51:23 +0000 (12:51 +0100)]
qemu: checkpoint: Write metadata of previously-'current' checkpoint on update
Similarly to previous commit dealing with snapshots we must rewrite the
metadata of the previously-'current' checkpoint when changing which
checkpoint is considered 'current'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Nov 2020 10:56:12 +0000 (11:56 +0100)]
qemu: snapshot: Write metadata of previously-'current' snapshot on update
Whether a snapshot definition is considered 'current' or active is
stored in the metadata XML libvirt writes when we create metadata.
This means that if we are changing the 'current' snapshot we must
re-write the metadata of the previously 'current' snapshot to update the
field to prevent having multiple active snapshots.
Unfortunately the snapshot creation code didn't do this properly, which
resulted in the following error:
error : qemuDomainSnapshotLoad:430 : internal error: Too many snapshots claiming to be current for domain snapshot-test
being printed if libvirtd was terminated and restarted.
Introduce qemuSnapshotSetCurrent which writes out the old snapshot's
metadata when updating the current snapshot.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Nov 2020 10:13:19 +0000 (11:13 +0100)]
qemuDomainSnapshotForEachQcow2: Pass in 'def' rather than selecting it internally
In some cases such as when creating an internal inactive snapshot we
know that the domain definition in the snapshot is equivalent to the
current definition. Additionally we set up the current definition for
the snapshotting but not the one contained in the snapshot. Thus in some
cases the caller knows better which def to use.
Make qemuDomainSnapshotForEachQcow2 take the definition by the caller
and copy the logic for selecting the definition to callers where we
don't know for sure that the above claim applies.
This fixes internal inactive snapshots when <disk type='volume'> is used
as we translate the pool/vol combo only in the current def.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/97 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Nov 2020 08:59:54 +0000 (09:59 +0100)]
virCommandAddArg: Don't abort on invalid input
Commit 912c6b22fc622cd7c7d29c7f8eaeb816b266daac added abort() when the
'val' parameter is NULL along with setting the error variable for the
command. We don't want to abort in this case, just set the error.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Fri, 13 Nov 2020 09:56:59 +0000 (10:56 +0100)]
virnetdaemon: Wait for "daemon-stop" thread to finish before quitting
When the host is shutting down then we get PrepareForShutdown
signal on DBus to which we react by creating a thread which
runs virStateStop() and thus qemuStateStop(). But if scheduling
the thread is delayed just a but it may happen that we receive
SIGTERM (sent by systemd) to which we respond by quitting our
event loop and cleaning up everything (including drivers). And
only after that the thread gets to run only to find qemu_driver
being NULL.
What we can do is to delay exiting event loop and join the thread
that's executing virStateStop(). If the join doesn't happen in
given timeout (currently 30 seconds) then libvirtd shuts down
forcefully anyways (see virNetDaemonRun()).
Ryan Gahagan [Wed, 18 Nov 2020 23:48:13 +0000 (17:48 -0600)]
virsh: Added attach-disk support for network disk
Related issue: https://gitlab.com/libvirt/libvirt/-/issues/16
Added in support for the following parameters in attach-disk:
--source-protocol
--source-host-name
--source-host-socket
--source-host-transport
Added documentation to virsh.rst specifying usage.
Signed-off-by: Ryan Gahagan <rgahagan@cs.utexas.edu> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Peter Krempa [Thu, 19 Nov 2020 11:13:59 +0000 (12:13 +0100)]
virsh: Unify code for <address type='drive'
DISK_ADDR_TYPE_SATA, DISK_ADDR_TYPE_IDE and DISK_ADDR_TYPE_SCSI are
driven by basically identical data types. Unify them. Note that
changes to 'str2DiskAddress' are deliberately lazy as it will be
refactored later.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Peter Krempa [Thu, 19 Nov 2020 10:01:22 +0000 (11:01 +0100)]
virsh: cmdAttachDisk: Don't assume type='block' if file can't be examined
'virsh attach-disk' uses stat() to determine if the 'source' is a
regular file. If stat fails though it assumes that the file is block.
Since it's way more common to have regular files and the detection does
not work at all when accessing a remote host, modify the default to
assume type='file' by default.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Peter Krempa [Thu, 19 Nov 2020 14:09:10 +0000 (15:09 +0100)]
tests: virsh: Add simple testsuite for using --print-xml of various commands
The test uses a script and compares the output against a template file.
VIR_TEST_REGENREATE_OUTPUT can be used on test failures. This test will
be marked as expensive once the refactors it guards are done.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
qemu: fix setting of scsi-id for ESP SCSI controllers
The ESP SCSI controllers (NCR53C90, DC390, AM53C974) have the same
requirement as the LSI Logic controller for each disk to be set via
the scsi-id=NNN property, not the lun=NNN property.
Switching the code to use an enum will force authors to pay attention
to this difference when adding future SCSI controllers.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Mon, 23 Nov 2020 12:09:35 +0000 (13:09 +0100)]
virDomainAuthorizedSSHKeysSet: Use uint for @nkeys
When introducing the API I've mistakenly used 'int' type for
@nkeys argument which does nothing more than tells the API how
many items there are in @keys array. Obviously, negative values
are not expected and therefore 'unsigned int' should have been
used.
Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: enable support for ESP SCSI controller family
The NCR53C90 is the built-in SCSI controller on all sparc machine types,
but not sparc64. Note that it has the fixed alias "scsi", which differs
from our normal naming convention of "scsi0".
The DC390 and AM53C974 are PCI SCSI controllers that can be added to any
PCI machine.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: add capabilities for the three ESP family SCSI controllers
Probing for the NCR53C90 controller is a little unusual. The
qom-list-types QMP command returns a list of all types known to
the QEMU binary. It does not distinguish devices which are user
creatable from those which are built-in.
Any QEMU target that supports PCI will have the DC390 / AM53C974
devices because they are PCI based. Due to code dependencies
in QEMU though, existence of these two devices will also pull in
the NCR53C90 device (called just 'esp' in QEMU). The NCR53C90 is
not user-creatable and can only be used when built-in to the
machine type.
This is only the case on sparc machines, and certain mips64 and
m68k machines. IOW, we don't rely on qom-list-types as a guide
for existence of NCR53C90, as it shouldn't really exist in most
QEMU binaries.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
qemu: add helper method for checking if ESP SCSI is builtin
The NCR53C90 ESP SCSI controller is only usable when built-in to the
machine type. This method will facilitate checking that restriction
across many places.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The sparc machines have little in common with sparc64 machines.
No sparc machine type includes a PCI bus, so we should not be adding one
to the XML. This further means that we should not be adding a memory
balloon device, nor USB controller as these are both PCI based.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Andrea Bolognani [Sun, 15 Nov 2020 15:42:23 +0000 (16:42 +0100)]
spec: Drop UUID handling for default network
We're no longer generating a UUID during installation, so we
clearly don't need to strip it afterwards; and since the network
driver is perfectly capable of generating a UUID if necessary, we
don't need to do that at %post time either.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com> Reviewed-by: Laine Stump <laine@redhat.com>
Andrea Bolognani [Sun, 15 Nov 2020 15:30:34 +0000 (16:30 +0100)]
network: Drop UUID handling for default network
We are generating a fresh UUID and storing it in the XML for the
default network, but this is unnecessary because the network
driver will automatically generate one if it's missing from the
XML; the fact that we only do this if the uuidgen command happens
to be available on the build machine is further proof that we can
safely skip this step.
This patch is best viewed with 'git show -w'.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Andrea Bolognani [Thu, 19 Nov 2020 15:08:13 +0000 (16:08 +0100)]
conf: Write network config to disk after generating UUID
While we generally expect libvirt objects to be defined using the
appropriate APIs, there are cases where it's reasonable for an
external entity, usually a package manager, to drop a valid
configuration file under /etc/libvirt and have libvirt take over
from there: notably, this is exactly how the default network is
handled.
For the most part, whether the configuration is saved back to disk
after being parsed by libvirt doesn't matter, because we'll end up
with the same values anyway, but an obvious exception to this is
data that gets randomly generated when not present, namely MAC
address and UUID.
Historically, both were handled by our build system, but commit a47ae7c004e9 moved handling of the former inside libvirt proper;
this commit extends such behavior to the latter as well.
Proper error handling for the virNetworkSaveConfig() call, which
was missing until now, is introduced in the process.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jaroslav Suchanek <jsuchane@redhat.com> Fixes: ba08c5932e556aa4f5101357127a6224c40e5ebe Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Ján Tomko [Thu, 19 Nov 2020 10:06:56 +0000 (11:06 +0100)]
openvzDomainMigratePrepare3Params: remove else after goto
We jump to the error label if the 'if' condition is true.
Remove the explicit else to make it more obvious that 'hostname'
is filled on both branches of 'if (!uri_in)'.
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Ján Tomko [Thu, 19 Nov 2020 09:58:09 +0000 (10:58 +0100)]
openvzDomainMigratePrepare3Params: correctly use hostname
In case no uri_in was supplied, we forgot to set the hostname
to the current hostname and formatted a useless uri_out.
src/util/glibcompat.h:57:26: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
57 | # define g_strdup_printf vir_g_strdup_printf
src/openvz/openvz_driver.c:2136:16: note: in expansion of macro ‘g_strdup_printf’
2136 | *uri_out = g_strdup_printf("ssh://%s", hostname);
Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Jaroslav Suchanek <jsuchane@redhat.com> Fixes: e3c626a61d6c3d808555653684c0fb1e7c4d74ec Reviewed-by: Erik Skultety <eskultet@redhat.com>
Michal Privoznik [Wed, 18 Nov 2020 10:58:01 +0000 (11:58 +0100)]
domain_capabilities: Assert enums fit into unsigned int bitmask
The way our domain capabilities work currently, is that we have
virDomainCapsEnum struct which contains 'unsigned int values'
member which serves as a bitmask. More complicated structs are
composed from this struct, giving us whole virDomainCaps
eventually.
Whenever we want to report that a certain value is supported, the
'1 << value' bit is set in the corresponding unsigned int member.
This works as long as the resulting value after bitshift does not
overflow unsigned int. There is a check inside
virDomainCapsEnumSet() which ensures exactly this, but no caller
really checks whether virDomainCapsEnumSet() succeeded. Also,
checking at runtime is a bit too late.
Fortunately, we know the largest value we want to store in each
member, because each enum of ours ends with _LAST member.
Therefore, we can check at build time whether an overflow can
occur.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Pavel Hrdina [Wed, 18 Nov 2020 12:08:22 +0000 (13:08 +0100)]
virt-host-validate: fix detection with cgroups v2
Using virtCgroupNewSelf() is not correct with cgroups v2 because the
the virt-host-validate process is executed from from the same cgroup
context as the terminal and usually not all controllers are enabled
by default.
To do a proper check we need to use the root cgroup to see what
controllers are actually available. Libvirt or systemd ensures that
all controllers are available for VMs as well.
This still doesn't solve the devices controller with cgroups v2 where
there is no controller as it was replaced by eBPF. Currently libvirt
tries to query eBPF programs which usually works only for root as
regular users will get permission denied for that operation.
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1888537 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Since both APIs accept/return an array of strings we can't have
client/server dispatch code generated. But implementation is
fairly trivial, although verbose.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
When setting up a new guest or when a management software wants
to allow access to an existing guest the
virDomainSetUserPassword() API can be used, but that might be not
good enough if user want to ssh into the guest. Not only sshd has
to be configured to accept password authentication (which is
usually not the case for root), user have to type in their
password. Using SSH keys is more convenient. Therefore, two new
APIs are introduced:
virDomainAuthorizedSSHKeysGet() which lists authorized keys for
given user, and
virDomainAuthorizedSSHKeysSet() which modifies the authorized
keys file for given user (append, set or remove keys from the
file).
It's worth nothing that while authorized_keys file entries have
some structure (as defined by sshd(8)), expressing that structure
goes beyond libvirt's focus and thus "keys" are nothing but an
opaque string to libvirt.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
That check is very valuable for our code, but it causes issue with glib >=
2.67.0 when building with clang.
The reason is a combination of two commits in glib, firstly fdda405b6b1b which
adds a g_atomic_pointer_{set,get} variants that enforce stricter type
checking (by removing an extra cast) for compilers that support __typeof__, and
commit dce24dc4492d which effectively enabled the new variant of glib's atomic
code for clang. This will not be necessary when glib's issue #600 [0] (8 years
old) is fixed. Thankfully, MR #1719 [1], which is supposed to deal with this
issue was opened 3 weeks ago, so there is a slight sliver of hope.
Michal Privoznik [Tue, 17 Nov 2020 10:00:26 +0000 (11:00 +0100)]
domcaps: Report egl-headless graphics type
QEMU supports egl-headless if QEMU_CAPS_EGL_HEADLESS capability
is present. There are some additional requirements but those are
checked for in qemuValidateDomainDeviceDefGraphics() and depend
on domain configuration and thus are not representable in domain
capabilities. Let's stick with plain qemuCaps check then.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com>
Michal Privoznik [Tue, 17 Nov 2020 09:37:10 +0000 (10:37 +0100)]
qemu_validate: Deduplicate code for RNG model check
In my recent commit of 5216304bfe I've moved RNG model check
from domain capabilities validator into qemu validator. During
that I had to basically duplicate RNG model to qemuCaps checks.
Problem with this approach is that after my commit qemu validator
and domCaps are disconnected and thus domCaps might report (in
general) different set of supported RNG models.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com>
Michal Privoznik [Tue, 17 Nov 2020 09:26:14 +0000 (10:26 +0100)]
qemu_validate: Deduplicate code for video model check
In my recent commit of a33279daa8 I've moved video model check
from domain capabilities validator into qemu validator. During
that I had to basically duplicate video model to qemuCaps checks.
Problem with this approach is that after my commit qemu validator
and domCaps are disconnected and thus domCaps might report (in
general) different set of supported video models.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com>
nodedev: report errors about missing integer properties
The helper methods for getting integer properties ignore a missing
property setting its value to zero. This lack of error reporting
resulted in missing the regression handling hotplug of USB devices
with the vendor and model IDs getting set to zero silently.
The few callers which relied on this silent defaulting have been fixed,
so now we can report fatal errors immediately.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Thus the check of DKD_MEDIA_AVAILABLE never run. In practice this didn't
matter since this property is set by the DeviceKit-Disks daemon which
was only around for 3 Fedora releases before being killed off around
F13. Thus we can just remove this legacy property.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
nodedev: dont rely on ignoring errors on missing properties
The udevProcessStorage method relies on udevGetIntProperty ignoring
errors about non-existant properties and instead setting the value to
zero. In theory when seeing ID_CDROM=1, you might expect that devices
which are not CDs will get ID_CDROM=0, but that's not what happens in
practice. Instead the property simply won't get set at all.
IOW, the code does not need to care about the value of the property,
merely whether it exists or not.
Reviewed-by: Laine Stump <laine@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
'kvm-spice' is a binary name used to call 'kvm' which actually is a wrapper
around qemu-system-x86_64 enabling kvm acceleration. This isn't in use
for quite a while anymore, but required to work for compatibility e.g.
when migrating in old guests.
For years this was a symlink kvm-spice->kvm and therefore covered
apparmor-wise by the existing entry:
/usr/bin/kvm rmix,
But due to a recent change [1] in qemu packaging this now is no symlink,
but a wrapper on its own and therefore needs an own entry that allows it
to be executed.
projects / libvirt.git / log