- 20 7月, 2016 8 次提交
-
-
由 John Ferlan 提交于
Commit id '5e46d7d6' did not take into account that usage of a luks volume will require usage of the master key encrypted passphrase for a QEMU environment. So rather than allow creation of something that won't be usable, just fail the creation.
-
由 John Ferlan 提交于
Resolves a CI test integration failure with a RHEL6/Centos6 environment. In order to use a LUKS encrypted device, the design decision was to generate an encrypted secret based on the master key. However, commit id 'da86c6c2' missed checking for that specifically. When qemuDomainSecretSetup was implemented, a design decision was made to "fall back" to a plain text secret setup if the specific cipher was not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup there is no fall back to the plaintext secret, thus if that gets set up by qemuDomainSecretSetup, then we need to fail. Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET bit, it didn't take into account the second requirement that the ability to generate the encrypted secret is possible. So modify the test to not attempt to run the luks-disk if we know we don't have the encryption algorithm.
-
由 John Ferlan 提交于
virStorageBackendCreateQemuImgCheckEncryption didn't return -1 if there were no secrets.
-
由 John Ferlan 提交于
A post push realization that the boolean should be set inside the condition
-
由 John Ferlan 提交于
A post push realization that the setting of the boolean needed to be inside the if condition.
-
由 Ján Tomko 提交于
Most of the lines we look at are not going to match one of the driver types contained in $groups_regex. Move on to the next line if it does not contain any of them early. This speeds up the script execution by 50%, since this simple regex does not have any capture groups.
-
由 Ján Tomko 提交于
The %groups hash contains all the driver types (e.g. virHypervisorDriver or virSecretDriver). When searching for all the APIs that are implemented by a driver of that specific driver type, we keep iterating over the %groups hash on every line we look at, then matching against the driver type. This is inefficient because it prevents perl from caching the regex and it executes the regex once for every driver type, even though one regex matching excludes all the others, since all the driver types are different. Construct the regex containing all the driver types upfront to save about 6.4s (~98%) of the script execution time.
-
由 Ján Tomko 提交于
When generating the hvsupport.html.in file, we parse the -api.xml files generated by apibuild.py to know in which HTML file the API function is. Doing an XPath query for every single 'function' element in the file is inefficient. Since the XML file is generated by another of our build scripts (apibuild.py, using Python's standard 'output.write' XML library), just find the function name->file mapping by a regex upfront. Also add a note about this next to the line that generates it in apibuild.py and do not check if XML::XPath is installed in bootstrap since we no longer use it.
-
- 19 7月, 2016 32 次提交
-
-
由 Cédric Bosdonnat 提交于
Any error happening after the hand shake in the lxc controller will not result in a failure as errors are checked during the handshake. Move the handshake after the last possible error.
-
由 Cédric Bosdonnat 提交于
Better fix replacing c726af2d: introducing an 'R' permission to add read rule, but no explicit deny write rule.
-
由 John Ferlan 提交于
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 Generate the luks command line using the AES secret key to encrypt the luks secret. A luks secret object will be in addition to a an AES secret. For hotplug, check if the encinfo exists and if so, add the AES secret for the passphrase for the secret object used to decrypt the device. Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle find a uuid or a volume usage with a specific path prefix in the XML (corresponds to the already generated XML tests). Add error message when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39' altered the error message generation to rely on the errors from the secret_driver (or it's faked replacement). Add the .args output for adding the LUKS disk to the domain Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Soon we will be adding luks encryption support. Since a volume could require both a luks secret and a secret to give to the server to use of the device, alter the alias generation to create a slightly different alias so that we don't have two objects with the same alias. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Commit id 'a1344f70' added AES secret processing for RBD when starting up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare an AES secret could be added to the disk about to be hotplugged. If an AES secret was added, then the hotplug code would need to generate the secret object because qemuBuildDriveStr would add the "password-secret=" to the returned 'driveStr' rather than the base64 encoded password. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 If the volume xml was looking to create a luks volume take the necessary steps in order to make that happen. The processing will be: 1. create a temporary file (virStorageBackendCreateQemuImgSecretPath) 1a. use the storage driver state dir path that uses the pool and volume name as a base. 2. create a secret object (virStorageBackendCreateQemuImgSecretObject) 2a. use an alias combinding the volume name and "_luks0" 2b. add the file to the object 3. create/add luks options to the commandline (virQEMUBuildLuksOpts) 3a. at the very least a "key-secret=%s" using the secret object alias 3b. if found in the XML the various "cipher" and "ivgen" options Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
The 'res' variable was only being initialized to NULL in the if (!state) path; however, that path never used res and evenutally res is assigned one of two results based on a pair of if then else if conditions. If for some reason neither of those paths was taken and the (!state) path wasn't taken, then 'res' would be indeterminate. Found by Coverity, probably a false positive based on code paths, but better safe than sorry for the future. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
When formatting the graphics data for TYPE_SPICE, check if the glisten is NULL before blindly referencing Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Cannot assume virGetLastError returns non-NULL value - modify the code to fetch err and check if err && err->code Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Commit id '740e4d70' altered the logic to fetch the sysconf values and added a new virConfGetValueStringList which returns -1 on failure, 0 if missing, and 1 if the value was present. However, the caller only checked !shargv which caught Coverity's attention since the following VIR_ALLOC_N(*shargv, 2) would be a NULL ptr deref Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Since we VIR_ALLOC_N to *values, the VIR_FREE should be done likewise Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Erik Skultety 提交于
Internally, all the data are represented as unsigned int, it is also documented in the header file that users should use our exported constants that also indicate that the data should be unsigned int. However, when polling for the current server threadpool's configuration, virt-admin uses an incorrect formatting parameter '%d' for printf. Instead, virt-admin should use formatting parameter '%u'. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356769Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 John Ferlan 提交于
Move to virqemu and rename to virQEMUBuildBufferEscapeComma. This can then be shared by the storage driver when it builds the command line for qemuimg
-
由 John Ferlan 提交于
A recent adjustment to qemuDomainAttachRNGDevice to properly cleanup the props object after a qemuMonitorAddObject also would affect this code. Alter the cleanup to be similar to RNG changes.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 Erik Skultety 提交于
Commit da665fbd introduced the following condition to virLXCProcessEnsureRootFS and openvzReadFSConf: if (!(<some_var> = virDomainFSDefNew()) < 0) which broke the build on fedora with GCC 5.3.1: "logical not is only applied to the left hand side of comparison". Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Julio Faracco 提交于
The commit da665fbd introduced virStorageSourcePtr inside the structure _virDomainFSDef. This is causing an error when libvirt is being compiled. make[3]: Entering directory `/media/julio/8d65c59c-6ade-4740-9cdc-38016a4cb8ae /home/julio/Desktop/virt/libvirt/src' CC security/virt_aa_helper-virt-aa-helper.o security/virt-aa-helper.c: In function 'get_files': security/virt-aa-helper.c:1087:13: error: passing argument 2 of 'vah_add_path' from incompatible pointer type [-Werror] if (vah_add_path(&buf, fs->src, "rw", true) != 0) ^ security/virt-aa-helper.c:732:1: note: expected 'const char *' but argument is of type 'virStorageSourcePtr' vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursive) ^ cc1: all warnings being treated as errors Adding the attribute "path" from virStorageSourcePtr fixes this issue. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
-
由 Nikolay Shirokovskiy 提交于
vz supports only a subset of tcp and udp parameters. 1. tcp type supports only 'raw' protocol. 2. udp type supports only same parameters of 'host' and 'service' for 'bind' and 'connect'. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
After domain is in the domains list let's keep it there. This is approach taken by qemu driver and vz vzDomainMigrateFinish3Params too. It quite reasonable, driver domain object is fully constructed and can be discovered by client later. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
9c14a9ab introduced vzNewDomain function to enlist libvirt domain object before actually creating vz sdk domain. Fix should fix race on same vz sdk domain added event where libvirt domain object is enlisted too. But later eb5e9c1e added locked checks for adding livirtd domain object to list on vz sdk domain added event. Thus now approach of 9c14a9ab is unnecessary complicated. See we have otherwise unuseful prlsdkGetDomainIds function only to create minimal domain definition to create libvirt domain object. Also vzNewDomain is difficult to use as it creates partially constructed domain object. Let's move back to original approach where prlsdkLoadDomain do all the necessary job. Another benefit is that we can now take driver lock for bare minimum and in single place. Reducing locking time have small disadvatage of double parsing on race conditions which is typical if domain is added thru vz driver. Well we have this double parse inevitably with current vz sdk api on any domain updates so i would not take it here seriously. Performance events subscribtion is done before locked check and therefore could be done twice on races but this is not the problem. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-