- 16 3月, 2020 18 次提交
-
-
由 Peter Krempa 提交于
Add possibility to specify one or more cookies for http based disks. This patch adds the config parser, storage and validation of the cookies. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
To allow turning off verification of SSL cerificates add a new element <ssl> to the disk source XML which will allow configuring the validation process using the 'verify' attribute. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
There are two last callers of this function. Replace them by qemuAliasForSecret and delete qemuDomainGetSecretAESAlias. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for. This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Replace qemuDomainGetSecretAESAlias by the new function so that we can reuse qemuDomainSecretAESSetupFromSecret also for setting up other kinds of objects. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Currently we don't have infrastructure to remember the secret aliases for hostdevs. Since an upcoming patch is going to change aliases for the disks, initialize the iscsi hostdevs separately so that we can keep the alias. At the same time let's use qemuAliasForSecret instead of qemuDomainGetSecretAESAlias when unplugging the iscsi hostdev. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
In order to be able to change the function generating the alias and thus also the aliases itself, we must hardcode the old format for the case of upgrading form libvirt which didn't record them in the status XML yet. Note that this code path is tested by 'tests/qemustatusxml2xmldata/disk-secinfo-upgrade-in.xml' Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The naming of the variables was tied to what they are used for not what the alias represents. Since we'll need to use some of the aliases for another type of secrets fix the name so that it makes sense. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
qemuAliasForSecret is meant as a replacement qemuDomainGetSecretAESAlias with saner API. The sub-type we are creating the alias for is passed in as a string rather than the unflexible 'isLuks' boolean. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Replace it by a direct call to qemuDomainSecretAESSetupFromSecret. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Split out the lookup of the secret from the secret driver into qemuDomainSecretAESSetupFromSecret so that we can also instantiate secret objects in qemu with data from other sources. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Rather than passing in an empty qemuDomainSecretInfoPtr allocate it in this function and return it. This is done by absorbing the check from qemuDomainSecretInfoNew and removing the internals of qemuDomainSecretInfoNew. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_autofree for the ciphertext and init vector as they are not secret and thus don't have to be cleared and use g_new0 to allocate the iv for parity. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The comment mentioned that the function resets migration params, but that is not true as of commit eb54cb47Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_autofree instead of VIR_FREE and delete the comment mentioning possible failure to allocate memory. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Using a double pointer prevents the function from being used as the automatic cleanup function for the given type. Remove the double pointer use by replacing the calls with g_clear_pointer which ensures that the pointer is cleared. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_new0 to completely avoid the 'cleanup' label. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 14 3月, 2020 5 次提交
-
-
由 Zhang Bo 提交于
The server needs to use CA certificate, CRL, server certificate/key to complete the TLS handshake. If these files change, we needed to restart libvirtd for them to take effect. This API can update the TLS context *ONLINE* without restarting libvirtd. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
Prevent the handshake function from reading 'tlsCtxt' while updating 'tlsCtxt'. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
Add an API to update server's tls context. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Ján Tomko 提交于
Now that we use g_strerror exclusively, remove this unused function. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Remove lots of stack-allocated buffers. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 3月, 2020 11 次提交
-
-
由 Peter Krempa 提交于
oVirt used a quirk in the pre-blockdev semantics of drive-mirror which opened the backing chain of the mirror destination only once 'block-job-complete' was called. Our introduction of blockdev made qemu open the backing chain images right at the start of the job. This broke oVirt's usage of this API because they copy the data into the backing chain during the time the block copy job is running. Re-introduce late open of the backing chain if qemu allows us to use blockdev-snapshot on write-only nodes as it can be used to install the backing chain even for an existing image now. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
The capability is based on qemu's support of using blockdev-snapshot to install backing chain also for images which are in use by a block-copy job. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
For a long time we've masked out VIR_DOMAIN_BLOCK_COPY_SHALLOW if there's no backing chain for the copied disk to simplify the code. One of the refactors of the block copy code caused that we no longer update the 'flags' variable just the local copies. This was okay until in ccd4228a we started storing the job flags in the block job data. Given that we modify how we call qemu we also should modify @flags so that the correct value is recorded in the block job data. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Move the check whether the job is already synchronised to the beginning of the function so that we don't try to do some of the steps necessary for pivoting prior to actually wanting to pivot. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrangé 提交于
The stub impl of virGetDeviceID just returns ENOSYS and does not initialize the min/maj output parameters. This lead to a false positive warning on mingw about possible use of uninitialized variables. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Michal Privoznik 提交于
According to the linked BZ, machined expects either valid hostname or valid FQDN (see systemd commit v239-3092-gd65652f1f2). While in case of multiple dots, a trailing one doesn't violate FQDN, it does violate the rule in case of something simple, like "domain.". But it's safe to remove it in both cases. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1808499 Fixes: 45464db8Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
'nfs' variable was set to -1 or -2 on agent failure. Cleanup then tried to free 'nfs' elements of the array which resulted into a crash. Make 'nfs' size_t and assign it only on successful agent call. https://bugzilla.redhat.com/show_bug.cgi?id=1812965 Broken by commit 599ae372Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The only caller doesn't check the value and also there are no real errors to report anyways. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
The virQEMUCaps structure has usedQMP member which in the past used to tell if qemu we are dealing with is capable of QMP. Well, we don't support HMP anymore (minus a few HMP passthrough commands, which are wrapped into QMP anyways) and the member is not used really. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Nikolay Shirokovskiy 提交于
needReply added in [1] looks redundant. Indeed it is set to false only when mon->await_event is set too (the only exception qemuAgentFSTrim which is mistaken). However it fixes the issue when qemuAgentCommand exits on error path and mon->await_event is not reset. Let's instead reset mon->await_event properly. Also remove "Woken up by event" debug message as it can be misleading. We can get it also if monitor is closed due to serial changed event currently. Anyway both qemuAgentClose and qemuAgentNotifyEvent log itself. [1] qemu: make sure agent returns error when required data are missing Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Nikolay Shirokovskiy 提交于
Sync was introduced in [1] to check for ga presence. This check is racy but in the era before serial events are available there was not better solution I guess. In case we have the events the sync function is different. It allows us to flush stateless ga channel from remnants of previous communications. But we need to do it only once. Until we get timeout on issued command channel state is ok. [1] qemu_agent: Issue guest-sync prior to every command Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 12 3月, 2020 1 次提交
-
-
由 Michal Privoznik 提交于
If a disk has persistent reservations enabled, qemu-pr-helper might open not only /dev/mapper/control but also individual targets of the multipath device. We are already querying for them in CGroups, but now we have to create them in the namespace too. This was brought up in [1]. 1: https://bugzilla.redhat.com/show_bug.cgi?id=1711045#c61Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Tested-by: NLin Ma <LMa@suse.com> Reviewed-by: NJim Fehlig <jfehlig@suse.com>
-
- 11 3月, 2020 5 次提交
-
-
由 Daniel P. Berrangé 提交于
This converts the QEMU agent APIs to use the per-VM event loop, which involves switching from virEvent APIs to GMainContext / GSource APIs. A GSocket is used as a convenient way to create a GSource for a socket, but is not yet used for actual I/O. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
We are dealing with the QEMU agent, not the monitor. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
This converts the QEMU monitor APIs to use the per-VM event loop, which involves switching from virEvent APIs to GMainContext / GSource APIs. A GSocket is used as a convenient way to create a GSource for a socket, but is not yet used for actual I/O. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
In common with regular QEMU guests, the QMP probing will need an event loop for handling monitor I/O operations. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The event loop thread will be responsible for handling any per-domain I/O operations, most notably the QEMU monitor and agent sockets. We start this event loop when launching QEMU, but stopping the event loop is a little more complicated. The obvious idea is to stop it in qemuProcessStop(), but if we do that we risk loosing the final events from the QEMU monitor, as they might not have been read by the event thread at the time we tell the thread to stop. The solution is to delay shutdown of the event thread until we have seen EOF from the QEMU monitor, and thus we know there are no further events to process. Note that this assumes that we don't have events to process from the QEMU agent. Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-