- 20 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Add a new qemu.conf variables to store the UUID for the secret that could be used to present credentials to access the TLS chardev. Since this will be a server level and it's possible to use some sort of default, introduce both the default and chardev logic at the same time making the setting of the chardev check for it's own value, then if not present checking whether the default value had been set. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 09 9月, 2016 2 次提交
-
-
由 John Ferlan 提交于
Add a new TLS X.509 certificate type - "chardev". This will handle the creation of a TLS certificate capability (and possibly repository) for properly configured character device TCP backends. Unlike the vnc and spice there is no "listen" or "passwd" associated. The credentials eventually will be handled via a libvirt secret provided to a specific backend. Make use of the default verify option as well. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than specify perhaps multiple TLS X.509 certificate directories, let's create a "default" directory which can then be used if the service (e.g. for now vnc and spice) does not supply a default directory. Since the default for vnc and spice may have existed before without being supplied, the default check will first check if the service specific path exists and if so, set the cfg entry to that; otherwise, the default will be set to the (now) new defaultTLSx509certdir. Additionally add a "default_tls_x509_verify" entry which can also be used to force the peer verification option (for vnc it's a x509verify option). Add/alter the macro for the option being found in the config file to accept the default value. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 06 9月, 2016 2 次提交
-
-
由 Daniel P. Berrange 提交于
We already have the ability to turn off dumping of guest RAM via the domain XML. This is not particularly useful though, as it is under control of the management application. What is needed is a way for the sysadmin to turn off guest RAM defaults globally, regardless of whether the mgmt app provides its own way to set this in the domain XML. So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf which defaults to false. ie guest RAM will never be included in the QEMU core dumps by default. This default is different from historical practice, but is considered to be more suitable as a default because a) guest RAM can be huge and so inflicts a DOS on the host I/O subsystem when dumping core for QEMU crashes b) guest RAM can contain alot of sensitive data belonging to the VM owner. This should not generally be copied around inside QEMU core dumps submitted to vendors for debugging c) guest RAM contents are rarely useful in diagnosing QEMU crashes Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the QEMU processes inherit their core dump rlimit from libvirtd, which is really suboptimal. This change allows their limit to be directly controlled from qemu.conf instead.
-
- 09 6月, 2016 1 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 26 11月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr. This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 9月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
When using split UEFI image, it may come handy if libvirt manages per domain _VARS file automatically. While the _CODE file is RO and can be shared among multiple domains, you certainly don't want to do that on the _VARS file. This latter one needs to be per domain. So at the domain startup process, if it's determined that domain needs _VARS file it's copied from this master _VARS file. The location of the master file is configurable in qemu.conf. Temporary, on per domain basis the location of master NVRAM file can be overridden by this @template attribute I'm inventing to the <nvram/> element. All it does is holding path to the master NVRAM file from which local copy is created. If that's the case, the map in qemu.conf is not consulted. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Acked-by: NLaszlo Ersek <lersek@redhat.com>
-
- 20 5月, 2014 1 次提交
-
-
由 Chen Fan 提交于
For now, we set the migration URI via command line '--migrate_uri' or construct the URI by looking up the dest host's hostname which could be solved by DNS automatically. But in cases the dest host have two or more NICs to reach, we may need to send the migration data over a specific NIC which is different from the automatically resolved one for some reason like performance, security, etc. Thus we must explicitly specify the migrateuri in command line everytime, but it is too troublesome if there are many such hosts (and don't forget virt-manager). This patch adds a configuration file option on dest host to save the default value set which can be specified to a migration hostname or one of this host's addresses used for transferring data, thus user doesn't have to specify it in command line everytime. Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 07 5月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
QEMU commit 5e2ac51 added a boolean '-msg timestamp=[on|off]' option, which can enable timestamps on errors: $ qemu-system-x86_64 -msg timestamp=on zghhdorf 2014-04-09T13:25:46.779484Z qemu-system-x86_64: -msg timestamp=on: could not open disk image zghhdorf: Could not open 'zghhdorf': No such file or directory Enable this timestamp if the QEMU binary supports it. Add a 'log_timestamp' option to qemu.conf for disabling this behavior.
-
- 19 10月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
Commit e3ef20d7 allows user to configure migration ports range via qemu.conf. However, it forgot to update augeas definition file and even the test data was malicious. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 17 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
QEMU has support for SASL auth for SPICE guests, but libvirt has no way to enable it. Following the example from VNC where it is globally enabled via qemu.conf Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 10月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
The regular save image code has the support to compress images using a specified algorithm. This was not implemented for external checkpoints although it shares most of the backend code. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227
-
- 11 10月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
This configuration knob is there to override default listen address for -incoming for all qemu domains. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 03 9月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
On my machine, a guest fails to boot if it has a sound card, but not graphical device/display is configured, because pulseaudio fails to initialize since it can't access $HOME. A workaround is removing the audio device, however on ARM boards there isn't any option to do that, so -nographic always fails. Set QEMU_AUDIO_DRV=none if no <graphics> are configured. Unfortunately this has massive test suite fallout. Add a qemu.conf parameter nographics_allow_host_audio, that if enabled will pass through QEMU_AUDIO_DRV from sysconfig (similar to vnc_allow_host_audio)
-
- 15 5月, 2013 1 次提交
-
-
由 Martin Kletzander 提交于
Adding a VNC WebSocket support for QEMU driver. This functionality is in upstream qemu from commit described as v1.3.0-982-g7536ee4, so the capability is being recognized based on QEMU version for now.
-
- 30 4月, 2013 1 次提交
-
-
由 Martin Kletzander 提交于
-
- 19 4月, 2013 1 次提交
-
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 18 9月, 2012 1 次提交
-
-
由 Ján Tomko 提交于
-
- 21 8月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to find free port when starting domains. As this was hard-coded to the same ports as default VNC servers, there were races with these other programs. This patch includes the possibility to change the default starting port as well as the maximum port (mostly for completeness) in qemu config file. Support for two new config options in qemu.conf is added: - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and must be >= than this value) - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and must be <= than this value)
-
- 28 5月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently all the config options are listed under a 'vnc_entry' group. Create a bunch of new groups & move options to the right place Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add nmissing 'host_uuid' entry to libvirtd.conf lens and rename spice_passwd to spice_password in qemu.conf lens Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 5月, 2012 1 次提交
-
-
If vdsm is installed and configured in Fedora 17, we add the following items into qemu.conf: spice_tls=1 spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice" However, after this changes, augtool cannot identify qemu.conf anymore.
-
- 03 2月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Curently security labels can be of type 'dynamic' or 'static'. If no security label is given, then 'dynamic' is assumed. The current code takes advantage of this default, and avoids even saving <seclabel> elements with type='dynamic' to disk. This means if you temporarily change security driver, the guests can all still start. With the introduction of sVirt to LXC though, there needs to be a new default of 'none' to allow unconfined LXC containers. This patch introduces two new security label types - default: the host configuration decides whether to run the guest with type 'none' or 'dynamic' at guest start - none: the guest will run unconfined by security policy The 'none' label type will obviously be undesirable for some deployments, so a new qemu.conf option allows a host admin to mandate confined guests. It is also possible to turn off default confinement security_default_confined = 1|0 (default == 1) security_require_confined = 1|0 (default == 0) * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new seclabel types * src/security/security_manager.c, src/security/security_manager.h: Set default sec label types * src/security/security_selinux.c: Handle 'none' seclabel type * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/libvirtd_qemu.aug: New security config options * src/qemu/qemu_driver.c: Tell security driver about default config
-
- 23 12月, 2011 1 次提交
-
-
由 Michal Privoznik 提交于
This patch adds max_files option to qemu.conf which can be used to override system default limit on number of opened files that are allowed for qemu user.
-
- 24 11月, 2011 1 次提交
-
-
由 Jiri Denemark 提交于
-
- 06 9月, 2011 1 次提交
-
-
由 Michal Privoznik 提交于
This patch creates an optional BeginJob queue size limit. When active, all other attempts above level will fail. To set this feature assign desired value to max_queued variable in qemu.conf. Setting it to 0 turns it off.
-
- 22 7月, 2011 1 次提交
-
-
由 Eric Blake 提交于
When auto-dumping a domain on crash events, or autostarting a domain with managed save state, let the user configure whether to imply the bypass cache flag. * src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache): Document new variables. * src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them. * src/qemu/qemu_conf.h (qemud_driver): Store new preferences. * src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them. * src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain): Honor them.
-
- 02 6月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The QEMU integrates with the lock manager instructure in a number of key places * During startup, a lock is acquired in between the fork & exec * During startup, the libvirtd process acquires a lock before setting file labelling * During shutdown, the libvirtd process acquires a lock before restoring file labelling * During hotplug, unplug & media change the libvirtd process holds a lock while setting/restoring labels The main content lock is only ever held by the QEMU child process, or libvirtd during VM shutdown. The rest of the operations only require libvirtd to hold the metadata locks, relying on the active QEMU still holding the content lock. * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug: Add config parameter for configuring lock managers * src/qemu/qemu_driver.c: Add calls to the lock manager
-
- 06 4月, 2011 1 次提交
-
-
由 Jiri Denemark 提交于
This patch adds max_processes option to qemu.conf which can be used to override system default limit on number of processes that are allowed to be running for qemu user.
-
- 29 1月, 2011 1 次提交
-
-
由 Eric Blake 提交于
Fixes test failure that was overlooked after commit 1e1f7a89. * daemon/Makefile.am (check-local): Let 'make check' fail on error. * daemon/test_libvirtd.aug: Move qemu-specific option... * src/qemu/test_libvirtd_qemu.aug: ...into correct test. * src/qemu/libvirtd_qemu.aug: Parse new option.
-
- 10 12月, 2010 1 次提交
-
-
由 Hu Tao 提交于
`dump' watchdog action lets libvirtd to dump the guest when receives a watchdog event (which probably means a guest crash) Currently only qemu is supported.
-
- 30 10月, 2010 1 次提交
-
-
由 KAMEZAWA Hiroyuki 提交于
Add dump_image_format[] to qemu.conf and support compressed dump at virsh dump. coredump compression is important for saving disk space in an environment where multiple guests run. In general, "disk space for dump" is specially allocated and will be a dead space in the system. It's used only at emergency. So, it's better to have both of save_image_format and dump_image_format. "save" is done in scheduled manner with enough calculated disk space for it. This code reuses some of save_image_format[] and supports the same format. Changelog: - modified libvirtd_qemu.aug - modified test_libvirtd_qemu.aug - fixed error handling of qemudSaveCompressionTypeFromString()
-
- 20 10月, 2010 1 次提交
-
-
由 John Morrissey 提交于
This sets the process name to the same value as the Windows title, but since the name is limited to 16 chars only this is kept as a configuration option and turned off by default * src/qemu/qemu.conf src/qemu/qemu_conf.[ch]: hceck for support in the QEmu help output, add the option in qemu conf file and augment qemudBuildCommandLine to add it if switched on * src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug: augment the augeas lenses accordingly * tests/qemuhelptest.c: cope with the extra flag being detected now
-
- 20 7月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Disk format probing is now disabled by default. A new config option in /etc/qemu/qemu.conf will re-enable it for existing deployments where this causes trouble
-
- 02 6月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Currently there is no way to opt out of libvirt dropping POSIX capabilities for qemu. This at least is a useful debugging tool, but is also wanted by users (and distributors): https://bugzilla.redhat.com/show_bug.cgi?id=559154 https://bugzilla.redhat.com/show_bug.cgi?id=573850 v2: Clarify qemu.conf comment, warn about security implications v3: Add .aug changes
-
- 25 5月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Currently all host audio backends are disabled if a VM is using VNC, in favor of the QEMU VNC audio extension. Unfortunately no released VNC client supports this extension, so users have no way of getting audio to work if using VNC. Add a new config option in qemu.conf which allows changing libvirt's behavior, but keep the default intact. v2: Fix doc typos, change name to vnc_allow_host_audio
-
- 21 1月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add the ability to turn off dynamic management of file permissions for libvirt guests. * qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag * qemu/qemu.conf: Document 'dynamic_ownership' flag. * qemu/qemu_conf.c: Load 'dynamic_ownership' flag * qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag
-
- 20 1月, 2010 1 次提交
-
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 21 9月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
* daemon/default-network.xml: Move to src/network/default.xml * daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move to src/qemu/ * src/qemu.conf: Move to src/qemu/qemu.conf * daemon/Makefile.am: Remove rules for default-nmetwork.xml and libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in uninstall-local that would install polkit again. * src/Makefile.am: Add rules for installing network/default.xml and the qemu/*.aug files. Add test case for QEMU augeas files. Add uninstall-local rule for files/directories created during install. Rename install-exec-local to install-data-local. Only install qemu.conf if WITH_QEMU is set. * tests/networkschematest: Update for XML location move
-