- 16 3月, 2020 19 次提交
-
-
由 Peter Krempa 提交于
There are two last callers of this function. Replace them by qemuAliasForSecret and delete qemuDomainGetSecretAESAlias. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for. This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Replace qemuDomainGetSecretAESAlias by the new function so that we can reuse qemuDomainSecretAESSetupFromSecret also for setting up other kinds of objects. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Currently we don't have infrastructure to remember the secret aliases for hostdevs. Since an upcoming patch is going to change aliases for the disks, initialize the iscsi hostdevs separately so that we can keep the alias. At the same time let's use qemuAliasForSecret instead of qemuDomainGetSecretAESAlias when unplugging the iscsi hostdev. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
In order to be able to change the function generating the alias and thus also the aliases itself, we must hardcode the old format for the case of upgrading form libvirt which didn't record them in the status XML yet. Note that this code path is tested by 'tests/qemustatusxml2xmldata/disk-secinfo-upgrade-in.xml' Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The naming of the variables was tied to what they are used for not what the alias represents. Since we'll need to use some of the aliases for another type of secrets fix the name so that it makes sense. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
qemuAliasForSecret is meant as a replacement qemuDomainGetSecretAESAlias with saner API. The sub-type we are creating the alias for is passed in as a string rather than the unflexible 'isLuks' boolean. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel P. Berrangé 提交于
We need the "$(space)" variable to contain a single whitespace character. We do this by assigning and then appending an empty string to the variable. Variable appends get separated by a single whitespace historically, but GNU make 4.3 introduced a behaviour regression. https://lists.gnu.org/archive/html/bug-make/2020-01/msg00057.html [quote] * WARNING: Backward-incompatibility! Previously appending using '+=' to an empty variable would result in a value starting with a space. Now the initial space is only added if the variable already contains some value. Similarly, appending an empty string does not add a trailing space. [/quote] This patch tries a new trick to get a single whitespace by getting make to expand two non-existant variables separated by a space. Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
Replace it by a direct call to qemuDomainSecretAESSetupFromSecret. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Split out the lookup of the secret from the secret driver into qemuDomainSecretAESSetupFromSecret so that we can also instantiate secret objects in qemu with data from other sources. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Rather than passing in an empty qemuDomainSecretInfoPtr allocate it in this function and return it. This is done by absorbing the check from qemuDomainSecretInfoNew and removing the internals of qemuDomainSecretInfoNew. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_autofree for the ciphertext and init vector as they are not secret and thus don't have to be cleared and use g_new0 to allocate the iv for parity. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The comment mentioned that the function resets migration params, but that is not true as of commit eb54cb47Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_autofree instead of VIR_FREE and delete the comment mentioning possible failure to allocate memory. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Using a double pointer prevents the function from being used as the automatic cleanup function for the given type. Remove the double pointer use by replacing the calls with g_clear_pointer which ensures that the pointer is cleared. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Use g_new0 to completely avoid the 'cleanup' label. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel Henrique Barboza 提交于
POWER hosts does not implement CPU virtualization extensions like x86 or s390x. Instead, all bare-metal POWER hosts are considered to be virtualization ready. For POWER, the validation is done by checking if the virtualization module kvm_hv is loaded in the host. If not, we should warn the user about it. Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NKashyap Chamarthy <kchamart@redhat.com>
-
- 14 3月, 2020 9 次提交
-
-
由 Zhang Bo 提交于
Update the manpage for the 'server-update-tls' command Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
wire-up virAdmServerUpdateTlsFiles API into virt-admin client. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
The server needs to use CA certificate, CRL, server certificate/key to complete the TLS handshake. If these files change, we needed to restart libvirtd for them to take effect. This API can update the TLS context *ONLINE* without restarting libvirtd. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
Prevent the handshake function from reading 'tlsCtxt' while updating 'tlsCtxt'. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Zhang Bo 提交于
Add an API to update server's tls context. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
-
由 Ján Tomko 提交于
Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
This was only used to pull in virStrerror. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Now that we use g_strerror exclusively, remove this unused function. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Remove lots of stack-allocated buffers. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 3月, 2020 12 次提交
-
-
由 Peter Krempa 提交于
oVirt used a quirk in the pre-blockdev semantics of drive-mirror which opened the backing chain of the mirror destination only once 'block-job-complete' was called. Our introduction of blockdev made qemu open the backing chain images right at the start of the job. This broke oVirt's usage of this API because they copy the data into the backing chain during the time the block copy job is running. Re-introduce late open of the backing chain if qemu allows us to use blockdev-snapshot on write-only nodes as it can be used to install the backing chain even for an existing image now. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
The capability is based on qemu's support of using blockdev-snapshot to install backing chain also for images which are in use by a block-copy job. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
For a long time we've masked out VIR_DOMAIN_BLOCK_COPY_SHALLOW if there's no backing chain for the copied disk to simplify the code. One of the refactors of the block copy code caused that we no longer update the 'flags' variable just the local copies. This was okay until in ccd4228a we started storing the job flags in the block job data. Given that we modify how we call qemu we also should modify @flags so that the correct value is recorded in the block job data. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Move the check whether the job is already synchronised to the beginning of the function so that we don't try to do some of the steps necessary for pivoting prior to actually wanting to pivot. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
Update to v4.2.0-2265-g67923a7ea6 to pick up recent addition of 'allow-write-only-overlay' feature of 'blockdev-snapshot' command. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrangé 提交于
The stub impl of virGetDeviceID just returns ENOSYS and does not initialize the min/maj output parameters. This lead to a false positive warning on mingw about possible use of uninitialized variables. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The qemuMonitorTestNew() function returns with the monitor object locked, and expects it to still be locked when qemuMonitorTestFree is called. The qemuhotplug test, however, explicitly unlocks the monitor, but then forgets to lock it again. As a result the qemuMonitorTestFree function is unlocking a mutex it doesn't own. This bug has existed forever, but since we use normal POSIX mutexes and don't check the return value of pthread_mutex_lock/unlock we didn't see the error. It was harmless until the switch to the per monitor event loop which requires the thread synchronization to work reliably, whereupon it started crashing. Reviewed-by: NPeter Krempa <pkrempa@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Michal Privoznik 提交于
According to the linked BZ, machined expects either valid hostname or valid FQDN (see systemd commit v239-3092-gd65652f1f2). While in case of multiple dots, a trailing one doesn't violate FQDN, it does violate the rule in case of something simple, like "domain.". But it's safe to remove it in both cases. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1808499 Fixes: 45464db8Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
'nfs' variable was set to -1 or -2 on agent failure. Cleanup then tried to free 'nfs' elements of the array which resulted into a crash. Make 'nfs' size_t and assign it only on successful agent call. https://bugzilla.redhat.com/show_bug.cgi?id=1812965 Broken by commit 599ae372Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
The only caller doesn't check the value and also there are no real errors to report anyways. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Michal Privoznik 提交于
The virQEMUCaps structure has usedQMP member which in the past used to tell if qemu we are dealing with is capable of QMP. Well, we don't support HMP anymore (minus a few HMP passthrough commands, which are wrapped into QMP anyways) and the member is not used really. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com>
-
由 Nikolay Shirokovskiy 提交于
needReply added in [1] looks redundant. Indeed it is set to false only when mon->await_event is set too (the only exception qemuAgentFSTrim which is mistaken). However it fixes the issue when qemuAgentCommand exits on error path and mon->await_event is not reset. Let's instead reset mon->await_event properly. Also remove "Woken up by event" debug message as it can be misleading. We can get it also if monitor is closed due to serial changed event currently. Anyway both qemuAgentClose and qemuAgentNotifyEvent log itself. [1] qemu: make sure agent returns error when required data are missing Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-