- 14 12月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
In many files there are header comments that contain an Author: statement, supposedly reflecting who originally wrote the code. In a large collaborative project like libvirt, any non-trivial file will have been modified by a large number of different contributors. IOW, the Author: comments are quickly out of date, omitting people who have made significant contribitions. In some places Author: lines have been added despite the person merely being responsible for creating the file by moving existing code out of another file. IOW, the Author: lines give an incorrect record of authorship. With this all in mind, the comments are useless as a means to identify who to talk to about code in a particular file. Contributors will always be better off using 'git log' and 'git blame' if they need to find the author of a particular bit of code. This commit thus deletes all Author: comments from the source and adds a rule to prevent them reappearing. The Copyright headers are similarly misleading and inaccurate, however, we cannot delete these as they have legal meaning, despite being largely inaccurate. In addition only the copyright holder is permitted to change their respective copyright statement. Reviewed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 16 11月, 2018 2 次提交
-
-
由 Michal Privoznik 提交于
This reverts commit 8b8aefb3. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Michal Privoznik 提交于
For metadata locking we might need an extra fork() which given latest attempts to do fewer fork()-s is suboptimal. Therefore, there will be a qemu.conf knob to {en|dis}able this feature. But since the feature is actually not metadata locking itself rather than remembering of the original owner of the file this is named as 'rememberOwner'. But patches for that feature are not even posted yet so there is actually no qemu.conf entry in this patch nor a way to enable this feature. Even though this is effectively a dead code for now it is still desired. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 08 10月, 2018 1 次提交
-
-
由 Peter Krempa 提交于
In cases where we know the device is a disk we can avoid using the full device definition. Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 18 9月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
This config option allows users to set and enable lock manager for domain metadata. The lock manager is going to be used by security drivers to serialize each other when changing a file ownership or changing the SELinux label. The only supported lock manager is 'lockd' for now. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 08 6月, 2018 1 次提交
-
-
由 Peter Krempa 提交于
The option is insecure and it has been long enough for users to migrate their disk files to use explicit format. Drop the option and related code. The config parser still parses it and rejects statup if it's still present in the config in enabled state. The augeas lens is also kept so that users can disable it. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 06 6月, 2018 1 次提交
-
-
由 Stefan Berger 提交于
Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 05 6月, 2018 1 次提交
-
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 11 5月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
Just like we allow users overriding path to bridge-helper detected at compile time we can allow them to override path to qemu-pr-helper. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 22 2月, 2018 2 次提交
-
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Host tcp4/tcp6 ports is a global resource thus we need to make port accounting also global or we have issues described in [1] when port allocator ranges of different instances are overlapped (which is by default for qemu for example). Let's have only one global port allocator object that take care of the entire ports range (0 - 65535) and introduce port range object for clients to specify desired auto allocation band. [1] https://www.redhat.com/archives/libvir-list/2017-December/msg00600.htmlSigned-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
- 19 2月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Rather than expecting callers to pass a virConnectPtr into the virDomainDiskTranslateSourcePool() method, just acquire a connection to the storage driver when needed. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 2月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
This reverts commit 038eb472. On reflection adding defaults for arbitrary guest XML device config settings to the qemu.conf is not a sustainable path. Removing the support for rx/tx queue size so that it doesn't set a bad precedent. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 02 2月, 2018 1 次提交
-
-
由 Michal Privoznik 提交于
In 2074ef6c and c56cdf25 (and friends) we've added two attributes to virtio NICs: rx_queue_size and tx_queue_size. However, sysadmins might want to set these on per-host basis but don't necessarily have an access to domain XML (e.g. because they are generated by some other app). So let's expose them under qemu.conf (the settings from domain XML still take precedence as they are more specific ones). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 08 11月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
In some cases management application needs to allocate memory for qemu upfront and then just let qemu use that. Since we don't want to expose path for memory-backend-file anywhere in the domain XML, we can generate predictable paths. In this case: $memoryBackingDir/libvirt/qemu/$shortName/$alias where $shortName is result of virDomainDefGetShortName(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 07 11月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
In near future we will need more than just a plain VIR_STRDUP(). Better implement that in a separate function and in qemuBuildMemoryBackendStr() which is complicated enough already. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 28 9月, 2017 1 次提交
-
-
由 Ashish Mittal 提交于
Add a new TLS X.509 certificate type - "vxhs". This will handle the creation of a TLS certificate capability for properly configured VxHS network block device clients. The following describes the behavior of TLS for VxHS block device: (1) Two new options have been added in /etc/libvirt/qemu.conf to control TLS behavior with VxHS block devices "vxhs_tls" and "vxhs_tls_x509_cert_dir". (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable TLS for VxHS block devices. (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the TLS CA certificate and the client certificate and keys are saved. If this value is missing, the "default_tls_x509_cert_dir" will be used instead. If the environment is not configured properly the authentication to the VxHS server will fail. Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 03 8月, 2017 1 次提交
-
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1458630 Introduce virQEMUDriverConfigTLSDirResetDefaults in order to check if the defaultTLSx509certdir was changed, then change the default for any other *TLSx509certdir that was not set to the default default. Introduce virQEMUDriverConfigValidate to validate the existence of any of the *_tls_x509_cert_dir values that were uncommented/set, incuding the default. Update the qemu.conf description for default to describe the consequences if the default directory path does not exist. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 26 7月, 2017 1 次提交
-
-
由 Pavel Hrdina 提交于
The switch contains considerable amount of changes: virQEMUCapsRememberCached() is removed because this is now handled by virFileCacheSave(). virQEMUCapsInitCached() is removed because this is now handled by virFileCacheLoad(). virQEMUCapsNewForBinary() is split into two functions, virQEMUCapsNewData() which creates new data if there is nothing cached and virQEMUCapsLoadFile() which loads the cached data. This is now handled by virFileCacheNewData(). virQEMUCapsCacheValidate() is removed because this is now handled by virFileCacheValidate(). virQEMUCapsCacheFree() is removed because it's no longer required. Add virCapsPtr into virQEMUCapsCachePriv because for each call of virFileCacheLookup*() we need to use current virCapsPtr. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJiri Denemark <jdenemar@redhat.com>
-
- 25 3月, 2017 1 次提交
-
-
由 John Ferlan 提交于
Add a new TLS X.509 certificate type - "migrate". This will handle the creation of a TLS certificate capability (and possibly repository) to be used for migrations. Similar to chardev's, credentials will be handled via a libvirt secrets; however, unlike chardev's enablement and usage will be via a CLI flag instead of a conf flag and a domain XML attribute. The migrations using the *x509_verify flag require the client-cert.pem and client-key.pem files to be present in the TLS directory - so let's also be sure to note that in the qemu.conf file. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 15 2月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
The bare fact that mnt namespace is available is not enough for us to allow/enable qemu namespaces feature. There are other requirements: we must copy all the ACL & SELinux labels otherwise we might grant access that is administratively forbidden or vice versa. At the same time, the check for namespace prerequisites is moved from domain startup time to qemu.conf parser as it doesn't make much sense to allow users to start misconfigured libvirt just to find out they can't start a single domain. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 2月, 2017 1 次提交
-
-
由 Jaroslav Safka 提交于
Add new parameter memory_backing_dir where files will be stored when memoryBacking source is selected as file. Value is stored inside char* memoryBackingDir
-
- 15 12月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Given how intrusive previous patches are, it might happen that there's a bug or imperfection. Lets give users a way out: if they set 'namespaces' to an empty array in qemu.conf the feature is suppressed. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 08 12月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
If you've ever tried running a huge page backed guest under different user than in qemu.conf, you probably failed. Problem is even though we have corresponding APIs in the security drivers, there's no implementation and thus we don't relabel the huge page path. But even if we did, so far all of the domains share the same path: /hugepageMount/libvirt/qemu Our only option there would be to set 0777 mode on the qemu dir which is totally unsafe. Therefore, we can create dir on per-domain basis, i.e.: /hugepageMount/libvirt/qemu/domainName and chown domainName dir to the user that domain is configured to run under. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 11月, 2016 1 次提交
-
-
由 Prasanna Kumar Kalever 提交于
This helps in selecting log level of the gluster gfapi, output to stderr. The option is 'gluster_debug_level', can be tuned by editing '/etc/libvirt/qemu.conf' Debug levels ranges 0-9, with 9 being the most verbose, and 0 representing no debugging output. The default is the same as it was before, which is a level of 4. The current logging levels defined in the gluster gfapi are: 0 - None 1 - Emergency 2 - Alert 3 - Critical 4 - Error 5 - Warning 6 - Notice 7 - Info 8 - Debug 9 - Trace Signed-off-by: NPrasanna Kumar Kalever <prasanna.kalever@redhat.com> Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 20 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Add a new qemu.conf variables to store the UUID for the secret that could be used to present credentials to access the TLS chardev. Since this will be a server level and it's possible to use some sort of default, introduce both the default and chardev logic at the same time making the setting of the chardev check for it's own value, then if not present checking whether the default value had been set. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 19 9月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Now that we have two same implementations for getting path for huge pages backed guest memory, lets merge them into one function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 9月, 2016 2 次提交
-
-
由 John Ferlan 提交于
Add a new TLS X.509 certificate type - "chardev". This will handle the creation of a TLS certificate capability (and possibly repository) for properly configured character device TCP backends. Unlike the vnc and spice there is no "listen" or "passwd" associated. The credentials eventually will be handled via a libvirt secret provided to a specific backend. Make use of the default verify option as well. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than specify perhaps multiple TLS X.509 certificate directories, let's create a "default" directory which can then be used if the service (e.g. for now vnc and spice) does not supply a default directory. Since the default for vnc and spice may have existed before without being supplied, the default check will first check if the service specific path exists and if so, set the cfg entry to that; otherwise, the default will be set to the (now) new defaultTLSx509certdir. Additionally add a "default_tls_x509_verify" entry which can also be used to force the peer verification option (for vnc it's a x509verify option). Add/alter the macro for the option being found in the config file to accept the default value. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 06 9月, 2016 2 次提交
-
-
由 Daniel P. Berrange 提交于
We already have the ability to turn off dumping of guest RAM via the domain XML. This is not particularly useful though, as it is under control of the management application. What is needed is a way for the sysadmin to turn off guest RAM defaults globally, regardless of whether the mgmt app provides its own way to set this in the domain XML. So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf which defaults to false. ie guest RAM will never be included in the QEMU core dumps by default. This default is different from historical practice, but is considered to be more suitable as a default because a) guest RAM can be huge and so inflicts a DOS on the host I/O subsystem when dumping core for QEMU crashes b) guest RAM can contain alot of sensitive data belonging to the VM owner. This should not generally be copied around inside QEMU core dumps submitted to vendors for debugging c) guest RAM contents are rarely useful in diagnosing QEMU crashes Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the QEMU processes inherit their core dump rlimit from libvirtd, which is really suboptimal. This change allows their limit to be directly controlled from qemu.conf instead.
-
- 12 7月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 6月, 2016 1 次提交
-
-
由 Jim Fehlig 提交于
The virQEMUDriverConfig object contains lists of loader:nvram pairs to advertise firmwares supported by by the driver, and qemu_conf.c contains code to populate the lists, all of which is useful for other drivers too. To avoid code duplication, introduce a virFirmware object to encapsulate firmware details and switch the qemu driver to use it. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
- 09 6月, 2016 1 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 25 5月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
-
- 25 12月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
The manpage for sysconf() suggest including unistd.h as the function is declared there. Even though we are not hitting any compile issues currently, let's include the correct header file instead of relying on some hidden include chain. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 26 11月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr. This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 7月, 2015 1 次提交
-
-
由 Erik Skultety 提交于
Our atomic increment (virAtomicIntInc) uses (if available) gcc __sync_add_and_fetch builtin. In qemu driver though, we'd profit more from __sync_fetch_and_add builtin. To keep it simplistic, this patch adjusts qemu driver initialization rather than adding a new atomic increment macro.
-
- 10 7月, 2015 1 次提交
-
-
由 Jiri Denemark 提交于
If QEMU fails during incoming migration, the domain disappears including a possibly useful error message read from QEMU log file. Let's remember the error in virQEMUDriver so that Finish can report more than just "no such domain". Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 18 6月, 2015 1 次提交
-
-
由 Peter Krempa 提交于
The privileged flag will not change while the configuration might change. Make the 'privileged' flag member of the driver again and mark it immutable. Should that ever change add an accessor that will group reads of the state.
-