- 21 7月, 2016 3 次提交
-
-
由 Nikolay Shirokovskiy 提交于
see 4385b868
-
由 Nikolay Shirokovskiy 提交于
-
由 Nikolay Shirokovskiy 提交于
sdk domain handle is unique per connection so there is no sense to query it again if we have it in vzDomObjPtr. Side effect of prlsdkSdkDomainLookupByUUID is refreshing domain config is of no use too as PrlVm_BeginEdit do it too.
-
- 20 7月, 2016 5 次提交
-
-
由 John Ferlan 提交于
Commit id '5e46d7d6' did not take into account that usage of a luks volume will require usage of the master key encrypted passphrase for a QEMU environment. So rather than allow creation of something that won't be usable, just fail the creation.
-
由 John Ferlan 提交于
Resolves a CI test integration failure with a RHEL6/Centos6 environment. In order to use a LUKS encrypted device, the design decision was to generate an encrypted secret based on the master key. However, commit id 'da86c6c2' missed checking for that specifically. When qemuDomainSecretSetup was implemented, a design decision was made to "fall back" to a plain text secret setup if the specific cipher was not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup there is no fall back to the plaintext secret, thus if that gets set up by qemuDomainSecretSetup, then we need to fail. Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET bit, it didn't take into account the second requirement that the ability to generate the encrypted secret is possible. So modify the test to not attempt to run the luks-disk if we know we don't have the encryption algorithm.
-
由 John Ferlan 提交于
virStorageBackendCreateQemuImgCheckEncryption didn't return -1 if there were no secrets.
-
由 John Ferlan 提交于
A post push realization that the boolean should be set inside the condition
-
由 John Ferlan 提交于
A post push realization that the setting of the boolean needed to be inside the if condition.
-
- 19 7月, 2016 32 次提交
-
-
由 Cédric Bosdonnat 提交于
Any error happening after the hand shake in the lxc controller will not result in a failure as errors are checked during the handshake. Move the handshake after the last possible error.
-
由 Cédric Bosdonnat 提交于
Better fix replacing c726af2d: introducing an 'R' permission to add read rule, but no explicit deny write rule.
-
由 John Ferlan 提交于
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 Generate the luks command line using the AES secret key to encrypt the luks secret. A luks secret object will be in addition to a an AES secret. For hotplug, check if the encinfo exists and if so, add the AES secret for the passphrase for the secret object used to decrypt the device. Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle find a uuid or a volume usage with a specific path prefix in the XML (corresponds to the already generated XML tests). Add error message when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39' altered the error message generation to rely on the errors from the secret_driver (or it's faked replacement). Add the .args output for adding the LUKS disk to the domain Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Soon we will be adding luks encryption support. Since a volume could require both a luks secret and a secret to give to the server to use of the device, alter the alias generation to create a slightly different alias so that we don't have two objects with the same alias. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Commit id 'a1344f70' added AES secret processing for RBD when starting up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare an AES secret could be added to the disk about to be hotplugged. If an AES secret was added, then the hotplug code would need to generate the secret object because qemuBuildDriveStr would add the "password-secret=" to the returned 'driveStr' rather than the base64 encoded password. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 If the volume xml was looking to create a luks volume take the necessary steps in order to make that happen. The processing will be: 1. create a temporary file (virStorageBackendCreateQemuImgSecretPath) 1a. use the storage driver state dir path that uses the pool and volume name as a base. 2. create a secret object (virStorageBackendCreateQemuImgSecretObject) 2a. use an alias combinding the volume name and "_luks0" 2b. add the file to the object 3. create/add luks options to the commandline (virQEMUBuildLuksOpts) 3a. at the very least a "key-secret=%s" using the secret object alias 3b. if found in the XML the various "cipher" and "ivgen" options Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
When formatting the graphics data for TYPE_SPICE, check if the glisten is NULL before blindly referencing Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Since we VIR_ALLOC_N to *values, the VIR_FREE should be done likewise Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Move to virqemu and rename to virQEMUBuildBufferEscapeComma. This can then be shared by the storage driver when it builds the command line for qemuimg
-
由 John Ferlan 提交于
A recent adjustment to qemuDomainAttachRNGDevice to properly cleanup the props object after a qemuMonitorAddObject also would affect this code. Alter the cleanup to be similar to RNG changes.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 John Ferlan 提交于
Based on recent review comment - rather than have a spate of goto failxxxx, change to a boolean based model. Ensures that the original error can be preserved and cleanup is a bit more orderly if more objects are added.
-
由 Erik Skultety 提交于
Commit da665fbd introduced the following condition to virLXCProcessEnsureRootFS and openvzReadFSConf: if (!(<some_var> = virDomainFSDefNew()) < 0) which broke the build on fedora with GCC 5.3.1: "logical not is only applied to the left hand side of comparison". Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Julio Faracco 提交于
The commit da665fbd introduced virStorageSourcePtr inside the structure _virDomainFSDef. This is causing an error when libvirt is being compiled. make[3]: Entering directory `/media/julio/8d65c59c-6ade-4740-9cdc-38016a4cb8ae /home/julio/Desktop/virt/libvirt/src' CC security/virt_aa_helper-virt-aa-helper.o security/virt-aa-helper.c: In function 'get_files': security/virt-aa-helper.c:1087:13: error: passing argument 2 of 'vah_add_path' from incompatible pointer type [-Werror] if (vah_add_path(&buf, fs->src, "rw", true) != 0) ^ security/virt-aa-helper.c:732:1: note: expected 'const char *' but argument is of type 'virStorageSourcePtr' vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursive) ^ cc1: all warnings being treated as errors Adding the attribute "path" from virStorageSourcePtr fixes this issue. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
-
由 Nikolay Shirokovskiy 提交于
vz supports only a subset of tcp and udp parameters. 1. tcp type supports only 'raw' protocol. 2. udp type supports only same parameters of 'host' and 'service' for 'bind' and 'connect'. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
After domain is in the domains list let's keep it there. This is approach taken by qemu driver and vz vzDomainMigrateFinish3Params too. It quite reasonable, driver domain object is fully constructed and can be discovered by client later. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
9c14a9ab introduced vzNewDomain function to enlist libvirt domain object before actually creating vz sdk domain. Fix should fix race on same vz sdk domain added event where libvirt domain object is enlisted too. But later eb5e9c1e added locked checks for adding livirtd domain object to list on vz sdk domain added event. Thus now approach of 9c14a9ab is unnecessary complicated. See we have otherwise unuseful prlsdkGetDomainIds function only to create minimal domain definition to create libvirt domain object. Also vzNewDomain is difficult to use as it creates partially constructed domain object. Let's move back to original approach where prlsdkLoadDomain do all the necessary job. Another benefit is that we can now take driver lock for bare minimum and in single place. Reducing locking time have small disadvatage of double parsing on race conditions which is typical if domain is added thru vz driver. Well we have this double parse inevitably with current vz sdk api on any domain updates so i would not take it here seriously. Performance events subscribtion is done before locked check and therefore could be done twice on races but this is not the problem. Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Nikolay Shirokovskiy 提交于
Signed-off-by: NNikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-
由 Olga Krishtal 提交于
Vz containers are able to use ploop volumes from storage pools to work upon. To use filesystem type volume, pool name and volume name should be specifaed in <source> : <filesystem type='volume' accessmode='passthrough'> <driver type='ploop' format='ploop'/> <source pool='guest_images' volume='TEST_POOL_CT'/> <target dir='/'/> </filesystem> The information about pool and volume is stored in ct dom configuration: <StorageURL>libvirt://localhost/pool_name/vol_name</StorageURL> and can be easily obtained via PrlVmDevHd_GetStorageURL sdk call. The only shorcoming: if storage pool is moved somewhere the ct should be redefined in order to refresh the information aboot path to root.hdd Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>
-
由 Olga Krishtal 提交于
We do not need to check domainf fs type there, because it is done in prlsdkCheckUnsupportedParams. Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>
-
由 Olga Krishtal 提交于
New type of <devices> <filesystem type= 'volume'> is introduced. This patch allows to use volumes for storing the filesystem, that is accessed from the guest e.g. root directory for container. To take advantage of volumes as a backend of filesystem volume and pool names should be specified: <filesystem type= 'volume'> <source pool='pool name' volume='volume name'/> Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>
-
由 Olga Krishtal 提交于
Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>
-