1. 02 5月, 2016 7 次提交
    • J
      qemu: Introduce qemuDomainSecretHostdevPrepare and Destroy · d0816650
      John Ferlan 提交于
      Similar to the qemuDomainSecretDiskPrepare, generate the secret
      for the Hostdev's prior to call qemuProcessLaunch which calls
      qemuBuildCommandLine. Additionally, since the secret is not longer
      added as part of building the command, the hotplug code will need
      to make the call to add the secret in the hostdevPriv.
      
      Since this then is the last requirement to pass a virConnectPtr
      to qemuBuildCommandLine, we now can remove that as part of these
      changes. That removal has cascading effects through various callers.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      d0816650
    • J
      qemu: Introduce qemuDomainHostdevPrivatePtr · 27726d8c
      John Ferlan 提交于
      Modeled after the qemuDomainDiskPrivatePtr logic, create a privateData
      pointer in the _virDomainHostdevDef to allow storage of private data
      for a hypervisor in order to at least temporarily store auth/secrets
      data for usage during qemuBuildCommandLine.
      
      NB: Since the qemu_parse_command (qemuParseCommandLine) code is not
      expecting to restore the auth/secret data, there's no need to add
      code to handle this new structure there.
      
      Updated copyrights for modules touched. Some didn't have updates in a
      couple years even though changes have been made.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      27726d8c
    • J
      qemu: Introduce qemuDomainSecretPrepare and Destroy · 40d8e2ba
      John Ferlan 提交于
      Rather than needing to pass the conn parameter to various command
      line building API's, add qemuDomainSecretPrepare just prior to the
      qemuProcessLaunch which calls qemuBuilCommandLine. The function
      must be called after qemuProcessPrepareHost since it's expected
      to eventually need the domain masterKey generated during the prepare
      host call. Additionally, future patches may require device aliases
      (assigned during the prepare domain call) in order to associate
      the secret objects.
      
      The qemuDomainSecretDestroy is called after the qemuProcessLaunch
      finishes in order to clear and free memory used by the secrets
      that were recently prepared, so they are not kept around in memory
      too long.
      
      Placing the setup here is beneficial for future patches which will
      need the domain masterKey in order to generate an encrypted secret
      along with an initialization vector to be saved and passed (since
      the masterKey shouldn't be passed around).
      
      Finally, since the secret is not added during command line build,
      the hotplug code will need to get the secret into the private disk data.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      40d8e2ba
    • J
      qemu: Introduce qemuDomainSecretInfo · 48f56a9c
      John Ferlan 提交于
      Introduce a new private structure to hold qemu domain auth/secret data.
      This will be stored in the qemuDomainDiskPrivate as a means to store the
      auth and fetched secret data rather than generating during building of
      the command line.
      
      The initial changes will handle the current username and secret values
      for rbd and iscsi disks (in their various forms). The rbd secret is
      stored as a base64 encoded value, while the iscsi secret is stored as
      a plain text value. Future changes will store encoded/encrypted secret
      data as well as an initialization vector needed to be given to qemu
      in order to decrypt the encoded password along with the domain masterKey.
      The inital assumption will be that VIR_DOMAIN_SECRET_INFO_PLAIN is
      being used.
      
      Although it's expected that the cleanup of the secret data will be
      done immediately after command line generation, reintroduce the object
      dispose function qemuDomainDiskPrivateDispose to handle removing
      memory associated with the structure for "normal" cleanup paths.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      48f56a9c
    • P
      qemu: hotplug: Allow update of disk default snapshot location · 662862ec
      Peter Krempa 提交于
      Since the field is internal to libvirt we can allow the users to modify
      it.
      662862ec
    • P
      qemu: domain: Check few more fields for when changing disk source · 3b3debfb
      Peter Krempa 提交于
      Both disk->src->shared and disk->src->readonly can't be modified when
      changing disk source for floppy and cdrom drives since both arguments
      are passed as arguments of the disk rather than the image in qemu.
      
      Historically these fields have only two possible values since they are
      represented as XML thus we need to ignore if user did not provide them
      and thus we are treating them as false.
      3b3debfb
    • P
      qemu: domain: Fix error message in qemuDomainDiskChangeSupported · a84d604d
      Peter Krempa 提交于
      disk->dst represents the <target> element in the XML.
      a84d604d
  2. 28 4月, 2016 1 次提交
    • M
      qemu: Regenerate VNC socket paths · 55320c23
      Martin Kletzander 提交于
      Similarly to what commit 71408079 did with some internal paths,
      clear vnc socket paths that were generated by us.  Having such path in
      the definition can cause trouble when restoring the domain.  The path is
      generated to the per-domain directory that contains the domain ID.
      However, that ID will be different upon restoration, so qemu won't be
      able to create that socket because the directory will not be prepared.
      
      To be able to migrate to older libvirt, skip formatting the socket path
      in migratable XML if it was autogenerated.  And mark it as autogenerated
      if it already exists and we're parsing live XML.
      
      Best viewed with '-C'.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1326270Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      55320c23
  3. 27 4月, 2016 2 次提交
  4. 20 4月, 2016 1 次提交
    • C
      storage: remove support for /usr/bin/kvm-img · 487d211d
      Cole Robinson 提交于
      This an ubuntu/debian packaging convention. At one point it may have
      been an actually different binary, but at least as of ubuntu precise
      (the oldest supported ubuntu distro, released april 2012) kvm-img is
      just a symlink to qemu-img for back compat.
      
      I think it's safe to drop support for it
      487d211d
  5. 19 4月, 2016 1 次提交
  6. 16 4月, 2016 1 次提交
    • M
      qemu: Label master key file · 744d74fa
      Martin Kletzander 提交于
      When creating the master key, we used mode 0600 (which we should) but
      because we were creating it as root, the file is not readable by any
      qemu running as non-root.  Fortunately, it's just a matter of labelling
      the file.  We are generating the file path few times already, so let's
      label it in the same function that has access to the path already.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      744d74fa
  7. 15 4月, 2016 3 次提交
    • P
      d6cb0d25
    • L
      qemu: support new pci controller model "pcie-expander-bus" · 8b62c65d
      Laine Stump 提交于
      This is backed by the qemu device pxb-pcie, which will be available in
      qemu 2.6.0.
      
      As with pci-expander-bus (which uses qemu's pxb device), the busNr
      attribute and <node> subelement of <target> are used to set the bus_nr
      and numa_node options.
      
      During post-parse we validate that the domain's machinetype is
      q35-based (since the device shows up for 440fx-based machinetypes, but
      is unusable), as well as checking that <node> specifies a node that is
      actually configured on the guest.
      8b62c65d
    • L
      qemu: support new pci controller model "pci-expander-bus" · 400b2976
      Laine Stump 提交于
      This is backed by the qemu device "pxb".
      
      The pxb device always includes a pci-bridge that is at the bus number
      of the pxb + 1.
      
      busNr and <node> from the <target> subelement are used to set the
      bus_nr and numa_node options for pxb.
      
      During post-parse we validate that the domain's machinetype is
      440fx-based (since the pxb device only works on 440fx-based machines),
      and <node> also gets a sanity check to assure that the NUMA node
      specified for the pxb (if any - it's optional) actually exists on the
      guest.
      400b2976
  8. 13 4月, 2016 1 次提交
  9. 10 4月, 2016 1 次提交
    • R
      qemu: fix build without gnutls installed · acb63aaf
      Roman Bogorodskiy 提交于
      Move including of gnutls/gnutls.h in qemu/qemu_domain.c under the
      "ifdef WITH_GNUTLS" check because otherwise it fails like this:
      
        CC       qemu/libvirt_driver_qemu_impl_la-qemu_domain.lo
      qemu/qemu_domain.c:50:10: fatal error: 'gnutls/gnutls.h' file not found
      
      in case if gnutls is not installed on the system.
      acb63aaf
  10. 08 4月, 2016 1 次提交
  11. 07 4月, 2016 2 次提交
    • A
      qemu: Explicitly check for gnutls_rnd() · 2d23d145
      Andrea Bolognani 提交于
      Our use of gnutls_rnd(), introduced with commit ad7520e8, is
      conditional to the availability of the <gnutls/crypto.h> header
      file.
      
      Such check, however, turns out not to be strict enough, as there
      are some versions of GnuTLS (eg. 2.8.5 from CentOS 6) that provide
      the header file, but not the function itself, which was introduced
      only in GnuTLS 2.12.0.
      
      Introduce an explicit check for the function.
      2d23d145
    • J
      qemu: Create domain master key · ad7520e8
      John Ferlan 提交于
      Add a masterKey and masterKeyLen to _qemuDomainObjPrivate to store a
      random domain master key and its length in order to support the ability
      to encrypt/decrypt sensitive data shared between libvirt and qemu. The
      key will be base64 encoded and written to a file to be used by the
      command line building code to share with qemu.
      
      New API's from this patch:
      
        qemuDomainGetMasterKeyFilePath:
          Return a path to where the key is located
      
        qemuDomainWriteMasterKeyFile: (private)
          Open (create/trunc) the masterKey path and write the masterKey
      
        qemuDomainMasterKeyReadFile:
          Using the master key path, open/read the file, and store the
          masterKey and masterKeyLen. Expected use only from qemuProcessReconnect
      
        qemuDomainGenerateRandomKey: (private)
          Generate a random key using available algorithms
      
          The key is generated either from the gnutls_rnd function if it
          exists or a less cryptographically strong mechanism using
          virGenerateRandomBytes
      
         qemuDomainMasterKeyRemove:
          Remove traces of the master key, remove the *KeyFilePath
      
        qemuDomainMasterKeyCreate:
          Generate the domain master key and save the key in the location
          returned by qemuDomainGetMasterKeyFilePath.
      
          This API will first ensure the QEMU_CAPS_OBJECT_SECRET is set
          in the capabilities. If not, then there's no need to generate
          the secret or file.
      
      The creation of the key will be attempted from qemuProcessPrepareHost
      once the libDir directory structure exists.
      
      The removal of the key will handled from qemuProcessStop just prior
      to deleting the libDir tree.
      
      Since the key will not be written out to the domain object XML file,
      the qemuProcessReconnect will read the saved file and restore the
      masterKey and masterKeyLen.
      ad7520e8
  12. 04 4月, 2016 2 次提交
  13. 29 3月, 2016 2 次提交
  14. 22 3月, 2016 1 次提交
  15. 21 3月, 2016 1 次提交
  16. 10 3月, 2016 1 次提交
  17. 09 3月, 2016 2 次提交
    • P
      qemu: add support for offline vcpupin · 02ae21de
      Peter Krempa 提交于
      Allow pinning for inactive vcpus. The pinning mask will be automatically
      applied as we would apply the default mask in case of a cpu hotplug.
      
      Setting the scheduler settings for a vcpu has the same semantics.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1306556
      02ae21de
    • P
      conf: refactor checking for unsupported memory devices · 185d13b1
      Peter Krempa 提交于
      Introduce a helper to check supported device and domain config and move
      the memory hotplug checks to it.
      
      The advantage of this approach is that by default all new features are
      considered unsupported by all hypervisors unless specifically changed
      rather than the previous approach where every hypervisor would need to
      declare that a given feature is unsupported.
      185d13b1
  18. 08 3月, 2016 2 次提交
  19. 01 3月, 2016 1 次提交
    • M
      qemu: Shorten per-domain directory names · a89f05ba
      Martin Kletzander 提交于
      Per-domain directories were introduced in order to be able to
      completely separate security labels for each domain (commit
      f1f68ca3).  However when the domain
      name is long (let's say a ridiculous 110 characters), we cannot
      connect to the monitor socket because on length of UNIX socket address
      is limited.  In order to get around this, let's shorten it in similar
      fashion and in order to avoid conflicts, throw in an ID there as well.
      Also save that into the status XML and load the old status XMLs
      properly (to clean up after older domains).  That way we can change it
      in the future.
      
      The shortening can be seen in qemuxml2argv tests, for example in the
      hugepages-pages2 case.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      a89f05ba
  20. 26 2月, 2016 1 次提交
  21. 20 2月, 2016 1 次提交
    • A
      gic: Introduce VIR_GIC_VERSION_DEFAULT alias · d8fc7e05
      Andrea Bolognani 提交于
      GIC v2 is the default, but checking against that specific version when
      we want to know whether the default has been selected is potentially
      error prone; using an alias instead makes it safer.
      d8fc7e05
  22. 19 2月, 2016 2 次提交
  23. 17 2月, 2016 3 次提交