- 28 9月, 2017 1 次提交
-
-
由 Ashish Mittal 提交于
Add a new TLS X.509 certificate type - "vxhs". This will handle the creation of a TLS certificate capability for properly configured VxHS network block device clients. The following describes the behavior of TLS for VxHS block device: (1) Two new options have been added in /etc/libvirt/qemu.conf to control TLS behavior with VxHS block devices "vxhs_tls" and "vxhs_tls_x509_cert_dir". (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable TLS for VxHS block devices. (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the TLS CA certificate and the client certificate and keys are saved. If this value is missing, the "default_tls_x509_cert_dir" will be used instead. If the environment is not configured properly the authentication to the VxHS server will fail. Signed-off-by: NAshish Mittal <Ashish.Mittal@veritas.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 03 8月, 2017 1 次提交
-
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1458630 Introduce virQEMUDriverConfigTLSDirResetDefaults in order to check if the defaultTLSx509certdir was changed, then change the default for any other *TLSx509certdir that was not set to the default default. Introduce virQEMUDriverConfigValidate to validate the existence of any of the *_tls_x509_cert_dir values that were uncommented/set, incuding the default. Update the qemu.conf description for default to describe the consequences if the default directory path does not exist. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 22 7月, 2017 1 次提交
-
-
由 dann frazier 提交于
Add a path for UEFI VMs for AArch32 VMs, based on the path Debian is using. libvirt is the de facto canonical location for defining where distros should place these firmware images, so let's define this path here to try and minimize distro fragmentation.
-
- 25 3月, 2017 2 次提交
-
-
由 John Ferlan 提交于
Update the descriptions to match the migrate option. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Add a new TLS X.509 certificate type - "migrate". This will handle the creation of a TLS certificate capability (and possibly repository) to be used for migrations. Similar to chardev's, credentials will be handled via a libvirt secrets; however, unlike chardev's enablement and usage will be via a CLI flag instead of a conf flag and a domain XML attribute. The migrations using the *x509_verify flag require the client-cert.pem and client-key.pem files to be present in the TLS directory - so let's also be sure to note that in the qemu.conf file. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 09 3月, 2017 1 次提交
-
-
由 Philipp Hahn 提交于
QEMU should be written all upper or all lower case.
-
- 20 2月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
So far, we are allowing /dev/vfio/vfio in the devices cgroup unconditionally (and creating it in the namespace too). Even if domain has no hostdev assignment configured. This is potential security hole. Therefore, when starting the domain (or hotplugging a hostdev) create & allow /dev/vfio/vfio too (if needed). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
-
- 09 2月, 2017 1 次提交
-
-
由 Jaroslav Safka 提交于
Add new parameter memory_backing_dir where files will be stored when memoryBacking source is selected as file. Value is stored inside char* memoryBackingDir
-
- 15 12月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Given how intrusive previous patches are, it might happen that there's a bug or imperfection. Lets give users a way out: if they set 'namespaces' to an empty array in qemu.conf the feature is suppressed. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 21 11月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
After a944bd92 we gained support for setting gluster debug level. However, due to a space we haven't tested whether augeas file actually works. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 11月, 2016 1 次提交
-
-
由 Prasanna Kumar Kalever 提交于
This helps in selecting log level of the gluster gfapi, output to stderr. The option is 'gluster_debug_level', can be tuned by editing '/etc/libvirt/qemu.conf' Debug levels ranges 0-9, with 9 being the most verbose, and 0 representing no debugging output. The default is the same as it was before, which is a level of 4. The current logging levels defined in the gluster gfapi are: 0 - None 1 - Emergency 2 - Alert 3 - Critical 4 - Error 5 - Warning 6 - Notice 7 - Info 8 - Debug 9 - Trace Signed-off-by: NPrasanna Kumar Kalever <prasanna.kalever@redhat.com> Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
-
- 20 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Add a new qemu.conf variables to store the UUID for the secret that could be used to present credentials to access the TLS chardev. Since this will be a server level and it's possible to use some sort of default, introduce both the default and chardev logic at the same time making the setting of the chardev check for it's own value, then if not present checking whether the default value had been set. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 09 9月, 2016 2 次提交
-
-
由 John Ferlan 提交于
Add a new TLS X.509 certificate type - "chardev". This will handle the creation of a TLS certificate capability (and possibly repository) for properly configured character device TCP backends. Unlike the vnc and spice there is no "listen" or "passwd" associated. The credentials eventually will be handled via a libvirt secret provided to a specific backend. Make use of the default verify option as well. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Rather than specify perhaps multiple TLS X.509 certificate directories, let's create a "default" directory which can then be used if the service (e.g. for now vnc and spice) does not supply a default directory. Since the default for vnc and spice may have existed before without being supplied, the default check will first check if the service specific path exists and if so, set the cfg entry to that; otherwise, the default will be set to the (now) new defaultTLSx509certdir. Additionally add a "default_tls_x509_verify" entry which can also be used to force the peer verification option (for vnc it's a x509verify option). Add/alter the macro for the option being found in the config file to accept the default value. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 06 9月, 2016 2 次提交
-
-
由 Daniel P. Berrange 提交于
We already have the ability to turn off dumping of guest RAM via the domain XML. This is not particularly useful though, as it is under control of the management application. What is needed is a way for the sysadmin to turn off guest RAM defaults globally, regardless of whether the mgmt app provides its own way to set this in the domain XML. So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf which defaults to false. ie guest RAM will never be included in the QEMU core dumps by default. This default is different from historical practice, but is considered to be more suitable as a default because a) guest RAM can be huge and so inflicts a DOS on the host I/O subsystem when dumping core for QEMU crashes b) guest RAM can contain alot of sensitive data belonging to the VM owner. This should not generally be copied around inside QEMU core dumps submitted to vendors for debugging c) guest RAM contents are rarely useful in diagnosing QEMU crashes Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the QEMU processes inherit their core dump rlimit from libvirtd, which is really suboptimal. This change allows their limit to be directly controlled from qemu.conf instead.
-
- 04 8月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 6月, 2016 2 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
This moves the socket generation if "vnc_auto_unix_socket" is set. It also fixes a bug with this config option that we should auto-generate socket path only if listen type is address and there is no address specified. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 26 11月, 2015 1 次提交
-
-
由 Daniel P. Berrange 提交于
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr. This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 1月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
Well, even though users can pass the list of UEFI:NVRAM pairs at the configure time, we may maintain the list of widely available UEFI ourselves too. And as arm64 begin to rises, OVMF was ported there too. With a slight name change - it's called AAVMF, with AAVMF_CODE.fd being the UEFI firmware and AAVMF_VARS.fd being the NVRAM store file. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 15 10月, 2014 1 次提交
-
-
由 Chen Fan 提交于
When enabling the migration_address option, by default it is set to "127.0.0.1", but it's not a valid address for migration. so we should add verification and set the default migration_address to "0.0.0.0". Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 23 9月, 2014 1 次提交
-
-
由 Michael R. Hines 提交于
This patch adds support for RDMA protocol in migration URIs. USAGE: $ virsh migrate --live --migrateuri rdma://hostname domain qemu+ssh://hostname/system Since libvirt runs QEMU in a pretty restricted environment, several files needs to be added to cgroup_device_acl (in qemu.conf) for QEMU to be able to access the host's infiniband hardware. Full documenation of the feature can be found on QEMU wiki: http://wiki.qemu.org/Features/RDMALiveMigrationSigned-off-by: NMichael R. Hines <mrhines@us.ibm.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 10 9月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
When using split UEFI image, it may come handy if libvirt manages per domain _VARS file automatically. While the _CODE file is RO and can be shared among multiple domains, you certainly don't want to do that on the _VARS file. This latter one needs to be per domain. So at the domain startup process, if it's determined that domain needs _VARS file it's copied from this master _VARS file. The location of the master file is configurable in qemu.conf. Temporary, on per domain basis the location of master NVRAM file can be overridden by this @template attribute I'm inventing to the <nvram/> element. All it does is holding path to the master NVRAM file from which local copy is created. If that's the case, the map in qemu.conf is not consulted. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Acked-by: NLaszlo Ersek <lersek@redhat.com>
-
- 04 8月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
There are multiple mount points after commit 725a211f, but one comment wasn't changed to use plurals. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 29 7月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
Use better detection of hugetlbfs mount points. Yes, there can be multiple mount points each serving different huge page size. Since we already have ability to override the mount point in the qemu.conf file, this crazy backward compatibility code is brought in. Now we allow multiple mount points, so the "hugetlbfs_mount" option must take an list of strings (mount points). But previously, it was just a string, so we must accept both types now. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 20 5月, 2014 1 次提交
-
-
由 Chen Fan 提交于
For now, we set the migration URI via command line '--migrate_uri' or construct the URI by looking up the dest host's hostname which could be solved by DNS automatically. But in cases the dest host have two or more NICs to reach, we may need to send the migration data over a specific NIC which is different from the automatically resolved one for some reason like performance, security, etc. Thus we must explicitly specify the migrateuri in command line everytime, but it is too troublesome if there are many such hosts (and don't forget virt-manager). This patch adds a configuration file option on dest host to save the default value set which can be specified to a migration hostname or one of this host's addresses used for transferring data, thus user doesn't have to specify it in command line everytime. Signed-off-by: NChen Fan <chen.fan.fnst@cn.fujitsu.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 07 5月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
QEMU commit 5e2ac51 added a boolean '-msg timestamp=[on|off]' option, which can enable timestamps on errors: $ qemu-system-x86_64 -msg timestamp=on zghhdorf 2014-04-09T13:25:46.779484Z qemu-system-x86_64: -msg timestamp=on: could not open disk image zghhdorf: Could not open 'zghhdorf': No such file or directory Enable this timestamp if the QEMU binary supports it. Add a 'log_timestamp' option to qemu.conf for disabling this behavior.
-
- 13 3月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
When I played with virtlockd I was stunned by lacking documentation. My frustration got bigger when I had to read the patches to get the correct value to set in qemu.conf. Moreover, from pure libvirt-pride I'm changing commented value from sanlock to lockd. We want to favor our own implementation after all. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 06 2月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Noticed a misuse of 'to' while testing my event regression under polkit ACLs, and decided to review the entire conf files for other legibility bugs. * daemon/libvirtd.conf: Use correct grammar. * src/qemu/qemu.conf: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 09 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Fix some user-visible wording from commits 72aafe9c and 1606d89c. * src/qemu/qemu.conf (migration_address): Better wording. * include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 18 10月, 2013 1 次提交
-
-
- 17 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
QEMU has support for SASL auth for SPICE guests, but libvirt has no way to enable it. Following the example from VNC where it is globally enabled via qemu.conf Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 10月, 2013 2 次提交
-
-
由 Peter Krempa 提交于
The regular save image code has the support to compress images using a specified algorithm. This was not implemented for external checkpoints although it shares most of the backend code. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227
-
由 Peter Krempa 提交于
The regular save image code has the support to compress images using a specified algorithm. This was not implemented for managed save although it shares most of the backend code.
-
- 11 10月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
This configuration knob is there to override default listen address for -incoming for all qemu domains. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 03 9月, 2013 1 次提交
-
-
由 Cole Robinson 提交于
On my machine, a guest fails to boot if it has a sound card, but not graphical device/display is configured, because pulseaudio fails to initialize since it can't access $HOME. A workaround is removing the audio device, however on ARM boards there isn't any option to do that, so -nographic always fails. Set QEMU_AUDIO_DRV=none if no <graphics> are configured. Unfortunately this has massive test suite fallout. Add a qemu.conf parameter nographics_allow_host_audio, that if enabled will pass through QEMU_AUDIO_DRV from sysconfig (similar to vnc_allow_host_audio)
-
- 15 5月, 2013 1 次提交
-
-
由 Martin Kletzander 提交于
Adding a VNC WebSocket support for QEMU driver. This functionality is in upstream qemu from commit described as v1.3.0-982-g7536ee4, so the capability is being recognized based on QEMU version for now.
-
- 30 4月, 2013 1 次提交
-
-
由 Laine Stump 提交于
PCIO device assignment using VFIO requires read/write access by the qemu process to /dev/vfio/vfio, and /dev/vfio/nn, where "nn" is the VFIO group number that the assigned device belongs to (and can be found with the function virPCIDeviceGetVFIOGroupDev) /dev/vfio/vfio can be accessible to any guest without danger (according to vfio developers), so it is added to the static ACL. The group device must be dynamically added to the cgroup ACL for each vfio hostdev in two places: 1) for any devices in the persistent config when the domain is started (done during qemuSetupCgroup()) 2) at device attach time for any hotplug devices (done in qemuDomainAttachHostDevice) The group device must be removed from the ACL when a device it "hot-unplugged" (in qemuDomainDetachHostDevice()) Note that USB devices are already doing their own cgroup setup and teardown in the hostdev-usb specific function. I chose to make the new functions generic and call them in a common location though. We can then move the USB-specific code (which is duplicated in two locations) to this single location. I'll be posting a followup patch to do that.
-
- 19 4月, 2013 1 次提交
-
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-