1. 29 3月, 2017 1 次提交
  2. 28 3月, 2017 3 次提交
  3. 27 3月, 2017 6 次提交
  4. 25 3月, 2017 1 次提交
    • J
      qemu: Set up the migration TLS objects for target · 1a6b6d9a
      John Ferlan 提交于
      If the migration flags indicate this migration will be using TLS,
      then set up the destination during the prepare phase once the target
      domain has been started to add the TLS objects to perform the migration.
      
      This will create at least an "-object tls-creds-x509,endpoint=server,..."
      for TLS credentials and potentially an "-object secret,..." to handle the
      passphrase response to access the TLS credentials. The alias/id used for
      the TLS objects will contain "libvirt_migrate".
      
      Once the objects are created, the code will set the "tls-creds" and
      "tls-hostname" migration parameters to signify usage of TLS.
      
      During the Finish phase we'll be sure to attempt to clear the
      migration parameters and delete those objects (whether or not they
      were created). We'll also perform the same reset during recovery
      if we've reached FINISH3.
      
      If the migration isn't using TLS, then be sure to check if the
      migration parameters exist and clear them if so.
      1a6b6d9a
  5. 17 3月, 2017 1 次提交
  6. 16 3月, 2017 1 次提交
  7. 15 3月, 2017 2 次提交
    • M
      qemu: Implement NVDIMM · 1bc17319
      Michal Privoznik 提交于
      So, majority of the code is just ready as-is. Well, with one
      slight change: differentiate between dimm and nvdimm in places
      like device alias generation, generating the command line and so
      on.
      
      Speaking of the command line, we also need to append 'nvdimm=on'
      to the '-machine' argument so that the nvdimm feature is
      advertised in the ACPI tables properly.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      1bc17319
    • M
      Introduce NVDIMM memory model · b4e8a49f
      Michal Privoznik 提交于
      NVDIMM is new type of memory introduced into QEMU 2.6. The idea
      is that we have a Non-Volatile memory module that keeps the data
      persistent across domain reboots.
      
      At the domain XML level, we already have some representation of
      'dimm' modules. Long story short, NVDIMM will utilize the
      existing <memory/> element that lives under <devices/> by adding
      a new attribute 'nvdimm' to the existing @model and introduce a
      new <path/> element for <source/> while reusing other fields. The
      resulting XML would appear as:
      
          <memory model='nvdimm'>
            <source>
              <path>/tmp/nvdimm</path>
            </source>
            <target>
              <size unit='KiB'>523264</size>
              <node>0</node>
            </target>
            <address type='dimm' slot='0'/>
          </memory>
      
      So far, this is just a XML parser/formatter extension. QEMU
      driver implementation is in the next commit.
      
      For more info on NVDIMM visit the following web page:
      
          http://pmem.io/Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      b4e8a49f
  8. 13 3月, 2017 1 次提交
  9. 10 3月, 2017 1 次提交
    • M
      qemuProcessHandleMonitorEOF: Disable namespace for domain · e915942b
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1430634
      
      If a qemu process has died, we get EOF on its monitor. At this
      point, since qemu process was the only one running in the
      namespace kernel has already cleaned the namespace up. Any
      attempt of ours to enter it has to fail.
      
      This really happened in the bug linked above. We've tried to
      attach a disk to qemu and while we were in the monitor talking to
      qemu it just died. Therefore our code tried to do some roll back
      (e.g. deny the device in cgroups again, restore labels, etc.).
      However, during the roll back (esp. when restoring labels) we
      still thought that domain has a namespace. So we used secdriver's
      transactions. This failed as there is no namespace to enter.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      e915942b
  10. 09 3月, 2017 4 次提交
    • P
      conf: store "autoGenerated" for graphics listen in status XML · cd4a8b93
      Pavel Hrdina 提交于
      When libvirtd is started we call qemuDomainRecheckInternalPaths
      to detect whether a domain has VNC socket path generated by libvirt
      based on option from qemu.conf.  However if we are parsing status XML
      for running domain the existing socket path can be generated also if
      the config XML uses the new <listen type='socket'/> element without
      specifying any socket.
      
      The current code doesn't make difference how the socket was generated
      and always marks it as "fromConfig".  We need to store the
      "autoGenerated" value in the status XML in order to preserve that
      information.
      
      The difference between "fromConfig" and "autoGenerated" is important
      for migration, because if the socket is based on "fromConfig" we don't
      print it into the migratable XML and we assume that user has properly
      configured qemu.conf on both hosts.  However if the socket is based
      on "autoGenerated" it means that a new feature was used and therefore
      we need to leave the socket in migratable XML to make sure that if
      this feature is not supported on destination the migration will fail.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      cd4a8b93
    • J
      qemu: Rename variable · b2e5de96
      John Ferlan 提交于
      Rename 'secretUsageType' to 'usageType' since it's superfluous in an
      API qemu*Secret*
      b2e5de96
    • J
      qemu: Introduce qemuDomainSecretInfoTLSNew · 7c2b7891
      John Ferlan 提交于
      Building upon the qemuDomainSecretInfoNew, create a helper which will
      build the secret used for TLS.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      7c2b7891
    • J
      qemu: Introduce qemuDomainSecretInfoNew · c9a7b7b6
      John Ferlan 提交于
      Create a helper which will create the secinfo used for disks, hostdevs,
      and chardevs.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      c9a7b7b6
  11. 07 3月, 2017 2 次提交
  12. 06 3月, 2017 1 次提交
    • M
      qemu: Enforce qemuSecurity wrappers · 4da534c0
      Michal Privoznik 提交于
      Now that we have some qemuSecurity wrappers over
      virSecurityManager APIs, lets make sure everybody sticks with
      them. We have them for a reason and calling virSecurityManager
      API directly instead of wrapper may lead into accidentally
      labelling a file on the host instead of namespace.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      4da534c0
  13. 21 2月, 2017 1 次提交
    • M
      qemu: Fix deadlock across fork() in QEMU driver · e22de286
      Marc Hartmayer 提交于
      The functions in virCommand() after fork() must be careful with regard
      to accessing any mutexes that may have been locked by other threads in
      the parent process. It is possible that another thread in the parent
      process holds the lock for the virQEMUDriver while fork() is called.
      This leads to a deadlock in the child process when
      'virQEMUDriverGetConfig(driver)' is called and therefore the handshake
      never completes between the child and the parent process. Ultimately
      the virDomainObjectPtr will never be unlocked.
      
      It gets much worse if the other thread of the parent process, that
      holds the lock for the virQEMUDriver, tries to lock the already locked
      virDomainObject. This leads to a completely unresponsive libvirtd.
      
      It's possible to reproduce this case with calling 'virsh start XXX'
      and 'virsh managedsave XXX' in a tight loop for multiple domains.
      
      This commit fixes the deadlock in the same way as it is described in
      commit 61b52d2e.
      Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
      Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
      e22de286
  14. 20 2月, 2017 4 次提交
  15. 15 2月, 2017 2 次提交
    • M
      qemu_conf: Check for namespaces availability more wisely · b57bd206
      Michal Privoznik 提交于
      The bare fact that mnt namespace is available is not enough for
      us to allow/enable qemu namespaces feature. There are other
      requirements: we must copy all the ACL & SELinux labels otherwise
      we might grant access that is administratively forbidden or vice
      versa.
      At the same time, the check for namespace prerequisites is moved
      from domain startup time to qemu.conf parser as it doesn't make
      much sense to allow users to start misconfigured libvirt just to
      find out they can't start a single domain.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      b57bd206
    • A
      qemu: Call chmod() after mknod() · ee6ec782
      Andrea Bolognani 提交于
      mknod() is affected my the current umask, so we're not
      guaranteed the newly-created device node will have the
      right permissions.
      
      Call chmod(), which is not affected by the current umask,
      immediately afterwards to solve the issue.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
      ee6ec782
  16. 13 2月, 2017 1 次提交
  17. 09 2月, 2017 1 次提交
  18. 08 2月, 2017 6 次提交
  19. 07 2月, 2017 1 次提交