1. 27 10月, 2017 15 次提交
  2. 26 10月, 2017 10 次提交
    • C
      virt-aa-helper: fix libusb access to udev usb descriptions · d4d50bcc
      Christian Ehrhardt 提交于
      In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the
      libusb access to properly detect the device/bus ids was fixed.
      
      The path /run/udev/data/+usb* contains a subset of that information we
      already allow to be read and are currently not needed for the function
      qemu needs libusb for. But on the init of libusb all those files are
      still read so a lot of apparmor denials can be seen when using usb host
      devices, like:
        apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0"
        comm="qemu-system-x86" requested_mask="r" denied_mask="r"
      
      Today we could silence the warnings with a deny rule without breaking
      current use cases. But since the data in there is only a subset of those
      it can read already it is no additional information exposure. And on the
      other hand a future udev/libusb/qemu combination might need it so allow
      the access in the default apparmor profile.
      Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
      d4d50bcc
    • C
      virt-aa-helper: grant locking permission on -f · 07fc5c9c
      Christian Ehrhardt 提交于
      Hot-adding disks does not parse the full XML to generate apparmor rules.
      Instead it uses -f <PATH> to append a generic rule for that file path.
      
      580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented
      the qemu 2.10 requirement to allow locking on disks images that are part of
      the domain xml.
      
      But on attach-device a user will still trigger an apparmor deny by going
      through virt-aa-helper -f, to fix that add the lock "k" permission to the
      append file case of virt-aa-helper.
      Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
      07fc5c9c
    • J
      conf: Avoid leaking blockers from virDomainCapsCPUModel · 8def3215
      Jiri Denemark 提交于
      When adding CPU usability blockers I forgot to properly free them when
      in virDomainCapsCPUModelsDispose.
      Reported-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
      8def3215
    • C
      Increase default file handle limits for virtlockd · 3080834f
      Christian Ehrhardt 提交于
      The assumption so far was an average of 4 disks per guest.
      But some architectures, like s390x, still often use plenty of smaller disks.
      
      To include those in the considerations an assumption of an average of 10
      disks is more reasonable.
      Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
      3080834f
    • C
      Increase default file handle limits for virtlogd · d7444764
      Christian Ehrhardt 提交于
      The initial assumption was ~2 files per guest, but some common setups
      like Openstack drive up to 4 files per guest.
      
      E.g. on Arm where the following XML leads to 4 file handles:
          <serial type='file'>
            <source path='/var/lib/nova/instances/7c0dcd78-.../console.log'/>
            <target port='0'/>
            <alias name='serial0'/>
          </serial>
          <console type='file'>
            <source path='/var/lib/nova/instances/7c0dcd78-.../console.log'/>
            <target type='serial' port='0'/>
            <alias name='serial0'/>
          </console>
      
      With that in mind and the target to support 4k guests by default we
      should raise the limit to 16k.
      Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
      d7444764
    • J
      qemu: Enabled pause-before-switchover migration capability · 32c29f10
      Jiri Denemark 提交于
      QEMU identified a race condition between the device state serialization
      and the end of storage migration. Both QEMU and libvirt needs to be
      updated to fix this.
      
      Our migration work flow is modified so that after starting the migration
      we to wait for QEMU to enter "pre-switchover", "postcopy-active", or
      "completed" state. Once there, we cancel all block jobs as usual. But if
      QEMU is in "pre-switchover", we need to resume the migration afterwards
      and wait again for the real end (either "postcopy-active" or
      "completed" state).
      
      Old QEMU will just enter either "postcopy-active" or "completed"
      directly, which is still correctly handled even by new libvirt. The
      "pre-switchover" state will only be entered if QEMU supports it and the
      pause-before-switchover capability was enabled. Thus all combinations of
      libvirt and QEMU will work, but only new QEMU with new libvirt will
      avoid the race condition.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      32c29f10
    • J
      qemu: Add pause-before-switchover migration capability · 6addde24
      Jiri Denemark 提交于
      This new capability enables a pause before device state serialization so
      that we can finish all block jobs without racing with the end of the
      migration. The pause is indicated by "pre-switchover" state. Once we're
      done QEMU enters "device" migration state.
      
      This patch just defines the new capability and QEMU migration states and
      their mapping to our job states.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      6addde24
    • J
      b5ec33b8
    • P
      docs: Drop mention that WWN for disks must be unique · 8587bb45
      Peter Krempa 提交于
      For multipath disks it might be useful to have the same WWN for multiple
      disks. It's the users choice to do so. Since we dropped the check that
      disallows using duplicate WWNs drop the docs as well.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1464975
      8587bb45
    • D
      vbox: Read runtime RDP port and handle autoport · 55223c2b
      Dawid Zamirski 提交于
      VirutalBox has a IVRDEServerInfo structure available that
      gives the effective runtime port that the VM is using when it's
      running. This is useful when the "TCP/Ports" VBox property was set to
      port range (e.g. via autoport = "yes" or via VBoxManage) in which
      case it would be impossible to get the "active" port otherwise.
      55223c2b
  3. 25 10月, 2017 2 次提交
    • D
      vbox: Make autoport set RDP port range. · 380815f8
      Dawid Zamirski 提交于
      Originally autoport in vbox driver was setting the port to default value
      (3389) which caused multiple VM instances use the same port. Since
      libvirt XML does not allow to set port ranges, this patch changes the
      "autoport" behavior to set VBox's "TCP/Ports" property to an arbitrary
      port range (3389-3689) to avoid that issue.
      380815f8
    • D
      vbox: Remove old unflexible macros · 32845fd6
      Dawid Zamirski 提交于
      The VBOX_SESSION_OPEN/CLOSE macros are only called in
      _vboxDomainSnapshotRestore and they are unflexible because:
      
      * assume the caller will have variable named "data"
      * can only create Write lock type
      
      As per above, it's not that hard to simply use the VBOX API directly.
      32845fd6
  4. 24 10月, 2017 3 次提交
  5. 23 10月, 2017 10 次提交