Commit Graph

33662 Commits

Author SHA1 Message Date
Daniel P. Berrangé
03fd51051e rpc: remove unused API for creating services from FDs
The virNetServerServiceNewFDOrUNIX method cannot be correctly used when
dealing with systemd activation of a service which can receive more than
one socket FD as there is not guaranteed ordering of FDs.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
e2f012b8f0 remote: fix handling of systemd activation wrt socket ordering
The current libvirtd code for systemd socket activation assumes socket
FDs are passed in the order unix-rw, unix-ro, unix-admin.  There is in
fact no ordering guarantee made by systemd. Applications are expected
to check the address or name associated with each FD to figure out its
identity.

This rewrites libvirtd to make use of the new systemd activation APIs
to make it robust wrt socket ordering changes.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
e9095c328a remote: simplify libvirtd code for deciding if SASL auth is needed
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
49fa9e64ca rpc: add API for checking whether an auth scheme is in use on a server
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:40 +01:00
Daniel P. Berrangé
9692fe10eb rpc: add helper APIs for adding services with systemd activation
Currently code has to first create the service and then separately
register it with the server. If the socket associated with a particular
service is not passed from systemd we want to skip creating the service
altogether. This means we can't put the systemd activation logic into
the constructors for virNetServerService.

This patch thus creates some helper methods against virNetServer which
combine systemd activation, service creation and service registration
into one single operation. This operation is automatically a no-op if
systemd activation is present and no sockets were passed in.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
1519c55dc8 rpc: avoid unlinking sockets passed in from systemd
Currently the socket code will unlink any UNIX socket path which is
associated with a server socket. This is not fine grained enough, as we
need to avoid unlinking server sockets we were passed by systemd.

To deal with this we must explicitly track whether each socket needs to
be unlinked when closed, separately of the client vs server state.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
9f3d1c5c8f rpc: allow creating RPC service from an array of FDs
The virNetServerServiceNewFD API only accepts a single FD, but it is
easily changed to allow for an array of FDs to be passed in.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
3b6bfde089 rpc: refactor RPC service constructors to share more code
Introduce a virNetServerServiceNewSocket API that allows the various
constructors to share more code.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
5b8569dd6e util: add APIs for facilitating use of systemd activation FDs
When receiving multiple FDs from systemd during service activation it is
neccessary to identify which purpose each FD is used for. While this
could be inferred by looking for the specific IP ports or UNIX socket
paths, this requires the systemd config to always match what is expected
by the code. Using systemd FD names we can remove this restriction and
simply identify FDs based on an arbitrary name.

The FD names are passed by systemd in the LISTEN_FDNAMES env variable
which is populated with the socket unit file names, unless overriden
by using the FileDescriptorName setting.

This is supported since the system 227 release and unfortunately RHEL7
lacks this version. Thus the code has some back compat support whereby
we look at the TCP ports or the UNIX socket paths to identify what
socket maps to which name. This back compat code is written such that
is it easly deleted when we are able to mandate newer systemd.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Daniel P. Berrangé
f8b3905edf rpc: ensure all sockets bind to same port when service is NULL
When the service passed to getaddrinfo is NULL the kernel will choose a
free port to bind to. In a dual stack though we will get separate
sockets for IPv4 and IPv6 and we need them to bind to the same port
number. Thus once the kerel has auto-selected a port for the first
socket, we must disable auto-select for subsequent IP sockets and force
reuse of the first port.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 16:55:39 +01:00
Ján Tomko
b632e00ffb storage: rbd: do not attempt to dereference a non-pointer
My commit 9b7c4048fa was too blind
and my librbd was not new enough to actually compile this part.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-12 17:51:39 +02:00
Ján Tomko
68c4d62046 docs: RBD pool only supports raw volumes
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:43 +02:00
Ján Tomko
5d74619329 Revert "conf: Remove volOptions for VIR_STORAGE_POOL_RBD"
This reverts commit 035db37394

Even though we only allow using RBD with raw volumes,
removing the options and the default format causes our
parser not to fill out the volume format and the backend code
rejects creating a non-raw volume.

Re-introduce the volume options to fix volume creation while
erroring out on requests to use non-raw formats.

https://bugzilla.redhat.com/show_bug.cgi?id=1724065

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:43 +02:00
Ján Tomko
9b7c4048fa storage: rbd: actually index the array when iterating over it
https://bugzilla.redhat.com/show_bug.cgi?id=1729292

Fixes: 3aa190f2a4
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:42 +02:00
Ján Tomko
d43bc53edd storage: rbd: use VIR_REALLOC in the loop
If there are more than 16 images, the memory allocated in images
might be leaked on subsequent execution(s).

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 17:09:42 +02:00
Jonathon Jongsma
062b4a4cd7 qemu: minor refactor of video device string handling
In preparation for adding the bochs display device, refactor the logic
so that each branch handles a single device type and checks its
parameters within that branch. In this case VGA and VMVGA are still
grouped into the same branch since they share device-specific parameter
names.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-07-12 16:54:32 +02:00
Michal Privoznik
87050bcede virnetworkobj: Drop needless cleanup label in virNetworkObjDeletePort
The cleanup label in virNetworkObjDeletePort() function serves no
purpose. Drop it and thus simplify the function a bit.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-12 16:26:09 +02:00
Michal Privoznik
6246400329 virnetworkobj: Drop needless cleanup label in virNetworkObjAddPort
The cleanup label in virNetworkObjAddPort() function serves no
purpose. Drop it and thus simplify the function a bit.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-12 16:25:57 +02:00
Michal Privoznik
37d8d6b98d virnetworkobj: Free retval of virNetworkObjGetPortStatusDir()
The virNetworkObjGetPortStatusDir() function allocates a memory
to construct a path. None of the callers free it leading to a
memleak.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2019-07-12 16:19:43 +02:00
Daniel P. Berrangé
975b004d07 logging: ensure virtlogd rollover takes priority over logrotate
The virtlogd config is set to rollover logs every 2 MB.

Normally a logrotate config file is also installed to handle cases where
virtlogd is disabled. This is set to rollover weekly with no size
constraint.

As a result logrotate can interfere with virtlogd's, rolling over files
that virtlogd has already taken care of.

This changes logrotate configs to rollover based on a max size
constraint of 2 MB + 1 byte. When virtlogd is running the log files will
never get this large, making logrotate a no-op.

If the user changes the size in virtlogd's config to something larger,
they are responsible for also changing the logrotate config suitably.

The LXC/libxl drivers don't use virtlogd, but there logrotate config is
altered to match the QEMU driver config, for the sake of consistency.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-12 12:44:59 +01:00
Daniel P. Berrangé
1939bcd539 rpc: always pass "-T -e none" args to ssh
Way back in the past, the "no_tty=1" option was added for the remote
driver to disable local password prompting by disabling use of the local
tty:

  commit b32f429849
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Fri Sep 21 20:17:09 2007 +0000

    Added a no_tty param to remote URIs to stop SSH prompting for password

This was done by adding "-T -o BatchMode=yes -e none" args to ssh. This
achieved the desired results but is none the less semantically flawed
because it is mixing up config parameters for the local tty vs the
remote tty.

The "-T" arg stops allocation of a TTY on the remote host. This is good
for all libvirt SSH tunnels as we never require a TTY for our usage
model, so we should have just passed this unconditionally.

The "-e none" option disables the escape character for sessions with a
TTY. If we pass "-T" this is not required, but it also not harmful to
add it, so we should just pass it unconditionally too.

Only the "-o BatchMode=yes" option is related to disabling local
password prompts and thus needs control via the no_tty URI param.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 15:26:54 +01:00
Ján Tomko
173a191cfe qemu: stop formatting json='1' in status XML
For quite some time now it is impossible to connect to a domain
using a HMP monitor, so there is no point in formatting it in the status
XML.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-11 16:19:12 +02:00
Daniel P. Berrangé
ec9f1cd569 nodedev: add missing include for virFileMakePathWithMode
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 14:19:03 +01:00
Daniel P. Berrangé
012e0d40bf util: add API for resolving socket service names
The getservent() APIs are not re-entrant safe so cannot be used in any
threaded program. Add a wrapper around getaddrinfo() for resolving the
service names to a port number.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 14:13:03 +01:00
Daniel P. Berrangé
836f4e0659 rpc: add helper API for getting UNIX path from socket object
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 14:13:03 +01:00
Daniel P. Berrangé
a767af1a7c util: add helper API for getting UNIX path from socket address
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 14:13:03 +01:00
Daniel P. Berrangé
cfd955b03a locking,logging: put a strong dep from admin socket to main socket
It doesn't make sense to have the admin socket active if the main
socket is not running, so bind their lifecycle together.

This ensures that if primary socket is stopped, the corresponding
admin socket is also stopped.

In the reverse, starting the admin socket will also automatically
start the primary socket.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 14:13:03 +01:00
Andrea Bolognani
5a23d22b6c gitlab: Perform some builds on Debian 10
The split is mostly arbitrary, but we purposefully moved
the mips64el builds off sid since currently that container
is failing to build and is thus unavailable.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 15:03:39 +02:00
Andrea Bolognani
14a04f8bba ci: Update image list
We really need to change this so that it fetches the image
list dynamically from Quay, but for the time being at least
make sure the static list is accurate.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 15:03:37 +02:00
Andrea Bolognani
319cc0045b ci: Use default image tag "latest"
Up until now, our images have been tagged as "master" instead
of the default "latest" due to the way the build process
worked, but we're using the default now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 15:03:32 +02:00
Daniel P. Berrangé
dbfdbd9acc bhyve: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/bhyve/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/bhyve/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
7cefe61172 vz: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/vz/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/vz/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
64c5b6bc06 lxc: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/lxc/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/lxc/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
59080d84c0 libxl: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/libxl/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/libxl/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
defddd0476 libxl: remove obsolete check for xend during driver startup
No supported build targets for libvirt still ship xend, so there is no
need for the libxl driver to check for it anymore.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
6fc378c10e nwfilter: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/nwfilter/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/nwfilter/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
09d37f9d65 interface: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/interface/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/interface/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
3e846a1621 nodedev: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/nodedev/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/nodedev/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
44a5ba2af8 storage: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/storage/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/storage/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
c03aef7c87 network: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/network/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/network/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
8292b9e364 secrets: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/secrets/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/secrets/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Daniel P. Berrangé
1af03e2714 qemu: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.

In privileged libvirtd this ends up locking

   /var/run/libvirt/qemu/driver.pid

In unprivileged libvirtd this ends up locking

  /run/user/$UID/libvirt/qemu/run/driver.pid

NB, the latter can vary depending on $XDG_RUNTIME_DIR

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-11 12:46:20 +01:00
Eric Blake
95f8e3237e snapshot: Add VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE flag
We've been doing a terrible job of performing XML validation in our
various API that parse XML with a corresponding schema (we started
with domains back in commit dd69a14f, v1.2.12, but didn't catch all
domain-related APIs, didn't document the use of the flag, and didn't
cover other XML). New APIs (like checkpoints) should do the validation
unconditionally, but it doesn't hurt to continue retrofitting existing
APIs to at least allow the option.

While there are many APIs that could be improved, this patch focuses
on wiring up a new snapshot XML creation flag through all the
hypervisors that support snapshots, as well as exposing it in 'virsh
snapshot-create'.  For 'virsh snapshot-create-as', we blindly set the
flag without a command-line option, since the XML we create from the
command line should generally always comply (note that validation
might cause failures where it used to succeed, such as if we tighten
the RNG to reject a name of '../\n'); but blindly passing the flag
means we also have to add in fallback code to disable validation if
the server is too old to understand the flag.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-10 17:34:58 -05:00
Eric Blake
88ae8b8b0c snapshot: Add internal option to validate XML against schema
Similar to VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; the next patch will
put it to use with a counterpart public API flag.

No need to change qemudomainsnapshotxml2xmltest to use the flag, since
the testsuite already has a separate virschematest that does the same.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-10 17:13:26 -05:00
Eric Blake
4cc5679e91 maint: Drop dead code in check-driverimpls.pl
We no longer need to special-case xenUnified, since 1dac5fbbbb
dropped support for that naming scheme.

Signed-off-by: Eric Blake <eblake@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2019-07-10 11:46:22 -05:00
Daniel P. Berrangé
3ee8ea9560 vz: fix typo that lost the '#' in '#define'
Previous commit:

  commit faceedaf71
  Author: Jonathon Jongsma <jjongsma@redhat.com>
  Date:   Tue Jun 18 11:13:12 2019 -0500

    src/vz: use #pragma once in headers

accidentally chomped the "#" in a "#define" when re-indenting

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-10 15:36:46 +01:00
Daniel P. Berrangé
2a5bc13639 util: assume modern CPU_ALLOC macros always exist
Support for the modern CPU_ALLOC macros was added 10 years ago in

  commit a73cd93b24
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Mon Nov 16 16:08:29 2009 +0000

    Alternate CPU affinity impl to cope with NR_CPUS > 1024

This is long enough that we can assume it always exists and drop the
back compat code.

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-09 18:44:19 +01:00
Daniel P. Berrangé
3918fb0dc1 docs: introduce a "knowledge base" for task oriented guides
The previously added AMD SEV doc was not linked from anywhere on the
website. Address this by introducing a new "Knowledge base" section
that can hold task oriented guide to various features. Moving the SEV,
disk locking and secure usage guides under this section.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-09 18:43:12 +01:00
Eric Blake
66ec1e80b1 maint: Typo fix for whether
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-07-09 10:42:39 -05:00
Eric Blake
846fe076ca bhyve: Fix build
Continuous integration caught that although 'make syntax-check' was
sufficient to let me be aware that I had to change bhyve to use
s/virDomainShutdownEnsureACL/virDomainShutdownFlagsEnsureACL/, it was
not sufficient to note which ACL functions require 2 vs. 3 arguments
for flag validation.

Fixes: eded8aad
Signed-off-by: Eric Blake <eblake@redhat.com>
2019-07-09 10:42:39 -05:00