Commit Graph

46816 Commits

Author SHA1 Message Date
Martin Kletzander
59d30adacd libvirt-guests: Fix dependency ordering in service file
After some debugging and discussion with systemd team it turns out we
are misusing the ordering in libvirt-guests.service.  That happened
because we want to support both monolithic and modular daemon setups and
on top of that we also want to support socket activation and services
without socket activation.  Unfortunately this is impossible to express
in the unit file because of how transactions are handled in systemd when
dependencies are resolved and multiple actions (jobs) are queued.  For
explanation from Michal Sekletar see comment #7 in the BZ this patch is
fixing:

https://bugzilla.redhat.com/show_bug.cgi?id=1964855#c7

In order to support all the scenarios this patch also amends the
manpages so that users that are changing the default can also read how
to correct the dependency ordering in libvirt-guests unit file.

Ideally we would also keep the existing configuration during upgrade,
but due to our huge support matrix this seems hardly feasible as it
could introduce even more problems.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-09-26 13:04:48 +02:00
zhanchun li
e9fd6de8fc Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 99.8% (10420 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/zh_CN/

Co-authored-by: zhanchun li <lzc777@126.com>
Signed-off-by: zhanchun li <lzc777@126.com>
2022-09-25 14:19:43 +02:00
Göran Uddeborg
f27cf29e96 Translated using Weblate (Swedish)
Currently translated at 47.2% (4932 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Co-authored-by: Göran Uddeborg <goeran@uddeborg.se>
Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2022-09-25 14:19:43 +02:00
Michal Privoznik
0377177c78 qemu_process.c: Propagate hugetlbfs mounts on reconnect
When reconnecting to a running QEMU process, we construct the
per-domain path in all hugetlbfs mounts. This is a relict from
the past (v3.4.0-100-g5b24d25062) where we switched to a
per-domain path and we want to create those paths when libvirtd
restarts on upgrade.

And with namespaces enabled there is one corner case where the
path is not created. In fact an error is reported and the
reconnect fails. Ideally, all mount events are propagated into
the QEMU's namespace. And they probably are, except when the
target path does not exist inside the namespace. Now, it's pretty
common for users to mount hugetlbfs under /dev (e.g.
/dev/hugepages), but if domain is started without hugepages (or
more specifically - private hugetlbfs path wasn't created on
domain startup), then the reconnect code tries to create it.
But it fails to do so, well, it fails to set seclabels on the
path because, because the path does not exist in the private
namespace. And it doesn't exist because we specifically create
only a subset of all possible /dev nodes. Therefore, the mount
event, whilst propagated, is not successful and hence the
filesystem is not mounted. We have to do it ourselves.

If hugetlbfs is mount anywhere else there's no problem and this
is effectively a dead code.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 16:33:48 +02:00
Michal Privoznik
5853d70718 qemu_namespace: Introduce qemuDomainNamespaceSetupPath()
Sometimes it may come handy to just bind mount a directory/file
into domain's namespace. Implement a thin wrapper over
qemuNamespaceMknodPaths() which has all the logic we need.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 16:33:09 +02:00
Michal Privoznik
46b03819ae qemu_namespace: Fix a corner case in qemuDomainGetPreservedMounts()
When setting up namespace for QEMU we look at mount points under
/dev (like /dev/pts, /dev/mqueue/, etc.) because we want to
preserve those (which is done by moving them to a temp location,
unshare(), and then moving them back). We have a convenience
helper - qemuDomainGetPreservedMounts() - that processes the
mount table and (optionally) moves the other filesystems too.
This helper is also used when attempting to create a path in NS,
because the path, while starting with "/dev/" prefix, may
actually lead to one of those filesystems that we preserved.

And here comes the corner case: while we require the parent mount
table to be in shared mode (equivalent of `mount --make-rshared /'),
these mount events propagate iff the target path exist inside the
slave mount table (= QEMU's private namespace). And since we
create only a subset of /dev nodes, well, that assumption is not
always the case.

For instance, assume that a domain is already running, no
hugepages were configured for it nor any hugetlbfs is mounted.
Now, when a hugetlbfs is mounted into '/dev/hugepages', this is
propagated into the QEMU's namespace, but since the target dir
does not exist in the private /dev, the FS is not mounted in the
namespace.

Fortunately, this difference between namespaces is visible when
comparing /proc/mounts and /proc/$PID/mounts (where PID is the
QEMU's PID). Therefore, if possible we should look at the latter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 16:32:51 +02:00
Michal Privoznik
687374959e qemu_namespace: Tolerate missing ACLs when creating a path in namespace
When creating a path in a domain's mount namespace we try to set
ACLs on it, so that it's a verbatim copy of the path in parent's
namespace. The ACLs are queried upfront (by
qemuNamespaceMknodItemInit()) but this is fault tolerant so the
pointer to ACLs might be NULL (meaning no ACLs were queried, for
instance because the underlying filesystem does not support
them). But then we take this NULL and pass it to virFileSetACLs()
which immediately returns an error because NULL is invalid value.

Mimic what we do with SELinux label - only set ACLs if they are
non-NULL which includes symlinks.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 15:47:54 +02:00
Michal Privoznik
a8947db1a4 qemu_domain: Ignore all but SCSI hostdevs in qemuDomainDeviceHostdevDefPostParseRestoreBackendAlias()
When retiring QEMU_CAPS_BLOCKDEV_HOSTDEV_SCSI capability the
commit removed a bit too much. Previously, all other devices than
VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI were ignored in
qemuDomainDeviceHostdevDefPostParseRestoreBackendAlias(). But the
commit in question removed not only the capability check but also
this return early statement. Restore it back.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2129239
Fixes: dc8dbb27d4
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 15:28:34 +02:00
Michal Privoznik
68e93e3180 security_selinux: Don't ignore NVMe disks when setting image label
For NVMe disks we skip setting SELinux label on corresponding
VFIO group (/dev/vfio/X). This bug is only visible with
namespaces and goes as follows:

1) libvirt assigns NVMe disk to vfio-pci driver,
2) kernel creates /dev/vfio/X node with generic device_t SELinux
   label,
3) our namespace code creates the exact copy of the node in
   domain's private /dev,
4) SELinux policy kicks in an changes the label on the node to
   vfio_device_t (in the top most namespace),
5) libvirt tells QEMU to attach the NVMe disk, which is denied by
   SELinux policy.

While one can argue that kernel should have created the
/dev/vfio/X node with the correct SELinux label from the
beginning (step 2), libvirt can't rely on that and needs to set
label on its own.

Surprisingly, I already wrote the code that aims on this specific
case (v6.0.0-rc1~241), but because of a shortcut we take earlier
it is never ran. The reason is that
virStorageSourceIsLocalStorage() considers NVMe disks as
non-local because their source is not accessible via src->path
(or even if it is, it's not a local path).

Therefore, do not exit early for NVMe disks and let the function
continue.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2121441
Fixes: 284a12bae0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-09-22 16:24:05 +02:00
Daniel P. Berrangé
8496880866 tests: add better QEMU capabilities example
Updated example covers:

  * UUID
  * CPU model, vendor, microcode, signature, counters,
    topology, maxphysaddr, features,
  * Power management
  * NUMA page size info, multiple nodes, CPU topology IDs, distances
  * CPU cache bank info
  * Multiple secmodels

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-09-21 12:02:40 +01:00
Göran Uddeborg
0eeb4a1775 Translated using Weblate (Swedish)
Currently translated at 45.9% (4794 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Translated using Weblate (Swedish)

Currently translated at 45.5% (4754 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Translated using Weblate (Swedish)

Currently translated at 45.3% (4734 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Translated using Weblate (Swedish)

Currently translated at 44.9% (4694 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Co-authored-by: Göran Uddeborg <goeran@uddeborg.se>
Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2022-09-20 14:46:19 +02:00
Peter Krempa
b34c7c9104 virdomainjob: virDomainObjInitJob: Avoid borrowing memory from 'virDomainXMLOption'
The 'cb' and 'jobDataPrivateCb' pointers are stored in the job object
but made point to the memory owned by the virDomainXMLOption struct in
the callers.

Since the 'virdomainjob' module isn't in control the lifetime of the
virDomainXMLOption, which in some cases is freed before the domain job
data, freed memory would be dereferenced in some cases.

Copy the structs from virDomainXMLOption to ensure the lifetime. This is
possible since the callback functions are immutable.

Fixes: 84e9fd068c
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-20 13:56:57 +02:00
Michal Privoznik
7c35778126 meson: Require libssh-0.8.1 or newer
According to repology.org:

              RHEL-8: 0.9.4
              RHEL-9: 0.9.6
           Debian 11: 0.9.5
  openSUSE Leap 15.3: 0.8.7
        Ubuntu 20.04: 0.9.3

And the rest of distros has something newer anyways. Requiring
0.8.1 or newer allows us to drop the terrible hack where we
rename functions at meson level using #define. Note, 0.8.0 is
the version of libssh where the rename happened. It also allows
us to stick with SHA-256 hash algorithm for public keys.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-20 09:34:52 +02:00
Daniel P. Berrangé
c83c6e4e7a ci: refresh with latest lcitool manifest
This updates the FreeBSD 13 image to 13.1 which should fix the
symbol lookup errors seen in CI recently.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-09-14 10:54:15 -04:00
Peter Krempa
ac3abe0a3f docs: compiling: Add notes on starting compiled libvirt daemons
In the basic configuration with monolithic libvirtd users are required
to also start virtlogd. Add a general note with a specific example
hinting that this is needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
4cb0cdd7ff docs: compiling: Encourage force-enabling required functionality
To prevent surprises when a build doesn't in fact contain the required
functionality suggest that users force-enable required modules.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
b64a9e97d1 docs: compiling: Separate 'prepare', 'configure', and 'build' steps
Only the preparation of sources differs between a build from a git
checkout vs a build from tarball. Restructure the docs to outline the
difference and combine information on how to configure libvirt.

Most notably the suggestion to use '-Dsystem=true' was present only for
the steps to build a git checkout.

Suggest also running the testsuite as part of the build step.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
dae224fdb1 docs: compiling: Separate information on how to install libvirt and add disclaimer
Create a section for instructions on how to install the built binaries
rather than mentioning it multiple times.

Add a note that installing over your distro-provided packages will most
likely break your instalation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
91284a2893 docs: compiling: Section off block on how to run from build directory
Running from build directory isn't strictly tied to the git-checkout
build so make a new section for it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
fbd6b2480a docs: compiling: Add a paragraph suggesting installation from repository
Users should be encouraged to install libvirt from the distro's repos in
the first place.

Also encourage distro-specific ways to get newer versions, rather than
building from source manually.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
93c3e3d49e remote: Don't attempt remote connection from libvirtd
When a hypervisor driver is not compiled in and a user enables the
monolithic libvirtd, they get the following misleading error:

  $ virsh -c qemu:///system
  error: failed to connect to the hypervisor
  error: Failed to connect socket to '/var/run/libvirt/virtqemud-sock': No such file or directory

The issue is that the daemon side of the remote driver can't find the
appropriate driver, but the remote driver always accepts everything and
thus attempts to delegate further, which in case of libvirtd makes no
sense.

Refuse opening a connection for local URIS even when the requested
driver is not registered in case when we are inside 'libvirtd' as
libvirtd doesn't have anything to delegate to.

  $ virsh -c qemu:///system
  error: failed to connect to the hypervisor
  error: no connection driver available for qemu:///system

Discovered when investigating https://gitlab.com/libvirt/libvirt/-/issues/370

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
4b70a0519c virStateInitialize: Propagate whether running in monolithic daemon mode to stateful driver init
Upcoming patch which is fixing the opening of drivers in monolithic mode
needs to know whether we are inside 'libvirtd' but the code where the
decision needs to happen is not re-compiled per daemon. Thus we need to
pass this information to the stateful driver init function so that it
can be remebered.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
03f924f2b2 lxc: Remove unneeded forward declaration of 'lxcStateInitialize'
The function is used only after the definition.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
42d8bb4456 remote: doRemoteOpen: Automatically clean up 'priv'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
18c09ec164 remoteConnectOpen: Refactor cleanup
Use automatic memory freeing for 'driver' and return error right away to
avoid the 'cleanup' label.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
791b4f9e0c remote: remoteOpenConn: Use virConnectOpenAuth instead of virConnectOpen(ReadOnly)
virConnectOpenAuth provides an unified interface with using 'flags' to
select the proper mode.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
b403aaf04c virConnectOpenInternal: Remove 'failed' label
Jumping to the label would just return NULL.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
000bb404e5 virConnectOpenInternal: Switch to automatic memory cleanup
Use automatic cleanup for 'ret' and 'uristr'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Peter Krempa
48e1b49353 virConnectOpenInternal: Avoid double free() when alias is an invalid URI
Configuring an URI alias such as

  uri_aliases = [
      "blah=qemu://invaliduri@@@",
  ]

Results in a double free when the alias is used:

  $ virsh -c blah
  free(): double free detected in tcache 2
  Aborted (core dumped)

This happens as the 'alias' variable is first assigned to 'uristr' which
is cleared in the 'failed' label and then is explicitly freed again.

Fix this by stealing the alias into 'uristr' and removing the
unnecessary freeing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 10:50:02 +02:00
Michal Privoznik
d3397885d5 kbase: Document QEMU private mount NS limitations
There are two points I've taken for granted:

  1) the mount points are set before starting a guest,
  2) the / and its submounts are marked as shared, so that mount
     events propagate into child namespaces when assumption 1) is
     not held.

But what's obvious to me might not be obvious to our users.
Document these known limitations.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-12 12:05:07 +02:00
Michal Privoznik
f14f8dff93 qemu_process: Don't require a hugetlbfs mount for memfd
The aim of qemuProcessNeedHugepagesPath() is to determine whether
a hugetlbfs mount point is required for given domain (as in
whether qemuBuildMemoryBackendProps() picks up
memory-backend-file pointing to a hugetlbfs mount point). Well,
when domain is configured to use memfd backend then that
condition can never be true. Therefore, skip creating domain's
private path under hugetlbfs mount points.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-12 12:04:55 +02:00
Peter Krempa
b48469fcdb Revert "build: Decrease maximum stack frame size to 2048"
The bhyve driver still has some frames larger than 2048 bytes, so we
need to keep the limit as is.

The CI failure was masked by the Freebsd-13 failing for unrelated
reasons.

This reverts commit 46302172d4

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2022-09-09 16:49:21 +02:00
Peter Krempa
46302172d4 build: Decrease maximum stack frame size to 2048
After recent cleanups we can now restrict the maximum stack frame size
to 2k.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:11:06 +02:00
Peter Krempa
2ecdf25929 remote: dispatch: Allocate 'virDomainDef' in ACL helpers dynamically
At time of this patch struct 'virDomainDef' has 1736 bytes. Allocate it
dynamically to keep the stack frame size in reasonable values.

This patch also fixes remoteRelayDomainQemuMonitorEventCheckACL, where
we didn't clear the stack'd variable prior to use. Fortunately for now
the code didn't look at anything else than what the code overwrote.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:11:06 +02:00
Peter Krempa
89c7ff156b util: netdev: Dynamically allocate 'struct nlattr' in virNetDevSwitchdevFeature
At time of writing DEVLINK_ATTR_MAX equals to 176, thus the stack'd size
of the pointer array is almost 1.4kiB. Allocate it dynamically.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:11:06 +02:00
Peter Krempa
9a3110862f lxc: process: Rework reading errors from the log file
Introduce 'virLXCProcessReportStartupLogError' which simplifies the
error handling on startup of the LXC process when reading of the error
log is needed.

This function has unusual return value semantics but it helps to make
the callers simpler.

This patch also removes 2 1k stack'd buffers from virLXCProcessStart.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:11:06 +02:00
Peter Krempa
68d5617c3c lxc: virLXCProcessReadLogOutput: Automatically close FD
Switch to 'VIR_AUTOCLOSE' to simplify cleanup.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:11:06 +02:00
Peter Krempa
b0c680853a qemu: monitor: Renumber QEMU_MONITOR_MIGRATE_RESUME
Now that all preceding flags were deleted we can fix the enum value.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
bc753aa6f7 qemu: migration: Remove QEMU_MONITOR_MIGRATE_BACKGROUND
'qemuMonitorJSONMigrate' is called from:
 - qemuMonitorMigrateToHost
 - qemuMonitorMigrateToSocket
   Both of the above function are called only from
   qemuMigrationSrcStart.

 - qemuMonitorMigrateToFd
   - called from:
     - qemuMigrationSrcToFile
       Both instances here pass QEMU_MONITOR_MIGRATE_BACKGROUND
       directly.
     - qemuMigrationSrcStart

qemuMigrationSrcStart is then called from qemuMigrationSrcRun and
qemuMigrationSrcResume, both of which always add QEMU_MONITOR_MIGRATE_BACKGROUND
to the flags.

Thus any caller always passes the flag so that we can remove the flag
altogether.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
d5fb23bc6e qemu: monitor: Drop support for old-style non-shared storage migration
Remove the support for enabling the 'blk' and 'inc' parameters of the
'migrate' command as there are no users any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
62b3f97aee qemu: migration: Don't attempt to fall back to old-style storage migration
QEMU supported the NBD server required for the new-style migration for a
long time already and when coupled with -blockdev the old style
migration doesn't even work, thus remove support for it.

This patch modifies the code to check that the destination returned data
for the NBD migration and returns an error if it did not and deletes the
fallback code paths which would not work.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
2980268b22 qemu: capabilities: Retire QEMU_CAPS_NBD_SERVER
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
94ff4f2f91 qemu: migration: Always assume support for QEMU_CAPS_NBD_SERVER
The NBD server (detected via 'nbd-server-start' qmp command) was added
to qemu in v1.3 and can't be compiled out.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
4e473b8618 NEWS: Mention that non-shared storage migration was broken in libvirt-8.7
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Peter Krempa
83ffeae75a qemu: migration: Fix setup of non-shared storage migration in qemuMigrationSrcBeginPhase
In commit 6111b23522 removing pre-blockdev code paths I've
improperly refactored the setup of non-shared storage migration.

Specifically the code checking that there are disks and setting up the
NBD data in the migration cookie was originally outside of the loop
checking the user provided list of specific disks to migrate, but became
part of the block as it was not un-indented when a higher level block
was being removed.

The above caused that if non-shared storage migration is requested, but
the user doesn't provide the list of disks to migrate (thus implying to
migrate every appropriate disk) the code doesn't actually setup the
migration and then later on falls back to the old-style migration which
no longer works with blockdev.

Move the check that there's anything to migrate out of the
'nmigrate_disks' block.

Fixes: 6111b23522
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2125111
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/373
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-09 16:10:47 +02:00
Göran Uddeborg
f3ca66acc0 Translated using Weblate (Swedish)
Currently translated at 44.5% (4654 of 10440 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/sv/

Co-authored-by: Göran Uddeborg <goeran@uddeborg.se>
Signed-off-by: Göran Uddeborg <goeran@uddeborg.se>
2022-09-07 16:08:52 +02:00
Peter Krempa
72cf345bc2 Revert "conf: clean up memory containing secrets before freeing"
Adding supposedly secure cleanup for secrets in anything related to the
XML parser is pointless because there are multiple other un-sanitized
copies of the full XML and the XML parser state at the very least.

Similarly in case RPC was used to transport the XML the RPC buffers are
not sanitized.

Additionally this patch was incomplete as it didn't sanitize the
password in the cleanup function for virDomainGraphicsAuthDef.

This reverts commit 51f8130d78

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 15:54:09 +02:00
Kristina Hanicova
ecc742126a qemu & conf: move BeginNestedJob & BeginJobNowait into src/conf
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:15:28 +02:00
Kristina Hanicova
4435c026b7 qemu & conf: move BeginAsyncJob & EndAsyncJob into src/conf
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:15:06 +02:00
Kristina Hanicova
421f1e749f qemu & conf: move BeginAgentJob & EndAgentJob into src/conf/virdomainjob
Although these and functions in the following two patches are for
now just being used by the qemu driver, it makes sense to have all
begin job functions in the same file.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:14:43 +02:00