According to docs/formatdomain.html.in, "The boot element can be
repeated multiple times to setup a priority list of boot devices to try
in turn." The Relax-NG schema required / allowed exactly one entry.
Signed-off-by: Philipp Hahn <hahn@univention.de>
This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).
[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
srcipaddr='10.1.2.3' srcipmask='32'
dscp='33'
srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
</rule>
[...]
I am also extending the nwfilter schema and add this attribute to a test case.
The virtio serial changes broke the test suite because they forgot
to add the new address attribute to the domain XML schema. The
xml2xml test also broke because the XML no longer roundtrips. This
is due to testing of auto-addition of <controller> elements. Split
that test case off into a separate XML file to avoid breakage
* docs/schemas/domain.rng: Allow port number for virtio serial addresses
* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Revert to
a simple config to avoid breaking xml2xml test
* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.xml,
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args: Add
complex test case for auto-controller addition for xml2argv test
* tests/qemuxml2argvtest.c: Add channel-virtio-auto test
This patch parses the following two XML descriptions, one for
802.1Qbg and one for 802.1Qbh, and stores the data internally.
The actual triggering of the switch setup protocol has not been
implemented here but the relevant code to do that should go into
the functions associatePortProfileId() and disassociatePortProfileId().
<interface type='direct'>
<source dev='eth0.100' mode='vepa'/>
<model type='virtio'/>
<virtualport type='802.1Qbg'>
<parameters managerid='12' typeid='0x123456' typeidversion='1'
instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
</virtualport>
<filterref filter='clean-traffic'/>
</interface>
<interface type='direct'>
<source dev='eth0.100' mode='vepa'/>
<model type='virtio'/>
<virtualport type='802.1Qbh'>
<parameters profileid='my_profile'/>
</virtualport>
</interface>
I'd suggest to use this patch as a base for triggering the setup
protocol with the 802.1Qb{g|h} switch.
Several rounds of changes were made to this patch. The
following is a list of these changes.
- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
as per Daniel Berrange's request
- Addressing Daniel Berrange's comments:
- removing macvtap.h's dependency on domain_conf.h by
moving the virVirtualPortProfileDef structure into macvtap.h
and not passing virtDomainNetDefPtr to any functions in
macvtap.c
- Addressed most of Chris Wright's comments:
- indicating error in case virtualport XML node cannot be parsed
properly
- parsing hex and decimal numbers using virStrToLong_ui() with
parameter '0' for base
- tgifname (target interface name) variable wasn't necessary
to pass to openMacvtapTap function anymore
- assigning the virtual port data structure to the virDomainNetDef
only if it was previously parsed
- make sure that the error code returned by openMacvtapTap() is a negative n
in case the associatePortProfileId() function failed.
- renaming vsi in the XML to virtualport
- replace all occurrences of vsi in the source as well
- removing mode and MAC address parameters from the functions that
will communicate with the hareware diretctly or indirectly
- moving the associate and disassociate functions to the end of the
file for subsequent patches to easier make them generally available
for export
- passing the macvtap interface name rather than the link device since
this otherwise gives funny side effects when using netlink messages
where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
all of a sudden gets the MAC address of the macvtap interface.
- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
we wanted to use hook scripts for the setup and so the setup doesn't fail
here.
- if instance ID UUID is not supplied it will automatically be generated
- adapted schema to make instance ID UUID optional
- added test case
- parser and XML generator have been separated into their own
functions so they can be re-used elsewhere (passthrough case
for example)
- Adapted XML parser and generator support the above shown type
(802.1Qbg, 802.1Qbh).
- Adapted schema to above XML
- Adapted test XML to above XML
- Passing through the VM's UUID which seems to be necessary for
802.1Qbh -- sorry no host UUID
- adding virtual function ID to association function, in case it's
necessary to use (for SR-IOV)
Allow for a host UUID in the capabilities XML. Local drivers
will initialize this from the SMBIOS data. If a sanity check
shows SMBIOS uuid is invalid, allow an override from the
libvirtd.conf configuration file
* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
configuration option
* docs/schemas/capability.rng: Add optional host uuid field
* src/conf/capabilities.c, src/conf/capabilities.h: Include
host UUID in XML
* src/libvirt_private.syms: Export new uuid.h functions
* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
src/uml/uml_conf.c: Set host UUID in capabilities
* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
* src/node_device/node_device_udev.c: Use the host UUID functions
* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
new host_uuid config option to test
So far the references to other filters needed to appear before filtering
rules. With the below patch they can now appear in any order.
Also I forgot to add a couple of 'rarp's.
This patch adds support for the RARP protocol. This may be needed due to
qemu sending out a RARP packet (at least that's what it seems to want to
do even though the protocol id is wrong) when migration finishes and
we'd need a rule to let the packets pass.
Unfortunately my installation of ebtables does not understand -p RARP
and also seems to otherwise depend on strings in /etc/ethertype
translated to protocol identifiers. Therefore I need to pass -p 0x8035
for RARP. To generally get rid of the dependency of that file I switch
all so far supported protocols to use their protocol identifier in the
-p parameter rather than the string.
I am also extending the schema and added a test case.
changes from v1 to v2:
- added test case into patch
With this patch I want to enable hex number inputs in the filter XML. A
number that was entered as hex is also printed as hex unless a string
representing the meaning can be found.
I am also extending the schema and adding a test case. A problem with
the DSCP value is fixed on the way as well.
Changes from V1 to V2:
- using asHex boolean in all printf type of functions to select the
output format in hex or decimal format
This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.
The clock timer XML is being updated in the following ways (based on
further off-list discussion that was missed during the initial
implementation):
1) 'wallclock' is changed to 'track', and the possible values are 'boot'
(corresponds to old 'host'), 'guest', and 'wall'.
2) 'mode' has an additional value 'smpsafe'
3) when tickpolicy='catchup', there can be an optional sub-element of
timer called 'catchup':
<catchup threshold=123 slew=120 limit=10000/>
Those three values are all longs, always optional, and if they are present,
they are positive. Internally, 0 indicates "unspecified".
* docs/schemas/domain.rng: updated RNG definition to account for changes
* src/conf/domain_conf.h: change the C struct and enums to match changes.
* src/conf/domain_conf.c: timer parse and format functions changed to
handle the new selections and new element.
* src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack*
* src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.
timers are sub-elements of clocks. A clock can have zero or more
instances of timer. Within the timer, only the name attribute is
required; all other attributes are optional.
A simpler representation of a timer element is:
<timer name='platform|pit|rtc|hpet|tsc'
wallclock='host|guest'
tickpolicy='delay|catchup|merge|discard'
frequency='123'
mode='auto|native|emulate|paravirt'
present='yes|no'/>
frequency is a ulong. All other attributes are simple enums.
* Fixes per feedback from Dan and Daniel
* Added test datafiles
* Re-disabled JSON flags
* Added code to print the error policy attribute when generating XML
* Re-add empty tag
This extends the XML to allow for
<clock offset='timezone' timezone='Europe/Paris'/>
This is useful if the admin has not configured any timezone on the
host OS, but still wants to synchronize a guest to a specific one.
* src/conf/domain_conf.h, src/conf/domain_conf.c: Support extra
'timezone' attribute on clock configuration
* docs/schemas/domain.rng: Add 'timezone' attribute
* src/xen/xend_internal.c, src/xen/xm_internal.c: Reject configs
with a configurable timezone
This introduces a third option for clock offset synchronization,
that allows an arbitrary / variable adjustment to be set. In
essence the XML contains the time delta in seconds, relative to
UTC.
<clock offset='variable' adjustment='123465'/>
The difference from 'utc' mode, is that management apps should
track adjustments and preserve them at next reboot.
* docs/schemas/domain.rng: Schema for new clock mode
* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
new clock time delta
* src/libvirt_private.syms, src/util/xml.c, src/util/xml.h: Add
virXPathLongLong() method
Add support for virtio-serial by defining a new 'virtio' channel target type
and a virtio-serial controller. Allows the following to be specified in a
domain:
<controller type='virtio-serial' index='0' ports='16' vectors='4'/>
<channel type='pty'>
<target type='virtio' name='org.linux-kvm.port.0'/>
<address type='virtio-serial' controller='0' bus='0'/>
</channel>
* docs/schemas/domain.rng: Add virtio-serial controller and virtio
channel type.
* src/conf/domain_conf.[ch]: Domain parsing/serialization for
virtio-serial controller and virtio channel.
* tests/qemuxml2xmltest.c
tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: add domain xml
parsing test
* src/libvirt_private.syms src/qemu/qemu_conf.c:
virDomainDefAddDiskControllers() renamed to
virDomainDefAddImplicitControllers()
The current schema is more permissive than the XML parsing code in
libvirt. Precisely, 'match' attribute is optional in schema while in
reality its use is bound to <model> element:
- <cpu> element without 'match' attribute is allowed only if <topology>
element is the only child element of <cpu>
- <cpu> element with 'match' attribute requires <model> element to be
present; <topology> and <feature> elements are optional
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
When attaching a USB host device based on vendor/product, libvirt
will resolve the vendor/product into a device/bus pair. This means
that when printing XML we should allow device/bus info to be printed
at any time if present
* src/conf/domain_conf.c, docs/schemas/domain.rng: Allow USB device
bus info alongside vendor/product
Allows the initiator to use a variety of IQNs rather than just the
system IQN when creating iSCSI pools.
* docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
* src/conf/storage_conf.[ch]: read and stores the iqn name
* src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
when detected
The RNG now supports IPv6 and bonds attached to bridges, along with
some other minor tweaks. All test files from netcf have been copied to
the test directory and added to the xml2xml and schema tests (and they
all pass, of course ;-)
Currently CPU topology may only be specified together with CPU model:
<cpu match='exact'>
<model>name</model>
<topology sockets='1' cores='2' threads='3'/>
</cpu>
This patch allows for CPU topology specification without the need for
also specifying CPU model:
<cpu>
<topology sockets='1' cores='2' threads='3'/>
</cpu>
'match' attribute and 'model' element are made optional with the
restriction that 'match' attribute has to be set when 'model' is
present.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Although the serial, parallel, chanel, input & fs devices do
not have PCI address info, they can all have device aliases.
Thus it neccessary to associate the virDomainDeviceInfo data
with them all.
* src/conf/domain_conf.c, src/conf/domain_conf.h: Add hooks for
parsing / formatting device info for serial, parallel, channel
input and fs devices.
* docs/schemas/domain.rng: Associate device info with character
devices, input & fs device
This augments virDomainDevice with a <controller> element
that is used to represent disk controllers (e.g., scsi
controllers). The XML format is given by
<controller type="scsi" index="<num>">
<address type="pci" domain="0xNUM" bus="0xNUM" slot="0xNUM"/>
</controller>
where type denotes the disk interface (scsi, ide,...), index
is an integer that identifies the controller for association
with disks, and the <address> element specifies the controller
address on the PCI bus as described in previous commits
The address element can be omitted; in this case, an address
will be assigned automatically.
Most of the code in this patch is from Wolfgang Mauerer's
previous disk controller series
* docs/schemas/domain.rng: Define syntax for <controller>
XML element
* src/conf/domain_conf.c, src/conf/domain_conf.h: Define
virDomainControllerDef struct, and routines for parsing
and formatting XML
* src/libvirt_private.syms: Add virDomainControllerInsert
and virDomainControllerDefFree
Add the virDomainDeviceAddress information to the sound, video
and watchdog devices. This means all of them gain the new XML
element
<address .... />
This brings them upto par with disk/net/hostdev devices which
already have address info
* src/conf/domain_conf.h: Add virDomainDeviceAddress to sound,
video & watchdog device struts.
* src/conf/domain_conf.c: Hook up parsing/formatting for
virDomainDeviceAddress in sound, video & watchdog devices
* docs/schemas/domain.rng: Associate device address info
with sound, video & watchdog
Introduce a new structure
struct _virDomainDeviceDriveAddress {
unsigned int controller;
unsigned int bus;
unsigned int unit;
};
and plug that into virDomainDeviceAddress and generates XML that
looks like
<address type='drive' controller='1' bus='0' unit='5'/>
This syntax will be used by the QEMU driver to explicitly control
how drives are attached to the bus
* src/conf/domain_conf.h, src/conf/domain_conf.c: Parsing and
formatting of drive addresses
* docs/schemas/domain.rng: Define new address format for drives
All guest devices now use a common device address structure
summarized by:
enum virDomainDeviceAddressType {
VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE,
VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI,
};
struct _virDomainDevicePCIAddress {
unsigned int domain;
unsigned int bus;
unsigned int slot;
unsigned int function;
};
struct _virDomainDeviceInfo {
int type;
union {
virDomainDevicePCIAddress pci;
} addr;
};
This replaces the anonymous structs in Disk/Net/Hostdev data
structures. Where available, the address is *always* printed
in the XML file, instead of being hidden in the internal state
file.
<address type='pci' domain='0x0000' bus='0x1e' slot='0x07' function='0x0'/>
The structure definition is based on Wolfgang Mauerer's disk
controller patch series.
* docs/schemas/domain.rng: Define the <address> syntax and
associate it with disk/net/hostdev devices
* src/conf/domain_conf.h, src/conf/domain_conf.c,
src/libvirt_private.syms: APIs for parsing/formatting address
information. Also remove the QEMU specific 'pci_addr' attributes
* src/qemu/qemu_driver.c: Replace use of 'pci_addr' attrs with
new standardized format.
XML schema for CPU flags
Firstly, CPU topology and model with optional features have to be
advertised in host capabilities:
<host>
<cpu>
<arch>ARCHITECTURE</arch>
<features>
<!-- old-style features are here -->
</features>
<model>NAME</model>
<topology sockets="S" cores="C" threads="T"/>
<feature name="NAME"/>
</cpu>
...
</host>
Secondly, drivers which support detailed CPU specification have to
advertise
it in guest capabilities:
<guest>
...
<features>
<cpuselection/>
</features>
</guest>
And finally, CPU may be configured in domain XML configuration:
<domain>
...
<cpu match="MATCH">
<model>NAME</model>
<topology sockets="S" cores="C" threads="T"/>
<feature policy="POLICY" name="NAME"/>
</cpu>
</domain>
Where MATCH can be one of:
- 'minimum' specified CPU is the minimum requested CPU
- 'exact' disable all additional features provided by host CPU
- 'strict' fail if host CPU doesn't exactly match
POLICY can be one of:
- 'force' turn on the feature, even if host doesn't have it
- 'require' fail if host doesn't have the feature
- 'optional' match host
- 'disable' turn off the feature, even if host has it
- 'forbid' fail if host has the feature
'force' and 'disable' policies turn on/off the feature regardless of its
availability on host. 'force' is unlikely to be used but its there for
completeness since Xen and VMWare allow it.
'require' and 'forbid' policies prevent a guest from being started on a host
which doesn't/does have the feature. 'forbid' is for cases where you disable
the feature but a guest may still try to access it anyway and you don't want
it to succeed.
'optional' policy sets the feature according to its availability on host.
When a guest is booted on a host that has the feature and then migrated to
another host, the policy changes to 'require' as we can't take the feature
away from a running guest.
Default policy for features provided by host CPU but not specified in domain
configuration is set using match attribute of cpu tag. If 'minimum' match is
requested, additional features will be treated as if they were specified
with 'optional' policy. 'exact' match implies 'disable' policy and 'strict'
match stands for 'forbid' policy.
* docs/schemas/capability.rng docs/schemas/domain.rng: extend the
RelaxNG schemas to add CPU flags support
Introduce a new type="dir" mode for <disks> that allows use of
QEMU's virtual FAT block device driver. eg
<disk type='dir' device='floppy'>
<source dir='/tmp/test'/>
<target dev='fda' bus='fdc'/>
<readonly/>
</disk>
gets turned into
-drive file=fat:floppy:/tmp/test,if=floppy,index=0
Only read-only disks are supported with virtual FAT mode
* src/conf/domain_conf.c, src/conf/domain_conf.h: Add type="dir"
* docs/schemas/domain.rng: Document new disk type
* src/xen/xend_internal.c, src/xen/xm_internal.c: Raise error for
unsupported disk types
* tests/qemuxml2argvdata/qemuxml2argv-disk-cdrom-empty.args: Fix
empty disk file handling
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.args,
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.xml,
tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.args,
tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.xml
tests/qemuxml2argvtest.c: Test QEMU vitual FAT driver
* src/qemu/qemu_conf.c: Support generating fat:/some/dir type
disk args
* src/security/security_selinux.c: Temporarily skip labelling
of directory based disks
For backward compatibility we used to add the tty path as
a tty attribute on console of type pty, duplicating the value
now found in source/@path, but the Relax-NG grammar wasn't
extended for this
<console type='pty' tty='/dev/pts/8'>
<source path='/dev/pts/8'/>
<target port='0'/>
</console>
* docs/schemas/domain.rng: allow an optional tty attribute
containing a devicePath
allows the following to be specified in a domain:
<channel type='pipe'>
<source path='/tmp/guestfwd'/>
<target type='guestfwd' address='10.0.2.1' port='4600'/>
</channel>
* proxy/Makefile.am: add network.c as dep of domain_conf.c
* docs/schemas/domain.rng src/conf/domain_conf.[ch]: extend the domain
schemas and the parsing/serialization side for the new construct
QEmu support will add the following on the qemu command line:
-chardev pipe,id=channel0,path=/tmp/guestfwd
-net user,guestfwd=tcp:10.0.2.1:4600-chardev:channel0
* src/qemu/qemu_conf.c: Add argument output for channel
* tests/qemuxml2(argv|xml)test.c: Add test for <channel> domain syntax
This patch adds an optional attribute to the <bootp> tag, that
allows to specify a TFTP server address other than the address of
the DHCP server itself.
This can be used to forward the BOOTP settings of the host down to the
guest. This is something that configurations such as Xen's default
network achieve naturally, but must be done manually for NAT.
* docs/formatnetwork.html.in: Document new attribute.
* docs/schemas/network.rng: Add it to schema.
* src/conf/network_conf.h: Add it to struct.
* src/conf/network_conf.c: Add it to parser and pretty printer.
* src/network/bridge_driver.c: Put it in the dnsmasq command line.
* tests/networkxml2xmlin/netboot-proxy-network.xml
tests/networkxml2xmlout/netboot-proxy-network.xml
tests/networkxml2xmltest.c: add new tests
* src/conf/storage_conf.c src/conf/storage_conf.h: extend the enums
and values
* docs/schemas/storagepool.rng: add to the list of storage pool type
formats