Commit Graph

4496 Commits

Author SHA1 Message Date
Peter Krempa
474d625b86 docs|access: Don't build the ACL flags into a separate XML
Since we now build it into the libvirt-api.xml or equivalents we don't
need the extra XML files.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
15be6660b3 docs/newapi.xsl: Take API flag data from libvirt-api.xml rather than access/libvirt-access.xml
Since now we embed the data in the libvirt API we don't need to source
it from the extra document.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
69615c91c8 scripts/apibuild: Extract and format API ACLs
As an additional step before processing the API parse the protocol file
and extract all ACL definitions. This way we can distribute them for any
user of the libvirt API XML files. We will be also able to avoid another
call to gendispatch, which generates all this data into a standalone
XML.

The remote procedure to API name is inspired by what rpcgen does.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Michal Privoznik
928e741172 src: Document virDomainInterfaceStats() limitation
For unmanaged ethernet <interface/>, it is user's responsibility
to set up the interface. And as such it can be just anything.
Therefore, it's (almost) impossible for the
virDomainInterfaceStats() API to tell whether RX/TX values need
to be swapped or copied verbatim into the return structure.
Document this limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-06 12:20:35 +01:00
Andrea Bolognani
a50fb7dada docs: Document firmware format attribute
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:52:37 +01:00
Andrea Bolognani
f3d0857f2e docs: Fix documentation for loader.stateless attribute
It works exactly the other way around.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:40:09 +01:00
Peter Krempa
590a6c1b78 kbase: virtiofs: Add a note that virtiofs is not migratable
Note that certain operations will not work.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/452
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-01 11:57:37 +01:00
Daniel P. Berrangé
9541ce080a docs/kbase: fix example for SEV validation
The offline validation example needs to include the firmware path,
and is also missing line continuation markers.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:49 +00:00
Daniel P. Berrangé
4d3b2d77d0 docs: refer to --firmware instead of --loader
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Kristina Hanicova
c98e49f82e docs: document panic device 'pvpanic-pci'
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:30 +01:00
Martin Kletzander
a834735898 docs: Convert 404 page to rST
There is no markup equivalent for any of the <s/> or <del/> HTML tags, so this
is the only thing I came up with and it looks like it works.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 10:58:59 +01:00
Andrea Bolognani
5af19e530e docs: Recommend better python3 shebang
Python scripts should always invoked the interpreter through
env(1) to ensure that they work on macOS and the BSDs, and at
this point not explicitly asking for Python 3 doesn't really
make sense.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-02-20 18:33:01 +01:00
Peter Krempa
91d890bdce docs/html: Properly generate ACL permissions into API reference
The 'newapi.xsl' stylesheet was referencing non-existing paths to the
XML files holding ACL permission flags for individual APIs. Additionally
the 'document()' XSL function doesn't even allow concatenation of the
path as it was done via '{$builddir}/src..', but requires either direct
argument or use of the 'concat()' function.

This meant that the 'acls' variable was always empty and thus none of
our API documentation was actually generated with the 'acl' section.

Fix it by passing the path to the XML via an argument to the stylesheet
as the files differ based on which document is being generated.

Since the 'admin' API does not have ACL we need to handle it separately
now in the build system.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:53 +01:00
Peter Krempa
ecca805336 docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
0e3970bf9b docs: logos: Turn 'README' into rST, generate an index and link to images
The logo directory wasn't really referenced from anywhere. Additionally
there wasn't any reasonable index for all the image files which we have.

Turn the README file into rST and display the images it references. Link
to the new index file from the docs page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
e886274234 kbase: eventloop: Fix path to referenced images
The images are referenced from '../images/' but the document is two
layers deep thus '../../images' needs to be used

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
5f3a897b93 docs: Add sub-page for all golang modules
Our documentation has pages for 4 go modules, 2 current and 2 obsolete
ones, but points only to one of them and directly to golang's docs page.

Add a sub-page where all 4 sub-pages for the modules are linked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
f3e44016fa docs: manpages: Add missing manpages to index
The manpages for 'virt-pki-query-dn', 'virt-qemu-qmp-proxy' and
'virt-ssh-helper.rst' were not referenced from the manpage index or any
other place.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
70211d7368 scripts: check-html-references: Rename --prefix to --webroot and make it mandatory
Force users to pass the path to the root of the webpage the script
should check. The script lives in a different subdirectory so the
default of the current directory doesn't make much sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
65edcfd68f docs: XSL: Add source document name as custom data attribute for <html>
The html standard allows custom data attributes on any element in the
format of 'data-*' which are not interpreted. We can use it to embed the
name of the source document used to generate the page so that our
checker tools can use the friendly name.

https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Jim Fehlig
8eb54255ec docs: Fix examples in virt-qemu-sev-validate man page
Some of the examples refer to virt-dom-sev-validate. Replace them with
the proper name.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-03 11:28:27 -07:00
Martin Kletzander
2fa92efe9b Document change to multiple watchdogs
With the reasoning behind it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-26 16:40:30 +01:00
zhenwei pi
71fa94302a capabilities: introduce crypto device
Changes in this commit:
- docs: formatdomaincaps.rst
- conf: crypto related domain caps
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:47 +01:00
zhenwei pi
7ba22d21a1 conf: introduce crypto device
Introduce crypto device like:

  <crypto model='virtio' type='qemu'>
    <backend model='builtin' queues='1'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
  </crypto>

  <crypto model='virtio' type='qemu'>
    <backend model='lkcf'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
  </crypto>

Currently, crypto model supports virtio only, type supports qemu only
(vhost-user in the plan). For the qemu type, backend supports modle
builtin/lkcf, and the queues is optional.

Changes in this commit:
- docs: formatdomain.rst
- schemas: domaincommon.rng
- conf: crypto related domain conf
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:42 +01:00
Michal Privoznik
aad22bea70 vbox: Drop support for virtualbox-6.0.0
According to VirtualBox download page [1], the 6.0.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:07 +01:00
Michal Privoznik
445549af07 vbox: Drop support for virtualbox-5.2.0
According to VirtualBox download page [1], the 5.2.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:05 +01:00
Laine Stump
7b5777afcb docs: fix passt example
Somehow the example I neglected to fully update the example for the
interface passt backend when the design changed during
development. This fixes the example to reflect what is in the code.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-23 11:43:32 -05:00
Ján Tomko
57b0678590 docs: submitting-patches: remove note about --patience
Since we don't really say how to send patches using this diff algorithm,
it only clutters the document about *submitting* patches.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:42 +01:00
Ján Tomko
0f4790840d docs: submitting-patches: Remove emphasis on not cc'ing developers
While some developers prefer to receive patches only on the mailing
list, cc'ing is a common practice in other projects.

Since it's easy enough to set up a mail filter for this, remove
the paragraph for simplicity.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:41 +01:00
Jim Fehlig
1f7d167b48 kbase: Update rpm-deployment.rst with new subpackages
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Jim Fehlig
33772e1fcc spec: Rename the libvirt-lock-sanlock subpackage
The new name "libvirt-daemon-plugin-sanlock" provides consistency with the
newly introduced "libvirt-daemon-plugin-lockd" subpackage.

It's also a good opportunity to taking ownership of
%{_libdir}/libvirt/lock-driver/, removing the need for a dependency on the
libvirt-daemon package.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 11:06:13 -07:00
Andrea Bolognani
35c5f091f5 docs: Fix typo
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2023-01-17 16:49:44 +01:00
Pavel Hrdina
ead6e1b002 docs: document correct cpu shares limits with both cgroups v1 and v2
The limits are different with cgroups v1 and v2 but our XML
documentation and virsh manpage mentioned only cgroups v1 limits without
explicitly saying it only applies to cgroups v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:58:07 +01:00
Laine Stump
3592b81c4c conf: remove <backend upstream='xxx'/> attribute
This attribute was added to support setting the --interface option for
passt, but in a post-push/pre-9.0-release review, danpb pointed out
that it would be better to use the existing <source dev='xxx'/>
attribute to set --interface rather than creating a new attribute (in
the wrong place). So we remove backend/upstream, and change the passt
commandline creation to grab the name for --interface from source/dev.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Han Han
f41d1a2e75 docs: drvqemu: Fix a typo
Fixes: a677ea928a
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-12 11:40:21 +01:00
Laine Stump
a8ee7ae301 conf: parse/format passt-related XML additions
This implements XML config to represent a subset of the features
supported by 'passt' (https://passt.top), which is an alternative
backend for emulated network devices that requires no elevated
privileges (similar to slirp, but "better").

Along with setting the backend to use passt (via <backend
type='passt'/> when the interface type='user'), we also support
passt's --log-file and --interface options (via the <backend>
subelement logFile and upstream attributes) and its --tcp-ports and
--udp-ports options (which selectively forward incoming connections to
the host on to the guest) via the new <portForward> subelement of
<interface>. Here is an example of the config for a network interface
that uses passt to connect:

    <interface type='user'>
      <mac address='52:54:00:a8:33:fc'/>
      <ip address='192.168.221.122' family='ipv4'/>
      <model type='virtio'/>
      <backend type='passt' logFile='/tmp/xyzzy.log' upstream='eth0'/>
      <portForward address='10.0.0.1' proto='tcp' dev='eth0'>
        <range start='2022' to='22'/>
        <range start='5000' end='5099' to='1000'/>
        <range start='5010' end='5029' exclude='yes'/>
      </portForward>
      <portForward proto='udp'>
        <range start='10101'/>
      </portForward>
    </interface>

In this case:

* the guest will be offered address 192.168.221.122 for its interface
  via DHCP

* the passt process will write all log messages to /tmp/xyzzy.log

* routes to the outside for the guest will be derived from the
  addresses and routes associated with the host interface "eth0".

* incoming tcp port 2022 to the host will be forwarded to port 22
  on the guest.

* incoming tcp ports 5000-5099 (with the exception of ports 5010-5029)
  to the host will be forwarded to port 1000-1099 on the guest.

* incoming udp packets on port 10101 will be forwarded (unchanged) to
  the guest.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-09 14:24:27 -05:00
Peter Krempa
98bd201678 conf: Add 'fdgroup' attribute for 'file' disks
The 'fdgroup' will allow users to specify a passed FD (via the
'virDomainFDAssociate()' API) to be used instead of opening a path.
This is useful in cases when e.g. the file is not accessible from inside
a container.

Since this uses the same disk type as when we open files via names this
patch also introduces a hypervisor feature which the hypervisor asserts
that code paths are ready for this possibility.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-09 14:59:42 +01:00
Peter Krempa
3ea4170551 virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-09 14:59:42 +01:00
Michal Privoznik
10f4784864 qemu_capabilities: Query for Hyper-V Enlightenments
Now that we have qemuMonitorGetCPUModelExpansion() aware of
Hyper-V Enlightenments, we can start querying it. Two conditions
need to be met:

  1) KVM is in use,
  2) Arch is either x86 or arm.

It may look like modifying the first call to
qemuMonitorGetCPUModelExpansion() inside of
virQEMUCapsProbeQMPHostCPU() would be sufficient but it is not.
We really need to ask QEMU for full expansion and the first call
does not guarantee that.

For the test data, I've just copied whatever
'query-cpu-model-expansion' returned earlier, therefore there are
no hv-* props. But that's okay - the full expansion is not stored
in cache (and thus not formatted in
tests/qemucapabilitiesdata/caps_*.replies files either). This is
purely runtime thing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:36 +01:00
Michal Privoznik
7c1ecfd512 domain_capabilities: Expose Hyper-V Enlightenments
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:20 +01:00
Michal Privoznik
a677ea928a docs: Recommend static seclabels for migration on shared storage
There are some network FSs (ceph, CIFS) that propagate XATTRs
properly and thus SELinux labels too. In such case using dynamic
seclabels would get in the way of migration as new seclabel is
assigned to the domain on the destination and thus two processes
with different labels (the source and the destination QEMU/helper
process) would try to access the same file. One of them is
necessarily going to be denied access.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Andrea Bolognani
b271d6f3b0 kbase: Reorder deployments
List the various options so that the most likely ones come
first.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:51 +01:00
Andrea Bolognani
db7fdf6de8 kbase: Reorder sections
Users are likely more interested in the main deployment
scenarios than in the detailed list of every existing RPM
package. Reorder sections accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:47 +01:00
Daniel P. Berrangé
aeba13f24d docs: replace footer link to the bird site with mastodon
Since the takeover of the bird site, the bulk of tech people who want
a more friendly and inclusive media site have jumped over to Mastodon.
With its decentralized nature, there's no one replacement that captures
everything, but the fosstodon.org site is a topic relevant choice.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-15 11:04:30 +00:00
Michal Privoznik
6a58b9b5ed formatcaps: Update capabilities example
In the formatcaps.rst we give an example output of capabilities.
Well, there are couple of issues with it:

1) We show <features/> nested under /capabilities/host/cpu.
   There's no such element and never was.

2) The ordering of elements is corrupted.

3) There is plenty of elements missing.

Fix these by showing an actual output of 'virsh capabilities' as
obtained on my machine.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-12 17:08:07 +01:00
Nobuhiro MIKI
e48677e29f docs: Add missing elements to formatcaps.rst
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-12 10:41:03 +01:00
Andrea Bolognani
a417571628 docs: Fix typo in virt-qemu-sev-validate(1)
Spotted by Lintian (typo-in-manual-page tag).

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-08 17:24:17 +01:00
Peter Krempa
317cfb011b docs: drvqemu: Remove inaccuate limitations statement
We don't refuse override definitions for device which doesn't exist and
the same way don't care about 'remove' being used on a property which is
not actually formatted by libvirt. Drop the paragraph claiming the
contrary.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00
Peter Krempa
f28232d1a4 docs: drvqemu: Give example how to query device properties for overriding
Add an example of invoking qemu with '-device TYPE,?' to query
properties of a given type.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00
Peter Krempa
9228ebbf98 docs: drvqemu: Fix and improve docs about device override types
The 'number' override type didn't exist in the final version so change
it to the corresponding 'signed' and 'unsigned'.

Additionally clarify which override type is used for a corresponding
qemu type and also that we use base 10 numbers so users will need to
convert the numbers if needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00