Commit Graph

3026 Commits

Author SHA1 Message Date
Michal Privoznik
2c13a2a7c9 virt-host-validate: Detect SMMU support on ARMs
In vir-host-validate we do two checks related to IOMMU:

  1) hardware support, and
  2) kernel support.

While users are usually interested in the latter, the former also
makes sense. And for the former (hardware support) we have this
huge if-else block for nearly every architecture, except ARM.

Now, IOMMU is called SMMU in ARM world, and while there's
certainly a definitive way of detecting SMMU support (e.g. via
dumping some registers in asm), we can work around this - just
like we do for Intel and AMD - and check for an ACPI table
presence.

In ARM world, there's I/O Remapping Table (IORT) which describes
SMMU capabilities on given host and is exposed in sysfs
(regardless of arm_smmu module).

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2178885
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-24 14:44:38 +01:00
Jiri Denemark
b1b037fa5b Introduce VIR_DOMAIN_PAUSED_API_ERROR
Some APIs (migration, save/restore, snapshot, ...) require a domain to
be suspended temporarily. In case resuming the domain fails, the domain
will be unexpectedly left paused when the API finishes. This situation
is reported via VIR_DOMAIN_EVENT_SUSPENDED event with
VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR detail. But we do not have a
corresponding reason for VIR_DOMAIN_PAUSED state and the reason would
remain set to the value used when the domain was paused. So the state
reason would suggest the operation is still running.

This patch changes the state reason to a new VIR_DOMAIN_PAUSED_API_ERROR
to make it clear the API that paused the domain already finished, but
failed to resume the domain.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-15 10:52:14 +01:00
Michal Privoznik
7db8373e08 Use G_N_ELEMENTS() more
In a few places we still use the good old:

  sizeof(var) / sizeof(var[0])
  sizeof(var) / sizeof(int)

The G_N_ELEMENTS() macro is preferred though. In a few places we
don't link with glib, so provide the macro definition.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-03-13 13:29:07 +01:00
Jim Fehlig
0f350a4d07 tools: Fix detection of remote libvirt access in virt-qemu-sev-validate
The VM's firmware path is not extracted from the XML when invoking
virt-qemu-sev-validate in insecure mode and connecting to the local libvirt

virt-qemu-sev-validate --insecure --tk tek-tik.bin --domain test-sev-es
ERROR: Cannot access firmware path remotely

The test for remote access compares the return value from socket.gethostname()
to the return value from conn.getHostname(). The former doesn't always return
the fqdn, whereas the latter does. Use socket.getfqdn() instead.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-03 11:28:56 -07:00
Ján Tomko
9e79904b1a tools: use g_autofree more
Remove some obvious uses of VIR_FREE in favor of automatic cleanup.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-02-02 16:18:08 +01:00
Michal Privoznik
6f3f6c0f76 virsh: Make domif-setlink work more than once
In virsh, we have this convenient domif-setlink command, which is
just a wrapper over virDomainUpdateDeviceFlags() and which allows
setting link state of given guest NIC. It does so by fetching
corresponding <interface/> XML snippet and either putting <link
state=''/> into it, OR if the element already exists setting the
attribute to desired value. The XML is then fed into the update
API.

There's, however, a small bug in detecting the pre-existence of
the element and its attribute. The code looks at "link"
attribute, while in fact, the attribute is called "state".

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/426
Fixes: e575bf082e
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-30 12:06:41 +01:00
Peter Krempa
3ea4170551 virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-09 14:59:42 +01:00
Pavel Hrdina
a1cbaee5c8 libvirt: introduce VIR_DOMAIN_JOB_OPERATION_SNAPSHOT_DELETE
This will be used by snapshot delete async domain job.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-09 13:32:35 +01:00
Andrea Bolognani
6c4f5af9a0 tools: Fix style issues in virt-qemu-sev-validate
The script had an incorrect interpreter line until commit
f6a19d7264, so the flake8 check would not realize it needed
to pick it up and these issues, some of which were present it
the very first version that was committed, were not being
reported.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-08 18:09:29 +01:00
Andrea Bolognani
f6a19d7264 tools: Fix interpreter for virt-qemu-sev-validate
Go through env(1) instead of hardcoding the path to the Python
interpreter, as we already do for all other Python scripts.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-08 17:24:21 +01:00
Michal Privoznik
e771e32f15 tools: Fix install_mode for some scripts
Scripts from the following list were installed with group write
bit set: virt-xml-validate, virt-pki-validate,
virt-sanlock-cleanup, libvirt-guests.sh. This is very unusual and
in contrast with the way other scripts/binaries are installed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151202
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-12-08 09:26:56 +01:00
Haruka Ohata
4b29d5c4f5 virsh: Add message to terminal when running snapshot-revert
When running virsh snapshot-* command, such as snapshot-create-as /
snapshot-delete, it prints a result message.
On the other hand virsh snapshot-revert command doesn't print a result
message.

So, This patch fixes to add message when running virsh snapshot-revert
command.

    # virsh snapshot-create-as vm1 test1
    Domain snapshot test01 created
    # virsh snapshot-revert vm1 test1

    # virsh snapshot-delete vm1 test1
    Domain snapshot test01 deleted

Signed-off-by: Haruka Ohata <ohata.haruka@fujitsu.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-12-07 14:33:28 +01:00
Peter Krempa
22766a1a53 virshFindDisk: Sanitize use of 'tmp' variable
The return value of virXMLPropString was assigned into 'tmp' multiple
times and to prevent static analyzers moaning about a potential leak a
short-circuited if logic or was used.

Replace the code by having a helper variable for each possibility and
also replace the for-loop to iterate elements.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
a5911fd808 virshFindDisk: Sanitize removable media check
The XPath lookup guarantees that the top level element is always 'disk'
so there's no need to check that it actually is. We can also remove the
two unnecessary temporary variables.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
da31579d0b virshFindDisk: Use virXPathNodeSet instead of xmlXPathEval
Don't open-code the XPath lookup.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
3dd4971e29 virsh: cmdChangeMedia: Refactor cleanup
Use automatic pointer freeing for the 'disk_node' variable and remove
the 'cleanup' label and 'ret' variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
be9560070b virsh: cmdDetachDisk: Refactor cleanup
Use automatic pointer freeing for the 'disk_node' variable and remove
the 'cleanup' label and 'functionReturn' variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
e9b7f06140 virsh: virshMakeCloneXML: Use virXPathNode instead of xmlXPathEval
Refactor the code to use the XPath helpers instead of open-coding them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
5f3d21abf8 virsh: Add --print-xml flag for 'vol-clone' command
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
3584f78d4b virsh: Refactor cleanup in 'cmdVolClone'
Automatically free 'newxml' and remove the 'cleanup' label and 'ret'
variable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
e575bf082e virsh: cmdDomIfSetLink: Use virXPathNodeSet instead of xmlXpathEval
Refactor the XPath lookup to use the internal helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
0974c3ab6e virsh: Add --print-xml option for 'domif-setlink'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
4f7ecbd684 virshDomainDetachInterface: Use virXPathNodeSet instead of xmlXpathEval
Refactor the XPath lookup to use the internal helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:24 +01:00
Peter Krempa
601a127573 virsh: Add --print-xml option for 'detach-interface'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:24 +01:00
Peter Krempa
0022376b20 virsh: vol-create-as: Use 'unsigned int' for flags
The API itself uses 'unsigned int' so use the same type for the local
variable in virsh.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:18:37 +01:00
Michal Privoznik
3b2630a96a virsh: Report iSCSI-direct backend in long version
We already report whether iSCSI backend was enabled at compile
time, but we don't do the same with iSCSI-direct backend.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-24 15:23:47 +01:00
Michal Privoznik
5eae544022 virsh: Format -V output properly
When displaying long version (virsh -V), the 'Virtuozzo Storage'
substring lacks leading space and thus produces awful output.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-24 15:23:39 +01:00
Jiang Jiacheng
4b90adf65a lib: Use the same style in the 'struct option'
Use same style in the 'struct option' as:
    struct option opt[] = {
        { a, b },
        { a, b },
        ...
        { a, b },
    };

Signed-off-by: Jiang Jiacheng <jiangjiacheng@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-11-22 10:15:11 +01:00
Daniel P. Berrangé
b348f37445 tools: support generating SEV secret injection tables
It is possible to build OVMF for SEV with an embedded Grub that can
fetch LUKS disk secrets. This adds support for injecting secrets in
the required format.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
273c408899 tools: load CPU count and CPU SKU from libvirt
When validating a SEV-ES guest, we need to know the CPU count and VMSA
state. We can get the CPU count directly from libvirt's guest info. The
VMSA state can be constructed automatically if we query the CPU SKU from
host capabilities XML. Neither of these is secure, however, so this
behaviour is restricted.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
676df5b358 tools: support automatically constructing SEV-ES vCPU state
The VMSA files contain the expected CPU register state for the VM. Their
content varies based on a few pieces of the stack

  - AMD CPU architectural initial state
  - KVM hypervisor VM CPU initialization
  - QEMU userspace VM CPU initialization
  - AMD CPU SKU (family/model/stepping)

The first three pieces of information we can obtain through code
inspection. The last piece of information we can take on the command
line. This allows a user to validate a SEV-ES guest merely by providing
the CPU SKU information, using --cpu-family, --cpu-model,
--cpu-stepping. This avoids the need to obtain or construct VMSA files
directly.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
3e7b7da9e0 tools: support validating SEV-ES initial vCPU state measurements
With the SEV-ES policy the VMSA state of each vCPU must be included in
the measured data. The VMSA state can be generated using the 'sevctl'
tool, by telling it a QEMU VMSA is required, and passing the hypevisor's
CPU SKU (family, model, stepping).

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
7d55c815c6 tools: load direct kernel config from libvirt
When connected to libvirt we can validate that the guest configuration
has the kernel hashes property enabled, otherwise including the kernel
GUID table in our expected measurements is not likely to match the
actual measurement.

When running locally we can also automatically detect the kernel/initrd
paths, along with the cmdline string from the XML.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0b9e70b141 tools: support validating SEV direct kernel boot measurements
When doing direct kernel boot we need to include the kernel, initrd and
cmdline in the measurement.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0e911045ae tools: load guest config from libvirt
Accept information about a connection to libvirt and a guest on the
command line. Talk to libvirt to obtain the running guest state and
automatically detect as much configuration as possible.

It will refuse to use a libvirt connection that is thought to be local
to the current machine, as running this tool on the hypervisor itself is
not considered secure. This can be overridden using the --insecure flag.

When querying the guest, it will also analyse the XML configuration in
an attempt to detect any options that are liable to be mistakes. For
example the NVRAM being measured should not have a persistent varstore.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
ececdbdfc0 tools: support validating SEV firmware boot measurements
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.

This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.

The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Peter Krempa
db5f05dd22 storage: Add VIR_STORAGE_VOL_CREATE_VALIDATE flag
Allow users to request validation of the storage volume XML. Add new
flag and virsh support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
d8791c3c7c nodedev: Add VIR_NODE_DEVICE_(CREATE|DEFINE)_XML_VALIDATE flags
The node device APIs which get XML from the user don't yet support XML
validation flags. Introduce virNodeDeviceCreateXMLFlags and
virNodeDeviceDefineXMLFlags with the appropriate flags and add virsh
support for the new flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
c43718ef67 Document caveats of 'VIR_DOMAIN_STATS_VM' group of statistics
The original patches adding the functionality neglected to add any form
of documentation for the stats fields returned for this group.

The stats are directly converted from qemu's 'query-stats(-schema)' QMP
command without any further interpretation. The 'query-stats-schema' has
the following disclaimer:

 Note: runtime-collected statistics and their names fall outside QEMU's usual
       deprecation policies.  QEMU will try to keep the set of available data
       stable, together with their names, but will not guarantee stability
       at all costs; the same is true of providers that source statistics
       externally, e.g. from Linux.  For example, if the same value is being
       tracked with different names on different architectures or by different
       providers, one of them might be renamed.  A statistic might go away if
       an algorithm is changed or some code is removed; changing a default
       might cause previously useful statistics to always report 0.  Such
       changes, however, are expected to be rare.

Since libvirt is not doing any form of conversion of the stats we can't
meaningfully document any of the returned fields. At the same time we
can't even meaningfully provide any form of API stability for the field
names.

Modify the documentation for the 'VIR_DOMAIN_STATS_VM' group both in the
API docs and in the virsh man page to reflect that and disclaim any form
of stability guarantees we provide normally.

Fixes: 8c9e3dae14
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-01 11:56:00 +01:00
Amneesh Singh
8c9e3dae14 qemu_driver: add new stats worker qemuDomainGetStatsVm
This patch adds a new worker qemuDomainGetStatsVm which reports the
stats returned by "query-stats" via qemuMonitorQueryStats for the VM
target.

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2022-10-19 15:58:29 +02:00
Michal Privoznik
3395c35f2f meson: Replace meson.source_root() with meson.project_source_root()
The source_root() method is deprecated in 0.56.0 and we're
recommended to use project_source_root() instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 15:06:09 +02:00
Jiri Denemark
ce8d025be8 virsh: Add completer for hypervisor-cpu-baseline --model
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 14:31:43 +02:00
Jiri Denemark
268a2708c4 virsh: Add --model option for hypervisor-cpu-baseline
This option can be used as a shortcut for creating a single XML with
just a CPU model name and no features:

    $ virsh hypervisor-cpu-baseline --model Skylake-Server
    <cpu mode='custom' match='exact'>
      <model fallback='forbid'>Skylake-Server</model>
      <feature policy='disable' name='avx512f'/>
      <feature policy='disable' name='avx512dq'/>
      <feature policy='disable' name='clwb'/>
      <feature policy='disable' name='avx512cd'/>
      <feature policy='disable' name='avx512bw'/>
      <feature policy='disable' name='avx512vl'/>
      <feature policy='disable' name='pku'/>
    </cpu>

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 14:31:43 +02:00
Daniel P. Berrangé
83c6d80abc tools: add virt-qemu-qmp-proxy for proxying QMP via libvirt QEMU guests
Libvirt provides QMP passthrough APIs for the QEMU driver and these are
exposed in virsh. It is not especially pleasant, however, using the raw
QMP JSON syntax. QEMU has a tool 'qmp-shell' which can speak QMP and
exposes a human friendly interactive shell. It is not possible to use
this with libvirt managed guest, however, since only one client can
attach to the QMP socket at any point in time. While it would be
possible to configure a second QMP socket for a VM, it may not be
an known requirement at the time the guest is provisioned.

The virt-qmp-proxy tool aims to solve this problem. It opens a UNIX
socket and listens for incoming client connections, speaking QMP on
the connected socket. It will forward any QMP commands received onto
the running libvirt QEMU guest, and forward any replies back to the
QMP client. It will also forward back events.

  $ virsh start demo
  $ virt-qmp-proxy demo demo.qmp &
  $ qmp-shell demo.qmp
  Welcome to the QMP low-level shell!
  Connected to QEMU 6.2.0

  (QEMU) query-kvm
  {
      "return": {
          "enabled": true,
          "present": true
      }
  }

Note this tool of course has the same risks as the raw libvirt
QMP passthrough. It is safe to run query commands to fetch information
but commands which change the QEMU state risk disrupting libvirt's
management of QEMU, potentially resulting in data loss/corruption in
the worst case. Any use of this tool will cause the guest to be marked
as tainted as an warning that it could be in an unexpected state.

Since this tool introduces a python dependency it is not desirable
to include it in any of the existing RPMs in libvirt. This tool is
also QEMU specific, so isn't appropriate to bundle with the generic
tools. Thus a new RPM is introduced 'libvirt-clients-qemu', to
contain additional QEMU specific tools, with extra external deps.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-07 14:32:36 +01:00
Peter Krempa
f1cd95cc28 virsh: Use proper helper for parsing XML in virshDumpXML
Use virXMLParseStringCtxt instead of virXMLParseString since the code
requires a XPath context anyways.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-06 10:54:25 +02:00
Stefan Berger
60a06693cc qemu: Add UNDEFINE_TPM and UNDEFINE_KEEP_TPM flags
Add UNDEFINE_TPM and UNDEFINE_KEEP_TPM flags to qemuDomainUndefineFlags()
API and --tpm and --keep-tpm to 'virsh undefine'. Pass the
virDomainUndefineFlagsValues via qemuDomainRemoveInactive()
from qemuDomainUndefineFlags() all the way down to
qemuTPMEmulatorCleanupHost() and delete TPM storage there considering that
the UNDEFINE_TPM flag has priority over the persistent_state attribute
from the domain XML. Pass 0 in all other API call sites to
qemuDomainRemoveInactive() for now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-04 16:34:28 +02:00
Martin Kletzander
59d30adacd libvirt-guests: Fix dependency ordering in service file
After some debugging and discussion with systemd team it turns out we
are misusing the ordering in libvirt-guests.service.  That happened
because we want to support both monolithic and modular daemon setups and
on top of that we also want to support socket activation and services
without socket activation.  Unfortunately this is impossible to express
in the unit file because of how transactions are handled in systemd when
dependencies are resolved and multiple actions (jobs) are queued.  For
explanation from Michal Sekletar see comment #7 in the BZ this patch is
fixing:

https://bugzilla.redhat.com/show_bug.cgi?id=1964855#c7

In order to support all the scenarios this patch also amends the
manpages so that users that are changing the default can also read how
to correct the dependency ordering in libvirt-guests unit file.

Ideally we would also keep the existing configuration during upgrade,
but due to our huge support matrix this seems hardly feasible as it
could introduce even more problems.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-09-26 13:04:48 +02:00
Peter Krempa
d4f7850d5b Remove support for building the sheepdog storage driver backend
The sheepdog project is unmaintained, with last commit in 2018 and
numerous unanswered issues reported.

Remove the libvirt storage driver support for it to follow the removal
of the client support in qemu.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-01 13:11:09 +02:00
Martin Kletzander
6457619d18 Rename iterface type='dummy' to type='null'
When commit bac6b266fb added this "functionality" this was the only
naming I could think of, but after discussion with Dan we found the name
'null' fits a bit better, so change it before we make a release with the
old name.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-25 13:27:04 +02:00
Martin Kletzander
0225483adc conf, docs, schemas: Add support for interface type vds
This represents an interface connected to a VMWare Distributed Switch,
previously obscured as a dummy interface.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-18 08:34:31 +02:00