Commit Graph

12 Commits

Author SHA1 Message Date
Daniel P. Berrangé
8ee395d843 tools: split off common helpers for host validate tool
The common messaging helpers will be reused in the new impl of the
virt-pki-validate tool.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-06-11 12:50:23 +01:00
Pavel Hrdina
0a7101c89b virt-host-validate: require freezer for LXC
Cgroup freezer support for LXC was added in libvirt-0.7.2.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Pavel Hrdina
0f4d7daa8c virt-host-validate: rewrite cgroup detection to use util/vircgroup
This removes code duplication and simplifies cgroup detection.
As a drawback we will not have separate messages to enable cgroup
controller in kernel or to mount it.  On the other side the rewrite
adds support for cgroup v2.

The kernel config support was wrong because it was parsing
'/proc/self/cgroup' instead of '/proc/cgroups/' file.

The mount suggestion is removed as well because it will not work
with cgroup v2.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2018-10-05 15:53:29 +02:00
Guido Günther
b71d10cc8e virt-host-validate: require fuse for LXC if compiled in
Domains fail to start without fuse like

  error: internal error: guest failed to start: fuse: device not found, try 'modprobe fuse' first
  Failure in libvirt_lxc startup: no error

so check for it too.

References: https://ci.debian.net/data/autopkgtest/unstable/amd64/libv/libvirt/20171012_105903/log.gz

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-12 21:32:07 +02:00
Andrea Bolognani
53d3874ce3 host-validate: Fix suggestion for missing cpu cgroup
If the cpu cgroup is not found when validating an host for
LXC support, virt-host-validate will suggest to enable the
CONFIG_CGROUP_SCHED kconfig option.

The appropriate option is really CONFIG_CGROUP_CPU. The
QEMU checks already get that right, so no changes needed.
2016-03-30 09:41:54 +02:00
Michal Privoznik
99f8fb4c55 virt-host-validate: Fix error level for user namespace check
From the code it seems to me that we need user namespace if
configured in domain XML. Otherwise we don't use it at all.
However our tool is more strict about that. Fix this discrepancy.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-25 16:53:23 +01:00
Michal Privoznik
d55e11a302 virt-host-validate: Check those CGroups that we actually use
Since the introduction of virt-host-validate tool the set of
cgroup controllers we use has changed so the tool is checking for
some cgroups that we don't need (e.g. net_cls, although I doubt
we have ever used that one) and is not checking for those we
actually use (e.g. cpuset).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-01-25 16:53:18 +01:00
Daniel P. Berrange
9bf595b172 virt-host-validate: check for required cgroups
Extend the virt-host-validate checks to see if the required
cgroups are compiled into the kernel and that they are
mounted on the system. The cgroups are all optional except
for 3 that LXC mandates

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 13:15:00 +01:00
Daniel P. Berrange
8a6b6037f8 virt-host-validate.c: check for kernel namespaces
The LXC driver requires the uts, mnt, pid & ipc
namespaces, while net & user namespaces are
optional. Validate all these are present.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-10-12 13:15:00 +01:00
Eric Blake
4ecb723b9e maint: fix up copyright notice inconsistencies
https://www.gnu.org/licenses/gpl-howto.html recommends that
the 'If not, see <url>.' phrase be a separate sentence.

* tests/securityselinuxhelper.c: Remove doubled line.
* tests/securityselinuxtest.c: Likewise.
* globally: s/;  If/.  If/
2012-09-20 16:30:55 -06:00
Osier Yang
f9ce7dad60 Desert the FSF address in copyright
Per the FSF address could be changed from time to time, and GNU
recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

  You should have received a copy of the GNU General Public License
  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

This patch removes the explicit FSF address, and uses above instead
(of course, with inserting 'Lesser' before 'General').

Except a bunch of files for security driver, all others are changed
automatically, the copyright for securify files are not complete,
that's why to do it manually:

  src/security/security_selinux.h
  src/security/security_driver.h
  src/security/security_selinux.c
  src/security/security_apparmor.h
  src/security/security_apparmor.c
  src/security/security_driver.c
2012-07-23 10:50:50 +08:00
Daniel P. Berrange
54a38915d8 Add a virt-host-validate command to sanity check HV config
To assist people in verifying that their host is operating in an
optimal manner, provide a 'virt-host-validate' command. For each
type of hypervisor, it will check any pre-requisites, or other
good recommendations and report what's working & what is not.

eg

  # virt-host-validate
  QEMU: Checking for device /dev/kvm                                         : FAIL (Check that the 'kvm-intel' or 'kvm-amd' modules are loaded & the BIOS has enabled virtualization)
  QEMU: Checking for device /dev/vhost                                       : WARN (Load the 'vhost_net' module to improve performance of virtio networking)
  QEMU: Checking for device /dev/net/tun                                     : PASS
   LXC: Checking for Linux >= 2.6.26                                         : PASS

This warns people if they have vmx/svm, but don't have /dev/kvm. It
also warns about missing /dev/vhost net.
2012-01-27 17:53:18 +00:00