Commit Graph

2802 Commits

Author SHA1 Message Date
John Ferlan
abd253c963 Post-release version bump to 4.6.0
Signed-off-by: John Ferlan <jferlan@redhat.com>
2018-07-02 16:58:50 -04:00
Daniel Veillard
6a32f5b89d Release of libvirt-4.5.0
- docs/news.xml: updated for the release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2018-07-02 22:11:33 +02:00
Andrea Bolognani
04e10e8714 news: Update for 4.5.0 release
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-07-02 17:42:30 +02:00
John Ferlan
5c73acec32 docs: Add news article for volume encryption modifications
Include both the domain and storage modifications in a "Removed
features" section as well as describing the improvement to allow
using a raw input volume to create the luks encrypted volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-26 14:02:43 -04:00
John Ferlan
8f83af6823 storage: Disallow create/resize of qcow2 encrypted images
https://bugzilla.redhat.com/show_bug.cgi?id=1526382

Since commit c4eedd793 disallowed qcow2 encrypted images to be
used for domains, it no longer makes sense to allow a qcow2
encrypted volume to be created or resized.

Add a test that will exhibit the failure of creation as well
as the xml2xml validation of the format still being correct.

Update the documentation to note the removal of the capability
to create and use qcow/default encrypted volumes.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-26 14:02:43 -04:00
Daniel P. Berrangé
41d619e99c schemas: add schema for nwfilter binding XML document
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-26 11:22:07 +01:00
Andrea Bolognani
b8736ed87e news: Update for HPT maxpagesize feature
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-06-26 10:15:58 +02:00
Andrea Bolognani
0ee6f885e0 conf: Parse and format HPT maxpagesize
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2018-06-26 10:15:52 +02:00
Han Han
f78b73e68e docs: schema: Add missing <interleave> to devices
For input,hub,redirdev devices, their sub-elements should be interleaved.

input device: interleave for <driver>, <alias>, <address>
hub device: interleave for <alias>, <address>
redirdev device: interleave for <source>, <alias>, <address>, <boot>

Signed-off-by: Han Han <hhan@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-25 20:03:34 +02:00
Kashyap Chamarthy
a2913aed53 docs: formatdomain: Mention that 'urandom' is the recommended RNG backend
Since libvirt 1.3.4, any RNG source is accepted for the 'random'
backend.  However, '/dev/urandom' is the _recommended_ source of
entropy. Therefore we should mention that in the docs.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-25 12:20:39 +02:00
Michal Privoznik
be108d934e news: Document recent agent job change
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-25 07:20:12 +02:00
Chen Hanxiao
fd51ab5f11 news: add cmdDomblkinfo --all option
Update news for cmdDomblkinfo --all option.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-21 17:39:25 -04:00
Laine Stump
17b4734288 schema: allow a <rule> element with no subelements in a nwfilter
This is a regression in behavior caused by commit 37359814. It was
intended to limit the schema to allow only a single subelement of
<rule>, but it is also acceptable for <rule> to have no subelement at
all.

To prevent the same error from reoccurring in the future, the
examples/xml/nwfilter directory was added to the list of nwfilter
schema test directories.

Resolves: https://bugzilla.redhat.com/1593549

Signed-off-by: Laine Stump <laine@laine.org>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 04:04:49 -04:00
Luyao Huang
df6f857fbf docs: Remove an extra space in the SEV xml element example
Signed-off-by: Luyao Huang <lhuang@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-20 13:18:25 +02:00
Erik Skultety
6688393c6b conf: Fix formatting of <sev> element in domain capabilities XML
We only formatted the <sev> element when QEMU supported the feature when
in fact we should always format the element to make clear that libvirt
knows about the feature and the fact whether it is or isn't supported
depends on QEMU version, in other words if QEMU doesn't support the
feature we're going to format the following into the domain capabilities
XML:

<sev supported='no'/>

This patch also adjusts the RNG schema accordingly in order to reflect
the proposed change.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-15 10:49:13 +02:00
Erik Skultety
43c9c9e429 news: Add the qemu VM reconnect segfault fix into bugfixes section
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-06-14 17:40:55 +02:00
Ján Tomko
e56ff8bc72 conf: prefer camelCase for launchSecurity
Adjust the documentation, parser and tests to change:
launch-security -> launchSecurity
reduced-phys-bits -> reducedPhysBits
dh-cert -> dhCert

Also fix the headline in formatdomain.html to be more generic,
and some leftover closing elements in the documentation.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-13 14:42:17 +02:00
Ján Tomko
a95b99d030 domaincaps: rename reduced-phys-bits to reducedPhysBits
We have enough elements using underscores instead of camelCase,
do not bring dashes into the mix.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-13 14:41:46 +02:00
Brijesh Singh
a9caa98159 qemu/cgroup: Add /dev/sev in shared devices list
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-12 10:00:49 +02:00
Brijesh Singh
e5791a0306 conf: Introduce launch-security element in domain
The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.

When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-12 10:00:49 +02:00
Brijesh Singh
5dca09c170 conf: Expose SEV feature in domain capabilities
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2018-06-12 09:52:00 +02:00
Martin Kletzander
7a439dcb23 docs: Add TSEG support info into news.xml
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-08 10:28:46 +02:00
Martin Kletzander
1bd5a08d38 conf, schema, docs: Add support for TSEG size setting
TSEG (Top of Memory Segment) is one of many regions that SMM (System Management
Mode) can occupy.  This one, however is special, because a) most of the SMM code
lives in TSEG nowadays and b) QEMU just (well, some time ago) added support for
so called 'extended' TSEG.  The difference to the TSEG implemented in real q35's
MCH (Memory Controller Hub) is that it can offer one extra size to the guest OS
apart from the standard TSEG's 1, 2, and 8 MiB and that size can be selected in
1 MiB increments.  Maximum may vary based on QEMU and is way too big, so we
don't need to check for the maximum here.  Similarly to the memory size we'll
leave it to the hypervisor to try satisfying that and giving us an error message
in case it is not possible.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-08 10:28:46 +02:00
Daniel Nicoletti
13311be4a3 Add Virtlyst web application to apps.html
Signed-off-by: Daniel Nicoletti <dantti12@gmail.com>
2018-06-07 17:20:32 -04:00
Daniel P. Berrangé
331fcaced2 docs: remove git snapshot download links
The process used to build the snapshots no longer works because the box
it runs on is outdated. Analysing the web logs shows the majority of
traffic to these links is from search engine bots. With those removed,
there is about 1 hit per day from (probable) humans.

Most users needing a tarball are better served by using official
releases. Those needing latest code are better served by using git
checkout. The tarball snapshots are not compelling enough to invest time
in fixing the script that produces them.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-07 16:55:52 +01:00
Roman Bogorodskiy
0e361382cb news: Document bhyve guest CPU topology feature
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-07 19:26:26 +04:00
Roman Bogorodskiy
b66fda0a74 bhyve: Add CPU topology support
Recently, bhyve started supporting specifying guest CPU topology.
It looks this way:

  bhyve -c cpus=C,sockets=S,cores=C,threads=T ...

The old behaviour was bhyve -c C, where C is a number of vCPUs, is
still supported.

So if we have CPU topology in the domain XML, use the new syntax,
otherwise keep the old behaviour.

Also, document this feature in the bhyve driver page.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-07 19:26:26 +04:00
Ján Tomko
718ddf2fe7 schema: remove reference to brctl
ip(8) is the contemporary way of configuring bridges.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-06-07 16:30:59 +02:00
Martin Kletzander
5c22daea7b docs: Tiny fix for the SMM description
The default is actually `on` when `<smm/>` is specified.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-07 10:32:26 +02:00
Ján Tomko
598075e43d docs: document mandatory signoffs in governance.html
Amend the paragraphs about no CLAs and implicit license
agreements to mention mandatory Signed-off-by tags.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-07 09:29:29 +02:00
Stefan Berger
6f06a6c145 conf: Audit TPM emulator device at domain startup
Extend the existing auditing with auditing for the TPM emulator.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-06 10:48:41 -04:00
Stefan Berger
a55414f6ff news: Update news with new TPM emulator feature
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-06 10:48:41 -04:00
Stefan Berger
8737578d11 conf: Add support for choosing emulation of a TPM 2.0
This patch extends the TPM's device XML with TPM 2.0 support. This only works
for the emulator type backend and looks as follows:

    <tpm model='tpm-tis'>
      <backend type='emulator' version='2.0'/>
    </tpm>

The swtpm process now has --tpm2 as an additional parameter:

system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?        Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid

The version of the TPM can be changed and the state of the TPM is preserved.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-06 10:48:41 -04:00
Stefan Berger
33af0b2b7c conf: Add support for external swtpm TPM emulator to domain XML
This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only define a TPM 1.2.

Extend the documentation.

Add a test case testing the XML parser and formatter.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-06 10:48:41 -04:00
Filip Alac
6549c3a4d1 docs: news: Explain iommu_support improvement
Signed-off-by: Filip Alac <filipalac@gmail.com>
2018-06-05 09:11:29 +02:00
Filip Alac
dc34e78e21 capabilities: Extend capabilities with iommu_support
Signed-off-by: Filip Alac <filipalac@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-05 08:33:13 +02:00
Peter Krempa
8ac9db0e54 qemu: domain: Add support for TLS for NBD
https://bugzilla.redhat.com/show_bug.cgi?id=1544869

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:14:00 +02:00
Peter Krempa
c4eedd7930 qemu: domain: Forbid storage with old QCOW2 encryption
The encryption was buggy and qemu actually dropped it upstream. Forbid
it for all versions since it would cause other problems too.

Problems with the old encryption include weak crypto, corruption of
images with blockjobs and a lot of usability problems.

This requires changing of the encryption type for the encrypted disk
tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:14:00 +02:00
Jiri Denemark
a1b43af0ba Post-release version bump to 4.5.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-06-04 23:13:13 +02:00
Daniel Veillard
b51249bffe Release of libvirt-4.4.0
* docs/news.xml: updated for release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2018-06-04 22:23:52 +02:00
Martin Kletzander
52a4078921 docs: Use proper article in formatdomain.html.in
It's "a hard_limit", not "an hard_limit".  Probably that was just a typo.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2018-06-04 15:33:19 +02:00
Ján Tomko
19e5a81f21 news: add vsock
Document the addition of vsock.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
2018-06-01 14:31:44 +02:00
Ján Tomko
023ea2a869 conf: rename <vsock><source> to <vsock><cid>
To avoid the <source> vs. <target> confusion,
change <source auto='no' cid='3'/> to:
<cid auto='no' address='3'/>

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-06-01 14:31:19 +02:00
Michal Privoznik
455e6d57b2 news: Document two new features introduced in this release
The first feature is SCSI persistent reservation, the other is
support for multihead screenshots.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-01 13:39:17 +02:00
Ján Tomko
d4abb7b45d conf: introduce <vsock> element
Add a new 'vsock' element for the vsock device.
The 'model' attribute is optional.
A <source cid> subelement should be used to specify the guest cid,
or <source auto='yes'/> should be used.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-29 15:42:03 +02:00
Jiri Denemark
75e7ab1ef5 news: Mention new CPU related APIs
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-05-28 16:00:20 +02:00
Michal Privoznik
b29fa23ea9 news: Document new API introduction
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-05-28 13:08:53 +02:00
John Ferlan
4804a4db33 schema: Add missing block data for nodedev
https://bugzilla.redhat.com/show_bug.cgi?id=1566416

Commit id 'fe2af45b' added output for logical_block_size and
num_blocks for both removeable and fixed storage, but did not
update the nodedev capability causing virt-xml-validate to fail.
It's listed as optional only because it only prints if the
sizes are > 0. For a CDROM drive the values won't be formatted.

Update the nodedevxml2xmltest in order to output the values
for storage based on the logic from udevProcessRemoveableMedia
and udevProcessSD with respect to the logical_blocksize and
num_blocks calculations.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>
2018-05-25 09:36:42 -04:00
John Ferlan
c1a0601deb schema: Fix capability grammar for pagesElem
https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id '02129b7c0' added a single pagesElem for slightly
different purposes. One usage was an output for host page size
listing and the other for NUMA supported page sizes. For the
former, only the pages unit and size are formatted, while for
the latter the pages unit, size, and availability data is formatted.

The virt-xml-validate would fail because it expected something
extra in the host page size output. So split up pagesElem a bit
and create pagesHost and pagesNuma for the differences.

Modify some capabilityschemadata output to have the output - even
though the results may not be realistic with respect to the
original incarnation of the data.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>
2018-05-25 09:36:42 -04:00
John Ferlan
f97c4cc5e1 schema: Add microcode element to capability grammar
https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id 'd2440f3b5' added printing the <microcode> for the
capabilities, but didn't update the capabilities schema.

While at it, update capabilityschemadata for caps-test2
and caps-test3 to output some value for validation.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>
2018-05-25 09:36:32 -04:00