Commit Graph

38793 Commits

Author SHA1 Message Date
Peter Krempa
cd0dc1c19f virQEMUDriverConfigLoadSpecificTLSEntry: Split up fetching of server-only config options
The '*_tls_x509_verify' options are relevant only when we are going to
expose a server socket as client sockets always enable verification.

Split up the macro to separate the common bits from the server bits so
that when we'll later extend support of 'nbd' and 'vxhs' disks which are
client only we can reuse the existing macros.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
94b5e9ebf6 virQEMUDriverConfigLoadSpecificTLSEntry: Move fetching of 'chardev_tls' above macro
Move the extraction of the config value so that it makes more sense
after upcoming refactors.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
473b97abac qemu: conf: Move 'nbd' and 'vxhs' tls config variables together with rest of tls setup
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
72fdba7ffd qemu.conf: Remove misleading mention of 'migrate_tls'
There's no such parameter. Reword the sentence to account for enabling
TLS-encrypted migration using API flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
7bfb85cf1d qemuDomainDiskHasEncryptionSecret: unexport
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Peter Krempa
47be725719 qemu: domain: Introduce helper for always fetching virStorageSource private data
Add a helper which will always return the storage source private data
even if it was not allocated before.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2020-07-07 12:58:18 +02:00
Laine Stump
852ee1950a util: remove OOM error log from virGetHostnameImpl()
The strings allocated in virGetHostnameImpl() are all allocated via
g_strdup(), which will exit on OOM anyway, so the call to
virReportOOMError() is redundant, and removing it allows slight
modification to the code, in particular the cleanup label can be
eliminated.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-05 00:01:07 -04:00
Laine Stump
59afd0b0bc conf: eliminate useless error label in virDomainFeaturesDefParse()
The error: label in this function just does "return -1", so replace
all the "goto error" in the function with "return -1".

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:58:53 -04:00
Laine Stump
ab9fd53823 network: use proper arg type when calling virNetDevSetOnline()
The 2nd arg to this function is a bool, not an int.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:54:28 -04:00
Laine Stump
e95dd7aacd network: make networkDnsmasqXmlNsDef private to bridge_driver.c
This struct isn't used anywhere else.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:53:48 -04:00
Laine Stump
9ceb3cff85 network: fix memory leak in networkBuildDhcpDaemonCommandLine()
hostsfilestr was not being freed. This will be turned into g_autofree
in an upcoming patch converting a lot more of the same file to using
g_auto*, but I wanted to make a separate patch for this first so the
other patch is simpler to review (and to make backporting easier).

The leak was introduced in commit 97a0aa2467

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:52:34 -04:00
Laine Stump
a726feb693 use g_autoptr for all xmlBuffers
AUTOPTR_CLEANUP_FUNC is set to xmlBufferFree() in util/virxml.h (This
is actually new - added accidentally (but fortunately harmlessly!) in
commit 257aba2daf. I had added it along with the hunks in this patch,
then decided to remove it and submit separately, but missed taking out
the hunk in virxml.h)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:50:38 -04:00
Laine Stump
b7a92bce07 conf, vmx: check for OOM after calling xmlBufferCreate()
Although libvirt itself uses g_malloc0() and friends, which exit when
there isn't enouogh memory, libxml2 uses standard malloc(), which just
returns NULL on OOM - this means we must check for NULL on return from
any libxml2 functions that allocate memory.

xmlBufferCreate(), for example, might return NULL, and we don't always
check for it. This patch adds checks where it isn't already done.

(NB: Although libxml2 has a provision for changing behavior on OOM (by
calling xmlMemSetup() to change what functions are used to
allocating/freeing memory), we can't use that, since parts of libvirt
code end up in libvirt.so, which is linked and called directly by
applications that may themselves use libxml2 (and may have already set
their own alternate malloc()), e.g. drivers like esx which live totally
in the library rather than a separate process.)

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2020-07-04 23:48:34 -04:00
Yanqiu Zhang
ad231189ab news.html: Add 3 new features
Add 'virtio packed' in 6.3.0, 'virDomainGetHostnameFlags' and
'Panic Crashloaded event' for 6.1.0.

Signed-off-by: Yanqiu Zhang <yanqzhan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-07-04 12:32:58 +02:00
Michal Privoznik
201f8d1876 virConnectGetAllDomainStats: Document two vcpu stats
When introducing vcpu.<num>.wait (v1.3.2-rc1~301) and
vcpu.<num>.halted (v2.4.0-rc1~36) the documentation was
not written.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-07-03 18:39:18 +02:00
Andrea Bolognani
c203b8fee1 docs: Update CI documentation
We're no longer using either Travis CI or the Jenkins-based
CentOS CI, but we have started using Cirrus CI.

Mention the libvirt-ci subproject as well, as a pointer for those
who might want to learn more about our CI infrastructure.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-03 11:00:51 +02:00
Andrea Bolognani
fb91290131 cirrus: Generate jobs dynamically
Instead of having static job definitions for FreeBSD and macOS,
use a generic template for both and fill in the details that are
actually different, such as the list of packages to install, in
the GitLab CI job, right before calling cirrus-run.

The target-specific information are provided by lcitool, so that
keeping them up to date is just a matter of running the refresh
script when necessary.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2020-07-03 11:00:22 +02:00
Michal Privoznik
919ee94ca9 maint: Post-release version bump to 6.6.0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2020-07-03 09:32:30 +02:00
Daniel Veillard
d7f935f1f1 Release of libvirt-6.5.0
* NEWS.rst: updated with date of release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2020-07-03 08:49:25 +02:00
Andrea Bolognani
d1d888a69f NEWS: Update for libvirt 6.5.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-02 14:53:07 +02:00
Daniel P. Berrangé
7fa7f7eeb6 util: add access check for hooks to fix running as non-root
Since feb83c1e71 libvirtd will abort on
startup if run as non-root

  2020-07-01 16:30:30.738+0000: 1647444: error : virDirOpenInternal:2869 : cannot open directory '/etc/libvirt/hooks/daemon.d': Permission denied

The root cause flaw is that non-root libvirtd is using /etc/libvirt for
its hooks. Traditionally that has been harmless though since we checked
whether we could access the hook file and degraded gracefully. We need
the same access check for iterating over the hook directory.

Long term we should make it possible to have an unprivileged hook dir
under $HOME.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-01 18:54:21 +01:00
Michal Privoznik
c3fa17cd9a virnettlshelpers: Update private key
With the recent update of Fedora rawhide I've noticed
virnettlssessiontest and virnettlscontexttest failing with:

  Our own certificate servercertreq-ctx.pem failed validation
  against cacertreq-ctx.pem: The certificate uses an insecure
  algorithm

This is result of Fedora changes to support strong crypto [1]. RSA
with 1024 bit key is viewed as legacy and thus insecure. Generate
a new private key then. Moreover, switch to EC which is not only
shorter but also not deprecated that often as RSA. Generated
using the following command:

  openssl genpkey --outform PEM --out privkey.pem \
  --algorithm EC --pkeyopt ec_paramgen_curve:P-384 \
  --pkeyopt ec_param_enc:named_curve

1: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-01 13:26:04 +02:00
Daniel Henrique Barboza
d57f361083 docs: Fix 'Offline migration' description
'transfers inactive the definition of a domain' seems odd.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-07-01 10:05:49 +02:00
Weblate
e7998ebeaf Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2020-06-30 15:25:43 +02:00
Yuri Chornoivan
bcc007d1b7 Translated using Weblate (Ukrainian)
Currently translated at 100.0% (10318 of 10318 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/uk/

Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2020-06-30 15:25:38 +02:00
Daniel P. Berrangé
45beffc19b tools: fix misleading comments about command names
The srv-XXX commands were renamed to server-XXX, with the old
name being a undocumented back compat alias only.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-30 14:24:56 +01:00
Andrea Bolognani
4268e18753 ci: Run all jobs, for all branches, all the time
After recent changes (increasing the parallelism of the pipeline
by reducing the number of stages, introducing FreeBSD builds that
take longer than any other job), the difference between running
the full pipeline or a reduced one has basically disappeared: in
both cases, the completion time is around 25-35 minutes depending
on whether containers need to be rebuilt and how many shared
runners are available.

Reduce the complexity of our .gitlab-ci.yml and make things
simpler for contributors by simply always running all jobs.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-29 17:43:28 +02:00
Daniel P. Berrangé
207a5009ea Translated using Weblate (French)
Currently translated at 11.8% (1221 of 10318 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fr/

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2020-06-29 15:57:51 +02:00
Akarshan Biswas
7b2f71523a Translated using Weblate (Bengali (India))
Currently translated at 21.6% (2223 of 10291 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/bn_IN/

Signed-off-by: Akarshan Biswas <akarshan.biswas@gmail.com>
2020-06-29 15:57:48 +02:00
Weblate
245fe8781c Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>

Update translation files

Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/

Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
2020-06-29 15:57:44 +02:00
Julien Humbert
6939f494d5 Translated using Weblate (French)
Currently translated at 11.8% (1223 of 10291 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fr/

Signed-off-by: Julien Humbert <julroy67@gmail.com>

Translated using Weblate (French)

Currently translated at 11.6% (1201 of 10291 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/fr/

Signed-off-by: Julien Humbert <julroy67@gmail.com>
2020-06-29 15:57:37 +02:00
Daniel P. Berrangé
b67e6c1ed2 po: refresh pot file in prep for new release
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-29 14:17:28 +01:00
Michal Privoznik
db4b24b692 domain_conf: Remove zPCI validation from formatter
In 076591009a a validation code was added to
virDomainDeviceInfoFormat() which reports an error if zPCI
address entered in was incomplete. But, there are two problems
with this approach.

The first problem is the placement of the code - it doesn't
belong into XML formatter rather than XML validator.

The second one is that at the point of formatting XML the post
parse callback has run and thus filled in required info.
Therefore this check can never do something useful and instead of
moving it into validator, it's removed completely.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-29 13:44:00 +02:00
Michal Privoznik
90c9b90aee qemu_validate: Fix how qemuValidateDomainDeviceDefZPCIAddress() is called
To make the code future proof, the rest of the
qemuValidateDomainDeviceDefAddress() has to be executed (even
though there is nothing there yet) instead of returning directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-29 12:38:24 +02:00
Michal Privoznik
b150fbc4fe qemuhotplugtest: Free monitor iff successfully initialized
If initializing test monitor in testQemuHotplugCpuPrepare()
fails, the control jumps to error label where
testQemuHotplugCpuDataFree() is called. But since the data->mon
is NULL due to aforementioned failure,
qemuMonitorTestGetMonitor() dereferences a NULL pointer leading
to a SIGSEGV.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-29 12:38:22 +02:00
Daniel Henrique Barboza
d482cf6bef domain_conf.c: skip checking ZPCI address is incomplete if not present
Commit 076591009a ("conf: fix zPCI address auto-generation on
s390") is doing a check for virZPCIDeviceAddressIsIncomplete()
prior to checking if the device has a ZPCI address at all. This
results in errors like these when starting libvirt:

  error : virDomainDeviceInfoFormat:7527 : internal error:
  Missing uid or fid attribute of zPCI address

Fix it by moving virZPCIDeviceAddressIsIncomplete() after the
check done by virZPCIDeviceAddressIsPresent().

Fixes: 076591009a
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-27 15:24:58 +02:00
Shalini Chellathurai Saroja
f6f745297d news: document zPCI addressing changes
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
18351b1cdf tests: add test with PCI and CCW device
Add test with a ZPCI host device and a CCW memballoon device to ensure
that CCW address remains the default address assigned.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
780e84c5e8 tests: qemu: add more tests for ZPCI on S390
1. Test for auto-generating uids while specifying valid fids
2. Test for auto-generating fids while specifying valid uids
3. Test for parse error while specifying a valid fid and an invalid
   uid
4. Test for parse error while specifying two ZPCI devices with same
   uid and fid addresses
5. Test for parse error when both uid and fid are set to zero
6. Test for error while specifying uid and not providing ZPCI
   capability.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
5f9dd9d866 qemu: move ZPCI uid validation into device validation
The ZPCI device validation is specific to qemu. So, let us move the
ZPCI uid validation out of domain xml parsing into qemu domain device
validation.

Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
076591009a conf: fix zPCI address auto-generation on s390
Let us fix the issues with zPCI address validation and auto-generation
on s390.

Currently, there are two issues with handling the ZPCI address
extension. Firstly, when the uid is to be auto-generated with a
specified fid, .i.e.:

    ...
    <address type='pci'>
        <zpci fid='0x0000001f'/>
    </address>
    ...

we expect uid='0x0001' (or the next available uid for the domain).
However, we get a parsing error:

    $ virsh define zpci.xml
    error: XML error: Invalid PCI address uid='0x0000', must be > 0x0000
    and <= 0xffff

Secondly, when the uid is specified explicitly with the invalid
numerical value '0x0000', we actually expect the parsing error above.
However, the domain is being defined and the uid value is silently
changed to a valid value.

The first issue is a bug and the second one is undesired behaviour, and
both issues are related to how we (in-band) signal invalid values for
uid and fid. So let's fix the XML parsing to do validation based on what
is actually specified in the XML.

The first issue is also related to the current code behaviour, which
is, if either uid or fid is specified by the user, it is incorrectly
assumed that both uid and fid are specified. This bug is fixed by
identifying when the user specified ZPCI address is incomplete and
auto-generating the missing ZPCI address.

Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:53:51 +02:00
Shalini Chellathurai Saroja
c125556c12 conf: use g_autofree to ensure automatic cleanup
Signed-off-by: Bjoern Walk <bwalk@linux.ibm.com>
Signed-off-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2020-06-26 18:31:09 +02:00
Daniel P. Berrangé
d73cd87e81 lxc: replace use of term 'slave' filesystem mount setup
Refer to the notion of mount propagation instead which describes
the actual behaviour more clearly.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
764d07838c docs: remove use of the term 'slave' in Jenkins agent docs
Jenkins replaced use of the term 'slave' with 'agent' when
describing its architecture.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
c68a91cc10 docs: update link to the libvirt jenkins plugin
The wiki page we currently link to is just a redirect for
back compat.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
a6e10dbd0b lxc: remove use of the terms 'master' and 'slave' in PTY setup
The two sides of a PTY can be referred to as primary and secondary
TTYs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
bd2502ce8f qemu: remove use of the terms 'master' and 'slave' when iterating CPUs
When querying QEMU we have to iterate over two nested sets
of CPUs. The terms "main vcpu" and "sub vcpu" are a good
representation.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
1421463e94 util: remove use of the terms 'master' and 'slave' in PTY code
The two sides of a PTY can be referred to as primary and  secondary
TTYs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:34 +01:00
Daniel P. Berrangé
3f2dd4fb84 tools: remove use of the term 'slave' in code dealing with bridges
Network interfaces are simply attached to a bridge device.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:33 +01:00
Daniel P. Berrangé
aab0470f0d docs: remove use of the term 'enslaved' wrt tap & bridge devices
Network interfaces are simply attached to a bridge device.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-26 15:39:33 +01:00