Commit Graph

41748 Commits

Author SHA1 Message Date
Jiri Denemark
b8c919b5b4 qemu: Drop redundant checks for qemuCaps before virQEMUCapsGet
virQEMUCapsGet checks for qemuCaps itself, no need to do it explicitly.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
d5c9acc166 qemu: Use g_autoptr in qemuMonitorJSONSetCapabilities
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
90a5be6416 qemu: Use g_autofree in qemuMigrationJobCheckStatus
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Jiri Denemark
df92ccb494 qemu: Update asyncOwnerAPI when entering async job phase
In case an async job spans multiple APIs (e.g., incoming migration) the
API that started the job is recorded as the asyncOwnerAPI even though it
is no longer running and the owner thread is updated properly to the one
currently handling the job. Let's also update asyncOwnerAPI to make it
more obvious which is the current (or the most recent) API involved in
the job.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:44:18 +01:00
Andrea Bolognani
af41380672 qemu: Only raise memlock limit if necessary
Attempting to set the memlock limit might fail if we're running
in a containerized environment where CAP_SYS_RESOURCE is not
available, and if the limit is already high enough there's no
point in trying to raise it anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=1916346

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
b4967d7498 qemu: Refactor qemuDomainAdjustMaxMemLock()
Store the current memory locking limit and the desired one
separately, which will help with later changes.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
a6b2804513 qemu: Don't ignore virProcessGetMaxMemLock() errors
Now that we've implemented a fallback for the function that
obtains the information from /proc, there is no reason we would
get a failure unless there's something seriously wrong with the
environment we're running in, in which case we're better off
reporting the issue to the user rather than pretending
everything is fine.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
90fe839f8a util: Try to get limits from /proc
Calling prlimit() requires elevated privileges, specifically
CAP_SYS_RESOURCE, and getrlimit() only works for the current
process which is too limiting for our needs; /proc/$pid/limits,
on the other hand, can be read by any process, so implement
parsing that file as a fallback for when prlimit() fails.

This is useful in containerized environments.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
cae268f7b9 syntax-check: Run flake8 on all Python scripts
Currenty we only check files that end in .py, but we have at
least a couple of scripts that don't have that suffix and we
nonetheless want to keep compliant with the code style.

Extend the sc_flake8 syntax-check rule so that any file that
contains a Python 3 shebang is fed to flake8 too.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
85390e6bf9 tests: Fix flake8 errors in virsh-auth
Specifically

  E111 indentation is not a multiple of four

This commit is better viewed with 'git show -w'.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:05:18 +01:00
Andrea Bolognani
6739736786 gitignore: Ignore __pycache__ directory
Unfortunately running Python scripts causes this directory to
be created in the *source* tree, and there doesn't seem to be
a way to prevent that from happening.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 12:05:11 +01:00
Andrea Bolognani
792843c05e ci: Drop prefix from Dockerfiles
Since the string "ci" is already contained in the path, it
seems unnecessary to include it into the filename too: in fact,
we only do that for Dockerfiles and not for files in ci/cirrus,
even though those are generated the very same way.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-03-22 11:40:57 +01:00
Roman Bogorodskiy
63bed955df bhyve: add <os firmware='efi'> support
Implement "<os firmware='efi'>" support for bhyve driver.
As there are not really lot of options, try to find
"BHYVE_UEFI.fd" firmware which is installed by the
sysutils/uefi-edk2-bhyve FreeBSD port.

If not found, just use the first found firmware
in the firmwares directory (which is configurable via
config file).

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-20 07:53:45 +04:00
simmon
dd0529b319 Translated using Weblate (Korean)
Currently translated at 29.9% (3158 of 10545 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: simmon <simmon@nplob.com>
Signed-off-by: simmon <simmon@nplob.com>
2021-03-19 18:01:54 +01:00
Peter Krempa
8967ad7be6 qemu: backup: Restore security label on backup disk store image on VM termination
When the backup job is terminated normally the security label is
restored by the blockjob finishing handler.

If the VM dies or is destroyed that wouldn't happen as the blockjob
handler wouldn't be called.

Restore the security label on disk store where we remember that the job
was running at the point when 'qemuBackupJobTerminate' was called.

Not resetting the security label means that we also leak the xattr
attributes remembering the label which prevents any further use of the
file, which is a problem for block devices.

This also requires that the call to 'qemuBackupJobTerminate' from
'qemuProcessStop' happens only after 'vm->pid' was reset as otherwise
the security subdrivers attempt to enter the process namespace which
fails if the process isn't running any more.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939082
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Peter Krempa
218d4cf433 NEWS: Mention support for full backups via virDomainBackupBegin
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Peter Krempa
272017484e qemu: backup: Enable full backup support
qemuBackupBegin can take a full backup of the disks (excluding any
operations with bitmaps) without the need to wait for the
blockdev-reopen support in qemu.

Add a check that no checkpoint creation is required and the disk backup
mode isn't VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_INCREMENTAL.

Call to virDomainBackupAlignDisks is moved earlier as it initializes the
disk backup mode if not present in user config.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Peter Krempa
12758f040a qemu: capabilities: Introduce QEMU_CAPS_BLOCKDEV_BACKUP
Upcoming commit will enable full backup support (incremental part
requires blockdev-reopen, which won't happen in qemu for at least
another release).

Add a capability that the 'blockdev-backup' job is supported by qemu
capped, but limited to when qemu supports QEMU_CAPS_BLOCKDEV.

We can also use it in the expression to enable
QEMU_CAPS_INCREMENTAL_BACKUP since it's a pre-requisite too.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-19 16:41:39 +01:00
Erik Skultety
fc47ba38aa ci: helper: Apply Python naming practice to private methods/attributes
As documented at [1], the common practice with respect to private
attributes/methods naming is to prefix them with an underscore.

[1] https://docs.python.org/3/tutorial/classes.html#private-variables

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 11:50:07 +01:00
Erik Skultety
efa8ca47b9 ci: util: Add a registry checker for stale images
This function checks whether there are any stale Docker images in the
registry that can be purged. Since we're pulling available container
images from our GitLab registry with the 'list-images' action, it
could happen that we'd list old (already unsupported) images and make
them available for the user to consume and run a build in them.
Naturally, the build will most likely fail leaving the user confused.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 11:50:07 +01:00
Erik Skultety
c5f9617b1c ci: helper: Rewrite image listing to Python
The corresponding Bash script is dropped.
After this patch's rewrite, the Makefile's original image listing
target remains intact only to notify the user to use the Python helper
instead.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 11:47:26 +01:00
Erik Skultety
5a0e4d79cc ci: Introduce a util module
With the gradual rewrite of the Makefile to the 'helper' script will
require helper functions that would better live in a separate util
module.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 11:47:06 +01:00
Erik Skultety
013b5a085a ci: helper: Introduce --quiet for the refresh command
Offer an option to silence all output to stdout coming out of the
dockerfiles/varsfiles generating code.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 11:46:33 +01:00
Erik Skultety
cbd7124f49 ci: helper: Use the ArgumentDefaultsHelpFormatter help formatter
This help formatter class reports the defaults we use for options
taking an argument.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-03-19 10:58:51 +01:00
Pavel Hrdina
c91fa27306 qemu: implement support for firmware auto-selection feature filtering
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:29 +01:00
Pavel Hrdina
cff524af6c conf: introduce support for firmware auto-selection feature filtering
When the firmware auto-selection was introduced it always picked first
usable firmware based on the JSON descriptions on the host. It is
possible to add/remove/change the JSON files but it will always be for
the whole host.

This patch introduces support for configuring the auto-selection per VM
by adding users an option to limit what features they would like to have
available in the firmware.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:26 +01:00
Pavel Hrdina
6330be1ba3 conf: use switch in virDomainDefParseBootOptions
The original code used a lot of conditions and was not that obvious
when each XML bits are parsed.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:24 +01:00
Pavel Hrdina
108cb29c1c conf: introduce virDomainDefParseBootAcpiOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:22 +01:00
Pavel Hrdina
b8dd70db4e conf: introduce virDomainDefParseBootLoaderOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:20 +01:00
Pavel Hrdina
bcf97abfc6 conf: introduce virDomainDefParseBootFirmwareOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:18 +01:00
Pavel Hrdina
bf9b3f8e57 conf: introduce virDomainDefParseBootKernelOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:16 +01:00
Pavel Hrdina
b07116438c conf: introduce virDomainDefParseBootInitOptions
Extract the code to it's own function.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:42:11 +01:00
Pavel Hrdina
f47d06260b docs: improve description of secure attribute for loader element
The original text was not explaining what this attribute actually
controls and could have been interpreted as a control switch for the
Secure boot feature in firmwares.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 18:41:32 +01:00
Kristina Hanicova
25d3b41e5e domain_validate: XML validate that non-virtio video devices have none virtio options
With this, XML fails if non-virtio video devices have virtio
options. Previously it didn't raise error.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1922093
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 15:03:49 +01:00
Kristina Hanicova
b5d25b8183 domain_validate: Move virDomainCheckVirtioOptionsAreAbsent() a few lines forward
Move this function in order to use it in the next patch before
its previous declaration.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 15:03:01 +01:00
Kristina Hanicova
e6c6efc208 domain_conf: Refactor virDomainDeviceInfoParseXML to use XPath
Currently, virDomainDeviceInfoParseXML() uses node->children
evaluation which is too verbose. Use XPath evaluation which is
nicer.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 14:30:25 +01:00
Kristina Hanicova
df3359fb18 domain_conf: Propagate xmlXPathContextPtr into virDomainDeviceInfoParseXML()
Function virDomainDeviceInfoParseXML() will need it soon, because it
will be doing XPath evaluation.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 14:30:16 +01:00
Jonathon Jongsma
caf23cdc9b nodedev: Don't crash when exiting before init is done
If libvirtd is terminated before the node driver finishes
initialization, it can crash with a backtrace similar to the following:

    Stack trace of thread 1922933:
    #0  0x00007f8515178774 g_hash_table_find (libglib-2.0.so.0)
    #1  0x00007f851593ea98 virHashSearch (libvirt.so.0)
    #2  0x00007f8515a1dd83 virNodeDeviceObjListSearch (libvirt.so.0)
    #3  0x00007f84cceb40a1 udevAddOneDevice (libvirt_driver_nodedev.so)
    #4  0x00007f84cceb5fae nodeStateInitializeEnumerate (libvirt_driver_nodedev.so)
    #5  0x00007f85159840cb virThreadHelper (libvirt.so.0)
    #6  0x00007f8511c7d14a start_thread (libpthread.so.0)
    #7  0x00007f851442bdb3 __clone (libc.so.6)

    Stack trace of thread 1922863:
    #0  0x00007f851442651d syscall (libc.so.6)
    #1  0x00007f85159842d4 virThreadSelfID (libvirt.so.0)
    #2  0x00007f851594e240 virLogFormatString (libvirt.so.0)
    #3  0x00007f851596635d vir_object_finalize (libvirt.so.0)
    #4  0x00007f8514efe8e9 g_object_unref (libgobject-2.0.so.0)
    #5  0x00007f85159667f8 virObjectUnref (libvirt.so.0)
    #6  0x00007f851517755f g_hash_table_remove_all_nodes.part.0 (libglib-2.0.so.0)
    #7  0x00007f8515177e62 g_hash_table_unref (libglib-2.0.so.0)
    #8  0x00007f851596637e vir_object_finalize (libvirt.so.0)
    #9  0x00007f8514efe8e9 g_object_unref (libgobject-2.0.so.0)
    #10 0x00007f85159667f8 virObjectUnref (libvirt.so.0)
    #11 0x00007f84cceb2b42 nodeStateCleanup (libvirt_driver_nodedev.so)
    #12 0x00007f8515b37950 virStateCleanup (libvirt.so.0)
    #13 0x00005648085348e8 main (libvirtd)
    #14 0x00007f8514352493 __libc_start_main (libc.so.6)
    #15 0x00005648085350fe _start (libvirtd)

This is because the initial population of the device list is done in a
separate initialization thread. If we attempt to exit libvirtd before
this init thread has completed, we'll try to free the device list while
accessing it from the other thread. In order to guarantee that this
init thread is not accessing the device list when we're cleaning up the
nodedev driver, make it joinable and wait for it to finish before
proceding with the cleanup. This is similar to how we handle the udev
event handler thread.

The separate initialization thread was added in commit
9f0ae0b1.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1836865

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 13:09:44 +01:00
Kristina Hanicova
aaa98e3cfa virxml: Fix possible memory leak in virXMLNodeContentString()
Previously, if xml node passed to the virXMLNodeContentString()
was not of type XML_ELEMENT_NODE, @ret could have caused a memory
leak because xmlNodeGetContent() works for other types of nodes
as well.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 12:45:05 +01:00
Hao Wang
4d09f35f57 NEWS: Document domain memory dirty rate APIs
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 11:25:50 +01:00
Hao Wang
5be6decbb1 migration/dirtyrate: Introduce command 'virsh domstats --dirtyrate'
Introduce command 'virsh domstats --dirtyrate' for reporting memory
dirty rate information. The info is listed as:

Domain: 'vm0'
  dirtyrate.calc_status=2
  dirtyrate.calc_start_time=1534523
  dirtyrate.calc_period=1
  dirtyrate.megabytes_per_second=5

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
fee42ea120 migration/dirtyrate: Extend dirtyrate statistics for domGetStats
Extend dirtyrate statistics for domGetStats to display the information
of a domain's memory dirty rate produced by domainStartDirtyRateCalc.

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
4ae60b1caf migration/dirtyrate: Implement qemuMonitorQueryDirtyRate
Implement qemuMonitorQueryDirtyRate which query domain's memory
dirty rate calling qmp "query-dirty-rate".

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
a0c7f61f37 migration/dirtyrate: Introduce virDomainDirtyRateStatus enum
Introduce virDomainDirtyRateStatus enum.

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
a2ae2dad06 migration/dirtyrate: Introduce domdirtyrate-calc virsh api
Introduce domdirtyrate-calc virsh api to start calculating domain's
memory dirty rate:
	# virsh domdirtyrate-calc <domain> [--seconds <sec>]

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
fbe99823e2 migration/dirtyrate: Implement qemuDomainStartDirtyRateCalc
Implement qemuDomainStartDirtyRateCalc which calculates domain's memory
dirty rate calling qmp "calc-dirty-rate".

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Hao Wang
df5c5c3e60 migration/dirtyrate: Introduce virDomainStartDirtyRateCalc API
Introduce virDomainStartDirtyRateCalc API for start calculation of
a domain's memory dirty rate with a specified time.

Signed-off-by: Hao Wang <wanghao232@huawei.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-03-18 08:50:25 +01:00
Olaf Hering
f07ae0fcbd tests: Adjust libxlxml2domconfigtest to work with Xen < 4.8
Commit fcdc387410 used a libxl API which
is only available since Xen 4.8.

Due to lack of a specific guard for this API change, reuse another
guard from libxl.h.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2021-03-17 17:57:01 -06:00
simmon
18d0f2f956 Translated using Weblate (Korean)
Currently translated at 29.3% (3094 of 10545 strings)

Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/ko/

Co-authored-by: simmon <simmon@nplob.com>
Signed-off-by: simmon <simmon@nplob.com>
2021-03-17 10:32:22 +01:00
Daniel P. Berrangé
0a92f70c8f docs: stop mentioning insecure / broken SASL mechanisms
We don't need to go to the trouble of telling users about existance of
insecure SASL mechanisms only to then say that they shouldn't be used.
We should only tell people about the GSSAPI mechanism for TCP sockets.

For the SCRAM mechanism we should be telling people about the SHA256
variant only, and also warning that the password database stores the
passwords in clear text.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-17 09:31:57 +00:00