Move the virsh tool and its man page into the tools directory
* Makefile.am: Remove rules for virsh.1 man page
* virsh.1: Remove auto-generated file
* docs/Makefile.am: Remove rules for virsh.pod man page
* docs/virsh.pod: Move to tools/ directory
* src/Makefile.am, src/.gitignore: Remove rules for virsh
* src/console.c, src/console.h, src/*.ico, src/virsh_win_icon.rc,
src/virsh.c: Move into tools/ directory
* tools/Makefile.am: Add rules for building virsh
* tools/.gitignore: Ignore virsh built files
* tests/virshtest.c, tests/int-overflow: Update for new
virsh location
Some architectures in certain RHEL versions do not include any
hypervisors. Update the specfile to allow those to easily build
a remote client only version of libvirt. ie no libvirtd related
bits at all.
* qemud/Makefile.am: Always instal SASL config since its needed
by client too
* libvirt.spec.in: Re-factor specfile conditionals to allow entire
server side build to be disabled easily, eg a remote client only
build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
do a client only build for all non-x86_64 archs. Enable LXC on
RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
more conditionals around dnsmasq/iptables/hal Requires tags.
Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
parted. Fix the device mapper BR for RHEL-5. Add conditional rules
for ESX build. Add conditional rules for SELinux + HAL builds.
Fix a mistaken %{with_qemu} to be %{with_network} when setting
up default network XML
When we hot-unplug the last device, we're currently double-freeing
the device definition.
Reported by Martin Banas here:
https://bugzilla.redhat.com/523953
* src/qemu_driver.c: fix double free
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
as not throwing exceptions
* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
* qemud/remote_protocol.x: Add usage type & ID as attributes of
remote_nonnull_secret. Add RPC calls for new public APIs
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
properties of virSecretPtr
* src/driver.h: Add virLookupSecretByUsage driver entry point
* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
and virLookupSecretByUsage
* src/remote_internal.c: Implement virLookupSecretByUsage entry
* src/secret_conf.c, src/secret_conf.h: Remove the
virSecretUsageType enum, now in public API. Make volume
path mandatory when parsing XML
* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
Implement virSecretLookupByUsage api method
* src/virsh.c: Include usage for secret-list command
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.
* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
virSecretLookupByUUID and virSecretGetUUID. Make
virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
remote_uuid instead of remote_nonnull_string for UUID field.
Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
remote_uuid value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
and re-implement virSecretLookupByUUIDString and
virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
to remoteSecretLookupByUUID. Fix typo in args for
remoteSecretDefineXML impl. Use raw UUID format for
get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
Storage UUID in raw format, and require it to be present in
XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
upon successful volume creation. Fix to handle raw UUIDs. Generate
a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
lookupByUUIDString
* configure.in: Only define WITH_SECRETS if libvirtd is present
* src/Makefile.am: Only build secrets driver if WITH_SECRETS is
defined. Always add SECRET_DRIVER_SOURCES to EXTRA_DIST
Integrate with QEMU monitor to provide encryption passphrase when
starting a guest using encrypted qcow volumes
* src/qemu_driver.c (findDomainDiskEncryption,
findVolumeQcowPassphrase,
qemudMonitorSendVolumePassphrase, qemudMonitorSendCont): Send a volume
passphrase if qemu asks for it.
If the <encryption format='qcow'> element does not specify a secret
during volume creation, generate a suitable secret and add it to the
<encryption> tag. The caller can view the updated <encryption> tag
using virStorageVolGetXMLDesc().
Similarly, when <encryption format='default'/> is specified while
creating a qcow or qcow2-formatted volume, change the format to "qcow"
and generate a secret as described above.
* src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE,
virStorageGenerateQcowPasphrase),
src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase),
src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase().
* src/storage_backend.c (virStoragegenerateQcowEncryption,
virStorageBackendCreateQemuImg): Generate a passphrase and
<encryption> when creating a qcow-formatted encrypted volume and the
user did not supply the information.
This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
Add a <secret> XML handling API, separate from the local driver, to
avoid manually generating XML in other parts of libvirt.
* src/secret_conf.c, src/secret_conf.h: New files.
* po/POTFILES.in, src/Makefile.am: Add secret_conf.
Add a VIR_SECRET_GET_VALUE_INTERNAL_CALL flag value, replacing the
originally separate libvirt_internal_call parameter. The flag is used
to differentiate external virSecretGetValue() calls from internal calls
by libvirt drivers that need to use the secret even if it is private.
* src/libvirt_internal.h Remove VIR_DOMAIN_XML_FLAGS_MASK
* src/driver.h Add VIR_SECRET_GET_VALUE_FLAGS_MASK constant and
VIR_SECRET_GET_VALUE_INTERNAL_CALL. Re-add the
VIR_DOMAIN_XML_FLAGS_MASK constant
* src/libvirt.c (virSecretGetValue): Don't allow the user to specify
internal flags.
Remove the bogus dependancy between node_device.c & storage_backend.c
by moving the virWaitForDevices into util.h where it can be shared
safely
* src/storage_backend_disk.c, src/storage_backend_logical.c,
src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
virStorageBackendWaitForDevices with virFileWaitForDevices
* src/storage_backend.c, src/storage_backend.h: Remove
virStorageBackendWaitForDevices, virWaitForDevices
* src/util.h, src/util.c: Add virFileWaitForDevices
* configure.in: Move xmlrpc check further down after pkgconfig
is detected
* src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
* src/libvirt_private.syms: Add many missing exports
The interface allows qemudMonitorSendCont() to report errors that are
not overridden by its callers.
Also fix a potential infinite loop in qemuDomainCoreDump() if sending
cont repeatedly fails.
* src/qemu_driver.c (qemudMonitorSendCont): New function.
(qemudAutostartConfigs): Reset error before each call to
qemudStartVMDaemon().
(qemudInitCpus, qemudDomainResume, qemudDomainCoreDump,
qemudDomainRestore, qemudDomainMigratePerform,
qemudDomainMigrateFinish2): Use qemudMonitorSendCont().
* src/security_selinux.c: Use virReportSystemError whereever an
errno is involved
* src/qemu_driver.c: Don't overwrite error message from the
security driver
* src/security.h: Driver API for relabelling host devices
* src/security_selinux.c: Implement relabelling of PCI and USB
devices
* src/qemu_driver.c: Relabel USB/PCI devices before hotplug