Commit Graph

29771 Commits

Author SHA1 Message Date
Stefan Berger
9323c4bb88 qemu: Extend the capabilities with tpm-crb device
QEMU on x86_64 (since v2.12) can support tpm-crb devices.
Introduce qemu capabilities for this device.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-03 11:28:42 -04:00
Stefan Berger
fead27f4b3 conf: Enable TPM CRB interface in the domain XML
Enable the TPM CRB to be specified in the domain XML. This
now allows to describe the TPM device like this:

  <tpm model='tpm-crb'>
    <backend type='passthrough'>
      <device path='/dev/tpm0'/>
    </backend>
  </tpm>

Extend the XML schema to also allow tpm-crb.
Extend the documentation.
Add a test case for testing the XML parser and formatter.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-03 11:28:42 -04:00
Julio Faracco
054a66037d test: avoid slash characters to the new domain name.
As QEMU driver, test driver does not accept slashes inside domain names.
This commit fixes this problem checking slashes inside the new name when
'domrename' is executed.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-03 11:25:01 -04:00
Julio Faracco
4e1a970219 qemu: avoid slash characters to the new domain name.
The 'domrename' command needs to check if the new domain name contains
the slash character. This character is not accepted by libvirt XML
definition because it is an invalid char (see Cole's commit b1fc6a7b7).
This commit enhace the 'domrename' command adding this check.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1333232

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-03 11:25:01 -04:00
Daniel P. Berrangé
d2f5bb714f storagefile: conditional build of virStorageFileLoadBackendModule
The virStorageFileLoadBackendModule method is only used if either
fs or gluster storage is built in, which doesn't happen on mingw
leading to warning of an unused static function.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 15:42:59 +01:00
Daniel P. Berrangé
564fdad9cb tests: unlink libxl-driver.log
The libxlxml2domconfigtest causes a libxl-driver.log file to be created
which breaks make distchck if libxl is enabled. Delete the log file at
the end of the test.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 14:26:08 +01:00
Daniel P. Berrangé
01888af0e2 storage: create separate loadable modules for storage file drivers
The storage file drivers are currently loaded as a side effect of
loading the storage driver. This is a bogus dependancy because the
storage file code has no interaction with the storage drivers, and
even ultimately be running in a completely separate daemon.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 13:17:59 +01:00
Daniel P. Berrangé
1421e7168c util: refactor storage file checks to allow error reporting
The virStorageFileSupportsSecurityDriver and
virStorageFileSupportsAccess currently just return a boolean
value. This is ok because they don't have any failure scenarios
but a subsequent patch is going to introduce potential failure
scenario. This changes their return type from a boolean to an
int with values -1, 0, 1.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 13:16:00 +01:00
Daniel P. Berrangé
c444505c99 util: fix virStorageFileGetBackingStoreStr error handling
The virStorageFileGetBackingStoreStr method has overloaded the NULL
return value to indicate both no backing available and a fatal
error dealing with it.

The caller is thus not able to correctly propagate the error
messages.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 13:15:51 +01:00
Daniel P. Berrangé
dbf28572c8 storage: split fs storage file code from storage driver backend
The storage file code needs to be run in the hypervisor drivers, while
the storage backend code needs to be run in the storage driver. Split
the source code as a preparatory step for creating separate loadable
modules.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:51:38 +01:00
Daniel P. Berrangé
f78cbe9424 storage: remove unused imports of libxml headers
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:49:57 +01:00
Daniel P. Berrangé
7568fc730f storage: split gluster storage file code from storage driver backend
The storage file code needs to be run in the hypervisor drivers, while
the storage backend code needs to be run in the storage driver. Split
the source code as a preparatory step for creating separate loadable
modules.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:49:22 +01:00
Daniel P. Berrangé
8b0f721f2e util: create new virmodule.{c,h} files for dlopen support code
The driver.{c,h} files are primarily targetted at loading hypervisor
drivers and some helper functions in that area. It also, however,
contains a generically useful function for loading extension modules
that is called by the storage driver. Split that functionality off
into a new virmodule.{c,h} file to isolate it.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:47:43 +01:00
Ville Skyttä
1f2f055bc3 docs: Grammar and spelling fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2018-05-03 12:40:37 +01:00
Daniel P. Berrangé
78c5dfab42 rpm: set wireshark plugin directory from pkg-config
The wireshark plugin directory moved again in Fedora 29, and will
move again every time wireshark do a new minor release. Call out
to pkg-config to find the right directory to use in the RPM file
list.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 12:17:31 +01:00
Daniel P. Berrangé
9d3859d9d7 rpm: libvirt-daemon-driver-libxl must obsolete libvirt-daemon-driver-xen
Snce the xen driver was deleted we need to ensure that the old
libvirt-daemon-driver-xen sub-RPM gets removed on upgrade. We
achieve this my making libvirt-daemon-driver-libxl obsolete it.

We don't add a Provides: too, because libvirt-daemon-driver-libxl
is not a functionally identical replacement, since we don't want
to satisfy deps for 3rd party apps that have a Requires on the
libvirt-daemon-driver-xen RPM.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-05-03 11:18:42 +01:00
Maciej Wolny
12fd47bced tests/Makefile.am: use LIBTOOL variable instead of hardcoded name
Fixes "can't find libtool" error when running valgrind checks.

Signed-off-by: Maciej Wolny <maciej.wolny@codethink.co.uk>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2018-05-02 19:05:20 +02:00
Ján Tomko
bf70a48e22 conf: remove unused VIR_DOMAIN_FS_RAM_DEFAULT_USAGE
Unused since its introduction in commit <76b644c>.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-02 16:03:00 +02:00
Erik Skultety
c376c76996 docs: schema: Add missing <interleave> element to panic device
Panic device has 2 optional sub-elements - <alias> and <address> the
order of which should be interchangeable in the XML.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1456165

Signed-off-by: Erik Skultety <eskultet@redhat.com>
2018-05-02 14:52:09 +02:00
Ján Tomko
538a7d30c2 Makefile: fix typo
s/atttribute/attribute/

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-02 14:47:46 +02:00
Ján Tomko
e7359ff36d Post-release version bump to 4.4.0
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-05-02 14:35:05 +02:00
Daniel Veillard
1cc820560f Release of libvirt-4.3.0
* docs/news.xml: updated for the release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2018-05-02 14:26:33 +02:00
Peter Krempa
764a7483f1 news: Mention changes TLS non-shared-storage migration
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-05-02 09:44:00 +02:00
Peter Krempa
9cee8f3f7e qemu: migration: Use TLS environment for NBD server if requested
Use the TLS env for migration when starting the NBD server if TLS is
enabled for migration.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-30 14:58:05 +02:00
Peter Krempa
17d34b482b qemu: monitor: Add 'tls-creds' parameter to 'nbd-server-start' command
To allow encryption of the non-shared storage migration NBD connection
we will need to instantiated the NBD server with the TLS env.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-30 14:57:53 +02:00
Peter Krempa
51541809b8 qemu: caps: Add capability for TLS transport in the NBD server
The NBD server in qemu supports TLS transport. Detect this capability.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-30 14:57:38 +02:00
Peter Krempa
ed1c45b0ba qemu: migration: Don't crash on access to 'current' job
When a VM is destroyed while being migrated (waiting in
qemuMigrationSrcWaitForCompletion) the private object cleanup code frees
the 'current' job info. Since the migration code attempts to setup
various aspects of the current job even on failure this results into a
crash.

Job data is cleared in qemuDomainObjPrivateDataClear since commit
888aa4b6b9

Fix this by skipping all of the code which requires the qemu process to
be alive if the VM is not active any more.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2018-04-30 14:43:42 +02:00
Daniel P. Berrangé
45f9905a3f po: delete bogus translations from various languages
For unknown reasons about 21 languages had the same 212 msgid entries
copied into the msgstr field without having any translation applied.
This bogus non-translated data has now been purged from Zanata.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-30 10:40:58 +01:00
Daniel P. Berrangé
fd4581ad1e Refresh translations to drop unused strings
Refresh transaltion po files to drop msgid/msgstr entries that are no
longer required due to deletion/refactoring of source code.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-30 10:40:58 +01:00
Peter Krempa
b2b2998a4b qemu: migration: Forbid 'nbd' migration of non-shared storage if TLS is requested
Since libvirt is currently not able to setup the NBD migration stream
secured by TLS we should not allow such migration since data would be
transferred unencrypted.

This will break compatibility of TLS migration if non-shared storage is
requested but the security implications are more severe.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-04-30 07:44:39 +02:00
Laine Stump
ce5aebeacd nwfilter: increase pcap buffer size to be compatible with TPACKET_V3
When an nwfilter rule sets the parameter CTRL_IP_LEARNING to "dhcp",
this turns on the "dhcpsnoop" thread, which uses libpcap to monitor
traffic on the domain's tap device and extract the IP address from the
DHCP response.

If libpcap on the host is built with HAVE_TPACKET3 defined (to enable
support for TPACKET_V3), the dhcpsnoop code's initialization of the
libpcap socket would fail with the following error:

  virNWFilterSnoopDHCPOpen:1134 : internal error: pcap_setfilter: can't remove kernel filter: Bad file descriptor

It turns out that this was because TPACKET_V3 requires a larger buffer
size than libvirt was setting (we were setting it to 128k). Changing
the buffer size to 256k eliminates the error, and the dhcpsnoop thread
once again works properly.

A fuller explanation of why TPACKET_V3 requires such a large buffer,
for future git spelunkers:

libpcap calls setsockopt(... SOL_PACKET, PACKET_RX_RING...) to setup a
ring buffer for receiving packets; two of the attributes sent to this
API are called tp_frame_size, and tp_frame_nr. If libpcap was built
with HAVE_TPACKET3 defined, tp_trame_size is set to MAXIMUM_SNAPLEN
(defined in libpcap sources as 262144) and tp_frame_nr is set to:

 [the buffer size we set, i.e. PCAP_BUFFERSIZE i.e. 262144] / tp_frame_size.

So if PCAP_BUFFERSIZE < MAXIMUM_SNAPLEN, then tp_frame_nr (the number
of frames in the ring buffer) is 0, which is nonsensical. This same
value is later used as a multiplier to determine the size for a call
to malloc() (which would also fail).

(NB: if HAVE_TPACKET3 is *not* defined, then tp_frame_size is set to
the snaplen set by the user (in our case 576) plus a small amount to
account for ethernet headers, so 256k is far more than adequate)

Since the TPACKET_V3 code in libpcap actually reads multiple packets
into each frame, it's not a problem to have only a single frame
(especially when we are monitoring such infrequent traffic), so it's
okay to set this relatively small buffer size (in comparison to the
default, which is 2MB), which is important since every guest using
dhcp snooping in a nwfilter rule will hold 2 of these buffers for the
entire life of the guest.

Thanks to Christian Ehrhardt for discovering that buffer size was the
problem (this was not at all obvious from the error that was logged!)

Resolves: https://bugzilla.redhat.com/1547237
Fixes: https://bugs.launchpad.net/libvirt/+bug/1758037

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> (V1)
Reviewed-by: John Ferlan <jferlan@redhat.com>
Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-04-27 17:38:53 -04:00
Daniel P. Berrangé
6dd3679603 Revert "news: Update the news file with the log filter wildcard improvement"
This reverts commit 209d4d6f42.

The wildcard feature has been temporarily removed pending re-impl.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-27 16:27:45 +01:00
Daniel P. Berrangé
d32c0f9afe Revert "util: virlog: Introduce wildcard to log filters"
This reverts commit 8daa593b07.

There are two undesirable aspects to the impl

  - Only a bare wildcard is permitted
  - The wildcard match is not performed in the order listed

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-27 16:26:56 +01:00
Peter Krempa
96fc9fc509 qemu: migration: Set the 'set' boolean in qemuMigrationParamsSetString
The code setting TLS parameters verifies that TLS is supported by
looking at the dump of parameters which will be reset after migration,
but sets the parameters in the list of new parameters. As
qemuMigrationParamsSetString did not set the 'set' property, the TLS
parameters would not be used.

This is a regression after the series refactoring migration parameters
and it resulted into TLS not being used even when requested.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-04-27 15:14:05 +02:00
Peter Krempa
d49c6e4623 qemu: migration: Move and unexport qemuMigrationParamsSetString
The function is not used outside of the src/qemu/qemu_migration_params.c
file so unexport it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-04-27 15:14:02 +02:00
Martin Kletzander
f94e5b2157 logging: Don't inhibit shutdown in system daemon
That is a job of libvirtd and virtlogd has a dependency on it, so that will
prevent it properly.  Doing it one extra time in virtlogd might also cause AVC
denials because it is not allowed to call that dbus method.

Caused by commit df34363d58.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1547250

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-26 17:40:57 +02:00
Ján Tomko
00b50292fd syntax-check: pass srcdir to group-qemu-caps.pl
The script assumed to be run in the source directory.
Pass top_srcdir as the argument to fix VPATH builds.

My commit 81a7571 broke this.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2018-04-26 13:39:10 +02:00
Ján Tomko
8fa4131814 syntax-check: check QEMU caps grouping
Introduce a perl script that is able to regroup both
the QEMU_CAPS constants and the capability strings.

Check correct grouping as a part of syntax check.

For in-place regrouping after a rebase, just run:
  tests/group-qemu-caps.pl
without any parameters.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-04-26 07:42:36 +02:00
Daniel P. Berrangé
a762701791 remote: disable unused function on win32 platform build
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 19:31:02 +01:00
Roman Bogorodskiy
3b90d0dc1a util: improve virNetDevTapGetRealDeviceName
virNetDevTapGetRealDeviceName() is used on FreeBSD because interface
names (such as one sees in output of tools like ifconfig(8)) might not
match their /dev entity names, and for bhyve we need the latter.

Current implementation is not very efficient because in order to find
/dev name, it goes through all /dev/tap* entries and tries to issue
TAPGIFNAME ioctl on it. Not only this is slow, but also there's a bug in
this implementation when more than one NIC is passed to a VM: once we
find the tap interface we're looking for, we set its state to UP because
opening it for issuing ioctl sets it DOWN, even if it was UP before.
When we have more than 1 NIC for a VM, we have only last one UP because
others remain DOWN after unsuccessful attempts to match interface name.

New implementation just uses sysctl(3), so it should be faster and
won't make interfaces go down to get name.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2018-04-24 21:08:19 +04:00
Daniel P. Berrangé
5cca0cb6a0 remote: refactor code for building UNIX socket paths
The code for building UNIX socket paths will be getting more complex to
cope with accessing various different daemons. Refactor it to eliminate
the code duplication and isolation the logic for constructing paths.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:01:51 +01:00
Daniel P. Berrangé
12a2024b12 remote: split URI scheme into driver and transport upfront
Currently the remote driver extracts the transport from URI scheme and
plays games to temporarily hide the driver part when formatting URIs.
Refactor the code to split the URI scheme upfront so the two pieces are
easily available where needed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:01:50 +01:00
Daniel P. Berrangé
a91eaec152 remote: honour errors from virDriverLoadModule
The libvirtd daemon currently ignores the return status of
virDriverLoadModule entirely. This is way too loose, resulting in many
important problems going undiagnosed, resulting in a libvirtd that may
never work correctly. We should only ignore a non-existant module, and
pass back any fatal errors.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:01:49 +01:00
Daniel P. Berrangé
8a062f5fe3 driver: add option to make missing drivers a fatal problem
Currently the driver module loading code does not report an error if the
driver module is physically missing on disk. This is useful for distro
packaging optional pieces. When the daemons are split up into one daemon
per driver, we will expect module loading to always succeed. If a driver
is not desired, the entire daemon should not be installed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:01:48 +01:00
Daniel P. Berrangé
078d168d15 driver: use normal error reporting APIs when loading modules
The driver module loading code is one of the few places that still uses
VIR_ERROR for reporting failures. Convert it to normal error reporting
APIs.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:00:51 +01:00
Daniel P. Berrangé
d94640ddad driver: tighten check for whether loadable module exists or not
Currently we do a access(R_OK) check to see whether a loadable module
exists, treating failure as non-fatal. This is unreasonably loose, as a
module which exists but has had incorrect permissions set will turn into
a silent skip. We only want to skip loading if the module genuinely does
not exist on disk, due to the optional package not being installed.

Furthermore, checking the return value of virDriverLoadModuleFile() is
not a suitable witness that the module does not exist. This method can
return NULL if dlopen() fails, for example due to being unable to
resolve symbols in the library. This is should always be reported as an
error because it is a sign of the bad installation where either the
module build doesn't match the libvirtd build, or where some 3rd party
libraries are missing or broken.

Both these problems can be fixed by using virFileExists in the caller
instead.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:00:50 +01:00
Daniel P. Berrangé
2902b76472 driver: fix handling of error return from finding resource
The virFileFindResource method merely builds up the expected fully
qualified path to the resource. It does not actually check if it exists
on disk. The loadable module callers were mistakenly thinking a NULL
indicates the file doesn't exist on disk, whereas it in fact indicates
an out of memory error.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:00:49 +01:00
Daniel P. Berrangé
96a72f3444 driver: don't keep a pointer to the loaded library handle
Now that we've activated two hacks to prevent unloading of modules,
there is no point passing back a pointer to the loaded library handle.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 17:00:47 +01:00
Daniel P. Berrangé
71feef9226 build: prevent unloading of dlopen'd modules
We previously added "-z nodelete" to the build of libvirt.so to prevent
crashes when thread local destructors run which point to a code that
has been dlclose()d:

  commit 8e44e5593e
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Sep 1 17:57:06 2011 +0100

      Prevent crash from dlclose() of libvirt.so

The libvirtd loadable modules can suffer from the same problem if they
were ever unloaded. Fortunately we don't ever call dlclose() on them,
but lets add a second layer of protection by linking them with the
"-z nodelete" flag. While we're doing this, lets add a third layer of
protection by passing RTLD_NODELETE to dlopen().

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 16:59:45 +01:00
Daniel P. Berrangé
078c80b6e7 virsh: remove left over print statement wrt Xen driver
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-24 16:59:21 +01:00