Commit Graph

1442 Commits

Author SHA1 Message Date
Daniel P. Berrange
664ab2801d Add info about access control checks into API reference
So that app developers / admins know what access control checks
are performed for each API, this patch extends the API docs
generator to include details of the ACLs for each.

The gendispatch.pl script is extended so that it generates
a simple XML describing ACL rules, eg.

  <aclinfo>
    ...
    <api name='virConnectNumOfDomains'>
      <check object='connect' perm='search_domains'/>
      <filter object='domain' perm='getattr'/>
    </api>
    <api name='virDomainAttachDeviceFlags'>
      <check object='domain' perm='write'/>
      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
    </api>
    ...
  </aclinfo>

The newapi.xsl template loads the XML files containing the ACL
rules and generates a short block of HTML for each API describing
the parameter checks and return value filters (if any).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 11:59:46 +01:00
Guannan Ren
93319da42c conf: add startupPolicy attribute for harddisk
Add startupPolicy attribute for harddisk with type "file",
"block" and "dir". 'requisite' is not supported currently for
harddisk.
2013-08-07 14:31:34 +08:00
Laine Stump
62ac6b4354 qemu: add dmi-to-pci-bridge controller
This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
and implemented with qemu's "i82801b11-bridge" device, connects to a
PCI Express slot (e.g. one of the slots provided by the pcie-root
controller, aka "pcie.0" on the qemu commandline), and provides 31
*non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.

Any time a machine is defined which has a pcie-root controller
(i.e. any q35-based machinetype), libvirt will automatically add a
dmi-to-pci-bridge controller if one doesn't exist, and also add a
pci-bridge controller. The reasoning here is that any useful domain
will have either an immediate (startup time) or eventual (subsequent
hot-plug) need for a standard PCI slot; since the pcie-root controller
only provides PCIe slots, we need to connect a dmi-to-pci-bridge
controller to it in order to get a non-hot-plug PCI slot that we can
then use to connect a pci-bridge - the slots provided by the
pci-bridge will be both standard PCI and hot-pluggable.

Since pci-bridge devices themselves can not be hot-plugged into a
running system (although you can hot-plug other devices into a
pci-bridge's slots), any new pci-bridge controller that is added can
(and will) be plugged into the dmi-to-pci-bridge as long as it has
empty slots available.

This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
the automatically added dmi-to-pci-bridge and pci-bridge devices, and
the "after" xml can include it - this way we are testing if libvirt is
properly adding these devices.
2013-08-05 15:40:49 -04:00
Laine Stump
48a3f48ac5 qemu: add pcie-root controller
This controller is implicit on q35 machinetypes. It provides 31 PCIe
(*not* PCI) slots as controller 0.

Currently there are no devices that can connect to pcie-root, and no
implicit pci controller on a q35 machine, so q35 is still
unusable. For a usable q35 system, we need to add a
"dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
and provides standard pci slots that can be used to connect other
devices.
2013-08-05 15:13:56 -04:00
Yuri Chornoivan
5b4c035b08 Fix minor typos in messages and docs
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-30 07:07:33 -06:00
Daniel Veillard
e9b8c9dc80 Release of libvirt-1.1.1
* configure.ac docs/news.html.in: update for the release
* po/*.po*: update localizations and regenerate
2013-07-30 17:38:35 +08:00
Michal Privoznik
d7a4a9b2ff formatdomain.html.in: Document implementation limitation of QoS
The outbound/@peak is ignored (since QoS was introduced). This is due to
kernel limitation of know allowing ingress filters to have peak just
average rate. However, we should document this limitation to not confuse
users.
2013-07-26 11:45:10 +02:00
Michal Privoznik
0884be37e3 formatdomain.html.in: Correctly use <code/> in #elementQoS
Interestingly, we had <code>floor<code> ... </code>outbound</code> which
results in much larger block of text to be written in code style that
intended.
2013-07-26 11:45:10 +02:00
John Ferlan
c00b2f0dd1 conf: Introduce new XML tag "mode" for disk source
There are two ways to use a iSCSI LUN as disk source for qemu.

 * The LUN's path as it shows up on host, e.g.
   /dev/disk/by-path/ip-$ip:3260-iscsi-$iqn-fc18:iscsi.iscsi0-lun-1

 * The libiscsi URI from the storage pool source element host attribute, e.g.
   iscsi://demo.org:6000/iqn.1992-01.com.example/1

For a "volume" type disk, if the specified "pool" is of iscsi
type, we should support to use the LUN in either of above 2 ways.
That's why to introduce a new XML tag "mode" for the disk source
(libvirt should support iscsi pool with libiscsi, but it's another
new feature, which should be done later).

The "mode" can be either of "host" or "direct". Use "host" to indicate
use of the LUN with the path as it shows up on host. Use "direct" to
indicate to use it with the source pool host URI (future patches may support
to use network type libvirt storage too, e.g. Ceph)
2013-07-22 14:01:04 -04:00
Eric Blake
d21d40bf0c maint: split long lines in Makefiles
Makefiles are another easy file to enforce line limits.

Mostly straightforward; interesting tricks worth noting:
src/Makefile.am: $(confdir) was already defined, use it in more places
tests/Makefile.am: path_add and VG required some interesting compression

* cfg.mk (sc_prohibit_long_lines): Add another test.
* Makefile.am: Fix offenders.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-19 05:25:35 -06:00
Daniel P. Berrange
040d996342 Merge virCommandPreserveFD / virCommandTransferFD
Merge the virCommandPreserveFD / virCommandTransferFD methods
into a single virCommandPasFD method, and use a new
VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
in behaviour

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-18 12:18:24 +01:00
John Ferlan
57b65c58d0 Allow balloon driver collection to be adjusted dynamically
Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
usage of a new --period option in order to set the collection period for the
balloon driver. This may enable or disable the collection based on the value.

Add the --current, --live, & --config options to dommemstat.
2013-07-16 08:44:53 -04:00
John Ferlan
9ed3a5ca34 Add 'period' for Memballoon statistics gathering capability
Add a period in seconds to allow/enable statistics gathering from the
Balloon driver for 'virsh dommemstat <domain>'.
2013-07-16 08:44:52 -04:00
Martin Kletzander
efab27afbf Make logical pools independent on target path
When using logical pools, we had to trust the target->path provided.
This parameter, however, can be completely ommited and we can use
'/dev/<source.name>' safely and populate it to target.path.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=952973
2013-07-16 12:16:37 +02:00
Peter Krempa
3c8be55c04 cpu: Allow fine tuning of "host-model" cpu
https://bugzilla.redhat.com/show_bug.cgi?id=799354

Until now, the "host-model" cpu mode couldn't be influenced. This patch
allows to use the <feature> elements to either enable or disable
specific CPU flags. This can be used to force flags that can be emulated
even if the host CPU doesn't support them.
2013-07-16 10:51:30 +02:00
John Ferlan
eb0d79c64b storage_pool: Rework chap XML to mimic ceph
The existing 'chap' XML logic was never used - just defined.  Rather than
try to insert a square peg into a round hole, blow it up and rewrite the
logic to follow the 'ceph' format.

Remove the former "chap.login" and "chap.passwd" fields and replace
with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
Adjust the virStoragePoolDefParseAuthChap() to process.

Change the rng file to describe the new layout

Update the formatstorage.html to describe the usage of the secret element
to mention that the secret type "iscsi" and "ceph" can be used
to storage pool too.

Update the formatsecret.html to include a reference to the storage pool

Update tests to handle the changes from 'login' and 'passwd' to 'username'
and '<secret>' format
2013-07-15 12:41:12 -04:00
Michal Privoznik
9021488a5b Adapt to VIR_ALLOC and virAsprintf in docs/ 2013-07-10 11:07:31 +02:00
Eric Blake
1e503ee534 build: honor autogen.sh --no-git
Based on a report by Chandrashekar Shastri, at
https://bugzilla.redhat.com/show_bug.cgi?id=979360

On systems where git cannot access the outside world, a developer
can instead arrange to get a copy of gnulib at the right commit
via side channels (such as NFS share drives), set GNULIB_SRCDIR,
then use ./autogen.sh --no-git.  In this setup, we will now
avoid direct use of git.  Of course, this means no automatic
gnulib updates when libvirt.git updates its submodule, but it
is expected that any developer in such a situation is already
prepared to deal with the fallout.

* .gnulib: Update to latest, for bootstrap.
* bootstrap: Synchronize from gnulib.
* autogen.sh (no_git): Avoid git when requested.
* cfg.mk (_update_required): Skip automatic rerun of bootstrap if
we can't use git.
* docs/compiling.html.in: Document this setup.
* docs/hacking.html.in: Mention this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 16:15:29 -06:00
Eric Blake
040d3f7758 maint: tweak use of <a> in HACKING
The previous handling of <a> tags led to some less-than-ideal
layout in HACKING (most noticeable on a mid-sentence reference
to the valgrind home page).

* docs/hacking.html.in: Slight tweaks to <a> tags.
* docs/hacking1.xsl: Move <a> handling...
* docs/hacking2.xsl: ...here.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 11:49:20 -06:00
Ján Tomko
2e4dd4107e conf: don't check hyperv spinlock retries if disabled
<hyperv>
  <spinlocks state='off'/>
</hyperv>

results in:
error: XML error: missing HyperV spinlock retry count

Don't require retries when state is off and use virXPathUInt
instead of virXPathString to simplify parsing.

https://bugzilla.redhat.com/show_bug.cgi?id=784836#c19
2013-07-04 18:39:56 +02:00
Gao feng
6c30ea2c35 LXC: Introduce New XML element for user namespace
This patch introduces new element <idmap> for
user namespace. for example
<idmap>
    <uid start='0' target='1000' count='10'/>
    <gid start='0' target='1000' count='10'/>
</idmap>

this new element is used for setting proc files
/proc/<pid>/{uid_map,gid_map}.

This patch also supports multiple uid/gid elements
setting in XML configuration.

We don't support the semi configuation, user has to
configure uid and gid both.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-07-02 11:20:04 +01:00
Peter Krempa
23770d7b55 docs: Document hypervisor drivers that support certain timer models
Not every timer model is supported with each hypervisor. Explicitly
mention the driver supporting each timer model.
2013-07-02 09:41:26 +02:00
Michal Novotny
ff96888991 qemu: Implement CPUs check against machine type's cpu-max
Implement check whether (maximum) vCPUs doesn't exceed machine
type's cpu-max settings.

On older versions of QEMU the check is disabled.

Signed-off-by: Michal Novotny <minovotn@redhat.com>
2013-07-01 14:30:42 +02:00
Daniel Veillard
034d322978 Release of libvirt-1.1.0
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localizations and regenerated
2013-07-01 17:22:49 +08:00
Daniel P. Berrange
49e6a16f82 Document security reporting & handling process
Historically security issues in libvirt have been primarily
triaged & fixed by the Red Hat libvirt members & Red Hat
security team, who then usually notify other vendors via
appropriate channels. There have been a number of times
when vendors have not been properly notified ahead of
announcement. It has also disadvantaged community members
who have to backport fixes to releases for which there are
no current libvirt stable branches.

To address this, we want to make the libvirt security process
entirely community focused / driven. To this end I have setup
a new email address "libvirt-security@redhat.com" for end
users to report bugs which have (possible) security implications.

This email addr is backed by an invitation only, private
archive, mailing list. The intent is for the list membership
to comprise a subset of the libvirt core team, along with any
vendor security team engineers who wish to participate in a
responsible disclosure process for libvirt. Members of the
list will be responsible for analysing the problem to determine
if a security issue exists and then issue fixes for all current
official stable branches & git master.

I am proposing the following libvirt core team people as
members of the security team / list (all cc'd):

   Daniel Berrange (Red Hat)
   Eric Blake (Red Hat)
   Jiri Denemar (Red Hat)
   Daniel Veillard (Red Hat)
   Jim Fehlig (SUSE)
   Doug Goldstein (Gentoo)
   Guido Günther (Debian)

We don't have anyone from Ubuntu on the libvirt core team.
Serge Hallyn is the most frequent submitter of patches from
Ubuntu in recent history, so I'd like to invite him to join.
Alternatively, Serge, feel free to suggest someone else to
represent Ubuntu's interests.

If any other vendors/distros have security people who are
responsible for dealing with libvirt security issues, and
want to join to get early disclosure of issues, they can
suggest people. Existing security team members will vet /
approve such requests to ensure they are genuine.

Anyone on the team / list will be **required** to honour any
embargo period agreed between members for non-public issues
that are reported. The aim will be to have a maximum 2 week
embargo period in the common case, extendable to 1 month if
there is sufficient justification made. If anyone feels they
are unable to follow such an embargo process for whatever
reason, please decline membership of the security list/team.

The patch which follows puts up some docs on the website
about all of this....

Document how to report security bugs and the process that
will be used for addressing them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-01 11:08:58 +08:00
Philipp Hahn
dc8614d7ed doc: Fix reference to #elementsUSB
aae0fc2a92 removed the #elementsUSB anchor
but did not update the links to point to the new section #elementsHostDev.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-06-28 15:59:47 -04:00
Laine Stump
8807b28559 nodedev: add iommuGroup to node device object
This includes adding it to the nodedev parser and formatter, docs, and
test.

An example of the new iommuGroup element that is a part of the output
from "virsh nodedev-dumpxml" (virNodeDeviceGetXMLDesc()):

  <device>
    <name>pci_0000_02_00_1</name>
    <capability type='pci'>
    ...
      <iommuGroup number='12'>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/>
      </iommuGroup>
    </capability>
  </device>
2013-06-26 14:10:56 -04:00
Stefan Berger
7070a572aa Fix sample TPM XML
Fix an error in the sample TPM XML.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2013-06-26 08:29:08 -04:00
Laine Stump
ab0c8df0b1 docs: correct and update network vlan example
Somehow I put an example of a domain interface with a <vlan> element
into the network documentation.

This patch replaces that with an example of a network definition that
has a vlan element with trunk='yes', multiple tags, and even the new
nativeMode attribute. It also includes a <portgroup> that has a vlan
defined.
2013-06-26 02:21:23 -04:00
Ján Tomko
11a5c957f4 Use 1.1.0 everywhere in the documentation
Since we already have the v1.1.0-rc1 tag in git.
2013-06-25 15:37:31 +02:00
james robson
861d40565e Configure native vlan modes on Open vSwitch ports
This patch adds functionality to allow libvirt to configure the
'native-tagged' and 'native-untagged' modes on openvswitch networks.

Signed-off-by: Laine Stump <laine@redhat.com>
2013-06-25 00:22:36 -04:00
Jiri Denemark
c0762b6518 New internal migration APIs with extensible parameters
This patch implements extensible variants of all internal migration APIs
used for v3 migration.
2013-06-25 01:13:16 +02:00
Jiri Denemark
d0d5acb511 Introduce virTypedParamsCopy internal API 2013-06-25 00:38:25 +02:00
Jiri Denemark
fefb0d5464 Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
All APIs that take typed parameters are only using params address in
their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
macro, all functions can easily log all individual typed parameters
passed to them.
2013-06-25 00:38:24 +02:00
Jiri Denemark
637a7c865a Introduce virTypedParamsCheck internal API
This API is useful for checking whether only a specific subset of
supported typed parameters were passed.
2013-06-25 00:38:24 +02:00
Jiri Denemark
c40ed4168a Rename virTypedParameterArrayValidate as virTypedParamsValidate 2013-06-25 00:38:24 +02:00
Ján Tomko
31d42506fb conf: add features to volume target XML
Add <features> and <compat> elements to volume target XML.

<compat> is a string which for qcow2 represents the QEMU version
it should be compatible with. Valid values are 0.10 and 1.1.
1.1 is implicit if the <features> element is present, otherwise
qemu-img default is used. 0.10 can be specified to explicitly
create older images after the qemu-img default changes.

<features> contains optional features, so far
<lazy_refcounts/> is available, which enables caching of reference
counters, improving performance for snapshots.
2013-06-21 13:25:30 +02:00
Ján Tomko
800b51d7b0 conf: add vapic and spinlocks to hyperv features
Add new CPU features for HyperV:
vapic for virtual APIC support
spinlocks for setting spinlock support

<features>
  <hyperv>
    <vapic state='on'/>
    <spinlocks state='on' retries='4096'/>
  </hyperv>
</features>

https://bugzilla.redhat.com/show_bug.cgi?id=784836
2013-06-21 12:33:46 +02:00
Claudio Bley
12edde5cbb schema: simplify RNG pattern, remove superfluous <optional> 2013-06-12 16:14:44 +02:00
Ján Tomko
3452400673 docs: add spaces to formatstorage.html
Let the pool types breathe.
2013-06-04 15:56:44 +02:00
Daniel Veillard
4497ef50dc Release of libvirt 1.0.6
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull localization updates and regenerate the po
2013-06-03 12:09:56 +02:00
Eric Blake
134e685b1d syntax-check: mandate space after mid-line semicolon
Enforce the style cleanup in the previous patch.

* build-aux/bracket-spacing.pl: Enforce trailing spacing.
* cfg.mk (bracket-spacing-check): Tweak error wording.
* docs/hacking.html.in: Document the rule.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-28 08:26:05 -06:00
Cole Robinson
e4de214b38 docs: domain: /dev/urandom isn't a valid rng patch
Only /dev/random and /dev/hwrng are accepted, list them explicitly.
2013-05-23 14:37:08 -04:00
Michal Privoznik
7e744f8199 Introduce /domain/devices/interface/driver/@queues attribute
This attribute is going to represent number of queues for
multique vhost network interface. This commit implements XML
extension part of the feature and add one test as well. For now,
we can only do xml2xml test as qemu command line generation code
is not adapted yet.
2013-05-22 16:31:27 +02:00
Guannan Ren
2a58d07654 conf: add 'sharePolicy' attribute to graphics element for vnc
-vnc :5900,share=allow-exclusive
allows clients to ask for exclusive access which is
implemented by dropping other connections Connecting
multiple clients in parallel requires all clients asking
for a shared session (vncviewer: -shared switch)

 -vnc :5900,share=force-shared
disables exclusive client access.  Useful for shared
desktop sessions, where you don't want someone forgetting
specify -shared disconnect everybody else.

 -vnc :5900,share=ignore
completely ignores the shared flag and allows everybody
connect unconditionally
2013-05-22 19:18:43 +08:00
Ján Tomko
41c89669b0 docs: formatdomain: fix links in the table of contents 2013-05-21 10:55:42 +02:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Eric Blake
0d09854c10 docs: add another user
Described here:
https://www.redhat.com/archives/libvir-list/2013-May/msg01329.html

* docs/apps.html.in: Mention Cracow Cloud One.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-17 09:18:14 -06:00
Ján Tomko
25b98d31ec schema: make source optional in volume XML
We don't parse it anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=893273
2013-05-17 08:35:08 +02:00
Ján Tomko
a07b88ee03 schema: require target path in storage pool xml
Make target path mandatory for pool types that require target,
since we refuse to parse a target without a path.

https://bugzilla.redhat.com/show_bug.cgi?id=893273
2013-05-17 08:33:22 +02:00