Commit Graph

29838 Commits

Author SHA1 Message Date
Peter Krempa
6dc2059abe qemu: hotplug: Drop 'secAlias' output parameter from qemuDomainGetTLSObjects
No callers are using it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
4a9680432b qemu: hotplug: Remove misleading comment in qemuDomainGetTLSObjects
'secinfo' is present also for migrations. Delete the misleading comment.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
8f1aac69f5 qemu: hotplug: Pass around existing secret object alias from qemuDomainAddChardevTLSObjects
Setting up the 'secinfo' for the TLS private key password also generates
the given alias, so we don't need to generate another one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
4e1330ab36 qemu: migration: Don't pass around secAlias
The alias of the secret for decrypting the TLS passphrase is useless
besides for TLS setup. Stop passing it around.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
2cbc026b5d qemu: command: Always setup TLS environment if src->haveTLS is on
We make sure that the disk supports TLS when preparing the environment
so there's no need to duplicate checks.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
867fb534a7 qemu: command: Pass in alias for TLS object to qemuBuildTLSx509CommandLine
Callers need to know the alias anyways so it does not make much sense to
generate it inside of this function.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
8a5cd05b55 qemu: command: Don't generate alias for TLS private key password secret
qemuBuildTLSx509CommandLine has no business guessing which alias should
be used. The alias needs to be passed in.

Note that there's a lingering bad design of this, since the secret
object alias is based on the device name and not on the fact that the
secret is used for decrypting of the TLS private key. If we ever add
authentication for chardevs this will bite us.

Thankfully disk code does not support encrypted private keys for TLS so
it can be happily refactored there.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
9083586b21 qemu: domain: Set up disk TLS alias when preparing TLS setup
Move the TLS object alias setup earlier. Also make sure that the alias
is not overwritten on hotplug.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
da49ff2c01 qemu: hotplug: Allow passing in NULL 'tlsAlias' to qemuDomainGetTLSObjects
Some callers will not need to generate the alias again.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
d23fd61836 qemu: hotplug: Don't mandate passing of 'secAlias' in qemuDomainGetTLSObjects
For some reason the function returned an error if secAlias was not
passed in. It's not an error, in fact it's desired.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
7b19f63e5d conf: Don't encode matrix of storage protocols supporting TLS in the parser
Always parse the 'tls' source field and let the drivers decide whether
they support it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
aa163d2513 qemu: domain: Forbid TLS setup for disk protocols not supporting it
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
3f5054f145 qemu: domain: Use switch statement in qemuDomainPrepareDiskSourceTLS
Select protocol using a switch with all cases enumerated. This will
simplify checking unsupported protocols and adding new support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
8db9b4f9a7 qemu: domain: Process only one object in qemuDomainPrepareDiskSourceTLS
Remove the loop from qemuDomainPrepareDiskSourceTLS and rename it to
qemuDomainPrepareStorageSourceTLS. Currently there is no backing chain
to prepare so fixing one device is equivalent. In the future it will be
reused in a function which will do the looping.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
2396774b6a qemu: domain: Separate setup of TLS for VXHS disks from qemuDomainPrepareDiskSourceTLS
Split out the code into a separate function so that all steps for a
storage protocol are contained and the original function is easily
extendable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
2e22a5618c qemu: domain: aggregate setup of disk drive options for -drive
When using blockdev the approach to base aliases will change. Add a
helper function that will aggregate all code which needs to be called
with the disk alias for the -drive to setup internal data.

qemuDomainSecretDiskPrepare wrapper is no longer necessary as the
contents were moved to a function which is designed to use the old
aliases.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
88860bb9d9 qemu: domain: Split validation and setup of the virStorageSource
Remove the call to the validating function from the function which sets
stuff up.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
9b6a636d49 qemu: domain: don't loop through images in qemuDomainPrepareDiskSourceChain
Convert the function to just prepare data for the disk. Callers need to
do the looping since there's more to do than just copy the data around.

The code path in qemuDomainPrepareDiskSource doesn't need to loop over
the chain yet, since there currently is no chain at this point. This
will be addressed later in the blockdev series where we will setup much
more stuff.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:58 +02:00
Peter Krempa
a522c3044b qemu: domain: Properly setup data relevant for top disk image
qemuDomainPrepareDiskSourceChain should set up the disk zero detection
mode only for the top level image. Since it's invoked also for the
middle of the chain we need to check that it's really only the top level
image.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
3b5181b731 qemu: domain: Regenerate alias for the TLS x509 credential object
When restarting libvirt would previously lose the alias of the x509
certificate object. Upon unplug we would then not delete the
corresponding objects.

Restore the alias if we know it should be there.

Luckily for disks we don't support encrypted TLS environment, so there's
no need to regenerate the 'secret' alias for decryption.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
1f1aa21cb9 qemu: domain: Store and restore TLS object alias of a disk
Libvirt uses the stored alias to detach the TLS x509 object on disk
unplug. As the alias was not stored, the object would not be detached
if unplugging disks after libvirtd restart.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
5e8218fad7 qemu: hotplug: Use 'tlsAlias' to see whether to detach the disk
Using 'haveTLS' to do this is pointless if the alias is not set.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
dbb4ff0919 qemu: hotplug: Don't try to infer secret object alias/presence
Now that we remember the alias we've used to attach the secret objects
we should reuse them rather than trying to infer them from the disk
configuration.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
7c6b00b8fe qemu: domain: Regenerate auth/enc secret aliases when restoring status XML
Previously we did not store the aliases but rather re-generated them
when unplug was necessary. This is very cumbersome since the knowledge
when and which alias to use needs to be stored in the hotplug code as
well.

While this patch will not strictly improve this situation since there
still will be two places containing this code it at least will allow to
remove the mess from the disk-unplug code and will prevent introducing
more mess when adding blockdev support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
ecd785dd84 tests: qemustatusxml2xml: Add test data for re-generating LUKS/auth aliases
Add tests for upcoming re-generation of aliases for the secret objects
used by qemu when upgrading libvirt.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:57 +02:00
Peter Krempa
f95baa3813 qemu: Store and parse disk authentication and encryption secret alias
Rather than trying to figure out which alias was used, store it in the
status XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:13:49 +02:00
Peter Krempa
04c890cc8b qemu: domain: Don't delete aliases of secret objects associated with disks
We need to reference the secret objects by name when hot-unplugging
disks. Don't remove the alias so that it does not need to be
recalculated.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
02b031a475 qemu: domain: Add helpers for partially clearing qemuDomainSecretInfoPtr
It's desired to keep the alias around to allow referencing of the secret
object used with qemu. Add set of APIs which will destroy all data
except the alias.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
c750e1c491 qemu: domain: Use qemuDomainSecretInfoNewPlain only for unencrypted secrets
Move the logic that determines which secret shall be used into the
caller and make this function work only for plain secrets.

This untangles the control flow by only checking relevant data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
56bb7bb3b6 qemu: domain: Setup disk encryption password secret via new helper
The encryption secret is setup only for LUKS and thus requires the new
approach. Use qemuDomainSecretInfoNew for initializing it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
7f08be4dfa qemu: domain: Add new function to set up encrypted secrets only
Some code paths can't use the unencrypted secret. Add a helper which
checks and sets up an encrypted secret only and reuse it when setting up
the secret to decrypt the TLS private key in qemuDomainSecretInfoTLSNew.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
5882a6d72f qemu: domain: Rename and fix docs for qemuDomainSecretInfoNew
Rename it to qemuDomainSecretInfoNewPlain and annotate that it also may
set up a 'plain' secret in some cases. This will eventually be
refactored further.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
a7f49b82bf qemu: domain: Rename qemuDomainSecretDiskCapable
The function checks whether the storage source requires authentication
secret setup. Rename it accordingly.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
6a2faa1344 qemu: domain: Reuse code when preparing hostdev auth secrets
Use qemuDomainSecretStorageSourcePrepare in
qemuDomainSecretHostdevPrepare as it uses a virStorageSource to prepare
the authentication secret object data.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
2d309f961e qemu: domain: Add helper to check if encrypted secrets can be used with a VM
This helper checks that the vm has the master key setup and libvirt
supports the given encryption algorithm.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
538703ba6f tests: qemublock: Switch to qcow2+luks in test files
The next patch will forbid the old qcow2 encryption completely. Remove
it from the tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
3bf1959524 tests: qemuxml2argv: Verify that disk secret alias is correct with user-aliases
Change the disk encryption type to qcow2+luks so that the appropriate
secret objects are generated. This tests that the proper alias is used
for the passphrase secret object.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
e1b0c4bf65 tests: qemuxml2argv: Drop disk encryption from 'interface-server' test
The disk encryption part is no way relevant to the rest of the test so
drop it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Ján Tomko
09e44dcaaa qemu: implement vsock coldplug/coldunplug
https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:51:18 +02:00
Ján Tomko
f3d960391c qemu: implement vsock hotunplug
https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:51:18 +02:00
Ján Tomko
0b9d4970b4 conf: introduce virDomainVsockDefEquals
Introduce a function for comparing two vsock definitions.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:51:18 +02:00
Ján Tomko
8eaa31c3ad qemu: implement vsock hotplug
Allow hotplugging the vsock device.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:51:13 +02:00
Ján Tomko
7ecafb4a2b qemu: Add prefix for vsock vhostfd
Alter qemuBuildVsockDevStr to allow passing a prefix for
the vhostfd file descriptor name. Domain startup uses
the numeric value of fd without a prefix, but hotplug
will need to use a prefix because passed file descriptor
names cannot start with a number.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:34:11 +02:00
Ján Tomko
5048aa527a qemu: split out qemuBuildVsockDevStr
Split out the device string building to allow reuse for hotplug.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-05 07:34:10 +02:00
Jim Fehlig
076a2b4096 tests: xmconfigtest: add tests for cmdline formating
Commit 656151bf fixed formatting of the <cmdline> element. Perhaps it
would have been noticed and fixed earlier if we had a test. With this
change, all possible cases of formatting <cmdline> from xmconfig are
covered

1. no 'extra=' or 'root=' in xm.cfg
2. 'extra=' but no 'root=' in xm.cfg
3. 'root=' but no 'extra=' in xm.cfg
4. both 'root=' and 'extra=' in xm.cfg

Case 1 is covered by all existing paravirt tests since they have no
'extra=' or 'root='. Case 2 is covered by adding 'extra=' to a few
of the existing paravirt tests. Cases 3 and 4 are covered by new
tests that only test conversion of xm.cfg to xml.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-06-04 20:59:16 -06:00
Jim Fehlig
67c56f6e65 libxl: fix leaking logfile fds
Per-domain log files were introduced in commit a30b08b717. The FILE
objects associated with these log files are stored in a hash table
using domid as a key. When a domain is shutdown, destroyed, or
otherwise powered-off, the FILE object is removed from the hash table,
where the free function will close the FILE.

Unfortunately the call to remove the FILE from the hash table occurs
after setting domid=-1 in the libxlDomainCleanup() function. The
object is never removed from the hash table, the free function is
never called, and the underlying fd is leaked. Fix by removing the
FILE object from the hash table before setting domid=-1.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-04 16:07:39 -06:00
Jiri Denemark
a1b43af0ba Post-release version bump to 4.5.0
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2018-06-04 23:13:13 +02:00
Daniel Veillard
b51249bffe Release of libvirt-4.4.0
* docs/news.xml: updated for release

Signed-off-by: Daniel Veillard <veillard@redhat.com>
2018-06-04 22:23:52 +02:00
Ján Tomko
8a7003f669 qemu: check for QEMU_CAPS_DEVICE_VHOST_VSOCK
My commit b8b42ca added support for formatting the vsock
command line without actually checking if it's supported.

Add it to the per-device validation function.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851

Reported-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2018-06-04 21:42:40 +02:00
Martin Kletzander
52a4078921 docs: Use proper article in formatdomain.html.in
It's "a hard_limit", not "an hard_limit".  Probably that was just a typo.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2018-06-04 15:33:19 +02:00