Commit Graph

601 Commits

Author SHA1 Message Date
John Ferlan
da86c6c226 qemu: Add luks support for domain disk
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021

Generate the luks command line using the AES secret key to encrypt the
luks secret. A luks secret object will be in addition to a an AES secret.

For hotplug, check if the encinfo exists and if so, add the AES secret
for the passphrase for the secret object used to decrypt the device.

Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle
find a uuid or a volume usage with a specific path prefix in the XML
(corresponds to the already generated XML tests). Add error message
when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39'
altered the error message generation to rely on the errors from the
secret_driver (or it's faked replacement).

Add the .args output for adding the LUKS disk to the domain

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-19 09:40:10 -04:00
Ján Tomko
4f90364318 Allow omitting USB port
We were requiring a USB port path in the schema, but not enforcing it.
Omitting the USB port would lead to libvirt formatting it as (null).
Such domain cannot be started and will disappear after libvirtd restart
(since it cannot parse back the XML).

Only format the port if it has been specified and mark it as optional
in the XML schema.
2016-07-18 10:55:35 +02:00
Ján Tomko
4c382376da qemu: format intel-iommu on the command line
<devices>
  <iommu model='intel'/>
</devices>

results in:

-device intel-iommu

https://bugzilla.redhat.com/show_bug.cgi?id=1235580
2016-07-12 12:36:13 +02:00
Michal Privoznik
958d6208a3 qemuxml2argvtest: Don't leak dummy monitor
It's just test, but why leak it?

==26971== 20 bytes in 1 blocks are definitely lost in loss record 623 of 704
==26971==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==26971==    by 0xE560447: vasprintf (vasprintf.c:76)
==26971==    by 0xAE0DEE2: virVasprintfInternal (virstring.c:480)
==26971==    by 0xAE0DFF7: virAsprintfInternal (virstring.c:501)
==26971==    by 0x4751F3: qemuProcessPrepareMonitorChr (qemu_process.c:2651)
==26971==    by 0x4334B1: testCompareXMLToArgvFiles (qemuxml2argvtest.c:297)
==26971==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==26971==    by 0x446E7A: virTestRun (testutils.c:179)
==26971==    by 0x445D33: mymain (qemuxml2argvtest.c:2029)
==26971==    by 0x44886F: virTestMain (testutils.c:969)
==26971==    by 0x445D9B: main (qemuxml2argvtest.c:2036)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-07-11 16:24:51 +02:00
Peter Krempa
e114b09157 qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY
Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50
prior to 0.12.0, our minimum supported qemu version.

$ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62
v0.11.0-rc0-449-gdc6b1c0
$ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab
v0.12.0-rc0~1477
2016-07-07 15:08:35 +02:00
Paolo Bonzini
7a97676b96 qemu: generate -display none
This is preferrable to -nographic which (in addition to disabling
graphics output) redirects the serial port to stdio and on OpenBIOS
enables the firmware's serial console.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-07 11:51:39 +02:00
Laine Stump
fe8567f6ad qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.

(This patch had been pushed earlier in
commit 0b4645a7e0, but was reverted in
commit 84d47a3cce because it had been
accidentally pushed during the freeze for release 2.0.0)
2016-07-01 21:13:31 -04:00
John Ferlan
47e88b33be util: Add 'usage' for encryption
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:24 -04:00
Jiri Denemark
0dd67acfa7 qemu: Use bootindex whenever possible
I'm not sure why our code claimed "-boot menu=on" cannot be used in
combination with per-device bootindex, but it was proved wrong about
four years ago by commit 8c952908. Let's always use bootindex when QEMU
supports it.

https://bugzilla.redhat.com/show_bug.cgi?id=1323085

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-01 12:20:54 +02:00
Ján Tomko
84d47a3cce Revert "qemu: support setting host-side IP addresses/routes"
This reverts commit 0b4645a7e0.

This feature was accidentally pushed in the feature freeze.
2016-06-27 12:54:55 +02:00
Laine Stump
0b4645a7e0 qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.
2016-06-26 19:33:10 -04:00
Ján Tomko
b3ee621e94 Add a USB hub to controller order test
The test has too many USB devices.
2016-06-23 07:45:31 +02:00
Ján Tomko
e9843279cc Add a test for long USB port paths
We support up to four levels of nested USB devices in the guest.

Add a test for a domain using all four and a negative test for a domain
using five.
2016-06-22 21:33:57 +02:00
John Ferlan
f06e45d578 tests: Adjust tests for encrypted storage
Make them work again...  The xml2xml had been working, but the xml2argv
were not working. Making the xml2argv work required a few adjustments to
the xml to update to more recent times.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-21 14:31:19 -04:00
Ján Tomko
ff52e9d43a Remove separator argument from virBitmapParse
Most the callers pass 0 in one form or another, including
vircapstest which used VIR_ARCH_NONE.
2016-06-20 12:09:52 +02:00
Martin Kletzander
6445ad488f qemu: Add support for zero-detection writes
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-14 08:25:25 +02:00
Pavel Hrdina
93a2fb230a vnc: add support for listen type none
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:46:45 +02:00
Pavel Hrdina
ffac505639 spice: introduce spice_auto_unix_socket config option
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:39 +02:00
Pavel Hrdina
e0c309b2dc spice: add support for listen type socket
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335832

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:15 +02:00
Pavel Hrdina
acc83afe33 vnc: add support for listen type 'socket'
VNC graphics already supports sockets but only via 'socket' attribute.
This patch coverts that attribute into listen type 'socket'.

For backward compatibility we need to handle listen type 'socket' and 'socket'
attribute properly to support old XMLs and new XMLs.  If both are provided they
have to match, if only one of them is provided we need to be able to parse that
configuration too.

To not break migration back to old libvirt if the socket is provided by user we
need to generate migratable XML without the listen element and use only 'socket'
attribute.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:42:48 +02:00
Tomáš Ryšavý
d77e453a01 tests: Rename virtTestLogContentAndReset to virTestLogContentAndReset.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
8a48cf6efa tests: Rename virtTest00MActive to virTest00MActive.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
239caffb1d tests: Rename virtTestCompareToFile to virTestCompareToFile.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
401bb813bd Rename virtTestLoadFile to virTestLoadFile.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Tomáš Ryšavý
cd7dd1508d tests: Rename virtTestRun to virTestRun.
This function doesn't follow our convention of naming functions.
2016-06-08 11:23:12 -04:00
Peter Krempa
05eab1bf9a conf: Move disk info validator to the domain conf validator
Since it will not be called from outside of conf we can unexport it too
if we move it to the appropriate place.

Test suite change is necessary since the error will be reported sooner
now.
2016-06-07 13:02:20 +02:00
Martin Kletzander
3484c05ce0 qemu: Add support to QXL's max_outputs parameter
Historically, we added heads=1 to videos, but for example for qxl, we
did not reflect that on the command line.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-07 12:42:54 +02:00
Laine Stump
4d100c7a41 conf: permit auto-assignment of controller indexes
Hand-entering indexes for 20 PCI controllers is not as tedious as
manually determining and entering their PCI addresses, but it's still
annoying, and the algorithm for determining the proper index is
incredibly simple (in all cases except one) - just pick the lowest
unused index.

The one exception is USB2 controllers because multiple controllers in
the same group have the same index. For these we look to see if 1) the
most recently added USB controller is also a USB2 controller, and 2)
the group *that* controller belongs to doesn't yet have a controller
of the exact model we're just now adding - if both are true, the new
controller gets the same index, but in all other cases we just assign
the lowest unused index.

With this patch in place and combined with the automatic PCI address
assignment, we can define a PCIe switch with several ports like this:

  <controller type='pci' model='pcie-root-port'/>
  <controller type='pci' model='pcie-switch-upstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  ...

These will each get a unique index, and PCI addresses that connect
them together appropriately with no pesky numbers required.
2016-05-25 15:00:25 -04:00
Ján Tomko
ea04d1a659 qemu: format SLIC ACPI table command line
<os>
  <acpi>
    <table type="slic">/path/to/acpi/table/file</table>
  </acpi>
</os>

will result in:

-acpitable sig=SLIC,file=/path/to/acpi/table/file

This option was introduced by QEMU commit 8a92ea2 in 2009.

https://bugzilla.redhat.com/show_bug.cgi?id=1327537
2016-05-25 17:15:21 +02:00
Pavel Hrdina
9753dd7470 qemuxml2argvtest: skip test that depends on gnutls_cipher_encrypt()
Test disk-drive-network-rbd-auth-AES depends on existence of
gnutls_cipher_encrypt() function which was introduced in gnutls 2.10.0.
On systems without this function we should skip this test.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-24 01:01:07 +02:00
Ján Tomko
71cfa668eb Deprecate QEMU_CAPS_PCIDEVICE
Before removal of QEMU_CAPS_DEVICE, its only usage was
or'd with QEMU_CAPS_DEVICE.

Now it's unused.
2016-05-23 10:40:22 +02:00
Ján Tomko
5572cd7f0e Deprecate QEMU_CAPS_DEVICE
We support qemu version 0.12.0+, which has it.
2016-05-23 10:38:45 +02:00
Ján Tomko
e9488fcd20 Deprecate QEMU_CAPS_DRIVE_READONLY
We have been assuming its support if qemu supports -device,
which all the supported versions do.
2016-05-23 10:37:09 +02:00
Ján Tomko
ec9d19952a tests: always assume QEMU_CAPS_DRIVE_READONLY 2016-05-23 10:34:16 +02:00
Ján Tomko
1e463880c9 tests: remove disk-drive-fat test
This test requests a read-only virtual FAT drive on the IDE bus.
Read-only IDE drives are unsupported, but libvirt only displays
the error if it has the QEMU_CAPS_DRIVE_READONLY capability.
Read-write FAT drives are also unsupported.
2016-05-23 09:39:40 +02:00
Laine Stump
c026f8f1c2 qemu: auto-assign addresses when <address type='pci'/> is specified
Rather than only assigning a PCI address when no address is given at
all, also do it when the config says that the address type is 'pci',
but it gives no address (virDeviceInfoPCIAddressWanted()).

There are also several places after parsing but prior to address
assignment where code previously expected that any info with address
type='pci' would have a *valid* PCI address, which isn't always the
case - now we check not only for type='pci', but also for a valid
address (virDeviceInfoPCIAddressPresent()).

The test case added in this patch was directly copied from Cole's patch titled:

    qemu: Wire up address type=pci auto_allocate
2016-05-20 13:54:26 -04:00
John Ferlan
a1344f70a1 qemu: Utilize qemu secret objects for RBD auth/secret
https://bugzilla.redhat.com/show_bug.cgi?id=1182074

If they're available and we need to pass secrets to qemu, then use the
qemu domain secret object in order to pass the secrets for RBD volumes
instead of passing the base64 encoded secret on the command line.

The goal is to make AES secrets the default and have no user interaction
required in order to allow using the AES mechanism. If the mechanism
is not available, then fall back to the current plain mechanism using
a base64 encoded secret.

New APIs:

qemu_domain.c:
  qemuDomainGetSecretAESAlias:
    Generate/return the secret object alias for an AES Secret Info type.
    This will be called from qemuDomainSecretAESSetup.

  qemuDomainSecretAESSetup: (private)
    This API handles the details of the generation of the AES secret
    and saves the pieces that need to be passed to qemu in order for
    the secret to be decrypted. The encrypted secret based upon the
    domain master key, an initialization vector (16 byte random value),
    and the stored secret. Finally, the requirement from qemu is the IV
    and encrypted secret are to be base64 encoded.

qemu_command.c:
  qemuBuildSecretInfoProps: (private)
    Generate/return a JSON properties object for the AES secret to
    be used by both the command building and eventually the hotplug
    code in order to add the secret object. Code was designed so that
    in the future perhaps hotplug could use it if it made sense.

  qemuBuildObjectSecretCommandLine (private)
    Generate and add to the command line the -object secret for the
    secret. This will be required for the subsequent RBD reference
    to the object.

  qemuBuildDiskSecinfoCommandLine (private)
    Handle adding the AES secret object.

Adjustments:

qemu_domain.c:
  The qemuDomainSecretSetup was altered to call either the AES or Plain
  Setup functions based upon whether AES secrets are possible (we have
  the encryption API) or not, we have secrets, and of course if the
  protocol source is RBD.

qemu_command.c:
  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
  specific command options for an AES secret, such as:

    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
            format=base64
    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
           mon_host=mon1.example.org\:6321,password-secret=$alias,...

  where the 'id=' value is the secret object alias generated by
  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
  is the master key shared with qemu, and the -drive syntax will
  reference that alias as the 'password-secret'. For the -drive
  syntax, the 'id=myname' is kept to define the username, while the
  'key=$base64 encoded secret' is removed.

  While according to the syntax described for qemu commit '60390a21'
  or as seen in the email archive:

    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

  it is possible to pass a plaintext password via a file, the qemu
  commit 'ac1d8878' describes the more feature rich 'keyid=' option
  based upon the shared masterKey.

Add tests for checking/comparing output.

NB: For hotplug, since the hotplug code doesn't add command line
    arguments, passing the encoded secret directly to the monitor
    will suffice.
2016-05-20 11:09:05 -04:00
Pavel Hrdina
2faa13560c tests: cleanup vnc auto socket test
Commit 55320c23 introduced a new test for VNC to test if
vnc_auto_unix_socket is set in qemu.conf, but forget to enable it in
qemuxml2argvtest.c.

This patch also moves the code in qemuxml2xmltest.c next to other VNC
tests and refactor the test so we also check the case for parsing active
XML.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:05:55 +02:00
Ján Tomko
936b86528d Remove DISK_BUS_XEN support from qemuBuildDiskDriveCommandLine
We have stopped supporting Xenner some time ago.
2016-05-20 09:02:08 +02:00
Cole Robinson
20a0fa8eb2 qemu: address: Remove QEMU_CAPS_DEVICE usage
All qemu versions we support have QEMU_CAPS_DEVICE, so checking
for it is redundant. Remove the usage.

The code diff isn't clear, but all that code is just inindented
with no other change.

Test cases that hit qemuDomainAssignAddresses but don't have
infrastructure for specifying qemuCaps values see lots of
churn, since now PCI addresses are in the XML output.
2016-05-18 14:33:58 -04:00
Cole Robinson
5d7314bbcf qemu: Assign device addresses in PostParse
This wires up qemuDomainAssignAddresses into the new
virDomainDefAssignAddressesCallback, so it's always triggered
via virDomainDefPostParse. We are essentially doing this already
with open coded calls sprinkled about.

qemu argv parse output changes slightly since previously it wasn't
hitting qemuDomainAssignAddresses.
2016-05-18 14:33:58 -04:00
Andrea Bolognani
f6ececa68d tests: Try different usable GIC versions
The only case where the hardware capabilities influence the result
is when no <gic/> element was provided.

The test programs now ensure both that the correct GIC version is
picked in that case, and that hardware capabilities are not taken
into account when the user has already picked a GIC version.
2016-05-18 11:27:56 +02:00
Andrea Bolognani
63bc91eea0 tests: Prepare to have different usable GIC versions
Now that we choose the GIC version based on hardware features when
no <gic/> element has been provided, we need a way to fake the GIC
capabilities of the host.

Update the qemuxml2argv and qemuxml2xml tests to allow this.
2016-05-18 11:27:56 +02:00
Andrea Bolognani
0e8a72a5ef qemu: Drop QEMU_CAPS_VIRTIO_BLK_SG_IO
The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway
2016-05-17 00:01:45 +02:00
Andrea Bolognani
859743c27c qemu: Drop QEMU_CAPS_CPU_HOST
The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway
2016-05-17 00:01:45 +02:00
Andrea Bolognani
8531b85ba6 qemu: Drop QEMU_CAPS_PCI_ROMBAR
The only QEMU versions that don't have such capability are <0.12,
which we no longer support anyway.

Additionally, this solves the issue of some QEMU binaries being
reported as not having such capability just because they lacked
the {kvm-}pci-assign QMP object.
2016-05-17 00:01:45 +02:00
Cole Robinson
e3a6859019 qemu: command: Use -name guest= if available
-name guest= is the explicit parameter for passing a VM name. Using
it is required to allow a VM with an '=' in the name

https://bugzilla.redhat.com/show_bug.cgi?id=1276485
2016-05-16 10:30:38 -04:00
Cole Robinson
077ba95677 qemu: command: escape commas in VNC socket path
This path can be dependent on the VM libdir, which contains its name
2016-05-16 10:30:38 -04:00
Cole Robinson
0f377eb1b0 qemu: command: escape commas in VM name
This isn't sufficient on its own, since the VM name is used for things
like monitor paths, which we don't escape yet
2016-05-16 10:30:38 -04:00
Laine Stump
e5aecc2f80 conf: log error when incorrect PCI root controller is added to domain
libvirt may automatically add a pci-root or pcie-root controller to a
domain, depending on the arch/machinetype, and it hopefully always
makes the right decision about which to add (since in all cases these
controllers are an implicit part of the virtual machine).

But it's always possible that someone will create a config that
explicitly supplies the wrong type of PCI controller for the selected
machinetype. In the past that would lead to an error later when
libvirt was trying to assign addresses to other devices, for example:

  XML error: PCI bus is not compatible with the device at
  0000:00:02.0. Device requires a PCI Express slot, which is not
  provided by bus 0000:00

(that's the error message that appears if you replace the pcie-root
controller in a Q35 domain with a pci-root controller).

This patch adds a check at the same place that the implicit
controllers are added (to ensure that the same logic is used to check
which type of pci root is correct). If a pci controller with index='0'
is already present, we verify that it is of the model that we would
have otherwise added automatically; if not, an error is logged:

  The PCI controller with index='0' must be " model='pcie-root' for
  this machine type, " but model='pci-root' was found instead.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004602
2016-05-10 17:03:24 -04:00