The current message can be misleading, because it seems to suggest
that no firmware of the requested type is available on the system.
What actually happens most of the time, however, is that despite
having multiple firmwares of the right type to choose from, none
of them is suitable because of lacking some specific feature or
being incompatible with some setting that the user has explicitly
enabled.
Providing an error message that describes exactly the problem is
not feasible, since we would have to list each candidate along
with the reason why we rejected it, which would get out of hand
quickly.
As a small but hopefully helpful improvement over the current
situation, reword the error message to make it clearer that the
culprit is not necessarily the firmware type, but rather the
overall domain configuration.
Suggested-by: Michael Kjörling <7d1340278307@ewoof.net>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
It's not possible to use password-protected ssh keys directly with
libvirt because libvirt doesn't have any way to prompt a user for the
password. To accomodate password-protected key files, an administrator
can add these keys to an ssh agent and then configure the domain with
the path to the ssh-agent socket.
Note that this requires an administrator or management app to
configure the ssh-agent with an appropriate socket path and add the
necessary keys to it. In addition, it does not currently work with
selinux enabled. The ssh-agent socket would need a label that libvirt
would be allowed to access rather than unconfined_t.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
For ssh disks that are served by nbdkit, we can support logging in with
an ssh key file. Pass the path to the configured key file and the
username to the nbdkit process.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
For ssh disks that are served by nbdkit, use the configured value for
knownHosts and pass it to the nbdkit process.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
For ssh disks that are served by nbdkit, lookup the password from the
configured secret and securely pass it to the nbdkit process using fd
passing.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Adds the ability to monitor the nbdkit process so that we can take
action in case the child exits unexpectedly.
When the nbdkit process exits, we pause the vm, restart nbdkit, and then
resume the vm. This allows the vm to continue working in the event of a
nbdkit failure.
Eventually we may want to generalize this functionality since we may
need something similar for e.g. qemu-storage-daemon, etc.
The process is monitored with the pidfd_open() syscall if it exists
(since linux 5.3). Otherwise it resorts to checking whether the process
is alive once a second. The one-second time period was chosen somewhat
arbitrarily.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
We were testing the arguments that were being passed to qemu when a disk
was being served by nbdkit, but the arguments used to start nbdkit
itself were not testable. This adds a test to ensure that we're invoking
nbdkit correctly for various disk source definitions.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
For virStorageSource objects that contain an nbdkitProcess, start that
nbdkit process to serve that network drive and then pass the nbdkit
socket to qemu rather than sending the network url to qemu directly.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Add xml to the private data for a disk source to represent the nbdkit
process so that the state can be re-created if the libvirt daemon is
restarted. Format:
<nbdkit>
<pidfile>/path/to/nbdkit.pid</pidfile>
<socketfile>/path/to/nbdkit.socket</socketfile>
</nbdkit>
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Add new DO_TEST_CAPS_LATEST_NBDKIT macro to test xml2argv for various
nbdkit capability scenarios.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
There was support in the code for parsing protocol='ssh' on network disk
sources, but it was not present in the xml schema. Add this to the
schema.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Since commit 54257ed51b51 on S390x qemuxml2argvtest fails with the following errors:
144) QEMU XML-2-ARGV cpu-kvmclock.x86_64-latest ... libvirt: CPU Driver error : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
FAILED
2023-09-14 13:01:23.883+0000: 4113077: info : libvirt version: 9.8.0
2023-09-14 13:01:23.883+0000: 4113077: info : hostname: a46lp61.lnxne.boe
2023-09-14 13:01:23.883+0000: 4113077: error : virCPUx86Compare:1954 : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
1059) QEMU XML-2-ARGV cpu-check-partial.x86_64-latest ... libvirt: CPU Driver error : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
FAILED
2023-09-14 13:01:23.885+0000: 4113077: error : virCPUx86Compare:1954 : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
1064) QEMU XML-2-ARGV cpu-check-default-partial2.x86_64-latest ... libvirt: CPU Driver error : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
FAILED
2023-09-14 13:01:23.885+0000: 4113077: error : virCPUx86Compare:1954 : the CPU is incompatible with host CPU: Host CPU does not provide required features: monitor
3 tests failed.
Fixes: 54257ed51b5132032cedb7e1e7b8c34b9ae52115
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Requires recent qemu with support for the virtio-blk-vhost-vdpa device
and the ability to pass a /dev/fdset/N path for the vdpa path (8.1.0)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1900770
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
qemuInterfaceVDPAConnect() was a helper function for connecting to the
vdpa device file. But in order to support other vdpa devices besides
network interfaces (e.g. vdpa block devices) make this function a bit
more generic.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Check whether the qemu binary supports the vdpa block driver. We can't
rely simply on the existence of the virtio-blk-vhost-vdpa block driver
since the first releases of qemu didn't support fd-passing for this
driver. So we have to check for the 'fdset' feature on the driver
object. This feature will be present in the qemu 8.1.0 release and was
merged to qemu in commit 98b126f5.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This was added in qemu commit 166b174188.
No additional features had to be added to libvirt.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Now that all fake-caps testing was removed we can also remove the
filling of the fake caps by cpu models.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Remove all the code for adding fake machines into the testing capability
cache as we no longer have any machines in it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The status XML doesn't require any capabilities to be parsed and
formatted back. Remove all qemuCaps related code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Now that all tests were converted to use real capabilities we can drop
x86_64 from the tooling to create fake capabilities.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The rest of the test cases has no change in the output now that we've
assumed some flags.
Remove the fake-caps test macros after conversion.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use real capabilities, but select the fake 'Haswell' host CPU for test
stability.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Previously without modern capabilities the test was relying on a CPU
model which was not entered into a fake list of supported cpus.
With real capabilities we have to pick a CPU model which is supported by
libvirt but in some version is not supported by qemu. I've picked
EPYC-Milan, which was introduced into qemu-6.0.
This test configures a CPU which is equivalent to EPYC-Rome by disabling
features from EPYC-Milan and uses a versioned real caps test to check it
against a qemu which doesn't support EPYC-Milan.
With real capabilities though, we can also do a positive test case by
using a version whic doesh support it. I've specifically not used the
LATEST caps so that it doesn't change once capabilities are bumped.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use the fake Haswell processor definition and augment the list of
features to make the test pass.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use real capabilities, but select the fake 'Haswell' host CPU for test
stability.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Modernize all test cases which set 'Haswell' as the host cpu model.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Modernize test cases using 'host-mode' cpu type, where the actual CPU
doesn't isn't important.
As using the host cpu from the 'latest' capabilities data would cause
test churn in case the host cpu changes in the future, convert them
using the overriden Haswell cpu.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move the 'smp-dies' test case into 'cpu-topology4' and remove
unnecessary cruft.
Remove cpu definition from 'cpu-topology2' as it's not relevant to the
test case.
Remove 'smp' case as it's covered by the rest.
Use real capabilities for all of them.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
As these were using DO_TEST_FULL the churn-reducing patches didn't
influence these.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Since qemu-8.0 a new way to disable 'hpet' via -machine was added.
Properly test both branches with real capabilities.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Assume the features modern qemus have to bring the test data closer
to the 'latest' real-caps versions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Assume the two features modern qemus have to bring the test data closer
to the 'latest' real-caps versions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Assume the two features modern qemus have to bring the test data closer
to the 'latest' real-caps versions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Assume the support for the 'pcie-root-port' all modern qemus have to
bring the test data closer to the 'latest' real-caps versions.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
To minimize further churn when coverting to real capabilities, assume
that all fake-caps machines support the piix3 USB controller.
Since we already have solid testing of USB controllers, this will have
effect only in cases when it's not relevant to the test itself.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Rename the 'usb-controller-explicit-(unavailable-)q35' test case to
'usb-controller-nec-xhci'. Since this also covers what
'usb-controller-xhci' was testing the latter is removed.
Other 'usb-xhci' test cases which were using the NEC controller are also
renamed to contain the name.
In case of 'usb-controller-qemu-xhci' the negative test case is deleted
as we don't need two cases for missing explicitly specified controller
and the positive case is modernized to use real capabilities.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Improve testing of an explicitly requested USB controller without a
model being provided.
For this purpose the 'usb-controller' case is renamed to
'usb-controller-default-i440fx'; 'usb-controller-default-q35' is moved
up to form a group. In both cases tests are covnerted to use
DO_TEST_CAPS_LATEST.
A new 'usb-controller-default-isapc' negative test case is added for
symmetry.
The negative test case 'usb-controller-default-unavailable-q35' is
converted to use latest caps, but stripping the default controller
instead of using fake caps. Additionally for symmetry
'usb-controller-default-unavailable-i440fx' is added although that
doesn't cause failure, but rather a graceful downgrade to use '-usb'.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There are per-machine type variations on which usb controller will be
picked on an x86_64 machine. Add test cases where a USB controller is
completely missing to cover all 3 cases ('isapc', 'pc', 'q35') when an
USB controller is not explicitly requested by the user.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move all controller related tests together and consolidate naming of the
test cases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
In order to minimize further churn, make all fake-caps test assume that
the seccomp sandbox is supported.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Enable a few defaults that will decrease churn when converting tests to
real capabilities.
Since the fake machines are added only for x86_64 at this point we can
assume that ACPI is present via -machine.
In case of the default ram id assume the same. Additionally the logic
was broken as fake capabilities don't have a version so the default RAM
was never actually populated into fake caps tests.
For CPU we add 'qemu64' as that is the default picked by qemu.
We also assume that qemu requires an explicit backend for -numa, which
is the case for modern machines.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'numatune-memory' case is completely dropped as it's sufficiently
covered by 'numatune-memnode'.
The positive fake-caps version of 'numatune-memnode' is dropped as it's
covered by the two existing real caps invocations.
'numatune-memory-invalid-nodeset', 'numatune-memnode-invalid-mode',
'numatune-memnode-nocpu', 'numatune-memnodes-problematic' parsing error
negative cases are converted to use latest capabilities.
'numatune-static-nodeset-exceed-hostnode' commandline generation failure
negative case is converted to use latest capabilities.
'numatune-memnode-no-memory', 'numatune-distances',
'numatune-auto-nodeset-invalid', 'numatune-auto-prefer' positive cases
are converted to use latest capabilities.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Use proper version for negative case of 'hugepages-memaccess3'
QEMU allowed to configure a memory backend for default ram since
qemu-5.2. Fix the test to use real capability data.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
To minimize upcoming churn in test data when they will be converted to
latest capabilities enable JSON syntax for -device, -object, and -netdev
for all fake caps test files. Doing this should also help git track
renames of the files better as there will be more of consistent context
present.
We can do this safely as internally we generate JSON first and then
back-convert it into the old-style commandline if given qemu doesn't
support it. This means that all generated content will be the same.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Remove the notion of legacy cpus as there are no test cases using it any
more.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Similarly to 'cpu-host-model' add a real capability invocation for each
version we support and remove the old fake caps invocation.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Similarly to 'cpu-host-model' add a real capability invocation for each
version we support and remove the old fake caps invocation.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The feature is supported since qemu-5.1. Use real qemu-5.0 caps for the
test.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>