Commit Graph

1817 Commits

Author SHA1 Message Date
Ján Tomko
be74ebccbe Clarify the meaning of version in redirdev filters
The version attribute in redirdev filters refers to the revision
of the device, not the version of the USB protocol.

Explicitly state that this is not the USB protocol and remove references
to those round version numbers that resemble USB protocol versions.

https://bugzilla.redhat.com/show_bug.cgi?id=1177237
(cherry picked from commit 76a2a5ce8b)
2015-04-28 11:06:41 -04:00
Michal Privoznik
193b057352 RNG: Allow multiple parameters to be passed to an interface filter
Our code supports that for ages. When using a <filterref/> to an
<interface/> several parameters can be passed to the filter. Later,
when building firewall rules, parameters are substituted for their
values. However, our RNG schema allowed only one parameter to be
passed.

Reported-by: Brian Rak <brak@gameservers.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 6cc5080a09)
2015-04-28 11:06:40 -04:00
Pavel Hrdina
a2d4e78296 docs: add a note that spice channel is usable only with spice graphics
To prevent a confusion about missing chardev argument in qemu
command line add a note about that behavior into documentation.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129198

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 242e8c5472)
2015-04-28 11:06:39 -04:00
Michal Privoznik
61ab292139 qemu: Allow spaces in disk serial
https://bugzilla.redhat.com/show_bug.cgi?id=1195660

There's been a bug report appearing on the qemu-devel list, that
libvirt is unable to pass spaces in disk serial number [1]. Not only
our RNG schema forbids that, the code is not prepared either. However,
with a bit of escaping (if needed) we can allow spaces there.

1: https://lists.gnu.org/archive/html/qemu-devel/2015-02/msg04041.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit 5aee81a0cb)
2015-04-28 11:06:38 -04:00
Prerna Saxena
2e47fb1539 RNG: Add 'ppc64le' arch and newer pseries-2.* machine types
Acked-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
(cherry picked from commit 0afa6be815)
2015-04-28 11:06:37 -04:00
Peter Krempa
e022ba7334 schema: Fix interface link state schema
In commit edd1295e1d I've introduced an
XML element that allows to configure state of the network interface
link. Somehow the RNG schema hunk ended up in a weird place in the
network schema definition. Move it to the right place and add a test
case.

Note that the link state is set up via the monitor at VM startup so I
originally didn't think of adding a test case.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1173468
(cherry picked from commit 8eb907b8d0)
2015-04-28 11:06:37 -04:00
Erik Skultety
627f615a6e docs: add a note that attr 'managed' is only used by PCI devices
Our documentation isn't 100% clear about hostdev 'managed' attribute usage,
because it only makes sense to use it with PCI devices, yet we format
this attribute to all hostdev devices. By adding a note into the docs,
we can possibly avoid confusion from customer's side and also avoid a solution
using ternary logic.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155887
(cherry picked from commit ccfe9e4809)
2015-04-28 11:06:36 -04:00
Daniel Veillard
1723cad6e7 Release of libvirt-1.2.13 2015-03-02 11:40:05 +08:00
Michal Privoznik
75b4c5cf8d docs: Add mist.io as libvirt-based application
As reported on the libvirt-users list [1], there's new web
application called mist.io which uses libvirt as one of its
backends. Lets add it into our list of libivrt based
applications.

1: https://www.redhat.com/archives/libvirt-users/2015-February/msg00096.html

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-02-27 16:11:25 +01:00
Peter Krempa
18f9f69bb5 schema: Allow interleaving the /domain/os/type element
The element wasn't declared under the interleave thus it was required
always to be first. This made it inconvenient when pasting new stuff to
the XML manually in the "wrong" place.
2015-02-25 17:04:09 +01:00
Martin Kletzander
3e4b783e1e schema: Add virtio-mmio address type into RNG
The "virtio-mmio" is perfectly valid address type which we parse and
format correctly, but it's missing in our RNG schemas, hence editing a
domain with device having such address fails the validation.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-25 11:23:45 +01:00
Marek Marczykowski
c374353ca0 conf: support backend domain name in disk and network devices
At least Xen supports backend drivers in another domain (aka "driver
domain"). This patch introduces an XML config option for specifying the
backend domain name for <disk> and <interface> devices.  E.g.

  <disk>
    <backenddomain name='diskvm'/>
    ...
  </disk>
  <interface type='bridge'>
    <backenddomain name='netvm'/>
    ...
  </interface>

In the future, same option will be needed for USB devices (hostdev
objects), but for now libxl doesn't have support for PVUSB.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2015-02-20 14:50:24 -07:00
Ján Tomko
794235e813 docs: clarify nat range behavior
All the addresses from the range are used, not just those
that are in use on the host.

https://bugzilla.redhat.com/show_bug.cgi?id=1079917
2015-02-18 15:36:45 +01:00
Daniel P. Berrange
b4c7f7eaea docs: add page about virtlockd setup
Introduce some basic docs describing the virtlockd setup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-02-17 13:59:54 +00:00
Daniel P. Berrange
575c839b6e docs: split out sanlock setup docs
In preparation for adding docs about virtlockd, split out
the sanlock setup docs into a separate page.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-02-17 13:59:19 +00:00
Ján Tomko
6067182b0d Add mrg_rxbuf option to virtio interfaces
Add an XML attribute to allow disabling merge of rx buffers
on the host:
<interface ...>
  ...
  <model type='virtio'/>
  <driver ...>
    <host mrg_rxbuf='off'/>
  </driver>
</interface>

https://bugzilla.redhat.com/show_bug.cgi?id=1186886
2015-02-13 12:31:38 +01:00
Martin Kletzander
a0638ff219 docs: Fix version reference in vcpu/iothread scheduling
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-12 13:29:21 +01:00
Martin Kletzander
8680ea9749 docs, schema, conf: Add support for setting scheduler parameters of guest threads
In order for QEMU vCPU (and other) threads to run with RT scheduler,
libvirt needs to take care of that so QEMU doesn't have to run privileged.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-02-11 17:30:06 +01:00
Erik Skultety
862bbf8a5a schema: allow multiple seclabel for devices in domaincommon.rng
In our RNG schema we do allow multiple (different) seclabels per-domain,
but don't allow this for devices, yet we neither have a check in our XML parser,
nor in a post-parse callback. In that case we should allow multiple
(different) seclabels for devices as well.
2015-02-11 09:41:36 +01:00
Stefan Zimmermann
633053af67 S390: Documentation for ccw address type
Change the wording in the device-address-part of the docmunentation since
the ccw bus address support added to the optional address parameter of
virsh attach-disk for S390.

Signed-off-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-02-09 14:22:23 +01:00
Ján Tomko
8e724e9f3e Error out when custom tap device path makes no sense
It is only usable for NETWORK and BRIDGE type interfaces.
Error out when trying to start a domain where the custom
tap device path is specified for interfaces of other types,
or when the daemon is not privileged.

Note that this cannot be checked at definition time, because
the comparison is against actual type.

https://bugzilla.redhat.com/show_bug.cgi?id=1147195
2015-02-06 12:52:50 +01:00
Ján Tomko
84f741812f Only parse custom vhost path for virtio interfaces
It is only supported for virtio adapters.
Silently drop it if it was specified for other models,
as is done for other virtio attributes.

Also mention this in the documentation.

https://bugzilla.redhat.com/show_bug.cgi?id=1147195
2015-02-06 12:52:50 +01:00
Michal Privoznik
bbd3eb5098 conf: Don't mangle vcpu placement randomly
https://bugzilla.redhat.com/show_bug.cgi?id=1170492

In one of our previous commits (dc8b7ce7) we've done a functional
change even though it was intended as pure refactor. The problem is,
that the following XML:

 <vcpu placement='static' current='2'>6</vcpu>
 <cputune>
   <emulatorpin cpuset='1-3'/>
 </cputune>
 <numatune>
   <memory mode='strict' placement='auto'/>
 </numatune>

gets translated into this one:

 <vcpu placement='auto' current='2'>6</vcpu>
 <cputune>
   <emulatorpin cpuset='1-3'/>
 </cputune>
 <numatune>
   <memory mode='strict' placement='auto'/>
 </numatune>

We should not change the vcpu placement mode. Moreover, we're doing
something similar in case of emulatorpin and iothreadpin. If they were
set, but vcpu placement was auto, we've mistakenly removed them from
the domain XML even though we are able to set them independently on
vcpus.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-30 13:51:22 +01:00
Michal Privoznik
5222256849 schemas: Allow all generic elements and attributes for all interfaces
There are some interface types (notably 'server' and 'client')
which instead of allowing the default set of elements and
attributes (like the rest do), try to enumerate only the elements
they know of. This way it's, however, easy to miss something. For
instance, the <address/> element was not mentioned at all. This
resulted in a strange behavior: when such interface was added
into XML, the address was automatically generated by parsing
code. Later, the formatted XML hasn't passed the RNG schema. This
became more visible once we've turned on the XML validation on
domain XML changes: appending an empty line at the end of
formatted XML (to trick virsh think the XML had changed) made
libvirt to refuse the very same XML it formatted.

Instead of trying to find each element and attribute we are
missing in the schema, lets just allow all the elements and
attributes like we're doing that for the rest of types. It's no
harm if the schema is wider than our parser allows.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-29 16:23:15 +01:00
John Ferlan
9bbbb91216 storage: Check the partition name against provided name
https://bugzilla.redhat.com/show_bug.cgi?id=1138516

If the provided volume name doesn't match what parted generated as the
partition name, then return a failure.

Update virsh.pod and formatstorage.html.in to describe the 'name' restriction
for disk pools as well as the usage of the <target>'s <format type='value'>.
2015-01-28 17:28:03 -05:00
Daniel Veillard
fd596a4583 Release of libvirt-1.2.12
* docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: regenerated the po
2015-01-27 16:01:12 +08:00
Peter Krempa
6e01534bc0 schemas: Move definition of 'hexuint' to basictypes
Allow reuse of the type.
2015-01-23 13:18:04 +01:00
Ján Tomko
280ece4af9 qemu: format server interface without a listen address
https://bugzilla.redhat.com/show_bug.cgi?id=1130390

The listen address is not mandatory for <interface type='server'>
but when it's not specified, we've been formatting it as:
-netdev socket,listen=(null):5558,id=hostnet0
which failed with:
Device 'socket' could not be initialized

Omit the address completely and only format the port in the listen
attribute.

Also fix the schema to allow specifying a model.
2015-01-21 13:22:36 +01:00
Josh Stone
298fa4858c network: Let domains be restricted to local DNS
This adds a new "localOnly" attribute on the domain element of the
network xml.  With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b987d, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

Signed-off-by: Josh Stone <jistone@redhat.com>
2015-01-20 01:07:18 -05:00
Martin Kletzander
abf95b65e2 docs: Fix docs about python bindings package
Since the day we removed python bindings from the core repository, the
documentation was missing that information.

Reported-by: Lingyu Zhu <lynuszhu@gmail.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-19 14:50:52 +01:00
Dmitry Guryanov
c8a6f844c3 add ploop fs driver type
Ploop is a pseudo device which makeit possible to access
to an image in a file as a block device. Like loop devices,
but with additional features, like snapshots, write tracker
and without double-caching.

It used in PCS for containers and in OpenVZ. You can manage
ploop devices and images with ploop utility
(http://git.openvz.org/?p=ploop).

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2015-01-16 14:07:46 +01:00
Martin Kletzander
199390117c docs, schema, conf: Add support for PMU feature
Just a new feature that can be turned on/off.

https://bugzilla.redhat.com/show_bug.cgi?id=1178853

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-16 13:43:46 +01:00
Cédric Bosdonnat
a117652917 Use the network route definitions for domains 2015-01-16 10:14:03 +01:00
Cédric Bosdonnat
2fc7e4a25a Move network route definition to networkcommon.rng
Moving network route to the network common schema will allow reusing it.
2015-01-16 10:14:03 +01:00
Cédric Bosdonnat
4b47b4dc7a Fix ipv6 regex in RNG schemas to match '::' 2015-01-16 10:14:03 +01:00
Michal Privoznik
2b8090b701 formatdomaincaps: Correctly format API reference
Well, since the link to the virConnectGetDomainCapabilities API is in
<pre/> section we must take special care about the spaces around the
link.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
2015-01-13 16:31:14 +01:00
Martin Kletzander
adff345e1e qemu: Allow enabling/disabling features with host-passthrough
QEMU supports feature specification with -cpu host and we just skip
using that.  Since QEMU developers themselves would like to use this
feature, this patch modifies the code to work.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178850

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2015-01-13 08:51:01 +01:00
Michal Privoznik
241ab97d7e docs: Document some -boot option limitations on UEFI
It was brought to my attention that some -boot options may not
work with UEFI. For instance, rebootTimeout is very SeaBIOS
specific,splash logo is not implemented yet on OVMF, and so on.
We should document this limitation at least.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2015-01-12 14:32:17 +01:00
Stefan Berger
3a3b3691d1 nwfilter: Add support for icmpv6 filtering
Make use of the ebtables functionality to be able to filter certain
parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
type ranges, codes, and code ranges. Extend the nwfilter documentation,
schema, and test cases.

Being able to filter icmpv6 types and codes helps extending the DHCP
snooper for IPv6 and filtering at least some parameters of IPv6's NDP
(Neighbor Discovery Protocol) packets. However, the filtering will not
be as good as the filtering of ARP packets since we cannot
check on IP addresses in the payload of the NDP packets.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2015-01-07 11:41:49 -05:00
Cédric Bosdonnat
c9a641f1e5 Domain network devices can now have a <route> element
Network interfaces devices and host devices with net capabilities can
now have IPv4 and/or an IPv6 routes configured.
2015-01-05 20:24:17 +01:00
Cédric Bosdonnat
2811cc611e Allow network capabilities hostdev to configure IP addresses 2015-01-05 20:24:17 +01:00
Cédric Bosdonnat
aa2cc72100 Domain conf: allow more than one IP address for net devices
Add the possibility to have more than one IP address configured for a
domain network interface. IP addresses can also have a prefix to define
the corresponding netmask.
2015-01-05 20:24:04 +01:00
Martin Kletzander
d2632d60aa storage: unify permission formatting
Volume and pool formatting functions took different approaches to
unspecified uids/gids.  When unknown, it is always parsed as -1, but one
of the functions formatted it as unsigned int (wrong) and one as
int (better).  Due to that, our two of our XML files from tests cannot
be parsed on 32-bit machines.

RNG schema needs to be modified as well, but because both
storagepool.rng and storagevol.rng need same schema for permission
element, save some space by moving it to storagecommon.rng.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-16 15:47:56 +01:00
Daniel Veillard
d171cac6a5 Release of libvirt-1.2.11
- docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2014-12-13 10:43:56 +08:00
John Ferlan
8832e2d412 docs: Fix typo in path for storage pool 2014-12-10 06:56:35 -05:00
Hao Liu
0d60a03094 docs: Fix missing curly braces
Signed-off-by: Hao Liu <hliu@redhat.com>
2014-12-10 11:21:31 +01:00
Martin Kletzander
77a778d2e0 docs: Fix simple typo s/ a API/ an API/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-09 08:31:32 +01:00
Laine Stump
40961978ee conf: new network bridge device attribute macTableManager
The macTableManager attribute of a network's bridge subelement tells
libvirt how the bridge's MAC address table (used to determine the
egress port for packets) is managed. In the default mode, "kernel",
management is left to the kernel, which usually determines entries in
part by turning on promiscuous mode on all ports of the bridge,
flooding packets to all ports when the correct destination is unknown,
and adding/removing entries to the fdb as it sees incoming traffic
from particular MAC addresses.  In "libvirt" mode, libvirt turns off
learning and flooding on all the bridge ports connected to guest
domain interfaces, and adds/removes entries according to the MAC
addresses in the domain interface configurations. A side effect of
turning off learning and unicast_flood on the ports of a bridge is
that (with Linux kernel 3.17 and newer), the kernel can automatically
turn off promiscuous mode on one or more of the bridge's ports
(usually only the one interface that is used to connect the bridge to
the physical network). The result is better performance (because
packets aren't being flooded to all ports, and can be dropped earlier
when they are of no interest) and slightly better security (a guest
can still send out packets with a spoofed source MAC address, but will
only receive traffic intended for the guest interface's configured MAC
address).

The attribute looks like this in the configuration:

  <network>
    <name>test</name>
    <bridge name='br0' macTableManager='libvirt'/>
    ...

This patch only adds the config knob, documentation, and test
cases. The functionality behind this knob is added in later patches.
2014-12-08 14:41:37 -05:00
Christophe Fergeau
9f019d0cfd docs: Use gender-neutral pronoun in hacking.html.in
Use 'they' instead of 'he'.
2014-12-08 15:06:35 +01:00
Chen Fan
253319ced6 docs: network: fix some trivial typos in docs/formatnetwork.html
this patch fix some weird typos:
   1. < hostdev>     => <hostdev>
   2. < type>        => <type>
   3. <virtualport > => <virtualport>
   4. redundant comma
   5. missing right-half bracket

Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
2014-12-05 12:54:38 -05:00