libvirt-guests invokes functions in gettext.sh, so we need to
require gettext package in spec file.
Demo with the fix:
% rpm -q gettext
package gettext is not installed
% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
error: Failed dependencies:
gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64
* libvirt.spec.in
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=609463
The problem was that, since a bridge always acquires the MAC address
of the connected interface with the numerically lowest MAC, as guests
are started and stopped, it was possible for the MAC address to change
over time, and this change in the network was being detected by
Windows 7 (it sees the MAC of the default route change), so on each
reboot it would bring up a dialog box asking about this "new network".
The solution is to create a dummy tap interface with a MAC guaranteed
to be lower than any guest interface's MAC, and attach that tap to the
bridge as soon as it's created. Since all guest MAC addresses start
with 0xFE, we can just generate a MAC with the standard "0x52, 0x54,
0" prefix, and it's guaranteed to always win (physical interfaces are
never connected to these bridges, so we don't need to worry about
competing numerically with them).
Note that the dummy tap is never set to IFF_UP state - that's not
necessary in order for the bridge to take its MAC, and not setting it
to UP eliminates the clutter of having an (eg) "virbr0-nic" displayed
in the output of the ifconfig command.
I chose to not auto-generate the MAC address in the network XML
parser, as there are likely to be consumers of that API that don't
need or want to have a MAC address associated with the
bridge.
Instead, in bridge_driver.c when the network is being defined, if
there is no MAC, one is generated. To account for virtual network
configs that already exist when upgrading from an older version of
libvirt, I've added a %post script to the specfile that searches for
all network definitions in both the config directory
(/etc/libvirt/qemu/networks) and the state directory
(/var/lib/libvirt/network) that are missing a mac address, generates a
random address, and adds it to the config (and a matching address to
the state file, if there is one).
docs/formatnetwork.html.in: document <mac address.../>
docs/schemas/network.rng: add nac address to schema
libvirt.spec.in: %post script to update existing networks
src/conf/network_conf.[ch]: parse and format <mac address.../>
src/libvirt_private.syms: export a couple private symbols we need
src/network/bridge_driver.c:
auto-generate mac address when needed,
create dummy interface if mac address is present.
tests/networkxml2xmlin/isolated-network.xml
tests/networkxml2xmlin/routed-network.xml
tests/networkxml2xmlout/isolated-network.xml
tests/networkxml2xmlout/routed-network.xml: add mac address to some tests
The name convention of device mapper disk is different, and 'parted'
can't be used to delete a device mapper disk partition. e.g.
Name Path
-----------------------------------------
3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1
Error: Expecting a partition number.
This patch introduces 'dmsetup' to fix it.
Changes:
- New function "virIsDevMapperDevice" in "src/utils/utils.c"
- remove "is_dm_device" in "src/storage/parthelper.c", use
"virIsDevMapperDevice" instead.
- Requires "device-mapper" for 'with-storage-disk" in "libvirt.spec.in"
- Check "dmsetup" in 'configure.ac' for "with-storage-disk"
- Changes on "src/Makefile.am" to link against libdevmapper
- New entry for "virIsDevMapperDevice" in "src/libvirt_private.syms"
Changes from v1 to v3:
- s/virIsDeviceMapperDevice/virIsDevMapperDevice/g
- replace "virRun" with "virCommand"
- sort the list of util functions in "libvirt_private.syms"
- ATTRIBUTE_NONNULL(1) for virIsDevMapperDevice declaration.
e.g.
Name Path
-----------------------------------------
3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1
Vol /dev/mapper/3600a0b80005ad1d7000093604cae912fp1 deleted
Name Path
-----------------------------------------
* configure.ac docs/news.html.in libvirt.spec.in: bump version and add docs
* po/*.po*: updated Gujarati, Polish and Dutch localisations and regenerated
The logging functions are enhanced so that immediately prior to
the first log message being printed to any output channel, the
libvirt package version will be printed.
eg
$ LIBVIRT_DEBUG=1 virsh
18:13:28.013: 17536: info : libvirt version: 0.8.7
18:13:28.013: 17536: debug : virInitialize:361 : register drivers
...
The 'configure' script gains two new arguments which can be
used as
--with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
--with-packager-version="1.fc14"
to allow distros to append a custom string with package specific
data.
The RPM specfile is modified so that it appends the RPM version,
the build host, the build date and the packager name.
eg
$ LIBVIRT_DEBUG=1 virsh
18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
18:14:52.086: 17551: debug : virInitialize:361 : register drivers
Thus when distro packagers receive bug reports they can clearly
see what version was in use, even if the bug reporter mistakenly
or intentionally lies about version/builds
* src/util/logging.c: Output version data prior to first log message
* libvirt.spec.in: Include RPM release, date, hostname & packager
* configure.ac: Add --with-packager & --with-packager-version args
When I build libvirt without libvirtd, I receive some errors:
cp: cannot stat `/home/wency/rpmbuild/BUILDROOT/libvirt-0.8.6-1.el6.x86_64/etc/libvirt/qemu/networks/default.xml': No such file or directory
My build step:
# ./autogen.sh --without-libvirtd
# make dist
# rpmbuild --nodeps --define "_sourcedir `pwd`" --define "_without_libvirtd 1" -ba libvirt.spec
The reason is we disable network when we do not build libvirt daemon in configure.ac.
After fixing this bug, I build libvirt without libvirtd, I receive other errors:
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/share/doc/libvirt-0.8.6/html/32favicon.png
/usr/share/doc/libvirt-0.8.6/html/api.html
..
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
A number of the libvirt APIs require the use of cgroups. This is not
enabled by default on a RHEL6 install. After discussion with cgroups
team, it was decided that upon installation of the libvirt RPM, we
should automatically turn on the cgroups service. This will activate a
default configuration that turns on all cgroups controllers libvirt
requires for full operation.
https://bugzilla.redhat.com/show_bug.cgi?id=649511
Regression of forcing 0700 permissions (which breaks guest startup
because the qemu user can't see /var/lib/libvirt/*.monitor) was
introduced in commit 66823690e, as part of libvirt 0.8.2.
* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
since libvirt depends on libvirt-client.
(%files client): Guarantee 755 permissions on
%(_localstatedir}/lib/libvirt, since the qemu user must be able to
do pathname resolution to a subdirectory.
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.
This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).
# stap examples/systemtap/client.stp
Client fd=44 connected readonly=0
Client fd=44 auth polkit deny pid:24997,uid:500
Client fd=44 disconnected
Client fd=46 connected readonly=1
Client fd=46 auth sasl allow test
Client fd=46 disconnected
The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.
* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
Integrate with libaudit.so for auditing of important operations.
libvirtd gains a couple of config entries for auditing. By
default it will enable auditing, if its enabled on the host.
It can be configured to force exit if auditing is disabled
on the host. It will can also send audit messages via libvirt
internal logging API
Places requiring audit reporting can use the VIR_AUDIT
macro to report data. This is a no-op unless auditing is
enabled
* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
on mingw
* configure.ac: Add check for libaudit
* daemon/libvirtd.aug, daemon/libvirtd.conf,
daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
options to enable auditing
* include/libvirt/virterror.h, src/util/virterror.c: Add
VIR_FROM_AUDIT source
* libvirt.spec.in: Enable audit
* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
API for auditing messages
Vdsm needs to communicate with its guest agent via unix domain socket,
which qemu creates due to the following domain xml device:
<channel type='unix'>
<target type='virtio' name='com.redhat.rhevm.vdsm'/>
<source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
</channel>
The location of the socket below /var/lib/libvirt/qemu/channels makes
sense, to humans and selinux policy alike. However, that socket should
be accessible to vdsm, too.
Due to other (storage) reasons, vdsm is to join the "qemu" group. With
this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
socket.
The socket itself should be chmod'ed to allow qemu group read/write, but
that's for another project.
BZ#643407
--dhcp-no-override description from dnsmasq man page:
Disable re-use of the DHCP servername and filename fields as
extra option space. If it can, dnsmasq moves the boot server and
filename information (from dhcp-boot) out of their dedicated
fields into DHCP options. This make extra space available in the
DHCP packet for options but can, rarely, confuse old or broken
clients. This flag forces "simple and safe" behaviour to avoid
problems in such a case.
It seems some virtual network card ROMs are this old/buggy so let's add
--dhcp-no-override as a workaround for them. We don't use extra DHCP
options so this should be safe. The option was added in dnsmasq-2.41,
which becomes the minimum required version.
This patch removes the individual author names from the libvirtd and virsh
man pages, instead referring to the main AUTHORS file distributed with
libvirt. This approach is needed, as we can't guarantee unicode support
across all versions of pod2man used with libvirt.
Additionally, this patch includes the libvirtd man page in the spec file
used with "make rpm". Without this patch "make rpm" is broken.
Firstly, the init script has to touch its file under /var/lock/subsys
when started, otherwise the system would think it's not running and
won't stop it during shutdown.
Secondly, for some reason there is a policy to automatically enable
init scripts when they are installed, so let the specfile do this. We
also need to start the init script to ensure it will be stopped during
the first shutdown after installing the package.
Also $LISTFILE should be enclosed by quotes everywhere as suggested by
Eric.
This patch introduces a dependency on libnl, which subsequent patches
will then use.
Changes from V1 to V2:
- added diffstats
- following changes in tree
Example output during shutdown:
Running guests on default URI: console, rhel6-1, rhel5-64
Running guests on lxc:/// URI: lxc-shell
Running guests on xen:/// URI: error: no hypervisor driver available for xen:///
error: failed to connect to the hypervisor
Running guests on vbox+tcp://orkuz/system URI: no running guests.
Suspending guests on default URI...
Suspending console: done
Suspending rhel6-1: done
Suspending rhel5-64: done
Suspending guests on lxc:/// URI...
Suspending lxc-shell: error: Failed to save domain 9cba8bfb-56f4-6589-2d12-8a58c886dd3b state
error: this function is not supported by the hypervisor: virDomainManagedSave
Note, the "Suspending $guest: " shows progress during the suspend phase
if domjobinfo gives meaningful output.
Example output during boot:
Resuming guests on default URI...
Resuming guest rhel6-1: done
Resuming guest rhel5-64: done
Resuming guest console: done
Resuming guests on lxc:/// URI...
Resuming guest lxc-shell: already active
Configuration used for generating the examples above:
URIS='default lxc:/// xen:/// vbox+tcp://orkuz/system'
The script uses /var/lib/libvirt/libvirt-guests files to note all active
guest it should try to resume on next boot. It's content looks like:
default 7f8b9d93-30e1-f0b9-47a7-cb408482654b 085b4c95-5da2-e8e1-712f-6ea6a4156af2 fb4d8360-5305-df3a-2da1-07d682891b8c
lxc:/// 9cba8bfb-56f4-6589-2d12-8a58c886dd3b
Add ebtables,iptables & iptables-ipv6 dependency to rpm.
Changes from V1 to V2:
-passing --without-libpcap to configure script, if libpcap is not to be used
This includes various things:
- fix the Requires: libvirt-client to use %{name} to allow easy
renaming
- when building ESX support one need libcurl-devel
- remove Makefile[.in] from xml/nwfilter in the docs, as this breaks
parallel install ation of i686 and x86_64 packages
- don't include nwfilter config files if not building with the daemon
all relatively trivial which is why I packed them together
* libvirt.spec.in: fix various small bugs
use /var/lib/libvirt/dnsmasq since /var/lib/libvirt/network is
unreadable by the dnsmasq binary
* src/network/bridge_driver.c: update DNSMASQ_STATE_DIR
* src/Makefile.am: create it on make install
* libvirt.spec.in: take the new directory into account
To ensure that patches in the RPM don't break any functionality
it is neccessary to run the test suites during build. It currently
has 3 tests disabled
- daemon-conf: this is totally broken, since it relies on
being able to resolve the 'libvirt' group & being able to
resolve hostnames at daemon startup. This isn't possible
in a mock build root
- seclabeltest: fails to initialize selinux in the mock
build root. Possibly fixable
- nodeinfotest: broken on s390 + ppc - this is a real bug
* libvirt.spec.in: Add a %check section, with 3 tests
temporarily disabled
* configure.ac docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
updates for release of 0.8.0
* po/*.po po/libvirt.pot: updated a lar set of localizations, and merge
the messages
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.
* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
test usage.
* libvirt.spec.in (%post): Likewise.
* tools/virt-pki-validate.in (servercert.pem): Likewise.
* configure.ac (LOGNAME): Use test, not [, in files processed by
autoconf.
Detected by Matthias Bolte.
* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
* libvirt.spec.in: reference them from the rpm spec file to have them
available in the main libvirt package
Having a single logrotate configuration file for all hypervisors
did not work as logrotate would get confused if an hypervisor not
supported on that platform was still listed. Simplest is to split
the logrotate as separate per hypervisor files and change the
spec file to only install the ones compiled in.
* daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
daemon/libvirtd.uml.logrotate.in: copy and split the original
daemon/libvirtd.logrotate.in file
* daemon/Makefile.am: update to support the different files and
cleanup in sed suggested by Eric Blake
* libvirt.spec.in: only install the relevant logrotate configs
* daemon/.gitignore: update logrotate generated list
* configure.ac libvirt.spec.in: update with new version
* docs/news.html.in: add list of changes in 0.7.7
* po/*po*: updated spanish and russian localisations, rebuilt
Create the filesystem on the partition used by the pool
* configure.ac: check for mkfs availability
* libvirt.spec.in: add extra require on util-linux for mkfs
* src/storage/storage_backend_fs.c: run mkfs with the expected
fs type when creating a filesystem pool
Long ago we tried to use Fedora's lokkit utility in order to register
our iptables rules so that 'service iptables restart' would
automatically load our rules.
There was one fatal flaw - if the user had configured iptables without
lokkit, then we would clobber that configuration by running lokkit.
We quickly disabled lokkit support, but never removed it. Let's do
that now.
The 'my virtual network stops working when I restart iptables' still
remains. For all the background on this saga, see:
https://bugzilla.redhat.com/227011
* src/util/iptables.c: remove lokkit support
* configure.in: remove --enable-lokkit
* libvirt.spec.in: remove the dirs used only for saving rules for lokkit
* src/Makefile.am: ditto
* src/libvirt_private.syms, src/network/bridge_driver.c,
src/util/iptables.h: remove references to iptablesSaveRules
This introduces simple API for handling JSON data. There is
an internal data structure 'virJSONValuePtr' which stores a
arbitrary nested JSON value (number, string, array, object,
nul, etc). There are APIs for constructing/querying objects
and APIs for parsing/formatting string formatted JSON data.
This uses the YAJL library for parsing/formatting from
http://lloyd.github.com/yajl/
* src/util/json.h, src/util/json.c: Data structures and APIs
for representing JSON data, and parsing/formatting it
* configure.in: Add check for yajl library
* libvirt.spec.in: Add build requires for yajl
* src/Makefile.am: Add json.c/h
* src/libvirt_private.syms: Export JSON symbols to drivers
0.7.3 was broken
* configure.in docs/news.html.in: release of 0.7.4
* configure.in libvirt.spec.in: require netcf >= 0.1.4
* src/Makefile.am: node_device/node_device_udev.h was missing from
NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
udev
HAL has been deprecated since F12 and RHEL-6, so if building on
these platforms, switch on the udev driver instead
* libvirt.spec.in: Activate udev on F12/RHEL6
This patch adds the flag VIR_INTERFACE_XML_INACTIVE to
virInterfaceGetXMLDesc's flags. When it is*not* set (the default), the
live interface info will be returned in the XML (in particular, the IP
address(es) and netmask(s) will be retrieved by querying the interface
directly, rather than reporting what's in the config file). The
backend of this is in netcf's ncf_if_xml_state() function.
* configure.in libvirt.spec.in: requires netcf >= 0.1.3
* include/libvirt/libvirt.h.in: adds flag VIR_INTERFACE_XML_INACTIVE
* src/conf/interface_conf.c src/interface/netcf_driver.c src/libvirt.c:
update the parsing and backend routines accordingly
* tools/virsh.c: change interface edit to inactive definition and
adds the inactive flag for interface dump
There's a long known issue where if you install libvirt in a guest,
the default virtual network will conflict with the default virtual
network in the host.
That's one of the reasons we have the libvirt-client RPM - it allows
you to install the client library without having the host side
installed.
Rich Jones points out that if you install libvirt-devel in a guest,
then you get libvirtd installed and the network conflict:
https://bugzilla.redhat.com/531200
libvirt-devel should only require libvirt-client - e.g. nothing in
the devel package pertains to anything in the libvirt RPM. The Fedora
packaging guidelines say:
https://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages
Devel packages must require the base package using a fully versioned
dependency ...
But for all intents and purposes, libvirt-client is our base RPM.
* libvirt.spec.in: make libvirt-devel require libvirt-client
* src/lxc/lxc.conf: new configuration file, there is currently one
tunable "log_with_libvirtd" that controls whether an lxc controller will
log only to the container log file, or whether it will honor libvirtd's
log output configuration. This provides a way to have libvirtd and its
children log to a single file. The default is to log to the container
log file.
* src/Makefile.am libvirt.spec.in: add the new file
* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
from the configuration file and pass the log informations when
starting up a container.
Otherwise logrotate barfs:
error: error accessing /var/log/libvirt/uml: No such file or directory
error: libvirtd:1 glob failed for /var/log/libvirt/uml/*.log
error: found error in /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/libvirt/lxc/*.log , skipping
* qemud/Makefile.am: always create /var/log/libvirt/{lxc,uml} when
installing the logrotate conf; not ideal, but easier than making
the logrotate conf depend on which drivers are enabled
* Makefile.am: examples/domain-events/events-python should be added
to dist tarball
* libvirt.spec.in: there is no makefile in domain-events but in
domain-events/events-c and python/libvirtclass.txt has vanished
* docs/storage/: Move to examples/xml/storage/
* docs/test*.xml: Move to examples/xml/test/
* docs/Makefile.am: Remove example XML files from dist
* Makefile.am: Add examples/xml to EXTRA_DIST
* tests/virshtest.c: Update for moved test XML
* libvirt.spec.in: Include example XML files as docs
* tests/int-overflow: UPdate for moved XML
* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
and virt-pki-validate.1 to files list
* Makefile.am: Add examples/dominfo examples/domsuspend examples/python
as SUBDIRS
* configure.in: Update AC_OUTPUT for new/old Makefiles
* docs/Makefile.am: Remove examples from SUBDIRS
* docs/examples/info1.c: Move to examples/dominfo/info1.c
* docs/examples/suspend.c: Move to examples/domsuspend/suspend.c
* docs/examples: Remove all remaining files
* docs/examples/python: Moved to examples/python/
* examples/dominfo/Makefile.am, examples/domsuspend/Makefile.am: New
build files
* libvirt.spec.in: Update to take account of moved examples
Some architectures in certain RHEL versions do not include any
hypervisors. Update the specfile to allow those to easily build
a remote client only version of libvirt. ie no libvirtd related
bits at all.
* qemud/Makefile.am: Always instal SASL config since its needed
by client too
* libvirt.spec.in: Re-factor specfile conditionals to allow entire
server side build to be disabled easily, eg a remote client only
build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
do a client only build for all non-x86_64 archs. Enable LXC on
RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
more conditionals around dnsmasq/iptables/hal Requires tags.
Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
parted. Fix the device mapper BR for RHEL-5. Add conditional rules
for ESX build. Add conditional rules for SELinux + HAL builds.
Fix a mistaken %{with_qemu} to be %{with_network} when setting
up default network XML
lzop was removed due to some confusion over whether it provided functional
advantages distinct from xz. This has been addressed in the mailing list post
archived at http://permalink.gmane.org/gmane.comp.emulators.libvirt/16487, and
support for lzop is re-added here.
* libvirt.spec.in: add dependancy on lzop
* src/qemu.conf: update documentation of save_image_format
* src/qemu_driver.c: re-add lzop compression option
* src/qemu_driver.c: drop lzma and lzop images compression options
as they are deprecated by xz
* libvirt.spec.in: add requires for xz/bzip2/gzip as they are needed
to implement the compression options
Separate the guest created QEMU monitor socket location
from the libvirtd create XML / PID data files, to improve
security separation when running QEMU non-root
* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
* src/qemu_conf.h: Add libDir and cacheDir directory paths
* src/qemu_driver.c: Move QEMU monitor socket from
stateDir to libDir to avoid making security critical directory
accessible to QEMU guests.
* src/util.c: Delay running hook till after damonizing to
ensure pidfile is still written before changing UID/GID
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.
* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
files list
* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
policykit API
* libvirt.spec.in: deal with new policy install locations & deps
Allow qemu user to open kernel/initrds in this dir, but still prevent
others from listing it.
* libvirt.spec.in: set /var/lib/libvirt/boot perms to 0711
polkit was disabled by default for a reason - because we selectively
enable it on newer fedoras rather than disable it on older fedoras
Same fix needed for netcf
It's not needed at build time
Removed in Fedora by:
* Fri Jun 5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
- Remove the qemu BuildRequires
