Commit Graph

1933 Commits

Author SHA1 Message Date
Peter Krempa
994cc31444 audit: Add auditing for serial/parallel/channel/console character devs
Add startup auditing and also hotplug auditing for said devices.
2014-07-07 12:56:45 +02:00
Michele Paolino
14f71959b6 docs: formatdomain.html fixes
Fixed some XML tags in the formatdomain page.

Signed-off-by: Michele Paolino <m.paolino@virtualopensystems.com>
2014-07-04 18:28:39 +02:00
Michele Paolino
7ab2f81889 docs: Fix broken link in the HACKING page
The link to the page "how to get your code into an open source
project" has been fixed.

Signed-off-by: Michele Paolino <m.paolino@virtualopensystems.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-07-04 18:28:24 +02:00
John Ferlan
f1aa00b4e7 formatdomain: Fix issues found describing auth
Fix a couple of typos ('chap' should have been 'iscsi' and there was
a stray 'iqn.2013-07.com.example:iscsi-pool' entry.  Clean up the
description of the <auth> element for the disk
2014-07-03 17:39:15 -04:00
Michal Privoznik
614581f32b Introduce domain_capabilities
This new module holds and formats capabilities for emulator. If you
are about to create a new domain, you may want to know what is the
host or hypervisor capable of. To make sure we don't regress on the
XML, the formatting is not something left for each driver to
implement, rather there's general format function.

The domain capabilities is a lockable object (even though the locking
is not necessary yet) which uses reference counter.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-07-03 12:22:37 +02:00
Ján Tomko
058d89b9df Introduce virBufferCheckError
Check if the buffer is in error state and report an error if it is.

This replaces the pattern:
if (virBufferError(buf)) {
    virReportOOMError();
    goto cleanup;
}
with:

if (virBufferCheckError(buf) < 0)
    goto cleanup;

Document typical buffer usage to favor this.
Also remove the redundant FreeAndReset - if an error has
been set via virBufferSetError, the content is already freed.
2014-07-03 10:41:15 +02:00
Mike Perez
d950494129 qemu: Add cmd_per_lun, max_sectors to virtio-scsi
This introduces two new attributes "cmd_per_lun" and "max_sectors" same
with the names QEMU uses for virtio-scsi. An example of the XML:

<controller type='scsi' index='0' model='virtio-scsi' cmd_per_lun='50'
max_sectors='512'/>

The corresponding QEMU command line:

-device virtio-scsi-pci,id=scsi0,cmd_per_lun=50,max_sectors=512,
bus=pci.0,addr=0x3

Signed-off-by: Mike Perez <thingee@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-07-02 09:43:17 +02:00
Daniel Veillard
b083528e56 Release of libvirt-1.2.6 2014-07-02 13:50:18 +08:00
Eric Blake
9b291bbe20 docs: publish correct enum values
We publish libvirt-api.xml for others to use, and in fact, the
libvirt-python bindings use it to generate python constants that
correspond to our enum values.  However, we had an off-by-one bug
that any enum that relied on C's rules for implicit initialization
of the first enum member to 0 got listed in the xml as having a
value of 1 (and all later members of the enum were equally
botched).

The fix is simple - since we add one to the previous value when
encountering an enum without an initializer, the previous value
must start at -1 so that the first enum member is assigned 0.

The python generator code has had the off-by-one ever since DV
first wrote it years ago, but most of our public enums were immune
because they had an explicit = 0 initializer.  The only affected
enums are:
- virDomainEventGraphicsAddressType (such as
VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31e
(libvirt v0.8.0)
- virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW),
since commit 9fbaff0 (libvirt v1.2.3)
- virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit
03e0e79 (not yet released)

Thanks to Nehal J Wani for reporting the problem on IRC, and
for helping me zero in on the culprit function.

* docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum
values.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-26 15:25:05 -06:00
Laine Stump
69db5f921a interface: report link state for bonds and vlans too
The interface state for bonds and vlans does seem to reflect the state
of the underlying physical devices, at least in some cases, so it
makes sense to allow reporting it (netcf now does).

The link state/speed for bridge devices is meaningless though, so we
don't even look for it.
2014-06-20 11:43:19 +03:00
Laine Stump
a341fc731d interface: allow reordering of elements in xml
The interface xml schema was written with strict rules about the
ordering of the elements. This was never intentional, but just due to
omission of <interleave> in the appropriate places. This patch just
adds in <interleave> wherever there is more than one element, and
re-indents everything else appropriately.
2014-06-19 07:56:27 -06:00
Jincheng Miao
d98a60c225 docs: fix some typos in formatdomain.html
In section "Block / character devices" of "Host device assignment",
the description of hostdev element has some error:

For a block device, the type should be "storage", not "block";
For a character device, the type should be "misc", not "char".

Signed-off-by: Jincheng Miao <jmiao@redhat.com>
2014-06-19 07:54:09 -06:00
Michal Privoznik
02129b7c0e virCaps: expose pages info
There are two places where you'll find info on page sizes. The first
one is under <cpu/> element, where all supported pages sizes are
listed. Then the second one is under each <cell/> element which refers
to concrete NUMA node. At this place, the size of page's pool is
reported. So the capabilities XML looks something like this:

<capabilities>

  <host>
    <uuid>01281cda-f352-cb11-a9db-e905fe22010c</uuid>
    <cpu>
      <arch>x86_64</arch>
      <model>Westmere</model>
      <vendor>Intel</vendor>
      <topology sockets='1' cores='1' threads='1'/>
      ...
      <pages unit='KiB' size='4'/>
      <pages unit='KiB' size='2048'/>
      <pages unit='KiB' size='1048576'/>
    </cpu>
    ...
    <topology>
      <cells num='4'>
        <cell id='0'>
          <memory unit='KiB'>4054408</memory>
          <pages unit='KiB' size='4'>1013602</pages>
          <pages unit='KiB' size='2048'>3</pages>
          <pages unit='KiB' size='1048576'>1</pages>
          <distances/>
          <cpus num='1'>
            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
          </cpus>
        </cell>
        <cell id='1'>
          <memory unit='KiB'>4071072</memory>
          <pages unit='KiB' size='4'>1017768</pages>
          <pages unit='KiB' size='2048'>3</pages>
          <pages unit='KiB' size='1048576'>1</pages>
          <distances/>
          <cpus num='1'>
            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
          </cpus>
        </cell>
        ...
      </cells>
    </topology>
    ...
  </host>

  <guest/>

</capabilities>

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-19 15:10:49 +02:00
Eric Blake
b50e104923 blockjob: don't remove older-style mirror XML
Commit 7c6fc39 introduced a regression in the XML produced for older
clients.  The argument at the time was that clients shouldn't be
depending on output-only data for something that is only going to
be triggered for a transient guest; but John Ferlan reported that
the automated testsuite was such a client.  It's better to be safe
than sorry by guaranteeing back-compat cruft.  Note that later
patches will be using <mirror> for active block commit, but there
we don't have to worry about back-compat.

* src/conf/domain_conf.c (virDomainDiskDefFormat): Restore old
style output when necessary.
* docs/schemas/domaincommon.rng: Validate back-compat style.
* docs/formatdomain.html.in: Update the documentation.
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old.xml:
Update tests.
* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-16 13:48:00 -06:00
Michal Privoznik
16ebf10f34 nodedev: Introduce <pci-express/> to PCI devices
This new element is there to represent PCI-Express capabilities
of a PCI devices, like link speed, number of lanes, etc.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-16 17:40:49 +02:00
Michal Privoznik
0311ef3d65 node_device: Expose link state & speed
While exposing the info under <interface/> in previous patch works, it
may work only in cases where interface is configured on the host.
However, orchestrating application may want to know the link state and
speed even in that case. That's why we ought to expose this in nodedev
XML too:

virsh # nodedev-dumpxml net_eth0_f0_de_f1_2b_1b_f3
<device>
  <name>net_eth0_f0_de_f1_2b_1b_f3</name>
  <path>/sys/devices/pci0000:00/0000:00:19.0/net/eth0</path>
  <parent>pci_0000_00_19_0</parent>
  <capability type='net'>
    <interface>eth0</interface>
    <address>f0🇩🇪f1:2b:1b:f3</address>
    <link speed='1000' state='up'/>
    <capability type='80203'/>
  </capability>
</device>

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-11 10:59:39 +02:00
Michal Privoznik
3db89662c2 virInterface: Expose link state & speed
Currently it is not possible to determine the speed of an interface
and whether a link is actually detected from the API. Orchestrating
platforms want to be able to determine when the link has failed and
where multiple speeds may be available which one the interface is
actually connected at. This commit introduces an extension to our
interface XML (without implementation to interface driver backends):

  <interface type='ethernet' name='eth0'>
    <start mode='none'/>
    <mac address='aa:bb:cc:dd:ee:ff'/>
    <link speed='1000' state='up'/>
    <mtu size='1492'/>
    ...
  </interface>

Where @speed is negotiated link speed in Mbits per second, and state
is the current NIC state (can be one of the following:  "unknown",
"notpresent", "down", "lowerlayerdown","testing", "dormant", "up").

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-11 09:13:32 +02:00
Wangrui (K)
350f816a00 docs: fix a typo in hacking.html.in
Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-10 08:53:03 -06:00
Eric Blake
7c6fc3948e conf: alter disk mirror xml output
Now that we track a disk mirror as a virStorageSource, we might
as well update the XML to theoretically allow any type of
mirroring destination (not just a local file).  A later patch
will also be reusing <mirror> to track the block commit of the
top layer of a chain, which is another case where libvirt needs
to update the backing chain after the job is finally pivoted,
and since backing chains can have network backing files as the
destination to commit into, it makes more sense to display that
in the XML.

This patch changes output-only XML; it was already documented
that <mirror> does not affect a domain definition at this point
(because qemu doesn't provide persistent bitmaps yet).  Any
application that was starting a block copy job with older libvirt
and then relying on the domain XML to determine if it was
complete will no longer be able to access the file= and format=
attributes of mirror that were previously used.  However, this is
not going to be a problem in practice: the only time a block copy
job works is on a transient domain, and any app that is managing
a transient domain probably already does enough of its own
bookkeeping to know which file it is mirroring into without
having to re-read it from the libvirt XML.  The one thing that
was likely to be used in a mirroring job was the ready=
attribute, which is unchanged.  Meanwhile, I made sure the schema
and parser still accept the old format, even if we no longer
output it, so that upgrading from an older version of libvirt is
seamless.

* docs/schemas/domaincommon.rng (diskMirror): Alter definition.
* src/conf/domain_conf.c (virDomainDiskDefParseXML): Parse two
styles of mirror elements.
(virDomainDiskDefFormat): Output new style.
* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror-old.xml: New
file, copied from...
* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: ...here
before modernizing.
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old*: New
files.
* tests/qemuxml2xmltest.c (mymain): Test both styles.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-06-06 11:48:09 -06:00
Michal Privoznik
1c70277886 nodedev: Export NUMA node locality for PCI devices
A PCI device can be associated with a specific NUMA node. Later, when
a guest is pinned to one NUMA node the PCI device can be assigned on
different NUMA node. This makes DMA transfers travel across nodes and
thus results in suboptimal performance. We should expose the NUMA node
locality for PCI devices so management applications can make better
decisions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-06 15:10:57 +02:00
Martin Kletzander
3de462fe9a Remove unnecessary empty first lines
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-06-06 10:52:05 +02:00
Michal Privoznik
e9f4729a01 formatcaps: Rework and add stubs to document
At the moment we are missing even basic documentation on our
capabilities XML. Without demand on completeness, I'm
reorganizing the document structure and adding very basic
documentation to two major components of the capabilities XML.
These stubs are intended to be enhanced in the future.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-05 13:58:19 +02:00
Michal Privoznik
8ba0a58f8d virCaps: Expose distance between host NUMA nodes
If user or management application wants to create a guest,
it may be useful to know the cost of internode latencies
before the guest resources are pinned. For example:

<capabilities>

  <host>
    ...
    <topology>
      <cells num='2'>
        <cell id='0'>
          <memory unit='KiB'>4004132</memory>
          <distances>
            <sibling id='0' value='10'/>
            <sibling id='1' value='20'/>
          </distances>
          <cpus num='2'>
            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
            <cpu id='2' socket_id='0' core_id='2' siblings='2'/>
          </cpus>
        </cell>
        <cell id='1'>
          <memory unit='KiB'>4030064</memory>
          <distances>
            <sibling id='0' value='20'/>
            <sibling id='1' value='10'/>
          </distances>
          <cpus num='2'>
            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
            <cpu id='3' socket_id='0' core_id='2' siblings='3'/>
          </cpus>
        </cell>
      </cells>
    </topology>
    ...
  </host>
  ...
</capabilities>

We can see the distance from node1 to node0 is 20 and within nodes 10.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-06-04 09:35:55 +02:00
Daniel Veillard
e604b59d79 Release of libvirt-1.2.5
* docs/news.html.in: update for release
* po/*.po*: updated ukrainian localization and regenerated
2014-06-02 09:47:05 +08:00
Roman Bogorodskiy
ca50df8eec docs: bhyve driver documentation improvements
- Document 'domxml-to-native' command
- Mention that the nmdm console support needs an appropriate
  kernel module loaded
2014-06-01 20:36:13 +04:00
Olivia Yin
61b1c681e0 change machine name ppce500v2 to ppce500
ppce500v2 is not machine supported by official release of QEMU.
It should be replaced by ppce500.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-05-27 08:48:57 +02:00
Ján Tomko
00622f3be1 docs: add a serial device with a seclabel example 2014-05-19 08:47:03 +02:00
Michal Privoznik
0f1a0fff0e apibuild: Disallow 'returns' return description
Our documentation generator is a bit messy, to say the least. For
instance, the description to return values of a function is
searched within C comment. Currently, all lines that start with
'returns' or 'Returns' are viewed as return value description.
However, there are some valid uses where the 'returns' word is in
the middle of a sentence describing function behavior not the
return value. And there are no places where 'returns' is used to
describe return values.  For instance:
virDomainDetachDeviceFlags, virConnectNetworkEventRegisterAny and
virDomainGetDiskErrors. This leads to HTML documemtation being
generated incorrectly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-05-13 08:51:11 +02:00
James Shubin
4fddfeefaf docs: mention vagrant-libvirt in apps.html
Doc patch for apps.html as per: http://libvirt.org/apps.html#add

Disclaimer: I've contributed patches to the project that this commit
adds.

Vagrant-Libvirt is an excellent way to use vagrant with libvirt. This
way you can benefit from the vagrant features, while not loosing access
to the familiar (and useful) tools such as virsh and virt-manager.

Development currently at:

https://github.com/pradels/vagrant-libvirt/

although recent contributors include:

https://github.com/sciurus/vagrant-libvirt/

and:

https://github.com/purpleidea/vagrant-libvirt/

see git log for more details.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-05-12 15:50:59 -06:00
Chunyan Liu
99f50208c9 update documentation of <interface type='hostdev'>
<interface type='hostdev' managed='yes'> is supported, but
nowhere mentions 'managed' in <interface type='hostdev'> syntax.
Update documentation to cover it.

Signed-off-by: Chunyan Liu <cyliu@suse.com>
2014-05-12 14:52:50 -06:00
Chen Hanxiao
4ae8369a4b docs: fix a typo in formatdomain
s/virual/virtual

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2014-05-06 06:58:44 +02:00
Martin Kletzander
6d105946a9 typos: fix s/it/is/ where applicable
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-05-05 11:49:36 +02:00
Daniel Veillard
791fb3f668 Release of libvirt-1.2.4
* docs/news.html.in libvirt.spec.in: updates for release
* po/*.po*: fetched new localization and regenerated
2014-05-04 14:41:29 +08:00
Chen Hanxiao
6c19f0de49 docs: update docs for setting the QEMU BIOS path
commit ddf2dfa1f7
provided a way to determine which bios files to use.
But we need to update related docs.

disccussed at:
http://www.redhat.com/archives/libvir-list/2012-June/msg01286.html

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-04-29 10:18:12 +02:00
Roman Bogorodskiy
6d0a617568 docs: document nmdm type console
* Add nmdm type device to domain format documnetation
* Add a section about nmdm console usage to the bhyve driver
  documentation
2014-04-24 19:57:11 +04:00
Jiri Denemark
a2e369bc00 conf: Output disk backing store details in domain XML
The XML for quite a longish backing chain is shown below:

  <disk type='network' device='disk'>
    <driver name='qemu' type='qcow2'/>
    <source protocol='nbd' name='bar'>
      <host transport='unix' socket='/var/run/nbdsock'/>
    </source>
    <backingStore type='block' index='1'>
      <format type='qcow2'/>
      <source dev='/dev/HostVG/QEMUGuest1'/>
      <backingStore type='file' index='2'>
        <format type='qcow2'/>
        <source file='/tmp/image2.qcow'/>
        <backingStore type='file' index='3'>
          <format type='qcow2'/>
          <source file='/tmp/image3.qcow'/>
          <backingStore type='file' index='4'>
            <format type='qcow2'/>
            <source file='/tmp/image4.qcow'/>
            <backingStore type='file' index='5'>
              <format type='qcow2'/>
              <source file='/tmp/image5.qcow'/>
              <backingStore type='file' index='6'>
                <format type='raw'/>
                <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/>
                <backingStore/>
              </backingStore>
            </backingStore>
          </backingStore>
        </backingStore>
      </backingStore>
    </backingStore>
    <target dev='vdb' bus='virtio'/>
  </disk>

Various disk types and formats can be mixed in one chain. The
<backingStore/> empty element marks the end of the backing chain and it
is there mostly for future support of parsing the chain provided by a
user. If it's missing, we are supposed to probe for the rest of the
chain ourselves, otherwise complete chain was provided by the user. The
index attributes of backingStore elements can be used to unambiguously
identify a specific part of the image chain.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-24 16:06:13 +02:00
Nehal J Wani
3d5c29a17c Fix typos in src/*
Fix minor typos in source comments

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-21 16:49:08 -06:00
Laine Stump
668bf07f2c docs: document that vfio is default for hostdev networks too
When the default was changed from kvm to vfio, the documentation for
hostdev and interface was changed, but the documentation in <network>
was forgotten.

Also document when the default was changed from "always kvm" to "vfio
if available, else kvm" (1.0.5).
2014-04-18 16:42:04 +03:00
Eric Blake
8fb446754d conf: fix omission of <driver> in domain dumpxml
I noticed that depending on the <driver> attributes the user passed
in, the output may omit the <driver> element altogether.  For example,
the rerror_policy has had this problem since commit 4bb4109 in Oct
2011.  But in adding testsuite coverage to expose it, I found another
problem: the C code is just fine without a driver name, but the
XML validator required either a name or a cache mode.

* src/conf/domain_conf.c (virDomainDiskDefFormat): Update
conditional.
* docs/schemas/domaincommon.rng (diskDriver): Simplify.
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.xml:
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args:
New files.
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
Enhance test.
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
Likewise.
* tests/qemuxml2argvtest.c (mymain): New test.
* tests/qemuxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-16 10:49:07 +02:00
Eric Blake
fec1a93927 conf: split <disk> schema into more pieces
To make <disk> schema more maintainable and to allow for moving the
pieces to a common file in the future. It relies on the ability to
override definitions as part of an include, set up in the previous
patch.

The diff is a bit hard to read, because it mixes reindentation
with refactoring; 'git diff -b --patience' may help.

* docs/schemas/domaincommon.rng (disk): Refactor into pieces.
(diskSource, diskSourceFile, diskSourceBlock, diskSourceDir)
(diskSourceVolume: New defines.
(diskSourceNetwork): Revise scope.
* docs/schemas/domainsnapshot.rng (disksnapshot): Adjust.
* tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml,
tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml: New
tests to check seclabel is forbidden in domain snapshot by schema.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-16 10:45:55 +02:00
Eric Blake
369cdfa8f5 conf: set up for per-grammar overrides in schemas
This patch is my first experience playing with nested grammars,
as documented in http://relaxng.org/tutorial-20011203.html#IDA3PZR.
I plan on doing more overrides in order to make the RelaxNG
grammar mirror the C code refactoring into a common
virStorageSource, but where different clients of that source do
not support the same subset of functionality.  By starting with
something fairly easy to validate, I can make sure my later
patches will be possible.

This patch adds a use of the no-op <ref
name='sourceStartupPolicy'/> to the disksnapshot definition, so
that the snapshot version of a type='file' <source> more closely
resembles the version in domaincommon.  A future patch will merge
the two files into using a common define, but this patch is
sufficient for testing that adding <source
startupPolicy='optional'/> in any of the
tests/domainsnapshotxml2xmlin/*.xml files still gets rejected
unless it occurs within the <domain> subelement, because the
definition of startupPolicy is empty outside of domain.rng.

* docs/schemas/storagecommon.rng (storageStartupPolicy)
(storageSourceExtra): Create no-op defaults.
* docs/schemas/domainsnapshot.rng (domain): Use nested grammar
to avoid restricting <domain>.
(storageSourceExtra): Create new override.
(disksnapshot): Access overrides through common names.
* docs/schemas/domaincommon.rng (disk): Access overrides through
common names.
* docs/schemas/domain.rng (storageStartupPolicy)
(storageSourceExtra): Create new overrides.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-15 21:07:59 +02:00
Eric Blake
db7d7c0ee8 conf: restrict external snapshots to backing store formats
Domain snapshots should only permit an external snapshot into
a storage format that permits a backing chain, since the new
snapshot file necessarily must be backed by the existing file.
The C code for the qemu driver is a little bit stricter in
currently enforcing only qcow2 or qed, but at the XML parser
level, including virt-xml-validate, it is fairly easy to
enforce that a user can't request a 'raw' external snapshot.

* docs/schemas/storagecommon.rng (storageFormat): Split out...
(storageFormatBacking): ...new sublist.
* docs/schemas/domainsnapshot.rng (disksnapshotdriver): Use new
type.
* src/util/virstoragefile.h (virStorageFileFormat): Rearrange for
easier code management.
* src/util/virstoragefile.c (virStorageFileFormat, fileTypeInfo):
Likewise.
* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML): Use
new marker to limit selection of formats.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2014-04-15 13:57:15 +02:00
Eric Blake
4f596a070d conf: move storage formats to common RNG file
We had incomplete RelaxNG support for storage formats listed
in virstoragefile.h: commit 027bf2e added 'vdi' but forgot
to update the <volume> and <domain> xml lists; the <volume>
list was also missing 'fat' and 'vhd'.  Maintaining two lists
is a recipe for them getting out of sync, so make the list
common so that both contexts benefit the next time we add a
format in a single location.

* docs/schemas/domaincommon.rng (storageFormat): Move...
* docs/schemas/storagecommon.rng: ...here, and add vdi.
* docs/schemas/storagevol.rng (formatfile): Use common list.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-15 13:15:11 +02:00
Eric Blake
a9efe2d70c conf: better <disk> interleaving in schema
In general, we try to make virt-xml-validate tolerant of input
elements in any order when possible.  However, as written, the
RNG grammar did not permit <source> unless there was an explicit
type= attribute (even though the C code manages just fine by
defaulting to type='file').  After making the attribute optional
on the 'file' branch, I noticed that the use of diskspec was now
redundant with the branch when no <source> was supplied.

View this patch with 'git diff -b' for a better picture of the
schema change.

* docs/schemas/domaincommon.rng (disk): Hoist 'diskspec' out of
choice, make type='file' default, and still preserve interleave.
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool.xml:
* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
New files.
* tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
Reorder XML.
* tests/qemuxml2xmltest.c (mymain): Cover new files.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-15 11:45:02 +02:00
Eric Blake
110c0db88c conf: create common storage RNG grammar file
Having two tiny files with a couple definitions didn't make
as much sense as one common file, especially since I plan to
add more definitions and use it in more places.

* docs/schemas/storageencryption.rng: Merge this...
* docs/schemas/storagefilefeatures.rng: ...and this, into...
* docs/schemas/storagecommon.rng: ...this new file.
* docs/schemas/Makefile.am (schema_DATA): Reflect renames.
* docs/schemas/storagevol.rng: Likewise.
* docs/schemas/domaincommon.rng: Likewise.
* libvirt.spec.in: Likewise.
* mingw-libvirt.spec.in: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-04-14 07:07:01 -06:00
Daniel Veillard
c53663ccdb Release of libvirt-1.2.3
* docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull updated translations and regenerate
2014-04-01 15:29:53 +08:00
Peter Krempa
0f6c50b9b6 gluster: Fix "key" attribute for gluster volumes
According to our documentation the "key" value has the following
meaning: "Providing an identifier for the volume which identifies a
single volume." The currently used keys for gluster volumes consist of
the gluster volume name and file path. This can't be considered unique
as a different storage server can serve a volume with the same name.

Unfortunately I wasn't able to figure out a way to retrieve the gluster
volume UUID which would avoid the possibility of having two distinct
keys identifying a single volume.

Use the full URI as the key for the volume to avoid the more critical
ambiguity problem and document the possible change to UUID.
2014-04-01 08:44:34 +02:00
Hongwei Bi
b2ed4f68b4 util: fix a typo in virprocess.c and docs
s/forcably/forcibly

Signed-off-by: Hongwei Bi <hwbi2008@gmail.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-27 06:58:46 -06:00
Jean-Baptiste Rouault
03c96787c2 docs: cgroups: fix typo about LXC cgroups 2014-03-27 06:52:20 -06:00
Francesco Romani
85a3eb8a6d qemu: export disk snapshot support in capabilities
This patch adds an element to QEMU's capability XML, to
show if the underlying QEMU binary supports the live disk
snapshotting or not.
This allows any client to know ahead of time if the feature
is available.

Without this information available, the only way to check
for the snapshot support is to request one and check for
errors.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2014-03-26 13:41:25 +01:00
Ján Tomko
9af14dadf6 Add a rule for indenting labels
Indent top-level labels by one space.

Add the rule to HACKING and enforce it by syntax-check.
2014-03-25 14:58:41 +01:00
Martin Kletzander
95aed7febc Use K&R style for curly braces in remaining files
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-20 17:27:17 +01:00
Daniel P. Berrange
c0c8c1d7bb Remove global log buffer feature entirely
A earlier commit changed the global log buffer so that it only
records messages that are explicitly requested via the log
filters setting. This removes the performance burden, and
improves the signal/noise ratio for messages in the global
buffer. At the same time though, it is somewhat pointless, since
all the recorded log messages are already going to be sent to an
explicit log output like syslog, stderr or the journal. The
global log buffer is thus just duplicating this data on stderr
upon crash.

The log_buffer_size config parameter is left in the augeas
lens to prevent breakage for users on upgrade. It is however
completely ignored hereafter.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Daniel P. Berrange
2835c1e730 Add virLogSource variables to all source files
Any source file which calls the logging APIs now needs
to have a VIR_LOG_INIT("source.name") declaration at
the start of the file. This provides a static variable
of the virLogSource type.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-18 14:29:22 +00:00
Stefan Berger
a81756f1ff nwfilter: Add ARP src/dst IP mask for ebtables ARP
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887

Add a netmask for the source and destination IP address for the
ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML
parser with support for XML attributes for these netmasks similar
to already supported netmasks. Extend the documentation.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2014-03-13 18:30:09 -04:00
Martin Kletzander
55d444bc01 docs: add VMmanager to web apps
This is a request for adding a VMmanager application as requested and
described by Ksenya Phil.

Signed-off-by: Ksenya Phil <philka2003@mail.ru>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-03-13 06:54:56 +01:00
Chunyan Liu
98c5c53d69 add hostdev pci backend type for xen
Add VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN. For legacy xen, it will use "pciback" as
stub driver.
2014-03-12 17:03:23 +00:00
Peter Krempa
aa50a5c727 doc: storage: Explicitly state that it's possible to have non-unique key
With most of our storage backends it's possible to have two separate
volume keys to point to a single volume. (By creating sym/hard-links to
local files or by mounting remote filesystems to two different locations
and creating pools on top of them) Document this possibility.
2014-03-05 09:51:24 +01:00
Eric Blake
b9dd878ff8 util: make it easier to grab only regular command exit
Auditing all callers of virCommandRun and virCommandWait that
passed a non-NULL pointer for exit status turned up some
interesting observations.  Many callers were merely passing
a pointer to avoid the overall command dying, but without
caring what the exit status was - but these callers would
be better off treating a child death by signal as an abnormal
exit.  Other callers were actually acting on the status, but
not all of them remembered to filter by WIFEXITED and convert
with WEXITSTATUS; depending on the platform, this can result
in a status being reported as 256 times too big.  And among
those that correctly parse the output, it gets rather verbose.
Finally, there were the callers that explicitly checked that
the status was 0, and gave their own message, but with fewer
details than what virCommand gives for free.

So the best idea is to move the complexity out of callers and
into virCommand - by default, we return the actual exit status
already cleaned through WEXITSTATUS and treat signals as a
failed command; but the few callers that care can ask for raw
status and act on it themselves.

* src/util/vircommand.h (virCommandRawStatus): New prototype.
* src/libvirt_private.syms (util/command.h): Export it.
* docs/internals/command.html.in: Document it.
* src/util/vircommand.c (virCommandRawStatus): New function.
(virCommandWait): Adjust semantics.
* tests/commandtest.c (test1): Test it.
* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
Likewise.
* src/fdstream.c (virFDStreamCloseInt): Likewise.
* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
Likewise.
* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
* tests/reconnect.c (mymain): Likewise.
* tests/statstest.c (mymain): Likewise.
* src/bhyve/bhyve_process.c (virBhyveProcessStart)
(virBhyveProcessStop): Don't overwrite virCommand error.
* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
(openvzDomainSetBarrierLimit): Likewise.
* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
message.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
* src/storage/storage_backend_iscsi.c
(virStorageBackendISCSINodeUpdate): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-03-03 12:40:32 -07:00
Roman Bogorodskiy
da78406e64 docs: typo fix
* drvuml.html.in: (connected) s/toa PTY/to a PTY/
2014-03-03 17:41:26 +04:00
Daniel P. Berrange
36ff4ed1ec Generate a unique journald log for QEMU capabilities failure
When probing QEMU capabilities fails for a binary generate a
log message with MESSAGE_ID==8ae2f3fb-2dbe-498e-8fbd-012d40afa361.

This can be directly queried from journald based on the UUID
instead of needing string grep. This lets tools like libguestfs'
bug reporting tool trivially do automated sanity tests on the
host they're running on.

 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361
 Feb 21 17:11:01 localhost.localdomain lt-libvirtd[9196]:
 Failed to probe capabilities for /bin/qemu-system-alpha:
 internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=
 /home/berrange/src/virt/libvirt/src/.libs PATH=/usr/lib64/
 ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:
 /usr/bin:/root/bin HOME=/root USER=root LOGNAME=root
 /bin/qemu-system-alpha -help) unexpected exit status 127:
 /bin/qemu-system-alpha: error while loading shared libraries:
 libglapi.so.0: cannot open shared object file: No such file
 or directory

 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
 { ...snip...
  "LIBVIRT_SOURCE" : "file",
  "PRIORITY" : "3",
  "CODE_FILE" : "qemu/qemu_capabilities.c",
  "CODE_LINE" : "2770",
  "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
  "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
  "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
  "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:
   internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange
   /src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:
   /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root
   USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected
   exit status 127: /bin/qemu-system-xtensa: error while loading shared
   libraries: libglapi.so.0: cannot open shared object file: No such
    file or directory\n" }

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-03-03 11:42:37 +00:00
Daniel Veillard
e8684eb541 Release of libvirt-1.2.2
- docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localization and merge
2014-03-02 23:09:45 +08:00
Roman Bogorodskiy
e2d85e6fa1 bhyve: add basic documentation 2014-03-01 23:44:58 +04:00
Daniel P. Berrange
0915053e97 Include error domain and code in log messages from errors
When a virError is raised, pass the error domain and code
onto the systemd journald using metadata fields.

This allows error messages to be queried by code eg

  $ journalctl LIBVIRT_CODE=43

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:38:46 +00:00
Daniel P. Berrange
c6cae57098 Add docs about use of systemd journal for logging
Document the various fields that libvirt will emit for
journal log records.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:38:44 +00:00
Daniel P. Berrange
a9bcd60e31 Auto-generate the table of contents in logging doc
The logging doc had a hand-written table of contents
instead of using the automatic XSL generated one.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:37:38 +00:00
Daniel P. Berrange
e86ee41bc1 Fix heading level in logging docs
The logging docs went straight from <h1> to <h3> header level,
skipping out <h2>.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-28 17:37:38 +00:00
Ján Tomko
1984540206 Document the keyboard as a valid input type
Commit bc18373 added a new input type, but didn't change the
documentation.
2014-02-24 18:55:00 +01:00
John Ferlan
7eb37a0d65 bandwidth: Adjust documentation
Recent autotest/virt-test testing on f20 discovered an anomaly in how
the bandwidth options are documented and used. This was discovered due
to a bug fix in the /sbin/tc utility found in iproute-3.11.0.1 (on f20)
in which overflow was actually caught and returned as an error. The fix
was first introduced in iproute-3.10 (search on iproute2 commit 'a303853e').

The autotest/virt-test test for virsh domiftune was attempting to send
the largest unsigned integer value (4294967295) for maximum value
testing. The libvirt xml implementation was designed to manage values
in kilobytes thus when this value was passed to /sbin/tc, it (now)
properly rejected the 4294967295kbps value.

Investigation of the problem discovered that formatdomain.html.in and
formatnetwork.html.in described the elements and property types slightly
differently, although they use the same code - virNetDevBandwidthParseRate()
(shared by portgroups, domains, and networks xml parsers). Rather than
have the descriptions in two places, this patch will combine and reword
the description under formatnetwork.html.in and have formatdomain.html.in
link to that description.

This documentation faux pas was continued into the virsh man page where
the bandwidth description for both 'attach-interface' and 'domiftune'
did not indicate the format of each value, thus leading to the test using
largest unsigned integer value assuming "bps" rather than "kbps", which
ultimately was wrong.
2014-02-20 14:53:36 -05:00
Daniel P. Berrange
590029f672 Introduce new OOM testing support
The previous OOM testing support would re-run the entire "main"
method each iteration, failing a different malloc each time.
When a test suite has 'n' allocations, the number of repeats
requires is  (n * (n + 1) ) / 2.  This gets very large, very
quickly.

This new OOM testing support instead integrates at the
virtTestRun level, so each individual test case gets repeated,
instead of the entire test suite. This means the values of
'n' are orders of magnitude smaller.

The simple usage is

   $ VIR_TEST_OOM=1 ./qemuxml2argvtest
   ...
   29) QEMU XML-2-ARGV clock-utc                                         ... OK
       Test OOM for nalloc=36 .................................... OK
   30) QEMU XML-2-ARGV clock-localtime                                   ... OK
       Test OOM for nalloc=36 .................................... OK
   31) QEMU XML-2-ARGV clock-france                                      ... OK
       Test OOM for nalloc=38 ...................................... OK
   ...

the second lines reports how many mallocs have to be failed, and thus
how many repeats of the test will be run.

If it crashes, then running under valgrind will often show the problem

  $ VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest

When debugging problems it is also helpful to select an individual
test case

  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest

When things get really tricky, it is possible to request that just
specific allocs are failed. eg to fail allocs 5 -> 12, use

  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-12 ../run valgrind ./qemuxml2argvtest

In the worse case, you might want to know the stack trace of the
alloc which was failed then VIR_TEST_OOM_TRACE can be set. If it
is set to 1 then it will only print if it thinks a mistake happened.
This is often not reliable, so setting it to 2 will make it print
the stack trace for every alloc that is failed.

  $ VIR_TEST_OOM_TRACE=2 VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-5 ../run valgrind ./qemuxml2argvtest
  30) QEMU XML-2-ARGV clock-localtime                                   ... OK
      Test OOM for nalloc=36 !virAllocN
  /home/berrange/src/virt/libvirt/src/util/viralloc.c:180
  virHashCreateFull
  /home/berrange/src/virt/libvirt/src/util/virhash.c:144
  virDomainDefParseXML
  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11745
  virDomainDefParseNode
  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12646
  virDomainDefParse
  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12590
  testCompareXMLToArgvFiles
  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:106
  virtTestRun
  /home/berrange/src/virt/libvirt/tests/testutils.c:250
  mymain
  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:418 (discriminator 2)
  virtTestMain
  /home/berrange/src/virt/libvirt/tests/testutils.c:750
  ??
  ??:0
  _start
  ??:?
   FAILED

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-20 15:36:10 +00:00
Li Zhang
bc18373391 conf: Add keyboard input device type
There is no keyboard support currently in libvirt.

For some platforms (PPC64 QEMU) this makes graphics unusable,
since the keyboard is not implicit and it can't be added via libvirt.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-02-19 09:16:31 +01:00
Michal Privoznik
f1ab06e43d network: Introduce network hooks
There might be some use cases, where user wants to prepare the host or
its environment prior to starting a network and do some cleanup after
the network has been shut down. Consider all the functionality that
libvirt doesn't currently have as an example what a hook script can
possibly do.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-02-18 14:46:49 +01:00
Ján Tomko
032f0d5b3d docs: remove <auth> from secret XML format
This belongs to the pool definition.
2014-02-14 16:47:14 +01:00
Peter Krempa
3cf074ee40 qemu: snapshot: Add support for external active snapshots on gluster
Add support for gluster backed images as sources for snapshots in the
qemu driver. This will also simplify adding further network backed
volumes as sources for snapshot in case qemu will support them.
2014-02-14 11:07:29 +01:00
Cédric Bosdonnat
f4b28d5c8a LXC: added some doc on domxml-from-native with mention of limitations 2014-02-12 17:52:47 +00:00
Martin Kletzander
5b189541ac conf: introduce spiceport chardev backend
Add a new character device backend called 'spiceport' that uses
spice's channel for communications and apart from spicevmc can be used
as a backend for any character device from libvirt's point of view.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-02-11 13:43:55 +01:00
Chen Hanxiao
b95fde2cf7 docs: grammar fixes in formatdomain
Some grammar fixes.

s/namespace,set/namespace, set
s/container being allowed/container are allowed
s/the <code>uid/The <code>uid

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2014-02-10 14:14:43 -07:00
Peter Krempa
600bca592b qemu: hyperv: Add support for timer enlightenments
Add a new <timer> for the HyperV reference time counter enlightenment
and the iTSC reference page for Windows guests.

This feature provides a paravirtual approach to track timer events for
the guest (similar to kvmclock) with the option to use real hardware
clock on systems with a iTSC with compensation across various hosts.
2014-02-10 11:30:10 +01:00
Peter Krempa
bbd392ff86 schema: Fix guest timer specification schema according to the docs
According to the documentation describing various tunables for domain
timers not all the fields are supported by all the driver types. Express
these in the RNG:

- rtc, platform: Only these support the "track" attribute.
- tsc: only one to support "frequency" and "mode" attributes
- hpet, pit: tickpolicy/catchup attribute/element
- kvmclock: no extra attributes are supported

Additionally the attributes of the <catchup> element for
tickpolicy='catchup' are optional according to the parsing code. Express
this in the XML and fix a spurious space added while formatting the
<catchup> element and add tests for it.
2014-02-10 11:09:14 +01:00
Laine Stump
eafb53fec2 network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks
https://bugzilla.redhat.com/show_bug.cgi?id=1057321

pointed out that we weren't honoring the <bandwidth> element in
libvirt networks using <forward mode='bridge'/>. In fact, these
networks are just a method of giving a libvirt network name to an
existing Linux host bridge on the system, and libvirt doesn't have
enough information to know where to set such limits. We are working on
a method of supporting network bandwidths for some specific cases of
<forward mode='bridge'/>, but currently libvirt doesn't support it. So
the proper thing to do now is just log an error when someone tries to
put a <bandwidth> element in that type of network. (It's unclear if we
will be able to do proper bandwidth limiting for macvtap networks, and
most definitely we will not be able to support it for hostdev
networks).

While looking through the network XML documentation and comparing it
to the networkValidate function, I noticed that we also ignore the
presence of a mac address in the config in the same cases, rather than
failing so that the user will understand that their desired action has
not been taken.

This patch updates networkValidate() (which is called any time a
persistent network is defined, or a transient network created) to log
an error and fail if it finds either a <bandwidth> or <mac> element
and the network forward mode is anything except 'route'. 'nat', or
nothing. (Yes, neither of those elements is acceptable for any macvtap
mode, nor for a hostdev network).

NB: This does *not* cause failure to start any existing network that
contains one of those elements, so someone might have erroneously
defined such a network in the past, and that network will continue to
function unmodified. I considered it too disruptive to suddenly break
working configs on the next reboot after a libvirt upgrade.
2014-02-05 15:04:58 +02:00
Justin Clift
a6992f600b Fix minor typo in governance doc
While at it, also relinquish active commit rights:
[x years between commits] is probably a poster child example of inactivity :)

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-02-04 10:43:15 -07:00
Daniel P. Berrange
e45b07314e Write up the project governance process
The project has historically operated as a meritocratic
consensus based community. Formally document what has
always been an unwritten assumption amongst the community
participants. Also include an explicit code of conduct
to preempt any potential, but unlikely, future problems.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-02-04 11:27:45 +00:00
Pavel Hrdina
fb321a009f docs/page.xls: remove unnecessary namespace attribute
It breaks the build on RHEL-5.10 and because it's only optional we
could remove it from the code. The default namespace will be used.
This hunk was introduced by commit 237a088ba4.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2014-01-30 15:37:38 +01:00
Osier Yang
fd243fc4ad qemu: Don't fail if the SCSI host device is shareable between domains
It doesn't make sense to fail if the SCSI host device is specified
as "shareable" explicitly between domains (NB, it works if and only
if the device is specified as "shareable" for *all* domains,
otherwise it fails).

To fix the problem, this patch introduces an array for virSCSIDevice
struct, which records all the names of domain which are using the
device (note that the recorded domains must specify the device as
shareable).  And the change on the data struct brings on many
subsequent changes in the code.

Prior to this patch, the "shareable" tag didn't work as expected,
it actually work like "non-shareable".  So this patch also added notes
in formatdomain.html to declare the fact.

* src/util/virscsi.h:
  - Remove virSCSIDeviceGetUsedBy
  - Change definition of virSCSIDeviceGetUsedBy and virSCSIDeviceListDel
  - Add virSCSIDeviceIsAvailable

* src/util/virscsi.c:
  - struct virSCSIDevice: Change "used_by" to be an array; Add
    "n_used_by" as the array count
  - virSCSIDeviceGetUsedBy: Removed
  - virSCSIDeviceFree: frees the "used_by" array
  - virSCSIDeviceSetUsedBy: Copy the domain name to avoid potential
    memory corruption
  - virSCSIDeviceIsAvailable: New
  - virSCSIDeviceListDel: Change the logic, for device which is already
    in the list, just remove the corresponding entry in "used_by". And
    since it's only used in one place, we can safely removing the code
    to find out the dev in the list first.
  - Copyright updating

* src/libvirt_private.sys:
  - virSCSIDeviceGetUsedBy: Remove
  - virSCSIDeviceIsAvailable: New

* src/qemu/qemu_hostdev.c:
  - qemuUpdateActiveScsiHostdevs: Check if the device existing before
    adding it to the list;
  - qemuPrepareHostdevSCSIDevices: Error out if the not all domains
    use the device as "shareable"; Also don't try to add the device
    to the activeScsiHostdevs list if it already there; And make
    more sensible error w.r.t the current "shareable" value in
    driver->activeScsiHostdevs.
  - qemuDomainReAttachHostScsiDevices: Change the logic according
    to the changes on helpers.

Signed-off-by: Osier Yang <jyang@redhat.com>
2014-01-30 15:46:24 +08:00
Peter Krempa
7076b4b72c snapshot: Add support for specifying snapshot disk backing type
Add support for specifying various types when doing snapshots. This will
later allow to do snapshots on network backed volumes. Disks of type
'volume' are not supported by snapshots (yet).

Also amend the test suite to check parsing of the various new disk
types that can now be specified.
2014-01-29 12:56:35 +01:00
Dan Kenigsberg
237a088ba4 docs: add a permalink to html headers
Quite often, I need to cite URLs like
    http://libvirt.org/formatnetwork.html#elementQoS
but it is annoying to copy them from the table of contents or the html
source.

This patch borrows from the Python documentation in order to make it
easier to cite headers on libvirt's oneline documentation.
2014-01-27 08:42:09 +01:00
Francesco Romani
08d07e5fd8 spice: expose the QEMU disable file transfer option
spice-server offers an API to disable file transfer messages
on the agent channel between the client and the guest.
This is supported in qemu through the disable-agent-file-xfer option.

This patch exposes this option to libvirt.
Adds a new element 'filetransfer', with one property,
'enable', which accepts a boolean.
Default is enabled, for backward compatibility.

Depends on the capability exported in the first patch of the series.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2014-01-21 11:35:41 +01:00
Gao feng
fb2fbc6d7b domain: introduce xml elements for throttle blkio cgroup
This patch introduces new xml elements under <blkiotune>,
we use these new elements to setup the throttle blkio
cgroup for domain. The new blkiotune node looks like this:

<blkiotune>
  <device>
    <path>/path/to/block</path>
    <weight>1000</weight>
    <read_iops_sec>10000</read_iops_sec>
    <write_iops_sec>10000</write_iops_sec>
    <read_bytes_sec>1000000</read_bytes_sec>
    <write_bytes_sec>1000000</write_bytes_sec>
  </device>
</blkiotune>

Signed-off-by: Guan Qiang <hzguanqiang@corp.netease.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2014-01-20 10:52:42 +08:00
Christophe Fergeau
8eaa25f2d6 doc: Add missing space in <clock> documentation 2014-01-17 18:18:55 +01:00
Daniel Veillard
7b84b1673a Release of libvirt-1.2.1
* docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localization from transifex and regenerated
2014-01-16 17:25:58 +08:00
Eric Blake
908903b317 docs: mention maintenance branches
Mitre tried to assign us two separate CVEs for the fix for
https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the
grounds that the fixes were separated by more than an hour
and thus triggered different hourly snapshots.  But we
explicitly do NOT want to treat transient security bugs as
CVEs if they can only be triggered by patches in libvirt.git
but where the problem is cleaned up before a formal release.

Meanwhile, I noticed that while our wiki mentioned maintenance
branches and releases, our formal documentation did not.

* docs/downloads.html.in: Contrast hourly snapshots with
maintenance branches.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-15 09:12:25 -07:00
Eric Blake
dd0dda2e4a schema: fix idmap validation
When idmap was added to LXC, we forgot to cover it in the testsuite.
The schema was missing an <element> layer, and as a result,
virt-xml-validate was failing on valid dumpxml output.

Reported by Eduard - Gabriel Munteanu on IRC.

* docs/schemas/domaincommon.rng (idmap): Include <idmap> element,
and support interleaves.
* tests/lxcxml2xmldata/lxc-idmap.xml: New file.
* tests/lxcxml2xmltest.c (mymain): Test it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-10 10:54:14 -07:00
Chen Hanxiao
8560093394 docs: add LXC multi console command docs and a example
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2014-01-08 11:16:10 +01:00
Eric Blake
db3dd0824f maint: improve VIR_ERR_INVALID_CONN usage
The datatype.c object checks could result in a message like:

error: invalid connection pointer in no connection

This consolidates all clients of this message to have uniform contents:

error: invalid connection pointer in someFunc

Note that virCheckConnectReturn raises an error immediately; in
datatypes.c, where we don't need to raise the error (but instead
just leave it in the thread-local setting), we use
virCheckConnectGoto and the cleanup label instead.  Then, for
consistency in that file, all subsequent error messages are
touched to also use the cleanup error label.

* src/datatypes.h (virCheckConnectReturn)
(virCheckConnectGoto): New macros.
* src/datatypes.c: Use new macro.
* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
(virLibConnError): Delete unused macro.
* src/libvirt-lxc.c (virLibConnError): Likewise.
* src/libvirt.c: Use new macro throughout.
* docs/api_extension.html.in: Modernize documentation.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-06 21:41:02 -07:00
Pranavkumar Sawargaonkar
27e32e0f3d AArch64: Porting of armv7l conditons to run qemu for aarch64.
AArch64 qemu has similar behavior as armv7l, like use of mmio etc.
This patch adds similar bypass checks what we have for armv7l to aarch64.
E.g. we are enabling mmio transport for Nicdev.
Making addDefaultUSB and addDefaultMemballoon to false etc.

V3:
- Adding missing domain rng schema for aarcg64 and test case in
  testutilsqemu.c which was causing test suite failure
  while running make check.

V2:
- Added testcase to qemuxml2argvtest as suggested
  during review comments of V1.

V1:
- Initial patch.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
2014-01-06 11:02:24 -05:00
Peter Krempa
32487c86c6 snapshot: schema: Split out snapshot disk driver definition
Extract the definition to a new type to allow avoiding of duplication.
2013-12-19 10:20:56 +01:00
Martin Kletzander
316e4d93eb docs: fix address type for disks
Disks have type='drive', not type='disk'.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-12-17 11:00:12 +01:00
Hu Tao
4313feade4 conf: add support for panic device
panic device is a device that enables libvirt to receive notification
of guest panic event.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:17:26 -07:00
Hu Tao
f1a039ef57 conf: introduce generic ISA address
For example:
<address type='isa' iobase='0x505' irq='0x1'/>

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-12 21:11:21 -07:00
Eric Blake
a5a8bd54b7 docs: fix recent typo
Introduced in commit 24fbbb82.

* docs/formatdomain.html.in: s/tunning/tuning/

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-10 07:04:58 -07:00
Jiri Denemark
24fbbb8263 docs: Enhance memoryBacking/locked documentation
Mention the need to set memtune/hard_limit.

https://bugzilla.redhat.com/show_bug.cgi?id=1035954
2013-12-09 15:43:47 +01:00
Peter Krempa
be904e4eeb conf: Fix XML formatting of RNG device info
https://bugzilla.redhat.com/show_bug.cgi?id=1035118

When outputting the XML for the RNG device, the code didn't format the
PCI address info. Additionally the schema wasn't expecting the info
although it was being parsed and used internally. Fix those mistakes and
add test for the PCI info section.
2013-12-06 11:03:56 +01:00
Eric Blake
00b019b5ad docs: fix some typos
* docs/auditlog.html.in: Spelling fixes.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-02 11:59:18 -07:00
Daniel Veillard
4e41a2a370 Release of libvirt-1.2.0
* configure.ac docs/news.html.in libvirt.spec.in: update for release
* po/*.po*: update and merge localizations from transifex
2013-12-02 12:17:51 +08:00
Daniel P. Berrange
484b60409c Link libvirt-sandbox from apps page
Add a link to the http://sandbox.libvirt.org sub-site from the
list of libraries related to libvirt. Also fix formatting for
the ruby libvirt binding.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-02 10:46:40 +08:00
Daniel P. Berrange
84fe15c332 Add docs about audit subsystem logging
Adds a new page to the website "Deployment" section describing
what data is sent to the audit logs and how to configure libvirtd
audit settings.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-12-02 10:43:44 +08:00
Nehal J Wani
968a46923a Fix typos in various docs
Fix 8 minor spelling errors in docs/*.html.in
2013-12-02 10:21:26 +08:00
Gao feng
6616582cf6 LXC: add securetty related note in Device nodes
Tell user how to resolve the problem that fail to log in
the container.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-11-26 16:50:05 +00:00
Yuri Chornoivan
73a03e3063 Fix three minor typos 2013-11-26 18:37:09 +08:00
Eric Blake
ecd881b7a7 storage: add network-dir as new storage volume type
In the 'directory' and 'netfs' storage pools, a user can see
both 'file' and 'dir' storage volume types, to know when they
can descend into a subdirectory.  But in a network-based storage
pool, such as the upcoming 'gluster' pool, we use 'network'
instead of 'file', and did not have any counterpart for a
directory until this patch.  Adding a new volume type
'network-dir' is better than reusing 'dir', because it makes
it clear that the only way to access 'network' volumes within
that container is through the network mounting (leaving 'dir'
for something accessible in the local file system).

* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
* docs/formatstorage.html.in: Document it.
* docs/schemasa/storagevol.rng (vol): Allow new value.
* src/conf/storage_conf.c (virStorageVol): Use new value.
* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemVolDelete): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 12:29:49 -07:00
Eric Blake
ed5fa7f393 storage: document gluster pool
Add support for a new <pool type='gluster'>, similar to
RBD and Sheepdog.  Terminology wise, a gluster volume
forms a libvirt storage pool, within the gluster volume,
individual files are treated as libvirt storage volumes.

* docs/schemas/storagepool.rng (poolgluster): New pool type.
* docs/formatstorage.html.in: Document gluster.
* docs/storage.html.in: Likewise, and contrast it with netfs.
* tests/storagepoolxml2xmlin/pool-gluster.xml: New test.
* tests/storagepoolxml2xmlout/pool-gluster.xml: Likewise.
* tests/storagepoolxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 11:03:19 -07:00
Eric Blake
1b5c8d4cbc storage: expose volume meta-type in XML
I got annoyed at having to use both 'virsh vol-list $pool --details'
AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
the volume correctly.  Since two-thirds of the data present in
virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
this just adds the remaining piece of information, as:

<volume type='...'>
  ...
</volume>

* docs/formatstorage.html.in: Document new <volume type=...>.
* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
the metatype.
(virStorageVolDefParseXML): Parse it, for unit tests.
* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 10:55:19 -07:00
Eric Blake
f5580bd6d6 storage: allow interleave in volume XML
The RNG grammar did not allow arbitrary interleaving, which makes
it harder than necessary to create a new volume from handwritten XML.
(Compare also to commit caf516db for pools).

* docs/schemas/storagevol.rng: Support interleaving.
* tests/storagevolxml2xmlin/vol-file-backing.xml: Test it.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-25 07:51:14 -07:00
Martin Kletzander
d96b08bb24 build: Don't fail on '&lt;' or '&gt;' with old xmllint
Older xmllint version don't allow such characters in datatype anyURI.
In order not to change too much, I'm suggesting making a choice of
anyURI or 'absPathName' which should be fine (checked with upstream
and that old xmllint, both work fine).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2013-11-22 05:31:15 +01:00
Eric Blake
6cc4d6a3fe storage: use valid XML for awkward volume names
$ touch /var/lib/libvirt/images/'a<b>c'
$ virsh pool-refresh default
$ virsh vol-dumpxml 'a<b>c' default | head -n2
<volume>
  <name>a<b>c</name>

Oops.  That's not valid XML.  And when we fix the XML
generation, it fails RelaxNG validation.

I'm also tired of seeing <key>(null)</key> in the example
output for volume xml; while we used NULLSTR() to avoid
a NULL deref rather than relying on glibc's printf
extension behavior, it's even better if we avoid the issue
in the first place.  But this requires being careful that
we don't invalidate any storage backends that were relying
on key being unassigned during virStoragVolCreateXML[From].

I would have split this into two patches (one for escaping,
one for avoiding <key>(null)</key>), but since they both
end up touching a lot of the same test files, I ended up
merging it into one.

Note that this patch allows pretty much any volume name
that can appear in a directory (excluding . and .. because
those are special), but does nothing to change the current
(unenforced) RelaxNG claim that pool names will consist
only of letters, numbers, _, -, and +.  Tightening the C
code to match RelaxNG patterns and/or relaxing the grammar
to match the C code for pool names is a task for another
day (but remember, we DID recently tighten C code for
domain names to exclude a leading '.').

* src/conf/storage_conf.c (virStoragePoolSourceFormat)
(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
(virStorageVolDefFormat): Escape user-controlled strings.
(virStorageVolDefParseXML): Parse key, for use in unit tests.
* src/storage/storage_driver.c (storageVolCreateXML)
(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
volume creation.
* docs/schemas/basictypes.rng (volName): Relax definition.
* tests/storagepoolxml2xmltest.c (mymain): Test it.
* tests/storagevolxml2xmltest.c (mymain): Likewise.
* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-21 17:29:47 -07:00
Eric Blake
78b139b0bd maint: enforce comma style usage
Enforce and document the style set up by the previous patches.

* build-aux/bracket-spacing.pl: Add comma checks.
* docs/hacking.html.in: Document the rules.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-20 09:24:18 -07:00
Chen Hanxiao
18037b5f1c docs: fix a typo in formatnwfilter.html.in
s/insallations/installations/

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-15 06:00:49 -07:00
Eric Blake
887dd3625b storage: fix RNG validation of gluster via netfs
While trying to compare netfs against my new gluster pool, I
discovered two things:

virt-xml-validate chokes on valid xml produced by 'virsh pool-dumpxml'
[yet another reason that ALL patches that add new xml should be adding
corresponding tests]

When using glusterfs FUSE mounts, you cannot access a subdirectory
of a gluster volume.  The recommended workaround in the gluster
community is to mount the volume to an intermediate location, then
bind-mount the desired subdirectory to the final location.  Maybe
we should teach libvirt to do bind-mounting, but for now I chose to
just document the limitation.

* docs/storage.html.in: Improve documentation.
* docs/schemas/storagepool.rng (sourcefmtnetfs): Allow all
formats, and drop redundant info-vendor.
* tests/storagepoolxml2xmltest.c (mymain): New test.
* tests/storagepoolxml2xmlin/pool-netfs-gluster.xml: New file.
* tests/storagepoolxml2xmlout/pool-netfs-gluster.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-13 12:10:00 -07:00
Daniel P. Berrange
7f2b173feb Improve cgroups docs to cover systemd integration
As of libvirt 1.1.1 and systemd 205, the cgroups layout used by
libvirt has some changes. Update the 'cgroups.html' file from
the website to describe how it works in a systemd world.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-11-12 11:23:00 +00:00
Peter Krempa
e0dc851164 qemu: Add support for paravirtual spinlocks in the guest
The linux kernel recently added support for paravirtual spinlock
handling to avoid performance regressions on overcomitted hosts. This
feature needs to be turned in the hypervisor so that the guest OS is
notified about the possible support.

This patch adds a new feature "paravirt-spinlock" to the XML and
supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
qemu.

https://bugzilla.redhat.com/show_bug.cgi?id=1008989
2013-11-08 09:44:42 +01:00
Ján Tomko
eab51940bd Allow root directory in filesystem source dir schema
Use absDirPath instead of absFilePath.

https://bugzilla.redhat.com/show_bug.cgi?id=1028107
2013-11-07 18:43:15 +01:00
Jonathan Lebon
3897975eea add SystemTap to apps using libvirt
Starting from v2.4 (released today!), SystemTap can use libvirt to
execute scripts inside virtual machines.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-11-06 15:26:35 -07:00
Chen Hanxiao
1502029100 docs: fix a typo in formatnwfilter
s/fragement/fragment

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-11-06 16:45:18 +01:00
Daniel Veillard
a4a7c7e9c4 Release of libvirt-1.1.4
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: update localizations from transifex and regenerate
2013-11-04 12:30:41 +08:00
Claudio Bley
5eb3dff5b6 docs: generate links from plain text documentation
There are two forms used throughout libvirt code comments, which
are both supported by this patch.

* plain links like e.g. http://www.libvirt.org/
* links enclosed in <> characters, e.g. <http://www.libvirt.org/>

Signed-off-by: Claudio Bley <cbley@av-test.de>
2013-10-30 17:30:12 +01:00
Claudio Bley
3a77ecac2a docs: define style of code blocks inside descriptions 2013-10-30 17:30:12 +01:00
Claudio Bley
d2ee3bbfa0 docs: add class "description" to div's containing descriptions 2013-10-30 17:30:11 +01:00
Claudio Bley
8213f6c38e docs: process code blocks similar to Markdown
Wrap pre-formatted example code in <code> elements. This works
similar to Markdown[1] code blocks[2]:

Every line indented with at least 2 spaces is considered a code
block and gets wrapped in <pre> and <code> tags.

Look at the documentation for e.g. virStreamSend for before-and-after
effects.

[1] http://daringfireball.net/projects/markdown/
[2] http://daringfireball.net/projects/markdown/syntax#precode
2013-10-30 17:30:11 +01:00
Chen Hanxiao
d70840f68d docs: fix typos in formatnwfilter
s/initated/initiated

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-30 08:55:06 +01:00
Giuseppe Scrivano
b51038a4cd capabilities: add baselabel per sec driver/virt type to secmodel
Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 07:06:04 -06:00
Chen Hanxiao
b695aeebd5 doc: fix a typo in formatdomain
s/no/not

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-25 09:11:12 +01:00
Chen Hanxiao
dc33207dbe docs: fix some typos about 'informations'
s/informations/information

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-22 09:47:19 +01:00
Chen Hanxiao
8d35f9dbad docs: fix a typo in formatdomain
s/effect/affect

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-21 10:25:29 +02:00
Jiri Denemark
34adf622a3 docs: Expand description of host-model CPU mode
host-model is a nice idea but it's current implementation make it
useless on some hosts so it should be used with care.
2013-10-18 16:35:57 +02:00
Eric Blake
caf516db51 storage: allow interleave in pool XML
The RNG grammar did not allow arbitrary interleaving, which makes
it harder than necessary to create a new pool from handwritten XML.

* docs/schemas/storagepool.rng: Allow interleaving.
* tests/storagepoolxml2xmlin/pool-sheepdog.xml: Test interleave.
* tests/storagepoolxml2xmlin/pool-iscsi-auth.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-16 10:15:44 -06:00
Eric Blake
59dce8d278 storage: document existing pools
We forgot to document several pool types.

* docs/formatstorage.html.in: Add docs for scsi, mpath, rbd, and
sheepdog.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-16 09:57:31 -06:00
Pranavkumar Sawargaonkar
9f53ffcb81 AArch64: Add qemu capabilities schemeta for test.
Add qemu AArch64 capabilities schemeta in caps-qemu-kvm.xml.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>

(crobinso: add aarch64 to schema arch list)
2013-10-15 17:02:17 -04:00
Peter Krempa
c4caa012c2 schema: Rename option 'hypervtristate' to 'featurestate'
Change the RelaxNG schema option name so that it can be reused for
non-hyperv feature flags.
2013-10-15 16:42:45 +02:00
Chen Hanxiao
b8b22d1969 docs: change the minimum weight description for blkio
Since 2.6.39, kernel changed the minimum weight of device blkio.
Update related docs.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:17:40 +01:00
Daniel P. Berrange
8f35fd21cc Add some notes about secure usage of libvirt
Start a page describing some of the things that applications
using libvirt need to bear in mind to ensure security of their
systems.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-15 11:33:01 +01:00
Peter Krempa
f094aaac48 qemu: Prefer VFIO for PCI device passthrough
Prefer using VFIO (if available) to the legacy KVM device passthrough.

With this patch a PCI passthrough device without the driver configured
will be started with VFIO if it's available on the host. If not legacy
KVM passthrough is checked and error is reported if it's not available.
2013-10-10 12:00:56 +02:00
Ján Tomko
3f029fb531 LXC: Fix handling of RAM filesystem size units
Since 76b644c when the support for RAM filesystems was introduced,
libvirt accepted the following XML:
<source usage='1024' unit='KiB'/>

This was parsed correctly and internally stored in bytes, but it
was formatted as (with an extra 's'):
<source usage='1024' units='KiB'/>
When read again, this was treated as if the units were missing,
meaning libvirt was unable to parse its own XML correctly.

The usage attribute was documented as being in KiB, but it was not
scaled if the unit was missing. Transient domains still worked,
because this was balanced by an extra 'k' in the mount options.

This patch:
Changes the parser to use 'units' instead of 'unit', as the latter
was never documented (fixing persistent domains) and some programs
(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.

Removes the extra 'k' from the tmpfs mount options, which is needed
because now we parse our own XML correctly.

Changes the default input unit to KiB to match documentation, fixing:
https://bugzilla.redhat.com/show_bug.cgi?id=1015689
2013-10-09 17:44:45 +02:00
Chen Hanxiao
f7f469d09f doc: fix typo in HACKING
s/installion/installation

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-07 09:42:33 +02:00
Cole Robinson
9dd4150a4f docs: aclpolkit: Fix a heading typo 2013-10-04 13:38:57 -04:00
John Ferlan
0bdefd9b04 nodedev: Resolve Relax-NG validity error
Commit id 'c4a4603de' added an output <path> to the nodedev xml, but
did not update the schema.

This resulted in the failure of the 'virt-xml-validate' on a file
generated by 'virsh nodedev-dumpxml pci_0000_00_00_0' (for example).

This was found/seen by running autotest on my host.
2013-10-04 07:52:45 -04:00
Daniel Veillard
a72940f954 Release of libvirt-1.1.3
- configure.ac docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2013-10-01 15:04:14 +08:00
Doug Goldstein
45cd9aa2d4 VMware: Initial VMware Fusion support
Add support for VMware Fusion in the existing VMware driver.  Connect
via the URI vmwarefusion:///session
2013-09-29 18:40:36 +08:00
Laine Stump
b83d26f6c4 qemu: support ich9-intel-hda audio device
This resolves one of the issues in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

This device is identical to qemu's "intel-hda" device (known as "ich6"
in libvirt), but has a different PCI device ID (which matches the ID
of the hda audio built into the ich9 chipset, of course). It's not
supported in earlier versions of qemu, so it requires a capability
bit.
2013-09-25 10:38:02 -04:00
Jiri Denemark
0543e0d212 docs: Load libvirt_access*.xml from build dir
The xml files are generated in build directory and thus docs/newapi.xsl
was not able to find them in a VPATH build.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-23 14:16:45 +02:00
Giuseppe Scrivano
ab42c22627 doc: fix XML for the RNG device example
Add a missing '/' to close the "source" element.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-09-18 17:14:49 +02:00
Diego Woitasen
22547b4c98 Add forwarder attribute to <dns/> element
Useful to set custom forwarders instead of using the contents of
/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
resolve VM domain names from domain 0, when domain option is used.

Signed-off-by: Diego Woitasen <diego.woitasen@vhgroup.net>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 17:47:33 -06:00
Doug Goldstein
4b5652d0dc Allow <source> for type=block to have no dev
Currently the XML parser already allows the following syntax:
  <disk type='block' device='cdrom'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

But it if the dev value is NULL then it would not have the leading
"<source ", resulting in invalid XML.
2013-09-17 14:10:40 -05:00
Aline Manera
8ffe1d0c46 Add tftp protocol support for cdrom disk
qemu/KVM also supports a tftp URL while specifying the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='tftp' name='/url/path'>
        <host name='host.name' port='69'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
0f24393e60 Add ftps protocol support for cdrom disk
The ftps protocol is another protocol supported by qemu/KVM while specifying
the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='ftps' name='/url/path'>
        <host name='host.name' port='990'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
d9dd981801 Add https protocol support for cdrom disk
The https protocol is also accepted by qemu/KVM when specifying the cdrom ISO
image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='https' name='/url/path'>
        <host name='host.name' port='443'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Daniel P. Berrange
5e6a85c765 Add some notes about security considerations when using LXC
Describe some of the issues to be aware of when configuring LXC
guests with security isolation as a goal.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-12 11:48:29 +01:00
Daniel Veillard
a41e95db50 Repair the search on libvirt.org
First make sure that the input is xhtml as the stylesheets expect
namespaced element, then use a span element instead of a as a
is treated specially, finally adjust the makefile to check for
the new span element and replace it with the PHP code
2013-09-12 17:18:32 +08:00
Daniel P. Berrange
420ebcfe01 Update docs about user namespace for LXC
Mention that user namespace can be enabled using the UID/GID
mapping schema.

Fix typo in link anchor for container args in domain XML docs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-11 11:46:31 +01:00
Oskari Saarenmaa
c9e1c6a93e docs, comments: minor typo fixes
Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-10 17:06:41 -06:00
Ján Tomko
75ad8b67d4 Fix a typo in network XML docs 2013-09-05 13:46:29 +02:00
Ján Tomko
437b7944a8 Add '<nat>' element to '<forward>' network schemas
Commits 905629f4 and 1716e7a6 have added support for specifying
an IPv4 range and a port range to be used by NAT:
<forward mode='nat'>
  <nat>
    <address start='10.20.30.40' end='10.20.30.44'/>
    <port start='60000' end='65432'/>
  </nat>
</forward>

https://bugzilla.redhat.com/show_bug.cgi?id=1004364
2013-09-05 13:45:49 +02:00
Martin Kletzander
d7d8fef4b9 docs: Add OpenStack into references 2013-09-04 16:24:40 +02:00
Doug Goldstein
f8456e5a18 VMX: Add cdrom-raw dev type from VMWare Fusion
According to VMWare's documentation 'cdrom-raw' is an acceptable value
for deviceType for a CD-ROM drive. The documentation states that the VMX
configuration for a CD-ROM deviceType is as follows:

ide|scsi(n):(n).deviceType = "cdrom-raw|atapi-cdrom|cdrom-image"

From the documentation it appears the following is true:
- cdrom-image = Provides the ISO to the VM
- atapi-cdrom = Provides a NEC emulated ATAPI CD-ROM on top of the host
  CD-ROM
- cdrom-raw = Passthru for a host CD-ROM drive. Allows CD-R burning from
  within the guest.

A CD-ROM prior to this patch would always provide an 'atapi-cdrom' is
modeled as:
  <disk type='block' device='cdrom'>
    <source dev='/dev/scd0'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

This patch allows the 'device' attribute to be set to 'lun' for a raw
acccess CD-ROM such as:
  <disk type='block' device='lun'>
    <source dev='/dev/scd0'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>
2013-09-02 17:41:30 -05:00
Cole Robinson
3730353f63 domain_conf: Add disk bus=sd, wire it up for qemu
This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
Needed for many ARM boards which don't provide any other way to
pass in storage.
2013-09-02 16:53:40 -04:00
Cole Robinson
7c9617641d qemu: Don't add default memballoon device on ARM
And add test cases for a basic working ARM guest.
2013-09-02 16:53:39 -04:00
Fred A. Kemp
feba2febce qemu: Support setting the 'removable' flag for USB disks
Add an attribute named 'removable' to the 'target' element of disks,
which controls the removable flag. For instance, on a Linux guest it
controls the value of /sys/block/$dev/removable. This option is only
valid for USB disks (i.e. bus='usb'), and its default value is 'off',
which is the same behaviour as before.

To achieve this, 'removable=on' (or 'off') is appended to the '-device
usb-storage' parameter sent to qemu when adding a USB disk via
'-disk'. A capability flag QEMU_CAPS_USB_STORAGE_REMOVABLE was added
to keep track if this option is supported by the qemu version used.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=922495
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-09-02 14:45:38 +02:00
Daniel Veillard
85240daba2 Release of libvirt-1.1.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: merged new localizations and regenerated
2013-09-02 09:47:37 +08:00
Eric Blake
cd3fa76222 build: shipped files must not depend on BUILT_SOURCES
'make distcheck' was failing with:
make[3]: Entering directory `/home/eblake/libvirt-tmp2/libvirt-1.1.1/_build/docs'
perl ../../docs/genaclperms.pl ../../src/access/viraccessperm.h > ../../docs/aclperms.htmlinc
/bin/sh: ../../docs/aclperms.htmlinc: Permission denied

when simulating the case of a user doing a VPATH build from a
read-only source tree.  The culprit?  BUILT_SOURCES are _always_
built, and so must NOT be built into srcdir and need not be part
of the tarball.  On the other hand, shipped files must never
depend on files in the builddir.  While it would be possible to
fix the problem by generating aclperms.htmlinc into builddir,
we then have the problem that we ship acl.html - we'd have to
rejigger a lot of things to not ship pre-built html.  So this
patch goes the other direction - we don't need BUILT_SOURCES,
but instead ensure that we have proper dependencies so that
all files in srcdir are up-to-date at the time the tarball is
created.  And because we ship html files in the tarball, that
implies we don't expect users to be able to rebuild them, so
we must not clean any files that would trigger a rebuild except
under the maintainer rules.

* docs/Makefile.am (BUILT_SOURCES): Delete.
(CLEANFILES): Downgrade aclperms.htmlinc cleanup...
(maintainer-clean-local): ...and move hvsupport.html.in...
(MAINTAINERCLEANFILES): ...to a maintainer action.
(hvsupport.html.in): Write into srcdir.
(hvsupport.html): Ensure files are built in order.
(aclperms.htmlinc): Honor silent make.
(EXTRA_DIST): Ship aclperms.htmlinc.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 20:45:22 -06:00
Eric Blake
f06eb52fff build: fix 'make distcheck' out of the box
With the 1.1.1 tarball, if a user does 'make && make distcheck',
things pass, but if they do 'make distcheck' after 'make clean',
there is an odd failure:

  GEN      ../../docs/devhelp/index.html
I/O error : Permission denied
I/O error : Permission denied
runtime error: file ../../docs/devhelp/devhelp.xsl line 43 element document
xsltDocumentElem: unable to save to ../../docs/devhelp/libvirt-virterror.html
I/O error : Permission denied
I/O error : Permission denied

This implies that the rules for 'make dist' are missing a
dependency - the generated documentation needs to be up-to-date
before creating the tarball, or else the tarball will be missing
files, where the end user will end up trying to rebuild files in
srcdir, and that fails when srcdir is read-only.

1.1.1 plus this patch now works without issues (other issues have
crept in to 1.1.2-rc1 that prevent 'make distcheck' from working,
but those will be cleaned up in later patches).

* docs/Makefile.am (dist-local): New dependency.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 19:36:35 -06:00
Ján Tomko
01cda91809 Add pcihole64 element to root PCI controllers
<controller type='pci' index='0' model='pci-root'>
  <pcihole64 unit='KiB'>1048576</pcihole64>
</controller>

It can be used to adjust (or disable) the size of the 64-bit
PCI hole. The size attribute is in kilobytes (different unit
can be specified on input), but it gets rounded up to
the nearest GB by QEMU.

Disabling it will be needed for guests that crash with the
64-bit PCI hole (like Windows XP), see:
https://bugzilla.redhat.com/show_bug.cgi?id=990418
2013-08-27 17:42:29 +02:00
Aline Manera
796513d7cc Add ftp protocol support for cdrom disk
The ftp protocol is already recognized by qemu/KVM so add this support to
libvirt as well.
The xml should be as following:

     <disk type='network' device='cdrom'>
       <source protocol='ftp' name='/url/path'>
         <host name='host.name' port='21'/>
       </source>
     </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Aline Manera
3485ce4e9d Add http protocol support for cdrom disk
QEMU/KVM already allows a HTTP URL for the cdrom ISO image so add this support
to libvirt as well.
The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='http' name='/url/path'>
        <host name='host.name' port='80'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Jiri Denemark
8a38db0dd9 schema: Allow dots in device aliases
Commit 01b88127 changed aliases for PCI controller devices to "pcie.0" or
"pci.%u". Thus device aliases may now contain dots.
2013-08-26 15:26:49 +02:00
Claudio Bley
2a40951148 Test for object identity when checking for None in Python
Consistently use "is" or "is not" to compare variables to None,
because doing so is preferrable, as per PEP 8
(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):

> Comparisons to singletons like None should always be done with is or
> is not, never the equality operators.
2013-08-23 08:12:26 +02:00
John Ferlan
fc82f0adde docs: Reformat <disk> attribute description in formatdomain
Reformat the description to more cleanly delineate the attributes
for a <disk> element.
2013-08-22 07:17:19 -04:00
John Ferlan
c753749c27 docs: Update iSCSI storage pool example
Update the iSCSI storage pool example to include the secret
2013-08-20 13:27:44 -04:00
John Ferlan
4ba0529078 docs: Update formatsecrets to include more examples of each type
Update formatsecret docs to describe the various options and provide examples
in order to set up secrets for each type of secret.
2013-08-20 13:27:44 -04:00
John Ferlan
cb3b7dce7c docs: Update the formatdomain disk examples
Add more iSCSI examples including having a secret attached. There are 4 new
examples; one for each way to have an iSCSI - a network disk using virtio,
a passthrough network lun using scsi, a volume disk using "mode='host'",
and a volume disk using "mode='direct'"
2013-08-20 13:27:44 -04:00
Eric Blake
0f082e699e selinux: distinguish failure to label from request to avoid label
https://bugzilla.redhat.com/show_bug.cgi?id=924153

Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
an attribute relabel='no' in order to try and minimize the
impact of shutdown delays when an NFS server disappears.  The idea
was that if a disk is on NFS and can't be labeled in the first
place, there is no need to attempt the (no-op) relabel on domain
shutdown.  Unfortunately, the way this was implemented was by
modifying the domain XML so that the optimization would survive
libvirtd restart, but in a way that is indistinguishable from an
explicit user setting.  Furthermore, once the setting is turned
on, libvirt avoids attempts at labeling, even for operations like
snapshot or blockcopy where the chain is being extended or pivoted
onto non-NFS, where SELinux labeling is once again possible.  As
a result, it was impossible to do a blockcopy to pivot from an
NFS image file onto a local file.

The solution is to separate the semantics of a chain that must
not be labeled (which the user can set even on persistent domains)
vs. the optimization of not attempting a relabel on cleanup (a
live-only annotation), and using only the user's explicit notation
rather than the optimization as the decision on whether to skip
a label attempt in the first place.  When upgrading an older
libvirtd to a newer, an NFS volume will still attempt the relabel;
but as the avoidance of a relabel was only an optimization, this
shouldn't cause any problems.

In the ideal future, libvirt will eventually have XML describing
EVERY file in the backing chain, with each file having a separate
<seclabel> element.  At that point, libvirt will be able to track
more closely which files need a relabel attempt at shutdown.  But
until we reach that point, the single <seclabel> for the entire
<disk> chain is treated as a hint - when a chain has only one
file, then we know it is accurate; but if the chain has more than
one file, we have to attempt relabel in spite of the attribute,
in case part of the chain is local and SELinux mattered for that
portion of the chain.

* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
member.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
Parse it, for live images only.
(virSecurityDeviceLabelDefFormat): Output it.
(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
(virDomainDiskDefFormat): Pass flags on through.
* src/security/security_selinux.c
(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
when possible.
(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
norelabel, if labeling fails.
(virSecuritySELinuxSetFileconHelper): Fix indentation.
* docs/formatdomain.html.in (seclabel): Document new xml.
* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
New test files.
* tests/qemuxml2argvtest.c (mymain): Run the new tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-20 10:39:03 -06:00
Michal Privoznik
8563b091ff docs: Clean 09adfdc62d up 2013-08-20 10:33:33 +02:00
Michal Privoznik
09adfdc62d docs: Discourage users to set hard_limit
In one of my previous patches I am removing the hard_limit heuristic to
guess the correct value if none set. However, it turned out, this limit
is hard to guess even for users. We should advise them to not set the
limit as their domains may be OOM killed. Sigh.
2013-08-19 12:15:25 +02:00
Daniel P. Berrange
7a7cb0934e Update polkit examples to use 'lookup' method
Feedback from the polkit developers indicates that the
"_detail_XXXX" attributes are a private implementation
detail. Our examples should be recommending use of the
"action.lookup('XXX')" method instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-16 16:57:09 +01:00
Xuesong Zhang
3607ab58c9 docs: fix usb node device sub-element names 2013-08-15 11:40:50 +02:00
Laine Stump
4f595ba61c network: permit upstream forwarding of unqualified DNS names
This resolves the issue that prompted the filing of

  https://bugzilla.redhat.com/show_bug.cgi?id=928638

(although the request there is for something much larger and more
general than this patch).

commit f3868259ca disabled the
forwarding to upstream DNS servers of unresolved DNS requests for
names that had no domain, but were just simple host names (no "."
character anywhere in the name). While this behavior is frowned upon
by DNS root servers (that's why it was changed in libvirt), it is
convenient in some cases, and since dnsmasq can be configured to allow
it, it must not be strictly forbidden.

This patch restores the old behavior, but since it is usually
undesirable, restoring it requires specification of a new option in
the network config. Adding the attribute "forwardPlainNames='yes'" to
the <dns> elemnt does the trick - when that attribute is added to a
network config, any simple hostnames that can't be resolved by the
network's dnsmasq instance will be forwarded to the DNS servers listed
in the host's /etc/resolv.conf for an attempt at resolution (just as
any FQDN would be forwarded).

When that attribute *isn't* specified, unresolved simple names will
*not* be forwarded to the upstream DNS server - this is the default
behavior.
2013-08-14 09:46:22 -04:00
Philipp Hahn
ced2e3bed3 doc: storage pool permission copy-paste fix
The description for <permissions> was copied from the storage volume
section to the storage pool section, but the semantics are different:
1. Currently only the "dir", "fs" and "netfs" storage pools use it.
2. They use it only to build the final directory.
3. A default for the storage volumes can't be set.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-08-13 14:55:04 -06:00
Eric Blake
70547bacae docs: mention VIR_TEST_RANGE
Commit ab92ae333 added a cool feature, but didn't document it.

* docs/hacking.html.in: Document debugging a subset of tests.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 20:44:41 -06:00
Daniel P. Berrange
12f22856bf Document use of systemd socket activation
Add to the docs/drvlxc.html.in documentation to describe how to
configure systemd to auto-activate a container when a client
connects to a socket

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-12 17:17:03 +01:00
Eric Blake
70363ea9ff build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc).  While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior).  Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on.  It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).

Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable.  Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.

* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:02:38 -06:00
Ján Tomko
4ce91f6ebd Remove leftovers from hyperv spinlocks documentation
Somehow I managed to leave this monstrosity in.
Introduced by 800b51d.
2013-08-12 14:34:17 +02:00
Daniel P. Berrange
b6c7e3bb52 Fix typo in domain name in polkit acl example
Signed-off-by: Daniel P. Berrange <dan@berrange.com>
2013-08-09 20:03:42 +01:00
Daniel P. Berrange
da13f2c70c Add documentation for access control system
This adds two new pages to the website, acl.html describing
the general access control framework and permissions models,
and aclpolkit.html describing the use of polkit as an
access control driver.

page.xsl is modified to support a new syntax

  <div id="include" filename="somefile.htmlinc"/>

which will cause the XSL transform to replace that <div>
with the contents of 'somefile.htmlinc'. We use this in
the acl.html.in file, to pull the table of permissions
for each libvirt object. This table is autogenerated
from the enums in src/access/viraccessperms.h by the
genaclperms.pl script.

newapi.xsl is modified so that the list of permissions
checks shown against each API will link to the description
of the permissions in acl.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:13:02 +01:00
Daniel P. Berrange
664ab2801d Add info about access control checks into API reference
So that app developers / admins know what access control checks
are performed for each API, this patch extends the API docs
generator to include details of the ACLs for each.

The gendispatch.pl script is extended so that it generates
a simple XML describing ACL rules, eg.

  <aclinfo>
    ...
    <api name='virConnectNumOfDomains'>
      <check object='connect' perm='search_domains'/>
      <filter object='domain' perm='getattr'/>
    </api>
    <api name='virDomainAttachDeviceFlags'>
      <check object='domain' perm='write'/>
      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
    </api>
    ...
  </aclinfo>

The newapi.xsl template loads the XML files containing the ACL
rules and generates a short block of HTML for each API describing
the parameter checks and return value filters (if any).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 11:59:46 +01:00
Guannan Ren
93319da42c conf: add startupPolicy attribute for harddisk
Add startupPolicy attribute for harddisk with type "file",
"block" and "dir". 'requisite' is not supported currently for
harddisk.
2013-08-07 14:31:34 +08:00
Laine Stump
62ac6b4354 qemu: add dmi-to-pci-bridge controller
This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
and implemented with qemu's "i82801b11-bridge" device, connects to a
PCI Express slot (e.g. one of the slots provided by the pcie-root
controller, aka "pcie.0" on the qemu commandline), and provides 31
*non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.

Any time a machine is defined which has a pcie-root controller
(i.e. any q35-based machinetype), libvirt will automatically add a
dmi-to-pci-bridge controller if one doesn't exist, and also add a
pci-bridge controller. The reasoning here is that any useful domain
will have either an immediate (startup time) or eventual (subsequent
hot-plug) need for a standard PCI slot; since the pcie-root controller
only provides PCIe slots, we need to connect a dmi-to-pci-bridge
controller to it in order to get a non-hot-plug PCI slot that we can
then use to connect a pci-bridge - the slots provided by the
pci-bridge will be both standard PCI and hot-pluggable.

Since pci-bridge devices themselves can not be hot-plugged into a
running system (although you can hot-plug other devices into a
pci-bridge's slots), any new pci-bridge controller that is added can
(and will) be plugged into the dmi-to-pci-bridge as long as it has
empty slots available.

This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
the automatically added dmi-to-pci-bridge and pci-bridge devices, and
the "after" xml can include it - this way we are testing if libvirt is
properly adding these devices.
2013-08-05 15:40:49 -04:00
Laine Stump
48a3f48ac5 qemu: add pcie-root controller
This controller is implicit on q35 machinetypes. It provides 31 PCIe
(*not* PCI) slots as controller 0.

Currently there are no devices that can connect to pcie-root, and no
implicit pci controller on a q35 machine, so q35 is still
unusable. For a usable q35 system, we need to add a
"dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
and provides standard pci slots that can be used to connect other
devices.
2013-08-05 15:13:56 -04:00
Yuri Chornoivan
5b4c035b08 Fix minor typos in messages and docs
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-30 07:07:33 -06:00
Daniel Veillard
e9b8c9dc80 Release of libvirt-1.1.1
* configure.ac docs/news.html.in: update for the release
* po/*.po*: update localizations and regenerate
2013-07-30 17:38:35 +08:00
Michal Privoznik
d7a4a9b2ff formatdomain.html.in: Document implementation limitation of QoS
The outbound/@peak is ignored (since QoS was introduced). This is due to
kernel limitation of know allowing ingress filters to have peak just
average rate. However, we should document this limitation to not confuse
users.
2013-07-26 11:45:10 +02:00
Michal Privoznik
0884be37e3 formatdomain.html.in: Correctly use <code/> in #elementQoS
Interestingly, we had <code>floor<code> ... </code>outbound</code> which
results in much larger block of text to be written in code style that
intended.
2013-07-26 11:45:10 +02:00
John Ferlan
c00b2f0dd1 conf: Introduce new XML tag "mode" for disk source
There are two ways to use a iSCSI LUN as disk source for qemu.

 * The LUN's path as it shows up on host, e.g.
   /dev/disk/by-path/ip-$ip:3260-iscsi-$iqn-fc18:iscsi.iscsi0-lun-1

 * The libiscsi URI from the storage pool source element host attribute, e.g.
   iscsi://demo.org:6000/iqn.1992-01.com.example/1

For a "volume" type disk, if the specified "pool" is of iscsi
type, we should support to use the LUN in either of above 2 ways.
That's why to introduce a new XML tag "mode" for the disk source
(libvirt should support iscsi pool with libiscsi, but it's another
new feature, which should be done later).

The "mode" can be either of "host" or "direct". Use "host" to indicate
use of the LUN with the path as it shows up on host. Use "direct" to
indicate to use it with the source pool host URI (future patches may support
to use network type libvirt storage too, e.g. Ceph)
2013-07-22 14:01:04 -04:00
Eric Blake
d21d40bf0c maint: split long lines in Makefiles
Makefiles are another easy file to enforce line limits.

Mostly straightforward; interesting tricks worth noting:
src/Makefile.am: $(confdir) was already defined, use it in more places
tests/Makefile.am: path_add and VG required some interesting compression

* cfg.mk (sc_prohibit_long_lines): Add another test.
* Makefile.am: Fix offenders.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-19 05:25:35 -06:00
Daniel P. Berrange
040d996342 Merge virCommandPreserveFD / virCommandTransferFD
Merge the virCommandPreserveFD / virCommandTransferFD methods
into a single virCommandPasFD method, and use a new
VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
in behaviour

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-18 12:18:24 +01:00
John Ferlan
57b65c58d0 Allow balloon driver collection to be adjusted dynamically
Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
usage of a new --period option in order to set the collection period for the
balloon driver. This may enable or disable the collection based on the value.

Add the --current, --live, & --config options to dommemstat.
2013-07-16 08:44:53 -04:00
John Ferlan
9ed3a5ca34 Add 'period' for Memballoon statistics gathering capability
Add a period in seconds to allow/enable statistics gathering from the
Balloon driver for 'virsh dommemstat <domain>'.
2013-07-16 08:44:52 -04:00
Martin Kletzander
efab27afbf Make logical pools independent on target path
When using logical pools, we had to trust the target->path provided.
This parameter, however, can be completely ommited and we can use
'/dev/<source.name>' safely and populate it to target.path.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=952973
2013-07-16 12:16:37 +02:00
Peter Krempa
3c8be55c04 cpu: Allow fine tuning of "host-model" cpu
https://bugzilla.redhat.com/show_bug.cgi?id=799354

Until now, the "host-model" cpu mode couldn't be influenced. This patch
allows to use the <feature> elements to either enable or disable
specific CPU flags. This can be used to force flags that can be emulated
even if the host CPU doesn't support them.
2013-07-16 10:51:30 +02:00
John Ferlan
eb0d79c64b storage_pool: Rework chap XML to mimic ceph
The existing 'chap' XML logic was never used - just defined.  Rather than
try to insert a square peg into a round hole, blow it up and rewrite the
logic to follow the 'ceph' format.

Remove the former "chap.login" and "chap.passwd" fields and replace
with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
Adjust the virStoragePoolDefParseAuthChap() to process.

Change the rng file to describe the new layout

Update the formatstorage.html to describe the usage of the secret element
to mention that the secret type "iscsi" and "ceph" can be used
to storage pool too.

Update the formatsecret.html to include a reference to the storage pool

Update tests to handle the changes from 'login' and 'passwd' to 'username'
and '<secret>' format
2013-07-15 12:41:12 -04:00
Michal Privoznik
9021488a5b Adapt to VIR_ALLOC and virAsprintf in docs/ 2013-07-10 11:07:31 +02:00
Eric Blake
1e503ee534 build: honor autogen.sh --no-git
Based on a report by Chandrashekar Shastri, at
https://bugzilla.redhat.com/show_bug.cgi?id=979360

On systems where git cannot access the outside world, a developer
can instead arrange to get a copy of gnulib at the right commit
via side channels (such as NFS share drives), set GNULIB_SRCDIR,
then use ./autogen.sh --no-git.  In this setup, we will now
avoid direct use of git.  Of course, this means no automatic
gnulib updates when libvirt.git updates its submodule, but it
is expected that any developer in such a situation is already
prepared to deal with the fallout.

* .gnulib: Update to latest, for bootstrap.
* bootstrap: Synchronize from gnulib.
* autogen.sh (no_git): Avoid git when requested.
* cfg.mk (_update_required): Skip automatic rerun of bootstrap if
we can't use git.
* docs/compiling.html.in: Document this setup.
* docs/hacking.html.in: Mention this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 16:15:29 -06:00
Eric Blake
040d3f7758 maint: tweak use of <a> in HACKING
The previous handling of <a> tags led to some less-than-ideal
layout in HACKING (most noticeable on a mid-sentence reference
to the valgrind home page).

* docs/hacking.html.in: Slight tweaks to <a> tags.
* docs/hacking1.xsl: Move <a> handling...
* docs/hacking2.xsl: ...here.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 11:49:20 -06:00
Ján Tomko
2e4dd4107e conf: don't check hyperv spinlock retries if disabled
<hyperv>
  <spinlocks state='off'/>
</hyperv>

results in:
error: XML error: missing HyperV spinlock retry count

Don't require retries when state is off and use virXPathUInt
instead of virXPathString to simplify parsing.

https://bugzilla.redhat.com/show_bug.cgi?id=784836#c19
2013-07-04 18:39:56 +02:00
Gao feng
6c30ea2c35 LXC: Introduce New XML element for user namespace
This patch introduces new element <idmap> for
user namespace. for example
<idmap>
    <uid start='0' target='1000' count='10'/>
    <gid start='0' target='1000' count='10'/>
</idmap>

this new element is used for setting proc files
/proc/<pid>/{uid_map,gid_map}.

This patch also supports multiple uid/gid elements
setting in XML configuration.

We don't support the semi configuation, user has to
configure uid and gid both.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-07-02 11:20:04 +01:00
Peter Krempa
23770d7b55 docs: Document hypervisor drivers that support certain timer models
Not every timer model is supported with each hypervisor. Explicitly
mention the driver supporting each timer model.
2013-07-02 09:41:26 +02:00
Michal Novotny
ff96888991 qemu: Implement CPUs check against machine type's cpu-max
Implement check whether (maximum) vCPUs doesn't exceed machine
type's cpu-max settings.

On older versions of QEMU the check is disabled.

Signed-off-by: Michal Novotny <minovotn@redhat.com>
2013-07-01 14:30:42 +02:00
Daniel Veillard
034d322978 Release of libvirt-1.1.0
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localizations and regenerated
2013-07-01 17:22:49 +08:00
Daniel P. Berrange
49e6a16f82 Document security reporting & handling process
Historically security issues in libvirt have been primarily
triaged & fixed by the Red Hat libvirt members & Red Hat
security team, who then usually notify other vendors via
appropriate channels. There have been a number of times
when vendors have not been properly notified ahead of
announcement. It has also disadvantaged community members
who have to backport fixes to releases for which there are
no current libvirt stable branches.

To address this, we want to make the libvirt security process
entirely community focused / driven. To this end I have setup
a new email address "libvirt-security@redhat.com" for end
users to report bugs which have (possible) security implications.

This email addr is backed by an invitation only, private
archive, mailing list. The intent is for the list membership
to comprise a subset of the libvirt core team, along with any
vendor security team engineers who wish to participate in a
responsible disclosure process for libvirt. Members of the
list will be responsible for analysing the problem to determine
if a security issue exists and then issue fixes for all current
official stable branches & git master.

I am proposing the following libvirt core team people as
members of the security team / list (all cc'd):

   Daniel Berrange (Red Hat)
   Eric Blake (Red Hat)
   Jiri Denemar (Red Hat)
   Daniel Veillard (Red Hat)
   Jim Fehlig (SUSE)
   Doug Goldstein (Gentoo)
   Guido Günther (Debian)

We don't have anyone from Ubuntu on the libvirt core team.
Serge Hallyn is the most frequent submitter of patches from
Ubuntu in recent history, so I'd like to invite him to join.
Alternatively, Serge, feel free to suggest someone else to
represent Ubuntu's interests.

If any other vendors/distros have security people who are
responsible for dealing with libvirt security issues, and
want to join to get early disclosure of issues, they can
suggest people. Existing security team members will vet /
approve such requests to ensure they are genuine.

Anyone on the team / list will be **required** to honour any
embargo period agreed between members for non-public issues
that are reported. The aim will be to have a maximum 2 week
embargo period in the common case, extendable to 1 month if
there is sufficient justification made. If anyone feels they
are unable to follow such an embargo process for whatever
reason, please decline membership of the security list/team.

The patch which follows puts up some docs on the website
about all of this....

Document how to report security bugs and the process that
will be used for addressing them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-01 11:08:58 +08:00
Philipp Hahn
dc8614d7ed doc: Fix reference to #elementsUSB
aae0fc2a92 removed the #elementsUSB anchor
but did not update the links to point to the new section #elementsHostDev.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-06-28 15:59:47 -04:00
Laine Stump
8807b28559 nodedev: add iommuGroup to node device object
This includes adding it to the nodedev parser and formatter, docs, and
test.

An example of the new iommuGroup element that is a part of the output
from "virsh nodedev-dumpxml" (virNodeDeviceGetXMLDesc()):

  <device>
    <name>pci_0000_02_00_1</name>
    <capability type='pci'>
    ...
      <iommuGroup number='12'>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/>
      </iommuGroup>
    </capability>
  </device>
2013-06-26 14:10:56 -04:00
Stefan Berger
7070a572aa Fix sample TPM XML
Fix an error in the sample TPM XML.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2013-06-26 08:29:08 -04:00
Laine Stump
ab0c8df0b1 docs: correct and update network vlan example
Somehow I put an example of a domain interface with a <vlan> element
into the network documentation.

This patch replaces that with an example of a network definition that
has a vlan element with trunk='yes', multiple tags, and even the new
nativeMode attribute. It also includes a <portgroup> that has a vlan
defined.
2013-06-26 02:21:23 -04:00
Ján Tomko
11a5c957f4 Use 1.1.0 everywhere in the documentation
Since we already have the v1.1.0-rc1 tag in git.
2013-06-25 15:37:31 +02:00
james robson
861d40565e Configure native vlan modes on Open vSwitch ports
This patch adds functionality to allow libvirt to configure the
'native-tagged' and 'native-untagged' modes on openvswitch networks.

Signed-off-by: Laine Stump <laine@redhat.com>
2013-06-25 00:22:36 -04:00
Jiri Denemark
c0762b6518 New internal migration APIs with extensible parameters
This patch implements extensible variants of all internal migration APIs
used for v3 migration.
2013-06-25 01:13:16 +02:00
Jiri Denemark
d0d5acb511 Introduce virTypedParamsCopy internal API 2013-06-25 00:38:25 +02:00
Jiri Denemark
fefb0d5464 Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
All APIs that take typed parameters are only using params address in
their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
macro, all functions can easily log all individual typed parameters
passed to them.
2013-06-25 00:38:24 +02:00
Jiri Denemark
637a7c865a Introduce virTypedParamsCheck internal API
This API is useful for checking whether only a specific subset of
supported typed parameters were passed.
2013-06-25 00:38:24 +02:00
Jiri Denemark
c40ed4168a Rename virTypedParameterArrayValidate as virTypedParamsValidate 2013-06-25 00:38:24 +02:00
Ján Tomko
31d42506fb conf: add features to volume target XML
Add <features> and <compat> elements to volume target XML.

<compat> is a string which for qcow2 represents the QEMU version
it should be compatible with. Valid values are 0.10 and 1.1.
1.1 is implicit if the <features> element is present, otherwise
qemu-img default is used. 0.10 can be specified to explicitly
create older images after the qemu-img default changes.

<features> contains optional features, so far
<lazy_refcounts/> is available, which enables caching of reference
counters, improving performance for snapshots.
2013-06-21 13:25:30 +02:00
Ján Tomko
800b51d7b0 conf: add vapic and spinlocks to hyperv features
Add new CPU features for HyperV:
vapic for virtual APIC support
spinlocks for setting spinlock support

<features>
  <hyperv>
    <vapic state='on'/>
    <spinlocks state='on' retries='4096'/>
  </hyperv>
</features>

https://bugzilla.redhat.com/show_bug.cgi?id=784836
2013-06-21 12:33:46 +02:00
Claudio Bley
12edde5cbb schema: simplify RNG pattern, remove superfluous <optional> 2013-06-12 16:14:44 +02:00
Ján Tomko
3452400673 docs: add spaces to formatstorage.html
Let the pool types breathe.
2013-06-04 15:56:44 +02:00
Daniel Veillard
4497ef50dc Release of libvirt 1.0.6
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: pull localization updates and regenerate the po
2013-06-03 12:09:56 +02:00
Eric Blake
134e685b1d syntax-check: mandate space after mid-line semicolon
Enforce the style cleanup in the previous patch.

* build-aux/bracket-spacing.pl: Enforce trailing spacing.
* cfg.mk (bracket-spacing-check): Tweak error wording.
* docs/hacking.html.in: Document the rule.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-28 08:26:05 -06:00
Cole Robinson
e4de214b38 docs: domain: /dev/urandom isn't a valid rng patch
Only /dev/random and /dev/hwrng are accepted, list them explicitly.
2013-05-23 14:37:08 -04:00
Michal Privoznik
7e744f8199 Introduce /domain/devices/interface/driver/@queues attribute
This attribute is going to represent number of queues for
multique vhost network interface. This commit implements XML
extension part of the feature and add one test as well. For now,
we can only do xml2xml test as qemu command line generation code
is not adapted yet.
2013-05-22 16:31:27 +02:00
Guannan Ren
2a58d07654 conf: add 'sharePolicy' attribute to graphics element for vnc
-vnc :5900,share=allow-exclusive
allows clients to ask for exclusive access which is
implemented by dropping other connections Connecting
multiple clients in parallel requires all clients asking
for a shared session (vncviewer: -shared switch)

 -vnc :5900,share=force-shared
disables exclusive client access.  Useful for shared
desktop sessions, where you don't want someone forgetting
specify -shared disconnect everybody else.

 -vnc :5900,share=ignore
completely ignores the shared flag and allows everybody
connect unconditionally
2013-05-22 19:18:43 +08:00
Ján Tomko
41c89669b0 docs: formatdomain: fix links in the table of contents 2013-05-21 10:55:42 +02:00
Eric Blake
d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Eric Blake
0d09854c10 docs: add another user
Described here:
https://www.redhat.com/archives/libvir-list/2013-May/msg01329.html

* docs/apps.html.in: Mention Cracow Cloud One.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-17 09:18:14 -06:00
Ján Tomko
25b98d31ec schema: make source optional in volume XML
We don't parse it anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=893273
2013-05-17 08:35:08 +02:00
Ján Tomko
a07b88ee03 schema: require target path in storage pool xml
Make target path mandatory for pool types that require target,
since we refuse to parse a target without a path.

https://bugzilla.redhat.com/show_bug.cgi?id=893273
2013-05-17 08:33:22 +02:00
Osier Yang
9049d6a8c7 qemu: Change values of disk discard
QEMU might support more values for "-drive discard", so using Bi-state
values (on/off) for it doesn't make sense.

"on" maps to "unmap", "off" maps to "ignore":

<...>
@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
requests are ignored or passed to the filesystem.  Some machine types
may not support discard requests.
</...>
2013-05-17 13:03:25 +08:00
Jiri Denemark
555866389c Add support for locking domain's memory pages
The following XML configuration can be used to request all domain's
memory pages to be kept locked in host's memory (i.e., domain's memory
pages will not be swapped out):

      <memoryBacking>
        <locked/>
      </memoryBacking>
2013-05-16 23:03:08 +02:00
Osier Yang
6765316093 conf: Introduce sgio for hostdev
"sgio" is only valid for scsi host device.
2013-05-17 00:46:44 +08:00
Osier Yang
f2c1d9a804 conf: Introduce <shareable> for hostdev
Unlike disk device, the scsi-generic always writethrough the data,
so no need to introduce a "cache" tag, and set "cache=off".
2013-05-16 23:41:25 +08:00
Daniel P. Berrange
ba5f3c7c8e Move VirtualBox driver into libvirtd
Change the build process & driver initialization so that the
VirtualBox driver is built into libvirtd, instead of libvirt.so
This change avoids the VirtualBox GPLv2-only license causing
compatibility problems with libvirt.so which is under the
GPLv2-or-later license.

NB this change prevents use of the VirtualBox driver on the
Windows platform, until such time as libvirtd can be made
to work there.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-16 16:28:53 +01:00
Daniel P. Berrange
41beacd925 Expand documentation for LXC driver
Update the LXC driver documentation to describe the way
containers are setup by default. Also describe the common
virsh commands for managing containers and a little about
the security. Placeholders for docs about configuring
containers still to be filled in.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-16 10:11:14 +01:00
John Ferlan
14b3cac5bc docs: Fix/update syntax in Sysinfo/SMBIOS description 2013-05-15 12:05:22 -04:00
Osier Yang
a7c4202cdd qemu: Support discard for disk
QEMU introduced "discard" option for drive since commit a9384aff53,

<...>
@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
requests are ignored or passed to the filesystem.  Some machine types
may not support discard requests.
</...>

This patch exposes the support in libvirt.

QEMU supported "discard" for "-drive" since v1.5.0-rc0:

% git tag --contains a9384aff53
contains
v1.5.0-rc0
v1.5.0-rc1

So this only detects the capability bit using virQEMUCapsProbeQMPCommandLine.
2013-05-15 19:01:00 +08:00
John Ferlan
f60bd7c7a7 docs: Update formatdomain for lifecycle events 2013-05-15 06:27:17 -04:00
Martin Kletzander
f1ad8d2079 Add VNC WebSocket support
Adding support for new attribute 'websocket' in the '<graphics>'
element, the attribute value is the port to listen on with '-1'
meaning auto-allocation, '0' meaning no websockets.
2013-05-15 09:38:56 +02:00
Osier Yang
77b54b9661 qemu: New XML to disable memory merge at guest startup
QEMU introduced command line "-mem-merge=on|off" (defaults to on) to
enable/disable the memory merge (KSM) at guest startup. This exposes
it by new XML:
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>

The XML tag is same with what we used internally for old RHEL.
2013-05-15 11:25:45 +08:00
Osier Yang
5fd6ae3f2e docs: Fix the wrong links in secret documentation
docs/formatsecret.html.in: (s/domain\.html/formatdomain\.html/g)
2013-05-14 21:49:36 +08:00
Osier Yang
3f85bfdf9e docs: Add the missed usage type 'iscsi'
Pushed under trivial rule.
2013-05-14 21:42:51 +08:00
Gene Czarcinski
ccff335f83 Support for static routes on a virtual bridge
network: static route support for <network>

This patch adds the <route> subelement of <network> to define a static
route.  the address and prefix (or netmask) attribute identify the
destination network, and the gateway attribute specifies the next hop
address (which must be directly reachable from the containing
<network>) which is to receive the packets destined for
"address/(prefix|netmask)".

These attributes are translated into an "ip route add" command that is
executed when the network is started. The command used is of the
following form:

  ip route add <address>/<prefix> via <gateway> \
               dev <virbr-bridge> proto static metric <metric>

Tests are done to validate that the input data are correct.  For
example, for a static route ip definition, the address must be a
network address and not a host address.  Additional checks are added
to ensure that the specified gateway is directly reachable via this
network (i.e. that the gateway IP address is in the same subnet as one
of the IP's defined for the network).

prefix='0' is supported for both family='ipv4' address='0.0.0.0'
netmask='0.0.0.0' or prefix='0', and for family='ipv6' address='::',
prefix=0', although care should be taken to not override a desired
system default route.

Anytime an attempt is made to define a static route which *exactly*
duplicates an existing static route (for example, address=::,
prefix=0, metric=1), the following error message will be sent to
syslog:

    RTNETLINK answers: File exists

This can be overridden by decreasing the metric value for the route
that should be preferred, or increasing the metric for the route that
shouldn't be preferred (and is thus in place only in anticipation that
the preferred route may be removed in the future).  Caution should be
used when manipulating route metrics, especially for a default route.

Note: The use of the command-line interface should be replaced by
direct use of libnl so that error conditions can be handled better.  But,
that is being left as an exercise for another day.

Signed-off-by: Gene Czarcinski <gene@czarc.net>
Signed-off-by: Laine Stump <laine@laine.org>
2013-05-13 16:14:40 -04:00
Daniel P. Berrange
13579d4544 Add 'nbd' as a valid filesystem driver type
The <filesystem> element can now accept a <driver type='nbd'/>
as an alternative to 'loop'. The benefit of NBD is support
for non-raw disk image formats.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 13:15:19 +01:00
Daniel P. Berrange
ada14b86cc Add support for storage format in FS <driver>
Extend the <driver> element in filesystem devices to
allow a storage format to be set. The new attribute
uses 'format' to reflect the storage format. This is
different from the <driver> element in disk devices
which use 'type' to reflect the storage format. This
is because the 'type' attribute on filesystem devices
is already used for the driver backend, for which the
disk devices use the 'name' attribute. Arggggh.

Anyway for disks we have

   <driver name="qemu" type="raw"/>

And for filesystems this change means we now have

   <driver type="loop" format="raw"/>

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 13:15:19 +01:00
Daniel P. Berrange
486a86eb18 Add docs about cgroups layout and usage
Describe the new cgroups layout, how to customize placement
of guests and what virsh commands are used to access the
parameters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-13 12:04:42 +01:00
Osier Yang
f4bb7b4807 Introduce <readonly> for hostdev
Since it's generic enough to be used by other types in future, I
put it in <hostdev> as sub-element, though now it's only used by
scsi host device.
2013-05-13 19:02:40 +08:00
Osier Yang
dcd632af72 rng: Interleave hostdev elements 2013-05-13 18:51:16 +08:00
Han Cheng
5c811dcec5 conf: Generic XMLs for scsi hostdev
An example of the scsi hostdev XML:

    <hostdev mode='subsystem' type='scsi'>
      <source>
        <adapter name='scsi_host0'/>
        <address bus='0' target='0' unit='0'/>
      </source>
      <address type='drive' controller='0' bus='0' target='4' unit='8'/>
    </hostdev>

Controller is implicitly added for scsi hostdev, though the scsi
controller's model defaults to "lsilogic", which might be not what
the user wants (same problem exists for virtio-scsi disk). It's
the existing problem, will be addressed later.

The device address must be specified manually. Later patch will let
libvirt generate it automatically.

This only introduces the generic XMLs for scsi hostdev, later patches
will add other elements, e.g. <readonly>, <shareable>.

Signed-off-by: Han Cheng <hanc.fnst@cn.fujitsu.com>
Signed-off-by: Osier Yang <jyang@redhat.com>
2013-05-13 18:23:50 +08:00
Eric Blake
6b74a9f5d9 string: make VIR_STRDUP easier to use
While reviewing proposed VIR_STRDUP conversions, I've already noticed
several places that do:

if (str && VIR_STRDUP(dest, str) < 0)

which can be simplified by allowing str to be NULL (something that
strdup() doesn't allow).  Meanwhile, code that wants to ensure a
non-NULL dest regardless of the source can check for <= 0.

Also, make it part of the VIR_STRDUP contract that macro arguments
are evaluated exactly once.

* src/util/virstring.h (VIR_STRDUP, VIR_STRDUP_QUIET, VIR_STRNDUP)
(VIR_STRNDUP_QUIET): Improve contract.
* src/util/virstring.c (virStrdup, virStrndup): Change return
conventions.
* docs/hacking.html.in: Document this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-07 13:21:31 -06:00
Eric Blake
ddcfc5492a alloc: make VIR_APPEND_ELEMENT safer
VIR_APPEND_ELEMENT(array, size, elem) was not safe if the expression
for 'size' had side effects.  While no one in the current code base
was trying to pass side effects, we might as well be robust and
explicitly document our intentions.

* src/util/viralloc.c (virInsertElementsN): Add special case.
* src/util/viralloc.h (VIR_APPEND_ELEMENT): Use it.
(VIR_ALLOC, VIR_ALLOC_N, VIR_REALLOC_N, VIR_EXPAND_N)
(VIR_RESIZE_N, VIR_SHRINK_N, VIR_INSERT_ELEMENT)
(VIR_DELETE_ELEMENT, VIR_ALLOC_VAR, VIR_FREE): Document
which macros are safe in the presence of side effects.
* docs/hacking.html.in: Document this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-07 13:21:31 -06:00
Daniel P. Berrange
039e30805c Ensure stub todo.html.in file is HTML5
If no todo.cfg is present, make sure the stub is in HTML5
format and clearly states that the config was not available

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 15:45:50 +01:00
Daniel P. Berrange
c5e8343a25 Point users to Virt-Viewer MSI installers for Windows builds
The Windows port page currently links to pre-built libvirt
DLLs for release 0.8.8 which are 2 years old now. Until we
can reliably produce official Windows installers, point
people to the virt-viewer MSI installers instead which
include the libvirt DLLs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 15:29:37 +01:00
Daniel P. Berrange
5e7b0e8757 Fix namespace bugs in API docs, todo page & hv support page
The XSL for generating the API docs was missing the HTML5
namespace declarations. The todo and hvsupport scripts were
also missing the HTML5 doctype / namespace declaration.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-07 11:19:04 +01:00
Michal Privoznik
c3abb5c459 virstring: Introduce VIR_STRDUP and VIR_STRNDUP
The code adaptation is not done right now, but in subsequent patches.
Hence I am not implementing syntax-check rule as it would break
compilation. Developers are strongly advised to use these new macros.
They are similar to VIR_ALLOC() logic: VIR_STRDUP(dst, src) returns zero
on success, -1 otherwise. In case you don't want to report OOM error,
use the _QUIET variant of a macro.
2013-05-05 12:08:54 +02:00
Daniel P. Berrange
b1434b36b1 Fix a few more docs XSL bugs related to the TOC
Add missing 'html:' namespace prefix to a few more XSL
rules for generating the table of contents links

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 20:57:24 +01:00
Daniel P. Berrange
7ee85c9900 Fix docs generator regression in previous commit
The previous commit failed to update the XSL to take account
of fact that in XHTML mode the elements need namespace
prefixes. This caused every web page to be blank!
2013-05-03 16:58:46 +01:00
Daniel P. Berrange
f2f9742d4d Fix multiple formatting problems in HTML docs
The rule generating the HTML docs passing the --html flag
to xsltproc. This makes it use the legacy HTML parser, which
either ignores or tries to fix all sorts of broken XML tags.
There's no reason why we should be writing broken XML in
the first place, so removing --html and adding the XHTML
doctype to all files forces us to create good XML.

This adds the XHTML doc type and fixes many, many XML tag
problems it exposes.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 15:56:15 +01:00
Ján Tomko
bb5cd56445 docs: fix 'since' for socket path generation
Commit 297c99a says it works from 1.0.5 but it only got pushed
after the 1.0.5 release.
2013-05-03 09:24:00 +02:00
Michal Privoznik
297c99a567 qemu: Generate agent socket path if missing
It's not desired to force users imagine path for a socket they
are not even supposed to connect to. On the other hand, we
already have a release where the qemu agent socket path is
exposed to XML, so we cannot silently drop it from there.
The new path is generated in form:

$LOCALSTATEDIR/lib/libvirt/qemu/channel/target/$domain.$name

for qemu system mode, and

$XDG_CONFIG_HOME/qemu/lib/channel/target/$domain.$name

for qemu session mode.
2013-05-02 16:40:24 +02:00
Daniel Veillard
8e20a23fb6 Release of libvirt-1.0.5
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: pulled and merged a number of new localization updates
2013-05-02 15:04:50 +08:00
Christophe Fergeau
364554a01b docs: Fix closing tag in snapshot documentation
Commit cc6d19f3 added text containing "<code>snapshot<code>" to
formatsnapshot.html.in. The closing tag is missing '/' which causes
the documentation to misrender.
2013-05-01 20:03:12 +02:00
Viktor Mihajlovski
3e82b5ccda S390: Mention changed USB behavior
Add a line saying that no USB controllers are generated by default
on s390.
2013-04-30 19:18:43 -06:00
Laine Stump
c4f63ef080 conf: formatter/parser/RNG/docs for hostdev <driver name='kvm|vfio'/>
A domain's <interface> or <hostdev>, as well as a <network>'s
<forward>, can now have an optional <driver name='kvm|vfio'/>
element. As of this patch, there is no functionality behind this new
knob - this patch adds support to the domain and network
formatter/parser, and to the RNG and documentation.

When the backend is added, legacy KVM PCI device assignment will
continue to be used when no driver name is specified (or if <driver
name='kvm'/> is specified), but if driver name is 'vfio', the new UEFI
Secure Boot compatible VFIO device assignment will be used.

Note that the parser doesn't automatically insert the current default
value of this setting. This is done on purpose because the two
possibilities are functionally equivalent from the guest's point of
view, and we want to be able to automatically start using vfio as the
default (even for existing domains) at some time in the future. This
is similar to what was done with the "vhost" driver option in
<interface>.
2013-04-25 21:23:38 -04:00
Christophe Fergeau
cc6d19f313 Improve /domainsnapshot/disks/disk@snapshot doc
The previous description was a bit confusing.
2013-04-25 21:57:19 +02:00
Ján Tomko
caf659a868 docs: fix memballoon examples
Use a pair of 'memballoon' tags instead of single 'watchdog' one.
Add a few missing colons.
2013-04-25 18:56:33 +02:00
Ján Tomko
df0ebf6b38 conf: add PCI controllers
Add new controller type 'pci' with models 'pci-root' and 'pci-bridge'.
2013-04-25 12:54:38 +02:00
Li Zhang
bf1888738b Add NVRAM device
For pSeries guest in QEMU, NVRAM is one kind of spapr-vio device.
Users are allowed to specify spapr-vio devices'address.
But NVRAM is not supported in libvirt. So this patch is to
add NVRAM device to allow users to specify its address.

In QEMU, NVRAM device's address is specified by
 "-global spapr-nvram.reg=xxxxx".

In libvirt, XML file is defined as the following:

  <nvram>
    <address type='spapr-vio' reg='0x3000'/>
  </nvram>

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
2013-04-25 16:50:11 +08:00
Peter Krempa
278a833922 doc: Clarify usage of SELinux baselabel
State what fields are used when generating SELinux labels from a
baselabel.
2013-04-25 08:33:52 +02:00
Osier Yang
45d6c67143 Introduce a sub-element <driver> for controller
Like what we did for "disk", "filesystem" and "interface", this
introduces sub-element <driver> for "controller", and put the "queues"
into it.
2013-04-25 12:10:58 +08:00
Osier Yang
18b428980f Change the tag name "num_queues" into "queues"
Instead of making a choice between the underscore and camelCase, this
simply changes "num_queues" into "queues", which is also consistent
with Michal's multiple queue support for interface.
2013-04-24 23:36:07 +08:00
Peter Krempa
7b4a630484 qemu: Do sensible auto allocation of SPICE port numbers
With this patch, if the autoport attribute is used, the code will
sensibly auto allocate the ports only if needed.
2013-04-24 14:37:20 +02:00
Daniel P. Berrange
d407a11eab Dedicated name for sub-driver open/close methods
It will simplify later work if the sub-drivers have dedicated
APIs / field names. ie virNetworkDriver should have
virDrvNetworkOpen and virDrvNetworkClose methods

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:54 +01:00
Daniel P. Berrange
07a6b9aac4 Rename 'DeviceMonitor' to 'NodeDeviceDriver'
The driver.h struct for node devices used an inconsistent
naming scheme 'DeviceMonitor' instead of the more usual
'NodeDeviceDriver'. Fix this everywhere it has leaked
out to.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Daniel P. Berrange
abe038cfc0 Extend previous check to validate driver struct field names
Ensure that the driver struct field names match the public
API names. For an API virXXXX we must have a driver struct
field xXXXX. ie strip the leading 'vir' and lowercase any
leading uppercase letters.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Daniel P. Berrange
2601e0f2cc Ensure driver method names match public API names
Ensure that the virDrvXXX method names exactly match
the public APIs virYYY method names. ie XXX == YYY.
Add a test case to prevent any regressions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:51 +01:00
Eric Blake
1bf25ba249 docs: fix usage of 'onto'
http://www.uhv.edu/ac/newsletters/writing/grammartip2009.07.01.htm
(and several other sites) give hints that 'onto' is best used if
you can also add 'up' just before it and still make sense. In many
cases in the code base, we really want the two-word form, or even
a simplification to just 'on' or 'to'.

* docs/hacking.html.in: Use correct 'on to'.
* python/libvirt-override.c: Likewise.
* src/lxc/lxc_controller.c: Likewise.
* src/util/virpci.c: Likewise.
* daemon/THREADS.txt: Use simpler 'on'.
* docs/formatdomain.html.in: Better usage.
* docs/internals/rpc.html.in: Likewise.
* src/conf/domain_event.c: Likewise.
* src/rpc/virnetclient.c: Likewise.
* tests/qemumonitortestutils.c: Likewise.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-19 14:31:16 -06:00
Laine Stump
0f4f5cb26d rng: tighten up domain <controller> schema
The rng schema for <controller> had been non-specific about which
types of controllers allowed which models, and also allowed the
num_queues attribute (since that hasn't been released yet, should we
rename it to "numQueues"?) and <master> subelement to be included for
any controller type. In reality, half of the models are allowed only
for type='scsi', and the other half only for type='usb', num_queues is
allowed only for type='scsi', and <master> only for type='usb'.

This patch makes a separate <group> for type='scsi' and type='usb',
with each group allowing only the appropriate model values, and
allowing num_queue and <master> only when appropriate.

<interleave> also hadn't been specified, forcing a specific order of
subelements, which should never be done. (Note that the <interleave>
had to surround the main element attributes that are in the <group>
subelements, due to one of the <group>s containing a subelement).
2013-04-18 06:59:27 -04:00
Osier Yang
06902a6f18 docs: Update HACKING
To tell libvirt-{qemu,lxc}.h shouldn't be included either.
2013-04-18 11:43:18 +08:00
Osier Yang
09d2547f96 qemu: Allow the disk wwn to have "0x" prefix
The recent qemu requires "0x" prefix for the disk wwn, this patch
changes virValidateWWN to allow the prefix, and prepend "0x" if
it's not specified. E.g.

qemu-kvm: -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,wwn=6000c60016ea71ad:
Property 'scsi-hd.wwn' doesn't take value '6000c60016ea71ad'

Though it's a qemu regression, but it's nice to allow the prefix,
and doesn't hurt for us to always output "0x".
2013-04-17 23:05:56 +08:00
Daniel P. Berrange
8d4adf3efa Add XML config for resource partitions
Allow VMs to be placed into resource groups using the
following syntax

  <resource>
    <partition>/virtualmachines/production</partition>
  </resource>

A resource cgroup will be backed by some hypervisor specific
functionality, such as cgroups with KVM/LXC.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-15 17:35:31 +01:00
Stefan Berger
5eac4f600c Add documentation and schema for TPM passthrough
Supported TPM passthrough XML may look as follows:

    <tpm model='tpm-tis'>
      <backend type='passthrough'>
        <device path='/dev/tpm0'/>
      </backend>
    </tpm>

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
2013-04-12 16:55:45 -04:00
Eric Blake
cdb1c3b6e2 docs: fix typo when using Kerberos principals
Kerberos uses 'primary' or 'key' files (principals), not 'abstract
ideal' or 'rule' files (principles).  Reported by Jason Meinzer.

Reflow a paragraph to fit in 80 columns in the process.

* docs/auth.html.in: Fix spelling.
2013-04-09 16:46:04 -06:00
Han Cheng
0f5837aac2 schemas: Move PortNumber and sourceinfoadapter to basictypes.rng
The definiton of scsi adapter in storagespool.rng (sourceinfoadapter)
can be used by scsi hostdev in later patch. Move it to basictypes.rng.

PortNumber is defined in both domaincommon.rng and storagespool.rng,
simplify it by moving it to basictypes.rng.

Signed-off-by: Han Cheng <hanc.fnst@cn.fujitsu.com>
2013-04-09 22:34:02 +08:00
Osier Yang
8de8d46acc docs: Add the missed <pre> tag 2013-04-09 22:29:39 +08:00
Bogdan Purcareata
4aafa1ff86 Update structure & XML definitions to support <hostdev caps=net>
This updates the definitions and supporting structures in the XML
schema and domain configuration files.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
2013-04-08 17:40:08 +01:00
Osier Yang
664270b849 Support seclabels for volume type disk
"seclabels" is only valid for 'file' or 'block' type storage volume.
2013-04-08 18:59:50 +08:00
Osier Yang
43404fee37 Support startupPolicy for 'volume' disk
"startupPolicy" is only valid for file type storage volume, otherwise
it fails on starting the domain.
2013-04-08 18:54:37 +08:00
Osier Yang
4bc331c894 Introduce new XMLs to specify disk source using libvirt storage
With this patch, one can specify the disk source using libvirt
storage like:

  <disk type='volume' device='disk'>
    <driver name='qemu' type='raw' cache='none'/>
    <source pool='default' volume='fc18.img'/>
    <target dev='vdb' bus='virtio'/>
  </disk>

"seclabels" and "startupPolicy" are not supported for this new
disk type ("volume"). They will be supported in later patches.

docs/formatdomain.html.in:
  * Add documents for new XMLs
docs/schemas/domaincommon.rng:
  * Add rng for new XMLs;
src/conf/domain_conf.h:
  * New struct for 'volume' type disk source (virDomainDiskSourcePoolDef)
  * Add VIR_DOMAIN_DISK_TYPE_VOLUME for enum virDomainDiskType
src/conf/domain_conf.c:
  * New helper virDomainDiskSourcePoolDefParse to parse the 'volume'
    type disk source.
  * New helper virDomainDiskSourcePoolDefFree to free the source def
    if 'volume' type disk.
tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
tests/qemuxml2xmltest.c:
  * New test
2013-04-08 18:48:14 +08:00
Osier Yang
c1f63a9bdf storage: Make the adapter name be consistent with node device driver
node device driver names the HBA like "scsi_host5", but storage
driver uses "host5", which could make the user confused. This
changes them to be consistent. However, for back-compat reason,
adapter name like "host5" is still supported.
2013-04-08 18:41:06 +08:00
Osier Yang
9f781da69d New XML attributes for storage pool source adapter
This introduces 4 new attributes for storage pool source adapter.
E.g.

<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>

Attribute 'type' can be either 'scsi_host' or 'fc_host', and defaults
to 'scsi_host' if attribute 'name' is specified. I.e. It's optional
for 'scsi_host' adapter, for back-compat reason. However, mandatory
for 'fc_host' adapter and any new future adapter types. Attribute
'parent' is to specify the parent for the fc_host adapter.

* docs/formatstorage.html.in:
  - Add documents for the 4 new attrs
* docs/schemas/storagepool.rng:
  - Add RNG schema
* src/conf/storage_conf.c:
  - Parse and format the new XMLs
* src/conf/storage_conf.h:
  - New struct virStoragePoolSourceAdapter, replace "char *adapter" with it;
  - New enum virStoragePoolSourceAdapterType
* src/libvirt_private.syms:
  - Export TypeToString and TypeFromString
* src/phyp/phyp_driver.c:
  - Replace "adapter" with "adapter.data.name", which is member of the union
    of the new struct virStoragePoolSourceAdapter now. Later patch will
    add the checking, as "adapter.data.name" is only valid for "scsi_host"
    adapter.
* src/storage/storage_backend_scsi.c:
  - Like above
* tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host.xml:
* tests/storagepoolxml2xmlin/pool-scsi-type-fc-host.xml:
  - New test for 'fc_host' and "scsi_host" adapter
* tests/storagepoolxml2xmlout/pool-scsi.xml:
  - Change the expected output, as the 'type' defaults to 'scsi_host' if 'name"
    specified now
* tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host.xml:
* tests/storagepoolxml2xmlout/pool-scsi-type-fc-host.xml:
  - New test
* tests/storagepoolxml2xmltest.c:
  - Include the test
2013-04-08 18:41:06 +08:00
Osier Yang
d4bf0a9378 qemu: Support multiple queue virtio-scsi
This introduce a new attribute "num_queues" (same with the good name
QEMU uses) for virtio-scsi controller. An example of the XML:

<controller type='scsi' index='0' model='virtio-scsi' num_queues='8'/>

The corresponding QEMU command line:

-device virtio-scsi-pci,id=scsi0,num_queues=8,bus=pci.0,addr=0x3 \
2013-04-06 10:08:47 +08:00
Daniel P. Berrange
8ef2b2c5b1 Refactor RNG schema for resource tuning
Split the "resource" define out into multiple smaller
defines, one for each type of resource tuning parameter.
This makes the schema a bit clearer to read

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-05 10:40:21 +01:00
Osier Yang
ad5298e177 rng: Add definition for network disk source
It's long enough to have a independant definition.
2013-04-03 20:14:05 +08:00
Martin Kletzander
d1d2acd7f2 manual: Add info about migrateuri in virsh manual
The virsh(1) man page wasn't saying anything about the 'migrateuri'
parameter other than it can be usually omitted.  A patched version of
docs/migrate.html.in is taken in this patch to fix that up in the man
page.
2013-04-02 17:06:40 +02:00
Michal Privoznik
5e5ca84e31 test: Return Libvirt logo as domain screenshot
This is just a bare Easter Egg. Whenever a user runs virDomainScreenshot
over a domain in test driver, he'll get the Libvirt PNG logo in return.
2013-04-02 14:38:56 +02:00
Daniel Veillard
89d730201f Release of libvirt-1.0.4
- configure.ac docs/news.html.in libvirt.spec.in: updates for the release
- po/*.po*: fetch translation updates from Transifex and regenerate
2013-04-01 10:57:04 +08:00
Christophe Fergeau
f81b850911 docs: Fix truncated sentence in RDP 'multiUser' attribute 2013-03-29 13:54:22 +01:00
Osier Yang
448be8f706 nodedev: Dump max vports and vports in use for HBA's XML
This enrichs HBA's xml by dumping the number of max vports and
vports in use. Format is like:

  <capability type='vport_ops'>
    <max_vports>164</max_vports>
    <vports>5</vports>
  </capability>

* docs/formatnode.html.in: (Document the new XML)
* docs/schemas/nodedev.rng: (Add the schema)
* src/conf/node_device_conf.h: (New member for data.scsi_host)
* src/node_device/node_device_linux_sysfs.c: (Collect the value of
  max_vports and vports)
2013-03-25 20:46:05 +08:00
Paolo Bonzini
9f7a9aee37 qemu: add support for LSI MegaRAID SAS1078 (aka megasas) SCSI controller
This does nothing more than adding the new device and capability.
The device is present since QEMU 1.2.0.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:11:14 +08:00
Paolo Bonzini
6dca6d84ed domain: parse XML for iscsi authorization credentials
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:23 +08:00
Paolo Bonzini
adba070122 secret: add iscsi to possible usage types
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:23 +08:00
Paolo Bonzini
8110a8249d domain: make port optional for network disks
Only sheepdog actually required it in the code, and we can use 7000 as the
default---the same value that QEMU uses for the simple "sheepdog:VOLUME"
syntax.  With this change, the schema can be fixed to allow no port.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:23 +08:00
Paolo Bonzini
1a308ee015 qemu: add support for libiscsi
libiscsi provides a userspace iSCSI initiator.

The main advantage over the kernel initiator is that it is very
easy to provide different initiator names for VMs on the same host.
Thus libiscsi supports usage of persistent reservations in the VM,
which otherwise would only be possible with NPIV.

libiscsi uses "iscsi" as the scheme, not "iscsi+tcp".  We can change
this in the tests (while remaining backwards-compatible manner, because
QEMU uses TCP as the default transport for both Gluster and NBD).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:22 +08:00
Martin Kletzander
28933c5574 Correct invalid RNG schemas
The 'trang' utility, which is able to transform '.rng' files into
'.rnc' files, reported some errors in our schemas that weren't caught
by the tools we use in the build.  I haven't added a test for this,
but the validity can be checked by the following command:

trang -I rng -O rnc domain.rng domain.rnc

There were unescaped minuses in regular expressions and we were
constraining int (which is by default in the range of [-2^31;2^31-1]
to maximum of 2^32.  But what we wanted was exactly an unsignedInt.
2013-03-21 17:24:08 +01:00
Paolo Bonzini
1d94891288 domain: add support for iscsi network disks
This plumbs in the XML description of iSCSI shares.  The next patches
will add support for the libiscsi userspace initiator.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-20 17:30:25 -06:00
Philipp Hahn
476d8f975d doc/schema: disk storage volume formats
The storage volume formats supported by the disk storage pool are
missing from the allowed values.

Add partition types.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-03-20 21:48:05 +08:00
Philipp Hahn
7503c81edd doc: storage: Fix grammar
Remove 'are' before 'have'.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-03-20 21:47:49 +08:00
Philipp Hahn
10219f2076 doc/schema: Support iqn for storage pools
iSCSI qualified names (iqn) from RFC3721 may contain colons (':'), which
neither matches the absFilePath nor genericName:

 $ virsh pool-dumpxml myiscsipool
 <pool type='iscsi'>
 ...
   <source>
 ...
     <device path='iqn.2003-01.org.linux-iscsi.phahn-sid93.x8664:sn.8a3daa0d4efd'/>
   </source>
 ...
 </pool>

Add IscsiQualifiedName type and allow its use in sourceiscsi.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-03-20 21:47:26 +08:00
Philipp Hahn
51ab5908a1 doc/schema: add ocfs2 for disk vol
Add ocfs2 for disk vol.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-03-20 21:46:53 +08:00
Olivia Yin
9545acd9f0 conf: support <dtb> tag in XML domain file 2013-03-19 15:48:58 -06:00
Christophe Fergeau
5ab0c045e3 Fix /pool/storage/name documentation
There was a 2 word sentence 'remote server' which is a left-over
from copy and paste.
2013-03-19 15:48:45 +01:00
Christophe Fergeau
ff1d26fae4 Fix /pool/storage/directory@path documentation
Because of a wrong copy and paste, the documentation was saying that
'path' is the path to a block device node while it's a path to a
directory.
2013-03-19 15:48:45 +01:00
Paolo Bonzini
be2a15dd60 qemu: support NBD with Unix sockets
This reuses the XML format that was introduced for Gluster.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 15:27:56 -06:00
Paolo Bonzini
0aa9f522c4 qemu: support named nbd exports
These are supported by nbd-server and by the NBD server that QEMU
embeds for live image access.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-15 15:12:41 -06:00
Peter Krempa
32bd699f55 virtio-rng: Add rate limiting options for virtio-RNG
Qemu's implementation of virtio RNG supports rate limiting of the
entropy used. This patch exposes the option to tune this functionality.

This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4

The rate limiting is exported in the XML as:
<devices>
  ...
  <rng model='virtio'>
    <rate bytes='123' period='1234'/>
    <backend model='random'/>
  </rng>
  ...
2013-03-14 13:28:10 +01:00
Viktor Mihajlovski
41ce2c9e94 S390: Documentation for CCW address type
The native bus for s390 I/O is called CCW (channel command word).
As QEMU has added basic support for the CCW bus, i.e. the
ability to assign CCW devnos (bus addresses) to devices.
Domains with the new machine type s390-ccw-virtio can use the
CCW bus. Currently QEMU will only allow to define virtio
devices on the CCW bus.
Here we add the new machine type and the new device address to the
schema definition and add a new paragraph to the domain XML
documentation.

Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-03-13 16:49:57 -06:00
Jiri Denemark
11677e081b docs: Clarify semantics of sparse storage volumes
Sparse LVM volumes do not behave in the way one would naively expect.
The allocation does not automatically increase (which is different from
how sparse files work).
2013-03-12 09:03:14 +01:00
Dusty Mabe
d3092c60f7 capabilities: add NUMA memory information
'virsh capabilities' will now include a new <memory> element
per <cell> of the topology, as in:

    <topology>
      <cells num='2'>
        <cell id='0'>
          <memory unit='KiB'>12572412</memory>
          <cpus num='12'>
          ...
        </cell>

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-03-08 11:51:00 -07:00
Eric Blake
374631d016 rng: allow default device in RNG grammar
This matches the documentation of commit 4932ef4, and the
C code changes of commit 75e656a.

* docs/schemas/domaincommon.rng: Allow default entry.
2013-03-07 07:06:53 -07:00
Daniel Veillard
be1c364d89 Release of libvirt 1.0.3
- configure.ac docs/news.html.in libvirt.spec.in: update for the release
- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
  regenerated
2013-03-05 12:00:53 +08:00
Eric Blake
4932ef4502 rng: restrict passthrough names to known-good files
There is some controversy[1] on the qemu list on whether qemu should
have ever allowed arbitrary file name passthrough, or whether it
should be restricted to JUST /dev/random and /dev/hwrng.  It is
always easier to add support for additional filenames than it is
to remove support for something once released, so this patch
restricts libvirt 1.0.3 (where the virtio-random backend was first
supported) to just the two uncontroversial names, letting us defer
to a later date any decision on whether supporting arbitrary files
makes sense. Additionally, since qemu 1.4 does NOT support
/dev/fdset/nnn fd passthrough for the backend, limiting to just
two known names means that we don't get tempted to try fd
passthrough where it won't work.

[1]https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023

* src/conf/domain_conf.c (virDomainRNGDefParseXML): Only allow
/dev/random and /dev/hwrng.
* docs/schemas/domaincommon.rng: Flag invalid files.
* docs/formatdomain.html.in (elementsRng): Document this.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args:
Update test to match.
* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml:
Likewise.
2013-03-04 17:45:38 -07:00
John Ferlan
2631fe0420 internals: Update to include RPC and Lock links and add new data
Added a picture and explanation describing the virConnectOpen processing
at a "higher" level, but with some source code references.
2013-03-04 17:36:03 -05:00
John Ferlan
6fd1b9d621 Add references for phyp and parallels 2013-03-04 17:36:03 -05:00
John Ferlan
0b5c717b61 api: Add text and references for daemon 2013-03-04 17:36:03 -05:00
John Ferlan
b1083281d9 api: Add text and references for drivers section 2013-03-04 17:36:03 -05:00
John Ferlan
492233e773 api: Complete list of function and naming conventions 2013-03-04 17:36:03 -05:00
John Ferlan
cc24589e75 api: Reword and clean lists for object description 2013-03-04 17:36:03 -05:00
John Ferlan
b8a0b631dc api: Reword objects exposed section 2013-03-04 17:36:03 -05:00
Guido Günther
c7e85db61b hook: log the exit status of the hook not 256
Adjust the docs accordingly. See http://bugs.debian.org/701570.
2013-03-01 20:28:00 +01:00
Eric Blake
5b17c7a954 maint: fix typo in network docs
* docs/formatnetwork.html.in: Spell variation correctly.
2013-02-27 21:18:33 -07:00
Laine Stump
db2536a627 Revert "Add support for <option> tag in network config"
This reverts commit 383ebc4694.

We decided the xml for this feature needed more thought to make sure
we are doing it the best way, in particular wrt option values that
have multiple items.
2013-02-27 10:55:24 -05:00
Peter Krempa
4db199fc4c docs: Fix attribute name for virtio-rng backend 2013-02-27 11:04:40 +01:00
Philipp Hahn
c47884a122 doc: document new storage volume/pool types
Add qed for dirfs pool.
Add ocfs2 for disk pool.
Add lvm2 for disk and logical pool.
Add cifs and glusterfs for netfs pool.

Note: POOL_DISK_LVM2 can not be created by "parted mklabel", but is only
returned from auto-detection on disk pools.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-02-26 20:19:19 -07:00
Eric Blake
035b0db8ba Revert "S390: Documentation for CCW address type"
This reverts commit 24aa7f8d11.

The implementation to match the documentation is not complete yet,
and the final design might change the name of the 'schid' attribute.
2013-02-26 16:31:27 -07:00
Philipp Hahn
141deb9feb schema: Restrict mode to octal
virStrToLong(..., 8, ...) already requires the mode to be octal.
Change the relax-ng schema to check for octal as well.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-02-26 16:23:21 -07:00
Peter Krempa
fa16c80f52 doc: schema: Add basic documentation for the virtual RNG device support
This patch documents XML elements used for (basic) support of virtual
RNG devices.

In the devices section in the domain XML users may specify:

For the default 'random' backend:
  <devices>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
    </rng>
  </devices>

For the slightly more advanced EGD backend:
  <devices>
    <rng model='virtio'>
      <backend model='egd' type='udp'>
        <!-- this is a definition of a character device -->
        <source mode='bind' service='1234'/>
        <source mode='connect' host='1.2.3.4' service='1234'/>
        <!-- or other valid character device configuration -->
      </backend>
    </rng>
  </devices>

For the planned random daemon/pool:
  <devices>
    <rng model='virtio'>
      <backend model='pool' pool='poolname'>class</backend>
    </rng>
  </devices>

to enable the RNG device for guests.
2013-02-25 10:17:35 +01:00
Gene Czarcinski
0b73a763f3 use client id for IPv6 DHCP host definition
Originally, only a host name was used to associate a
DHCPv6 request with a specific IPv6 address.  Further testing
demonstrates that this is an unreliable method and, instead,
a client-id or DUID needs to be used.  According to DHCPv6
standards, this id can be a duid-LLT, duid-LL, or duid-UUID
even though dnsmasq will accept almost any text string.

Although validity checking of a specified string makes sure it is
hexadecimal notation with bytes separated by colons, there is no
rigorous check to make sure it meets the standard.

Documentation and schemas have been updated.

Signed-off-by: Gene Czarcinski <gene@czarc.net>
Signed-off-by: Laine Stump <laine@laine.org>
2013-02-25 02:49:06 -05:00