The current LUKS support has a "luks" volume type which has
a "luks" encryption format.
This partially makes sense if you consider the QEMU shorthand
syntax only requires you to specify a format=luks, and it'll
automagically uses "raw" as the next level driver. QEMU will
however let you override the "raw" with any other driver it
supports (vmdk, qcow, rbd, iscsi, etc, etc)
IOW the intention though is that the "luks" encryption format
is applied to all disk formats (whether raw, qcow2, rbd, gluster
or whatever). As such it doesn't make much sense for libvirt
to say the volume type is "luks" - we should be saying that it
is a "raw" file, but with "luks" encryption applied.
IOW, when creating a storage volume we should use this XML
<volume>
<name>demo.raw</name>
<capacity>5368709120</capacity>
<target>
<format type='raw'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
</encryption>
</target>
</volume>
and when configuring a guest disk we should use
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/home/berrange/VirtualMachines/demo.raw'/>
<target dev='sda' bus='scsi'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
</encryption>
</disk>
This commit thus removes the "luks" storage volume type added
in
commit 318ebb36f1
Author: John Ferlan <jferlan@redhat.com>
Date: Tue Jun 21 12:59:54 2016 -0400
util: Add 'luks' to the FileTypeInfo
The storage file probing code is modified so that it can probe
the actual encryption formats explicitly, rather than merely
probing existance of encryption and letting the storage driver
guess the format.
The rest of the code is then adapted to deal with
VIR_STORAGE_FILE_RAW w/ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS
instead of just VIR_STORAGE_FILE_LUKS.
The commit mentioned above was included in libvirt v2.0.0.
So when querying volume XML this will be a change in behaviour
vs the 2.0.0 release - it'll report 'raw' instead of 'luks'
for the volume format, but still report 'luks' for encryption
format. I think this change is OK because the storage driver
did not include any support for creating volumes, nor starting
guets with luks volumes in v2.0.0 - that only since then.
Clearly if we change this we must do it before v2.1.0 though.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
To allow using failover with gluster it's necessary to specify multiple
volume hosts. Add support for starting qemu with such configurations.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Add support for converting objects nested in arrays with a numbering
discriminator on the command line. This syntax is used for the
object-based specification of disk source properties.
Add a modular parser that will allow to parse 'json' backing definitions
that are supported by qemu. The initial implementation adds support for
the 'file' driver.
Due to the approach qemu took to implement the JSON backing strings it's
possible to specify them in two approaches.
The object approach:
json:{ "file" : { "driver":"file",
"filename":"/path/to/file"
}
}
And a partially flattened approach:
json:{"file.driver":"file"
"file.filename":"/path/to/file"
}
Both of the above are supported by qemu and by the code added in this
commit. The current implementation de-flattens the first level ('file.')
if possible and required. Other handling may be added later but
currently only one level was possible anyways.
For use with memory hotplug virQEMUBuildCommandLineJSONRecurse attempted
to format JSON arrays as bitmap on the command line. Make the formatter
function configurable so that it can be reused with different syntaxes
of arrays such as numbered arrays for use with disk sources.
This patch extracts the code and adds a parameter for the function that
will allow to plug in different formatters.
Until now the JSON->commandline convertor was used only for objects
created by qemu. To allow reusing it with disk formatter we'll need to
escape ',' as usual in qemu commandlines.
Refactor the command line generator by adding a wrapper (with
documentation) that will handle the outermost object iteration.
This patch also renames the functions and tweaks the error message for
nested arrays to be more universal.
The new function is then reused to simplify qemucommandutiltest.
As we already test that the extraction of the backing store string works
well additional tests for the backing store string parser can be made
simpler.
Export virStorageSourceNewFromBackingAbsolute and use it to parse the
backing store strings, format them using virDomainDiskSourceFormat and
match them against expected XMLs.
Failure to parse a XML that was not supposed to fail would result into a
crash in the test suite as the vcpu bitmap would not be filled prior to
the active XML->XML test.
Skip formatting of the vcpu snippet in the fake status XML formatter in
such case to avoid the crash. The test would fail anyways.
There's a plan to rework the address handling, so testcases
that verify hotplugging ccw devices will help in avoiding
regression.
In this commit, some files are duplicated because of the way
qemuhotplug.c calculates the expected xml filenames.
I plan on changing that to explicitly stating the basis domain
xml, the device xml, and the expected xml.
When parsing a command line with USB devices that have
no address specified, QEMU automatically adds a USB hub
if the device would fill up all the available USB ports.
To help most of the users, add one hub if there are more
USB devices than available ports. For wilder configurations,
expect the user to provide us with more hubs and/or controllers.
Resolves a CI test integration failure with a RHEL6/Centos6 environment.
In order to use a LUKS encrypted device, the design decision was to
generate an encrypted secret based on the master key. However, commit
id 'da86c6c' missed checking for that specifically.
When qemuDomainSecretSetup was implemented, a design decision was made
to "fall back" to a plain text secret setup if the specific cipher was
not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC))
as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup
there is no fall back to the plaintext secret, thus if that gets set
up by qemuDomainSecretSetup, then we need to fail.
Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET
bit, it didn't take into account the second requirement that the
ability to generate the encrypted secret is possible. So modify the
test to not attempt to run the luks-disk if we know we don't have
the encryption algorithm.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021
Generate the luks command line using the AES secret key to encrypt the
luks secret. A luks secret object will be in addition to a an AES secret.
For hotplug, check if the encinfo exists and if so, add the AES secret
for the passphrase for the secret object used to decrypt the device.
Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle
find a uuid or a volume usage with a specific path prefix in the XML
(corresponds to the already generated XML tests). Add error message
when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39'
altered the error message generation to rely on the errors from the
secret_driver (or it's faked replacement).
Add the .args output for adding the LUKS disk to the domain
Signed-off-by: John Ferlan <jferlan@redhat.com>
Partially resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1301021
If the volume xml was looking to create a luks volume take the necessary
steps in order to make that happen.
The processing will be:
1. create a temporary file (virStorageBackendCreateQemuImgSecretPath)
1a. use the storage driver state dir path that uses the pool and
volume name as a base.
2. create a secret object (virStorageBackendCreateQemuImgSecretObject)
2a. use an alias combinding the volume name and "_luks0"
2b. add the file to the object
3. create/add luks options to the commandline (virQEMUBuildLuksOpts)
3a. at the very least a "key-secret=%s" using the secret object alias
3b. if found in the XML the various "cipher" and "ivgen" options
Signed-off-by: John Ferlan <jferlan@redhat.com>
Cannot assume virGetLastError returns non-NULL value - modify the code to
fetch err and check if err && err->code
Found by Coverity
Signed-off-by: John Ferlan <jferlan@redhat.com>
We were requiring a USB port path in the schema, but not enforcing it.
Omitting the USB port would lead to libvirt formatting it as (null).
Such domain cannot be started and will disappear after libvirtd restart
(since it cannot parse back the XML).
Only format the port if it has been specified and mark it as optional
in the XML schema.
Commit id's '9bbf0d7e6' and '2552fec24' added some XML parsing tests
for a LUKS volume to use a 'passphrase' secret format. After commit,
this was deemed to be incorrect, so covert the various tests to use
the volume usage format where the 'usage' is the path to the volume
rather than a user defined name string.
Also, removed the qemuxml2argv-luks-disk-cipher.xml since it was
just a duplicate of qemuxml2argv-luks-disks.xml.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Commit ca10bb040f introduced a new test that fails to build
on at least some architectures:
commandtest.c: In function 'test25':
commandtest.c:1121:5: error: comparison is always true due to
limited range of data type [-Werror=type-limits]
if (rv >= 0) {
^
Change the type of 'rv' from char to int, which is the proper
return type for virCommandExec() anyway.
We can't mock tests on Mingw, which lacks dlopen() and friends;
follow the paradigms used in other mock files of conditionally
compiling nothing when not building for Linux.
Signed-off-by: Eric Blake <eblake@redhat.com>
In an unlikely event of execve() failing, the virCommandExec()
function does not report any error, even though checks that are
at the beginning of the function are verbose when failing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Check whether QEMU supports -device intel-iommu
Note that the presence of this option does not mean that it's
usable because of a bug in earlier QEMU versions, but it's
better than nothing.
https://bugzilla.redhat.com/show_bug.cgi?id=1235580
Commit c9c03ea stopped creating an intermediate file during syntax-check
to save on execution time. It also switched to outputting the whole
incorrectly wrapped file instead of a diff needed to fix it.
Feed the newly wrapped file to diff via a pipe.
Note that fixing it by running test-wrap-argv.pl --in-place or
the unit test with VIR_TEST_REGENERATE_OUTPUT is easier.
Commit 843a70a changed test-wrap-argv.pl to use
/usr/bin/env perl
instead of
/usr/bin/perl
However when called from qemuxml2argvtest with
VIR_TEST_REGENERATE_OUTPUT, PATH is set to '/bin'.
Find the path to perl early in virTestMain, in case we
are going to need it later after we've overridden PATH.
In commit ec5dcf2a and b0b4a35c we have moved qemuhotplugtest's XMLs to
new directories but forgot to fix the Makefile. Add 2 directories in
EXTRA_DIST to fix broken VPATH build. Also remove now unused
qemuhotplugtestdata directory from the Makefile as well as from the
tree.
Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
The libvirtdconftest was previously used to test data type
handling of the libvirtd config file. Now we're using the
typedef APIs, this test case has little value, and is pretty
hard to fixup with deal with the new APIs.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Currently many users of virConf APIs are defining the same
macros for calling virConfValue() and then doing type
checking. To remove this repeated code, add a set of
typesafe accessor methods.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The virconftest is different from all our other tests in that
the C program only tests a single in/out config file pair. It
relies on a shell wrapper to invoke it once for each test
file.
This gets rid of the shell wrapper and makes the C program
actually run over each test file using the normal test pattern.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This way we can safely differentiate what XMLs contain whole domain
definitions and which contain just devices. Thanks to that we can
test the domain XMLs in virschematest again.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This makes the search for related XMLs easier, plus they are not used in
the xml2argv tests anyway. This also makes future patches cleaner.
While on that remove unnecessary '-hotplug' from the filenames.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
In the mock, we have a stub for virNetDevTapCreate(). However,
the mocked version does not exactly as it's native counterpart.
The function receives a string, which is an interface name that
caller would like to have, but it's not guaranteed that they will
get just that one. If they don't, the function free()-s the one
passed and returns the new one. Just like the mocked version. But
what is the mocked version missing is the free().
==1068== 6 bytes in 1 blocks are definitely lost in loss record 9 of 132
==1068== at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==1068== by 0xDE13356: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
==1068== by 0xAE2333E: virXMLPropString (virxml.c:479)
==1068== by 0xAE45975: virDomainNetDefParseXML (domain_conf.c:9038)
==1068== by 0xAE5C0BB: virDomainDefParseXML (domain_conf.c:16734)
==1068== by 0xAE5EB96: virDomainDefParseNode (domain_conf.c:17444)
==1068== by 0xAE5EA05: virDomainDefParse (domain_conf.c:17391)
==1068== by 0xAE5EA93: virDomainDefParseFile (domain_conf.c:17415)
==1068== by 0x433430: testCompareXMLToArgvFiles (qemuxml2argvtest.c:278)
==1068== by 0x433A18: testCompareXMLToArgvHelper (qemuxml2argvtest.c:414)
==1068== by 0x446ED4: virTestRun (testutils.c:179)
==1068== by 0x43A099: mymain (qemuxml2argvtest.c:1016)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
It's just test, but why leak it?
==26971== 20 bytes in 1 blocks are definitely lost in loss record 623 of 704
==26971== at 0x4C29F80: malloc (vg_replace_malloc.c:296)
==26971== by 0xE560447: vasprintf (vasprintf.c:76)
==26971== by 0xAE0DEE2: virVasprintfInternal (virstring.c:480)
==26971== by 0xAE0DFF7: virAsprintfInternal (virstring.c:501)
==26971== by 0x4751F3: qemuProcessPrepareMonitorChr (qemu_process.c:2651)
==26971== by 0x4334B1: testCompareXMLToArgvFiles (qemuxml2argvtest.c:297)
==26971== by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
==26971== by 0x446E7A: virTestRun (testutils.c:179)
==26971== by 0x445D33: mymain (qemuxml2argvtest.c:2029)
==26971== by 0x44886F: virTestMain (testutils.c:969)
==26971== by 0x445D9B: main (qemuxml2argvtest.c:2036)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
