Commit Graph

4691 Commits

Author SHA1 Message Date
Michal Privoznik
720e8f13ff conf: Introduce MTE domain feature
The Memory Tagging Extensions are hardware acceleration present
in some ARM processors that allow memory error detection [1].
Introduce a domain XML knob that turns them on or off.

1: https://www.arm.com/blogs/blueprint/memory-safety-arm-memory-tagging-extension
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-05-16 17:42:58 +02:00
Peter Krempa
3d6bc5c611 conf: qemu: Add support for multi-channel mode for 'usb' sound cards
Allow users controlling the multi-channel mode by adding a
'multichannel' property parsed for USB audio devices and wire up the
support in the qemu driver.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/472
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-05-09 15:12:03 +02:00
Peter Krempa
374c716af9 docs: formatdomain: Use code blocks to emphasize various sound device options
Emphasize the various sound card models and other config options by
using ``...``.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-05-09 15:12:03 +02:00
Andrea Bolognani
32f772e986 meson: Use initconfdir
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-05-05 15:08:25 +02:00
Peter Krempa
83eee66f81 conf: Store the iothread 'poll' settings in the XML
Currently we allow configuring the 'poll-max-ns', 'poll-grow', and
'poll-shrink' parameters of qemu iothreads only during runtime and they
are not persisted. Add XML machinery to persist them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-05-02 14:32:47 +02:00
Andrea Bolognani
567f1ece98 docs: Drop java.rst
We no longer link to it from anywhere, and a server-side
redirect has been created to keep existing external links
working.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-04-27 11:06:49 +02:00
Andrea Bolognani
c9e7938deb docs: Link to java.libvirt.org
All the information from java.rst have been transferred
to the subproject's own website.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-04-27 11:06:42 +02:00
Martin Kletzander
a0cf5d6e4d docs: Fix missing backtick in formatdomain.rst
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-25 12:32:12 +02:00
Ján Tomko
03ca889b15 qemu: allow forcing emulated maxphysaddr
Treat:
  <maxphysaddr mode="emulate"/>
as a request not to take the maximum address size from the host.
This is useful if QEMU changes the default.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-25 11:19:37 +02:00
Ján Tomko
d6fbb21210 conf: cpu: add limit for maxphysaddr
Add a limit attribute to restrict the maximum physical address bits
that would be used for the guest CPU:

   <cpu mode='host-passthrough'>
     <maxphysaddr mode='passthrough' limit='39'/>
   </cpu>

https://gitlab.com/libvirt/libvirt/-/issues/450
https://bugzilla.redhat.com/show_bug.cgi?id=2171860

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-25 11:19:37 +02:00
Peter Krempa
476cc5f48b docs: manpages: State that TCP connection is insecure in 'virtproxyd' man page
Copy the wording we have in docs/uri.rst

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-24 12:57:17 +02:00
Peter Krempa
b9725e7045 docs: manpages: Clarify that only TLS/TCP remote access needs 'virtproxyd'
Spell out that TCP and TLS needs virtproxyd as 'off-host' might mean
that also ssh transport requires it.

Also fix the name of the 'virtproxyd' daemon.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-24 12:57:17 +02:00
Peter Krempa
93f6b820e2 kbase: debuglogs: Emphasize disabling daemon timeout in 'TL;DR' section
Disabling the daemon timeout is important so that the settings don't get
discarded. Remove the comment saying it's optional and add a paragraph
outlining what to do if it is not available.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-24 12:57:17 +02:00
Michal Privoznik
ac7f3667f2 meson: Work around configure_file(copy:true) deprecation
In our meson scripts, we use configure_file(copy:true) to copy
files from srcdir into builddir. However, as of meson-0.64.0,
this is deprecated [1] in favor of using:

  fs = import('fs')
  fs.copyfile(in, out)

Except, the submodule's new method wasn't introduced until
0.64.0. And since we can't bump the minimal meson version we
require, we have to work with both: new and old versions.

Now, the fun part: fs.copyfile() is not a drop in replacement as
it returns different type (a custom_target object). This is
incompatible with places where we store the configure_file()
retval in a variable to process it further.

While we could just replace 'copy:true' with a dummy
'configuration:...' (say 'configuration: configmake_conf') we
can't do that for binary files (like src/fonts/ or src/images/).

Therefore, places where we are not interested in the retval can
be switched to fs.copyfile() and places where we are interested
in the retval will just use a dummy 'configuration:'.

Except, src/network/meson.build. In here we not just copy the
file but also specify alternative install dir and that's not
something that fs.copyfile() can handle. Yet, using 'copy: true'
is viewed wrong [2].

1: https://mesonbuild.com/Release-notes-for-0-64-0.html#fscopyfile-to-replace-configure_filecopy-true
2: https://github.com/mesonbuild/meson/pull/10042

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-20 15:30:18 +02:00
Martin Kletzander
2f4f381871 docs: Clarify restrictive numatune mode
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2185184
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-20 12:39:50 +02:00
Michal Privoznik
98d5b07f6d virsh: Introduce --xpath and --wrap to domcapabilities
Similarly to dumpxml, let's have --xpath and --wrap to the
'domcapabilities' command since users might be interested only in
a subset of domcapabilities XML.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-04-18 09:06:08 +02:00
Michal Privoznik
332385aa7e virsh: Introduce --xpath and --wrap to capabilities
Similarly to dumpxml, let's have --xpath and --wrap to the
'capabilities' command since users might be interested only in a
subset of capabilities XML.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
2023-04-18 08:37:23 +02:00
Peter Krempa
edd604a672 docs: formatdomain: Properly indent example XML for setting 'metadata_cache'
Indent the example XML block so that it belongs to the paragraph talking
about it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-04-17 16:09:50 +02:00
Peter Krempa
d405caae87 kbase: debuglogs: Add a 'TL;DR' section for enabling logging in most common case
The document grew a bit too much explaining all the mistakes we've seen
the users do when configuring logging. Add a section distilling the
configuration of the most basic scenario which we can refer to when
upstream issues are reported. The scenario is for a runtime setting of
logging into a file applied to the 'virtqemud' daemon.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-17 16:09:50 +02:00
Marc-André Lureau
e06beacec2 meson: drop explicit python interpreter
meson wraps python scripts already on win32, so we end up with these
failing commands:

[1/359] "C:/msys64/ucrt64/bin/meson" "--internal" "exe" "--capture" "src/util/virkeycodetable_atset1.h" "--" "sh" "C:/msys64/home/marca/src/libvirt/scripts/meson-python.sh" "C:/msys64/ucrt64/bin/python3.EXE" "python" "C:/msys64/home/marca/src/libvirt/src/keycodemapdb/tools/keymap-gen" "code-table" "--lang" "stdc" "--varname" "virKeyCodeTable_atset1" "C:/msys64/home/marca/src/libvirt/src/keycodemapdb/data/keymaps.csv" "atset1"
FAILED: src/util/virkeycodetable_atset1.h
"C:/msys64/ucrt64/bin/meson" "--internal" "exe" "--capture" "src/util/virkeycodetable_atset1.h" "--" "sh" "C:/msys64/home/marca/src/libvirt/scripts/meson-python.sh" "C:/msys64/ucrt64/bin/python3.EXE" "python" "C:/msys64/home/marca/src/libvirt/src/keycodemapdb/tools/keymap-gen" "code-table" "--lang" "stdc" "--varname" "virKeyCodeTable_atset1" "C:/msys64/home/marca/src/libvirt/src/keycodemapdb/data/keymaps.csv" "atset1"

If LC_ALL, LANG and LC_CTYPE need to be set, it would probably be better
to use a meson environment() instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-17 15:02:35 +02:00
Akihiko Odaki
4497c1ac40 conf: Introduce igb model for <interface>
igb is a new network device which will be introduced with QEMU 8.0.0.
It is a successor of e1000e so it has PCIe interface and is understands
virtio-net headers as e1000e does.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-04-13 09:28:47 +02:00
Michal Privoznik
a56833e47a coding style: Follow our own rule on comment style
In our coding style document we have examples of good and bad
code, which we mark as:

  // Good
  // Bad

respectively. But in the very same document we advocate for using
C style of comments over C++. Follow our own advice and switch
annotation to:

  /* Good */
  /* Bad */

And while at it, align these annotations within their blocks for
better readability.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-04-04 12:16:09 +02:00
Michael Ablassmeier
2f847ab659 docs: apps: Add a new section for backup utilities and mention 'virtnbdbackup'
Signed-off-by: Michael Ablassmeier <abi@grinser.de>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-04-03 11:09:39 +02:00
Peter Krempa
396cf39400 docs: java: Use new hostname for the sub-project
Access the 'javadoc' using the new hostname java.libvirt.org.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:06 +02:00
Peter Krempa
74b9f9cea6 docs: Update links to the libvirt-ruby bindings project webpage
The webpage for the project is now hosted via gitlab pages and
accessible at https://ruby.libvirt.org

Update the links to point at the new location. Redirects will be set up
to ensure that links are not broken.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:06 +02:00
Peter Krempa
4ad1fb8c81 docs: Update links to the libvirt-ocaml bindings project webpage
The webpage for the project is now hosted via gitlab pages and
accessible at https://ocaml.libvirt.org

Update the links to point at the new location. Redirects will be set up
to ensure that links are not broken.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:05 +02:00
Peter Krempa
6c191e1b15 docs: downloads: Update link to 'Changes' of the libvirt-perl project
The project is now hosted on gitlab.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:05 +02:00
Peter Krempa
da74a4ed70 docs: Update link to the php bindings project webpage
The page for the libvirt-php project is now hosted via gitlab pages and
available at https://php.libvirt.org/

Additionally drop the docs/php.rst(html) page which has only redundant
information.

Redirects will be set up to make sure old links still work.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:05 +02:00
Peter Krempa
85a4f035f6 Use 'libvirt.org' instead of 'www.libvirt.org'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:05 +02:00
Jiri Denemark
d317d1d217 docs: Document requirements on format strings in translated messages
Preserving the order of format strings (%s, ...) when translating
messages may be very hard or even impossible depending on the target
language. On the other hand, reordering them requires understanding the
C-format strings which is not something we should expect from
translators. And even if someone reorders format strings in the right
way (by addressing arguments directly using N$), someone else may use a
translation tool that requires format strings in msgid and msgstr to
match exactly and forces these correct formats to be reverted.

As a result of this, we had several reported crashes in some locales
because integers were formatted as strings. So to make such crashes less
likely to happen and to make translating our messages easier, we now
require all messages that are marked for translation to use format
strings that always refer to the same argument no matter where they
appear in a message (e.g., %1$s, %5$llu).

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-01 11:40:31 +02:00
Daniel P. Berrangé
27d8bcc337 manpages: fix secret injection example for SEV
The --disk-password argument was present in early impls of the patch but
replaced by the more generic --inject-secret argument.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-17 15:45:33 +00:00
Or Ozeri
5589a3e1f3 qemu: add luks-any encryption support for RBD images
The newly added luks-any rbd encryption format in qemu
allows for opening both LUKS and LUKS2 encryption formats.
This commit enables libvirt uses to use this wildcard format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00
Or Ozeri
77c9663d72 qemu: add support for librbd layered encryption
This commit enables libvirt users to use layered encryption
of RBD images, using the librbd encryption engine.
This allows opening of an encrypted cloned image
whose parent is encrypted with a possibly different encryption key.
To open such images, multiple encryption secrets are expected
to be defined under the encryption XML tag.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00
Ján Tomko
3916df52a4 docs: clarify --timeout description for virtsecretd
As of commit 9e3cc0ff5 the virtsecretd daemon does not timeout
while it keeps any ephemeral secrets.

https://bugzilla.redhat.com/show_bug.cgi?id=2035985

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 17:23:18 +01:00
Ján Tomko
f65c9d83ab docs: clarify --timeout description for split daemons
Remove the reference to "running domains" for daemons that happily
exit while domains are running.

https://bugzilla.redhat.com/show_bug.cgi?id=2035985

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 17:23:18 +01:00
Michal Privoznik
c4b176567b docs: Document memory allocation and emulator pinning limitation
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 12:47:09 +01:00
Peter Krempa
2e9330ad45 docs: downloads: Point to pkg.go.dev for go module releases
Currently the 'Releases' column pointed to the generic page about the
specific go module. Change the link to point to the respective
pkg.go.dev page for the module.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
164c9c5432 docs: downloads: Don't mention releases directory of libvirt-csharp
The releases directory is empty. Don't advertise it on our downloads
page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
5f39c892de docs: downloads: Drop link to sources of 'consoleproxy'
The directory doesn't exist. The project also doesn't have any releases
on gitlab so there's nothing to replace it with.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
d2d26e98d6 docs: downloads: Replace 'libvirt.org/sources' by 'download.libvirt.org'
We split off the downloads into a new subdomain. Link directly to it
instead of relying on redirects.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
0235ef4a0f docs: java: Clean up links to source code
- drop the link to the FTP server which doesn't exist any more
 - change links to libvirt.org/source to download.libvirt.org
 - change link to the maven repository to point to download.libvirt.org
 - change link to javadoc to the documentation generated via gitlab job
   in the libvirt-java project

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
c434a7e48f docs: Fix searching in the wiki
Conversion of the wiki to static pages means that the integrated search
no longer functions. Use the same approach we have for other search to
simply defer to google.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-13 17:11:17 +01:00
Christian Nautze
a9a4421ba8 qemu: implement QEMU NBD source reconnect delay attribute
Currently it's only possible to set this parameter during domain
creation via QEMU commandline passthrough feature.
With the new delay attribute it's also possible to set this
parameter if you want to attach a new NBD disk
using "virsh attach-device domain device.xml" e.g.:

  <disk type='network' device='disk'>
    <driver name='qemu' type='raw'/>
    <source protocol='nbd' name='foo'>
      <host name='example.org' port='6000'/>
      <reconnect delay='10'/>
    </source>
    <target dev='vdb' bus='virtio'/>
  </disk>

Signed-off-by: Christian Nautze <christian.nautze@exoscale.ch>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-10 09:38:05 +01:00
Tim Wiederhake
bc77182ea4 Fix some typos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
2023-03-09 14:09:16 +01:00
Jonathon Jongsma
96d43ab285 conf: add support for 'blob' in virtio video device
Add the ability to enable blob resources for the virtio video device.
This will accelerate the display path due to less or no copying of pixel
data.

Blob resource support can be enabled with e.g.:

    <video>
      <model type='virtio' blob='on'/>
    </video>

Some additional background information about blob resources:
https://lists.freedesktop.org/archives/dri-devel/2020-August/275972.html
https://www.kraxel.org/blog/2021/05/virtio-gpu-qemu-graphics-update/

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2032406

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-08 13:05:05 -06:00
Peter Krempa
474d625b86 docs|access: Don't build the ACL flags into a separate XML
Since we now build it into the libvirt-api.xml or equivalents we don't
need the extra XML files.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
15be6660b3 docs/newapi.xsl: Take API flag data from libvirt-api.xml rather than access/libvirt-access.xml
Since now we embed the data in the libvirt API we don't need to source
it from the extra document.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
69615c91c8 scripts/apibuild: Extract and format API ACLs
As an additional step before processing the API parse the protocol file
and extract all ACL definitions. This way we can distribute them for any
user of the libvirt API XML files. We will be also able to avoid another
call to gendispatch, which generates all this data into a standalone
XML.

The remote procedure to API name is inspired by what rpcgen does.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Michal Privoznik
928e741172 src: Document virDomainInterfaceStats() limitation
For unmanaged ethernet <interface/>, it is user's responsibility
to set up the interface. And as such it can be just anything.
Therefore, it's (almost) impossible for the
virDomainInterfaceStats() API to tell whether RX/TX values need
to be swapped or copied verbatim into the return structure.
Document this limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-06 12:20:35 +01:00
Andrea Bolognani
a50fb7dada docs: Document firmware format attribute
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:52:37 +01:00
Andrea Bolognani
f3d0857f2e docs: Fix documentation for loader.stateless attribute
It works exactly the other way around.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:40:09 +01:00
Peter Krempa
590a6c1b78 kbase: virtiofs: Add a note that virtiofs is not migratable
Note that certain operations will not work.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/452
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-01 11:57:37 +01:00
Daniel P. Berrangé
9541ce080a docs/kbase: fix example for SEV validation
The offline validation example needs to include the firmware path,
and is also missing line continuation markers.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:49 +00:00
Daniel P. Berrangé
4d3b2d77d0 docs: refer to --firmware instead of --loader
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Kristina Hanicova
c98e49f82e docs: document panic device 'pvpanic-pci'
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:30 +01:00
Martin Kletzander
a834735898 docs: Convert 404 page to rST
There is no markup equivalent for any of the <s/> or <del/> HTML tags, so this
is the only thing I came up with and it looks like it works.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 10:58:59 +01:00
Andrea Bolognani
5af19e530e docs: Recommend better python3 shebang
Python scripts should always invoked the interpreter through
env(1) to ensure that they work on macOS and the BSDs, and at
this point not explicitly asking for Python 3 doesn't really
make sense.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-02-20 18:33:01 +01:00
Peter Krempa
91d890bdce docs/html: Properly generate ACL permissions into API reference
The 'newapi.xsl' stylesheet was referencing non-existing paths to the
XML files holding ACL permission flags for individual APIs. Additionally
the 'document()' XSL function doesn't even allow concatenation of the
path as it was done via '{$builddir}/src..', but requires either direct
argument or use of the 'concat()' function.

This meant that the 'acls' variable was always empty and thus none of
our API documentation was actually generated with the 'acl' section.

Fix it by passing the path to the XML via an argument to the stylesheet
as the files differ based on which document is being generated.

Since the 'admin' API does not have ACL we need to handle it separately
now in the build system.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:53 +01:00
Peter Krempa
ecca805336 docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
0e3970bf9b docs: logos: Turn 'README' into rST, generate an index and link to images
The logo directory wasn't really referenced from anywhere. Additionally
there wasn't any reasonable index for all the image files which we have.

Turn the README file into rST and display the images it references. Link
to the new index file from the docs page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
e886274234 kbase: eventloop: Fix path to referenced images
The images are referenced from '../images/' but the document is two
layers deep thus '../../images' needs to be used

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
5f3a897b93 docs: Add sub-page for all golang modules
Our documentation has pages for 4 go modules, 2 current and 2 obsolete
ones, but points only to one of them and directly to golang's docs page.

Add a sub-page where all 4 sub-pages for the modules are linked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
f3e44016fa docs: manpages: Add missing manpages to index
The manpages for 'virt-pki-query-dn', 'virt-qemu-qmp-proxy' and
'virt-ssh-helper.rst' were not referenced from the manpage index or any
other place.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
70211d7368 scripts: check-html-references: Rename --prefix to --webroot and make it mandatory
Force users to pass the path to the root of the webpage the script
should check. The script lives in a different subdirectory so the
default of the current directory doesn't make much sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
65edcfd68f docs: XSL: Add source document name as custom data attribute for <html>
The html standard allows custom data attributes on any element in the
format of 'data-*' which are not interpreted. We can use it to embed the
name of the source document used to generate the page so that our
checker tools can use the friendly name.

https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Jim Fehlig
8eb54255ec docs: Fix examples in virt-qemu-sev-validate man page
Some of the examples refer to virt-dom-sev-validate. Replace them with
the proper name.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-03 11:28:27 -07:00
Martin Kletzander
2fa92efe9b Document change to multiple watchdogs
With the reasoning behind it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-26 16:40:30 +01:00
zhenwei pi
71fa94302a capabilities: introduce crypto device
Changes in this commit:
- docs: formatdomaincaps.rst
- conf: crypto related domain caps
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:47 +01:00
zhenwei pi
7ba22d21a1 conf: introduce crypto device
Introduce crypto device like:

  <crypto model='virtio' type='qemu'>
    <backend model='builtin' queues='1'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
  </crypto>

  <crypto model='virtio' type='qemu'>
    <backend model='lkcf'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
  </crypto>

Currently, crypto model supports virtio only, type supports qemu only
(vhost-user in the plan). For the qemu type, backend supports modle
builtin/lkcf, and the queues is optional.

Changes in this commit:
- docs: formatdomain.rst
- schemas: domaincommon.rng
- conf: crypto related domain conf
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:42 +01:00
Michal Privoznik
aad22bea70 vbox: Drop support for virtualbox-6.0.0
According to VirtualBox download page [1], the 6.0.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:07 +01:00
Michal Privoznik
445549af07 vbox: Drop support for virtualbox-5.2.0
According to VirtualBox download page [1], the 5.2.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:05 +01:00
Laine Stump
7b5777afcb docs: fix passt example
Somehow the example I neglected to fully update the example for the
interface passt backend when the design changed during
development. This fixes the example to reflect what is in the code.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-23 11:43:32 -05:00
Ján Tomko
57b0678590 docs: submitting-patches: remove note about --patience
Since we don't really say how to send patches using this diff algorithm,
it only clutters the document about *submitting* patches.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:42 +01:00
Ján Tomko
0f4790840d docs: submitting-patches: Remove emphasis on not cc'ing developers
While some developers prefer to receive patches only on the mailing
list, cc'ing is a common practice in other projects.

Since it's easy enough to set up a mail filter for this, remove
the paragraph for simplicity.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:41 +01:00
Jim Fehlig
1f7d167b48 kbase: Update rpm-deployment.rst with new subpackages
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Jim Fehlig
33772e1fcc spec: Rename the libvirt-lock-sanlock subpackage
The new name "libvirt-daemon-plugin-sanlock" provides consistency with the
newly introduced "libvirt-daemon-plugin-lockd" subpackage.

It's also a good opportunity to taking ownership of
%{_libdir}/libvirt/lock-driver/, removing the need for a dependency on the
libvirt-daemon package.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 11:06:13 -07:00
Andrea Bolognani
35c5f091f5 docs: Fix typo
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2023-01-17 16:49:44 +01:00
Pavel Hrdina
ead6e1b002 docs: document correct cpu shares limits with both cgroups v1 and v2
The limits are different with cgroups v1 and v2 but our XML
documentation and virsh manpage mentioned only cgroups v1 limits without
explicitly saying it only applies to cgroups v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:58:07 +01:00
Laine Stump
3592b81c4c conf: remove <backend upstream='xxx'/> attribute
This attribute was added to support setting the --interface option for
passt, but in a post-push/pre-9.0-release review, danpb pointed out
that it would be better to use the existing <source dev='xxx'/>
attribute to set --interface rather than creating a new attribute (in
the wrong place). So we remove backend/upstream, and change the passt
commandline creation to grab the name for --interface from source/dev.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Han Han
f41d1a2e75 docs: drvqemu: Fix a typo
Fixes: a677ea928a
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-12 11:40:21 +01:00
Laine Stump
a8ee7ae301 conf: parse/format passt-related XML additions
This implements XML config to represent a subset of the features
supported by 'passt' (https://passt.top), which is an alternative
backend for emulated network devices that requires no elevated
privileges (similar to slirp, but "better").

Along with setting the backend to use passt (via <backend
type='passt'/> when the interface type='user'), we also support
passt's --log-file and --interface options (via the <backend>
subelement logFile and upstream attributes) and its --tcp-ports and
--udp-ports options (which selectively forward incoming connections to
the host on to the guest) via the new <portForward> subelement of
<interface>. Here is an example of the config for a network interface
that uses passt to connect:

    <interface type='user'>
      <mac address='52:54:00:a8:33:fc'/>
      <ip address='192.168.221.122' family='ipv4'/>
      <model type='virtio'/>
      <backend type='passt' logFile='/tmp/xyzzy.log' upstream='eth0'/>
      <portForward address='10.0.0.1' proto='tcp' dev='eth0'>
        <range start='2022' to='22'/>
        <range start='5000' end='5099' to='1000'/>
        <range start='5010' end='5029' exclude='yes'/>
      </portForward>
      <portForward proto='udp'>
        <range start='10101'/>
      </portForward>
    </interface>

In this case:

* the guest will be offered address 192.168.221.122 for its interface
  via DHCP

* the passt process will write all log messages to /tmp/xyzzy.log

* routes to the outside for the guest will be derived from the
  addresses and routes associated with the host interface "eth0".

* incoming tcp port 2022 to the host will be forwarded to port 22
  on the guest.

* incoming tcp ports 5000-5099 (with the exception of ports 5010-5029)
  to the host will be forwarded to port 1000-1099 on the guest.

* incoming udp packets on port 10101 will be forwarded (unchanged) to
  the guest.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-09 14:24:27 -05:00
Peter Krempa
98bd201678 conf: Add 'fdgroup' attribute for 'file' disks
The 'fdgroup' will allow users to specify a passed FD (via the
'virDomainFDAssociate()' API) to be used instead of opening a path.
This is useful in cases when e.g. the file is not accessible from inside
a container.

Since this uses the same disk type as when we open files via names this
patch also introduces a hypervisor feature which the hypervisor asserts
that code paths are ready for this possibility.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-09 14:59:42 +01:00
Peter Krempa
3ea4170551 virsh: Introduce 'dom-fd-associate' for invoking virDomainFDAssociate()
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2023-01-09 14:59:42 +01:00
Michal Privoznik
10f4784864 qemu_capabilities: Query for Hyper-V Enlightenments
Now that we have qemuMonitorGetCPUModelExpansion() aware of
Hyper-V Enlightenments, we can start querying it. Two conditions
need to be met:

  1) KVM is in use,
  2) Arch is either x86 or arm.

It may look like modifying the first call to
qemuMonitorGetCPUModelExpansion() inside of
virQEMUCapsProbeQMPHostCPU() would be sufficient but it is not.
We really need to ask QEMU for full expansion and the first call
does not guarantee that.

For the test data, I've just copied whatever
'query-cpu-model-expansion' returned earlier, therefore there are
no hv-* props. But that's okay - the full expansion is not stored
in cache (and thus not formatted in
tests/qemucapabilitiesdata/caps_*.replies files either). This is
purely runtime thing.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:36 +01:00
Michal Privoznik
7c1ecfd512 domain_capabilities: Expose Hyper-V Enlightenments
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-05 12:35:20 +01:00
Michal Privoznik
a677ea928a docs: Recommend static seclabels for migration on shared storage
There are some network FSs (ceph, CIFS) that propagate XATTRs
properly and thus SELinux labels too. In such case using dynamic
seclabels would get in the way of migration as new seclabel is
assigned to the domain on the destination and thus two processes
with different labels (the source and the destination QEMU/helper
process) would try to access the same file. One of them is
necessarily going to be denied access.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-03 17:19:22 +01:00
Andrea Bolognani
b271d6f3b0 kbase: Reorder deployments
List the various options so that the most likely ones come
first.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:51 +01:00
Andrea Bolognani
db7fdf6de8 kbase: Reorder sections
Users are likely more interested in the main deployment
scenarios than in the detailed list of every existing RPM
package. Reorder sections accordingly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-12-15 16:37:47 +01:00
Daniel P. Berrangé
aeba13f24d docs: replace footer link to the bird site with mastodon
Since the takeover of the bird site, the bulk of tech people who want
a more friendly and inclusive media site have jumped over to Mastodon.
With its decentralized nature, there's no one replacement that captures
everything, but the fosstodon.org site is a topic relevant choice.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-12-15 11:04:30 +00:00
Michal Privoznik
6a58b9b5ed formatcaps: Update capabilities example
In the formatcaps.rst we give an example output of capabilities.
Well, there are couple of issues with it:

1) We show <features/> nested under /capabilities/host/cpu.
   There's no such element and never was.

2) The ordering of elements is corrupted.

3) There is plenty of elements missing.

Fix these by showing an actual output of 'virsh capabilities' as
obtained on my machine.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-12 17:08:07 +01:00
Nobuhiro MIKI
e48677e29f docs: Add missing elements to formatcaps.rst
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-12-12 10:41:03 +01:00
Andrea Bolognani
a417571628 docs: Fix typo in virt-qemu-sev-validate(1)
Spotted by Lintian (typo-in-manual-page tag).

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-08 17:24:17 +01:00
Peter Krempa
317cfb011b docs: drvqemu: Remove inaccuate limitations statement
We don't refuse override definitions for device which doesn't exist and
the same way don't care about 'remove' being used on a property which is
not actually formatted by libvirt. Drop the paragraph claiming the
contrary.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00
Peter Krempa
f28232d1a4 docs: drvqemu: Give example how to query device properties for overriding
Add an example of invoking qemu with '-device TYPE,?' to query
properties of a given type.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00
Peter Krempa
9228ebbf98 docs: drvqemu: Fix and improve docs about device override types
The 'number' override type didn't exist in the final version so change
it to the corresponding 'signed' and 'unsigned'.

Additionally clarify which override type is used for a corresponding
qemu type and also that we use base 10 numbers so users will need to
convert the numbers if needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-05 12:00:55 +01:00
Peter Krempa
5f3d21abf8 virsh: Add --print-xml flag for 'vol-clone' command
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
0974c3ab6e virsh: Add --print-xml option for 'domif-setlink'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:25 +01:00
Peter Krempa
601a127573 virsh: Add --print-xml option for 'detach-interface'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-02 16:49:24 +01:00
Peter Krempa
a421aa76b1 Document caveats of hypervisor-specific stats in 'VIR_DOMAIN_STATS_VCPU' group
In commit c43718ef67 I've added a disclaimer that the new stats which
are fetched from qemu and passed directly to the user are not guaranteed
by libvirt. I didn't notice that per-vcpu hypervisor specific stats are
also snuck into the VIR_DOMAIN_STATS_VCPU group along with other
pre-existing stats we do guarantee.

Extend the disclaimer for VIR_DOMAIN_STATS_VCPU too.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-29 09:36:10 +01:00
Lu Ke
83adc56602 kbase: virtiofs: Add 'queue' setting to example
The setting is needed for the windows driver to work properly and doesn't have negative effects on other usage.
Signed-off-by: Lukas Ke nicelukas@hotmail.com
2022-11-23 09:35:46 +00:00
Cédric Bosdonnat
0be7d0f1cb
Add vms cli tool to the list of applications using libvirt
Just adds a tool to the applications list. This tool helps managing
multiple VMs at once using the python binding.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cédric Bosdonnat <cbosdonnat@suse.com>
2022-11-17 08:00:03 +01:00
Michal Privoznik
059e096435 internal: Introduce STRCASESKIP()
There is so far one case where STRCASEPREFIX(a, b) && a +
strlen(b) combo is used (in virVMXConfigScanResultsCollector()),
but there will be more. Do what we do usually: introduce a macro.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
2022-11-16 12:15:05 +01:00
Michal Privoznik
af4b994bc4 docs: Fill missing docs on STRCASEPREFIX() and STRSKIP()
We document use of our STR*() macros, but somehow missed
STRCASEPREFIX() and STRSKIP().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
2022-11-16 12:15:03 +01:00
Michal Privoznik
f396ac5af4 coding-style: Follow our own recommendation wrt spacing around commas
We require a space after a comma and even document this in our
coding style document. However, our own rule is broken in the
very same document when listing string comparison macros.
Separate macro arguments properly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
2022-11-16 12:14:54 +01:00
Daniel P. Berrangé
cd94d891fb docs/manpages: add checklist of problems for SEV attestation
Despite efforts to make the virt-qemu-sev-validate tool friendly, it is
a certainty that almost everyone who tries it will hit false negative
results, getting a failure despite the VM being trustworthy.

Diagnosing these problems is no easy matter, especially for those not
familiar with SEV/SEV-ES in general. This extra docs text attempts to
set out a checklist of items to look at to identify what went wrong.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
330036a897 docs/kbase: describe attestation for SEV guests
Expand the SEV guest kbase guide with information about how to configure
a SEV/SEV-ES guest when attestation is required, and mention the use of
virt-qemu-sev-validate as a way to confirm it.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
b348f37445 tools: support generating SEV secret injection tables
It is possible to build OVMF for SEV with an embedded Grub that can
fetch LUKS disk secrets. This adds support for injecting secrets in
the required format.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
273c408899 tools: load CPU count and CPU SKU from libvirt
When validating a SEV-ES guest, we need to know the CPU count and VMSA
state. We can get the CPU count directly from libvirt's guest info. The
VMSA state can be constructed automatically if we query the CPU SKU from
host capabilities XML. Neither of these is secure, however, so this
behaviour is restricted.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
676df5b358 tools: support automatically constructing SEV-ES vCPU state
The VMSA files contain the expected CPU register state for the VM. Their
content varies based on a few pieces of the stack

  - AMD CPU architectural initial state
  - KVM hypervisor VM CPU initialization
  - QEMU userspace VM CPU initialization
  - AMD CPU SKU (family/model/stepping)

The first three pieces of information we can obtain through code
inspection. The last piece of information we can take on the command
line. This allows a user to validate a SEV-ES guest merely by providing
the CPU SKU information, using --cpu-family, --cpu-model,
--cpu-stepping. This avoids the need to obtain or construct VMSA files
directly.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
3e7b7da9e0 tools: support validating SEV-ES initial vCPU state measurements
With the SEV-ES policy the VMSA state of each vCPU must be included in
the measured data. The VMSA state can be generated using the 'sevctl'
tool, by telling it a QEMU VMSA is required, and passing the hypevisor's
CPU SKU (family, model, stepping).

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
7d55c815c6 tools: load direct kernel config from libvirt
When connected to libvirt we can validate that the guest configuration
has the kernel hashes property enabled, otherwise including the kernel
GUID table in our expected measurements is not likely to match the
actual measurement.

When running locally we can also automatically detect the kernel/initrd
paths, along with the cmdline string from the XML.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0b9e70b141 tools: support validating SEV direct kernel boot measurements
When doing direct kernel boot we need to include the kernel, initrd and
cmdline in the measurement.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0e911045ae tools: load guest config from libvirt
Accept information about a connection to libvirt and a guest on the
command line. Talk to libvirt to obtain the running guest state and
automatically detect as much configuration as possible.

It will refuse to use a libvirt connection that is thought to be local
to the current machine, as running this tool on the hypervisor itself is
not considered secure. This can be overridden using the --insecure flag.

When querying the guest, it will also analyse the XML configuration in
an attempt to detect any options that are liable to be mistakes. For
example the NVRAM being measured should not have a persistent varstore.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
ececdbdfc0 tools: support validating SEV firmware boot measurements
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.

This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.

The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Lin Yang
facadf2491 conf: Introduce SGX EPC element into device memory xml
<devices>
  ...
  <memory model='sgx-epc'>
    <source>
      <nodemask>0-1</nodemask>
    </source>
    <target>
      <size unit='KiB'>512</size>
      <node>0</node>
    </target>
  </memory>
  ...
</devices>

Signed-off-by: Lin Yang <lin.a.yang@intel.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Haibin Huang <haibin.huang@intel.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-11-11 14:06:34 +01:00
Haibin Huang
8db09767a9 conf: expose SGX feature in domain capabilities
Extend hypervisor capabilities to include sgx feature. When available,
the hypervisor supports launching an VM with SGX on Intel platfrom.
The SGX feature tag privides additional details like section size and
sgx1 or sgx2.

Signed-off-by: Haibin Huang <haibin.huang@intel.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-11-11 14:06:31 +01:00
Peter Krempa
9c26c1bfd4 conf: Introduce support for 'hv-avic' Hyper-V enlightenment
qemu-6.2 introduced support for the hv-avic enlightenment which allows
to use Hyper-V SynIC with hardware APICv/AVIC enabled.

Implement the libvirt support for it.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/402
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-09 14:08:31 +01:00
Jakub Kuczys
1dd30e2e22
docs: fix location of :since: 8.1.0 to apply to isa-debugcon
Signed-off-by: Jakub Kuczys <me@jacken.men>
2022-11-06 06:50:46 +01:00
Peter Krempa
cca6787b15 docs: xsl: Don't generate pointless index pages for qemu/admin/lxc API
The index page only really makes sense for the top level directory. The
specific index files are unreferenced since last commit. Drop them.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-03 14:11:22 +01:00
Peter Krempa
3f558e3bd9 docs: Link directly to admin|qemu|lxc API reference pages
Fix the main links in docs.rst main page to go to the full docs rather
than prompting one more click to the index page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-03 14:11:22 +01:00
Peter Krempa
ed2109d272 docs: xsl: Don't format empty sections in API manual
The LXC module has no exported 'Types' but the XSL template which
generates the 'libvirt-libvirt-lxc.html' page would try to format it
anyways. This would result in an empty non-pair version of the '<pre>'
tag to be used in the page, which didn't render well with modern
browsers for some reason. All following sections would become children
of the non-pair <pre>.

Fix the XSL template to not generate empty 'Types' or 'Functions'
sections similarly to how we do with 'Macros'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-03 14:11:22 +01:00
Peter Krempa
0097f2a36e docs: xsl: newapi: Remove unused 'navbar' template
The template is unused since commit 9092c3d491

Remove also the up|right|left|home.png files which were only used by
code generated by the unused template.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-11-03 14:11:22 +01:00
Peter Krempa
db5f05dd22 storage: Add VIR_STORAGE_VOL_CREATE_VALIDATE flag
Allow users to request validation of the storage volume XML. Add new
flag and virsh support.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
d8791c3c7c nodedev: Add VIR_NODE_DEVICE_(CREATE|DEFINE)_XML_VALIDATE flags
The node device APIs which get XML from the user don't yet support XML
validation flags. Introduce virNodeDeviceCreateXMLFlags and
virNodeDeviceDefineXMLFlags with the appropriate flags and add virsh
support for the new flags.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-11-01 13:07:20 +01:00
Peter Krempa
c43718ef67 Document caveats of 'VIR_DOMAIN_STATS_VM' group of statistics
The original patches adding the functionality neglected to add any form
of documentation for the stats fields returned for this group.

The stats are directly converted from qemu's 'query-stats(-schema)' QMP
command without any further interpretation. The 'query-stats-schema' has
the following disclaimer:

 Note: runtime-collected statistics and their names fall outside QEMU's usual
       deprecation policies.  QEMU will try to keep the set of available data
       stable, together with their names, but will not guarantee stability
       at all costs; the same is true of providers that source statistics
       externally, e.g. from Linux.  For example, if the same value is being
       tracked with different names on different architectures or by different
       providers, one of them might be renamed.  A statistic might go away if
       an algorithm is changed or some code is removed; changing a default
       might cause previously useful statistics to always report 0.  Such
       changes, however, are expected to be rare.

Since libvirt is not doing any form of conversion of the stats we can't
meaningfully document any of the returned fields. At the same time we
can't even meaningfully provide any form of API stability for the field
names.

Modify the documentation for the 'VIR_DOMAIN_STATS_VM' group both in the
API docs and in the virsh man page to reflect that and disclaim any form
of stability guarantees we provide normally.

Fixes: 8c9e3dae14
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-11-01 11:56:00 +01:00
Martin Kletzander
de842f37a1 docs: Remind users to remove --timeout option without socket activation
There is part of our man page that describes how to switch to the
traditional (non-socket) activation but it might still happens sometimes that
there is an extra --timeout option specified for the daemon.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-27 17:39:19 +02:00
Michal Privoznik
42b2f1f8b8 docs: Update best practices wrt "Fixes:" and GitLab
We document that a commit fixing an issue tracked in GitLab
should put just "Fixes: #NNN" into its commit message. But when
viewing git log, having full URL which is directly clickable is
more developer friendly and GitLab is capable of handling both.
Therefore, document that users should put full URL, just like
when fixing a bug tracked in other sites.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-10-25 08:37:28 +02:00
Martin Kletzander
f53988d657 docs: Do not support non-socket activated modular daemons with systemd
Due to the setup of the modular daemon service files the reverting to non-socket
activated daemons could have never worked.  The reason is that masking the
socket files prevents starting the daemons since they require (as in Requires=
rather than Wants= in the service file) the sockets.  On top of that it creates
issues with some libvirt-guests setups and needlessly increases our support
matrix.

Nothing prevents users to modify their setup in a way that will still work
without socket activation, but supporting such setup only creates burden on our
part.

This technically reverts most of commit 59d30adacd except the change made to
the libvirtd manpage since the monolithic daemon still supports traditional mode
of starting even on systemd.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2022-10-19 15:58:29 +02:00
Jim Fehlig
71d9836ca1 conf: Add channel devices to domain capabilities
As qemu becomes more modularized, it is important for libvirt to advertise
availability of the modularized functionality through capabilities. This
change adds channel devices to domain capabilities, allowing clients such
as virt-install to avoid using spicevmc channel devices when not supported
by the target qemu.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-17 11:39:00 -06:00
Ján Tomko
2cf14c311b docs: formatdomain: fix since tag for TPM PCR banks
Fixes: a5bbe1a8b6
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-10-17 14:27:21 +02:00
Jim Fehlig
4e13cc4adb conf: Add USB redirect devices to domain capabilities
As qemu becomes more modularized, it is important for libvirt to advertise
availability of the modularized functionality through capabilities. This
change adds USB redirect devices to domain capabilities, allowing clients
such as virt-install to avoid using redirdev devices when not supported
by the target qemu.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-14 16:10:01 -06:00
Michal Privoznik
27df3522e6 meson: Replace external_program.path() with external_program.full_path()
The path() method is deprecated in 0.55.0 and we're recommended
to use full_path() instead. Interestingly, we were already doing
do in couple of places, but not all of them.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 15:06:09 +02:00
Michal Privoznik
3395c35f2f meson: Replace meson.source_root() with meson.project_source_root()
The source_root() method is deprecated in 0.56.0 and we're
recommended to use project_source_root() instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 15:06:09 +02:00
Michal Privoznik
5ecdcf8541 meson: Replace meson.build_root() with meson.project_build_root()
The build_root() method is deprecated in 0.56.0 and we're
recommended to use project_build_root() instead.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 15:06:09 +02:00
Jiri Denemark
268a2708c4 virsh: Add --model option for hypervisor-cpu-baseline
This option can be used as a shortcut for creating a single XML with
just a CPU model name and no features:

    $ virsh hypervisor-cpu-baseline --model Skylake-Server
    <cpu mode='custom' match='exact'>
      <model fallback='forbid'>Skylake-Server</model>
      <feature policy='disable' name='avx512f'/>
      <feature policy='disable' name='avx512dq'/>
      <feature policy='disable' name='clwb'/>
      <feature policy='disable' name='avx512cd'/>
      <feature policy='disable' name='avx512bw'/>
      <feature policy='disable' name='avx512vl'/>
      <feature policy='disable' name='pku'/>
    </cpu>

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 14:31:43 +02:00
Jiri Denemark
d4975a98b6 docs: Enhance documentation of CPU models in domain caps
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 14:31:43 +02:00
Jiri Denemark
2784a83907 domain_capabilities: Add vendor attribute for CPU models
Even though several CPU models from various vendors are reported as
usable on a given host, user may still want to use only those that match
the host vendor. Currently the only place where users can check the
vendor of each CPU model is our CPU map, which is considered internal
and users should not really be using it directly. So to allow for such
filtering we now advertise the vendor of each CPU model in domain
capabilities.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-10 14:31:42 +02:00
Daniel P. Berrangé
83c6d80abc tools: add virt-qemu-qmp-proxy for proxying QMP via libvirt QEMU guests
Libvirt provides QMP passthrough APIs for the QEMU driver and these are
exposed in virsh. It is not especially pleasant, however, using the raw
QMP JSON syntax. QEMU has a tool 'qmp-shell' which can speak QMP and
exposes a human friendly interactive shell. It is not possible to use
this with libvirt managed guest, however, since only one client can
attach to the QMP socket at any point in time. While it would be
possible to configure a second QMP socket for a VM, it may not be
an known requirement at the time the guest is provisioned.

The virt-qmp-proxy tool aims to solve this problem. It opens a UNIX
socket and listens for incoming client connections, speaking QMP on
the connected socket. It will forward any QMP commands received onto
the running libvirt QEMU guest, and forward any replies back to the
QMP client. It will also forward back events.

  $ virsh start demo
  $ virt-qmp-proxy demo demo.qmp &
  $ qmp-shell demo.qmp
  Welcome to the QMP low-level shell!
  Connected to QEMU 6.2.0

  (QEMU) query-kvm
  {
      "return": {
          "enabled": true,
          "present": true
      }
  }

Note this tool of course has the same risks as the raw libvirt
QMP passthrough. It is safe to run query commands to fetch information
but commands which change the QEMU state risk disrupting libvirt's
management of QEMU, potentially resulting in data loss/corruption in
the worst case. Any use of this tool will cause the guest to be marked
as tainted as an warning that it could be in an unexpected state.

Since this tool introduces a python dependency it is not desirable
to include it in any of the existing RPMs in libvirt. This tool is
also QEMU specific, so isn't appropriate to bundle with the generic
tools. Thus a new RPM is introduced 'libvirt-clients-qemu', to
contain additional QEMU specific tools, with extra external deps.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-07 14:32:36 +01:00
Stefan Berger
60a06693cc qemu: Add UNDEFINE_TPM and UNDEFINE_KEEP_TPM flags
Add UNDEFINE_TPM and UNDEFINE_KEEP_TPM flags to qemuDomainUndefineFlags()
API and --tpm and --keep-tpm to 'virsh undefine'. Pass the
virDomainUndefineFlagsValues via qemuDomainRemoveInactive()
from qemuDomainUndefineFlags() all the way down to
qemuTPMEmulatorCleanupHost() and delete TPM storage there considering that
the UNDEFINE_TPM flag has priority over the persistent_state attribute
from the domain XML. Pass 0 in all other API call sites to
qemuDomainRemoveInactive() for now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-04 16:34:28 +02:00
Jim Fehlig
30899c65a2 docs: compiling: Add link to latest openSUSE libvirt package
This is a follow-up to fbd6b2480a, adding a link to the latest libvirt
package for openSUSE.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-30 09:05:59 -06:00
Martin Kletzander
59d30adacd libvirt-guests: Fix dependency ordering in service file
After some debugging and discussion with systemd team it turns out we
are misusing the ordering in libvirt-guests.service.  That happened
because we want to support both monolithic and modular daemon setups and
on top of that we also want to support socket activation and services
without socket activation.  Unfortunately this is impossible to express
in the unit file because of how transactions are handled in systemd when
dependencies are resolved and multiple actions (jobs) are queued.  For
explanation from Michal Sekletar see comment #7 in the BZ this patch is
fixing:

https://bugzilla.redhat.com/show_bug.cgi?id=1964855#c7

In order to support all the scenarios this patch also amends the
manpages so that users that are changing the default can also read how
to correct the dependency ordering in libvirt-guests unit file.

Ideally we would also keep the existing configuration during upgrade,
but due to our huge support matrix this seems hardly feasible as it
could introduce even more problems.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-09-26 13:04:48 +02:00
Michal Privoznik
0377177c78 qemu_process.c: Propagate hugetlbfs mounts on reconnect
When reconnecting to a running QEMU process, we construct the
per-domain path in all hugetlbfs mounts. This is a relict from
the past (v3.4.0-100-g5b24d25062) where we switched to a
per-domain path and we want to create those paths when libvirtd
restarts on upgrade.

And with namespaces enabled there is one corner case where the
path is not created. In fact an error is reported and the
reconnect fails. Ideally, all mount events are propagated into
the QEMU's namespace. And they probably are, except when the
target path does not exist inside the namespace. Now, it's pretty
common for users to mount hugetlbfs under /dev (e.g.
/dev/hugepages), but if domain is started without hugepages (or
more specifically - private hugetlbfs path wasn't created on
domain startup), then the reconnect code tries to create it.
But it fails to do so, well, it fails to set seclabels on the
path because, because the path does not exist in the private
namespace. And it doesn't exist because we specifically create
only a subset of all possible /dev nodes. Therefore, the mount
event, whilst propagated, is not successful and hence the
filesystem is not mounted. We have to do it ourselves.

If hugetlbfs is mount anywhere else there's no problem and this
is effectively a dead code.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-23 16:33:48 +02:00
Peter Krempa
ac3abe0a3f docs: compiling: Add notes on starting compiled libvirt daemons
In the basic configuration with monolithic libvirtd users are required
to also start virtlogd. Add a general note with a specific example
hinting that this is needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
4cb0cdd7ff docs: compiling: Encourage force-enabling required functionality
To prevent surprises when a build doesn't in fact contain the required
functionality suggest that users force-enable required modules.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
b64a9e97d1 docs: compiling: Separate 'prepare', 'configure', and 'build' steps
Only the preparation of sources differs between a build from a git
checkout vs a build from tarball. Restructure the docs to outline the
difference and combine information on how to configure libvirt.

Most notably the suggestion to use '-Dsystem=true' was present only for
the steps to build a git checkout.

Suggest also running the testsuite as part of the build step.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
dae224fdb1 docs: compiling: Separate information on how to install libvirt and add disclaimer
Create a section for instructions on how to install the built binaries
rather than mentioning it multiple times.

Add a note that installing over your distro-provided packages will most
likely break your instalation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
91284a2893 docs: compiling: Section off block on how to run from build directory
Running from build directory isn't strictly tied to the git-checkout
build so make a new section for it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Peter Krempa
fbd6b2480a docs: compiling: Add a paragraph suggesting installation from repository
Users should be encouraged to install libvirt from the distro's repos in
the first place.

Also encourage distro-specific ways to get newer versions, rather than
building from source manually.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-13 13:36:49 +02:00
Michal Privoznik
d3397885d5 kbase: Document QEMU private mount NS limitations
There are two points I've taken for granted:

  1) the mount points are set before starting a guest,
  2) the / and its submounts are marked as shared, so that mount
     events propagate into child namespaces when assumption 1) is
     not held.

But what's obvious to me might not be obvious to our users.
Document these known limitations.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2022-09-12 12:05:07 +02:00
Kristina Hanicova
4435c026b7 qemu & conf: move BeginAsyncJob & EndAsyncJob into src/conf
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:15:06 +02:00
Kristina Hanicova
421f1e749f qemu & conf: move BeginAgentJob & EndAgentJob into src/conf/virdomainjob
Although these and functions in the following two patches are for
now just being used by the qemu driver, it makes sense to have all
begin job functions in the same file.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:14:43 +02:00
Kristina Hanicova
9085ccbfb4 qemu: use virDomainObjEndJob()
This patch moves qemuDomainObjEndJob() into
src/conf/virdomainjob as universal virDomainObjEndJob().

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:14:07 +02:00
Kristina Hanicova
0d22febfc6 qemu: use virDomainObjBeginJob()
This patch moves qemuDomainObjBeginJob() into
src/conf/virdomainjob as universal virDomainObjBeginJob().

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-09-07 12:13:30 +02:00
Peter Krempa
4328018bd0 schema: nodedev: Fix schema attribute value for the 'vport_ops' capability
The code (since 448be8f706) useds 'vport_ops' in XML.
Later commit cc17f09246 added schema for 'vports_ops' (extra 's').
Fix the schema and the corresponding docs.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2121262
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-01 13:11:09 +02:00
Peter Krempa
99d533c2aa docs: newapi: Consider also 'https://' links in the API generator XSL
We converted exclusively to https links so the generator should wrap
those in appropriate link tags too.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
2022-09-01 13:11:09 +02:00
Peter Krempa
d4f7850d5b Remove support for building the sheepdog storage driver backend
The sheepdog project is unmaintained, with last commit in 2018 and
numerous unanswered issues reported.

Remove the libvirt storage driver support for it to follow the removal
of the client support in qemu.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-01 13:11:09 +02:00
Peter Krempa
c8ee79346a spec: Drop libvirt-daemon-driver-storage-sheepdog package
Upstream will be dropping the sheepdog storage backend, so we need to
stop building the package and obsolete it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-09-01 13:11:09 +02:00
Carlos Bilbao
b2dce59302 docs: formatdomain: Fix small typos and syntax errors
Fix some small typos and syntax errors in file formatdomain.rs.

Signed-off-by: Carlos Bilbao <carlos.bilbao@amd.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2022-08-25 18:58:08 +02:00
Martin Kletzander
6457619d18 Rename iterface type='dummy' to type='null'
When commit bac6b266fb added this "functionality" this was the only
naming I could think of, but after discussion with Dan we found the name
'null' fits a bit better, so change it before we make a release with the
old name.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-25 13:27:04 +02:00
Daniel P. Berrangé
206b59a296 docs: fix syntax errors in IPv6 NAT example XML
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-23 16:33:20 +01:00
Martin Kletzander
0225483adc conf, docs, schemas: Add support for interface type vds
This represents an interface connected to a VMWare Distributed Switch,
previously obscured as a dummy interface.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-18 08:34:31 +02:00
Lin Ma
d81ae1f244 docs: Fix missing slashes in the maxphysaddr example
Signed-off-by: Lin Ma <lma@suse.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2022-08-17 08:16:23 -06:00
Peter Krempa
0da0304818 qemu: Formally deprecate support for qemu < 4.2
Per [1] the Debian 10 reaches EOL in August of 2022. This allows us to
bump the minimum supported qemu version to qemu-4.2 which will also
allow us to do significant cleanups.

This commit bumps the minimum qemu verison and updates the corresponding
docs.

[1]: https://wiki.debian.org/DebianReleases

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-11 14:38:31 +02:00
Martin Kletzander
bac6b266fb conf, docs: Add support for dummy network interface
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-05 14:37:54 +02:00
Andrea Bolognani
550bf7682d kbase: Document how to disable Secure Boot entirely
In most cases, disabling the secure-boot or the enrolled-keys
firmware feature will achieve the same result: allowing an
unsigned operating system to run.

Right now we're only documenting the latter configuration. Add
the former as well, and explain the difference between the two.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-04 14:39:18 +02:00
Andrea Bolognani
18249f278a kbase: Always explicitly enable secure-boot firmware feature
It should be enough to enable or disable the enrolled-keys feature
to control whether Secure Boot is enforced, but there's a slight
complication: many distro packages for edk2 include, in addition
to general purpose firmware images, builds that are targeting the
Confidential Computing use case.

For those, the firmware descriptor will not advertise the
enrolled-keys feature, which will technically make them suitable
for satisfying a configuration such as

  <os firmware='efi'>
    <firmware>
      <feature state='off' name='enrolled-keys'/>
    </firmware>
  </os>

In practice, users will expect the general purpose build to be
used in this case. Explicitly asking for the secure-boot feature
to be enabled achieves that result at the cost of some slight
additional verbosity.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-04 14:39:11 +02:00
Dario Faggioli
e6c29f09e5 conf: Add support for specifying CPU max physical address size
This patch introduces the

    <maxphysaddr mode='passthrough'/>
    <maxphysaddr mode='emulate' bits='42'/>

sub element of /domain/cpu, which allows specifying the guest virtual CPU
address size. This can be useful if the guest needs to have a large amount
of memory.

If mode='passthrough', the virtual CPU will have the same number of address
bits as the host. If mode='emulate', the mandatory bits attribute specifies
the number of address bits.

Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-08-04 09:04:07 +02:00
Daniel P. Berrangé
578ac25c6a conf: support stateless UEFI firmware
Normally when an UEFI firmware is marked as read-only, an associated
NVRAM file will be created. Some builds of UEFI firmware, however, wish
to remain stateless and so will be read-only, but never have any NVRAM
file. To represent this concept a 'stateless' tristate bool attribute
is introduced on the <loader/> element.

There are rather a large number of permutations to consider.

With default firmware selection

  *  <os/>

     => Historic default, no change

  *  <os>
       <loader stateless='yes'/>
     </os>

     => Explicit version of historic default, no change

  *  <os>
       <loader stateless='no'/>
     </os>

      => Invalid, bios is always stateless

With manual legacy BIOS selection

  *  <os>
       <loader>/path/to/seabios</loader>
       ...
     </os>

     => Historic default, no change

  *  <os>
       <loader stateless='yes'>/path/to/seabios</loader>
       ...
     </os>

     => Explicit version of historic default, no change

  *  <os>
       <loader stateless='no'>/path/to/seabios</loader>
       ...
     </os>

      => Invalid, bios is always stateless

With manual UEFI selection

  *  <os>
       <loader type='pflash'>/path/to/edk2</loader>
       ...
     </os>

     => Historic default, no change

  *  <os>
       <loader type='pflash' stateless='yes'>/path/to/edk2</loader>
       ...
     </os>

     => Skip auto-filling NVRAM / template

  *  <os>
       <loader type='pflash' stateless='no'>/path/to/edk2</loader>
       ...
     </os>

     => Explicit version of historic default, no change

With automatic firmware selection

  *  <os firmware='bios'/>

     => Historic default, no change

  *  <os firmware='bios'>
       <loader stateless='yes'/>
     </os>

     => Explicit version of historic default, no change

  *  <os firmware='bios'>
       <loader stateless='no'/>
     </os>

      => Invalid, bios is always stateless

  *  <os firmware='uefi'/>

     => Historic default, no change

  *  <os firmware='uefi'>
       <loader stateless='yes'/>
     </os>

     => Skip auto-filling NVRAM / template

  *  <os firmware='uefi'>
       <loader stateless='no'/>
     </os>

     => Explicit version of historic default, no change

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-26 15:41:44 +01:00
Peter Krempa
429c15259c docs: Add article about handling upstream issues
Outline how upstream issues are triaged and explain what the states of
the issue means.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-07-26 16:35:57 +02:00
Peter Krempa
80e50315b4 docs: patches: Add a note about reviews and contacting developers
Add a note outling best practices around review and responding to it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-07-26 16:35:57 +02:00
Michal Privoznik
32b9d4390e coding-style: Allow some use of ternary operators
While we all understand that excessive use of ternary operator
may worsen code readability (e.g. nested, multi-line expression),
there are few cases where using it actually improves code
readability. For instance, when a function takes a long list of
arguments out of which one depends on a boolean expression, or
when formatting "yes"/"no" or "on"/"off" values based on a
boolean variable (although one can argue that the latter is a
subset of the former). Just consider alternatives to:

  virBufferAsprintf(buf, "<elem>%s</elem>\n", boolVar ? "yes" : "no");

In fact, this pattern occurs plenty in our code. Exempt it from
our "no ternary operators" rule.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-26 08:48:48 +02:00
Michal Privoznik
9e8601c464 lib: Use G_NO_INLINE instead of G_GNUC_NO_INLINE
The G_GNUC_NO_INLINE macro will eventually be marked as
deprecated [1] and we are recommended to use G_NO_INLINE instead.
Do the switch now, rather than waiting for compile time warning
to occur.

1: 15cd0f0461
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2022-07-18 17:23:15 +02:00
Tim Wiederhake
57d263d6a3 docs: Fix typos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
2022-07-18 11:10:55 +02:00
Erik Skultety
c341989fa1 docs: ci: Add a brief section on how to run the CI workload locally
This is just a glue to the testing article introduced in previous
commits.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:38 +02:00
Erik Skultety
659ac70281 docs: ci: Add a section on how to add a new platform to libvirt CI
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:34 +02:00
Erik Skultety
294b5a9821 docs: ci: Add info about the two major types of jobs our CI runs
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:29 +02:00
Erik Skultety
4df9845bb9 docs: Change the CI headline from "CI Testing" to "CI"
It's not just strategy the master CI article talks (or will talk in the
future) about.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:25 +02:00
Erik Skultety
77ab90f0a2 docs: Drop the testsuites article
The article was replaced with a new one in previous commit, so we don't
need this one anymore.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:25 +02:00
Erik Skultety
200ab55980 docs: Replace testsuites article with the new 'testing' article
The new article provides more in-depth information on testing options
in libvirt.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:25 +02:00
Erik Skultety
5d9e41ee77 docs: Provide an article on testing
Currently we don't have much information on how testing is done in
libvirt and the little we have is scattered among multiple files. This
patch creates a common landing page containing all important bits about
testing in libvirt, providing links to respective sections which
deserve their own articles.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-15 08:26:13 +02:00
Erik Skultety
1dc037ec17 docs: Provide an article on how to add a custom runner to the project
Since running our functional test suite in GitLab cannot make use of
the shared resources it makes sense to document the process of adding
own HW to run the custom libvirt executor that powers the integration
suite. This article will likely make even more sense in the future with
GitLab severely cutting down on shared CI resources.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-14 17:31:21 +02:00
Erik Skultety
0be5de986a docs: Provide more information about the TCK test suite
Most importantly, how to get it, how install dependencies and how
to run it.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-14 17:31:21 +02:00
Erik Skultety
983cf8c03b docs: Move the CI dashboard to its own RST module
The dashboard itself simply takes away focus from everything else that
makes sense to have in the CI article, so move it to it's own article
and link it from the main CI article.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-14 17:31:21 +02:00
Michal Privoznik
85ea114016 conf: Introduce @guestReset to hostdev's <source/>
Some USB devices have a buggy firmware that either crashes on
device reset, or make the device unusable in some other way.
Fortunately, QEMU offers a way to skip device reset either
completely, or if device is not initialized yet. Expose this
ability to users under:

    <hostdev mode='subsystem' type='usb'>
      <source guestReset='off'/>
    </hostdev>

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-07-13 16:00:50 +02:00
Daniel P. Berrangé
c748000cd1 docs: replace ARRAY_CARDINALITY with G_N_ELEMENTS
Fix docs illustrating call with an obsolete macro.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-13 12:18:06 +01:00
Daniel P. Berrangé
497d8555c4 docs: add info about factors affecting CPU compatibility
While libvirt solves most of the problem of ensuring compatibility, when
there is incompatibility it can be hard for users to track down the
cause. Everything knows to check the physical CPU model, but there are a
surprisingly large number of other factors influencing compatibility.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-13 11:04:29 +01:00
Michal Privoznik
1277a9c884 domcaps: Introduce TPM backendVersion
We accept TPM version in the domain XML. However, supported
version depends on the host (swtpm_setup binary) and thus it may
be tricky for users (or mgmt applications) chose a version.
Introduce machinery for reporting supported version in domain
capabilities.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-07-13 11:55:06 +02:00
Michal Privoznik
6a00c565c4 docs: Document TPM portion of domcaps
Surprisingly, we don't document TPM part of domain capabilities.
Fortunately, the information exposed is pretty much self
explanatory, but we should document it regardless.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2022-07-13 11:55:06 +02:00
Peter Krempa
b7e05cf966 docs: formatstorage: Format XML namespace definition as code block
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2022-07-12 11:33:37 +02:00
Peter Krempa
c37ebda93a kbase: debuglogs: Add a note about auto-shutdown of daemons
When using runtime setting of logging with 'virt-admin' it can be
confusing that the settings are discarded when the shutdown timeout of a
daemon is reached.

Add a note about this behaviour along with a suggestion to use
virt-admin to disable the behaviour if needed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-07-07 14:35:30 +02:00
Peter Krempa
fe69f5074a virt-admin: Introduce 'daemon-timeout'
Add a simple command to drive the new 'virAdmConnectSetDaemonTimeout'
API.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-07-07 14:35:30 +02:00
Han Han
2ee82b3dfb docs: Fix syntax error in defaultiothread example
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-07-07 12:14:02 +02:00
Michal Privoznik
92678703ce docs: Document <address/> for IOMMU device
The commit v8.3.0-rc1~199 introduced <address/> to <iommu/>
device. And while it updated the RNG it forgot to update the
docs. Fix that.

Fixes: b0eb1e193f
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-07-04 13:21:16 +02:00
Tim Wiederhake
58e6bb8be8 Fix spelling
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
2022-07-04 10:07:47 +02:00
Peter Krempa
c44930d932 storage: pool: Allow more intricate nfs protocol versions
Treat the 'protocolVer' field as a string so that e.g. '4.1' can be
used. Forbid only ',' in the string as it's a separator of arguments for
mount options.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-07-01 16:15:23 +02:00
Andrea Bolognani
7d285059f4 docs: Add kbase page for Secure Boot
Provide simple recipes for the most common high-level tasks.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-07-01 15:10:43 +02:00
Jonathon Jongsma
4260a642d3 docs: clarify 'readahead' and 'timeout' for disks
Document the format of the 'readahead' and 'timeout' XML elements more
accurately.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-06-24 09:03:54 -05:00
Jiri Denemark
efa3baeae7 virsh: Add support for VIR_MIGRATE_ZEROCOPY flag
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-06-23 16:45:39 +02:00
Ján Tomko
be4047d051 docs: update links to listman
The mailman for mailing lists hosted by Red Hat seems to have moved
to listman.redhat.com. While the old links still seem to work,
point our docs to the new location to avoid the redirect.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-06-22 15:29:44 +02:00
Daniel P. Berrangé
8603b3d76c tools: add '--xpath EXPRESSION --wrap' args to all dumpxml commands
While you can chain the virsh output up to a later 'xmllint' or 'xpath'
command, integrating it into virsh avoids needs for installing extra
binaries which we've often found to be missing on production installs
of libvirt. It also gives better response if the initial virsh command
hits an error, as you don't get an aborted pipeline.

    $ virsh pool-dumpxml --xpath //permissions default
    <permissions>
      <mode>0711</mode>
      <owner>1000</owner>
      <group>1000</group>
      <label>unconfined_u:object_r:svirt_home_t:s0</label>
    </permissions>

If multiple nodes match, they are emitted individually:

    $ virsh dumpxml --xpath '//devices/*/address[@type="pci"]' --wrap demo
    <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
    <address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
    ...snip...
    <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
    <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>

but if intending to post-process the output further, the results
can be wrapped in a parent node

    $ virsh dumpxml --xpath '//devices/*/address[@type="pci"]' --wrap demo
    <nodes>
      <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
      <address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
      ...snip...
      <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
      <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
    </nodes>

Fixes https://gitlab.com/libvirt/libvirt/-/issues/244
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-06-20 10:40:45 +01:00