Commit Graph

1554 Commits

Author SHA1 Message Date
Giuseppe Scrivano
b51038a4cd capabilities: add baselabel per sec driver/virt type to secmodel
Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 07:06:04 -06:00
Chen Hanxiao
b695aeebd5 doc: fix a typo in formatdomain
s/no/not

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-25 09:11:12 +01:00
Chen Hanxiao
dc33207dbe docs: fix some typos about 'informations'
s/informations/information

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-22 09:47:19 +01:00
Chen Hanxiao
8d35f9dbad docs: fix a typo in formatdomain
s/effect/affect

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-21 10:25:29 +02:00
Jiri Denemark
34adf622a3 docs: Expand description of host-model CPU mode
host-model is a nice idea but it's current implementation make it
useless on some hosts so it should be used with care.
2013-10-18 16:35:57 +02:00
Eric Blake
caf516db51 storage: allow interleave in pool XML
The RNG grammar did not allow arbitrary interleaving, which makes
it harder than necessary to create a new pool from handwritten XML.

* docs/schemas/storagepool.rng: Allow interleaving.
* tests/storagepoolxml2xmlin/pool-sheepdog.xml: Test interleave.
* tests/storagepoolxml2xmlin/pool-iscsi-auth.xml: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-16 10:15:44 -06:00
Eric Blake
59dce8d278 storage: document existing pools
We forgot to document several pool types.

* docs/formatstorage.html.in: Add docs for scsi, mpath, rbd, and
sheepdog.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-16 09:57:31 -06:00
Pranavkumar Sawargaonkar
9f53ffcb81 AArch64: Add qemu capabilities schemeta for test.
Add qemu AArch64 capabilities schemeta in caps-qemu-kvm.xml.

Signed-off-by: Anup Patel <anup.patel@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>

(crobinso: add aarch64 to schema arch list)
2013-10-15 17:02:17 -04:00
Peter Krempa
c4caa012c2 schema: Rename option 'hypervtristate' to 'featurestate'
Change the RelaxNG schema option name so that it can be reused for
non-hyperv feature flags.
2013-10-15 16:42:45 +02:00
Chen Hanxiao
b8b22d1969 docs: change the minimum weight description for blkio
Since 2.6.39, kernel changed the minimum weight of device blkio.
Update related docs.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-15 12:17:40 +01:00
Daniel P. Berrange
8f35fd21cc Add some notes about secure usage of libvirt
Start a page describing some of the things that applications
using libvirt need to bear in mind to ensure security of their
systems.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-10-15 11:33:01 +01:00
Peter Krempa
f094aaac48 qemu: Prefer VFIO for PCI device passthrough
Prefer using VFIO (if available) to the legacy KVM device passthrough.

With this patch a PCI passthrough device without the driver configured
will be started with VFIO if it's available on the host. If not legacy
KVM passthrough is checked and error is reported if it's not available.
2013-10-10 12:00:56 +02:00
Ján Tomko
3f029fb531 LXC: Fix handling of RAM filesystem size units
Since 76b644c when the support for RAM filesystems was introduced,
libvirt accepted the following XML:
<source usage='1024' unit='KiB'/>

This was parsed correctly and internally stored in bytes, but it
was formatted as (with an extra 's'):
<source usage='1024' units='KiB'/>
When read again, this was treated as if the units were missing,
meaning libvirt was unable to parse its own XML correctly.

The usage attribute was documented as being in KiB, but it was not
scaled if the unit was missing. Transient domains still worked,
because this was balanced by an extra 'k' in the mount options.

This patch:
Changes the parser to use 'units' instead of 'unit', as the latter
was never documented (fixing persistent domains) and some programs
(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.

Removes the extra 'k' from the tmpfs mount options, which is needed
because now we parse our own XML correctly.

Changes the default input unit to KiB to match documentation, fixing:
https://bugzilla.redhat.com/show_bug.cgi?id=1015689
2013-10-09 17:44:45 +02:00
Chen Hanxiao
f7f469d09f doc: fix typo in HACKING
s/installion/installation

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-10-07 09:42:33 +02:00
Cole Robinson
9dd4150a4f docs: aclpolkit: Fix a heading typo 2013-10-04 13:38:57 -04:00
John Ferlan
0bdefd9b04 nodedev: Resolve Relax-NG validity error
Commit id 'c4a4603de' added an output <path> to the nodedev xml, but
did not update the schema.

This resulted in the failure of the 'virt-xml-validate' on a file
generated by 'virsh nodedev-dumpxml pci_0000_00_00_0' (for example).

This was found/seen by running autotest on my host.
2013-10-04 07:52:45 -04:00
Daniel Veillard
a72940f954 Release of libvirt-1.1.3
- configure.ac docs/news.html.in libvirt.spec.in: update for release
- po/*.po*: updated localization and regenerated
2013-10-01 15:04:14 +08:00
Doug Goldstein
45cd9aa2d4 VMware: Initial VMware Fusion support
Add support for VMware Fusion in the existing VMware driver.  Connect
via the URI vmwarefusion:///session
2013-09-29 18:40:36 +08:00
Laine Stump
b83d26f6c4 qemu: support ich9-intel-hda audio device
This resolves one of the issues in:

   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

This device is identical to qemu's "intel-hda" device (known as "ich6"
in libvirt), but has a different PCI device ID (which matches the ID
of the hda audio built into the ich9 chipset, of course). It's not
supported in earlier versions of qemu, so it requires a capability
bit.
2013-09-25 10:38:02 -04:00
Jiri Denemark
0543e0d212 docs: Load libvirt_access*.xml from build dir
The xml files are generated in build directory and thus docs/newapi.xsl
was not able to find them in a VPATH build.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-23 14:16:45 +02:00
Giuseppe Scrivano
ab42c22627 doc: fix XML for the RNG device example
Add a missing '/' to close the "source" element.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-09-18 17:14:49 +02:00
Diego Woitasen
22547b4c98 Add forwarder attribute to <dns/> element
Useful to set custom forwarders instead of using the contents of
/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
resolve VM domain names from domain 0, when domain option is used.

Signed-off-by: Diego Woitasen <diego.woitasen@vhgroup.net>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-17 17:47:33 -06:00
Doug Goldstein
4b5652d0dc Allow <source> for type=block to have no dev
Currently the XML parser already allows the following syntax:
  <disk type='block' device='cdrom'>
    <source startupPolicy='optional'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

But it if the dev value is NULL then it would not have the leading
"<source ", resulting in invalid XML.
2013-09-17 14:10:40 -05:00
Aline Manera
8ffe1d0c46 Add tftp protocol support for cdrom disk
qemu/KVM also supports a tftp URL while specifying the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='tftp' name='/url/path'>
        <host name='host.name' port='69'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
0f24393e60 Add ftps protocol support for cdrom disk
The ftps protocol is another protocol supported by qemu/KVM while specifying
the cdrom ISO image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='ftps' name='/url/path'>
        <host name='host.name' port='990'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Aline Manera
d9dd981801 Add https protocol support for cdrom disk
The https protocol is also accepted by qemu/KVM when specifying the cdrom ISO
image.

The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='https' name='/url/path'>
        <host name='host.name' port='443'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-09-17 14:45:02 +01:00
Daniel P. Berrange
5e6a85c765 Add some notes about security considerations when using LXC
Describe some of the issues to be aware of when configuring LXC
guests with security isolation as a goal.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-12 11:48:29 +01:00
Daniel Veillard
a41e95db50 Repair the search on libvirt.org
First make sure that the input is xhtml as the stylesheets expect
namespaced element, then use a span element instead of a as a
is treated specially, finally adjust the makefile to check for
the new span element and replace it with the PHP code
2013-09-12 17:18:32 +08:00
Daniel P. Berrange
420ebcfe01 Update docs about user namespace for LXC
Mention that user namespace can be enabled using the UID/GID
mapping schema.

Fix typo in link anchor for container args in domain XML docs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-11 11:46:31 +01:00
Oskari Saarenmaa
c9e1c6a93e docs, comments: minor typo fixes
Signed-off-by: Oskari Saarenmaa <os@ohmu.fi>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-10 17:06:41 -06:00
Ján Tomko
75ad8b67d4 Fix a typo in network XML docs 2013-09-05 13:46:29 +02:00
Ján Tomko
437b7944a8 Add '<nat>' element to '<forward>' network schemas
Commits 905629f4 and 1716e7a6 have added support for specifying
an IPv4 range and a port range to be used by NAT:
<forward mode='nat'>
  <nat>
    <address start='10.20.30.40' end='10.20.30.44'/>
    <port start='60000' end='65432'/>
  </nat>
</forward>

https://bugzilla.redhat.com/show_bug.cgi?id=1004364
2013-09-05 13:45:49 +02:00
Martin Kletzander
d7d8fef4b9 docs: Add OpenStack into references 2013-09-04 16:24:40 +02:00
Doug Goldstein
f8456e5a18 VMX: Add cdrom-raw dev type from VMWare Fusion
According to VMWare's documentation 'cdrom-raw' is an acceptable value
for deviceType for a CD-ROM drive. The documentation states that the VMX
configuration for a CD-ROM deviceType is as follows:

ide|scsi(n):(n).deviceType = "cdrom-raw|atapi-cdrom|cdrom-image"

From the documentation it appears the following is true:
- cdrom-image = Provides the ISO to the VM
- atapi-cdrom = Provides a NEC emulated ATAPI CD-ROM on top of the host
  CD-ROM
- cdrom-raw = Passthru for a host CD-ROM drive. Allows CD-R burning from
  within the guest.

A CD-ROM prior to this patch would always provide an 'atapi-cdrom' is
modeled as:
  <disk type='block' device='cdrom'>
    <source dev='/dev/scd0'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>

This patch allows the 'device' attribute to be set to 'lun' for a raw
acccess CD-ROM such as:
  <disk type='block' device='lun'>
    <source dev='/dev/scd0'/>
    <target dev='hda' bus='ide'/>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </disk>
2013-09-02 17:41:30 -05:00
Cole Robinson
3730353f63 domain_conf: Add disk bus=sd, wire it up for qemu
This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
Needed for many ARM boards which don't provide any other way to
pass in storage.
2013-09-02 16:53:40 -04:00
Cole Robinson
7c9617641d qemu: Don't add default memballoon device on ARM
And add test cases for a basic working ARM guest.
2013-09-02 16:53:39 -04:00
Fred A. Kemp
feba2febce qemu: Support setting the 'removable' flag for USB disks
Add an attribute named 'removable' to the 'target' element of disks,
which controls the removable flag. For instance, on a Linux guest it
controls the value of /sys/block/$dev/removable. This option is only
valid for USB disks (i.e. bus='usb'), and its default value is 'off',
which is the same behaviour as before.

To achieve this, 'removable=on' (or 'off') is appended to the '-device
usb-storage' parameter sent to qemu when adding a USB disk via
'-disk'. A capability flag QEMU_CAPS_USB_STORAGE_REMOVABLE was added
to keep track if this option is supported by the qemu version used.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=922495
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-09-02 14:45:38 +02:00
Daniel Veillard
85240daba2 Release of libvirt-1.1.2
* configure.ac docs/news.html.in libvirt.spec.in: update for the release
* po/*.po*: merged new localizations and regenerated
2013-09-02 09:47:37 +08:00
Eric Blake
cd3fa76222 build: shipped files must not depend on BUILT_SOURCES
'make distcheck' was failing with:
make[3]: Entering directory `/home/eblake/libvirt-tmp2/libvirt-1.1.1/_build/docs'
perl ../../docs/genaclperms.pl ../../src/access/viraccessperm.h > ../../docs/aclperms.htmlinc
/bin/sh: ../../docs/aclperms.htmlinc: Permission denied

when simulating the case of a user doing a VPATH build from a
read-only source tree.  The culprit?  BUILT_SOURCES are _always_
built, and so must NOT be built into srcdir and need not be part
of the tarball.  On the other hand, shipped files must never
depend on files in the builddir.  While it would be possible to
fix the problem by generating aclperms.htmlinc into builddir,
we then have the problem that we ship acl.html - we'd have to
rejigger a lot of things to not ship pre-built html.  So this
patch goes the other direction - we don't need BUILT_SOURCES,
but instead ensure that we have proper dependencies so that
all files in srcdir are up-to-date at the time the tarball is
created.  And because we ship html files in the tarball, that
implies we don't expect users to be able to rebuild them, so
we must not clean any files that would trigger a rebuild except
under the maintainer rules.

* docs/Makefile.am (BUILT_SOURCES): Delete.
(CLEANFILES): Downgrade aclperms.htmlinc cleanup...
(maintainer-clean-local): ...and move hvsupport.html.in...
(MAINTAINERCLEANFILES): ...to a maintainer action.
(hvsupport.html.in): Write into srcdir.
(hvsupport.html): Ensure files are built in order.
(aclperms.htmlinc): Honor silent make.
(EXTRA_DIST): Ship aclperms.htmlinc.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 20:45:22 -06:00
Eric Blake
f06eb52fff build: fix 'make distcheck' out of the box
With the 1.1.1 tarball, if a user does 'make && make distcheck',
things pass, but if they do 'make distcheck' after 'make clean',
there is an odd failure:

  GEN      ../../docs/devhelp/index.html
I/O error : Permission denied
I/O error : Permission denied
runtime error: file ../../docs/devhelp/devhelp.xsl line 43 element document
xsltDocumentElem: unable to save to ../../docs/devhelp/libvirt-virterror.html
I/O error : Permission denied
I/O error : Permission denied

This implies that the rules for 'make dist' are missing a
dependency - the generated documentation needs to be up-to-date
before creating the tarball, or else the tarball will be missing
files, where the end user will end up trying to rebuild files in
srcdir, and that fails when srcdir is read-only.

1.1.1 plus this patch now works without issues (other issues have
crept in to 1.1.2-rc1 that prevent 'make distcheck' from working,
but those will be cleaned up in later patches).

* docs/Makefile.am (dist-local): New dependency.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-30 19:36:35 -06:00
Ján Tomko
01cda91809 Add pcihole64 element to root PCI controllers
<controller type='pci' index='0' model='pci-root'>
  <pcihole64 unit='KiB'>1048576</pcihole64>
</controller>

It can be used to adjust (or disable) the size of the 64-bit
PCI hole. The size attribute is in kilobytes (different unit
can be specified on input), but it gets rounded up to
the nearest GB by QEMU.

Disabling it will be needed for guests that crash with the
64-bit PCI hole (like Windows XP), see:
https://bugzilla.redhat.com/show_bug.cgi?id=990418
2013-08-27 17:42:29 +02:00
Aline Manera
796513d7cc Add ftp protocol support for cdrom disk
The ftp protocol is already recognized by qemu/KVM so add this support to
libvirt as well.
The xml should be as following:

     <disk type='network' device='cdrom'>
       <source protocol='ftp' name='/url/path'>
         <host name='host.name' port='21'/>
       </source>
     </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Aline Manera
3485ce4e9d Add http protocol support for cdrom disk
QEMU/KVM already allows a HTTP URL for the cdrom ISO image so add this support
to libvirt as well.
The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='http' name='/url/path'>
        <host name='host.name' port='80'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Jiri Denemark
8a38db0dd9 schema: Allow dots in device aliases
Commit 01b88127 changed aliases for PCI controller devices to "pcie.0" or
"pci.%u". Thus device aliases may now contain dots.
2013-08-26 15:26:49 +02:00
Claudio Bley
2a40951148 Test for object identity when checking for None in Python
Consistently use "is" or "is not" to compare variables to None,
because doing so is preferrable, as per PEP 8
(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):

> Comparisons to singletons like None should always be done with is or
> is not, never the equality operators.
2013-08-23 08:12:26 +02:00
John Ferlan
fc82f0adde docs: Reformat <disk> attribute description in formatdomain
Reformat the description to more cleanly delineate the attributes
for a <disk> element.
2013-08-22 07:17:19 -04:00
John Ferlan
c753749c27 docs: Update iSCSI storage pool example
Update the iSCSI storage pool example to include the secret
2013-08-20 13:27:44 -04:00
John Ferlan
4ba0529078 docs: Update formatsecrets to include more examples of each type
Update formatsecret docs to describe the various options and provide examples
in order to set up secrets for each type of secret.
2013-08-20 13:27:44 -04:00
John Ferlan
cb3b7dce7c docs: Update the formatdomain disk examples
Add more iSCSI examples including having a secret attached. There are 4 new
examples; one for each way to have an iSCSI - a network disk using virtio,
a passthrough network lun using scsi, a volume disk using "mode='host'",
and a volume disk using "mode='direct'"
2013-08-20 13:27:44 -04:00
Eric Blake
0f082e699e selinux: distinguish failure to label from request to avoid label
https://bugzilla.redhat.com/show_bug.cgi?id=924153

Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
an attribute relabel='no' in order to try and minimize the
impact of shutdown delays when an NFS server disappears.  The idea
was that if a disk is on NFS and can't be labeled in the first
place, there is no need to attempt the (no-op) relabel on domain
shutdown.  Unfortunately, the way this was implemented was by
modifying the domain XML so that the optimization would survive
libvirtd restart, but in a way that is indistinguishable from an
explicit user setting.  Furthermore, once the setting is turned
on, libvirt avoids attempts at labeling, even for operations like
snapshot or blockcopy where the chain is being extended or pivoted
onto non-NFS, where SELinux labeling is once again possible.  As
a result, it was impossible to do a blockcopy to pivot from an
NFS image file onto a local file.

The solution is to separate the semantics of a chain that must
not be labeled (which the user can set even on persistent domains)
vs. the optimization of not attempting a relabel on cleanup (a
live-only annotation), and using only the user's explicit notation
rather than the optimization as the decision on whether to skip
a label attempt in the first place.  When upgrading an older
libvirtd to a newer, an NFS volume will still attempt the relabel;
but as the avoidance of a relabel was only an optimization, this
shouldn't cause any problems.

In the ideal future, libvirt will eventually have XML describing
EVERY file in the backing chain, with each file having a separate
<seclabel> element.  At that point, libvirt will be able to track
more closely which files need a relabel attempt at shutdown.  But
until we reach that point, the single <seclabel> for the entire
<disk> chain is treated as a hint - when a chain has only one
file, then we know it is accurate; but if the chain has more than
one file, we have to attempt relabel in spite of the attribute,
in case part of the chain is local and SELinux mattered for that
portion of the chain.

* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
member.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
Parse it, for live images only.
(virSecurityDeviceLabelDefFormat): Output it.
(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
(virDomainDiskDefFormat): Pass flags on through.
* src/security/security_selinux.c
(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
when possible.
(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
norelabel, if labeling fails.
(virSecuritySELinuxSetFileconHelper): Fix indentation.
* docs/formatdomain.html.in (seclabel): Document new xml.
* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
New test files.
* tests/qemuxml2argvtest.c (mymain): Run the new tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-20 10:39:03 -06:00
Michal Privoznik
8563b091ff docs: Clean 09adfdc62d up 2013-08-20 10:33:33 +02:00
Michal Privoznik
09adfdc62d docs: Discourage users to set hard_limit
In one of my previous patches I am removing the hard_limit heuristic to
guess the correct value if none set. However, it turned out, this limit
is hard to guess even for users. We should advise them to not set the
limit as their domains may be OOM killed. Sigh.
2013-08-19 12:15:25 +02:00
Daniel P. Berrange
7a7cb0934e Update polkit examples to use 'lookup' method
Feedback from the polkit developers indicates that the
"_detail_XXXX" attributes are a private implementation
detail. Our examples should be recommending use of the
"action.lookup('XXX')" method instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-16 16:57:09 +01:00
Xuesong Zhang
3607ab58c9 docs: fix usb node device sub-element names 2013-08-15 11:40:50 +02:00
Laine Stump
4f595ba61c network: permit upstream forwarding of unqualified DNS names
This resolves the issue that prompted the filing of

  https://bugzilla.redhat.com/show_bug.cgi?id=928638

(although the request there is for something much larger and more
general than this patch).

commit f3868259ca disabled the
forwarding to upstream DNS servers of unresolved DNS requests for
names that had no domain, but were just simple host names (no "."
character anywhere in the name). While this behavior is frowned upon
by DNS root servers (that's why it was changed in libvirt), it is
convenient in some cases, and since dnsmasq can be configured to allow
it, it must not be strictly forbidden.

This patch restores the old behavior, but since it is usually
undesirable, restoring it requires specification of a new option in
the network config. Adding the attribute "forwardPlainNames='yes'" to
the <dns> elemnt does the trick - when that attribute is added to a
network config, any simple hostnames that can't be resolved by the
network's dnsmasq instance will be forwarded to the DNS servers listed
in the host's /etc/resolv.conf for an attempt at resolution (just as
any FQDN would be forwarded).

When that attribute *isn't* specified, unresolved simple names will
*not* be forwarded to the upstream DNS server - this is the default
behavior.
2013-08-14 09:46:22 -04:00
Philipp Hahn
ced2e3bed3 doc: storage pool permission copy-paste fix
The description for <permissions> was copied from the storage volume
section to the storage pool section, but the semantics are different:
1. Currently only the "dir", "fs" and "netfs" storage pools use it.
2. They use it only to build the final directory.
3. A default for the storage volumes can't be set.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-08-13 14:55:04 -06:00
Eric Blake
70547bacae docs: mention VIR_TEST_RANGE
Commit ab92ae333 added a cool feature, but didn't document it.

* docs/hacking.html.in: Document debugging a subset of tests.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 20:44:41 -06:00
Daniel P. Berrange
12f22856bf Document use of systemd socket activation
Add to the docs/drvlxc.html.in documentation to describe how to
configure systemd to auto-activate a container when a client
connects to a socket

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-12 17:17:03 +01:00
Eric Blake
70363ea9ff build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc).  While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior).  Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on.  It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).

Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable.  Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.

* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:02:38 -06:00
Ján Tomko
4ce91f6ebd Remove leftovers from hyperv spinlocks documentation
Somehow I managed to leave this monstrosity in.
Introduced by 800b51d.
2013-08-12 14:34:17 +02:00
Daniel P. Berrange
b6c7e3bb52 Fix typo in domain name in polkit acl example
Signed-off-by: Daniel P. Berrange <dan@berrange.com>
2013-08-09 20:03:42 +01:00
Daniel P. Berrange
da13f2c70c Add documentation for access control system
This adds two new pages to the website, acl.html describing
the general access control framework and permissions models,
and aclpolkit.html describing the use of polkit as an
access control driver.

page.xsl is modified to support a new syntax

  <div id="include" filename="somefile.htmlinc"/>

which will cause the XSL transform to replace that <div>
with the contents of 'somefile.htmlinc'. We use this in
the acl.html.in file, to pull the table of permissions
for each libvirt object. This table is autogenerated
from the enums in src/access/viraccessperms.h by the
genaclperms.pl script.

newapi.xsl is modified so that the list of permissions
checks shown against each API will link to the description
of the permissions in acl.html

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 17:13:02 +01:00
Daniel P. Berrange
664ab2801d Add info about access control checks into API reference
So that app developers / admins know what access control checks
are performed for each API, this patch extends the API docs
generator to include details of the ACLs for each.

The gendispatch.pl script is extended so that it generates
a simple XML describing ACL rules, eg.

  <aclinfo>
    ...
    <api name='virConnectNumOfDomains'>
      <check object='connect' perm='search_domains'/>
      <filter object='domain' perm='getattr'/>
    </api>
    <api name='virDomainAttachDeviceFlags'>
      <check object='domain' perm='write'/>
      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
    </api>
    ...
  </aclinfo>

The newapi.xsl template loads the XML files containing the ACL
rules and generates a short block of HTML for each API describing
the parameter checks and return value filters (if any).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 11:59:46 +01:00
Guannan Ren
93319da42c conf: add startupPolicy attribute for harddisk
Add startupPolicy attribute for harddisk with type "file",
"block" and "dir". 'requisite' is not supported currently for
harddisk.
2013-08-07 14:31:34 +08:00
Laine Stump
62ac6b4354 qemu: add dmi-to-pci-bridge controller
This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
and implemented with qemu's "i82801b11-bridge" device, connects to a
PCI Express slot (e.g. one of the slots provided by the pcie-root
controller, aka "pcie.0" on the qemu commandline), and provides 31
*non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.

Any time a machine is defined which has a pcie-root controller
(i.e. any q35-based machinetype), libvirt will automatically add a
dmi-to-pci-bridge controller if one doesn't exist, and also add a
pci-bridge controller. The reasoning here is that any useful domain
will have either an immediate (startup time) or eventual (subsequent
hot-plug) need for a standard PCI slot; since the pcie-root controller
only provides PCIe slots, we need to connect a dmi-to-pci-bridge
controller to it in order to get a non-hot-plug PCI slot that we can
then use to connect a pci-bridge - the slots provided by the
pci-bridge will be both standard PCI and hot-pluggable.

Since pci-bridge devices themselves can not be hot-plugged into a
running system (although you can hot-plug other devices into a
pci-bridge's slots), any new pci-bridge controller that is added can
(and will) be plugged into the dmi-to-pci-bridge as long as it has
empty slots available.

This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
the automatically added dmi-to-pci-bridge and pci-bridge devices, and
the "after" xml can include it - this way we are testing if libvirt is
properly adding these devices.
2013-08-05 15:40:49 -04:00
Laine Stump
48a3f48ac5 qemu: add pcie-root controller
This controller is implicit on q35 machinetypes. It provides 31 PCIe
(*not* PCI) slots as controller 0.

Currently there are no devices that can connect to pcie-root, and no
implicit pci controller on a q35 machine, so q35 is still
unusable. For a usable q35 system, we need to add a
"dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
and provides standard pci slots that can be used to connect other
devices.
2013-08-05 15:13:56 -04:00
Yuri Chornoivan
5b4c035b08 Fix minor typos in messages and docs
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-30 07:07:33 -06:00
Daniel Veillard
e9b8c9dc80 Release of libvirt-1.1.1
* configure.ac docs/news.html.in: update for the release
* po/*.po*: update localizations and regenerate
2013-07-30 17:38:35 +08:00
Michal Privoznik
d7a4a9b2ff formatdomain.html.in: Document implementation limitation of QoS
The outbound/@peak is ignored (since QoS was introduced). This is due to
kernel limitation of know allowing ingress filters to have peak just
average rate. However, we should document this limitation to not confuse
users.
2013-07-26 11:45:10 +02:00
Michal Privoznik
0884be37e3 formatdomain.html.in: Correctly use <code/> in #elementQoS
Interestingly, we had <code>floor<code> ... </code>outbound</code> which
results in much larger block of text to be written in code style that
intended.
2013-07-26 11:45:10 +02:00
John Ferlan
c00b2f0dd1 conf: Introduce new XML tag "mode" for disk source
There are two ways to use a iSCSI LUN as disk source for qemu.

 * The LUN's path as it shows up on host, e.g.
   /dev/disk/by-path/ip-$ip:3260-iscsi-$iqn-fc18:iscsi.iscsi0-lun-1

 * The libiscsi URI from the storage pool source element host attribute, e.g.
   iscsi://demo.org:6000/iqn.1992-01.com.example/1

For a "volume" type disk, if the specified "pool" is of iscsi
type, we should support to use the LUN in either of above 2 ways.
That's why to introduce a new XML tag "mode" for the disk source
(libvirt should support iscsi pool with libiscsi, but it's another
new feature, which should be done later).

The "mode" can be either of "host" or "direct". Use "host" to indicate
use of the LUN with the path as it shows up on host. Use "direct" to
indicate to use it with the source pool host URI (future patches may support
to use network type libvirt storage too, e.g. Ceph)
2013-07-22 14:01:04 -04:00
Eric Blake
d21d40bf0c maint: split long lines in Makefiles
Makefiles are another easy file to enforce line limits.

Mostly straightforward; interesting tricks worth noting:
src/Makefile.am: $(confdir) was already defined, use it in more places
tests/Makefile.am: path_add and VG required some interesting compression

* cfg.mk (sc_prohibit_long_lines): Add another test.
* Makefile.am: Fix offenders.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-19 05:25:35 -06:00
Daniel P. Berrange
040d996342 Merge virCommandPreserveFD / virCommandTransferFD
Merge the virCommandPreserveFD / virCommandTransferFD methods
into a single virCommandPasFD method, and use a new
VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
in behaviour

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-18 12:18:24 +01:00
John Ferlan
57b65c58d0 Allow balloon driver collection to be adjusted dynamically
Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
usage of a new --period option in order to set the collection period for the
balloon driver. This may enable or disable the collection based on the value.

Add the --current, --live, & --config options to dommemstat.
2013-07-16 08:44:53 -04:00
John Ferlan
9ed3a5ca34 Add 'period' for Memballoon statistics gathering capability
Add a period in seconds to allow/enable statistics gathering from the
Balloon driver for 'virsh dommemstat <domain>'.
2013-07-16 08:44:52 -04:00
Martin Kletzander
efab27afbf Make logical pools independent on target path
When using logical pools, we had to trust the target->path provided.
This parameter, however, can be completely ommited and we can use
'/dev/<source.name>' safely and populate it to target.path.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=952973
2013-07-16 12:16:37 +02:00
Peter Krempa
3c8be55c04 cpu: Allow fine tuning of "host-model" cpu
https://bugzilla.redhat.com/show_bug.cgi?id=799354

Until now, the "host-model" cpu mode couldn't be influenced. This patch
allows to use the <feature> elements to either enable or disable
specific CPU flags. This can be used to force flags that can be emulated
even if the host CPU doesn't support them.
2013-07-16 10:51:30 +02:00
John Ferlan
eb0d79c64b storage_pool: Rework chap XML to mimic ceph
The existing 'chap' XML logic was never used - just defined.  Rather than
try to insert a square peg into a round hole, blow it up and rewrite the
logic to follow the 'ceph' format.

Remove the former "chap.login" and "chap.passwd" fields and replace
with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
Adjust the virStoragePoolDefParseAuthChap() to process.

Change the rng file to describe the new layout

Update the formatstorage.html to describe the usage of the secret element
to mention that the secret type "iscsi" and "ceph" can be used
to storage pool too.

Update the formatsecret.html to include a reference to the storage pool

Update tests to handle the changes from 'login' and 'passwd' to 'username'
and '<secret>' format
2013-07-15 12:41:12 -04:00
Michal Privoznik
9021488a5b Adapt to VIR_ALLOC and virAsprintf in docs/ 2013-07-10 11:07:31 +02:00
Eric Blake
1e503ee534 build: honor autogen.sh --no-git
Based on a report by Chandrashekar Shastri, at
https://bugzilla.redhat.com/show_bug.cgi?id=979360

On systems where git cannot access the outside world, a developer
can instead arrange to get a copy of gnulib at the right commit
via side channels (such as NFS share drives), set GNULIB_SRCDIR,
then use ./autogen.sh --no-git.  In this setup, we will now
avoid direct use of git.  Of course, this means no automatic
gnulib updates when libvirt.git updates its submodule, but it
is expected that any developer in such a situation is already
prepared to deal with the fallout.

* .gnulib: Update to latest, for bootstrap.
* bootstrap: Synchronize from gnulib.
* autogen.sh (no_git): Avoid git when requested.
* cfg.mk (_update_required): Skip automatic rerun of bootstrap if
we can't use git.
* docs/compiling.html.in: Document this setup.
* docs/hacking.html.in: Mention this.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 16:15:29 -06:00
Eric Blake
040d3f7758 maint: tweak use of <a> in HACKING
The previous handling of <a> tags led to some less-than-ideal
layout in HACKING (most noticeable on a mid-sentence reference
to the valgrind home page).

* docs/hacking.html.in: Slight tweaks to <a> tags.
* docs/hacking1.xsl: Move <a> handling...
* docs/hacking2.xsl: ...here.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-09 11:49:20 -06:00
Ján Tomko
2e4dd4107e conf: don't check hyperv spinlock retries if disabled
<hyperv>
  <spinlocks state='off'/>
</hyperv>

results in:
error: XML error: missing HyperV spinlock retry count

Don't require retries when state is off and use virXPathUInt
instead of virXPathString to simplify parsing.

https://bugzilla.redhat.com/show_bug.cgi?id=784836#c19
2013-07-04 18:39:56 +02:00
Gao feng
6c30ea2c35 LXC: Introduce New XML element for user namespace
This patch introduces new element <idmap> for
user namespace. for example
<idmap>
    <uid start='0' target='1000' count='10'/>
    <gid start='0' target='1000' count='10'/>
</idmap>

this new element is used for setting proc files
/proc/<pid>/{uid_map,gid_map}.

This patch also supports multiple uid/gid elements
setting in XML configuration.

We don't support the semi configuation, user has to
configure uid and gid both.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
2013-07-02 11:20:04 +01:00
Peter Krempa
23770d7b55 docs: Document hypervisor drivers that support certain timer models
Not every timer model is supported with each hypervisor. Explicitly
mention the driver supporting each timer model.
2013-07-02 09:41:26 +02:00
Michal Novotny
ff96888991 qemu: Implement CPUs check against machine type's cpu-max
Implement check whether (maximum) vCPUs doesn't exceed machine
type's cpu-max settings.

On older versions of QEMU the check is disabled.

Signed-off-by: Michal Novotny <minovotn@redhat.com>
2013-07-01 14:30:42 +02:00
Daniel Veillard
034d322978 Release of libvirt-1.1.0
* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
* po/*.po*: updated localizations and regenerated
2013-07-01 17:22:49 +08:00
Daniel P. Berrange
49e6a16f82 Document security reporting & handling process
Historically security issues in libvirt have been primarily
triaged & fixed by the Red Hat libvirt members & Red Hat
security team, who then usually notify other vendors via
appropriate channels. There have been a number of times
when vendors have not been properly notified ahead of
announcement. It has also disadvantaged community members
who have to backport fixes to releases for which there are
no current libvirt stable branches.

To address this, we want to make the libvirt security process
entirely community focused / driven. To this end I have setup
a new email address "libvirt-security@redhat.com" for end
users to report bugs which have (possible) security implications.

This email addr is backed by an invitation only, private
archive, mailing list. The intent is for the list membership
to comprise a subset of the libvirt core team, along with any
vendor security team engineers who wish to participate in a
responsible disclosure process for libvirt. Members of the
list will be responsible for analysing the problem to determine
if a security issue exists and then issue fixes for all current
official stable branches & git master.

I am proposing the following libvirt core team people as
members of the security team / list (all cc'd):

   Daniel Berrange (Red Hat)
   Eric Blake (Red Hat)
   Jiri Denemar (Red Hat)
   Daniel Veillard (Red Hat)
   Jim Fehlig (SUSE)
   Doug Goldstein (Gentoo)
   Guido Günther (Debian)

We don't have anyone from Ubuntu on the libvirt core team.
Serge Hallyn is the most frequent submitter of patches from
Ubuntu in recent history, so I'd like to invite him to join.
Alternatively, Serge, feel free to suggest someone else to
represent Ubuntu's interests.

If any other vendors/distros have security people who are
responsible for dealing with libvirt security issues, and
want to join to get early disclosure of issues, they can
suggest people. Existing security team members will vet /
approve such requests to ensure they are genuine.

Anyone on the team / list will be **required** to honour any
embargo period agreed between members for non-public issues
that are reported. The aim will be to have a maximum 2 week
embargo period in the common case, extendable to 1 month if
there is sufficient justification made. If anyone feels they
are unable to follow such an embargo process for whatever
reason, please decline membership of the security list/team.

The patch which follows puts up some docs on the website
about all of this....

Document how to report security bugs and the process that
will be used for addressing them.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-07-01 11:08:58 +08:00
Philipp Hahn
dc8614d7ed doc: Fix reference to #elementsUSB
aae0fc2a92 removed the #elementsUSB anchor
but did not update the links to point to the new section #elementsHostDev.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2013-06-28 15:59:47 -04:00
Laine Stump
8807b28559 nodedev: add iommuGroup to node device object
This includes adding it to the nodedev parser and formatter, docs, and
test.

An example of the new iommuGroup element that is a part of the output
from "virsh nodedev-dumpxml" (virNodeDeviceGetXMLDesc()):

  <device>
    <name>pci_0000_02_00_1</name>
    <capability type='pci'>
    ...
      <iommuGroup number='12'>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
        <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/>
      </iommuGroup>
    </capability>
  </device>
2013-06-26 14:10:56 -04:00
Stefan Berger
7070a572aa Fix sample TPM XML
Fix an error in the sample TPM XML.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2013-06-26 08:29:08 -04:00
Laine Stump
ab0c8df0b1 docs: correct and update network vlan example
Somehow I put an example of a domain interface with a <vlan> element
into the network documentation.

This patch replaces that with an example of a network definition that
has a vlan element with trunk='yes', multiple tags, and even the new
nativeMode attribute. It also includes a <portgroup> that has a vlan
defined.
2013-06-26 02:21:23 -04:00
Ján Tomko
11a5c957f4 Use 1.1.0 everywhere in the documentation
Since we already have the v1.1.0-rc1 tag in git.
2013-06-25 15:37:31 +02:00
james robson
861d40565e Configure native vlan modes on Open vSwitch ports
This patch adds functionality to allow libvirt to configure the
'native-tagged' and 'native-untagged' modes on openvswitch networks.

Signed-off-by: Laine Stump <laine@redhat.com>
2013-06-25 00:22:36 -04:00
Jiri Denemark
c0762b6518 New internal migration APIs with extensible parameters
This patch implements extensible variants of all internal migration APIs
used for v3 migration.
2013-06-25 01:13:16 +02:00
Jiri Denemark
d0d5acb511 Introduce virTypedParamsCopy internal API 2013-06-25 00:38:25 +02:00
Jiri Denemark
fefb0d5464 Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
All APIs that take typed parameters are only using params address in
their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
macro, all functions can easily log all individual typed parameters
passed to them.
2013-06-25 00:38:24 +02:00
Jiri Denemark
637a7c865a Introduce virTypedParamsCheck internal API
This API is useful for checking whether only a specific subset of
supported typed parameters were passed.
2013-06-25 00:38:24 +02:00
Jiri Denemark
c40ed4168a Rename virTypedParameterArrayValidate as virTypedParamsValidate 2013-06-25 00:38:24 +02:00
Ján Tomko
31d42506fb conf: add features to volume target XML
Add <features> and <compat> elements to volume target XML.

<compat> is a string which for qcow2 represents the QEMU version
it should be compatible with. Valid values are 0.10 and 1.1.
1.1 is implicit if the <features> element is present, otherwise
qemu-img default is used. 0.10 can be specified to explicitly
create older images after the qemu-img default changes.

<features> contains optional features, so far
<lazy_refcounts/> is available, which enables caching of reference
counters, improving performance for snapshots.
2013-06-21 13:25:30 +02:00
Ján Tomko
800b51d7b0 conf: add vapic and spinlocks to hyperv features
Add new CPU features for HyperV:
vapic for virtual APIC support
spinlocks for setting spinlock support

<features>
  <hyperv>
    <vapic state='on'/>
    <spinlocks state='on' retries='4096'/>
  </hyperv>
</features>

https://bugzilla.redhat.com/show_bug.cgi?id=784836
2013-06-21 12:33:46 +02:00