Currently translated at 100.0% (10393 of 10393 strings)
Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/cs/
Co-authored-by: Pavel Borecki <pavel.borecki@gmail.com>
Signed-off-by: Pavel Borecki <pavel.borecki@gmail.com>
In most cases the replacement is straightforward, with the
biggest difference being that we now schedule restarts during
%pre instead of %post. This also means that we can get rid of
%post for most packages, reducing the number of scriptlets that
need to run during install/upgrade.
Notable exceptions are libvirt-guests.service, where we stop
using the standard systemd macros to adopt our custom ones, as
well as the virtlogd and virtlockd services, where the reload
operation is moved from %postun to %posttrans.
https://bugzilla.redhat.com/show_bug.cgi?id=2210058
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
systemd provides a number of standard RPM macros but they don't
quite satisfy our requirements, as evidenced by the fact that we
have already built some custom tooling around them.
Scenarios that the standard macros don't cover and that we're
already addressing with our custom ones:
* for some services (libvirtd, virtnetworkd, virtnwfilterd)
there are multiple conditions that might lead to a restart,
and we want to make sure that they're not needlessly
restarted several times per transaction;
* some services (virtlogd, virtlockd) must not be restarted
during upgrade, so we have to reload them instead.
Issues that neither the standard macros nor our custom ones
address:
* presets for units should be applied when the unit is first
installed, not when the package that contains it is.
The package split that happened in 9.1.0 highlighted why this
last point is so important: when virtproxyd and its sockets
were moved from libvirt-daemon to the new libvirt-daemon-proxy
package, upgrades from 9.0.0 caused presets for them to be
applied.
On a platform such as Fedora, where modular daemons are the
default, this has resulted in breaking existing deployments in
at least two scenarios.
The first one is machines that were configured to use the
monolithic daemon, either because the local admin had manually
changed the configuration or because the installation dated
back to before modular daemons had become the default. In this
case, virtproxyd.socket being enabled resulted in a silent
conflict with libvirtd.socket, which by design shares the same
path, and thus a completely broken setup.
The second one is machines where virtproxy-tls.socket, which is
disabled by default, had manually been enabled: in this case,
applying the presets resulted in it being disabled and thus a
loss of remote availability.
Note that these are just two concrete scenarios, but the problem
is more generic. For example, if we were to add more units to an
existing package, per the current approach they wouldn't have
their presets applied.
The new macros are designed to avoid all of the pitfalls
mentioned above. As a bonus, they're also simpler to use: where
the current approach requires restarts and other operations to
be handled separately, the new one integrates the two so that,
for each scriptlet, a single macro call is needed.
https://bugzilla.redhat.com/show_bug.cgi?id=2210058
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This logic was necessary when socket activation was introduced
in libvirt 5.6.0/5.7.0 in order to guarantee smooth upgrades.
These days, even the oldest platform that we target ships a
version of libvirtd that implements socket activation, so the
additional code is no longer useful and we can treat libvirtd
the same as all other services.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The current implementation pretty much assumes that targets
where modular daemons are the default will stick with that
configuration, as will targets where they're not, or that
changes to these defaults will be performed by the admin after
the packages have been installed.
This is unnecessarily limiting: for example, on a target that
defaults to using the monolithic daemon, it's entirely possible
to create a local preset such as
# /etc/systemd/system-preset/00-virt.preset
disable libvirtd.service
disable libvirtd*.socket
enable virtqemud.service
to opt into a modular daemon deployment. The opposite is of
course also true. We shouldn't get in the way of these
reasonable use cases.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
To make things more readable, use the same order (%pre, %post,
%posttrans, %preun, %postun) everywhere.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
According to our platform support policy, now that Fedora 38 is
out we no longer target Fedora 36 and older. This allows us to
simplify a few conditionals.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/
Co-authored-by: Weblate <noreply@weblate.org>
Signed-off-by: Fedora Weblate Translation <i18n@lists.fedoraproject.org>
A new bug was introduced as a part of use-after-free fix below:
commit 411cbe7199
Author: Oleg Vasilev <oleg.vasilev@virtuozzo.com>
Date: Tue Jul 4 13:10:22 2023 +0600
remote: fix stream use-after-free
When the message was processed partially, it is actually supposed to
stay in the queue to be processed again. In such case, reinsert it back.
Signed-off-by: Oleg Vasilev <oleg.vasilev@virtuozzo.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
The virRandomGenerateWWN() is used solely by nodedev driver to
autogenerate WWNN and WWNP when parsing a nodedev XML. Now, the
idea was (at least during monolithic daemon) that depending on
which hypervisor driver called the nodedev XML parsing (and
virRandomGenerateWWN() under the hood) the corresponding OUI is
used (e.g. "001a4a" for the QEMU driver).
But in era of split daemons things are not that easy. We do not
know which hypervisor driver called us. And there might be no
hypervisor driver at all - users are allowed to connect to
individual drivers directly (e.g. "nodedev:///system").
In this case, we can't use proper OUI. Well, do the next best
thing: pick one (QUMRANET_OUI).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
When automatically adding a NUMA node (qemuDomainDefNumaAutoAdd()) the
memory size of the node is computed as:
total_memory - sum(memory devices)
And we have a nice helper for that: virDomainDefGetMemoryInitial() so
it looks logical to just call it. Except, this code runs in post parse
callback, i.e. memory sizes were not validated and it may happen that
the sum is greater than the total memory. This would be caught by
virDomainDefPostParseMemory() but that runs only after driver specific
callbacks (i.e. after qemuDomainDefNumaAutoAdd()) and because the
domain config was changed and memory was increased to this huge
number no error is caught.
So let's do what virDomainDefGetMemoryInitial() would do, but
with error checking.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2216236
Fixes: f5d4f5c8ee
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Currently translated at 100.0% (10395 of 10395 strings)
Translation: libvirt/libvirt
Translate-URL: https://translate.fedoraproject.org/projects/libvirt/libvirt/cs/
Co-authored-by: Pavel Borecki <pavel.borecki@gmail.com>
Signed-off-by: Pavel Borecki <pavel.borecki@gmail.com>
OpenSUSE Leap was released recently (2023-06-07). Refresh our CI
with latest lcitool which brings this minor update.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This brings the tool's list of features in sync with qemu
commit 6f05a92ddc73ac8aa16cfd6188f907b30b0501e3.
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
These two attributes are supported for vhost-user-blk as well.
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Inside daemonStreamHandleWrite on stream completion (status=OK) we
reuse msg object to send confirmation.
Only after that, msg is poped from the queue and checked for continue.
By that time, msg might've already been processed for the confirmation
and freed.
Signed-off-by: Oleg Vasilev <oleg.vasilev@virtuozzo.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Helped to debug next patch use-after-free.
Signed-off-by: Oleg Vasilev <oleg.vasilev@virtuozzo.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
If a per-domain SWTPM state directory exists but is empty our
code still considers it a valid state and skips running
'swtpm_setup' (handled in qemuTPMEmulatorRunSetup()).
While we should not try to inspect individual files created by
swtpm, we can still consider empty folder as non-existent state.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/320
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
There might be cases where we want to know whether given
directory is empty or not. Introduce a helper for that:
virDirIsEmpty().
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Queues is supported by virtio bus, including virtio-blk and
vhost-user-blk.
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Now that we don't use it for probing at all we can remove all the
corresponding monitor code.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The capability code now probes the presence of commands from the QMP
schema instead of using 'query-commands'. Don't call the command and
adjust the '.replies' files.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Move the probing code to extract the data from the QMP schema rather
than invoking 'query-commands'. This patch doesn't yet remove the actual
invocation of 'query-commands', just moves the actual probing.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
nodeDeviceUpdateMediatedDevices invokes virMdevctlListDefined and
virMdevctlListActive both of which were passed the same 'errmsg' buffer.
Since virCommandSetErrorBuffer() always allocates the error buffer one
of them was leaked.
Fix it by populating the 'errmsg' buffer only on failure of
virMdevctlListActive|Defined which invoke the command.
Add a comment to nodeDeviceGetMdevctlListCommand reminding how
virCommandSetErrorBuffer() works.
Fixes: 44a0f2f0c8
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
The support for configuring the 'wwn' of a IDE disk was added in qemu
commit 95ebda85e09 (v1.0-1869-g95ebda85e0) and can't be compiled
out.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
The support for configuring the 'wwn' of a SCSI disk was added in qemu
commit 27395add759ff4caeb0 (v1.0-3326-g27395add75) and can't be compiled
out.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Update the test data on x86_64 to v8.0.0-2835-g361d539735
Notable changes:
- added new commands:
- cxl-inject-dram-event
- cxl-inject-general-media-event
- cxl-inject-memory-module-event
- cxl-inject-poison
- switchover-ack
- q35-8.1 machine type now supports 1024 cpus
- new cpu models:
- 'SapphireRapids-v2'
- 'GraniteRapids-v1'
- removed commands:
- x-query-profile
- cpu features which can be emulated now:
- rdseed, rdpid, 3dnowprefetch, xsaveerptr, wbnoinvd
- applicable CPU bug mitigation flags are now exposed to TCG guests to
allow using more named models
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
CVE-2023-3750
'virStoragePoolObjListSearch' explicitly documents that it's returning
a pointer to a locked and ref'd pool that maches the lookup function.
This was not the case as in commit 0c4b391e2a (released in
libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD'
which auto-unlocked it when leaving the scope, even when the code was
originally "leaking" the lock.
Revert the corresponding conversion and add a comment that this function
is intentionally leaking a locked object.
Fixes: 0c4b391e2a
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
In an effort to use strictly real capability testing all tests were
converted to do insertion of their own capabilities when required, thus
we don't need to popluate the capabilities. This will also promote using
proper capabilities based on what the test is trying to achieve.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>