mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-02 11:21:12 +00:00
95a17abda7
Add dump_image_format[] to qemu.conf and support compressed dump at virsh dump. coredump compression is important for saving disk space in an environment where multiple guests run. In general, "disk space for dump" is specially allocated and will be a dead space in the system. It's used only at emergency. So, it's better to have both of save_image_format and dump_image_format. "save" is done in scheduled manner with enough calculated disk space for it. This code reuses some of save_image_format[] and supports the same format. Changelog: - modified libvirtd_qemu.aug - modified test_libvirtd_qemu.aug - fixed error handling of qemudSaveCompressionTypeFromString()
227 lines
7.8 KiB
Plaintext
227 lines
7.8 KiB
Plaintext
module Test_libvirtd_qemu =
|
|
|
|
let conf = "# Master configuration file for the QEMU driver.
|
|
# All settings described here are optional - if omitted, sensible
|
|
# defaults are used.
|
|
|
|
# VNC is configured to listen on 127.0.0.1 by default.
|
|
# To make it listen on all public interfaces, uncomment
|
|
# this next option.
|
|
#
|
|
# NB, strong recommendation to enable TLS + x509 certificate
|
|
# verification when allowing public access
|
|
#
|
|
vnc_listen = \"0.0.0.0\"
|
|
|
|
|
|
# Enable use of TLS encryption on the VNC server. This requires
|
|
# a VNC client which supports the VeNCrypt protocol extension.
|
|
# Examples include vinagre, virt-viewer, virt-manager and vencrypt
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to setup CA and issue a server certificate
|
|
# before enabling this.
|
|
#
|
|
vnc_tls = 1
|
|
|
|
|
|
# Use of TLS requires that x509 certificates be issued. The
|
|
# default it to keep them in /etc/pki/libvirt-vnc. This directory
|
|
# must contain
|
|
#
|
|
# ca-cert.pem - the CA master certificate
|
|
# server-cert.pem - the server certificate signed with ca-cert.pem
|
|
# server-key.pem - the server private key
|
|
#
|
|
# This option allows the certificate directory to be changed
|
|
#
|
|
vnc_tls_x509_cert_dir = \"/etc/pki/libvirt-vnc\"
|
|
|
|
|
|
# The default TLS configuration only uses certificates for the server
|
|
# allowing the client to verify the server's identity and establish
|
|
# and encrypted channel.
|
|
#
|
|
# It is possible to use x509 certificates for authentication too, by
|
|
# issuing a x509 certificate to every client who needs to connect.
|
|
#
|
|
# Enabling this option will reject any client who does not have a
|
|
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
|
|
#
|
|
vnc_tls_x509_verify = 1
|
|
|
|
|
|
# The default VNC password. Only 8 letters are significant for
|
|
# VNC passwords. This parameter is only used if the per-domain
|
|
# XML config does not already provide a password. To allow
|
|
# access without passwords, leave this commented out. An empty
|
|
# string will still enable passwords, but be rejected by QEMU
|
|
# effectively preventing any use of VNC. Obviously change this
|
|
# example here before you set this
|
|
#
|
|
vnc_password = \"XYZ12345\"
|
|
|
|
|
|
# Enable use of SASL encryption on the VNC server. This requires
|
|
# a VNC client which supports the SASL protocol extension.
|
|
# Examples include vinagre, virt-viewer and virt-manager
|
|
# itself. UltraVNC, RealVNC, TightVNC do not support this
|
|
#
|
|
# It is necessary to configure /etc/sasl2/qemu.conf to choose
|
|
# the desired SASL plugin (eg, GSSPI for Kerberos)
|
|
#
|
|
vnc_sasl = 1
|
|
|
|
|
|
# The default SASL configuration file is located in /etc/sasl2/
|
|
# When running libvirtd unprivileged, it may be desirable to
|
|
# override the configs in this location. Set this parameter to
|
|
# point to the directory, and create a qemu.conf in that location
|
|
#
|
|
vnc_sasl_dir = \"/some/directory/sasl2\"
|
|
|
|
security_driver = \"selinux\"
|
|
|
|
user = \"root\"
|
|
|
|
group = \"root\"
|
|
|
|
dynamic_ownership = 1
|
|
|
|
cgroup_controllers = [ \"cpu\", \"devices\" ]
|
|
|
|
cgroup_device_acl = [ \"/dev/null\", \"/dev/full\", \"/dev/zero\" ]
|
|
|
|
save_image_format = \"gzip\"
|
|
|
|
dump_image_format = \"gzip\"
|
|
|
|
hugetlbfs_mount = \"/dev/hugepages\"
|
|
|
|
set_process_name = 1
|
|
|
|
relaxed_acs_check = 1
|
|
|
|
vnc_allow_host_audio = 1
|
|
|
|
clear_emulator_capabilities = 0
|
|
|
|
allow_disk_format_probing = 1
|
|
"
|
|
|
|
test Libvirtd_qemu.lns get conf =
|
|
{ "#comment" = "Master configuration file for the QEMU driver." }
|
|
{ "#comment" = "All settings described here are optional - if omitted, sensible" }
|
|
{ "#comment" = "defaults are used." }
|
|
{ "#empty" }
|
|
{ "#comment" = "VNC is configured to listen on 127.0.0.1 by default." }
|
|
{ "#comment" = "To make it listen on all public interfaces, uncomment" }
|
|
{ "#comment" = "this next option." }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "NB, strong recommendation to enable TLS + x509 certificate" }
|
|
{ "#comment" = "verification when allowing public access" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_listen" = "0.0.0.0" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "Enable use of TLS encryption on the VNC server. This requires" }
|
|
{ "#comment" = "a VNC client which supports the VeNCrypt protocol extension." }
|
|
{ "#comment" = "Examples include vinagre, virt-viewer, virt-manager and vencrypt" }
|
|
{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "It is necessary to setup CA and issue a server certificate" }
|
|
{ "#comment" = "before enabling this." }
|
|
{ "#comment" = "" }
|
|
{ "vnc_tls" = "1" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "Use of TLS requires that x509 certificates be issued. The" }
|
|
{ "#comment" = "default it to keep them in /etc/pki/libvirt-vnc. This directory" }
|
|
{ "#comment" = "must contain" }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "ca-cert.pem - the CA master certificate" }
|
|
{ "#comment" = "server-cert.pem - the server certificate signed with ca-cert.pem" }
|
|
{ "#comment" = "server-key.pem - the server private key" }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "This option allows the certificate directory to be changed" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "The default TLS configuration only uses certificates for the server" }
|
|
{ "#comment" = "allowing the client to verify the server's identity and establish" }
|
|
{ "#comment" = "and encrypted channel." }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "It is possible to use x509 certificates for authentication too, by" }
|
|
{ "#comment" = "issuing a x509 certificate to every client who needs to connect." }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "Enabling this option will reject any client who does not have a" }
|
|
{ "#comment" = "certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_tls_x509_verify" = "1" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "The default VNC password. Only 8 letters are significant for" }
|
|
{ "#comment" = "VNC passwords. This parameter is only used if the per-domain" }
|
|
{ "#comment" = "XML config does not already provide a password. To allow" }
|
|
{ "#comment" = "access without passwords, leave this commented out. An empty" }
|
|
{ "#comment" = "string will still enable passwords, but be rejected by QEMU" }
|
|
{ "#comment" = "effectively preventing any use of VNC. Obviously change this" }
|
|
{ "#comment" = "example here before you set this" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_password" = "XYZ12345" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" }
|
|
{ "#comment" = "a VNC client which supports the SASL protocol extension." }
|
|
{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
|
|
{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
|
|
{ "#comment" = "" }
|
|
{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
|
|
{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_sasl" = "1" }
|
|
{ "#empty" }
|
|
{ "#empty" }
|
|
{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
|
|
{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
|
|
{ "#comment" = "override the configs in this location. Set this parameter to" }
|
|
{ "#comment" = "point to the directory, and create a qemu.conf in that location" }
|
|
{ "#comment" = "" }
|
|
{ "vnc_sasl_dir" = "/some/directory/sasl2" }
|
|
{ "#empty" }
|
|
{ "security_driver" = "selinux" }
|
|
{ "#empty" }
|
|
{ "user" = "root" }
|
|
{ "#empty" }
|
|
{ "group" = "root" }
|
|
{ "#empty" }
|
|
{ "dynamic_ownership" = "1" }
|
|
{ "#empty" }
|
|
{ "cgroup_controllers"
|
|
{ "1" = "cpu" }
|
|
{ "2" = "devices" }
|
|
}
|
|
{ "#empty" }
|
|
{ "cgroup_device_acl"
|
|
{ "1" = "/dev/null" }
|
|
{ "2" = "/dev/full" }
|
|
{ "3" = "/dev/zero" }
|
|
}
|
|
{ "#empty" }
|
|
{ "save_image_format" = "gzip" }
|
|
{ "#empty" }
|
|
{ "dump_image_format" = "gzip" }
|
|
{ "#empty" }
|
|
{ "hugetlbfs_mount" = "/dev/hugepages" }
|
|
{ "#empty" }
|
|
{ "set_process_name" = "1" }
|
|
{ "#empty" }
|
|
{ "relaxed_acs_check" = "1" }
|
|
{ "#empty" }
|
|
{ "vnc_allow_host_audio" = "1" }
|
|
{ "#empty" }
|
|
{ "clear_emulator_capabilities" = "0" }
|
|
{ "#empty" }
|
|
{ "allow_disk_format_probing" = "1" }
|