Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package virt-scenario for openSUSE:Factory checked in at 2023-03-22 22:31:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virt-scenario (Old) and /work/SRC/openSUSE:Factory/.virt-scenario.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "virt-scenario" Wed Mar 22 22:31:07 2023 rev:6 rq:1073845 version:1.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/virt-scenario/virt-scenario.changes 2023-03-21 17:44:15.946615921 +0100 +++ /work/SRC/openSUSE:Factory/.virt-scenario.new.31432/virt-scenario.changes 2023-03-22 22:31:59.646601427 +0100 @@ -1,0 +2,16 @@ +Wed Mar 22 17:25:34 UTC 2023 - Antoine Ginies <[email protected]> + +- version 1.0.1: + * user can specify a VM image to use instead of creating one + +------------------------------------------------------------------- +Tue Mar 21 17:38:18 UTC 2023 - Antoine Ginies <[email protected]> + +- Major version 1.0.0: + * various SEV fixes + * improve force_sev mode + * update all documentation + * various pylint fixes +- add requires on python-psutil + +------------------------------------------------------------------- Old: ---- virt-scenario-0.7.6.tar.gz New: ---- virt-scenario-1.0.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virt-scenario.spec ++++++ --- /var/tmp/diff_new_pack.SA2wGk/_old 2023-03-22 22:32:00.134603882 +0100 +++ /var/tmp/diff_new_pack.SA2wGk/_new 2023-03-22 22:32:00.138603902 +0100 @@ -19,7 +19,7 @@ %define pythons python3 Name: virt-scenario -Version: 0.7.6 +Version: 1.0.1 Release: 0 Summary: Create XML guest configuration and prepare the host for a scenario License: GPL-3.0-or-later @@ -31,12 +31,14 @@ BuildRequires: %{python_module PyYAML} BuildRequires: %{python_module pyudev} BuildRequires: %{python_module libvirt-python} +BuildRequires: %{python_module psutil} BuildRequires: fdupes #Buildrequires: pandoc BuildArch: noarch Requires: python-PyYAML Requires: python-pyudev Requires: python-curses +Requires: python-psutil Requires: python-libvirt-python %python_subpackages ++++++ virt-scenario-0.7.6.tar.gz -> virt-scenario-1.0.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/ChangeLog new/virt-scenario-1.0.1/ChangeLog --- old/virt-scenario-0.7.6/ChangeLog 2023-03-21 11:00:51.000000000 +0100 +++ new/virt-scenario-1.0.1/ChangeLog 2023-03-22 18:24:53.000000000 +0100 @@ -1,3 +1,101 @@ +2023-03-22 aginies <[email protected]> + + improve vmimage support + + +2023-03-22 aginies <[email protected]> + + fix typo + + +2023-03-22 aginies <[email protected]> + + sync doc; prepare 1.0.1 + + +2023-03-22 aginies <[email protected]> + + finishing implementing support of already existing image + + +2023-03-22 aginies <[email protected]> + + add support using an already existing VMimage + + +2023-03-21 aginies <[email protected]> + + fix path to last function :) + + +2023-03-21 aginies <[email protected]> + + add update_virthost_cert_file to update the path to PDH file automatically + + +2023-03-21 aginies <[email protected]> + + sync with code + + +2023-03-21 aginies <[email protected]> + + update man page + + +2023-03-21 aginies <[email protected]> + + sync doc with code + + +2023-03-21 aginies <[email protected]> + + pylint fixes; prepare 1.0.0 + + +2023-03-21 Antoine Giniès <[email protected]> + + Merge pull request #10 from joergroedel/sev-fixes + virtscenario: Use listDefinedDomains() in hypervisor::dominfo() + +2023-03-21 Joerg Roedel <[email protected]> + + virtscenario: Use listDefinedDomains() in hypervisor::dominfo() + The listAllDomains() function seems to only list active domains, so + use a function which iterates over all defined domains. + + + +2023-03-21 Antoine Giniès <[email protected]> + + Merge pull request #9 from joergroedel/sev-fixes + Sev fixes + +2023-03-21 Joerg Roedel <[email protected]> + + virtscenario: Re-implement hypervisor::dominfo() + This suppresses an unwanted warning issued by libvirt when the domain + does not exist yet. + + + +2023-03-21 Joerg Roedel <[email protected]> + + virtscenario: Prioritize pre-configured PDH file + + +2023-03-21 Joerg Roedel <[email protected]> + + virtscenario_launch: Specify firmware in virt-qemu-sev-validate + + +2023-03-21 Joerg Roedel <[email protected]> + + virtscenario: Set attestation=True in VM YAML file + When SEV attestation is enabled, reflect that in the YAML settings. + + + 2023-03-21 aginies <[email protected]> fix memoryuser diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/PKG-INFO new/virt-scenario-1.0.1/PKG-INFO --- old/virt-scenario-0.7.6/PKG-INFO 2023-03-21 11:00:51.000000000 +0100 +++ new/virt-scenario-1.0.1/PKG-INFO 2023-03-22 18:24:53.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: virt-scenario -Version: 0.7.6 +Version: 1.0.1 Summary: Virt-scenario Home-page: https://github.com/aginies/virt-scenario Author: Antoine Ginies @@ -12,15 +12,15 @@ # Goals - **EXPERIMENTATION** FOR [SUSE ALP OS](https://documentation.suse.com/alp/all/) + This is an **EXPERIMENTATION** project for [SUSE ALP OS](https://documentation.suse.com/alp/all/) - Prepare a libvirt XML guest configuration and the host to run a customized guest. + it prepares a libvirt XML guest configuration and the host to run a customized guest. Idea is to use multiple **templates** and concatenate them to create the - expected Guest XML file. If Host need a custom setting it will be done in second phase. + expected Guest XML file. If Host need a custom setting it will also be done. Customization to match a specific scenario is not graved in stone. The idea is to prepare a configuration which should improved the usage compared to a basic setting. - This will **NOT guarantee** that this is perfect. + This will **NOT guarantee** that this is perfect as this higly depends on your current system.   @@ -29,7 +29,8 @@ # User Settings - User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. This will override the scenario setting (but will display the recommended setting). + User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. + This will override the scenario settings, but a table will be displayed showing the recommended settings VS the current one. Example: ```yaml @@ -86,7 +87,7 @@ ### From source code **main.py** will create an **xml** based file on template and validate it. - Second phase will prepare the host system and create the VM image file. + It will also prepare the host system and create the VM image file. Currently **desktop**, **computation** and **securevm** are available. ``` @@ -107,7 +108,7 @@ python3 -m virtscenario-launch ``` - #### From Package + ### From Package Get the package for your Distribution and install it. For openSUSE, SLE: @@ -136,6 +137,7 @@ * **hvselect**: Set hypervisor for which VMs are configured * **hvlist**: List available hypervisors * **overwrite**: Force overwriting previous config + * **force_sev**: Force the extract of a localhost PDH file. This is NOT secure as this file should be stored in a secure place! Only for demo purpose ### Guest configuration @@ -148,6 +150,7 @@ * **diskpath**: Directory where to store disk image * **conf**: Path to disk image (with completion) * **cdrom**: File Path to CD/DVD installation media + * **vmimage**: File path to an already existing VM image ### Generate the XML configuration and prepare the host @@ -158,6 +161,7 @@ ### Others * **shell**: Execution of a system command + * **info**: Get current host information about CPU and Memory # Possible Scenarios @@ -217,7 +221,7 @@ # Devel Information - This is still **WIP**, but the code is stable. It needs several cleanup and improvements. + This is still **WIP**, but the code is relatively stable. ## Devel planning / TODO @@ -297,34 +301,32 @@ All templates are in the python lib **virt-scenario/template.py** file. - ## Python Files (virtscenario) + ## Files (virtscenario) * [virtscenario.yaml](src/virtscenario.yaml): user setting (overwrite scenario settings) * [virthosts.yaml](src/virthosts.yaml) Hypervisors list and settings * [libvirt.py](src/virtscenario/libvirt.py) Wrapper for getting libVirt domain capabilities * [firmware.py](src/virtscenario/firmware.py) Select the firmware with the required feature-set - * [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM + * [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM and do detaction * [template.py](src/virtscenario/template.py) libvirt XML template definition * [scenario.py](src/virtscenario/scenario.py) different call to create the XML based on the selected scenario * [configuration.py](src/virtscenario/configuration.py) create the dict with data to file the template * [features.py](src/virtscenario/features.py) prepare some features for the VM - * [host.py](src/virtscenario/host.py) create the net xml file and the storage, prepare the host + * [host.py](src/virtscenario/host.py) create the storage and prepare the host * [guest.py](src/virtscenario/guest.py) create dict to file all the templates * [immutable.py](src/virtscenario/immutable.py) Immutable data (to be removed when implementation will be done...) * [qemulist.py](src/virtscenario/qemulist.py) provide list of available options in qemu and some default path * [util.py](src/virtscenario/util.py) internal needed functions * [main.py](src/virtscenario/main.py) launch the tool and create the final XML file and host configuration - * [sev.py](src/virtscenario/sev.py) SEV Feature Detection - * [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor - * [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used for Confidential computing) + * [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor (or any other HV action) + * [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used mostly for Confidential computing) ## Host configuration * check CPU flag: sev, sev-es, pdpe1gb, pse - * check SEV libvirt enablement + * check SEV on the system and libvirt enablement * enable an AMD SEV system * generate SEV attestation and update VM XML - * check if running in a container and display host config to apply * configure HugePages and THP * enable/disable KSM * adjust swappiness diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/README.md new/virt-scenario-1.0.1/README.md --- old/virt-scenario-0.7.6/README.md 2023-03-17 14:50:41.000000000 +0100 +++ new/virt-scenario-1.0.1/README.md 2023-03-22 17:46:13.000000000 +0100 @@ -4,15 +4,15 @@ # Goals -**EXPERIMENTATION** FOR [SUSE ALP OS](https://documentation.suse.com/alp/all/) +This is an **EXPERIMENTATION** project for [SUSE ALP OS](https://documentation.suse.com/alp/all/) -Prepare a libvirt XML guest configuration and the host to run a customized guest. +it prepares a libvirt XML guest configuration and the host to run a customized guest. Idea is to use multiple **templates** and concatenate them to create the -expected Guest XML file. If Host need a custom setting it will be done in second phase. +expected Guest XML file. If Host need a custom setting it will also be done. Customization to match a specific scenario is not graved in stone. The idea is to prepare a configuration which should improved the usage compared to a basic setting. -This will **NOT guarantee** that this is perfect. +This will **NOT guarantee** that this is perfect as this higly depends on your current system.   @@ -21,7 +21,8 @@ # User Settings -User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. This will override the scenario setting (but will display the recommended setting). +User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. +This will override the scenario settings, but a table will be displayed showing the recommended settings VS the current one. Example: ```yaml @@ -78,7 +79,7 @@ ### From source code **main.py** will create an **xml** based file on template and validate it. -Second phase will prepare the host system and create the VM image file. +It will also prepare the host system and create the VM image file. Currently **desktop**, **computation** and **securevm** are available. ``` @@ -99,7 +100,7 @@ python3 -m virtscenario-launch ``` -#### From Package +### From Package Get the package for your Distribution and install it. For openSUSE, SLE: @@ -128,6 +129,7 @@ * **hvselect**: Set hypervisor for which VMs are configured * **hvlist**: List available hypervisors * **overwrite**: Force overwriting previous config +* **force_sev**: Force the extract of a localhost PDH file. This is NOT secure as this file should be stored in a secure place! Only for demo purpose ### Guest configuration @@ -140,6 +142,7 @@ * **diskpath**: Directory where to store disk image * **conf**: Path to disk image (with completion) * **cdrom**: File Path to CD/DVD installation media +* **vmimage**: File path to an already existing VM image ### Generate the XML configuration and prepare the host @@ -150,6 +153,7 @@ ### Others * **shell**: Execution of a system command +* **info**: Get current host information about CPU and Memory # Possible Scenarios @@ -209,7 +213,7 @@ # Devel Information -This is still **WIP**, but the code is stable. It needs several cleanup and improvements. +This is still **WIP**, but the code is relatively stable. ## Devel planning / TODO @@ -289,34 +293,32 @@ All templates are in the python lib **virt-scenario/template.py** file. -## Python Files (virtscenario) +## Files (virtscenario) * [virtscenario.yaml](src/virtscenario.yaml): user setting (overwrite scenario settings) * [virthosts.yaml](src/virthosts.yaml) Hypervisors list and settings * [libvirt.py](src/virtscenario/libvirt.py) Wrapper for getting libVirt domain capabilities * [firmware.py](src/virtscenario/firmware.py) Select the firmware with the required feature-set -* [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM +* [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM and do detaction * [template.py](src/virtscenario/template.py) libvirt XML template definition * [scenario.py](src/virtscenario/scenario.py) different call to create the XML based on the selected scenario * [configuration.py](src/virtscenario/configuration.py) create the dict with data to file the template * [features.py](src/virtscenario/features.py) prepare some features for the VM -* [host.py](src/virtscenario/host.py) create the net xml file and the storage, prepare the host +* [host.py](src/virtscenario/host.py) create the storage and prepare the host * [guest.py](src/virtscenario/guest.py) create dict to file all the templates * [immutable.py](src/virtscenario/immutable.py) Immutable data (to be removed when implementation will be done...) * [qemulist.py](src/virtscenario/qemulist.py) provide list of available options in qemu and some default path * [util.py](src/virtscenario/util.py) internal needed functions * [main.py](src/virtscenario/main.py) launch the tool and create the final XML file and host configuration -* [sev.py](src/virtscenario/sev.py) SEV Feature Detection -* [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor -* [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used for Confidential computing) +* [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor (or any other HV action) +* [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used mostly for Confidential computing) ## Host configuration * check CPU flag: sev, sev-es, pdpe1gb, pse -* check SEV libvirt enablement +* check SEV on the system and libvirt enablement * enable an AMD SEV system * generate SEV attestation and update VM XML -* check if running in a container and display host config to apply * configure HugePages and THP * enable/disable KSM * adjust swappiness diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/man/virt-scenario.1 new/virt-scenario-1.0.1/man/virt-scenario.1 --- old/virt-scenario-0.7.6/man/virt-scenario.1 2023-03-17 14:54:02.000000000 +0100 +++ new/virt-scenario-1.0.1/man/virt-scenario.1 2023-03-22 17:46:23.000000000 +0100 @@ -23,27 +23,28 @@ scenario .SH Goals .PP -\f[B]EXPERIMENTATION\f[R] FOR SUSE ALP +This is an \f[B]EXPERIMENTATION\f[R] project for SUSE ALP OS (https://documentation.suse.com/alp/all/) .PP -Prepare a libvirt XML guest configuration and the host to run a +it prepares a libvirt XML guest configuration and the host to run a customized guest. Idea is to use multiple \f[B]templates\f[R] and concatenate them to create the expected Guest XML file. -If Host need a custom setting it will be done in second phase. +If Host need a custom setting it will also be done. .PP Customization to match a specific scenario is not graved in stone. The idea is to prepare a configuration which should improved the usage compared to a basic setting. -This will \f[B]NOT guarantee\f[R] that this is perfect. +This will \f[B]NOT guarantee\f[R] that this is perfect as this higly +depends on your current system. .PP [IMAGE: image] [IMAGE: image] [IMAGE: image] [IMAGE: image] .SH User Settings .PP User can set some parameter in the \f[B]/etc/virt-scenario/virtscenario.yaml\f[R]. -This will override the scenario setting (but will display the -recommended setting). +This will override the scenario settings, but a table will be displayed +showing the recommended settings VS the current one. .PP Example: .IP @@ -105,7 +106,7 @@ .PP \f[B]main.py\f[R] will create an \f[B]xml\f[R] based file on template and validate it. -Second phase will prepare the host system and create the VM image file. +It will also prepare the host system and create the VM image file. Currently \f[B]desktop\f[R], \f[B]computation\f[R] and \f[B]securevm\f[R] are available. .IP @@ -165,6 +166,10 @@ \f[B]hvlist\f[R]: List available hypervisors .IP \[bu] 2 \f[B]overwrite\f[R]: Force overwriting previous config +.IP \[bu] 2 +\f[B]force_sev\f[R]: Force the extract of a localhost PDH file. +This is NOT secure as this file should be stored in a secure place! +Only for demo purpose .SS Guest configuration .IP \[bu] 2 \f[B]name\f[R]: Define a name for the VM @@ -184,6 +189,8 @@ \f[B]conf\f[R]: Path to disk image (with completion) .IP \[bu] 2 \f[B]cdrom\f[R]: File Path to CD/DVD installation media +.IP \[bu] 2 +\f[B]vmimage\f[R]: File path to an already existing VM image .SS Generate the XML configuration and prepare the host .IP \[bu] 2 \f[B]computation\f[R]: Create an XML configuration and host config to do @@ -197,6 +204,8 @@ .SS Others .IP \[bu] 2 \f[B]shell\f[R]: Execution of a system command +.IP \[bu] 2 +\f[B]info\f[R]: Get current host information about CPU and Memory .SH Possible Scenarios .SS Default Settings Comparison .PP @@ -578,8 +587,7 @@ Soft RT VM (latency improvments) .SH Devel Information .PP -This is still \f[B]WIP\f[R], but the code is stable. -It needs several cleanup and improvements. +This is still \f[B]WIP\f[R], but the code is relatively stable. .SS Devel planning / TODO .IP \[bu] 2 [STRIKEOUT:mechanism to create the Guest XML file from template] @@ -681,7 +689,7 @@ .PP All templates are in the python lib \f[B]virt-scenario/template.py\f[R] file. -.SS Python Files (virtscenario) +.SS Files (virtscenario) .IP \[bu] 2 virtscenario.yaml: user setting (overwrite scenario settings) .IP \[bu] 2 @@ -691,7 +699,8 @@ .IP \[bu] 2 firmware.py Select the firmware with the required feature-set .IP \[bu] 2 -sev.py Get parameters for configuring an SEV or SEV-ES VM +sev.py Get parameters for configuring an SEV or SEV-ES VM and do +detaction .IP \[bu] 2 template.py libvirt XML template definition .IP \[bu] 2 @@ -702,7 +711,7 @@ .IP \[bu] 2 features.py prepare some features for the VM .IP \[bu] 2 -host.py create the net xml file and the storage, prepare the host +host.py create the storage and prepare the host .IP \[bu] 2 guest.py create dict to file all the templates .IP \[bu] 2 @@ -717,24 +726,21 @@ main.py launch the tool and create the final XML file and host configuration .IP \[bu] 2 -sev.py SEV Feature Detection +hypervisors.py list, select, connect to an hypervisor (or any other HV +action) .IP \[bu] 2 -hypervisors.py list, select, connect to an hypervisor -.IP \[bu] 2 -configstore.py Guest configuration store (used for Confidential +configstore.py Guest configuration store (used mostly for Confidential computing) .SS Host configuration .IP \[bu] 2 check CPU flag: sev, sev-es, pdpe1gb, pse .IP \[bu] 2 -check SEV libvirt enablement +check SEV on the system and libvirt enablement .IP \[bu] 2 enable an AMD SEV system .IP \[bu] 2 generate SEV attestation and update VM XML .IP \[bu] 2 -check if running in a container and display host config to apply -.IP \[bu] 2 configure HugePages and THP .IP \[bu] 2 enable/disable KSM diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/setup.py new/virt-scenario-1.0.1/setup.py --- old/virt-scenario-0.7.6/setup.py 2023-03-20 18:29:10.000000000 +0100 +++ new/virt-scenario-1.0.1/setup.py 2023-03-22 17:45:38.000000000 +0100 @@ -84,47 +84,26 @@ class CheckLint(setuptools.Command): """ - Check python source files with pylint and black. + Check python source files with pylint """ - - def __init__(self): - """ - init some stuff - """ - errors_only = "" - - user_options = [("errors-only", "e", "only report errors")] - description = "Check code using pylint" + description = "Check python source files with pylint" + user_options = [] def initialize_options(self): - """ - Initialize the options to default values. - """ - self.errors_only = False + pass def finalize_options(self): - """ - Check final option values. - """ pass def run(self): """ Call black and pylint here. """ - pylint_opts = None - if self.errors_only: - pylint_opts.append("-E") - processes = [] output_format = "colorized" if sys.stdout.isatty() else "text" - pylint_opts = ["--output-format=%s" % output_format] - - print(">>> Running pylint ...") - processes.append(subprocess.run(["pylint", "src"] + pylint_opts)) - - sys.exit(sum([p.returncode for p in processes])) - + cmd = ["pylint", "src", "--output-format="+output_format] + if subprocess.call(cmd) != 0: + print("Pylint done with some recomendations") # SdistCommand is reused from the libvirt python binding (GPLv2+) class SdistCommand(sdist): @@ -182,7 +161,7 @@ setuptools.setup( name="virt-scenario", - version="0.7.6", + version="1.0.1", author="Antoine Ginies", author_email="[email protected]", description="Virt-scenario", @@ -218,5 +197,5 @@ (("share/virt-scenario", ["src/virthosts.yaml"])), ], extras_require={"dev": ["pylint"]}, - install_requires=['PyYAML', 'pyudev', 'libvirt-python'], + install_requires=['PyYAML', 'pyudev', 'libvirt-python', 'psutil'], ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virt_scenario.egg-info/PKG-INFO new/virt-scenario-1.0.1/src/virt_scenario.egg-info/PKG-INFO --- old/virt-scenario-0.7.6/src/virt_scenario.egg-info/PKG-INFO 2023-03-21 11:00:51.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virt_scenario.egg-info/PKG-INFO 2023-03-22 18:24:53.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: virt-scenario -Version: 0.7.6 +Version: 1.0.1 Summary: Virt-scenario Home-page: https://github.com/aginies/virt-scenario Author: Antoine Ginies @@ -12,15 +12,15 @@ # Goals - **EXPERIMENTATION** FOR [SUSE ALP OS](https://documentation.suse.com/alp/all/) + This is an **EXPERIMENTATION** project for [SUSE ALP OS](https://documentation.suse.com/alp/all/) - Prepare a libvirt XML guest configuration and the host to run a customized guest. + it prepares a libvirt XML guest configuration and the host to run a customized guest. Idea is to use multiple **templates** and concatenate them to create the - expected Guest XML file. If Host need a custom setting it will be done in second phase. + expected Guest XML file. If Host need a custom setting it will also be done. Customization to match a specific scenario is not graved in stone. The idea is to prepare a configuration which should improved the usage compared to a basic setting. - This will **NOT guarantee** that this is perfect. + This will **NOT guarantee** that this is perfect as this higly depends on your current system.   @@ -29,7 +29,8 @@ # User Settings - User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. This will override the scenario setting (but will display the recommended setting). + User can set some parameter in the **/etc/virt-scenario/virtscenario.yaml**. + This will override the scenario settings, but a table will be displayed showing the recommended settings VS the current one. Example: ```yaml @@ -86,7 +87,7 @@ ### From source code **main.py** will create an **xml** based file on template and validate it. - Second phase will prepare the host system and create the VM image file. + It will also prepare the host system and create the VM image file. Currently **desktop**, **computation** and **securevm** are available. ``` @@ -107,7 +108,7 @@ python3 -m virtscenario-launch ``` - #### From Package + ### From Package Get the package for your Distribution and install it. For openSUSE, SLE: @@ -136,6 +137,7 @@ * **hvselect**: Set hypervisor for which VMs are configured * **hvlist**: List available hypervisors * **overwrite**: Force overwriting previous config + * **force_sev**: Force the extract of a localhost PDH file. This is NOT secure as this file should be stored in a secure place! Only for demo purpose ### Guest configuration @@ -148,6 +150,7 @@ * **diskpath**: Directory where to store disk image * **conf**: Path to disk image (with completion) * **cdrom**: File Path to CD/DVD installation media + * **vmimage**: File path to an already existing VM image ### Generate the XML configuration and prepare the host @@ -158,6 +161,7 @@ ### Others * **shell**: Execution of a system command + * **info**: Get current host information about CPU and Memory # Possible Scenarios @@ -217,7 +221,7 @@ # Devel Information - This is still **WIP**, but the code is stable. It needs several cleanup and improvements. + This is still **WIP**, but the code is relatively stable. ## Devel planning / TODO @@ -297,34 +301,32 @@ All templates are in the python lib **virt-scenario/template.py** file. - ## Python Files (virtscenario) + ## Files (virtscenario) * [virtscenario.yaml](src/virtscenario.yaml): user setting (overwrite scenario settings) * [virthosts.yaml](src/virthosts.yaml) Hypervisors list and settings * [libvirt.py](src/virtscenario/libvirt.py) Wrapper for getting libVirt domain capabilities * [firmware.py](src/virtscenario/firmware.py) Select the firmware with the required feature-set - * [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM + * [sev.py](src/virtscenario/sev.py) Get parameters for configuring an SEV or SEV-ES VM and do detaction * [template.py](src/virtscenario/template.py) libvirt XML template definition * [scenario.py](src/virtscenario/scenario.py) different call to create the XML based on the selected scenario * [configuration.py](src/virtscenario/configuration.py) create the dict with data to file the template * [features.py](src/virtscenario/features.py) prepare some features for the VM - * [host.py](src/virtscenario/host.py) create the net xml file and the storage, prepare the host + * [host.py](src/virtscenario/host.py) create the storage and prepare the host * [guest.py](src/virtscenario/guest.py) create dict to file all the templates * [immutable.py](src/virtscenario/immutable.py) Immutable data (to be removed when implementation will be done...) * [qemulist.py](src/virtscenario/qemulist.py) provide list of available options in qemu and some default path * [util.py](src/virtscenario/util.py) internal needed functions * [main.py](src/virtscenario/main.py) launch the tool and create the final XML file and host configuration - * [sev.py](src/virtscenario/sev.py) SEV Feature Detection - * [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor - * [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used for Confidential computing) + * [hypervisors.py](src/virtscenario/hypervisors.py) list, select, connect to an hypervisor (or any other HV action) + * [configstore.py](src/virtscenario/configstore.py) Guest configuration store (used mostly for Confidential computing) ## Host configuration * check CPU flag: sev, sev-es, pdpe1gb, pse - * check SEV libvirt enablement + * check SEV on the system and libvirt enablement * enable an AMD SEV system * generate SEV attestation and update VM XML - * check if running in a container and display host config to apply * configure HugePages and THP * enable/disable KSM * adjust swappiness diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virt_scenario.egg-info/requires.txt new/virt-scenario-1.0.1/src/virt_scenario.egg-info/requires.txt --- old/virt-scenario-0.7.6/src/virt_scenario.egg-info/requires.txt 2023-03-21 11:00:51.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virt_scenario.egg-info/requires.txt 2023-03-22 18:24:53.000000000 +0100 @@ -1,5 +1,6 @@ PyYAML libvirt-python +psutil pyudev [dev] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/__init__.py new/virt-scenario-1.0.1/src/virtscenario/__init__.py --- old/virt-scenario-0.7.6/src/virtscenario/__init__.py 2023-03-20 18:29:10.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/__init__.py 2023-03-22 17:45:24.000000000 +0100 @@ -30,4 +30,4 @@ builtins.__dict__["_"] = str -__version__ = "0.7.6" +__version__ = "1.0.1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/configstore.py new/virt-scenario-1.0.1/src/virtscenario/configstore.py --- old/virt-scenario-0.7.6/src/virtscenario/configstore.py 2023-03-20 12:09:22.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/configstore.py 2023-03-21 16:12:03.000000000 +0100 @@ -31,6 +31,7 @@ tik_file = "" tek_file = "" policy = 0 + loader = None def __init__(self, base_path="./"): self.base_path = base_path @@ -107,6 +108,11 @@ return self self.policy = ast.literal_eval(elem[0].text) + + elem = xmlroot.findall("./os/loader") + if elem is not None: + self.loader = elem[0].text + self.tik_file = self.base_path + "/" + vmname + "/tik.bin" self.tek_file = self.base_path + "/" + vmname + "/tek.bin" @@ -114,6 +120,9 @@ def sev_validate_params(self): params = "--tik {} --tek {} --policy {} --domain {}".format(self.tik_file, self.tek_file, str(self.policy), self.name) + if self.loader is not None: + params = "{} --firmware {}".format(params, self.loader) + return params def create_config_store(config, vm_data, hypervisor, overwrite): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/features.py new/virt-scenario-1.0.1/src/virtscenario/features.py --- old/virt-scenario-0.7.6/src/virtscenario/features.py 2023-03-08 10:13:23.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/features.py 2023-03-21 16:01:44.000000000 +0100 @@ -67,7 +67,7 @@ self.features = None self.clock = None self.video = None - self.access_host_fs = None + self.access_hostfs = None self.iothreads = None self.security = None @@ -148,9 +148,9 @@ # kernel_irqchip=on return self.name - def access_host_fs(self): + def access_host_fs(self, fmode, dmode, source_dir, target_dir): """ access host filesystem """ - self.access_host_fs = c.ComplexConfiguration.access_host_fs(self) - return self.access_host_fs + self.access_hostfs = c.ComplexConfiguration.access_host_fs(self, fmode, dmode, source_dir, target_dir) + return self.access_hostfs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/guest.py new/virt-scenario-1.0.1/src/virtscenario/guest.py --- old/virt-scenario-0.7.6/src/virtscenario/guest.py 2023-03-20 18:12:29.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/guest.py 2023-03-22 17:21:29.000000000 +0100 @@ -67,7 +67,7 @@ xml = Template(xml_template).substitute(xml_mem) - if memory_data.get('pin') == True: + if memory_data.get('pin') is True: memory = int(memory_data['memory']) if memory_data['mem_unit'] == 'Gib': memory = memory * 1024 @@ -75,7 +75,7 @@ memory = memory / 1024 memory = memory + 256 memtune_template = template.MEMTUNE_TEMPLATE - xml_memtune = { 'pinned': str(memory) } + xml_memtune = {'pinned': str(memory)} xml = xml + Template(memtune_template).substitute(xml_memtune) return xml @@ -180,14 +180,13 @@ disk """ xml_template = template.DISK_TEMPLATE - source_file = disk_data['path']+"/"+disk_data['storage_name']+"."+disk_data['format'] xml_disk = { 'disk_type': disk_data['disk_type'], 'disk_cache': disk_data['disk_cache'], 'disk_target': disk_data['disk_target'], 'disk_bus': disk_data['disk_bus'], 'format': disk_data['format'], - 'source_file': source_file, + 'source_file': disk_data['source_file'], } xml = Template(xml_template).substitute(xml_disk) return xml diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/hypervisors.py new/virt-scenario-1.0.1/src/virtscenario/hypervisors.py --- old/virt-scenario-0.7.6/src/virtscenario/hypervisors.py 2023-03-20 14:41:52.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/hypervisors.py 2023-03-21 16:09:37.000000000 +0100 @@ -18,6 +18,7 @@ """ import os +import sys import yaml import libvirt @@ -68,10 +69,10 @@ return inactive_networks+networks def dominfo(self, name): - try: - return self.conn.lookupByName(name) - except libvirt.libvirtError: - return None + for dom in self.conn.listDefinedDomains(): + if dom == name: + return self.conn.lookupByName(name) + return None def define_domain(self, xmlfile): file = open(xmlfile, 'r') @@ -80,8 +81,8 @@ try: dom = self.conn.defineXML(xml) - except libvirt.libvirtError as e: - print(repr(e)) + except libvirt.libvirtError as err: + print(repr(err)) return def has_sev_cert(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/main.py new/virt-scenario-1.0.1/src/virtscenario/main.py --- old/virt-scenario-0.7.6/src/virtscenario/main.py 2023-03-21 10:46:42.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/main.py 2023-03-22 18:22:17.000000000 +0100 @@ -22,6 +22,7 @@ import getpass import os import yaml +import subprocess import virtscenario.util as util import virtscenario.guest as guest import virtscenario.scenario as s @@ -51,17 +52,6 @@ with open(finalfile, 'w') as file_h: file_h.write(xml_all) -def validate_xml(xmlfile): - """ - validate the generated file - """ - util.print_summary("\nValidation of the XML file") - cmd = "virt-xml-validate "+xmlfile - out, errs = util.system_command(cmd) - if errs: - print(errs) - print(out) - def create_xml_config(filename, data): """ draft xml create step @@ -111,7 +101,7 @@ util.print_summary("Guest Section") create_xml_config(filename, data) xmlutil.show_from_xml(filename) - validate_xml(filename) + util.validate_xml(filename) cfg_store.store_config() util.print_summary_ok("Guest XML Configuration is done") @@ -198,7 +188,8 @@ vcpu = name = diskpath = memory = osdef = ondef = cpumode = power = watchdog = "" audio = usb = disk = features = clock = network = filename = tpm = iothreads = "" callsign = custom = security = video = controller = hugepages = toreport = "" - loader = config = fw_info = vm_config = "" + loader = config = fw_info = vm_config = cdrom = vnet = hostfs = "" + STORAGE_DATA = STORAGE_DATA_REC = host_filesystem = "" memory_pin = False # prompt Cmd prompt = 'virt-scenario > ' @@ -210,9 +201,9 @@ lines.append("\n Prepare a Libvirt XML guest config and the host to run a customized guest:\n") lines.append(util.esc('blue')+" computation | desktop | securevm"+util.esc('reset')+"\n") lines.append("\n Possible User Settings For VM are:\n") - lines.append(util.esc('blue')+" name | vcpu | memory | machine | bootdev | vnet | diskpath | cdrom"+util.esc('reset')+"\n") + lines.append(util.esc('blue')+" name | vcpu | memory | machine | bootdev | vnet | diskpath | cdrom | vmimage"+util.esc('reset')+"\n") lines.append("\n Hypervisors parameters:\n") - lines.append(util.esc('blue')+" hconf | hv_select | hvlist"+util.esc('reset')+"\n") + lines.append(util.esc('blue')+" hconf | hv_select | hvlist | force_sev"+util.esc('reset')+"\n") lines.append("\n"+" You can overwrite some recommended VM settings editing: "+conffile+"\n") lines.append("\n Please read the manpage and the README.md file:\n") lines.append(" https://github.com/aginies/virt-scenario/blob/main/README.md\n";) @@ -317,6 +308,10 @@ # if CD/DVD selected swith boot dev to cdrom by default self.listosdef.update({'boot_dev': 'cdrom'}) + vmimage = self.dataprompt.get('vmimage') + if vmimage != None: + self.vmimage = vmimage + machineuser = self.dataprompt.get('machine') bootdevuser = self.dataprompt.get('boot_dev') if machineuser != None: @@ -333,7 +328,7 @@ if overwrite != None: self.overwrite = overwrite - def update_prompt(self, args): + def update_prompt(self): """ update prompt with value set by user """ @@ -350,7 +345,8 @@ ('Hypervisor Selected', 'hvselected'), ('Overwrite', 'overwrite'), ('CD/DVD File ', 'dvd'), - ] + ('VM Image file', 'vmimage') + ] lines = [] self.promptline = '---------- User Settings ----------\n' @@ -591,8 +587,9 @@ if self.STORAGE_DATA['encryption'] == "on": self.STORAGE_DATA['encryption'] = self.STORAGE_DATA_REC['encryption'] # Ask for the disk password - password = getpass.getpass("Please enter password to encrypt the VM image: ") - self.STORAGE_DATA['password'] = password + if self.vmimage is None: + password = getpass.getpass("Please enter password to encrypt the VM image: ") + self.STORAGE_DATA['password'] = password # DISKCACHE if self.STORAGE_DATA['disk_cache'] != self.STORAGE_DATA_REC['disk_cache']: @@ -624,6 +621,17 @@ if self.STORAGE_DATA['lazy_refcounts'] == "": self.STORAGE_DATA['lazy_refcounts'] = self.STORAGE_DATA_REC['lazy_refcounts'] + # user specify an image to use + if self.vmimage is not None: + output = subprocess.check_output(["qemu-img", "info", self.vmimage]) + output = output.decode("utf-8") + format_line = [line for line in output.splitlines() if "file format:" in line][0] + image_format = format_line.split(":")[1].strip() + self.STORAGE_DATA['format'] = image_format + self.STORAGE_DATA['source_file'] = self.vmimage + else: + self.STORAGE_DATA['source_file'] = self.STORAGE_DATA['path']+"/"+self.callsign+"."+self.STORAGE_DATA['format'] + # DISK FORMAT if self.STORAGE_DATA['format'] != self.STORAGE_DATA_REC['format']: if self.STORAGE_DATA['format'] != "": @@ -731,7 +739,8 @@ if (self.mode != "guest" or self.mode == "both") and util.check_iam_root() is True: util.print_summary("Host Section") # Create the Virtual Disk image - host.create_storage_image(self.STORAGE_DATA) + if self.vmimage is None: + host.create_storage_image(self.STORAGE_DATA) # Prepare the host system host.transparent_hugepages() # enable/disable ksm | enable/disable merge across @@ -814,7 +823,8 @@ if (self.mode != "guest" or self.mode == "both") and util.check_iam_root() is True: util.print_summary("Host Section") # Create the Virtual Disk image - host.create_storage_image(self.STORAGE_DATA) + if self.vmimage is None: + host.create_storage_image(self.STORAGE_DATA) # Prepare the host system host.transparent_hugepages() # enable/disable ksm | enable/disable merge across @@ -919,22 +929,24 @@ if (self.mode != "guest" or self.mode == "both") and util.check_iam_root() is True: util.print_summary("Host Section") # Create the Virtual Disk image - host.create_storage_image(self.STORAGE_DATA) + if self.vmimage is None: + host.create_storage_image(self.STORAGE_DATA) # Deal with SEV util.print_summary("Prepare SEV attestation") if sev_info.sev_supported is True: host.kvm_amd_sev(sev_info) dh_params = None - # force generation of a local PDH: NOT SECURE! if self.force_sev is True or hypervisor.has_sev_cert(): - if self.force_sev is True: + if hypervisor.has_sev_cert(): + # A host certificate is configured, try to enable remote attestation + cert_file = hypervisor.sev_cert_file() + # forcing generation of a local PDH is NOT SECURE! + elif self.force_sev is True: cert_file = "localhost.pdh" sev.sev_extract_pdh(cfg_store, cert_file) sev.sev_validate_pdh(cfg_store, cert_file) - elif hypervisor.has_sev_cert(): - # A host certificate is configured, try to enable remote attestation - cert_file = hypervisor.sev_cert_file() + util.update_virthost_cert_file(self.hvfile, "localhost", cfg_store.get_path()+cert_file) policy = sev_info.get_policy() if not sev.sev_prepare_attestation(cfg_store, policy, cert_file): @@ -944,6 +956,7 @@ dh_params = sev.sev_load_dh_params(cfg_store) sev_info.set_attestation(session_key, dh_params) securevm.secure_vm_update(sev_info) + cfg_store.set_attestation(True) self.security = guest.create_security(securevm.security) @@ -974,7 +987,7 @@ 'name': args, } self.dataprompt.update({'name': name['name']}) - self.update_prompt(name['name']) + self.update_prompt() def do_machine(self, args): """ @@ -987,7 +1000,7 @@ 'machine': args, } self.dataprompt.update({'machine': machine['machine']}) - self.update_prompt(machine['machine']) + self.update_prompt() def complete_machine(self, text, line, begidx, endidx): """ @@ -1012,7 +1025,7 @@ 'vcpu': args, } self.dataprompt.update({'vcpu': vcpu['vcpu']}) - self.update_prompt(vcpu['vcpu']) + self.update_prompt() def do_diskpath(self, args): """ @@ -1024,7 +1037,7 @@ 'path': path, } self.dataprompt.update({'path': diskpath['path']}) - self.update_prompt(diskpath['path']) + self.update_prompt() else: util.print_error('Please select a corrent path dir') @@ -1039,7 +1052,7 @@ 'boot_dev': args, } self.dataprompt.update({'boot_dev': boot_dev['boot_dev']}) - self.update_prompt(boot_dev['boot_dev']) + self.update_prompt() def complete_bootdev(self, text, line, begidx, endidx): """ @@ -1061,10 +1074,24 @@ 'source_file': file, } self.dataprompt.update({'dvd': dvd['source_file']}) - self.update_prompt(dvd['source_file']) + self.update_prompt() else: util.print_error("CDROM/DVD ISO source file " +file +" Doesnt exist!") + def do_vmimage(self, args): + """ + Select an VM image to use + """ + file = args + if os.path.isfile(file): + vmimage = { + 'source_file': file, + } + self.dataprompt.update({'vmimage': vmimage['source_file']}) + self.update_prompt() + else: + util.print_error("Please select an VM image file, " +file +" Doesnt exist!") + def do_vnet(self, args): """ Select the virtual network @@ -1083,7 +1110,7 @@ 'vnet': args, } self.dataprompt.update({'vnet': config['vnet']}) - self.update_prompt(config['vnet']) + self.update_prompt() def do_memory(self, args): """ @@ -1096,7 +1123,7 @@ 'memory': args, } self.dataprompt.update({'memory': memory['memory']}) - self.update_prompt(memory['memory']) + self.update_prompt() def file_complete(self, text, line, begidx, endidx, ext): """ @@ -1157,7 +1184,7 @@ 'force_sev': force, } self.dataprompt.update({'force_sev': config['force_sev']}) - self.update_prompt(config['force_sev']) + self.update_prompt() def do_overwrite(self, args): @@ -1171,7 +1198,7 @@ overwrite = args config = {'overwrite': overwrite,} self.dataprompt.update({'overwrite': config['overwrite']}) - self.update_prompt(config['overwrite']) + self.update_prompt() def do_conf(self, args): """ @@ -1186,7 +1213,7 @@ 'mainconf': file, } self.dataprompt.update({'mainconf': config['mainconf']}) - self.update_prompt(config['mainconf']) + self.update_prompt() else: util.print_error("File " +file +" Doesnt exist!") @@ -1203,7 +1230,7 @@ 'hvconf': file, } self.dataprompt.update({'hvconf': config['hvconf']}) - self.update_prompt(config['hvconf']) + self.update_prompt() else: util.print_error("File " +file +" Doesnt exist!") @@ -1229,7 +1256,7 @@ util.print_error("Setting hypervisor failed") return self.dataprompt.update({'hvselected': config['hvselected']}) - self.update_prompt(config['hvselected']) + self.update_prompt() def do_quit(self, args): """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/virt-scenario-0.7.6/src/virtscenario/util.py new/virt-scenario-1.0.1/src/virtscenario/util.py --- old/virt-scenario-0.7.6/src/virtscenario/util.py 2023-03-20 10:49:10.000000000 +0100 +++ new/virt-scenario-1.0.1/src/virtscenario/util.py 2023-03-22 18:13:55.000000000 +0100 @@ -170,6 +170,17 @@ return yaml_contents +def validate_xml(xmlfile): + """ + validate the generated file + """ + print_summary("\nValidation of the XML file") + cmd = "virt-xml-validate "+xmlfile + out, errs = system_command(cmd) + if errs: + print(errs) + print(out) + def check_iam_root(): """ some part needs to be root user @@ -177,5 +188,27 @@ if os.geteuid() != 0: print_error("You need to have root privileges for this step") return False + return True + +def update_virthost_cert_file(yaml_file_path, hypervisor, new_sev_cert_path): + # Load the YAML file + with open(yaml_file_path, 'r') as stream: + data = yaml.safe_load(stream) + + if hypervisor in data: + if 'sev-cert' in data[hypervisor]: + # Update the value of the sev-cert key + data[hypervisor]['sev-cert'] = new_sev_cert_path + else: + # no value, add a new sev-cert key + data[hypervisor]['sev-cert'] = new_sev_cert_path + + with open(yaml_file_path, 'w') as fil: + try: + yaml.dump(data, fil) + finally: + fil.close() else: - return True + print_error("Hypervisor "+hypervisor+" not found ....") + + stream.close()
