Re: [libvirt] [PATCH 1/1] qemu: host NUMA hugepage policy without guest NUMA

On Tue, Oct 25, 2016 at 02:13:07PM +0200, Martin Kletzander wrote: > On Tue, Oct 25, 2016 at 01:10:23PM +1100, Sam Bobroff wrote: > >On Tue, Oct 18, 2016 at 10:43:31PM +0200, Martin Kletzander wrote: > >>On Mon, Oct 17, 2016 at 03:45:09PM +1100, Sam Bobroff wrote: > >>>On Fri, Oct 14, 2016 at

[libvirt] [PATCH v3 0/9] Implementation of QEMU vhost-scsi

[Author note: Apologies for an extra release or two in between versions, I was sidetracked by another project. This is probably too close to the impending freeze for 2.4, so I just updated doc to 2.5 in anticipation. In rearranging the patches, I've inserted a cleanup patch at the head that was

[libvirt] [PATCH v3 7/9] security: Include vhost-scsi in security labels

Signed-off-by: Eric Farman --- src/security/security_apparmor.c | 18 - src/security/security_dac.c | 42 ++-- src/security/security_selinux.c | 39 +++-- 3 files changed, 94

[libvirt] [PATCH v3 4/9] qemu: Add vhost-scsi string for -device parameter

Open /dev/vhost-scsi, and record the resulting file descriptor, so that the guest has access to the host device outside of the libvirt daemon. Pass this information, along with data parsed from the XML file, to build a device string for the qemu command line. That device string will be for either

[libvirt] [PATCH v3 5/9] qemu: Allow hotplug of vhost-scsi device

Adjust the device string that is built for vhost-scsi devices so that it can be invoked from hotplug. >From the QEMU command line, the file descriptors are expect to be numeric only. However, for hotplug, the file descriptors are expected to begin with at least one alphabetic character else this

[libvirt] [PATCH v3 9/9] docs: Add vhost-scsi

Signed-off-by: Eric Farman --- docs/formatdomain.html.in | 24 1 file changed, 24 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index c70377b..6ef864f 100644 --- a/docs/formatdomain.html.in +++

[libvirt] [PATCH v3 8/9] tests: Introduce basic vhost-scsi test

These tests were cloned from hostdev-scsi-virtio-scsi in both xml2argv and xml2xml Signed-off-by: Eric Farman Reviewed-by: Boris Fiuczynski --- .../qemuxml2argv-hostdev-scsi-vhost-scsi.args | 24 +

[libvirt] [PATCH v3 1/9] qemu: Introduce vhost-scsi capability

Do all the stuff for the vhost-scsi capability in QEMU, so it's in place for our checks later. Signed-off-by: Eric Farman Reviewed-by: Boris Fiuczynski --- src/qemu/qemu_capabilities.c| 2 ++

[libvirt] [PATCH v3 2/9] Introduce a "scsi_host" hostdev type

We already have a "scsi" hostdev type, which refers to a single LUN that is passed through to a guest. But what of things where multiple LUNs are passed through via a single SCSI HBA, such as with the vhost-scsi target? Create a new hostdev type that will carry this. Signed-off-by: Eric Farman

[libvirt] [PATCH v3 3/9] util: Management routines for scsi_host devices

Signed-off-by: Eric Farman --- src/Makefile.am | 1 + src/libvirt_private.syms | 19 +++ src/util/virhost.c | 301 +++ src/util/virhost.h | 72 src/util/virhostdev.c| 155

[libvirt] [PATCH v3 6/9] conf: Wire up the vhost-scsi connection from/to XML

Signed-off-by: Eric Farman --- docs/schemas/domaincommon.rng | 23 src/conf/domain_audit.c | 7 src/conf/domain_conf.c| 81 +-- 3 files changed, 109 insertions(+), 2 deletions(-) diff --git

Re: [libvirt] on shutdown

On Wed, Oct 26, 2016 at 5:04 PM, Martin Kletzander wrote: > Or have you possibly edited the on-disk saved state of libvirt some time > back instead of using virsh edit? =) That could have been it, but no, we have this all automated and never touch the on-disk xml after a

Re: [libvirt] [PATCH 07/10] qemu: agent: simplify io loop

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > Now we don't need to differentiate error and eof cases in the loop function. > So let's simplify it radically using goto instead of flags. > --- > src/qemu/qemu_agent.c| 185 > ++- >

Re: [libvirt] [PATCH 06/10] qemu: agent: drop agent error flag

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > Let's take a closer look at qemuAgentIO. In the case of error > we stop listening to any events besides error and eof. > Then set last error so that all next loop invocations do very little: > > 1. if it is an error then just call error

Re: [libvirt] [PATCH 05/10] qemu: agent: straigten up failed agent start case

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > agentError is used for 2 different cases: > > 1. agent monitor is failed to start Non guest fatal failure in qemuConnectAgent when first trying to connect to the agent > 2. io error in agent monitor I/O error with running agent resulting

Re: [libvirt] [PATCH 04/10] qemu: agent: handle agent connection errors in one place

There's no commit message... You're altering qemuConnectAgent to return -1 on the only error and perform the VIR_WARN plus agentError = true on other "soft" failures. Not exactly nothing going on! On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > --- > src/qemu/qemu_driver.c| 8

Re: [libvirt] [PATCH 03/10] qemu: agent: clear error flag upon init

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > There were a few errors in the code when this flag was not > cleared upon monitor cleanup. All of them could be fixed > just resetting this flag upon agent monitor initialization. We should fix the places where the flag wasn't cleared

Re: [libvirt] [PATCH 02/10] qemu: agent: dont set error after agent cleanup

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > If there is an error event after eof event then after agent > is cleaned up on eof error flag will be set back and remains > set after next domain start up making agent unavailable. > Thus let's check before set this flag on error event. >

Re: [libvirt] [PATCH 01/10] qemu: agent: unset error flag in EOF handler

On 10/04/2016 02:56 AM, Nikolay Shirokovskiy wrote: > Usually on domain shutdown event comes first from qemu > and the flag is unset in processSerialChangedEvent. However > there is a race between this function and qemuProcessHandleAgentEOF > because the former is executed in a thread pool and

Re: [libvirt] [PATCH] Resuming running domain raise error message

On Wed, Oct 26, 2016 at 05:11:58PM +0200, Sławek Kapłoński wrote: Hello, Thx a lot but strictly speaking it's my second patch to libvirt :) I now see it's a fourth one in the three, I have no idea why git log hadn't showed me any other, maybe I was too fast when dismissing it. Well, anyway,

Re: [libvirt] [PATCH 0/5] wireshark: Fix $(prefix) handling

On Wed, 2016-10-26 at 16:54 +0200, Michal Privoznik wrote: > On 26.10.2016 15:27, Andrea Bolognani wrote: > >  > > Well, almost :) There are still some cases that are not > > handled correctly, but at least this will unbreak 'make > > rpm' while I work on the rest. > >  > > Tested by running 'make

[libvirt] [PATCH 3/3] wireshark: Use ${exec_prefix} for $ws_plugindir

${exec_prefix} and ${prefix} point to the same directory in most setups, but when that's not the case the former should be used for architecture-dependent data such as shared objects, which makes it the best fit for our Wireshark dissector. While at it, change from $(var) to ${var}: they are

[libvirt] [PATCH 0/3] wireshark: Further build system fixes

This takes care of the few remaining nits. All use cases I could think of are covered; if any more issues are discovered, we'll take care of them then. Andrea Bolognani (3): wireshark: Don't redefine ws_plugindir wireshark: Try a bunch of possible prefixes wireshark: Use ${exec_prefix}

[libvirt] [PATCH 2/3] wireshark: Try a bunch of possible prefixes

If we can't obtain Wireshark's plugindir variable from pkg-config, we fall back to building it ourselves starting from $libdir. The problem with that is that we have zero insights on what $libdir actually looks like, so we can't simply strip $prefix and call it a day. On the other hand, we have

[libvirt] [PATCH 1/3] wireshark: Don't redefine ws_plugindir

autoconf already defines the variable for us, and prints out a warning if we try to do it a second time. So let's not :) --- tools/Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/Makefile.am b/tools/Makefile.am index 319abb2..100e657 100644 --- a/tools/Makefile.am +++

Re: [libvirt] [PATCH 0/5] wireshark: Fix $(prefix) handling

On 26.10.2016 15:27, Andrea Bolognani wrote: > Well, almost :) There are still some cases that are not > handled correctly, but at least this will unbreak 'make > rpm' while I work on the rest. > > Tested by running 'make rpm' successfully on Fedora 23, > Fedora 24 and Fedora rawhide. > > >

Re: [libvirt] libvirt compiles on RISC-V (RV64G)

On Wed, Oct 26, 2016 at 05:29:26PM +0200, Andrea Bolognani wrote: > On Wed, 2016-10-26 at 12:35 +0100, Richard W.M. Jones wrote: > > I'm happy to announce that libvirt compiles fine from git on > > Fedora/RISC-V.  This has little or no practical value at all, since > > RISC-V lacks such essentials

Re: [libvirt] [PATCH 11/17] util: Introduce libvirt_udevhelper

On Wed, Oct 26, 2016 at 02:36:58PM +0200, Michal Privoznik wrote: > This is a small helper intended to be run by udev. On its input > (either as the only command line argument or in DEVNODE > environment vairable) it is given a device and on the output it > will either put nothing (meaning the

Re: [libvirt] [PATCH 07/17] virudev: Introduce virUdevMgrDump

On Wed, Oct 26, 2016 at 02:36:54PM +0200, Michal Privoznik wrote: > Now that we are able to store security labels for devices, next > step is to flush them into a file. For more convenience I've > chosen JSON format (as we have all the APIs needed for processing > the format). I wonder if we're

Re: [libvirt] libvirt compiles on RISC-V (RV64G)

On Wed, 2016-10-26 at 12:35 +0100, Richard W.M. Jones wrote: > I'm happy to announce that libvirt compiles fine from git on > Fedora/RISC-V.  This has little or no practical value at all, since > RISC-V lacks such essentials such as virtualization, qemu etc. > However I suppose you could use it as

Re: [libvirt] [PATCH] Resuming running domain raise error message

Hello, Thx a lot but strictly speaking it's my second patch to libvirt :) -- Best regards / Pozdrawiam Sławek Kapłoński sla...@kaplonski.pl On Wed, 26 Oct 2016, Martin Kletzander wrote: > On Sat, Oct 22, 2016 at 12:30:01PM +0200, Sławek Kapłoński wrote: > > When user tries to resume already

Re: [libvirt] on shutdown

On Wed, Oct 26, 2016 at 04:40:12PM +0200, Ruben Kerkhof wrote: On Thu, Oct 20, 2016 at 7:53 PM, Martin Kletzander wrote: On Thu, Oct 20, 2016 at 11:26:09AM +0200, Ruben Kerkhof wrote: Hi all, virsh(1) has this to say about virsh shutdown: "The exact behavior of a domain

Re: [libvirt] [PATCH 0/5] wireshark: Fix $(prefix) handling

On 26.10.2016 15:27, Andrea Bolognani wrote: > Well, almost :) There are still some cases that are not > handled correctly, but at least this will unbreak 'make > rpm' while I work on the rest. > > Tested by running 'make rpm' successfully on Fedora 23, > Fedora 24 and Fedora rawhide. > > >

Re: [libvirt] [PATCH] Resuming running domain raise error message

On Sat, Oct 22, 2016 at 12:30:01PM +0200, Sławek Kapłoński wrote: When user tries to resume already running domain (Qemu or LXC) there is VIR_ERR_OPERATION_INVALID error raised now with message that domain is already running. Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1009008 ---

Re: [libvirt] on shutdown

On Thu, Oct 20, 2016 at 7:53 PM, Martin Kletzander wrote: > On Thu, Oct 20, 2016 at 11:26:09AM +0200, Ruben Kerkhof wrote: >> >> Hi all, >> >> virsh(1) has this to say about virsh shutdown: >> "The exact behavior of a domain when it shuts down is set by the >> on_shutdown

Re: [libvirt] [PATCH] Resuming running domain raise error message

Hello, Can someone take a look at this patch? Thx in advance :) -- Best regards / Pozdrawiam Sławek Kapłoński sla...@kaplonski.pl On Sat, 22 Oct 2016, Sławek Kapłoński wrote: > When user tries to resume already running domain (Qemu or LXC) > there is VIR_ERR_OPERATION_INVALID error raised now

Re: [libvirt] [PATCH] virt-wireshark.m4: Defer $(prefix) substitution

On Wed, 2016-10-26 at 08:46 +0200, Boris Fiuczynski wrote: > > >  if WITH_WIRESHARK_DISSECTOR > > >  > > > -ws_plugindir = $(plugindir) > > > +ws_plugindir = $(prefix)$(plugindir) > > >  ws_plugin_LTLIBRARIES = wireshark/src/libvirt.la > > >  wireshark_src_libvirt_la_CPPFLAGS = \ > > >   -I

[libvirt] [PATCH 5/5] wireshark: Rename plugindir to ws_plugindir

Since we're using autoconf to substitute the right value in Makefile.am now, we can use a less generic name without running into circular dependencies. --- m4/virt-wireshark.m4 | 12 ++-- tools/Makefile.am| 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git

[libvirt] [PATCH 3/5] wireshark: Strip prefix correctly

Even when we're building $plugindir ourselves because we can't retrieve it using pkg-config, we still want to strip the prefix, except in that case it would be the same prefix we're using for building libvirt. The fact that $plugindir is missing also doesn't tell us anything about $ws_prefix, so

[libvirt] [PATCH 0/5] wireshark: Fix $(prefix) handling

Well, almost :) There are still some cases that are not handled correctly, but at least this will unbreak 'make rpm' while I work on the rest. Tested by running 'make rpm' successfully on Fedora 23, Fedora 24 and Fedora rawhide. Andrea Bolognani (5): wireshark: Introduce $ws_modversion

[libvirt] [PATCH 4/5] wireshark: Inject $(prefix) at the right time

Adding $(prefix) in Makefile.am, as we were doing, means that it would be prepended even when using --with-ws-plugindir, which is something we don't want to happen. Instead, we add it beforehand but take care that it doesn't get expanded until make is called. --- m4/virt-wireshark.m4 | 6 +-

[libvirt] [PATCH 2/5] wireshark: Hoist $ws_prefix declaration

Keep all variable declarations close together. --- m4/virt-wireshark.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/virt-wireshark.m4 b/m4/virt-wireshark.m4 index eb6c8a6..64acca9 100644 --- a/m4/virt-wireshark.m4 +++ b/m4/virt-wireshark.m4 @@ -29,13 +29,13 @@

[libvirt] [PATCH 1/5] wireshark: Introduce $ws_modversion

Use a separate variable instead of setting it inline for slightly cleaner code. --- m4/virt-wireshark.m4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/m4/virt-wireshark.m4 b/m4/virt-wireshark.m4 index e1e4a59..eb6c8a6 100644 --- a/m4/virt-wireshark.m4 +++

[libvirt] [PATCH 13/17] qemu.conf: Introduce write_udev

Not everybody is going to use the new virUdevMgr module. Some users have their own set of udev rules and they don't need libvirt to step in that area. Lets give users choice to enable or disable this feature. Signed-off-by: Michal Privoznik --- src/qemu/libvirtd_qemu.aug

[libvirt] [PATCH 14/17] qemu: Wire up virUdevMgr

Now that security drivers are capable of writing into virUdevMgr module, we also need it to flush its internal database right after that. Signed-off-by: Michal Privoznik --- src/qemu/qemu_domain.c | 12 +++- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c

[libvirt] [PATCH 08/17] tests: Introduce virudevtest

Now that we have the virudev module somewhat working, lets introduce some testing of it. We also need mock for virRandomBits function. Without it, the order in which entries occur in the hash table would be random and thus test would fail some times (as we expect certain ordering).

[libvirt] [PATCH 01/17] virseclabel.h: Include stdbool.h

The internal representation of security labels contains some bools (e.g. @relabel, @implicit). But the stdbool.h file is not included anywhere in the header file, therefore if somebody just includes "virseclabel.h" they also need to include . That's not right as it should be virseclabel.h who

[libvirt] [PATCH 07/17] virudev: Introduce virUdevMgrDump

Now that we are able to store security labels for devices, next step is to flush them into a file. For more convenience I've chosen JSON format (as we have all the APIs needed for processing the format). Signed-off-by: Michal Privoznik --- po/POTFILES.in | 1 +

[libvirt] [PATCH 10/17] virudev: Introduce virUdevMgrLookupLabels

This is the cherry on the top. For given device all its security labels are fetched. Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/virudev.c | 43 +++ src/util/virudev.h | 4 +++ tests/virudevtest.c | 91

[libvirt] [PATCH 03/17] security_dac: Pass manager to virSecurityDACSetImageLabel

This change alone is not needed, but it prepares environment for subsequent patches where we will need virSecurityManager much deeper in the code. Signed-off-by: Michal Privoznik --- src/security/security_dac.c | 33 + 1 file changed, 17

[libvirt] [PATCH 12/17] security: Wire up virUdevMgr

Whenever a security driver wants to change label of some path, it should let virUdevMgr module know so that it can update its internal database too. Signed-off-by: Michal Privoznik --- src/libvirt_private.syms| 2 ++ src/security/security_dac.c | 36

[libvirt] [PATCH 09/17] virudev: Parse virUdevMgr from JSON

Now that we are able to dump internal state into a JSON file/string, we should be able to reverse the process and reconstruct the internal state from a JSON file/string. Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 2 + src/util/virudev.c | 159

[libvirt] [PATCH 17/17] qemu: Filter uninteresting paths for virUdevMgr

In case of udev, it will never try to reset security label on say domain monitor socket, or some other channel. Therefore, it makes sense to filter those paths out and keep the state file on the disk small. The only paths that udev will handle are those prefixed with "/dev/". Signed-off-by:

[libvirt] [PATCH 15/17] qemu: Reload virUdevMgr on start

If the daemon is restarted, the virUdevMgr loses its internal state. This is because entries to its internal DB are added whilst setting security labels. This obviously doesn't happen when the daemon is restarted. It's not wise to start with a fresh internal state and possibly leave behind

[libvirt] [PATCH 11/17] util: Introduce libvirt_udevhelper

This is a small helper intended to be run by udev. On its input (either as the only command line argument or in DEVNODE environment vairable) it is given a device and on the output it will either put nothing (meaning the device is not used by any of the libvirt domains), or it will print out

[libvirt] [PATCH 16/17] virudevtest: Introduce device filtering

In some cases callers might want to filter what devices are stored in this module (esp. when used in combination with udev who cares about nothing but "/dev/" prefixed paths). Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 1 + src/util/virudev.c | 25

[libvirt] [PATCH 00/17] Avoid races with udev

I've came across interesting bug recently. The problem was that user tried to start a domain, but qemu was denied access to some device. Even though we relabelled it initially. By debugging I found the root cause: while we were starting qemu, udev came and restored original security labels. Sigh.

[libvirt] [PATCH 04/17] security_dac: Pass manager to virSecurityDACRestoreFileLabelInternal

This change alone is not needed, but it prepares environment for subsequent patches where we will need virSecurityManager much deeper in the code. Signed-off-by: Michal Privoznik --- src/security/security_dac.c | 34 +++--- 1 file changed, 15

[libvirt] [PATCH 05/17] virudev: Introduce basic skeleton

This is new internal class that is going to remember pairs. Moreover, it is going to be able to flush the pairs into a file so that a helper (which is introduced later in the series) can look into the file and answer question: "Is this path in use by libvirt and if so

[libvirt] [PATCH 06/17] virudev: Implement virUdevMgrAddLabel and virUdevMgrRemoveAllLabels

These APIs start to implement what was laid out in the module description. We need to be able to store given security label (on domain startup, device attach), and then remove all security labels associated with it (on domain shutdown, device detach). Signed-off-by: Michal Privoznik

[libvirt] [PATCH 02/17] virseclabel: Introduce virSecurityDeviceLabelDefNewLabel

So far, this function is not needed with the current code. But it is going to do so in subsequent commits. We already have virSecurityDeviceLabelDefNew() which sets just model for new seclabel, this new API sets both model and label. Signed-off-by: Michal Privoznik ---

[libvirt] libvirt compiles on RISC-V (RV64G)

I'm happy to announce that libvirt compiles fine from git on Fedora/RISC-V. This has little or no practical value at all, since RISC-V lacks such essentials such as virtualization, qemu etc. However I suppose you could use it as a remote client. # file src/.libs/libvirt.so.0.2004.0

Re: [libvirt] [RFC PATCH] libxl: add tunnelled migration support

On 10/26/2016 07:33 AM, Bob Liu wrote: > Tunnelled migration doesn't require any extra network connections beside the > libvirt daemon. > It's capable of strong encryption and is the default option in openstack-nova. > > This patch add the tunnelled migration(Tunnel3params) support to libxl. >

[libvirt] [PATCH] qemu: Minimalize global driver accesses

Whilst working on another issue, I've noticed that in some functions we have a local @driver variable among with access to global @qemu_driver variable. This makes no sense. Signed-off-by: Michal Privoznik --- src/qemu/qemu_driver.c | 4 ++-- 1 file changed, 2

[libvirt] [PATCH v4 2/6] conf, qemu: Add newer shmem models

The old ivshmem is deprecated in QEMU, so let's use the better ivshmem-{plain,doorbell} variants instead. Signed-off-by: Martin Kletzander --- docs/formatdomain.html.in | 10 +++--- docs/schemas/domaincommon.rng | 2 ++ src/conf/domain_conf.c| 4 +++-

[libvirt] [PATCH v4 4/6] qemu: Save various defaults for shmem

We're keeping some things at default and that's not something we want to do intentionally. Let's save some sensible defaults upfront in order to avoid having problems later. The details for the defaults (of the newer implementation) can be found in qemu's commit 5400c02b90bb:

[libvirt] [PATCH v4 6/6] qemu: Add support for hot/cold-(un)plug of shmem devices

This is needed in order to migrate a domain with shmem devices as that is not allowed to migrate. Signed-off-by: Martin Kletzander --- src/qemu/qemu_driver.c | 39 +++- src/qemu/qemu_hotplug.c| 248

[libvirt] [PATCH v4 3/6] qemu: Add capabilities for ivshmem-{plain, doorbell}

Signed-off-by: Martin Kletzander --- src/qemu/qemu_capabilities.c | 5 ++ src/qemu/qemu_capabilities.h | 4 ++ .../caps_2.6.0-gicv2.aarch64.xml | 2 + .../caps_2.6.0-gicv3.aarch64.xml | 2 +

[libvirt] [PATCH v4 5/6] qemu: Support newer ivshmem device variants

QEMU added support for ivshmem-plain and ivshmem-doorbell. Those are reworked varians of legacy ivshmem that are compatible from the guest POV, but not from host's POV and have sane specification and handling. Details about the newer device type can be found in qemu's commit 5400c02b90bb:

[libvirt] [PATCH v4 0/6] Newer ivshmem models

v4: - Incorporated John's review v3: - https://www.redhat.com/archives/libvir-list/2016-September/msg01232.html Martin Kletzander (6): conf, qemu: Add support for shmem model conf, qemu: Add newer shmem models qemu: Add capabilities for ivshmem-{plain,doorbell} qemu: Save various

[libvirt] [PATCH v4 1/6] conf, qemu: Add support for shmem model

Just the default one now, new ones will be added in following commits. Signed-off-by: Martin Kletzander --- docs/formatdomain.html.in | 8 + docs/schemas/domaincommon.rng | 9 + src/conf/domain_conf.c

Re: [libvirt] [PATCH v11 5/5] qemu: Add secret object hotplug for TCP chardev TLS

On Mon, Oct 24, 2016 at 06:46:21PM -0400, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1300776 > > Complete the implementation of support for TLS encryption on > chardev TCP transports by adding the hotplug ability of a secret > to generate the passwordid for the TLS object

Re: [libvirt] [PATCH v11 4/5] qemu: Add a secret object to/for a char source dev

On Mon, Oct 24, 2016 at 06:46:20PM -0400, John Ferlan wrote: > Add the secret object so the 'passwordid=' can be added if the command line > if there's a secret defined in/on the host for TCP chardev TLS objects. > > Preparation for the secret involves adding the secinfo to the char source >

Re: [libvirt] [PATCH v5 03/15] qemu: set/use info->pciConnectFlags when validating/assigning PCI addresses

On Tue, 2016-10-25 at 14:08 -0400, Laine Stump wrote: > > [...] > > > @@ -926,7 +857,7 @@ qemuDomainCollectPCIAddress(virDomainDefPtr def > > > ATTRIBUTE_UNUSED, > > >entireSlot = (addr->function == 0 && > > >  addr->multi != VIR_TRISTATE_SWITCH_ON); > > > > > > -  

Re: [libvirt] [PATCH] qemu: Fix depedency order in qemuRemoveDiskDevice

On Tue, Oct 25, 2016 at 04:06:15PM -0400, John Ferlan wrote: > Need to remove the drive first, then the secobj and/or encobj if they exist. > This is because the drive has a dependency on secobj (or the secret for > the networked storage server) and/or the encobj (or the secret for the > LUKS

Re: [libvirt] [PATCH] virt-wireshark.m4: Defer $(prefix) substitution

On 10/24/2016 10:52 AM, Daniel P. Berrange wrote: On Thu, Oct 20, 2016 at 03:54:13PM +0800, Michal Privoznik wrote: The problem with evaluating $(prefix) in configure phase is that autoconf does a lot of magic with this variable. Firstly, if the --prefix argument is not set for the configure

[libvirt] [RFC PATCH] libxl: add tunnelled migration support

Tunnelled migration doesn't require any extra network connections beside the libvirt daemon. It's capable of strong encryption and is the default option in openstack-nova. This patch add the tunnelled migration(Tunnel3params) support to libxl. The data flow in the src side is: *