On 1/17/20 7:37 PM, Marek Marczykowski-Górecki wrote:
> The libxl driver already tries to call shutdown inhibit callback in the
> right places, but only if it's set. That last part was missing,
> resulting in premature shutdown when running libvirtd
> --timeout=...
Wow, that's been overlooked for
As discussed on the developer list, parallel migration connections
are not compatible with tunneled migration
https://www.redhat.com/archives/libvir-list/2020-January/msg00463.html
Prohibit the concurrent use of parallel and tunneled migration options.
Signed-off-by: Jim Fehlig
---
I added
On Tue, Jan 21, 2020 at 12:48:27PM -0500, Laine Stump wrote:
> On 1/21/20 10:26 AM, Daniel P. Berrangé wrote:
> > On Sun, Jan 19, 2020 at 10:24:13PM -0500, Laine Stump wrote:
> > > This attribute is only used for virtio-net devices, so it is stored in
> > > the virtio part of the anonymous union
On 1/21/20 10:26 AM, Daniel P. Berrangé wrote:
On Sun, Jan 19, 2020 at 10:24:13PM -0500, Laine Stump wrote:
This attribute is only used for virtio-net devices, so it is stored in
the virtio part of the anonymous union in virDomainNetDef::driver. An
I'm not convinced that storing it only for
...
> > > +if (! -e "$ssh_key_path") {
> > > +print "# generating a new SSH RSA key pair under
> > > $ssh_dir_path\n";
> >
> > I'm wondering whether I should actually use diag here^ instead, do you have
> > a
> > suggestion Dan?
>
> I guess we do use diag in the rest of the file, so
On Tue, Jan 21, 2020 at 06:08:01PM +0100, Erik Skultety wrote:
> On Tue, Jan 21, 2020 at 05:47:16PM +0100, Erik Skultety wrote:
> > The reason for this change is our Fedora 31 test image, because starting
> > with Fedora 31, the SSH policy for root logins with password
> > authentication changed
On Tue, Jan 21, 2020 at 05:47:16PM +0100, Erik Skultety wrote:
> The reason for this change is our Fedora 31 test image, because starting
> with Fedora 31, the SSH policy for root logins with password
> authentication changed and password auth is now disabled by default.
> Since we were relying on
On Tue, Jan 21, 2020 at 05:02:09PM +, Daniel P. Berrangé wrote:
> On Tue, Jan 21, 2020 at 05:47:17PM +0100, Erik Skultety wrote:
> > Not only have SSH keys been a good practice for a while, it fixes our
> > SSH connections to the f31 test vm.
> >
> > Signed-off-by: Erik Skultety
> > ---
> >
On Tue, Jan 21, 2020 at 05:47:17PM +0100, Erik Skultety wrote:
> Not only have SSH keys been a good practice for a while, it fixes our
> SSH connections to the f31 test vm.
>
> Signed-off-by: Erik Skultety
> ---
> scripts/nwfilter/210-no-mac-spoofing.t | 2 +-
>
On Tue, Jan 21, 2020 at 05:47:16PM +0100, Erik Skultety wrote:
> The reason for this change is our Fedora 31 test image, because starting
> with Fedora 31, the SSH policy for root logins with password
> authentication changed and password auth is now disabled by default.
> Since we were relying on
On Wed, Jan 15, 2020 at 03:24:00PM +0100, Erik Skultety wrote:
> For some reason, some of the PTP link addresses didn't specify the
> /128 prefix explicitly which fails the pattern matching in the nwfilter
> tests.
Odd, I wonder if this is a backcompat break in ebtables itself.
>
>
On Wed, Jan 15, 2020 at 03:23:59PM +0100, Erik Skultety wrote:
> Since libvirt commit 82fe58ff libvirt has been formatting the network
> mask to the dnsmasq's dhcp-range config option which broke a few of the
> networking tests.
>
> Signed-off-by: Erik Skultety
> ---
>
On Wed, Jan 15, 2020 at 03:23:58PM +0100, Erik Skultety wrote:
> libvirt's has been defining private chains within iptables for a while,
> only putting a target labels inside the master FORWARD chain which broke
> the networking test suite which wasn't adjusted accordingly.
Opps, my bad :-(
>
>
On Wed, Jan 15, 2020 at 03:23:57PM +0100, Erik Skultety wrote:
> Erik Skultety (3):
> network: Fix the iptables FORWARD chain name being queried
> network: Fix the dhcp range output being matched
> nwfilter: Fix the expected output from ebtables
>
>
On Fri, Jan 03, 2020 at 10:11:22AM +, Daniel P. Berrangé wrote:
> On Fri, Dec 27, 2019 at 01:59:51PM +0800, wang.y...@zte.com.cn wrote:
> > Hi Daniel,
> >
> > Thanks a lot for your review and reply!
> >
> > > On Mon, Dec 23, 2019 at 04:50:00PM +0100, Michal Prívozník wrote:
> > > > On
Not only have SSH keys been a good practice for a while, it fixes our
SSH connections to the f31 test vm.
Signed-off-by: Erik Skultety
---
scripts/nwfilter/210-no-mac-spoofing.t | 2 +-
scripts/nwfilter/220-no-ip-spoofing.t | 2 +-
scripts/nwfilter/230-no-mac-broadcast.t | 2 +-
Most of the nwfilter tests utilize SSH connections to execute some commands to
cross reference whether the requested change in libvirt took effect. However,
fedora 31 disables password-based auth for root login which breaks the test
suite.
Erik Skultety (2):
lib: TCK.pm: Favour pubkey auth over
The reason for this change is our Fedora 31 test image, because starting
with Fedora 31, the SSH policy for root logins with password
authentication changed and password auth is now disabled by default.
Since we were relying on this, we're now unable to log in to the guest
as root. Let's convert
On Sun, Jan 19, 2020 at 10:24:13PM -0500, Laine Stump wrote:
> This attribute is only used for virtio-net devices, so it is stored in
> the virtio part of the anonymous union in virDomainNetDef::driver. An
I'm not convinced that storing it only for virtio-net is the
right approach. This feels
On Sun, Jan 19, 2020 at 10:24:15PM -0500, Laine Stump wrote:
> For the subelement (including the
> backupAlias attribute) is parsed directly into the hostdev child
> object (virDomaniHostdevDef) of the interface (using
> virDomainHostdevDefParseXMLSubsys()). But for type='network'> where the
On Sun, Jan 19, 2020 at 10:24:09PM -0500, Laine Stump wrote:
> All three of these functions could only return 0 anyway, so just get
> rid of all the extra red tape.
>
> Signed-off-by: Laine Stump
> ---
> src/conf/domain_conf.c | 20 ++--
> 1 file changed, 6 insertions(+), 14
On Sun, Jan 19, 2020 at 10:24:10PM -0500, Laine Stump wrote:
> Adding Driver to the names makes them better fit their purpose.
>
> Signed-off-by: Laine Stump
> ---
> src/conf/domain_conf.c | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
Reviewed-by: Daniel P. Berrangé
Hi,
This is a request for comments in the design of the PCI multifunction
hotplug/hot-unplug feature for the QEMU driver that hopefully I'll be sending
shortly for review. The feature went through code changes since [1] mostly
because of Libvirt changes itself, but Shiva's 2016 original design
On Tue, Jan 21, 2020 at 12:46:38PM +0200, Dan Kenigsberg wrote:
> On Mon, Jan 20, 2020 at 8:33 PM Daniel P. Berrangé
> wrote:
> >
> > On Sun, Jan 19, 2020 at 10:24:19PM -0500, Laine Stump wrote:
> > > Current virtio-net drivers that support the failover feature match up
> > > the virtio backup
On Tue, Jan 21, 2020 at 02:43:44PM +0100, Peter Krempa wrote:
> On Tue, Jan 21, 2020 at 13:38:13 +, Daniel Berrange wrote:
> > On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
> > > The necessity to specify the secret value as command argument is
> > > insecure. Allow reading the
On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
The necessity to specify the secret value as command argument is
insecure. Allow reading the secret from a file.
Signed-off-by: Peter Krempa
---
docs/manpages/virsh.rst | 5 +++--
tools/virsh-secret.c| 30
On Tue, Jan 21, 2020 at 13:38:13 +, Daniel Berrange wrote:
> On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
> > The necessity to specify the secret value as command argument is
> > insecure. Allow reading the secret from a file.
> >
> > Signed-off-by: Peter Krempa
> > ---
> >
On Fri, Jan 10, 2020 at 04:42:44PM +0100, Peter Krempa wrote:
> Discourage passing secrets as commandline arguments.
>
> Signed-off-by: Peter Krempa
> ---
> docs/formatsecret.html.in | 86 +--
> 1 file changed, 55 insertions(+), 31 deletions(-)
>
> diff
Paolo Bonzini writes:
> On 21/01/20 09:22, Markus Armbruster wrote:
>> zhenwei pi writes:
>>
>>> Add bit 1 for pvpanic. This bit means that guest hits a panic, but
>>> guest wants to handle error by itself. Typical case: Linux guest runs
>>> kdump in panic. It will help us to separate the
On 1/21/20 10:03 AM, Peter Krempa wrote:
On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
On 1/10/20 12:42 PM, Peter Krempa wrote:
The currently existing virsh APIs for secrets are awful for human use
and don't promote security.
Peter Krempa (4):
virsh: secret:
On Tue, Jan 21, 2020 at 13:34:27 +, Daniel Berrange wrote:
> On Fri, Jan 10, 2020 at 04:42:41PM +0100, Peter Krempa wrote:
> > Add a command which allows to read a secret value from terminal.
> > 'secret-passwd' is chosen as a name as the password has limitations as
> > passwords do have
On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
> The necessity to specify the secret value as command argument is
> insecure. Allow reading the secret from a file.
>
> Signed-off-by: Peter Krempa
> ---
> docs/manpages/virsh.rst | 5 +++--
> tools/virsh-secret.c| 30
On Fri, Jan 10, 2020 at 04:42:42PM +0100, Peter Krempa wrote:
> Users might want to get the raw value instead of dealing with base64
> encoding. This might be useful for redirection to file and also for
> simple human-readable secrets.
>
> Signed-off-by: Peter Krempa
> ---
>
On Fri, Jan 10, 2020 at 04:42:41PM +0100, Peter Krempa wrote:
> Add a command which allows to read a secret value from terminal.
> 'secret-passwd' is chosen as a name as the password has limitations as
> passwords do have (printable, terminated by newline which is not
> contained in the value).
On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
>
>
> On 1/10/20 12:42 PM, Peter Krempa wrote:
> > The currently existing virsh APIs for secrets are awful for human use
> > and don't promote security.
> >
> > Peter Krempa (4):
> >virsh: secret: Add 'secret-passwd'
On 1/10/20 12:42 PM, Peter Krempa wrote:
The currently existing virsh APIs for secrets are awful for human use
and don't promote security.
Peter Krempa (4):
virsh: secret: Add 'secret-passwd' command
virsh: secret: Allow getting secret's value without base64 encoding
virsh: secret:
On Tue, Jan 14, 2020 at 08:50:55 -0600, Eric Blake wrote:
> On 1/9/20 12:31 PM, Peter Krempa wrote:
> > Use the user-configured name of the bitmap when merging the appropriate
> > bitmaps for an incremental backup so that the user can see it as
> > configured. Additionally expose the default
On Fri, Jan 10, 2020 at 16:42:40 +0100, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
>
> Peter Krempa (4):
> virsh: secret: Add 'secret-passwd' command
> virsh: secret: Allow getting secret's value without base64
On Tue, Jan 14, 2020 at 10:34:21AM +0100, Marc Hartmayer wrote:
> On Fri, Dec 13, 2019 at 03:32 PM -0500, Cole Robinson
> wrote:
> > On 12/12/19 8:46 AM, Marc Hartmayer wrote:
> >> On Wed, Dec 11, 2019 at 08:11 PM -0500, Cole Robinson
> >> wrote:
> >>> On 11/14/19 12:44 PM, Marc Hartmayer
On Wed, Dec 11, 2019 at 08:11:38PM -0500, Cole Robinson wrote:
> On 11/14/19 12:44 PM, Marc Hartmayer wrote:
> > The commit 'close callback: move it to driver' (88f09b75eb99) moved
> > the responsibility for the close callback to the driver. But if the
> > driver doesn't support the
On 21/01/20 09:22, Markus Armbruster wrote:
> zhenwei pi writes:
>
>> Add bit 1 for pvpanic. This bit means that guest hits a panic, but
>> guest wants to handle error by itself. Typical case: Linux guest runs
>> kdump in panic. It will help us to separate the abnormal reboot from
>> normal
On Mon, Jan 20, 2020 at 8:33 PM Daniel P. Berrangé wrote:
>
> On Sun, Jan 19, 2020 at 10:24:19PM -0500, Laine Stump wrote:
> > Current virtio-net drivers that support the failover feature match up
> > the virtio backup device with its corresponding hostdev device by
> > looking for an interface
On Thu, Jan 16, 2020 at 05:15:42PM +, Richard W.M. Jones wrote:
> You normally want to run the locally compiled copy of virsh. Trying
> to run the installed version with the locally compiled library is a
> recipe for problems with missing symbols and so on. By adding tools
> to the path we
On Thu, Jan 16, 2020 at 05:15:41PM +, Richard W.M. Jones wrote:
> This has been used in libguestfs and libnbd for quite a while as it
> makes the ./run script easier to read and write.
>
> See also:
> http://stackoverflow.com/a/9631350
>
> Signed-off-by: Richard W.M. Jones
> ---
> run.in |
zhenwei pi writes:
> Handle bit 1 write, then post event to monitor.
>
> Suggested by Paolo, declear a new event, using GUEST_PANICKED could
> cause upper layers to react by shutting down or rebooting the guest.
>
> In advance for extention, add GuestPanicInformation in event message.
>
>
zhenwei pi writes:
> Add bit 1 for pvpanic. This bit means that guest hits a panic, but
> guest wants to handle error by itself. Typical case: Linux guest runs
> kdump in panic. It will help us to separate the abnormal reboot from
> normal operation.
>
> Signed-off-by: zhenwei pi
> ---
>
46 matches
Mail list logo