Re: [libvirt] [PATCH v9 1/5] domain: Add optional 'tls' attribute for TCP chardev

On Fri, Oct 14, 2016 at 04:23:04PM -0400, John Ferlan wrote: > Add an optional "tls='yes|no'" attribute for a TCP chardev for the > express purpose to disable setting up TLS for the specific chardev in > the event the qemu.conf settings have enabled hypervisor wide TLS for > serial TCP chardevs. >

Re: [libvirt] [PATCH 2/2] Forbid new-line char in name of new networks

On 14.10.2016 04:53, Sławek Kapłoński wrote: > New line character in name of network is now forbidden because it > mess virsh output and can be confusing for users. > Validation of name is done in network driver, after parsing XML to avoid > problems with dissappeared network which was already

Re: [libvirt] [PATCH 1/2] util: Add function to check if string contains some chars

On 14.10.2016 04:53, Sławek Kapłoński wrote: > This new function can be used to check if e.g. name of XML node > don't contains forbidden chars like "/" or new-line. > --- > src/conf/network_conf.c | 2 +- > src/libvirt_private.syms | 1 + > src/util/virstring.c | 9 + >

Re: [libvirt] [PATCH v3 0/2] Forbid new-line char in name of networks

On 14.10.2016 04:53, Sławek Kapłoński wrote: > v2: http://www.redhat.com/archives/libvir-list/2016-October/msg00451.html > > Differences in v3: > * function to check string moved from src/util/virxml to src/util/virstring > * validation if name of network contains \n char moved from parsing XML

[libvirt] [PULL 20/21] target-i386: Return runnability information on query-cpu-definitions

Fill the "unavailable-features" field on the x86 implementation of query-cpu-definitions. Cc: Jiri Denemark Cc: libvir-list@redhat.com Reviewed-by: Igor Mammedov Signed-off-by: Eduardo Habkost --- target-i386/cpu.c | 76

[libvirt] [PULL 09/21] qmp: Add runnability information to query-cpu-definitions

Add a new optional field to query-cpu-definitions schema: "unavailable-features". It will contain a list of QOM properties that prevent the CPU model from running in the current host. Cc: David Hildenbrand Cc: Michael Mueller Cc: Christian

Re: [libvirt] [PATCH v9 3/5] qemu: Introduce qemuDomainChardevPrivatePtr

On Fri, Oct 14, 2016 at 04:23:06PM -0400, John Ferlan wrote: > Modeled after the qemuDomainHostdevPrivatePtr (commit id '27726d8c'), > create a privateData pointer in the _virDomainChardevDef to allow storage > of private data for a hypervisor in order to at least temporarily store > secret data

[libvirt] [RFC] make virDomainQemuMonitorCommand work in any libvirt state

Hi, all. We would like to use virDomainQemuMonitorCommand to query qemu independently of libvirt state. Currenly it is not possible. This API call takes job condition just like any other call and thus is unavailable on any lengthy(or stucked) synchronous job. I've already posted this question in

[libvirt] [PATCH v2 0/2] New libssh transport

Hi, this series introduces a new libssh transport in libvirt, based on the libssh C library. This library supports what libssh2 does, and more: - easier API for known_hosts handling (there's a ticket upstream to request extensions for it, but what is implemented now works well) - potential

[libvirt] [PATCH v2 2/2] libssh_transport: add new libssh-based transport

Implement a new libssh transport, which uses libssh to communicate with remote hosts, and use it in virNetSockets. This new transport supports all the common ssh authentication methods, making use of libvirt's auth callbacks for interaction with the user. Most of the functionalities and

[libvirt] [PATCH v2 1/2] virNetSocket: allow to not close FD

Add an internal variable to mark the FD as "not owned" by the virNetSocket, in case the internal implementation takes the actual ownership of the descriptor; this avoids a warning when closing the socket, as the FD would be invalid. --- src/rpc/virnetsocket.c | 5 - 1 file changed, 4

Re: [libvirt] [PATCH v9 1/5] domain: Add optional 'tls' attribute for TCP chardev

On Mon, Oct 17, 2016 at 09:54:46AM -0400, John Ferlan wrote: > > > On 10/17/2016 04:09 AM, Pavel Hrdina wrote: > > On Fri, Oct 14, 2016 at 04:23:04PM -0400, John Ferlan wrote: > >> Add an optional "tls='yes|no'" attribute for a TCP chardev for the > >> express purpose to disable setting up TLS

Re: [libvirt] [PATCH v9 5/5] qemu: Add the ability to hotplug a secret object for TCP chardev TLS

On Fri, Oct 14, 2016 at 04:23:08PM -0400, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1300776 > > Complete the implementation of support for TLS encryption on > chardev TCP transports by adding the hotplug ability of a secret > to generate the passwordid for the TLS object >

Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret

On 10/17/2016 10:11 AM, Pavel Hrdina wrote: > On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote: >> Add the secret object prior to the chardev tcp so the 'passwordid=' can >> be added if the domain XML has a for the chardev TLS. >> >> Signed-off-by: John Ferlan >>

Re: [libvirt] [PATCH v9 4/5] qemu: Add a secret object to/for a chardev tcp with secret

On Fri, Oct 14, 2016 at 04:23:07PM -0400, John Ferlan wrote: > Add the secret object prior to the chardev tcp so the 'passwordid=' can > be added if the domain XML has a for the chardev TLS. > > Signed-off-by: John Ferlan > --- > src/qemu/qemu_command.c

Re: [libvirt] [PATCH v9 2/5] conf: Introduce {default|chardev}_tls_x509_secret_uuid

On 10/17/2016 06:52 AM, Pavel Hrdina wrote: > On Fri, Oct 14, 2016 at 04:23:05PM -0400, John Ferlan wrote: >> Add a new qemu.conf variables to store the UUID for the secret that could >> be used to present credentials to access the TLS chardev. Since this will >> be a server level and it's

Re: [libvirt] [PATCH v9 2/5] conf: Introduce {default|chardev}_tls_x509_secret_uuid

On Fri, Oct 14, 2016 at 04:23:05PM -0400, John Ferlan wrote: > Add a new qemu.conf variables to store the UUID for the secret that could > be used to present credentials to access the TLS chardev. Since this will > be a server level and it's possible to use some sort of default, introduce > both

Re: [libvirt] [PATCH v9 1/5] domain: Add optional 'tls' attribute for TCP chardev

On 10/17/2016 04:09 AM, Pavel Hrdina wrote: > On Fri, Oct 14, 2016 at 04:23:04PM -0400, John Ferlan wrote: >> Add an optional "tls='yes|no'" attribute for a TCP chardev for the >> express purpose to disable setting up TLS for the specific chardev in >> the event the qemu.conf settings have

Re: [libvirt] [PATCH v9 1/5] domain: Add optional 'tls' attribute for TCP chardev

On 10/17/2016 10:37 AM, Pavel Hrdina wrote: > On Mon, Oct 17, 2016 at 09:54:46AM -0400, John Ferlan wrote: >> >> >> On 10/17/2016 04:09 AM, Pavel Hrdina wrote: >>> On Fri, Oct 14, 2016 at 04:23:04PM -0400, John Ferlan wrote: Add an optional "tls='yes|no'" attribute for a TCP chardev for the

[libvirt] [PATCH 3/3] qemu: Remove unnecessary NULL arg check

qemuDomainSecret{Disk|Hostdev}Prepare has a prototype that checks for ATTRIBUTE_NONNULL(1) for 'conn'. Signed-off-by: John Ferlan --- src/qemu/qemu_domain.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c

[libvirt] [PATCH 2/3] qemu: Add 'verify-peer=yes' test for chardev TCP TLS

Missing the option to set verify-peer to yes Signed-off-by: John Ferlan --- ...xml2argv-serial-tcp-tlsx509-chardev-verify.args | 33 + ...uxml2argv-serial-tcp-tlsx509-chardev-verify.xml | 41 ++ tests/qemuxml2argvtest.c

[libvirt] [PATCH 0/3] Misc adjustments from recent code review

The following were all part of the review of the TCP chardev TLS series which were outside the realm of the specific changes for the series... http://www.redhat.com/archives/libvir-list/2016-October/msg00742.html 1. Removal of cfg from qemuProcessPrepareDomain should be separate patch 2. Setting

[libvirt] [PATCH 1/3] qemu: Remove unnecessary cfg fetch/unref

qemuProcessPrepareDomain has no need to fetch/unref the cfg, so remove it. Signed-off-by: John Ferlan --- src/qemu/qemu_process.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 0f5a11b..d641f33 100644 ---