Re: [libvirt] [RFC v3] external (pull) backup API

On Thu, May 17, 2018 at 05:43:37PM -0500, Eric Blake wrote: > Here's my updated counterproposal for a backup API. > > In comparison to v2 posted by Nikolay: > https://www.redhat.com/archives/libvir-list/2018-April/msg00115.html > - changed terminology a bit: Nikolay's "BlockSnapshot" is now

Re: [libvirt] [Qemu-devel] [PATCH v7 1/3] qmp: adding 'wakeup-suspend-support' in query-target

Cc'ing a few more people. Daniel Henrique Barboza writes: > When issuing the qmp/hmp 'system_wakeup' command, what happens in a > nutshell is: > > - qmp_system_wakeup_request set runstate to RUNNING, sets a wakeup_reason > and notify the event > - in the main_loop, all

[libvirt] [PATCH] qemu: include kernel version in QEMU log file

We currently print the libvirt and qemu version strings into the per-guest logfile. It would be useful to know what kernel is running too, so add that. Signed-off-by: Daniel P. Berrangé --- src/qemu/qemu_process.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-)

[libvirt] [PATCH] qemu: Deny hugepages for non-existent NUMA nodes

https://bugzilla.redhat.com/show_bug.cgi?id=1534418 Just like ec982f6d929f3c23 denies hugepages for non-existent guest NUMA nodes in case there are some nodes configured. Unfortunately, when there are none, qemuBuildNumaArgStr() is not called and thus we have to have check in

[libvirt] [PATCH] set default seccompSandbox as 0 for qemu

start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny, elevateprivileges=deny,spawn=deny,resourcecontrol=deny: seccomp support is disabled libvirt version : 4.3 qemu version : 2.12 reproducer : recompile qemu with ./configure --disable-seccomp, or remove libseccomp package.

Re: [libvirt] [PATCH] util: return generic error in virCopyLastError if error is not set

On Thu, May 17, 2018 at 03:24:49PM +0300, Nikolay Shirokovskiy wrote: > > > On 17.05.2018 14:49, Nikolay Shirokovskiy wrote: > > > > > > On 17.05.2018 14:01, Erik Skultety wrote: > >> On Thu, May 17, 2018 at 01:42:36PM +0300, Nikolay Shirokovskiy wrote: > >>> > >>> > >>> On 17.05.2018 13:11,

[libvirt] [PATCH 02/15] conf: domain: Export virDomainStorageSourceParse

It will be used when parsing the migration private data. Signed-off-by: Peter Krempa --- src/conf/domain_conf.c | 2 +- src/conf/domain_conf.h | 6 ++ src/libvirt_private.syms | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c

[libvirt] [PATCH 00/15] qemu: Implement non-shared storage migration via TLS (blockdev-add saga)

Implement the non-shared storage migration when TLS is enabled. This is done by using blockdev-add to add the NBD endpoint with the TLS environment alias configured properly. Peter Krempa (15): qemu: block: Don't nest storage layer properties into format layer conf: domain: Export

[libvirt] [PATCH 14/15] qemu: migration: Extract code responsible for calling drive-mirror

Separate the code relevant for this approach so that we can later add a second implementation without making the function messy. Signed-off-by: Peter Krempa --- src/qemu/qemu_migration.c | 76 ++- 1 file changed, 49 insertions(+),

[libvirt] [PATCH 03/15] qemu: migration: Don't access disk members without lock

The initiation of a synchronous block job in the NBD storage migration code was placed after entering the monitor thus after the lock on the VM object was unlocked. Thankfully nothing bad could happen in this situation since the migration job prevents any disk detaches or other modifications of

[libvirt] [PATCH 04/15] qemu: caps: Add capability for blockdev-add/blockdev-del

The capability also represents that 'blockdev-add' is functional. It's necessary to detect it via presence of 'blockdev-del' since blockdev-add did not have the unsupported 'x-blockdev-add' version previously and thus would be marked as present even if we could not use it. Signed-off-by: Peter

[libvirt] [PATCH 13/15] qemu: migration: Rename NBD migration functions

Drop the mention of 'drive mirror' from the function names and mention NBD. This will help when adding the 'blockdev mirror' migration code which will allow using TLS. Additionally fix some of the function comments to make more sense Signed-off-by: Peter Krempa ---

[libvirt] [PATCH 05/15] qemu: monitor: Factor out and document code to format QMP command

Move formatting of the qemu command out of qemuMonitorJSONMakeCommandRaw to qemuMonitorJSONMakeCommandInternal to allow greater reusability and document the function better. Signed-off-by: Peter Krempa --- src/qemu/qemu_monitor_json.c | 70

[libvirt] [PATCH 09/15] qemu: domain: Extract NBD disk migration private data formatting

We will be adding source data to it so extract it to a separate function. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 31 +++ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_domain.c

[libvirt] [PATCH 10/15] qemu: domain: Extract parsing of NBD status XML

Extract the NBD portion of the 'job' status XML element parser into a separate function. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 61 -- 1 file changed, 39 insertions(+), 22 deletions(-) diff --git

[libvirt] [PATCH 01/15] qemu: block: Don't nest storage layer properties into format layer

Reference the storage via node name rather than inlining it. This is the approach that will be used with -blockdev/blockdev-add since it allows more control and is more future proof. Signed-off-by: Peter Krempa --- src/qemu/qemu_block.c | 8 +-

[libvirt] [PATCH 07/15] qemu: monitor: Introduce support for blockdev-mirror

drive-mirror allows only file targets. Introduce support for blockdev-mirror that is able to copy to any BDS described by a node name in qemu. Signed-off-by: Peter Krempa --- src/qemu/qemu_monitor.c | 22 ++ src/qemu/qemu_monitor.h | 9

[libvirt] [PATCH 15/15] qemu: migration: Add support for transporting NBD over TLS

Implement the secure way to transport non-shared storage data across migrations. The new approach uses blockdev-add to create the NBD client so that the TLS secret object can be specified. https://bugzilla.redhat.com/show_bug.cgi?id=1300772 Signed-off-by: Peter Krempa ---

[libvirt] [PATCH 08/15] qemu: block: Add helpers for hot-adding virStorageSource via blockdev

These helpers add infrastructure which simplifies adding and rolling back virStorageSources to a running qemu instance. Using of the helper structure and separate functions allows for a much cleaner code in the section dealing with the monitor. Signed-off-by: Peter Krempa ---

[libvirt] [PATCH 12/15] test: Add status XML test for NBD tls storage migration

Signed-off-by: Peter Krempa --- .../migration-out-nbd-tls-in.xml | 464 + .../migration-out-nbd-tls-out.xml | 1 + tests/qemuxml2xmltest.c| 1 + 3 files changed, 466 insertions(+) create

[libvirt] [PATCH 06/15] qemu: monitor: Add implementation for blockdev-add and blockdev-del

Signed-off-by: Peter Krempa --- src/qemu/qemu_monitor.c | 37 + src/qemu/qemu_monitor.h | 7 ++ src/qemu/qemu_monitor_json.c | 55 src/qemu/qemu_monitor_json.h | 9 4 files

[libvirt] [PATCH 11/15] qemu: domain: Add private data for NBD migration storage source definition

Allow saving various aspects necessary to do NBD migration via blockdev by storing a 'virStorageSource' in the disk private data meant to store the NBD target of migration. Along with this add code to parse and format it into the status XML. Signed-off-by: Peter Krempa ---

Re: [libvirt] [PATCH] set default seccompSandbox as 0 for qemu

On Fri, May 18, 2018 at 12:42:07PM +0100, Daniel P. Berrangé wrote: > On Fri, May 18, 2018 at 07:37:33PM +0800, zhenwei pi wrote: > > start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny, > > elevateprivileges=deny,spawn=deny,resourcecontrol=deny: > > seccomp support is disabled

Re: [libvirt] [PATCH] set default seccompSandbox as 0 for qemu

On Fri, May 18, 2018 at 07:37:33PM +0800, zhenwei pi wrote: > start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny, > elevateprivileges=deny,spawn=deny,resourcecontrol=deny: > seccomp support is disabled > libvirt version : 4.3 > qemu version : 2.12 > reproducer : recompile qemu

[libvirt] [PATCH] nwfilter: fix IP address learning

In a previous commit: commit d4bf8f415074759baf051644559e04fe7f8b Author: Daniel P. Berrangé Date: Wed Feb 14 09:43:59 2018 + nwfilter: handle missing switch enum cases Ensure all enum cases are listed in switch statements, or cast away enum

Re: [libvirt] [PATCH] qemu: include kernel version in QEMU log file

On 05/18/2018 01:24 PM, Daniel P. Berrangé wrote: > We currently print the libvirt and qemu version strings into the > per-guest logfile. It would be useful to know what kernel is running > too, so add that. > > Signed-off-by: Daniel P. Berrangé > --- >

Re: [libvirt] [PATCH v2 19/21] nwfilter: wire up new APIs for listing and querying filter bindings

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the > virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to > work. > > Signed-off-by: Daniel P. Berrangé > --- >

[libvirt] [PATCH] spec: Fix build without QEMU

libvirt_qemu_probes.stp is only generated when QEMU driver is enabled. Signed-off-by: Jiri Denemark --- libvirt.spec.in | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 9ea5e6b32a..0e4a84c98c 100644 ---

[libvirt] nwfilter deadlock with libpcap and TPACKET_V3

I've just found a deadlock in nwfilter caused by something in libpcap. There are 2 VMs running with the nwfilter stress test, but the deadlock in fact only involves VM VM. Three threads in libvirtd Thread 1 (Thread 0x7f3a26f726c0 (LWP 15384)): #0 __lll_lock_wait () at

[libvirt] [PATCH] Remove type_sep parameter from qemuBuildHostNetStr

The last caller not passing a comma was removed by: commit ad8a7c4f8599bd58608500a72cdfec18a6bf2318 Author: Ján Tomko CommitDate: 2018-04-12 17:17:16 +0200 qemu: deprecate QEMU_CAPS_NETDEV Signed-off-by: Ján Tomko --- src/qemu/qemu_command.c | 28

Re: [libvirt] [PATCH v2 18/21] nwfilter: remove virt driver callback layer for rebuilding filters

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Now that the nwfilter driver keeps a list of bindings that it has > created, there is no need for the complex virt driver callbacks. It is > possible to simply iterate of the list of recorded filter bindings. > > This means that rebuilding

Re: [libvirt] [PATCH v2 17/21] nwfilter: keep track of active filter bindings

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Currently the nwfilter driver does not keep any record of what filter > bindings it has active. This means that when it needs to recreate > filters, it has to rely on triggering callbacks provided by the virt > drivers. This introduces a hash

[libvirt] [PATCH 1/2] Reintroduce QEMU_CAPS_SECCOMP_SANDBOX

Commit 766d5c1b deprecated the capability, because we were assuming it for every QEMU binary. At the time of the introduction, there was no way to probe for this via QMP. However since QEMU 1.5.0 (which is the earliest version we support) we can rely on the query-command-line-options command to

[libvirt] [PATCH 2/2] qemu: only pass -sandbox off if supported

This way we don't rely on QEMU supplying the -sandbox option without CONFIG_SECCOMP. Signed-off-by: Ján Tomko --- src/qemu/qemu_command.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index

[libvirt] [PATCH 0/2] qemu: probe for -sandbox support

There is a patch proposal on qemu-devel that removes the -sandbox option completely without CONFIG_SECCOMP: http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03312.html Now that we assume query-command-line-options support, we can probe for it and honor the seccomp_sandbox = 0 qemu.conf

Re: [libvirt] [PATCH v2 14/21] conf: report an error if nic needs filtering by no driver is present

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > If a includes a filter name but the nwfilter driver is not > present we silently do nothing. This is very bad, because an application > that thinks it is protected by malicious guest traffic will in fact be > vulnerable. Reporting an error

Re: [libvirt] [PATCH v2 16/21] conf: introduce a virNWFilterBindingObjListPtr struct

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Introduce a new struct to act as the manager of a collection of > virNWFilterBindingObjPtr objects. > --- > src/conf/Makefile.inc.am | 2 + > src/conf/virnwfilterbindingobjlist.c | 475 +++ >

Re: [libvirt] [RFC] cgroup settings and systemd daemon-reload conflict

On 14.02.2018 13:34, Daniel P. Berrangé wrote: > On Tue, Jan 30, 2018 at 10:34:14AM +0300, Nikolay Shirokovskiy wrote: >> Hi, all. >> >> It turns out that systemd daemon-reload reset settings that are managable >> thru 'systemctl set-property' interface. >> >>> virsh schedinfo tst3 | grep

Re: [libvirt] [PATCH v2 15/21] conf: introduce a virNWFilterBindingObjPtr struct

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Introduce a new struct to act as the stateful owner of the > virNWFilterBindingDefPtr objects. > > Signed-off-by: Daniel P. Berrangé > --- > src/conf/Makefile.inc.am | 2 + > src/conf/virnwfilterbindingobj.c |

Re: [libvirt] [PATCH] Remove type_sep parameter from qemuBuildHostNetStr

On 05/18/2018 12:42 PM, Ján Tomko wrote: > The last caller not passing a comma was removed by: > commit ad8a7c4f8599bd58608500a72cdfec18a6bf2318 > Author: Ján Tomko > CommitDate: 2018-04-12 17:17:16 +0200 > > qemu: deprecate QEMU_CAPS_NETDEV > > Signed-off-by: Ján

Re: [libvirt] [PATCH] qemu: include kernel version in QEMU log file

On Fri, May 18, 2018 at 08:16:39PM +0200, Kashyap Chamarthy wrote: > On Fri, May 18, 2018 at 12:24:32PM +0100, Daniel P. Berrangé wrote: > > We currently print the libvirt and qemu version strings into the > > per-guest logfile. It would be useful to know what kernel is running > > too, so add

Re: [libvirt] [PATCH v2 21/21] nwfilter: convert virt drivers to use public API for nwfilter bindings

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > Remove the callbacks that the nwfilter driver registers with the domain > object config layer. Instead make the current helper methods call into > the public API for creating/deleting nwfilter bindings. > > Signed-off-by: Daniel P. Berrangé

Re: [libvirt] [PATCH] nwfilter: fix IP address learning

On Fri, May 18, 2018 at 12:59:01PM +0100, Daniel P. Berrangé wrote: > In a previous commit: > > commit d4bf8f415074759baf051644559e04fe7f8b > Author: Daniel P. Berrangé > Date: Wed Feb 14 09:43:59 2018 + > > nwfilter: handle missing switch enum cases >

Re: [libvirt] [PATCH v2 20/21] nwfilter: wire up new APIs for creating and deleting nwfilter bindings

On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote: > This allows the virsh commands nwfilter-binding-create and > nwfilter-binding-delete to be used. > > Note using these commands lets you delete filters that were > previously created automatically by the virt drivers, or add > filters for VM

Re: [libvirt] [PATCH] qemu: include kernel version in QEMU log file

On Fri, May 18, 2018 at 12:24:32PM +0100, Daniel P. Berrangé wrote: > We currently print the libvirt and qemu version strings into the > per-guest logfile. It would be useful to know what kernel is running > too, so add that. > > Signed-off-by: Daniel P. Berrangé > --- >