On Thu, May 17, 2018 at 05:43:37PM -0500, Eric Blake wrote:
> Here's my updated counterproposal for a backup API.
>
> In comparison to v2 posted by Nikolay:
> https://www.redhat.com/archives/libvir-list/2018-April/msg00115.html
> - changed terminology a bit: Nikolay's "BlockSnapshot" is now
Cc'ing a few more people.
Daniel Henrique Barboza writes:
> When issuing the qmp/hmp 'system_wakeup' command, what happens in a
> nutshell is:
>
> - qmp_system_wakeup_request set runstate to RUNNING, sets a wakeup_reason
> and notify the event
> - in the main_loop, all
We currently print the libvirt and qemu version strings into the
per-guest logfile. It would be useful to know what kernel is running
too, so add that.
Signed-off-by: Daniel P. Berrangé
---
src/qemu/qemu_process.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
https://bugzilla.redhat.com/show_bug.cgi?id=1534418
Just like ec982f6d929f3c23 denies hugepages for non-existent
guest NUMA nodes in case there are some nodes configured.
Unfortunately, when there are none, qemuBuildNumaArgStr() is not
called and thus we have to have check in
start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny,
elevateprivileges=deny,spawn=deny,resourcecontrol=deny:
seccomp support is disabled
libvirt version : 4.3
qemu version : 2.12
reproducer : recompile qemu with ./configure --disable-seccomp, or
remove libseccomp package.
On Thu, May 17, 2018 at 03:24:49PM +0300, Nikolay Shirokovskiy wrote:
>
>
> On 17.05.2018 14:49, Nikolay Shirokovskiy wrote:
> >
> >
> > On 17.05.2018 14:01, Erik Skultety wrote:
> >> On Thu, May 17, 2018 at 01:42:36PM +0300, Nikolay Shirokovskiy wrote:
> >>>
> >>>
> >>> On 17.05.2018 13:11,
It will be used when parsing the migration private data.
Signed-off-by: Peter Krempa
---
src/conf/domain_conf.c | 2 +-
src/conf/domain_conf.h | 6 ++
src/libvirt_private.syms | 1 +
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c
Implement the non-shared storage migration when TLS is enabled. This is
done by using blockdev-add to add the NBD endpoint with the TLS
environment alias configured properly.
Peter Krempa (15):
qemu: block: Don't nest storage layer properties into format layer
conf: domain: Export
Separate the code relevant for this approach so that we can later add a
second implementation without making the function messy.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_migration.c | 76 ++-
1 file changed, 49 insertions(+),
The initiation of a synchronous block job in the NBD storage migration
code was placed after entering the monitor thus after the lock on the VM
object was unlocked. Thankfully nothing bad could happen in this
situation since the migration job prevents any disk detaches or other
modifications of
The capability also represents that 'blockdev-add' is functional. It's
necessary to detect it via presence of 'blockdev-del' since blockdev-add
did not have the unsupported 'x-blockdev-add' version previously and
thus would be marked as present even if we could not use it.
Signed-off-by: Peter
Drop the mention of 'drive mirror' from the function names and mention
NBD. This will help when adding the 'blockdev mirror' migration code
which will allow using TLS.
Additionally fix some of the function comments to make more sense
Signed-off-by: Peter Krempa
---
Move formatting of the qemu command out of qemuMonitorJSONMakeCommandRaw
to qemuMonitorJSONMakeCommandInternal to allow greater reusability and
document the function better.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor_json.c | 70
We will be adding source data to it so extract it to a separate function.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_domain.c | 31 +++
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_domain.c
Extract the NBD portion of the 'job' status XML element parser into a
separate function.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_domain.c | 61 --
1 file changed, 39 insertions(+), 22 deletions(-)
diff --git
Reference the storage via node name rather than inlining it. This is
the approach that will be used with -blockdev/blockdev-add since it
allows more control and is more future proof.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_block.c | 8 +-
drive-mirror allows only file targets. Introduce support for
blockdev-mirror that is able to copy to any BDS described by a node name
in qemu.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.c | 22 ++
src/qemu/qemu_monitor.h | 9
Implement the secure way to transport non-shared storage data across
migrations. The new approach uses blockdev-add to create the NBD client
so that the TLS secret object can be specified.
https://bugzilla.redhat.com/show_bug.cgi?id=1300772
Signed-off-by: Peter Krempa
---
These helpers add infrastructure which simplifies adding and rolling
back virStorageSources to a running qemu instance. Using of the helper
structure and separate functions allows for a much cleaner code in the
section dealing with the monitor.
Signed-off-by: Peter Krempa
---
Signed-off-by: Peter Krempa
---
.../migration-out-nbd-tls-in.xml | 464 +
.../migration-out-nbd-tls-out.xml | 1 +
tests/qemuxml2xmltest.c| 1 +
3 files changed, 466 insertions(+)
create
Signed-off-by: Peter Krempa
---
src/qemu/qemu_monitor.c | 37 +
src/qemu/qemu_monitor.h | 7 ++
src/qemu/qemu_monitor_json.c | 55
src/qemu/qemu_monitor_json.h | 9
4 files
Allow saving various aspects necessary to do NBD migration via blockdev
by storing a 'virStorageSource' in the disk private data meant to store
the NBD target of migration. Along with this add code to parse and
format it into the status XML.
Signed-off-by: Peter Krempa
---
On Fri, May 18, 2018 at 12:42:07PM +0100, Daniel P. Berrangé wrote:
> On Fri, May 18, 2018 at 07:37:33PM +0800, zhenwei pi wrote:
> > start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny,
> > elevateprivileges=deny,spawn=deny,resourcecontrol=deny:
> > seccomp support is disabled
On Fri, May 18, 2018 at 07:37:33PM +0800, zhenwei pi wrote:
> start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny,
> elevateprivileges=deny,spawn=deny,resourcecontrol=deny:
> seccomp support is disabled
> libvirt version : 4.3
> qemu version : 2.12
> reproducer : recompile qemu
In a previous commit:
commit d4bf8f415074759baf051644559e04fe7f8b
Author: Daniel P. Berrangé
Date: Wed Feb 14 09:43:59 2018 +
nwfilter: handle missing switch enum cases
Ensure all enum cases are listed in switch statements, or cast away
enum
On 05/18/2018 01:24 PM, Daniel P. Berrangé wrote:
> We currently print the libvirt and qemu version strings into the
> per-guest logfile. It would be useful to know what kernel is running
> too, so add that.
>
> Signed-off-by: Daniel P. Berrangé
> ---
>
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the
> virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to
> work.
>
> Signed-off-by: Daniel P. Berrangé
> ---
>
libvirt_qemu_probes.stp is only generated when QEMU driver is enabled.
Signed-off-by: Jiri Denemark
---
libvirt.spec.in | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 9ea5e6b32a..0e4a84c98c 100644
---
I've just found a deadlock in nwfilter caused by something in libpcap.
There are 2 VMs running with the nwfilter stress test, but the deadlock
in fact only involves VM VM.
Three threads in libvirtd
Thread 1 (Thread 0x7f3a26f726c0 (LWP 15384)):
#0 __lll_lock_wait () at
The last caller not passing a comma was removed by:
commit ad8a7c4f8599bd58608500a72cdfec18a6bf2318
Author: Ján Tomko
CommitDate: 2018-04-12 17:17:16 +0200
qemu: deprecate QEMU_CAPS_NETDEV
Signed-off-by: Ján Tomko
---
src/qemu/qemu_command.c | 28
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Now that the nwfilter driver keeps a list of bindings that it has
> created, there is no need for the complex virt driver callbacks. It is
> possible to simply iterate of the list of recorded filter bindings.
>
> This means that rebuilding
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Currently the nwfilter driver does not keep any record of what filter
> bindings it has active. This means that when it needs to recreate
> filters, it has to rely on triggering callbacks provided by the virt
> drivers. This introduces a hash
Commit 766d5c1b deprecated the capability, because we were assuming
it for every QEMU binary. At the time of the introduction, there
was no way to probe for this via QMP.
However since QEMU 1.5.0 (which is the earliest version we support)
we can rely on the query-command-line-options command to
This way we don't rely on QEMU supplying the -sandbox option
without CONFIG_SECCOMP.
Signed-off-by: Ján Tomko
---
src/qemu/qemu_command.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index
There is a patch proposal on qemu-devel that removes the -sandbox
option completely without CONFIG_SECCOMP:
http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03312.html
Now that we assume query-command-line-options support, we can probe
for it and honor the seccomp_sandbox = 0 qemu.conf
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> If a includes a filter name but the nwfilter driver is not
> present we silently do nothing. This is very bad, because an application
> that thinks it is protected by malicious guest traffic will in fact be
> vulnerable. Reporting an error
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Introduce a new struct to act as the manager of a collection of
> virNWFilterBindingObjPtr objects.
> ---
> src/conf/Makefile.inc.am | 2 +
> src/conf/virnwfilterbindingobjlist.c | 475 +++
>
On 14.02.2018 13:34, Daniel P. Berrangé wrote:
> On Tue, Jan 30, 2018 at 10:34:14AM +0300, Nikolay Shirokovskiy wrote:
>> Hi, all.
>>
>> It turns out that systemd daemon-reload reset settings that are managable
>> thru 'systemctl set-property' interface.
>>
>>> virsh schedinfo tst3 | grep
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Introduce a new struct to act as the stateful owner of the
> virNWFilterBindingDefPtr objects.
>
> Signed-off-by: Daniel P. Berrangé
> ---
> src/conf/Makefile.inc.am | 2 +
> src/conf/virnwfilterbindingobj.c |
On 05/18/2018 12:42 PM, Ján Tomko wrote:
> The last caller not passing a comma was removed by:
> commit ad8a7c4f8599bd58608500a72cdfec18a6bf2318
> Author: Ján Tomko
> CommitDate: 2018-04-12 17:17:16 +0200
>
> qemu: deprecate QEMU_CAPS_NETDEV
>
> Signed-off-by: Ján
On Fri, May 18, 2018 at 08:16:39PM +0200, Kashyap Chamarthy wrote:
> On Fri, May 18, 2018 at 12:24:32PM +0100, Daniel P. Berrangé wrote:
> > We currently print the libvirt and qemu version strings into the
> > per-guest logfile. It would be useful to know what kernel is running
> > too, so add
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> Remove the callbacks that the nwfilter driver registers with the domain
> object config layer. Instead make the current helper methods call into
> the public API for creating/deleting nwfilter bindings.
>
> Signed-off-by: Daniel P. Berrangé
On Fri, May 18, 2018 at 12:59:01PM +0100, Daniel P. Berrangé wrote:
> In a previous commit:
>
> commit d4bf8f415074759baf051644559e04fe7f8b
> Author: Daniel P. Berrangé
> Date: Wed Feb 14 09:43:59 2018 +
>
> nwfilter: handle missing switch enum cases
>
On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> This allows the virsh commands nwfilter-binding-create and
> nwfilter-binding-delete to be used.
>
> Note using these commands lets you delete filters that were
> previously created automatically by the virt drivers, or add
> filters for VM
On Fri, May 18, 2018 at 12:24:32PM +0100, Daniel P. Berrangé wrote:
> We currently print the libvirt and qemu version strings into the
> per-guest logfile. It would be useful to know what kernel is running
> too, so add that.
>
> Signed-off-by: Daniel P. Berrangé
> ---
>
45 matches
Mail list logo