In order to make ssh disks usable, we need to be able to validate a
remote host. To do this, add a xml element for ssh disks to
allow the user to specify a location for a file that contains known host
keys. Implementation to follow.
Signed-off-by: Jonathon Jongsma
---
docs/formatdomain.rst
Rather than having NBDKIT_MODDIR as a build configuration option, query
the nbdkit binary for the location to these directories. nbdkit provides
a --dump-config optiont that outputs this information and can be easily
parsed. We can also get the version from this output rather than
executing `nbdkit
For virStorageSource objects that contain an nbdkitProcess, start that
nbdkit process to serve that network drive and then pass the nbdkit
socket to qemu rather than sending the network url to qemu directly.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_block.c | 162
Allow to specify a basename for the log file so that
qemuDomainLogContextNew() can be used to create log contexts for
secondary loggers.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_domain.c | 5 +++--
src/qemu/qemu_domain.h | 3 ++-
src/qemu/qemu_process.c | 2 +-
3 files changed, 6 inse
Rather than passing passwords and cookies (which could contain
passwords) to nbdkit via commandline arguments, use the alternate format
that nbdkit supports where we can specify a file descriptor which nbdkit
will read to get the password or cookies.
Signed-off-by: Jonathon Jongsma
---
src/qemu/
In future commits, we will optionally use nbdkit to serve some remote
disk sources. This patch queries to see whether nbdkit is installed on
the host and queries it for capabilities. The data will be used in later
commits.
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
src/qemu/m
Adds the ability to monitor the nbdkit process so that we can take
action in case the child exits unexpectedly.
When the nbdkit process exits, we pause the vm, restart nbdkit, and then
resume the vm. This allows the vm to continue working in the event of a
nbdkit failure.
Eventually we may want t
This prepares encryption secrets and authentication secrets. When we add
nbdkit-backed network storage sources, we will not need to send
authentication secrets to qemu, since they will be sent to nbdkit
instead. So split this into two different functions.
Signed-off-by: Jonathon Jongsma
Reviewed-
For ssh disks that are served by nbdkit, lookup the password from the
configured secret and securely pass it to the nbdkit process using fd
passing.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_nbdkit.c| 87 ++-
.../disk-network-ssh-password.args.disk
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
tests/qemunbdkitdata/disk-network-source-curl.args.disk1 | 4 +++-
.../disk-network-source-curl.args.disk1.pipe.780 | 2 +-
.../disk-network-source-curl.args.disk1.pipe.782 | 1 +
tests/qemunbdkitdata/di
Right now, ssh network disks are not usable. There is some basic support
in libvirt that is meant to support disk chains that have backing disks
located at ssh urls, but there is no real way for a user to configure a
ssh-based disk. This commit allows users to configure an ssh disk with
password a
Add a private function to peek at the list of send buffers in virCommand
so that it is testable
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
src/libvirt_private.syms | 1 +
src/util/vircommand.c | 17 +
src/util/vircommand.h | 8
src/util/vir
log stderr and stdout from nbdkit into its own log so that
nbdkit-related issues can be debugged more easily.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_nbdkit.c | 28
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_nbdkit.c b/src/
For ssh disks that are served by nbdkit, we can support logging in with
an ssh key file. Pass the path to the configured key file and the
username to the nbdkit process.
The key file may be password protected, and libvirt cannot prompt the
user for a password to unlock it. But if the adminstrator
For ssh disks that are served by nbdkit, use the configured value for
knownHosts and pass it to the nbdkit process.
Signed-off-by: Jonathon Jongsma
---
src/conf/domain_conf.c| 8
src/conf/storage_source_conf.c| 1 +
src/con
We were testing the arguments that were being passed to qemu when a disk
was being served by nbdkit, but the arguments used to start nbdkit
itself were not testable. This adds a test to ensure that we're invoking
nbdkit correctly for various disk source definitions.
Signed-off-by: Jonathon Jongsma
When using nbdkit to serve a network disk source, the nbdkit process
will start and wait for an nbd connection before actually attempting to
connect to the (remote) disk location. Because of this, nbdkit will not
report an error until after qemu is launched and tries to read from the
disk. This res
Add new DO_TEST_CAPS_LATEST_NBDKIT macro to test xml2argv for various
nbdkit capability scenarios.
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
src/qemu/qemu_nbdkit.c | 20 +---
tests/qemuxml2argvtest.c | 11 +++
tests/testutilsqemu.c| 27 +
Add some helper functions to build a virCommand object and run the
nbdkit process for a given virStorageSource.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_nbdkit.c | 255 +
src/qemu/qemu_nbdkit.h | 10 ++
2 files changed, 265 insertions(+)
diff --
Add xml to the private data for a disk source to represent the nbdkit
process so that the state can be re-created if the libvirt daemon is
restarted. Format:
/path/to/nbdkit.pid
/path/to/nbdkit.socket
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_domain.c
Authenticating via key file to an ssh server is often preferable to
logging in via password. In order to support this functionality add a
new xml element for ssh disks that allows the user to specify
a keyfile, username and optional ssh-agent socket location. Example
configuration:
Add the virFileCache implementation for nbdkit capabilities to the qemu
driver. This allows us to determine whether nbdkit is installed and
which plugins are supported. it also has persistent caching and the
capabilities are re-queried whenever something changes.
Signed-off-by: Jonathon Jongsma
R
An object for storing information about a nbdkit process that is serving
a specific virStorageSource. At the moment, this information is just
stored in the private data of virStorageSource and not used at all.
Future commits will use this data to actually start a nbdkit process.
Signed-off-by: Jon
The only use of this function always passes
QEMU_DOMAIN_LOG_CONTEXT_MODE_START. The other enum values are never used
anywhere in the code. Remove them.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_domain.c | 26 +++---
src/qemu/qemu_domain.h | 9 +
src/qemu/qe
In order to add caching of the nbdkit capabilities, we will need to
compare against file modification times, etc. So look up this
information when creating the nbdkit caps.
Add a nbdkit_moddir build option to allow the builder to specify the
location to look for nbdkit plugins and filters.
Signed
This will allow us to use it for nbdkit logging in upcoming commits.
Signed-off-by: Jonathon Jongsma
---
po/POTFILES| 1 +
src/qemu/meson.build | 1 +
src/qemu/qemu_domain.c | 247 ++
src/qemu/qemu_domain.h | 29 +---
src/qemu/qe
This code can be used by the nbdkit implementation for reading back
filtered log data for error reporting. Move it to qemuLogContext so that
it can be shared. Renamed to qemuLogContextReadFiltered().
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_logcontext.c | 65
Implement the loadFile and saveFile virFileCacheHandlers callbacks so
that nbdkit capabilities are cached perstistently across daemon
restarts. The format and implementation is modeled on the qemu
capabilities, but simplified slightly.
Signed-off-by: Jonathon Jongsma
---
po/POTFILES|
Preparatory step for caching nbdkit capabilities. This patch implements
the newData and isValid virFileCacheHandlers callback functions.
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
src/qemu/qemu_nbdkit.c | 89 +-
src/qemu/qemu_nbdkit.h |
This is the fourth version of this patch series. See
https://bugzilla.redhat.com/show_bug.cgi?id=2016527 for more information about
the goal, but the summary is that RHEL does not want to ship the qemu storage
plugins for curl and ssh. Handling them outside of the qemu process provides
several adv
Since the libvirt documentation suggests to prefer GObject over
virObject, and since virObject is a GObject, change virFileCache to
allow GObjects as data.
Signed-off-by: Jonathon Jongsma
Reviewed-by: Peter Krempa
---
src/util/virfilecache.c | 14 --
src/util/virfilecache.h | 2 +-
There was support in the code for parsing protocol='ssh' on network disk
sources, but it was not present in the xml schema. Add this to the
schema and mention it in the documentation.
Signed-off-by: Jonathon Jongsma
---
src/conf/schemas/domaincommon.rng | 1 +
tests/qemublocktest.c
On a Wednesday in 2023, Laine Stump wrote:
Somehow I neglected to fully update the example for the interface
passt backend when the design changed during development. This fixes
the example to reflect what is in the code.
Signed-off-by: Laine Stump
---
docs/formatdomain.rst | 20 ++-
This is a purely cosmetic change dropping the majority of 'sudo'
invocations which we need to do to make final preparations on the
test environment. This patch visually divides the part where we need to
run as root from the rest of the operations.
Signed-off-by: Erik Skultety
---
ci/integration.
Because of the nature of writing inline shell commands to YAML, most of
the commentaries where inlined with the command not to hinder YAML
readability any further. Since we moved the logic to a standalone
script, we can now do whatever formatting & readability adjustments we
want.
Signed-off-by: E
Running outside of GitLab will likely not have the variable set and
hence the execution would fail.
Signed-off-by: Erik Skultety
---
ci/integration.sh | 8
1 file changed, 8 insertions(+)
diff --git a/ci/integration.sh b/ci/integration.sh
index 41326d6e40..ac04c46d8e 100644
--- a/ci/in
Using shell scripts rather than inlining shell commands to YAML feels more
natural, more readable, and will keep all different variations of execution
consistent. Essentially the only disadvantage is that we won't see each command
listed one-by-one in gitlab's log output (unless we set -x that is),
Since we now have a standalone script instead of inlined shell commands
in a YAML, we can adopt the common syntax for if-then-else clauses
which involve the '[' test command alias rather than keep using 'test'
explicitly.
Signed-off-by: Erik Skultety
---
ci/integration.sh | 2 +-
1 file changed,
This will allow us to re-use the script in other scenarios like local
executions where up until now one had to copy-paste the recipe
line-by-line.
Signed-off-by: Erik Skultety
---
ci/integration-template.yml | 36 +---
ci/integration.sh | 32
Since the section now only consists of a single command, we can happily
move the command to the main integration template job body.
Signed-off-by: Erik Skultety
---
ci/integration-template.yml | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/ci/integration-template.yml b/
We no longer support Fedora 35. While at it, we can also tailor the
rest of the check to CentOS Stream 8 since all other supported Red Hat
like platforms have moved onto modular daemons setup already.
Signed-off-by: Erik Skultety
---
ci/integration.sh | 3 +--
1 file changed, 1 insertion(+), 2 d
Two of the messages referred to 'backend type' when dealing
with the source type and one mentioned the 'client' attribute
from an earlier iteration of the patches, even though the attribute
was later changed to 'connect'.
https://bugzilla.redhat.com/show_bug.cgi?id=2063723
Signed-off-by: Ján Tomk
On 09.01.2023 18:31, Martin Kletzander wrote:
On Thu, Dec 15, 2022 at 01:25:49AM +0600, Oleg Vasilev wrote:
Before, logs from deleted machines have been piling up, since there were
no garbage collection mechanism. Now, virtlogd can be configured to
periodically scan the log folder for orphan
On 1/20/23 09:47, Jiang Jiacheng wrote:
> Add migrate options: --compression-zlib-level
> --compression-zstd-level
> These options are used to set compress level for "zlib"
> or "zstd" during parallel migration if the compress method
> is specified.
>
> Signed-off-by: Jiang Ji
44 matches
Mail list logo