While we have already descriptive articles on our GitLab CI, there's recently
been some work on the CI front where a few sections deserve some updates.
Erik Skultety (7):
docs: ci-runners: Add a note on a new runner registration process
docs: ci: Update the description on the integration CI
While we may have needed to run TCK through Avocado by explicitly using
the '--tap' option (still possible), we can get a nice output from
Avocado by default leaving the option out which is exactly what we do
inside GitLab CI environment.
Signed-off-by: Erik Skultety
---
docs/testtck.rst | 2 +-
Ever since commit 6e9bd600 added a new GitLab job description function
handling the integration test suite process to ci/jobs.sh it should be
mentioned in the docs.
This patch splits the 'Run TCK' section in two, giving user the option
to run the integration test suite in their VM environment the
Daniel P. Berrangé writes:
> On Wed, Sep 27, 2023 at 12:49:08PM -0400, James Bottomley wrote:
>> From: James Bottomley
>>
>> The Microsoft Simulator (mssim) is the reference emulation platform
>> for the TCG TPM 2.0 specification.
>>
>> https://github.com/Microsoft/ms-tpm-20-ref.git
>>
>> It
This patch mainly fixes an unfinished sentence that was supposed to
describe the LIBVIRT_CI_INTEGRATION_RUNNER_TAG variable, but took the
opportunity to update the description of the other variable too.
Signed-off-by: Erik Skultety
---
docs/ci.rst | 8 ++--
1 file changed, 6 insertions(+),
While wording is still correct to this day, we have already added more
features to lcitool and documented it properly in its repo. Make sure
that we refer the users to lcitool's doc material for further details
on how VMs can be installed locally.
Use the opportunity to bump the OS distro target
The documented process should be updated to reflect the new process
once GitLab transitions to it completely and drops the old process
involving registration tokens as hinted by the note.
Signed-off-by: Erik Skultety
---
docs/ci-runners.rst | 10 ++
1 file changed, 10 insertions(+)
The fact that we need ci/helper script to run the workloads remains
true, but the invocation has changed as of commit eb41e456 . We also
extracted GitLab job specs into a standalone ci/jobs.sh script which
allows execution of any container job we run in upstream CI locally,
unlike the original
It's mentioned in an earlier paragraph that Perl bindings in correct
version are needed, but there's no note about libvirt even though it
should be obvious. So make a clear note on that and while at it, do
mention the possibility to get upstream libvirt RPMs from GitLab CI
artifacts if users don't
The actual versioning policy[1] is a bit more nuanced, and in
particular there are scenarios in which the monthly release
is intentionally skipped, but overall it's not inaccurate to
claim that the release cadence of the Go bindings follows the
one of the C library.
[1]
It's no longer used anywhere.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 2 --
src/remote/libvirtd-admin.socket.in | 1 -
src/remote/libvirtd-ro.socket.in| 1 -
src/remote/libvirtd-tcp.socket.in | 1 -
src/remote/libvirtd-tls.socket.in | 1 -
Currently we only set this for the main sockets, which means
that
$ systemctl stop virtqemud.socket
will make the socket disappear from the filesystem while
$ systemctl stop virtqemud-ro.socket
won't. Get rid of this inconsistency.
Signed-off-by: Andrea Bolognani
---
We have already declared the mirror relationship, so this one
is now redundant.
Moreover, this version was incomplete: it only ever worked for
the monolithic daemon, but the modular daemons for QEMU and Xen
also want the sockets to be active.
Signed-off-by: Andrea Bolognani
Reviewed-by: Daniel
Like the Description, these are intended to be displayed to the
user, so it makes sense to have them towards the top of the file
before all the information that systemd will parse to calculate
dependencies.
Signed-off-by: Andrea Bolognani
Reviewed-by: Daniel P. Berrangé
---
It is currently considered required, but we're soon going to
provide a default that will be suitable for most services.
Since all services currently provide a value explicitly, we
can implement a default without breaking anything.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 6 --
Signed-off-by: Andrea Bolognani
---
src/secret/meson.build| 4
src/secret/virtsecretd.service.in | 25 -
2 files changed, 29 deletions(-)
delete mode 100644 src/secret/virtsecretd.service.in
diff --git a/src/secret/meson.build b/src/secret/meson.build
They're similar to the existing socket_in/socket_out variables
and will make future changes nicer.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/meson.build b/src/meson.build
index 6c85cc9b9b..c6728cc8f8 100644
We're about to change the defaults and start migrating to common
templates: in order to be able to switch units over one at a
time, make the input files that are currently used explicit
rather than implicit.
Signed-off-by: Andrea Bolognani
---
src/ch/meson.build | 3 +++
Signed-off-by: Andrea Bolognani
---
src/network/meson.build | 5 +
src/network/virtnetworkd.service.extra.in | 2 ++
src/network/virtnetworkd.service.in | 26 ---
3 files changed, 3 insertions(+), 30 deletions(-)
create mode 100644
Signed-off-by: Andrea Bolognani
---
src/storage/meson.build | 5 +
src/storage/virtstoraged.service.extra.in | 3 +++
src/storage/virtstoraged.service.in | 27 ---
3 files changed, 4 insertions(+), 31 deletions(-)
create mode 100644
These will be useful during the upcoming migration to common
templates for systemd units and will be dropped as soon as all
services have been converted.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 4
1 file changed, 4 insertions(+)
diff --git a/src/meson.build b/src/meson.build
We already use templating to generate sockets, which are all
based off libvirtd's. Push the idea further, and extend it to
cover services as well.
This is more challenging, as the various modular daemons each have
their own needs in terms of what system services needs to be
available before they
Signed-off-by: Andrea Bolognani
---
src/vbox/meson.build| 5 +
src/vbox/virtvboxd.service.extra.in | 2 ++
src/vbox/virtvboxd.service.in | 26 --
3 files changed, 3 insertions(+), 30 deletions(-)
create mode 100644
All services are still listing their input files explicitly, so
no changes to the output files will occur yet.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/meson.build b/src/meson.build
index
Requires/Wants only tells systemd that the corresponding unit
should be started when the current one is, but that could very
well happen in parallel. For virtlogd/virtlockd, we want the
socket to be already active when the hypervisor driver is
started.
Signed-off-by: Andrea Bolognani
systemd will automatically infer this dependency based on the
socket's Service=foo.service setting.
Signed-off-by: Andrea Bolognani
Reviewed-by: Daniel P. Berrangé
---
src/remote/libvirtd-admin.socket.in | 1 -
src/remote/libvirtd-ro.socket.in| 1 -
src/remote/libvirtd-tcp.socket.in | 1
This is the strongest relationship that can be declared between
two units, and causes the service to be terminated immediately
if its main socket disappears. This is the behavior we want.
Note that we don't do the same for the read-only/admin sockets,
because those are not as critical for the
Signed-off-by: Andrea Bolognani
---
src/lxc/meson.build | 5 +---
src/lxc/virtlxcd.service.extra.in | 22
src/lxc/virtlxcd.service.in | 44 ---
3 files changed, 23 insertions(+), 48 deletions(-)
create mode 100644
Now that the migration to common templates has been completed,
we no longer need these.
Signed-off-by: Andrea Bolognani
---
src/meson.build | 4
1 file changed, 4 deletions(-)
diff --git a/src/meson.build b/src/meson.build
index 0fbefe37d5..541ca61101 100644
--- a/src/meson.build
+++
Up until now the files have been used as template for most
services, but now that those have been converted to common
templates we can drop parametrization and make it clear that
these files are for libvirtd only.
Signed-off-by: Andrea Bolognani
---
src/remote/libvirtd-admin.socket.in | 10
Signed-off-by: Andrea Bolognani
---
src/libxl/meson.build | 7 ++-
src/libxl/virtxend.service.extra.in | 12 +++
src/libxl/virtxend.service.in | 32 -
src/libxl/virtxend.socket.extra.in | 2 ++
4 files changed, 16 insertions(+), 37
Only the main socket is actually necessary for the service to be
usable.
In the past, we've had security issues that could be exploited via
access to the read-only socket, so a security-minded administrator
might consider disabling all optional sockets. This change makes
such a setup possible.
Signed-off-by: Andrea Bolognani
---
src/nwfilter/meson.build | 4
src/nwfilter/virtnwfilterd.service.in | 25 -
2 files changed, 29 deletions(-)
delete mode 100644 src/nwfilter/virtnwfilterd.service.in
diff --git a/src/nwfilter/meson.build
Hypervisors are referred to by their user-facing name rather
than the name of their libvirt driver, the monolithic daemon is
explicitly referred to as legacy, and a consistent format is
used throughout.
Signed-off-by: Andrea Bolognani
---
src/ch/meson.build| 2 +-
Signed-off-by: Andrea Bolognani
---
src/ch/meson.build | 5 +---
src/ch/virtchd.service.extra.in | 22 +
src/ch/virtchd.service.in | 44 -
3 files changed, 23 insertions(+), 48 deletions(-)
create mode 100644
Signed-off-by: Andrea Bolognani
---
src/remote/meson.build | 6 --
src/remote/virtproxyd.service.in | 25 -
2 files changed, 31 deletions(-)
delete mode 100644 src/remote/virtproxyd.service.in
diff --git a/src/remote/meson.build b/src/remote/meson.build
Signed-off-by: Andrea Bolognani
---
src/node_device/meson.build | 4
src/node_device/virtnodedevd.service.in | 25 -
2 files changed, 29 deletions(-)
delete mode 100644 src/node_device/virtnodedevd.service.in
diff --git a/src/node_device/meson.build
We want to make sure that, at any given time, we have either the
modular daemons or the monolithic one running, never both. In
order to achieve that, make every single modular unit conflict
with the corresponding libvirtd unit.
We set both Conflicts=libvirtd.unit and After=libvirtd.unit: this
The idea behind these is to prevent running both modular daemons
and monolithic daemon at the same time. We will implement a more
effective solution for that shortly.
Signed-off-by: Andrea Bolognani
---
src/remote/meson.build | 3 ---
1 file changed, 3 deletions(-)
diff --git
A grab bag of changes, ranging from very much functional ones
to purely aesthetical ones.
Changes from [v1]
* patches 01-11 from the original series have been pushed;
* patch 40 from the original series has been dropped;
* patches 02 (cosmetic) and 31 (bug fix) have been added;
* the
Signed-off-by: Andrea Bolognani
---
src/qemu/meson.build| 5 +--
src/qemu/virtqemud.service.extra.in | 28 +
src/qemu/virtqemud.service.in | 48 -
3 files changed, 29 insertions(+), 52 deletions(-)
create mode 100644
This results in all sockets for a service being enabled when a
single one of them is.
The -tcp and -tls sockets are intentionally excluded, because
enabling them should require explicit action on the
administrator's part; moreover, disabling them should not result
in the local sockets being
Signed-off-by: Andrea Bolognani
---
src/interface/meson.build | 4
src/interface/virtinterfaced.service.in | 25 -
2 files changed, 29 deletions(-)
delete mode 100644 src/interface/virtinterfaced.service.in
diff --git a/src/interface/meson.build
Signed-off-by: Andrea Bolognani
---
src/vz/meson.build | 5 +
src/vz/virtvzd.service.extra.in | 2 ++
src/vz/virtvzd.service.in | 26 --
3 files changed, 3 insertions(+), 30 deletions(-)
create mode 100644 src/vz/virtvzd.service.extra.in
delete
On Mon, Sep 25, 2023 at 08:58:32PM +0200, Andrea Bolognani wrote:
> +++ b/src/virtd-tls.socket.in
> @@ -3,6 +3,8 @@ Description=@name@ TLS IP socket
> Before=@service@.service
> BindsTo=@service@.socket
> After=@service@.socket
> +Conflicts=libvirt-tls.socket
> +After=libvirt-tls.socket
>
On 9/26/23 15:56, Martin Kletzander wrote:
> The function returns how many array items were filled in, but virsh
> never checked for anything other than errors. Just to make sure this
> does not report invalid data, even though the only possibility would be
> reporting 0 free pages, check the
This subsystem is said to be in a bad shape (see e.g. [1], [2]
and [3]), and nobody seems to feel responsible to pick up patches
for this and send them via a pull request. For example there is
a patch for a CVE-worthy bug posted more than half a year ago [4]
which has never been merged.
Quoting
On 9/19/23 11:34, Erik Skultety wrote:
> send-email scans the commit messages to figure out the default set of
> addresses to put into CC, Acked-by/Reviewed-by, etc-by being among
> them. We're quite strict about CC-ing people on libvirt-list, since
> most developers are subscribed to the list
On 9/19/23 22:47, Jonathon Jongsma wrote:
>
>
> Jonathon Jongsma (2):
> news: document support for vdpa block devices
> news: document nbdkit support for network disks
>
> NEWS.rst | 18 ++
> 1 file changed, 18 insertions(+)
>
Reviewed-by: Michal Privoznik
Michal
On Wed, Sep 27, 2023 at 10:57:13AM +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 25, 2023 at 08:58:39PM +0200, Andrea Bolognani wrote:
> > +++ b/src/locking/virtlockd-admin.socket.in
> > @@ -1,5 +1,5 @@
> > [Unit]
> > -Description=Virtual machine lock manager admin socket
> >
On Wed, Sep 27, 2023 at 10:55:04AM +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 25, 2023 at 08:58:38PM +0200, Andrea Bolognani wrote:
> > They are unnecessary, since all sockets for a service are now
> > enabled as soon as one of them is and each service has a very
> > strong dependency on all
On Mon, Sep 25, 2023 at 08:58:39PM +0200, Andrea Bolognani wrote:
> Hypervisors are referred to by their user-facing name rather
> than the name of their libvirt driver, the monolithic daemon is
> explicitly referred to as legacy, and a consistent format is
> used throughout.
>
> Signed-off-by:
On Mon, Sep 25, 2023 at 08:58:40PM +0200, Andrea Bolognani wrote:
> Like the Description, these are intended to be displayed to the
> user, so it makes sense to have them towards the top of the file
> before all the information that systemd will parse to calculate
> dependencies.
>
>
On Mon, Sep 25, 2023 at 08:58:38PM +0200, Andrea Bolognani wrote:
> They are unnecessary, since all sockets for a service are now
> enabled as soon as one of them is and each service has a very
> strong dependency on all of its sockets.
You earlier modified the .service units to have BindsTo=
On Mon, Sep 25, 2023 at 08:58:37PM +0200, Andrea Bolognani wrote:
> This results in all sockets for a service being enabled when a
> single one of them is.
>
> The -tcp and -tls sockets are intentionally excluded, because
> enabling them should require explicit action on the
> administrator's
On Mon, Sep 25, 2023 at 08:58:32PM +0200, Andrea Bolognani wrote:
> We want to make sure that, at any given time, we have either the
> modular daemons or the monolithic one running, never both. In
> order to achieve that, make every single modular unit conflict
> with the corresponding libvirtd
On Mon, Sep 25, 2023 at 08:58:35PM +0200, Andrea Bolognani wrote:
> We have already declared the mirror relationship, so this one
> is now redundant.
>
> Moreover, this version was incomplete: it only ever worked for
> the monolithic daemon, but the modular daemons for QEMU and Xen
> also want
On Mon, Sep 25, 2023 at 08:58:36PM +0200, Andrea Bolognani wrote:
> systemd will automatically infer this dependency based on the
> socket's Service=foo.service setting.
>
> Signed-off-by: Andrea Bolognani
> ---
> src/remote/libvirtd-admin.socket.in | 1 -
> src/remote/libvirtd-ro.socket.in
On Mon, Sep 25, 2023 at 08:58:34PM +0200, Andrea Bolognani wrote:
> Requires/Wants only tells systemd that the corresponding unit
> should be started when the current one is, but that could very
> well happen in parallel. For virtlogd/virtlockd, we want the
> socket to be already active when the
On Tue, Sep 19, 2023 at 11:34:19AM +0200, Erik Skultety wrote:
> send-email scans the commit messages to figure out the default set of
> addresses to put into CC, Acked-by/Reviewed-by, etc-by being among
> them. We're quite strict about CC-ing people on libvirt-list, since
> most developers are
60 matches
Mail list logo