Commit Graph

739 Commits

Author SHA1 Message Date
Peter Krempa e114b09157 qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY
Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50
prior to 0.12.0, our minimum supported qemu version.

$ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62
v0.11.0-rc0-449-gdc6b1c0
$ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab
v0.12.0-rc0~1477
2016-07-07 15:08:35 +02:00
Paolo Bonzini 7a97676b96 qemu: generate -display none
This is preferrable to -nographic which (in addition to disabling
graphics output) redirects the serial port to stdio and on OpenBIOS
enables the firmware's serial console.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-07 11:51:39 +02:00
Laine Stump fe8567f6ad qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.

(This patch had been pushed earlier in
commit 0b4645a7e0, but was reverted in
commit 84d47a3cce because it had been
accidentally pushed during the freeze for release 2.0.0)
2016-07-01 21:13:31 -04:00
John Ferlan 2552fec248 encryption: Add <cipher> and <ivgen> to encryption
For a luks device, allow the configuration of a specific cipher to be
used for encrypting the volume.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:57 -04:00
John Ferlan 9bbf0d7e64 encryption: Add luks parsing for storageencryption
Add parse and format of the luks/passphrase secret including tests for
volume XML parsing.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:52 -04:00
John Ferlan 47e88b33be util: Add 'usage' for encryption
In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:46:24 -04:00
Ján Tomko 3681e0a9fe Add USB addresses to qemuhotplug test cases
This test assumes the XML will be the same after formatting.
Add USB addresses to it to keep it working when we autoassign them.
2016-07-01 12:25:18 +02:00
Jiri Denemark 0dd67acfa7 qemu: Use bootindex whenever possible
I'm not sure why our code claimed "-boot menu=on" cannot be used in
combination with per-device bootindex, but it was proved wrong about
four years ago by commit 8c952908. Let's always use bootindex when QEMU
supports it.

https://bugzilla.redhat.com/show_bug.cgi?id=1323085

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-07-01 12:20:54 +02:00
Marc Hartmayer cdf4ae6ae3 tests: Add test cases for SCSI disk hot-plug with QEMU
Verify that SCSI controllers get created automatically when a SCSI disk
is hot-plugged to a domain that doesn't have a matching SCSI controller
defined already.

Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
2016-06-30 12:48:51 +02:00
Ján Tomko 84d47a3cce Revert "qemu: support setting host-side IP addresses/routes"
This reverts commit 0b4645a7e0.

This feature was accidentally pushed in the feature freeze.
2016-06-27 12:54:55 +02:00
Laine Stump 0b4645a7e0 qemu: support setting host-side IP addresses/routes
For type='ethernet' interfaces only.
2016-06-26 19:33:10 -04:00
Ján Tomko b3ee621e94 Add a USB hub to controller order test
The test has too many USB devices.
2016-06-23 07:45:31 +02:00
Ján Tomko e9843279cc Add a test for long USB port paths
We support up to four levels of nested USB devices in the guest.

Add a test for a domain using all four and a negative test for a domain
using five.
2016-06-22 21:33:57 +02:00
John Ferlan f06e45d578 tests: Adjust tests for encrypted storage
Make them work again...  The xml2xml had been working, but the xml2argv
were not working. Making the xml2argv work required a few adjustments to
the xml to update to more recent times.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-06-21 14:31:19 -04:00
Ján Tomko f17a49564a Fix USB port in input-usbmouse test
The default USB controller only has two ports.
2016-06-21 18:23:56 +02:00
Andrea Bolognani dc5821d743 qemu: Don't use legacy USB for aarch64 mach-virt guests
The '-usb' option doesn't have any effect for aarch64 mach-virt
guests, so the fact that it's currently enabled by default is not
really causing any issue.

However, that might change in the future (although unlikely), and
having it as part of the QEMU command line can cause confusion to
someone looking through the process list.

Avoid it completely, like it's already happening for q35.
2016-06-20 09:58:48 +02:00
Andrea Bolognani 86a68bdb0c qemu: Permit PCI-free aarch64 mach-virt guests
There has been some progress lately in enabling virtio-pci on
aarch64 guests; however, guest OS support is still spotty at best,
so most guests are going to be using virtio-mmio instead.

Currently, mach-virt guests are closely modeled after q35 guests,
and that includes always adding a dmi-to-pci-bridge that's just
impossible to get rid of. While that's acceptable (if suboptimal)
for q35, where you will always need some kind of PCI device anyway,
mach-virt guests should be allowed to avoid it.
2016-06-17 18:30:04 +02:00
Laine Stump d5fb8f4564 qemu: don't add pci-bridge to Q35/arm domains unless it's needed
Until now, a Q35 domain (or arm/virt, or any other domain that has a
pcie-root bus) would always have a pci-bridge added, so that there
would be a hotpluggable standard PCI slot available to plug in any PCI
devices that might be added. This patch removes the explicit add,
instead relying on the pci-bridge being auto-added during PCI address
assignment (it will add a pci-bridge if there are no free slots).

This doesn't eliminate the dmi-to-pci-bridge controller that is
explicitly added whether or not a standard PCI slot is required (and
that is almost never used as anything other than a converter between
pcie.0's PCIe slots and standard PCI). That will be done separately.
2016-06-16 13:48:25 -04:00
Martin Kletzander 6445ad488f qemu: Add support for zero-detection writes
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-14 08:25:25 +02:00
Martin Kletzander d3c784999d conf: Add support of zero-detection for disks
This option allows or disallows detection of zero-writes if it is set to
"on" or "off", respectively.  It can be also set to "unmap" in which
case it will try discarding that part of image based on the value of the
"discard" option.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-14 08:25:25 +02:00
Pavel Hrdina 93a2fb230a vnc: add support for listen type none
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:46:45 +02:00
Pavel Hrdina c34ada0996 spice: introduce listen type none
This new listen type is currently supported only by spice graphics.
It's introduced to make it easier and clearer specify to not listen
anywhere in order to start a guest with OpenGL support.

The old way to do this was set spice graphics autoport='no' and don't
specify any ports.  The new way is to use <listen type='none'/>.  In
order to be able to migrate to old libvirt the migratable XML will be
generated without the listen element and with autoport='no'.  Also the
old configuration will be automatically converted to the this listen
type.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:44:08 +02:00
Pavel Hrdina ffac505639 spice: introduce spice_auto_unix_socket config option
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:39 +02:00
Pavel Hrdina e0c309b2dc spice: add support for listen type socket
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335832

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:43:15 +02:00
Pavel Hrdina acc83afe33 vnc: add support for listen type 'socket'
VNC graphics already supports sockets but only via 'socket' attribute.
This patch coverts that attribute into listen type 'socket'.

For backward compatibility we need to handle listen type 'socket' and 'socket'
attribute properly to support old XMLs and new XMLs.  If both are provided they
have to match, if only one of them is provided we need to be able to parse that
configuration too.

To not break migration back to old libvirt if the socket is provided by user we
need to generate migratable XML without the listen element and use only 'socket'
attribute.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-06-09 14:42:48 +02:00
Martin Kletzander f371704708 qemuhotplugtest: Test live data
Until now, the only hot thing in this test was the name.  That's because
we set the id to '-1' before every test.  With this change, we test the
hotplug on live domains as the name suggests and as it should be.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-09 13:23:15 +02:00
Martin Kletzander 3484c05ce0 qemu: Add support to QXL's max_outputs parameter
Historically, we added heads=1 to videos, but for example for qxl, we
did not reflect that on the command line.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2016-06-07 12:42:54 +02:00
Laine Stump 4d100c7a41 conf: permit auto-assignment of controller indexes
Hand-entering indexes for 20 PCI controllers is not as tedious as
manually determining and entering their PCI addresses, but it's still
annoying, and the algorithm for determining the proper index is
incredibly simple (in all cases except one) - just pick the lowest
unused index.

The one exception is USB2 controllers because multiple controllers in
the same group have the same index. For these we look to see if 1) the
most recently added USB controller is also a USB2 controller, and 2)
the group *that* controller belongs to doesn't yet have a controller
of the exact model we're just now adding - if both are true, the new
controller gets the same index, but in all other cases we just assign
the lowest unused index.

With this patch in place and combined with the automatic PCI address
assignment, we can define a PCIe switch with several ports like this:

  <controller type='pci' model='pcie-root-port'/>
  <controller type='pci' model='pcie-switch-upstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  <controller type='pci' model='pcie-switch-downstream-port'/>
  ...

These will each get a unique index, and PCI addresses that connect
them together appropriately with no pesky numbers required.
2016-05-25 15:00:25 -04:00
Ján Tomko ea04d1a659 qemu: format SLIC ACPI table command line
<os>
  <acpi>
    <table type="slic">/path/to/acpi/table/file</table>
  </acpi>
</os>

will result in:

-acpitable sig=SLIC,file=/path/to/acpi/table/file

This option was introduced by QEMU commit 8a92ea2 in 2009.

https://bugzilla.redhat.com/show_bug.cgi?id=1327537
2016-05-25 17:15:21 +02:00
Ján Tomko 72f652da63 conf: add <acpi><table> to <os>
Add a new element to <domain> XML:
<os>
  <acpi>
    <table type="slic">/path/to/acpi/table/file</table>
  </acpi>
</os>

To supply a path to a SLIC (Software Licensing) ACPI
table blob.

https://bugzilla.redhat.com/show_bug.cgi?id=1327537
2016-05-25 17:15:21 +02:00
Ján Tomko ec9d19952a tests: always assume QEMU_CAPS_DRIVE_READONLY 2016-05-23 10:34:16 +02:00
Ján Tomko b88f5f1af9 tests: remove <readonly/> from IDE disks
Read-only IDE disks are not supported, but the error
is raised only when QEMU_CAPS_DRIVE_READONLY is set.
2016-05-23 09:39:40 +02:00
Ján Tomko 1e463880c9 tests: remove disk-drive-fat test
This test requests a read-only virtual FAT drive on the IDE bus.
Read-only IDE drives are unsupported, but libvirt only displays
the error if it has the QEMU_CAPS_DRIVE_READONLY capability.
Read-write FAT drives are also unsupported.
2016-05-23 09:39:40 +02:00
Cole Robinson f3d5e255cb tests: qemu: test <address type='pci'/> with aarch64
This is an interesting test case since PCI isn't the default for
aarch64.
2016-05-20 13:54:26 -04:00
Laine Stump c026f8f1c2 qemu: auto-assign addresses when <address type='pci'/> is specified
Rather than only assigning a PCI address when no address is given at
all, also do it when the config says that the address type is 'pci',
but it gives no address (virDeviceInfoPCIAddressWanted()).

There are also several places after parsing but prior to address
assignment where code previously expected that any info with address
type='pci' would have a *valid* PCI address, which isn't always the
case - now we check not only for type='pci', but also for a valid
address (virDeviceInfoPCIAddressPresent()).

The test case added in this patch was directly copied from Cole's patch titled:

    qemu: Wire up address type=pci auto_allocate
2016-05-20 13:54:26 -04:00
John Ferlan a1344f70a1 qemu: Utilize qemu secret objects for RBD auth/secret
https://bugzilla.redhat.com/show_bug.cgi?id=1182074

If they're available and we need to pass secrets to qemu, then use the
qemu domain secret object in order to pass the secrets for RBD volumes
instead of passing the base64 encoded secret on the command line.

The goal is to make AES secrets the default and have no user interaction
required in order to allow using the AES mechanism. If the mechanism
is not available, then fall back to the current plain mechanism using
a base64 encoded secret.

New APIs:

qemu_domain.c:
  qemuDomainGetSecretAESAlias:
    Generate/return the secret object alias for an AES Secret Info type.
    This will be called from qemuDomainSecretAESSetup.

  qemuDomainSecretAESSetup: (private)
    This API handles the details of the generation of the AES secret
    and saves the pieces that need to be passed to qemu in order for
    the secret to be decrypted. The encrypted secret based upon the
    domain master key, an initialization vector (16 byte random value),
    and the stored secret. Finally, the requirement from qemu is the IV
    and encrypted secret are to be base64 encoded.

qemu_command.c:
  qemuBuildSecretInfoProps: (private)
    Generate/return a JSON properties object for the AES secret to
    be used by both the command building and eventually the hotplug
    code in order to add the secret object. Code was designed so that
    in the future perhaps hotplug could use it if it made sense.

  qemuBuildObjectSecretCommandLine (private)
    Generate and add to the command line the -object secret for the
    secret. This will be required for the subsequent RBD reference
    to the object.

  qemuBuildDiskSecinfoCommandLine (private)
    Handle adding the AES secret object.

Adjustments:

qemu_domain.c:
  The qemuDomainSecretSetup was altered to call either the AES or Plain
  Setup functions based upon whether AES secrets are possible (we have
  the encryption API) or not, we have secrets, and of course if the
  protocol source is RBD.

qemu_command.c:
  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
  specific command options for an AES secret, such as:

    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
            format=base64
    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
           mon_host=mon1.example.org\:6321,password-secret=$alias,...

  where the 'id=' value is the secret object alias generated by
  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
  is the master key shared with qemu, and the -drive syntax will
  reference that alias as the 'password-secret'. For the -drive
  syntax, the 'id=myname' is kept to define the username, while the
  'key=$base64 encoded secret' is removed.

  While according to the syntax described for qemu commit '60390a21'
  or as seen in the email archive:

    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

  it is possible to pass a plaintext password via a file, the qemu
  commit 'ac1d8878' describes the more feature rich 'keyid=' option
  based upon the shared masterKey.

Add tests for checking/comparing output.

NB: For hotplug, since the hotplug code doesn't add command line
    arguments, passing the encoded secret directly to the monitor
    will suffice.
2016-05-20 11:09:05 -04:00
Pavel Hrdina 858d7b6cf0 qemu_command: move sasl parameter after port and addr definition
This is required for following patches where new listen types will be
introduced.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:14:36 +02:00
Pavel Hrdina 2faa13560c tests: cleanup vnc auto socket test
Commit 55320c23 introduced a new test for VNC to test if
vnc_auto_unix_socket is set in qemu.conf, but forget to enable it in
qemuxml2argvtest.c.

This patch also moves the code in qemuxml2xmltest.c next to other VNC
tests and refactor the test so we also check the case for parsing active
XML.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:05:55 +02:00
Jiri Denemark 3a7cd180a5 cpu_x86: Use array of features in CPU map
There's no reason for keeping the features in a linked list. Especially
when we know upfront the total number of features we are loading.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-20 09:18:56 +02:00
Ján Tomko 936b86528d Remove DISK_BUS_XEN support from qemuBuildDiskDriveCommandLine
We have stopped supporting Xenner some time ago.
2016-05-20 09:02:08 +02:00
Andrea Bolognani f6ececa68d tests: Try different usable GIC versions
The only case where the hardware capabilities influence the result
is when no <gic/> element was provided.

The test programs now ensure both that the correct GIC version is
picked in that case, and that hardware capabilities are not taken
into account when the user has already picked a GIC version.
2016-05-18 11:27:56 +02:00
Cole Robinson e3a6859019 qemu: command: Use -name guest= if available
-name guest= is the explicit parameter for passing a VM name. Using
it is required to allow a VM with an '=' in the name

https://bugzilla.redhat.com/show_bug.cgi?id=1276485
2016-05-16 10:30:38 -04:00
Cole Robinson 7dbbc0ca07 qemu: command: escape commas in chardev socket path
After this, a default virt-manager VM will startup with a comma
in the VM name:

https://bugzilla.redhat.com/show_bug.cgi?id=639926
2016-05-16 10:30:38 -04:00
Cole Robinson 077ba95677 qemu: command: escape commas in VNC socket path
This path can be dependent on the VM libdir, which contains its name
2016-05-16 10:30:38 -04:00
Cole Robinson 3153ac08c9 qemu: command: escape commas in secret master path
Need to convert the local function to virBuffer usage, so we
can use qemuBufferEscapeComma
2016-05-16 10:30:38 -04:00
Cole Robinson 0f377eb1b0 qemu: command: escape commas in VM name
This isn't sufficient on its own, since the VM name is used for things
like monitor paths, which we don't escape yet
2016-05-16 10:30:38 -04:00
Laine Stump e5aecc2f80 conf: log error when incorrect PCI root controller is added to domain
libvirt may automatically add a pci-root or pcie-root controller to a
domain, depending on the arch/machinetype, and it hopefully always
makes the right decision about which to add (since in all cases these
controllers are an implicit part of the virtual machine).

But it's always possible that someone will create a config that
explicitly supplies the wrong type of PCI controller for the selected
machinetype. In the past that would lead to an error later when
libvirt was trying to assign addresses to other devices, for example:

  XML error: PCI bus is not compatible with the device at
  0000:00:02.0. Device requires a PCI Express slot, which is not
  provided by bus 0000:00

(that's the error message that appears if you replace the pcie-root
controller in a Q35 domain with a pci-root controller).

This patch adds a check at the same place that the implicit
controllers are added (to ensure that the same logic is used to check
which type of pci root is correct). If a pci controller with index='0'
is already present, we verify that it is of the model that we would
have otherwise added automatically; if not, an error is logged:

  The PCI controller with index='0' must be " model='pcie-root' for
  this machine type, " but model='pci-root' was found instead.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004602
2016-05-10 17:03:24 -04:00
Pavel Hrdina 9f51c1c7c7 graphics: generate fake ports also for tests
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:45 +02:00
John Ferlan d0b5845952 qemu: Add 'iothread' to command line for supported controller
https://bugzilla.redhat.com/show_bug.cgi?id=1286709

Now that we have all the pieces in place, we can add the 'iothread=#' to
the command line for the (two) controllers that support it (virtio-scsi-pci
and virtio-scsi-ccw). Add the tests as well...
2016-05-04 09:59:14 -04:00
John Ferlan e0d0e53086 conf: Add support for virtio-scsi iothreads
Add the ability to add an 'iothread' to the controller which will be how
virtio-scsi-pci and virtio-scsi-ccw iothreads have been implemented in qemu.

Describe the new functionality and add tests to parse/validate that the
new attribute can be added.
2016-05-04 09:59:14 -04:00