1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-25 01:34:11 +03:00
Commit Graph

1537 Commits

Author SHA1 Message Date
Fred A. Kemp
071249771b qemu: Add capability flag for usb-storage
Allow use of the usb-storage device only if the new capability flag
QEMU_CAPS_DEVICE_USB_STORAGE is set, which it is for qemu(-kvm)
versions >= 0.12.1.2-rhel62-beta.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2013-09-02 13:54:26 +02:00
Daniel P. Berrange
dbd2bc8c8b Change way we fake dbus method calls
Ubuntu libdbus.so links with -Bsymbolic-functions, which means
that we can only LD_PRELOAD functions that we directly call.
Functions which libdbus.so calls internally can not be replaced.
Thus we cannot use dbus_message_new_error or dbus_message_new_method_return

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-30 14:23:32 +01:00
Ján Tomko
2d9185a9f3 Test network update XML parsing
Add checks for updating sections of network definition via
virNetworkDefUpdateSection.

https://bugzilla.redhat.com/show_bug.cgi?id=989569
2013-08-28 08:05:46 +02:00
Ján Tomko
d8bd24a9ec Remove the space before the slash in network XML
This matches the style we use elsewhere and allows
nat-network-dns-srv-record{,-minimal}.xml to be tested in
network XML -> XML test.
2013-08-28 08:05:46 +02:00
Ján Tomko
63ee776f8c Build QEMU command line for pcihole64
QEMU commit 3984890 introduced the "pci-hole64-size" property,
to i440FX-pcihost and q35-pcihost with a default setting of 2 GB.

Translate <pcihole64>x<pcihole64/> to:
-global q35-pcihost.pci-hole64-size=x for q35 machines and
-global i440FX-pcihost.pci-hole64-size=x for i440FX-based machines.

Error out on other machine types or if the size was specified
but the pcihost device lacks 'pci-hole64-size' property.

https://bugzilla.redhat.com/show_bug.cgi?id=990418
2013-08-27 17:42:29 +02:00
Ján Tomko
01cda91809 Add pcihole64 element to root PCI controllers
<controller type='pci' index='0' model='pci-root'>
  <pcihole64 unit='KiB'>1048576</pcihole64>
</controller>

It can be used to adjust (or disable) the size of the 64-bit
PCI hole. The size attribute is in kilobytes (different unit
can be specified on input), but it gets rounded up to
the nearest GB by QEMU.

Disabling it will be needed for guests that crash with the
64-bit PCI hole (like Windows XP), see:
https://bugzilla.redhat.com/show_bug.cgi?id=990418
2013-08-27 17:42:29 +02:00
Aline Manera
796513d7cc Add ftp protocol support for cdrom disk
The ftp protocol is already recognized by qemu/KVM so add this support to
libvirt as well.
The xml should be as following:

     <disk type='network' device='cdrom'>
       <source protocol='ftp' name='/url/path'>
         <host name='host.name' port='21'/>
       </source>
     </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Aline Manera
3485ce4e9d Add http protocol support for cdrom disk
QEMU/KVM already allows a HTTP URL for the cdrom ISO image so add this support
to libvirt as well.
The xml should be as following:

    <disk type='network' device='cdrom'>
      <source protocol='http' name='/url/path'>
        <host name='host.name' port='80'/>
      </source>
    </disk>

Signed-off-by: Aline Manera <alinefm@br.ibm.com>
2013-08-27 14:50:24 +02:00
Ján Tomko
bab2eda6ad Always specify qcow2 compat level on qemu-img command line
qemu-img is going to switch the default for QCOW2
to QCOW2v3 (compat=1.1)

Extend the probing for qemu-img command line options to check
if -o compat is supported. If the volume definition specifies
the qcow2 format but no compat level and -o compat is supported,
specify -o compat=0.10 to create a QCOW2v2 image.

https://bugzilla.redhat.com/show_bug.cgi?id=997977
2013-08-27 12:45:58 +02:00
Jiri Denemark
b02fd24f18 qemuhotplugtest: Add tests for virtio SCSI disk hotplug 2013-08-26 16:09:56 +02:00
Jiri Denemark
e191a3e699 qemuhotplugtest: Add tests for USB disk hotplug 2013-08-26 16:09:56 +02:00
Jiri Denemark
4aee8a70b8 qemuhotplugtest: Add tests for async virtio disk detach 2013-08-26 16:09:56 +02:00
Jiri Denemark
68d6f66e6e qemuhotplugtest: Add support for DEVICE_DELETED event 2013-08-26 16:09:55 +02:00
Jiri Denemark
201f01ab97 tests: Add support for passing driver to qemu monitor
The driver is then passed to monitor event handlers.
2013-08-26 16:09:55 +02:00
Jiri Denemark
a950b4f91d tests: Add support for passing vm to qemu monitor
Some tests need the monitor to operate on an already existing VM object
rather than on a new mock-up the monitor test normally creates.
2013-08-26 16:09:55 +02:00
Jiri Denemark
2074574821 qemuhotplugtest: Add tests for virtio disk hotplug 2013-08-26 16:09:55 +02:00
Jiri Denemark
2618dc2a45 qemuxml2argvtest: Add XML for testing device hotplug
This is a generic XML usable for hotplugging various types of devices.
2013-08-26 16:09:55 +02:00
Jiri Denemark
e06d12b345 qemuhotplugtest: Define QMP_OK for the most common reply 2013-08-26 16:09:55 +02:00
Jiri Denemark
ac5255f914 qemuhotplugtest: Compare domain XML after device hotplug
We need to make sure a device is properly added/removed (or not) to a
domain definition to check that a hotplug API did not lie to us.
2013-08-26 16:09:54 +02:00
Jiri Denemark
8d4189d504 qemuhotplugtest: Generate better output
Each test case label now contains more data useful to identify the test.
2013-08-26 16:09:54 +02:00
Jiri Denemark
809ee6bad4 qemu: Avoid using global qemu_driver in event handlers
We will have to pass a mock-up of the driver when testing monitor
events.
2013-08-26 16:09:54 +02:00
Eric Blake
48d6ae1fb6 tests: skip schema validation tests if xmllint is missing
On IRC, someone complained that a system without xmllint installed
failed a number of tests.

* tests/schematestutils.sh: Probe for xmllint.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-23 15:23:44 -06:00
Nehal J Wani
6e17210930 qemuagenttest.c: Missing documentation (Timeout)
In tests/qemuagenttest.c, the Timeout test should always be
called last. Any additional tests should come before this.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-22 13:51:26 -06:00
Guido Günther
3e2799add2 Check for --no-copy-dt-needed linker flag
and use it when available
2013-08-22 16:17:36 +02:00
Martin Kletzander
398de14734 tests: Add URI precedence checking
Commit a0b6a36f is fixing what commit abfff210 broke, so to avoid having
to deal with this issue again, herec comes "virsh-uriprecedence".
2013-08-22 15:03:38 +02:00
Peter Krempa
106a2ddaa7 virBitmapParse: Fix behavior in case of error and fix up callers
Re-arrange the code so that the returned bitmap is always initialized to
NULL even on early failures and return an error message as some callers
are already expecting it. Fix up the rest not to shadow the error.
2013-08-22 11:38:36 +02:00
Claudio Bley
d7c4e00367 tests: fix building without xattr support
Only compile securityselinuxhelper.c if xattr support was detected to
avoid this error:

securityselinuxhelper.c:34:24: fatal error: attr/xattr.h: No such file
or directory compilation terminated.

Since all SELinux tests depend upon the securityselinuxhelper library,
these test programs are now only build when xattr support is
available.
2013-08-21 15:17:12 +02:00
Daniel P. Berrange
4b8d387ef9 Test handling of non-existent x509 certs
In commit f905cc9984 a use of
uninitialized data was fixed based on a coverity report. It
turns out it was possible to trigger this issue by pointing
libvirt at non-existent certificate files, typically causing
a crash.

This adds a test case for that scenario. With the above
commit reverted, this new test case will crash with a SEGV.
With the fix applied, it passes, reporting a normal libvirt
error to the caller.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-21 13:51:25 +01:00
Eric Blake
95577af442 selinux: enhance test to cover nfs label failure
Daniel Berrange (correctly) pointed out that we should do a better
job of testing selinux labeling fallbacks on NFS disks that lack
labeling support.

* tests/securityselinuxhelper.c (includes): Makefile already
guaranteed xattr support.  Add additional headers.
(init_syms): New function, borrowing from vircgroupmock.c.
(setfilecon_raw, getfilecon_raw): Fake NFS failure.
(statfs): Fake an NFS mount point.
(security_getenforce, security_get_boolean_active): Don't let host
environment affect test.
* tests/securityselinuxlabeldata/nfs.data: New file.
* tests/securityselinuxlabeldata/nfs.xml: New file.
* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
Fix memory leak.
(testSELinuxLabeling): Avoid infinite loop on dirty tree.
(mymain): Add new test.
2013-08-20 10:46:58 -06:00
Eric Blake
0f082e699e selinux: distinguish failure to label from request to avoid label
https://bugzilla.redhat.com/show_bug.cgi?id=924153

Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
an attribute relabel='no' in order to try and minimize the
impact of shutdown delays when an NFS server disappears.  The idea
was that if a disk is on NFS and can't be labeled in the first
place, there is no need to attempt the (no-op) relabel on domain
shutdown.  Unfortunately, the way this was implemented was by
modifying the domain XML so that the optimization would survive
libvirtd restart, but in a way that is indistinguishable from an
explicit user setting.  Furthermore, once the setting is turned
on, libvirt avoids attempts at labeling, even for operations like
snapshot or blockcopy where the chain is being extended or pivoted
onto non-NFS, where SELinux labeling is once again possible.  As
a result, it was impossible to do a blockcopy to pivot from an
NFS image file onto a local file.

The solution is to separate the semantics of a chain that must
not be labeled (which the user can set even on persistent domains)
vs. the optimization of not attempting a relabel on cleanup (a
live-only annotation), and using only the user's explicit notation
rather than the optimization as the decision on whether to skip
a label attempt in the first place.  When upgrading an older
libvirtd to a newer, an NFS volume will still attempt the relabel;
but as the avoidance of a relabel was only an optimization, this
shouldn't cause any problems.

In the ideal future, libvirt will eventually have XML describing
EVERY file in the backing chain, with each file having a separate
<seclabel> element.  At that point, libvirt will be able to track
more closely which files need a relabel attempt at shutdown.  But
until we reach that point, the single <seclabel> for the entire
<disk> chain is treated as a hint - when a chain has only one
file, then we know it is accurate; but if the chain has more than
one file, we have to attempt relabel in spite of the attribute,
in case part of the chain is local and SELinux mattered for that
portion of the chain.

* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
member.
* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
Parse it, for live images only.
(virSecurityDeviceLabelDefFormat): Output it.
(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
(virDomainDiskDefFormat): Pass flags on through.
* src/security/security_selinux.c
(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
when possible.
(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
norelabel, if labeling fails.
(virSecuritySELinuxSetFileconHelper): Fix indentation.
* docs/formatdomain.html.in (seclabel): Document new xml.
* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
New test files.
* tests/qemuxml2argvtest.c (mymain): Run the new tests.
* tests/qemuxml2xmltest.c (mymain): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-20 10:39:03 -06:00
Peter Krempa
39d963d1c0 virbitmaptest: Shut coverity up in case of broken test
Coverity reported a memleak in the test added in 7efd5fd1b0. In case
the code will be broken and the code will actually parse a faulty bitmap
the resulting pointer would be leaked. Free it although that shouldn't
ever happen.
2013-08-19 15:54:43 +02:00
Don Dugger
d4952d36d0 Add flag to BaselineCPU API to return detailed CPU features
Currently the virConnectBaselineCPU API does not expose the CPU features
that are part of the CPU's model.  This patch adds a new flag,
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
list all features that are part of that model.

Signed-off-by: Don Dugger <donald.d.dugger@intel.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-16 15:31:18 -06:00
Peter Krempa
7efd5fd1b0 virbitmaptest: Add test for out of bounds condition
Previous patch fixed an issue where, when parsing a bitmap from the
string, the bounds of the bitmap weren't checked. That flaw resulted into
crashes. This test tests that case to avoid it in the future.
2013-08-16 14:39:16 +02:00
Peter Krempa
536d38128e virbitmaptest: Fix function header formatting 2013-08-16 14:39:16 +02:00
Laine Stump
4f595ba61c network: permit upstream forwarding of unqualified DNS names
This resolves the issue that prompted the filing of

  https://bugzilla.redhat.com/show_bug.cgi?id=928638

(although the request there is for something much larger and more
general than this patch).

commit f3868259ca disabled the
forwarding to upstream DNS servers of unresolved DNS requests for
names that had no domain, but were just simple host names (no "."
character anywhere in the name). While this behavior is frowned upon
by DNS root servers (that's why it was changed in libvirt), it is
convenient in some cases, and since dnsmasq can be configured to allow
it, it must not be strictly forbidden.

This patch restores the old behavior, but since it is usually
undesirable, restoring it requires specification of a new option in
the network config. Adding the attribute "forwardPlainNames='yes'" to
the <dns> elemnt does the trick - when that attribute is added to a
network config, any simple hostnames that can't be resolved by the
network's dnsmasq instance will be forwarded to the DNS servers listed
in the host's /etc/resolv.conf for an attempt at resolution (just as
any FQDN would be forwarded).

When that attribute *isn't* specified, unresolved simple names will
*not* be forwarded to the upstream DNS server - this is the default
behavior.
2013-08-14 09:46:22 -04:00
Guido Günther
f790457172 Directly link against needed libraries
The Linux build revealed another missing direct link target, this time
against selinux libs:

    http://honk.sigxcpu.org:8001/view/libvirt/job/libvirt-build-debian-sid-amd64/9/console
2013-08-13 17:42:12 +02:00
Martin Kletzander
3be7a30426 tests: Fix parallel runs of TLS test suites
I noticed this yesterday and fixed it in a different way, but ended up
with one more problem.  It was probably the way I fixed it combined
with one more filename changed.

Anyway, why I'm saying this is that one more filename should be renamed
in order to avoid a race (which I was unable to reproduce, though).

I checked this is the last file those two tests have in common by going
through the code and the re-checked by this "script":

strace -o session.trace -e open ./virnettlssessiontest
strace -o context.trace -e open ./virnettlscontexttest
sort \
 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\
 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\
 | uniq -d| grep '.pem$'

So it should be enough to make these tests independent of each other.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 20:20:00 -06:00
Guido Günther
6ba0b7d2b4 Directly link against needed libraries
otherwise having a strict --no-copy-dt-needed-entries fails in several
places like:

    CCLD     virdbustest
    /usr/bin/ld: virdbustest-virdbustest.o: undefined reference to symbol 'dbus_message_unref'
    /lib/x86_64-linux-gnu/libdbus-1.so.3: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status
2013-08-12 22:53:44 +02:00
Peter Krempa
ba510abfd7 tests: Skip virsh-all test as expensive
Don't run the blind test of all virsh commands always. It usualy just
wastes time.
2013-08-12 18:47:56 +02:00
Peter Krempa
3ff6ae5b17 qemuagenttest: Test timeout of agent commands
If VIR_TEST_EXPENSIVE is enabled, test timeout of agent commands. This
test takes 6 seconds to finish.
2013-08-12 18:35:14 +02:00
Eric Blake
38d4bf49a0 tests: add helper to determine when to skip expensive tests
The logic set up in previous patch for exposing VIR_TEST_EXPENSIVE
to individual tests is as follows:

make check VIR_TEST_EXPENSIVE=0   => getenv("VIR_TEST_EXPENSIVE") sees "0"
make check VIR_TEST_EXPENSIVE=1   => getenv("VIR_TEST_EXPENSIVE") sees "1"
make check                        => getenv("VIR_TEST_EXPENSIVE") sees
either "0" or "1", based on configure options
cd tests; ./FOOtest               => getenv("VIR_TEST_EXPENSIVE") sees
whatever is in your environment (usually NULL, but possibly garbage)

Merely checking if VIR_TEST_EXPENSIVE is set in the environment
does the wrong thing; likewise, it is unsafe to assume the
variable will always contain a valid number.

As such, it helps to have helper functions, instead of making each
expensive test repeat the probe of the environment.

* tests/testutils.h (virTestGetExpensive): New prototype.
* tests/testutils.c (virTestGetExpensive): Implement it.
* tests/test-lib.sh (very_expensive_): Rename...
(test_expensive): ...and tweak to use VIR_TEST_EXPENSIVE.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:06:41 -06:00
Eric Blake
70363ea9ff build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc).  While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior).  Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on.  It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).

Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable.  Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.

* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-12 10:02:38 -06:00
Peter Krempa
ce01ec42b2 qemuagenttest: Test arbitrary command passthrough
Exercise the arbitrary command passthrough API.
2013-08-12 14:53:31 +02:00
Eric Blake
15168f9874 tests: test negative number through dbus
Commit f1088c8 weakened a test, by not passing a value larger
than INT_MAX through an int slot.  Make the fix in a different
way, using an explicit negative value.  Suggested by Dan Berrange.

* tests/virdbustest.c (testMessageArray): Adjust previous fix.
(testMessageStruct): Use a negative number.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 08:57:01 -06:00
Eric Blake
f1088c8177 tests: avoid too-large constants
Compiling with gcc 4.1.2 (RHEL 5) on a 32-bit platform complains:

virdbustest.c: In function 'testMessageSimple':
virdbustest.c:61: warning: integer constant is too large for 'long' type
virdbustest.c:62: warning: integer constant is too large for 'long' type
virdbustest.c: In function 'testMessageArray':
virdbustest.c:183: warning: this decimal constant is unsigned only in ISO C90
virdbustest.c: In function 'testMessageStruct':
virdbustest.c:239: warning: integer constant is too large for 'long' type
virdbustest.c:240: warning: integer constant is too large for 'long' type

* tests/virdbustest.c (testMessageSiple, testMessageArray)
(testMessageStruct): Don't violate C89 constant constraints.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-09 07:46:18 -06:00
Daniel P. Berrange
eaa99a17db Fix parallel runs of TLS test suites
Use a separate keyfile name for the two TLS test suites so that
they don't clash when running tests in parallel

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-09 11:54:41 +01:00
Eric Blake
edfae3dccf tests: work with older dbus
On RHEL 5, with dbus 1.1.2, compilation failed with:

virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block':
virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial'

Fix this by instead bypassing all attempts to use a dbus serial.

* tests/virsystemdmock.c (dbus_message_set_reply_serial): Add new
override.
(dbus_connection_send_with_reply_and_block): No longer bother with
the serial.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-08 16:33:55 -06:00
Daniel P. Berrange
31d41d9268 Fix validation of CA certificate chains
The code added to validate CA certificates did not take into
account the possibility that the cacert.pem file can contain
multiple (concatenated) cert data blocks. Extend the code for
loading CA certs to use the gnutls APIs for loading cert lists.
Add test cases to check that multi-level trees of certs will
validate correctly.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 10:44:28 +01:00
Daniel P. Berrange
b93bd78ed3 Change data passed into TLS test cases
Currently a 'struct testTLSCertReq' instance is passed into
the TLS test cases. This is not flexible enough to cope with
certificate chains, where one file now corresponds to multiple
certificates. Change the test cases so that we pass in filenames
instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 10:02:12 +01:00
Daniel P. Berrange
90811c5987 Avoid re-generating certs every time
Currently every test case in the TLS test suite generates the
certs fresh. This is a waste of time, since its parameters
don't change across test cases. Create certs once in main
method.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-08-08 10:00:42 +01:00