1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00
Commit Graph

4510 Commits

Author SHA1 Message Date
Or Ozeri
5589a3e1f3 qemu: add luks-any encryption support for RBD images
The newly added luks-any rbd encryption format in qemu
allows for opening both LUKS and LUKS2 encryption formats.
This commit enables libvirt uses to use this wildcard format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00
Or Ozeri
77c9663d72 qemu: add support for librbd layered encryption
This commit enables libvirt users to use layered encryption
of RBD images, using the librbd encryption engine.
This allows opening of an encrypted cloned image
whose parent is encrypted with a possibly different encryption key.
To open such images, multiple encryption secrets are expected
to be defined under the encryption XML tag.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-03-16 15:19:36 +01:00
Ján Tomko
3916df52a4 docs: clarify --timeout description for virtsecretd
As of commit 9e3cc0ff5 the virtsecretd daemon does not timeout
while it keeps any ephemeral secrets.

https://bugzilla.redhat.com/show_bug.cgi?id=2035985

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 17:23:18 +01:00
Ján Tomko
f65c9d83ab docs: clarify --timeout description for split daemons
Remove the reference to "running domains" for daemons that happily
exit while domains are running.

https://bugzilla.redhat.com/show_bug.cgi?id=2035985

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 17:23:18 +01:00
Michal Privoznik
c4b176567b docs: Document memory allocation and emulator pinning limitation
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-15 12:47:09 +01:00
Peter Krempa
2e9330ad45 docs: downloads: Point to pkg.go.dev for go module releases
Currently the 'Releases' column pointed to the generic page about the
specific go module. Change the link to point to the respective
pkg.go.dev page for the module.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
164c9c5432 docs: downloads: Don't mention releases directory of libvirt-csharp
The releases directory is empty. Don't advertise it on our downloads
page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
5f39c892de docs: downloads: Drop link to sources of 'consoleproxy'
The directory doesn't exist. The project also doesn't have any releases
on gitlab so there's nothing to replace it with.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
d2d26e98d6 docs: downloads: Replace 'libvirt.org/sources' by 'download.libvirt.org'
We split off the downloads into a new subdomain. Link directly to it
instead of relying on redirects.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
0235ef4a0f docs: java: Clean up links to source code
- drop the link to the FTP server which doesn't exist any more
 - change links to libvirt.org/source to download.libvirt.org
 - change link to the maven repository to point to download.libvirt.org
 - change link to javadoc to the documentation generated via gitlab job
   in the libvirt-java project

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-03-14 15:42:36 +01:00
Peter Krempa
c434a7e48f docs: Fix searching in the wiki
Conversion of the wiki to static pages means that the integrated search
no longer functions. Use the same approach we have for other search to
simply defer to google.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-13 17:11:17 +01:00
Christian Nautze
a9a4421ba8 qemu: implement QEMU NBD source reconnect delay attribute
Currently it's only possible to set this parameter during domain
creation via QEMU commandline passthrough feature.
With the new delay attribute it's also possible to set this
parameter if you want to attach a new NBD disk
using "virsh attach-device domain device.xml" e.g.:

  <disk type='network' device='disk'>
    <driver name='qemu' type='raw'/>
    <source protocol='nbd' name='foo'>
      <host name='example.org' port='6000'/>
      <reconnect delay='10'/>
    </source>
    <target dev='vdb' bus='virtio'/>
  </disk>

Signed-off-by: Christian Nautze <christian.nautze@exoscale.ch>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-10 09:38:05 +01:00
Tim Wiederhake
bc77182ea4 Fix some typos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
2023-03-09 14:09:16 +01:00
Jonathon Jongsma
96d43ab285 conf: add support for 'blob' in virtio video device
Add the ability to enable blob resources for the virtio video device.
This will accelerate the display path due to less or no copying of pixel
data.

Blob resource support can be enabled with e.g.:

    <video>
      <model type='virtio' blob='on'/>
    </video>

Some additional background information about blob resources:
https://lists.freedesktop.org/archives/dri-devel/2020-August/275972.html
https://www.kraxel.org/blog/2021/05/virtio-gpu-qemu-graphics-update/

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2032406

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-08 13:05:05 -06:00
Peter Krempa
474d625b86 docs|access: Don't build the ACL flags into a separate XML
Since we now build it into the libvirt-api.xml or equivalents we don't
need the extra XML files.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
15be6660b3 docs/newapi.xsl: Take API flag data from libvirt-api.xml rather than access/libvirt-access.xml
Since now we embed the data in the libvirt API we don't need to source
it from the extra document.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Peter Krempa
69615c91c8 scripts/apibuild: Extract and format API ACLs
As an additional step before processing the API parse the protocol file
and extract all ACL definitions. This way we can distribute them for any
user of the libvirt API XML files. We will be also able to avoid another
call to gendispatch, which generates all this data into a standalone
XML.

The remote procedure to API name is inspired by what rpcgen does.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-03-06 13:09:16 +01:00
Michal Privoznik
928e741172 src: Document virDomainInterfaceStats() limitation
For unmanaged ethernet <interface/>, it is user's responsibility
to set up the interface. And as such it can be just anything.
Therefore, it's (almost) impossible for the
virDomainInterfaceStats() API to tell whether RX/TX values need
to be swapped or copied verbatim into the return structure.
Document this limitation.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-06 12:20:35 +01:00
Andrea Bolognani
a50fb7dada docs: Document firmware format attribute
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:52:37 +01:00
Andrea Bolognani
f3d0857f2e docs: Fix documentation for loader.stateless attribute
It works exactly the other way around.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-03-03 13:40:09 +01:00
Peter Krempa
590a6c1b78 kbase: virtiofs: Add a note that virtiofs is not migratable
Note that certain operations will not work.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/452
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-03-01 11:57:37 +01:00
Daniel P. Berrangé
9541ce080a docs/kbase: fix example for SEV validation
The offline validation example needs to include the firmware path,
and is also missing line continuation markers.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:49 +00:00
Daniel P. Berrangé
4d3b2d77d0 docs: refer to --firmware instead of --loader
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Kristina Hanicova
c98e49f82e docs: document panic device 'pvpanic-pci'
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-02-21 17:51:30 +01:00
Martin Kletzander
a834735898 docs: Convert 404 page to rST
There is no markup equivalent for any of the <s/> or <del/> HTML tags, so this
is the only thing I came up with and it looks like it works.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-02-21 10:58:59 +01:00
Andrea Bolognani
5af19e530e docs: Recommend better python3 shebang
Python scripts should always invoked the interpreter through
env(1) to ensure that they work on macOS and the BSDs, and at
this point not explicitly asking for Python 3 doesn't really
make sense.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-02-20 18:33:01 +01:00
Peter Krempa
91d890bdce docs/html: Properly generate ACL permissions into API reference
The 'newapi.xsl' stylesheet was referencing non-existing paths to the
XML files holding ACL permission flags for individual APIs. Additionally
the 'document()' XSL function doesn't even allow concatenation of the
path as it was done via '{$builddir}/src..', but requires either direct
argument or use of the 'concat()' function.

This meant that the 'acls' variable was always empty and thus none of
our API documentation was actually generated with the 'acl' section.

Fix it by passing the path to the XML via an argument to the stylesheet
as the files differ based on which document is being generated.

Since the 'admin' API does not have ACL we need to handle it separately
now in the build system.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 18:26:53 +01:00
Peter Krempa
ecca805336 docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-20 09:22:51 +01:00
Peter Krempa
0e3970bf9b docs: logos: Turn 'README' into rST, generate an index and link to images
The logo directory wasn't really referenced from anywhere. Additionally
there wasn't any reasonable index for all the image files which we have.

Turn the README file into rST and display the images it references. Link
to the new index file from the docs page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
e886274234 kbase: eventloop: Fix path to referenced images
The images are referenced from '../images/' but the document is two
layers deep thus '../../images' needs to be used

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
5f3a897b93 docs: Add sub-page for all golang modules
Our documentation has pages for 4 go modules, 2 current and 2 obsolete
ones, but points only to one of them and directly to golang's docs page.

Add a sub-page where all 4 sub-pages for the modules are linked.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
f3e44016fa docs: manpages: Add missing manpages to index
The manpages for 'virt-pki-query-dn', 'virt-qemu-qmp-proxy' and
'virt-ssh-helper.rst' were not referenced from the manpage index or any
other place.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
70211d7368 scripts: check-html-references: Rename --prefix to --webroot and make it mandatory
Force users to pass the path to the root of the webpage the script
should check. The script lives in a different subdirectory so the
default of the current directory doesn't make much sense.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Peter Krempa
65edcfd68f docs: XSL: Add source document name as custom data attribute for <html>
The html standard allows custom data attributes on any element in the
format of 'data-*' which are not interpreted. We can use it to embed the
name of the source document used to generate the page so that our
checker tools can use the friendly name.

https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-15 12:38:45 +01:00
Jim Fehlig
8eb54255ec docs: Fix examples in virt-qemu-sev-validate man page
Some of the examples refer to virt-dom-sev-validate. Replace them with
the proper name.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-03 11:28:27 -07:00
Martin Kletzander
2fa92efe9b Document change to multiple watchdogs
With the reasoning behind it.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-26 16:40:30 +01:00
zhenwei pi
71fa94302a capabilities: introduce crypto device
Changes in this commit:
- docs: formatdomaincaps.rst
- conf: crypto related domain caps
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:47 +01:00
zhenwei pi
7ba22d21a1 conf: introduce crypto device
Introduce crypto device like:

  <crypto model='virtio' type='qemu'>
    <backend model='builtin' queues='1'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
  </crypto>

  <crypto model='virtio' type='qemu'>
    <backend model='lkcf'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
  </crypto>

Currently, crypto model supports virtio only, type supports qemu only
(vhost-user in the plan). For the qemu type, backend supports modle
builtin/lkcf, and the queues is optional.

Changes in this commit:
- docs: formatdomain.rst
- schemas: domaincommon.rng
- conf: crypto related domain conf
- qemu: crypto related
- tests: crypto related test

Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2023-01-25 16:00:42 +01:00
Michal Privoznik
aad22bea70 vbox: Drop support for virtualbox-6.0.0
According to VirtualBox download page [1], the 6.0.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:07 +01:00
Michal Privoznik
445549af07 vbox: Drop support for virtualbox-5.2.0
According to VirtualBox download page [1], the 5.2.0 release is
no longer supported (the support ended 2020/07). Drop it from
Libvirt too.

1: https://www.virtualbox.org/wiki/Download_Old_Builds

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-24 10:24:05 +01:00
Laine Stump
7b5777afcb docs: fix passt example
Somehow the example I neglected to fully update the example for the
interface passt backend when the design changed during
development. This fixes the example to reflect what is in the code.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-23 11:43:32 -05:00
Ján Tomko
57b0678590 docs: submitting-patches: remove note about --patience
Since we don't really say how to send patches using this diff algorithm,
it only clutters the document about *submitting* patches.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:42 +01:00
Ján Tomko
0f4790840d docs: submitting-patches: Remove emphasis on not cc'ing developers
While some developers prefer to receive patches only on the mailing
list, cc'ing is a common practice in other projects.

Since it's easy enough to set up a mail filter for this, remove
the paragraph for simplicity.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2023-01-20 22:12:41 +01:00
Jim Fehlig
1f7d167b48 kbase: Update rpm-deployment.rst with new subpackages
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-18 11:06:13 -07:00
Jim Fehlig
33772e1fcc spec: Rename the libvirt-lock-sanlock subpackage
The new name "libvirt-daemon-plugin-sanlock" provides consistency with the
newly introduced "libvirt-daemon-plugin-lockd" subpackage.

It's also a good opportunity to taking ownership of
%{_libdir}/libvirt/lock-driver/, removing the need for a dependency on the
libvirt-daemon package.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-18 11:06:13 -07:00
Andrea Bolognani
35c5f091f5 docs: Fix typo
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
2023-01-17 16:49:44 +01:00
Pavel Hrdina
ead6e1b002 docs: document correct cpu shares limits with both cgroups v1 and v2
The limits are different with cgroups v1 and v2 but our XML
documentation and virsh manpage mentioned only cgroups v1 limits without
explicitly saying it only applies to cgroups v1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-17 10:58:07 +01:00
Laine Stump
3592b81c4c conf: remove <backend upstream='xxx'/> attribute
This attribute was added to support setting the --interface option for
passt, but in a post-push/pre-9.0-release review, danpb pointed out
that it would be better to use the existing <source dev='xxx'/>
attribute to set --interface rather than creating a new attribute (in
the wrong place). So we remove backend/upstream, and change the passt
commandline creation to grab the name for --interface from source/dev.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2023-01-13 10:02:05 +01:00
Han Han
f41d1a2e75 docs: drvqemu: Fix a typo
Fixes: a677ea928a
Signed-off-by: Han Han <hhan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2023-01-12 11:40:21 +01:00
Laine Stump
a8ee7ae301 conf: parse/format passt-related XML additions
This implements XML config to represent a subset of the features
supported by 'passt' (https://passt.top), which is an alternative
backend for emulated network devices that requires no elevated
privileges (similar to slirp, but "better").

Along with setting the backend to use passt (via <backend
type='passt'/> when the interface type='user'), we also support
passt's --log-file and --interface options (via the <backend>
subelement logFile and upstream attributes) and its --tcp-ports and
--udp-ports options (which selectively forward incoming connections to
the host on to the guest) via the new <portForward> subelement of
<interface>. Here is an example of the config for a network interface
that uses passt to connect:

    <interface type='user'>
      <mac address='52:54:00:a8:33:fc'/>
      <ip address='192.168.221.122' family='ipv4'/>
      <model type='virtio'/>
      <backend type='passt' logFile='/tmp/xyzzy.log' upstream='eth0'/>
      <portForward address='10.0.0.1' proto='tcp' dev='eth0'>
        <range start='2022' to='22'/>
        <range start='5000' end='5099' to='1000'/>
        <range start='5010' end='5029' exclude='yes'/>
      </portForward>
      <portForward proto='udp'>
        <range start='10101'/>
      </portForward>
    </interface>

In this case:

* the guest will be offered address 192.168.221.122 for its interface
  via DHCP

* the passt process will write all log messages to /tmp/xyzzy.log

* routes to the outside for the guest will be derived from the
  addresses and routes associated with the host interface "eth0".

* incoming tcp port 2022 to the host will be forwarded to port 22
  on the guest.

* incoming tcp ports 5000-5099 (with the exception of ports 5010-5029)
  to the host will be forwarded to port 1000-1099 on the guest.

* incoming udp packets on port 10101 will be forwarded (unchanged) to
  the guest.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2023-01-09 14:24:27 -05:00