1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-25 01:34:11 +03:00
Commit Graph

2919 Commits

Author SHA1 Message Date
John Ferlan
a1344f70a1 qemu: Utilize qemu secret objects for RBD auth/secret
https://bugzilla.redhat.com/show_bug.cgi?id=1182074

If they're available and we need to pass secrets to qemu, then use the
qemu domain secret object in order to pass the secrets for RBD volumes
instead of passing the base64 encoded secret on the command line.

The goal is to make AES secrets the default and have no user interaction
required in order to allow using the AES mechanism. If the mechanism
is not available, then fall back to the current plain mechanism using
a base64 encoded secret.

New APIs:

qemu_domain.c:
  qemuDomainGetSecretAESAlias:
    Generate/return the secret object alias for an AES Secret Info type.
    This will be called from qemuDomainSecretAESSetup.

  qemuDomainSecretAESSetup: (private)
    This API handles the details of the generation of the AES secret
    and saves the pieces that need to be passed to qemu in order for
    the secret to be decrypted. The encrypted secret based upon the
    domain master key, an initialization vector (16 byte random value),
    and the stored secret. Finally, the requirement from qemu is the IV
    and encrypted secret are to be base64 encoded.

qemu_command.c:
  qemuBuildSecretInfoProps: (private)
    Generate/return a JSON properties object for the AES secret to
    be used by both the command building and eventually the hotplug
    code in order to add the secret object. Code was designed so that
    in the future perhaps hotplug could use it if it made sense.

  qemuBuildObjectSecretCommandLine (private)
    Generate and add to the command line the -object secret for the
    secret. This will be required for the subsequent RBD reference
    to the object.

  qemuBuildDiskSecinfoCommandLine (private)
    Handle adding the AES secret object.

Adjustments:

qemu_domain.c:
  The qemuDomainSecretSetup was altered to call either the AES or Plain
  Setup functions based upon whether AES secrets are possible (we have
  the encryption API) or not, we have secrets, and of course if the
  protocol source is RBD.

qemu_command.c:
  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
  specific command options for an AES secret, such as:

    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
            format=base64
    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
           mon_host=mon1.example.org\:6321,password-secret=$alias,...

  where the 'id=' value is the secret object alias generated by
  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
  is the master key shared with qemu, and the -drive syntax will
  reference that alias as the 'password-secret'. For the -drive
  syntax, the 'id=myname' is kept to define the username, while the
  'key=$base64 encoded secret' is removed.

  While according to the syntax described for qemu commit '60390a21'
  or as seen in the email archive:

    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

  it is possible to pass a plaintext password via a file, the qemu
  commit 'ac1d8878' describes the more feature rich 'keyid=' option
  based upon the shared masterKey.

Add tests for checking/comparing output.

NB: For hotplug, since the hotplug code doesn't add command line
    arguments, passing the encoded secret directly to the monitor
    will suffice.
2016-05-20 11:09:05 -04:00
Peter Krempa
f0469c61e3 tests: Allow multiple mock libraries
Make virtTestMain take variable number of libraries to mock.
2016-05-20 11:09:05 -04:00
John Ferlan
1ce9c08ab3 util: Introduce encryption APIs
Introduce virCryptoHaveCipher and virCryptoEncryptData to handle
performing encryption.

 virCryptoHaveCipher:
   Boolean function to determine whether the requested cipher algorithm
   is available. It's expected this API will be called prior to
   virCryptoEncryptdata. It will return true/false.

 virCryptoEncryptData:
   Based on the requested cipher type, call the specific encryption
   API to encrypt the data.

Currently the only algorithm support is the AES 256 CBC encryption.

Adjust tests for the API's
2016-05-20 11:09:01 -04:00
John Ferlan
6a3f4121a5 tests: Add mock for virRandomBytes
Create a mock for virRandomBytes to generate a not so random value.
This should be usable by other tests that need a not so random number
to be generated by including the virrandommock at preload.

The "random number" generated is based upon the size of the expected
stream of bytes being returned where each byte in the result gets
the index of the array - hence a 4 byte array returns 0x00010203.
2016-05-20 09:36:28 -04:00
Nishith Shah
701b0f1867 qemu: parse: Handle suffixes for -m memory
According to QEMU docs, the '-m' option for specifying RAM is by default
in MiB, and a suffix of "M" or "G" may be passed for values in MiB and
GiB respectively. This commit adds support and a test for the same.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=812295

Signed-off-by: Nishith Shah <nishithshah.2211@gmail.com>
2016-05-20 08:46:39 -04:00
Pavel Hrdina
858d7b6cf0 qemu_command: move sasl parameter after port and addr definition
This is required for following patches where new listen types will be
introduced.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:14:36 +02:00
Pavel Hrdina
2faa13560c tests: cleanup vnc auto socket test
Commit 55320c23 introduced a new test for VNC to test if
vnc_auto_unix_socket is set in qemu.conf, but forget to enable it in
qemuxml2argvtest.c.

This patch also moves the code in qemuxml2xmltest.c next to other VNC
tests and refactor the test so we also check the case for parsing active
XML.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:05:55 +02:00
Pavel Hrdina
ed7683f4d6 qemu_domain: add a empty listen type address if we remove socket for VNC
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-20 10:05:55 +02:00
Jiri Denemark
3a7cd180a5 cpu_x86: Use array of features in CPU map
There's no reason for keeping the features in a linked list. Especially
when we know upfront the total number of features we are loading.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-20 09:18:56 +02:00
Ján Tomko
936b86528d Remove DISK_BUS_XEN support from qemuBuildDiskDriveCommandLine
We have stopped supporting Xenner some time ago.
2016-05-20 09:02:08 +02:00
Cole Robinson
ee814d0ec4 tests: nodeinfotest: Remove virSaveLastError() usage
It's overkill here, we can use virGetLast* instead
2016-05-19 15:25:10 -04:00
Jovanka Gulicoska
c66150eca1 tests: More usage of virGetLastErrorMessage()
Use virGetLastErrorMessage() instead of virGetLastError() in tests
2016-05-19 15:17:03 -04:00
Michal Privoznik
ee7e99feb3 tests: Add forgotten backslash
While introducing virtestmock.la, I've forgotten to add '\' at
the end of one line leaving our Makefile.am mangled. Fortunately,
the only thing that comes after is '$(NULL)' so nothing is
terribly broken.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-19 18:50:52 +02:00
Cole Robinson
20a0fa8eb2 qemu: address: Remove QEMU_CAPS_DEVICE usage
All qemu versions we support have QEMU_CAPS_DEVICE, so checking
for it is redundant. Remove the usage.

The code diff isn't clear, but all that code is just inindented
with no other change.

Test cases that hit qemuDomainAssignAddresses but don't have
infrastructure for specifying qemuCaps values see lots of
churn, since now PCI addresses are in the XML output.
2016-05-18 14:33:58 -04:00
Cole Robinson
19cab36a2f tests: qemuargv2xmltest: Drop disk for s390 aes tests
Upcoming patches are going to make the disk portion of these
test cases fail. In order to make it work, we would need to
extend the qemuargv2xml test infrastructure to handle qemuCaps.
This is worthwhile to do at some point but isn't critical.

Instead just drop the offending portion, which isn't even the
target of the test cases anyways
2016-05-18 14:33:58 -04:00
Cole Robinson
5d7314bbcf qemu: Assign device addresses in PostParse
This wires up qemuDomainAssignAddresses into the new
virDomainDefAssignAddressesCallback, so it's always triggered
via virDomainDefPostParse. We are essentially doing this already
with open coded calls sprinkled about.

qemu argv parse output changes slightly since previously it wasn't
hitting qemuDomainAssignAddresses.
2016-05-18 14:33:58 -04:00
Pavel Hrdina
919d0b368e Revert "qemu_hotplug: fix checking graphics ports"
This reverts commit 1ccc7fbff3.

We cannot check ports if autoport is set because we set ports to 0 while
parsing device XML.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1336134

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-18 17:16:56 +02:00
John Ferlan
027986f5bf iscsi: Remove initiatoriqn from virISCSIScanTargets
No longer necessary to have it, so remove it.
2016-05-18 08:29:24 -04:00
Fritz Elfert
56057900dc util: Remove disabling of autologin for iscsi-targets
https://bugzilla.redhat.com/show_bug.cgi?id=1331552

Instead of disabling auto-login of all scsi targets (even those
that do not "belong" to libvirt), use iscsiadm's "--op nonpersistent"
during discovery of iSCSI targets (e.g. "iscsiadm --mode discovery
--type sendtargets") in order to avoid the node database being altered
which led to the need for the "large hammer" approach taken by
commit id '3c12b654'.

This commit removes the virISCSITargetAutologin adjustment (eg. the setting
of node.startup to "manual"). The iscsiadm command has supported this mode
of operation as of commit id 'ad873767' to open-iscsi.
2016-05-18 08:29:24 -04:00
Andrea Bolognani
f6ececa68d tests: Try different usable GIC versions
The only case where the hardware capabilities influence the result
is when no <gic/> element was provided.

The test programs now ensure both that the correct GIC version is
picked in that case, and that hardware capabilities are not taken
into account when the user has already picked a GIC version.
2016-05-18 11:27:56 +02:00
Andrea Bolognani
63bc91eea0 tests: Prepare to have different usable GIC versions
Now that we choose the GIC version based on hardware features when
no <gic/> element has been provided, we need a way to fake the GIC
capabilities of the host.

Update the qemuxml2argv and qemuxml2xml tests to allow this.
2016-05-18 11:27:56 +02:00
Chunyan Liu
c4111209b8 xlconfigtest: add test case for type=vif in xl format
Signed-off-by: Chunyan Liu <cyliu@suse.com>
2016-05-17 14:09:11 -06:00
Pavel Hrdina
b33c14b342 graphics: make address attribute for listen type='address' optional
We support omitting listen attribute of graphics element so we should
also support omitting address attribute of listen element.  This patch
also updates libvirt to always add a listen element into domain XML
except for VNC graphics if socket attribute is specified.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-17 10:41:45 +02:00
Pavel Hrdina
360cbf6f83 graphics: don't parse listens if socket attribute is present
If socket attribute is present we start VNC that listens only on that
unix socket.  This makes the parser behave the same way as we actually
use the socket attribute.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-17 10:41:45 +02:00
Andrea Bolognani
0e8a72a5ef qemu: Drop QEMU_CAPS_VIRTIO_BLK_SG_IO
The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway
2016-05-17 00:01:45 +02:00
Andrea Bolognani
859743c27c qemu: Drop QEMU_CAPS_CPU_HOST
The only QEMU versions that don't have such capability are <0.11,
which we no longer support anyway
2016-05-17 00:01:45 +02:00
Andrea Bolognani
8531b85ba6 qemu: Drop QEMU_CAPS_PCI_ROMBAR
The only QEMU versions that don't have such capability are <0.12,
which we no longer support anyway.

Additionally, this solves the issue of some QEMU binaries being
reported as not having such capability just because they lacked
the {kvm-}pci-assign QMP object.
2016-05-17 00:01:45 +02:00
Cole Robinson
e3a6859019 qemu: command: Use -name guest= if available
-name guest= is the explicit parameter for passing a VM name. Using
it is required to allow a VM with an '=' in the name

https://bugzilla.redhat.com/show_bug.cgi?id=1276485
2016-05-16 10:30:38 -04:00
Cole Robinson
7dbbc0ca07 qemu: command: escape commas in chardev socket path
After this, a default virt-manager VM will startup with a comma
in the VM name:

https://bugzilla.redhat.com/show_bug.cgi?id=639926
2016-05-16 10:30:38 -04:00
Cole Robinson
077ba95677 qemu: command: escape commas in VNC socket path
This path can be dependent on the VM libdir, which contains its name
2016-05-16 10:30:38 -04:00
Cole Robinson
3153ac08c9 qemu: command: escape commas in secret master path
Need to convert the local function to virBuffer usage, so we
can use qemuBufferEscapeComma
2016-05-16 10:30:38 -04:00
Cole Robinson
0f377eb1b0 qemu: command: escape commas in VM name
This isn't sufficient on its own, since the VM name is used for things
like monitor paths, which we don't escape yet
2016-05-16 10:30:38 -04:00
Peter Krempa
eb2116fd9a util: alloc: Introduce freeing helpers that clear the memory before freeing
For a few cases where we handle secret information it's good to clear
the buffers containing sensitive data before freeing them.

Introduce VIR_DISPOSE, VIR_DISPOSE_N and VIR_DISPOSE_STRING that allow
simple clearing fo the buffers holding sensitive information on cleanup
paths.
2016-05-16 12:58:48 +02:00
Jiri Denemark
ced1e846a0 capabilities: Advertise cpuselection if -cpu host is usable
When -cpu host is supported by a QEMU binary, a user can use
<cpu mode='host-passthrough'/> in domain XML even when libvirtd failed
to find a matching model for the host CPU. Let's make it obvious by
advertising <cpuselection/> guest capability whenever -cpu host is
supported.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 10:42:28 +02:00
Jiri Denemark
1522503189 qemuaincapstest: Give better names to test data files
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 10:37:29 +02:00
Jiri Denemark
9ac9b039c4 domaincapstest: Give better names to test data files
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 10:37:29 +02:00
Jiri Denemark
8ba37e7a6e domaincapstest: Use arch strings
They are shorter and most of the code requires the strings anyway.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2016-05-16 10:37:29 +02:00
Michal Privoznik
4b3a46ca6a tests: Introduce check-file-access.pl
This script will check output generated by virtestmock against a
white list. All non matching records found are printed out. So
far, the white list is rather sparse at the moment.
This test should be ran only after all other tests finished, and
should cleanup the temporary file before their execution. Because
I'm unable to reflect these requirements in Makefile.am
correctly, I've introduced new target 'check-access' under which
this test is available.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:46:44 +02:00
Michal Privoznik
6326865e6b virtestmock: Print invalid file accesses into a file
All the accesses to files outside our build or source directories
are now identified and appended into a file for later processing.
The location of the file that contains all the records can be
controlled via VIR_TEST_FILE_ACCESS env variable and defaults to
abs_builddir "/test_file_access.txt".

The script that will process the access file is to be added in
next commit.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:46:23 +02:00
Michal Privoznik
47d2dc831a tests: Introduce global mock library
The intent is that this library is going to be called every time
to check if we are not touching anything outside srcdir or
builddir.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:30:25 +02:00
Michal Privoznik
86d1705a8a virmock.h: Introduce VIR_MOCK_CALL_STAT
There is some magic going on when it comes to stat() or lstat().
Basically, stat() can either be a regular function, an inline
function that calls __xstat(_STAT_VER, ...) or a macro that does
the same as the inline func. Don't ask why is that, just read the
documentation in sys/stat.h and make sure you have a bucket next
to you. Anyway, currently there will not be both stat and __xstat
symbols at the same time, as one of them gets overwritten to the
other one during compilation. But this is not true anymore once
we start chaining our mocking libraries. Therefore we need a
wrapper that calls desired function from glibc.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:25:56 +02:00
Michal Privoznik
a1ffedc682 securityselinuxhelper: Adapt to virmock.h
Instead of introducing our own wrapper for dlsym()
we can use the one provided by virmock.h.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:22:12 +02:00
Michal Privoznik
ca88c0e7b2 nssmock: Adapt to virmock.h
Instead of introducing our own wrapper for dlsym()
we can use the one provided by virmock.h.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:19:51 +02:00
Michal Privoznik
d16b7a8853 vircgroupmock: Adapt to virmock.h
Instead of introducing our own wrapper for dlsym()
we can use the one provided by virmock.h.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:18:14 +02:00
Michal Privoznik
57c484dbac virpcimock: Adapt to virmock.h
Instead of introducing our own wrapper for dlsym()
we can use the one provided by virmock.h.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-14 09:10:40 +02:00
Jim Fehlig
b90c4b5f50 xlconfigtests: use qemu-xen in all test data files
Some of the test configuration files in tests/xlconfigdata
use the old qemu-dm as the emulator. Many of the configuration
features tested (spice, rbd, multi-usb) are not even usable with
the old qemu. Change these files to use the new qemu-xen (also
known as qemu upstream) emulator.

Note: This change fixes xlconfigtest failures when the old
qemu is actually installed on the system. During device post
parse, the libxl driver attempts to invoke the emulator to
determine if it is the old or new qemu so it can properly set
video RAM defaults. With the old qemu installed, the default
video RAM was set differently than the expected value.
Changing all the test data files to use qemu-xen ensures
predictable results wrt default video RAM size.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2016-05-13 10:08:34 -06:00
Ján Tomko
96b21fb0ec Fix tests to include video ram size
My commit 3e42867 started filling out the video size in post-parse,
but did not adjust the tests.
2016-05-12 14:32:17 +02:00
Laine Stump
e5aecc2f80 conf: log error when incorrect PCI root controller is added to domain
libvirt may automatically add a pci-root or pcie-root controller to a
domain, depending on the arch/machinetype, and it hopefully always
makes the right decision about which to add (since in all cases these
controllers are an implicit part of the virtual machine).

But it's always possible that someone will create a config that
explicitly supplies the wrong type of PCI controller for the selected
machinetype. In the past that would lead to an error later when
libvirt was trying to assign addresses to other devices, for example:

  XML error: PCI bus is not compatible with the device at
  0000:00:02.0. Device requires a PCI Express slot, which is not
  provided by bus 0000:00

(that's the error message that appears if you replace the pcie-root
controller in a Q35 domain with a pci-root controller).

This patch adds a check at the same place that the implicit
controllers are added (to ensure that the same logic is used to check
which type of pci root is correct). If a pci controller with index='0'
is already present, we verify that it is of the model that we would
have otherwise added automatically; if not, an error is logged:

  The PCI controller with index='0' must be " model='pcie-root' for
  this machine type, " but model='pci-root' was found instead.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004602
2016-05-10 17:03:24 -04:00
Michal Privoznik
cd25acba26 seclabeltest: Update to use VIRT_TEST_MAIN
Our tests should use either VIRT_TEST_MAIN() or
VIRT_TEST_MAIN_PRELOAD() macros which create main() function and
call the passed callback subsequently. This is important because
the wrapper which calls the callback eventually does important
stuff like setting logging based on env variables and such.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-10 17:16:11 +02:00
Pavel Hrdina
1ccc7fbff3 qemu_hotplug: fix checking graphics ports
We cannot change ports for running domain and we should error out if
autoport is enabled.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2016-05-10 10:44:46 +02:00