IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Rely on the Python 3 sorting facilities to sort the mount points using
a key based on the length of the mount point, doing the same effect as
the old compare function.
As side change required by this, enable python_return_dict on the
GuestFS handle, so we get proper hashes instead of lists. This requires
libguestfs 1.22, which is 6 years old by now (and other virt-manager
requires are way more recent than that).
Reviewed-by: Cole Robinson <crobinso@redhat.com>
This block only catches failures in g.inspect_get_mountpoints(), as the
g.mount_ro() calls are already within own try/catch blocks. Considering
that:
- g.inspect_get_mountpoints() is a simple API to query one of the
results of the inspection, it is very unlikely that it fails
- the whole _inspect_vm function (that contains the inspection code) is
already run within an own try/catch block, so even a failure in
g.inspect_get_mountpoints() will not crash virt-manager
then just remove this extra try/catch block.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
We pretty much require a referenced storage pool to be running if
it's intended to be used as a virt-install or virt-manager requested
disk. So add a helper to start a pool if needed and optionally refresh
it
Return the generated virtinst device up through the call chain.
Makes the flow a lot more sensible, and will be needed for separating
device building from extra UI validation/prompting
The original code created a new list which had True/False items. The
only case where the returned value would be False is for empty list
which never happens in real environment.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
For CPU modes other then "custom" there is no model so we should not
check the suffix of model name.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
VM configured with mode="host-model" will have the CPU definition
expanded once the VM is started. Libvirt will try to use the closest
CPU model with some features enabled/disabled.
The issue is that there are some models that include spec-ctrl or ibpb
features and they will not appear in the explicit list of features and
virt-manager will not correctly detect if all security features are
enabled or not. As a workaround we can check the suffix of CPU model to
figure out which security features are enabled by the model itself.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Given that we bumped deps to fairly modern distros with the
python3 change, I think this is safe. gtk 3.22 is from sep 2016, it's
in debian9 and fedora 25+, which seems fine for our needs.
If USB support is available, we can use USB input devices too.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Unlike other features we have enabled earlier, this one requires
version checks because RISC-V guests have only started using PCI
by default very recently, and we can't have USB without PCI.
More specifically, we need QEMU commit d6c1bd4a2237 (included
in 4.0.0) and libvirt commit 7c48fb08e0cd (included in 5.3.0).
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
QXL, on the other hand, is still x86-only for some reason.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
The default machine at the QEMU level is spike_v1.10, but most
people will really want to use the virt machine type instead.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
These test cases mirror thoses we already have for all other
architectures.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
RISC-V doesn't support KVM yet, so we are forced to use TCG
on x86 until that's working.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
By default we copy CPU security features to the guest if specific CPU
model is selected. However, this may break migration and will affect
performance of the guest. This adds an option to disable this default
behavior.
The checkbox is clickable only on x86 and only on host where we can
detect any CPU security features, otherwise a tooltip is set to notify
users that there is nothing to copy.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
We will call this function multiple times so it makes sense to cache the
result so we don't have to call libvirt APIs every time we will check
what security features are available on the host.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This will allow users to override the default behavior of virt-install
which copies CPU security features available on the host to the guest
XML if specific CPU model is configured.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
These features are only recommended to be enabled since they improve
performance of the VMs if security features are enabled.
pcid is a very useful perf feature, but missing in some silicon
so not portable.
pdpe1gb lets the guest use 1 GB pages which is good for perf
but again not all silicon can do it.
amd-ssbd is a security feature which fixes the same SSBD flaws as the
virt-ssbd feature does. virt-ssbd is usable across all CPU models
affected by SSBD, while amd-ssbd is only available in very new silicon.
So virt-ssbd is the bette rchoice.
amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
critical to expose. I expect a future named CPU model will include that
where appropriate.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
systemd in fedora30 has some new security restriction about non-root
owned directories. Initrd inject would tickle this because the cpio
archive would cause the root dir in the initrd to be owned by the
uid that launched virt-install.
Pass --owner=+0:+0 to cpio to force root ownership
Suggested-by: James Szinger <jszinger@gmail.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1686464
The Windows unattended installation is quite similar to the Linux one
with a few major differences:
- It uses floppy injection instead of initrd injection
- Yes, it does. Then we have to create a floppy, add the device and,
when finishing the installation, remove the device;
- There's no InstallerTreeMedia in the game making us end up duplicating
some code in the Installer class as:
- keeping track of files that have to be cleanup up;
- actually cleaning up the files;
- generating the install script
Apart from that, some obvious differences in the scripts where already
done in a previous commit, but those were basically:
- Not using /dev/*da as a target disk, but use "C" instead;
- Set the product-key
- Explicitly set the injection method as "floppy"
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Let's add unattended data to the Installer class as it's going to be
used whenever a Windows unattended installation is performed.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
