Dominik Csapak [Wed, 1 Jun 2016 09:12:42 +0000 (11:12 +0200)]
fix #1010: whitelist options for permissions
instead of defaulting to VM.Config.Options for
all options not checked seperately, we
now have lists for the different config permissions
and check them accordingly.
for everything not given, we require root access
this is important especially for usbN and hostpciN
since they can change the host configuration
otherwise, long kvm commands lead to systemd unit files with
very long lines, with confuses the systemd unit file parser.
apparently systemd has a length limit for unit file lines and
(line-)breaks the description string at that point. since
the rest of the description is probably not a valid key/value
pair, this leads to warnings. the default semantics of systemd-run
is to use the executed command as description unless a description
is specified explicitly.
note that this behaviour of systemd could allow an attacker
with access to the VM configuration to craft a kvm commandline
that starts or stops arbitrary systemd units.
fix #971: don't activate shared storage in offline migration
instead, just print a warning if the connection check fails.
as long as the storage is online on the target node, the VM
will start fine after migration.
previously, we did not check the file parameter of a disk,
allowing passthrough of a block device (by design)
with the change to the json parser for the disks, the format
became 'pve-volume-id' which is only valid for our volume ids
(and later we also allowed the value 'none')
this patch alternatively checks if the parameter is a path
or 'cdrom'
The volume_size_info() call was what actually failed, but
the error reported to the gui came from afterwards trying to
resize the disk to a garabge size.
Fix #848: deactivate old volume after clone before deletion
Otherwise some move operations will fail to delete the old
disk (eg. when moving from ceph to local storage).
Note that in order for the deactivation to succeed we need
to make sure qemu has closed its file descriptors, so we
need to wait for the job to disappear the same way we do in
$cancel_job().
Factored the waiting out into $finish_job().
previously, when shutting down a suspended vm,
we successfully send the shutdown command to it,
but it will not shutdown (because it is suspended)
there we will run into the timeout and either
bail out with an error, or kill the process
when we not kill the process and resume the vm,
it will instantly shutdown, because of the previous
command
this patch checks the status of the vm beforehand,
and either bails out with an error that you cannot
shutdown a suspended vm, or stops the vm with the
correct qmp command (depending of forceStop)
Additionally since the cpu and host node list isn't
restricted to a single range one can now provide multipel
ranges separated by semicolons. (eg. cpus=0-3;5;7)
limit serial and model and document their real limits
The urlencoded format currently cannot check the real
decoded length, so we limit to an upper bound and document
the real limits. Ideally we'd introduce a decodedLength
schema parameter at some point...
Drop snapshot_create, snapshot_delete and snapshot_rollback
in favour of PVE::AbstractConfig. Qemu-specific parts are
implemented in __snapshot_XX methods in PVE::QemuConfig.
has_feature is made an implementation of the abstract
has_feature, and thus moves to PVE::QemuConfig.
Note: a new hook method needed to be introduced to be called
before creating a volume snapshot, after creating a volume
snapshot, and after unfreezing the guestfs after creating a
volume snapshot. The base method in PVE::AbstractConfig is a
noop, the implemention in PVE::QemuConfig runs the necessary
Qemu monitor commands.
Drop load_config, write_config, lock_config[_xx],
check_lock, check_protection, is_template and config_file
in favour of implementions in PVE::AbstractConfig.
Implement guest_type, __config_max_unused_disks,
config_file_lock and cfs_config_path from
PVE::AbstractConfig in PVE::QemuConfig.
these are modelled after the existing snapshot tests for LXC
and should serve as a baseline for refactoring the Qemu
snapshot code using PVE::AbstractConfig
Previously, foreach_drive iterated over all configuration
keys (in a random order) and checked whether the current key
is a valid drive name. Instead, we now iterate over a list
of valid drive names (with deterministic order) and check
whether a drive with such a name exists in the
configuration.
Also rename the two involved methods from valid_drive_name
to is_valid_drive_name (for the check) and from disknames
to valid_drive_names (for the list of valid keys), for
consistency. These two were only used in the qemu-server
code base.
Close #880: ability to show paused state via the CLI
qm list and qm status both show suspended VMs as 'running'
while the GUI's status summary shows them as 'paused'.
This patch makes 'qm status' always request the full status
and adds an optional '-full' parameter for 'qm list' to
use a full status query to include the 'paused' state. (This
is optional as it causes qmp requests to all running VMs.)
We hold a lock from snapshot_prepare until snapshot_commit,
so there is no need to copy back the snapshot config to the
actual config. This allows to drop a workaround for not
copying the 'machine' type config option.
We don't have any storage types other than LVM which react
to scsi inquiry, and we don't want to treat LVM as a scsi
device, so now we only query devices added as actual /dev
path. This was originally intended to be a pass-through
feature anyway, so this makes sense.
Thomas Lamprecht [Thu, 25 Feb 2016 13:47:16 +0000 (14:47 +0100)]
fix undefined value when starting a q35 machine VM
As there the signleton function "kvm_user_version" may not have been
called and with the machine alias q35 the regex from the
qemu_machine_feature_enabled method does not match and thus we
need a valid kvm version here
Dominik Csapak [Tue, 23 Feb 2016 11:43:51 +0000 (12:43 +0100)]
change check for write-zeros
instead of hardcoding the storagetypes for writing zeros on a
backup restore, we use volume_has_feature with 'sparseinit'
for determining if we can omit writing zeros