This is a second layer of protection, to make the behavior minimally
surprising for the user. The implementation of clock_* handlers follows
a precedence decision order in case of conflict, but that shouldn't be
relied on as the only layer of defense against bad configs.
Change the default behaviour when logging output from the console to a
file to ensure the file is pre-created and unless append is explicitly
set to true in the source config, truncate the file. Combined with
having the domain template default to enabling append, this causes
libvirt/qemu to not attempt to create the file and thus retains the
owner/group and permissions of the original file.
Relates-to: #1385
This change adds a configuration option for setting the NIC model type for
the management interface, which defaults to `virtio` (the current value)
The context for this change is that I was having severe speed issues
with `virtio` (which have now disappeared, probably after a QEMU update)
and the `e1000e` NIC was doing much better.
When setting the `model_type` of a network to something else than
`virtio`, the `iommu` parameter was still set for the device which isn't
allowed.
The if-statement for setting the parameter was looking at the default NIC
model type (in `@nic_model_type`) instead of final, configured value in `@model_type`.
With ruby3.2, URI.parse now sets empty host instead of nil via:
dd5118f852
Adjust test case so, also with ruby <= 3.1, forcely set empty string for host
when nil to make finalize_from_uri behavior consistent between different
host ruby versions.
Allow for iface_name to be set on public_network configurations to
control the name of the interface created by libvirt. This overrides the
default that would be created automatically, but cannot use a reserved
name as it will be ignored.
Closes: #799
Switch to configured networks helper in validate to ensure that that the
validation checks the final list of networks that will be used, not just
those initial configured.
This will help ensure the management network is validated in addition to
the user specified networks.
Better handle setting the autoport value when the port is explicitly set
to ensure that the XML sent to update the VM is correct and will be the
XML that is reflected in the defined machine.
By prioritizing checking if the port is provided, graphics_autoport =
"yes" is ignored.
Fixes: #1687
Ensure the acceptance tests are actually executed and resolve any issues
that have crept in since they were not running as expected.
Call the ResolveDiskSettings on reload to ensure that the start domain
action will have all of the necessary configuration for any additional
storage disks added.
Tidy up create domain output when disks are attached.
Fixes: #1678
Ensure forwarded ports are cleared on suspend and recreated on resume.
Included tests to exercise the entire up/start behaviour to ensure the
expected actions are called in various scenarios, moving config validate
to only occur at the entrypoints and dropping it from being called
during start. Also eliminate a duplicate SetupComplete call.
Fixes: #1115
This adds websocket functionality for VNC. The websocket attribute may
be used to specify the port to listen on (with -1 meaning
auto-allocation and autoport having no effect due to security reasons).
This patch allows to specify the virtio-mmio address type, which is
needed for debian guests on virt machines that don't support the PCI
address type.
See also
https://translatedcode.wordpress.com/2016/11/03/installing-debian-on-qemus-32-bit-arm-virt-board/
where it is explicitly said to use `virtio-blk-device` and
`virtio-net-device` instead of `virtio-blk-pci` and `virtio-net-pci`, for
that reason.
Apparently, libvirt will use the `virtio-blk-pci` and `virtio-net-pci`
by default. By setting address type to `virtio-mmio`, it uses
`virtio-blk-device` instead. It seems not necessary to do the same for
the network controller, since libvirt will also use `virtio-net-device`
if the disk address type is set to `virtio-mmio`.
While this should help with ARM machines, it won't solve all issues
as some machines will boot perfectly with the existing defaults
provided the correct loader binary is used.
Relates-to: #1608
During validation ensure that the default value for public network
devices is selected and shown on error if it's not one of the host
devices that are currently discovered.
Secure Encryption Virtualization is supported by libvirt and this
change adds support for vagrant-libvirt to enable it.
It requires a UEFI base box and needs a combination of options to be
configured for it to work.
Co-authored-by: PELLET Norman <norman.pellet@csem.ch>
Co-authored-by: MUNTANÉ CALVO Enric <emc@csem.ch>
Co-authored-by: Darragh Bailey <daragh.bailey@gmail.com>
Closes: #1372
Change driver list of networks returned to only be read-only when using
qemu session, to allow for VMs using the system context to be able to
restart any networks needed.
The CPU element to manage the mode, model, features (including nested),
is only available on some architectures. To allow this plugin to
generate XML valid for other architectures such as RISC-V, the CPU
element needs to be optional and only enabled when the architecture
specified supports it.
Include checks in the validation section to help prevent the setting of
an unsupported architecture with any of the CPU features that require
the CPU element to be available.
Fixes: #1538
Reject any 9p synced folders that the user does not have read access to
the host path where using qemu sessions. This is because the VM will
launched with the user permissions instead of system permissions and
will fail to come up if trying to add a path that is not readable to be
mounted into the guest.
Additionally flag that virtiofs may not be supported with qemu sessions,
but do not reject in case support is added in the future.
Fixes: #1430
To allow for a different ssh port to be used when connecting to a
machine for NFS setup, use the port provided in the ssh_info hash
with a fallback to the default ssh port.
This may allow NFS mounting into Windows guests once support is added to
vagrant itself to handle NFS installation.
Fixes: #1640
If the graphics type is set to spice, then skip setting the autoport as
the attribute will be discarded by libvirt causing it to appear as
though not all of the XML sent to start the domain was accepted.
Ensure the same filtering for networks supported by vagrant-libvirt is
done for both driver and util by moving to call the same function with
filtering.
This avoids calls for the list of host devices from failing to parse
some networks that are not supported.
Fixes: #599
If the network does not have a bridge name, ignore it and move onto the
next one. This allows for hostdev networks to exist without breaking.
Includes some rudimentary testing to exercise the lookup code along with
a small bit of refactoring based on the realisation that there is no
need to lookup the network information twice as it is available if the
list_all_networks API is used.
Fixes: #599
On some distros the libvirt does not appear to always return all of the
host interfaces. Switch to using 'ip -j link show' to read them directly
from the system in order to ensure all devices are read.
Refactor the driver tests to better isolate between test setup for the
different sets of functions and avoid accidental setting of
configuration details that may not be obvious.
Fixes: #1624
Reduce the number of other graphics settings that need to be adjusted
once the type has been set to spice by defaulting the remaining options
to ones better suited for spice, in addition to adding the required
channel automatically.
Fixes: #1482
Allow libvirt to start the domain before reading back the XML to
retrieve the port assigned automatically for subsequent graphics access
when autoport is enabled.
Fixes: #992
Ensure the bootmenu is disabled by default. When not specified it will
default to the hypervisor default behaviour, however this is not
necessarily defined consistently across different distros. Therefore for
a consistent behaviour, simply ensure it is always configured to be off,
unless explicitly required to be enabled when the boot order is
configured.
Fixes: #947
The 9p synced folder option :owner is better named as :access, which is
documented by 9p and less likely to cause confusion on the expected
behaviour as it does not control the owner of the files.
Relates-To: #378
The driver is created with a specific machine instance, use this in
stead of requiring a specific instance be passed in. Apply the same
approach to domain where possible which allows the same get ip address
function to be called with and without a domain being passed in to save
lookup during loops.
Normalise the XML to ensure the attributes for both documents have the
same ordering to prevent excessive noise when differences are detected.
Additionally sort various elements based on attributes that make
ordering irrelevant to allow for simpler comparison using xmlsimple.
Closes: #1583
When using `qemu_use_agent = true`, the provisioning of a Windows
machine was faling to get the IP address with the error:
```
`get_ipaddress_from_qemu_agent': undefined method `downcase' for nil:NilClass (NoMethodError)
```
```plain
Traceback (most recent call last):
18: from /opt/vagrant/embedded/gems/2.3.0/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
17: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/lib/vagrant/action/builtin/wait_for_communicator.rb:16:in `block in call'
16: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/plugins/communicators/winrm/communicator.rb:31:in `wait_for_ready'
15: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:110:in `timeout'
14: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:33:in `catch'
13: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:33:in `catch'
12: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:33:in `block in catch'
11: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:95:in `block in timeout'
10: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/plugins/communicators/winrm/communicator.rb:37:in `block in wait_for_ready'
9: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/plugins/communicators/winrm/helper.rb:21:in `winrm_info'
8: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/plugins/communicators/winrm/helper.rb:35:in `winrm_address'
7: from /opt/vagrant/embedded/gems/2.3.0/gems/vagrant-2.3.0/lib/vagrant/machine.rb:452:in `ssh_info'
6: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/provider.rb:58:in `ssh_info'
5: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/provider.rb:98:in `state'
4: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/driver.rb:194:in `state'
3: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/driver.rb:103:in `get_domain_ipaddress'
2: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/driver.rb:242:in `get_ipaddress_from_qemu_agent'
1: from /home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/driver.rb:242:in `each'
/home/rgl/.vagrant.d/gems/2.7.6/gems/vagrant-libvirt-0.10.7/lib/vagrant-libvirt/driver.rb:243:in `block in get_ipaddress_from_qemu_agent': undefined method `downcase' for nil:NilClass (NoMethodError)
```
This is due to Windows qemu-ga reporting interfaces that do not have a
`hardware-address`. For example, the `Loopback Pseudo-Interface 1` does
not have it:
```console
$ virsh qemu-agent-command openwrt-vagrant-windows '{"execute":"guest-network-get-interfaces"}' --pretty
{
"return": [
{
"name": "Ethernet 2",
"ip-addresses": [
{
"ip-address-type": "ipv4",
"ip-address": "10.0.20.11",
"prefix": 24
}
],
"statistics": {
"tx-packets": 3090,
"tx-errs": 0,
"rx-bytes": 50713786,
"rx-dropped": 0,
"rx-packets": 35116,
"rx-errs": 0,
"tx-bytes": 744040,
"tx-dropped": 0
},
"hardware-address": "08:00:27:00:00:0b"
},
{
"name": "Loopback Pseudo-Interface 1",
"ip-addresses": [
{
"ip-address-type": "ipv6",
"ip-address": "::1",
"prefix": 128
},
{
"ip-address-type": "ipv4",
"ip-address": "127.0.0.1",
"prefix": 8
}
],
"statistics": {
"tx-packets": 0,
"tx-errs": 0,
"rx-bytes": 0,
"rx-dropped": 0,
"rx-packets": 0,
"rx-errs": 0,
"tx-bytes": 0,
"tx-dropped": 0
}
}
]
}
```
With this change, the IP address can now be found without errors:
```plain
...
windows: WinRM address: 10.0.20.11:5985
windows: WinRM username: vagrant
...
```
the message fills the screen with expected warnings messages
when we need to debug this problem the message is already logged, so
there is no need to show it in the normal case
these are the warning messages that were displayed:
```
==> debian: Waiting for domain to get an IP address...
Unable to receive IP via qemu agent: [Call to virDomainQemuAgentCommand failed: Guest agent is not responding: QEMU guest agent is not connected]
...
==> debian: Waiting for machine to boot. This may take a few minutes...
Unable to receive IP via qemu agent: [Call to virDomainQemuAgentCommand failed: Guest agent is not responding: QEMU guest agent is not connected]
...
```
The distribution provided vagrant package on Ubuntu 20.04 is version
2.2.6 running on ruby 2.7.2. It appears that the rexml layout is
slightly different and imports different paths than the current code
expects. Add this combination to the unit tests and switch the requires
to load the specific library requirements instead of relying on rexml
loading everything underneath.
Additionally it appears the hook behaviour change appeared earlier that
the understood vagrant release of 2.2.11, and 2.2.6 also requires the
newer hook behaviour.
As this is the first time people may be alerted to an issue applying
changes, given that previously they would be silently discarded, better
to switch to warning the end user rather than blocking the domain start.
This is no worse than the previous position, and allows previous
configurations that were understood to be working, to continue to work
as they are, with hopefully issues logged by users that will allow
more correct XML to be sent before making failure to match the changes
applied fatal.
Ensure that the tests always set VAGRANT_HOME into the environment to
prevent the global plugin manager from trying to load the plugins under
this directory.
Remove the unnecessary nesting of begin/rescue entries in start domain
which partially existed due to vagrant-libvirt destroying domain
definitions on error, even for machines that had previously been
created.
Since this is no longer a problem as existing domains will be halted
rather than removed when an exception occurs, it is perfectly fine to
let the exception percolate upwards and be handled by the warden, which
is what the current code is doing, but at the expense of catching and
re-raising multiple times.
Switch to calling the returning the next middleware in the chain as soon
as possible in the set boot order action. Makes the overall remaining
logic tidier.
Include basic tests to check existing behaviour.
The attribute autoport="no" will be dropped, therefore ensure that when
graphics_autoport should be disabled, default it to nil, which allows
the existing code to exclude it from the domain template.
Otherwise being set to no will result in an apparent difference due to
the returned XML after update dropping the attribute.
