Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
As usual, a lot of changes have made it to master without the release
notes being updated at the same time.
I'll push this tomorrow in the morning, so that it can make it into
the release, unless it gets (N)ACKed earlier.
docs/news.xml | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 138 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index 6a864916d..3cf761d89 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -49,6 +49,36 @@
easily.
</description>
</change>
+ <change>
+ <summary>
+ qemu: Support multiqueue for virtio-blk
+ </summary>
+ <description>
+ Multiqueue support for <code>virtio-blk</code> has been available
+ in QEMU ever since 2.7.0, and now libvirt guests can enable it.
+ </description>
+ </change>
+ <change>
+ <summary>
+ Add virDomainSetLifecycleAction() API
+ </summary>
+ <description>
+ This new API, also exposed through the
+ <code>set-lifecycle-action</code> <code>virsh</code> command, allows
+ the user to dynamically control how the guest will react to being
+ powered off, being restarted or crashing.
+ </description>
+ </change>
+ <change>
+ <summary>
+ qemu: Allow cold(un)plugging and hot(un)plugging input devices
+ </summary>
+ </change>
+ <change>
+ <summary>
+ net: Implement QoS for vhostuser
+ </summary>
+ </change>
</section>
<section title="Improvements">
<change>
@@ -64,6 +94,82 @@
in order to decrypt the volume.
</description>
</change>
+ <change>
+ <summary>
+ net: Ignore auto-generated MAC address when detaching an interface
+ </summary>
+ <description>
+ If the MAC address has not been specified by the user, libvirt will
+ try and fill in the gaps by generating one; however, that leads to
+ very confusing error messages, so it's not desiderable.
+ </description>
+ </change>
+ <change>
+ <summary>
+ net: Enable MAC address lookup for virDomainInterfaceStats()
+ </summary>
+ </change>
+ <change>
+ <summary>
+ apparmor: Several improvements
+ </summary>
+ <description>
+ Changes include permitting access to data about USB devices and
+ <code>dnsmasq</code> instances, allowing spaces in guest names and
+ many more.
+ </description>
+ </change>
+ <change>
+ <summary>
+ cpu: Use CPU information obtained from QEMU when possible
+ </summary>
+ <description>
+ Recent QEMU versions can expose information about which CPU models
+ are available and usable on the host; libvirt will now make use of
+ such information whenever possible.
+ </description>
+ </change>
+ <change>
+ <summary>
+ hyperv: Various improvements
+ </summary>
+ <description>
+ The error reported when clients can't connect to Hyper-V has been
+ made more descriptive, and memory limits for guests are now mapped
+ to more appropriate libvirt equivalents.
+ </description>
+ </change>
+ <change>
+ <summary>
+ qemu: Report QEMU error on failed migration
+ </summary>
+ <description>
+ Instead of reporting a generic error, ask QEMU for a more detailed
+ and thus hopefully more helpful one.
+ </description>
+ </change>
+ <change>
+ <summary>
+ vbox: Implement autoport for RDP
+ </summary>
+ <description>
+ libvirt will now obtain the (dynamically allocated) RDP port number
+ from VirtualBox itself, avoiding conflicts between multiple guests
+ wanting to use RDP at the same time.
+ </description>
+ </change>
+ <change>
+ <summary>
+ qemu: Allow rotation of small logs
+ </summary>
+ <description>
+ On a host where tons of unique instances are executed per day, it's
+ quite possible that while each of the single log files are quite
+ small, they will build up to quite a bit of clutter. Removing the
+ constraints that log have to be bigger than 100 KiB before they can
+ be rotated solves the issue.
+ </description>
+ </change>
</section>
<section title="Bug fixes">
<change>
@@ -87,6 +193,38 @@
the LUKS encrypted volume.
</description>
</change>
+ <change>
+ <summary>
+ qemu: Reserve PCI addresses for implicit i440fx devices
+ </summary>
+ <description>
+ Failing to do so causes the addresses to be considered usable by
+ libvirt, which means they could be assigned to more than one device
+ resulting in the guest failing to start.
+ </description>
+ </change>
+ <change>
+ <summary>
+ qemu: Ensure TLS clients always verify the server certificate
+ </summary>
+ <description>
+ While it's reasonable to turn off client certificate validation,
+ as setting it up can be non-trivial, clients should always verify
+ the server certificate to avoid MITM attacks. libvirt was, however,
+ using the same knob to control both checks, leading to
+ CVE-2017-1000256 / LSN-2017-0002.
+ </description>
+ </change>
+ <change>
+ <summary>
+ spec: Restart libvirtd only at the end of the upgrade process
+ </summary>
+ <description>
+ Use <code>%posttrans</code> to make sure <code>libvirtd</code>
+ is not restarted before all other components, such as the library
+ itself and storage / hypervisor drivers, have already been upgraded.
+ </description>
+ </change>
</section>
</release>
<release version="v3.8.0" date="2017-10-04">
--
2.13.6
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 11/01/2017 12:33 PM, Andrea Bolognani wrote: > Signed-off-by: Andrea Bolognani <abologna@redhat.com> > --- > As usual, a lot of changes have made it to master without the release > notes being updated at the same time. > > I'll push this tomorrow in the morning, so that it can make it into > the release, unless it gets (N)ACKed earlier. > > docs/news.xml | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 138 insertions(+) > > diff --git a/docs/news.xml b/docs/news.xml > index 6a864916d..3cf761d89 100644 > --- a/docs/news.xml > +++ b/docs/news.xml > @@ -49,6 +49,36 @@ > easily. > </description> > </change> > + <change> > + <summary> > + qemu: Support multiqueue for virtio-blk > + </summary> > + <description> > + Multiqueue support for <code>virtio-blk</code> has been available > + in QEMU ever since 2.7.0, and now libvirt guests can enable it. > + </description> > + </change> > + <change> > + <summary> > + Add virDomainSetLifecycleAction() API Remove the () > + </summary> > + <description> > + This new API, also exposed through the > + <code>set-lifecycle-action</code> <code>virsh</code> command, allows > + the user to dynamically control how the guest will react to being > + powered off, being restarted or crashing. This one reads strangely to me... As a suggestion Provided a new API to allow dynamic guest lifecycle control for guest reactions to poweroff, restart, or crash type events related to the domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and <code>on_crash</code> elements. The <code>virsh set-lifecycle-action<code> command was created to control the actions. > + </description> > + </change> > + <change> > + <summary> > + qemu: Allow cold(un)plugging and hot(un)plugging input devices > + </summary> > + </change> > + <change> > + <summary> > + net: Implement QoS for vhostuser > + </summary> > + </change> > </section> > <section title="Improvements"> > <change> > @@ -64,6 +94,82 @@ > in order to decrypt the volume. > </description> > </change> > + <change> > + <summary> > + net: Ignore auto-generated MAC address when detaching an interface > + </summary> > + <description> > + If the MAC address has not been specified by the user, libvirt will > + try and fill in the gaps by generating one; however, that leads to > + very confusing error messages, so it's not desiderable. Consider, replacing however with: however, for some error paths that led to some confusing error messages, so when an auto-generated MAC address is specified the error message will not include the auto-generated MAC. > + </description> > + </change> > + <change> > + <summary> > + net: Enable MAC address lookup for virDomainInterfaceStats() Remove the () > + </summary> > + </change> > + <change> > + <summary> > + apparmor: Several improvements > + </summary> > + <description> > + Changes include permitting access to data about USB devices and > + <code>dnsmasq</code> instances, allowing spaces in guest names and > + many more. > + </description> > + </change> > + <change> > + <summary> > + cpu: Use CPU information obtained from QEMU when possible > + </summary> > + <description> > + Recent QEMU versions can expose information about which CPU models > + are available and usable on the host; libvirt will now make use of > + such information whenever possible. > + </description> > + </change> > + <change> > + <summary> > + hyperv: Various improvements > + </summary> > + <description> > + The error reported when clients can't connect to Hyper-V has been > + made more descriptive, and memory limits for guests are now mapped > + to more appropriate libvirt equivalents. > + </description> > + </change> > + <change> > + <summary> > + qemu: Report QEMU error on failed migration > + </summary> > + <description> > + Instead of reporting a generic error, ask QEMU for a more detailed > + and thus hopefully more helpful one. > + </description> > + </change> > + <change> > + <summary> > + vbox: Implement autoport for RDP > + </summary> > + <description> > + libvirt will now obtain the (dynamically allocated) RDP port number > + from VirtualBox itself, avoiding conflicts between multiple guests > + wanting to use RDP at the same time. > + </description> > + </change> > + <change> > + <summary> > + qemu: Allow rotation of small logs > + </summary> > + <description> > + On a host where tons of unique instances are executed per day, it's "tons of" ;-) Perhaps "many" or "numerous" or "a large quantity of" > + quite possible that while each of the single log files are quite s/while each/even though/ > + small, they will build up to quite a bit of clutter. Removing the s/small, ... clutter./ small, collectively the quantity and volume may add tens of thousands of log files to the <code>/var/log/libvirt/qemu/</code> directory. Removing the... > + constraints that log have to be bigger than 100 KiB before they can > + be rotated solves the issue. s/issue.$/issue. However, this may increase the number of files until they are automatically rotated. (Personally, not quite sure how that rotation actually occurs). > + </description> > + </change> > </section> > <section title="Bug fixes"> > <change> > @@ -87,6 +193,38 @@ > the LUKS encrypted volume. > </description> > </change> > + <change> > + <summary> > + qemu: Reserve PCI addresses for implicit i440fx devices > + </summary> > + <description> > + Failing to do so causes the addresses to be considered usable by > + libvirt, which means they could be assigned to more than one device > + resulting in the guest failing to start. > + </description> > + </change> > + <change> > + <summary> > + qemu: Ensure TLS clients always verify the server certificate > + </summary> > + <description> > + While it's reasonable to turn off client certificate validation, > + as setting it up can be non-trivial, clients should always verify > + the server certificate to avoid MITM attacks. libvirt was, however, s/libvirt was, however/However, libvirt was/ Reviewed-by: John Ferlan <jferlan@redhat.com> John > + using the same knob to control both checks, leading to > + CVE-2017-1000256 / LSN-2017-0002. > + </description> > + </change> > + <change> > + <summary> > + spec: Restart libvirtd only at the end of the upgrade process > + </summary> > + <description> > + Use <code>%posttrans</code> to make sure <code>libvirtd</code> > + is not restarted before all other components, such as the library > + itself and storage / hypervisor drivers, have already been upgraded. > + </description> > + </change> > </section> > </release> > <release version="v3.8.0" date="2017-10-04"> > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, 2017-11-01 at 16:19 -0400, John Ferlan wrote: > > + </summary> > > + <description> > > + This new API, also exposed through the > > + <code>set-lifecycle-action</code> <code>virsh</code> command, allows > > + the user to dynamically control how the guest will react to being > > + powered off, being restarted or crashing. > > This one reads strangely to me... As a suggestion > > Provided a new API to allow dynamic guest lifecycle control for guest > reactions to poweroff, restart, or crash type events related to the > domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and > <code>on_crash</code> elements. The <code>virsh > set-lifecycle-action<code> command was created to control the actions. You forgot to close the <code> element here ;) > > + constraints that log have to be bigger than 100 KiB before they can > > + be rotated solves the issue. > > s/issue.$/issue. However, this may increase the number of files until > they are automatically rotated. I don't think that's true: the same number of log files will be created, it's just that now more files will be rotated. So I left out that part. > (Personally, not quite sure how that rotation actually occurs). Not sure myself. I think the logrotate profile is installed along with libvirt, but you have to enable it explicitly for rotation to actually occur? > > + <change> > > + <summary> > > + qemu: Ensure TLS clients always verify the server certificate > > + </summary> > > + <description> > > + While it's reasonable to turn off client certificate validation, > > + as setting it up can be non-trivial, clients should always verify > > + the server certificate to avoid MITM attacks. libvirt was, however, > > + using the same knob to control both checks, leading to > > + CVE-2017-1000256 / LSN-2017-0002. > > + </description> > > + </change> As suggested by Peter, I've moved this to a separate "Security" section, and pushed the whole thing. Thanks for the review and all the improvements :) -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
>>> + constraints that log have to be bigger than 100 KiB before they can
>>> + be rotated solves the issue.
>>
>> s/issue.$/issue. However, this may increase the number of files until
>> they are automatically rotated.
>
> I don't think that's true: the same number of log files will be
> created, it's just that now more files will be rotated. So I left
> out that part.
>
I was just reading the commit '6c43149c4':
" Dropping 'minsize 100k' allows rotating small files, which will
increase the number of log files, but 'rotate 4' ensures they will
be removed after a month.
"
and trying to extrapolate. I'm fine with dropping it though. We really
need to get better at making the author of a series do this stuff!
John
>> (Personally, not quite sure how that rotation actually occurs).
>
> Not sure myself. I think the logrotate profile is installed along
> with libvirt, but you have to enable it explicitly for rotation to
> actually occur?
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.