From d670e246d058b69116048b4146b93bd74a044ef4 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: Mar 20 2019 17:42:59 +0000 Subject: Fix rbd upgrade compat & deprecations and networking Signed-off-by: Daniel P. Berrangé --- diff --git a/0001-storage-split-off-code-for-calling-rbd_list.patch b/0001-storage-split-off-code-for-calling-rbd_list.patch new file mode 100644 index 0000000..1689aa7 --- /dev/null +++ b/0001-storage-split-off-code-for-calling-rbd_list.patch @@ -0,0 +1,149 @@ +From 092320f10b47bd6aca1f29278fcdc6b0efaf636a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 18 Mar 2019 10:58:48 +0000 +Subject: [PATCH 1/5] storage: split off code for calling rbd_list +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The rbd_list method has a quite unpleasant signature returning an +array of strings in a single buffer instead of an array. It is +being deprecated in favour of rbd_list2. To maintain clarity of +code when supporting both APIs in parallel, split the rbd_list +code out into a separate method. + +In splitting this we now honour the rbd_list failures. + +Reviewed-by: Ján Tomko +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 28c8403ed07896d6d7e06d7726ed904027206719) +--- + src/storage/storage_backend_rbd.c | 83 +++++++++++++++++++++---------- + 1 file changed, 58 insertions(+), 25 deletions(-) + +diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c +index 2b7af1db23..0865163756 100644 +--- a/src/storage/storage_backend_rbd.c ++++ b/src/storage/storage_backend_rbd.c +@@ -565,19 +565,68 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol, + return ret; + } + ++ ++static char ** ++virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr) ++{ ++ char **names = NULL; ++ size_t nnames = 0; ++ int rc; ++ size_t max_size = 1024; ++ VIR_AUTOFREE(char *) namebuf = NULL; ++ const char *name; ++ ++ while (true) { ++ if (VIR_ALLOC_N(namebuf, max_size) < 0) ++ goto error; ++ ++ rc = rbd_list(ptr->ioctx, namebuf, &max_size); ++ if (rc >= 0) ++ break; ++ if (rc != -ERANGE) { ++ virReportSystemError(-rc, "%s", _("Unable to list RBD images")); ++ goto error; ++ } ++ VIR_FREE(namebuf); ++ } ++ ++ for (name = namebuf; name < namebuf + max_size;) { ++ VIR_AUTOFREE(char *) namedup = NULL; ++ ++ if (STREQ(name, "")) ++ break; ++ ++ if (VIR_STRDUP(namedup, name) < 0) ++ goto error; ++ ++ if (VIR_APPEND_ELEMENT(names, nnames, namedup) < 0) ++ goto error; ++ ++ name += strlen(name) + 1; ++ } ++ ++ if (VIR_EXPAND_N(names, nnames, 1) < 0) ++ goto error; ++ ++ return names; ++ ++ error: ++ virStringListFreeCount(names, nnames); ++ return NULL; ++} ++ ++ + static int + virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool) + { +- size_t max_size = 1024; + int ret = -1; +- int len = -1; + int r = 0; +- char *name; + virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool); + virStorageBackendRBDStatePtr ptr = NULL; + struct rados_cluster_stat_t clusterstat; + struct rados_pool_stat_t poolstat; +- VIR_AUTOFREE(char *) names = NULL; ++ char **names = NULL; ++ size_t i; + + if (!(ptr = virStorageBackendRBDNewState(pool))) + goto cleanup; +@@ -602,33 +651,16 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool) + def->source.name, clusterstat.kb, clusterstat.kb_avail, + poolstat.num_bytes); + +- while (true) { +- if (VIR_ALLOC_N(names, max_size) < 0) +- goto cleanup; +- +- len = rbd_list(ptr->ioctx, names, &max_size); +- if (len >= 0) +- break; +- if (len != -ERANGE) { +- VIR_WARN("%s", "A problem occurred while listing RBD images"); +- goto cleanup; +- } +- VIR_FREE(names); +- } ++ if (!(names = virStorageBackendRBDGetVolNames(ptr))) ++ goto cleanup; + +- for (name = names; name < names + max_size;) { ++ for (i = 0; names[i] != NULL; i++) { + VIR_AUTOPTR(virStorageVolDef) vol = NULL; + +- if (STREQ(name, "")) +- break; +- + if (VIR_ALLOC(vol) < 0) + goto cleanup; + +- if (VIR_STRDUP(vol->name, name) < 0) +- goto cleanup; +- +- name += strlen(name) + 1; ++ VIR_STEAL_PTR(vol->name, names[i]); + + r = volStorageBackendRBDRefreshVolInfo(vol, pool, ptr); + +@@ -661,6 +693,7 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool) + ret = 0; + + cleanup: ++ virStringListFree(names); + virStorageBackendRBDFreeState(&ptr); + return ret; + } +-- +2.20.1 + diff --git a/0002-storage-add-support-for-new-rbd_list2-method.patch b/0002-storage-add-support-for-new-rbd_list2-method.patch new file mode 100644 index 0000000..b03dbee --- /dev/null +++ b/0002-storage-add-support-for-new-rbd_list2-method.patch @@ -0,0 +1,96 @@ +From e8ec2592202387cca8e45cf15bd55ed5a952f3e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 18 Mar 2019 11:11:38 +0000 +Subject: [PATCH 2/5] storage: add support for new rbd_list2 method +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The rbd_list method has been deprecated in Ceph >= 14.0.0 +in favour of the new rbd_list2 method which populates an +array of structs. + +Reviewed-by: Ján Tomko +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 3aa190f2a43a632b542a6ba751a6c3ab4d51f1dd) +--- + m4/virt-storage-rbd.m4 | 1 + + src/storage/storage_backend_rbd.c | 43 +++++++++++++++++++++++++++++++ + 2 files changed, 44 insertions(+) + +diff --git a/m4/virt-storage-rbd.m4 b/m4/virt-storage-rbd.m4 +index 17e2115309..f3d9d04908 100644 +--- a/m4/virt-storage-rbd.m4 ++++ b/m4/virt-storage-rbd.m4 +@@ -33,6 +33,7 @@ AC_DEFUN([LIBVIRT_STORAGE_CHECK_RBD], [ + old_LIBS="$LIBS" + LIBS="$LIBS $LIBRBD_LIBS" + AC_CHECK_FUNCS([rbd_get_features],[],[LIBRBD_FOUND=no]) ++ AC_CHECK_FUNCS([rbd_list2]) + LIBS="$old_LIBS" + fi + +diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c +index 0865163756..bfc3419f9c 100644 +--- a/src/storage/storage_backend_rbd.c ++++ b/src/storage/storage_backend_rbd.c +@@ -566,6 +566,48 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol, + } + + ++#ifdef HAVE_RBD_LIST2 ++static char ** ++virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr) ++{ ++ char **names = NULL; ++ size_t nnames = 0; ++ int rc; ++ rbd_image_spec_t *images = NULL; ++ size_t nimages = 16; ++ size_t i; ++ ++ while (true) { ++ if (VIR_ALLOC_N(images, nimages) < 0) ++ goto error; ++ ++ rc = rbd_list2(ptr->ioctx, images, &nimages); ++ if (rc >= 0) ++ break; ++ if (rc != -ERANGE) { ++ virReportSystemError(-rc, "%s", _("Unable to list RBD images")); ++ goto error; ++ } ++ } ++ ++ if (VIR_ALLOC_N(names, nimages + 1) < 0) ++ goto error; ++ nnames = nimages; ++ ++ for (i = 0; i < nimages; i++) ++ VIR_STEAL_PTR(names[i], images->name); ++ ++ return names; ++ ++ error: ++ virStringListFreeCount(names, nnames); ++ rbd_image_spec_list_cleanup(images, nimages); ++ VIR_FREE(images); ++ return NULL; ++} ++ ++#else /* ! HAVE_RBD_LIST2 */ ++ + static char ** + virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr) + { +@@ -614,6 +656,7 @@ virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr) + virStringListFreeCount(names, nnames); + return NULL; + } ++#endif /* ! HAVE_RBD_LIST2 */ + + + static int +-- +2.20.1 + diff --git a/0003-network-improve-error-report-when-firewall-chain-cre.patch b/0003-network-improve-error-report-when-firewall-chain-cre.patch new file mode 100644 index 0000000..2e99a73 --- /dev/null +++ b/0003-network-improve-error-report-when-firewall-chain-cre.patch @@ -0,0 +1,137 @@ +From b990740b12117eaaf2797141a53a30b41f07c791 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 18 Mar 2019 17:31:21 +0000 +Subject: [PATCH 3/5] network: improve error report when firewall chain + creation fails +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +During startup we create some top level chains in which all +virtual network firewall rules will be placed. The upfront +creation is done to avoid slowing down creation of individual +virtual networks by checking for chain existance every time. + +There are some factors which can cause this upfront creation +to fail and while a message will get into the libvirtd log +this won't be seen by users who later try to start a virtual +network. Instead they'll just get a message saying that the +libvirt top level chain does not exist. This message is +accurate, but unhelpful for solving the root cause. + +This patch thus saves any error during daemon startup and +reports it when trying to create a virtual network later. + +Reviewed-by: Andrea Bolognani +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 9f4e35dc73ec9e940aa61bc7c140c2b800218ef3) +--- + src/network/bridge_driver.c | 3 +-- + src/network/bridge_driver_linux.c | 31 +++++++++++++++++++++------- + src/network/bridge_driver_nop.c | 3 +-- + src/network/bridge_driver_platform.h | 2 +- + 4 files changed, 27 insertions(+), 12 deletions(-) + +diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c +index b3ca5b8a15..1da60f0a21 100644 +--- a/src/network/bridge_driver.c ++++ b/src/network/bridge_driver.c +@@ -2108,8 +2108,7 @@ static void + networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup) + { + VIR_INFO("Reloading iptables rules"); +- if (networkPreReloadFirewallRules(startup) < 0) +- return; ++ networkPreReloadFirewallRules(startup); + virNetworkObjListForEach(driver->networks, + networkReloadFirewallRulesHelper, + NULL); +diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c +index b10d0a6c4d..c899f4b6d0 100644 +--- a/src/network/bridge_driver_linux.c ++++ b/src/network/bridge_driver_linux.c +@@ -35,11 +35,25 @@ VIR_LOG_INIT("network.bridge_driver_linux"); + + #define PROC_NET_ROUTE "/proc/net/route" + +-int networkPreReloadFirewallRules(bool startup) ++static virErrorPtr errInit; ++ ++void networkPreReloadFirewallRules(bool startup) + { +- int ret = iptablesSetupPrivateChains(); +- if (ret < 0) +- return -1; ++ int rc; ++ ++ /* We create global rules upfront as we don't want ++ * the perf hit of conditionally figuring out whether ++ * to create them each time a network is started. ++ * ++ * Any errors here are saved to be reported at time ++ * of starting the network though as that makes them ++ * more likely to be seen by a human ++ */ ++ rc = iptablesSetupPrivateChains(); ++ if (rc < 0) { ++ errInit = virSaveLastError(); ++ virResetLastError(); ++ } + + /* + * If this is initial startup, and we just created the +@@ -54,10 +68,8 @@ int networkPreReloadFirewallRules(bool startup) + * rules will be present. Thus we can safely just tell it + * to always delete from the builin chain + */ +- if (startup && ret == 1) ++ if (startup && rc == 1) + iptablesSetDeletePrivate(false); +- +- return 0; + } + + +@@ -671,6 +683,11 @@ int networkAddFirewallRules(virNetworkDefPtr def) + virFirewallPtr fw = NULL; + int ret = -1; + ++ if (errInit) { ++ virSetError(errInit); ++ return -1; ++ } ++ + if (def->bridgeZone) { + + /* if a firewalld zone has been specified, fail/log an error +diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c +index a0e57012f9..ea9db338cb 100644 +--- a/src/network/bridge_driver_nop.c ++++ b/src/network/bridge_driver_nop.c +@@ -19,9 +19,8 @@ + + #include + +-int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) ++void networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) + { +- return 0; + } + + +diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h +index baeb22bc3e..95fd64bdc7 100644 +--- a/src/network/bridge_driver_platform.h ++++ b/src/network/bridge_driver_platform.h +@@ -58,7 +58,7 @@ struct _virNetworkDriverState { + typedef struct _virNetworkDriverState virNetworkDriverState; + typedef virNetworkDriverState *virNetworkDriverStatePtr; + +-int networkPreReloadFirewallRules(bool startup); ++void networkPreReloadFirewallRules(bool startup); + void networkPostReloadFirewallRules(bool startup); + + int networkCheckRouteCollision(virNetworkDefPtr def); +-- +2.20.1 + diff --git a/0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch b/0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch new file mode 100644 index 0000000..b7832a6 --- /dev/null +++ b/0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch @@ -0,0 +1,153 @@ +From 095c45036615a84c7150ea801d6932bdde1d5b49 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 18 Mar 2019 16:49:32 +0000 +Subject: [PATCH 4/5] network: split setup of ipv4 and ipv6 top level chains +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +During startup libvirtd creates top level chains for both ipv4 +and ipv6 protocols. If this fails for any reason then startup +of virtual networks is blocked. + +The default virtual network, however, only requires use of ipv4 +and some servers have ipv6 disabled so it is expected that ipv6 +chain creation will fail. There could equally be servers with +no ipv4, only ipv6. + +This patch thus makes error reporting a little more fine grained +so that it works more sensibly when either ipv4 or ipv6 is +disabled on the server. Only the protocols that are actually +used by the virtual network have errors reported. + +Reviewed-by: Andrea Bolognani +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 686803a1a2e1e0641916b1c9e2c7e3910fe598d4) +--- + src/network/bridge_driver_linux.c | 34 +++++++++++++++++++++++++------ + src/util/viriptables.c | 14 ++++--------- + src/util/viriptables.h | 2 +- + 3 files changed, 33 insertions(+), 17 deletions(-) + +diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c +index c899f4b6d0..50fc197134 100644 +--- a/src/network/bridge_driver_linux.c ++++ b/src/network/bridge_driver_linux.c +@@ -35,10 +35,12 @@ VIR_LOG_INIT("network.bridge_driver_linux"); + + #define PROC_NET_ROUTE "/proc/net/route" + +-static virErrorPtr errInit; ++static virErrorPtr errInitV4; ++static virErrorPtr errInitV6; + + void networkPreReloadFirewallRules(bool startup) + { ++ bool created = false; + int rc; + + /* We create global rules upfront as we don't want +@@ -49,11 +51,21 @@ void networkPreReloadFirewallRules(bool startup) + * of starting the network though as that makes them + * more likely to be seen by a human + */ +- rc = iptablesSetupPrivateChains(); ++ rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4); + if (rc < 0) { +- errInit = virSaveLastError(); ++ errInitV4 = virSaveLastError(); + virResetLastError(); + } ++ if (rc) ++ created = true; ++ ++ rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6); ++ if (rc < 0) { ++ errInitV6 = virSaveLastError(); ++ virResetLastError(); ++ } ++ if (rc) ++ created = true; + + /* + * If this is initial startup, and we just created the +@@ -68,7 +80,7 @@ void networkPreReloadFirewallRules(bool startup) + * rules will be present. Thus we can safely just tell it + * to always delete from the builin chain + */ +- if (startup && rc == 1) ++ if (startup && created) + iptablesSetDeletePrivate(false); + } + +@@ -683,8 +695,18 @@ int networkAddFirewallRules(virNetworkDefPtr def) + virFirewallPtr fw = NULL; + int ret = -1; + +- if (errInit) { +- virSetError(errInit); ++ if (errInitV4 && ++ (virNetworkDefGetIPByIndex(def, AF_INET, 0) || ++ virNetworkDefGetRouteByIndex(def, AF_INET, 0))) { ++ virSetError(errInitV4); ++ return -1; ++ } ++ ++ if (errInitV6 && ++ (virNetworkDefGetIPByIndex(def, AF_INET6, 0) || ++ virNetworkDefGetRouteByIndex(def, AF_INET6, 0) || ++ def->ipv6nogw)) { ++ virSetError(errInitV6); + return -1; + } + +diff --git a/src/util/viriptables.c b/src/util/viriptables.c +index d67b640a3b..0e3c0ad73a 100644 +--- a/src/util/viriptables.c ++++ b/src/util/viriptables.c +@@ -127,7 +127,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw, + + + int +-iptablesSetupPrivateChains(void) ++iptablesSetupPrivateChains(virFirewallLayer layer) + { + virFirewallPtr fw = NULL; + int ret = -1; +@@ -143,17 +143,11 @@ iptablesSetupPrivateChains(void) + }; + bool changed = false; + iptablesGlobalChainData data[] = { +- { VIR_FIREWALL_LAYER_IPV4, "filter", ++ { layer, "filter", + filter_chains, ARRAY_CARDINALITY(filter_chains), &changed }, +- { VIR_FIREWALL_LAYER_IPV4, "nat", ++ { layer, "nat", + natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed }, +- { VIR_FIREWALL_LAYER_IPV4, "mangle", +- natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed }, +- { VIR_FIREWALL_LAYER_IPV6, "filter", +- filter_chains, ARRAY_CARDINALITY(filter_chains), &changed }, +- { VIR_FIREWALL_LAYER_IPV6, "nat", +- natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed }, +- { VIR_FIREWALL_LAYER_IPV6, "mangle", ++ { layer, "mangle", + natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed }, + }; + size_t i; +diff --git a/src/util/viriptables.h b/src/util/viriptables.h +index 903f390f89..e680407ec8 100644 +--- a/src/util/viriptables.h ++++ b/src/util/viriptables.h +@@ -24,7 +24,7 @@ + # include "virsocketaddr.h" + # include "virfirewall.h" + +-int iptablesSetupPrivateChains (void); ++int iptablesSetupPrivateChains (virFirewallLayer layer); + + void iptablesSetDeletePrivate (bool pvt); + +-- +2.20.1 + diff --git a/0005-network-avoid-trying-to-create-global-firewall-rules.patch b/0005-network-avoid-trying-to-create-global-firewall-rules.patch new file mode 100644 index 0000000..047d75f --- /dev/null +++ b/0005-network-avoid-trying-to-create-global-firewall-rules.patch @@ -0,0 +1,50 @@ +From 3e02ee9b5da7fc7197aaa6d57563349a7670b8a1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Wed, 13 Mar 2019 16:21:15 +0000 +Subject: [PATCH 5/5] network: avoid trying to create global firewall rules if + unprivileged +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The unprivileged libvirtd does not have permission to create firewall +rules, or bridge devices, or do anything to the host network in +general. Historically we still activate the network driver though and +let the network start API call fail. + +The startup code path which reloads firewall rules on active networks +would thus effectively be a no-op when unprivileged as it is impossible +for there to be any active networks + +With the change to use a global set of firewall chains, however, we now +have code that is run unconditionally. + +Ideally we would not register the network driver at all when +unprivileged, but the entanglement with the virt drivers currently makes +that impractical. As a temporary hack, we just make the firewall reload +into a no-op. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 5d010c3df6152cf5fb00f1f67d22151241f4a8a2) +--- + src/network/bridge_driver.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c +index 1da60f0a21..0e1d5efd8e 100644 +--- a/src/network/bridge_driver.c ++++ b/src/network/bridge_driver.c +@@ -2108,6 +2108,10 @@ static void + networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup) + { + VIR_INFO("Reloading iptables rules"); ++ /* Ideally we'd not even register the driver when unprivilegd ++ * but until we untangle the virt driver that's not viable */ ++ if (!driver->privileged) ++ return; + networkPreReloadFirewallRules(startup); + virNetworkObjListForEach(driver->networks, + networkReloadFirewallRulesHelper, +-- +2.20.1 + diff --git a/libvirt.spec b/libvirt.spec index dd06451..147b2e2 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -15,7 +15,7 @@ # Default to skipping autoreconf. Distros can change just this one line # (or provide a command-line override) if they backport any patches that # touch configure.ac or Makefile.am. -%{!?enable_autotools:%global enable_autotools 0} +%{!?enable_autotools:%global enable_autotools 1} # The hypervisor drivers that run in libvirtd %define with_qemu 0%{!?_without_qemu:1} @@ -216,7 +216,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 5.1.0 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ URL: https://libvirt.org/ @@ -224,6 +224,12 @@ URL: https://libvirt.org/ %define mainturl stable_updates/ %endif Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz +Patch1: 0001-storage-split-off-code-for-calling-rbd_list.patch +Patch2: 0002-storage-add-support-for-new-rbd_list2-method.patch +Patch3: 0003-network-improve-error-report-when-firewall-chain-cre.patch +Patch4: 0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch +Patch5: 0005-network-avoid-trying-to-create-global-firewall-rules.patch + Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -326,6 +332,8 @@ BuildRequires: libiscsi-devel BuildRequires: parted-devel # For Multipath support BuildRequires: device-mapper-devel +# For XFS reflink clone support +BuildRequires: xfsprogs-devel %if %{with_storage_rbd} BuildRequires: librados2-devel BuildRequires: librbd1-devel @@ -548,6 +556,9 @@ Requires: util-linux # From QEMU RPMs Requires: /usr/bin/qemu-img %endif +%if !%{with_storage_rbd} +Obsoletes: libvirt-daemon-driver-storage-rbd < %{version}-%{release} +%endif %description daemon-driver-storage-core The storage driver plugin for the libvirtd daemon, providing @@ -1889,6 +1900,13 @@ exit 0 %changelog +* Wed Mar 20 2019 Daniel P. Berrangé - 5.1.0-3 +- Fix upgrades for rbd on i686 (rhbz #1688121) +- Add missing xfsprogs-devel dep +- Fix use of deprecated RBD features +- Avoid using firewalld if unprivileged +- Don't require ipv6 firewall support at startup (rhbz #1688968) + * Wed Mar 06 2019 Igor Gnatenko - 5.1.0-2 - Remove obsolete scriptlets