A few days late after some travel, but everything is now pushed, freeze is over ! The release is tagged in git, signed tarball and rpms are available from the usual place: ftp://libvirt.org/libvirt/ I also pushed the Python bindings release at: ftp://libvirt.org/libvirt/python/ This is a rather large release, with a fair amount of new features, improvement and bug fixes: New features: - bhyve: Add support for additional command-line arguments The bhyve driver now supports passing additional command-line arguments to the bhyve process using the new <bhyve:commandline> element in domain configuration. - network: Support setting a firewalld "zone" for virtual network bridges All libvirt virtual networks with bridges managed by libvirt (i.e. those with forward mode of "nat", "route", "open", or no forward mode) will now be placed in a special firewalld zone called "libvirt" by default. The zone of any network bridge can be changed using the zone attribute of the network's bridge element. - bhyve: Support for ignoring unknown MSRs reads and writes A new <features> element <msrs unknown='ignore'/> was introduced and the bhyve driver supports it to control unknown Model Specific Registers (MSRs) reads and writes. - qemu: Add support for encrypted VNC TLS keys Use the password stored in the secret driver under the uuid specified by the vnc_tls_x509_secret_uuid option in qemu.conf. - Add storage pool namespace options Allow for adjustment of RBD configuration options via Storage Pool XML Namespace adjustments. - qemu: Add support for setting post-copy migration bandwidth Users can now limit the bandwidth of post-copy migration, e.g. via virsh migrate --postcopy-bandwidth. Improvements: - Create private chains for virtual network firewall rules Historically firewall rules for virtual networks were added straight into the base chains. This works but has a number of bugs and design limitations. To address them, libvirt now puts firewall rules into its own chains. - Detect CEPH and GPFS as shared FS When starting a migration libvirt performs some sanity checks to make sure domain will be able to run on the destination. One of the requirements is that the disk has to either be migrated too or be accessible from a network filesystem. CEPH and GPFS weren't detected as a network filesystem. - Advertise network MTU via DHCP when specified If network MTU is set and the network has DHCP enabled, advertise the MTU in DHCP transaction too so that clients can adjust their link accordingly. - qemu: Allocate memory at the configured NUMA nodes from start Libvirt used to just start QEMU, let it allocate memory for the guest, and then use CGroups to move the memory to configured NUMA nodes. This is suboptimal as huge chunks of memory have to be moved. Moreover, this relies on ability to move memory later which is not always true. A change was made to set process affinity correctly from the start so that memory is allocated on the configured nodes from the beginning. - Support for newer Wireshark Adapt libvirt to use the more recent release requiring a source build configuration of libvirt --with-wireshark to upgrade to the more recent version. - Batch mode virsh and virt-admin parsing improvements When parsing a single-argument command_string in batch mode, virsh and virt-admin now permit newlines in addition to semicolons for splitting commands, and backslash-newline for splitting long lines, to be more like shell parsing. Bug fixes: - qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing By default, libvirt runs the QEMU process as qemu:qemu which could cause issues during probing as some features like AMD SEV might be inaccessible to QEMU because of file system permissions. Therefore, CAP_DAC_OVERRIDE is granted to overcome these for the purposes of probing. - storage: Add default mount options for fs/netfs storage pools Altered the command line generation for fs/netfs storage pools to add some default options. For Linux based systems, the options added are "nodev, nosuid, noexec". For FreeBSD based systems, the options added are "nosuid, noexec". - qemu: Allow use of PCI for RISC-V guests This works with QEMU 4.0.0+ only and is opt-in at the moment, since it requires users to manually assign PCI addresses, but is otherwise fully functional. - network: Fix virtual networks on systems using firewalld+nftables Because of the transitional state of firewalld's new support for nftables, not all iptables features required by libvirt are yet available, so libvirt must continue to use iptables for its own packet filtering rules even when the firewalld backend is set to use nftables. However, due to the way iptables support is implemented in kernels using nftables (iptables rules are converted to nftables rules and processed in a separate hook from the native nftables rules), guest networking was broken on hosts with firewalld configured to use nftables as the backend. This has been fixed by putting libvirt-managed bridges in their own firewalld zone, so that guest traffic can be forwarded beyond the host and host services can be exposed to guests on the virtual network without opening up those same services to the rest of the physical network. This means that host access from virtual machines is no longer controlled by the firewalld default zone (usually "public"), but rather by the new firewalld zone called "libvirt" (unless configured otherwise using the new zone attribute of the network bridge element). - qemu: Fix i6300esb watchdog hotplug on Q35 Ensure that libvirt allocates a PCI address for the device so that QEMU did not default to an address that would not allow for device hotplug. - lxc: Don't reboot host on virDomainReboot If the container is really a simple one (init is just bash and the whole root is passed through) then virDomainReboot and virDomainShutdown would reboot or shutdown the host. The solution is to use different method to reboot or shutdown the container in that case (e.g. signal). - rpc: Various stream fixes One particular race was fixed, one locking problem and error reporting from streams was made better. - qemu: Fix guestfwd hotplug/hotunplug Fixed the generation of the guestfwd hotplug/unplug command sent to QEMU to match the syntax used when creating the initial command line. - qemu: Forbid CDROMs on virtio bus Attempting to create an empty virtio-blk drive or attempting to eject it results into an error. Forbid configurations where users would attempt to use CDROMs in virtio bus. - qemu: Use 'raw' for 'volume' disks without format Storage pools might want to specify format of the image when translating the volume thus libvirt can't add any default format when parsing the XML. Add an explicit format when starting the VM and format is not present neither by user specifying it nor by the storage pool translation function. - qemu: Assume 'raw' default storage format also for network storage Post parse callback adds the 'raw' type only for local files. Remote files can also have backing store (even local) so we should do this also for network backed storage. - qemu: Fix block job progress reporting and advocate for READY event In some cases QEMU can get to 100% and still not reach the synchronised phase. Initiating a pivot in that case will fail. Therefore it is strongly advised to wait for VIR_DOMAIN_BLOCK_JOB_READY event which does not suffer from this problem. - qemu: Don't format image properties for empty drive If a -drive has no image, then formatting attributes such as cache, readonly, etc. would cause errors to be reported from QEMU. This was fixed by not supplying the attributes for devices without an image. - External snapshot metadata redefinition is fixed Attempting to use VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE to reinstate the metadata describing an external snapshot created earlier for an offline domain no longer fails. Thanks everybody for your contributions to this new release, enjoy ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard@xxxxxxxxxx | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
