From unknown Sat Jun 14 03:55:08 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#27887 <27887@debbugs.gnu.org> To: bug#27887 <27887@debbugs.gnu.org> Subject: Status: [PATCH] services: Add libvirt services Reply-To: bug#27887 <27887@debbugs.gnu.org> Date: Sat, 14 Jun 2025 10:55:08 +0000 retitle 27887 [PATCH] services: Add libvirt services reassign 27887 guix-patches submitter 27887 Ryan Moe severity 27887 normal tag 27887 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 31 14:22:16 2017 Received: (at submit) by debbugs.gnu.org; 31 Jul 2017 18:22:16 +0000 Received: from localhost ([127.0.0.1]:35629 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dcFKY-0002GC-58 for submit@debbugs.gnu.org; Mon, 31 Jul 2017 14:22:16 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58336) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dcFCF-00022W-Rb for submit@debbugs.gnu.org; Mon, 31 Jul 2017 14:13:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcFC6-0007SA-FN for submit@debbugs.gnu.org; Mon, 31 Jul 2017 14:13:34 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:60272) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dcFC6-0007Rn-BN for submit@debbugs.gnu.org; Mon, 31 Jul 2017 14:13:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49217) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcFC1-0001Lw-Rc for guix-patches@gnu.org; Mon, 31 Jul 2017 14:13:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcFBx-0007JB-AA for guix-patches@gnu.org; Mon, 31 Jul 2017 14:13:25 -0400 Received: from mail-pg0-x236.google.com ([2607:f8b0:400e:c05::236]:38831) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dcFBw-0007Hb-UQ for guix-patches@gnu.org; Mon, 31 Jul 2017 14:13:21 -0400 Received: by mail-pg0-x236.google.com with SMTP id l64so268039pge.5 for ; Mon, 31 Jul 2017 11:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=2JRAmaYtRO4zjkOG/FP5jLhVR3LubQZDUUX/hFTNlb8=; b=kU6VI5mUr2nfzYwoWqNKJyNldU9eGjeCj9mUnvqkfsiLquuqlw8/AtI9u50Hl5uPlH SUaT/TvnQ47rarn/ACGPXLwsgIB0cprNn+Mj+2essiIsWOrq6eC/AHOS7kDCZIvsvZNC T3qLqNj8TWPnEv4VppMKsam5PDS4dpX5wpiu5r8mMEP2yDWB00XC3xlqntJfdho2pysI PfUz7qlNxuJbKoshuYmEqw6e71nzeN1hIYrmj0VLMeH/jJkGtQNike1KGkdF4A0Agxx0 aKbuymtX7Fu0vRp5BIt1H8/IGNUq+Tb+naVIRkhF+IC0O2+cinu3CRsD6u1hLQ+xpahs qaZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=2JRAmaYtRO4zjkOG/FP5jLhVR3LubQZDUUX/hFTNlb8=; b=E1IOkrKLSc43KkUa28ZNlumjCsSxE5X4xadnw0z6xSKQW2X7CDeBuh+GTe33AnijYb 8Kl99WUaIvJQhmfxojdvSXSvRmvDMqRrBLFlg9ErVRpbFy8bVeBEmlIzSDPJgfnR7XI/ v/tm6KcBQUqIG6iTrSeSrz8pzBi7CF3mSCgeS3+FCGR5Crhd1sqX7EQhyXJ92E1JGO1A eI0/AHj2tgG/d7agNwpk04E998MvEf7D90a8NScTsNb877N1HtjkaFwPY4efqEOWW/j9 mEQpUexLWM46zUPPshwrnY5qz1gwZ/00ERxdARRSD28fuWjuoxyBLhpCrPGYREtPepm+ FRYA== X-Gm-Message-State: AIVw111zcbIW2v5YmPZxiQkp1Rm6H5EUaMWWTKZvksbmwpjr+S152iQe yk9PRAQuadoIaHAp X-Received: by 10.98.206.194 with SMTP id y185mr16582146pfg.312.1501524796902; Mon, 31 Jul 2017 11:13:16 -0700 (PDT) Received: from localhost.localdomain (c-71-236-204-34.hsd1.wa.comcast.net. [71.236.204.34]) by smtp.googlemail.com with ESMTPSA id r90sm42802023pfk.139.2017.07.31.11.13.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Jul 2017 11:13:16 -0700 (PDT) From: Ryan Moe To: guix-patches@gnu.org Subject: [PATCH] services: Add libvirt services Date: Mon, 31 Jul 2017 11:13:08 -0700 Message-Id: <20170731181308.6425-1-ryan.moe@gmail.com> X-Mailer: git-send-email 2.13.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 31 Jul 2017 14:22:13 -0400 Cc: Ryan Moe X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) * gnu/services/virtualization.scm: New file. * doc/guix.texi (Virtualization Services): Document it. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- doc/guix.texi | 709 ++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/virtualization.scm | 495 ++++++++++++++++++++++++++++ 3 files changed, 1205 insertions(+) create mode 100644 gnu/services/virtualization.scm diff --git a/doc/guix.texi b/doc/guix.texi index 932b118f7..94b660ac6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -226,6 +226,7 @@ Services * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. Defining Services @@ -9018,6 +9019,7 @@ declaration. * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. @end menu @@ -15388,6 +15390,713 @@ Package object of thermald. @end deftp +@node Virtualization Services +@subsubsection Virtualization services +The @code{(gnu services virtualization)} module provides services for +the libvirt and virtlog daemons. + +@subsubheading Libvirt daemon +@code{libvirtd} is the server side daemon component of the libvirt +virtualization management system. This daemon runs on host servers +and performs required management tasks for virtualized guests. + +@deffn {Scheme Variable} libvirt-service-type +This is the type of the @uref{https://libvirt.org, libvirt daemon}. +Its value must be a @code{libvirt-configuration}. + +@example +(service libvirt-service-type + (libvirt-configuration + (unix-sock-group "libvirt") + (tls-port "16555"))) +@end example +@end deffn + +@c Auto-generated with (generate-libvirt-documentation) +Available @code{libvirt-configuration} fields are: + +@deftypevr {@code{libvirt-configuration} parameter} package libvirt +Libvirt package. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tls? +Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before using +this capability. + +Defaults to @samp{#t}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tcp? +Listen for unencrypted TCP connections on the public TCP/IP port. must +set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only SASL +mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5) + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-port +Port for accepting secure TLS connections This can be a port number, or +service name + +Defaults to @samp{"16514"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tcp-port +Port for accepting insecure TCP connections This can be a port number, +or service name + +Defaults to @samp{"16509"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string listen-addr +IP address or hostname used for client connections. + +Defaults to @samp{"0.0.0.0"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv? +Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by stopping the +Avahi daemon. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string mdns-name +Default mDNS advertisement name. This must be unique on the immediate +broadcast network. + +Defaults to @samp{"Virtualization Host "}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-group +UNIX domain socket group ownership. This can be used to allow a +'trusted' set of users access to management capabilities without +becoming root. + +Defaults to @samp{"root"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-ro-perms +UNIX socket permissions for the R/O socket. This is used for monitoring +VM status only. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-rw-perms +UNIX socket permissions for the R/W socket. Default allows only root. +If PolicyKit is enabled on the socket, the default will change to allow +everyone (eg, 0777) + +Defaults to @samp{"0770"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-admin-perms +UNIX socket permissions for the admin socket. Default allows only owner +(root), do not change it unless you are sure to whom you are exposing +the access to. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-dir +The directory in which sockets will be found/created. + +Defaults to @samp{"/var/run/libvirt"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-ro +Authentication scheme for UNIX read-only sockets. By default socket +permissions allow anyone to connect + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-rw +Authentication scheme for UNIX read-write sockets. By default socket +permissions only allow root. If PolicyKit support was compiled into +libvirt, the default will be to use 'polkit' auth. + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp +Authentication scheme for TCP sockets. If you don't enable SASL, then +all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario. + +Defaults to @samp{"sasl"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tls +Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is done +by certificates. + +It is possible to make use of any SASL authentication mechanism as well, +by using 'sasl' for this option + +Defaults to @samp{"none"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list access-drivers +API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string key-file +Server key file path. If set to an empty string, then no private key is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string cert-file +Server key file path. If set to an empty string, then no certificate is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string ca-file +Server key file path. If set to an empty string, then no CA certificate +is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string crl-file +Certificate revocation list path. If set to an empty string, then no +CRL is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert +Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-verify-cert +Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA will be +rejected. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list +Whitelist of allowed x509 Distinguished Name. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames +Whitelist of allowed SASL usernames. The format for username depends on +the SASL authentication mechanism. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-priority +Override the compile time default TLS priority string. The default is +usually "NORMAL" unless overridden at build time. Only set this is it +is desired for libvirt to deviate from the global default settings. + +Defaults to @samp{"NORMAL"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{5000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-queued-clients +Maximum length of queue of connections waiting to be accepted by the +daemon. Note, that some protocols supporting retransmission may obey +this so that a later reattempt at connection succeeds. + +Defaults to @samp{1000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-anonymous-clients +Maximum length of queue of accepted but not yet authenticated clients. +Set this to zero to turn this feature off + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer min-workers +Number of workers to start up initially. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-workers +Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, then more +threads are spawned, up to max_workers limit. Typically you'd want +max_workers to equal maximum number of clients allowed. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer prio-workers +Number of priority workers. If all workers from above pool are stuck, +some calls marked as high priority (notably domainDestroy) can be +executed in this pool. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-requests +Total global limit on concurrent RPC calls. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-client-requests +Limit on concurrent requests from a single client connection. To avoid +one client monopolizing the server this should be a small fraction of +the global max_requests and max_workers parameter. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-min-workers +Same as @code{min-workers} but for the admin interface. + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-workers +Same as @code{max-workers} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-clients +Same as @code{max-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-queued-clients +Same as @code{max-queued-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-client-requests +Same as @code{max-client-requests} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer audit-level +Allows usage of the auditing subsystem to be altered + +@itemize @bullet +@item +0: disable all auditing + +@item +1: enable auditing, only if enabled on host + +@item +2: enable auditing, and exit if disabled on host. + +@end itemize + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean audit-logging +Send audit messages via libvirt logging infrastructure. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-string host-uuid +Host UUID. UUID must not have all digits be the same. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string host-uuid-source +Source to read host UUID. + +@itemize @bullet +@item +@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item +@code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID will +be generated. + +Defaults to @samp{"smbios"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-interval +A keepalive message is sent to a client after @code{keepalive_interval} +seconds of inactivity to check if the client is still responding. If +set to -1, libvirtd will never send keepalive requests; however clients +can still send them and the daemon will send responses. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-count +Maximum number of keepalive messages that are allowed to be sent to the +client without getting any response before the connection is considered +broken. + +In other words, the connection is automatically closed approximately +after @code{keepalive_interval * (keepalive_count + 1)} seconds since +the last message received from the client. When @code{keepalive-count} +is set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-interval +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-count +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer ovs-timeout +Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and its +timeout option is set by default to 5 seconds to avoid potential +infinite waits blocking libvirt. + +Defaults to @samp{5}. + +@end deftypevr + +@c %end of autogenerated docs + +@subsubheading Virtlog daemon +The virtlogd service is a server side daemon component of libvirt that is +used to manage logs from virtual machine consoles. + +This daemon is not used directly by libvirt client applications, rather it +is called on their behalf by @code{libvirtd}. By maintaining the logs in a +standalone daemon, the main @code{libvirtd} daemon can be restarted without +risk of losing logs. The @code{virtlogd} daemon has the ability to re-exec() +itself upon receiving @code{SIGUSR1}, to allow live upgrades without downtime. + +@deffn {Scheme Variable} virtlog-service-type +This is the type of the virtlog daemon. +Its value must be a @code{virtlog-configuration}. + +@example +(service virtlog-service-type + (virtlog-configuration + (max-clients 1000))) +@end example +@end deffn + +@deftypevr {@code{virtlog-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{1024}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-size +Maximum file size before rolling over. + +Defaults to @samp{2MB} + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-backups +Maximum number of backup files to keep. + +Defaults to @samp{3} + +@end deftypevr + + @node Miscellaneous Services @subsubsection Miscellaneous Services diff --git a/gnu/local.mk b/gnu/local.mk index f5255feff..95c4a8b1d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -437,6 +437,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/dns.scm \ %D%/services/kerberos.scm \ %D%/services/lirc.scm \ + %D%/services/virtualization.scm \ %D%/services/mail.scm \ %D%/services/mcron.scm \ %D%/services/messaging.scm \ diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm new file mode 100644 index 000000000..58d04edcf --- /dev/null +++ b/gnu/services/virtualization.scm @@ -0,0 +1,495 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ryan Moe +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services virtualization) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services base) + #:use-module (gnu services dbus) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages virtualization) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (ice-9 match) + + #:export (libvirt-configuration + libvirt-service-type + virtlog-service-type)) + +(define (uglify-field-name field-name) + (let ((str (symbol->string field-name))) + (string-join + (string-split (string-delete #\? str) #\-) + "_"))) + +(define (quote-val val) + (string-append "\"" val "\"")) + +(define (serialize-field field-name val) + (format #t "~a = ~a\n" (uglify-field-name field-name) val)) + +(define (serialize-string field-name val) + (serialize-field field-name (quote-val val))) + +(define (serialize-boolean field-name val) + (serialize-field field-name (if val 1 0))) + +(define (serialize-integer field-name val) + (serialize-field field-name val)) + +(define (build-opt-list val) + (string-append + "[" + (string-join (map quote-val val) ",") + "]")) + +(define optional-list? list?) +(define optional-string? string?) + +(define (serialize-list field-name val) + (serialize-field field-name (build-opt-list val))) + +(define (serialize-optional-list field-name val) + (if (null? val) + (format #t "# ~a = []\n" (uglify-field-name field-name)) + (serialize-list field-name val))) + +(define (serialize-optional-string field-name val) + (if (string-null? val) + (format #t "# ~a = \"\"\n" (uglify-field-name field-name)) + (serialize-string field-name val))) + +(define-configuration libvirt-configuration + (libvirt + (package libvirt) + "Libvirt package.") + (listen-tls? + (boolean #t) + "Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before +using this capability.") + (listen-tcp? + (boolean #f) + "Listen for unencrypted TCP connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only +SASL mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5)") + (tls-port + (string "16514") + "Port for accepting secure TLS connections This can be a port number, +or service name") + (tcp-port + (string "16509") + "Port for accepting insecure TCP connections This can be a port number, +or service name") + (listen-addr + (string "0.0.0.0") + "IP address or hostname used for client connections.") + (mdns-adv? + (boolean #f) + "Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by +stopping the Avahi daemon.") + (mdns-name + (string (string-append "Virtualization Host " (gethostname))) + "Default mDNS advertisement name. This must be unique on the +immediate broadcast network.") + (unix-sock-group + (string "root") + "UNIX domain socket group ownership. This can be used to +allow a 'trusted' set of users access to management capabilities +without becoming root.") + (unix-sock-ro-perms + (string "0777") + "UNIX socket permissions for the R/O socket. This is used +for monitoring VM status only.") + (unix-sock-rw-perms + (string "0770") + "UNIX socket permissions for the R/W socket. Default allows +only root. If PolicyKit is enabled on the socket, the default +will change to allow everyone (eg, 0777)") + (unix-sock-admin-perms + (string "0777") + "UNIX socket permissions for the admin socket. Default allows +only owner (root), do not change it unless you are sure to whom +you are exposing the access to.") + (unix-sock-dir + (string "/var/run/libvirt") + "The directory in which sockets will be found/created.") + (auth-unix-ro + (string "polkit") + "Authentication scheme for UNIX read-only sockets. By default +socket permissions allow anyone to connect") + (auth-unix-rw + (string "polkit") + "Authentication scheme for UNIX read-write sockets. By default +socket permissions only allow root. If PolicyKit support was compiled +into libvirt, the default will be to use 'polkit' auth.") + (auth-tcp + (string "sasl") + "Authentication scheme for TCP sockets. If you don't enable SASL, +then all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario.") + (auth-tls + (string "none") + "Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is +done by certificates. + +It is possible to make use of any SASL authentication mechanism as +well, by using 'sasl' for this option") + (access-drivers + (optional-list '()) + "API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this.") + (key-file + (string "") + "Server key file path. If set to an empty string, then no private key +is loaded.") + (cert-file + (string "") + "Server key file path. If set to an empty string, then no certificate +is loaded.") + (ca-file + (string "") + "Server key file path. If set to an empty string, then no CA certificate +is loaded.") + (crl-file + (string "") + "Certificate revocation list path. If set to an empty string, then no +CRL is loaded.") + (tls-no-sanity-cert + (boolean #f) + "Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates.") + (tls-no-verify-cert + (boolean #f) + "Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA +will be rejected.") + (tls-allowed-dn-list + (optional-list '()) + "Whitelist of allowed x509 Distinguished Name.") + (sasl-allowed-usernames + (optional-list '()) + "Whitelist of allowed SASL usernames. The format for username +depends on the SASL authentication mechanism.") + (tls-priority + (string "NORMAL") + "Override the compile time default TLS priority string. The +default is usually \"NORMAL\" unless overridden at build time. +Only set this is it is desired for libvirt to deviate from +the global default settings.") + (max-clients + (integer 5000) + "Maximum number of concurrent client connections to allow +over all sockets combined.") + (max-queued-clients + (integer 1000) + "Maximum length of queue of connections waiting to be +accepted by the daemon. Note, that some protocols supporting +retransmission may obey this so that a later reattempt at +connection succeeds.") + (max-anonymous-clients + (integer 20) + "Maximum length of queue of accepted but not yet authenticated +clients. Set this to zero to turn this feature off") + (min-workers + (integer 5) + "Number of workers to start up initially.") + (max-workers + (integer 20) + "Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, +then more threads are spawned, up to max_workers limit. +Typically you'd want max_workers to equal maximum number +of clients allowed.") + (prio-workers + (integer 5) + "Number of priority workers. If all workers from above +pool are stuck, some calls marked as high priority +(notably domainDestroy) can be executed in this pool.") + (max-requests + (integer 20) + "Total global limit on concurrent RPC calls.") + (max-client-requests + (integer 5) + "Limit on concurrent requests from a single client +connection. To avoid one client monopolizing the server +this should be a small fraction of the global max_requests +and max_workers parameter.") + (admin-min-workers + (integer 1) + "Same as @code{min-workers} but for the admin interface.") + (admin-max-workers + (integer 5) + "Same as @code{max-workers} but for the admin interface.") + (admin-max-clients + (integer 5) + "Same as @code{max-clients} but for the admin interface.") + (admin-max-queued-clients + (integer 5) + "Same as @code{max-queued-clients} but for the admin interface.") + (admin-max-client-requests + (integer 5) + "Same as @code{max-client-requests} but for the admin interface.") + (log-level + (integer 3) + "Logging level. 4 errors, 3 warnings, 2 information, 1 debug.") + (log-filters + (string "3:remote 4:event") + "Logging filters. + +A filter allows to select a different logging level for a given category +of logs +The format for a filter is one of: +@itemize +@item x:name + +@item x:+name +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the +filter can be a substring of the full category name, in order +to match multiple similar categories), the optional \"+\" prefix +tells libvirt to log stack trace for each message matching +name, and @code{x} is the minimal level where matching messages should +be logged: + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces.") + (log-outputs + (string "3:stderr") + "Logging outputs. + +An output is one of the places to save logging information +The format for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple outputs can be defined, they just need to be separated by spaces.") + (audit-level + (integer 1) + "Allows usage of the auditing subsystem to be altered + +@itemize +@item 0: disable all auditing +@item 1: enable auditing, only if enabled on host +@item 2: enable auditing, and exit if disabled on host. +@end itemize +") + (audit-logging + (boolean #f) + "Send audit messages via libvirt logging infrastructure.") + (host-uuid + (optional-string "") + "Host UUID. UUID must not have all digits be the same.") + (host-uuid-source + (string "smbios") + "Source to read host UUID. + +@itemize + +@item @code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID +will be generated.") + (keepalive-interval + (integer 5) + "A keepalive message is sent to a client after +@code{keepalive_interval} seconds of inactivity to check if +the client is still responding. If set to -1, libvirtd will +never send keepalive requests; however clients can still send +them and the daemon will send responses.") + (keepalive-count + (integer 5) + "Maximum number of keepalive messages that are allowed to be sent +to the client without getting any response before the connection is +considered broken. + +In other words, the connection is automatically +closed approximately after +@code{keepalive_interval * (keepalive_count + 1)} seconds since the last +message received from the client. When @code{keepalive-count} is +set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages.") + (admin-keepalive-interval + (integer 5) + "Same as above but for admin interface.") + (admin-keepalive-count + (integer 5) + "Same as above but for admin interface.") + (ovs-timeout + (integer 5) + "Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and +its timeout option is set by default to 5 seconds to avoid +potential infinite waits blocking libvirt.")) + +(define* (libvirt-conf-file config) + "Return a libvirtd config file." + (plain-file "libvirtd.conf" + (with-output-to-string + (lambda () + (serialize-configuration config libvirt-configuration-fields))))) + +(define %libvirt-accounts + (list (user-group (name "libvirt") (system? #t)))) + +(define (%libvirt-activation config) + (let ((sock-dir (libvirt-configuration-unix-sock-dir config))) + #~(begin + (use-modules (guix build utils)) + (mkdir-p #$sock-dir)))) + + +(define (libvirt-shepherd-service config) + (let* ((config-file (libvirt-conf-file config)) + (libvirt (libvirt-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the libvirt daemon.") + (provision '(libvirtd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/libvirtd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define libvirt-service-type + (service-type (name 'libvirt) + (extensions + (list + (service-extension polkit-service-type (compose list libvirt-configuration-libvirt)) + (service-extension profile-service-type + (compose list + (lambda (package) qemu) + libvirt-configuration-libvirt)) + (service-extension activation-service-type + %libvirt-activation) + (service-extension shepherd-root-service-type + libvirt-shepherd-service) + (service-extension account-service-type + (const %libvirt-accounts)))) + (default-value (libvirt-configuration)))) + + +(define-record-type* + virtlog-configuration make-virtlog-configuration + virtlog-configuration? + (libvirt virtlog-configuration-libvirt + (default libvirt)) + (log-level virtlog-configuration-log-level + (default 3)) + (log-filters virtlog-configuration-log-filters + (default "3:remote 4:event")) + (log-outputs virtlog-configuration-log-outputs + (default "3:syslog:virtlogd")) + (max-clients virtlog-configuration-max-clients + (default 1024)) + (max-size virtlog-configuration-max-size + (default 2097152)) ;; 2MB + (max-backups virtlog-configuration-max-backups + (default 3))) + +(define* (virtlogd-conf-file config) + "Return a virtlogd config file." + (plain-file "virtlogd.conf" + (string-append + "log_level = " (number->string (virtlog-configuration-log-level config)) "\n" + "log_filters = \"" (virtlog-configuration-log-filters config) "\"\n" + "log_outputs = \"" (virtlog-configuration-log-outputs config) "\"\n" + "max_clients = " (number->string (virtlog-configuration-max-clients config)) "\n" + "max_size = " (number->string (virtlog-configuration-max-size config)) "\n" + "max_backups = " (number->string (virtlog-configuration-max-backups config)) "\n"))) + +(define (virtlogd-shepherd-service config) + (let* ((config-file (virtlogd-conf-file config)) + (libvirt (virtlog-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the virtlog daemon.") + (provision '(virtlogd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/virtlogd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define virtlog-service-type + (service-type (name 'virtlogd) + (extensions + (list + (service-extension profile-service-type + (compose list + virtlog-configuration-libvirt)) + (service-extension shepherd-root-service-type + virtlogd-shepherd-service))) + (default-value (virtlog-configuration)))) + +(define (generate-libvirt-documentation) + (generate-documentation + `((libvirt-configuration ,libvirt-configuration-fields)) + 'libvirt-configuration)) -- 2.13.3 From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 18 03:48:25 2017 Received: (at 27887) by debbugs.gnu.org; 18 Aug 2017 07:48:25 +0000 Received: from localhost ([127.0.0.1]:43469 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dic11-0002DL-5J for submit@debbugs.gnu.org; Fri, 18 Aug 2017 03:48:24 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:57442 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dic0x-0002D9-Kp for 27887@debbugs.gnu.org; Fri, 18 Aug 2017 03:48:22 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id E1D7316FE93; Fri, 18 Aug 2017 08:48:17 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 140DC16FE91; Fri, 18 Aug 2017 08:48:16 +0100 (BST) Date: Fri, 18 Aug 2017 08:48:12 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170818084812.16bd673e@cbaines.net> In-Reply-To: <20170731181308.6425-1-ryan.moe@gmail.com> References: <20170731181308.6425-1-ryan.moe@gmail.com> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/T/l.7x.ws2mC.I=g+ZLqysA"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/T/l.7x.ws2mC.I=g+ZLqysA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 31 Jul 2017 11:13:08 -0700 Ryan Moe wrote: > * gnu/services/virtualization.scm: New file. > * doc/guix.texi (Virtualization Services): Document it. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > --- > doc/guix.texi | 709 > ++++++++++++++++++++++++++++++++++++++++ > gnu/local.mk | 1 + > gnu/services/virtualization.scm | 495 ++++++++++++++++++++++++++++ 3 > files changed, 1205 insertions(+) create mode 100644 > gnu/services/virtualization.scm Awesome stuff Ryan, I'm not that knowledgeable on libvirt, but this looks like a well put together patch. > diff --git a/doc/guix.texi b/doc/guix.texi > index 932b118f7..94b660ac6 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -226,6 +226,7 @@ Services > * Network File System:: NFS related services. > * Continuous Integration:: The Cuirass service. > * Power management Services:: The TLP tool. > +* Virtualization Services:: Virtualization services. > * Miscellaneous Services:: Other services. > =20 > Defining Services > @@ -9018,6 +9019,7 @@ declaration. > * Network File System:: NFS related services. > * Continuous Integration:: The Cuirass service. > * Power management Services:: The TLP tool. > +* Virtualization Services:: Virtualization services. > * Miscellaneous Services:: Other services. > @end menu > =20 > @@ -15388,6 +15390,713 @@ Package object of thermald. > @end deftp > =20 > =20 > +@node Virtualization Services > +@subsubsection Virtualization services > +The @code{(gnu services virtualization)} module provides services for > +the libvirt and virtlog daemons. > + > +@subsubheading Libvirt daemon > +@code{libvirtd} is the server side daemon component of the libvirt > +virtualization management system. This daemon runs on host servers > +and performs required management tasks for virtualized guests. > + > +@deffn {Scheme Variable} libvirt-service-type > +This is the type of the @uref{https://libvirt.org, libvirt daemon}. > +Its value must be a @code{libvirt-configuration}. > + > +@example > +(service libvirt-service-type > + (libvirt-configuration > + (unix-sock-group "libvirt") > + (tls-port "16555"))) > +@end example > +@end deffn > + > +@c Auto-generated with (generate-libvirt-documentation) > +Available @code{libvirt-configuration} fields are: > + > +@deftypevr {@code{libvirt-configuration} parameter} package libvirt > +Libvirt package. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean > listen-tls? +Flag listening for secure TLS connections on the public > TCP/IP port. +must set @code{listen} for this to have any effect. > + > +It is necessary to setup a CA and issue server certificates before > using +this capability. > + > +Defaults to @samp{#t}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean > listen-tcp? +Listen for unencrypted TCP connections on the public > TCP/IP port. must +set @code{listen} for this to have any effect. > + > +Using the TCP socket requires SASL authentication by default. Only > SASL +mechanisms which support data encryption are allowed. This is > +DIGEST_MD5 and GSSAPI (Kerberos5) > + > +Defaults to @samp{#f}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string tls-port > +Port for accepting secure TLS connections This can be a port number, > or +service name > + > +Defaults to @samp{"16514"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string tcp-port > +Port for accepting insecure TCP connections This can be a port > number, +or service name > + > +Defaults to @samp{"16509"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > listen-addr +IP address or hostname used for client connections. > + > +Defaults to @samp{"0.0.0.0"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv? > +Flag toggling mDNS advertisement of the libvirt service. > + > +Alternatively can disable for all services on a host by stopping the > +Avahi daemon. > + > +Defaults to @samp{#f}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string mdns-name > +Default mDNS advertisement name. This must be unique on the > immediate +broadcast network. > + > +Defaults to @samp{"Virtualization Host "}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > unix-sock-group +UNIX domain socket group ownership. This can be > used to allow a +'trusted' set of users access to management > capabilities without +becoming root. > + > +Defaults to @samp{"root"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > unix-sock-ro-perms +UNIX socket permissions for the R/O socket. This > is used for monitoring +VM status only. > + > +Defaults to @samp{"0777"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > unix-sock-rw-perms +UNIX socket permissions for the R/W socket. > Default allows only root. +If PolicyKit is enabled on the socket, the > default will change to allow +everyone (eg, 0777) > + > +Defaults to @samp{"0770"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > unix-sock-admin-perms +UNIX socket permissions for the admin socket. > Default allows only owner +(root), do not change it unless you are > sure to whom you are exposing +the access to. > + > +Defaults to @samp{"0777"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > unix-sock-dir +The directory in which sockets will be found/created. > + > +Defaults to @samp{"/var/run/libvirt"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > auth-unix-ro +Authentication scheme for UNIX read-only sockets. By > default socket +permissions allow anyone to connect > + > +Defaults to @samp{"polkit"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > auth-unix-rw +Authentication scheme for UNIX read-write sockets. By > default socket +permissions only allow root. If PolicyKit support > was compiled into +libvirt, the default will be to use 'polkit' auth. > + > +Defaults to @samp{"polkit"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp > +Authentication scheme for TCP sockets. If you don't enable SASL, > then +all TCP traffic is cleartext. Don't do this outside of a > dev/test +scenario. > + > +Defaults to @samp{"sasl"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string auth-tls > +Authentication scheme for TLS sockets. TLS sockets already have > +encryption provided by the TLS layer, and limited authentication is > done +by certificates. > + > +It is possible to make use of any SASL authentication mechanism as > well, +by using 'sasl' for this option > + > +Defaults to @samp{"none"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} optional-list > access-drivers +API access control scheme. > + > +By default an authenticated user is allowed access to all APIs. > Access +drivers can place restrictions on this. > + > +Defaults to @samp{()}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string key-file > +Server key file path. If set to an empty string, then no private > key is +loaded. > + > +Defaults to @samp{""}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string cert-file > +Server key file path. If set to an empty string, then no > certificate is +loaded. > + > +Defaults to @samp{""}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string ca-file > +Server key file path. If set to an empty string, then no CA > certificate +is loaded. > + > +Defaults to @samp{""}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string crl-file > +Certificate revocation list path. If set to an empty string, then no > +CRL is loaded. > + > +Defaults to @samp{""}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean > tls-no-sanity-cert +Disable verification of our own server > certificates. + > +When libvirtd starts it performs some sanity checks against its own > +certificates. > + > +Defaults to @samp{#f}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean > tls-no-verify-cert +Disable verification of client certificates. > + > +Client certificate verification is the primary authentication > mechanism. +Any client which does not present a certificate signed by > the CA will be +rejected. > + > +Defaults to @samp{#f}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} optional-list > tls-allowed-dn-list +Whitelist of allowed x509 Distinguished Name. > + > +Defaults to @samp{()}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} optional-list > sasl-allowed-usernames +Whitelist of allowed SASL usernames. The > format for username depends on +the SASL authentication mechanism. > + > +Defaults to @samp{()}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > tls-priority +Override the compile time default TLS priority string. > The default is +usually "NORMAL" unless overridden at build time. > Only set this is it +is desired for libvirt to deviate from the > global default settings. + > +Defaults to @samp{"NORMAL"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-clients +Maximum number of concurrent client connections to allow > over all +sockets combined. > + > +Defaults to @samp{5000}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-queued-clients +Maximum length of queue of connections waiting to > be accepted by the +daemon. Note, that some protocols supporting > retransmission may obey +this so that a later reattempt at connection > succeeds. + > +Defaults to @samp{1000}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-anonymous-clients +Maximum length of queue of accepted but not > yet authenticated clients. +Set this to zero to turn this feature off > + > +Defaults to @samp{20}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > min-workers +Number of workers to start up initially. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-workers +Maximum number of worker threads. > + > +If the number of active clients exceeds @code{min-workers}, then more > +threads are spawned, up to max_workers limit. Typically you'd want > +max_workers to equal maximum number of clients allowed. > + > +Defaults to @samp{20}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > prio-workers +Number of priority workers. If all workers from above > pool are stuck, +some calls marked as high priority (notably > domainDestroy) can be +executed in this pool. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-requests +Total global limit on concurrent RPC calls. > + > +Defaults to @samp{20}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > max-client-requests +Limit on concurrent requests from a single > client connection. To avoid +one client monopolizing the server this > should be a small fraction of +the global max_requests and > max_workers parameter. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-min-workers +Same as @code{min-workers} but for the admin > interface. + > +Defaults to @samp{1}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-max-workers +Same as @code{max-workers} but for the admin > interface. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-max-clients +Same as @code{max-clients} but for the admin > interface. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-max-queued-clients +Same as @code{max-queued-clients} but for > the admin interface. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-max-client-requests +Same as @code{max-client-requests} but for > the admin interface. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer log-level > +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. > + > +Defaults to @samp{3}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > log-filters +Logging filters. > + > +A filter allows to select a different logging level for a given > category +of logs The format for a filter is one of: > + > +@itemize @bullet > +@item > +x:name > + > +@item > +x:+name > + > +@end itemize > + > +where @code{name} is a string which is matched against the category > +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source > +file, e.g., "remote", "qemu", or "util.json" (the name in the filter > can +be a substring of the full category name, in order to match > multiple +similar categories), the optional "+" prefix tells libvirt > to log stack +trace for each message matching name, and @code{x} is > the minimal level +where matching messages should be logged: > + > +@itemize @bullet > +@item > +1: DEBUG > + > +@item > +2: INFO > + > +@item > +3: WARNING > + > +@item > +4: ERROR > + > +@end itemize > + > +Multiple filters can be defined in a single filters statement, they > just +need to be separated by spaces. > + > +Defaults to @samp{"3:remote 4:event"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > log-outputs +Logging outputs. > + > +An output is one of the places to save logging information The format > +for an output can be: > + > +@table @code > +@item x:stderr > +output goes to stderr > + > +@item x:syslog:name > +use syslog for the output and use the given name as the ident > + > +@item x:file:file_path > +output to a file, with the given filepath > + > +@item x:journald > +output to journald logging system > + > +@end table > + > +In all case the x prefix is the minimal level, acting as a filter > + > +@itemize @bullet > +@item > +1: DEBUG > + > +@item > +2: INFO > + > +@item > +3: WARNING > + > +@item > +4: ERROR > + > +@end itemize > + > +Multiple outputs can be defined, they just need to be separated by > +spaces. > + > +Defaults to @samp{"3:stderr"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > audit-level +Allows usage of the auditing subsystem to be altered > + > +@itemize @bullet > +@item > +0: disable all auditing > + > +@item > +1: enable auditing, only if enabled on host > + > +@item > +2: enable auditing, and exit if disabled on host. > + > +@end itemize > + > +Defaults to @samp{1}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} boolean > audit-logging +Send audit messages via libvirt logging infrastructure. > + > +Defaults to @samp{#f}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} optional-string > host-uuid +Host UUID. UUID must not have all digits be the same. > + > +Defaults to @samp{""}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} string > host-uuid-source +Source to read host UUID. > + > +@itemize @bullet > +@item > +@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} > + > +@item > +@code{machine-id}: fetch the UUID from @code{/etc/machine-id} > + > +@end itemize > + > +If @code{dmidecode} does not provide a valid UUID a temporary UUID > will +be generated. > + > +Defaults to @samp{"smbios"}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > keepalive-interval +A keepalive message is sent to a client after > @code{keepalive_interval} +seconds of inactivity to check if the > client is still responding. If +set to -1, libvirtd will never send > keepalive requests; however clients +can still send them and the > daemon will send responses. + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > keepalive-count +Maximum number of keepalive messages that are > allowed to be sent to the +client without getting any response before > the connection is considered +broken. > + > +In other words, the connection is automatically closed approximately > +after @code{keepalive_interval * (keepalive_count + 1)} seconds since > +the last message received from the client. When > @code{keepalive-count} +is set to 0, connections will be > automatically closed after +@code{keepalive-interval} seconds of > inactivity without sending any +keepalive messages. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-keepalive-interval +Same as above but for admin interface. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > admin-keepalive-count +Same as above but for admin interface. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@deftypevr {@code{libvirt-configuration} parameter} integer > ovs-timeout +Timeout for Open vSwitch calls. > + > +The @code{ovs-vsctl} utility is used for the configuration and its > +timeout option is set by default to 5 seconds to avoid potential > +infinite waits blocking libvirt. > + > +Defaults to @samp{5}. > + > +@end deftypevr > + > +@c %end of autogenerated docs > + > +@subsubheading Virtlog daemon > +The virtlogd service is a server side daemon component of libvirt > that is +used to manage logs from virtual machine consoles. > + > +This daemon is not used directly by libvirt client applications, > rather it +is called on their behalf by @code{libvirtd}. By > maintaining the logs in a +standalone daemon, the main > @code{libvirtd} daemon can be restarted without +risk of losing logs. > The @code{virtlogd} daemon has the ability to re-exec() +itself upon > receiving @code{SIGUSR1}, to allow live upgrades without downtime. + > +@deffn {Scheme Variable} virtlog-service-type > +This is the type of the virtlog daemon. > +Its value must be a @code{virtlog-configuration}. > + > +@example > +(service virtlog-service-type > + (virtlog-configuration > + (max-clients 1000))) > +@end example > +@end deffn > + > +@deftypevr {@code{virtlog-configuration} parameter} integer log-level > +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. > + > +Defaults to @samp{3}. > + > +@end deftypevr > + > +@deftypevr {@code{virtlog-configuration} parameter} string > log-filters +Logging filters. > + > +A filter allows to select a different logging level for a given > category +of logs The format for a filter is one of: > + > +@itemize @bullet > +@item > +x:name > + > +@item > +x:+name > + > +@end itemize > + > +where @code{name} is a string which is matched against the category > +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source > +file, e.g., "remote", "qemu", or "util.json" (the name in the filter > can +be a substring of the full category name, in order to match > multiple +similar categories), the optional "+" prefix tells libvirt > to log stack +trace for each message matching name, and @code{x} is > the minimal level +where matching messages should be logged: > + > +@itemize @bullet > +@item > +1: DEBUG > + > +@item > +2: INFO > + > +@item > +3: WARNING > + > +@item > +4: ERROR > + > +@end itemize > + > +Multiple filters can be defined in a single filters statement, they > just +need to be separated by spaces. > + > +Defaults to @samp{"3:remote 4:event"}. > + > +@end deftypevr > + > +@deftypevr {@code{virtlog-configuration} parameter} string > log-outputs +Logging outputs. > + > +An output is one of the places to save logging information The format > +for an output can be: > + > +@table @code > +@item x:stderr > +output goes to stderr > + > +@item x:syslog:name > +use syslog for the output and use the given name as the ident > + > +@item x:file:file_path > +output to a file, with the given filepath > + > +@item x:journald > +output to journald logging system > + > +@end table > + > +In all case the x prefix is the minimal level, acting as a filter > + > +@itemize @bullet > +@item > +1: DEBUG > + > +@item > +2: INFO > + > +@item > +3: WARNING > + > +@item > +4: ERROR > + > +@end itemize > + > +Multiple outputs can be defined, they just need to be separated by > +spaces. > + > +Defaults to @samp{"3:stderr"}. > + > +@end deftypevr > + > +@deftypevr {@code{virtlog-configuration} parameter} integer > max-clients +Maximum number of concurrent client connections to allow > over all +sockets combined. > + > +Defaults to @samp{1024}. > + > +@end deftypevr > + > +@deftypevr {@code{virtlog-configuration} parameter} integer max-size > +Maximum file size before rolling over. > + > +Defaults to @samp{2MB} > + > +@end deftypevr > + > +@deftypevr {@code{virtlog-configuration} parameter} integer > max-backups +Maximum number of backup files to keep. > + > +Defaults to @samp{3} > + > +@end deftypevr > + > + > @node Miscellaneous Services > @subsubsection Miscellaneous Services > =20 > diff --git a/gnu/local.mk b/gnu/local.mk > index f5255feff..95c4a8b1d 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -437,6 +437,7 @@ GNU_SYSTEM_MODULES > =3D \ > %D%/services/dns.scm \ > %D%/services/kerberos.scm \ > %D%/services/lirc.scm \ > + %D%/services/virtualization.scm \ > %D%/services/mail.scm \ > %D%/services/mcron.scm \ > %D%/services/messaging.scm \ > diff --git a/gnu/services/virtualization.scm > b/gnu/services/virtualization.scm new file mode 100644 > index 000000000..58d04edcf > --- /dev/null > +++ b/gnu/services/virtualization.scm > @@ -0,0 +1,495 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2017 Ryan Moe > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify > it +;;; under the terms of the GNU General Public License as > published by +;;; the Free Software Foundation; either version 3 of > the License, or (at +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see . > + > +(define-module (gnu services virtualization) > + #:use-module (gnu services) > + #:use-module (gnu services configuration) > + #:use-module (gnu services base) > + #:use-module (gnu services dbus) > + #:use-module (gnu services shepherd) > + #:use-module (gnu system shadow) > + #:use-module (gnu packages admin) > + #:use-module (gnu packages virtualization) > + #:use-module (guix records) > + #:use-module (guix gexp) > + #:use-module (guix packages) > + #:use-module (ice-9 match) > + > + #:export (libvirt-configuration > + libvirt-service-type > + virtlog-service-type)) > + > +(define (uglify-field-name field-name) > + (let ((str (symbol->string field-name))) > + (string-join > + (string-split (string-delete #\? str) #\-) > + "_"))) > + > +(define (quote-val val) > + (string-append "\"" val "\"")) > + > +(define (serialize-field field-name val) > + (format #t "~a =3D ~a\n" (uglify-field-name field-name) val)) > + > +(define (serialize-string field-name val) > + (serialize-field field-name (quote-val val))) > + > +(define (serialize-boolean field-name val) > + (serialize-field field-name (if val 1 0))) > + > +(define (serialize-integer field-name val) > + (serialize-field field-name val)) > + > +(define (build-opt-list val) > + (string-append > + "[" > + (string-join (map quote-val val) ",") > + "]")) > + > +(define optional-list? list?) > +(define optional-string? string?) > + > +(define (serialize-list field-name val) > + (serialize-field field-name (build-opt-list val))) > + > +(define (serialize-optional-list field-name val) > + (if (null? val) > + (format #t "# ~a =3D []\n" (uglify-field-name field-name)) > + (serialize-list field-name val))) > + > +(define (serialize-optional-string field-name val) > + (if (string-null? val) > + (format #t "# ~a =3D \"\"\n" (uglify-field-name field-name)) > + (serialize-string field-name val))) > + > +(define-configuration libvirt-configuration > + (libvirt > + (package libvirt) > + "Libvirt package.") > + (listen-tls? > + (boolean #t) > + "Flag listening for secure TLS connections on the public TCP/IP > port. +must set @code{listen} for this to have any effect. > + > +It is necessary to setup a CA and issue server certificates before > +using this capability.") > + (listen-tcp? > + (boolean #f) > + "Listen for unencrypted TCP connections on the public TCP/IP port. > +must set @code{listen} for this to have any effect. > + > +Using the TCP socket requires SASL authentication by default. Only > +SASL mechanisms which support data encryption are allowed. This is > +DIGEST_MD5 and GSSAPI (Kerberos5)") > + (tls-port > + (string "16514") > + "Port for accepting secure TLS connections This can be a port > number, +or service name") > + (tcp-port > + (string "16509") > + "Port for accepting insecure TCP connections This can be a port > number, +or service name") > + (listen-addr > + (string "0.0.0.0") > + "IP address or hostname used for client connections.") > + (mdns-adv? > + (boolean #f) > + "Flag toggling mDNS advertisement of the libvirt service. > + > +Alternatively can disable for all services on a host by > +stopping the Avahi daemon.") > + (mdns-name > + (string (string-append "Virtualization Host " (gethostname))) > + "Default mDNS advertisement name. This must be unique on the > +immediate broadcast network.") > + (unix-sock-group > + (string "root") > + "UNIX domain socket group ownership. This can be used to > +allow a 'trusted' set of users access to management capabilities > +without becoming root.") > + (unix-sock-ro-perms > + (string "0777") > + "UNIX socket permissions for the R/O socket. This is used > +for monitoring VM status only.") > + (unix-sock-rw-perms > + (string "0770") > + "UNIX socket permissions for the R/W socket. Default allows > +only root. If PolicyKit is enabled on the socket, the default > +will change to allow everyone (eg, 0777)") > + (unix-sock-admin-perms > + (string "0777") > + "UNIX socket permissions for the admin socket. Default allows > +only owner (root), do not change it unless you are sure to whom > +you are exposing the access to.") > + (unix-sock-dir > + (string "/var/run/libvirt") > + "The directory in which sockets will be found/created.") > + (auth-unix-ro > + (string "polkit") > + "Authentication scheme for UNIX read-only sockets. By default > +socket permissions allow anyone to connect") > + (auth-unix-rw > + (string "polkit") > + "Authentication scheme for UNIX read-write sockets. By default > +socket permissions only allow root. If PolicyKit support was compiled > +into libvirt, the default will be to use 'polkit' auth.") > + (auth-tcp > + (string "sasl") > + "Authentication scheme for TCP sockets. If you don't enable SASL, > +then all TCP traffic is cleartext. Don't do this outside of a > dev/test +scenario.") > + (auth-tls > + (string "none") > + "Authentication scheme for TLS sockets. TLS sockets already have > +encryption provided by the TLS layer, and limited authentication is > +done by certificates. > + > +It is possible to make use of any SASL authentication mechanism as > +well, by using 'sasl' for this option") > + (access-drivers > + (optional-list '()) > + "API access control scheme. > + > +By default an authenticated user is allowed access to all APIs. > Access +drivers can place restrictions on this.") > + (key-file > + (string "") > + "Server key file path. If set to an empty string, then no private > key +is loaded.") > + (cert-file > + (string "") > + "Server key file path. If set to an empty string, then no > certificate +is loaded.") > + (ca-file > + (string "") > + "Server key file path. If set to an empty string, then no CA > certificate +is loaded.") > + (crl-file > + (string "") > + "Certificate revocation list path. If set to an empty string, > then no +CRL is loaded.") > + (tls-no-sanity-cert > + (boolean #f) > + "Disable verification of our own server certificates. > + > +When libvirtd starts it performs some sanity checks against its own > +certificates.") > + (tls-no-verify-cert > + (boolean #f) > + "Disable verification of client certificates. > + > +Client certificate verification is the primary authentication > mechanism. +Any client which does not present a certificate signed by > the CA +will be rejected.") > + (tls-allowed-dn-list > + (optional-list '()) > + "Whitelist of allowed x509 Distinguished Name.") > + (sasl-allowed-usernames > + (optional-list '()) > + "Whitelist of allowed SASL usernames. The format for username > +depends on the SASL authentication mechanism.") > + (tls-priority > + (string "NORMAL") > + "Override the compile time default TLS priority string. The > +default is usually \"NORMAL\" unless overridden at build time. > +Only set this is it is desired for libvirt to deviate from > +the global default settings.") > + (max-clients > + (integer 5000) > + "Maximum number of concurrent client connections to allow > +over all sockets combined.") > + (max-queued-clients > + (integer 1000) > + "Maximum length of queue of connections waiting to be > +accepted by the daemon. Note, that some protocols supporting > +retransmission may obey this so that a later reattempt at > +connection succeeds.") > + (max-anonymous-clients > + (integer 20) > + "Maximum length of queue of accepted but not yet authenticated > +clients. Set this to zero to turn this feature off") > + (min-workers > + (integer 5) > + "Number of workers to start up initially.") > + (max-workers > + (integer 20) > + "Maximum number of worker threads. > + > +If the number of active clients exceeds @code{min-workers}, > +then more threads are spawned, up to max_workers limit. > +Typically you'd want max_workers to equal maximum number > +of clients allowed.") > + (prio-workers > + (integer 5) > + "Number of priority workers. If all workers from above > +pool are stuck, some calls marked as high priority > +(notably domainDestroy) can be executed in this pool.") > + (max-requests > + (integer 20) > + "Total global limit on concurrent RPC calls.") > + (max-client-requests > + (integer 5) > + "Limit on concurrent requests from a single client > +connection. To avoid one client monopolizing the server > +this should be a small fraction of the global max_requests > +and max_workers parameter.") > + (admin-min-workers > + (integer 1) > + "Same as @code{min-workers} but for the admin interface.") > + (admin-max-workers > + (integer 5) > + "Same as @code{max-workers} but for the admin interface.") > + (admin-max-clients > + (integer 5) > + "Same as @code{max-clients} but for the admin interface.") > + (admin-max-queued-clients > + (integer 5) > + "Same as @code{max-queued-clients} but for the admin interface.") > + (admin-max-client-requests > + (integer 5) > + "Same as @code{max-client-requests} but for the admin > interface.") > + (log-level > + (integer 3) > + "Logging level. 4 errors, 3 warnings, 2 information, 1 debug.") > + (log-filters > + (string "3:remote 4:event") > + "Logging filters. > + > +A filter allows to select a different logging level for a given > category +of logs > +The format for a filter is one of: > +@itemize > +@item x:name > + > +@item x:+name > +@end itemize > + > +where @code{name} is a string which is matched against the category > +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source > +file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the > +filter can be a substring of the full category name, in order > +to match multiple similar categories), the optional \"+\" prefix > +tells libvirt to log stack trace for each message matching > +name, and @code{x} is the minimal level where matching messages > should +be logged: > + > +@itemize > +@item 1: DEBUG > +@item 2: INFO > +@item 3: WARNING > +@item 4: ERROR > +@end itemize > + > +Multiple filters can be defined in a single filters statement, they > just +need to be separated by spaces.") > + (log-outputs > + (string "3:stderr") > + "Logging outputs. > + > +An output is one of the places to save logging information > +The format for an output can be: > + > +@table @code > +@item x:stderr > +output goes to stderr > + > +@item x:syslog:name > +use syslog for the output and use the given name as the ident > + > +@item x:file:file_path > +output to a file, with the given filepath > + > +@item x:journald > +output to journald logging system > +@end table > + > +In all case the x prefix is the minimal level, acting as a filter > + > +@itemize > +@item 1: DEBUG > +@item 2: INFO > +@item 3: WARNING > +@item 4: ERROR > +@end itemize > + > +Multiple outputs can be defined, they just need to be separated by > spaces.") > + (audit-level > + (integer 1) > + "Allows usage of the auditing subsystem to be altered > + > +@itemize > +@item 0: disable all auditing > +@item 1: enable auditing, only if enabled on host > +@item 2: enable auditing, and exit if disabled on host. > +@end itemize > +") > + (audit-logging > + (boolean #f) > + "Send audit messages via libvirt logging infrastructure.") > + (host-uuid > + (optional-string "") > + "Host UUID. UUID must not have all digits be the same.") > + (host-uuid-source > + (string "smbios") > + "Source to read host UUID. > + > +@itemize > + > +@item @code{smbios}: fetch the UUID from @code{dmidecode -s > system-uuid} + > +@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id} > + > +@end itemize > + > +If @code{dmidecode} does not provide a valid UUID a temporary UUID > +will be generated.") > + (keepalive-interval > + (integer 5) > + "A keepalive message is sent to a client after > +@code{keepalive_interval} seconds of inactivity to check if > +the client is still responding. If set to -1, libvirtd will > +never send keepalive requests; however clients can still send > +them and the daemon will send responses.") > + (keepalive-count > + (integer 5) > + "Maximum number of keepalive messages that are allowed to be sent > +to the client without getting any response before the connection is > +considered broken. > + > +In other words, the connection is automatically > +closed approximately after > +@code{keepalive_interval * (keepalive_count + 1)} seconds since the > last +message received from the client. When @code{keepalive-count} is > +set to 0, connections will be automatically closed after > +@code{keepalive-interval} seconds of inactivity without sending any > +keepalive messages.") > + (admin-keepalive-interval > + (integer 5) > + "Same as above but for admin interface.") > + (admin-keepalive-count > + (integer 5) > + "Same as above but for admin interface.") > + (ovs-timeout > + (integer 5) > + "Timeout for Open vSwitch calls. > + > +The @code{ovs-vsctl} utility is used for the configuration and > +its timeout option is set by default to 5 seconds to avoid > +potential infinite waits blocking libvirt.")) > + > +(define* (libvirt-conf-file config) > + "Return a libvirtd config file." > + (plain-file "libvirtd.conf" > + (with-output-to-string > + (lambda () > + (serialize-configuration config libvirt-configuration-= fields))))) > + > +(define %libvirt-accounts > + (list (user-group (name "libvirt") (system? #t)))) > + > +(define (%libvirt-activation config) > + (let ((sock-dir (libvirt-configuration-unix-sock-dir config))) > + #~(begin > + (use-modules (guix build utils)) > + (mkdir-p #$sock-dir)))) > + > + > +(define (libvirt-shepherd-service config) > + (let* ((config-file (libvirt-conf-file config)) > + (libvirt (libvirt-configuration-libvirt config))) > + (list (shepherd-service > + (documentation "Run the libvirt daemon.") > + (provision '(libvirtd)) > + (start #~(make-forkexec-constructor > + (list (string-append #$libvirt "/sbin/libvirtd") > + "-f" #$config-file))) > + (stop #~(make-kill-destructor)))))) > + > +(define libvirt-service-type > + (service-type (name 'libvirt) > + (extensions > + (list > + (service-extension polkit-service-type (compose list l= ibvirt-configuration-libvirt)) Line length could be better here, just by putting the (compose ... ) bit on the line after the polkit-service-type. > + (service-extension profile-service-type > + (compose list > + (lambda (package) qemu) > + libvirt-configuration-libvirt)) This confused me for a bit, until I realised that a simpler way of expressing this would be (const (list qemu)) if I'm correct? Also, it would be good to explain why this needs to happen in a comment. > + (service-extension activation-service-type > + %libvirt-activation) > + (service-extension shepherd-root-service-type > + libvirt-shepherd-service) > + (service-extension account-service-type > + (const %libvirt-accounts)))) > + (default-value (libvirt-configuration)))) > + > + > +(define-record-type* > + virtlog-configuration make-virtlog-configuration > + virtlog-configuration? > + (libvirt virtlog-configuration-libvirt > + (default libvirt)) > + (log-level virtlog-configuration-log-level > + (default 3)) > + (log-filters virtlog-configuration-log-filters > + (default "3:remote 4:event")) > + (log-outputs virtlog-configuration-log-outputs > + (default "3:syslog:virtlogd")) > + (max-clients virtlog-configuration-max-clients > + (default 1024)) > + (max-size virtlog-configuration-max-size > + (default 2097152)) ;; 2MB > + (max-backups virtlog-configuration-max-backups > + (default 3))) > + > +(define* (virtlogd-conf-file config) > + "Return a virtlogd config file." > + (plain-file "virtlogd.conf" > + (string-append > + "log_level =3D " (number->string > (virtlog-configuration-log-level config)) "\n" > + "log_filters =3D \"" (virtlog-configuration-log-filters > config) "\"\n" > + "log_outputs =3D \"" (virtlog-configuration-log-outputs > config) "\"\n" > + "max_clients =3D " (number->string > (virtlog-configuration-max-clients config)) "\n" > + "max_size =3D " (number->string > (virtlog-configuration-max-size config)) "\n" > + "max_backups =3D " (number->string > (virtlog-configuration-max-backups config)) "\n"))) + > +(define (virtlogd-shepherd-service config) > + (let* ((config-file (virtlogd-conf-file config)) > + (libvirt (virtlog-configuration-libvirt config))) > + (list (shepherd-service > + (documentation "Run the virtlog daemon.") > + (provision '(virtlogd)) > + (start #~(make-forkexec-constructor > + (list (string-append #$libvirt "/sbin/virtlogd") > + "-f" #$config-file))) > + (stop #~(make-kill-destructor)))))) > + > +(define virtlog-service-type > + (service-type (name 'virtlogd) > + (extensions > + (list > + (service-extension profile-service-type > + (compose list > + > virtlog-configuration-libvirt)) What function does this extension have? As far as I understood from the documentation you wrote, this is used from the libvirt service. > + (service-extension shepherd-root-service-type > + virtlogd-shepherd-service))) > + (default-value (virtlog-configuration)))) > + > +(define (generate-libvirt-documentation) > + (generate-documentation > + `((libvirt-configuration ,libvirt-configuration-fields)) > + 'libvirt-configuration)) This looks pretty much ready to be merged to me. Later, I'll try running this on my machine, just to check that it starts successfully. --Sig_/T/l.7x.ws2mC.I=g+ZLqysA Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmWm7xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XdzTQ/+Isf519IHdNsNjqDK7KlX5MdEYtvtiKT9rh8+KR3AdZbGZDbOl8Ku7tvV Sgqaib7jKxXHlqYAtuNsnr//SI2xLU4QQBwFrwykRylksDEnidG8D7xibj1IsoYi gydqBzDMUSD10TDdrKCeEVr61tOo3vsiIM/915YAcwq3AUV/TUxZgBN2JamCfI4b f7p/uts771IM12mqDmVn+7HiTfPfN1Fe0qrA71JJ9kgaNbJWGO1wYdUcaUTRBUbp yvwrn4O2pQQ4JGDWccX5XeqReKwQpI4+i5zoII1ZC6YUPi6Im7TAVwkNQjG6kAFU WGSWtfwslycg/vw91f9ZjwsFX6d1gA/Yt4rqagrRobfz9fh7yOqIgF4hsnH6Tam2 SIKruZXSdmvLpgwxEjag9UiUliAseLSalklOapnfpXE3gkW6MKuNT6v6OHVltdpq T1VzDZ6DzZsLvDq6CHXWjADzEsq85oIHczng67XtWY2HmFtcMLI027GEEcDvhM9R H5S2lgVMd5XXl6IaU6dyWQHa+NlG2p4YYTdZv0an2DXsMhRrUN33uIGgSN0oBGDn 2upsQkF33fa2v+hN3Ft8p+G9Ewqz1aNS3WFosNuUv8NrC3CYtbAU4TjD9iFxjXwj 22UDF7Kg7cwLgZII6zpiD+5+3DSSvKbQmqBIcfCVIq3VAvVzdPY= =48S3 -----END PGP SIGNATURE----- --Sig_/T/l.7x.ws2mC.I=g+ZLqysA-- From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 18 20:12:16 2017 Received: (at 27887) by debbugs.gnu.org; 19 Aug 2017 00:12:16 +0000 Received: from localhost ([127.0.0.1]:44738 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dirNA-0003cd-6b for submit@debbugs.gnu.org; Fri, 18 Aug 2017 20:12:16 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:58145 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dirN7-0003cV-UR for 27887@debbugs.gnu.org; Fri, 18 Aug 2017 20:12:14 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id 2CE9316FE9E; Sat, 19 Aug 2017 01:12:13 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 483A116FE9C; Sat, 19 Aug 2017 01:12:11 +0100 (BST) Date: Sat, 19 Aug 2017 01:12:06 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170819011206.7da96f0f@cbaines.net> In-Reply-To: <20170818084812.16bd673e@cbaines.net> References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/eyeCj5opZ/Az=w2MbfA5BQH"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/eyeCj5opZ/Az=w2MbfA5BQH Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 18 Aug 2017 08:48:12 +0100 Christopher Baines wrote: > This looks pretty much ready to be merged to me. Later, I'll try > running this on my machine, just to check that it starts successfully. So, I've reconfigured my machine to run both services, and also configured libvirt to use libvirt for the socket group, so that I could add libvirt as a supplemental group for my user. I think this has all worked fine. I tried using the virt-manager to connect, but I'm getting the following error at the moment: Unable to connect to libvirt. internal error: Cannot find suitable emulator for x86_64 Libvirt URI is: qemu:///system Traceback (most recent call last): File "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-= manager/virtManager/connection.py", line 1108, in _open_thread self._populate_initial_state() File "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-= manager/virtManager/connection.py", line 1062, in _populate_initial_state logging.debug("conn version=3D%s", self._backend.conn_version()) File "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-= manager/virtinst/connection.py", line 322, in conn_version self._conn_version =3D self._libvirtconn.getVersion() File "/gnu/store/a9g2s8404v8v5pm7m7w8yzr56ba1k331-python2-libvirt-3.4.0/lib/pyth= on2.7/site-packages/libvirt.py", line 3863, in getVersion if ret =3D=3D -1: raise libvirtError ('virConnectGetVersion() failed', conn=3Dself) libvirtError: internal error: Cannot find suitable emulator for x86_64 --Sig_/eyeCj5opZ/Az=w2MbfA5BQH Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmXgldfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XfNag/+LDJRnQuctRcyrktuZHztQzC8dgENy7a6CPMvip+mZIhEzDP+kBopsTTq T5DYWrGB3c6hik6zxHJHAEuuwd4Jd1Qq+8qwOerFTiqDottxunMGjlDpAOv8fkc2 ObVtKDfHoOWfoOw1FCkxyKRInlfhI88Y1TBtCZI4hnA7YjyPaonVEh7fKYPnEBON w4rPw4WeWQgVEYha38kwgePmq/+/R60Xvwc0thmdBLa9HJlhlJXhMFRsq1YVq5RA cjxvpyrSlrFbjkpVAIWbTs/KroQqxJyv2nt5018uQmZre9cMgDwC9Q212eagFEQs 2z21LYLhkcTUHKG5TMbhR3xn9WZI4yLLJig2vWuqa7w0ZIrSVNNoS+IHZhwi5ucM 2QYYrEJqspsb+cEIeQw3tvrfzeY4IPvtbgIE3KWdkrKH8hdSnxmLVGNIWE1EHDU6 0agmizco5alr5p/imQ+wIgCVCqj2Qrt2+wWuKMhqBLZ+1A8+r+F+Yb1FylbEEfjK Pnx5ThapMBpC3EnrKoY17XV9celXL+r79tjb6m9juZARA4GJoeN+a4tTD0oYZ9Ji txZWZDiy21qxoBtDtAeL0IZzedBpcLd3qDm3cuKb59YhOz8WWmy5U/OZwoEqCFtn NIqCvU36lUy8h+Xxh23ZZbZC6D0xpmKleQhsrsCGjXLeqCv+BsA= =laJA -----END PGP SIGNATURE----- --Sig_/eyeCj5opZ/Az=w2MbfA5BQH-- From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 18 20:49:09 2017 Received: (at 27887) by debbugs.gnu.org; 19 Aug 2017 00:49:09 +0000 Received: from localhost ([127.0.0.1]:44763 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dirwq-0004Sj-SR for submit@debbugs.gnu.org; Fri, 18 Aug 2017 20:49:09 -0400 Received: from mail-qk0-f170.google.com ([209.85.220.170]:37516) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dirwp-0004SY-TR for 27887@debbugs.gnu.org; Fri, 18 Aug 2017 20:49:08 -0400 Received: by mail-qk0-f170.google.com with SMTP id z18so61132825qka.4 for <27887@debbugs.gnu.org>; Fri, 18 Aug 2017 17:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EX/5f+Hjjv7aMnK8fRXgk4mDtI9+t+/gla+WrR+zG9g=; b=PF0CeGwnrx3CRF921Kgv0S9x21tRcafTjjJQiuIkAQZBuYECkLmACFtXqJPlcrmLjt liozqjqETtG3XTP1eO7MHwnKBu0vesbnKKM/Jx78TKQtAcac1wmCV3NttdIffAl0u5fH hjUZQbEoPAadnHYPnEci1eWZZhNLdvv9Bv0vzwfBrodM0q/kiiM9L95uazDRcpsCo4oc FYbXt3Yn6nn0VKt6ZRU8Hq/TBh6USEBxm3ZAteeZajPgTtKKyYDkvd/GnCu3ZpcgrcT1 VUxccTRM3vQHMDWuGuO/2gPKeeBlGznECqPdGcGv23T2zjnyc6/6tQXAXAP5Q7k2L3dT SmUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EX/5f+Hjjv7aMnK8fRXgk4mDtI9+t+/gla+WrR+zG9g=; b=GZr69IEoaXctm1qMVE+dnxQsrJxSS3G+EUAoViy8iJM0WmIKd7J0aYevwR6gNAJcKp KHrHHk1a4ChgoSDitigfKLZdrv56rz6uyuKsqsuC2I/P4oRWIB2AwBUpVFVh4W4GiiCB GxkMR3p62NsiDqr5aMIm6+eoBhxHx1KggVJpUOx/72RiEQO904AuHYc0LR2SyllPXH6Z OMw2+4QKXOVh/Qf8MlUHU6uefNsC/weS58W9QI0sZC3+gbwr9Sq2Z8k9OQcn+m3OmO8q idRJBt0XirPsmiJ/JK2JVz9lbBV9bHDBtFrpBSXlClRwKMPvZOhGjFMG1PdLry1uW8fK qCuw== X-Gm-Message-State: AHYfb5ggOH+4W7UhZ0Efuyl56SFjfk8850fdXSUvA+eSkD0caoWRgdWi 8P1OCpbJ8VRGFpPW3CD5eL/EdHf6FA== X-Received: by 10.55.135.132 with SMTP id j126mr13591325qkd.129.1503103742387; Fri, 18 Aug 2017 17:49:02 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.148.68 with HTTP; Fri, 18 Aug 2017 17:49:01 -0700 (PDT) In-Reply-To: <20170819011206.7da96f0f@cbaines.net> References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> From: Ryan Moe Date: Fri, 18 Aug 2017 17:49:01 -0700 Message-ID: Subject: Re: [bug#27887] [PATCH] services: Add libvirt services To: Christopher Baines Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) >> This looks pretty much ready to be merged to me. Later, I'll try >> running this on my machine, just to check that it starts successfully. > > So, I've reconfigured my machine to run both services, and also > configured libvirt to use libvirt for the socket group, so that I could > add libvirt as a supplemental group for my user. I think this has all > worked fine. > > I tried using the virt-manager to connect, but I'm getting the > following error at the moment: > > > Unable to connect to libvirt. > > internal error: Cannot find suitable emulator for x86_64 > > Libvirt URI is: qemu:///system > > Traceback (most recent call last): > File > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-manager/virtManager/connection.py", > line 1108, in _open_thread self._populate_initial_state() File > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-manager/virtManager/connection.py", > line 1062, in _populate_initial_state logging.debug("conn version=%s", > self._backend.conn_version()) File > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/virt-manager/virtinst/connection.py", > line 322, in conn_version self._conn_version = > self._libvirtconn.getVersion() File > "/gnu/store/a9g2s8404v8v5pm7m7w8yzr56ba1k331-python2-libvirt-3.4.0/lib/python2.7/site-packages/libvirt.py", > line 3863, in getVersion if ret == -1: raise libvirtError > ('virConnectGetVersion() failed', conn=self) libvirtError: internal > error: Cannot find suitable emulator for x86_64 Hi Christopher, Thank you for taking a look at this. I have been trying to track down this issue for about a week now (I use virt-manager and libvirt daily so I'm kind of bummed this stopped working). When I originally submitted the patch it worked, I swear I wouldn't have submitted it otherwise :) At some point I ran a guix pull and a guix system reconfigure and it stopped working. The only difference I see is that when I submitted the patch libvirt 3.5.0 was the current version and now it's 3.6.0. I'm not sure why that would have broken it though. The error you see is what happens if you install libvirt without qemu. As far as I can tell though qemu is installed. It's also weird because it works if I execute the exact same command that shepherd does. You can try it yourself: 1. Start shepherd service 2. ps aux | grep libvirtd 3. herd stop libvirtd 4. As root, run the complete command from 2 and test with virt-manager. My initial thought was that it had something to do with how I was installing two packages into the system profile. qemu and libvirt both end up there so I don't see why it doesn't work though. Thanks, Ryan From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 19 08:00:00 2017 Received: (at 27887) by debbugs.gnu.org; 19 Aug 2017 12:00:00 +0000 Received: from localhost ([127.0.0.1]:45206 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj2Q1-0007rG-6E for submit@debbugs.gnu.org; Sat, 19 Aug 2017 08:00:00 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:58492 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj2Pw-0007r6-Iw for 27887@debbugs.gnu.org; Sat, 19 Aug 2017 07:59:55 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id A3BE314079B; Sat, 19 Aug 2017 12:59:51 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id AB90814079A; Sat, 19 Aug 2017 12:59:50 +0100 (BST) Date: Sat, 19 Aug 2017 12:59:49 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170819125949.38aa6d70@cbaines.net> In-Reply-To: References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/si=/XtjVXt0c7pQDy4xMy9U"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/si=/XtjVXt0c7pQDy4xMy9U Content-Type: multipart/mixed; boundary="MP_/YJ00pZQoFT=x_qc=Lk0CZKX" --MP_/YJ00pZQoFT=x_qc=Lk0CZKX Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Fri, 18 Aug 2017 17:49:01 -0700 Ryan Moe wrote: > >> This looks pretty much ready to be merged to me. Later, I'll try > >> running this on my machine, just to check that it starts > >> successfully. =20 > > > > So, I've reconfigured my machine to run both services, and also > > configured libvirt to use libvirt for the socket group, so that I > > could add libvirt as a supplemental group for my user. I think this > > has all worked fine. > > > > I tried using the virt-manager to connect, but I'm getting the > > following error at the moment: > > > > > > Unable to connect to libvirt. > > > > internal error: Cannot find suitable emulator for x86_64 > > > > Libvirt URI is: qemu:///system > > > > Traceback (most recent call last): > > File > > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/v= irt-manager/virtManager/connection.py", > > line 1108, in _open_thread self._populate_initial_state() File > > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/v= irt-manager/virtManager/connection.py", > > line 1062, in _populate_initial_state logging.debug("conn > > version=3D%s", self._backend.conn_version()) File > > "/gnu/store/h61dc28cck9lmp25d1r11d3hzzhz5qnj-virt-manager-1.4.2/share/v= irt-manager/virtinst/connection.py", > > line 322, in conn_version self._conn_version =3D > > self._libvirtconn.getVersion() File > > "/gnu/store/a9g2s8404v8v5pm7m7w8yzr56ba1k331-python2-libvirt-3.4.0/lib/= python2.7/site-packages/libvirt.py", > > line 3863, in getVersion if ret =3D=3D -1: raise libvirtError > > ('virConnectGetVersion() failed', conn=3Dself) libvirtError: internal > > error: Cannot find suitable emulator for x86_64 =20 >=20 >=20 > Hi Christopher, >=20 > Thank you for taking a look at this. I have been trying to track down > this issue for about a week now (I use virt-manager and libvirt daily > so I'm kind of bummed this stopped working). When I originally > submitted the patch it worked, I swear I wouldn't have submitted it > otherwise :) >=20 > At some point I ran a guix pull and a guix system reconfigure and it > stopped working. The only difference I see is that when I submitted > the patch libvirt 3.5.0 was the current version and now it's 3.6.0. > I'm not sure why that would have broken it though. >=20 > The error you see is what happens if you install libvirt without qemu. > As far as I can tell though qemu is installed. It's also weird because > it works if I execute the exact same command that shepherd does. You > can try it yourself: >=20 > 1. Start shepherd service > 2. ps aux | grep libvirtd > 3. herd stop libvirtd > 4. As root, run the complete command from 2 and test with > virt-manager. I think running outside of the shepherd works, as the environment will be different. I think you can look at the environment for the running process with: sudo cat /proc/$(pgrep -f libvirtd | head -n1)/environ What I see when running the service through the shepherd is very minimal, and doesn't have a value for PATH. As I understand it, often in Guix, having a minimal runtime environment might not be a problem, as packages retain references to their dependencies from when they were built. If you look at the libvirt package though, qemu is an input, but the output doesn't reference it. > My initial thought was that it had something to do with how I was > installing two packages into the system profile. qemu and libvirt both > end up there so I don't see why it doesn't work though. My guess is that the system profile isn't relevant here, as the bin directory of the system profile isn't on the PATH. I've written a basic system test for the libvirt service (a patch is attached), and with that I tested what happens if set the PATH for the service to explicitly include the QEMU package bin directory, and the test passes for me with this change. Back to getting this working though. Either wrapping libvirtd during the package build to have a PATH including qemu, or including qemu in the service will work, and I guess the deciding factor might be how many things libvirt may need to access? Are there lots of other bits of software that libvirt needs at runtime, where the package doesn't currently reference them? --MP_/YJ00pZQoFT=x_qc=Lk0CZKX Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-tests-Add-libvirt-service-type-test.patch =46rom f7889f53c29db2a31634052476f4e3e18ec8911e Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 19 Aug 2017 12:56:07 +0100 Subject: [PATCH] tests: Add 'libvirt-service-type' test. * gnu/tests/virtualization.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/tests/virtualization.scm | 96 ++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 97 insertions(+) create mode 100644 gnu/tests/virtualization.scm diff --git a/gnu/local.mk b/gnu/local.mk index d60c93453..9ed2cf634 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -494,6 +494,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/tests/messaging.scm \ %D%/tests/networking.scm \ %D%/tests/ssh.scm \ + %D%/tests/virtualization.scm \ %D%/tests/web.scm =20 # Modules that do not need to be compiled. diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm new file mode 100644 index 000000000..f0cd9e56c --- /dev/null +++ b/gnu/tests/virtualization.scm @@ -0,0 +1,96 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 Christopher Baines +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests virtualization) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services networking) + #:use-module (gnu services virtualization) + #:use-module (gnu packages virtualization) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-libvirt)) + +(define %libvirt-os + (simple-operating-system + (dhcp-client-service) + (dbus-service) + (polkit-service) + (service libvirt-service-type))) + +(define (run-libvirt-test) + "Run tests in %LIBVIRT-OS." + (define os + (marionette-operating-system + %libvirt-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "libvirt") + + ;; Wait for memcached to be up and running. + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'libvirtd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-eq "fetch version" + 0 + (marionette-eval + `(begin + (system* ,(string-append #$libvirt "/bin/virsh") + "-c" "qemu:///system" "version")) + marionette)) + + (test-end) + (exit (=3D (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "libvirt-test" test)) + +(define %test-libvirt + (system-test + (name "libvirt") + (description "Connect to the running LIBVIRT service.") + (value (run-libvirt-test)))) --=20 2.14.1 --MP_/YJ00pZQoFT=x_qc=Lk0CZKX-- --Sig_/si=/XtjVXt0c7pQDy4xMy9U Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmYKDVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XeFSQ//ZnDjF6ibHgp+UudtIysyCeVhJVuSiW3Rzqa0bT8WT5V78GDwMGNBM7pT YPrR2uVKKiifi4OlORgABuz9DDWc0sUgTGNIHRwAhX1mVkBMTKLcZRTpzC9+Wr2m 6TgVGnZi1S1oThFoeTG8wYQKoQ+Sj/FNLmC2FGVoWWTaBlnD4W1tjPR+PZ9cW99y Gfkg2z7vJHuoCmsPBjx6pfsHTHNZAd/tiDm1hu+kLDMmKmgIqBu7URQBxTMsurA8 PNyjb0OKyexBDiHWNqHlti1xFYmo93w2dyqwENza1V7i1eqxkMgH8kouBFbaS9j3 0u1NYqgiwBpeZ+ZolFbS+xTrJc/GScDC620sqHHPPKALXThoDiOQ4D8tCgsBzu+w +Pne4mfBMnRhW77nTHsrJrPXO1HYILjLgtc9TyofwHZ/VnpVIx4qfjB/SS+HT5hm xVtTEFzcmkW9FtbKjFSTkalz8Ad0IzVaYX0or0Y84xa3x/As8cSQZdIhJKd+6djh 31F6TCdbekBnK+IUxoT6VNST6gOJqE/RYqAZoCe52pD7h9YpDg+e4A5j5gNJPGEj bHNDbBvzM6/ELUAeHw0vSAyZYbl5acChPRmrmEKj4rUdLG3XOhmIAuCd1oE+CXnT CsCMtE8BOlO8SD6yvBPDCcqyrvIrppRaS86x8Sl4B0Fqhp8IHak= =6/9Z -----END PGP SIGNATURE----- --Sig_/si=/XtjVXt0c7pQDy4xMy9U-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 19 13:58:07 2017 Received: (at 27887) by debbugs.gnu.org; 19 Aug 2017 17:58:07 +0000 Received: from localhost ([127.0.0.1]:45811 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj80d-0007fV-GK for submit@debbugs.gnu.org; Sat, 19 Aug 2017 13:58:07 -0400 Received: from mail-qt0-f175.google.com ([209.85.216.175]:36108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj80c-0007f1-00 for 27887@debbugs.gnu.org; Sat, 19 Aug 2017 13:58:06 -0400 Received: by mail-qt0-f175.google.com with SMTP id v29so67409245qtv.3 for <27887@debbugs.gnu.org>; Sat, 19 Aug 2017 10:58:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HsQ50eHmBlr5Pzp00vMMdbRCW5DjHgRj3U8IqrEa6No=; b=Ycgo7Iu5HzL1W8+WVgzzYmE7B46pms0WPt5J+0HpDxtZeb2b5PusZjpTh/O4GOQNh2 wqMzBgacOkujrXorXJd2Ty1MlONGoFmGdo4mYt3Bb7hJPLQX7+VYvqMQw2qPT5sTWvAf 7SsAOubdZwy30S0Aye/igl7aX2fiNz5V5OoVxOCtynLkQtqYt0+hX61pPXWcgCj3gfPY vWhVz7BI7oYixKt5zeUgHtU6CyhIn6tTaE6i8cSTWKUJjfGKMSAHWISuBS69GmZ+kJ/8 wLehnDh8NHJ4J/DTOh1az0I3PaKhaqNlVj327DoCCT/CekXt7188UXv3NezgoQjei/vB 4QEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HsQ50eHmBlr5Pzp00vMMdbRCW5DjHgRj3U8IqrEa6No=; b=abhHp0P6tfYK12SeUm1YYfPDi81MlACxJ/fd0QvL9UgoEpBHgLmJCBJa4tqPLrlHRx 7D7nO5fXCRTx3pQCi1XqS46QD2CQn4sUgM/FLEBxQn0CmkwsIG4tM8Zwx8E3Fg+gGhIF 1yMzLgzkqbyWQNKuhSTYFoJnBTkl/NOikorxhfgMfVjixVJI3y5No813CI1FDaYK73Lp EcINabaM9py+gnBFeQGHuk7HJatrftohsC2AO4ciAEPpkqlyIhvdxyw5AKzHamD3sgh5 6MtC137u9pszW6ArQk/kB1ciP2cBhwK+nFC9SV4zn7uVgHrdPCVNr+hbUiDj9vzd1Qlh IkpA== X-Gm-Message-State: AHYfb5hD1Zz/3kaWySrt2b8F5D0UZmuW89vq13tiL3UfOspF5GAUpOWh 6lZA3SWE1/RWkukxiiilUUkzQf790w== X-Received: by 10.200.54.50 with SMTP id m47mr16564007qtb.220.1503165480090; Sat, 19 Aug 2017 10:58:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.148.68 with HTTP; Sat, 19 Aug 2017 10:57:59 -0700 (PDT) In-Reply-To: <20170819125949.38aa6d70@cbaines.net> References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> From: Ryan Moe Date: Sat, 19 Aug 2017 10:57:59 -0700 Message-ID: Subject: Re: [bug#27887] [PATCH] services: Add libvirt services To: Christopher Baines Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) > I think running outside of the shepherd works, as the environment will > be different. I think you can look at the environment for the running > process with: > > sudo cat /proc/$(pgrep -f libvirtd | head -n1)/environ > > What I see when running the service through the shepherd is very > minimal, and doesn't have a value for PATH. > > As I understand it, often in Guix, having a minimal runtime environment > might not be a problem, as packages retain references to their > dependencies from when they were built. If you look at the libvirt > package though, qemu is an input, but the output doesn't reference it. > This is because qemu isn't listed in propagated-inputs? >> My initial thought was that it had something to do with how I was >> installing two packages into the system profile. qemu and libvirt both >> end up there so I don't see why it doesn't work though. > > My guess is that the system profile isn't relevant here, as the bin > directory of the system profile isn't on the PATH. > > I've written a basic system test for the libvirt service (a patch is > attached), and with that I tested what happens if set the PATH for the > service to explicitly include the QEMU package bin directory, and the > test passes for me with this change. > Setting the PATH does indeed work, thank you for figuring that out. > Back to getting this working though. Either wrapping libvirtd during > the package build to have a PATH including qemu, or including qemu in > the service will work, and I guess the deciding factor might be how > many things libvirt may need to access? Are there lots of other bits of > software that libvirt needs at runtime, where the package doesn't > currently reference them? Libvirt can work with other hypervisors like lxc, openvz, and xen and it supports lots of storage backends like NFS, LVM, and RBD. From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 19 15:11:48 2017 Received: (at 27887) by debbugs.gnu.org; 19 Aug 2017 19:11:48 +0000 Received: from localhost ([127.0.0.1]:45833 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj99v-0000sm-TS for submit@debbugs.gnu.org; Sat, 19 Aug 2017 15:11:48 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:58764 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj99t-0000sd-Rp for 27887@debbugs.gnu.org; Sat, 19 Aug 2017 15:11:46 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id 0237B1474A2; Sat, 19 Aug 2017 20:11:45 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 9773B1474A1; Sat, 19 Aug 2017 20:11:44 +0100 (BST) Date: Sat, 19 Aug 2017 20:11:43 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170819201143.3f6ac2c5@cbaines.net> In-Reply-To: References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/lwH=ev90scI4LDt9=Ug5=Vc"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/lwH=ev90scI4LDt9=Ug5=Vc Content-Type: multipart/mixed; boundary="MP_/juWoaUsN/WHPBQ9i_w5QpyT" --MP_/juWoaUsN/WHPBQ9i_w5QpyT Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sat, 19 Aug 2017 10:57:59 -0700 Ryan Moe wrote: > > I think running outside of the shepherd works, as the environment > > will be different. I think you can look at the environment for the > > running process with: > > > > sudo cat /proc/$(pgrep -f libvirtd | head -n1)/environ > > > > What I see when running the service through the shepherd is very > > minimal, and doesn't have a value for PATH. > > > > As I understand it, often in Guix, having a minimal runtime > > environment might not be a problem, as packages retain references > > to their dependencies from when they were built. If you look at the > > libvirt package though, qemu is an input, but the output doesn't > > reference it.=20 >=20 > This is because qemu isn't listed in propagated-inputs? My understanding of propagated-inputs isn't great, and as far as I know, it doesn't affect the environment in which the service runs, so I don't think changing qemu to a propagated input would fix this. > >> My initial thought was that it had something to do with how I was > >> installing two packages into the system profile. qemu and libvirt > >> both end up there so I don't see why it doesn't work though. =20 > > > > My guess is that the system profile isn't relevant here, as the bin > > directory of the system profile isn't on the PATH. > > > > I've written a basic system test for the libvirt service (a patch is > > attached), and with that I tested what happens if set the PATH for > > the service to explicitly include the QEMU package bin directory, > > and the test passes for me with this change. > > =20 >=20 > Setting the PATH does indeed work, thank you for figuring that out. >=20 > > Back to getting this working though. Either wrapping libvirtd during > > the package build to have a PATH including qemu, or including qemu > > in the service will work, and I guess the deciding factor might be > > how many things libvirt may need to access? Are there lots of other > > bits of software that libvirt needs at runtime, where the package > > doesn't currently reference them? =20 >=20 > Libvirt can work with other hypervisors like lxc, openvz, and xen and > it supports lots of storage backends like NFS, LVM, and RBD. Hmm, ok. If you don't have any strong opinions on how to fix this, wrapping the libvirtd binary in the libvirt package is straightforward and common. I've attached a patch that does this. --MP_/juWoaUsN/WHPBQ9i_w5QpyT Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-packages-virtualization-Wrap-libvirtd-with-iproute-a.patch =46rom 559c259fc641ab0e944e439816e95370e6878854 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 19 Aug 2017 20:07:47 +0100 Subject: [PATCH] packages: virtualization: Wrap libvirtd with iproute and qemu. libvirtd runs qemu if its configured to use it, and also uses the ip comman= d. * gnu/packages/virtualization.scm (libvirt)[arguments]: Add wrap-libvirtd phase. --- gnu/packages/virtualization.scm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.= scm index ab364cd1f..d76a6dfd8 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -361,7 +361,16 @@ manage system or application containers.") (lambda _ (zero? (system* "make" "install" "sysconfdir=3D/tmp/etc" - "localstatedir=3D/tmp/var"))))))) + "localstatedir=3D/tmp/var")))) + (add-after 'install 'wrap-libvirtd + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/sbin/libvirtd") + `("PATH" =3D (,(string-append (assoc-ref inputs "iproute") + "/sbin") + ,(string-append (assoc-ref inputs "qemu") + "/bin")))) + #t)))))) (inputs `(("libxml2" ,libxml2) ("gnutls" ,gnutls) --=20 2.14.1 --MP_/juWoaUsN/WHPBQ9i_w5QpyT-- --Sig_/lwH=ev90scI4LDt9=Ug5=Vc Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmYjW9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9Xcu8A//SNLR4k/Jbql+P0Smtu9qLBW6LqiiWmEBCylxjHS0C2BqxsGd/zDrxk/H sySO9AAXN4krkUy1GEQVCSkl77UBToh0zNL51zJh6b5rSwvxV6iY0DkAm6r1NriA 6WJrRvSlEsjT2QBLJ9o/SztG81KUhF22aATOISzVZmR+CvNsqkrDcywqAm/hCknM KHH4MmaZzlY2scaLDmzCzikTn6hwb5Un6aE49p4SXhWiyalRaHso+TFfKJSe/yWP NoA5NTi2vh13sovVECENE3ePSBSX97l6gNDB7jki46HPsv9O/HIFRDy1gNsutoon yeQqb+8Gg/6wethHI/sdzu+wL76AbWi1UIBEiU2yGMcNokudsqQ5CE5ST554r6SO XRTbiCutrvj5SNJhONlcCk6aPgdujMC8xyQqsT1BvW4cfszh+jZ2BcE72nAaDw3L RC08sv86Cz/V4EL0SSGk9FKWzCe2eb9Ir/P6oMJ6vhUWl4+I+RgbY+3hLbt5Pk1O SaSIJbaIZcDF0I+M7IvIG8HlLGnaN4Ax1Aj1bKNZ3TeFUcdBhRdqBNgQ+szuhXtv j0af5qCa2lOvYwxkaCjosd23eb10hWZiOoR+WfihqR0ApTDZfPpLn+J7DpGqY3C2 aTVTc/RuX2UP45oDqS7Fgrsh82/+cQeaiS+X+9lR4ZPvh4xwHqg= =BA/B -----END PGP SIGNATURE----- --Sig_/lwH=ev90scI4LDt9=Ug5=Vc-- From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 21 11:25:54 2017 Received: (at 27887) by debbugs.gnu.org; 21 Aug 2017 15:25:54 +0000 Received: from localhost ([127.0.0.1]:47997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djoaP-000192-Qv for submit@debbugs.gnu.org; Mon, 21 Aug 2017 11:25:53 -0400 Received: from mail-qk0-f180.google.com ([209.85.220.180]:34956) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djoaN-00018p-Rt for 27887@debbugs.gnu.org; Mon, 21 Aug 2017 11:25:52 -0400 Received: by mail-qk0-f180.google.com with SMTP id 130so49705811qkg.2 for <27887@debbugs.gnu.org>; Mon, 21 Aug 2017 08:25:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lz5QsxOKVSX7Qt0ih8ZeEA0sYH9dVMfIXsQST8wzPFo=; b=rLCNEjflEzxSERNdPYbP+nCEIXAf3VnfxFNrHUo6hXhT/D7TH2PY33I+EDHNcVoGAY 6tnT0HzbzHXGYQ9oo+JD0iP0FGMnSjXyt1+Y+SXBFWwnKqgEtCd0hDXLP0OZnvXAqAxd d5AFE8MrFq2OuB+bELL41v+5uxHlghHEA6X0lTddvJgfZFjt+SBXF2N59CgfFUTsdXwy qWZfEHTnWtC5d0NtRi9TkmHjp31ZXCZ3qvukuAg1DO0JLspR7kxjbnBs7ZbKTVivcEQ2 TBQD6eZdb3M8/unev3ZyVLmTUhE+emtOHgFXFPGsUkqTT+ua86UmY01rKJfJLpy1LGO9 lFyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lz5QsxOKVSX7Qt0ih8ZeEA0sYH9dVMfIXsQST8wzPFo=; b=tSVkE8d0Zn5rbr/Ku1rywUig1dplrP2B8dBcZ5WPmrENJNmmauBzMul6ptcyg4w5s5 0fI2OaWsTaQZWKcgyYfB4QDILNV+pWKMMIMF/tpPrSvwOnhAsWdRkjHBlFppGP3xxeeD UjTB+3/8z+vgfBCRvQvsZZASXKn6lTCf90H/qM8Zb7/NpjmzSW9Bi76tWFvarQGeOak4 UTmhcaKm4kwggfLMNeEqdCnDxnyPqIqQJSKB7j4CGNs3bRFppGq2/3wM3u0Cn+Y8nrHZ q2VkGLb5qGna13LngvHbMWrdQAELgTP4eTcqtxIogKDEhKaq4GdgHWmIQGXoGPe/UU4h qj7g== X-Gm-Message-State: AHYfb5ivpFOYKtrbUWlEeX/2IEpOJtKe9NUh/oFAgQxBulKFSx6zojJn EUYl50P67+AJYlt9bj96gKsVOicunw== X-Received: by 10.55.151.67 with SMTP id z64mr22969716qkd.5.1503329146410; Mon, 21 Aug 2017 08:25:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.148.68 with HTTP; Mon, 21 Aug 2017 08:25:45 -0700 (PDT) In-Reply-To: <20170819201143.3f6ac2c5@cbaines.net> References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> <20170819201143.3f6ac2c5@cbaines.net> From: Ryan Moe Date: Mon, 21 Aug 2017 08:25:45 -0700 Message-ID: Subject: Re: [bug#27887] [PATCH] services: Add libvirt services To: Christopher Baines Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) > Hmm, ok. If you don't have any strong opinions on how to fix this, > wrapping the libvirtd binary in the libvirt package is straightforward > and common. I've attached a patch that does this. I don't know enough about Guix yet to suggest a better way to fix this, but your patch looks like a reasonable way to handle this to me. I'll do some more testing and send an updated patch. From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 21 22:38:42 2017 Received: (at 27887) by debbugs.gnu.org; 22 Aug 2017 02:38:42 +0000 Received: from localhost ([127.0.0.1]:48426 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djz5Q-0003gl-UK for submit@debbugs.gnu.org; Mon, 21 Aug 2017 22:38:41 -0400 Received: from mail-qk0-f169.google.com ([209.85.220.169]:35490) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djz5M-0003gX-FO for 27887@debbugs.gnu.org; Mon, 21 Aug 2017 22:38:35 -0400 Received: by mail-qk0-f169.google.com with SMTP id 130so56725661qkg.2 for <27887@debbugs.gnu.org>; Mon, 21 Aug 2017 19:38:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6d0TyyL/rps+iF7V5k6jc4VFsfBTszBYqwWGdZHnxxc=; b=PRAoLRo98g41T8DgBHM62ifQVtA/lITfAROb5FmMiHdHD9mdB1IslqEWf50/WcP7P9 3VxCjudrkX8+WRxvKgRpn5uMJDCEnGT42PIOJqrwacsxCCgZkUVbGMcISbtb/RlFw5An aEIuxblgTpDwE7CF5jgZnur+sctS5RhfZk2UP6SWZn0kuN8kT8+qGUgNJ2BhRvY50jLL Zuu7BeC9s0Ac2KAz8N+ekiGbeZokjxKURhTd8RLbB9QY2ZoYb453OScOC0U101arrpSJ vueyjgWFOUfp3tXUiI3a8q18wzx28jHLkvLXLKamNXFT2PjbgNNffKFDI/b6l0yGGFkT SUVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6d0TyyL/rps+iF7V5k6jc4VFsfBTszBYqwWGdZHnxxc=; b=ewIjFA1vqtQj9pkzpKmJJJNKcyXjReYbZW8qlH8k9g5o0DjsEeneEihLdwUPo9Xyg/ +HLH/WeBU43IIlFAXVeQK0sBM/rzYsjKuqEKSrq1uI7nJ3N0yhKedxwG7FWV+MIuVgc1 /AtLjKIViJzlTQbtafaYZNwRoFXfZuhKMaljvS3jYT2KKfxEj//AXBfMCFlbae+fBZfJ ZXkfGMC7hIlJqmSJNa0AiZ865QxGlUlEMvLEczXUdkzN/I0C4yHRQcWSblFRyPG+nVBw 93rKjGiU/JfSpXBJBdfhjPlFM7gBPHgeQPZ1mD489jc2RhO9uip+F2cWoh/utKY1UknP AS8Q== X-Gm-Message-State: AHYfb5jxpkgllU5TpPIEDYTkg0MA2wk6w/dV5Qgf74nT8vTBa1uAe4nU r+8sNR1llm7XqFlizI6lkyKRATWS0A== X-Received: by 10.55.135.132 with SMTP id j126mr24718944qkd.129.1503369506749; Mon, 21 Aug 2017 19:38:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.148.68 with HTTP; Mon, 21 Aug 2017 19:38:25 -0700 (PDT) In-Reply-To: References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> <20170819201143.3f6ac2c5@cbaines.net> From: Ryan Moe Date: Mon, 21 Aug 2017 19:38:25 -0700 Message-ID: Subject: Re: [bug#27887] [PATCH] services: Add libvirt services To: Christopher Baines Content-Type: multipart/mixed; boundary="94eb2c07631e6aabec05574e7d58" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) --94eb2c07631e6aabec05574e7d58 Content-Type: text/plain; charset="UTF-8" I did some more testing and everything looks good to me. I've addressed your previous comments as well (see below). I wasn't sure if I needed to squash the commits so I just included all three patches. I did reorder them to place your wrap patch before mine since the libvirt service depends on that change. >> +(define libvirt-service-type >> + (service-type (name 'libvirt) >> + (extensions >> + (list >> + (service-extension polkit-service-type (compose list libvirt-configuration-libvirt)) > > Line length could be better here, just by putting the (compose ... ) > bit on the line after the polkit-service-type. > Agreed. This is fixed in the attached patch. >> + (service-extension profile-service-type >> + (compose list >> + (lambda (package) qemu) >> + libvirt-configuration-libvirt)) > > This confused me for a bit, until I realised that a simpler way of > expressing this would be (const (list qemu)) if I'm correct? Also, it > would be good to explain why this needs to happen in a comment. > That didn't work. qemu doesn't need to be installed in the system profile anyway so I've removed this. >> +(define virtlog-service-type >> + (service-type (name 'virtlogd) >> + (extensions >> + (list >> + (service-extension profile-service-type >> + (compose list >> + >> virtlog-configuration-libvirt)) > > What function does this extension have? As far as I understood from the > documentation you wrote, this is used from the libvirt service. Now that I have a better understanding of how this works I realize this was unnecessary and it's been removed too. --94eb2c07631e6aabec05574e7d58 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-packages-virtualization-Wrap-libvirtd-with-iproute-a.patch" Content-Disposition: attachment; filename="0001-packages-virtualization-Wrap-libvirtd-with-iproute-a.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_j6mri2fy0 RnJvbSA3ZmY3MmUyOWU3YzUzOTdhYzdkYzU2MzQ0ZjA3N2IzNTI4NWY4MWUxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBDaHJpc3RvcGhlciBCYWluZXMgPG1haWxAY2JhaW5lcy5uZXQ+ CkRhdGU6IFNhdCwgMTkgQXVnIDIwMTcgMjA6MDc6NDcgKzAxMDAKU3ViamVjdDogW1BBVENIIDEv M10gcGFja2FnZXM6IHZpcnR1YWxpemF0aW9uOiBXcmFwIGxpYnZpcnRkIHdpdGggaXByb3V0ZSBh bmQKIHFlbXUuCgpsaWJ2aXJ0ZCBydW5zIHFlbXUgaWYgaXRzIGNvbmZpZ3VyZWQgdG8gdXNlIGl0 LCBhbmQgYWxzbyB1c2VzIHRoZSBpcCBjb21tYW5kLgoKKiBnbnUvcGFja2FnZXMvdmlydHVhbGl6 YXRpb24uc2NtIChsaWJ2aXJ0KVthcmd1bWVudHNdOiBBZGQgd3JhcC1saWJ2aXJ0ZAogIHBoYXNl LgotLS0KIGdudS9wYWNrYWdlcy92aXJ0dWFsaXphdGlvbi5zY20gfCAxMSArKysrKysrKysrLQog MSBmaWxlIGNoYW5nZWQsIDEwIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1n aXQgYS9nbnUvcGFja2FnZXMvdmlydHVhbGl6YXRpb24uc2NtIGIvZ251L3BhY2thZ2VzL3ZpcnR1 YWxpemF0aW9uLnNjbQppbmRleCBhYjM2NGNkMWYuLmQ3NmE2ZGZkOCAxMDA2NDQKLS0tIGEvZ251 L3BhY2thZ2VzL3ZpcnR1YWxpemF0aW9uLnNjbQorKysgYi9nbnUvcGFja2FnZXMvdmlydHVhbGl6 YXRpb24uc2NtCkBAIC0zNjEsNyArMzYxLDE2IEBAIG1hbmFnZSBzeXN0ZW0gb3IgYXBwbGljYXRp b24gY29udGFpbmVycy4iKQogICAgICAgICAgICAobGFtYmRhIF8KICAgICAgICAgICAgICAoemVy bz8gKHN5c3RlbSogIm1ha2UiICJpbnN0YWxsIgogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAic3lzY29uZmRpcj0vdG1wL2V0YyIKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImxv Y2Fsc3RhdGVkaXI9L3RtcC92YXIiKSkpKSkpKQorICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAibG9jYWxzdGF0ZWRpcj0vdG1wL3ZhciIpKSkpCisgICAgICAgICAoYWRkLWFmdGVyICdpbnN0 YWxsICd3cmFwLWxpYnZpcnRkCisgICAgICAgICAgIChsYW1iZGEqICgjOmtleSBpbnB1dHMgb3V0 cHV0cyAjOmFsbG93LW90aGVyLWtleXMpCisgICAgICAgICAgICAgKGxldCAoKG91dCAoYXNzb2Mt cmVmIG91dHB1dHMgIm91dCIpKSkKKyAgICAgICAgICAgICAgICh3cmFwLXByb2dyYW0gKHN0cmlu Zy1hcHBlbmQgb3V0ICIvc2Jpbi9saWJ2aXJ0ZCIpCisgICAgICAgICAgICAgICAgIGAoIlBBVEgi ID0gKCwoc3RyaW5nLWFwcGVuZCAoYXNzb2MtcmVmIGlucHV0cyAiaXByb3V0ZSIpCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiL3NiaW4iKQorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAsKHN0cmluZy1hcHBlbmQgKGFzc29jLXJlZiBpbnB1dHMgInFl bXUiKQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIi9iaW4i KSkpKQorICAgICAgICAgICAgICAgI3QpKSkpKSkKICAgICAoaW5wdXRzCiAgICAgIGAoKCJsaWJ4 bWwyIiAsbGlieG1sMikKICAgICAgICAoImdudXRscyIgLGdudXRscykKLS0gCjIuMTQuMQoK --94eb2c07631e6aabec05574e7d58 Content-Type: text/x-patch; charset="UTF-8"; name="0002-services-Add-libvirt-services.patch" Content-Disposition: attachment; filename="0002-services-Add-libvirt-services.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_j6mri2g91 RnJvbSA5NTk3ZjdkYmQwYmY2MTFkMDM1NWJkNTNmYzcyNjRkYzRhZWU5YTc2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSeWFuIE1vZSA8cnlhbi5tb2VAZ21haWwuY29tPgpEYXRlOiBG cmksIDI4IEp1bCAyMDE3IDE2OjUwOjM3IC0wNzAwClN1YmplY3Q6IFtQQVRDSCAyLzNdIHNlcnZp Y2VzOiBBZGQgbGlidmlydCBzZXJ2aWNlcwoKKiBnbnUvc2VydmljZXMvdmlydHVhbGl6YXRpb24u c2NtOiBOZXcgZmlsZS4KKiBkb2MvZ3VpeC50ZXhpIChWaXJ0dWFsaXphdGlvbiBTZXJ2aWNlcyk6 IERvY3VtZW50IGl0LgoqIGdudS9sb2NhbC5tayAoR05VX1NZU1RFTV9NT0RVTEVTKTogQWRkIGl0 LgotLS0KIGRvYy9ndWl4LnRleGkgICAgICAgICAgICAgICAgICAgfCA3MDkgKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKwogZ251L2xvY2FsLm1rICAgICAgICAgICAgICAg ICAgICB8ICAgMSArCiBnbnUvc2VydmljZXMvdmlydHVhbGl6YXRpb24uc2NtIHwgNDkyICsrKysr KysrKysrKysrKysrKysrKysrKysrKysKIDMgZmlsZXMgY2hhbmdlZCwgMTIwMiBpbnNlcnRpb25z KCspCiBjcmVhdGUgbW9kZSAxMDA2NDQgZ251L3NlcnZpY2VzL3ZpcnR1YWxpemF0aW9uLnNjbQoK ZGlmZiAtLWdpdCBhL2RvYy9ndWl4LnRleGkgYi9kb2MvZ3VpeC50ZXhpCmluZGV4IGJmZjA3ODhi Mi4uNjc4NjRmMTc0IDEwMDY0NAotLS0gYS9kb2MvZ3VpeC50ZXhpCisrKyBiL2RvYy9ndWl4LnRl eGkKQEAgLTIyOCw2ICsyMjgsNyBAQCBTZXJ2aWNlcwogKiBDb250aW51b3VzIEludGVncmF0aW9u OjogICAgICBUaGUgQ3VpcmFzcyBzZXJ2aWNlLgogKiBQb3dlciBtYW5hZ2VtZW50IFNlcnZpY2Vz OjogICBUaGUgVExQIHRvb2wuCiAqIEF1ZGlvIFNlcnZpY2VzOjogICAgICAgICAgICAgIFRoZSBN UEQuCisqIFZpcnR1YWxpemF0aW9uIFNlcnZpY2VzOjogICAgIFZpcnR1YWxpemF0aW9uIHNlcnZp Y2VzLgogKiBNaXNjZWxsYW5lb3VzIFNlcnZpY2VzOjogICAgICBPdGhlciBzZXJ2aWNlcy4KIAog RGVmaW5pbmcgU2VydmljZXMKQEAgLTkxMDQsNiArOTEwNSw3IEBAIGRlY2xhcmF0aW9uLgogKiBD b250aW51b3VzIEludGVncmF0aW9uOjogICAgICBUaGUgQ3VpcmFzcyBzZXJ2aWNlLgogKiBQb3dl ciBtYW5hZ2VtZW50IFNlcnZpY2VzOjogICBUaGUgVExQIHRvb2wuCiAqIEF1ZGlvIFNlcnZpY2Vz OjogICAgICAgICAgICAgIFRoZSBNUEQuCisqIFZpcnR1YWxpemF0aW9uIFNlcnZpY2VzOjogICAg IFZpcnR1YWxpemF0aW9uIHNlcnZpY2VzLgogKiBNaXNjZWxsYW5lb3VzIFNlcnZpY2VzOjogICAg ICBPdGhlciBzZXJ2aWNlcy4KIEBlbmQgbWVudQogCkBAIC0xNTc1Nyw2ICsxNTc1OSw3MTMgQEAg YW4gYWJzb2x1dGUgcGF0aCBjYW4gYmUgc3BlY2lmaWVkIGhlcmUuCiBAZW5kIHRhYmxlCiBAZW5k IGRlZnRwCiAKK0Bub2RlIFZpcnR1YWxpemF0aW9uIFNlcnZpY2VzCitAc3Vic3Vic2VjdGlvbiBW aXJ0dWFsaXphdGlvbiBzZXJ2aWNlcworVGhlIEBjb2RleyhnbnUgc2VydmljZXMgdmlydHVhbGl6 YXRpb24pfSBtb2R1bGUgcHJvdmlkZXMgc2VydmljZXMgZm9yCit0aGUgbGlidmlydCBhbmQgdmly dGxvZyBkYWVtb25zLgorCitAc3Vic3ViaGVhZGluZyBMaWJ2aXJ0IGRhZW1vbgorQGNvZGV7bGli dmlydGR9IGlzIHRoZSBzZXJ2ZXIgc2lkZSBkYWVtb24gY29tcG9uZW50IG9mIHRoZSBsaWJ2aXJ0 Cit2aXJ0dWFsaXphdGlvbiBtYW5hZ2VtZW50IHN5c3RlbS4gVGhpcyBkYWVtb24gcnVucyBvbiBo b3N0IHNlcnZlcnMKK2FuZCBwZXJmb3JtcyByZXF1aXJlZCBtYW5hZ2VtZW50IHRhc2tzIGZvciB2 aXJ0dWFsaXplZCBndWVzdHMuCisKK0BkZWZmbiB7U2NoZW1lIFZhcmlhYmxlfSBsaWJ2aXJ0LXNl cnZpY2UtdHlwZQorVGhpcyBpcyB0aGUgdHlwZSBvZiB0aGUgQHVyZWZ7aHR0cHM6Ly9saWJ2aXJ0 Lm9yZywgbGlidmlydCBkYWVtb259LgorSXRzIHZhbHVlIG11c3QgYmUgYSBAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259LgorCitAZXhhbXBsZQorKHNlcnZpY2UgbGlidmlydC1zZXJ2aWNlLXR5 cGUKKyAgICAgICAgIChsaWJ2aXJ0LWNvbmZpZ3VyYXRpb24KKyAgICAgICAgICAodW5peC1zb2Nr LWdyb3VwICJsaWJ2aXJ0IikKKyAgICAgICAgICAodGxzLXBvcnQgIjE2NTU1IikpKQorQGVuZCBl eGFtcGxlCitAZW5kIGRlZmZuCisKK0BjIEF1dG8tZ2VuZXJhdGVkIHdpdGggKGdlbmVyYXRlLWxp YnZpcnQtZG9jdW1lbnRhdGlvbikKK0F2YWlsYWJsZSBAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRp b259IGZpZWxkcyBhcmU6CisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlv bn0gcGFyYW1ldGVyfSBwYWNrYWdlIGxpYnZpcnQKK0xpYnZpcnQgcGFja2FnZS4KKworQGVuZCBk ZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJh bWV0ZXJ9IGJvb2xlYW4gbGlzdGVuLXRscz8KK0ZsYWcgbGlzdGVuaW5nIGZvciBzZWN1cmUgVExT IGNvbm5lY3Rpb25zIG9uIHRoZSBwdWJsaWMgVENQL0lQIHBvcnQuCittdXN0IHNldCBAY29kZXts aXN0ZW59IGZvciB0aGlzIHRvIGhhdmUgYW55IGVmZmVjdC4KKworSXQgaXMgbmVjZXNzYXJ5IHRv IHNldHVwIGEgQ0EgYW5kIGlzc3VlIHNlcnZlciBjZXJ0aWZpY2F0ZXMgYmVmb3JlIHVzaW5nCit0 aGlzIGNhcGFiaWxpdHkuCisKK0RlZmF1bHRzIHRvIEBzYW1weyN0fS4KKworQGVuZCBkZWZ0eXBl dnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9 IGJvb2xlYW4gbGlzdGVuLXRjcD8KK0xpc3RlbiBmb3IgdW5lbmNyeXB0ZWQgVENQIGNvbm5lY3Rp b25zIG9uIHRoZSBwdWJsaWMgVENQL0lQIHBvcnQuICBtdXN0CitzZXQgQGNvZGV7bGlzdGVufSBm b3IgdGhpcyB0byBoYXZlIGFueSBlZmZlY3QuCisKK1VzaW5nIHRoZSBUQ1Agc29ja2V0IHJlcXVp cmVzIFNBU0wgYXV0aGVudGljYXRpb24gYnkgZGVmYXVsdC4gIE9ubHkgU0FTTAorbWVjaGFuaXNt cyB3aGljaCBzdXBwb3J0IGRhdGEgZW5jcnlwdGlvbiBhcmUgYWxsb3dlZC4gIFRoaXMgaXMKK0RJ R0VTVF9NRDUgYW5kIEdTU0FQSSAoS2VyYmVyb3M1KQorCitEZWZhdWx0cyB0byBAc2FtcHsjZn0u CisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJh dGlvbn0gcGFyYW1ldGVyfSBzdHJpbmcgdGxzLXBvcnQKK1BvcnQgZm9yIGFjY2VwdGluZyBzZWN1 cmUgVExTIGNvbm5lY3Rpb25zIFRoaXMgY2FuIGJlIGEgcG9ydCBudW1iZXIsIG9yCitzZXJ2aWNl IG5hbWUKKworRGVmYXVsdHMgdG8gQHNhbXB7IjE2NTE0In0uCisKK0BlbmQgZGVmdHlwZXZyCisK K0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBzdHJp bmcgdGNwLXBvcnQKK1BvcnQgZm9yIGFjY2VwdGluZyBpbnNlY3VyZSBUQ1AgY29ubmVjdGlvbnMg VGhpcyBjYW4gYmUgYSBwb3J0IG51bWJlciwKK29yIHNlcnZpY2UgbmFtZQorCitEZWZhdWx0cyB0 byBAc2FtcHsiMTY1MDkifS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7 bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBsaXN0ZW4tYWRkcgorSVAg YWRkcmVzcyBvciBob3N0bmFtZSB1c2VkIGZvciBjbGllbnQgY29ubmVjdGlvbnMuCisKK0RlZmF1 bHRzIHRvIEBzYW1weyIwLjAuMC4wIn0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIg e0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBib29sZWFuIG1kbnMtYWR2 PworRmxhZyB0b2dnbGluZyBtRE5TIGFkdmVydGlzZW1lbnQgb2YgdGhlIGxpYnZpcnQgc2Vydmlj ZS4KKworQWx0ZXJuYXRpdmVseSBjYW4gZGlzYWJsZSBmb3IgYWxsIHNlcnZpY2VzIG9uIGEgaG9z dCBieSBzdG9wcGluZyB0aGUKK0F2YWhpIGRhZW1vbi4KKworRGVmYXVsdHMgdG8gQHNhbXB7I2Z9 LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3Vy YXRpb259IHBhcmFtZXRlcn0gc3RyaW5nIG1kbnMtbmFtZQorRGVmYXVsdCBtRE5TIGFkdmVydGlz ZW1lbnQgbmFtZS4gIFRoaXMgbXVzdCBiZSB1bmlxdWUgb24gdGhlIGltbWVkaWF0ZQorYnJvYWRj YXN0IG5ldHdvcmsuCisKK0RlZmF1bHRzIHRvIEBzYW1weyJWaXJ0dWFsaXphdGlvbiBIb3N0IDxo b3N0bmFtZT4ifS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmly dC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyB1bml4LXNvY2stZ3JvdXAKK1VOSVgg ZG9tYWluIHNvY2tldCBncm91cCBvd25lcnNoaXAuICBUaGlzIGNhbiBiZSB1c2VkIHRvIGFsbG93 IGEKKyd0cnVzdGVkJyBzZXQgb2YgdXNlcnMgYWNjZXNzIHRvIG1hbmFnZW1lbnQgY2FwYWJpbGl0 aWVzIHdpdGhvdXQKK2JlY29taW5nIHJvb3QuCisKK0RlZmF1bHRzIHRvIEBzYW1weyJyb290In0u CisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJh dGlvbn0gcGFyYW1ldGVyfSBzdHJpbmcgdW5peC1zb2NrLXJvLXBlcm1zCitVTklYIHNvY2tldCBw ZXJtaXNzaW9ucyBmb3IgdGhlIFIvTyBzb2NrZXQuICBUaGlzIGlzIHVzZWQgZm9yIG1vbml0b3Jp bmcKK1ZNIHN0YXR1cyBvbmx5LgorCitEZWZhdWx0cyB0byBAc2FtcHsiMDc3NyJ9LgorCitAZW5k IGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBh cmFtZXRlcn0gc3RyaW5nIHVuaXgtc29jay1ydy1wZXJtcworVU5JWCBzb2NrZXQgcGVybWlzc2lv bnMgZm9yIHRoZSBSL1cgc29ja2V0LiAgRGVmYXVsdCBhbGxvd3Mgb25seSByb290LgorSWYgUG9s aWN5S2l0IGlzIGVuYWJsZWQgb24gdGhlIHNvY2tldCwgdGhlIGRlZmF1bHQgd2lsbCBjaGFuZ2Ug dG8gYWxsb3cKK2V2ZXJ5b25lIChlZywgMDc3NykKKworRGVmYXVsdHMgdG8gQHNhbXB7IjA3NzAi fS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1 cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyB1bml4LXNvY2stYWRtaW4tcGVybXMKK1VOSVggc29j a2V0IHBlcm1pc3Npb25zIGZvciB0aGUgYWRtaW4gc29ja2V0LiAgRGVmYXVsdCBhbGxvd3Mgb25s eSBvd25lcgorKHJvb3QpLCBkbyBub3QgY2hhbmdlIGl0IHVubGVzcyB5b3UgYXJlIHN1cmUgdG8g d2hvbSB5b3UgYXJlIGV4cG9zaW5nCit0aGUgYWNjZXNzIHRvLgorCitEZWZhdWx0cyB0byBAc2Ft cHsiMDc3NyJ9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gc3RyaW5nIHVuaXgtc29jay1kaXIKK1RoZSBkaXJl Y3RvcnkgaW4gd2hpY2ggc29ja2V0cyB3aWxsIGJlIGZvdW5kL2NyZWF0ZWQuCisKK0RlZmF1bHRz IHRvIEBzYW1weyIvdmFyL3J1bi9saWJ2aXJ0In0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0 eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBzdHJpbmcgYXV0 aC11bml4LXJvCitBdXRoZW50aWNhdGlvbiBzY2hlbWUgZm9yIFVOSVggcmVhZC1vbmx5IHNvY2tl dHMuICBCeSBkZWZhdWx0IHNvY2tldAorcGVybWlzc2lvbnMgYWxsb3cgYW55b25lIHRvIGNvbm5l Y3QKKworRGVmYXVsdHMgdG8gQHNhbXB7InBvbGtpdCJ9LgorCitAZW5kIGRlZnR5cGV2cgorCitA ZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gc3RyaW5n IGF1dGgtdW5peC1ydworQXV0aGVudGljYXRpb24gc2NoZW1lIGZvciBVTklYIHJlYWQtd3JpdGUg c29ja2V0cy4gIEJ5IGRlZmF1bHQgc29ja2V0CitwZXJtaXNzaW9ucyBvbmx5IGFsbG93IHJvb3Qu ICBJZiBQb2xpY3lLaXQgc3VwcG9ydCB3YXMgY29tcGlsZWQgaW50bworbGlidmlydCwgdGhlIGRl ZmF1bHQgd2lsbCBiZSB0byB1c2UgJ3BvbGtpdCcgYXV0aC4KKworRGVmYXVsdHMgdG8gQHNhbXB7 InBvbGtpdCJ9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gc3RyaW5nIGF1dGgtdGNwCitBdXRoZW50aWNhdGlv biBzY2hlbWUgZm9yIFRDUCBzb2NrZXRzLiAgSWYgeW91IGRvbid0IGVuYWJsZSBTQVNMLCB0aGVu CithbGwgVENQIHRyYWZmaWMgaXMgY2xlYXJ0ZXh0LiAgRG9uJ3QgZG8gdGhpcyBvdXRzaWRlIG9m IGEgZGV2L3Rlc3QKK3NjZW5hcmlvLgorCitEZWZhdWx0cyB0byBAc2FtcHsic2FzbCJ9LgorCitA ZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259 IHBhcmFtZXRlcn0gc3RyaW5nIGF1dGgtdGxzCitBdXRoZW50aWNhdGlvbiBzY2hlbWUgZm9yIFRM UyBzb2NrZXRzLiAgVExTIHNvY2tldHMgYWxyZWFkeSBoYXZlCitlbmNyeXB0aW9uIHByb3ZpZGVk IGJ5IHRoZSBUTFMgbGF5ZXIsIGFuZCBsaW1pdGVkIGF1dGhlbnRpY2F0aW9uIGlzIGRvbmUKK2J5 IGNlcnRpZmljYXRlcy4KKworSXQgaXMgcG9zc2libGUgdG8gbWFrZSB1c2Ugb2YgYW55IFNBU0wg YXV0aGVudGljYXRpb24gbWVjaGFuaXNtIGFzIHdlbGwsCitieSB1c2luZyAnc2FzbCcgZm9yIHRo aXMgb3B0aW9uCisKK0RlZmF1bHRzIHRvIEBzYW1weyJub25lIn0uCisKK0BlbmQgZGVmdHlwZXZy CisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBv cHRpb25hbC1saXN0IGFjY2Vzcy1kcml2ZXJzCitBUEkgYWNjZXNzIGNvbnRyb2wgc2NoZW1lLgor CitCeSBkZWZhdWx0IGFuIGF1dGhlbnRpY2F0ZWQgdXNlciBpcyBhbGxvd2VkIGFjY2VzcyB0byBh bGwgQVBJcy4gIEFjY2VzcworZHJpdmVycyBjYW4gcGxhY2UgcmVzdHJpY3Rpb25zIG9uIHRoaXMu CisKK0RlZmF1bHRzIHRvIEBzYW1weygpfS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2 ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBrZXktZmls ZQorU2VydmVyIGtleSBmaWxlIHBhdGguICBJZiBzZXQgdG8gYW4gZW1wdHkgc3RyaW5nLCB0aGVu IG5vIHByaXZhdGUga2V5IGlzCitsb2FkZWQuCisKK0RlZmF1bHRzIHRvIEBzYW1weyIifS4KKwor QGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9u fSBwYXJhbWV0ZXJ9IHN0cmluZyBjZXJ0LWZpbGUKK1NlcnZlciBrZXkgZmlsZSBwYXRoLiAgSWYg c2V0IHRvIGFuIGVtcHR5IHN0cmluZywgdGhlbiBubyBjZXJ0aWZpY2F0ZSBpcworbG9hZGVkLgor CitEZWZhdWx0cyB0byBAc2FtcHsiIn0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIg e0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBzdHJpbmcgY2EtZmlsZQor U2VydmVyIGtleSBmaWxlIHBhdGguICBJZiBzZXQgdG8gYW4gZW1wdHkgc3RyaW5nLCB0aGVuIG5v IENBIGNlcnRpZmljYXRlCitpcyBsb2FkZWQuCisKK0RlZmF1bHRzIHRvIEBzYW1weyIifS4KKwor QGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9u fSBwYXJhbWV0ZXJ9IHN0cmluZyBjcmwtZmlsZQorQ2VydGlmaWNhdGUgcmV2b2NhdGlvbiBsaXN0 IHBhdGguICBJZiBzZXQgdG8gYW4gZW1wdHkgc3RyaW5nLCB0aGVuIG5vCitDUkwgaXMgbG9hZGVk LgorCitEZWZhdWx0cyB0byBAc2FtcHsiIn0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBl dnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBib29sZWFuIHRscy1u by1zYW5pdHktY2VydAorRGlzYWJsZSB2ZXJpZmljYXRpb24gb2Ygb3VyIG93biBzZXJ2ZXIgY2Vy dGlmaWNhdGVzLgorCitXaGVuIGxpYnZpcnRkIHN0YXJ0cyBpdCBwZXJmb3JtcyBzb21lIHNhbml0 eSBjaGVja3MgYWdhaW5zdCBpdHMgb3duCitjZXJ0aWZpY2F0ZXMuCisKK0RlZmF1bHRzIHRvIEBz YW1weyNmfS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1j b25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IGJvb2xlYW4gdGxzLW5vLXZlcmlmeS1jZXJ0CitEaXNh YmxlIHZlcmlmaWNhdGlvbiBvZiBjbGllbnQgY2VydGlmaWNhdGVzLgorCitDbGllbnQgY2VydGlm aWNhdGUgdmVyaWZpY2F0aW9uIGlzIHRoZSBwcmltYXJ5IGF1dGhlbnRpY2F0aW9uIG1lY2hhbmlz bS4KK0FueSBjbGllbnQgd2hpY2ggZG9lcyBub3QgcHJlc2VudCBhIGNlcnRpZmljYXRlIHNpZ25l ZCBieSB0aGUgQ0Egd2lsbCBiZQorcmVqZWN0ZWQuCisKK0RlZmF1bHRzIHRvIEBzYW1weyNmfS4K KworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0 aW9ufSBwYXJhbWV0ZXJ9IG9wdGlvbmFsLWxpc3QgdGxzLWFsbG93ZWQtZG4tbGlzdAorV2hpdGVs aXN0IG9mIGFsbG93ZWQgeDUwOSBEaXN0aW5ndWlzaGVkIE5hbWUuCisKK0RlZmF1bHRzIHRvIEBz YW1weygpfS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1j b25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IG9wdGlvbmFsLWxpc3Qgc2FzbC1hbGxvd2VkLXVzZXJu YW1lcworV2hpdGVsaXN0IG9mIGFsbG93ZWQgU0FTTCB1c2VybmFtZXMuICBUaGUgZm9ybWF0IGZv ciB1c2VybmFtZSBkZXBlbmRzIG9uCit0aGUgU0FTTCBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc20u CisKK0RlZmF1bHRzIHRvIEBzYW1weygpfS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2 ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyB0bHMtcHJp b3JpdHkKK092ZXJyaWRlIHRoZSBjb21waWxlIHRpbWUgZGVmYXVsdCBUTFMgcHJpb3JpdHkgc3Ry aW5nLiAgVGhlIGRlZmF1bHQgaXMKK3VzdWFsbHkgIk5PUk1BTCIgdW5sZXNzIG92ZXJyaWRkZW4g YXQgYnVpbGQgdGltZS4gIE9ubHkgc2V0IHRoaXMgaXMgaXQKK2lzIGRlc2lyZWQgZm9yIGxpYnZp cnQgdG8gZGV2aWF0ZSBmcm9tIHRoZSBnbG9iYWwgZGVmYXVsdCBzZXR0aW5ncy4KKworRGVmYXVs dHMgdG8gQHNhbXB7Ik5PUk1BTCJ9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtA Y29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBtYXgtY2xpZW50 cworTWF4aW11bSBudW1iZXIgb2YgY29uY3VycmVudCBjbGllbnQgY29ubmVjdGlvbnMgdG8gYWxs b3cgb3ZlciBhbGwKK3NvY2tldHMgY29tYmluZWQuCisKK0RlZmF1bHRzIHRvIEBzYW1wezUwMDB9 LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3Vy YXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBtYXgtcXVldWVkLWNsaWVudHMKK01heGltdW0gbGVu Z3RoIG9mIHF1ZXVlIG9mIGNvbm5lY3Rpb25zIHdhaXRpbmcgdG8gYmUgYWNjZXB0ZWQgYnkgdGhl CitkYWVtb24uICBOb3RlLCB0aGF0IHNvbWUgcHJvdG9jb2xzIHN1cHBvcnRpbmcgcmV0cmFuc21p c3Npb24gbWF5IG9iZXkKK3RoaXMgc28gdGhhdCBhIGxhdGVyIHJlYXR0ZW1wdCBhdCBjb25uZWN0 aW9uIHN1Y2NlZWRzLgorCitEZWZhdWx0cyB0byBAc2FtcHsxMDAwfS4KKworQGVuZCBkZWZ0eXBl dnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9 IGludGVnZXIgbWF4LWFub255bW91cy1jbGllbnRzCitNYXhpbXVtIGxlbmd0aCBvZiBxdWV1ZSBv ZiBhY2NlcHRlZCBidXQgbm90IHlldCBhdXRoZW50aWNhdGVkIGNsaWVudHMuCitTZXQgdGhpcyB0 byB6ZXJvIHRvIHR1cm4gdGhpcyBmZWF0dXJlIG9mZgorCitEZWZhdWx0cyB0byBAc2FtcHsyMH0u CisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJh dGlvbn0gcGFyYW1ldGVyfSBpbnRlZ2VyIG1pbi13b3JrZXJzCitOdW1iZXIgb2Ygd29ya2VycyB0 byBzdGFydCB1cCBpbml0aWFsbHkuCisKK0RlZmF1bHRzIHRvIEBzYW1wezV9LgorCitAZW5kIGRl ZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBhcmFt ZXRlcn0gaW50ZWdlciBtYXgtd29ya2VycworTWF4aW11bSBudW1iZXIgb2Ygd29ya2VyIHRocmVh ZHMuCisKK0lmIHRoZSBudW1iZXIgb2YgYWN0aXZlIGNsaWVudHMgZXhjZWVkcyBAY29kZXttaW4t d29ya2Vyc30sIHRoZW4gbW9yZQordGhyZWFkcyBhcmUgc3Bhd25lZCwgdXAgdG8gbWF4X3dvcmtl cnMgbGltaXQuICBUeXBpY2FsbHkgeW91J2Qgd2FudAorbWF4X3dvcmtlcnMgdG8gZXF1YWwgbWF4 aW11bSBudW1iZXIgb2YgY2xpZW50cyBhbGxvd2VkLgorCitEZWZhdWx0cyB0byBAc2FtcHsyMH0u CisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJh dGlvbn0gcGFyYW1ldGVyfSBpbnRlZ2VyIHByaW8td29ya2VycworTnVtYmVyIG9mIHByaW9yaXR5 IHdvcmtlcnMuICBJZiBhbGwgd29ya2VycyBmcm9tIGFib3ZlIHBvb2wgYXJlIHN0dWNrLAorc29t ZSBjYWxscyBtYXJrZWQgYXMgaGlnaCBwcmlvcml0eSAobm90YWJseSBkb21haW5EZXN0cm95KSBj YW4gYmUKK2V4ZWN1dGVkIGluIHRoaXMgcG9vbC4KKworRGVmYXVsdHMgdG8gQHNhbXB7NX0uCisK K0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlv bn0gcGFyYW1ldGVyfSBpbnRlZ2VyIG1heC1yZXF1ZXN0cworVG90YWwgZ2xvYmFsIGxpbWl0IG9u IGNvbmN1cnJlbnQgUlBDIGNhbGxzLgorCitEZWZhdWx0cyB0byBAc2FtcHsyMH0uCisKK0BlbmQg ZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFy YW1ldGVyfSBpbnRlZ2VyIG1heC1jbGllbnQtcmVxdWVzdHMKK0xpbWl0IG9uIGNvbmN1cnJlbnQg cmVxdWVzdHMgZnJvbSBhIHNpbmdsZSBjbGllbnQgY29ubmVjdGlvbi4gIFRvIGF2b2lkCitvbmUg Y2xpZW50IG1vbm9wb2xpemluZyB0aGUgc2VydmVyIHRoaXMgc2hvdWxkIGJlIGEgc21hbGwgZnJh Y3Rpb24gb2YKK3RoZSBnbG9iYWwgbWF4X3JlcXVlc3RzIGFuZCBtYXhfd29ya2VycyBwYXJhbWV0 ZXIuCisKK0RlZmF1bHRzIHRvIEBzYW1wezV9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlw ZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBhZG1p bi1taW4td29ya2VycworU2FtZSBhcyBAY29kZXttaW4td29ya2Vyc30gYnV0IGZvciB0aGUgYWRt aW4gaW50ZXJmYWNlLgorCitEZWZhdWx0cyB0byBAc2FtcHsxfS4KKworQGVuZCBkZWZ0eXBldnIK KworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IGlu dGVnZXIgYWRtaW4tbWF4LXdvcmtlcnMKK1NhbWUgYXMgQGNvZGV7bWF4LXdvcmtlcnN9IGJ1dCBm b3IgdGhlIGFkbWluIGludGVyZmFjZS4KKworRGVmYXVsdHMgdG8gQHNhbXB7NX0uCisKK0BlbmQg ZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFy YW1ldGVyfSBpbnRlZ2VyIGFkbWluLW1heC1jbGllbnRzCitTYW1lIGFzIEBjb2Rle21heC1jbGll bnRzfSBidXQgZm9yIHRoZSBhZG1pbiBpbnRlcmZhY2UuCisKK0RlZmF1bHRzIHRvIEBzYW1wezV9 LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3Vy YXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBhZG1pbi1tYXgtcXVldWVkLWNsaWVudHMKK1NhbWUg YXMgQGNvZGV7bWF4LXF1ZXVlZC1jbGllbnRzfSBidXQgZm9yIHRoZSBhZG1pbiBpbnRlcmZhY2Uu CisKK0RlZmF1bHRzIHRvIEBzYW1wezV9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZy IHtAY29kZXtsaWJ2aXJ0LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBhZG1pbi1t YXgtY2xpZW50LXJlcXVlc3RzCitTYW1lIGFzIEBjb2Rle21heC1jbGllbnQtcmVxdWVzdHN9IGJ1 dCBmb3IgdGhlIGFkbWluIGludGVyZmFjZS4KKworRGVmYXVsdHMgdG8gQHNhbXB7NX0uCisKK0Bl bmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0g cGFyYW1ldGVyfSBpbnRlZ2VyIGxvZy1sZXZlbAorTG9nZ2luZyBsZXZlbC4gIDQgZXJyb3JzLCAz IHdhcm5pbmdzLCAyIGluZm9ybWF0aW9uLCAxIGRlYnVnLgorCitEZWZhdWx0cyB0byBAc2FtcHsz fS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1 cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBsb2ctZmlsdGVycworTG9nZ2luZyBmaWx0ZXJzLgor CitBIGZpbHRlciBhbGxvd3MgdG8gc2VsZWN0IGEgZGlmZmVyZW50IGxvZ2dpbmcgbGV2ZWwgZm9y IGEgZ2l2ZW4gY2F0ZWdvcnkKK29mIGxvZ3MgVGhlIGZvcm1hdCBmb3IgYSBmaWx0ZXIgaXMgb25l IG9mOgorCitAaXRlbWl6ZSBAYnVsbGV0CitAaXRlbQoreDpuYW1lCisKK0BpdGVtCit4OituYW1l CisKK0BlbmQgaXRlbWl6ZQorCit3aGVyZSBAY29kZXtuYW1lfSBpcyBhIHN0cmluZyB3aGljaCBp cyBtYXRjaGVkIGFnYWluc3QgdGhlIGNhdGVnb3J5CitnaXZlbiBpbiB0aGUgQGNvZGV7VklSX0xP R19JTklUKCl9IGF0IHRoZSB0b3Agb2YgZWFjaCBsaWJ2aXJ0IHNvdXJjZQorZmlsZSwgZS5nLiwg InJlbW90ZSIsICJxZW11Iiwgb3IgInV0aWwuanNvbiIgKHRoZSBuYW1lIGluIHRoZSBmaWx0ZXIg Y2FuCitiZSBhIHN1YnN0cmluZyBvZiB0aGUgZnVsbCBjYXRlZ29yeSBuYW1lLCBpbiBvcmRlciB0 byBtYXRjaCBtdWx0aXBsZQorc2ltaWxhciBjYXRlZ29yaWVzKSwgdGhlIG9wdGlvbmFsICIrIiBw cmVmaXggdGVsbHMgbGlidmlydCB0byBsb2cgc3RhY2sKK3RyYWNlIGZvciBlYWNoIG1lc3NhZ2Ug bWF0Y2hpbmcgbmFtZSwgYW5kIEBjb2Rle3h9IGlzIHRoZSBtaW5pbWFsIGxldmVsCit3aGVyZSBt YXRjaGluZyBtZXNzYWdlcyBzaG91bGQgYmUgbG9nZ2VkOgorCitAaXRlbWl6ZSBAYnVsbGV0CitA aXRlbQorMTogREVCVUcKKworQGl0ZW0KKzI6IElORk8KKworQGl0ZW0KKzM6IFdBUk5JTkcKKwor QGl0ZW0KKzQ6IEVSUk9SCisKK0BlbmQgaXRlbWl6ZQorCitNdWx0aXBsZSBmaWx0ZXJzIGNhbiBi ZSBkZWZpbmVkIGluIGEgc2luZ2xlIGZpbHRlcnMgc3RhdGVtZW50LCB0aGV5IGp1c3QKK25lZWQg dG8gYmUgc2VwYXJhdGVkIGJ5IHNwYWNlcy4KKworRGVmYXVsdHMgdG8gQHNhbXB7IjM6cmVtb3Rl IDQ6ZXZlbnQifS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmly dC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBsb2ctb3V0cHV0cworTG9nZ2luZyBv dXRwdXRzLgorCitBbiBvdXRwdXQgaXMgb25lIG9mIHRoZSBwbGFjZXMgdG8gc2F2ZSBsb2dnaW5n IGluZm9ybWF0aW9uIFRoZSBmb3JtYXQKK2ZvciBhbiBvdXRwdXQgY2FuIGJlOgorCitAdGFibGUg QGNvZGUKK0BpdGVtIHg6c3RkZXJyCitvdXRwdXQgZ29lcyB0byBzdGRlcnIKKworQGl0ZW0geDpz eXNsb2c6bmFtZQordXNlIHN5c2xvZyBmb3IgdGhlIG91dHB1dCBhbmQgdXNlIHRoZSBnaXZlbiBu YW1lIGFzIHRoZSBpZGVudAorCitAaXRlbSB4OmZpbGU6ZmlsZV9wYXRoCitvdXRwdXQgdG8gYSBm aWxlLCB3aXRoIHRoZSBnaXZlbiBmaWxlcGF0aAorCitAaXRlbSB4OmpvdXJuYWxkCitvdXRwdXQg dG8gam91cm5hbGQgbG9nZ2luZyBzeXN0ZW0KKworQGVuZCB0YWJsZQorCitJbiBhbGwgY2FzZSB0 aGUgeCBwcmVmaXggaXMgdGhlIG1pbmltYWwgbGV2ZWwsIGFjdGluZyBhcyBhIGZpbHRlcgorCitA aXRlbWl6ZSBAYnVsbGV0CitAaXRlbQorMTogREVCVUcKKworQGl0ZW0KKzI6IElORk8KKworQGl0 ZW0KKzM6IFdBUk5JTkcKKworQGl0ZW0KKzQ6IEVSUk9SCisKK0BlbmQgaXRlbWl6ZQorCitNdWx0 aXBsZSBvdXRwdXRzIGNhbiBiZSBkZWZpbmVkLCB0aGV5IGp1c3QgbmVlZCB0byBiZSBzZXBhcmF0 ZWQgYnkKK3NwYWNlcy4KKworRGVmYXVsdHMgdG8gQHNhbXB7IjM6c3RkZXJyIn0uCisKK0BlbmQg ZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmlndXJhdGlvbn0gcGFy YW1ldGVyfSBpbnRlZ2VyIGF1ZGl0LWxldmVsCitBbGxvd3MgdXNhZ2Ugb2YgdGhlIGF1ZGl0aW5n IHN1YnN5c3RlbSB0byBiZSBhbHRlcmVkCisKK0BpdGVtaXplIEBidWxsZXQKK0BpdGVtCiswOiBk aXNhYmxlIGFsbCBhdWRpdGluZworCitAaXRlbQorMTogZW5hYmxlIGF1ZGl0aW5nLCBvbmx5IGlm IGVuYWJsZWQgb24gaG9zdAorCitAaXRlbQorMjogZW5hYmxlIGF1ZGl0aW5nLCBhbmQgZXhpdCBp ZiBkaXNhYmxlZCBvbiBob3N0LgorCitAZW5kIGl0ZW1pemUKKworRGVmYXVsdHMgdG8gQHNhbXB7 MX0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle2xpYnZpcnQtY29uZmln dXJhdGlvbn0gcGFyYW1ldGVyfSBib29sZWFuIGF1ZGl0LWxvZ2dpbmcKK1NlbmQgYXVkaXQgbWVz c2FnZXMgdmlhIGxpYnZpcnQgbG9nZ2luZyBpbmZyYXN0cnVjdHVyZS4KKworRGVmYXVsdHMgdG8g QHNhbXB7I2Z9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gb3B0aW9uYWwtc3RyaW5nIGhvc3QtdXVpZAorSG9z dCBVVUlELiAgVVVJRCBtdXN0IG5vdCBoYXZlIGFsbCBkaWdpdHMgYmUgdGhlIHNhbWUuCisKK0Rl ZmF1bHRzIHRvIEBzYW1weyIifS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNv ZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBob3N0LXV1aWQtc291 cmNlCitTb3VyY2UgdG8gcmVhZCBob3N0IFVVSUQuCisKK0BpdGVtaXplIEBidWxsZXQKK0BpdGVt CitAY29kZXtzbWJpb3N9OiBmZXRjaCB0aGUgVVVJRCBmcm9tIEBjb2Rle2RtaWRlY29kZSAtcyBz eXN0ZW0tdXVpZH0KKworQGl0ZW0KK0Bjb2Rle21hY2hpbmUtaWR9OiBmZXRjaCB0aGUgVVVJRCBm cm9tIEBjb2Rley9ldGMvbWFjaGluZS1pZH0KKworQGVuZCBpdGVtaXplCisKK0lmIEBjb2Rle2Rt aWRlY29kZX0gZG9lcyBub3QgcHJvdmlkZSBhIHZhbGlkIFVVSUQgYSB0ZW1wb3JhcnkgVVVJRCB3 aWxsCitiZSBnZW5lcmF0ZWQuCisKK0RlZmF1bHRzIHRvIEBzYW1weyJzbWJpb3MifS4KKworQGVu ZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBw YXJhbWV0ZXJ9IGludGVnZXIga2VlcGFsaXZlLWludGVydmFsCitBIGtlZXBhbGl2ZSBtZXNzYWdl IGlzIHNlbnQgdG8gYSBjbGllbnQgYWZ0ZXIgQGNvZGV7a2VlcGFsaXZlX2ludGVydmFsfQorc2Vj b25kcyBvZiBpbmFjdGl2aXR5IHRvIGNoZWNrIGlmIHRoZSBjbGllbnQgaXMgc3RpbGwgcmVzcG9u ZGluZy4gIElmCitzZXQgdG8gLTEsIGxpYnZpcnRkIHdpbGwgbmV2ZXIgc2VuZCBrZWVwYWxpdmUg cmVxdWVzdHM7IGhvd2V2ZXIgY2xpZW50cworY2FuIHN0aWxsIHNlbmQgdGhlbSBhbmQgdGhlIGRh ZW1vbiB3aWxsIHNlbmQgcmVzcG9uc2VzLgorCitEZWZhdWx0cyB0byBAc2FtcHs1fS4KKworQGVu ZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7bGlidmlydC1jb25maWd1cmF0aW9ufSBw YXJhbWV0ZXJ9IGludGVnZXIga2VlcGFsaXZlLWNvdW50CitNYXhpbXVtIG51bWJlciBvZiBrZWVw YWxpdmUgbWVzc2FnZXMgdGhhdCBhcmUgYWxsb3dlZCB0byBiZSBzZW50IHRvIHRoZQorY2xpZW50 IHdpdGhvdXQgZ2V0dGluZyBhbnkgcmVzcG9uc2UgYmVmb3JlIHRoZSBjb25uZWN0aW9uIGlzIGNv bnNpZGVyZWQKK2Jyb2tlbi4KKworSW4gb3RoZXIgd29yZHMsIHRoZSBjb25uZWN0aW9uIGlzIGF1 dG9tYXRpY2FsbHkgY2xvc2VkIGFwcHJveGltYXRlbHkKK2FmdGVyIEBjb2Rle2tlZXBhbGl2ZV9p bnRlcnZhbCAqIChrZWVwYWxpdmVfY291bnQgKyAxKX0gc2Vjb25kcyBzaW5jZQordGhlIGxhc3Qg bWVzc2FnZSByZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQuICBXaGVuIEBjb2Rle2tlZXBhbGl2ZS1j b3VudH0KK2lzIHNldCB0byAwLCBjb25uZWN0aW9ucyB3aWxsIGJlIGF1dG9tYXRpY2FsbHkgY2xv c2VkIGFmdGVyCitAY29kZXtrZWVwYWxpdmUtaW50ZXJ2YWx9IHNlY29uZHMgb2YgaW5hY3Rpdml0 eSB3aXRob3V0IHNlbmRpbmcgYW55CitrZWVwYWxpdmUgbWVzc2FnZXMuCisKK0RlZmF1bHRzIHRv IEBzYW1wezV9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBhZG1pbi1rZWVwYWxpdmUtaW50ZXJ2 YWwKK1NhbWUgYXMgYWJvdmUgYnV0IGZvciBhZG1pbiBpbnRlcmZhY2UuCisKK0RlZmF1bHRzIHRv IEBzYW1wezV9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0 LWNvbmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBhZG1pbi1rZWVwYWxpdmUtY291bnQK K1NhbWUgYXMgYWJvdmUgYnV0IGZvciBhZG1pbiBpbnRlcmZhY2UuCisKK0RlZmF1bHRzIHRvIEBz YW1wezV9LgorCitAZW5kIGRlZnR5cGV2cgorCitAZGVmdHlwZXZyIHtAY29kZXtsaWJ2aXJ0LWNv bmZpZ3VyYXRpb259IHBhcmFtZXRlcn0gaW50ZWdlciBvdnMtdGltZW91dAorVGltZW91dCBmb3Ig T3BlbiB2U3dpdGNoIGNhbGxzLgorCitUaGUgQGNvZGV7b3ZzLXZzY3RsfSB1dGlsaXR5IGlzIHVz ZWQgZm9yIHRoZSBjb25maWd1cmF0aW9uIGFuZCBpdHMKK3RpbWVvdXQgb3B0aW9uIGlzIHNldCBi eSBkZWZhdWx0IHRvIDUgc2Vjb25kcyB0byBhdm9pZCBwb3RlbnRpYWwKK2luZmluaXRlIHdhaXRz IGJsb2NraW5nIGxpYnZpcnQuCisKK0RlZmF1bHRzIHRvIEBzYW1wezV9LgorCitAZW5kIGRlZnR5 cGV2cgorCitAYyAlZW5kIG9mIGF1dG9nZW5lcmF0ZWQgZG9jcworCitAc3Vic3ViaGVhZGluZyBW aXJ0bG9nIGRhZW1vbgorVGhlIHZpcnRsb2dkIHNlcnZpY2UgaXMgYSBzZXJ2ZXIgc2lkZSBkYWVt b24gY29tcG9uZW50IG9mIGxpYnZpcnQgdGhhdCBpcwordXNlZCB0byBtYW5hZ2UgbG9ncyBmcm9t IHZpcnR1YWwgbWFjaGluZSBjb25zb2xlcy4KKworVGhpcyBkYWVtb24gaXMgbm90IHVzZWQgZGly ZWN0bHkgYnkgbGlidmlydCBjbGllbnQgYXBwbGljYXRpb25zLCByYXRoZXIgaXQKK2lzIGNhbGxl ZCBvbiB0aGVpciBiZWhhbGYgYnkgQGNvZGV7bGlidmlydGR9LiBCeSBtYWludGFpbmluZyB0aGUg bG9ncyBpbiBhCitzdGFuZGFsb25lIGRhZW1vbiwgdGhlIG1haW4gQGNvZGV7bGlidmlydGR9IGRh ZW1vbiBjYW4gYmUgcmVzdGFydGVkIHdpdGhvdXQKK3Jpc2sgb2YgbG9zaW5nIGxvZ3MuIFRoZSBA Y29kZXt2aXJ0bG9nZH0gZGFlbW9uIGhhcyB0aGUgYWJpbGl0eSB0byByZS1leGVjKCkKK2l0c2Vs ZiB1cG9uIHJlY2VpdmluZyBAY29kZXtTSUdVU1IxfSwgdG8gYWxsb3cgbGl2ZSB1cGdyYWRlcyB3 aXRob3V0IGRvd250aW1lLgorCitAZGVmZm4ge1NjaGVtZSBWYXJpYWJsZX0gdmlydGxvZy1zZXJ2 aWNlLXR5cGUKK1RoaXMgaXMgdGhlIHR5cGUgb2YgdGhlIHZpcnRsb2cgZGFlbW9uLgorSXRzIHZh bHVlIG11c3QgYmUgYSBAY29kZXt2aXJ0bG9nLWNvbmZpZ3VyYXRpb259LgorCitAZXhhbXBsZQor KHNlcnZpY2UgdmlydGxvZy1zZXJ2aWNlLXR5cGUKKyAgICAgICAgICh2aXJ0bG9nLWNvbmZpZ3Vy YXRpb24KKyAgICAgICAgICAobWF4LWNsaWVudHMgMTAwMCkpKQorQGVuZCBleGFtcGxlCitAZW5k IGRlZmZuCisKK0BkZWZ0eXBldnIge0Bjb2Rle3ZpcnRsb2ctY29uZmlndXJhdGlvbn0gcGFyYW1l dGVyfSBpbnRlZ2VyIGxvZy1sZXZlbAorTG9nZ2luZyBsZXZlbC4gIDQgZXJyb3JzLCAzIHdhcm5p bmdzLCAyIGluZm9ybWF0aW9uLCAxIGRlYnVnLgorCitEZWZhdWx0cyB0byBAc2FtcHszfS4KKwor QGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7dmlydGxvZy1jb25maWd1cmF0aW9u fSBwYXJhbWV0ZXJ9IHN0cmluZyBsb2ctZmlsdGVycworTG9nZ2luZyBmaWx0ZXJzLgorCitBIGZp bHRlciBhbGxvd3MgdG8gc2VsZWN0IGEgZGlmZmVyZW50IGxvZ2dpbmcgbGV2ZWwgZm9yIGEgZ2l2 ZW4gY2F0ZWdvcnkKK29mIGxvZ3MgVGhlIGZvcm1hdCBmb3IgYSBmaWx0ZXIgaXMgb25lIG9mOgor CitAaXRlbWl6ZSBAYnVsbGV0CitAaXRlbQoreDpuYW1lCisKK0BpdGVtCit4OituYW1lCisKK0Bl bmQgaXRlbWl6ZQorCit3aGVyZSBAY29kZXtuYW1lfSBpcyBhIHN0cmluZyB3aGljaCBpcyBtYXRj aGVkIGFnYWluc3QgdGhlIGNhdGVnb3J5CitnaXZlbiBpbiB0aGUgQGNvZGV7VklSX0xPR19JTklU KCl9IGF0IHRoZSB0b3Agb2YgZWFjaCBsaWJ2aXJ0IHNvdXJjZQorZmlsZSwgZS5nLiwgInJlbW90 ZSIsICJxZW11Iiwgb3IgInV0aWwuanNvbiIgKHRoZSBuYW1lIGluIHRoZSBmaWx0ZXIgY2FuCiti ZSBhIHN1YnN0cmluZyBvZiB0aGUgZnVsbCBjYXRlZ29yeSBuYW1lLCBpbiBvcmRlciB0byBtYXRj aCBtdWx0aXBsZQorc2ltaWxhciBjYXRlZ29yaWVzKSwgdGhlIG9wdGlvbmFsICIrIiBwcmVmaXgg dGVsbHMgbGlidmlydCB0byBsb2cgc3RhY2sKK3RyYWNlIGZvciBlYWNoIG1lc3NhZ2UgbWF0Y2hp bmcgbmFtZSwgYW5kIEBjb2Rle3h9IGlzIHRoZSBtaW5pbWFsIGxldmVsCit3aGVyZSBtYXRjaGlu ZyBtZXNzYWdlcyBzaG91bGQgYmUgbG9nZ2VkOgorCitAaXRlbWl6ZSBAYnVsbGV0CitAaXRlbQor MTogREVCVUcKKworQGl0ZW0KKzI6IElORk8KKworQGl0ZW0KKzM6IFdBUk5JTkcKKworQGl0ZW0K KzQ6IEVSUk9SCisKK0BlbmQgaXRlbWl6ZQorCitNdWx0aXBsZSBmaWx0ZXJzIGNhbiBiZSBkZWZp bmVkIGluIGEgc2luZ2xlIGZpbHRlcnMgc3RhdGVtZW50LCB0aGV5IGp1c3QKK25lZWQgdG8gYmUg c2VwYXJhdGVkIGJ5IHNwYWNlcy4KKworRGVmYXVsdHMgdG8gQHNhbXB7IjM6cmVtb3RlIDQ6ZXZl bnQifS4KKworQGVuZCBkZWZ0eXBldnIKKworQGRlZnR5cGV2ciB7QGNvZGV7dmlydGxvZy1jb25m aWd1cmF0aW9ufSBwYXJhbWV0ZXJ9IHN0cmluZyBsb2ctb3V0cHV0cworTG9nZ2luZyBvdXRwdXRz LgorCitBbiBvdXRwdXQgaXMgb25lIG9mIHRoZSBwbGFjZXMgdG8gc2F2ZSBsb2dnaW5nIGluZm9y bWF0aW9uIFRoZSBmb3JtYXQKK2ZvciBhbiBvdXRwdXQgY2FuIGJlOgorCitAdGFibGUgQGNvZGUK K0BpdGVtIHg6c3RkZXJyCitvdXRwdXQgZ29lcyB0byBzdGRlcnIKKworQGl0ZW0geDpzeXNsb2c6 bmFtZQordXNlIHN5c2xvZyBmb3IgdGhlIG91dHB1dCBhbmQgdXNlIHRoZSBnaXZlbiBuYW1lIGFz IHRoZSBpZGVudAorCitAaXRlbSB4OmZpbGU6ZmlsZV9wYXRoCitvdXRwdXQgdG8gYSBmaWxlLCB3 aXRoIHRoZSBnaXZlbiBmaWxlcGF0aAorCitAaXRlbSB4OmpvdXJuYWxkCitvdXRwdXQgdG8gam91 cm5hbGQgbG9nZ2luZyBzeXN0ZW0KKworQGVuZCB0YWJsZQorCitJbiBhbGwgY2FzZSB0aGUgeCBw cmVmaXggaXMgdGhlIG1pbmltYWwgbGV2ZWwsIGFjdGluZyBhcyBhIGZpbHRlcgorCitAaXRlbWl6 ZSBAYnVsbGV0CitAaXRlbQorMTogREVCVUcKKworQGl0ZW0KKzI6IElORk8KKworQGl0ZW0KKzM6 IFdBUk5JTkcKKworQGl0ZW0KKzQ6IEVSUk9SCisKK0BlbmQgaXRlbWl6ZQorCitNdWx0aXBsZSBv dXRwdXRzIGNhbiBiZSBkZWZpbmVkLCB0aGV5IGp1c3QgbmVlZCB0byBiZSBzZXBhcmF0ZWQgYnkK K3NwYWNlcy4KKworRGVmYXVsdHMgdG8gQHNhbXB7IjM6c3RkZXJyIn0uCisKK0BlbmQgZGVmdHlw ZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle3ZpcnRsb2ctY29uZmlndXJhdGlvbn0gcGFyYW1ldGVy fSBpbnRlZ2VyIG1heC1jbGllbnRzCitNYXhpbXVtIG51bWJlciBvZiBjb25jdXJyZW50IGNsaWVu dCBjb25uZWN0aW9ucyB0byBhbGxvdyBvdmVyIGFsbAorc29ja2V0cyBjb21iaW5lZC4KKworRGVm YXVsdHMgdG8gQHNhbXB7MTAyNH0uCisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bj b2Rle3ZpcnRsb2ctY29uZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBpbnRlZ2VyIG1heC1zaXplCitN YXhpbXVtIGZpbGUgc2l6ZSBiZWZvcmUgcm9sbGluZyBvdmVyLgorCitEZWZhdWx0cyB0byBAc2Ft cHsyTUJ9CisKK0BlbmQgZGVmdHlwZXZyCisKK0BkZWZ0eXBldnIge0Bjb2Rle3ZpcnRsb2ctY29u ZmlndXJhdGlvbn0gcGFyYW1ldGVyfSBpbnRlZ2VyIG1heC1iYWNrdXBzCitNYXhpbXVtIG51bWJl ciBvZiBiYWNrdXAgZmlsZXMgdG8ga2VlcC4KKworRGVmYXVsdHMgdG8gQHNhbXB7M30KKworQGVu ZCBkZWZ0eXBldnIKKworCiBAbm9kZSBNaXNjZWxsYW5lb3VzIFNlcnZpY2VzCiBAc3Vic3Vic2Vj dGlvbiBNaXNjZWxsYW5lb3VzIFNlcnZpY2VzCiAKZGlmZiAtLWdpdCBhL2dudS9sb2NhbC5tayBi L2dudS9sb2NhbC5tawppbmRleCAxYzYxNThjYmYuLjFiZWMyMjI3ZSAxMDA2NDQKLS0tIGEvZ251 L2xvY2FsLm1rCisrKyBiL2dudS9sb2NhbC5tawpAQCAtNDQwLDYgKzQ0MCw3IEBAIEdOVV9TWVNU RU1fTU9EVUxFUyA9CQkJCVwKICAgJUQlL3NlcnZpY2VzL2Rucy5zY20JCQkJXAogICAlRCUvc2Vy dmljZXMva2VyYmVyb3Muc2NtCQkJXAogICAlRCUvc2VydmljZXMvbGlyYy5zY20JCQkJXAorICAl RCUvc2VydmljZXMvdmlydHVhbGl6YXRpb24uc2NtCQlcCiAgICVEJS9zZXJ2aWNlcy9tYWlsLnNj bQkJCQlcCiAgICVEJS9zZXJ2aWNlcy9tY3Jvbi5zY20JCQlcCiAgICVEJS9zZXJ2aWNlcy9tZXNz YWdpbmcuc2NtCQkJXApkaWZmIC0tZ2l0IGEvZ251L3NlcnZpY2VzL3ZpcnR1YWxpemF0aW9uLnNj bSBiL2dudS9zZXJ2aWNlcy92aXJ0dWFsaXphdGlvbi5zY20KbmV3IGZpbGUgbW9kZSAxMDA2NDQK aW5kZXggMDAwMDAwMDAwLi44NDVjZGIwN2IKLS0tIC9kZXYvbnVsbAorKysgYi9nbnUvc2Vydmlj ZXMvdmlydHVhbGl6YXRpb24uc2NtCkBAIC0wLDAgKzEsNDkyIEBACis7OzsgR05VIEd1aXggLS0t IEZ1bmN0aW9uYWwgcGFja2FnZSBtYW5hZ2VtZW50IGZvciBHTlUKKzs7OyBDb3B5cmlnaHQgwqkg MjAxNyBSeWFuIE1vZSA8cnlhbi5tb2VAZ21haWwuY29tPgorOzs7Cis7OzsgVGhpcyBmaWxlIGlz IHBhcnQgb2YgR05VIEd1aXguCis7OzsKKzs7OyBHTlUgR3VpeCBpcyBmcmVlIHNvZnR3YXJlOyB5 b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5IGl0Cis7OzsgdW5kZXIgdGhlIHRl cm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBhcyBwdWJsaXNoZWQgYnkKKzs7 OyB0aGUgRnJlZSBTb2Z0d2FyZSBGb3VuZGF0aW9uOyBlaXRoZXIgdmVyc2lvbiAzIG9mIHRoZSBM aWNlbnNlLCBvciAoYXQKKzs7OyB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCis7OzsK Kzs7OyBHTlUgR3VpeCBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUg dXNlZnVsLCBidXQKKzs7OyBXSVRIT1VUIEFOWSBXQVJSQU5UWTsgd2l0aG91dCBldmVuIHRoZSBp bXBsaWVkIHdhcnJhbnR5IG9mCis7OzsgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5FU1MgRk9SIEEg UEFSVElDVUxBUiBQVVJQT1NFLiAgU2VlIHRoZQorOzs7IEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNl bnNlIGZvciBtb3JlIGRldGFpbHMuCis7OzsKKzs7OyBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQg YSBjb3B5IG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQorOzs7IGFsb25nIHdpdGgg R05VIEd1aXguICBJZiBub3QsIHNlZSA8aHR0cDovL3d3dy5nbnUub3JnL2xpY2Vuc2VzLz4uCisK KyhkZWZpbmUtbW9kdWxlIChnbnUgc2VydmljZXMgdmlydHVhbGl6YXRpb24pCisgICM6dXNlLW1v ZHVsZSAoZ251IHNlcnZpY2VzKQorICAjOnVzZS1tb2R1bGUgKGdudSBzZXJ2aWNlcyBjb25maWd1 cmF0aW9uKQorICAjOnVzZS1tb2R1bGUgKGdudSBzZXJ2aWNlcyBiYXNlKQorICAjOnVzZS1tb2R1 bGUgKGdudSBzZXJ2aWNlcyBkYnVzKQorICAjOnVzZS1tb2R1bGUgKGdudSBzZXJ2aWNlcyBzaGVw aGVyZCkKKyAgIzp1c2UtbW9kdWxlIChnbnUgc3lzdGVtIHNoYWRvdykKKyAgIzp1c2UtbW9kdWxl IChnbnUgcGFja2FnZXMgYWRtaW4pCisgICM6dXNlLW1vZHVsZSAoZ251IHBhY2thZ2VzIHZpcnR1 YWxpemF0aW9uKQorICAjOnVzZS1tb2R1bGUgKGd1aXggcmVjb3JkcykKKyAgIzp1c2UtbW9kdWxl IChndWl4IGdleHApCisgICM6dXNlLW1vZHVsZSAoZ3VpeCBwYWNrYWdlcykKKyAgIzp1c2UtbW9k dWxlIChpY2UtOSBtYXRjaCkKKworICAjOmV4cG9ydCAobGlidmlydC1jb25maWd1cmF0aW9uCisg ICAgICAgICAgICBsaWJ2aXJ0LXNlcnZpY2UtdHlwZQorICAgICAgICAgICAgdmlydGxvZy1zZXJ2 aWNlLXR5cGUpKQorCisoZGVmaW5lICh1Z2xpZnktZmllbGQtbmFtZSBmaWVsZC1uYW1lKQorICAo bGV0ICgoc3RyIChzeW1ib2wtPnN0cmluZyBmaWVsZC1uYW1lKSkpCisgICAgKHN0cmluZy1qb2lu CisgICAgIChzdHJpbmctc3BsaXQgKHN0cmluZy1kZWxldGUgI1w/IHN0cikgI1wtKQorICAgICAi XyIpKSkKKworKGRlZmluZSAocXVvdGUtdmFsIHZhbCkKKyAgKHN0cmluZy1hcHBlbmQgIlwiIiB2 YWwgIlwiIikpCisKKyhkZWZpbmUgKHNlcmlhbGl6ZS1maWVsZCBmaWVsZC1uYW1lIHZhbCkKKyAg KGZvcm1hdCAjdCAifmEgPSB+YVxuIiAodWdsaWZ5LWZpZWxkLW5hbWUgZmllbGQtbmFtZSkgdmFs KSkKKworKGRlZmluZSAoc2VyaWFsaXplLXN0cmluZyBmaWVsZC1uYW1lIHZhbCkKKyAgKHNlcmlh bGl6ZS1maWVsZCBmaWVsZC1uYW1lIChxdW90ZS12YWwgdmFsKSkpCisKKyhkZWZpbmUgKHNlcmlh bGl6ZS1ib29sZWFuIGZpZWxkLW5hbWUgdmFsKQorICAoc2VyaWFsaXplLWZpZWxkIGZpZWxkLW5h bWUgKGlmIHZhbCAxIDApKSkKKworKGRlZmluZSAoc2VyaWFsaXplLWludGVnZXIgZmllbGQtbmFt ZSB2YWwpCisgIChzZXJpYWxpemUtZmllbGQgZmllbGQtbmFtZSB2YWwpKQorCisoZGVmaW5lIChi dWlsZC1vcHQtbGlzdCB2YWwpCisgIChzdHJpbmctYXBwZW5kCisgICAiWyIKKyAgIChzdHJpbmct am9pbiAobWFwIHF1b3RlLXZhbCB2YWwpICIsIikKKyAgICJdIikpCisKKyhkZWZpbmUgb3B0aW9u YWwtbGlzdD8gbGlzdD8pCisoZGVmaW5lIG9wdGlvbmFsLXN0cmluZz8gc3RyaW5nPykKKworKGRl ZmluZSAoc2VyaWFsaXplLWxpc3QgZmllbGQtbmFtZSB2YWwpCisgIChzZXJpYWxpemUtZmllbGQg ZmllbGQtbmFtZSAoYnVpbGQtb3B0LWxpc3QgdmFsKSkpCisKKyhkZWZpbmUgKHNlcmlhbGl6ZS1v cHRpb25hbC1saXN0IGZpZWxkLW5hbWUgdmFsKQorICAoaWYgKG51bGw/IHZhbCkKKyAgICAgIChm b3JtYXQgI3QgIiMgfmEgPSBbXVxuIiAodWdsaWZ5LWZpZWxkLW5hbWUgZmllbGQtbmFtZSkpCisg ICAgICAoc2VyaWFsaXplLWxpc3QgZmllbGQtbmFtZSB2YWwpKSkKKworKGRlZmluZSAoc2VyaWFs aXplLW9wdGlvbmFsLXN0cmluZyBmaWVsZC1uYW1lIHZhbCkKKyAgKGlmIChzdHJpbmctbnVsbD8g dmFsKQorICAgICAgKGZvcm1hdCAjdCAiIyB+YSA9IFwiXCJcbiIgKHVnbGlmeS1maWVsZC1uYW1l IGZpZWxkLW5hbWUpKQorICAgICAgKHNlcmlhbGl6ZS1zdHJpbmcgZmllbGQtbmFtZSB2YWwpKSkK KworKGRlZmluZS1jb25maWd1cmF0aW9uIGxpYnZpcnQtY29uZmlndXJhdGlvbgorICAobGlidmly dAorICAgKHBhY2thZ2UgbGlidmlydCkKKyAgICJMaWJ2aXJ0IHBhY2thZ2UuIikKKyAgKGxpc3Rl bi10bHM/CisgICAoYm9vbGVhbiAjdCkKKyAgICJGbGFnIGxpc3RlbmluZyBmb3Igc2VjdXJlIFRM UyBjb25uZWN0aW9ucyBvbiB0aGUgcHVibGljIFRDUC9JUCBwb3J0LgorbXVzdCBzZXQgQGNvZGV7 bGlzdGVufSBmb3IgdGhpcyB0byBoYXZlIGFueSBlZmZlY3QuCisKK0l0IGlzIG5lY2Vzc2FyeSB0 byBzZXR1cCBhIENBIGFuZCBpc3N1ZSBzZXJ2ZXIgY2VydGlmaWNhdGVzIGJlZm9yZQordXNpbmcg dGhpcyBjYXBhYmlsaXR5LiIpCisgIChsaXN0ZW4tdGNwPworICAgKGJvb2xlYW4gI2YpCisgICAi TGlzdGVuIGZvciB1bmVuY3J5cHRlZCBUQ1AgY29ubmVjdGlvbnMgb24gdGhlIHB1YmxpYyBUQ1Av SVAgcG9ydC4KK211c3Qgc2V0IEBjb2Rle2xpc3Rlbn0gZm9yIHRoaXMgdG8gaGF2ZSBhbnkgZWZm ZWN0LgorCitVc2luZyB0aGUgVENQIHNvY2tldCByZXF1aXJlcyBTQVNMIGF1dGhlbnRpY2F0aW9u IGJ5IGRlZmF1bHQuIE9ubHkKK1NBU0wgbWVjaGFuaXNtcyB3aGljaCBzdXBwb3J0IGRhdGEgZW5j cnlwdGlvbiBhcmUgYWxsb3dlZC4gVGhpcyBpcworRElHRVNUX01ENSBhbmQgR1NTQVBJIChLZXJi ZXJvczUpIikKKyAgKHRscy1wb3J0CisgICAoc3RyaW5nICIxNjUxNCIpCisgICAiUG9ydCBmb3Ig YWNjZXB0aW5nIHNlY3VyZSBUTFMgY29ubmVjdGlvbnMgVGhpcyBjYW4gYmUgYSBwb3J0IG51bWJl ciwKK29yIHNlcnZpY2UgbmFtZSIpCisgICh0Y3AtcG9ydAorICAgKHN0cmluZyAiMTY1MDkiKQor ICAgIlBvcnQgZm9yIGFjY2VwdGluZyBpbnNlY3VyZSBUQ1AgY29ubmVjdGlvbnMgVGhpcyBjYW4g YmUgYSBwb3J0IG51bWJlciwKK29yIHNlcnZpY2UgbmFtZSIpCisgIChsaXN0ZW4tYWRkcgorICAg KHN0cmluZyAiMC4wLjAuMCIpCisgICAiSVAgYWRkcmVzcyBvciBob3N0bmFtZSB1c2VkIGZvciBj bGllbnQgY29ubmVjdGlvbnMuIikKKyAgKG1kbnMtYWR2PworICAgKGJvb2xlYW4gI2YpCisgICAi RmxhZyB0b2dnbGluZyBtRE5TIGFkdmVydGlzZW1lbnQgb2YgdGhlIGxpYnZpcnQgc2VydmljZS4K KworQWx0ZXJuYXRpdmVseSBjYW4gZGlzYWJsZSBmb3IgYWxsIHNlcnZpY2VzIG9uIGEgaG9zdCBi eQorc3RvcHBpbmcgdGhlIEF2YWhpIGRhZW1vbi4iKQorICAobWRucy1uYW1lCisgICAoc3RyaW5n IChzdHJpbmctYXBwZW5kICJWaXJ0dWFsaXphdGlvbiBIb3N0ICIgKGdldGhvc3RuYW1lKSkpCisg ICAiRGVmYXVsdCBtRE5TIGFkdmVydGlzZW1lbnQgbmFtZS4gVGhpcyBtdXN0IGJlIHVuaXF1ZSBv biB0aGUKK2ltbWVkaWF0ZSBicm9hZGNhc3QgbmV0d29yay4iKQorICAodW5peC1zb2NrLWdyb3Vw CisgICAoc3RyaW5nICJyb290IikKKyAgICJVTklYIGRvbWFpbiBzb2NrZXQgZ3JvdXAgb3duZXJz aGlwLiBUaGlzIGNhbiBiZSB1c2VkIHRvCithbGxvdyBhICd0cnVzdGVkJyBzZXQgb2YgdXNlcnMg YWNjZXNzIHRvIG1hbmFnZW1lbnQgY2FwYWJpbGl0aWVzCit3aXRob3V0IGJlY29taW5nIHJvb3Qu IikKKyAgKHVuaXgtc29jay1yby1wZXJtcworICAgKHN0cmluZyAiMDc3NyIpCisgICAiVU5JWCBz b2NrZXQgcGVybWlzc2lvbnMgZm9yIHRoZSBSL08gc29ja2V0LiBUaGlzIGlzIHVzZWQKK2ZvciBt b25pdG9yaW5nIFZNIHN0YXR1cyBvbmx5LiIpCisgICh1bml4LXNvY2stcnctcGVybXMKKyAgIChz dHJpbmcgIjA3NzAiKQorICAgIlVOSVggc29ja2V0IHBlcm1pc3Npb25zIGZvciB0aGUgUi9XIHNv Y2tldC4gRGVmYXVsdCBhbGxvd3MKK29ubHkgcm9vdC4gSWYgUG9saWN5S2l0IGlzIGVuYWJsZWQg b24gdGhlIHNvY2tldCwgdGhlIGRlZmF1bHQKK3dpbGwgY2hhbmdlIHRvIGFsbG93IGV2ZXJ5b25l IChlZywgMDc3NykiKQorICAodW5peC1zb2NrLWFkbWluLXBlcm1zCisgICAoc3RyaW5nICIwNzc3 IikKKyAgICJVTklYIHNvY2tldCBwZXJtaXNzaW9ucyBmb3IgdGhlIGFkbWluIHNvY2tldC4gRGVm YXVsdCBhbGxvd3MKK29ubHkgb3duZXIgKHJvb3QpLCBkbyBub3QgY2hhbmdlIGl0IHVubGVzcyB5 b3UgYXJlIHN1cmUgdG8gd2hvbQoreW91IGFyZSBleHBvc2luZyB0aGUgYWNjZXNzIHRvLiIpCisg ICh1bml4LXNvY2stZGlyCisgICAoc3RyaW5nICIvdmFyL3J1bi9saWJ2aXJ0IikKKyAgICJUaGUg ZGlyZWN0b3J5IGluIHdoaWNoIHNvY2tldHMgd2lsbCBiZSBmb3VuZC9jcmVhdGVkLiIpCisgIChh dXRoLXVuaXgtcm8KKyAgIChzdHJpbmcgInBvbGtpdCIpCisgICAiQXV0aGVudGljYXRpb24gc2No ZW1lIGZvciBVTklYIHJlYWQtb25seSBzb2NrZXRzLiBCeSBkZWZhdWx0Citzb2NrZXQgcGVybWlz c2lvbnMgYWxsb3cgYW55b25lIHRvIGNvbm5lY3QiKQorICAoYXV0aC11bml4LXJ3CisgICAoc3Ry aW5nICJwb2xraXQiKQorICAgIkF1dGhlbnRpY2F0aW9uIHNjaGVtZSBmb3IgVU5JWCByZWFkLXdy aXRlIHNvY2tldHMuIEJ5IGRlZmF1bHQKK3NvY2tldCBwZXJtaXNzaW9ucyBvbmx5IGFsbG93IHJv b3QuIElmIFBvbGljeUtpdCBzdXBwb3J0IHdhcyBjb21waWxlZAoraW50byBsaWJ2aXJ0LCB0aGUg ZGVmYXVsdCB3aWxsIGJlIHRvIHVzZSAncG9sa2l0JyBhdXRoLiIpCisgIChhdXRoLXRjcAorICAg KHN0cmluZyAic2FzbCIpCisgICAiQXV0aGVudGljYXRpb24gc2NoZW1lIGZvciBUQ1Agc29ja2V0 cy4gSWYgeW91IGRvbid0IGVuYWJsZSBTQVNMLAordGhlbiBhbGwgVENQIHRyYWZmaWMgaXMgY2xl YXJ0ZXh0LiBEb24ndCBkbyB0aGlzIG91dHNpZGUgb2YgYSBkZXYvdGVzdAorc2NlbmFyaW8uIikK KyAgKGF1dGgtdGxzCisgICAoc3RyaW5nICJub25lIikKKyAgICJBdXRoZW50aWNhdGlvbiBzY2hl bWUgZm9yIFRMUyBzb2NrZXRzLiBUTFMgc29ja2V0cyBhbHJlYWR5IGhhdmUKK2VuY3J5cHRpb24g cHJvdmlkZWQgYnkgdGhlIFRMUyBsYXllciwgYW5kIGxpbWl0ZWQgYXV0aGVudGljYXRpb24gaXMK K2RvbmUgYnkgY2VydGlmaWNhdGVzLgorCitJdCBpcyBwb3NzaWJsZSB0byBtYWtlIHVzZSBvZiBh bnkgU0FTTCBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc20gYXMKK3dlbGwsIGJ5IHVzaW5nICdzYXNs JyBmb3IgdGhpcyBvcHRpb24iKQorICAoYWNjZXNzLWRyaXZlcnMKKyAgIChvcHRpb25hbC1saXN0 ICcoKSkKKyAgICJBUEkgYWNjZXNzIGNvbnRyb2wgc2NoZW1lLgorCitCeSBkZWZhdWx0IGFuIGF1 dGhlbnRpY2F0ZWQgdXNlciBpcyBhbGxvd2VkIGFjY2VzcyB0byBhbGwgQVBJcy4gQWNjZXNzCitk cml2ZXJzIGNhbiBwbGFjZSByZXN0cmljdGlvbnMgb24gdGhpcy4iKQorICAoa2V5LWZpbGUKKyAg IChzdHJpbmcgIiIpCisgICAiU2VydmVyIGtleSBmaWxlIHBhdGguIElmIHNldCB0byBhbiBlbXB0 eSBzdHJpbmcsIHRoZW4gbm8gcHJpdmF0ZSBrZXkKK2lzIGxvYWRlZC4iKQorICAoY2VydC1maWxl CisgICAoc3RyaW5nICIiKQorICAgIlNlcnZlciBrZXkgZmlsZSBwYXRoLiBJZiBzZXQgdG8gYW4g ZW1wdHkgc3RyaW5nLCB0aGVuIG5vIGNlcnRpZmljYXRlCitpcyBsb2FkZWQuIikKKyAgKGNhLWZp bGUKKyAgIChzdHJpbmcgIiIpCisgICAiU2VydmVyIGtleSBmaWxlIHBhdGguIElmIHNldCB0byBh biBlbXB0eSBzdHJpbmcsIHRoZW4gbm8gQ0EgY2VydGlmaWNhdGUKK2lzIGxvYWRlZC4iKQorICAo Y3JsLWZpbGUKKyAgIChzdHJpbmcgIiIpCisgICAiQ2VydGlmaWNhdGUgcmV2b2NhdGlvbiBsaXN0 IHBhdGguIElmIHNldCB0byBhbiBlbXB0eSBzdHJpbmcsIHRoZW4gbm8KK0NSTCBpcyBsb2FkZWQu IikKKyAgKHRscy1uby1zYW5pdHktY2VydAorICAgKGJvb2xlYW4gI2YpCisgICAiRGlzYWJsZSB2 ZXJpZmljYXRpb24gb2Ygb3VyIG93biBzZXJ2ZXIgY2VydGlmaWNhdGVzLgorCitXaGVuIGxpYnZp cnRkIHN0YXJ0cyBpdCBwZXJmb3JtcyBzb21lIHNhbml0eSBjaGVja3MgYWdhaW5zdCBpdHMgb3du CitjZXJ0aWZpY2F0ZXMuIikKKyAgKHRscy1uby12ZXJpZnktY2VydAorICAgKGJvb2xlYW4gI2Yp CisgICAiRGlzYWJsZSB2ZXJpZmljYXRpb24gb2YgY2xpZW50IGNlcnRpZmljYXRlcy4KKworQ2xp ZW50IGNlcnRpZmljYXRlIHZlcmlmaWNhdGlvbiBpcyB0aGUgcHJpbWFyeSBhdXRoZW50aWNhdGlv biBtZWNoYW5pc20uCitBbnkgY2xpZW50IHdoaWNoIGRvZXMgbm90IHByZXNlbnQgYSBjZXJ0aWZp Y2F0ZSBzaWduZWQgYnkgdGhlIENBCit3aWxsIGJlIHJlamVjdGVkLiIpCisgICh0bHMtYWxsb3dl ZC1kbi1saXN0CisgICAob3B0aW9uYWwtbGlzdCAnKCkpCisgICAiV2hpdGVsaXN0IG9mIGFsbG93 ZWQgeDUwOSBEaXN0aW5ndWlzaGVkIE5hbWUuIikKKyAgKHNhc2wtYWxsb3dlZC11c2VybmFtZXMK KyAgIChvcHRpb25hbC1saXN0ICcoKSkKKyAgICJXaGl0ZWxpc3Qgb2YgYWxsb3dlZCBTQVNMIHVz ZXJuYW1lcy4gVGhlIGZvcm1hdCBmb3IgdXNlcm5hbWUKK2RlcGVuZHMgb24gdGhlIFNBU0wgYXV0 aGVudGljYXRpb24gbWVjaGFuaXNtLiIpCisgICh0bHMtcHJpb3JpdHkKKyAgIChzdHJpbmcgIk5P Uk1BTCIpCisgICAiT3ZlcnJpZGUgdGhlIGNvbXBpbGUgdGltZSBkZWZhdWx0IFRMUyBwcmlvcml0 eSBzdHJpbmcuIFRoZQorZGVmYXVsdCBpcyB1c3VhbGx5IFwiTk9STUFMXCIgdW5sZXNzIG92ZXJy aWRkZW4gYXQgYnVpbGQgdGltZS4KK09ubHkgc2V0IHRoaXMgaXMgaXQgaXMgZGVzaXJlZCBmb3Ig bGlidmlydCB0byBkZXZpYXRlIGZyb20KK3RoZSBnbG9iYWwgZGVmYXVsdCBzZXR0aW5ncy4iKQor ICAobWF4LWNsaWVudHMKKyAgIChpbnRlZ2VyIDUwMDApCisgICAiTWF4aW11bSBudW1iZXIgb2Yg Y29uY3VycmVudCBjbGllbnQgY29ubmVjdGlvbnMgdG8gYWxsb3cKK292ZXIgYWxsIHNvY2tldHMg Y29tYmluZWQuIikKKyAgKG1heC1xdWV1ZWQtY2xpZW50cworICAgKGludGVnZXIgMTAwMCkKKyAg ICJNYXhpbXVtIGxlbmd0aCBvZiBxdWV1ZSBvZiBjb25uZWN0aW9ucyB3YWl0aW5nIHRvIGJlCith Y2NlcHRlZCBieSB0aGUgZGFlbW9uLiBOb3RlLCB0aGF0IHNvbWUgcHJvdG9jb2xzIHN1cHBvcnRp bmcKK3JldHJhbnNtaXNzaW9uIG1heSBvYmV5IHRoaXMgc28gdGhhdCBhIGxhdGVyIHJlYXR0ZW1w dCBhdAorY29ubmVjdGlvbiBzdWNjZWVkcy4iKQorICAobWF4LWFub255bW91cy1jbGllbnRzCisg ICAoaW50ZWdlciAyMCkKKyAgICJNYXhpbXVtIGxlbmd0aCBvZiBxdWV1ZSBvZiBhY2NlcHRlZCBi dXQgbm90IHlldCBhdXRoZW50aWNhdGVkCitjbGllbnRzLiBTZXQgdGhpcyB0byB6ZXJvIHRvIHR1 cm4gdGhpcyBmZWF0dXJlIG9mZiIpCisgIChtaW4td29ya2VycworICAgKGludGVnZXIgNSkKKyAg ICJOdW1iZXIgb2Ygd29ya2VycyB0byBzdGFydCB1cCBpbml0aWFsbHkuIikKKyAgKG1heC13b3Jr ZXJzCisgICAoaW50ZWdlciAyMCkKKyAgICJNYXhpbXVtIG51bWJlciBvZiB3b3JrZXIgdGhyZWFk cy4KKworSWYgdGhlIG51bWJlciBvZiBhY3RpdmUgY2xpZW50cyBleGNlZWRzIEBjb2Rle21pbi13 b3JrZXJzfSwKK3RoZW4gbW9yZSB0aHJlYWRzIGFyZSBzcGF3bmVkLCB1cCB0byBtYXhfd29ya2Vy cyBsaW1pdC4KK1R5cGljYWxseSB5b3UnZCB3YW50IG1heF93b3JrZXJzIHRvIGVxdWFsIG1heGlt dW0gbnVtYmVyCitvZiBjbGllbnRzIGFsbG93ZWQuIikKKyAgKHByaW8td29ya2VycworICAgKGlu dGVnZXIgNSkKKyAgICJOdW1iZXIgb2YgcHJpb3JpdHkgd29ya2Vycy4gSWYgYWxsIHdvcmtlcnMg ZnJvbSBhYm92ZQorcG9vbCBhcmUgc3R1Y2ssIHNvbWUgY2FsbHMgbWFya2VkIGFzIGhpZ2ggcHJp b3JpdHkKKyhub3RhYmx5IGRvbWFpbkRlc3Ryb3kpIGNhbiBiZSBleGVjdXRlZCBpbiB0aGlzIHBv b2wuIikKKyAgKG1heC1yZXF1ZXN0cworICAgIChpbnRlZ2VyIDIwKQorICAgICJUb3RhbCBnbG9i YWwgbGltaXQgb24gY29uY3VycmVudCBSUEMgY2FsbHMuIikKKyAgKG1heC1jbGllbnQtcmVxdWVz dHMKKyAgICAoaW50ZWdlciA1KQorICAgICJMaW1pdCBvbiBjb25jdXJyZW50IHJlcXVlc3RzIGZy b20gYSBzaW5nbGUgY2xpZW50Citjb25uZWN0aW9uLiBUbyBhdm9pZCBvbmUgY2xpZW50IG1vbm9w b2xpemluZyB0aGUgc2VydmVyCit0aGlzIHNob3VsZCBiZSBhIHNtYWxsIGZyYWN0aW9uIG9mIHRo ZSBnbG9iYWwgbWF4X3JlcXVlc3RzCithbmQgbWF4X3dvcmtlcnMgcGFyYW1ldGVyLiIpCisgIChh ZG1pbi1taW4td29ya2VycworICAgIChpbnRlZ2VyIDEpCisgICAgIlNhbWUgYXMgQGNvZGV7bWlu LXdvcmtlcnN9IGJ1dCBmb3IgdGhlIGFkbWluIGludGVyZmFjZS4iKQorICAoYWRtaW4tbWF4LXdv cmtlcnMKKyAgICAgKGludGVnZXIgNSkKKyAgICAiU2FtZSBhcyBAY29kZXttYXgtd29ya2Vyc30g YnV0IGZvciB0aGUgYWRtaW4gaW50ZXJmYWNlLiIpCisgIChhZG1pbi1tYXgtY2xpZW50cworICAg IChpbnRlZ2VyIDUpCisgICAgIlNhbWUgYXMgQGNvZGV7bWF4LWNsaWVudHN9IGJ1dCBmb3IgdGhl IGFkbWluIGludGVyZmFjZS4iKQorICAoYWRtaW4tbWF4LXF1ZXVlZC1jbGllbnRzCisgICAgKGlu dGVnZXIgNSkKKyAgICAiU2FtZSBhcyBAY29kZXttYXgtcXVldWVkLWNsaWVudHN9IGJ1dCBmb3Ig dGhlIGFkbWluIGludGVyZmFjZS4iKQorICAoYWRtaW4tbWF4LWNsaWVudC1yZXF1ZXN0cworICAg IChpbnRlZ2VyIDUpCisgICAgIlNhbWUgYXMgQGNvZGV7bWF4LWNsaWVudC1yZXF1ZXN0c30gYnV0 IGZvciB0aGUgYWRtaW4gaW50ZXJmYWNlLiIpCisgIChsb2ctbGV2ZWwKKyAgICAoaW50ZWdlciAz KQorICAgICJMb2dnaW5nIGxldmVsLiA0IGVycm9ycywgMyB3YXJuaW5ncywgMiBpbmZvcm1hdGlv biwgMSBkZWJ1Zy4iKQorICAobG9nLWZpbHRlcnMKKyAgICAoc3RyaW5nICIzOnJlbW90ZSA0OmV2 ZW50IikKKyAgICAiTG9nZ2luZyBmaWx0ZXJzLgorCitBIGZpbHRlciBhbGxvd3MgdG8gc2VsZWN0 IGEgZGlmZmVyZW50IGxvZ2dpbmcgbGV2ZWwgZm9yIGEgZ2l2ZW4gY2F0ZWdvcnkKK29mIGxvZ3MK K1RoZSBmb3JtYXQgZm9yIGEgZmlsdGVyIGlzIG9uZSBvZjoKK0BpdGVtaXplCitAaXRlbSB4Om5h bWUKKworQGl0ZW0geDorbmFtZQorQGVuZCBpdGVtaXplCisKK3doZXJlIEBjb2Rle25hbWV9IGlz IGEgc3RyaW5nIHdoaWNoIGlzIG1hdGNoZWQgYWdhaW5zdCB0aGUgY2F0ZWdvcnkKK2dpdmVuIGlu IHRoZSBAY29kZXtWSVJfTE9HX0lOSVQoKX0gYXQgdGhlIHRvcCBvZiBlYWNoIGxpYnZpcnQgc291 cmNlCitmaWxlLCBlLmcuLCBcInJlbW90ZVwiLCBcInFlbXVcIiwgb3IgXCJ1dGlsLmpzb25cIiAo dGhlIG5hbWUgaW4gdGhlCitmaWx0ZXIgY2FuIGJlIGEgc3Vic3RyaW5nIG9mIHRoZSBmdWxsIGNh dGVnb3J5IG5hbWUsIGluIG9yZGVyCit0byBtYXRjaCBtdWx0aXBsZSBzaW1pbGFyIGNhdGVnb3Jp ZXMpLCB0aGUgb3B0aW9uYWwgXCIrXCIgcHJlZml4Cit0ZWxscyBsaWJ2aXJ0IHRvIGxvZyBzdGFj ayB0cmFjZSBmb3IgZWFjaCBtZXNzYWdlIG1hdGNoaW5nCituYW1lLCBhbmQgQGNvZGV7eH0gaXMg dGhlIG1pbmltYWwgbGV2ZWwgd2hlcmUgbWF0Y2hpbmcgbWVzc2FnZXMgc2hvdWxkCitiZSBsb2dn ZWQ6CisKK0BpdGVtaXplCitAaXRlbSAxOiBERUJVRworQGl0ZW0gMjogSU5GTworQGl0ZW0gMzog V0FSTklORworQGl0ZW0gNDogRVJST1IKK0BlbmQgaXRlbWl6ZQorCitNdWx0aXBsZSBmaWx0ZXJz IGNhbiBiZSBkZWZpbmVkIGluIGEgc2luZ2xlIGZpbHRlcnMgc3RhdGVtZW50LCB0aGV5IGp1c3QK K25lZWQgdG8gYmUgc2VwYXJhdGVkIGJ5IHNwYWNlcy4iKQorICAobG9nLW91dHB1dHMKKyAgICAo c3RyaW5nICIzOnN0ZGVyciIpCisgICAgIkxvZ2dpbmcgb3V0cHV0cy4KKworQW4gb3V0cHV0IGlz IG9uZSBvZiB0aGUgcGxhY2VzIHRvIHNhdmUgbG9nZ2luZyBpbmZvcm1hdGlvbgorVGhlIGZvcm1h dCBmb3IgYW4gb3V0cHV0IGNhbiBiZToKKworQHRhYmxlIEBjb2RlCitAaXRlbSB4OnN0ZGVycgor b3V0cHV0IGdvZXMgdG8gc3RkZXJyCisKK0BpdGVtIHg6c3lzbG9nOm5hbWUKK3VzZSBzeXNsb2cg Zm9yIHRoZSBvdXRwdXQgYW5kIHVzZSB0aGUgZ2l2ZW4gbmFtZSBhcyB0aGUgaWRlbnQKKworQGl0 ZW0geDpmaWxlOmZpbGVfcGF0aAorb3V0cHV0IHRvIGEgZmlsZSwgd2l0aCB0aGUgZ2l2ZW4gZmls ZXBhdGgKKworQGl0ZW0geDpqb3VybmFsZAorb3V0cHV0IHRvIGpvdXJuYWxkIGxvZ2dpbmcgc3lz dGVtCitAZW5kIHRhYmxlCisKK0luIGFsbCBjYXNlIHRoZSB4IHByZWZpeCBpcyB0aGUgbWluaW1h bCBsZXZlbCwgYWN0aW5nIGFzIGEgZmlsdGVyCisKK0BpdGVtaXplCitAaXRlbSAxOiBERUJVRwor QGl0ZW0gMjogSU5GTworQGl0ZW0gMzogV0FSTklORworQGl0ZW0gNDogRVJST1IKK0BlbmQgaXRl bWl6ZQorCitNdWx0aXBsZSBvdXRwdXRzIGNhbiBiZSBkZWZpbmVkLCB0aGV5IGp1c3QgbmVlZCB0 byBiZSBzZXBhcmF0ZWQgYnkgc3BhY2VzLiIpCisgIChhdWRpdC1sZXZlbAorICAgIChpbnRlZ2Vy IDEpCisgICAgIkFsbG93cyB1c2FnZSBvZiB0aGUgYXVkaXRpbmcgc3Vic3lzdGVtIHRvIGJlIGFs dGVyZWQKKworQGl0ZW1pemUKK0BpdGVtIDA6IGRpc2FibGUgYWxsIGF1ZGl0aW5nCitAaXRlbSAx OiBlbmFibGUgYXVkaXRpbmcsIG9ubHkgaWYgZW5hYmxlZCBvbiBob3N0CitAaXRlbSAyOiBlbmFi bGUgYXVkaXRpbmcsIGFuZCBleGl0IGlmIGRpc2FibGVkIG9uIGhvc3QuCitAZW5kIGl0ZW1pemUK KyIpCisgIChhdWRpdC1sb2dnaW5nCisgICAgKGJvb2xlYW4gI2YpCisgICAgIlNlbmQgYXVkaXQg bWVzc2FnZXMgdmlhIGxpYnZpcnQgbG9nZ2luZyBpbmZyYXN0cnVjdHVyZS4iKQorICAoaG9zdC11 dWlkCisgICAgKG9wdGlvbmFsLXN0cmluZyAiIikKKyAgICAiSG9zdCBVVUlELiBVVUlEIG11c3Qg bm90IGhhdmUgYWxsIGRpZ2l0cyBiZSB0aGUgc2FtZS4iKQorICAoaG9zdC11dWlkLXNvdXJjZQor ICAgIChzdHJpbmcgInNtYmlvcyIpCisgICAgIlNvdXJjZSB0byByZWFkIGhvc3QgVVVJRC4KKwor QGl0ZW1pemUKKworQGl0ZW0gQGNvZGV7c21iaW9zfTogZmV0Y2ggdGhlIFVVSUQgZnJvbSBAY29k ZXtkbWlkZWNvZGUgLXMgc3lzdGVtLXV1aWR9CisKK0BpdGVtIEBjb2Rle21hY2hpbmUtaWR9OiBm ZXRjaCB0aGUgVVVJRCBmcm9tIEBjb2Rley9ldGMvbWFjaGluZS1pZH0KKworQGVuZCBpdGVtaXpl CisKK0lmIEBjb2Rle2RtaWRlY29kZX0gZG9lcyBub3QgcHJvdmlkZSBhIHZhbGlkIFVVSUQgYSB0 ZW1wb3JhcnkgVVVJRAord2lsbCBiZSBnZW5lcmF0ZWQuIikKKyAgKGtlZXBhbGl2ZS1pbnRlcnZh bAorICAgIChpbnRlZ2VyIDUpCisgICAgIkEga2VlcGFsaXZlIG1lc3NhZ2UgaXMgc2VudCB0byBh IGNsaWVudCBhZnRlcgorQGNvZGV7a2VlcGFsaXZlX2ludGVydmFsfSBzZWNvbmRzIG9mIGluYWN0 aXZpdHkgdG8gY2hlY2sgaWYKK3RoZSBjbGllbnQgaXMgc3RpbGwgcmVzcG9uZGluZy4gSWYgc2V0 IHRvIC0xLCBsaWJ2aXJ0ZCB3aWxsCituZXZlciBzZW5kIGtlZXBhbGl2ZSByZXF1ZXN0czsgaG93 ZXZlciBjbGllbnRzIGNhbiBzdGlsbCBzZW5kCit0aGVtIGFuZCB0aGUgZGFlbW9uIHdpbGwgc2Vu ZCByZXNwb25zZXMuIikKKyAgKGtlZXBhbGl2ZS1jb3VudAorICAgIChpbnRlZ2VyIDUpCisgICAg Ik1heGltdW0gbnVtYmVyIG9mIGtlZXBhbGl2ZSBtZXNzYWdlcyB0aGF0IGFyZSBhbGxvd2VkIHRv IGJlIHNlbnQKK3RvIHRoZSBjbGllbnQgd2l0aG91dCBnZXR0aW5nIGFueSByZXNwb25zZSBiZWZv cmUgdGhlIGNvbm5lY3Rpb24gaXMKK2NvbnNpZGVyZWQgYnJva2VuLgorCitJbiBvdGhlciB3b3Jk cywgdGhlIGNvbm5lY3Rpb24gaXMgYXV0b21hdGljYWxseQorY2xvc2VkIGFwcHJveGltYXRlbHkg YWZ0ZXIKK0Bjb2Rle2tlZXBhbGl2ZV9pbnRlcnZhbCAqIChrZWVwYWxpdmVfY291bnQgKyAxKX0g c2Vjb25kcyBzaW5jZSB0aGUgbGFzdAorbWVzc2FnZSByZWNlaXZlZCBmcm9tIHRoZSBjbGllbnQu IFdoZW4gQGNvZGV7a2VlcGFsaXZlLWNvdW50fSBpcworc2V0IHRvIDAsIGNvbm5lY3Rpb25zIHdp bGwgYmUgYXV0b21hdGljYWxseSBjbG9zZWQgYWZ0ZXIKK0Bjb2Rle2tlZXBhbGl2ZS1pbnRlcnZh bH0gc2Vjb25kcyBvZiBpbmFjdGl2aXR5IHdpdGhvdXQgc2VuZGluZyBhbnkKK2tlZXBhbGl2ZSBt ZXNzYWdlcy4iKQorICAoYWRtaW4ta2VlcGFsaXZlLWludGVydmFsCisgICAgKGludGVnZXIgNSkK KyAgICAiU2FtZSBhcyBhYm92ZSBidXQgZm9yIGFkbWluIGludGVyZmFjZS4iKQorICAoYWRtaW4t a2VlcGFsaXZlLWNvdW50CisgICAgKGludGVnZXIgNSkKKyAgICAiU2FtZSBhcyBhYm92ZSBidXQg Zm9yIGFkbWluIGludGVyZmFjZS4iKQorICAob3ZzLXRpbWVvdXQKKyAgICAoaW50ZWdlciA1KQor ICAgICJUaW1lb3V0IGZvciBPcGVuIHZTd2l0Y2ggY2FsbHMuCisKK1RoZSBAY29kZXtvdnMtdnNj dGx9IHV0aWxpdHkgaXMgdXNlZCBmb3IgdGhlIGNvbmZpZ3VyYXRpb24gYW5kCitpdHMgdGltZW91 dCBvcHRpb24gaXMgc2V0IGJ5IGRlZmF1bHQgdG8gNSBzZWNvbmRzIHRvIGF2b2lkCitwb3RlbnRp YWwgaW5maW5pdGUgd2FpdHMgYmxvY2tpbmcgbGlidmlydC4iKSkKKworKGRlZmluZSogKGxpYnZp cnQtY29uZi1maWxlIGNvbmZpZykKKyAgIlJldHVybiBhIGxpYnZpcnRkIGNvbmZpZyBmaWxlLiIK KyAgKHBsYWluLWZpbGUgImxpYnZpcnRkLmNvbmYiCisgICAgICAgICAgICAgICh3aXRoLW91dHB1 dC10by1zdHJpbmcKKyAgICAgICAgICAgICAgICAobGFtYmRhICgpCisgICAgICAgICAgICAgICAg ICAoc2VyaWFsaXplLWNvbmZpZ3VyYXRpb24gY29uZmlnIGxpYnZpcnQtY29uZmlndXJhdGlvbi1m aWVsZHMpKSkpKQorCisoZGVmaW5lICVsaWJ2aXJ0LWFjY291bnRzCisgIChsaXN0ICh1c2VyLWdy b3VwIChuYW1lICJsaWJ2aXJ0IikgKHN5c3RlbT8gI3QpKSkpCisKKyhkZWZpbmUgKCVsaWJ2aXJ0 LWFjdGl2YXRpb24gY29uZmlnKQorICAobGV0ICgoc29jay1kaXIgKGxpYnZpcnQtY29uZmlndXJh dGlvbi11bml4LXNvY2stZGlyIGNvbmZpZykpKQorICAgICN+KGJlZ2luCisgICAgICAgICh1c2Ut bW9kdWxlcyAoZ3VpeCBidWlsZCB1dGlscykpCisgICAgICAgIChta2Rpci1wICMkc29jay1kaXIp KSkpCisKKworKGRlZmluZSAobGlidmlydC1zaGVwaGVyZC1zZXJ2aWNlIGNvbmZpZykKKyAgKGxl dCogKChjb25maWctZmlsZSAobGlidmlydC1jb25mLWZpbGUgY29uZmlnKSkKKyAgICAgICAgIChs aWJ2aXJ0IChsaWJ2aXJ0LWNvbmZpZ3VyYXRpb24tbGlidmlydCBjb25maWcpKSkKKyAgICAobGlz dCAoc2hlcGhlcmQtc2VydmljZQorICAgICAgICAgICAoZG9jdW1lbnRhdGlvbiAiUnVuIHRoZSBs aWJ2aXJ0IGRhZW1vbi4iKQorICAgICAgICAgICAocHJvdmlzaW9uICcobGlidmlydGQpKQorICAg ICAgICAgICAoc3RhcnQgI34obWFrZS1mb3JrZXhlYy1jb25zdHJ1Y3RvcgorICAgICAgICAgICAg ICAgICAgICAgKGxpc3QgKHN0cmluZy1hcHBlbmQgIyRsaWJ2aXJ0ICIvc2Jpbi9saWJ2aXJ0ZCIp CisgICAgICAgICAgICAgICAgICAgICAgICAgICAiLWYiICMkY29uZmlnLWZpbGUpKSkKKyAgICAg ICAgICAgKHN0b3AgI34obWFrZS1raWxsLWRlc3RydWN0b3IpKSkpKSkKKworKGRlZmluZSBsaWJ2 aXJ0LXNlcnZpY2UtdHlwZQorICAoc2VydmljZS10eXBlIChuYW1lICdsaWJ2aXJ0KQorCQkoZXh0 ZW5zaW9ucworICAgICAgICAgICAgICAgICAobGlzdAorICAgICAgICAgICAgICAgICAgKHNlcnZp Y2UtZXh0ZW5zaW9uIHBvbGtpdC1zZXJ2aWNlLXR5cGUKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAoY29tcG9zZSBsaXN0IGxpYnZpcnQtY29uZmlndXJhdGlvbi1saWJ2aXJ0 KSkKKyAgICAgICAgICAgICAgICAgIChzZXJ2aWNlLWV4dGVuc2lvbiBwcm9maWxlLXNlcnZpY2Ut dHlwZQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChjb21wb3NlIGxpc3QK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsaWJ2aXJ0LWNv bmZpZ3VyYXRpb24tbGlidmlydCkpCisgICAgICAgICAgICAgICAgICAoc2VydmljZS1leHRlbnNp b24gYWN0aXZhdGlvbi1zZXJ2aWNlLXR5cGUKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAlbGlidmlydC1hY3RpdmF0aW9uKQorICAgICAgICAgICAgICAgICAgKHNlcnZpY2Ut ZXh0ZW5zaW9uIHNoZXBoZXJkLXJvb3Qtc2VydmljZS10eXBlCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgbGlidmlydC1zaGVwaGVyZC1zZXJ2aWNlKQorICAgICAgICAgICAg ICAgICAgKHNlcnZpY2UtZXh0ZW5zaW9uIGFjY291bnQtc2VydmljZS10eXBlCisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgKGNvbnN0ICVsaWJ2aXJ0LWFjY291bnRzKSkpKQor ICAgICAgICAgICAgICAgIChkZWZhdWx0LXZhbHVlIChsaWJ2aXJ0LWNvbmZpZ3VyYXRpb24pKSkp CisKKworKGRlZmluZS1yZWNvcmQtdHlwZSogPHZpcnRsb2ctY29uZmlndXJhdGlvbj4KKyAgdmly dGxvZy1jb25maWd1cmF0aW9uIG1ha2UtdmlydGxvZy1jb25maWd1cmF0aW9uCisgIHZpcnRsb2ct Y29uZmlndXJhdGlvbj8KKyAgKGxpYnZpcnQgICAgICB2aXJ0bG9nLWNvbmZpZ3VyYXRpb24tbGli dmlydAorICAgICAgICAgICAgICAgIChkZWZhdWx0IGxpYnZpcnQpKQorICAobG9nLWxldmVsICAg IHZpcnRsb2ctY29uZmlndXJhdGlvbi1sb2ctbGV2ZWwKKyAgICAgICAgICAgICAgICAoZGVmYXVs dCAzKSkKKyAgKGxvZy1maWx0ZXJzICB2aXJ0bG9nLWNvbmZpZ3VyYXRpb24tbG9nLWZpbHRlcnMK KyAgICAgICAgICAgICAgICAoZGVmYXVsdCAiMzpyZW1vdGUgNDpldmVudCIpKQorICAobG9nLW91 dHB1dHMgIHZpcnRsb2ctY29uZmlndXJhdGlvbi1sb2ctb3V0cHV0cworICAgICAgICAgICAgICAg IChkZWZhdWx0ICIzOnN5c2xvZzp2aXJ0bG9nZCIpKQorICAobWF4LWNsaWVudHMgIHZpcnRsb2ct Y29uZmlndXJhdGlvbi1tYXgtY2xpZW50cworICAgICAgICAgICAgICAgIChkZWZhdWx0IDEwMjQp KQorICAobWF4LXNpemUgICAgIHZpcnRsb2ctY29uZmlndXJhdGlvbi1tYXgtc2l6ZQorICAgICAg ICAgICAgICAgIChkZWZhdWx0IDIwOTcxNTIpKSA7OyAyTUIKKyAgKG1heC1iYWNrdXBzICB2aXJ0 bG9nLWNvbmZpZ3VyYXRpb24tbWF4LWJhY2t1cHMKKyAgICAgICAgICAgICAgICAoZGVmYXVsdCAz KSkpCisKKyhkZWZpbmUqICh2aXJ0bG9nZC1jb25mLWZpbGUgY29uZmlnKQorICAiUmV0dXJuIGEg dmlydGxvZ2QgY29uZmlnIGZpbGUuIgorICAocGxhaW4tZmlsZSAidmlydGxvZ2QuY29uZiIKKyAg ICAgICAgICAgICAgKHN0cmluZy1hcHBlbmQKKyAgICAgICAgICAgICAgICJsb2dfbGV2ZWwgPSAi IChudW1iZXItPnN0cmluZyAodmlydGxvZy1jb25maWd1cmF0aW9uLWxvZy1sZXZlbCBjb25maWcp KSAiXG4iCisgICAgICAgICAgICAgICAibG9nX2ZpbHRlcnMgPSBcIiIgKHZpcnRsb2ctY29uZmln dXJhdGlvbi1sb2ctZmlsdGVycyBjb25maWcpICJcIlxuIgorICAgICAgICAgICAgICAgImxvZ19v dXRwdXRzID0gXCIiICh2aXJ0bG9nLWNvbmZpZ3VyYXRpb24tbG9nLW91dHB1dHMgY29uZmlnKSAi XCJcbiIKKyAgICAgICAgICAgICAgICJtYXhfY2xpZW50cyA9ICIgKG51bWJlci0+c3RyaW5nICh2 aXJ0bG9nLWNvbmZpZ3VyYXRpb24tbWF4LWNsaWVudHMgY29uZmlnKSkgIlxuIgorICAgICAgICAg ICAgICAgIm1heF9zaXplID0gIiAobnVtYmVyLT5zdHJpbmcgKHZpcnRsb2ctY29uZmlndXJhdGlv bi1tYXgtc2l6ZSBjb25maWcpKSAiXG4iCisgICAgICAgICAgICAgICAibWF4X2JhY2t1cHMgPSAi IChudW1iZXItPnN0cmluZyAodmlydGxvZy1jb25maWd1cmF0aW9uLW1heC1iYWNrdXBzIGNvbmZp ZykpICJcbiIpKSkKKworKGRlZmluZSAodmlydGxvZ2Qtc2hlcGhlcmQtc2VydmljZSBjb25maWcp CisgIChsZXQqICgoY29uZmlnLWZpbGUgKHZpcnRsb2dkLWNvbmYtZmlsZSBjb25maWcpKQorICAg ICAgICAgKGxpYnZpcnQgKHZpcnRsb2ctY29uZmlndXJhdGlvbi1saWJ2aXJ0IGNvbmZpZykpKQor ICAgIChsaXN0IChzaGVwaGVyZC1zZXJ2aWNlCisgICAgICAgICAgIChkb2N1bWVudGF0aW9uICJS dW4gdGhlIHZpcnRsb2cgZGFlbW9uLiIpCisgICAgICAgICAgIChwcm92aXNpb24gJyh2aXJ0bG9n ZCkpCisgICAgICAgICAgIChzdGFydCAjfihtYWtlLWZvcmtleGVjLWNvbnN0cnVjdG9yCisgICAg ICAgICAgICAgICAgICAgICAobGlzdCAoc3RyaW5nLWFwcGVuZCAjJGxpYnZpcnQgIi9zYmluL3Zp cnRsb2dkIikKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICItZiIgIyRjb25maWctZmlsZSkp KQorICAgICAgICAgICAoc3RvcCAjfihtYWtlLWtpbGwtZGVzdHJ1Y3RvcikpKSkpKQorCisoZGVm aW5lIHZpcnRsb2ctc2VydmljZS10eXBlCisgIChzZXJ2aWNlLXR5cGUgKG5hbWUgJ3ZpcnRsb2dk KQorCQkoZXh0ZW5zaW9ucworICAgICAgICAgICAgICAgICAobGlzdAorICAgICAgICAgICAgICAg ICAgKHNlcnZpY2UtZXh0ZW5zaW9uIHNoZXBoZXJkLXJvb3Qtc2VydmljZS10eXBlCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmlydGxvZ2Qtc2hlcGhlcmQtc2VydmljZSkp KQorICAgICAgICAgICAgICAgIChkZWZhdWx0LXZhbHVlICh2aXJ0bG9nLWNvbmZpZ3VyYXRpb24p KSkpCisKKyhkZWZpbmUgKGdlbmVyYXRlLWxpYnZpcnQtZG9jdW1lbnRhdGlvbikKKyAgKGdlbmVy YXRlLWRvY3VtZW50YXRpb24KKyAgIGAoKGxpYnZpcnQtY29uZmlndXJhdGlvbiAsbGlidmlydC1j b25maWd1cmF0aW9uLWZpZWxkcykpCisgICAnbGlidmlydC1jb25maWd1cmF0aW9uKSkKLS0gCjIu MTQuMQoK --94eb2c07631e6aabec05574e7d58 Content-Type: text/x-patch; charset="UTF-8"; name="0003-tests-Add-libvirt-service-type-test.patch" Content-Disposition: attachment; filename="0003-tests-Add-libvirt-service-type-test.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_j6mri2gi2 RnJvbSBmYWQyNmNkZTFhYjVjZjlmNDA5MmRlMGQ4ZGE0NzVhM2ZjOWY5ODQ2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBDaHJpc3RvcGhlciBCYWluZXMgPG1haWxAY2JhaW5lcy5uZXQ+ CkRhdGU6IFNhdCwgMTkgQXVnIDIwMTcgMTI6NTY6MDcgKzAxMDAKU3ViamVjdDogW1BBVENIIDMv M10gdGVzdHM6IEFkZCAnbGlidmlydC1zZXJ2aWNlLXR5cGUnIHRlc3QuCgoqIGdudS90ZXN0cy92 aXJ0dWFsaXphdGlvbi5zY206IE5ldyBmaWxlLgoqIGdudS9sb2NhbC5tayAoR05VX1NZU1RFTV9N T0RVTEVTKTogQWRkIGl0LgotLS0KIGdudS9sb2NhbC5tayAgICAgICAgICAgICAgICAgfCAgMSAr CiBnbnUvdGVzdHMvdmlydHVhbGl6YXRpb24uc2NtIHwgOTUgKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysKIDIgZmlsZXMgY2hhbmdlZCwgOTYgaW5zZXJ0aW9ucygr KQogY3JlYXRlIG1vZGUgMTAwNjQ0IGdudS90ZXN0cy92aXJ0dWFsaXphdGlvbi5zY20KCmRpZmYg LS1naXQgYS9nbnUvbG9jYWwubWsgYi9nbnUvbG9jYWwubWsKaW5kZXggMWJlYzIyMjdlLi4yNTNl MGM4ZGIgMTAwNjQ0Ci0tLSBhL2dudS9sb2NhbC5taworKysgYi9nbnUvbG9jYWwubWsKQEAgLTQ5 NCw2ICs0OTQsNyBAQCBHTlVfU1lTVEVNX01PRFVMRVMgPQkJCQlcCiAgICVEJS90ZXN0cy9tZXNz YWdpbmcuc2NtCQkJXAogICAlRCUvdGVzdHMvbmV0d29ya2luZy5zY20JCQlcCiAgICVEJS90ZXN0 cy9zc2guc2NtCQkJCVwKKyAgJUQlL3Rlc3RzL3ZpcnR1YWxpemF0aW9uLnNjbQkJCVwKICAgJUQl L3Rlc3RzL3dlYi5zY20KIAogIyBNb2R1bGVzIHRoYXQgZG8gbm90IG5lZWQgdG8gYmUgY29tcGls ZWQuCmRpZmYgLS1naXQgYS9nbnUvdGVzdHMvdmlydHVhbGl6YXRpb24uc2NtIGIvZ251L3Rlc3Rz L3ZpcnR1YWxpemF0aW9uLnNjbQpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAu LmMyOTM5MzU1YgotLS0gL2Rldi9udWxsCisrKyBiL2dudS90ZXN0cy92aXJ0dWFsaXphdGlvbi5z Y20KQEAgLTAsMCArMSw5NSBAQAorOzs7IEdOVSBHdWl4IC0tLSBGdW5jdGlvbmFsIHBhY2thZ2Ug bWFuYWdlbWVudCBmb3IgR05VCis7OzsgQ29weXJpZ2h0IMKpIDIwMTcgQ2hyaXN0b3BoZXIgQmFp bmVzIDxtYWlsQGNiYWluZXMubmV0PgorOzs7Cis7OzsgVGhpcyBmaWxlIGlzIHBhcnQgb2YgR05V IEd1aXguCis7OzsKKzs7OyBHTlUgR3VpeCBpcyBmcmVlIHNvZnR3YXJlOyB5b3UgY2FuIHJlZGlz dHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5IGl0Cis7OzsgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBH TlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBhcyBwdWJsaXNoZWQgYnkKKzs7OyB0aGUgRnJlZSBT b2Z0d2FyZSBGb3VuZGF0aW9uOyBlaXRoZXIgdmVyc2lvbiAzIG9mIHRoZSBMaWNlbnNlLCBvciAo YXQKKzs7OyB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCis7OzsKKzs7OyBHTlUgR3Vp eCBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVsLCBidXQK Kzs7OyBXSVRIT1VUIEFOWSBXQVJSQU5UWTsgd2l0aG91dCBldmVuIHRoZSBpbXBsaWVkIHdhcnJh bnR5IG9mCis7OzsgTUVSQ0hBTlRBQklMSVRZIG9yIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQ VVJQT1NFLiAgU2VlIHRoZQorOzs7IEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3Jl IGRldGFpbHMuCis7OzsKKzs7OyBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRo ZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQorOzs7IGFsb25nIHdpdGggR05VIEd1aXguICBJ ZiBub3QsIHNlZSA8aHR0cDovL3d3dy5nbnUub3JnL2xpY2Vuc2VzLz4uCisKKyhkZWZpbmUtbW9k dWxlIChnbnUgdGVzdHMgdmlydHVhbGl6YXRpb24pCisgICM6dXNlLW1vZHVsZSAoZ251IHRlc3Rz KQorICAjOnVzZS1tb2R1bGUgKGdudSBzeXN0ZW0pCisgICM6dXNlLW1vZHVsZSAoZ251IHN5c3Rl bSBmaWxlLXN5c3RlbXMpCisgICM6dXNlLW1vZHVsZSAoZ251IHN5c3RlbSB2bSkKKyAgIzp1c2Ut bW9kdWxlIChnbnUgc2VydmljZXMpCisgICM6dXNlLW1vZHVsZSAoZ251IHNlcnZpY2VzIGRidXMp CisgICM6dXNlLW1vZHVsZSAoZ251IHNlcnZpY2VzIG5ldHdvcmtpbmcpCisgICM6dXNlLW1vZHVs ZSAoZ251IHNlcnZpY2VzIHZpcnR1YWxpemF0aW9uKQorICAjOnVzZS1tb2R1bGUgKGdudSBwYWNr YWdlcyB2aXJ0dWFsaXphdGlvbikKKyAgIzp1c2UtbW9kdWxlIChndWl4IGdleHApCisgICM6dXNl LW1vZHVsZSAoZ3VpeCBzdG9yZSkKKyAgIzpleHBvcnQgKCV0ZXN0LWxpYnZpcnQpKQorCisoZGVm aW5lICVsaWJ2aXJ0LW9zCisgIChzaW1wbGUtb3BlcmF0aW5nLXN5c3RlbQorICAgKGRoY3AtY2xp ZW50LXNlcnZpY2UpCisgICAoZGJ1cy1zZXJ2aWNlKQorICAgKHBvbGtpdC1zZXJ2aWNlKQorICAg KHNlcnZpY2UgbGlidmlydC1zZXJ2aWNlLXR5cGUpKSkKKworKGRlZmluZSAocnVuLWxpYnZpcnQt dGVzdCkKKyAgIlJ1biB0ZXN0cyBpbiAlTElCVklSVC1PUy4iCisgIChkZWZpbmUgb3MKKyAgICAo bWFyaW9uZXR0ZS1vcGVyYXRpbmctc3lzdGVtCisgICAgICVsaWJ2aXJ0LW9zCisgICAgICM6aW1w b3J0ZWQtbW9kdWxlcyAnKChnbnUgc2VydmljZXMgaGVyZCkKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgKGd1aXggY29tYmluYXRvcnMpKSkpCisKKyAgKGRlZmluZSB2bQorICAgICh2aXJ0dWFs LW1hY2hpbmUKKyAgICAgKG9wZXJhdGluZy1zeXN0ZW0gb3MpCisgICAgIChwb3J0LWZvcndhcmRp bmdzICcoKSkpKQorCisgIChkZWZpbmUgdGVzdAorICAgICh3aXRoLWltcG9ydGVkLW1vZHVsZXMg JygoZ251IGJ1aWxkIG1hcmlvbmV0dGUpKQorICAgICAgI34oYmVnaW4KKyAgICAgICAgICAodXNl LW1vZHVsZXMgKHNyZmkgc3JmaS0xMSkgKHNyZmkgc3JmaS02NCkKKyAgICAgICAgICAgICAgICAg ICAgICAgKGdudSBidWlsZCBtYXJpb25ldHRlKSkKKworICAgICAgICAgIChkZWZpbmUgbWFyaW9u ZXR0ZQorICAgICAgICAgICAgKG1ha2UtbWFyaW9uZXR0ZSAobGlzdCAjJHZtKSkpCisKKyAgICAg ICAgICAobWtkaXIgIyRvdXRwdXQpCisgICAgICAgICAgKGNoZGlyICMkb3V0cHV0KQorCisgICAg ICAgICAgKHRlc3QtYmVnaW4gImxpYnZpcnQiKQorCisgICAgICAgICAgKHRlc3QtYXNzZXJ0ICJz ZXJ2aWNlIHJ1bm5pbmciCisgICAgICAgICAgICAobWFyaW9uZXR0ZS1ldmFsCisgICAgICAgICAg ICAgJyhiZWdpbgorICAgICAgICAgICAgICAgICh1c2UtbW9kdWxlcyAoZ251IHNlcnZpY2VzIGhl cmQpKQorICAgICAgICAgICAgICAgIChtYXRjaCAoc3RhcnQtc2VydmljZSAnbGlidmlydGQpCisg ICAgICAgICAgICAgICAgICAoI2YgI2YpCisgICAgICAgICAgICAgICAgICAoKCdzZXJ2aWNlIHJl c3BvbnNlLXBhcnRzIC4uLikKKyAgICAgICAgICAgICAgICAgICAobWF0Y2ggKGFzc3EtcmVmIHJl c3BvbnNlLXBhcnRzICdydW5uaW5nKQorICAgICAgICAgICAgICAgICAgICAgKChwaWQpIChudW1i ZXI/IHBpZCkpKSkpKQorICAgICAgICAgICAgIG1hcmlvbmV0dGUpKQorCisgICAgICAgICAgKHRl c3QtZXEgImZldGNoIHZlcnNpb24iCisgICAgICAgICAgICAwCisgICAgICAgICAgICAobWFyaW9u ZXR0ZS1ldmFsCisgICAgICAgICAgICAgYChiZWdpbgorICAgICAgICAgICAgICAgIChzeXN0ZW0q ICwoc3RyaW5nLWFwcGVuZCAjJGxpYnZpcnQgIi9iaW4vdmlyc2giKQorICAgICAgICAgICAgICAg ICAgICAgICAgICItYyIgInFlbXU6Ly8vc3lzdGVtIiAidmVyc2lvbiIpKQorICAgICAgICAgICAg IG1hcmlvbmV0dGUpKQorCisgICAgICAgICAgKHRlc3QtZW5kKQorICAgICAgICAgIChleGl0ICg9 ICh0ZXN0LXJ1bm5lci1mYWlsLWNvdW50ICh0ZXN0LXJ1bm5lci1jdXJyZW50KSkgMCkpKSkpCisK KyAgKGdleHAtPmRlcml2YXRpb24gImxpYnZpcnQtdGVzdCIgdGVzdCkpCisKKyhkZWZpbmUgJXRl c3QtbGlidmlydAorICAoc3lzdGVtLXRlc3QKKyAgIChuYW1lICJsaWJ2aXJ0IikKKyAgIChkZXNj cmlwdGlvbiAiQ29ubmVjdCB0byB0aGUgcnVubmluZyBMSUJWSVJUIHNlcnZpY2UuIikKKyAgICh2 YWx1ZSAocnVuLWxpYnZpcnQtdGVzdCkpKSkKLS0gCjIuMTQuMQoK --94eb2c07631e6aabec05574e7d58-- From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 22 05:56:38 2017 Received: (at 27887) by debbugs.gnu.org; 22 Aug 2017 09:56:38 +0000 Received: from localhost ([127.0.0.1]:48632 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dk5vK-0005Ks-KX for submit@debbugs.gnu.org; Tue, 22 Aug 2017 05:56:38 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:32983 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dk5vI-0005Kh-Nz for 27887@debbugs.gnu.org; Tue, 22 Aug 2017 05:56:37 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id C2F8F13D1F7; Tue, 22 Aug 2017 10:56:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 828A213D1F5; Tue, 22 Aug 2017 10:56:35 +0100 (BST) Date: Tue, 22 Aug 2017 10:56:31 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170822105631.2f91ac84@cbaines.net> In-Reply-To: References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> <20170819201143.3f6ac2c5@cbaines.net> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/Ra3=BtGETFEH/tmoQ7FluAy"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887 Cc: 27887@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/Ra3=BtGETFEH/tmoQ7FluAy Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 21 Aug 2017 19:38:25 -0700 Ryan Moe wrote: > I did some more testing and everything looks good to me. I've > addressed your previous comments as well (see below). I wasn't sure if > I needed to squash the commits so I just included all three patches. I > did reorder them to place your wrap patch before mine since the > libvirt service depends on that change. Awesome, that all sounds perfect. > >> +(define libvirt-service-type > >> + (service-type (name 'libvirt) > >> + (extensions > >> + (list > >> + (service-extension polkit-service-type (compose > >> list libvirt-configuration-libvirt)) =20 > > > > Line length could be better here, just by putting the (compose ... ) > > bit on the line after the polkit-service-type. > > =20 >=20 > Agreed. This is fixed in the attached patch. >=20 > >> + (service-extension profile-service-type > >> + (compose list > >> + (lambda (package) qemu) > >> + > >> libvirt-configuration-libvirt)) =20 > > > > This confused me for a bit, until I realised that a simpler way of > > expressing this would be (const (list qemu)) if I'm correct? Also, > > it would be good to explain why this needs to happen in a comment. > > =20 >=20 > That didn't work. qemu doesn't need to be installed in the system > profile anyway so I've removed this. >=20 > >> +(define virtlog-service-type > >> + (service-type (name 'virtlogd) > >> + (extensions > >> + (list > >> + (service-extension profile-service-type > >> + (compose list > >> + > >> virtlog-configuration-libvirt)) =20 > > > > What function does this extension have? As far as I understood from > > the documentation you wrote, this is used from the libvirt > > service. =20 >=20 > Now that I have a better understanding of how this works I realize > this was unnecessary and it's been removed too. I'll plan on merging this tomorrow then, leaving a little bit of time for anyone else to review this if they want to. Great work Ryan! --Sig_/Ra3=BtGETFEH/tmoQ7FluAy Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmb/89fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9Xfhhw//Y/UnUAOJDKCxod5L5JxV0iA+0ucVwFdvMu7Mb5QCbvC48h5XlkF6OsPs 8ncJBCLj8DbyMwiINL09wRRCB4sNsUtxVd5dAT9LcAnRuAblUE88BVoQErMwNJmG /zYHiSfhSycDS9O4r99zLymMCaCCCYHpjrFCOzfpjE3SyoYUdHS7pQRMEmU4i5+y OfcFfb1ORhhdh7yMDl/Rjl2BRdLAy2DOpinH3A7ihk0+TwJjdZ1jBf76U7i+Mjaw a1TpFcZ57/ZAq5fdZ5BiOK0S9vEjX9NDkxSihz1BB5YOb1FstiZw5uP+ZGVX8cxC /QB/YZ1fx4ZiyzxPsi9X2FecBqVgKcorbU8K4RdjxFgXz83xeNzMhlHcWOwOMcZY 16slxw+lbDBpVu7I0s0x0qi8yxS7ad4BdnQcgBexfZnSGVNI/hFbOz8Hpbuv/4b0 M0ItcUIXjyQfmqMKRUi4StCzI3JMym9pDy9sCPLP5/C39O8inMXbd7A49MQnh3V0 DA80vzwL+HBiTJ2oFkpXRkHU7WwIZN2EC39+rl52x5mTwJPnDuajCvEUcxmT7sC9 /BwtrpKp7CQ1R9LBerQ+vG9xvdXl8cgzgHIQDXovYLVTggeE2dkJD3kj1nhRrPyI feq3V0B1WlNM8z2PeriKfvsaH08sIGaDremDaJJVG3bGb1Uk7KI= =/xpy -----END PGP SIGNATURE----- --Sig_/Ra3=BtGETFEH/tmoQ7FluAy-- From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 23 08:22:21 2017 Received: (at 27887-done) by debbugs.gnu.org; 23 Aug 2017 12:22:21 +0000 Received: from localhost ([127.0.0.1]:50525 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dkUft-0007au-DZ for submit@debbugs.gnu.org; Wed, 23 Aug 2017 08:22:21 -0400 Received: from li622-129.members.linode.com ([212.71.249.129]:34127 helo=mira.cbaines.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dkUfr-0007am-Av for 27887-done@debbugs.gnu.org; Wed, 23 Aug 2017 08:22:20 -0400 Received: by mira.cbaines.net (Postfix, from userid 113) id 9544B1474DF; Wed, 23 Aug 2017 13:22:17 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 0EC121474DD; Wed, 23 Aug 2017 13:22:17 +0100 (BST) Date: Wed, 23 Aug 2017 13:22:13 +0100 From: Christopher Baines To: Ryan Moe Subject: Re: [bug#27887] [PATCH] services: Add libvirt services Message-ID: <20170823132213.325d92b7@cbaines.net> In-Reply-To: <20170822105631.2f91ac84@cbaines.net> References: <20170731181308.6425-1-ryan.moe@gmail.com> <20170818084812.16bd673e@cbaines.net> <20170819011206.7da96f0f@cbaines.net> <20170819125949.38aa6d70@cbaines.net> <20170819201143.3f6ac2c5@cbaines.net> <20170822105631.2f91ac84@cbaines.net> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/2yPssRO/pVhTkbFMcVETsvE"; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27887-done Cc: 27887-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Sig_/2yPssRO/pVhTkbFMcVETsvE Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 22 Aug 2017 10:56:31 +0100 Christopher Baines wrote: > On Mon, 21 Aug 2017 19:38:25 -0700 > Ryan Moe wrote: >=20 > > I did some more testing and everything looks good to me. I've > > addressed your previous comments as well (see below). I wasn't sure > > if I needed to squash the commits so I just included all three > > patches. I did reorder them to place your wrap patch before mine > > since the libvirt service depends on that change. =20 >=20 > Awesome, that all sounds perfect. >=20 > > >> +(define libvirt-service-type > > >> + (service-type (name 'libvirt) > > >> + (extensions > > >> + (list > > >> + (service-extension polkit-service-type > > >> (compose list libvirt-configuration-libvirt)) =20 > > > > > > Line length could be better here, just by putting the > > > (compose ... ) bit on the line after the polkit-service-type. > > > =20 > >=20 > > Agreed. This is fixed in the attached patch. > > =20 > > >> + (service-extension profile-service-type > > >> + (compose list > > >> + (lambda (package) > > >> qemu) + > > >> libvirt-configuration-libvirt)) =20 > > > > > > This confused me for a bit, until I realised that a simpler way of > > > expressing this would be (const (list qemu)) if I'm correct? Also, > > > it would be good to explain why this needs to happen in a comment. > > > =20 > >=20 > > That didn't work. qemu doesn't need to be installed in the system > > profile anyway so I've removed this. > > =20 > > >> +(define virtlog-service-type > > >> + (service-type (name 'virtlogd) > > >> + (extensions > > >> + (list > > >> + (service-extension profile-service-type > > >> + (compose list > > >> + > > >> virtlog-configuration-libvirt)) =20 > > > > > > What function does this extension have? As far as I understood > > > from the documentation you wrote, this is used from the libvirt > > > service. =20 > >=20 > > Now that I have a better understanding of how this works I realize > > this was unnecessary and it's been removed too. =20 >=20 > I'll plan on merging this tomorrow then, leaving a little bit of time > for anyone else to review this if they want to. Great work Ryan! I've now pushed the 3 patches to master :) --Sig_/2yPssRO/pVhTkbFMcVETsvE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlmdc3VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XetPRAApZkBo0fufhkGJnBfoJXQYjDDeScUEihc8d7AW3I2HELffONpuE2/YVjp IyXgHRFacVmIkSHIcZQmfk7ut32Ku33POljIBsCp4bg6SZ87X7z6MYmqsCZESOf9 IuOhok1H85Eaosz4RRErmv6eG49KVZMylQxByxoDWIqVEHfBsKuqJaZdgZiBvESE Ii9BeGDMZiwcEkA6WpBcQIN8kae0E17NyagGMVGZ7SR5epBgi6vON9ewOyO7C8vJ KCOrKj5e21DQWVKwwBfaEpBN4Yy6HtRZ7sVspfL/zyiQIDpYByIrFJFiH2XKKjk5 PjgIgrZm8vkjgpmjqTPP2SXZAX0CUT9lzyyQtEvNuSx9vzpvgD/mizjViwp0eY/v uT/4eimF16xqgBnW1/jw3XWoX2Rg3mcpwPkzMTlUlRmyRK44wLuDWDU4kz15F/oG H57kG2fjDiOdVVOgF6qWG5/bV4IOsxcgBoSeQeLYY2VK5nTwdziJmrJGRptSoKRJ 55f6OZDq+vd8UV8P72BB/7KSYaj7HvBVrkjHim9QXi763o9K7V+vJeVI1xY2cLkK 02p43wOUT0azr/ST+FYau1WDJMk10ac60g+vpT7aNpAZwYhpRN4BbK7HKOLTlV88 6KNtLCJ0r0+vwRkGHMnYWjf64BT6Jbf1t6UA7OMExSdSHEx0qrY= =0UC+ -----END PGP SIGNATURE----- --Sig_/2yPssRO/pVhTkbFMcVETsvE-- From unknown Sat Jun 14 03:55:08 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 21 Sep 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator