Sounds good
Does this look reasonable (I haven't tested it yet):
CVE-2015-3252: Get XML with sensitive information suitable
for migration by using
VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
Use VIR_DOMAIN_XML_SECURE (value = 1) prior
to v1.0.0.
*/
if (conn.getLibVirVersion() >= 1000000) { // 1000000 equals
v1.0.0
xmlDesc =
dm.getXMLDesc(8).replace(libvirtComputingResource.getPrivateIp(),
command.getDestinationIp());
}
else {
xmlDesc =
dm.getXMLDesc(1).replace(libvirtComputingResource.getPrivateIp(),
command.getDestinationIp());
}
On Mon, Aug 31, 2015 at 12:06 PM, Marcus <shadow...@gmail.com> wrote:
> Might as well put the check in, to ensure we don't try to use flags that
> aren't available.
>
> On Mon, Aug 31, 2015 at 10:21 AM, Mike Tutkowski <
> mike.tutkow...@solidfire.com> wrote:
>
> > Thanks, everyone
> >
> > Marcus - Do you think I should put in a version check or is that version
> of
> > Libvirt too old to bother supporting?
> >
> > On Monday, August 31, 2015, Marcus <shadow...@gmail.com> wrote:
> >
> > > Looks like the VIR_DOMAIN_XML_MIGRATABLE flag was introduced in v1.0.0
> > > (version 1000000 in how the Libvirt API reports), and
> > VIR_DOMAIN_XML_SECURE
> > > was all the way back in v0.8.0 (version 8000).
> > >
> > > On Mon, Aug 31, 2015 at 8:04 AM, Marcus <shadow...@gmail.com
> > > <javascript:_e(%7B%7D,'cvml','shadow...@gmail.com');>> wrote:
> > >
> > >> There are a bunch of things like this in the code already, and they're
> > >> wrapped in version checks. See
> > >>
> > >> _hypervisorLibvirtVersion in LibvirtComputingResource. We just need to
> > >> figure out which versions need to be left out.
> > >>
> > >>
> > >>
> > >>
> > >> On Mon, Aug 31, 2015 at 1:56 AM, Rohit Yadav <
> rohit.ya...@shapeblue.com
> > >> <javascript:_e(%7B%7D,'cvml','rohit.ya...@shapeblue.com');>> wrote:
> > >>
> > >>> Hi Mike,
> > >>>
> > >>> I think it is related to this, the libvirt version is really old that
> > >>> lacks the flags:
> > >>>
> > >>>
> >
> https://github.com/apache/cloudstack/commit/5d29b63cfa98a15d7734798c5b29a43658d7f112
> > >>>
> > >>> If VM migration flag (8) is not available, can you check
> > >>> if VIR_DOMAIN_XML_SECURE (flag=1) works for you, if so we can change
> > the
> > >>> above fix to use 0x1 (or 1) to support KVM/12.04 though I’m not sure
> > if for
> > >>> vm migration the xml dump method should be provided 0x1 and not 0x8
> > >>> (VIR_DOMAIN_XML_MIGRATABLE).
> > >>>
> > >>> On 31-Aug-2015, at 11:29 am, Mike Tutkowski <mike.tutkowski@solidfire
> > >>>
> > >>> .com> wrote:
> > >>>
> > >>> Hi,
> > >>>
> > >>> I'm having a problem migrating a VM from one 12.04 KVM host to
> another
> > >>> 12.04 KVM host in the same cluster in CS 4.6.
> > >>>
> > >>> Anyone know why I might be receiving this error message?
> > >>>
> > >>> invalid argument: virDomainDefFormat: unsupported flags (0x8)
> > >>>
> > >>> The root disk is stored on cluster-scoped NFS primary storage.
> > >>>
> > >>> Thanks!
> > >>>
> > >>> --
> > >>> *Mike Tutkowski*
> > >>> *Senior CloudStack Developer, SolidFire Inc.*
> > >>> e: mike.tutkow...@solidfire.com
> > >>> <javascript:_e(%7B%7D,'cvml','mike.tutkow...@solidfire.com');>
> > >>> o: 303.746.7302
> > >>> Advancing the way the world uses the cloud
> > >>> <http://solidfire.com/solution/overview/?video=play>*™*
> > >>>
> > >>>
> > >>> Regards,
> > >>> Rohit Yadav
> > >>> Software Architect, ShapeBlue
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com
> > >>> <javascript:_e(%7B%7D,'cvml','rohit.ya...@shapeblue.com');>
> > >>> Blog: bhaisaab.org | Twitter: @_bhaisaab
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> Find out more about ShapeBlue and our range of CloudStack related
> > >>> services
> > >>>
> > >>> IaaS Cloud Design & Build
> > >>> <http://shapeblue.com/iaas-cloud-design-and-build//>
> > >>> CSForge – rapid IaaS deployment framework
> > >>> <http://shapeblue.com/csforge/>
> > >>> CloudStack Consulting <http://shapeblue.com/cloudstack-consultancy/>
> > >>> CloudStack Software Engineering
> > >>> <http://shapeblue.com/cloudstack-software-engineering/>
> > >>> CloudStack Infrastructure Support
> > >>> <http://shapeblue.com/cloudstack-infrastructure-support/>
> > >>> CloudStack Bootcamp Training Courses
> > >>> <http://shapeblue.com/cloudstack-training/>
> > >>>
> > >>> This email and any attachments to it may be confidential and are
> > >>> intended solely for the use of the individual to whom it is
> addressed.
> > Any
> > >>> views or opinions expressed are solely those of the author and do not
> > >>> necessarily represent those of Shape Blue Ltd or related companies.
> If
> > you
> > >>> are not the intended recipient of this email, you must neither take
> any
> > >>> action based upon its contents, nor copy or show it to anyone. Please
> > >>> contact the sender if you believe you have received this email in
> > error.
> > >>> Shape Blue Ltd is a company incorporated in England & Wales.
> ShapeBlue
> > >>> Services India LLP is a company incorporated in India and is operated
> > under
> > >>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a
> > >>> company incorporated in Brasil and is operated under license from
> Shape
> > >>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
> Republic
> > of
> > >>> South Africa and is traded under license from Shape Blue Ltd.
> > ShapeBlue is
> > >>> a registered trademark.
> > >>>
> > >>
> > >>
> > >
> >
> > --
> > *Mike Tutkowski*
> > *Senior CloudStack Developer, SolidFire Inc.*
> > e: mike.tutkow...@solidfire.com
> > o: 303.746.7302
> > Advancing the way the world uses the cloud
> > <http://solidfire.com/solution/overview/?video=play>*™*
> >
>
--
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkow...@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*
