55cf09a02b
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl_add' command.
This is not satisfactory for a variety of reasons. There is no way to
populate the ACLs from the command line, users are forced to use the
HMP. With multiple network services all supporting TLS and ACLs now, it
is desirable to be able to define a single ACL that is referenced by all
services.
To address these limitations, two new options are added to the VNC
server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to
use for checking TLS x509 distinguished names, and the 'sasl-authz'
option takes the ID of another object to use for checking SASL usernames.
In this example, we setup two authorization rules. The first allows any
client with a certificate issued by the 'RedHat' organization in the
'London' locality. The second ACL allows clients with either the
'joe@REDHAT.COM' or 'fred@REDHAT.COM' kerberos usernames. Both checks
must pass for the user to be allowed.
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,policy=deny,\
rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \
-object authz-simple,id=authz1,policy=deny,\
rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \
rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \
-vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0,
sasl,sasl-authz=authz1 \
...other QEMU args...
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20190227145755.26556-2-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
185 lines
6.9 KiB
Plaintext
185 lines
6.9 KiB
Plaintext
@node Deprecated features
|
|
@appendix Deprecated features
|
|
|
|
In general features are intended to be supported indefinitely once
|
|
introduced into QEMU. In the event that a feature needs to be removed,
|
|
it will be listed in this appendix. The feature will remain functional
|
|
for 2 releases prior to actual removal. Deprecated features may also
|
|
generate warnings on the console when QEMU starts up, or if activated
|
|
via a monitor command, however, this is not a mandatory requirement.
|
|
|
|
Prior to the 2.10.0 release there was no official policy on how
|
|
long features would be deprecated prior to their removal, nor
|
|
any documented list of which features were deprecated. Thus
|
|
any features deprecated prior to 2.10.0 will be treated as if
|
|
they were first deprecated in the 2.10.0 release.
|
|
|
|
What follows is a list of all features currently marked as
|
|
deprecated.
|
|
|
|
@section System emulator command line arguments
|
|
|
|
@subsection -machine enforce-config-section=on|off (since 3.1)
|
|
|
|
The @option{enforce-config-section} parameter is replaced by the
|
|
@option{-global migration.send-configuration=@var{on|off}} option.
|
|
|
|
@subsection -no-kvm (since 1.3.0)
|
|
|
|
The ``-no-kvm'' argument is now a synonym for setting
|
|
``-machine accel=tcg''.
|
|
|
|
@subsection -usbdevice (since 2.10.0)
|
|
|
|
The ``-usbdevice DEV'' argument is now a synonym for setting
|
|
the ``-device usb-DEV'' argument instead. The deprecated syntax
|
|
would automatically enable USB support on the machine type.
|
|
If using the new syntax, USB support must be explicitly
|
|
enabled via the ``-machine usb=on'' argument.
|
|
|
|
@subsection -drive file=json:@{...@{'driver':'file'@}@} (since 3.0)
|
|
|
|
The 'file' driver for drives is no longer appropriate for character or host
|
|
devices and will only accept regular files (S_IFREG). The correct driver
|
|
for these file types is 'host_cdrom' or 'host_device' as appropriate.
|
|
|
|
@subsection -net ...,name=@var{name} (since 3.1)
|
|
|
|
The @option{name} parameter of the @option{-net} option is a synonym
|
|
for the @option{id} parameter, which should now be used instead.
|
|
|
|
@subsection -smp (invalid topologies) (since 3.1)
|
|
|
|
CPU topology properties should describe whole machine topology including
|
|
possible CPUs.
|
|
|
|
However, historically it was possible to start QEMU with an incorrect topology
|
|
where @math{@var{n} <= @var{sockets} * @var{cores} * @var{threads} < @var{maxcpus}},
|
|
which could lead to an incorrect topology enumeration by the guest.
|
|
Support for invalid topologies will be removed, the user must ensure
|
|
topologies described with -smp include all possible cpus, i.e.
|
|
@math{@var{sockets} * @var{cores} * @var{threads} = @var{maxcpus}}.
|
|
|
|
@subsection -vnc acl (since 4.0.0)
|
|
|
|
The @code{acl} option to the @code{-vnc} argument has been replaced
|
|
by the @code{tls-authz} and @code{sasl-authz} options.
|
|
|
|
@section QEMU Machine Protocol (QMP) commands
|
|
|
|
@subsection block-dirty-bitmap-add "autoload" parameter (since 2.12.0)
|
|
|
|
"autoload" parameter is now ignored. All bitmaps are automatically loaded
|
|
from qcow2 images.
|
|
|
|
@subsection query-cpus (since 2.12.0)
|
|
|
|
The ``query-cpus'' command is replaced by the ``query-cpus-fast'' command.
|
|
|
|
@subsection query-cpus-fast "arch" output member (since 3.0.0)
|
|
|
|
The ``arch'' output member of the ``query-cpus-fast'' command is
|
|
replaced by the ``target'' output member.
|
|
|
|
@subsection cpu-add (since 4.0)
|
|
|
|
Use ``device_add'' for hotplugging vCPUs instead of ``cpu-add''. See
|
|
documentation of ``query-hotpluggable-cpus'' for additional
|
|
details.
|
|
|
|
@subsection query-events (since 4.0)
|
|
|
|
The ``query-events'' command has been superseded by the more powerful
|
|
and accurate ``query-qmp-schema'' command.
|
|
|
|
@section Human Monitor Protocol (HMP) commands
|
|
|
|
@subsection The hub_id parameter of 'hostfwd_add' / 'hostfwd_remove' (since 3.1)
|
|
|
|
The @option{[hub_id name]} parameter tuple of the 'hostfwd_add' and
|
|
'hostfwd_remove' HMP commands has been replaced by @option{netdev_id}.
|
|
|
|
@subsection cpu-add (since 4.0)
|
|
|
|
Use ``device_add'' for hotplugging vCPUs instead of ``cpu-add''. See
|
|
documentation of ``query-hotpluggable-cpus'' for additional details.
|
|
|
|
@section System emulator devices
|
|
|
|
@subsection bluetooth (since 3.1)
|
|
|
|
The bluetooth subsystem is unmaintained since many years and likely bitrotten
|
|
quite a bit. It will be removed without replacement unless some users speaks
|
|
up at the @email{qemu-devel@@nongnu.org} mailing list with information about
|
|
their usecases.
|
|
|
|
@section System emulator machines
|
|
|
|
@subsection pc-0.12, pc-0.13, pc-0.14 and pc-0.15 (since 4.0)
|
|
|
|
These machine types are very old and likely can not be used for live migration
|
|
from old QEMU versions anymore. A newer machine type should be used instead.
|
|
|
|
@subsection prep (PowerPC) (since 3.1)
|
|
|
|
This machine type uses an unmaintained firmware, broken in lots of ways,
|
|
and unable to start post-2004 operating systems. 40p machine type should be
|
|
used instead.
|
|
|
|
@section Device options
|
|
|
|
@subsection Block device options
|
|
|
|
@subsubsection "backing": "" (since 2.12.0)
|
|
|
|
In order to prevent QEMU from automatically opening an image's backing
|
|
chain, use ``"backing": null'' instead.
|
|
|
|
@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
|
|
|
|
Options for ``rbd'' should be specified according to its runtime options,
|
|
like other block drivers. Legacy parsing of keyvalue pair encoded
|
|
filenames is useful to open images with the old format for backing files;
|
|
These image files should be updated to use the current format.
|
|
|
|
Example of legacy encoding:
|
|
|
|
@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
|
|
|
|
The above, converted to the current supported format:
|
|
|
|
@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
|
|
|
|
@section Related binaries
|
|
|
|
@subsection qemu-nbd --partition (since 4.0.0)
|
|
|
|
The ``qemu-nbd --partition $digit'' code (also spelled @option{-P})
|
|
can only handle MBR partitions, and has never correctly handled
|
|
logical partitions beyond partition 5. If you know the offset and
|
|
length of the partition (perhaps by using @code{sfdisk} within the
|
|
guest), you can achieve the effect of exporting just that subset of
|
|
the disk by use of the @option{--image-opts} option with a raw
|
|
blockdev using the @code{offset} and @code{size} parameters layered on
|
|
top of any other existing blockdev. For example, if partition 1 is
|
|
100MiB long starting at 1MiB, the old command:
|
|
|
|
@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2}
|
|
|
|
can be rewritten as:
|
|
|
|
@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.backing.driver=file,file.backing.filename=file.qcow2}
|
|
|
|
Alternatively, the @code{nbdkit} project provides a more powerful
|
|
partition filter on top of its nbd plugin, which can be used to select
|
|
an arbitrary MBR or GPT partition on top of any other full-image NBD
|
|
export. Using this to rewrite the above example results in:
|
|
|
|
@code{qemu-nbd -t -k /tmp/sock -f qcow2 file.qcow2 &}
|
|
@code{nbdkit -f --filter=partition nbd socket=/tmp/sock partition=1}
|
|
|
|
Note that if you are exposing the export via /dev/nbd0, it is easier
|
|
to just export the entire image and then mount only /dev/nbd0p1 than
|
|
it is to reinvoke @command{qemu-nbd -c /dev/nbd0} limited to just a
|
|
subset of the image.
|