group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1727366] Re: virsh start/destroy is too slow after adding firewall rule

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: ChristianEhrhardt <1727366@xxxxxxxxxxxxxxxxxx>
Date: Fri, 27 Oct 2017 12:25:34 -0000
Reply-to: Bug 1727366 <1727366@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

virExec:
    for (fd = 3; fd < openmax; fd++) {                                               
        if (fd == childin || fd == childout || fd == childerr)                       
            continue;                                                                
        if (!virCommandFDIsSet(cmd, fd)) {                                           
            tmpfd = fd;                                                              
            VIR_MASS_CLOSE(tmpfd);                                                   
        } else if (virSetInherit(fd, true) < 0) {                                    
            virReportSystemError(errno, _("failed to preserve fd %d"), fd);          
            goto fork_error;                                                         
        }                                                                            
    }

openmax is the limit that gets indirectly derived from that systemd limit.
But with [1] Im not sure ho much more one can do.

[1]: https://stackoverflow.com/questions/899038/getting-the-highest-
allocated-file-descriptor/918469#918469

** Changed in: libvirt (Ubuntu)
       Status: In Progress => Opinion

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1727366

Title:
  virsh start/destroy is too slow after adding firewall rule

Status in libvirt package in Ubuntu:
  Opinion
Status in libvirt source package in Xenial:
  Won't Fix
Status in libvirt source package in Zesty:
  Won't Fix

Bug description:
  Description:	Ubuntu 16.04.3 LTS
  Release:	16.04

  libvirt-bin:
    Installed: 1.3.1-1ubuntu10.14
    Candidate: 1.3.1-1ubuntu10.14

  The starting/stopping time of the domain is dramatically increased
  after adding nw-filter rule:

  Actual timings:
  --------------

  # time virsh destroy 9000
  Domain 9000 destroyed

  
  real	0m9.252s
  user	0m0.024s
  sys	0m0.000s

  Expected timings: (without active filterref item)
  ----------------

  $ time virsh destroy 9000
  Domain 9000 destroyed

  real    0m0.633s
  user    0m0.012s
  sys     0m0.008s

  Steps to reproduce:
  ------------------

  1. Enable any firewall rule, which is shipped with a package. In
  example it could be allow-arp:

      <interface type='bridge'>
        <mac address='52:54:00:86:69:a7'/>
        <source bridge='br0'/>
        <model type='virtio'/>
        <filterref filter='allow-arp'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
      </interface>

  2. Stop domain:

  $ virsh destroy 9000

  3. Start domain:

  $ LIBVIRT_DEBUG=debug virsh start 9000

  Debug output attached as libvirt-debug.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1727366/+subscriptions