yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #58935
[Bug 1639312] Re: Nova does not validate graphics console addresses
Reviewed: https://review.openstack.org/373264
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f84ae10c66aeda223581b26c134b5c44c15d9e6e
Submitter: Jenkins
Branch: master
commit f84ae10c66aeda223581b26c134b5c44c15d9e6e
Author: Pawel Koniszewski <pawel.koniszewski@xxxxxxxxx>
Date: Wed Nov 16 11:05:10 2016 +0100
Refactor console checks in live migration process
_check_graphics_addresses_can_live_migrate was added to check
whether we can live migrate a VM with VNC/SPICE enabled when:
* libvirt did not allow to change and migrate guest XML with
updated graphics listen addresses. Right now we always can update
VNC/SPICE listen address.
* Destination node was running old-code that does not set the fields.
Currently when live migrating between two versions of OpenStack
(N and N-1) the fields are always set.
Therefore this check is redundant and can be removed.
Going deeper in this code - graphics_listen_addr_vnc and
graphics_listen_addr_spice in libvirt migrate data object are of
type IPAddressField. It means that both need to contain valid IP address.
By default in nova.conf it is 127.0.0.1. It can't be set to None because
IP address is taken from nova.conf and even if set to None it will be
passed as a string 'None' and will fail IPAddressField validation.
graphics_listen_addrs in migration.py currently always returns a dict
which contains IP addresses of both VNC and spice graphics consoles.
This means that:
* check 'if listen_addrs' is always True
* check 'if not listen_addrs' is always False
So we really never passed through 'if not listen_addrs' since
migrate_data is objectified as those addresses are always there.
However, serial_listen_addr is handled different way. The type of
this field in libvirt migrate data object is StringField that might
be set to None or empty string through nova.conf. So we still need
to validate whether serial console can be migrated so that we will
be sure that particular live migration will not break serial console
in case when serial listen address is not configured at destination.
Change-Id: I73f7bfafa4554bf1c2dfc980289be88154170282
Closes-Bug: #1639312
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1639312
Title:
Nova does not validate graphics console addresses
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Due to all changes in nova live migration code path there is condition
that is always evaluated to False:
https://github.com/openstack/nova/blob/5a81b00e6b2adba2a380b90e402ff391d64ea6a5/nova/virt/libvirt/driver.py#L5888
Even when using the lowest RPC microversion (4.0) migrata_data will
always be populated with graphics console addresses. This data will
not be there only when doing live migration, e.g., from Kilo to
Newton, which is not supported anyway. Even though both options,
graphics_listen_addr_vnc and graphics_listen_addr_spice are nullable:
https://github.com/openstack/nova/blob/4eb89c206e68a7172ebad897ad24769036c7bdd6/nova/objects/migrate_data.py#L125
there is no way to pass None through nova.conf, instead it is always
passed as string (e.g. "None"). Therefore values of both options will
be validated whether they are valid IP addresses. Also by default
vncserver_listen and server_listen are not set to None, but to
127.0.0.1
https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/vnc.py#L58
https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/spice.py#L65
Because of all this stuff nova never reaches code that should validate
graphics console addresses and we might allow live migration that
breaks graphics console on instance.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1639312/+subscriptions
References