← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1639312] Re: Nova does not validate graphics console addresses

 

Reviewed:  https://review.openstack.org/373264
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f84ae10c66aeda223581b26c134b5c44c15d9e6e
Submitter: Jenkins
Branch:    master

commit f84ae10c66aeda223581b26c134b5c44c15d9e6e
Author: Pawel Koniszewski <pawel.koniszewski@xxxxxxxxx>
Date:   Wed Nov 16 11:05:10 2016 +0100

    Refactor console checks in live migration process
    
    _check_graphics_addresses_can_live_migrate was added to check
    whether we can live migrate a VM with VNC/SPICE enabled when:
    
    * libvirt did not allow to change and migrate guest XML with
      updated graphics listen addresses. Right now we always can update
      VNC/SPICE listen address.
    * Destination node was running old-code that does not set the fields.
      Currently when live migrating between two versions of OpenStack
      (N and N-1) the fields are always set.
    
    Therefore this check is redundant and can be removed.
    
    Going deeper in this code - graphics_listen_addr_vnc and
    graphics_listen_addr_spice in libvirt migrate data object are of
    type IPAddressField. It means that both need to contain valid IP address.
    By default in nova.conf it is 127.0.0.1. It can't be set to None because
    IP address is taken from nova.conf and even if set to None it will be
    passed as a string 'None' and will fail IPAddressField validation.
    
    graphics_listen_addrs in migration.py currently always returns a dict
    which contains IP addresses of both VNC and spice graphics consoles.
    
    This means that:
    * check 'if listen_addrs' is always True
    * check 'if not listen_addrs' is always False
    
    So we really never passed through 'if not listen_addrs' since
    migrate_data is objectified as those addresses are always there.
    
    However, serial_listen_addr is handled different way. The type of
    this field in libvirt migrate data object is StringField that might
    be set to None or empty string through nova.conf. So we still need
    to validate whether serial console can be migrated so that we will
    be sure that particular live migration will not break serial console
    in case when serial listen address is not configured at destination.
    
    Change-Id: I73f7bfafa4554bf1c2dfc980289be88154170282
    Closes-Bug: #1639312


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1639312

Title:
  Nova does not validate graphics console addresses

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Due to all changes in nova live migration code path there is condition
  that is always evaluated to False:

  https://github.com/openstack/nova/blob/5a81b00e6b2adba2a380b90e402ff391d64ea6a5/nova/virt/libvirt/driver.py#L5888

  Even when using the lowest RPC microversion (4.0) migrata_data will
  always be populated with graphics console addresses. This data will
  not be there only when doing live migration, e.g., from Kilo to
  Newton, which is not supported anyway. Even though both options,
  graphics_listen_addr_vnc and graphics_listen_addr_spice are nullable:

  https://github.com/openstack/nova/blob/4eb89c206e68a7172ebad897ad24769036c7bdd6/nova/objects/migrate_data.py#L125

  there is no way to pass None through nova.conf, instead it is always
  passed as string (e.g. "None"). Therefore values of both options will
  be validated whether they are valid IP addresses. Also by default
  vncserver_listen and server_listen are not set to None, but to
  127.0.0.1

  https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/vnc.py#L58
  https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/spice.py#L65

  Because of all this stuff nova never reaches code that should validate
  graphics console addresses and we might allow live migration that
  breaks graphics console on instance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1639312/+subscriptions


References