← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #60828

[Bug 1649527] Re: nova creates an invalid ethernet/bridge interface definition in virsh xml

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/411936
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=847952927c60ed0577bc835adf607ed7b8f15240
Submitter: Jenkins
Branch:    master

commit 847952927c60ed0577bc835adf607ed7b8f15240
Author: Neil Jerram <neil@xxxxxxxxx>
Date:   Fri Dec 16 17:49:59 2016 +0000

    libvirt: avoid generating script with empty path
    
    Previously, libvirt just appended 'script=' onto the QEMU cmd line
    according to what <script path=''/> contained, letting QEMU execute the
    script.  That was flawed from security POV (you don't want QEMU to be
    allowed to execute anything), so newer libvirt (as of [1]) executes the
    script now.  But the libvirt code doesn't allow this corner case (of
    allowing and ignoring an empty script path) whereas apparently the QEMU
    code does.
    
    So the Nova setting of '' used to work by accident, but now does not.
    
    [1]
    http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9c17d66 (autocreate
    tap device for ethernet network type)
    
    Closes-Bug: #1649527
    Change-Id: I4f97c05e2dec610af22a5150dd27696e1d767896


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1649527

Title:
  nova creates an invalid ethernet/bridge interface definition in virsh
  xml

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Description
  ===========

  https://github.com/openstack/nova/blob/master/nova/virt/libvirt/designer.py#L61
  sets the script path of an ethernet interface to ""

  https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L1228
  checks script for None. As it is not none but a string it adds an empty 
  script path to the ethernet interface definition in the virsh xml

  Steps to reproduce
  ==================

  nova generated virsh:

  [root@overcloud-novacompute-0 heat-admin]# cat 2.xml |grep tap -A5 -B3
      <interface type='ethernet'>
        <mac address='02:b9:38:d2:ef:bf'/>
        <script path=''/>
        <target dev='tapb938d2ef-bf'/>
        <model type='virtio'/>
        <driver name='qemu'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
      </interface>

  XML validation:

  [root@overcloud-novacompute-0 heat-admin]# virt-xml-validate 2.xml
  Relax-NG validity error : Extra element devices in interleave
  2.xml:59: element devices: Relax-NG validity error : Element domain failed to validate content
  2.xml fails to validate

  removing the <script path=''/> element the xml validation succeeds:

  [root@overcloud-novacompute-0 heat-admin]# cat 1.xml |grep tap -A5 -B2
      <interface type='ethernet'>
        <mac address='02:b9:38:d2:ef:bf'/>
        <target dev='tapb938d2ef-bf'/>
        <model type='virtio'/>
        <driver name='qemu'/>
        <alias name='net0'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
      </interface>
  [root@overcloud-novacompute-0 heat-admin]# virt-xml-validate 1.xml
  1.xml validates

  Point is that libvirt <2.0.0 is more tolerant. libvirt 2.0.0 throws a segfault:
   
  Dec  9 13:30:32 comp1 kernel: libvirtd[1048]: segfault at 8 ip 00007fc9ff09e1c3 sp 00007fc9edfef1d0 error 4 in libvirt.so.0.2000.0[7fc9fef4b000+352000]
  Dec  9 13:30:32 comp1 journal: End of file while reading data: Input/output error
  Dec  9 13:30:32 comp1 systemd: libvirtd.service: main process exited, code=killed, status=11/SEGV
  Dec  9 13:30:32 comp1 systemd: Unit libvirtd.service entered failed state.
  Dec  9 13:30:32 comp1 systemd: libvirtd.service failed.
  Dec  9 13:30:32 comp1 systemd: libvirtd.service holdoff time over, scheduling restart.
  Dec  9 13:30:32 comp1 systemd: Starting Virtualization daemon...
  Dec  9 13:30:32 comp1 systemd: Started Virtualization daemon. 

  Expected result
  ===============
  VM can be started
  instead of checking for None, config.py should check for an empty string before
  adding script path

  
  Actual result
  =============
  VM doesn't start

  Environment
  ===========
  OSP10/Newton, libvirt 2.0.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1649527/+subscriptions

References

  Thread PreviousDate PreviousThread Next