Reviewed: https://review.openstack.org/411936
Committed:
https://git.openstack.org/cgit/openstack/nova/commit/?id=847952927c60ed0577bc835adf607ed7b8f15240
Submitter: Jenkins
Branch: master
commit 847952927c60ed0577bc835adf607ed7b8f15240
Author: Neil Jerram <n...@tigera.io>
Date: Fri Dec 16 17:49:59 2016 +0000
libvirt: avoid generating script with empty path
Previously, libvirt just appended 'script=' onto the QEMU cmd line
according to what <script path=''/> contained, letting QEMU execute the
script. That was flawed from security POV (you don't want QEMU to be
allowed to execute anything), so newer libvirt (as of [1]) executes the
script now. But the libvirt code doesn't allow this corner case (of
allowing and ignoring an empty script path) whereas apparently the QEMU
code does.
So the Nova setting of '' used to work by accident, but now does not.
[1]
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=9c17d66 (autocreate
tap device for ethernet network type)
Closes-Bug: #1649527
Change-Id: I4f97c05e2dec610af22a5150dd27696e1d767896
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1649527
Title:
nova creates an invalid ethernet/bridge interface definition in virsh
xml
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Description
===========
https://github.com/openstack/nova/blob/master/nova/virt/libvirt/designer.py#L61
sets the script path of an ethernet interface to ""
https://github.com/openstack/nova/blob/master/nova/virt/libvirt/config.py#L1228
checks script for None. As it is not none but a string it adds an empty
script path to the ethernet interface definition in the virsh xml
Steps to reproduce
==================
nova generated virsh:
[root@overcloud-novacompute-0 heat-admin]# cat 2.xml |grep tap -A5 -B3
<interface type='ethernet'>
<mac address='02:b9:38:d2:ef:bf'/>
<script path=''/>
<target dev='tapb938d2ef-bf'/>
<model type='virtio'/>
<driver name='qemu'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
XML validation:
[root@overcloud-novacompute-0 heat-admin]# virt-xml-validate 2.xml
Relax-NG validity error : Extra element devices in interleave
2.xml:59: element devices: Relax-NG validity error : Element domain failed to
validate content
2.xml fails to validate
removing the <script path=''/> element the xml validation succeeds:
[root@overcloud-novacompute-0 heat-admin]# cat 1.xml |grep tap -A5 -B2
<interface type='ethernet'>
<mac address='02:b9:38:d2:ef:bf'/>
<target dev='tapb938d2ef-bf'/>
<model type='virtio'/>
<driver name='qemu'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
[root@overcloud-novacompute-0 heat-admin]# virt-xml-validate 1.xml
1.xml validates
Point is that libvirt <2.0.0 is more tolerant. libvirt 2.0.0 throws a
segfault:
Dec 9 13:30:32 comp1 kernel: libvirtd[1048]: segfault at 8 ip
00007fc9ff09e1c3 sp 00007fc9edfef1d0 error 4 in
libvirt.so.0.2000.0[7fc9fef4b000+352000]
Dec 9 13:30:32 comp1 journal: End of file while reading data: Input/output
error
Dec 9 13:30:32 comp1 systemd: libvirtd.service: main process exited,
code=killed, status=11/SEGV
Dec 9 13:30:32 comp1 systemd: Unit libvirtd.service entered failed state.
Dec 9 13:30:32 comp1 systemd: libvirtd.service failed.
Dec 9 13:30:32 comp1 systemd: libvirtd.service holdoff time over, scheduling
restart.
Dec 9 13:30:32 comp1 systemd: Starting Virtualization daemon...
Dec 9 13:30:32 comp1 systemd: Started Virtualization daemon.
Expected result
===============
VM can be started
instead of checking for None, config.py should check for an empty string
before
adding script path
Actual result
=============
VM doesn't start
Environment
===========
OSP10/Newton, libvirt 2.0.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1649527/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
