port allocator allocates the same SPICE port for multiple guests (race condition)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
High
|
Unassigned | ||
Ocata |
Fix Released
|
High
|
Unassigned | ||
Pike |
Fix Released
|
High
|
Unassigned | ||
libvirt (Ubuntu) |
Fix Released
|
High
|
Christian Ehrhardt | ||
Zesty |
Fix Released
|
High
|
Christian Ehrhardt | ||
Artful |
Fix Released
|
High
|
Christian Ehrhardt |
Bug Description
[Impact]
* VMs start to fail depending on a race around spice port allocation
* Solution is the Backport of an upstream fix that avoids a double
release on the ports
[Test Case]
* Prepare a set of VMs using spice and start them concurrently.
$ uvt-simplestrea
$ sed 's/vnc/spice/' /usr/share/
$ for idx in {1..20}; do uvt-kvm create --template spice-template.xml --password=ubuntu test-${idx} release=xenial arch=amd64 label=daily; done
$ for idx in {1..20}; do virsh shutdown test-${idx}; done
# wait until all are gone
$ for idx in {1..20}; do (virsh start test-${idx} &); done
$ for idx in {1..20}; do virsh domdisplay test-${idx} ; done | sort
* expectation - all work, ports are used one by one
* current status - failing to intialize:
error: internal error: process exited while connecting to monitor: ((null):31733): Spice-Warning **: reds.c:
[Regression Potential]
* It is race after all, so we might miss some corner cases in the
testing, but reviewing the patch and given the verifications so far it
should be safe. From the patch the change is like:
Old: Spice-Init -> Cleanup -> Release [...] QemuStop -> Release
If new alloc in this time it was released unintentionally
New: Spice-Init -> Fail [...] QemuStop -> Release
This eliminates the race, but still releases the port as intended.
* This change only affects users of spice ports.
[Other Info]
* n/a
---
Using the UCA ocata release of libvirt we sporatically recieve this error message in nova-compute.log:
2017-06-12 14:32:54.359 19007 ERROR nova.compute.
Please backport the fix for the following bug into UCA ocata/pike releases:
https:/
The patch is documented here:
https:/
We've tested backporting this same fix using the ocata UCA libvirt 2.5.0-3ubuntu5~
tags: | added: openstack |
Changed in libvirt (Ubuntu Zesty): | |
status: | Triaged → In Progress |
assignee: | nobody → ChristianEhrhardt (paelzer) |
tags: | removed: verification-done |
https:/ /libvirt. org/git/ ?p=libvirt. git;a=commit; h=c23b7b81db58c 61b0adc98095dca 7bfbad74fa79