libvirt: swtpm_ioctl is required for vTPM support
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
In Progress
|
Undecided
|
Takashi Kajinami | ||
Bug Description
Description
===========
Libvirt uses swtpm_ioctl to shutdown the swtpm process at VM termination, because QEMU does not send shutdown command.
However the binary is not included in the required binaries (swtpm and swtpm_setup, at the time of writing) checked by libvirt driver. So users can use vTPM support without binaries, which leaves swtpm processes kept running.
Steps to reproduce
==================
* Deploy nova-compute with vTPM support
* Move swtpm_ioctl from PATH
* Restart nova-compute
Expected result
===============
nova-compute fails to start because swtpm_ioctl is missing
Actual result
=============
nova-compute starts without error and reports TPM traits.
Environment
===========
This issue was initially found in master, but would be present in stable branches.
Logs & Configs
==============
N/A
| Changed in nova: | |
| assignee: | nobody → Takashi Kajinami (kajinamit) |
| description: | updated |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to nova (master) | #1 |
| Changed in nova: | |
| status: | New → In Progress |
| description: | updated |
| Takashi Kajinami (kajinamit) wrote | #2 |
| Takashi Kajinami (kajinamit) wrote | #3 |
Fix proposed to branch: master
Review: https:/