libvirt-bin: during shutdown libvirt-bin is stopped before libvirt-guests causing hang
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Invalid
|
Undecided
|
Unassigned | ||
Mitaka |
Fix Released
|
High
|
Matthew Ruffell | ||
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Wishlist
|
Christian Ehrhardt |
Bug Description
[Impact]
* libvirt-bin, in: libvirt-
and the parent package in xenial, libvirt-
affected.
* When you shutdown a system in trusty which is running some kvm virtual
machines, the libvirt-bin service is stopped before libvirt-guests.
libvirt-guests tries to connect to the libvirt socket to send shutdown
commands to the running vms, which cannot happen since libvirtd is not
running.
* On some machines, the qemu processes behind the virtual machines are
not killed and are left behind as defunct processes, which can cause
the system to hang on them not being terminated.
* The bug is caused by the libvirt-bin upstart script [1] calling a
non-existant script, /usr/lib/
script used to exist in the upstart script itself in version
1.2.
liberty UCA, version 1.2.16-
was separated out into /usr/lib/
In the mitaka release, the libvirt-stop-guests script was removed and
rewritten as /etc/init.
never updated to point to it.
[1] http://
[2] http://
[3] http://
[4] http://
[5] http://
* Since the upstart script was never updated to point to it, libvirt-bin
stops without stopping libvirt-guests first. When libvirt-guests is
stopped later, it cannot access the libvirt socket, cannot shut down
the machines, causing the bug.
* The fix is to change the upstart script to point to the new libvirt-
guests script.
[Test Case]
* You can reproduce this in trusty with the mitaka UCA enabled.
1) Enable mitaka UCA and install libvirt0 and libvirt-bin
$ sudo add-apt-repository cloud-archive:
$ sudo apt update
$ sudo apt install libvirt0 libvirt-bin
2) Install a virtual machine, either by using virt-install or
virt-manager.
I used a bionic VM.
3) Enable debugging on libvirt-guests so you can see what is going on
Modify /etc/init.
4) With the vm running, shut down the system
$ sudo shutdown -h now
5) Check /var/log/
"No such file or directory: /usr/lib/
6) During that shutdown, you will see messages like:
error: failed to connect to the hypervisor
error: no valid connection
error: Failed to connect socket to '/var/run/
No such file or directory
What should happen:
If you follow the same steps with the fixed package, when you look at
/var/log/
connecting to and shutting down the virtual machines which looks a little
like this: https:/
[Regression Potential]
* There is only one file modified, the upstart script for libvirt-bin.
Currently this upstart file references a file which doesn't exist, so
fixing it will restore the behavior in a way which aligns with exactly
what took place in previous versions.
* In xenial, all of this isn't used at all - see below at "Other Info"
* This change only effects systems during shutdown while they still
have virtual machines running, and do not effect starting and stopping
services while the machine is running normally.
* I believe the regression potential is low.
[Other Info]
* Xenial is not effected by this bug even though it ships the exact same
packages. This is because xenial uses insserv to generate service
dependency files ".depend.boot" ".depend.start" ".depend.stop" which
parse the scripts in /etc/init.d/ and systemd respects the dependency
ordering in these files.
libvirt-guests reports a dependency on libvirt-bin in the script
header, so systemd will always stop libvirt-guests before libvirt-bin,
avoiding the problem seen in trusty.
* The fix is needed in trusty mitaka UCA and xenial will likely need the
SRU as part of the process.
* We'd never have uploaded that change alone for xenial (being a no-op
causing MBs to download and an upgrade. But we will bundle it with an
actual change - so it can "ride along" to eventually help
Trusty-Mitaka. Unfortunately there is no "current" Xenial SRU for
libvirt, hence we want to get it into xenial-proposed (which is enough
for the UCA tooling) but we do not want to release it to xenial-updates
until another another SRU comes by which we will generate with a -v
covering both then.
* That way also if e.g. a security fix comes by it will be based on what
is in proposed.
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Matthew Ruffell (mruffell) |
Changed in libvirt (Ubuntu Xenial): | |
assignee: | nobody → Matthew Ruffell (mruffell) |
Changed in cloud-archive: | |
assignee: | nobody → Matthew Ruffell (mruffell) |
description: | updated |
Changed in libvirt (Ubuntu): | |
importance: | Undecided → Medium |
Changed in libvirt (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in libvirt (Ubuntu): | |
status: | New → In Progress |
Changed in libvirt (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in cloud-archive: | |
status: | New → In Progress |
description: | updated |
description: | updated |
Changed in libvirt (Ubuntu Xenial): | |
status: | Invalid → Fix Released |
description: | updated |
Changed in libvirt (Ubuntu Xenial): | |
status: | Fix Released → Triaged |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Changed in cloud-archive: | |
assignee: | Matthew Ruffell (mruffell) → nobody |
status: | In Progress → Invalid |
Changed in libvirt (Ubuntu Xenial): | |
status: | Fix Committed → Fix Released |
Changed in libvirt (Ubuntu Xenial): | |
status: | Fix Released → Fix Committed |
tags: |
added: block-proposed-bionic removed: block-proposed |
Changed in cloud-archive: | |
status: | Invalid → Fix Released |
Changed in libvirt (Ubuntu): | |
status: | Invalid → Fix Released |
Please do -NOT- make a Xenial SRU for that.
As we discussed on IRC and you pointed out in the report yourself - it is not affected due to systemd doing it right.
This should only be an Upstart related change that goes on top of the Cloud-Archive- Mitaka Delta.