[2.5] MAAS running alongside libvirt in a container causes libvirt vnet* interfaces to be added to MAAS

Bug #1788780 reported by Mike Pontillo on 2018-08-24
20
This bug affects 5 people
Affects Status Importance Assigned to Milestone
MAAS
High
Mike Pontillo
2.3
High
Blake Rouse
2.4
High
Blake Rouse

Bug Description

When running MAAS in a container alongside libvirt, every time a new virtual machine is created, virtual NICs are also brought online (named vnet*).

Since MAAS is in a container, all of its supposedly-physical interfaces are already virtual interfaces (which tend to look a lot like the ones libvirt creates), so it's difficult to tell the difference between "legit" interfaces and these vnet* interfaces, which are nothing more than useless clutter as far as MAAS is concerned.

Worse, when using KVM pod networking with a controller, it's possible that MAAS will recognize vnet* interfaces as connected to the same fabric and VLAN, and then try to use them to attach more virtual machines (bad idea).

Two things that should be fixed as a result of this:

 - MAAS should try to ignore vnet* interfaces that are present on controllers running inside containers. These interfaces have a MAC address that starts with "fe:", so that (combined with their name) should make them easy enough to create a heuristic to ignore.

 - When attaching to networks, MAAS should always prefer bridge interfaces, if present, over *any* physical interfaces, regardless of interface ID or nesting (since the vnet* interfaces may be attached to the bridge!).

Related branches

Changed in maas:
status: Triaged → Fix Committed
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers