OpenStack Compute (nova)

Nova does not validate graphics console addresses

Bug #1639312 reported by Pawel Koniszewski on 2016-11-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Undecided	Pawel Koniszewski

Bug Description

Due to all changes in nova live migration code path there is condition that is always evaluated to False:

https://github.com/openstack/nova/blob/5a81b00e6b2adba2a380b90e402ff391d64ea6a5/nova/virt/libvirt/driver.py#L5888

Even when using the lowest RPC microversion (4.0) migrata_data will always be populated with graphics console addresses. This data will not be there only when doing live migration, e.g., from Kilo to Newton, which is not supported anyway. Even though both options, graphics_listen_addr_vnc and graphics_listen_addr_spice are nullable:

https://github.com/openstack/nova/blob/4eb89c206e68a7172ebad897ad24769036c7bdd6/nova/objects/migrate_data.py#L125

there is no way to pass None through nova.conf, instead it is always passed as string (e.g. "None"). Therefore values of both options will be validated whether they are valid IP addresses. Also by default vncserver_listen and server_listen are not set to None, but to 127.0.0.1

https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/vnc.py#L58
https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/spice.py#L65

Because of all this stuff nova never reaches code that should validate graphics console addresses and we might allow live migration that breaks graphics console on instance.

Tags:

Pawel Koniszewski (pawel-koniszewski) on 2016-11-04

tags:

added: live-migration

Matt Riedemann (mriedem) on 2016-11-04

Changed in nova:
status:	New → Confirmed

Pawel Koniszewski (pawel-koniszewski) on 2016-11-10

Changed in nova:
assignee:	nobody → Pawel Koniszewski (pawel-koniszewski)

OpenStack Infra (hudson-openstack) on 2016-11-10

Changed in nova:
status:	Confirmed → In Progress

Revision history for this message

Pawel Koniszewski (pawel-koniszewski) wrote on 2016-11-10:

Patch is up for review - https://review.openstack.org/#/c/373264

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-21: Fix merged to nova (master)

Reviewed: https://review.openstack.org/373264
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f84ae10c66aeda223581b26c134b5c44c15d9e6e
Submitter: Jenkins
Branch: master

commit f84ae10c66aeda223581b26c134b5c44c15d9e6e
Author: Pawel Koniszewski <email address hidden>
Date: Wed Nov 16 11:05:10 2016 +0100

Refactor console checks in live migration process

_check_graphics_addresses_can_live_migrate was added to check
whether we can live migrate a VM with VNC/SPICE enabled when:

    * libvirt did not allow to change and migrate guest XML with
      updated graphics listen addresses. Right now we always can update
      VNC/SPICE listen address.
    * Destination node was running old-code that does not set the fields.
      Currently when live migrating between two versions of OpenStack
      (N and N-1) the fields are always set.

Therefore this check is redundant and can be removed.

    Going deeper in this code - graphics_listen_addr_vnc and
    graphics_listen_addr_spice in libvirt migrate data object are of
    type IPAddressField. It means that both need to contain valid IP address.
    By default in nova.conf it is 127.0.0.1. It can't be set to None because
    IP address is taken from nova.conf and even if set to None it will be
    passed as a string 'None' and will fail IPAddressField validation.

graphics_listen_addrs in migration.py currently always returns a dict
which contains IP addresses of both VNC and spice graphics consoles.

    This means that:
    * check 'if listen_addrs' is always True
    * check 'if not listen_addrs' is always False

So we really never passed through 'if not listen_addrs' since
migrate_data is objectified as those addresses are always there.

    However, serial_listen_addr is handled different way. The type of
    this field in libvirt migrate data object is StringField that might
    be set to None or empty string through nova.conf. So we still need
    to validate whether serial console can be migrated so that we will
    be sure that particular live migration will not break serial console
    in case when serial listen address is not configured at destination.

Change-Id: I73f7bfafa4554bf1c2dfc980289be88154170282
Closes-Bug: #1639312

Reviewed:  https://review.openstack.org/373264
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f84ae10c66aeda223581b26c134b5c44c15d9e6e
Submitter: Jenkins
Branch:    master

commit f84ae10c66aeda223581b26c134b5c44c15d9e6e
Author: Pawel Koniszewski <pawel.koniszewski@intel.com>
Date:   Wed Nov 16 11:05:10 2016 +0100

Refactor console checks in live migration process
    
    _check_graphics_addresses_can_live_migrate was added to check
    whether we can live migrate a VM with VNC/SPICE enabled when:
    
    * libvirt did not allow to change and migrate guest XML with
      updated graphics listen addresses. Right now we always can update
      VNC/SPICE listen address.
    * Destination node was running old-code that does not set the fields.
      Currently when live migrating between two versions of OpenStack
      (N and N-1) the fields are always set.
    
    Therefore this check is redundant and can be removed.
    
    Going deeper in this code - graphics_listen_addr_vnc and
    graphics_listen_addr_spice in libvirt migrate data object are of
    type IPAddressField. It means that both need to contain valid IP address.
    By default in nova.conf it is 127.0.0.1. It can't be set to None because
    IP address is taken from nova.conf and even if set to None it will be
    passed as a string 'None' and will fail IPAddressField validation.
    
    graphics_listen_addrs in migration.py currently always returns a dict
    which contains IP addresses of both VNC and spice graphics consoles.
    
    This means that:
    * check 'if listen_addrs' is always True
    * check 'if not listen_addrs' is always False
    
    So we really never passed through 'if not listen_addrs' since
    migrate_data is objectified as those addresses are always there.
    
    However, serial_listen_addr is handled different way. The type of
    this field in libvirt migrate data object is StringField that might
    be set to None or empty string through nova.conf. So we still need
    to validate whether serial console can be migrated so that we will
    be sure that particular live migration will not break serial console
    in case when serial listen address is not configured at destination.
    
    Change-Id: I73f7bfafa4554bf1c2dfc980289be88154170282
    Closes-Bug: #1639312

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-15: Fix included in openstack/nova 15.0.0.0b2

This issue was fixed in the openstack/nova 15.0.0.0b2 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.