upstart job fails to start under lxc

Bug #1078530 reported by Robert Collins on 2012-11-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qemu-kvm (Ubuntu)
Medium
Serge Hallyn
Precise
Medium
Serge Hallyn
Quantal
Medium
Unassigned

Bug Description

The KSM_ENABLED setting (on by default) for the qemu-kvm job fails under lxc but the kernel files still appear writable. Thats likely an lxc bug (either in defaults or device mapping), but there is no need for qemu-kvm's job to fail if those settings can't be written to IMNSHO.

================================
SRU Justification:
1. Impact: qemu-kvm cannot be installed in containers
2. Development fix: ignore errors writing under /sys in upstart job
3. Stable fix: same as development fix
4. Test case:
 sudo lxc-create -t ubuntu -n c1 -- -r [precise|quantal]
 sudo lxc-start -n c1
 # log into c1 as ubuntu/ubuntu, and 'sudo apt-get install qemu-kvm'
5. Regression potential: legitimate errors writing under /sys (kernel bugs)
   will be ignored.
================================

Robert Collins (lifeless) wrote :

http://paste.ubuntu.com/1356944/ has a debdiff of the (trivial) fix, adjusted to not version conflict with my nbd patch.

Serge Hallyn (serge-hallyn) wrote :

Thanks for submitting this bug.

Changed in qemu-kvm (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in qemu-kvm (Ubuntu):
assignee: nobody → Serge Hallyn (serge-hallyn)
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu-kvm - 1.2.0+noroms-0ubuntu4

---------------
qemu-kvm (1.2.0+noroms-0ubuntu4) raring; urgency=low

  [ Serge Hallyn ]
  * debian/qemu-kvm.postinst: use udevadm trigger to change /dev/kvm perms as
    recommended by Steve Langasek (LP: #1057024)
  * apply debian/patches/nbd-fixes-to-read-only-handling.patch from upstream to
    make read-write mount after read-only mount work. (LP: #1077838)

  [ Robert Collins ]
  * Fix upstart job to succeed if ksm settings can't be altered in the same way
    other settings are handled. (LP: #1078530)
 -- Serge Hallyn <email address hidden> Wed, 14 Nov 2012 11:30:14 -0600

Changed in qemu-kvm (Ubuntu):
status: In Progress → Fix Released
Serge Hallyn (serge-hallyn) wrote :

Regarding this being a bug in lxc as well, the failure to write under /sys is deliberately enforced by the apparmor policy. It can be worked around by using another apparmor profile (or none, as commented in the configuration file), but is not recommended - containers should not change kernel settings.

description: updated
Changed in qemu-kvm (Ubuntu Precise):
status: New → Triaged
Changed in qemu-kvm (Ubuntu Quantal):
status: New → Triaged
Changed in qemu-kvm (Ubuntu Precise):
importance: Undecided → Medium
Changed in qemu-kvm (Ubuntu Quantal):
importance: Undecided → Medium
Changed in qemu-kvm (Ubuntu Precise):
status: Triaged → In Progress
Changed in qemu-kvm (Ubuntu Quantal):
status: Triaged → In Progress

Hello Robert, or anyone else affected,

Accepted qemu-kvm into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in qemu-kvm (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Adam Conrad (adconrad) wrote :

Hello Robert, or anyone else affected,

Accepted qemu-kvm into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in qemu-kvm (Ubuntu Quantal):
status: In Progress → Fix Committed
Adam Conrad (adconrad) wrote :

Hello Robert, or anyone else affected,

Accepted qemu-kvm into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Serge Hallyn (serge-hallyn) wrote :

This bug is not fully solved by this version, because the init job still tries to load and unload kvm modules.

The qemu-kvm job should detect that it is running in a container and gracefully exit.

Serge Hallyn (serge-hallyn) wrote :

Verified in quantal, where the upstart job also does ||true when modprobe and rmmod fail.

However, not running in a container at all would be safer.

Well, its hard to run the openstack test suite in a container
*without* qemu-kvm, because python-libvirt depends on libvirt depends
on qemu-kvm.

Serge Hallyn (serge-hallyn) wrote :

@lifeless,

the upstart job is only responsible for setting up the kvm kernel module and related kernel settings. With my new proposed change, the upstart job would detect it's in a container and consider itself done.

In reality, for quantal the modprobes and rmmods were already doing '|| true'. So the only thing my new upload changes is that rather than try to do all these things and be denied, it won't try. (Or, rather than try to do them and succeed due to a bad policy, and potentially break the host.)

The host will have to set up kvm; but it would have to anyway, since containers are never allowed to modprobe by default. And quantal and later always modprobe kvm on the host.

Finally, libvirt and python-libvirt do not depend on qemu-kvm. But again, qemu-kvm will install just fine and even be usable in the container. It just can't be set up there.

Robert Collins (lifeless) wrote :

On Fri, Dec 21, 2012 at 9:20 AM, Serge Hallyn
<email address hidden> wrote:
> @lifeless,
>
> the upstart job is only responsible for setting up the kvm kernel module
> and related kernel settings. With my new proposed change, the upstart
> job would detect it's in a container and consider itself done.

Cool, thanks.

-Rob

Hello Robert, or anyone else affected,

Accepted qemu-kvm into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-done
removed: verification-needed
tags: added: verification-needed
removed: verification-done
Serge Hallyn (serge-hallyn) wrote :

Verified in precise - I installed qemu-kvm in a precise container on a precise host (which had qemu-kvm installed, so the kernel module was loaded). Package installation succeeded, as does 'sudo stop qemu-kvm; sudo start qemu-kvm'

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu-kvm - 1.2.0+noroms-0ubuntu2.12.10.1

---------------
qemu-kvm (1.2.0+noroms-0ubuntu2.12.10.1) quantal-proposed; urgency=low

  [ Serge Hallyn ]
  * debian/qemu-kvm.postinst: use udevadm trigger to change /dev/kvm perms as
    recommended by Steve Langasek (LP: #1057024)
  * apply debian/patches/nbd-fixes-to-read-only-handling.patch from upstream to
    make read-write mount after read-only mount work. (LP: #1077838)
  * make qemu-kvm depend on udev (LP: #1080912)

  [ Robert Collins ]
  * Fix upstart job to succeed if ksm settings can't be altered in the same way
    other settings are handled. (LP: #1078530)
 -- Serge Hallyn <email address hidden> Mon, 19 Nov 2012 09:15:42 -0600

Changed in qemu-kvm (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu-kvm - 1.0+noroms-0ubuntu14.6

---------------
qemu-kvm (1.0+noroms-0ubuntu14.6) precise-proposed; urgency=low

  * Fix qemu-kvm.upstart: just don't run in a container. Otherwise we'll
    still try to load/unload kernel modules. Also undo the || true after
    sysfs writes. Since setting those is a part of configuring qemu-kvm
    on the host, failing when they fail makes sense.

qemu-kvm (1.0+noroms-0ubuntu14.5) precise-proposed; urgency=low

  * add udev to qemu-kvm Depends to ensure that postinst succeeds.
    (LP: #1080912)

qemu-kvm (1.0+noroms-0ubuntu14.4) precise-proposed; urgency=low

  [ Serge Hallyn ]
  * debian/qemu-kvm.postinst: use udevadm trigger to change /dev/kvm perms as
    recommended by Steve Langasek (LP: #1057024)
  * apply debian/patches/nbd-fixes-to-read-only-handling.patch from upstream to
    make read-write mount after read-only mount work. (LP: #1077838)

  [ Robert Collins ]
  * Fix upstart job to succeed if ksm settings can't be altered in the same way
    other settings are handled. (LP: #1078530)
 -- Serge Hallyn <email address hidden> Thu, 20 Dec 2012 12:34:52 -0600

Changed in qemu-kvm (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in qemu-kvm (Ubuntu Precise):
status: Fix Released → Triaged
assignee: nobody → Serge Hallyn (serge-hallyn)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers