Bug 1024209

Summary: [RHEVM][vNIC profiles] Block unsupported profiles from vNICs
Product: Red Hat Enterprise Virtualization Manager Reporter: Mike Kolesnik <mkolesni>
Component: ovirt-engineAssignee: Moti Asayag <masayag>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Pavlik <mpavlik>
Severity: high Docs Contact:
Priority: high    
Version: 3.3.0CC: acathrow, gklein, iheim, lpeer, masayag, Rhev-m-bugs, yeylon
Target Milestone: ---   
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: network
Fixed In Version: is25 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1038284    
Attachments:
Description Flags
screenshot 1
none
screenshot 2
none
log_collector none

Description Mike Kolesnik 2013-10-29 06:57:58 UTC 
Description of problem:
Currently it's possible to attach a profile with unsupported features (except QoS) to a vNIC. This should be blocked depending on the cluster version for the VM which has the vNIC.


Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. Create a 3.0 DC + cluster
2. Edit the default profile (for the management network) and change to port mirroring + add some custom properties via REST
3. Create a VM in the 3.0 cluster
4. Add a vNIC that's attached to the default profile

Actual results:
The vNIC gets attached to the profile.


Expected results:
The vNIC should fail to create, as port mirroring and device custom properties are unsupported in cluster level 3.0


Additional info:
This behavior should also be checked on edit vNIC, and on places such as import VM or change VM cluster.

Please notice the feature port mirroring is supported since 3.1 and custom device properties is supported since 3.2.
Comment 1 Moti Asayag 2013-11-05 13:39:25 UTC 
The approach taken with this bug fix was to permit any configuration of vnic profile features: The vnic profile is defined on a network level, which is defined on the data-center level. The supported features of the vnic profile are determined on the cluster level. 

Therefore in a mixed data-center which contains clusters from various versions (either support or not all the features in the vnic profile), there is no option to prevent with the current entities model usage of the vnic profile by a vm. Instead of introducing a mass of protective code blocking various scenarios, an event log marked as a warning will be reported in case of a misuse of a vnic profile by a vm.

If a vnic profile contains a feature not supported by the cluster level in which the vm runs, the vnic will be attached to the vnic profile's network, without the feature enabled for it (i.e. without port mirroring/network QoS/custom properties) and the indication of it will be in the events log.
In order to prevent floods, the frequency of issuing the event per vnic is once a day (either by running a vm or by hot-plugging the nic).
Comment 2 Martin Pavlik 2013-11-14 14:00:56 UTC 
cannot see any warning on unsupported profile property in GUI nor in log, 
VM starts without problem, 
in fact port mirroring is not working (cannot see traffic of VM1 from VM2 using tcpdump)
port mirroring is displayed as enabled in the GUI -> confusing for users (see screenshot)

tested on Red Hat Enterprise Virtualization Manager Version: 3.3.0-0.33.beta1.el6ev
Comment 3 Martin Pavlik 2013-11-14 14:02:06 UTC 
Created attachment 823963 [details]
screenshot 1
Comment 4 Martin Pavlik 2013-11-14 14:02:45 UTC 
Created attachment 823964 [details]
screenshot 2
Comment 5 Martin Pavlik 2013-11-14 14:04:18 UTC 
Created attachment 823965 [details]
log_collector
Comment 6 Moti Asayag 2013-11-14 21:57:01 UTC 
(In reply to Martin Pavlik from comment #2)
> cannot see any warning on unsupported profile property in GUI nor in log, 
> VM starts without problem, 
> in fact port mirroring is not working (cannot see traffic of VM1 from VM2
> using tcpdump)
> port mirroring is displayed as enabled in the GUI -> confusing for users
> (see screenshot)
> 
> tested on Red Hat Enterprise Virtualization Manager Version:
> 3.3.0-0.33.beta1.el6ev

With the current fix the audit log will be issues only for clusters 3.1 and above.

Running VMs on cluster 3.0 is done differently and that code path should be covered by the next patch.

Please verify both clusters 3.0 and 3.1 or 3.2 once the patch is merged.
Comment 7 Martin Pavlik 2013-12-03 12:11:59 UTC 
Works in is25

VM aaaa has network interface nic1 which is using profile rhevm with unsupported 
feature(s) 'Port Mirroring, Network QoS' by VM cluster CL30_2 (version 3.0).

VM 30_pm has network interface nic1 which is using profile rhevm with unsupported feature(s) 'Network QoS, Port Mirroring' by VM cluster CL30 (version 3.1).

Cannot set value {type=interface;prop={speed=^([0-9]{1,5})$;duplex=^(full|half)$}} to key CustomDeviceProperties. Device custom properties are not supported in version 3.2
Comment 8 Itamar Heim 2014-01-21 22:22:11 UTC 
Closing - RHEV 3.3 Released
Comment 9 Itamar Heim 2014-01-21 22:27:17 UTC 
Closing - RHEV 3.3 Released