Bug 1609454
Summary: | nwfilter-binding-create succeed on interface which does not exist | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | yalzhang <yalzhang> |
Component: | libvirt | Assignee: | John Ferlan <jferlan> |
Status: | CLOSED ERRATA | QA Contact: | yalzhang <yalzhang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.6 | CC: | chhu, dyuan, dzheng, fjin, jdenemar, lmen, tburke, xuzhang |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-4.5.0-12.el7 | Doc Type: | No Doc Update |
Doc Text: |
undefined
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:13:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
yalzhang@redhat.com
2018-07-28 02:41:43 UTC
The "cheese moved" on this after commit id 3379193f1: Author: Pavel Hrdina <phrdina> Date: Thu Jun 28 09:53:48 2018 +0200 nwfilter: Remove redundant check if object exists The same check is done by virNWFilterBindingObjListAdd(). The main issue with the current code is that if the object already exists we would leak 'def' because 'obj' would be set and the cleanup code frees 'def' only if 'obj' is NULL. Reviewed-by: Daniel P. Berrangé <berrange> Signed-off-by: Pavel Hrdina <phrdina> However, the symptoms are the same: # virsh start f18 error: Failed to start domain f18 error: operation failed: binding 'vnet0' already exists # Of course, I'm not sure this usage is "intended" vis-a-vis the original implementation commit message from: https://www.redhat.com/archives/libvir-list/2018-May/msg01165.html e.g.: commit 2d9318b6ce9629ac150e92b895eede4e2dbf19ac Author: Daniel P. Berrangé <berrange> Date: Fri May 11 16:59:51 2018 +0100 nwfilter: wire up new APIs for creating and deleting nwfilter bindings This allows the virsh commands nwfilter-binding-create and nwfilter-binding-delete to be used. Note using these commands lets you delete filters that were previously created automatically by the virt drivers, or add filters for VM nics that were not there before. Generally it is expected these new APIs will only be used by virt drivers. It is the admin's responsibility to not shoot themselves in the foot. ... I can agree it's not well described, but I think the code is working as designed. If you started a domain without a filter, then you could add a filter while the domain was running. It's virtually impossible to distinguish the purpose of the filter to be created. At best perhaps some documentation adjustments to describe things better might be able to help. The "details" of the purpose of the virsh commands and API were left in the commit message rather than the API and virsh.pod file. Although not the exact resolution hoped, I posted a patch upstream that will describe the nwfilter-binding-{create|delete} and virNWFilterBinding{CreateXML|Delete} a bit better to help 'avoid future confusion'. I think perhaps better than just closing this as not a bug. https://www.redhat.com/archives/libvir-list/2018-August/msg01408.html Although not the exact resolution hoped, I posted a patch upstream that will describe the nwfilter-binding-{create|delete} and virNWFilterBinding{CreateXML|Delete} a bit better to help 'avoid future confusion'. I think perhaps better than just closing this as not a bug. https://www.redhat.com/archives/libvir-list/2018-August/msg01408.html Pushed upstream: commit b4833917f12a0ffa4b5957ef77edea737cb8ad58 (HEAD -> master, origin/master, origin/HEAD, bz1609454) Author: John Ferlan <jferlan> Date: Wed Aug 22 18:01:41 2018 -0400 nwfilter: Add extra verbiage for binding create/delete ... Add some cautionary words related to the create and delete NWFilter Binding use cases and possible issues that may result to the virsh nwfilter-binding-{create|delete} descriptions and the virNWFilterBinding{CreateXML|Delete) API descriptions. Essentially summarizing commit 2d9318b6c without using the shoot yourself in the foot wording. Signed-off-by: John Ferlan <jferlan> Reviewed-by: Daniel P. Berrangé <berrange> $ git describe b4833917f12a0ffa4b5957ef77edea737cb8ad58 v4.6.0-303-gb4833917f1 $ Check on libvirt-4.5.0-12.el7.x86_64, the descriptiont is clear enough, move this bug to be verified. # man virsh ... nwfilter-binding-create xmlfile Associate a network port with a network filter. The network filter backend will immediately attempt to instantiate the filter rules on the port. This command may be used to associate a filter with a currently running guest that does not have a filter defined for a specific network port. Since the bindings are generally automatically managed by the hypervisor, using this command to define a filter for a network port and then starting the guest afterwards may prevent the guest from starting if it attempts to use the network port and finds a filter already defined. nwfilter-binding-delete port-name Disassociate a network port from a network filter. The network filter backend will immediately tear down the filter rules that exist on the port. This command may be used to remove the network port binding for a filter currently in use for the guest while the guest is running without needing to restart the guest. Restoring the network port binding filter for the running guest would be accomplished by using nwfilter-binding-create. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2294 |