Bug 868483
Summary: | multiple default portgroups erroneously allowed in network definitions | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Laine Stump <laine> |
Component: | libvirt | Assignee: | Laine Stump <laine> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | acathrow, dyasny, dyuan, mzhan, rwu, whuang, ydu |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-0.10.2-6.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 07:10:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Laine Stump
2012-10-20 08:38:53 UTC
A fix has been sent upstream. Awaiting ACK. https://www.redhat.com/archives/libvir-list/2012-October/msg01079.html Fix committed upstream: commit 6f8a8b30c9a0123d8c6f49c946084b94c580811b Author: Laine Stump <laine> Date: Sat Oct 20 04:39:18 2012 -0400 network: don't allow multiple default portgroups This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483 virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three allow network definitions to contain multiple <portgroup> elements with default='yes'. Only a single default portgroup should be allowed for each network. This patch updates networkValidate() (called by both virNetworkCreate() and virNetworkDefine()) and virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not allow multiple default portgroups. With libvirt-0.10.2-4.el6.x86_64 can reproduce this bug. Steps: 1. Define an virtual Network with two default portgroups(engineering and sales) #cat multiple-portgroups.xml <network> <name>multi-portgroups</name> <forward mode='nat'/> <bridge name='virbr2' stp='on' delay='0' /> <mac address='52:54:00:A5:69:F9'/> <ip address='192.168.120.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.120.2' end='192.168.120.254' /> </dhcp> </ip> <portgroup name='engineering' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='test'/> </virtualport> <bandwidth> <inbound average='1000' peak='5000' burst='5120'/> <outbound average='1000' peak='5000' burst='5120'/> </bandwidth> </portgroup> <portgroup name='sales' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='salestest'/> </virtualport> <bandwidth> <inbound average='500' peak='2000' burst='2560'/> <outbound average='128' peak='256' burst='256'/> </bandwidth> </portgroup> </network> # virsh net-define multiple-portgroups.xml Network multi-portgroups defined from multiple-portgroups.xml # virsh net-start multi-portgroups Network multi-portgroups started 2. Define an virtual Network with two default portgroups(engineering and sales) Still use the xml file in step 1, running: # virsh net-create multiple-portgroup.xml Network multi-portgroups created from multiple-portgroup.xml 3. Update the virtual Network 3.1 Define an virtual Network with 1 default portgroup and start it. # virsh net-dumpxml multi-portgroups <network> <name>multi-portgroups</name> <forward mode='nat'/> <bridge name='virbr2' stp='on' delay='0' /> <mac address='52:54:00:A5:69:F9'/> <ip address='192.168.120.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.120.2' end='192.168.120.254' /> </dhcp> </ip> <portgroup name='engineering' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='test'/> </virtualport> <bandwidth> <inbound average='1000' peak='5000' burst='5120'/> <outbound average='1000' peak='5000' burst='5120'/> </bandwidth> </portgroup> </network> 3.2 Prepare a xml file with a new default portgroup # cat new-portgroup.xml <portgroup name='sales' default='yes'> <virtualport type='802.1Qbh'> <parameters profileid='salestest'/> </virtualport> <bandwidth> <inbound average='500' peak='2000' burst='2560'/> <outbound average='128' peak='256' burst='256'/> </bandwidth> </portgroup> 3.3 Update the network # virsh net-update multi-portgroups add portgroup new-portgroup.xml Updated network multi-portgroups live state and check the network XML, can find the new add portgroup. Test with libvirt-0.10.2-5.el6.x86_64, both define/create network contain multiple <portgroup> elements with default='yes' can still work. Only update an exist network to add another portgroup element with default='yes' will fail. Steps following comment4. 1. Define an virtual Network with two default portgroups(engineering and sales) Result: Succee 2. Create an virtual Network with two default portgroups(engineering and sales) Result: Succee 3. Update the virtual Network Result: Fail # virsh net-update multi-portgroups add portgroup portg.xml error: Failed to update network multi-portgroups error: Requested operation is not valid: a different portgroup entry in network 'multi-portgroups' is already set as the default. Only one default is allowed. The original fix was incomplete. An additional patch that completes the fix was pushed upstream: commit d8aae15aa1ab173fd3c57f5806b6febae6b640af Author: Laine Stump <laine> Date: Thu Oct 25 11:13:52 2012 -0400 network: fix networkValidate check for default portgroup and vlan This was found during testing of the fix for: https://bugzilla.redhat.com/show_bug.cgi?id=868483 networkValidate was supposed to check for the existence of multiple portgroups and report an error if this was encountered. It did, but there were two problems: 1) even though it logged an error, it still returned success, allowing the operation to continue. 2) It could exit the portgroup checking loop early (or possibly not even do it once) if a vlan tag was supplied in the base network config or one of the portgroups. This patch fixes networkValidate to return failure in addition to logging the error, and also changes it to not exit the portgroup checking loop early. The logic was a bit off in the checking for vlan anyway, and it's intertwined with fixing the early loop exit, so I fixed that as well. Now it correctly checks for combinations where a <virtualport> is specified in the base network def and <vlan> is given in a portgroup, as well as the opposite (<vlan> in base network def and <virtualport> in portgroup), and ignores the case of a disallowed vlan when using *no* portgroup if there is a default portgroup (since in that case there is no way to not use any portgroup). Verify this bug with libvirt-0.10.2-6.el6.x86_64 Using the xml file in comment 4, define/create/update network all failed as expected. # virsh net-define multiple-portgroup.xml error: Failed to define network from multiple-portgroup.xml error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed # virsh net-create multiple-portgroup.xml error: Failed to create network from multiple-portgroup.xml error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed # virsh net-edit multi-portgroups error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed Failed. Try again? [y,n,f,?]: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |