Bug 868483
| Summary: | multiple default portgroups erroneously allowed in network definitions | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Laine Stump <laine> |
| Component: | libvirt | Assignee: | Laine Stump <laine> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | acathrow, dyasny, dyuan, mzhan, rwu, whuang, ydu |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.2-6.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 07:10:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Laine Stump
2012-10-20 08:38:53 UTC
A fix has been sent upstream. Awaiting ACK. https://www.redhat.com/archives/libvir-list/2012-October/msg01079.html Fix committed upstream:
commit 6f8a8b30c9a0123d8c6f49c946084b94c580811b
Author: Laine Stump <laine>
Date: Sat Oct 20 04:39:18 2012 -0400
network: don't allow multiple default portgroups
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483
virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three
allow network definitions to contain multiple <portgroup> elements
with default='yes'. Only a single default portgroup should be allowed
for each network.
This patch updates networkValidate() (called by both
virNetworkCreate() and virNetworkDefine()) and
virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not
allow multiple default portgroups.
With libvirt-0.10.2-4.el6.x86_64 can reproduce this bug.
Steps:
1. Define an virtual Network with two default portgroups(engineering and sales)
#cat multiple-portgroups.xml
<network>
<name>multi-portgroups</name>
<forward mode='nat'/>
<bridge name='virbr2' stp='on' delay='0' />
<mac address='52:54:00:A5:69:F9'/>
<ip address='192.168.120.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.120.2' end='192.168.120.254' />
</dhcp>
</ip>
<portgroup name='engineering' default='yes'>
<virtualport type='802.1Qbh'>
<parameters profileid='test'/>
</virtualport>
<bandwidth>
<inbound average='1000' peak='5000' burst='5120'/>
<outbound average='1000' peak='5000' burst='5120'/>
</bandwidth>
</portgroup>
<portgroup name='sales' default='yes'>
<virtualport type='802.1Qbh'>
<parameters profileid='salestest'/>
</virtualport>
<bandwidth>
<inbound average='500' peak='2000' burst='2560'/>
<outbound average='128' peak='256' burst='256'/>
</bandwidth>
</portgroup>
</network>
# virsh net-define multiple-portgroups.xml
Network multi-portgroups defined from multiple-portgroups.xml
# virsh net-start multi-portgroups
Network multi-portgroups started
2. Define an virtual Network with two default portgroups(engineering and sales)
Still use the xml file in step 1, running:
# virsh net-create multiple-portgroup.xml
Network multi-portgroups created from multiple-portgroup.xml
3. Update the virtual Network
3.1 Define an virtual Network with 1 default portgroup and start it.
# virsh net-dumpxml multi-portgroups
<network>
<name>multi-portgroups</name>
<forward mode='nat'/>
<bridge name='virbr2' stp='on' delay='0' />
<mac address='52:54:00:A5:69:F9'/>
<ip address='192.168.120.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.120.2' end='192.168.120.254' />
</dhcp>
</ip>
<portgroup name='engineering' default='yes'>
<virtualport type='802.1Qbh'>
<parameters profileid='test'/>
</virtualport>
<bandwidth>
<inbound average='1000' peak='5000' burst='5120'/>
<outbound average='1000' peak='5000' burst='5120'/>
</bandwidth>
</portgroup>
</network>
3.2 Prepare a xml file with a new default portgroup
# cat new-portgroup.xml
<portgroup name='sales' default='yes'>
<virtualport type='802.1Qbh'>
<parameters profileid='salestest'/>
</virtualport>
<bandwidth>
<inbound average='500' peak='2000' burst='2560'/>
<outbound average='128' peak='256' burst='256'/>
</bandwidth>
</portgroup>
3.3 Update the network
# virsh net-update multi-portgroups add portgroup new-portgroup.xml
Updated network multi-portgroups live state
and check the network XML, can find the new add portgroup.
Test with libvirt-0.10.2-5.el6.x86_64, both define/create network contain multiple <portgroup> elements with default='yes' can still work. Only update an exist network to add another portgroup element with default='yes' will fail. Steps following comment4. 1. Define an virtual Network with two default portgroups(engineering and sales) Result: Succee 2. Create an virtual Network with two default portgroups(engineering and sales) Result: Succee 3. Update the virtual Network Result: Fail # virsh net-update multi-portgroups add portgroup portg.xml error: Failed to update network multi-portgroups error: Requested operation is not valid: a different portgroup entry in network 'multi-portgroups' is already set as the default. Only one default is allowed. The original fix was incomplete. An additional patch that completes the fix was pushed upstream:
commit d8aae15aa1ab173fd3c57f5806b6febae6b640af
Author: Laine Stump <laine>
Date: Thu Oct 25 11:13:52 2012 -0400
network: fix networkValidate check for default portgroup and vlan
This was found during testing of the fix for:
https://bugzilla.redhat.com/show_bug.cgi?id=868483
networkValidate was supposed to check for the existence of multiple
portgroups and report an error if this was encountered. It did, but
there were two problems:
1) even though it logged an error, it still returned success, allowing
the operation to continue.
2) It could exit the portgroup checking loop early (or possibly not
even do it once) if a vlan tag was supplied in the base network config
or one of the portgroups.
This patch fixes networkValidate to return failure in addition to
logging the error, and also changes it to not exit the portgroup
checking loop early. The logic was a bit off in the checking for vlan
anyway, and it's intertwined with fixing the early loop exit, so I
fixed that as well. Now it correctly checks for combinations where a
<virtualport> is specified in the base network def and <vlan> is given
in a portgroup, as well as the opposite (<vlan> in base network def
and <virtualport> in portgroup), and ignores the case of a disallowed
vlan when using *no* portgroup if there is a default portgroup (since
in that case there is no way to not use any portgroup).
Verify this bug with libvirt-0.10.2-6.el6.x86_64 Using the xml file in comment 4, define/create/update network all failed as expected. # virsh net-define multiple-portgroup.xml error: Failed to define network from multiple-portgroup.xml error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed # virsh net-create multiple-portgroup.xml error: Failed to create network from multiple-portgroup.xml error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed # virsh net-edit multi-portgroups error: unsupported configuration: network 'multi-portgroups' has multiple default <portgroup> elements (engineering and sales), but only one default is allowed Failed. Try again? [y,n,f,?]: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |