Bug 1299696 - Set spice graphic port to '-1', the port allocated to the guest can't be used again after the guest is managedsaved or shutoff.
Set spice graphic port to '-1', the port allocated to the guest can't be used...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.2
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Pavel Hrdina
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-18 21:42 EST by Fangge Jin
Modified: 2016-11-03 14:36 EDT (History)
5 users (show)

See Also:
Fixed In Version: libvirt-1.3.2-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 14:36:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
libvirtd log (189.67 KB, application/x-gzip)
2016-01-18 21:42 EST, Fangge Jin
no flags Details

  None (edit)
Description Fangge Jin 2016-01-18 21:42:59 EST
Created attachment 1116020 [details]
libvirtd log

Description of problem:
Set spice graphic port to '-1', the port allocated to the guest can't be used again after the guest is managedsaved or shutoff.

Version-Release number of selected component (if applicable):
libvirt-1.2.17-13.el7_2.2.x86_64
qemu-kvm-rhev-2.3.0-31.el7_2.5.x86_64
spice-server-0.12.4-15.el7.x86_64
spice-gtk3-0.26-5.el7.x86_64
spice-glib-0.26-5.el7.x86_64
spice-vdagent-0.14.0-10.el7.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Virsh edit spice port='-1' for a guest as below and save:
 # virsh edit rhel7.2
    <graphics type='spice' port='-1' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

Libvirt will add autoport='no' in the xml automatically:
# virsh dumpxml rhel7.2
...
    <graphics type='spice' port='-1' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
...

2. Start the guest, port='5900' is allocated to the guest:
    <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>


3. 1) Do managedsave and restore:
# virsh managedsave rhel7.2

Domain rhel7.2 state saved by libvirt


# virsh start rhel7.2
error: Failed to start domain rhel7.2
error: internal error: Failed to reserve port 5900

2)Or simply destroy the guest:
# virsh destroy rhel7.2
Domain rhel7.2 destroyed


4. Check the port usage on the host, find that 5900 is not used.
# netstat -tunlp

5. Start another guest that uses specified port=5900, also start failed.
# virsh dumpxml rhel7.2-1
...
    <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>


# virsh start rhel7.2-1
error: Failed to start domain rhel7.2-1
error: internal error: Failed to reserve port 5900


Actual results:
As steps

Expected results:
When setting graphic type='spice', port='-1', libvirt should set autoport='yes' in xml automatically. And the port allocated to the guest can be used again after the guest is managedsaved or shutoff.

Additional info:
The following settings can't reproduce this issue:
1.Set graphic type='spice', autoport='yes', and don't set port
2.Set graphic type='spice', port='5900' and autoport='no'
3.Set graphic type='vnc',port=-1 manually, then autoport='yes' will be added in the xml automatically, and this issue won't happen
Comment 1 Fangge Jin 2016-01-21 20:34:55 EST
And after restart libvirtd service, everything will be fine, guest can restore and use the port again.
Comment 2 Pavel Hrdina 2016-02-22 08:52:01 EST
Upstream commit:

commit 85a687c6b2498cfb08b88bcf766ed3ce35ff3c9d
Author: Pavel Hrdina <phrdina@redhat.com>
Date:   Thu Feb 18 18:27:13 2016 +0100

    qemu_process: mark auto-generated spice ports as reserved
    
    In case you will specify graphics like this:
    
    <graphics type='spice' port='-1'/>
    
    or
    
    <graphics type='spice' port='-1' tlsPort='6000'/>
    
    libvirt will automatically add autoport='no'.  This leads to an issue
    that in qemuProcessStop() we don't release that port because we are
    releasing both port if autoport=yes or only port marked as reserved.
    
    If autoport=no but we request to generate port via '-1' we need to mark
    that port as reserved in order to release it.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1299696
    
    Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Comment 4 yafu 2016-03-06 23:28:46 EST
passed with libvirt-1.3.2-1.el7.x86_64.

steps:
scenario1:
1.Virsh edit spice port='-1' for a guest as below:
  #virsh edit rhel7.2
   <graphics type='spice' port='-1' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
   </graphics>

2.Check the xml of the guest,libvirt add autoport='no' in the xml automatically:
  #virsh dumpxml rhel7.2
   ...
   <graphics type='spice' port='-1' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
   ...

3.Do managed save and start:
  #virsh managedsave rhel7.2
  Domain rhel7.2 state saved by libvirt

  #virsh start rhel7.2
  Domain rhel7.2 started

scenario2:
1.Virsh edit spice port='-1' and tlsPort='-1' for a guest as below:
   #virsh edit rhel7.2
   <graphics type='spice' port='-1' tlsPort='-1' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
   </graphics>

2.Check the xml of the guest, libvirt will replace the port setting with autoport='yes' automatically:
   #virsh dumpxml rhel7.2
   ...
   <graphics type='spice' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
   ...

3.Do managed save and start:
  #virsh managedsave rhel7.2
  Domain rhel7.2 state saved by libvirt

  #virsh start rhel7.2
  Domain rhel7.2 started
Comment 5 yafu 2016-03-07 04:26:51 EST
According comment#4, there is a little issue. When set spice port='-1', libvirt will add autoport='no' automatically. I think maybe it is make more sense to add autoport='yes' automatically.
Comment 6 Pavel Hrdina 2016-06-01 09:19:50 EDT
Hi Yan,

The thing with spice is that there could be also tlsPort, so it works like this:

1. if autoport is set to 'yes' then both port and (if tls is enabled) tlsPort are generated automatically

2. if autoport is set to 'no' you have to provide ports, but it's possible to have for example port='5009' and tlsPort='-1' or vice-versa.

The configuration "port='-1' autoport='no'" will result in port to be auto-generated but tlsPort would be unused because it's not set.
Comment 7 yafu 2016-06-02 00:42:42 EDT
(In reply to Pavel Hrdina from comment #6)
> Hi Yan,
> 
> The thing with spice is that there could be also tlsPort, so it works like
> this:
> 
> 1. if autoport is set to 'yes' then both port and (if tls is enabled)
> tlsPort are generated automatically
> 
> 2. if autoport is set to 'no' you have to provide ports, but it's possible
> to have for example port='5009' and tlsPort='-1' or vice-versa.
> 
> The configuration "port='-1' autoport='no'" will result in port to be
> auto-generated but tlsPort would be unused because it's not set.

Thanks for your professional reply. It makes sense to add autoport='no' automatically when only set spice port='-1'.
Comment 8 yafu 2016-06-02 00:44:19 EDT
According to comment 4, move the bug to verified.
Comment 10 errata-xmlrpc 2016-11-03 14:36:16 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.