2033879 – maximum number of clients must be greater than the maximum number of clients waiting for authentication

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2033879 - maximum number of clients must be greater than the maximum number of clients waiting for authentication

Summary: maximum number of clients must be greater than the maximum number of clients ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Martin Kletzander
QA Contact:	Lili Zhu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2208117
TreeView+	depends on / blocked

Reported:	2021-12-18 12:16 UTC by Lili Zhu
Modified:	2023-05-18 03:14 UTC (History)
CC List:	8 users (show)
Fixed In Version:	libvirt-9.0.0-2.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2208117 (view as bug list)
Environment:
Last Closed:	2023-05-09 07:26:10 UTC
Type:	Bug
Target Upstream Version:	9.1.0
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	LIBVIRTAT-14175	None	None	None	2023-04-20 02:31:52 UTC
Red Hat Issue Tracker	RHELPLAN-106159	None	None	None	2021-12-18 12:19:11 UTC
Red Hat Product Errata	RHBA-2023:2171	None	None	None	2023-05-09 07:26:53 UTC

Description Lili Zhu 2021-12-18 12:16:42 UTC

Description of problem:
maximum number of clients must be greater than the maximum number of clients waiting for authentication

Version-Release number of selected component (if applicable):
libvirt-7.10.0-1.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. config the virtproxyd.conf as following:
max_clients = 5
max_anonymous_clients = 20

2. restart virtproxyd
# systemctl restart virtproxyd
# echo $?
0

3. check the clients info
# virt-admin server-clients-info virtproxyd
nclients_max        : 5
nclients            : 0
nclients_unauth_max : 20
nclients_unauth     : 0



Expected results:
Restarting virtproxyd in step 2 should failed.

Additional info:
1. After step3, set the max clients
# virt-admin server-clients-set virtproxyd --max-clients 10
error: Unable to change server's client-related configuration limits
error: invalid argument: The overall maximum number of clients must be greater than the maximum number of clients waiting for authentication

2.Other daemons like virtqemud have the same problem

Comment 1 Martin Kletzander 2023-01-02 11:44:49 UTC

The thing is that we can check the change when it is being done through the admin APIs, but when starting the daemon we would have to abort.  I'm not sure that is the right thing to do since someone might have misunderstood the configuration and with an could have issues after upgrade.  I'll try to propose this change, if that fails there are other things we can do, like limit the number from the configuration file, but we'll get to that discussion only if needed.

Comment 2 Martin Kletzander 2023-01-02 16:00:44 UTC

Fix proposed here:

https://www.mail-archive.com/libvir-list@redhat.com/msg234439.html

Comment 3 Martin Kletzander 2023-01-02 19:41:09 UTC

Fixed upstream with v8.10.0-142-g0f2396751fcc, v8.10.0-143-gfd61d2df6692, v8.10.0-144-g1d625c5d2579, v8.10.0-145-gf007940cb25a, v8.10.0-146-g35afa1d2d6c1:
commit 0f2396751fccdc9f742230763880f70dbd977f3b
Author: Michal Prívozník <mprivozn>
Date:   Wed Dec 21 11:08:02 2022 +0100

    qemumonitortestutils: Fix line counting in qemuMonitorTestProcessFileEntries()
    
commit fd61d2df66924c11a2d9b602af9f39244b01fd5d
Author: Martin Kletzander <mkletzan>
Date:   Mon Jan 2 15:03:25 2023 +0100

    Fix test case to actually test something
    
commit 1d625c5d2579d0ba4d0b5fae95b27bc36343efb8
Author: Martin Kletzander <mkletzan>
Date:   Mon Jan 2 16:26:31 2023 +0100

    tests: Check error message in virnetdaemontest
    
commit f007940cb25aaeccf3b18959b55b77389c2ed743
Author: Martin Kletzander <mkletzan>
Date:   Mon Jan 2 16:21:24 2023 +0100

    rpc: Fix error message in virNetServerSetClientLimits
    
commit 35afa1d2d6c10ce993c60caea1efe1c589fa1d5d
Author: Martin Kletzander <mkletzan>
Date:   Mon Jan 2 16:23:08 2023 +0100

    rpc: Check client limits in more places

Comment 4 Martin Kletzander 2023-01-02 19:44:23 UTC

(In reply to Martin Kletzander from comment #3)
> Fixed upstream with v8.10.0-142-g0f2396751fcc, v8.10.0-143-gfd61d2df6692,
> v8.10.0-144-g1d625c5d2579, v8.10.0-145-gf007940cb25a,
> v8.10.0-146-g35afa1d2d6c1:
> commit 0f2396751fccdc9f742230763880f70dbd977f3b
> Author: Michal Prívozník <mprivozn>
> Date:   Wed Dec 21 11:08:02 2022 +0100
> 
>     qemumonitortestutils: Fix line counting in
> qemuMonitorTestProcessFileEntries()
>     

Sorry, script error, just v8.10.0-146-g35afa1d2d6c1 is the right one

Comment 6 Martin Kletzander 2023-01-24 13:19:16 UTC

Ah, too many rewrites, sorry, one more fix proposed:

https://www.mail-archive.com/libvir-list@redhat.com/msg235225.html

And fixed upstream with v9.0.0-94-g1e2605c934b8:

commit 1e2605c934b80c3e9c30e929834d38fee86f184e
Author: Martin Kletzander <mkletzan>
Date:   Tue Jan 24 13:45:09 2023 +0100

    rpc: Fix error message in virNetServerSetClientLimits

Comment 8 Lili Zhu 2023-01-27 07:33:08 UTC

Tested with
libvirt-9.0.0-2.el9.x86_64

Retested step 6 in Comment #5
# virt-admin -c virtqemud:///system server-clients-set virtqemud --max-clients 10
error: Unable to change server's client-related configuration limits
error: invalid argument: The overall maximum number of clients must not be less than the number of clients waiting for authentication

Comment 12 Lili Zhu 2023-02-06 06:05:37 UTC

According to Comment #5 and Comment #8, marking this bug as verified.

Comment 14 errata-xmlrpc 2023-05-09 07:26:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libvirt bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2171

Note You need to log in before you can comment on or make changes to this bug.