Re: [PATCH] virsh: add transient interfaces check for iface-unbridge

Laine Stump <laine@xxxxxxxxx> · Wed, 17 Dec 2014 12:02:40 -0500



    (BTW, I assume that you are running
      suse, and using netcf behind the iface-* commands. I didn't
      realize that the suse port of netcf was being officially used
      anywhere, as there hasn't been any suse-specific modification to
      upstream netcf since the suse port was originally added in 2011.
      If there are downstream patches, it would be great to have them
      upstream as well.)

      
      On 12/17/2014 05:34 AM, Lin Ma wrote:

    
      iface-unbridge(netcf interface backend) checks multiple interfaces
attaching based on static configuration.
If guests interfaces(says tun/tap devices) are attaching to the bridge,
iface-unbridge doesn't check them, It causes the bridge is removed
although it's in use by other guests.

Please refer to:
https://bugzilla.suse.com/show_bug.cgi?id=813117
    
    
    In my opinion, if we're going to do this, then we should also modify
    virsh net-destroy to not allow shutting down a network if there are
    guests still using it - it's essentially the same thing. This isn't
    a simple bug that has a definite simple fix, it requires agreement
    on philosophy. For a very long time virsh has allowed removing
    networks (net-destroy) even when a guest is connected (just as it
    permits "virsh destroy" of a guest that hasn't cleanly shutdown its
    OS); I don't know if this was originally an omission, if it was done
    because there was originally no simple way to check (the reporting
    of number of connections in the network status xml is a fairly
    recent addition), or if it was done on purpose in order to not
    prevent something that someone may legitimately want to do, but
    virsh iface-unbridge was written to have the same laissez faire
    attitude about guest connections.

    
    The existing check for multiple *configured* attached devices
    though, is there because I wanted iface-unbridge to be able to undo
    exactly what iface-bridge was doing - put a single ethernet
    interface behind a bridge. If there are multiple configured
    interfaces, that can't be done because there is no way to know which
    of those two interfaces should get the IP configuration from the
    bridge device (and if there are *0* configured interfaces, the IP
    config from the bridge would be lost).

    
    On 12/17/2014 10:48 AM, Lin Ma wrote:

    
          >>> Michal Privoznik <mprivozn@xxxxxxxxxx>
          2014-12-17 下午 20:34 >>>

        >On
        17.12.2014 11:34, Lin Ma wrote:

        >>
        iface-unbridge(netcf interface backend) checks multiple
        interfaces

        >> attaching
        based on static configuration.

        >> If guests
        interfaces(says tun/tap devices) are attaching to the bridge,

        >>
        iface-unbridge doesn't check them, It causes the bridge is
        removed

        >> although it's
        in use by other guests.

        >>

        >> Please refer
        to:

        >>
        https://bugzilla.suse.com/show_bug.cgi?id=813117

        >

        > The bug is not
        publicly viewable. We tend to not put the BZ URL in the 

        > commit message
        in that case.

        
        sorry about that, the URL will be removed, Thanks.

      
    Even better - if there is no sensitive information in the BZ,
    perhaps you could make it public (or maybe the BZ can be sanitized
    to mark only the sensitive parts as private).

    
        >>
          @@ -1103,6 +1103,21 @@ cmdInterfaceUnbridge(vshControl *ctl,
          const vshCmd *cmd)

        >>
          goto cleanup;

        >>
          }

        >>

        >>
          + /* verify whether there is any transient interface attached
          to bridge. */

        >>
          + if (!(br_xml_transient_if =
          virInterfaceGetXMLDesc(br_handle, 0)))

        >>
          + goto cleanup;

        >>
          + if (!(xml_doc_transient_if =
          virXMLParseStringCtxt(br_xml_transient_if,

        >>
          + _("(bridge interface definition)"),

        >>
          + &ctxt_transient_if))) {

        >>
          + vshError(ctl, _("Failed to parse configuration of %s"),
          br_name);

        >>
          + goto cleanup;

        >>
          + }

        >>
          +

        >>
          + if (virXPathNode("./bridge/interface[2]", ctxt_transient_if)
          != NULL) {

        >>
          + vshError(ctl, "%s", _("The bridge is in use by transient
          interfaces"));

        >>
          + goto cleanup;

        >>
          + }

        >>
          +

        >

        >
          This effectively copies the code just a few lines above (not
          to be seen 

        >
          in this context though). The only difference is, that
          your code gest 

        >
          LIVE bridge XML, while pre-exisitng code dumps INACTIVE
          XML. Can we turn 

        >
          already existing code into checking LIVE XML instead?
    
    
    No. That is there for a different reason, and is checking something
    different (see above).

    
      It feels more 

        >
          appropriate too. Live bridge can have only one
          interface plugged in (due 

        >
          to hot-unplugging) regardless of what INACTIVE XML
          says.

        
    The interfaces listed in the config are the ethernet/bond/vlan
    interfaces that are configured to be attached to the bridge when it
    is created. Any interfaces beyond that are most likely tap devices
    connecting guests (although that isn't necessarily the case).

    
      Actually, at the
          beginning of writing this patch, I tended to turn already
          existing code

          into checking LIVE XML instead, But if I do so, it can't deal
          with this extreme circumstance:

          says no any physical interface attached to the bridge, But one
          guest tap backend is 

          attaching to this bridge. The bridge will be removed in this
          case instead of reporting "No

          interface attached to bridge".

        
    Again, if there is no configured interface that is attached to the
    bridge, there is no place to put the bridge's IP config, so
    executing "iface-unbridge" would permanently lose that information,
    and must be avoided.

    
          Now I thought about it, no body configures the bridge and
          guest interface like that,

          that extreme circumstance is
          meaningless and useless scenario, So I agreed with your idea.
          

          any else suggestions?

        
    I think the reasons for those two checks are being misunderstood.
    When there is no configured interface attached to the bridge,
    removing the bridge will lose the IP config; where there are
    multiple configured interfaces attached to the bridge, the desired
    outcome is ambiguous. The live XML gives us different information.

    
    My opinion is that this bug report should be closed as NOTABUG (or
    virsh net-destroy should also be changed to be prohibited when
    guests are connected, but it's possible that could break existing
    scripts - I remember that before "virsh net-update" existed, when
    somebody wanted to change a running network, they would make the
    changes to the network, net-destroy and net-start it, then go
    through all the running domains, detaching and re-attaching all
    interfaces using that network. It's very likely there are still
    scripts like that hanging around)

  
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list