qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] nbd: Possible regression in 2.9 RCs

From: Ciprian Barbu
Subject: Re: [Qemu-devel] nbd: Possible regression in 2.9 RCs
Date: Fri, 31 Mar 2017 17:49:52 +0000 
Hi,

Thank you for getting back!

I'm trying to follow you, but I don't understand all the details. I would like 
to ask this question though:

What is the difference between v2.8.0 and this commit? With v2.8.0 the same 
qemu command worked, but I admit it doesn't request sharing.

We also use libvirt v1.3.4, which might be a problem, but at least we want to 
understand if the commit in question introduced an obvious problem or if it's 
all in the details.

Btw, the qemu command generated by libvirt is this one, sorry about that:

2017-03-31 17:40:10.956+0000: starting up libvirt version: 1.3.4, package: 
0+amos3~u16.04 (Enea Armband Devops Team <address@hidden> Fri, 13 Jan 2017 
02:06:05 +0100), qemu version: 2.8.50(Debian 1:2.9+amos2~u16.04), hostname: 
node-2.domain.tld
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
QEMU_AUDIO_DRV=none /usr/bin/kvm -name instance-00000076,debug-threads=on -S 
-object 
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-14-instance-00000076/master-key.aes
 -machine virt-2.8,accel=kvm,usb=off,gic-version=3 -cpu host -m 256 -realtime 
mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 
2812f3c9-f564-499b-a8c7-e9e7ccf24143 -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-14-instance-00000076/monitor.sock,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-no-shutdown -boot strict=on -kernel 
/var/lib/nova/instances/2812f3c9-f564-499b-a8c7-e9e7ccf24143/kernel -initrd 
/var/lib/nova/instances/2812f3c9-f564-499b-a8c7-e9e7ccf24143/ramdisk -append 
'root=/dev/vda1 rw rootwait console=tty0 console=ttyS0 console=ttyAMA0' -device 
i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1 -device 
pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x0 -usb -drive 
file=/var/lib/nova/instances/2812f3c9-f564-499b-a8c7-e9e7ccf24143/disk,format=qcow2,if=none,id=drive-virtio-disk0,cache=none,aio=native
 -device 
virtio-blk-device,scsi=off,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 
-drive 
file=/var/lib/nova/instances/2812f3c9-f564-499b-a8c7-e9e7ccf24143/disk.config,format=raw,if=none,id=drive-virtio-disk1,cache=none,aio=native
 -device virtio-blk-device,scsi=off,drive=drive-virtio-disk1,id=virtio-disk1 
-netdev tap,fd=27,id=hostnet0 -device 
virtio-net-device,netdev=hostnet0,id=net0,mac=fa:16:3e:82:0a:2b -serial 
file:/var/lib/nova/instances/2812f3c9-f564-499b-a8c7-e9e7ccf24143/console.log 
-serial pty -vnc 0.0.0.0:0 -k en-us -device 
VGA,id=video0,vgamem_mb=16,bus=pci.2,addr=0x1 -device 
virtio-balloon-device,id=balloon0 -msg timestamp=on
Domain id=14 is tainted: high-privileges

Regards,
/Ciprian

-----Original Message-----
From: Max Reitz [mailto:address@hidden 
Sent: Friday, March 31, 2017 8:43 PM
To: Ciprian Barbu <address@hidden>; address@hidden; Eric Blake 
<address@hidden>; Alexandru Avadanii <address@hidden>
Cc: Jeff Cody <address@hidden>; Markus Armbruster <address@hidden>; svc-armband 
<address@hidden>; Kevin Wolf <address@hidden>
Subject: Re: [Qemu-devel] nbd: Possible regression in 2.9 RCs

On 31.03.2017 18:03, Ciprian Barbu wrote:
> Hello,
> 
> Similar to the other thread about possible regression with rbd, there might 
> be a regression with nbd.
> This time we are launching an instance from an image (not volume) and try to 
> live migrate it:
> 
> nova live-migration <test_instance>
> 
> The nova-compute service complains with:
> 
> 2017-03-31 15:32:56.179 7806 INFO nova.virt.libvirt.driver 
> [req-15d79cbe-5956-4738-92df-3624e6b993ee 
> d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - 
> -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Migration running 
> for 0 secs, memory 100% remaining; (bytes processed=0, remaining=0, 
> total=0)
> 2017-03-31 15:32:58.029 7806 WARNING stevedore.named 
> [req-73bc0113-5555-4dd8-8903-d3540cc61b47 
> b9fbceeadd2d4d1bab9c90ae104db1f7 7e7db99b32c6467184701e9a0c2f1de7 - - 
> -] Could not load instance_network_info
> 2017-03-31 15:32:59.038 7806 ERROR nova.virt.libvirt.driver 
> [req-15d79cbe-5956-4738-92df-3624e6b993ee 
> d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - 
> -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Live Migration 
> failure: internal error: unable to execute QEMU command 
> 'nbd-server-add': Conflicts with use by drive-virtio-disk0 as 'root', 
> which does not allow 'write' on #block143
> 2017-03-31 15:32:59.190 7806 ERROR nova.virt.libvirt.driver 
> [req-15d79cbe-5956-4738-92df-3624e6b993ee 
> d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - 
> -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Migration 
> operation has aborted
> 
> I will try and bisect it myself, but I thought I would paste this here first, 
> just so you know there is this issue too.

Well, I already know the commit in question. It's
8a7ce4f9338c475df1afc12502af704e4300a3e0 ("nbd/server: Use real permissions for 
NBD exports").

Whether this is a bug depends on the standpoint. I would very much consider it 
a bug fix because as of this commit you can no longer create a writable NBD 
server on a block device that is in use by a guest device without the guest 
device being aware of this.

The problem is that the functionality to "make" the guest device "aware"
of it was introduced only a couple of commits before, and it's called 
"share-rw".

So this doesn't work:

$ x86_64-softmmu/qemu-system-x86_64 \
    -blockdev node-name=image,driver=qcow2,\
file.driver=file,file.filename=foo.qcow2 \
    -device virtio-blk,drive=image \
    -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 8, "major": 2},
"package": " (v2.8.0-2038-g6604c893d0)"}, "capabilities": []}} 
{'execute':'qmp_capabilities'}
{"return": {}}
{'execute':'nbd-server-start','arguments':{'addr':{'type':'inet','data':{'host':'localhost','port':'10809'}}}}
{"return": {}}
{'execute':'nbd-server-add','arguments':{'device':'image','writable':true}}
{"error": {"class": "GenericError", "desc": "Conflicts with use by 
/machine/peripheral-anon/device[0]/virtio-backend as 'root', which does not 
allow 'write' on image"}

But this works:

$ x86_64-softmmu/qemu-system-x86_64 \
    -blockdev node-name=image,driver=qcow2,\
file.driver=file,file.filename=foo.qcow2 \
    -device virtio-blk,drive=image,share-rw=on \
    -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 8, "major": 2},
"package": " (v2.8.0-2038-g6604c893d0)"}, "capabilities": []}} 
{'execute':'qmp_capabilities'}
{"return": {}}
{'execute':'nbd-server-start','arguments':{'addr':{'type':'inet','data':{'host':'localhost','port':'10809'}}}}
{"return": {}}
{'execute':'nbd-server-add','arguments':{'device':'image','writable':true}}
{"return": {}}

(The difference is the share-rw=on in the -device parameter.)


So in theory all that's necessary is to set share-rw=on for the device in the 
management layer. But I'm not sure whether that's practical.

As for just allowing the NBD server write access to the device... To me that 
appears pretty difficult from an implementation perspective. We assert that 
nobody can write without having requested write access and we make sure that 
nobody can request write access without it being allowed. Making an exception 
for NBD seems very difficult and would probably mean we'd have to drop the 
assertion for write accesses altogether.

Max
reply via email to
[Prev in Thread] Current Thread [Next in Thread]