From: Max Reitz <mreitz@redhat.com>
To: Ciprian Barbu <Ciprian.Barbu@enea.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Eric Blake <eblake@redhat.com>,
Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Cc: Jeff Cody <jcody@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
svc-armband <armband@enea.com>, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [Qemu-devel] nbd: Possible regression in 2.9 RCs
Date: Fri, 31 Mar 2017 19:43:02 +0200 [thread overview]
Message-ID: <9b05e60a-f8c2-ea4f-6be4-f17c0adec510@redhat.com> (raw)
In-Reply-To: <C885D0FF6A27744DB0B822E32DF6EF029B1CA14A@SESTOEX04.enea.se>
[-- Attachment #1: Type: text/plain, Size: 4290 bytes --]
On 31.03.2017 18:03, Ciprian Barbu wrote:
> Hello,
>
> Similar to the other thread about possible regression with rbd, there might be a regression with nbd.
> This time we are launching an instance from an image (not volume) and try to live migrate it:
>
> nova live-migration <test_instance>
>
> The nova-compute service complains with:
>
> 2017-03-31 15:32:56.179 7806 INFO nova.virt.libvirt.driver [req-15d79cbe-5956-4738-92df-3624e6b993ee d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Migration running for 0 secs, memory 100% remaining; (bytes processed=0, remaining=0, total=0)
> 2017-03-31 15:32:58.029 7806 WARNING stevedore.named [req-73bc0113-5555-4dd8-8903-d3540cc61b47 b9fbceeadd2d4d1bab9c90ae104db1f7 7e7db99b32c6467184701e9a0c2f1de7 - - -] Could not load instance_network_info
> 2017-03-31 15:32:59.038 7806 ERROR nova.virt.libvirt.driver [req-15d79cbe-5956-4738-92df-3624e6b993ee d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Live Migration failure: internal error: unable to execute QEMU command 'nbd-server-add': Conflicts with use by drive-virtio-disk0 as 'root', which does not allow 'write' on #block143
> 2017-03-31 15:32:59.190 7806 ERROR nova.virt.libvirt.driver [req-15d79cbe-5956-4738-92df-3624e6b993ee d795de59fb9a4ea38776a11d20ae8469 cee03e74881f4ccba3b83345fb652b2c - - -] [instance: 6a04508f-5d79-4582-8e2c-4cc368753f6c] Migration operation has aborted
>
> I will try and bisect it myself, but I thought I would paste this here first, just so you know there is this issue too.
Well, I already know the commit in question. It's
8a7ce4f9338c475df1afc12502af704e4300a3e0 ("nbd/server: Use real
permissions for NBD exports").
Whether this is a bug depends on the standpoint. I would very much
consider it a bug fix because as of this commit you can no longer create
a writable NBD server on a block device that is in use by a guest device
without the guest device being aware of this.
The problem is that the functionality to "make" the guest device "aware"
of it was introduced only a couple of commits before, and it's called
"share-rw".
So this doesn't work:
$ x86_64-softmmu/qemu-system-x86_64 \
-blockdev node-name=image,driver=qcow2,\
file.driver=file,file.filename=foo.qcow2 \
-device virtio-blk,drive=image \
-qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 8, "major": 2},
"package": " (v2.8.0-2038-g6604c893d0)"}, "capabilities": []}}
{'execute':'qmp_capabilities'}
{"return": {}}
{'execute':'nbd-server-start','arguments':{'addr':{'type':'inet','data':{'host':'localhost','port':'10809'}}}}
{"return": {}}
{'execute':'nbd-server-add','arguments':{'device':'image','writable':true}}
{"error": {"class": "GenericError", "desc": "Conflicts with use by
/machine/peripheral-anon/device[0]/virtio-backend as 'root', which does
not allow 'write' on image"}
But this works:
$ x86_64-softmmu/qemu-system-x86_64 \
-blockdev node-name=image,driver=qcow2,\
file.driver=file,file.filename=foo.qcow2 \
-device virtio-blk,drive=image,share-rw=on \
-qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 8, "major": 2},
"package": " (v2.8.0-2038-g6604c893d0)"}, "capabilities": []}}
{'execute':'qmp_capabilities'}
{"return": {}}
{'execute':'nbd-server-start','arguments':{'addr':{'type':'inet','data':{'host':'localhost','port':'10809'}}}}
{"return": {}}
{'execute':'nbd-server-add','arguments':{'device':'image','writable':true}}
{"return": {}}
(The difference is the share-rw=on in the -device parameter.)
So in theory all that's necessary is to set share-rw=on for the device
in the management layer. But I'm not sure whether that's practical.
As for just allowing the NBD server write access to the device... To me
that appears pretty difficult from an implementation perspective. We
assert that nobody can write without having requested write access and
we make sure that nobody can request write access without it being
allowed. Making an exception for NBD seems very difficult and would
probably mean we'd have to drop the assertion for write accesses altogether.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
next prev parent reply other threads:[~2017-03-31 17:43 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-31 16:03 [Qemu-devel] nbd: Possible regression in 2.9 RCs Ciprian Barbu
2017-03-31 17:32 ` Ciprian Barbu
2017-03-31 17:36 ` Ciprian Barbu
2017-03-31 17:43 ` Max Reitz [this message]
2017-03-31 17:49 ` Ciprian Barbu
2017-03-31 17:57 ` Max Reitz
2017-03-31 19:07 ` Alexandru Avadanii
2017-04-03 18:52 ` Kashyap Chamarthy
2017-04-04 8:07 ` ciprian.barbu
2017-04-03 8:15 ` Kevin Wolf
2017-04-03 12:39 ` Max Reitz
2017-04-03 13:00 ` Kevin Wolf
2017-04-03 13:50 ` Peter Krempa
2017-04-04 12:16 ` Kevin Wolf
2017-04-04 13:51 ` Eric Blake
2017-04-04 14:04 ` Paolo Bonzini
2017-04-04 14:53 ` Kevin Wolf
2017-04-04 15:09 ` Paolo Bonzini
2017-04-05 11:01 ` Kevin Wolf
2017-04-05 21:13 ` Paolo Bonzini
2017-04-06 8:48 ` Kevin Wolf
2017-04-06 9:03 ` Kevin Wolf
2017-04-03 19:48 ` Eric Blake
2017-04-03 19:44 ` Eric Blake
2017-04-04 8:17 ` ciprian.barbu
2017-04-04 11:00 ` Paolo Bonzini
2017-04-04 11:14 ` Daniel P. Berrange
2017-04-03 12:51 ` Peter Krempa
2017-04-04 13:19 ` Kevin Wolf
2017-04-04 13:27 ` Peter Krempa
2017-04-04 13:54 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9b05e60a-f8c2-ea4f-6be4-f17c0adec510@redhat.com \
--to=mreitz@redhat.com \
--cc=Alexandru.Avadanii@enea.com \
--cc=Ciprian.Barbu@enea.com \
--cc=armband@enea.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=jcody@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).