virsh save and virsh managedsave failed with cpu mode = host-passthrough

Status changed to 'Confirmed' because the bug affects multiple users.

In the libvirtd.log, all I see is

2013-12-24 17:05:23.406+0000: 1286: error : virSecurityDACRestoreSecurityFileLabel:307 : cannot resolve symlink /tmp/tmp1LJkjq/device_disk.img: No such file or directory

Sorry, I attached that comment to the wrong bug.

There is patch to workaround for this bug, that also fixes similar error after live migration of vm with cpu mode "host-passthrough".

The attachment "dont-fail-without-cpu-model.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

If I understand correctly, the new libvirt version I just pushed should
fix this bug. Please re-mark Confirmed if I am wrong and more patches
are needed.

 status: fixreleased

Serge, sorry if I've missed an obvious answer to this... but, where did you push the updated libvirt?

libvirt | 1.2.1-0ubuntu4 | trusty

I'm sorry, this was the wrong bug!

 status: triaged

Oh I see: https://launchpad.net/ubuntu/+source/libvirt/1.2.1-0ubuntu4

We really need a package compatible with Precise to fix this. We may be able to test the fix if we can cherry-pick the trusty version of libvirt without conflict, however we'll still require a backport to fix this in production. Will perhaps have to build our own package if a Precise backport is unavailable...

Unfortunately, in libvirt 1.2.1-0ubuntu4 this bug still exists. And I don't realize how the patch that enables host-passthrough for ARM/AArch64 (not amd64) can fix this bug for other architectures (i386, amd64, powerpc etc).

Quoting s10 (<email address hidden>):
> Unfortunately, in libvirt 1.2.1-0ubuntu4 this bug still exists. And I
> don't realize how the patch that enables host-passthrough for
> ARM/AArch64 (not amd64) can fix this bug for other architectures (i386,
> amd64, powerpc etc).

Yes, I commented that in the wrong bug, sorry.

I am now thoroughly confused... so, we should try Vlad's patch and ignore Serge's updated package?

Serge's package does not include Vlad's patch.
We need a package with Vlad's patch in it so it can be tested.

Has this patch been discussed upstream? I'm surprised it is not in 1.2.2.

This bug still present in libvirt 1.2.2. And patch has not been discussed upstream.

Quoting s10 (<email address hidden>):
> This bug still present in libvirt 1.2.2. And patch has not been
> discussed upstream.

Why has the patch not been discussed upstream? In general while we are
happy to take important patches which are not yet in a release, we
want them to be at least mentioned on the list, and preferably committed
to git. Three advantages there are that they have a Signed-off-by,
have a description, and have a chance for upstream to point out
potential problems. None of those have happened here. If we put this
into our package, were you expecting us to then push it upstream? We
again could not do so without a signed-off-by and a good description,
and since we didn't know that was your goal, it wouldn't have happened
and so we would be dropping the patch right now (before release).

Please discuss this patch upstream.

May I know if the patched has been discussed upstream and which version will include the patch?

for a workaround(from our colleague), we have included cpu model name in /usr/share/libvirt/cpu_map.xml base on the information we got from /proc/cpuinfo and virsh capabilities

regards,

Any update here? This is a massive blocker to nova-compute for us, it breaks all glance snapshots and even some reboots.

This is fixed upstream by commit dd69a14f. It will be included in the next merge into vivid, and I'll SRU it into Trusty hopefully next week.

Were you able to SRU it? We are in desperate need here

I'm not sure what comment #20 was about - the fix analogous to the attached patch is adff345e1ec9a6f528731ae40168a76b8e7620e0 (which is upstream).

@vachon,

the original bug report was about cloud archive versions. Which version are you looking for the fix to be in? I will push a test package for trusty so you can verify that the fix actually suffices, but I can't yet do the SRU as we're waiting for anohter version to clear from trusty-proposed.

I've uploaded a test package to ppa:serge-hallyn/virt. Could you please test whether that fixes the issue for you?

Status changed to 'Confirmed' because the bug affects multiple users.

This bug is a show stopper for us as well. Juno/Utopic and we can't take snapshots.

Appears there's a fix here: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=de0aeafe9ce3eb414c8b5d3aa8995d776a2952de

root@s# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.10
Release: 14.10
Codename: utopic
root@s# dpkg --list | grep libvirt
ii libvirt-bin 1.2.8-0ubuntu11.3~ppa2 amd64 programs for the libvirt library
ii libvirt0 1.2.8-0ubuntu11.3~ppa2 amd64 library for interfacing with different virtualization systems
ii nova-compute-libvirt 1:2014.2.1-0ubuntu1 all OpenStack Compute - compute node libvirt support
ii python-libvirt 1.2.8-0ubuntu2 amd64 libvirt Python bindings
root@s# apt-cache policy nova-compute-libvirt
nova-compute-libvirt:
  Installed: 1:2014.2.1-0ubuntu1
  Candidate: 1:2014.2.1-0ubuntu1
  Version table:
 *** 1:2014.2.1-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1:2014.2-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages
root@s# apt-cache policy libvirtd0
N: Unable to locate package libvirtd0
root@c8d8-c0n1-c:~# apt-cache policy libvirt0
libvirt0:
  Installed: 1.2.8-0ubuntu11.3~ppa2
  Candidate: 1.2.8-0ubuntu11.3~ppa2
  Version table:
 *** 1.2.8-0ubuntu11.3~ppa2 0
        500 http://ppa.launchpad.net/serge-hallyn/virt/ubuntu/ utopic/main amd64 Packages
        100 /var/lib/dpkg/status
     1.2.8-0ubuntu11.2 0
        500 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 Packages
     1.2.8-0ubuntu11.1 0
        500 http://security.ubuntu.com/ubuntu/ utopic-security/main amd64 Packages
     1.2.8-0ubuntu11 0
        500 http://us.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages

@tlink,

that patch looks nothing like the one posted in comment #4. That one is rather a subset of commit adff345e1ec9a6f528731ae40168a76b8e7620e0.

Could you please verify that you're talking about the same bug?

Could you check whether the package built for trusty in ppa:serge-hallyn-virt (mentioned in comment #24) fixes the issue?

@serge,

I after some review, I don't think it may be the same bug . I saw the failure for 'virsh managedsave' and presumed it was for the same.

Apologies.

@tlink,

Would you mind opening a new high priority bug for your issue?

@serge,

Yes, I am on Trusty and the Cloud Archive version (openstack juno for us). I'll deploy it to one server and see how it looks

I was able to take the PPA libvirt (1.2.2-0ubuntu13.1.10~ppa1) package for Trusty and upgrade libvirt (and associated packages). I restarted nova-compute (since I'm on Openstack).

After checking both apparmor_status before and after (ensuring it was enforcing and loaded), it appears it was fixed.

I tested by doing a nova snapshot (which calls the underlying libvirt call) and I did not see any apparmor issue. The instance came back as expected.

Hello sirswa, or anyone else affected,

Accepted libvirt into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

@sirswa,

could you please verify this fix works for you?

HI Serge

I will test it out at one of the spare node.

Can someone please verify this fix soon? Otherwise we will abort this so we can proceed with other SRUs.

I confirm that fix (libvirt 1.2.2-0ubuntu13.1.10) works. The bug is fixed in libvirt from trusty-proposed. Thank you!

This bug was fixed in the package libvirt - 1.2.2-0ubuntu13.1.10

---------------
libvirt (1.2.2-0ubuntu13.1.10) trusty-proposed; urgency=medium

  * 9035-qemu-snapshot-save-persistent-domain-config: upstream fix for a
    regression where persistent domain config was not saved after an external
    snapshot. (LP: #1403841)
  * 9036-dont-fail-without-cpu-model.patch: fix virsh safe with cpu mode =
    host-passthrough (LP: #1262641)
 -- Serge Hallyn <email address hidden> Tue, 10 Feb 2015 14:34:16 -0600

The verification of the Stable Release Update for libvirt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.