[ https://issues.apache.org/jira/browse/CLOUDSTACK-9142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15109653#comment-15109653 ]
ASF GitHub Bot commented on CLOUDSTACK-9142: -------------------------------------------- Github user DaanHoogland commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1348#discussion_r50334011 --- Diff: plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateCommandWrapper.java --- @@ -190,4 +196,28 @@ Use VIR_DOMAIN_XML_SECURE (value = 1) prior to v1.0.0. return new MigrateAnswer(command, result == null, result, null); } -} \ No newline at end of file + + /** + * This function assumes an qemu machine desription containing a single graphics element like --- End diff -- @bhaisaab not in a cloudstack generated desc file. But you are right inprinciple it could exist. > Migrate VM changes xmlDesc in an unsafe way > ------------------------------------------- > > Key: CLOUDSTACK-9142 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9142 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: KVM, Management Server > Affects Versions: 4.6.0, 4.7.0 > Reporter: David Amorim Faria > Assignee: Daan Hoogland > Priority: Critical > > This issue appears with commit > https://github.com/apache/cloudstack/commit/a709f34ff93579981afbd4df0f4334b61ada29a8 > where xmlDesc has some content replaced: {code} > xmlDesc = > dm.getXMLDesc(xmlFlag).replace(libvirtComputingResource.getPrivateIp(), > command.getDestinationIp()); > {code} > This line from LibvirtComputingResource.java was refactored into > LibvirtMigrateCommandWrapper.java in commit > https://github.com/apache/cloudstack/commit/28e55462f15bdd8699e97b668c4ffc01735a533d > Example, node1 is 10.0.0.1, node2 is 10.0.0.2, rbd mon_host is 10.0.0.13. > VM is running on kvm node1 and this happened when migrating a VM from node1 > to node2, where the kvm nodes and the RBD mon nodes (mon_host) use IP > addresses in the same range, and the mon_host has an ip address that > partially matches the ip address (string) of the first kvm node. > In the process list one can see that the mon_host changes from 10.0.0.13 to > 10.0.0.23 in the destination host, blocking the migration after a timeout due > to primary storage not being available. > {code} > root 25206 1.8 0.0 440184 17188 ? Sl 13:33 0:00 > /usr/libexec/qemu-kvm -name r-74-VM -S -machine > pc-i440fx-rhel7.0.0,accel=kvm,usb=off -cpu > host,+rdtscp,+pdpe1gb,+dca,+pcid,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pclmuldq,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme > -m 256 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid > 1a32b655-0acf-424b-8722-9e7f507a3070 -smbios type=1,manufacturer=Apache > Software Foundation,product=CloudStack KVM > Hypervisor,uuid=1a32b655-0acf-424b-8722-9e7f507a3070 -no-user-config > -nodefaults -chardev > socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-r-74-VM/monitor.sock,server,nowait > -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown > -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device > virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive > file=rbd:rbd/15ea00f9-e52e-43cf-9e5e-62188e9da5d2:id=cloudstack:key=XXXXXXXX==:auth_supported=cephx\;none:mon_host=10.0.0.23\:6789,if=none,id=drive-virtio-disk0,format=raw,serial=15ea00f9e52e43cf9e5e,cache=none > -device > virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 > -drive > file=/usr/share/cloudstack-common/vms/systemvm.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw,cache=none > -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0,bootindex=1 > -netdev tap,fd=32,id=hostnet0,vhost=on,vhostfd=33 -device > virtio-net-pci,netdev=hostnet0,id=net0,mac=11:11:11:11:11:11,bus=pci.0,addr=0x3,rombar=0,romfile= > -netdev tap,fd=34,id=hostnet1,vhost=on,vhostfd=35 -device > virtio-net-pci,netdev=hostnet1,id=net1,mac=22:22:22:22:22:22,bus=pci.0,addr=0x4,rombar=0,romfile= > -netdev tap,fd=36,id=hostnet2,vhost=on,vhostfd=37 -device > virtio-net-pci,netdev=hostnet2,id=net2,mac=33:33:33:33:33:33,bus=pci.0,addr=0x5,rombar=0,romfile= > -chardev pty,id=charserial0 -device > isa-serial,chardev=charserial0,id=serial0 -chardev > socket,id=charchannel0,path=/var/lib/libvirt/qemu/r-74-VM.agent,server,nowait > -device > virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=r-74-VM.vport > -device usb-tablet,id=input0 -vnc 10.0.0.2:4,password -vga cirrus -incoming > tcp:[::]:49152 -msg timestamp=on > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)