cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Tutkowski <mike.tutkow...@solidfire.com>
Subject Re: [4.6] Error migrating VM from KVM host
Date Mon, 31 Aug 2015 18:38:10 GMT
This is probably more esthetically pleasing to most people (and simpler
looking):

                CVE-2015-3252: Get XML with sensitive information suitable
for migration by using

                               VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)


https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags


                               Use VIR_DOMAIN_XML_SECURE (value = 1) prior
to v1.0.0.

             */

            int xmlFlag = conn.getLibVirVersion() >= 1000000 ? 8 : 1;


            xmlDesc =
dm.getXMLDesc(xmlFlag).replace(libvirtComputingResource.getPrivateIp(),
command.getDestinationIp());

On Mon, Aug 31, 2015 at 12:34 PM, Mike Tutkowski <
mike.tutkowski@solidfire.com> wrote:

> Sounds good
>
> Does this look reasonable (I haven't tested it yet):
>
>                 CVE-2015-3252: Get XML with sensitive information suitable
> for migration by using
>
>                                VIR_DOMAIN_XML_MIGRATABLE flag (value = 8)
>
>
> https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainXMLFlags
>
>
>                                Use VIR_DOMAIN_XML_SECURE (value = 1) prior
> to v1.0.0.
>
>              */
>
>             if (conn.getLibVirVersion() >= 1000000) { // 1000000 equals
> v1.0.0
>
>                 xmlDesc =
> dm.getXMLDesc(8).replace(libvirtComputingResource.getPrivateIp(),
> command.getDestinationIp());
>
>             }
>
>             else {
>
>                 xmlDesc =
> dm.getXMLDesc(1).replace(libvirtComputingResource.getPrivateIp(),
> command.getDestinationIp());
>
>             }
>
> On Mon, Aug 31, 2015 at 12:06 PM, Marcus <shadowsor@gmail.com> wrote:
>
>> Might as well put the check in, to ensure we don't try to use flags that
>> aren't available.
>>
>> On Mon, Aug 31, 2015 at 10:21 AM, Mike Tutkowski <
>> mike.tutkowski@solidfire.com> wrote:
>>
>> > Thanks, everyone
>> >
>> > Marcus - Do you think I should put in a version check or is that
>> version of
>> > Libvirt too old to bother supporting?
>> >
>> > On Monday, August 31, 2015, Marcus <shadowsor@gmail.com> wrote:
>> >
>> > > Looks like the VIR_DOMAIN_XML_MIGRATABLE flag was introduced in v1.0.0
>> > > (version 1000000 in how the Libvirt API reports), and
>> > VIR_DOMAIN_XML_SECURE
>> > > was all the way back in v0.8.0 (version 8000).
>> > >
>> > > On Mon, Aug 31, 2015 at 8:04 AM, Marcus <shadowsor@gmail.com
>> > > <javascript:_e(%7B%7D,'cvml','shadowsor@gmail.com');>> wrote:
>> > >
>> > >> There are a bunch of things like this in the code already, and
>> they're
>> > >> wrapped in version checks. See
>> > >>
>> > >> _hypervisorLibvirtVersion in LibvirtComputingResource. We just need
>> to
>> > >> figure out which versions need to be left out.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> On Mon, Aug 31, 2015 at 1:56 AM, Rohit Yadav <
>> rohit.yadav@shapeblue.com
>> > >> <javascript:_e(%7B%7D,'cvml','rohit.yadav@shapeblue.com');>>
wrote:
>> > >>
>> > >>> Hi Mike,
>> > >>>
>> > >>> I think it is related to this, the libvirt version is really old
>> that
>> > >>> lacks the flags:
>> > >>>
>> > >>>
>> >
>> https://github.com/apache/cloudstack/commit/5d29b63cfa98a15d7734798c5b29a43658d7f112
>> > >>>
>> > >>> If VM migration flag (8) is not available, can you check
>> > >>> if VIR_DOMAIN_XML_SECURE (flag=1) works for you, if so we can change
>> > the
>> > >>> above fix to use 0x1 (or 1) to support KVM/12.04 though I’m not
sure
>> > if for
>> > >>> vm migration the xml dump method should be provided 0x1 and not
0x8
>> > >>> (VIR_DOMAIN_XML_MIGRATABLE).
>> > >>>
>> > >>> On 31-Aug-2015, at 11:29 am, Mike Tutkowski
>> <mike.tutkowski@solidfire
>> > >>>
>> > >>> .com> wrote:
>> > >>>
>> > >>> Hi,
>> > >>>
>> > >>> I'm having a problem migrating a VM from one 12.04 KVM host to
>> another
>> > >>> 12.04 KVM host in the same cluster in CS 4.6.
>> > >>>
>> > >>> Anyone know why I might be receiving this error message?
>> > >>>
>> > >>> invalid argument: virDomainDefFormat: unsupported flags (0x8)
>> > >>>
>> > >>> The root disk is stored on cluster-scoped NFS primary storage.
>> > >>>
>> > >>> Thanks!
>> > >>>
>> > >>> --
>> > >>> *Mike Tutkowski*
>> > >>> *Senior CloudStack Developer, SolidFire Inc.*
>> > >>> e: mike.tutkowski@solidfire.com
>> > >>> <javascript:_e(%7B%7D,'cvml','mike.tutkowski@solidfire.com');>
>> > >>> o: 303.746.7302
>> > >>> Advancing the way the world uses the cloud
>> > >>> <http://solidfire.com/solution/overview/?video=play>*™*
>> > >>>
>> > >>>
>> > >>> Regards,
>> > >>> Rohit Yadav
>> > >>> Software Architect, ShapeBlue
>> > >>>
>> > >>>
>> > >>>
>> > >>>
>> > >>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>> > >>> <javascript:_e(%7B%7D,'cvml','rohit.yadav@shapeblue.com');>
>> > >>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>> > >>>
>> > >>>
>> > >>>
>> > >>>
>> > >>> Find out more about ShapeBlue and our range of CloudStack related
>> > >>> services
>> > >>>
>> > >>> IaaS Cloud Design & Build
>> > >>> <http://shapeblue.com/iaas-cloud-design-and-build//>
>> > >>> CSForge – rapid IaaS deployment framework
>> > >>> <http://shapeblue.com/csforge/>
>> > >>> CloudStack Consulting <http://shapeblue.com/cloudstack-consultancy/
>> >
>> > >>> CloudStack Software Engineering
>> > >>> <http://shapeblue.com/cloudstack-software-engineering/>
>> > >>> CloudStack Infrastructure Support
>> > >>> <http://shapeblue.com/cloudstack-infrastructure-support/>
>> > >>> CloudStack Bootcamp Training Courses
>> > >>> <http://shapeblue.com/cloudstack-training/>
>> > >>>
>> > >>> This email and any attachments to it may be confidential and are
>> > >>> intended solely for the use of the individual to whom it is
>> addressed.
>> > Any
>> > >>> views or opinions expressed are solely those of the author and
do
>> not
>> > >>> necessarily represent those of Shape Blue Ltd or related companies.
>> If
>> > you
>> > >>> are not the intended recipient of this email, you must neither
take
>> any
>> > >>> action based upon its contents, nor copy or show it to anyone.
>> Please
>> > >>> contact the sender if you believe you have received this email
in
>> > error.
>> > >>> Shape Blue Ltd is a company incorporated in England & Wales.
>> ShapeBlue
>> > >>> Services India LLP is a company incorporated in India and is
>> operated
>> > under
>> > >>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
is a
>> > >>> company incorporated in Brasil and is operated under license from
>> Shape
>> > >>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>> Republic
>> > of
>> > >>> South Africa and is traded under license from Shape Blue Ltd.
>> > ShapeBlue is
>> > >>> a registered trademark.
>> > >>>
>> > >>
>> > >>
>> > >
>> >
>> > --
>> > *Mike Tutkowski*
>> > *Senior CloudStack Developer, SolidFire Inc.*
>> > e: mike.tutkowski@solidfire.com
>> > o: 303.746.7302
>> > Advancing the way the world uses the cloud
>> > <http://solidfire.com/solution/overview/?video=play>*™*
>> >
>>
>
>
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkowski@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the cloud
> <http://solidfire.com/solution/overview/?video=play>*™*
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkowski@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message