qemu: Don't compare local and remote hostnames on migration

[PATCH] qemu: Don't compare local and remote hostnames on migration

Posted by Michal Privoznik 4 years, 1 month ago

Libvirt tries to forbid migration onto the same host and it does
that by checking if local and remote hostnames are the same and
whether local and remote UUIDs are the same. Well, the latter
makes sense but the former doesn't really because libvirtd can be
running inside an UTS namespace and hostnames can appear the same
on both sides of migration. On the other hand, host UUIDs are
unique, so rely on them when trying to prevent migration onto the
same host.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639596

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_migration_cookie.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_migration_cookie.c b/src/qemu/qemu_migration_cookie.c
index a5a9edffc3..1d88ac1d22 100644
--- a/src/qemu/qemu_migration_cookie.c
+++ b/src/qemu/qemu_migration_cookie.c
@@ -1230,19 +1230,17 @@ qemuMigrationCookieXMLParse(qemuMigrationCookiePtr mig,
     }
     VIR_FREE(tmp);
 
-    /* Check & forbid "localhost" migration */
     if (!(mig->remoteHostname = virXPathString("string(./hostname[1])", ctxt))) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        "%s", _("missing hostname element in migration data"));
         goto error;
     }
-    if (STREQ(mig->remoteHostname, mig->localHostname)) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Attempt to migrate guest to the same host %s"),
-                       mig->remoteHostname);
-        goto error;
-    }
+    /* Historically, this is the place where we checked whether remoteHostname
+     * and localHostname are the same. But even if they were, it doesn't mean
+     * the domain is migrating onto the same host. Rely on UUID which can tell
+     * for sure. */
 
+    /* Check & forbid localhost migration */
     if (!(tmp = virXPathString("string(./hostuuid[1])", ctxt))) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        "%s", _("missing hostuuid element in migration data"));
-- 
2.24.1

Re: [PATCH] qemu: Don't compare local and remote hostnames on migration

Posted by Daniel P. Berrangé 4 years, 1 month ago

On Mon, Mar 02, 2020 at 09:17:27AM +0100, Michal Privoznik wrote:
> Libvirt tries to forbid migration onto the same host and it does
> that by checking if local and remote hostnames are the same and
> whether local and remote UUIDs are the same. Well, the latter
> makes sense but the former doesn't really because libvirtd can be
> running inside an UTS namespace and hostnames can appear the same
> on both sides of migration. On the other hand, host UUIDs are
> unique, so rely on them when trying to prevent migration onto the
> same host.

This check originates in

  commit 8654175c5b0c3db9e5f70907f102f0f900355d28
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Mon Jan 24 18:06:16 2011 +0000

    Introduce migration cookies to QEMU driver
    
We've always had both hostname and uuid checks here, as a way to
prevent localhost-migration. The only way I can think to bypass
the UUID check is to run a second libvirtd on the same host,
but inside a container so you can change UUID or libvirtd.conf.
At that point, you can set things up so that you are safe todo a
local migration, so its ok to allow for that.

> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639596
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/qemu/qemu_migration_cookie.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|