Package: systemd
Version: 44-4
Severity: important
Hi,
I noticed that libvirt virtual machines are placed in the user’s session
by default, so I installed a proper libvirtd.service:
$ cat <<EOF >/etc/systemd/system/libvirtd.service
# NB we don't use socket activation. When libvirtd starts it will
# spawn any virtual machines registered for autostart. We want this
# to occur on every boot, regardless of whether any client connects
# to a socket. Thus socket activation doesn't have any benefit
[Unit]
Description=Virtualization daemon
After=udev.target
After=avahi.target
After=dbus.target
Before=libvirt-guests.service
[Service]
KillMode=process
ExecStart=/usr/sbin/libvirtd
ExecReload=/bin/kill -HUP $MAINPID
# Override the maximum number of opened files
#LimitNOFILE=2048
[Install]
WantedBy=multi-user.target
EOF
$ systemctl stop libvirt-bin.service
$ systemctl stop libvirt-guests.service
$ killall libvirtd
$ systemctl mask libvirt-bin.service
$ systemctl mask libvirt-guests.service
$ systemctl daemon-reload
$ systemctl enable libvirtd.service
$ systemctl start libvirtd.service
Now, when I create a VM, it will be placed in the cgroup of
libvirtd.service, as expected:
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: active (running) since Mon, 24 Sep 2012 12:25:14 +0200; 1s ago
Main PID: 24130 (libvirtd)
CGroup: name=systemd:/system/libvirtd.service
└ 24130 /usr/sbin/libvirtd
$ virsh -c qemu:///system create /etc/libvirt/qemu/test2.xml
Domain test2 created from /etc/libvirt/qemu/test2.xml
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: active (running) since Mon, 24 Sep 2012 12:25:14 +0200; 33s
ago
Main PID: 24130 (libvirtd)
CGroup: name=systemd:/system/libvirtd.service
├ 24130 /usr/sbin/libvirtd
└ 24253 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256 -smp
1,sockets=1,cores=1,threads=1 -name test2 -...
However, when I and start libvirtd.service, the VMs are killed because
systemd cleans up the cgroups on start:
$ systemctl stop libvirtd.service
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: inactive (dead) since Mon, 24 Sep 2012 12:26:54 +0200; 700ms
ago
Process: 24326 ExecStart=/usr/sbin/libvirtd (code=exited,
status=0/SUCCESS)
CGroup: name=systemd:/system/libvirtd.service
└ 24456 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256 -smp
1,sockets=1,cores=1,threads=1 -name test2 -...
$ ps auxf | grep 24456
root 24492 20 0 0.0 0.0 | \_ grep 24456
121 24456 20 0 2.0 0.1 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256
-smp 1,sockets=1,cores=1,threads=1 -name test2 -uuid
7ed8b939-8e56-3083-c63a-8b7a6ba15182 -nodefconfig -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/test2.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
if=none,id=drive-ide0-1-0,readonly=on,format=raw -device
ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -chardev
pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -vnc
127.0.0.1:0 -k en-us -vga cirrus -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
$ systemctl start libvirtd.service
$ ps auxf | grep 24456
root 24610 20 0 0.0 0.0 | \_ grep 24456
See also https://bugzilla.redhat.com/show_bug.cgi?id=805942. From the
Fedora packaging, I extracted their patch for it and applied it to our
package (find it attached). With that patch, the problem does no longer
occur:
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: active (running) since Mon, 24 Sep 2012 12:27:03 +0200; 11min
ago
Main PID: 24502 (libvirtd)
CGroup: name=systemd:/system/libvirtd.service
└ 24502 /usr/sbin/libvirtd
$ virsh -c qemu:///system create /etc/libvirt/qemu/test2.xml
Domain test2 created from /etc/libvirt/qemu/test2.xml
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: active (running) since Mon, 24 Sep 2012 12:27:03 +0200; 11min
ago
Main PID: 24502 (libvirtd)
CGroup: name=systemd:/system/libvirtd.service
├ 19256 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256 -smp
1,sockets=1,cores=1,threads=1 -name test2 -...
└ 24502 /usr/sbin/libvirtd
$ systemctl stop libvirtd.service
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: inactive (dead) since Mon, 24 Sep 2012 12:38:17 +0200; 916ms
ago
Main PID: 24502 (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/libvirtd.service
└ 19256 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256 -smp
1,sockets=1,cores=1,threads=1 -name test2 -...
$ systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/etc/systemd/system/libvirtd.service; enabled)
Active: active (running) since Mon, 24 Sep 2012 12:38:21 +0200; 2s ago
Main PID: 19293 (libvirtd)
CGroup: name=systemd:/system/libvirtd.service
├ 19256 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 256 -smp
1,sockets=1,cores=1,threads=1 -name test2 -...
└ 19293 /usr/sbin/libvirtd
I have been running systemd with this patch for over a month now and
could not find any negative side-effects. I suggest we apply the patch
and get a freeze exception.
I’ve set the severity to important because running into this issue is
very unpleasant on production systems and might lead to severe data
loss.
Thanks!
Description: disable killing on entering START_PRE, START
The killing worked fine with the added "control" sub-cgroup, but that
brought other problems:
https://bugzilla.redhat.com/show_bug.cgi?id=816842
The "control" sub-cgroup had to be removed. In order not to reintroduce
https://bugzilla.redhat.com/show_bug.cgi?id=805942, comment out the
killing for F17 GA. Hopefully we'll get a proper fix later.
Almost a revert of commit 8f53a7b8ea9ba505f8fefe4df4aaa5a8aab1e2eb
"service: brutally slaughter processes that are running in the cgroup
when we enter START_PRE and START"
Author: Michal Schmidt <[email protected]>
Origin: vendor
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=816842
Forwarded: not-needed
Reviewed-by: Michael Stapelberg <[email protected]>
Last-Update: 2012-09-24
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: systemd-44/src/service.c
===================================================================
--- systemd-44.orig/src/service.c 2012-03-12 21:49:16.000000000 +0100
+++ systemd-44/src/service.c 2012-09-24 12:30:27.238541632 +0200
@@ -2094,7 +2094,8 @@
/* We want to ensure that nobody leaks processes from
* START_PRE here, so let's go on a killing spree, People
* should not spawn long running processes from START_PRE. */
- cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
+ // F17, bz816842, bz805942
+ //cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
if (s->type == SERVICE_FORKING) {
s->control_command_id = SERVICE_EXEC_START;
@@ -2168,7 +2169,8 @@
/* Before we start anything, let's clear up what might
* be left from previous runs. */
- cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
+ // F17, bz816842, bz805942
+ //cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, SIGKILL, true, NULL);
s->control_command_id = SERVICE_EXEC_START_PRE;
--
Best regards,
Michael