[Group.of.nepali.translators] [Bug 1727366] Re: virsh start/destroy is too slow after adding firewall rule

Fri, 27 Oct 2017 05:41:37 -0700 

virExec:
    for (fd = 3; fd < openmax; fd++) {                                          
     
        if (fd == childin || fd == childout || fd == childerr)                  
     
            continue;                                                           
     
        if (!virCommandFDIsSet(cmd, fd)) {                                      
     
            tmpfd = fd;                                                         
     
            VIR_MASS_CLOSE(tmpfd);                                              
     
        } else if (virSetInherit(fd, true) < 0) {                               
     
            virReportSystemError(errno, _("failed to preserve fd %d"), fd);     
     
            goto fork_error;                                                    
     
        }                                                                       
     
    }

openmax is the limit that gets indirectly derived from that systemd limit.
But with [1] Im not sure ho much more one can do.

[1]: https://stackoverflow.com/questions/899038/getting-the-highest-
allocated-file-descriptor/918469#918469

** Changed in: libvirt (Ubuntu)
       Status: In Progress => Opinion

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1727366

Title:
  virsh start/destroy is too slow after adding firewall rule

Status in libvirt package in Ubuntu:
  Opinion
Status in libvirt source package in Xenial:
  Won't Fix
Status in libvirt source package in Zesty:
  Won't Fix

Bug description:
  Description:  Ubuntu 16.04.3 LTS
  Release:      16.04

  libvirt-bin:
    Installed: 1.3.1-1ubuntu10.14
    Candidate: 1.3.1-1ubuntu10.14

  The starting/stopping time of the domain is dramatically increased
  after adding nw-filter rule:

  Actual timings:
  --------------

  # time virsh destroy 9000
  Domain 9000 destroyed

  
  real  0m9.252s
  user  0m0.024s
  sys   0m0.000s

  Expected timings: (without active filterref item)
  ----------------

  $ time virsh destroy 9000
  Domain 9000 destroyed

  real    0m0.633s
  user    0m0.012s
  sys     0m0.008s

  Steps to reproduce:
  ------------------

  1. Enable any firewall rule, which is shipped with a package. In
  example it could be allow-arp:

      <interface type='bridge'>
        <mac address='52:54:00:86:69:a7'/>
        <source bridge='br0'/>
        <model type='virtio'/>
        <filterref filter='allow-arp'/>
        <address type='pci' domain='0x0000' bus='0x00' slot='0x03' 
function='0x0'/>
      </interface>

  2. Stop domain:

  $ virsh destroy 9000

  3. Start domain:

  $ LIBVIRT_DEBUG=debug virsh start 9000

  Debug output attached as libvirt-debug.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1727366/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to