[Bug 2033681] Re: Calico still uses vif type tap and it causes failures with libvirt 9.5.0
Edward Hope-Morley
2033681 at bugs.launchpad.net
Fri Mar 27 14:27:45 UTC 2026
** Description changed:
-
Description
===========
Calico (out of tree) uses vif type tap. But libvirt doesn't like pre-existing tap devices https://github.com/libvirt/libvirt/commit/a2ae3d299cf from libvirt 9.5.0. This causes openstack clusters that run calico networking backend to fail during instance creation.
Steps to reproduce
==================
- 1. Configure calico
- 2. Run openstack with libvirt 9.5.0 (latest in centos 9 stream)
- 3. Boot a VM
+ Ubuntu does not have support for Neutron Calico (it isnt packaged) but to test and verify this issue we don't need it because it is just a matter of adding a tap device to an existing vm which we can do manually. To test this we can do:
+
+ * Deploy openstack with neutron OVN
+ * Create a guest vm with one port (the tap device will be created by libvirt)
+ * Stop the vm
+ * Manually create a new tap device and add it to the vm libvirt xml
+ * Start the vm
+ * Without the patch this will cause an error but with the patch it should work
Expected result
===============
The VM is able to boot without any problems
Actual result
Other information
=================
13:34:38 < sean-k-mooney> calico is apparently still using vif type tap
https://github.com/projectcalico/calico/blob/cf7fa35475eba84f5afcd7f53ac7d07dcb403202/networking-
calico/networking_calico/plugins/ml2/drivers/calico/test/lib.py#L66C31-L66C34
13:35:06 < sean-k-mooney> vif type tap is not supported by our os-vif code so its usign the legacy fallback
13:35:51 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L595-L596
13:36:15 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L420-L430
13:36:48 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/designer.py#L44-L55
13:37:40 < sean-k-mooney> zer0c00l: with that said the tap was always ment to be created by libvirt so it sound like calico might have been doing things it shoudl not have been
13:38:03 < zer0c00l> sean-k-mooney: Thanks for looking into this. :(
13:38:36 < sean-k-mooney> we could proably correct this with a bug fix
13:38:52 < sean-k-mooney> jsut setting managed='no'
13:39:13 < sean-k-mooney> here https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L427
13:39:54 < sean-k-mooney> the problem is that the there is no way to test this really upstream
13:40:06 < sean-k-mooney> well beyond unit/fucntional tests
13:40:12 < sean-k-mooney> but we dont have any calico ci
13:40:37 < sean-k-mooney> calico should be the only backend using vif_type=tap
13:40:52 < sean-k-mooney> but im not sure if we woudl need a config option in the workarounds section for this or not
-
Potential patch
===============
diff --git a/nova/virt/libvirt/config.py b/nova/virt/libvirt/config.py
index 47e92e3..5af3ce4 100644
--- a/nova/virt/libvirt/config.py
+++ b/nova/virt/libvirt/config.py
@@ -1749,6 +1749,7 @@
- self.device_addr = None
- self.mtu = None
- self.alias = None
+ self.device_addr = None
+ self.mtu = None
+ self.alias = None
+ self.managed = 'no'
-
- def __eq__(self, other):
- if not isinstance(other, LibvirtConfigGuestInterface):
+
+ def __eq__(self, other):
+ if not isinstance(other, LibvirtConfigGuestInterface):
@@ -1851,7 +1852,7 @@
- dev.append(vlan_elem)
-
- if self.target_dev is not None:
+ dev.append(vlan_elem)
+
+ if self.target_dev is not None:
- dev.append(etree.Element("target", dev=self.target_dev))
+ dev.append(etree.Element("target", dev=self.target_dev, managed=self.managed))
-
- if self.vporttype is not None:
- vport = etree.Element("virtualport", type=self.vporttype)
+
+ if self.vporttype is not None:
+ vport = etree.Element("virtualport", type=self.vporttype)
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2033681
Title:
Calico still uses vif type tap and it causes failures with libvirt
9.5.0
Status in Ubuntu Cloud Archive:
New
Status in Ubuntu Cloud Archive caracal series:
New
Status in Ubuntu Cloud Archive dalmatian series:
New
Status in Ubuntu Cloud Archive epoxy series:
New
Status in Ubuntu Cloud Archive flamingo series:
New
Status in Ubuntu Cloud Archive gazpacho series:
New
Status in OpenStack Compute (nova):
Fix Released
Status in nova package in Ubuntu:
New
Status in nova source package in Noble:
New
Status in nova source package in Questing:
New
Status in nova source package in Resolute:
New
Bug description:
Description
===========
Calico (out of tree) uses vif type tap. But libvirt doesn't like pre-existing tap devices https://github.com/libvirt/libvirt/commit/a2ae3d299cf from libvirt 9.5.0. This causes openstack clusters that run calico networking backend to fail during instance creation.
Steps to reproduce
==================
Ubuntu does not have support for Neutron Calico (it isnt packaged) but to test and verify this issue we don't need it because it is just a matter of adding a tap device to an existing vm which we can do manually. To test this we can do:
* Deploy openstack with neutron OVN
* Create a guest vm with one port (the tap device will be created by libvirt)
* Stop the vm
* Manually create a new tap device and add it to the vm libvirt xml
* Start the vm
* Without the patch this will cause an error but with the patch it should work
Expected result
===============
The VM is able to boot without any problems
Actual result
Other information
=================
13:34:38 < sean-k-mooney> calico is apparently still using vif type
tap
https://github.com/projectcalico/calico/blob/cf7fa35475eba84f5afcd7f53ac7d07dcb403202/networking-
calico/networking_calico/plugins/ml2/drivers/calico/test/lib.py#L66C31-L66C34
13:35:06 < sean-k-mooney> vif type tap is not supported by our os-vif code so its usign the legacy fallback
13:35:51 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L595-L596
13:36:15 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L420-L430
13:36:48 < sean-k-mooney> https://github.com/openstack/nova/blob/master/nova/virt/libvirt/designer.py#L44-L55
13:37:40 < sean-k-mooney> zer0c00l: with that said the tap was always ment to be created by libvirt so it sound like calico might have been doing things it shoudl not have been
13:38:03 < zer0c00l> sean-k-mooney: Thanks for looking into this. :(
13:38:36 < sean-k-mooney> we could proably correct this with a bug fix
13:38:52 < sean-k-mooney> jsut setting managed='no'
13:39:13 < sean-k-mooney> here https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L427
13:39:54 < sean-k-mooney> the problem is that the there is no way to test this really upstream
13:40:06 < sean-k-mooney> well beyond unit/fucntional tests
13:40:12 < sean-k-mooney> but we dont have any calico ci
13:40:37 < sean-k-mooney> calico should be the only backend using vif_type=tap
13:40:52 < sean-k-mooney> but im not sure if we woudl need a config option in the workarounds section for this or not
Potential patch
===============
diff --git a/nova/virt/libvirt/config.py b/nova/virt/libvirt/config.py
index 47e92e3..5af3ce4 100644
--- a/nova/virt/libvirt/config.py
+++ b/nova/virt/libvirt/config.py
@@ -1749,6 +1749,7 @@
self.device_addr = None
self.mtu = None
self.alias = None
+ self.managed = 'no'
def __eq__(self, other):
if not isinstance(other, LibvirtConfigGuestInterface):
@@ -1851,7 +1852,7 @@
dev.append(vlan_elem)
if self.target_dev is not None:
- dev.append(etree.Element("target", dev=self.target_dev))
+ dev.append(etree.Element("target", dev=self.target_dev, managed=self.managed))
if self.vporttype is not None:
vport = etree.Element("virtualport", type=self.vporttype)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2033681/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list