machines: detect if libvirt is running #8493
Conversation
pkg/machines/libvirt.es6
Outdated
| @@ -812,6 +850,7 @@ function startEventMonitor(dispatch, connectionName) { | |||
| .fail(ex => { | |||
| // this usually happens if libvirtd gets stopped or isn't running; retry connecting every 10s | |||
| console.log("virsh event failed:", ex); | |||
There was a problem hiding this comment.
virsh process can fail or be killed here, but is this console.log still needed?
There was a problem hiding this comment.
I'm fine with dropping it; I wanted to keep it in after landing the virsh event stuff, but I figure it's stable enough now.
There was a problem hiding this comment.
ok, I will remove it then
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
bf0b86c
to
62d6045
Compare
|
This seems to break all VM tests? |
| actionMessage: PropTypes.string.isRequired, | ||
| }; | ||
|
|
||
| const NotificationArea = ({ errors, dismissable, onDismiss, id }) => { |
There was a problem hiding this comment.
Can we reuse Alert from inlineNotification.jsx?
There was a problem hiding this comment.
Will be resolved after the final design decision
pkg/machines/hostvmslist.jsx
Outdated
| }); | ||
| } | ||
|
|
||
| let notificationArea = errors.length > 0 ? ( |
There was a problem hiding this comment.
Can we move this into the NotificationArea component, so it can properly handle even empty list?
pkg/machines/hostvmslist.jsx
Outdated
|
|
||
| if (!isLibvirtActive) { | ||
| errors.push({ | ||
| message: "Libvirt is not active.", |
There was a problem hiding this comment.
consider I18N: use _("...")
pkg/machines/hostvmslist.jsx
Outdated
| const errors = [...ui.errors]; | ||
| const isLibvirtActive = libvirtState.status === 'active'; | ||
|
|
||
| if (!isLibvirtActive) { |
There was a problem hiding this comment.
I would make the NotificationArea component responsible for producing this message, just pass state-info to props.
pkg/machines/libvirt.es6
Outdated
| @@ -56,6 +58,18 @@ if (!String.prototype.startsWith) { | |||
| }; | |||
| } | |||
|
|
|||
| if (typeof String.prototype.includes === 'undefined') { | |||
There was a problem hiding this comment.
Where is this required? Can't we find a way to do it via babel? Or avoid it?
There was a problem hiding this comment.
We could use https://babeljs.io/docs/usage/polyfill/
These are required here 3546515#diff-de184ca652af74b4142eac404126b77fR767 and in #7820
- String: startsWith, includes
- Array: includes
pkg/machines/libvirt.es6
Outdated
| }; | ||
| } | ||
|
|
||
| if (typeof Array.prototype.startsWith === 'undefined') { |
There was a problem hiding this comment.
this one was added by mistake
pkg/machines/libvirt.es6
Outdated
| CHECK_LIBVIRT_STATUS() { | ||
| logDebug(`${this.name}.CHECK_LIBVIRT_STATUS`); | ||
| return dispatch => { | ||
| return cockpit.spawn(['systemctl', '--property=ActiveState', 'show', 'libvirtd']) |
There was a problem hiding this comment.
Is systemctl available on all supported systems?
There was a problem hiding this comment.
should be (on their supported versions)
http://cockpit-project.org/running.html
There was a problem hiding this comment.
systemctl itself is, but less sure about --property. But systemctl is-active --quiet myunit has been supported for a long time, and is even easier to use as you just need to look at the exit code. Alternatively, use the D-Bus API (GetUnit() and then its ActiveState property).
There was a problem hiding this comment.
I looked at the history of systemd man pages and it should be ok for our versions. I will leave it like it is for now. + we are using the string state in the ui so it is not a big difference
| // set up event monitor for that connection; force PTY as otherwise the buffering | ||
| // will not show every line immediately | ||
| cockpit.spawn(['virsh'].concat(VMS_CONFIG.Virsh.connections[connectionName].params).concat(['-r', 'event', '--all', '--loop']), {'err': 'message', 'pty': true}) | ||
| .stream(data => { | ||
| if (data.startsWith("error: Disconnected from") || data.startsWith("error: internal error: client socket is closed")) { | ||
| // libvirt failed |
There was a problem hiding this comment.
can we log here? Just to be sure we do not swallow status info which might be useful when debugging
There was a problem hiding this comment.
added debug log to all the places where event monitor fail is expected
atiratree
force-pushed
the
libvirt-status-msgs
branch
4 times, most recently
from
0f5e0c3
to
07c25ff
Compare
New version of designThere is one notification area which consists of:
ReasonsThere can be multiple errors and messages so I put them in one closable notification
Design
|
Warning: libvirt"libvirt is not active": Cockpit has a pattern in place, based on PatternFly's empty state pattern to handle things like this:
A customized version for libvirt would look something like this:
This does look a little odd, as Sentence case is used on the header and Title Case is used on the button — but, from what I can tell, libvirt is one of those projects named completely lowercase. However, in Cockpit, we generally try to use phrases of higher-level concepts instead of specific technology (where appropriate). In this case, the resulting empty state screen might look like the following:
I'm not a fan of jargony phrases like "subsystems", however. @andreasn (or anyone else): Have any better ideas on what to call this? Dismissable errors & noticesCould you provide some concrete examples of errors and notices that would be used in the inline notifications, please? (Good design requires example content and intent.) Thanks! |
|
I guess empty state makes more sense. Just one note:
For now error about vm creation failure. It can take some time and there can be multiple failures at the same time. there is no usage for notices yet (I just put it into the example), but it could be useful in the future |
|
It could use an empty state pattern with a secondary button (
|
|
IMO, we should name It's both nice and consistent to have the
No matter what the application allows now, the |
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
07c25ff
to
7dc6270
Compare
current statelibvirt statusbefore libvirt status is known: when libvirt is down:
error messages
|
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
7dc6270
to
c6f7dbe
Compare
| icon = (<div className="spinner spinner-lg"/>); | ||
| break; | ||
| default: | ||
| message = _("libvirt is not active on the system"); |
There was a problem hiding this comment.
This should say "Virtualization service is not active", which is more descriptive of what's happening. Not everyone will know what "libvirt" is. (It even sounds confusingly like a library.)
| icon = (<span className="fa fa-exclamation-circle"/>); | ||
| detail = ( | ||
| <p> | ||
| {_("See libvirt service for ")}<a onClick={mouseClick(goToLink)}>{_("more configuration.")}</a> |
There was a problem hiding this comment.
It's fine to say libvirt here and, in fact, would help to reinforce that libvirt is a virtualization service (and vice versa) based on context.
Perhaps the code should look something like the following:
detail = (
<p> {
cockpit.format(_("Please refer to $0 for more information."),
`<a href="${goToLink}" target="_blank">libvirt documentation</a>`)
} </p>
);(It might not be quite right -- I didn't test it. It's based on the file pkg/ovirt/components/ConsoleClientResources.jsx which has a the link as an actual link (instead of a JavaScript-only action) and the method in which it is written enables the strings to be translatable more easily.)
There was a problem hiding this comment.
- Docs on
cockpit.format()are located @ http://cockpit-project.org/guide/latest/cockpit-util - The reference lines of
ConsoleClientResources.jsxare @ https://github.com/cockpit-project/cockpit/blob/master/pkg/ovirt/components/ConsoleClientResources.jsx#L34-L35
There was a problem hiding this comment.
I get the reason to do it, but I do not think it is a good idea.
That example is much easier because it is just a link (outside of cockpit).
- passing function like that breaks things:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "default-src 'self' http://localhost:9090". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. - it is not a react like
- translation is problematic; the link can be at various position in other languages
There was a problem hiding this comment.
I know; this way it is also not translation friendly
There was a problem hiding this comment.
Yeah, I don't know React*. Please listen to someone else on the team with React experience. Treat any React code I write anytime soon to basically be pseudo-code. 😉
| ); | ||
| action = ( | ||
| <div className="blank-slate-pf-main-action"> | ||
| <button className="btn btn-primary btn-lg" onClick={mouseClick(start)}>{_("Start libvirt")}</button> |
There was a problem hiding this comment.
This button name should also be descriptive, similar to the header; that is, it should state: "Start Virtualization Service".
The docs link directly above explains that the "virtualization service" is libvirt.
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
c6f7dbe
to
f908378
Compare
|
although now, the word "service" is occurring 3 time |
Errors: expected usage
|
Errors: expected usagefor create vm dialog that results in this flow:
1)
|
Yeah, you're right. The secondary line should be something more like "Please refer to libvirt documentation for more information." (The link should be a link that opens in a new window with a target, such as: |
I really think there should be link to the service in cockpit. The main reason for that is to enable the service. Clicking the button only makes the service start once. We could also add the documentation part, but I am not sure if it isn't too much? |
I agree, there's already functionality in Cockpit allowing fixing that in most of the cases. |
What do you mean? (I thought it was supposed to be a documentation link.)
Why not both enable and start the service at the same time?
It wouldn't be helpful to just drop someone in the service view to find something (most people probably wouldn't remember they're looking for "libvirt") and then do something with it. (We know they'd need to enable the service, but would they? Most likely not.) |
I do not think that is good default behaviour, because it might not be what the user wants.
there can be also link to the documentation but I do not think it is necessary |
|
Can we let it in the current state? I will start writing tests for this. |
|
There seem to be multiple things covered in this one PR. Can we split apart this pull request into 3 different items?
I'll open the issue (item # 3). @suomiy, can you move the dialog part of this PR to a separate one (# 2)? By splitting it apart, I think it can help to focus on getting this PR in (and then the next too). Thanks! |
|
ubuntu needs to be fixed |
atiratree
force-pushed
the
libvirt-status-msgs
branch
4 times, most recently
from
e16e2bf
to
fdb4366
Compare
|
@mareklibra |
pkg/machines/libvirt.es6
Outdated
| @@ -170,29 +174,47 @@ LIBVIRT_PROVIDER = { | |||
| }; | |||
| }, | |||
|
|
|||
| INITIALIZE () { | |||
There was a problem hiding this comment.
Why not reuse the init method above?
Please note, the init() can return both boolean or Promise.
I think we can fire reading of libvirt service name in init(), store result into redux and reuse it in GET_ALL_VMS
There was a problem hiding this comment.
Please align with similar initialization flow in pkg/ovirt
There was a problem hiding this comment.
We decided it is better not to mix init() in libvirt and ovirt
| */ | ||
| export function getAllVms(connectionName) { | ||
| return virt('GET_ALL_VMS', { connectionName }); | ||
| export function getAllVms(connectionName, libvirtServiceName) { |
There was a problem hiding this comment.
I don't like adding the param here unless really necessarily.
It has nothing to do with the actual read of VMs.
There was a problem hiding this comment.
We decided it is fine for now
| render() { | ||
| const service = this.props.libvirtService; | ||
| const goToLink = () => cockpit.jump("/system/services#/" + service.name); | ||
| const start = () => { |
There was a problem hiding this comment.
Can be moved outside the render() function to sort of onStartClicked()
pkg/machines/index.es6
Outdated
| @@ -50,5 +50,5 @@ export function appMain() { | |||
| render(); | |||
|
|
|||
| // initiate data retrieval | |||
| store.dispatch(getAllVms()); | |||
| store.dispatch(initialize()); | |||
There was a problem hiding this comment.
Important: Please do update pkg/ovirt accordingly as well.
test/verify/check-machines
Outdated
| def startLibvirt(self): | ||
| m = self.machine | ||
| # Ensure everything has started correctly | ||
| m.execute("systemctl start libvirtd") | ||
| m.execute("systemctl start {0}".format(self.getLibvirtName())) |
There was a problem hiding this comment.
The tests were passing prior this PR. What has changed that this is needed?
There was a problem hiding this comment.
it works, but disabling libvirt will make this stop working in ubuntus where libvirt-bin.service can have a priority. libvirtd.service is an alias when libvirt-bin.service is enabled
atiratree
force-pushed
the
libvirt-status-msgs
branch
2 times, most recently
from
3c35182
to
4fe8dca
Compare
|
fixed review |
pkg/machines/libvirt.es6
Outdated
| logDebug(`${this.name}.CHECK_LIBVIRT_STATUS`); | ||
| return dispatch => { | ||
| return cockpit.spawn(['systemctl', '--property=ActiveState', '--property=UnitFileState', 'show', serviceName]) | ||
| .done(data => { |
There was a problem hiding this comment.
Please use the systemd D-Bus API for querying and controlling the libvirt service. Have a look at pkg/lib/service.js which provides a nice API for that. It's e. g. being used in pkg/tuned/dialog.js.
pkg/machines/libvirt.es6
Outdated
| if (line.toLowerCase().includes("failed to connect")) { | ||
| // known error: virsh process fails anyway | ||
| logDebug(error, line); | ||
| }else{ |
There was a problem hiding this comment.
(nitpick: missing spaces around else)
pkg/machines/reducers.es6
Outdated
| unitState: 'unknown', | ||
| }, | ||
| osInfoList: [], | ||
| }; | ||
| state = state ? state : []; |
There was a problem hiding this comment.
This line is a no-op now and should go away. After the previous hunk state is now always non-empty.
| #!/bin/sh | ||
|
|
||
| # libvirt-bin is primary in ubuntu 1604 | ||
| NAME="`systemctl list-unit-files | grep -o libvirt-bin.service || echo libvirtd.service`" |
There was a problem hiding this comment.
You can save the grep and the extra systemctl call below with
NAME=`systemctl --no-legend list-unit-files libvirtd.service libvirt-bin.service | head -n1 | cut -f1 -d' '`
This will prefer libvirtd.service over libvirt-bin.service even if the latter is an alias on upgrades.
test/verify/check-machines
Outdated
| name = self.machine.execute( | ||
| "systemctl list-unit-files | grep -o libvirt-bin.service || echo libvirtd.service").replace('\n', '') | ||
| return self.machine.execute( | ||
| "systemctl --property=Id show {0} | cut -c 4-".format(name)).replace('\n', '') |
There was a problem hiding this comment.
This should not repeat the same logic. Just special-case if self.machine.image == "ubuntu-1604":
test/verify/check-machines
Outdated
| m.execute("systemctl disable {0}".format(libvirtServiceName)) | ||
| print(self.getLibvirtName()) | ||
| m.execute("systemctl stop {0}".format(libvirtServiceName)) | ||
| b.wait(lambda: not checkLibvirtEnabled()) |
There was a problem hiding this comment.
Definitively no wait needed here -- systemctl stop and disable are synchronous.
| b.click("#start-libvirt") | ||
|
|
||
| b.wait_in_text("body", "Virtual Machines") | ||
| b.wait(lambda: checkLibvirtEnabled()) |
There was a problem hiding this comment.
Again, once the UI updates (which you already wait for in the previous line), this should succeed right away.
There was a problem hiding this comment.
Ui shows up when the service starts. We should not expect the Ui to enable the service atomicly with the start
test/verify/check-machines
Outdated
| b.wait_present("#enable-libvirt:checked") | ||
| b.set_checked("#enable-libvirt", False) | ||
| b.click("#start-libvirt") | ||
| b.wait(lambda: not checkLibvirtEnabled()) |
There was a problem hiding this comment.
If you move this down one line (i. e. wait for the UI to update first), it should again not require waiting.
test/verify/check-machines
Outdated
| b.wait(lambda: url_location in b.eval_js("window.location.href")) | ||
|
|
||
| # HACK: restarting libvirtd causes this completely unrelated SELinux issue | ||
| self.allow_journal_messages('.*denied.*search.*"systemd-machine".*dev="proc".*') |
There was a problem hiding this comment.
We generally report them to bugzilla, create a known issue, and add a naughty override for these, so that these issues get fixed and these hacks clean up themselves over time.
test/verify/check-machines
Outdated
| self.allow_journal_messages('.*denied.*search.*"systemd-machine".*dev="proc".*') | ||
| # enabling/disabling libvirt causes unwanted logs | ||
| self.allow_journal_messages('.*libvirt.*') | ||
| self.allow_journal_messages('.*virt.*socket.*') |
There was a problem hiding this comment.
Sorry, this looks too broad and can easily hide errors. What are the complete messages here, and how do they break the test? We only check for unexpected log messages on cockpit.service and type=14?? audit messages.
There was a problem hiding this comment.
I am pretty sure it was complaining about creating/removing symlinks, but now it is fine on my setup.
It only throws this on ubuntu-1604
audit: type=1400 audit(1521636424.736:15): apparmor="DENIED" operation="open" profile="libvirt-a73c87e3-37a7-43c0-8671-b477f5783d95" name="/etc/gss/mech.d/" pid=2069 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
There was a problem hiding this comment.
debian-testing
audit: type=1400 audit(1521637589.708:41): apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=1146 comm="libvirtd" requested_mask="send" denied_mask="send" signal=hup peer="unconfined"
There was a problem hiding this comment.
Removed #6901. Anyway I think --sit should not fail without --thorough option on known issue. This got me confused.
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
4fe8dca
to
f1e3618
Compare
|
fixed review |
atiratree
force-pushed
the
libvirt-status-msgs
branch
2 times, most recently
from
2378fd7
to
1a0f514
Compare
| if [ -n "$NAME" ]; then | ||
| # get id name because libvirt-bin is primary in ubuntu 1604 | ||
| systemctl --property=Id show "$NAME" | cut -c 4- | ||
| fi |
There was a problem hiding this comment.
Again, this isn't necessary. On Ubuntu-16.04, the above command already gives you libvirt-bin.service. (But see comment above, I think this file could be eliminated completely).
There was a problem hiding this comment.
It can also give libvirtd.service on Ubuntu 16.04. libvirt-bin.service creates alias to libvirtd.service when enabled. To make things more interesting we even cannot prefer libvirt-bin.service because on ubuntu 17.10 libvirtd.service is primary and creates symlink to libvirt-bin.service.
We really need the id of the service, because that is the only service visible when disabled and stopped.
There was a problem hiding this comment.
"We really need the id of the service" → What does that mean? How is it in any way different than the $NAME you already determined? (It's demonstrably not on fedora-27 and ubuntu-1604; I didn't try other cases)
There was a problem hiding this comment.
I am sorry. It works on ubuntu 16.04 (didn't try this exact command and assumed wrong sort order of those two names).
But it still breaks on ubuntu 17.10:
systemctl enable libvirtd.service
systemctl --no-legend list-unit-files libvirtd.service libvirt-bin.service | head -n1 | cut -f1 -d' '
# libvirt-bin.service
systemctl disable libvirtd.service
systemctl --no-legend list-unit-files libvirtd.service libvirt-bin.service | head -n1 | cut -f1 -d' '
# libvirtd.service
There was a problem hiding this comment.
appending to the last comment:
systemctl status libvirt-bin
# Unit libvirt-bin.service could not be found.
| logDebug(`${this.name}.INIT_DATA_RETRIEVAL():`); | ||
| return dispatch => { | ||
| dispatch(getOsInfoList()); | ||
| return cockpit.script(getLibvirtServiceNameScript, null, { err: "message", environ: ['LC_ALL=en_US.UTF-8'] }) |
There was a problem hiding this comment.
As this script is now an one-liner, and you already do some regexp post-processing below, you could just simply call cockpit.spawn() here on systemctl --no-legend list-unit-files libvirtd.service libvirt-bin.service and ditch the script. This makes the code easier to read as everything that happens here is at the same place.
There was a problem hiding this comment.
I think we still need the script.
pkg/machines/libvirt.es6
Outdated
| return cockpit.script(getLibvirtServiceNameScript, null, { err: "message", environ: ['LC_ALL=en_US.UTF-8'] }) | ||
| .then(serviceName => { | ||
| const match = serviceName.match(/(.+)\n$/); | ||
| const name = getRegexGroup(match, 1, 'libvirtd.service'); // fallback to libvirtd to be able to show link in libvirtSlate |
There was a problem hiding this comment.
I don't think this should fall back in this way. If libvirtd isn't installed (i. e. the above command does not have any result), then this should be treated properly and not ignored. If libvirt isn't installed, then getting its state and VMs is doomed to fail anyway.
There was a problem hiding this comment.
Ok I will move this handling to libvirtSlate and leave serviceName empty in the store
pkg/machines/libvirt.es6
Outdated
| dispatch(getOsInfoList()); | ||
| return cockpit.script(getLibvirtServiceNameScript, null, { err: "message", environ: ['LC_ALL=en_US.UTF-8'] }) | ||
| .then(serviceName => { | ||
| const match = serviceName.match(/(.+)\n$/); |
There was a problem hiding this comment.
Change this to get the first word only, this saves the head and cut processing in shell, and drop the unnecessary helper function:
.then(output => {
const match = output.match(/(\w+)/);
const serviceName = match ? match[0] : null;
if (serviceName) {
... get libvirt state
} else {
console.error (...);
// handle faillure
}
);
test/verify/check-machines
Outdated
| # HACK: restarting libvirtd causes this completely unrelated SELinux issue | ||
| self.allow_journal_messages('.*denied.*search.*"systemd-machine".*dev="proc".*') | ||
|
|
||
| self.allow_journal_messages('.*audit.*apparmor="DENIED".*operation="signal".*libvirt.*denied_mask="send".*') |
There was a problem hiding this comment.
These two still need to be replaced with known issues.
There was a problem hiding this comment.
should I create these issues and put these messages into naughty overrides in this PR?
There was a problem hiding this comment.
maybe we could reopen this issue #8467 ? It is exactly the same except the signal is hup instead of kill
There was a problem hiding this comment.
I'm quite sure the policy is not so specific as to limit particular signals, it's just not allowed to send signals in general. I. e. it's most likely the same bug. But are you sure that it still actually applies? This was fixed recently (certainly way after you started working on this PR), and in the recent test run there is no such apparmor denial. So I think this can just be dropped and should be fine as-is.
There was a problem hiding this comment.
I still see it in the logs, but it is fine with me if it is not causing any problems anymore.
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
1a0f514
to
9aaef4e
Compare
|
fixed except the journal messages (the first one is present in testBasic as well) |
atiratree
force-pushed
the
libvirt-status-msgs
branch
from
9aaef4e
to
50a9695
Compare
- Show spinner before the status is known - Show slate with action if libvirt is down Closes cockpit-project#8493
martinpitt
force-pushed
the
libvirt-status-msgs
branch
from
2e89d3c
to
f7a7b96
Compare
- Show spinner before the status is known - Show slate with action if libvirt is down Closes #8493
|
Current screenshot for release notes:
|
show error with link to libvirt service if it is not running
add infrastructure for adding errors to the ui