[libvirt] Bug: vnc + websocket = websocket autoport not working right at live migration

Martin Kletzander mkletzan at redhat.com
Thu Jun 25 20:00:11 UTC 2015 

On Tue, Jun 23, 2015 at 02:13:21PM +0200, Piotr Rybicki wrote:
>Hello.
>
>Problem description:
>
>When i start qemu via libvirt with vnc websocket defined, it is not
>possible to live migrate to host where other qemu process is running
>with the same display id.
>
>migration error is:
>
>error: internal error: early end of file from monitor: possible problem:
>            [1] => 2015-06-23T11:54:25.590506Z qemu-system-x86_64: -vnc 0.0.0.0:1,websocket=5700,password: Failed to start VNC server on `(null)': Failed to bind socket: Address already in use
>
>(please note vnc display id=1 and websocket=5700 - where it should be 5701)
>
>in libvirt's xml i have:
>(...)
>    <graphics type='vnc' port='-1' autoport='yes' websocket='-1'
>listen='0.0.0.0' passwd='xxx'>
>      <listen type='address' address='0.0.0.0'/>
>    </graphics>
>(...)
>
>for first and only qemu process on host, this creates qemu commandline:
>(...) -vnc 0.0.0.0:0,websocket=5700,password (...)
>
>for second qemu process on the same host:
>(...)  -vnc 0.0.0.0:1,websocket=5701,password (...)
>
>There is no problem with migration, when there is no websocket
>configuration.
>
>Solution:
>
>I believe, to solve this problem, libvirt has to omit websocket port
>definition in commandline string ('websocket=5700' => 'websocket')
>when autoport is defined in domain xml definition.
>

Well, either that or increasing the websocket number as well.  And
that port should be auto-allocated so in case there is something
listening on port 5701 it can select 5702.  That would be even more
error-proof and libvirt would retain full control of qemu (we do that
so that in case the 'websocket = display + 5700' default gets changed,
we still know all the details we set up).

>from man qemu:
>     -vnc display[,option[,option[,...]]]
>(...)
>          websocket
>               Opens an additional TCP listening port dedicated to VNC
>Websocket connections.  By definition the Websocket port is
>               5700+display. If host is specified connections will
>only be allowed from this host.  As an alternative the Websocket port
>               could be specified by using "websocket"=port.  TLS
>encryption for the Websocket connection is supported if the required
>               certificates are specified with the VNC option x509.
>
>So if I understand it right, not specifying websocket port means
>5700+display id, and display id is given via commandline and
>increments just fine.
>
>Can anyone confirm this? Or perhaps there is some misconfiguration in
>my xml domain definition?
>

I believe this is a bug in libvirt.  Would you mind creating a bug in
bugzilla for this issue so we can properly track the issue?

Thanks,
Martin

>Best regards
>Piotr Rybicki
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150625/681e02ae/attachment-0001.sig>

More information about the libvir-list mailing list