[PATCH] spec: keep existing nwfilters uuid on update

Wed Dec 2 10:58:56 UTC 2020

Polite ping

On 26.10.2020 12:21, Nikolay Shirokovskiy wrote:
> Now on every nwfilter config package update we overwrite existing filters
> entirely. It is desired to bring new version of filters on update but we'd
> better keep their uuids I guess.
> 
> Actually patch primarily address noise in logs on update. If both libvirtd and
> firewalld are running and libvirt is using firewalld backend then on firewalld
> restart we reload all nwfilters. So if node is updated and we have update for
> both firewalld and libvirt then in the process of update first new nwfilters of
> libvirt package are copied to /etc/libvirt/nwfilters then firewalld is
> restarted and then libvirtd is restarted. In this process firewalld restart
> cause log messages like [1]. The issue is libvirt brings nwfilters without
> <uuid> in definition and on handling firewalld restart libvirt generates
> missing uuid and then fail to update filter definition because it is already
> present in filters list with different uuid.
> 
> [1] virNWFilterObjListAssignDef:337 : operation failed: filter 'no-ip-spoofing'
>     already exists with uuid c302edf9-8a48-40d8-a652-f70b2c563ad1
> 
> Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy at virtuozzo.com>
> ---
>  libvirt.spec.in | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 2a4324b..6a31440 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1438,7 +1438,18 @@ fi
>  rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
>  
>  %post daemon-config-nwfilter
> -cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
> +# keep existing filters uuid on update
> +for dfile in %{_datadir}/libvirt/nwfilter/*.xml; do
> +    sfile=%{_sysconfdir}/libvirt/nwfilter/`basename $dfile`
> +    if [ -f "$sfile" ]; then
> +      uuidstr=`sed -n '/<uuid>.*<\/uuid>/p' "$sfile"`
> +      if [ ! -z "$uuidstr" ]; then
> +        sed -e "s,<filter .*>,&\n$uuidstr," "$dfile" > "$sfile"
> +        continue
> +      fi
> +    fi
> +    cp "$dfile" "$sfile"
> +done
>  # libvirt saves these files with mode 600
>  chmod 600 %{_sysconfdir}/libvirt/nwfilter/*.xml
>  # Make sure libvirt picks up the new nwfilter defininitons
>