[PATCH] spec: keep existing nwfilters uuid on update

Michal Privoznik mprivozn at redhat.com
Thu Dec 3 16:39:01 UTC 2020 

On 10/26/20 10:21 AM, Nikolay Shirokovskiy wrote:
> Now on every nwfilter config package update we overwrite existing filters
> entirely. It is desired to bring new version of filters on update but we'd
> better keep their uuids I guess.
> 
> Actually patch primarily address noise in logs on update. If both libvirtd and
> firewalld are running and libvirt is using firewalld backend then on firewalld
> restart we reload all nwfilters. So if node is updated and we have update for
> both firewalld and libvirt then in the process of update first new nwfilters of
> libvirt package are copied to /etc/libvirt/nwfilters then firewalld is
> restarted and then libvirtd is restarted. In this process firewalld restart
> cause log messages like [1]. The issue is libvirt brings nwfilters without
> <uuid> in definition and on handling firewalld restart libvirt generates
> missing uuid and then fail to update filter definition because it is already
> present in filters list with different uuid.
> 
> [1] virNWFilterObjListAssignDef:337 : operation failed: filter 'no-ip-spoofing'
>      already exists with uuid c302edf9-8a48-40d8-a652-f70b2c563ad1
> 
> Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy at virtuozzo.com>
> ---
>   libvirt.spec.in | 13 ++++++++++++-
>   1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 2a4324b..6a31440 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1438,7 +1438,18 @@ fi
>   rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
>   
>   %post daemon-config-nwfilter
> -cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
> +# keep existing filters uuid on update
> +for dfile in %{_datadir}/libvirt/nwfilter/*.xml; do
> +    sfile=%{_sysconfdir}/libvirt/nwfilter/`basename $dfile`
> +    if [ -f "$sfile" ]; then
> +      uuidstr=`sed -n '/<uuid>.*<\/uuid>/p' "$sfile"`
> +      if [ ! -z "$uuidstr" ]; then
> +        sed -e "s,<filter .*>,&\n$uuidstr," "$dfile" > "$sfile"
> +        continue
> +      fi
> +    fi
> +    cp "$dfile" "$sfile"
> +done
>   # libvirt saves these files with mode 600
>   chmod 600 %{_sysconfdir}/libvirt/nwfilter/*.xml
>   # Make sure libvirt picks up the new nwfilter defininitons
> 

I wonder if we should treat these .xml files as config files. I mean, 
they can be changed by user and if they have been we should not touch 
them at update no matter what. But if they haven't, then we should 
replace them because they may contain new, better rules.

I've read spec file documentation here and it looks like 
%config(noreplace) is doing just that:

https://rpm-packaging-guide.github.io/#more-on-macros

Would that solve the issue?

Michal

More information about the libvir-list mailing list