Broken in Jammy until we can depend on swtpm-tools
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Undecided
|
Christian Ehrhardt |
Bug Description
While fixing bug 1948880 this created a harder dependency on swtpm than intended.
We can't yet depend on swtpm-tools (waiting for the MIR in 1948748).
But due to that on a Jammy install without swtpm libvirt will end up not starting.
That is due to the user swtpm being missing without the package swtpm-tools.
And without that the service fails like:
$ systemctl status libvirtd
× libvirtd.service - Virtualization daemon
Loaded: loaded (/lib/systemd/
Active: failed (Result: start-limit-hit) since Tue 2021-11-23 14:21:58 UTC; 21min ago
TriggeredBy: × libvirtd-ro.socket
× libvirtd.socket
× libvirtd-
Docs: man:libvirtd(8)
https:/
Process: 25147 ExecStart=
Main PID: 25147 (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 32768)
Memory: 7.4M
CPU: 319ms
CGroup: /system.
Nov 23 14:21:58 testkvm-jammy-from libvirtd[25147]: Initialization of QEMU state driver failed: invalid argument: Failed to parse user 'swtpm'
Nov 23 14:21:58 testkvm-jammy-from libvirtd[25147]: Driver state initialization failed
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Deactivated successfully.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Unit process 24164 (dnsmasq) remains running after unit stopped.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Unit process 24165 (dnsmasq) remains running after unit stopped.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Start request repeated too quickly.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Failed with result 'start-limit-hit'.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Unit process 24164 (dnsmasq) remains running after unit stopped.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: libvirtd.service: Unit process 24165 (dnsmasq) remains running after unit stopped.
Nov 23 14:21:58 testkvm-jammy-from systemd[1]: Failed to start Virtualization daemon.
That breaks usage until swtpm-tools (or actually that user) is ready.
Then it would restart and/or install/upgrade fine.
The right solution options are:
- correctly express a Depends (not even a Recommends) as we depend on that user to be present
- create the user swtpm if not created by swtpm or anything else
The former would prevent removing swtpm for anyone that does not want to use it.
The latter would kind of mess with a user from two packages.
But the latter would have the benefit of not entangling the packages too hard and to have a chance to complete before the swtpm MIR is done (which can take a while).
The option of a changing default depending on swtpm to be around on install is even worse and not worth to consider further IMHO.
None seems perfect, I need to get a few opinions on this to avoid reverting/changing this a few more times.
Related branches
- Miriam España Acebal (community): Needs Information
- Canonical Server Reporter: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 10088 lines (+9197/-44)36 files modifieddebian/changelog (+7963/-4)
debian/control (+6/-5)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-0)
debian/libvirt-daemon-system.libvirt-guests.default (+2/-2)
debian/libvirt-daemon-system.postinst (+136/-0)
debian/libvirt-daemon-system.postrm (+24/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/series (+19/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+300/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/rules (+15/-2)
debian/tests/control (+3/-2)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)
@vorlon - I subscribed you as you have worked on swtpm, would you be ok that I create the user in libvirt if it is missing? Are there better options I miss like moving the user to another package completely?