libvirt::host::network defined resource is fragile on updates (#8708) · Issues · tails / sysadmin

libvirt::host::network defined resource is fragile on updates

Originally created by @intrigeri on #8708 (Redmine)

When we update the source config of a libvirt::host::network defined resource, sometimes it’s updated immediately in libvirt’s internal active state but gets replaced by the old config later, and sometimes it’s only updated on disk (/etc/libvirt/qemu/networks/${name}.xml but not in libvirt’s internal active state.

In that defined resource, we’re effectively managing that file in /etc with Puppet, and then (with virsh net-define) asking libvirt to read it, and then to create/update it in /etc as well. This might be racy, and be the root cause for the aforedescribed problem.

We should:

manage ${name}.xml with Puppet elsewhere than in /etc;
let libvirt be the only one that manages the corresponding network definition in /etc/libvirt/qemu/networks with net-define;
have the latter be subscribed to the former.

It would likely be more robust, and depend less on net-define’s implementation details that may change in the future.

The code lives in https://git-tails.immerda.ch/puppet-libvirt/.

Related issues

Related to #11182

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information