Bug 1256999

Summary: libvirt shouldn't add extra "auth type" into domain xml when using iscsi volume disk with secret setting.
Product: Red Hat Enterprise Linux 7 Reporter: Pei Zhang <pzhang>
Component: libvirtAssignee: John Ferlan <jferlan>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: dyuan, jferlan, mzhan, rbalakri, xuzhang
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.3.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 18:23:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pei Zhang 2015-08-26 03:25:30 UTC 
Description of problem:
For the domain disk, there is no <auth> 'type' field, while there is a
<secret> 'type' field.
For the storage pool, there is an <auth> 'type' field, while there is no
<secret> 'type' field.
When I use volume type disk , libvirt will add <auth> type info domain xml automatically. 

Version-Release number of selected component (if applicable):

libvirt-1.2.17-5.el7.x86_64
qemu-kvm-rhev-2.3.0-18.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.prepare a iscsi pool with secret setting.

# virsh vol-list iscsi-pool
 Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:1           /dev/disk/by-path/ip-$IP:3260-iscsi-iqn.2008-09.5.165.3ffe.104:server.target3-lun-1

# virsh pool-dumpxml iscsi-pool
<pool type='iscsi'>
  <name>iscsi-pool</name>
  <uuid>73a72456-e7ef-460a-99f7-926a6f20a74c</uuid>
  <capacity unit='bytes'>32212254720</capacity>
  <allocation unit='bytes'>32212254720</allocation>
  <available unit='bytes'>0</available>
  <source>
    <host name='$ip' port='3260'/>
    <device path='iqn.2008-09.5.165.3ffe.104:server.target3'/>
    <auth type='chap' username='redhat'>
      <secret usage='libvirtiscsi'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>

2.define and start a guest like following 

# virsh dumpxml r708  |grep disk -A 9

 <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <source pool='iscsi-pool' volume='unit:0:0:1' mode='direct'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

#virsh start r708

3.check domain xml, it shows up <auth> type in domain xml.
# virsh dumpxml r708|grep disk -A 9
    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <auth type='chap' username='redhat'>
        <secret type='iscsi' usage='libvirtiscsi'/>
      </auth>
      <source pool='iscsi-pool' volume='unit:0:0:1' mode='direct'/>
      <backingStore/>
      <target dev='sda' bus='scsi'/>
      <alias name='scsi0-0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

4. validate doamin xml 

#virsh dumpxml r708 > r708.xml

# virt-xml-validate r708.xml 
Relax-NG validity error : Extra element devices in interleave
r708.xml:26: element devices: Relax-NG validity error : Element domain failed to validate content
r708.xml fails to validate

remove " type='chap' " in <auth>
# virt-xml-validate r708.xml 
r708.xml validates

So it indicates that <auth> type='chap' shouldn't be added into doamin xml.


Actual results:
As step 2 and step 3 , <auth> type was added into domain xml automatically. 

Expected results:
For the domain disk, there is no <auth> 'type' field。 

Additional info:
Comment 1 John Ferlan 2015-09-23 21:46:26 UTC 
Sent a patch upstream:

http://www.redhat.com/archives/libvir-list/2015-September/msg00838.html
Comment 2 John Ferlan 2015-10-12 13:52:50 UTC 
Adjustment made to initial patch based on review:

http://www.redhat.com/archives/libvir-list/2015-October/msg00195.html

Patch was pushed upstream:

git describe 5275c0f4a1267c630b5c3b77fac8cbe4fcaa3adb
v1.2.20-79-g5275c0f
Comment 4 Pei Zhang 2016-02-24 02:44:59 UTC 
Verify version : 
libvirt-1.3.1-1.el7.x86_64
qemu-kvm-rhev-2.3.0-31.el7_2.7.x86_64

Steps :

1. Prepare a iscsi pool with secret setting.

# virsh vol-list iscsi-secret-pool Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:1           /dev/disk/by-path/ip-$IP:3260-iscsi-iqn.2008-09.5.165.3ffe.104:server.target3-lun-1

2. check define and start a guest.
2.1 define and start a guest like following 

# virsh dumpxml r72 | grep disk -A 9
    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <source pool='iscsi-secret-pool' volume='unit:0:0:1' mode='direct'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

# virsh start r72
Domain r72 started

2.2 after start guest, check domain xml again.It shows correct <auth> in domain xml. 
# virsh dumpxml r72 | grep disk -A 9

    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <auth username='libvirt'>
        <secret type='iscsi' usage='libvirtiscsi'/>
      </auth>
      <source pool='iscsi-secret-pool' volume='unit:0:0:1' mode='direct'/>
      <backingStore/>
      <target dev='sda' bus='scsi'/>
      <alias name='scsi0-0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

3. check hotplug disk operation.
3.1 prepare a guest without iscsi volume disk. and prepare a disk xml like following 

# cat iscsi-volume-disk.xml 
<disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <source pool='iscsi-secret-pool' volume='unit:0:0:1' mode='direct'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

3.2 attach the device.
# virsh attach-device r72 iscsi-volume-disk.xml 
Device attached successfully

3.3 check domain xml again.It shows correct doamin xml. 

# virsh dumpxml r72 | grep disk -A 9
    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <auth username='libvirt'>
        <secret type='iscsi' usage='libvirtiscsi'/>
      </auth>
      <source pool='iscsi-secret-pool' volume='unit:0:0:1' mode='direct'/>
      <backingStore/>
      <target dev='sda' bus='scsi'/>
      <alias name='scsi0-0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

3.4 detach disk 
# virsh detach-disk r72 sda 
Disk detached successfully

The result as expected, move to verified.
Comment 6 errata-xmlrpc 2016-11-03 18:23:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html