Bug 1411398

Summary: libvirt no longer generates the cephx auth secret when hot plugging virtio-scsi devices
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: libvirtAssignee: John Ferlan <jferlan>
Status: CLOSED ERRATA QA Contact: lijuan men <lmen>
Severity: urgent Docs Contact:
Priority: high    
Version: 7.3CC: adhingra, dyuan, jdenemar, jdillama, jferlan, j.michael.lowe, jsuchane, knoel, mschuppe, rbalakri, rhodain, skinjo, snagar, xuzhang
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-2.0.0-10.el7_3.5 Doc Type: Bug Fix
Doc Text:
Cause: Missed code path to add secret for a virtio-scsi during alterations to support domain master secret for encrypted secret passing to qemu. Consequence: Cannot hot plug a virtio-scsi device using cephx authentication. Fix: Adjusted the algorithm to add the authentication object with the encrypted secret for qemu to parse. Result: Capability restored to authenticate hotplug'd virtio-scsi device.
 Story Points: ---
Clone Of: 1406442 Environment:
Last Closed: 2017-03-02 17:30:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1406442    
Bug Blocks:    

Description Jaroslav Reznik 2017-01-09 15:47:59 UTC 
This bug has been copied from bug #1406442 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 7 lijuan men 2017-02-13 07:18:23 UTC 
verify the bug

version:
libvirt-2.0.0-10.el7_3.5.x86_64
qemu-kvm-rhev-2.6.0-28.el7_3.5.x86_64
kernel-3.10.0-514.12.1.el7.x86_64

steps:

scenario 1:
1.prepare an auth enabled  ceph environment

2.start a guest with the following xml:
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/var/lib/libvirt/images/admin.qcow2'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

...

*** <controller type='scsi' index='0' model='virtio-scsi'>   ***
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </controller>
...

3.attach a device with the xml:
# cat ceph-disk.xml 
 <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <auth username='libvirt'>
        <secret type='ceph' usage='client.ceph'/>
      </auth>
      <source protocol='rbd' name='lmen/vol.img'>
        <host name='10.73.75.52'/>
      </source>
      <target dev='sdb' bus='scsi'/>
    </disk>

# virsh attach-device admin ceph-disk.xml 
Device attached successfully

# virsh domblklist admin
Target     Source
------------------------------------------------
sda        /var/lib/libvirt/images/admin.qcow2
sdb        lmen/vol.img

4.in the guest,
the second disk can be found and used.

scenario 2:
1.prepare an auth enabled  ceph environment

2.start a guest with the following xml:
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/var/lib/libvirt/images/admin.qcow2'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>

...

*** <controller type='scsi' index='0'> ***
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </controller>
...

3.attach a device with the xml:
# cat ceph-disk.xml 
 <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <auth username='libvirt'>
        <secret type='ceph' usage='client.ceph'/>
      </auth>
      <source protocol='rbd' name='lmen/vol.img'>
        <host name='10.73.75.52'/>
      </source>
      <target dev='sdb' bus='scsi'/>
    </disk>

# virsh attach-device admin ceph-disk.xml 
Device attached successfully

# virsh domblklist admin
Target     Source
------------------------------------------------
sda        /var/lib/libvirt/images/admin.qcow2
sdb        lmen/vol.img

4.in the guest,
the second disk can be found and used.
Comment 12 errata-xmlrpc 2017-03-02 17:30:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0397.html