Bug 1476775
| Summary: | RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | yisun |
| Component: | libvirt | Assignee: | John Ferlan <jferlan> |
| Status: | CLOSED ERRATA | QA Contact: | yisun |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.4 | CC: | hhan, jiyan, jsuchane, lmen, meili, mtessun, rbalakri, xuzhang, yisun |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-3.8.0-1.el7 | Doc Type: | No Doc Update |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-10 10:52:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Sure - seems reasonable... patch posted upstream: https://www.redhat.com/archives/libvir-list/2017-September/msg00099.html Tested in build tree: $ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --print-xml <pool type='iscsi'> <name>ip</name> <source> <host name='localhost'/> <device path='iqn.2013-06.com.example:iscsi-pool'/> <auth type='chap' username='redhat'> <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/> </auth> </source> <target> <path>/dev/disk/by-path</path> </target> </pool> $ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --secret-usage=foolme --print-xml error: Options --secret-usage and --secret-uuid are mutually exclusive $ Patch pushed upstream:
commit 63d3d895a2c00a849440706b3daa7199296b4b33
Author: John Ferlan <jferlan>
Date: Tue Sep 5 13:44:15 2017 -0400
virsh: Add/allow secret-uuid for pool-{define|create}-as
...
For the virsh pool-{define|create}-as command, let's allow using
--secret-uuid on the command line as an alternative to --secret-usage
(added for commit id '8932580'), but ensure that they are mutually
exclusive.
$ git describe 63d3d895a2c00a849440706b3daa7199296b4b33
v3.7.0-180-g63d3d895a
$
Verified with:
libvirt-3.8.0-1.el7.x86_64
qemu-kvm-rhev-2.9.0-16.el7_4.8.x86_64
1. check virsh manual
#man virsh
pool-create-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
--auth-username username [--secret-usage usage | ** --secret-uuid uuid**]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--build] [[--overwrite]
| [--no-overwrite]] [--print-xml]
...
pool-define-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
--auth-username username [--secret-usage usage | ** --secret-uuid uuid **]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--print-xml]
2. check pool-define-as
## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip defined
## virsh pool-start ip
Pool ip started
## virsh vol-list ip
Name Path
------------------------------------------------------------------------------
unit:0:0:0 /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0
## virsh pool-dumpxml ip
<pool type='iscsi'>
<name>ip</name>
<uuid>0406d2f4-ddca-47be-9b17-5ec4f25a611e</uuid>
<capacity unit='bytes'>1048576000</capacity>
<allocation unit='bytes'>1048576000</allocation>
<available unit='bytes'>0</available>
<source>
<host name='127.0.0.1'/>
<device path='iqn.2016-03.com.virttest:test-pool.target'/>
<auth type='chap' username='lento'>
<secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
</auth>
</source>
<target>
<path>/dev/disk/by-path</path>
</target>
</pool>
## virsh pool-destroy ip
Pool ip destroyed
## virsh pool-undefine ip
Pool ip has been undefined
3. check pool-create-as
## virsh pool-create-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip created
# virsh vol-list ip
Name Path
------------------------------------------------------------------------------
unit:0:0:0 /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0
## virsh pool-dumpxml ip
<pool type='iscsi'>
<name>ip</name>
<uuid>9447ce2f-5569-44e9-ad61-c8fe8fd89106</uuid>
<capacity unit='bytes'>1048576000</capacity>
<allocation unit='bytes'>1048576000</allocation>
<available unit='bytes'>0</available>
<source>
<host name='127.0.0.1' port='3260'/>
<device path='iqn.2016-03.com.virttest:test-pool.target'/>
<auth type='chap' username='lento'>
<secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
</auth>
</source>
<target>
<path>/dev/disk/by-path</path>
</target>
</pool>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0704 |
Description of problem: RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved Version-Release number of selected component (if applicable): libvirt-3.2.0-14.el7_4.2.x86_64 How reproducible: 100% Steps to Reproduce: 1. ## man virsh pool-create-as name type ... [--auth-type authtype --auth-username username --secret-usage usage] ... ... pool-define-as ... Use the same arguments as pool-create-as ... 2. ## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd error: command 'pool-define-as' doesn't support option --secret-uuid 3. when create a pool by xml, it can contain authentication info indicated by secret uuid, as follow <pool type='iscsi'> <name>virtimages</name> ... <source> <host name='iscsi.example.com'/> <device path='iqn.2013-06.com.example:iscsi-pool'/> <auth type='chap' username='myname'> ** <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/> ** </auth> </source> ... </pool> (http://libvirt.org/formatstorage.html has more detailed info about pool's xml) Actual results: As above, when using pool-create-as or pool-define-as with authentication info, secret uuid cannot be used, only secret usage can be used. Expected results: We'd better to provide both ways about how to indicate a libvirt secret in these commands, and secret uuid is used more frequently in other commands (secret operations). A --secret-uuid parameter should work.