Bug 1689168
| Summary: | virt-xml-validate fail to validate domain xml with ceph auth disk | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | yafu <yafu> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | Han Han <hhan> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8.1 | CC: | bhubbard, hhan, jdenemar, lmen, meili, pkrempa, xuzhang |
| Target Milestone: | rc | Keywords: | Reopened |
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-7.0.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-25 06:41:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | 7.0.0 |
| Embargoed: | |||
Both disk/secret/usage and the secret usage element have the same definition of the value in the RNG schema.
This means that a <secret> with the usage as in the example above can't be validated when used in the <secret> element:
$ cat test-secret.xml
<secret ephemeral='no' private='yes'>
<uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6e</uuid>
<usage type='ceph'>
<name>client.admin secret</name>
</usage>
</secret>
$ virt-xml-validate test-secret.xml
test-secret.xml:4: element name: Relax-NG validity error : Error validating datatype string
test-secret.xml:4: element name: Relax-NG validity error : Element name failed to validate content
Relax-NG validity error : Extra element usage in interleave
test-secret.xml:1: element secret: Relax-NG validity error : Element secret failed to validate content
test-secret.xml fails to validate
If the name is fixed according to the regex which is also accepted in the context of the <disk>
$ cat test-secret.xml
<secret ephemeral='no' private='yes'>
<uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6e</uuid>
<usage type='ceph'>
<name>clientadminsecret</name>
</usage>
</secret>
$ virt-xml-validate test-secret.xml
test-secret.xml validates
As both <disk><source><auth><secret> and <secret><usage> are using the same regex I don't see any problem.
I'm reopening this because I'm not sure it was brought to a satisfactory conclusion as some work is definitely required to fully resolve this. A long time ago the rbd driver was written and an arbitrary format for the name of the secret was decided upon 'client.X secret' where 'X' represents the name of the client. This was at least seven years ago and has been documented in several places [0][1] (there are more if you search including inside a copy of 'Mastering KVM Virtualization'). Whilst it's true this name could take any form there are multiple examples in the wild. Looking at the description of this bug there may even be templates that produce output like, "<secret type='ceph' ***usage='client.admin secret'***/>" perhaps in openstack tooling/scripts, etc. but I haven't been able to positively identify that. So IMHO a true solution here would either involve modifying the validation tool to accept this format or make this format an error and document here that it may not include spaces or full stops AND find all locations where this is documented and change them. This applies to both entries in both the secret and disk xml as they need to match. [0] https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm [1] https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm Schema was relaxed upstream:
commit 9aa1a1ea77ba13db6539212472e7dfc624bb39b4
Author: Peter Krempa <pkrempa>
Date: Wed Jan 6 17:19:03 2021 +0100
schema: secret: Relax requirements for usage name
There's plenty of existing documentation [1] which shows as example a
name which contains a space and a dot ('client.admin secret') as ceph
usage name.
Use a more relaxed type in the RNG schema since the usage name is
actually just a string used to look up the secret.
[1]:
https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm
https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm
Libvirt docs were correct though:
https://libvirt.org/formatsecret.html#CephUsageType
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689168
Signed-off-by: Peter Krempa <pkrempa>
Reviewed-by: Ján Tomko <jtomko>
commit 1a3c07989b5bee79713e1f2014c0c31443878d1b
Author: Peter Krempa <pkrempa>
Date: Wed Jan 6 16:51:21 2021 +0100
schema: Add define for object names
Objects such as domain, pool, etc re-define the regex for the format.
Add more generic types for objects with/without a slash which we'll be
able to reuse also for other objects.
Signed-off-by: Peter Krempa <pkrempa>
Reviewed-by: Ján Tomko <jtomko>
commit e9551061955be0d9b041968585df8db589a0cb69
Author: Peter Krempa <pkrempa>
Date: Wed Jan 6 11:27:50 2021 +0100
schema: Remove workaround for bug in libxml2 2.7.6
New libxml2 handles '\n' properly so the literal newline is not
necessary, because 2.9.1 is the minimum version we support.
Signed-off-by: Peter Krempa <pkrempa>
Reviewed-by: Ján Tomko <jtomko>
Test as commemt0 on v7.0.0-rc1-16-g97b1de5051. Passed Verified on libvirt-7.0.0-1.module+el8.4.0+9464+3e71831a.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2098 |
Version-Release number of selected component (if applicable): libvirt-5.0.0-6.el8.x86_64 qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64 How reproducible: 100% Reproduce steps: 1.Prepare guest xml with ceph auth disk: #virsh dumpxml rhel8 > /tmp/ceph.xml ... <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source protocol='rbd' name='libvirt-tool/yafu1.img'> <host name='10.73.75.128' port='6789'/> <auth username='admin'> <secret type='ceph' ***usage='client.admin secret'***/> </auth> </source> <backingStore/> <target dev='sdd' bus='scsi'/> <alias name='scsi0-0-0-3'/> <address type='drive' controller='0' bus='0' target='0' unit='3'/> </disk> ... 2.#virt-xml-validate /tmp/ceph.xml Relax-NG validity error : Extra element devices in interleave /tmp/ceph.xml:68: element devices: Relax-NG validity error : Element domain failed to validate content /tmp/ceph.xml fails to validate 3.Success to validate domain xml if removing auth part from ceph disk. Actual results: Fail to validate domain xml with ceph auth disk Expected results: Should validate domain xml with ceph auth disk successfully Additional info: 1.The value of usage is defined as following pattern: <param name="pattern">[a-zA-Z0-9_\+\-]+</param> but the space is needed in the value of usage.