Bug 1822878
| Summary: | The <auth>..</auth> is moved out of source element after blockcommit | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Meina Li <meili> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | Meina Li <meili> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.2 | CC: | hhan, jdenemar, jgao, lmen, virt-maint, xuzhang, yisun |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-6.4.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-17 17:48:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed upstream: fe12fb4132 conf: Store 'diskElementAuth' and 'diskElementEnc' properties in status XML 6bde2a1e20 conf: Sanitize handling of <auth> and <encryption> placement for disks v6.3.0-69-gfe12fb4132 Test Version:
libvirt-6.5.0-1.el8.x86_64
qemu-kvm-5.0.0-2.module+el8.3.0+7379+0505d6ca.x86_64
Test Steps:
SC1: Blockcommit guest with “auth” subelement in “source” element xml
1. Prepare a iscsi secret.
# virsh secret-list
UUID Usage
------------------------------------------------------------
9684f1b5-dcf2-479a-b715-468bea128364 iscsi libvirtiscsi
2. Prepare a running guest with network disk which has auth element as the base image.
# virsh snapshot-create-as lmn s1 --disk-only --diskspec vdb,file=/tmp/lmn.s1
Domain snapshot s1 created
# virsh dumpxml lmn | grep /disk -B 20
…
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/tmp/lmn.s1' index='3'/>
<backingStore type='network' index='1'>
<format type='raw'/>
<source protocol='iscsi' name='iqn.1994-05.com.redhat:authyes/0'>
<host name='10.66.144.87' port='3260'/>
<auth username=redhat>
<secret type='iscsi' usage='libvirtiscsi'/>
</auth>
</source>
</backingStore>
<target dev='vdb' bus='virtio'/>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>
3. Restart libvirtd and check dumpxml.
# systemctl restart libvirtd
# virsh dumpxml lmn | grep /disk -B 20
---The result is same with step 2.
4. Do blockcommit and check dumpxml.
# virsh blockcommit lmn vdb --verbose --wait --pivot
Block commit: [100 %]
Successfully pivoted
# virsh dumpxml lmn | grep /disk -B 12
…
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='iscsi' name='iqn.1994-05.com.redhat:authyes/0' index='1'>
<host name='10.66.144.87' port='3260'/>
<auth username='redhat'>
<secret type='iscsi' usage='libvirtiscsi'/>
</auth>
</source>
<target dev='vdb' bus='virtio'/>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>
SC2: Blockcommit guest with “encryption” subelement in “source” element xml
1. Prepare a luks secret and image.
# virsh secret-list
UUID Usage
----------------------------------------------------------------------------------------
efc6f043-b6b3-429e-9754-7bca5494b8f4 volume /var/lib/libvirt/images/luks-sample.img
# qemu-img create -f luks --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,hash-alg=sha256,ivgen-alg=essiv,ivgen-hash-alg=sha256 /var/lib/libvirt/images/luks.img 1G
2. Prepare a running guest with encryption disk as the base image.
# virsh snapshot-create-as lmn s1 --disk-only --diskspec vdb,file=/tmp/lmn.s1
Domain snapshot s1 created
# virsh dumpxml lmn | grep /disk -B 20
…
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/tmp/lmn.s1' index='3'/>
<backingStore type='file' index='1'>
<format type='raw'/>
<source file='/var/lib/libvirt/images/luks.img'>
<encryption format='luks'>
<secret type='passphrase' uuid='efc6f043-b6b3-429e-9754-7bca5494b8f4'/>
</encryption>
</source>
<backingStore/>
</backingStore>
<target dev='vdb' bus='virtio'/>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>
3. Restart libvirtd and check dumpxml.
# systemctl restart libvirtd
# virsh dumpxml lmn | grep /disk -B 20
---The result is same with step 2.
4. Do blockcommit and check dumpxml.
# virsh blockcommit lmn vdb --verbose --wait --pivot
Block commit: [100 %]
Successfully pivoted
# virsh dumpxml lmn | grep /disk -B 12
…
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/luks.img' index='1'>
<encryption format='luks'>
<secret type='passphrase' uuid='efc6f043-b6b3-429e-9754-7bca5494b8f4'/>
</encryption>
</source>
<backingStore/>
<target dev='vdb' bus='virtio'/>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137 |
Description of problem: The <auth>..</auth> is moved out of source element after blockcommit Version-Release number of selected component (if applicable): libvirt-6.0.0-17.el8.x86_64 qemu-kvm-4.2.0-17.module+el8.2.0+6141+0f540f16.x86_64 How reproducible: 100% Steps to Reproduce: 1. Create the overlay image: # qemu-img create --object secret,data='redhat',id=sec,format=raw -f qcow2 -b 'json:{"driver":"raw", "file":{"lun":"0", "portal":"10.66.144.87", "driver":"iscsi", "transport":"tcp", "target":"iqn.2020-04.com.chap.target", "user":"redhat", "password-secret":"sec"}}' -o backing_fmt='raw' /var/lib/libvirt/images/iscsi_auth_cipher 2. Start the guest with the following disk: # virsh dumpxml lmn | grep /disk -B16 <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none'/> <source file='/var/lib/libvirt/images/iscsi_auth_cipher' index='1'/> <backingStore type='network' index='2'> <format type='raw'/> <source protocol='iscsi' name='iqn.2020-04.com.chap.target/0'> <host name='10.66.144.87' port='3260'/> <auth username='redhat'> ---->This auth element is in source element <secret type='iscsi' usage='libvirtiscsi'/> </auth> </source> <backingStore/> </backingStore> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </disk> 3. Do blockcommit and check the disk xml in guest. # virsh blockcommit lmn vdb --verbose --pivot Block commit: [100 %] Successfully pivoted # virsh dumpxml lmn | grep /disk -B12 <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none'/> <auth username='redhat'> ---->This auth element is out of source element <secret type='iscsi' usage='libvirtiscsi'/> </auth> <source protocol='iscsi' name='iqn.2020-04.com.chap.target/0' index='2'> <host name='10.66.144.87' port='3260'/> </source> <backingStore/> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </disk> Actual results: The <auth>..</auth> is moved out of source element after blockcommit Expected results: The <auth>..</auth>element should be in the source element after blockcommit Additional info: The <auth>..</auth>element is in expected location when directly create snapshot for the network disk with auth and do blockcommit.