Bug 1901323
| Summary: | QSD (QEMU Storage Daemon): basic support - TechPreview | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Ademar Reis <areis> |
| Component: | qemu-kvm | Assignee: | Kevin Wolf <kwolf> |
| qemu-kvm sub component: | Storage | QA Contact: | qing.wang <qinwang> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | high | CC: | aliang, chayang, coli, elima, jferlan, jinzhao, juzhang, kwolf, lijin, nanliu, ngu, phou, qinwang, qzhang, stefanha, virt-maint, xuwei, yama, zhenyzha, zixchen |
| Version: | 8.4 | Keywords: | FutureFeature, TechPreview, Triaged |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.4 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-25 06:45:10 UTC | Type: | Feature Request |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1827724, 1884659, 1901325, 1932785 | ||
|
Description
Ademar Reis
2020-11-24 20:40:58 UTC
Thanks. Will do test on nbd/nbd_tls export, network-storage related Block nodes/Character devices and relevant qmp basic operations. Test Chardev feature in qemu-storage-daemon: PASS.
Test Environments:
intel-q9550-4-2.englab.nay.redhat.com
qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91.x86_64
kernel-4.18.0-293.el8.x86_64
Test steps:
1). Lanuch qemu-storage-daemon with chardev:
# qemu-storage-daemon --chardev socket,path=qmp.sock,server,nowait,id=char1 --monitor chardev=char1 --object iothread,id=iothread0 --blockdev driver=file,node-name=file,filename=rhel840-64-virtio-scsi.qcow2 --blockdev driver=qcow2,node-name=qcow2,file=file --export type=vhost-user-blk,id=export1,addr.type=unix,addr.path=vhost-user-blk1.sock,node-name=qcow2,iothread=iothread0
2). Connect QMP.
# nc -U qmp.sock
{"QMP": {"version": {"qemu": {"micro": 0, "minor": 2, "major": 5}, "package": "qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91"}, "capabilities": ["oob"]}}
3). hotplug chardev.
{"execute":"chardev-add","arguments":{"id":"channel0","backend":{"type":"socket","data":{"addr":{"type":"unix", "data": {"path": "/tmp/mm"}}}}}}
{"return": {}}
4). query chardev.
{"execute":"query-chardev"}
{"return": [{"frontend-open": true, "filename": "unix:qmp.sock,server", "label": "char1"}, {"frontend-open": false, "filename": "disconnected:unix:/tmp/mm,server", "label": "channel0"}]}
5). hot-unplug chardev.
{"execute":"chardev-remove","arguments":{"id":"channel0"}}
{"return": {}}
{"execute":"query-chardev"}
{"return": [{"frontend-open": true, "filename": "unix:qmp.sock,server", "label": "char1"}]}
Please help to check this part, thanks.
Best regards
Liu Nana
Test luks format in qemu-storage-daemon: PASS.
Just one issue, the line of "--nbd-server" must precede "--export type=" when the type is nbd. I think it should be noted in help document.
Hit "qemu-storage-daemon: NBD server not running" when running command with below lines:
--export type=nbd,id=export,node-name=drive_image1,name=nbd_export,writable=on \
--nbd-server addr.type=inet,addr.host=10.73.224.94,addr.port=9000,max-connections=10 \
It works well with below lines:
--nbd-server addr.type=inet,addr.host=10.73.224.94,addr.port=9000,max-connections=10 \
--export type=nbd,id=export,node-name=drive_image1,name=nbd_export,writable=on \
Versions:
kernel-4.18.0-291.el8.x86_64
qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91
Steps:
1. create a luks image
# qemu-img create --object secret,id=image1_encrypt0,data=redhat -f luks -o key-secret=image1_encrypt0 /home/test.luks 5G
2. boot qemu-storage-daemon, export type is nbd and block driver is raw
/usr/bin/qemu-storage-daemon \
--chardev socket,path=/home/qmp.sock,server,nowait,id=char1 \
--monitor chardev=char1 \
--blockdev node-name=file_image1,driver=file,auto-read-only=on,discard=unmap,aio=threads,filename=/home/test.luks,cache.direct=on,cache.no-flush=off \
--blockdev node-name=drive_image1,driver=raw,read-only=off,cache.direct=on,cache.no-flush=off,file=file_image1 \
--nbd-server addr.type=inet,addr.host=10.73.224.94,addr.port=9000,max-connections=10 \
--export type=nbd,id=export,node-name=drive_image1,name=nbd_luks,writable=on \
3. check nbd image
# qemu-img info nbd://10.73.224.94:9000/nbd_luks
image: nbd://10.73.224.94:9000/nbd_luks
file format: luks
virtual size: 5 GiB (5368709120 bytes)
disk size: unavailable
encrypted: yes
Format specific information:
ivgen alg: plain64
hash alg: sha256
cipher alg: aes-256
uuid: c5033f40-a8e7-48f7-a6ea-4a1c8fe2da45
cipher mode: xts
slots:
[0]:
active: true
iters: 1742978
key offset: 4096
stripes: 4000
[1]:
active: false
key offset: 262144
[2]:
active: false
key offset: 520192
[3]:
active: false
key offset: 778240
[4]:
active: false
key offset: 1036288
[5]:
active: false
key offset: 1294336
[6]:
active: false
key offset: 1552384
[7]:
active: false
key offset: 1810432
payload offset: 2068480
master key iters: 443885
4. boot a guest with the exported image, and check the image.
/usr/libexec/qemu-kvm \
-S \
-name 'avocado-vt-vm1' \
-sandbox on \
-machine q35 \
-device pcie-root-port,id=pcie-root-port-0,multifunction=on,bus=pcie.0,addr=0x1,chassis=1 \
-device pcie-pci-bridge,id=pcie-pci-bridge-0,addr=0x0,bus=pcie-root-port-0 \
-nodefaults \
-device VGA,bus=pcie.0,addr=0x2 \
-m 15360 \
-smp 16,maxcpus=16,cores=8,threads=1,dies=1,sockets=2 \
-cpu 'IvyBridge',+kvm_pv_unhalt \
-chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_19yr7to5/monitor-qmpmonitor1-20200415-062711-pDLwHpA4,nowait,server \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_19yr7to5/monitor-catch_monitor-20200415-062711-pDLwHpA4,nowait,server \
-mon chardev=qmp_id_catch_monitor,mode=control \
-device pvpanic,ioport=0x505,id=idui124o \
-chardev socket,id=chardev_serial0,path=/var/tmp/avocado_19yr7to5/serial-serial0-20200415-062711-pDLwHpA4,nowait,server \
-device isa-serial,id=serial0,chardev=chardev_serial0 \
-chardev socket,id=seabioslog_id_20200415-062711-pDLwHpA4,path=/var/tmp/avocado_19yr7to5/seabios-20200415-062711-pDLwHpA4,server,nowait \
-device isa-debugcon,chardev=seabioslog_id_20200415-062711-pDLwHpA4,iobase=0x402 \
-device pcie-root-port,id=pcie-root-port-1,port=0x1,addr=0x1.0x1,bus=pcie.0,chassis=2 \
-device qemu-xhci,id=usb1,bus=pcie-root-port-1,addr=0x0 \
-device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
-object secret,id=image1_encrypt0,data=redhat \
-device pcie-root-port,id=pcie-root-port-2,port=0x2,addr=0x1.0x2,bus=pcie.0,chassis=3 \
-device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pcie-root-port-2,addr=0x0 \
-blockdev node-name=file_image1,driver=file,aio=threads,filename=/home/kvm_autotest_root/images/rhel840-64-virtio-scsi.qcow2,cache.direct=on,cache.no-flush=off \
-blockdev node-name=drive_image1,driver=qcow2,cache.direct=on,cache.no-flush=off,file=file_image1 \
-device scsi-hd,id=image1,drive=drive_image1,write-cache=on \
-blockdev node-name=file_nbd,driver=nbd,export=nbd_luks,server.host=10.73.224.94,server.port=9000,server.type=inet,cache.direct=on,cache.no-flush=off \
-blockdev node-name=drive_nbd,driver=luks,key-secret=image1_encrypt0,cache.direct=on,cache.no-flush=off,file=file_nbd \
-device scsi-hd,id=image_nbd,drive=drive_nbd,write-cache=on \
-device pcie-root-port,id=pcie-root-port-3,port=0x3,addr=0x1.0x3,bus=pcie.0,chassis=4 \
-device virtio-net-pci,mac=9a:cb:fc:b9:04:33,id=id9xGWam,netdev=idjLy4iN,bus=pcie-root-port-3,addr=0x0 \
-netdev tap,id=idjLy4iN,vhost=on \
-vnc :0 \
-rtc base=utc,clock=host,driftfix=slew \
-boot menu=off,order=cdn,once=c,strict=off \
-enable-kvm \
-monitor stdio \
QEMU 5.2.0 monitor - type 'help' for more information
(qemu) c
(qemu) info block
drive_image1: /home/kvm_autotest_root/images/rhel840-64-virtio-scsi.qcow2 (qcow2)
Attached to: image1
Cache mode: writeback, direct
drive_nbd: json:{"driver": "luks", "file": {"server.port": "9000", "server.host": "10.73.224.94", "driver": "nbd", "export": "nbd_luks", "server.type": "inet"}, "key-secret": "image1_encrypt0"} (luks, encrypted)
Attached to: image_nbd
Cache mode: writeback, direct
Check the images in guest:
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
├─rhel-root 253:0 0 17G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 5G 0 disk
shutdown the guest
(qemu) system_powerdown
4. query-block-exports
# nc -U /home/qmp.sock
{"QMP": {"version": {"qemu": {"micro": 0, "minor": 2, "major": 5}, "package": "qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91"}, "capabilities": ["oob"]}}
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"query-block-exports"}
{"return": [{"node-name": "drive_image1", "shutting-down": false, "type": "nbd", "id": "export"}]}
{"execute":"query-named-block-nodes"}
{"return": [{"iops_rd": 0, "detect_zeroes": "off", "image": {"virtual-size": 5370777600, "filename": "/home/test.luks", "format": "raw", "actual-size": 1048576, "dirty-flag": false}, "iops_wr": 0, "ro": false, "node-name": "drive_image1", "backing_file_depth": 0, "drv": "raw", "iops": 0, "bps_wr": 0, "write_threshold": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "cache": {"no-flush": false, "direct": true, "writeback": true}, "file": "/home/test.luks", "encryption_key_missing": false}, {"iops_rd": 0, "detect_zeroes": "off", "image": {"virtual-size": 5370777600, "filename": "/home/test.luks", "format": "file", "actual-size": 1048576, "dirty-flag": false}, "iops_wr": 0, "ro": false, "node-name": "file_image1", "backing_file_depth": 0, "drv": "file", "iops": 0, "bps_wr": 0, "write_threshold": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "cache": {"no-flush": false, "direct": true, "writeback": true}, "file": "/home/test.luks", "encryption_key_missing": false}]}
5. luks key management
{ "execute": "object-add", "arguments": {"qom-type": "secret", "id": "sec1", "props": { "data": "redhat1"}}}
{"return": {}}
{ "execute": "object-add", "arguments": {"qom-type": "secret", "id": "sec2", "props": { "data": "redhat2"}}}
{"return": {}}
(1) add a new password to a free keyslot
{"execute": "x-blockdev-amend", "arguments": {"node-name": "drive_image1", "job-id": "job_add_key1", "options": { "driver": "luks", "state": "active", "new-secret": "sec1", "keyslot": 1, "iter-time": 10}}}
{"error": {"class": "GenericError", "desc": "x-blockdev-amend doesn't support changing the block driver"}}
6. boot qemu-storage-daemon, export type is nbd and block driver is luks
/usr/bin/qemu-storage-daemon \
--chardev socket,path=/home/qmp.sock,server,nowait,id=char1 \
--monitor chardev=char1 \
--object secret,id=image1_encrypt0,data=redhat \
--blockdev node-name=file_image1,driver=file,auto-read-only=on,discard=unmap,aio=threads,filename=/home/test.luks,cache.direct=on,cache.no-flush=off \
--blockdev node-name=drive_image1,driver=luks,read-only=off,key-secret=image1_encrypt0,cache.direct=on,cache.no-flush=off,file=file_image1 \
--nbd-server addr.type=inet,addr.host=10.73.224.94,addr.port=9000,max-connections=10 \
--export type=nbd,id=export,node-name=drive_image1,name=nbd_luks,writable=on \
7. check nbd image
# qemu-img info nbd://10.73.224.94:9000/nbd_luks
image: nbd://10.73.224.94:9000/nbd_luks
file format: raw
virtual size: 5 GiB (5368709120 bytes)
disk size: unavailable
8. query-block-exports
# nc -U /home/qmp.sock
{"QMP": {"version": {"qemu": {"micro": 0, "minor": 2, "major": 5}, "package": "qemu-kvm-5.2.0-9.module+el8.4.0+10182+4161bd91"}, "capabilities": ["oob"]}}
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"query-block-exports"}
{"return": [{"node-name": "drive_image1", "shutting-down": false, "type": "nbd", "id": "export"}]}
{"execute":"query-named-block-nodes"}
{
"return": [{
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5368709120,
"filename": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"format": "luks",
"actual-size": 1048576,
"format-specific": {
"type": "luks",
"data": {
"ivgen-alg": "plain64",
"hash-alg": "sha256",
"cipher-alg": "aes-256",
"uuid": "c5033f40-a8e7-48f7-a6ea-4a1c8fe2da45",
"cipher-mode": "xts",
"slots": [{
"active": true,
"iters": 1742978,
"key-offset": 4096,
"stripes": 4000
}, {
"active": false,
"key-offset": 262144
}, {
"active": false,
"key-offset": 520192
}, {
"active": false,
"key-offset": 778240
}, {
"active": false,
"key-offset": 1036288
}, {
"active": false,
"key-offset": 1294336
}, {
"active": false,
"key-offset": 1552384
}, {
"active": false,
"key-offset": 1810432
}],
"payload-offset": 2068480,
"master-key-iters": 443885
}
},
"encrypted": true,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "drive_image1",
"backing_file_depth": 0,
"drv": "luks",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": true,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"encryption_key_missing": false
}, {
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5370777600,
"filename": "/home/test.luks",
"format": "file",
"actual-size": 1048576,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "file_image1",
"backing_file_depth": 0,
"drv": "file",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": false,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "/home/test.luks",
"encryption_key_missing": false
}]
}
9. luks key management
(1) add secret object
{ "execute": "object-add", "arguments": {"qom-type": "secret", "id": "sec1", "props": { "data": "redhat1"}}}
{"return": {}}
{ "execute": "object-add", "arguments": {"qom-type": "secret", "id": "sec2", "props": { "data": "redhat2"}}}
{"return": {}}
(2) add new passwords to free key slots
{"execute": "x-blockdev-amend", "arguments": {"node-name": "drive_image1", "job-id": "job_add_key1", "options": { "driver": "luks", "state": "active", "new-secret": "sec1", "keyslot": 1, "iter-time": 10}}}
{"timestamp": {"seconds": 1614849384, "microseconds": 641142}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job_add_key1"}}
{"timestamp": {"seconds": 1614849384, "microseconds": 641253}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job_add_key1"}}
{"return": {}}
{"timestamp": {"seconds": 1614849388, "microseconds": 417350}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job_add_key1"}}
{"timestamp": {"seconds": 1614849388, "microseconds": 417399}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job_add_key1"}}
{"timestamp": {"seconds": 1614849388, "microseconds": 417416}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job_add_key1"}}
{"execute": "job-dismiss", "arguments": {"id": "job_add_key1"}}
{"timestamp": {"seconds": 1614849417, "microseconds": 857993}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job_add_key1"}}
{"return": {}}
{"execute": "x-blockdev-amend", "arguments": {"node-name": "drive_image1", "job-id": "job_add_key2", "options": { "driver": "luks", "state": "active", "new-secret": "sec2"}}}
{"timestamp": {"seconds": 1614849502, "microseconds": 490380}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job_add_key2"}}
{"timestamp": {"seconds": 1614849502, "microseconds": 490487}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job_add_key2"}}
{"return": {}}
{"timestamp": {"seconds": 1614849508, "microseconds": 306551}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job_add_key2"}}
{"timestamp": {"seconds": 1614849508, "microseconds": 306623}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job_add_key2"}}
{"timestamp": {"seconds": 1614849508, "microseconds": 306686}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job_add_key2"}}
{"execute": "job-dismiss", "arguments": {"id": "job_add_key2"}}
{"timestamp": {"seconds": 1614849528, "microseconds": 399615}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job_add_key2"}}
{"return": {}}
(3) check slots after add two keys
{"execute":"query-named-block-nodes"}
{
"return": [{
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5368709120,
"filename": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"format": "luks",
"actual-size": 1048576,
"format-specific": {
"type": "luks",
"data": {
"ivgen-alg": "plain64",
"hash-alg": "sha256",
"cipher-alg": "aes-256",
"uuid": "c5033f40-a8e7-48f7-a6ea-4a1c8fe2da45",
"cipher-mode": "xts",
"slots": [{
"active": true,
"iters": 1742978,
"key-offset": 4096,
"stripes": 4000
}, {
"active": true,
"iters": 8755,
"key-offset": 262144,
"stripes": 4000
}, {
"active": true,
"iters": 1756996,
"key-offset": 520192,
"stripes": 4000
}, {
"active": false,
"key-offset": 778240
}, {
"active": false,
"key-offset": 1036288
}, {
"active": false,
"key-offset": 1294336
}, {
"active": false,
"key-offset": 1552384
}, {
"active": false,
"key-offset": 1810432
}],
"payload-offset": 2068480,
"master-key-iters": 443885
}
},
"encrypted": true,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "drive_image1",
"backing_file_depth": 0,
"drv": "luks",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": true,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"encryption_key_missing": false
}, {
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5370777600,
"filename": "/home/test.luks",
"format": "file",
"actual-size": 1048576,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "file_image1",
"backing_file_depth": 0,
"drv": "file",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": false,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "/home/test.luks",
"encryption_key_missing": false
}]
}
(4) erase a keyslot by giving a keyslot index
{"execute": "x-blockdev-amend", "arguments": {"node-name": "drive_image1", "job-id": "job_erase_key3", "options": { "driver": "luks", "state": "inactive", "keyslot": 2}}}
{"timestamp": {"seconds": 1614850296, "microseconds": 617031}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job_erase_key3"}}
{"timestamp": {"seconds": 1614850296, "microseconds": 617139}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job_erase_key3"}}
{"return": {}}
{"timestamp": {"seconds": 1614850296, "microseconds": 900906}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job_erase_key3"}}
{"timestamp": {"seconds": 1614850296, "microseconds": 900972}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job_erase_key3"}}
{"timestamp": {"seconds": 1614850296, "microseconds": 901012}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job_erase_key3"}}
{"execute": "job-dismiss", "arguments": {"id": "job_erase_key3"}}
{"timestamp": {"seconds": 1614850318, "microseconds": 498638}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job_erase_key3"}}
{"return": {}}
(5) erase by giving the password
{"execute": "x-blockdev-amend", "arguments": {"node-name": "drive_image1", "job-id": "job_erase_key4", "options": { "driver": "luks", "state": "inactive", "old-secret": "sec1"}}}
{"timestamp": {"seconds": 1614850512, "microseconds": 217910}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job_erase_key4"}}
{"timestamp": {"seconds": 1614850512, "microseconds": 218022}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job_erase_key4"}}
{"return": {}}
{"timestamp": {"seconds": 1614850515, "microseconds": 102728}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job_erase_key4"}}
{"timestamp": {"seconds": 1614850515, "microseconds": 102799}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job_erase_key4"}}
{"timestamp": {"seconds": 1614850515, "microseconds": 102840}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job_erase_key4"}}
{"execute": "job-dismiss", "arguments": {"id": "job_erase_key4"}}
{"timestamp": {"seconds": 1614850544, "microseconds": 884628}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job_erase_key4"}}
{"return": {}}
(6) check slots after erase two keys
{"execute":"query-named-block-nodes"}
{
"return": [{
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5368709120,
"filename": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"format": "luks",
"actual-size": 1048576,
"format-specific": {
"type": "luks",
"data": {
"ivgen-alg": "plain64",
"hash-alg": "sha256",
"cipher-alg": "aes-256",
"uuid": "c5033f40-a8e7-48f7-a6ea-4a1c8fe2da45",
"cipher-mode": "xts",
"slots": [{
"active": true,
"iters": 1742978,
"key-offset": 4096,
"stripes": 4000
}, {
"active": false,
"key-offset": 262144
}, {
"active": false,
"key-offset": 520192
}, {
"active": false,
"key-offset": 778240
}, {
"active": false,
"key-offset": 1036288
}, {
"active": false,
"key-offset": 1294336
}, {
"active": false,
"key-offset": 1552384
}, {
"active": false,
"key-offset": 1810432
}],
"payload-offset": 2068480,
"master-key-iters": 443885
}
},
"encrypted": true,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "drive_image1",
"backing_file_depth": 0,
"drv": "luks",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": true,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "json:{\"driver\": \"luks\", \"file\": {\"driver\": \"file\", \"filename\": \"/home/test.luks\"}, \"key-secret\": \"image1_encrypt0\"}",
"encryption_key_missing": false
}, {
"iops_rd": 0,
"detect_zeroes": "off",
"image": {
"virtual-size": 5370777600,
"filename": "/home/test.luks",
"format": "file",
"actual-size": 1048576,
"dirty-flag": false
},
"iops_wr": 0,
"ro": false,
"node-name": "file_image1",
"backing_file_depth": 0,
"drv": "file",
"iops": 0,
"bps_wr": 0,
"write_threshold": 0,
"encrypted": false,
"bps": 0,
"bps_rd": 0,
"cache": {
"no-flush": false,
"direct": true,
"writeback": true
},
"file": "/home/test.luks",
"encryption_key_missing": false
}]
}
Passed test blockdev options,export type vhost-user-blk options, object iothread,object throttle group, common qmp commands: query-named-block-nodes,object-add block-export-del block-export-add query-block-exports object-del blockdev-add blockdev-del qom-list Hi Kevin,
For exporting nbd image by tcp port. I can't check image info by #qemu-img info nbd:$hostname:port. Could you help to check if it is a bug?
1. export nbd raw image by tcp port 10850
# qemu-storage-daemon \
--blockdev driver=file,node-name=disk,filename=nbd_test.img \
--nbd-server addr.type=inet,addr.host=$hostname,addr.port=10850,max-connections=3 \
--export type=nbd,id=export,node-name=disk,writable=on
2. Check image info
# qemu-img info nbd://$hostname:10850
qemu-img: Could not open 'nbd://$hostname:10850': Requested export not available
server reported: export '' not present
3. Add name=qsd_test to --export,
# qemu-storage-daemon \
--blockdev driver=file,node-name=disk,filename=nbd_test.img \
--nbd-server addr.type=inet,addr.host=$hostname,addr.port=10850,max-connections=3 \
--export type=nbd,id=export,node-name=disk,writable=on,name=qsd_test
4. check image info
# qemu-img info nbd://$hostname:10850/qsd_test
image: nbd://$hostname:10850/qsd_test
file format: raw
virtual size: 1 GiB (1073741824 bytes)
disk size: unavailable
--export [type=]nbd,id=<id>,node-name=<node-name>[,name=<export-name>][,writable=on|off][,bitmap=<name>]
Followed the direct of qsd document, name=<export-name> is not a must have parameter, so I think this might be an issue. Please check, thanks.
The default for the 'name' option is the value of 'node-name'. So if you don't specify it, you should be able to access the image as nbd://$hostname:10850/disk. (In reply to Kevin Wolf from comment #32) > The default for the 'name' option is the value of 'node-name'. So if you > don't specify it, you should be able to access the image as > nbd://$hostname:10850/disk. Thanks Kevin, test with default name, it works. # qemu-img info nbd://hostname:10850/disk image: nbd://hostname:10850/disk file format: raw virtual size: 1 GiB (1073741824 bytes) disk size: unavailable Test result summary: The main features work as expected. but the help msg looks like need little improvement: 1.nbd-server need to define before export defination (https://bugzilla.redhat.com/show_bug.cgi?id=1901323#c29) 2.default name of export is same as node-name (https://bugzilla.redhat.com/show_bug.cgi?id=1901323#c32) Kevin do you think need to open a RFE bug to improve help message? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2098 |