Bug 1904674

Summary: remove flag of virsh set-user-sshkeys can not work
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Lili Zhu <lizhu>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Lili Zhu <lizhu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: chhu, demeng, jdenemar, lmen, virt-maint, xuzhang
Target Milestone: rcKeywords: Upstream
Target Release: 8.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-7.0.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-25 06:45:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 7.0.0
Embargoed:

Description Lili Zhu 2020-12-05 14:07:59 UTC 
Description of problem:
remove flag of set-user-sshkeys can not work

Version-Release number of selected component (if applicable):
libvirt-6.10.0-1.module+el8.4.0+8898+a84e86e1.x86_64

How reproducible:
100%

Steps to Reproduce:
1. prepare a guest with qemu-guest-agent service started
# virsh domtime avocado-vt-vm1 
Time: 1607177139

2. try to remove keys from the authorized keys file of user lizhu
# virsh set-user-sshkeys avocado-vt-vm1 lizhu --remove /root/.ssh/id_rsa.pub
error: Flags 'VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND' and 'VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE' are mutually exclusive

# virsh set-user-sshkeys avocado-vt-vm1 lizhu --remove --file /root/.ssh/id_rsa.pub
error: Flags 'VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND' and 'VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE' are mutually exclusive

# virsh set-user-sshkeys avocado-vt-vm1 lizhu --remove 
error: Option --file is required by option --remove

# virsh set-user-sshkeys avocado-vt-vm1 lizhu --remove --file
error: expected syntax: --file <string>


Actual results:
remove flag of set-user-sshkeys can not work

Additional info:
Comment 1 Michal Privoznik 2020-12-08 13:13:10 UTC 
Oops, yes. Patch proposed upstream:

https://www.redhat.com/archives/libvir-list/2020-December/msg00486.html
Comment 2 Michal Privoznik 2020-12-08 13:46:53 UTC 
Merged upstream as:

b9dcaede65 virsh: cmdSetUserSSHKeys: Error early if the file doesn't contain any keys
22e785b8ef virsh: Fix logical error in cmdSetUserSSHKeys()

v6.10.0-127-gb9dcaede65
Comment 3 Lili Zhu 2021-01-01 10:01:17 UTC 
Test this bug with:
libvirt-6.10.0-1.fc34.x86_64
qemu-guest-agent-5.2.0-2.module+el8.4.0+9186+ec44380f.x86_64

1. prepare a guest with qemu-guest-agent service started
# virsh domtime pc 
Time: 1609494344

2. check the exsiting authorized ssh keys in guest
# virsh get-user-sshkeys pc lizhu                          
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPaNWKd3/Z6QNIGIgNOCh5yCxbvm1pog5IDGyzNPKz0h root@lizhu-fedorassh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyZlk72jJqCMorQRlkqk54dPZlhqH1ziCIC5D6U6dnYD70F+syWzCiZnJetYBPrT65QR1kOoMxwd3mM1EtJhZhWD287j4MFPGho5huWlMOQXwOkLq0ZKcOh8sAW4Jlbp22zrKmQmdERFTC53N5AMxfep2DyrTCtRFX0fgSczfX5A3HCe4e0ooulVrF1pe9OwBHAUjlcVlC4ggzNTIP9J9v112ecZnaDxvGf1ZNFBWPfeh10Nf5H7fCGAwxP9iCWq1lHliGEzRnN8QDLJo3082uPEL/9sxWsj8qEK3tYnwYUNXhtmqyHUODip6IPE8PHm32h6gX/nt1115ndnZD4AQnxkncEYZ9CAZdtGdpz1TAAxsfD91tYLTGI/v3o+56lDVIYN6P2840aTy2eW4olg18fSKV08/gUZgRAwd0nAwD+3uaxGK1M2DZRVMNNK+mws5kowqUec4kbweYQIAUedF8fFkkr51/r3HnK65oT0XADLJ4ZQhm4fF+UMkYedGSc0c= tester@lizhu-fedora

3. remove 1 ssh key
# virsh set-user-sshkeys pc lizhu --remove /root/.ssh/id_ed25519.pub

# virsh get-user-sshkeys pc lizhu                                   
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyZlk72jJqCMorQRlkqk54dPZlhqH1ziCIC5D6U6dnYD70F+syWzCiZnJetYBPrT65QR1kOoMxwd3mM1EtJhZhWD287j4MFPGho5huWlMOQXwOkLq0ZKcOh8sAW4Jlbp22zrKmQmdERFTC53N5AMxfep2DyrTCtRFX0fgSczfX5A3HCe4e0ooulVrF1pe9OwBHAUjlcVlC4ggzNTIP9J9v112ecZnaDxvGf1ZNFBWPfeh10Nf5H7fCGAwxP9iCWq1lHliGEzRnN8QDLJo3082uPEL/9sxWsj8qEK3tYnwYUNXhtmqyHUODip6IPE8PHm32h6gX/nt1115ndnZD4AQnxkncEYZ9CAZdtGdpz1TAAxsfD91tYLTGI/v3o+56lDVIYN6P2840aTy2eW4olg18fSKV08/gUZgRAwd0nAwD+3uaxGK1M2DZRVMNNK+mws5kowqUec4kbweYQIAUedF8fFkkr51/r3HnK65oT0XADLJ4ZQhm4fF+UMkYedGSc0c= tester@lizhu-fedora

removing ssh key successfully.

4. try to remove it again
# virsh set-user-sshkeys pc lizhu --remove /root/.ssh/id_ed25519.pub

# virsh get-user-sshkeys pc lizhu                                   
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyZlk72jJqCMorQRlkqk54dPZlhqH1ziCIC5D6U6dnYD70F+syWzCiZnJetYBPrT65QR1kOoMxwd3mM1EtJhZhWD287j4MFPGho5huWlMOQXwOkLq0ZKcOh8sAW4Jlbp22zrKmQmdERFTC53N5AMxfep2DyrTCtRFX0fgSczfX5A3HCe4e0ooulVrF1pe9OwBHAUjlcVlC4ggzNTIP9J9v112ecZnaDxvGf1ZNFBWPfeh10Nf5H7fCGAwxP9iCWq1lHliGEzRnN8QDLJo3082uPEL/9sxWsj8qEK3tYnwYUNXhtmqyHUODip6IPE8PHm32h6gX/nt1115ndnZD4AQnxkncEYZ9CAZdtGdpz1TAAxsfD91tYLTGI/v3o+56lDVIYN6P2840aTy2eW4olg18fSKV08/gUZgRAwd0nAwD+3uaxGK1M2DZRVMNNK+mws5kowqUec4kbweYQIAUedF8fFkkr51/r3HnK65oT0XADLJ4ZQhm4fF+UMkYedGSc0c= tester@lizhu-fedora

no change.

5. try to use --remove flag with no files
# virsh set-user-sshkeys pc lizhu --remove 
error: Option --file is required by option --remove
Comment 6 Lili Zhu 2021-01-22 12:23:02 UTC 
Verify this bug with:
libvirt-daemon-7.0.0-1.module+el8.4.0+9464+3e71831a.x86_64
qemu-guest-agent-5.2.0-3.module+el8.4.0+9499+42e58f08.x86_64

The testing results are the same with that in Comment #3, mark the bug as verified.
Comment 8 errata-xmlrpc 2021-05-25 06:45:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2098