1173478 – Domain configure xml validation fails when using rbd based image as disk specifying usage in authentication

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1173478 - Domain configure xml validation fails when using rbd based image as disk specifying usage in authentication

Summary: Domain configure xml validation fails when using rbd based image as disk spec...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Peter Krempa
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-12 08:54 UTC by Yang Yang
Modified:	2019-01-22 08:51 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-19 05:58:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:2202	0	normal	SHIPPED_LIVE	libvirt bug fix and enhancement update	2015-11-19 08:17:58 UTC

Description Yang Yang 2014-12-12 08:54:52 UTC

Description of problem:
Domain configure xml validation fails when using rbd based image as disk specifying usage in authentication. Validation passed after updating 'usage' to 'uuid'. Also passed after deleting 'auth' element.

Version-Release number of selected component (if applicable):
libvirt-1.2.8-10.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare a running vm using rbd based image as disk
# virsh list --all
Id    Name                           State
----------------------------------------------------
 27    rbd                            running

2. dump rbd
# virsh dumpxml rbd > rbd-test.xml

3.  #cat rbd-test.xml
......
 <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <auth username='libvirt'>
        <secret type='ceph' usage='client.libvirt secret'/>  ---> important
      </auth>
      <source protocol='rbd' name='libvirt-pool/rbd-rhel-raw.img'>
        <host name='10.66.85.215' port='6789'/>
      </source>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </disk>
......

4. validate
# virt-xml-validate rbd-test.xml
Relax-NG validity error : Extra element devices in interleave
rbd-test.xml:1: element domain: Relax-NG validity error : Element domain failed to validate content
rbd-test.xml fails to validate

5. validate after deleting <auth>..</auth> in rbd-test.xml 

#cat rbd-test.xml
......
 <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source protocol='rbd' name='libvirt-pool/rbd-rhel-raw.img'>
        <host name='10.66.85.215' port='6789'/>
      </source>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </disk>
......

# virt-xml-validate rbd-test.xml
rbd-test.xml validates

6. validate after updating 'usage' attribute in <auth> element to uuid
   <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
<auth username='libvirt'>
        <secret type='ceph' uuid='3a638b00-d54a-4660-808b-ce3b19d54403'/>
      </auth>
 <source protocol='rbd' name='libvirt-pool/rbd-rhel-raw.img'>
        <host name='10.66.85.215' port='6789'/>
      </source>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </disk>

# virt-xml-validate rbd-test.xml
rbd-test.xml validates

Actual result:
In step 4, validation failed when using usage in auth

Expected result:
Domain can start with the xml, so validation should pass

Additional info:

Comment 1 Peter Krempa 2015-03-03 16:20:56 UTC

The problem is that the "client.libvirt secret" contains invalid characters (dot, space) and thus fails to validate.

The validation should also fail for the XML for defining the secret itself. Making the checks stricter or RNG schema looser doesn't make sense for this problem.

Marking as test only to verify that <secret> definitions that validate successfully can be used in <auth> elements.

Comment 2 yisun 2015-09-06 07:51:50 UTC

tested on:
libvirt-1.2.17-7.el7.x86_64
qemu-kvm-rhev-2.3.0-22.el7.x86_64
kernel-3.10.0-304.el7.x86_64


Per Comment 1, the problem is special characters involved in secret title. 
So test scenario is to collect all supported special characters and put them in secret.xml's title field, and see if both of the secret and the vm's xml which contain the secret can pass the xml validation. 

Steps:
1. # cat secret1.xml 
<secret ephemeral='no' private='no'>
<usage type='ceph'>
<name>1+s_+N-</name>
</usage>
</secret> 

2. # virt-xml-validate secret1.xml 
secret1.xml validates

3. # cat rbd.xml 
<domain type='kvm' id='19'>
 ...
    </disk>
    <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <auth username='libvirt'>
        <secret type='ceph' usage='1+s_+N-'/>
      </auth>
      <source protocol='rbd' name='libvirt-pool/rbd-rhel-raw.img'>
        <host name='10.66.85.215' port='6789'/>
      </source>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </disk>
  </devices>
  ...
</domain>

4. # virt-xml-validate rbd.xml 
rbd.xml validates


So both of the xml passed the virt-xml-validate as comment 1 mentioned.

Comment 4 errata-xmlrpc 2015-11-19 05:58:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html

Note You need to log in before you can comment on or make changes to this bug.