1465373 – disallow file.logfile for gluster backing images

Bug 1465373 - disallow file.logfile for gluster backing images

Summary: disallow file.logfile for gluster backing images

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	8.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.1
Assignee:	Virtualization Maintenance
QA Contact:	yisun
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-27 10:21 UTC by Yanqiu Zhang
Modified:	2020-11-14 12:53 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-02-18 13:28:13 UTC
Type:	Feature Request
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Yanqiu Zhang 2017-06-27 10:21:51 UTC

Description of problem:
Libvirt should support gluster with "file.logfile" option

Version-Release number of selected component (if applicable):
libvirt-3.2.0-14.el7.x86_64
qemu-kvm-rhev-2.9.0-14.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Create json backing image via inet gluster protocols with "file.logfile" option
# getenforce
Enforcing
# qemu-img create -f qcow2 -b 'json:{"file.driver":"gluster","file.volume":"gluster-vol1","file.path":"R.qcow2","file.logfile":"/tmp/log","file.debug":9,"file.server":[{"type":"inet","host":"10.66.*.*","port":"24007"}]}' /var/lib/libvirt/images/gluster_inet.img
Formatting '/var/lib/libvirt/images/gluster_inet.img', fmt=qcow2 size=104857600 backing_file=json:{"file.driver":"gluster",,"file.volume":"gluster-vol1",,"file.path":"R.qcow2",,"file.logfile":"/tmp/log",,"file.debug":9,,"file.server":[{"type":"inet",,"host":"10.66.*.*",,"port":"24007"}]} encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16

# ll -hZ /tmp/log
-rw-------. root root unconfined_u:object_r:user_tmp_t:s0 /tmp/log

2.Cold-plug the image to guest V:
# virsh attach-disk V  /var/lib/libvirt/images/gluster_inet.img vdb --subdriver qcow2 --config
Disk attached successfully

3.# virsh start V
error: Failed to start domain V
error: internal error: qemu unexpectedly closed the monitor: 2017-06-27T08:46:08.304690Z qemu-kvm: -chardev pty,id=charserial0: char device redirected to /dev/pts/2 (label charserial0)
ERROR: failed to create logfile "/tmp/log" (Permission denied)
2017-06-27T08:46:08.321864Z qemu-kvm: -drive file=/var/lib/libvirt/images/gluster_inet.img,format=qcow2,if=none,id=drive-virtio-disk1: Could not open backing file: Could not open image: Permission denied

4.Disable selinux and change permission for /tmp/log, then restart the guest again:
# setenforce 0
# chown qemu:qemu /tmp/log
# virsh start V
Domain V started


Actual results:
As in step3, when try to start a guest with gluster backing images with "file.logfile" option, guest will fail to start due to permission denied for the log file.

Expected results:
Libvirt should support gluster with "file.logfile" option, need a attribute 'logfile' in xml as the gluster client log location,
e.g.
<disk type='network' device='disk'>
<driver name='qemu' type='qcow2' cache='none'/>
<source protocol='gluster' name='gluster-vol1/V-7.4.qcow2'>
<host name='$gfs_IP' logfile='/tmp/log'/>
</source>
<target dev='vda' bus='virtio'/>
</disk>


Additional info:

Comment 1 Daniel Berrangé 2017-06-27 10:28:35 UTC

IMHO this is an example of something we should in fact not support in general. Permanently embedding a log file path inside a disk image is a really terrible idea. A logfile path should be controlled by libvirt at guest startup, using a fixed path determined by libvirt.

Comment 2 Peter Krempa 2017-06-27 10:40:25 UTC

Logging for gluster disks can be enabled via the gluster_debug_level option in qemu.conf. Gluster then logs into the VM log file.

Libvirt should not take the log file from the backing image. It's possible that it might be worth adding that on a per-disk basis, but currently I don't really think it's worth.

Comment 3 Daniel Berrangé 2017-06-27 10:43:47 UTC

I wonder if when launching QEMU, libvirt can explicitly set the 'file.logfile' parameter to empty, to forcably overridden any bad settings hardcoded in the disk image ?

Comment 4 Peter Krempa 2017-06-27 10:52:53 UTC

Currently we have instrumentation to only modify the properties of the top level image. QEMU has command line syntax which would allow this, but it's rather unpractical.

I dont't think that it's really worth doing it until we will track the full backing chain and be able to specify image properties individually, since it would require ugly hacky code to address the image in the backing chain while the image is detected automatically by qemu (not passed on the commandline)

Comment 5 Daniel Berrangé 2017-06-27 10:57:22 UTC

We do at least extract the full backing chain from images when starting a VM / adding a disk. So perhaps we should explicitly report an error from that code if we see a logfile parameter set for gluster, so we get a clear upfront error message, rather than QEMU failing some time later ?

Comment 6 Peter Krempa 2017-06-27 11:03:14 UTC

Yes, that is possible and pretty trivial to do. Apart from starting the VM there are two cases that will perhaps need special attention. Snapshots with --reuse-external and block-copy with --reuse-external.

I'll repurpose this bug to track that. I think it makes sense to forbid it.

Comment 7 Jaroslav Suchanek 2019-04-24 12:26:22 UTC

This bug is going to be addressed in next major release.

Comment 8 Jaroslav Suchanek 2020-02-18 13:28:13 UTC

This bug was closed deferred as a result of bug triage.

Please reopen if you disagree and provide justification why this bug should
get enough priority. Most important would be information about impact on
customer or layered product. Please indicate requested target release.

Note You need to log in before you can comment on or make changes to this bug.