Bug 1476775 - RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved
RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** par...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.4
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: John Ferlan
yisun
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-31 08:39 EDT by yisun
Modified: 2018-04-10 06:54 EDT (History)
9 users (show)

See Also:
Fixed In Version: libvirt-3.8.0-1.el7
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 06:52:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0704 None None None 2018-04-10 06:54 EDT

  None (edit)
Description yisun 2017-07-31 08:39:47 EDT
Description of problem:
RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved 

Version-Release number of selected component (if applicable):
libvirt-3.2.0-14.el7_4.2.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ## man virsh
pool-create-as name type ... [--auth-type authtype --auth-username username --secret-usage usage] ...
...
pool-define-as ...
 Use the same arguments as pool-create-as ...

2. ## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd
error: command 'pool-define-as' doesn't support option --secret-uuid

3. when create a pool by xml, it can contain authentication info indicated by secret uuid, as follow
<pool type='iscsi'>
  <name>virtimages</name>
  ...
  <source>
    <host name='iscsi.example.com'/>
    <device path='iqn.2013-06.com.example:iscsi-pool'/>
    <auth type='chap' username='myname'>
      ** <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/> **
    </auth>
  </source>
  ...
</pool>

(http://libvirt.org/formatstorage.html has more detailed info about pool's xml)

Actual results:
As above, when using pool-create-as or pool-define-as with authentication info, secret uuid cannot be used, only secret usage can be used.

Expected results:
We'd better to provide both ways about how to indicate a libvirt secret in these commands, and secret uuid is used more frequently in other commands (secret operations). A --secret-uuid parameter should work.
Comment 2 John Ferlan 2017-09-05 14:46:25 EDT
Sure - seems reasonable...  patch posted upstream:

https://www.redhat.com/archives/libvir-list/2017-September/msg00099.html

Tested in build tree:


$ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --print-xml
<pool type='iscsi'>
  <name>ip</name>
  <source>
    <host name='localhost'/>
    <device path='iqn.2013-06.com.example:iscsi-pool'/>
    <auth type='chap' username='redhat'>
      <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>

$ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --secret-usage=foolme --print-xml
error: Options --secret-usage and --secret-uuid are mutually exclusive

$
Comment 3 John Ferlan 2017-09-27 08:15:41 EDT
Patch pushed upstream:

commit 63d3d895a2c00a849440706b3daa7199296b4b33
Author: John Ferlan <jferlan@redhat.com>
Date:   Tue Sep 5 13:44:15 2017 -0400

    virsh: Add/allow secret-uuid for pool-{define|create}-as
    
...
    
    For the virsh pool-{define|create}-as command, let's allow using
    --secret-uuid on the command line as an alternative to --secret-usage
    (added for commit id '8932580'), but ensure that they are mutually
     exclusive.


$ git describe 63d3d895a2c00a849440706b3daa7199296b4b33
v3.7.0-180-g63d3d895a
$
Comment 5 yisun 2017-10-27 06:17:42 EDT
Verified with: 
libvirt-3.8.0-1.el7.x86_64
qemu-kvm-rhev-2.9.0-16.el7_4.8.x86_64

1. check virsh manual
#man virsh
 pool-create-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
       --auth-username username [--secret-usage usage | ** --secret-uuid uuid**]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--build] [[--overwrite]
       | [--no-overwrite]] [--print-xml]
...
pool-define-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
       --auth-username username [--secret-usage usage | ** --secret-uuid uuid **]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--print-xml]


2. check pool-define-as
## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip defined

## virsh pool-start ip
Pool ip started

## virsh vol-list ip
 Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:0           /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0

## virsh pool-dumpxml ip
<pool type='iscsi'>
  <name>ip</name>
  <uuid>0406d2f4-ddca-47be-9b17-5ec4f25a611e</uuid>
  <capacity unit='bytes'>1048576000</capacity>
  <allocation unit='bytes'>1048576000</allocation>
  <available unit='bytes'>0</available>
  <source>
    <host name='127.0.0.1'/>
    <device path='iqn.2016-03.com.virttest:test-pool.target'/>
    <auth type='chap' username='lento'>
      <secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>


## virsh pool-destroy ip
Pool ip destroyed

## virsh pool-undefine ip
Pool ip has been undefined

3. check pool-create-as
## virsh pool-create-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip created


# virsh vol-list ip
 Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:0           /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0

 ## virsh pool-dumpxml ip
<pool type='iscsi'>
  <name>ip</name>
  <uuid>9447ce2f-5569-44e9-ad61-c8fe8fd89106</uuid>
  <capacity unit='bytes'>1048576000</capacity>
  <allocation unit='bytes'>1048576000</allocation>
  <available unit='bytes'>0</available>
  <source>
    <host name='127.0.0.1' port='3260'/>
    <device path='iqn.2016-03.com.virttest:test-pool.target'/>
    <auth type='chap' username='lento'>
      <secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>
Comment 9 errata-xmlrpc 2018-04-10 06:52:40 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0704

Note You need to log in before you can comment on or make changes to this bug.