1476775 – RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1476775 - RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved

Summary: RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** par...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	John Ferlan
QA Contact:	yisun
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-31 12:39 UTC by yisun
Modified:	2018-04-10 10:54 UTC (History)
CC List:	9 users (show)
Fixed In Version:	libvirt-3.8.0-1.el7
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:
Environment:
Last Closed:	2018-04-10 10:52:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2018:0704	0	None	None	None	2018-04-10 10:54:52 UTC

Description yisun 2017-07-31 12:39:47 UTC

Description of problem:
RFE: pool-define-as and pool-create-as better to have a **--secret-uuid** parameter when authentication involved 

Version-Release number of selected component (if applicable):
libvirt-3.2.0-14.el7_4.2.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ## man virsh
pool-create-as name type ... [--auth-type authtype --auth-username username --secret-usage usage] ...
...
pool-define-as ...
 Use the same arguments as pool-create-as ...

2. ## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd
error: command 'pool-define-as' doesn't support option --secret-uuid

3. when create a pool by xml, it can contain authentication info indicated by secret uuid, as follow
<pool type='iscsi'>
  <name>virtimages</name>
  ...
  <source>
    <host name='iscsi.example.com'/>
    <device path='iqn.2013-06.com.example:iscsi-pool'/>
    <auth type='chap' username='myname'>
      ** <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/> **
    </auth>
  </source>
  ...
</pool>

(http://libvirt.org/formatstorage.html has more detailed info about pool's xml)

Actual results:
As above, when using pool-create-as or pool-define-as with authentication info, secret uuid cannot be used, only secret usage can be used.

Expected results:
We'd better to provide both ways about how to indicate a libvirt secret in these commands, and secret uuid is used more frequently in other commands (secret operations). A --secret-uuid parameter should work.

Comment 2 John Ferlan 2017-09-05 18:46:25 UTC

Sure - seems reasonable...  patch posted upstream:

https://www.redhat.com/archives/libvir-list/2017-September/msg00099.html

Tested in build tree:


$ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --print-xml
<pool type='iscsi'>
  <name>ip</name>
  <source>
    <host name='localhost'/>
    <device path='iqn.2013-06.com.example:iscsi-pool'/>
    <auth type='chap' username='redhat'>
      <secret uuid='0de1f358-2c4c-4ea1-a6f8-60023ddd38dd'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>

$ ./run tools/virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host localhost --source-dev iqn.2013-06.com.example:iscsi-pool --auth-type chap --auth-username redhat --secret-uuid 0de1f358-2c4c-4ea1-a6f8-60023ddd38dd --secret-usage=foolme --print-xml
error: Options --secret-usage and --secret-uuid are mutually exclusive

$

Comment 3 John Ferlan 2017-09-27 12:15:41 UTC

Patch pushed upstream:

commit 63d3d895a2c00a849440706b3daa7199296b4b33
Author: John Ferlan <jferlan>
Date:   Tue Sep 5 13:44:15 2017 -0400

    virsh: Add/allow secret-uuid for pool-{define|create}-as
    
...
    
    For the virsh pool-{define|create}-as command, let's allow using
    --secret-uuid on the command line as an alternative to --secret-usage
    (added for commit id '8932580'), but ensure that they are mutually
     exclusive.


$ git describe 63d3d895a2c00a849440706b3daa7199296b4b33
v3.7.0-180-g63d3d895a
$

Comment 5 yisun 2017-10-27 10:17:42 UTC

Verified with: 
libvirt-3.8.0-1.el7.x86_64
qemu-kvm-rhev-2.9.0-16.el7_4.8.x86_64

1. check virsh manual
#man virsh
 pool-create-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
       --auth-username username [--secret-usage usage | ** --secret-uuid uuid**]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--build] [[--overwrite]
       | [--no-overwrite]] [--print-xml]
...
pool-define-as name type [--source-host hostname] [--source-path path] [--source-dev path] [--source-name name] [--target path] [--source-format format] [--auth-type authtype
       --auth-username username [--secret-usage usage | ** --secret-uuid uuid **]] [[--adapter-name name] | [--adapter-wwnn --adapter-wwpn] [--adapter-parent parent]] [--print-xml]


2. check pool-define-as
## virsh pool-define-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip defined

## virsh pool-start ip
Pool ip started

## virsh vol-list ip
 Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:0           /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0

## virsh pool-dumpxml ip
<pool type='iscsi'>
  <name>ip</name>
  <uuid>0406d2f4-ddca-47be-9b17-5ec4f25a611e</uuid>
  <capacity unit='bytes'>1048576000</capacity>
  <allocation unit='bytes'>1048576000</allocation>
  <available unit='bytes'>0</available>
  <source>
    <host name='127.0.0.1'/>
    <device path='iqn.2016-03.com.virttest:test-pool.target'/>
    <auth type='chap' username='lento'>
      <secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>


## virsh pool-destroy ip
Pool ip destroyed

## virsh pool-undefine ip
Pool ip has been undefined

3. check pool-create-as
## virsh pool-create-as --name ip --type iscsi --target /dev/disk/by-path --source-host 127.0.0.1 --source-dev iqn.2016-03.com.virttest:test-pool.target --auth-type chap --auth-username lento --secret-uuid b8a710f0-3388-4edc-900b-cd18d5c3d2b4
Pool ip created


# virsh vol-list ip
 Name                 Path                                    
------------------------------------------------------------------------------
 unit:0:0:0           /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2016-03.com.virttest:test-pool.target-lun-0

 ## virsh pool-dumpxml ip
<pool type='iscsi'>
  <name>ip</name>
  <uuid>9447ce2f-5569-44e9-ad61-c8fe8fd89106</uuid>
  <capacity unit='bytes'>1048576000</capacity>
  <allocation unit='bytes'>1048576000</allocation>
  <available unit='bytes'>0</available>
  <source>
    <host name='127.0.0.1' port='3260'/>
    <device path='iqn.2016-03.com.virttest:test-pool.target'/>
    <auth type='chap' username='lento'>
      <secret uuid='b8a710f0-3388-4edc-900b-cd18d5c3d2b4'/>
    </auth>
  </source>
  <target>
    <path>/dev/disk/by-path</path>
  </target>
</pool>

Comment 9 errata-xmlrpc 2018-04-10 10:52:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0704

Note You need to log in before you can comment on or make changes to this bug.