Description of problem: Virtual iscsi disk's authenticate lost when save the domain Version-Release number of selected component (if applicable): libvirt-5.10.0-1.module+el8.2.0+5135+ed3b2489.x86_64 qemu-kvm-4.2.0-5.module+el8.2.0+5389+367d9739.x86_64 How reproducible: 100% Steps to Reproduce: 1.Prepare a guest with authenticate iscsi lun <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none' io='threads' discard='unmap' detect_zeroes='on'/> <source protocol='iscsi' name='iqn.2020-01.com.virttest:disk-pool-auth.target/0'> <host name='10.66.85.243' port='3260'/> <initiator> <iqn name='iqn.2020-01.com.example:authclient'/> </initiator> <auth username='redhat'> <secret type='iscsi' uuid='3d714d03-e23c-4b0d-b794-3450bd750bf4'/> </auth> </source> <target dev='vdf' bus='scsi'/> <address type='drive' controller='0' bus='0' target='0' unit='5'/> </disk> # virsh secret-list UUID Usage ---------------------------------------------------------------------------------------- 3d714d03-e23c-4b0d-b794-3450bd750bf4 iscsi libvirtiscsi # MYSECRET=`printf %s "redhat" | base64` # virsh secret-set-value 3d714d03-e23c-4b0d-b794-3450bd750bf4 $MYSECRET Secret value set # virsh domblklist demo target source ------------------------------------------------------------------------- vda /var/lib/libvirt/images/RHEL-8.2.0-20191219.0-x86_64-ovmf.qcow2 vdb /var/lib/libvirt/images/raw.img vdf iqn.2020-01.com.virttest:disk-pool-auth.target/0 2.Make an external snapshot for the domain and then save the domain: # virsh snapshot-create-as demo --disk-only --diskspec vdf,file=/tmp/iscsi.s1 snapshot created 1578564908 # virsh save demo /tmp/demo.save1 # qemu-img info /tmp/demo.save1 image: /tmp/demo.save1 file format: raw virtual size: 356 MiB (373433856 bytes) disk size: 356 MiB 3.Try to restore the domain from the file: # virsh restore /tmp/demo.save1 error:internal error: process exited while connecting to monitor: 2020-01-09T10:17:38.885996Z qemu-kvm: -blockdev {"driver":"iscsi","portal":"10.66.85.243:3260","target":"iqn.2020-01.com.virttest:disk-pool-auth.target","lun":0,"transport":"tcp","initiator-name":"iqn.2020-01.com.example:authclient","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}: iSCSI: Failed to connect to LUN : Failed to log in to target. Status: Authentication failure(513) But it still can be started: # virsh start demo Domain demo started And the authencation still exists in the xml by checking with "dumpxml" But in /tmp/demo.save1 ,it lost <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none' io='threads' discard='unmap' detect_zeroes='on'/> <source file='/tmp/iscsi.s1'/> <backingStore type='network'> <format type='raw'/> <source protocol='iscsi' name='iqn.2020-01.com.virttest:disk-pool-auth.target/0'> <host name='10.66.85.243' port='3260'/> <initiator> <iqn name='iqn.2020-01.com.example:authclient'/> </initiator> </source> </backingStore> <target dev='vdf' bus='scsi'/> <address type='drive' controller='0' bus='0' target='0' unit='5'/> </disk> Actual results: As step 3 Expected results: The authenticate info should be kept when execute "virsh save",so we can restore from the saving file. Additional info: This bug is similar to https://bugzilla.redhat.com/show_bug.cgi?id=1788898 but in different function.
Fixed upstream: commit 3f2d167d9c733f588e693d44d7aa9b21dcb415c7 (HEAD -> master, origin/master, origin/HEAD) Author: Peter Krempa <pkrempa> Date: Fri Jan 10 17:25:16 2020 +0100 conf: Always format storage source auth and encryption under <source> for backing files Historically there are two places where we format authentication and encryption for a disk. The logich which formats it for backing files was flawed though and didn't format it at all. This worked if the image became a backing file through the means of a snapshot but not directly. Force formatting of the source and encryption for any non-disk case to fix the issue. This caused problems in many places as we use the formatter to copy the definition. Effectively any copy lost the secret definition.
Verified on : libvirt-6.0.0-2.virtcov.el8.x86_64 qemu-kvm-4.2.0-8.module+el8.2.0+5607+dc756904.x86_64 Step: 1.Start a guest with authenticate iscsi lun ... <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none' io='threads' discard='unmap' detect_zeroes='on'/> <source protocol='iscsi' name='iqn.2020-01.com.virttest:disk-pool-auth.target/0'> <host name='10.66.85.243' port='3260'/> <initiator> <iqn name='iqn.2020-01.com.example:authclient'/> </initiator> <auth username='redhat'> <secret type='iscsi' uuid='3d714d03-e23c-4b0d-b794-3450bd750bf4'/> </auth> </source> <target dev='vdf' bus='scsi'/> <address type='drive' controller='0' bus='0' target='0' unit='5'/> </disk> ... 2.Create external snapshot and save the domain # virsh snapshot-create-as demo --disk-only --diskspec vdf,file=/tmp/iscsi.s1 Domain snapshot 1580694814 created # virsh save demo /tmp/demo.save Domain demo saved to /tmp/demo.save [root@jgao-test1 ~]# qemu-img info /tmp/demo.save image: /tmp/demo.save file format: raw virtual size: 43.6 MiB (45769728 bytes) disk size: 43.7 MiB Check the /tmp/demo.save,still can found the part of source and encryption. 3.Restore the domain and check the domain xml # virsh restore /tmp/demo.save Domain restored from /tmp/demo.save Can still found the encryption part <source protocol='iscsi' name='iqn.2020-01.com.virttest:disk-pool-auth.target/0'> <host name='10.66.85.243' port='3260'/> <initiator> <iqn name='iqn.2020-01.com.example:authclient'/> </initiator> <auth username='redhat'> <secret type='iscsi' uuid='3d714d03-e23c-4b0d-b794-3450bd750bf4'/> </auth> </source> Work as expected
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2017