Description of problem: The <auth>..</auth> is moved out of source element after blockcommit Version-Release number of selected component (if applicable): libvirt-6.0.0-17.el8.x86_64 qemu-kvm-4.2.0-17.module+el8.2.0+6141+0f540f16.x86_64 How reproducible: 100% Steps to Reproduce: 1. Create the overlay image: # qemu-img create --object secret,data='redhat',id=sec,format=raw -f qcow2 -b 'json:{"driver":"raw", "file":{"lun":"0", "portal":"10.66.144.87", "driver":"iscsi", "transport":"tcp", "target":"iqn.2020-04.com.chap.target", "user":"redhat", "password-secret":"sec"}}' -o backing_fmt='raw' /var/lib/libvirt/images/iscsi_auth_cipher 2. Start the guest with the following disk: # virsh dumpxml lmn | grep /disk -B16 <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none'/> <source file='/var/lib/libvirt/images/iscsi_auth_cipher' index='1'/> <backingStore type='network' index='2'> <format type='raw'/> <source protocol='iscsi' name='iqn.2020-04.com.chap.target/0'> <host name='10.66.144.87' port='3260'/> <auth username='redhat'> ---->This auth element is in source element <secret type='iscsi' usage='libvirtiscsi'/> </auth> </source> <backingStore/> </backingStore> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </disk> 3. Do blockcommit and check the disk xml in guest. # virsh blockcommit lmn vdb --verbose --pivot Block commit: [100 %] Successfully pivoted # virsh dumpxml lmn | grep /disk -B12 <disk type='network' device='disk'> <driver name='qemu' type='raw' cache='none'/> <auth username='redhat'> ---->This auth element is out of source element <secret type='iscsi' usage='libvirtiscsi'/> </auth> <source protocol='iscsi' name='iqn.2020-04.com.chap.target/0' index='2'> <host name='10.66.144.87' port='3260'/> </source> <backingStore/> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </disk> Actual results: The <auth>..</auth> is moved out of source element after blockcommit Expected results: The <auth>..</auth>element should be in the source element after blockcommit Additional info: The <auth>..</auth>element is in expected location when directly create snapshot for the network disk with auth and do blockcommit.
Fixed upstream: fe12fb4132 conf: Store 'diskElementAuth' and 'diskElementEnc' properties in status XML 6bde2a1e20 conf: Sanitize handling of <auth> and <encryption> placement for disks v6.3.0-69-gfe12fb4132
Test Version: libvirt-6.5.0-1.el8.x86_64 qemu-kvm-5.0.0-2.module+el8.3.0+7379+0505d6ca.x86_64 Test Steps: SC1: Blockcommit guest with “auth” subelement in “source” element xml 1. Prepare a iscsi secret. # virsh secret-list UUID Usage ------------------------------------------------------------ 9684f1b5-dcf2-479a-b715-468bea128364 iscsi libvirtiscsi 2. Prepare a running guest with network disk which has auth element as the base image. # virsh snapshot-create-as lmn s1 --disk-only --diskspec vdb,file=/tmp/lmn.s1 Domain snapshot s1 created # virsh dumpxml lmn | grep /disk -B 20 … <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/tmp/lmn.s1' index='3'/> <backingStore type='network' index='1'> <format type='raw'/> <source protocol='iscsi' name='iqn.1994-05.com.redhat:authyes/0'> <host name='10.66.144.87' port='3260'/> <auth username=redhat> <secret type='iscsi' usage='libvirtiscsi'/> </auth> </source> </backingStore> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </disk> 3. Restart libvirtd and check dumpxml. # systemctl restart libvirtd # virsh dumpxml lmn | grep /disk -B 20 ---The result is same with step 2. 4. Do blockcommit and check dumpxml. # virsh blockcommit lmn vdb --verbose --wait --pivot Block commit: [100 %] Successfully pivoted # virsh dumpxml lmn | grep /disk -B 12 … <disk type='network' device='disk'> <driver name='qemu' type='raw'/> <source protocol='iscsi' name='iqn.1994-05.com.redhat:authyes/0' index='1'> <host name='10.66.144.87' port='3260'/> <auth username='redhat'> <secret type='iscsi' usage='libvirtiscsi'/> </auth> </source> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </disk> SC2: Blockcommit guest with “encryption” subelement in “source” element xml 1. Prepare a luks secret and image. # virsh secret-list UUID Usage ---------------------------------------------------------------------------------------- efc6f043-b6b3-429e-9754-7bca5494b8f4 volume /var/lib/libvirt/images/luks-sample.img # qemu-img create -f luks --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,hash-alg=sha256,ivgen-alg=essiv,ivgen-hash-alg=sha256 /var/lib/libvirt/images/luks.img 1G 2. Prepare a running guest with encryption disk as the base image. # virsh snapshot-create-as lmn s1 --disk-only --diskspec vdb,file=/tmp/lmn.s1 Domain snapshot s1 created # virsh dumpxml lmn | grep /disk -B 20 … <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/tmp/lmn.s1' index='3'/> <backingStore type='file' index='1'> <format type='raw'/> <source file='/var/lib/libvirt/images/luks.img'> <encryption format='luks'> <secret type='passphrase' uuid='efc6f043-b6b3-429e-9754-7bca5494b8f4'/> </encryption> </source> <backingStore/> </backingStore> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </disk> 3. Restart libvirtd and check dumpxml. # systemctl restart libvirtd # virsh dumpxml lmn | grep /disk -B 20 ---The result is same with step 2. 4. Do blockcommit and check dumpxml. # virsh blockcommit lmn vdb --verbose --wait --pivot Block commit: [100 %] Successfully pivoted # virsh dumpxml lmn | grep /disk -B 12 … <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/var/lib/libvirt/images/luks.img' index='1'> <encryption format='luks'> <secret type='passphrase' uuid='efc6f043-b6b3-429e-9754-7bca5494b8f4'/> </encryption> </source> <backingStore/> <target dev='vdb' bus='virtio'/> <alias name='virtio-disk1'/> <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/> </disk>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137