Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2129408

Summary: Specify full file path when creating/attaching a new disk to a virtual machine
Product: Red Hat Enterprise Linux 9 Reporter: g.danti
Component: cockpit-machinesAssignee: Simon Kobyda <skobyda>
Status: CLOSED MIGRATED QA Contact: Xianghua Chen <xchen>
Severity: low Docs Contact:
Priority: unspecified    
Version: 9.0CC: g.danti, wshi, xchen, ymao, yunyang
Target Milestone: rcKeywords: MigratedToJIRA
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-15 13:04:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Guest unable to start
none
Guest starting correcly
none
New VM without virtual disks none

Description g.danti 2022-09-23 16:35:22 UTC 
Created attachment 1913816 [details]
Guest unable to start

Created attachment 1913816 [details]
Guest unable to start

Description of problem:
cockpit-machines, in all version up to the one included in the latest RHEL 9.0, default to creating/attaching a new disk via the pool + file definition.

For example, adding a disk called "disk2.qcow2" results in the following xml:
<disk type='volume' device='disk'>
  <driver name='qemu' type='qcow2'/>
  <source pool='default' volume='disk2.qcow'/>
  <target dev='vdb' bus='virtio'/>
  <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>

Doing the same via virt-manager (any version) produce a different outcome, because virt-manager resolves (and defines) the full file path/name. Example below:
<disk type='file' device='disk'>
  <driver name='qemu' type='raw'/>
  <source file='/var/lib/libvirt/images/disk2.qcow' index='2'/>
  <backingStore/>
  <target dev='vdb' bus='virtio'/>
  <alias name='virtio-disk1'/>
  <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</disk>

This is not a cosmetic issue only, as any apparmor-enabled hosts is effectively unable to run a guest with such pool + file disk definition (see here[1] and here[2]). The underlying issue is that virt-aa-helper is unable to parse such disk definition. As changing the iteration between libvirt, virt-aa-helper and apparmor proved problematic, the most obvious solution is to let cockpit-machines specify the full disk path/name when adding or attaching disks.

I attach two screenshots showing how:
- attaching a new disk results in a pool + file definition, with the guest unable to start;
- re-attaching the same disk with a full disk path/name results in the guest running correctly.

[1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398
[2] https://gitlab.com/libvirt/libvirt/-/issues/135

Version-Release number of selected component (if applicable):
cockpit-machines 265-1

How reproducible:
Always

Steps to Reproduce:
1. create and add a new disk on a apparmor-enabled host (ie: Ubuntu, Debian, SUSE)
2. try to start the guest
3. observe how the guest does not start showing an error instead.

Actual results:
Guest unable to start

Expected results:
Guest should start and work correcly

Additional info:
See screenshots
Comment 1 g.danti 2022-09-23 16:35:57 UTC 
Created attachment 1913817 [details]
Guest starting correcly
Comment 2 Xianghua Chen 2022-11-17 06:18:56 UTC 
Hi, thanks for raising this issue. Few questions on the steps:
1. The bug does not exist on RHEL right? I saw you mentioned Ubuntu/Debian/SUSE host.
2. You mean you create a vm on the host, then edit the xml to add a disk without full disk path, and them vm failed to boot, am I right?
Thank you.
Comment 3 g.danti 2022-11-17 06:36:01 UTC 
Hi, my notes below:

1. RedHat or other selinux-based distro does not suffer from this issue because no virt-aa-helper wrapper must be called (the security label is attached to the file itself);

2. No, I mean using cockpit to create a VM on the host *without* disks and then edit the very same guest to add a new disk via cockpit.

You can find some more info on upstream bug opened here:
https://github.com/cockpit-project/cockpit-machines/issues/815#issuecomment-1315122114
Comment 4 Xianghua Chen 2022-11-17 07:46:51 UTC 
Thank you for your quick response.
Got it for question 1.

For questions 2, sorry I'm not quite sure about "create a VM on the host *without* disks",could you give detailed step or command on this? Thank you.

And I saw the discussion on the ticket, thank you, chaning it with RFE since I think the point is to provide "creating and attaching a disk with full path" , right?
So I guess the host does not matter on verifying , once on RHEL we have this feature, the issue on non-RHEL host would be fixed too.
Correct me if I understand wrongly , thank you.
Comment 6 g.danti 2022-11-17 10:04:51 UTC 
Creating a VM with no disks simply means to select "No storage" in the "Create VM" wizard (see screenshot).

Please note that when creating a VM with a new disk selected, virt-install automatically modifies the virtual disk definition specifying the full path rather than the pool/file combo. However, this automatically create a qcow2 disks, which is not always the right format. Moreover, one should be able to add additional disks to an already-defined virtual machine.
Comment 7 g.danti 2022-11-17 10:05:14 UTC 
Created attachment 1924954 [details]
New VM without virtual disks
Comment 8 Xianghua Chen 2022-11-18 06:08:37 UTC 
Thanks for all the explaination, reproduce as following:

Version:
cockpit-machines-276-1.el9.noarch
Steps:
1. Create VM:
Installation type: Download an OS
Operation system: Fedora35
Storage: No storage
Memory: 2G

2. Enter the VM details page, click "Add disk"
Pool: images
Name: fedora-test
Size: 10G
Format: qcow2
Click "Add"

3. Check the xml:
# virsh dumpxml fedora35-2022-11-18
    <disk type='volume' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source pool='images' volume='fedora-test' index='1'/>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
    </disk>

It's pool/file combo, better to be full path like following to avoid boot issue on apparmor-enabled host (ie: Ubuntu, Debian, SUSE):
source file='/var/lib/libvirt/images/fedora-test.qcow'
Comment 9 RHEL Program Management 2023-09-15 13:02:30 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 10 RHEL Program Management 2023-09-15 13:04:00 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.