RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 676984 - Failed to create encryption volume as /usr/bin/qemu-img argument is changed
Summary: Failed to create encryption volume as /usr/bin/qemu-img argument is changed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Osier Yang
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 711151
TreeView+ depends on / blocked
 
Reported: 2011-02-12 08:46 UTC by zhanghaiyan
Modified: 2013-01-09 23:33 UTC (History)
11 users (show)

Fixed In Version: libvirt-0.8.7-11.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 711151 (view as bug list)
Environment:
Last Closed: 2011-05-19 13:27:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0596 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-05-18 17:56:36 UTC

Description zhanghaiyan 2011-02-12 08:46:04 UTC 
Description of problem:
Failed to create encryption volume as /usr/bin/qemu-img argument is changed

Version-Release number of selected component (if applicable):
- kernel-2.6.32-113.el6.x86_64
- libvirt-0.8.7-6.el6.x86_64
- qemu-kvm-0.12.1.2-2.144.el6.x86_64

How reproducible:
2/2

Steps to Reproduce:
1. Define a secret with an XML document.
    # cat demo-secret.xml
    <secret ephemeral='no' private='no'>
      <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
      <usage type='volume'>
        <volume>/var/lib/libvirt/images/demo.qcow2</volume>
      </usage>
    </secret>
    # virsh secret-define demo-secret.xml
    Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
2. Set the value of the secret.
    # MYSECRET=`echo "open seseme" | base64`
    # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
    Secret value set
3. Define and active a pool with the following XML.
    # cat demo-pool.xml
    <pool type='dir'>
      <name>VirtualMachines</name>
      <source>
      </source>
      <target>
        <path>/var/lib/libvirt/images</path>
      </target>
    </pool>
    # virsh pool-define demo-pool.xml
    Pool VirtualMachines defined from demo-pool.xml
    # virsh pool-start VirtualMachines
    Pool VirtualMachines started
4. To create an encrypted volume within this pool with the follwing XML.
# cat demo-disk.xml
      <volume>
        <name>demo.qcow2</name>
        <capacity>5368709120</capacity>
        <target>
          <format type='qcow2'/>
          <encryption format='qcow'>
            <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
          </encryption>
        </target>
      </volume>
5. # virsh vol-create VirtualMachines demo-disk.xml
    Vol demo.qcow2 created from demo-disk.xml

Actual results:
# virsh vol-create VirtualMachines demo-disk.xml 
error: Failed to create vol from demo-disk.xml
error: Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument

Expected results:
as before, # virsh vol-create VirtualMachines demo-disk.xml
    Vol demo.qcow2 created from demo-disk.xml
IMMO, vol-create should update code as /usr/bin/qemu-img code is changed.

Additional info:
Check /var/log/libvirtd.log
11:36:27.964: 28403: debug : virRunWithHook:824 : /usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e
11:36:27.968: 28403: debug : virRunWithHook:842 : Command stderr: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead!

11:36:27.968: 28403: debug : virRunWithHook:861 : internal error '/usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e' exited with non-zero status 1 and signal 0: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead!

11:36:27.968: 28403: debug : virStorageBackendCreateExecCommand:539 : Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument
Comment 2 Daniel Berrangé 2011-02-14 10:06:41 UTC 
Deprecation of a feature implies that there is merely a warning & a transition period for code where it can use the old or the new feature. The QEMU change appears to have added the warning & immediately disabled the old feature. This is not the way we should have done things in a RHEL-6.1 update. IMHO this qemu-img changed needs to be reverted, and/or make the warning non-fatal.
Comment 3 Daniel Berrangé 2011-02-14 10:08:02 UTC 
The problem appears to come from

  kvm-qemu-img-Deprecate-obsolete-6-and-e-options.patch

which contains:

         case 'e':
-            flags |= BLOCK_FLAG_ENCRYPT;
-            break;
+            error("qemu-img: option -e is deprecated, please use \'-o "
+                  "encryption\' instead!");
+            return 1;
         case '6':
-            flags |= BLOCK_FLAG_COMPAT6;
-            break;
+            error("qemu-img: option -6 is deprecated, please use \'-o "
+                  "compat6\' instead!");
+            return 1;

Raising a fatal error is not 'deprecation', it is straight feature breakage.
Comment 5 Kevin Wolf 2011-02-14 11:12:52 UTC 
Not sure how hard it would be to reintroduce these options in RHEL 6. I think Jes removed them for a reason.

Anyway, these options have been deprecated for a year and a half. Obviously, deprecation doesn't really help as people only change their calls when things start to actually break.
Comment 6 Daniel Berrangé 2011-02-14 12:11:49 UTC 
In this case we had absolutely no idea that these were deprecated, since they have never given any visible indication that they were deprecated (ie no warning message upon use). Only printing out a deprecation warning after the functionality has been removed doesn't help people transition until it is too late.
Comment 7 Jes Sorensen 2011-02-14 13:27:47 UTC 
Well the -e and -6 options have not been documented for ages, they were
not shown by qemu-img help, nor the man-page.

This is a libvirt bug. libvirt should not rely on non documented options
when perfectly well supported and documented ones exist.

Please fix libvirt to Use -oencryption=on as described in the man-page.
Comment 8 Daniel Berrangé 2011-02-14 13:36:01 UTC 
Merely removing docs from the man page does not given people indication that something is deprecated - we can't be expected to constantly check the manpage to see if something has silently disappeared. Regardless we should not be breaking this kind of thing in a RHEL update. This is a regression from 6.0 for any user of qemu-img including libvirt.
Comment 11 Jes Sorensen 2011-02-24 17:15:59 UTC 
per irc discussion, changing back to libvirt.

libvirt has been using undocumented command line options, instead of the
recommended ones. Upstream no longer support the undocumented options,
and whether we add a hack to RHEL6.1 qemu or not, libvirt still needs to
be fixed to use the correct options to work with upstream.

The fix to libvirt is simple, it needs to not emit -e, but instead
-o encryption=on - note that this is backwards compatible for all
versions of RHEL6 anyway, and probably RHEL5 as well.

We have two options:

1) We add and need to maintain a hack patch for QEMU, plus libvirt needs
   to be fixed to match the future
2) We make the simple change to libvirt that works with upstream, and RHEL6.1

This could be called a regression for command line users, but frankly
there is a workaround, they simply specify the correct command line
option. In other words, this really doesn't justify being called a regression.

Jes
Comment 12 Osier Yang 2011-03-10 02:15:39 UTC 
http://post-office.corp.redhat.com/archives/rhvirt-patches/2011-March/msg00179.html

patch posted internally. move to POST.
Comment 15 zhanghaiyan 2011-03-11 06:32:06 UTC 
Verified PASS with libvirt-0.8.7-11.el6.x86_64
- kernel-2.6.32-120.el6.x86_64
- qemu-kvm-0.12.1.2-2.150.el6.x86_64

The same test steps in Description and could get the expected result
5. # virsh vol-create VirtualMachines demo-disk.xml
    Vol demo.qcow2 created from demo-disk.xml
Comment 18 errata-xmlrpc 2011-05-19 13:27:10 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0596.html
Comment 19 Eric Blake 2011-06-06 19:59:16 UTC 
This patch introduced a regression when paired with a qemu-img that uses -o options instead of -F fmt, due to an inadvertent deleted break statement.
https://bugzilla.redhat.com/show_bug.cgi?id=711151
Note You need to log in before you can comment on or make changes to this bug.