Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
Failed to create encryption volume as /usr/bin/qemu-img argument is changed
Version-Release number of selected component (if applicable):
- kernel-2.6.32-113.el6.x86_64
- libvirt-0.8.7-6.el6.x86_64
- qemu-kvm-0.12.1.2-2.144.el6.x86_64
How reproducible:
2/2
Steps to Reproduce:
1. Define a secret with an XML document.
# cat demo-secret.xml
<secret ephemeral='no' private='no'>
<uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
<usage type='volume'>
<volume>/var/lib/libvirt/images/demo.qcow2</volume>
</usage>
</secret>
# virsh secret-define demo-secret.xml
Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
2. Set the value of the secret.
# MYSECRET=`echo "open seseme" | base64`
# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
Secret value set
3. Define and active a pool with the following XML.
# cat demo-pool.xml
<pool type='dir'>
<name>VirtualMachines</name>
<source>
</source>
<target>
<path>/var/lib/libvirt/images</path>
</target>
</pool>
# virsh pool-define demo-pool.xml
Pool VirtualMachines defined from demo-pool.xml
# virsh pool-start VirtualMachines
Pool VirtualMachines started
4. To create an encrypted volume within this pool with the follwing XML.
# cat demo-disk.xml
<volume>
<name>demo.qcow2</name>
<capacity>5368709120</capacity>
<target>
<format type='qcow2'/>
<encryption format='qcow'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</target>
</volume>
5. # virsh vol-create VirtualMachines demo-disk.xml
Vol demo.qcow2 created from demo-disk.xml
Actual results:
# virsh vol-create VirtualMachines demo-disk.xml
error: Failed to create vol from demo-disk.xml
error: Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument
Expected results:
as before, # virsh vol-create VirtualMachines demo-disk.xml
Vol demo.qcow2 created from demo-disk.xml
IMMO, vol-create should update code as /usr/bin/qemu-img code is changed.
Additional info:
Check /var/log/libvirtd.log
11:36:27.964: 28403: debug : virRunWithHook:824 : /usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e
11:36:27.968: 28403: debug : virRunWithHook:842 : Command stderr: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead!
11:36:27.968: 28403: debug : virRunWithHook:861 : internal error '/usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e' exited with non-zero status 1 and signal 0: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead!
11:36:27.968: 28403: debug : virStorageBackendCreateExecCommand:539 : Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument
Deprecation of a feature implies that there is merely a warning & a transition period for code where it can use the old or the new feature. The QEMU change appears to have added the warning & immediately disabled the old feature. This is not the way we should have done things in a RHEL-6.1 update. IMHO this qemu-img changed needs to be reverted, and/or make the warning non-fatal.
The problem appears to come from
kvm-qemu-img-Deprecate-obsolete-6-and-e-options.patch
which contains:
case 'e':
- flags |= BLOCK_FLAG_ENCRYPT;
- break;
+ error("qemu-img: option -e is deprecated, please use \'-o "
+ "encryption\' instead!");
+ return 1;
case '6':
- flags |= BLOCK_FLAG_COMPAT6;
- break;
+ error("qemu-img: option -6 is deprecated, please use \'-o "
+ "compat6\' instead!");
+ return 1;
Raising a fatal error is not 'deprecation', it is straight feature breakage.
Not sure how hard it would be to reintroduce these options in RHEL 6. I think Jes removed them for a reason.
Anyway, these options have been deprecated for a year and a half. Obviously, deprecation doesn't really help as people only change their calls when things start to actually break.
In this case we had absolutely no idea that these were deprecated, since they have never given any visible indication that they were deprecated (ie no warning message upon use). Only printing out a deprecation warning after the functionality has been removed doesn't help people transition until it is too late.
Well the -e and -6 options have not been documented for ages, they were
not shown by qemu-img help, nor the man-page.
This is a libvirt bug. libvirt should not rely on non documented options
when perfectly well supported and documented ones exist.
Please fix libvirt to Use -oencryption=on as described in the man-page.
Merely removing docs from the man page does not given people indication that something is deprecated - we can't be expected to constantly check the manpage to see if something has silently disappeared. Regardless we should not be breaking this kind of thing in a RHEL update. This is a regression from 6.0 for any user of qemu-img including libvirt.
per irc discussion, changing back to libvirt.
libvirt has been using undocumented command line options, instead of the
recommended ones. Upstream no longer support the undocumented options,
and whether we add a hack to RHEL6.1 qemu or not, libvirt still needs to
be fixed to use the correct options to work with upstream.
The fix to libvirt is simple, it needs to not emit -e, but instead
-o encryption=on - note that this is backwards compatible for all
versions of RHEL6 anyway, and probably RHEL5 as well.
We have two options:
1) We add and need to maintain a hack patch for QEMU, plus libvirt needs
to be fixed to match the future
2) We make the simple change to libvirt that works with upstream, and RHEL6.1
This could be called a regression for command line users, but frankly
there is a workaround, they simply specify the correct command line
option. In other words, this really doesn't justify being called a regression.
Jes
Verified PASS with libvirt-0.8.7-11.el6.x86_64
- kernel-2.6.32-120.el6.x86_64
- qemu-kvm-0.12.1.2-2.150.el6.x86_64
The same test steps in Description and could get the expected result
5. # virsh vol-create VirtualMachines demo-disk.xml
Vol demo.qcow2 created from demo-disk.xml
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHBA-2011-0596.html
This patch introduced a regression when paired with a qemu-img that uses -o options instead of -F fmt, due to an inadvertent deleted break statement.
https://bugzilla.redhat.com/show_bug.cgi?id=711151
Description of problem: Failed to create encryption volume as /usr/bin/qemu-img argument is changed Version-Release number of selected component (if applicable): - kernel-2.6.32-113.el6.x86_64 - libvirt-0.8.7-6.el6.x86_64 - qemu-kvm-0.12.1.2-2.144.el6.x86_64 How reproducible: 2/2 Steps to Reproduce: 1. Define a secret with an XML document. # cat demo-secret.xml <secret ephemeral='no' private='no'> <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> <usage type='volume'> <volume>/var/lib/libvirt/images/demo.qcow2</volume> </usage> </secret> # virsh secret-define demo-secret.xml Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created 2. Set the value of the secret. # MYSECRET=`echo "open seseme" | base64` # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET Secret value set 3. Define and active a pool with the following XML. # cat demo-pool.xml <pool type='dir'> <name>VirtualMachines</name> <source> </source> <target> <path>/var/lib/libvirt/images</path> </target> </pool> # virsh pool-define demo-pool.xml Pool VirtualMachines defined from demo-pool.xml # virsh pool-start VirtualMachines Pool VirtualMachines started 4. To create an encrypted volume within this pool with the follwing XML. # cat demo-disk.xml <volume> <name>demo.qcow2</name> <capacity>5368709120</capacity> <target> <format type='qcow2'/> <encryption format='qcow'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> </encryption> </target> </volume> 5. # virsh vol-create VirtualMachines demo-disk.xml Vol demo.qcow2 created from demo-disk.xml Actual results: # virsh vol-create VirtualMachines demo-disk.xml error: Failed to create vol from demo-disk.xml error: Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument Expected results: as before, # virsh vol-create VirtualMachines demo-disk.xml Vol demo.qcow2 created from demo-disk.xml IMMO, vol-create should update code as /usr/bin/qemu-img code is changed. Additional info: Check /var/log/libvirtd.log 11:36:27.964: 28403: debug : virRunWithHook:824 : /usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e 11:36:27.968: 28403: debug : virRunWithHook:842 : Command stderr: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead! 11:36:27.968: 28403: debug : virRunWithHook:861 : internal error '/usr/bin/qemu-img create -f qcow2 /var/lib/libvirt/images/demo.qcow2 5242880K -e' exited with non-zero status 1 and signal 0: qemu-img: qemu-img: option -e is deprecated, please use '-o encryption' instead! 11:36:27.968: 28403: debug : virStorageBackendCreateExecCommand:539 : Cannot run /usr/bin/qemu-img to create /var/lib/libvirt/images/demo.qcow2: Invalid argument