Bug 954263
| Summary: | ccid-card-emulated doesn't have a 'database' property, it's called 'db' | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Geyang Kong <gkong> |
| Component: | libvirt | Assignee: | Eric Blake <eblake> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | acathrow, amessina, amit.shah, berrange, cfergeau, clalancette, codong, crobinso, cwei, dallan, dwmw2, dyuan, eblake, itamar, jforbes, laine, libvirt-maint, mjenner, mzhan, pbonzini, rjones, scottt.tw, veillard, virt-maint |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-1.0.5-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 904692 | Environment: | |
| Last Closed: | 2014-06-13 12:29:39 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 904692 | ||
| Bug Blocks: | |||
|
Description
Geyang Kong
2013-04-22 06:27:32 UTC
Next rebase will pick up this commit:
commit 6f7e4ea359323f9bc413dfb738a5c544d4f9c4f8
Author: Eric Blake <eblake>
Date: Mon Apr 1 16:54:31 2013 -0600
smartcard: spell ccid-card-emulated qemu property correctly
Reported by Anthony Messina in
https://bugzilla.redhat.com/show_bug.cgi?id=904692
Present since introduction of smartcard support in commit f5fd9baa
* src/qemu/qemu_command.c (qemuBuildCommandLine): Match qemu spelling.
* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
Fix broken test.
This bug could be reproduced on following build:
libvirt-1.0.2-1.el7
Verified PASS on the following build:
libvirt-1.0.5-1.el7.x86_64
Steps:
1. Prepare a rhel6.4 guest, make sure install "smart card support" group.
2. Run certutil -N -d /etc/pki/nssdb/ and just keep typing enter until finish
3. certutil -d /etc/pki/nssdb -x -t CT,CT,CT -S -s CN=cert1 -n cert1
4. certutil -d /etc/pki/nssdb -x -t CT,CT,CT -S -s CN=cert2 -n cert2
5. certutil -d /etc/pki/nssdb -x -t CT,CT,CT -S -s CN=cert3 -n cert3
6. virsh edit $guest
7. Paste following content, between <devices></devices>
<smartcard mode='host-certificates'>
<certificate>cert1</certificate>
<certificate>cert2</certificate>
<certificate>cert3</certificate>
<database>/etc/pki/nssdb/</database>
</smartcard>
8. virsh start $guest.
9. virsh dumpxml $guest
10. In guest, run command #esc
Actual result:
1. After step 8, guest could be started.
2. After step 9, got following output:
<devices>
.....
<smartcard mode='host-certificates'>
<certificate>cert1</certificate>
<certificate>cert2</certificate>
<certificate>cert3</certificate>
<database>/etc/pki/nssdb/</database>
<address type='ccid' controller='0' slot='0'/>
</smartcard>
.....
</devices>
3. After step 10, got smart card manager form, and have an enrolled smart card issued to cert1 was shown.
So mark this bug as VERIFIED
1. host-certificates is not supported by qemu-kvm on rhel7, only passthrough is supported now. #/user/libexec/qemu-kvm -device ? Controller/Bridge/Hub devices: name "i82801b11-bridge", bus PCI name "ioh3420", bus PCI, desc "Intel IOH device id 3420 PCIE Root Port" name "pci-bridge", bus PCI, desc "Standard PCI Bridge" name "usb-host", bus usb-bus name "usb-hub", bus usb-bus name "x3130-upstream", bus PCI, desc "TI X3130 Upstream Port of PCI Express Switch" name "xio3130-downstream", bus PCI, desc "TI X3130 Downstream Port of PCI Express Switch" USB devices: name "ich9-usb-ehci1", bus PCI name "ich9-usb-ehci2", bus PCI name "ich9-usb-uhci1", bus PCI name "ich9-usb-uhci2", bus PCI name "ich9-usb-uhci3", bus PCI name "ich9-usb-uhci4", bus PCI name "ich9-usb-uhci5", bus PCI name "ich9-usb-uhci6", bus PCI name "nec-usb-xhci", bus PCI name "piix3-usb-uhci", bus PCI name "piix4-usb-uhci", bus PCI name "usb-ehci", bus PCI name "vt82c686b-usb-uhci", bus PCI Storage devices: name "ich9-ahci", bus PCI, alias "ahci" name "ide-cd", bus IDE, desc "virtual IDE CD-ROM" name "ide-drive", bus IDE, desc "virtual IDE disk or CD-ROM (legacy)" name "ide-hd", bus IDE, desc "virtual IDE disk" name "scsi-block", bus SCSI, desc "SCSI block device passthrough" name "scsi-cd", bus SCSI, desc "virtual SCSI CD-ROM" name "scsi-disk", bus SCSI, desc "virtual SCSI disk or CD-ROM (legacy)" name "scsi-generic", bus SCSI, desc "pass through generic scsi device (/dev/sg*)" name "scsi-hd", bus SCSI, desc "virtual SCSI disk" name "usb-bot", bus usb-bus name "usb-storage", bus usb-bus name "virtio-blk-device", bus virtio-bus name "virtio-blk-pci", bus PCI, alias "virtio-blk" name "virtio-scsi-device", bus virtio-bus name "virtio-scsi-pci", bus PCI Network devices: name "e1000", bus PCI, desc "Intel Gigabit Ethernet" name "rtl8139", bus PCI name "virtio-net-device", bus virtio-bus name "virtio-net-pci", bus PCI, alias "virtio-net" Input devices: name "ccid-card-passthru", bus ccid-bus, desc "passthrough smartcard" name "isa-serial", bus ISA name "pci-serial", bus PCI name "usb-ccid", bus usb-bus, desc "CCID Rev 1.1 smartcard reader" name "usb-kbd", bus usb-bus name "usb-mouse", bus usb-bus name "virtconsole", bus virtio-serial-bus name "virtio-serial-device", bus virtio-bus name "virtio-serial-pci", bus PCI, alias "virtio-serial" name "virtserialport", bus virtio-serial-bus Display devices: name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA" name "qxl", bus PCI, desc "Spice QXL GPU (secondary)" name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)" name "sga", bus ISA, desc "Serial Graphics Adapter" name "VGA", bus PCI Sound devices: name "AC97", bus PCI, desc "Intel 82801AA AC97 Audio" name "hda-duplex", bus HDA, desc "HDA Audio Codec, duplex (line-out, line-in)" name "hda-micro", bus HDA, desc "HDA Audio Codec, duplex (speaker, microphone)" name "hda-output", bus HDA, desc "HDA Audio Codec, output-only (line-out)" name "ich9-intel-hda", bus PCI, desc "Intel HD Audio Controller (ich9)" name "intel-hda", bus PCI, desc "Intel HD Audio Controller (ich6)" Misc devices: name "i6300esb", bus PCI name "ib700", bus ISA name "isa-debug-exit", bus ISA name "isa-debugcon", bus ISA name "kvm-pci-assign", bus PCI, alias "pci-assign", desc "KVM-based PCI passthrough" name "pc-testdev", bus ISA name "pci-testdev", bus PCI, desc "PCI Test Device" name "usb-redir", bus usb-bus name "usb-tablet", bus usb-bus name "vfio-pci", bus PCI, desc "VFIO-based PCI device assignment" name "virtio-balloon-device", bus virtio-bus name "virtio-balloon-pci", bus PCI, alias "virtio-balloon" name "virtio-rng-device", bus virtio-bus name "virtio-rng-pci", bus PCI Uncategorized devices: name "pvpanic", bus ISA [root@mig2 ~]# /usr/libexec/qemu-kvm -device ? [root@mig2 ~]# /usr/libexec/qemu-kvm -device ? Controller/Bridge/Hub devices: name "i82801b11-bridge", bus PCI name "ioh3420", bus PCI, desc "Intel IOH device id 3420 PCIE Root Port" name "pci-bridge", bus PCI, desc "Standard PCI Bridge" name "usb-host", bus usb-bus name "usb-hub", bus usb-bus name "x3130-upstream", bus PCI, desc "TI X3130 Upstream Port of PCI Express Switch" name "xio3130-downstream", bus PCI, desc "TI X3130 Downstream Port of PCI Express Switch" USB devices: name "ich9-usb-ehci1", bus PCI name "ich9-usb-ehci2", bus PCI name "ich9-usb-uhci1", bus PCI name "ich9-usb-uhci2", bus PCI name "ich9-usb-uhci3", bus PCI name "ich9-usb-uhci4", bus PCI name "ich9-usb-uhci5", bus PCI name "ich9-usb-uhci6", bus PCI name "nec-usb-xhci", bus PCI name "piix3-usb-uhci", bus PCI name "piix4-usb-uhci", bus PCI name "usb-ehci", bus PCI name "vt82c686b-usb-uhci", bus PCI Storage devices: name "ich9-ahci", bus PCI, alias "ahci" name "ide-cd", bus IDE, desc "virtual IDE CD-ROM" name "ide-drive", bus IDE, desc "virtual IDE disk or CD-ROM (legacy)" name "ide-hd", bus IDE, desc "virtual IDE disk" name "scsi-block", bus SCSI, desc "SCSI block device passthrough" name "scsi-cd", bus SCSI, desc "virtual SCSI CD-ROM" name "scsi-disk", bus SCSI, desc "virtual SCSI disk or CD-ROM (legacy)" name "scsi-generic", bus SCSI, desc "pass through generic scsi device (/dev/sg*)" name "scsi-hd", bus SCSI, desc "virtual SCSI disk" name "usb-bot", bus usb-bus name "usb-storage", bus usb-bus name "virtio-blk-device", bus virtio-bus name "virtio-blk-pci", bus PCI, alias "virtio-blk" name "virtio-scsi-device", bus virtio-bus name "virtio-scsi-pci", bus PCI Network devices: name "e1000", bus PCI, desc "Intel Gigabit Ethernet" name "rtl8139", bus PCI name "virtio-net-device", bus virtio-bus name "virtio-net-pci", bus PCI, alias "virtio-net" Input devices: name "ccid-card-passthru", bus ccid-bus, desc "passthrough smartcard" name "isa-serial", bus ISA name "pci-serial", bus PCI name "usb-ccid", bus usb-bus, desc "CCID Rev 1.1 smartcard reader" name "usb-kbd", bus usb-bus name "usb-mouse", bus usb-bus name "virtconsole", bus virtio-serial-bus name "virtio-serial-device", bus virtio-bus name "virtio-serial-pci", bus PCI, alias "virtio-serial" name "virtserialport", bus virtio-serial-bus Display devices: name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA" name "qxl", bus PCI, desc "Spice QXL GPU (secondary)" name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)" name "sga", bus ISA, desc "Serial Graphics Adapter" name "VGA", bus PCI Sound devices: name "AC97", bus PCI, desc "Intel 82801AA AC97 Audio" name "hda-duplex", bus HDA, desc "HDA Audio Codec, duplex (line-out, line-in)" name "hda-micro", bus HDA, desc "HDA Audio Codec, duplex (speaker, microphone)" name "hda-output", bus HDA, desc "HDA Audio Codec, output-only (line-out)" name "ich9-intel-hda", bus PCI, desc "Intel HD Audio Controller (ich9)" name "intel-hda", bus PCI, desc "Intel HD Audio Controller (ich6)" Misc devices: name "i6300esb", bus PCI name "ib700", bus ISA name "isa-debug-exit", bus ISA name "isa-debugcon", bus ISA name "kvm-pci-assign", bus PCI, alias "pci-assign", desc "KVM-based PCI passthrough" name "pc-testdev", bus ISA name "pci-testdev", bus PCI, desc "PCI Test Device" name "usb-redir", bus usb-bus name "usb-tablet", bus usb-bus name "vfio-pci", bus PCI, desc "VFIO-based PCI device assignment" name "virtio-balloon-device", bus virtio-bus name "virtio-balloon-pci", bus PCI, alias "virtio-balloon" name "virtio-rng-device", bus virtio-bus name "virtio-rng-pci", bus PCI Uncategorized devices: name "pvpanic", bus ISA device "ccid--card-emulated" is not in the list 2. So cannot start a guest which is configured as comment3, will get error: error: Failed to start domain rhel6 error: internal error: early end of file from monitor: possible problem: qemu-kvm: -device ccid-card-emulated,backend=certificates,cert1=cert1,cert2=cert2,cert3=cert3,db=/etc/pki/nssdb/,id=smartcard0,bus=ccid0.0: Parameter 'driver' expects pluggable device type But use a smartcard with passthrough, the guest will work well. #lsusb Bus 002 Device 004: ID 04e6:e001 SCM Microsystems, Inc. SCR331 SmartCard Reader plug in a usb smartcard device to host. #lsusb Bus 002 Device 004: ID 04e6:e001 SCM Microsystems, Inc. SCR331 SmartCard Reader pass throught it to the guest # virsh dumpxml rhel6 ... <smartcard mode='passthrough' type='spicevmc'> <alias name='smartcard0'/> <address type='ccid' controller='0' slot='0'/> </smartcard> ... <hostdev mode='subsystem' type='usb' managed='yes'> <source> <vendor id='0x04e6'/> <product id='0xe001'/> <address bus='2' device='4'/> </source> <alias name='hostdev0'/> </hostdev> ... # virsh start rhel6 When login guest, open smartcard manager, an enrolled smart card of the smartcard device is shown. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |