Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1171569 - <auth>..</auth> element is gone after block jobs
Summary: <auth>..</auth> element is gone after block jobs
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: yisun
URL:
Whiteboard:
: 1467271 1467287 (view as bug list)
Depends On: 760547
Blocks: 1467287
TreeView+ depends on / blocked
 
Reported: 2014-12-08 06:11 UTC by yangyang
Modified: 2018-12-02 02:44 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description yangyang 2014-12-08 06:11:26 UTC
Description of problem:
Start a vm using a rbd disk specifying the <auth../> element providing the authentication credentials. The <auth../> element disappears after creating external disk snapshot. The issue is also reproduced when using iscsi as backing file. It will cause committing to base image fails.

Version-Release number of selected component (if applicable):
libvirt-1.2.8-10.el7.x86_64
qemu-kvm-rhev-2.1.2-14.el7.x86_64
kernel-3.10.0-212.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. start vm with rbd disk specifying <auth>
<disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <auth username='libvirt'>
        <secret type='ceph' usage='client.libvirt secret'/>
      </auth>
      <source protocol='rbd' name='libvirt-pool/rbd1.img'>
        <config file='/etc/ceph/ceph.conf'/>
      </source>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </disk>

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 10    rbd                            running

2. create external disk snapshot
# virsh snapshot-create-as rbd s1 --disk-only --diskspec vda,file=/tmp/rbd.s1
Domain snapshot s1 created
[root@rhel7_test yy]# virsh snapshot-list rbd
 Name                 Creation Time             State
------------------------------------------------------------
 s1                   2014-12-08 13:30:30 +0800 disk-snapshot

3.check the domain xml
# virsh dumpxml rbd | grep disk -a6
<disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/tmp/rbd.s1'/>
      <backingStore type='network' index='1'>
        <format type='raw'/>
        <source protocol='rbd' name='libvirt-pool/rbd1.img'>
          <config file='/etc/ceph/ceph.conf'/>
        </source>
        <backingStore/>
      </backingStore>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </disk>

4. check image backing chain
# qemu-img info /tmp/rbd.s1 --backing-chain
image: /tmp/rbd.s1
file format: qcow2
virtual size: 8.0G (8589934592 bytes)
disk size: 580K
cluster_size: 65536
backing file: rbd:libvirt-pool/rbd1.img:id=libvirt:key=AQCI335UkAgXHhAA90By4w5NR6zb63LbbM0MGg==:auth_supported=cephx\;none:conf=/etc/ceph/ceph.conf
backing file format: raw
Format specific information:
    compat: 1.1
    lazy refcounts: false

image: rbd:libvirt-pool/rbd1.img:id=libvirt:key=AQCI335UkAgXHhAA90By4w5NR6zb63LbbM0MGg==:auth_supported=cephx\;none:conf=/etc/ceph/ceph.conf
file format: raw
virtual size: 8.0G (8589934592 bytes)
disk size: unavailable
cluster_size: 4194304

Actual results:
In step 3, <auth../> element disappeared in <backingStore> element.

Expected results:
Keep <auth../> element in <backingStore> element

Additional info:
The issue is also reproduced when using iscsi as backing file. The issue will cause that committing to base image fails

Comment 2 Peter Krempa 2015-01-05 12:21:25 UTC
Libvirt really needs to track the complete backing chain internally in such cases as otherwise the backing chain is re-loaded from the disk state and thus the <auth> information are lost (unless qemu would record them in the backing file name).

Comment 7 Peter Krempa 2017-07-03 10:53:55 UTC
Note that this happens for every image in the backing chain which originally had the auth element. While it won't happen currently for snapshots during the lifetime of the VM it will happen if libvirtd is restarted or if the VM is restarted.

It will be fixed with full backing chain tracking in libvirt.

Comment 8 Peter Krempa 2017-07-03 10:55:15 UTC
*** Bug 1467287 has been marked as a duplicate of this bug. ***

Comment 9 Peter Krempa 2017-07-03 10:55:17 UTC
*** Bug 1467271 has been marked as a duplicate of this bug. ***

Comment 11 Meina Li 2018-01-15 03:12:21 UTC
The latest progress for <auth> element:
Starting with libvirt 3.9.0 the auth element is preferred to be a sub-element of the source element. The element is still read and managed as a disk sub-element. 

Test problems in backing chain( external snapshot) when the auth element is a sub-element of the source element:
1.  <auth> sub-element is missing after restart guest.
2.  <auth> sub-element is missing after blockcommit/blockpull/blockcopy.

Test version:
libvirt-3.9.0-7.el7.x86_64

One of the test scenario:
1. Prepare a guest with iscsi auth disk.
# virsh dumpxml rhel7 | grep disk -a6
... <disk type='network' device='disk'>
     <driver name='qemu' type='qcow2'/>
     <source protocol='iscsi' name='iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.9cba196611e6/0'>
       <host name='**IP**' port='3260'/>
       <auth username='redhat'>
         <secret type='iscsi' usage='libvirtiscsi'/>
       </auth>
     </source>
     <target dev='vda' bus='virtio'/>
     <alias name='virtio-disk0'/>
     <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
   </disk>...

2. Create external disk and check xml.
# for i in 1 2 3 4;do virsh snapshot-create-as rhel7 s$i --disk-only --diskspec vda,file=/tmp/rhel7.s$i;done
# virsh dumpxml rhel7 | grep disk -a12 
... <disk type='file' device='disk'>
     <driver name='qemu' type='qcow2'/>
     <source file='/tmp/rhel7.s4'/>
     <backingStore type='file' index='1'>
       <format type='qcow2'/>
       <source file='/tmp/rhel7.s3'/>
       <backingStore type='file' index='2'>
         <format type='qcow2'/>
         <source file='/tmp/rhel7.s2'/>
         <backingStore type='file' index='3'>
          <format type='qcow2'/>
           <source file='/tmp/rhel7.s1'/>
           <backingStore type='network' index='4'>
            <format type='qcow2'/>
             <source protocol='iscsi' name='iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.9cba196611e6/0'>
               <host name='**IP**' port='3260'/>
               <auth username='redhat'>
                 <secret type='iscsi' usage='libvirtiscsi'/>
               </auth>
             </source>
           </backingStore>...

3.  Do blockcommit from middle to middle.
# virsh blockcommit rhel7 vda --top vda[1] --base vda[3] --wait --verbose --pivot
# virsh dumpxml rhel7 | grep disk -a12
... <disk type='file' device='disk'>
     <driver name='qemu' type='qcow2'/>
     <source file='/tmp/rhel7.s4'/>
         <backingStore type='file' index='1'>
          <format type='qcow2'/>
           <source file='/tmp/rhel7.s1'/>
           <backingStore type='network' index='2'>
            <format type='qcow2'/>
             <source protocol='iscsi' name='iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.9cba196611e6/0'>
               <host name='**IP**' port='3260'/>
             </source>                                                                 --<auth> element is missing
           </backingStore>...

Actual results:
As above step 3.

Expected results:
# virsh dumpxml rhel7 | grep disk -a12
… <backingStore type='network' index='2'>
            <format type='qcow2'/>
             <source protocol='iscsi' name='iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.9cba196611e6/0'>
               <host name='**IP**' port='3260'/>
              <auth username='redhat'>
                 <secret type='iscsi' usage='libvirtiscsi'/>
               </auth>
             </source>
           </backingStore>...


Note You need to log in before you can comment on or make changes to this bug.