Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-47104

Blockcopy failed with encryption load Invalid argument when destxml is rbd with luks and ceph auth

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-10.0
    • ceph
    • Yes
    • None
    • Regression
    • rhel-sst-rh-samba-storage
    • ssg_rh_storage
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Blockcopy failed with encryption load Invalid argument when dest xml is rbd with luks and ceph auth.

      Please provide the package NVR for which bug is seen:

      libvirt-10.5.0-1.el10.x86_64
      qemu-kvm-9.0.0-4.el10.x86_64
      librbd1-18.2.2-1.fc40.x86_64
       
      Note:  successful version is below
      libvirt-10.5.0-1.el9.x86_64
      qemu-kvm-9.0.0-6.el9.x86_64
      librbd1-16.2.4-5.el9.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. start a guest with new disk
      #  virsh dumpxml avocado-vt-vm1 --xpath //disk
<disk type="file" device="disk">
  <driver name="qemu" type="qcow2"/>
  <source file="/var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2"/>
  <target dev="vda" bus="virtio"/>
  <address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</disk>
<disk type="file" device="disk">
  <driver name="qemu" type="qcow2"/>
  <source file="/var/lib/avocado/data/avocado-vt/test.img"/>
  <target dev="sdb" bus="scsi"/>
  <address type="drive" controller="0" bus="0" target="0" unit="1"/>
</disk>

       

            2.create an image with luks encryption on rdb storage.

      #export key=xxxxx mon_host=xxxxx pool=backingchain_pool
#qemu-img create -f luks   --object secret,id=luks1.img_luks0,data=`printf %s "redhat" | base64`,format=base64 -o key-secret=luks1.img_luks0 rbd:backingchain_pool/luks_y.img:id=admin:key=$key:auth_supported=cephx:mon_host=$mon_host 500M
Formatting 'rbd:backingchain_pool/luks_y.img:id=admin:key=AQAvBtpjVr0LIhAA4VmK0v0aj75Q9HcgOWXLbA==:auth_supported=cephx:mon_host=blockauthceph.usersys.redhat.com', fmt=luks size=524288000 key-secret=luks1.img_luks0
 
#qemu-img info rbd:backingchain_pool/luks_y.img:id=admin:key=$key:auth_supported=cephx:mon_host=$mon_host
image: json:{"driver": "luks", "file": {"pool": "backingchain_pool", "image": "luks_y.img", "driver": "rbd", "namespace": "", "user": "admin"}}
file format: luks
virtual size: 500 MiB (524288000 bytes)
disk size: unavailable
encrypted: yes
cluster_size: 4194304

       

      #cat volume_sec.xml
<secret ephemeral='no' private='yes'>    
<description>Super secret name of my first puppy</description>    <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>    
<usage type='volume'> 
<volume>backingchain_pool/luks_y.img</volume> 
</usage> 
</secret>
#virsh secret-define volume_sec.xml  
Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
#virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f `printf %s "redhat" | base64`  
error: Passing secret value as command-line argument is insecure! 
Secret value set

       

      3.Define secret with ceph:

      #cat rdb_sec.xml
<secret ephemeral='no' private='yes'>
   <description>CEPH passphrase example</description>
<uuid>fac662b8-cae0-48c4-be23-2d7ed89d781e</uuid>
   <usage type='ceph'>
      <name>cephlibvirt</name>
   </usage>
</secret>

#virsh secret-define rdb_sec.xml
Secret fac662b8-cae0-48c4-be23-2d7ed89d781e created

#virsh secret-set-value fac662b8-cae0-48c4-be23-2d7ed89d781e --base64 $key
error: Passing secret value as command-line argument is insecure!
Secret value set

       

      4.Do blockcopy

      #cat rbd_test.xml 
<disk type="network" device="disk">
  <driver name="qemu" type="raw"/>
  <source protocol='rbd' name='backingchain_pool/luks_y.img'>
<auth username='admin'>
    <secret type='ceph' usage='cephlibvirt'/>
</auth>
<host name='blockauthceph.usersys.redhat.com'/>
<encryption format='luks' engine='librbd'>
  <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
  </source>
  <target dev="sdb" bus="scsi"/>
</disk>
 
#virsh start avocado-vt-vm1
#virsh blockcopy avocado-vt-vm1 sdb --xml rbd_test.xml --finish --transient-job --reuse-external --verbose --wait 
 

       

      Expected results:

      Block Copy: [100.00 %]
      Successfully copied

      Actual results:

      error: internal error: unable to execute QEMU command 'blockdev-add': encryption load fail: Invalid argument

              branto@redhat.com Boris Ranto
              nanli@redhat.com Nannan Li
              Boris Ranto Boris Ranto
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: