Hi John,
On 13/10/16 21:37, John Ferlan wrote:
So could you provide a bit more information about the configuration.
Are you indicating that you have an RBD pool with a volume that's being
used as a SCSI device on the guest?
We are indeed using Ceph (RBD) pool volumes, attached via virtio-scsi to
the guests.
Reason I ask - not modifying qemuDomainAttachSCSIDisk was by choice
mainly because it's generally used with the iSCSI pool which at this
point in time cannot support this new secret model.
Even though iSCSI doesn't support secrets this way, doesn't mean it
isn't necessary for RBD. In particular, the current handling is
inconsistent between domain creation and hotplugging of a volume. On
domain creation, the secret object is added just fine.
On hotplug, when libvirt talks to the qemu monitor, it tells qemu to
create a virtio-scsi device, rbd-backed, with the secret pointing to a
secret object. However, that secret object is *NOT* currently being
inserted via the qemu mon communication, and so the command fails to
actually attach the disk.
Considering libvirt is already telling qemu on hotplug that there is
some secret with a given name, it sounds logical to actually add that
secret object. Plus, that's consistent, as I said, with how domain
creation works.
As for iSCSI not supporting it - I'm not sure I see the problem. The
patch I submitted qualifies the creation of the aes key object with
whether secinfo is present for the disk, and it's of AES type.
And for reference, below is the conversation libvirt and the qemu
monitor were having before this patch, including the XML. Since libvirt
wasn't adding the scsi0-0-0-1-secret0 object, it all failed rather
miserably.
2016-10-07 14:09:40.974+0000: 13608: info : qemuMonitorIOWrite:534 :
QEMU_MONITOR_IO_WRITE: mon=0x7f7c00eb60
buf={"execute":"human-monitor-command","arguments":{"command-line":"drive_add
dummy
file=rbd:volumes/volume-e51d02fc-7399-4e51-bdde-84577ba79990:id=nova:auth_supported=cephx\\;none:mon_host=10.10.0.101\\:6789\\;10.10.0.111\\:6789\\;10.10.0.112\\:6789,file.password-secret=scsi0-0-0-1-secret0,format=raw,if=none,id=drive-scsi0-0-0-1,serial=e51d02fc-7399-4e51-bdde-84577ba79990,cache=none"},"id":"libvirt-14"}
2016-10-07 14:09:40.987+0000: 13608: info : qemuMonitorIOProcess:429 :
QEMU_MONITOR_IO_PROCESS: mon=0x7f7c00eb60 buf={"return": "No secret with
id 'scsi0-0-0-1-secret0'\r\n", "id": "libvirt-14"}
len=79
for this XML:
<disk type="network" device="disk">
<driver name="qemu" type="raw" cache="none"/>
<source protocol="rbd"
name="volumes/volume-e51d02fc-7399-4e51-bdde-84577ba79990">
<host name="10.10.0.101" port="6789"/>
<host name="10.10.0.111" port="6789"/>
<host name="10.10.0.112" port="6789"/>
</source>
<auth username="nova">
<secret type="ceph" uuid="some-uuid..."/>
</auth>
<target bus="scsi" dev="sdb"/>
<serial>e51d02fc-7399-4e51-bdde-84577ba79990</serial>
</disk>
Thanks,
Gema
--
Gema Gomez-Solano
Tech Lead, SDI
Linaro Ltd
IRC: gema@#linaro on irc.freenode.net
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list