Ubuntu
libvirt package

  1. Bug #1744758
  2. Comment #3

Comment 3 for bug 1744758

Revision history for this message
Lee Yarwood (lyarwood) wrote :

So the issue only appears with the Ocata UCA repo that provides the 2.5.0-3ubuntu5.6~cloud0 build. Why we are installing this in the OpenStack CI upgrade jobs between Pike and Queens is beyond me but something we should be able to correct outside of this bug.

Anyway, here are some notes on reproducing this using the Ocata UCA repo :

- Update libvirt using the Ocata UCA repo

# add-apt-repository cloud-archive:ocata
# apt update
# apt upgrade
# dpkg -l | grep libvirt
ii libvirt-bin 2.5.0-3ubuntu5.6~cloud0 amd64 programs for the libvirt library
ii libvirt-clients 2.5.0-3ubuntu5.6~cloud0 amd64 Programs for the libvirt library
ii libvirt-daemon 2.5.0-3ubuntu5.6~cloud0 amd64 Virtualization daemon
ii libvirt-daemon-system 2.5.0-3ubuntu5.6~cloud0 amd64 Libvirt daemon configuration files
ii libvirt0:amd64 2.5.0-3ubuntu5.6~cloud0 amd64 library for interfacing with different virtualization systems
ii python-libvirt 3.0.0-2~cloud0 amd64 libvirt Python bindings

- Create a LUKS encrypted disk and associated secret containing the required passphrase

# qemu-img create -f luks --object secret,id=luks_sec,format=raw,data=1234 -o key-secret=luks_sec /var/lib/libvirt/images/test.img 1G

# cat sec.xml
<secret ephemeral='no' private='yes'>
   <uuid>8b0c5785-9e28-4c39-8b5d-21b42446ce35</uuid>
   <usage type='volume'>
      <volume>/var/lib/libvirt/images/test.img</volume>
   </usage>
</secret>
# virsh secret-define sec.xml
# virsh secret-set-value 8b0c5785-9e28-4c39-8b5d-21b42446ce35 $(printf %s "1234" | base64)

- Create a test domain to attach this disk to

wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img -O /var/lib/libvirt/images/cirros-0.4.0-x86_64-disk.img
virt-install --import --name test --vcpus 1 --ram 512 --disk path=/var/lib/libvirt/images/cirros-0.4.0-x86_64-disk.img --nographic

- Create the associated XML for the disk and attempt to attach it to the domain

# cat disk.xml
<disk type="file" device="disk">
 <driver name="qemu" type="qcow2" cache="none" io="native"/>
 <source file="/var/lib/libvirt/images/test.img"/>
 <target dev='vdb' bus='virtio'/>
 <encryption format='luks'>
  <secret type='passphrase' uuid='8b0c5785-9e28-4c39-8b5d-21b42446ce35'/>
 </encryption>
</disk>

# virsh attach-device test disk.xml
error: Failed to attach device from disk.xml
error: unsupported configuration: luks encryption requires encrypted secrets to be supported

- Upgrade to the Pike UCA and Libvirt 3.6.0:

# add-apt-repository cloud-archive:pike
# apt update
# apt upgrade

# dpkg -l | grep libvirt
ii libvirt-bin 3.6.0-1ubuntu6~cloud0 amd64 programs for the libvirt library
ii libvirt-clients 3.6.0-1ubuntu6~cloud0 amd64 Programs for the libvirt library
ii libvirt-daemon 3.6.0-1ubuntu6~cloud0 amd64 Virtualization daemon
ii libvirt-daemon-system 3.6.0-1ubuntu6~cloud0 amd64 Libvirt daemon configuration files
ii libvirt0:amd64 3.6.0-1ubuntu6~cloud0 amd64 library for interfacing with different virtualization systems
ii python-libvirt 3.5.0-1build1~cloud0 amd64 libvirt Python bindings

# systemctl restart libvirtd
# virsh attach-device test disk.xml
Device attached successfully