Xend and libvirt
by David K. Kahurani
Hello
On a probably a few days old build of libvirt, it is not possible to connect to my local system.
The command used is:
$virsh -c xen:///system
The errors can be seen from libvirtd logs[1] an interesting part being:
"
Aug 01 16:30:13 metal libvirtd[1680]: Failed to connect socket to '/var/run/libvirt/virtxend-sock':>
Aug 01 16:30:13 metal libvirtd[1680]: End of file while reading data: Input/output error "
>From the log, libxl driver is trying to connect to a socket which is tagged xend.
My host is running Xen 5.1+ release from which Xend has been removed. Xend was removed from Xen in 4.5+ release, at least according to the docs[2]
"xl was introduced in the Xen 4.1 release, however xend remained the default. At the time of the Xen 4.2 release, xend was declared deprecated and xl became the default toolstack. xend has finally been removed from the Xen 4.5 release"
Any ideas would be much appreciated!
Sincerely,
David
1. https://termbin.com/l1br
2. https://wiki.xen.org/wiki/XL
4 years, 4 months
Cannot pass secret id for backing file after taking external snapshot on encrypted qcow2 file
by yaohua.wu@zstack.io
Hi,
I used 'virsh snapshot-create' create an encrypted external snapshot, when I try to use 'qemu-img check' top file, found no entrance to pass backing-file's secret-id
1、Version
centos-release-8.2-2.2004.0.1.el8.x86_64
libvirt.x86_64 6.0.0-17.el8
qemu-kvm.x86_64 15:4.2.0-19.el82、Reproduce Steps
1)Create an encrypted qcow2
qemu-img create --object secret,id=sec0,data=123456 -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 first.qcow2 1G
2)Create external snapshot with 'encrypted' xml
# cat snap.xml
<domainsnapshot>
<disks>
<disk name='hdc' snapshot='no'/>
<disk name='vdb' snapshot='external'>
<source file='/root/first-snapshot.qcow2'>
<encryption format='luks'>
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
</encryption>
</source>
</disk>
</disks>
</domainsnapshot>
# virsh dumpxml test-vm | awk '/<disk/,/<\/disk/'
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/root/first-snapshot.qcow2' index='5'/>
<backingStore type='file' index='2'>
<format type='qcow2'/>
<source file='/root/first.qcow2'>
<encryption format='luks'>
<secret type='passphrase' uuid='f981dd17-143f-45bc-88e6-222222222222'/>
</encryption>
</source>
<backingStore/>
</backingStore>
<target dev='vdb' bus='virtio'/>
<encryption format='luks'>
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
</encryption>
<alias name='virtio-disk1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
</disk>
3)try to qemu-img check top qcow2 file
Note: The secid of the backing file is not recorded, so when I use qemu-img check/etc.. how to pass the secret to qemu of backing files
# qemu-img info -U first-snapshot.qcow2
image: first-snapshot.qcow2
file format: qcow2
virtual size: 1 GiB (1073741824 bytes)
disk size: 544 KiB
encrypted: yes
cluster_size: 65536
backing file: /root/first.qcow2 ### backing file: json:{"encrypt.format": "luks", "encrypt.key-secret": "secrete-id"}
backing file format: luks
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
encrypt:
ivgen alg: plain64
hash alg: sha256
cipher alg: aes-256
uuid: e4158089-26e4-433f-990e-1d1d0723feee
format: luks
cipher mode: xts
slots:
[0]:
active: true
iters: 1257888
key offset: 4096
stripes: 4000
[1]:
active: false
key offset: 262144
[2]:
active: false
key offset: 520192
[3]:
active: false
key offset: 778240
[4]:
active: false
key offset: 1036288
[5]:
active: false
key offset: 1294336
[6]:
active: false
key offset: 1552384
[7]:
active: false
key offset: 1810432
payload offset: 2068480
master key iters: 300073
corrupt: false
# qemu-img check -U --object secret,id=sec_1,file=/etc/libvirt/secrets/f52a81b2-424e-490c-823d-6bd4235bc572.base64,format=base64 --image-opts encrypt.format=luks,encrypt.key-secret=sec_1,file.filename=first-snapshot.qcow2 --object secret,id=sec_2,file=/etc/libvirt/secrets/f981dd17-143f-45bc-88e6-222222222222.base64,format=base64
qemu-img: Could not open 'encrypt.format=luks,encrypt.key-secret=sec_1,file.filename=first-snapshot.qcow2': Could not open backing file: Parameter 'key-secret' is required for cipher
yaohua.wu(a)zstack.io
4 years, 4 months