Hi Daniel,


I have noticed that it will fail exactly as you said if <cdrom> is first in the boot order, if <hd> is first in the boot order the XML validates and it starts as usual.


first in log except below is with cdrom set to first in boot order, second is with hd set first.

2018-08-09 11:39:28.625+0000: starting up libvirt version: 3.9.0, package: 14.el7_5.6 (CentOS BuildSystem <http://bugs.centos.org>, 2018-06-27-14:13:57, x86-01.bsys.centos.org), qemu version: 2.10.0(qemu-kvm-ev-2.10.0-21.el7_5.4.1), hostname: devnode9.com
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guest=kvm104,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-82-kvm104/master-key.aes -machine pc-i440fx-rhel7.5.0,accel=kvm,usb=off,dump-guest-core=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 5827d6a9-ef0e-4331-9d0e-fa742c70d596 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-82-kvm104/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=http://distro.ibiblio.org:80/puppylinux/puppy-xenial/32/xenialpup-7.5-uefi.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -drive file=/dev/Kvmvol/kvm104_img,format=raw,if=none,id=drive-virtio-disk0,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=32 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3c:07:e0:c9,bus=pci.0,addr=0x3 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc 0.0.0.0:4,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on
2018-08-09T11:39:28.690350Z qemu-kvm: -drive file=http://distro.ibiblio.org:80/puppylinux/puppy-xenial/32/xenialpup-7.5-uefi.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on: Driver 'http' is not whitelisted
2018-08-09 11:39:28.699+0000: shutting down, reason=failed


2018-08-09 11:40:04.963+0000: starting up libvirt version: 3.9.0, package: 14.el7_5.6 (CentOS BuildSystem <http://bugs.centos.org>, 2018-06-27-14:13:57, x86-01.bsys.centos.org), qemu version: 2.10.0(qemu-kvm-ev-2.10.0-21.el7_5.4.1), hostname: devnode9.com
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guest=kvm104,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-83-kvm104/master-key.aes -machine pc-i440fx-rhel7.5.0,accel=kvm,usb=off,dump-guest-core=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 5827d6a9-ef0e-4331-9d0e-fa742c70d596 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-83-kvm104/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive if=none,id=drive-ide0-0-1,readonly=on -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -drive file=/dev/Kvmvol/kvm104_img,format=raw,if=none,id=drive-virtio-disk0,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=32 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3c:07:e0:c9,bus=pci.0,addr=0x3 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc 0.0.0.0:4,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on

So my best guess based on the logs is that http is simply being ignored when it is not set to primary, not sure if that is the desired behavior.

Cheers.


From: Daniel P. Berrangé <berrange@redhat.com>
Sent: 09 August 2018 12:27
To: Inception Hosting
Cc: Vasiliy Tolstov; libvirt-users@redhat.com
Subject: Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU
 
On Thu, Aug 09, 2018 at 10:50:46AM +0000, Inception Hosting wrote:
> Just a quick correction and apologies, the actual issue is that http
> will not work, https will so I dont think this is a bug as such I
> think this is by design likely for security.
>
>
> Looking at the man page for qemu-kvm it states http will work with
> examples given however only https works, my best guess from looking
> at the spec file from the srpm is that it has only been enabled in
> the centos qemu-kvm-ev with https:

Yes, the qemu RPMs in centos & RHEL have disabled support for http://
protocol, however, I expect that to immediately fail when trying to
start the guest. eg

# /usr/libexec/qemu-kvm  -drive file=http://example.com/foo/bar -accel tcg
qemu-kvm: -drive file=http://example.com/foo/bar: Driver 'http' is not whitelisted

so I'm puzzelled why your guest successfully started at all with a
http protocol in use.

Are you able to share your QEMU log from /var/log/libvirt/qemu/$GUESTNAME.log
from a VM that fails to launch with http ?

Regards,
Daniel
--
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|


|: https://libvirt.org         -o-            https://fstop138.berrange.com :|


|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|