[libvirt] Stored secrets seem to get corrupted

Wido den Hollander wido at widodh.nl
Tue Jul 3 13:11:59 UTC 2012 


On 25-06-12 16:54, Daniel P. Berrange wrote:
>
>> Notice this behavior:
>>
>> root at stack01:~# virsh secret-set-value
>> 322bccea-f2ed-4eae-a7e5-d0793ffb162d
>> AQAE+uJPCFpELBAAkTniQvHabBGj0Quwnu2imA==
>> Secret value set
>>
>> root at stack01:~# md5sum
>> /etc/libvirt/secrets/322bccea-f2ed-4eae-a7e5-d0793ffb162d.base64
>> b4b147bc522828731f1a016bfa72c073
>> /etc/libvirt/secrets/322bccea-f2ed-4eae-a7e5-d0793ffb162d.base64
>> root at stack01:~# virsh secret-set-value
>> 322bccea-f2ed-4eae-a7e5-d0793ffb162d
>> AQAE+uJPCFpELBAAkTniQvHabBGj0Quwnu2imA==
>> Secret value set
>>
>> root at stack01:~# md5sum
>> /etc/libvirt/secrets/322bccea-f2ed-4eae-a7e5-d0793ffb162d.base64
>> 927e2458c32cc3f6754d91694e41333f
>> /etc/libvirt/secrets/322bccea-f2ed-4eae-a7e5-d0793ffb162d.base64
>> root at stack01:~#
>>
>> As you can see, the md5sum of the file changes when I set the value
>> of the secret to the same.
>
> That is really bizarre. Can you look at what is actually stored
> in the .base64 file each time ? And what 'secret-get-value'
> replies with ?

I haven't been able to look into this any further, however: I just 
downloaded 0.9.13 from the libvirt website and installed it on a totally 
different host which is also running Ubuntu 12.04

I wanted to start a virtual machine with RBD storage and that failed, 
the secret was corrupted...

The symptoms on this machine are exactly the same, the secret file is 
just 2 bytes big.

root at amd:~# ls -al /etc/libvirt/secrets/*.base64
-rw------- 1 root root 2 Jul  3 15:02 
/etc/libvirt/secrets/69f9540e-f0ce-4184-8254-9b22efade5f2.base64
root at amd:~#

>
> This is the correct behaviour tht I see myself too.
>
>> I verified that stack01 isn't out of disk space or out of inodes,
>> those are in the acceptable values range.
>>
>> Any suggestions?
>
> I think you'll probably need to add some more  VIR_DEBUG lines
> to secret_driver.c to see where in the process it is going
> wrong. Or perhaps strace libvirtd to see what it thinks it
> is writing out & whether any errors appear.
>

I haven't added any VIR_DEBUG lines yet, but stracing the libvirtd 
process doesn't show any fopen() nor fwrites() to any *.base64 files.

Wido

More information about the libvir-list mailing list