[libvirt] [PATCH 00/30] storagefile, security: qcow2 data_file support

Cole Robinson crobinso at redhat.com
Tue Oct 8 16:24:58 UTC 2019 

On 10/8/19 1:52 AM, Christian Ehrhardt wrote:
> On Mon, Oct 7, 2019 at 11:49 PM Cole Robinson <crobinso at redhat.com> wrote:
>>
>> This series is the first steps to teaching libvirt about qcow2
>> data_file support, aka external data files or qcow2 external metadata.
>>
>> A bit about the feature: it was added in qemu 4.0. It essentially
>> creates a two part image file: a qcow2 layer that just tracks the
>> image metadata, and a separate data file which is stores the VM
>> disk contents. AFAICT the driving use case is to keep a fully coherent
>> raw disk image on disk, and only use qcow2 as an intermediate metadata
>> layer when necessary, for things like incremental backup support.
>>
>> The original qemu patch posting is here:
>> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg07496.html
>>
>> For testing, you can create a new qcow2+raw data_file image from an
>> existing image, like:
>>
>>      qemu-img convert -O qcow2 \
>>          -o data_file=NEW.raw,data_file_raw=yes
>>          EXISTING.raw NEW.qcow2
>>
>> The goal of this series is to teach libvirt enough about this case
>> so that we can correctly relabel the data_file on VM startup/shutdown.
>> The main functional changes are
>>
>>    * Teach storagefile how to parse out data_file from the qcow2 header
>>    * Store the raw string as virStorageSource->externalDataStoreRaw
>>    * Track that as its out virStorageSource in externalDataStore
>>    * dac/selinux relabel externalDataStore as needed
>>
>> >From libvirt's perspective, externalDataStore is conceptually pretty
>> close to a backingStore, but the main difference is its read/write
>> permissions should match its parent image, rather than being readonly
>> like backingStore.
>>
>> This series has only been tested on top of the -blockdev enablement
>> series, but I don't think it actually interacts with that work at
>> the moment.
>>
>>
>> Future work:
>>    * Exposing this in the runtime XML. We need to figure out an XML
>>      schema. It will reuse virStorageSource obviously, but the main
>>      thing to figure out is probably 1) what the top element name
>>      should be ('dataFile' maybe?), 2) where it sits in the XML
>>      hierarchy (under <disk> or under <source> I guess)
>>
>>    * Exposing this on the qemu -blockdev command line. Similar to how
>>      in the blockdev world we are explicitly putting the disk backing
>>      chain on the command line, we can do that for data_file too. Then
>>      like persistent <backingStore> XML the user will have the power
>>      to overwrite the data_file location for an individual VM run.
>>
>>    * Figure out how we expect ovirt/rhev to be using this at runtime.
>>      Possibly taking a running VM using a raw image, doing blockdev-*
>>      magic to pivot it to qcow2+raw data_file, so it can initiate
>>      incremental backup on top of a previously raw only VM?
>>
>>
>> Known issues:
>>    * In the qemu driver, the qcow2 image metadata is only parsed
>>      in -blockdev world if no <backingStore> is specified in the
>>      persistent XML. So basically if there's a <backingStore> listed,
>>      we never parse the qcow2 header and detect the presence of
>>      data_file. Fixable I'm sure but I didn't look into it much yet.
>>
>> Most of this is cleanups and refactorings to simplify the actual
>> functional changes.
>>
>> Cole Robinson (30):
>>    storagefile: Make GetMetadataInternal static
>>    storagefile: qcow1: Check for BACKING_STORE_OK
>>    storagefile: qcow1: Fix check for empty backing file
>>    storagefile: qcow1: Let qcowXGetBackingStore fill in format
>>    storagefile: Check version to determine if qcow2 or not
>>    storagefile: Drop now unused isQCow2 argument
>>    storagefile: Use qcowXGetBackingStore directly
>>    storagefile: Push 'start' into qcow2GetBackingStoreFormat
>>    storagefile: Push extension_end calc to qcow2GetBackingStoreFormat
>>    storagefile: Rename qcow2GetBackingStoreFormat
>>    storagefile: Rename qcow2GetExtensions 'format' argument
>>    storagefile: Fix backing format \0 check
>>    storagefile: Add externalDataStoreRaw member
>>    storagefile: Parse qcow2 external data file
>>    storagefile: Fill in meta->externalDataStoreRaw
>>    storagefile: Don't access backingStoreRaw directly in
>>      FromBackingRelative
>>    storagefile: Split out virStorageSourceNewFromChild
>>    storagefile: Add externalDataStore member
>>    storagefile: Fill in meta->externalDataStore
>>    security: dac: Drop !parent handling in SetImageLabelInternal
>>    security: dac: Add is_toplevel to SetImageLabelInternal
>>    security: dac: Restore image label for externalDataStore
>>    security: dac: break out SetImageLabelRelative
>>    security: dac: Label externalDataStore
>>    security: selinux: Simplify SetImageLabelInternal
>>    security: selinux: Drop !parent handling in SetImageLabelInternal
>>    security: selinux: Add is_toplevel to SetImageLabelInternal
>>    security: selinux: Restore image label for externalDataStore
>>    security: selinux: break out SetImageLabelRelative
>>    security: selinux: Label externalDataStore
> 
> Hi Cole,
> it seems the changes to dac/selinux follow a common pattern, in the
> past those changes then mostly applied to security-apparmor as well.
> Are you going to add patches for that security backend as well before
> this is final or do you expect the apparmor users Debian/Suse/Ubuntu
> to do so later on?
> 
> Furthermore for the static XML->Apparmor part it will most likely need
> an extension to [1] as well.
> Fortunately as you said it is very similar to backingDevices which
> means it should be rather easy to add this.
> 
> [1]: https://libvirt.org/git/?p=libvirt.git;a=blob;f=src/security/virt-aa-helper.c;h=5853ad985fe17c91af3f1dc39d179f22a1dca5b7;hb=HEAD#l980

I forgot about apparmor, sorry. I just sent a series and CCd you that 
does some apparmor cleanups and tweaks so that for this series the 
data_file coverage is just this extra diff:

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d9f6b5638b..fc095d2964 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -948,6 +948,10 @@ storage_source_add_files(virStorageSourcePtr src,
          if (add_file_path(tmp, depth, buf) < 0)
              return -1;

+        if (src->externalDataStore &&
+            storage_source_add_files(src->externalDataStore, buf, 
depth) < 0)
+            return -1;
+
          depth++;
      }

I will add a proper patch for that when the prep work hits git

Thanks,
Cole

More information about the libvir-list mailing list