[libvirt] [PATCH v3 0/5] introduce support for an embedded driver mode

Michal Privoznik mprivozn at redhat.com
Wed Jan 8 16:30:23 UTC 2020

On 12/20/19 3:16 PM, Daniel P. Berrangé wrote:

Hm.. maybe I'm doing something wrong, but the following doesn't work for 
me. Note, "fedora" is a VM with two disks:

     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2' discard='unmap'/>
       <source file='/var/lib/libvirt/images/fedora.qcow2'/>
       <target dev='sda' bus='scsi'/>
       <boot order='1'/>
       <address type='drive' controller='0' bus='0' target='0' unit='0'/>
     <disk type='network' device='disk'>
       <driver name='qemu' type='raw'/>
       <source protocol='iscsi' 
         <host name='iscsi-server.example.com' port='3260'/>
           <iqn name='iqn.2017-03.com.mprivozn:client'/>
         <auth username='mprivozn'>
           <secret type='iscsi' usage='iscsi-secret-pool'/>
       <target dev='vda' bus='virtio'/>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x03' 

libvirt.git/_build # ./tools/virsh -c qemu:///embed?root=/tmp/embed/
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
        'quit' to quit

virsh # list --all
  Id   Name     State
  -    fedora   shut off

virsh # connect secret:///embed?root=/tmp/embed

virsh # secret-list
  UUID                                   Usage
  4cf62bac-6a9f-4b9a-ba33-8c4d96b0e2e4   iscsi iscsi-secret-pool

virsh # connect qemu:///embed?root=/tmp/embed

virsh # start fedora
2020-01-08 15:37:57.294+0000: 44566: info : libvirt version: 6.0.0
2020-01-08 15:37:57.294+0000: 44566: info : hostname: moe
2020-01-08 15:37:57.294+0000: 44566: warning : 
qemuDomainDefValidate:5835 : CPU topology doesn't match numa CPU count; 
partial NUMA mapping is obsoleted and will be removed in future
error: Failed to start domain fedora
error: internal error: URI must be secret:///embed

However, running the domain (with the same disks) from regular URI is 
impossible either:

libvirt.git/_build # ./tools/virsh -c qemu:///system start fedora
error: Failed to start domain fedora
error: internal error: no internalFlags support

This is because if the secret is private, then we don't want to allow 
clients getting its value. And if running the monolithic daemon, the 
conn->secretDrive is initialized to point right to the secret driver. 
But when using split daemons, then the connection points to the remote 
secret driver and virtqemud is then unable to obtain the secret value.
Unfortunately, I don't see a way around this. I mean other than allow 
getting the value on RPC layer.


More information about the libvir-list mailing list