* [Qemu-devel] [PATCH 0/2] Fix NBD TLS iotests on RHEL-7 @ 2019-02-19 16:13 Daniel P. Berrangé 2019-02-19 16:13 ` [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error Daniel P. Berrangé 2019-02-19 16:13 ` [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool Daniel P. Berrangé 0 siblings, 2 replies; 8+ messages in thread From: Daniel P. Berrangé @ 2019-02-19 16:13 UTC (permalink / raw) To: qemu-devel; +Cc: qemu-block, Kevin Wolf, Max Reitz, Daniel P. Berrangé This fixes a failure of iotest 233 due to certtool problesm in RHEL7 wrt to SIGPIPE Daniel P. Berrangé (2): iotests: ensure we print nbd server log on error iotests: avoid broken pipe with certtool tests/qemu-iotests/233 | 3 +++ tests/qemu-iotests/common.tls | 48 +++++++++++++++++++++++------------ 2 files changed, 35 insertions(+), 16 deletions(-) -- 2.20.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error 2019-02-19 16:13 [Qemu-devel] [PATCH 0/2] Fix NBD TLS iotests on RHEL-7 Daniel P. Berrangé @ 2019-02-19 16:13 ` Daniel P. Berrangé 2019-02-19 16:35 ` Eric Blake 2019-02-19 16:13 ` [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool Daniel P. Berrangé 1 sibling, 1 reply; 8+ messages in thread From: Daniel P. Berrangé @ 2019-02-19 16:13 UTC (permalink / raw) To: qemu-devel; +Cc: qemu-block, Kevin Wolf, Max Reitz, Daniel P. Berrangé If we abort the iotest early the server.log file might contain useful information for diagnosing the problem. Ensure its contents are displayed in this case. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tests/qemu-iotests/233 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index fc345a1a46..27932df075 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -30,6 +30,8 @@ _cleanup() { nbd_server_stop _cleanup_test_img + # If we aborted early we want to see this log for diagnosis + test -f "$TEST_DIR/server.log" && cat "$TEST_DIR/server.log" rm -f "$TEST_DIR/server.log" tls_x509_cleanup } @@ -120,6 +122,7 @@ $QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io echo echo "== final server log ==" cat "$TEST_DIR/server.log" +rm -f $TEST_DIR/server.log # success, all done echo "*** done" -- 2.20.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error 2019-02-19 16:13 ` [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error Daniel P. Berrangé @ 2019-02-19 16:35 ` Eric Blake 0 siblings, 0 replies; 8+ messages in thread From: Eric Blake @ 2019-02-19 16:35 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel; +Cc: Kevin Wolf, qemu-block, Max Reitz On 2/19/19 10:13 AM, Daniel P. Berrangé wrote: > If we abort the iotest early the server.log file might contain useful > information for diagnosing the problem. Ensure its contents are > displayed in this case. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > tests/qemu-iotests/233 | 3 +++ > 1 file changed, 3 insertions(+) Reviewed-by: Eric Blake <eblake@redhat.com> > > diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 > index fc345a1a46..27932df075 100755 > --- a/tests/qemu-iotests/233 > +++ b/tests/qemu-iotests/233 > @@ -30,6 +30,8 @@ _cleanup() > { > nbd_server_stop > _cleanup_test_img > + # If we aborted early we want to see this log for diagnosis > + test -f "$TEST_DIR/server.log" && cat "$TEST_DIR/server.log" > rm -f "$TEST_DIR/server.log" > tls_x509_cleanup > } > @@ -120,6 +122,7 @@ $QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io > echo > echo "== final server log ==" > cat "$TEST_DIR/server.log" > +rm -f $TEST_DIR/server.log > > # success, all done > echo "*** done" > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool 2019-02-19 16:13 [Qemu-devel] [PATCH 0/2] Fix NBD TLS iotests on RHEL-7 Daniel P. Berrangé 2019-02-19 16:13 ` [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error Daniel P. Berrangé @ 2019-02-19 16:13 ` Daniel P. Berrangé 2019-02-19 16:19 ` Thomas Huth 2019-02-19 16:42 ` Eric Blake 1 sibling, 2 replies; 8+ messages in thread From: Daniel P. Berrangé @ 2019-02-19 16:13 UTC (permalink / raw) To: qemu-devel Cc: qemu-block, Kevin Wolf, Max Reitz, Daniel P. Berrangé, Thomas Huth When we run "certtool | head -1" the latter command is likely to complete and exit before certtool has written everything it wants to stderr. In at least the RHEL-7 gnutls 3.3.29 this causes certtool to quit with broken pipe before it has finished writing the desired output file to disk. This causes non-deterministic failures of the iotest 233 because the certs are sometimes zero length files. If certtool fails the "head -1" means we also loose any useful error message it would have printed. Thus this patch gets rid of the pipe and post-processes the output in a more flexible & reliable manner. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tests/qemu-iotests/common.tls | 48 +++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls index eae81789bb..6cf11ed383 100644 --- a/tests/qemu-iotests/common.tls +++ b/tests/qemu-iotests/common.tls @@ -29,6 +29,17 @@ tls_x509_cleanup() } +tls_certtool() +{ + certtool "$@" 1>certtool.log 2>&1 + if test "$?" = 0; then + head -1 certtool.log + else + cat certtool.log + fi + rm -f certtool.log +} + tls_x509_init() { (certtool --help) >/dev/null 2>&1 || \ @@ -71,10 +82,11 @@ ca cert_signing_key EOF - certtool --generate-self-signed \ - --load-privkey "${tls_dir}/key.pem" \ - --template "${tls_dir}/ca.info" \ - --outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1 + tls_certtool \ + --generate-self-signed \ + --load-privkey "${tls_dir}/key.pem" \ + --template "${tls_dir}/ca.info" \ + --outfile "${tls_dir}/$name-cert.pem" rm -f "${tls_dir}/ca.info" } @@ -98,12 +110,14 @@ encryption_key signing_key EOF - certtool --generate-certificate \ - --load-ca-privkey "${tls_dir}/key.pem" \ - --load-ca-certificate "${tls_dir}/$caname-cert.pem" \ - --load-privkey "${tls_dir}/key.pem" \ - --template "${tls_dir}/cert.info" \ - --outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1 + tls_certtool \ + --generate-certificate \ + --load-ca-privkey "${tls_dir}/key.pem" \ + --load-ca-certificate "${tls_dir}/$caname-cert.pem" \ + --load-privkey "${tls_dir}/key.pem" \ + --template "${tls_dir}/cert.info" \ + --outfile "${tls_dir}/$name/server-cert.pem" + ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem" ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem" @@ -127,12 +141,14 @@ encryption_key signing_key EOF - certtool --generate-certificate \ - --load-ca-privkey "${tls_dir}/key.pem" \ - --load-ca-certificate "${tls_dir}/$caname-cert.pem" \ - --load-privkey "${tls_dir}/key.pem" \ - --template "${tls_dir}/cert.info" \ - --outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1 + tls_certtool \ + --generate-certificate \ + --load-ca-privkey "${tls_dir}/key.pem" \ + --load-ca-certificate "${tls_dir}/$caname-cert.pem" \ + --load-privkey "${tls_dir}/key.pem" \ + --template "${tls_dir}/cert.info" \ + --outfile "${tls_dir}/$name/client-cert.pem" + ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem" ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem" -- 2.20.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool 2019-02-19 16:13 ` [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool Daniel P. Berrangé @ 2019-02-19 16:19 ` Thomas Huth 2019-02-19 16:21 ` Daniel P. Berrangé 2019-02-19 16:42 ` Eric Blake 1 sibling, 1 reply; 8+ messages in thread From: Thomas Huth @ 2019-02-19 16:19 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel; +Cc: qemu-block, Kevin Wolf, Max Reitz On 19/02/2019 17.13, Daniel P. Berrangé wrote: > When we run "certtool | head -1" the latter command is likely to > complete and exit before certtool has written everything it wants to > stderr. In at least the RHEL-7 gnutls 3.3.29 this causes certtool to > quit with broken pipe before it has finished writing the desired > output file to disk. This causes non-deterministic failures of the > iotest 233 because the certs are sometimes zero length files. > If certtool fails the "head -1" means we also loose any useful error > message it would have printed. > > Thus this patch gets rid of the pipe and post-processes the output in a > more flexible & reliable manner. > > Reported-by: Thomas Huth <thuth@redhat.com> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > tests/qemu-iotests/common.tls | 48 +++++++++++++++++++++++------------ > 1 file changed, 32 insertions(+), 16 deletions(-) > > diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls > index eae81789bb..6cf11ed383 100644 > --- a/tests/qemu-iotests/common.tls > +++ b/tests/qemu-iotests/common.tls > @@ -29,6 +29,17 @@ tls_x509_cleanup() > } > > > +tls_certtool() > +{ > + certtool "$@" 1>certtool.log 2>&1 > + if test "$?" = 0; then > + head -1 certtool.log > + else > + cat certtool.log > + fi > + rm -f certtool.log > +} I assume this is running in a unique directory so that there can not be a clash with a test running in parallel? Otherwise I'd recommend an mktemp file name here... Anyway, this fixes the issue for me, too, thus: Tested-by: Thomas Huth <thuth@redhat.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool 2019-02-19 16:19 ` Thomas Huth @ 2019-02-19 16:21 ` Daniel P. Berrangé 2019-02-19 16:37 ` Eric Blake 0 siblings, 1 reply; 8+ messages in thread From: Daniel P. Berrangé @ 2019-02-19 16:21 UTC (permalink / raw) To: Thomas Huth; +Cc: qemu-devel, qemu-block, Kevin Wolf, Max Reitz On Tue, Feb 19, 2019 at 05:19:46PM +0100, Thomas Huth wrote: > On 19/02/2019 17.13, Daniel P. Berrangé wrote: > > When we run "certtool | head -1" the latter command is likely to > > complete and exit before certtool has written everything it wants to > > stderr. In at least the RHEL-7 gnutls 3.3.29 this causes certtool to > > quit with broken pipe before it has finished writing the desired > > output file to disk. This causes non-deterministic failures of the > > iotest 233 because the certs are sometimes zero length files. > > If certtool fails the "head -1" means we also loose any useful error > > message it would have printed. > > > > Thus this patch gets rid of the pipe and post-processes the output in a > > more flexible & reliable manner. > > > > Reported-by: Thomas Huth <thuth@redhat.com> > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > --- > > tests/qemu-iotests/common.tls | 48 +++++++++++++++++++++++------------ > > 1 file changed, 32 insertions(+), 16 deletions(-) > > > > diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls > > index eae81789bb..6cf11ed383 100644 > > --- a/tests/qemu-iotests/common.tls > > +++ b/tests/qemu-iotests/common.tls > > @@ -29,6 +29,17 @@ tls_x509_cleanup() > > } > > > > > > +tls_certtool() > > +{ > > + certtool "$@" 1>certtool.log 2>&1 > > + if test "$?" = 0; then > > + head -1 certtool.log > > + else > > + cat certtool.log > > + fi > > + rm -f certtool.log > > +} > > I assume this is running in a unique directory so that there can not be > a clash with a test running in parallel? Otherwise I'd recommend an > mktemp file name here... Hmm, could be a problem. Whatever happened to the plan to make every iotests run in a private directory ? Did that ever get done ? > > Anyway, this fixes the issue for me, too, thus: > > Tested-by: Thomas Huth <thuth@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool 2019-02-19 16:21 ` Daniel P. Berrangé @ 2019-02-19 16:37 ` Eric Blake 0 siblings, 0 replies; 8+ messages in thread From: Eric Blake @ 2019-02-19 16:37 UTC (permalink / raw) To: Daniel P. Berrangé, Thomas Huth Cc: Kevin Wolf, qemu-devel, qemu-block, Max Reitz On 2/19/19 10:21 AM, Daniel P. Berrangé wrote: >>> +tls_certtool() >>> +{ >>> + certtool "$@" 1>certtool.log 2>&1 >>> + if test "$?" = 0; then >>> + head -1 certtool.log >>> + else >>> + cat certtool.log >>> + fi >>> + rm -f certtool.log >>> +} >> >> I assume this is running in a unique directory so that there can not be >> a clash with a test running in parallel? Otherwise I'd recommend an >> mktemp file name here... > > Hmm, could be a problem. Whatever happened to the plan to make every > iotests run in a private directory ? Did that ever get done ? Nope, still not done :( Jeff left Red Hat, and so far no one else has revived his series. Volunteers? -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool 2019-02-19 16:13 ` [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool Daniel P. Berrangé 2019-02-19 16:19 ` Thomas Huth @ 2019-02-19 16:42 ` Eric Blake 1 sibling, 0 replies; 8+ messages in thread From: Eric Blake @ 2019-02-19 16:42 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel Cc: Kevin Wolf, Thomas Huth, qemu-block, Max Reitz On 2/19/19 10:13 AM, Daniel P. Berrangé wrote: > When we run "certtool | head -1" the latter command is likely to > complete and exit before certtool has written everything it wants to > stderr. In at least the RHEL-7 gnutls 3.3.29 this causes certtool to > quit with broken pipe before it has finished writing the desired > output file to disk. This causes non-deterministic failures of the > iotest 233 because the certs are sometimes zero length files. > If certtool fails the "head -1" means we also loose any useful error > message it would have printed. > > Thus this patch gets rid of the pipe and post-processes the output in a > more flexible & reliable manner. > Better than my attempt. > Reported-by: Thomas Huth <thuth@redhat.com> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > tests/qemu-iotests/common.tls | 48 +++++++++++++++++++++++------------ > 1 file changed, 32 insertions(+), 16 deletions(-) As Thomas pointed out, it is not parallel-safe, but that's a bigger issue with all of the iotests, so not this patch's problem. > > diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls > index eae81789bb..6cf11ed383 100644 > --- a/tests/qemu-iotests/common.tls > +++ b/tests/qemu-iotests/common.tls > @@ -29,6 +29,17 @@ tls_x509_cleanup() > } > > > +tls_certtool() > +{ > + certtool "$@" 1>certtool.log 2>&1 I tend to use '>' instead of '1>', but they are identical. > + if test "$?" = 0; then > + head -1 certtool.log Technically, POSIX says 'head -1' is not portable (it was historical practice, but a wording change in POSIX 2001 made it invalid, which wasn't fixed until POSIX 2008 - and there are historical versions of GNU coreutils which went out of their way to reject the usage, although that has since been fixed); the portable spelling these days is 'head -n1'. But as the test was already using 'head -1', I'm not going to make you switch it. Reviewed-by: Eric Blake <eblake@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-02-19 16:43 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-02-19 16:13 [Qemu-devel] [PATCH 0/2] Fix NBD TLS iotests on RHEL-7 Daniel P. Berrangé 2019-02-19 16:13 ` [Qemu-devel] [PATCH 1/2] iotests: ensure we print nbd server log on error Daniel P. Berrangé 2019-02-19 16:35 ` Eric Blake 2019-02-19 16:13 ` [Qemu-devel] [PATCH 2/2] iotests: avoid broken pipe with certtool Daniel P. Berrangé 2019-02-19 16:19 ` Thomas Huth 2019-02-19 16:21 ` Daniel P. Berrangé 2019-02-19 16:37 ` Eric Blake 2019-02-19 16:42 ` Eric Blake
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).