This commit extends libvirt XML configuration to support a custom encryption engine.
This means that <encryption format="luks" engine="qemu"> becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).
Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
content of the <code>encryption</code> tag. Other format values may be
defined in the future.
</p>
+ <p>
+ The <code>encryption</code> tag supports an optional <code>engine</code>
+ tag, which allows selecting which component actually handles
+ the encryption. Currently defined values of <code>engine</code> are
+ <code>qemu</code>.
+ </p>
<p>
The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes <code>type</code>
<value>luks</value>
</choice>
</attribute>
+ <optional>
+ <attribute name="engine">
+ <choice>
+ <value>qemu</value>
+ </choice>
+ </attribute>
+ </optional>
<interleave>
<ref name="secret"/>
<optional>
<value>luks</value>
</choice>
</attribute>
+ <optional>
+ <attribute name="engine">
+ <choice>
+ <value>qemu</value>
+ </choice>
+ </attribute>
+ </optional>
<interleave>
<ref name="secret"/>
<optional>
"default", "qcow", "luks",
);
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+ "default", "qemu",
+);
+
static void
virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
{
ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets);
ret->nsecrets = src->nsecrets;
ret->format = src->format;
+ ret->engine = src->engine;
for (i = 0; i < src->nsecrets; i++) {
if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
goto cleanup;
}
+ if (virXMLPropEnum(node, "engine",
+ virStorageEncryptionEngineTypeFromString,
+ VIR_XML_PROP_NONZERO,
+ &encdef->engine) < 0)
+ goto cleanup;
+
if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
goto cleanup;
virStorageEncryptionFormat(virBuffer *buf,
virStorageEncryption *enc)
{
+ const char *engine;
const char *format;
size_t i;
"%s", _("unexpected encryption format"));
return -1;
}
- virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+ if (enc->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+ virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+ } else {
+ if (!(engine = virStorageEncryptionEngineTypeToString(enc->engine))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption engine"));
+ return -1;
+ }
+ virBufferAsprintf(buf, "<encryption format='%s' engine='%s'>\n",
+ format, engine);
+ }
+
virBufferAdjustIndent(buf, 2);
for (i = 0; i < enc->nsecrets; i++) {
char *ivgen_hash;
};
+typedef enum {
+ VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT = 0,
+ VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngine;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
typedef enum {
/* "default" is only valid for volume creation */
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
typedef struct _virStorageEncryption virStorageEncryption;
struct _virStorageEncryption {
+ virStorageEncryptionEngine engine;
int format; /* virStorageEncryptionFormatType */
int payload_offset;
*encprops = NULL;
if (!src->encryption ||
+ src->encryption->engine != VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
!srcpriv ||
!srcpriv->encinfo)
return 0;
* put a raw layer on top */
case VIR_STORAGE_FILE_RAW:
if (src->encryption &&
+ src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL;
}
}
+ if (src->encryption) {
+ switch (src->encryption->engine) {
+ case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+ break;
+ case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
+ virReportEnumRangeError(virStorageEncryptionEngine,
+ src->encryption->engine);
+ return -1;
+ }
+ }
+
return 0;
}
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags)
{
+ virStorageSource *n;
+
/* set default disk types and drivers */
if (!virDomainDiskGetDriver(disk))
virDomainDiskSetDriver(disk, "qemu");
disk->mirror->format == VIR_STORAGE_FILE_NONE)
disk->mirror->format = VIR_STORAGE_FILE_RAW;
+ /* default disk encryption engine */
+ for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
+ if (n->encryption && n->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT)
+ n->encryption->engine = VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+ }
+
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0)
return -1;
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/b.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/c.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
<auth username='testuser-iscsi'>
<secret type='iscsi' usage='testuser-iscsi-secret'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
<driver name='qemu' type='qcow2' cache='none'/>
<source type='pci' managed='no' namespace='2'>
<address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'/>
<target dev='vdb' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/OtherDemo.img'/>
<target dev='vdb' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
</encryption>
<alias name='ua-myEncryptedDisk1'/>
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
<disk type='volume' device='disk'>
<driver name='qemu' type='qcow2'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk5'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<backingStore type='file'>
<format type='qcow2'/>
<source file='/storage/guest_disks/base.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
projects / thirdparty / libvirt.git / commitdiff
