[PATCH v3 4/5] conf: add encryption engine property

Or Ozeri posted 5 patches 1 month, 3 weeks ago

[PATCH v3 4/5] conf: add encryption engine property

Posted by Or Ozeri 1 month, 3 weeks ago
This commit extends libvirt XML configuration to support a custom encryption engine.
This means that <encryption format="luks" engine="qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |   6 +
 docs/schemas/domainbackup.rng                 |   7 +
 docs/schemas/storagecommon.rng                |   7 +
 src/conf/storage_encryption_conf.c            |  31 +++-
 src/conf/storage_encryption_conf.h            |   9 +
 src/qemu/qemu_block.c                         |   2 +
 src/qemu/qemu_domain.c                        |   8 +
 tests/qemustatusxml2xmldata/upgrade-out.xml   |   6 +-
 tests/qemuxml2xmloutdata/disk-nvme.xml        |  65 ++++++-
 .../disk-slices.x86_64-latest.xml             |   4 +-
 .../encrypted-disk-usage.xml                  |  38 ++++-
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |   2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml |  14 +-
 .../qemuxml2xmloutdata/luks-disks-source.xml  |  10 +-
 tests/qemuxml2xmloutdata/luks-disks.xml       |  47 +++++-
 tests/qemuxml2xmloutdata/user-aliases.xml     | 159 +++++++++++++++++-
 16 files changed, 392 insertions(+), 23 deletions(-)
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/disk-nvme.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/luks-disks.xml
 mode change 120000 => 100644 tests/qemuxml2xmloutdata/user-aliases.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index b2631ab25d..5783381a4a 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</code>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type</code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name="engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name="secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7d1d066289..b34577c582 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -16,6 +16,13 @@
           <value>luks2</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name="engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name="secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encryption_conf.c
index 2df4ec96af..e8da02b605 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks", "luks2",
 );
 
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *src)
     ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets = src->nsecrets;
     ret->format = src->format;
+    ret->engine = src->engine;
 
     for (i = 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
     xmlNodePtr *nodes = NULL;
     virStorageEncryption *encdef = NULL;
     virStorageEncryption *ret = NULL;
+    g_autofree char *engine_str = NULL;
     g_autofree char *format_str = NULL;
     int n;
     size_t i;
@@ -239,6 +246,16 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
 
+    if ((engine_str = virXPathString("string(./@engine)", ctxt))) {
+        if ((encdef->engine =
+             virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("unknown volume encryption engine type %s"),
+                           engine_str);
+            goto cleanup;
+        }
+    }
+
     if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
 
@@ -327,6 +344,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
 
@@ -335,7 +353,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+    if (enc->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+    } else {
+        if (!(engine = virStorageEncryptionEngineTypeToString(enc->engine))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format='%s' engine='%s'>\n",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
 
     for (i = 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encryption_conf.h
index 32e3a1243a..c722f832f5 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
 
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT = 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngineType;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
@@ -64,6 +72,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
 
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    int engine; /* virStorageEncryptionEngineType */
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
 
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 31b6b3566b..a43831ce18 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
     *encprops = NULL;
 
     if (!src->encryption ||
+        src->encryption->engine != VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo)
         return 0;
@@ -1449,6 +1450,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
             src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index cd65e8b365..21099d7635 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5264,6 +5264,8 @@ int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5278,6 +5280,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
         disk->mirror->format == VIR_STORAGE_FILE_NONE)
         disk->mirror->format = VIR_STORAGE_FILE_RAW;
 
+    /* default disk encryption engine */
+    for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
+        if (n->encryption && n->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT)
+            n->encryption->engine = VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0)
         return -1;
 
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatusxml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type='file' device='disk'>
         <driver name='qemu' type='qcow2'/>
         <source file='/var/lib/libvirt/images/b.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type='file' device='disk'>
         <driver name='qemu' type='qcow2'/>
         <source file='/var/lib/libvirt/images/c.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username='testuser-iscsi'>
             <secret type='iscsi' usage='testuser-iscsi-secret'/>
           </auth>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
deleted file mode 120000
index ea9eb267ac..0000000000
--- a/tests/qemuxml2xmloutdata/disk-nvme.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/disk-nvme.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
new file mode 100644
index 0000000000..9a5fafce7d
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-nvme.xml
@@ -0,0 +1,64 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='yes' namespace='1'>
+        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='yes' namespace='2'>
+        <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vdb' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source type='pci' managed='no' namespace='1'>
+        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+      </source>
+      <target dev='vdc' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </disk>
+    <disk type='nvme' device='disk'>
+      <driver name='qemu' type='qcow2' cache='none'/>
+      <source type='pci' managed='no' namespace='2'>
+        <address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/>
+        <encryption format='luks' engine='qemu'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev='vdd' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='scsi' index='0' model='virtio-scsi'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </controller>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type='storage' offset='1234' size='321'/>
         </slices>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type='storage' offset='1234' size='321'/>
         </slices>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
deleted file mode 120000
index a1a4f841e9..0000000000
--- a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/encrypted-disk-usage.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
new file mode 100644
index 0000000000..d2b87b94b6
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
@@ -0,0 +1,37 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/storage/guest_disks/encryptdisk'/>
+      <target dev='vda' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xmloutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'/>
       <target dev='vda' bus='virtio'/>
-      <encryption format='luks'>
+      <encryption format='luks' engine='qemu'>
         <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
       </encryption>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk2'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username='myname'>
           <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
         </auth>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type='volume' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name='mon1.example.org' port='6321'/>
         <host name='mon2.example.org' port='6322'/>
         <host name='mon3.example.org' port='6322'/>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk5'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
       <backingStore type='file'>
         <format type='qcow2'/>
         <source file='/storage/guest_disks/base.qcow2'>
-          <encryption format='luks'>
+          <encryption format='luks' engine='qemu'>
             <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='raw'/>
       <source file='/storage/guest_disks/encryptdisk'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type='file' device='disk'>
       <driver name='qemu' type='raw'/>
       <source file='/storage/guest_disks/encryptdisk2'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username='myname'>
           <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
         </auth>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type='volume' device='disk'>
       <driver name='qemu' type='raw'/>
       <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name='mon1.example.org' port='6321'/>
         <host name='mon2.example.org' port='6322'/>
         <host name='mon3.example.org' port='6322'/>
-        <encryption format='luks'>
+        <encryption format='luks' engine='qemu'>
           <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
deleted file mode 120000
index d65e470c32..0000000000
--- a/tests/qemuxml2xmloutdata/luks-disks.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/luks-disks.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
new file mode 100644
index 0000000000..1c76f0dc26
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/luks-disks.xml
@@ -0,0 +1,46 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk'/>
+      <target dev='vda' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk2'/>
+      <target dev='vdb' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <audio id='1' type='none'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
deleted file mode 120000
index b5a27f08cd..0000000000
--- a/tests/qemuxml2xmloutdata/user-aliases.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/user-aliases.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
new file mode 100644
index 0000000000..10b7749521
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/user-aliases.xml
@@ -0,0 +1,158 @@
+<domain type='kvm'>
+  <name>gentoo</name>
+  <uuid>a75aca4b-a02f-2bcb-4a91-c93cd848c34b</uuid>
+  <memory unit='KiB'>4194304</memory>
+  <currentMemory unit='KiB'>4194304</currentMemory>
+  <memoryBacking>
+    <hugepages>
+      <page size='1048576' unit='KiB' nodeset='0-3'/>
+    </hugepages>
+  </memoryBacking>
+  <vcpu placement='static'>4</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-1.4'>hvm</type>
+    <boot dev='hd'/>
+    <boot dev='cdrom'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <cpu>
+    <numa>
+      <cell id='0' cpus='0' memory='1048576' unit='KiB'/>
+      <cell id='1' cpus='1' memory='1048576' unit='KiB'/>
+      <cell id='2' cpus='2' memory='1048576' unit='KiB'/>
+      <cell id='3' cpus='3' memory='1048576' unit='KiB'/>
+    </numa>
+  </cpu>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='yes'/>
+    <suspend-to-disk enabled='yes'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='floppy'>
+      <driver name='qemu' type='raw' cache='none'/>
+      <source file='/var/lib/libvirt/images/fd.img'/>
+      <target dev='fda' bus='fdc'/>
+      <alias name='ua-myDisk1'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/gentoo.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+      <alias name='ua-myDisk2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/OtherDemo.img'/>
+      <target dev='vdb' bus='virtio'/>
+      <encryption format='luks' engine='qemu'>
+        <secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+      </encryption>
+      <alias name='ua-myEncryptedDisk1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw' cache='none'/>
+      <source file='/home/zippy/tmp/install-amd64-minimal-20140619.iso'/>
+      <target dev='hdc' bus='ide'/>
+      <readonly/>
+      <shareable/>
+      <alias name='ua-WhatAnAwesomeCDROM'/>
+      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <alias name='ua-SomeWeirdController'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'>
+      <alias name='ua-MyPCIRootController'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <alias name='ua-DoesAnybodyStillUseIDE'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </controller>
+    <controller type='fdc' index='0'/>
+    <controller type='ccid' index='0'>
+      <alias name='ua-myCCID'/>
+      <address type='usb' bus='0' port='1'/>
+    </controller>
+    <controller type='ccid' index='1'>
+      <alias name='ua-myCCID2'/>
+      <address type='usb' bus='0' port='2'/>
+    </controller>
+    <interface type='ethernet'>
+      <mac address='52:54:00:d6:c0:0b'/>
+      <model type='virtio'/>
+      <alias name='ua-CheckoutThisNIC'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <interface type='server'>
+      <mac address='52:54:00:22:c9:42'/>
+      <source address='127.0.0.1' port='1234'/>
+      <bandwidth>
+        <inbound average='1234'/>
+        <outbound average='5678'/>
+      </bandwidth>
+      <model type='rtl8139'/>
+      <alias name='ua-WeCanAlsoDoServerMode'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </interface>
+    <interface type='client'>
+      <mac address='52:54:00:8c:b1:f8'/>
+      <source address='127.0.0.1' port='1234'/>
+      <model type='rtl8139'/>
+      <alias name='ua-AndAlsoClientMode'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </interface>
+    <smartcard mode='host'>
+      <address type='ccid' controller='0' slot='0'/>
+    </smartcard>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <serial type='pty'>
+      <target type='isa-serial' port='1'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/gentoo.org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes'>
+      <listen type='address'/>
+    </graphics>
+    <sound model='ich6'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </sound>
+    <audio id='1' type='none'/>
+    <video>
+      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
-- 
2.25.1

Re: [PATCH v3 4/5] conf: add encryption engine property

Posted by Peter Krempa 1 month, 2 weeks ago
On Wed, Oct 06, 2021 at 05:18:45 -0500, Or Ozeri wrote:
> This commit extends libvirt XML configuration to support a custom encryption engine.
> This means that <encryption format="luks" engine="qemu">  becomes valid.
> The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
> If no engine is specified, qemu will be used (assuming qemu driver is used).
> 
> Signed-off-by: Or Ozeri <oro@il.ibm.com>
> ---


[...]

Same note as with previous patch. this will need code in qemu_validate.c
rejecting non-qemu backend for stuff which doesn't support it.

Use a switch statement, with a correct type so that the complier forces
any new additions to the enum to be included in the validation code.

Re: [PATCH v3 4/5] conf: add encryption engine property

Posted by Peter Krempa 1 month, 2 weeks ago
On Wed, Oct 06, 2021 at 05:18:45 -0500, Or Ozeri wrote:
> This commit extends libvirt XML configuration to support a custom encryption engine.
> This means that <encryption format="luks" engine="qemu">  becomes valid.
> The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
> If no engine is specified, qemu will be used (assuming qemu driver is used).
> 
> Signed-off-by: Or Ozeri <oro@il.ibm.com>
> ---
>  docs/formatstorageencryption.html.in          |   6 +
>  docs/schemas/domainbackup.rng                 |   7 +
>  docs/schemas/storagecommon.rng                |   7 +
>  src/conf/storage_encryption_conf.c            |  31 +++-
>  src/conf/storage_encryption_conf.h            |   9 +
>  src/qemu/qemu_block.c                         |   2 +
>  src/qemu/qemu_domain.c                        |   8 +
>  tests/qemustatusxml2xmldata/upgrade-out.xml   |   6 +-
>  tests/qemuxml2xmloutdata/disk-nvme.xml        |  65 ++++++-
>  .../disk-slices.x86_64-latest.xml             |   4 +-
>  .../encrypted-disk-usage.xml                  |  38 ++++-
>  tests/qemuxml2xmloutdata/encrypted-disk.xml   |   2 +-
>  .../luks-disks-source-qcow2.x86_64-latest.xml |  14 +-
>  .../qemuxml2xmloutdata/luks-disks-source.xml  |  10 +-
>  tests/qemuxml2xmloutdata/luks-disks.xml       |  47 +++++-
>  tests/qemuxml2xmloutdata/user-aliases.xml     | 159 +++++++++++++++++-
>  16 files changed, 392 insertions(+), 23 deletions(-)
>  mode change 120000 => 100644 tests/qemuxml2xmloutdata/disk-nvme.xml
>  mode change 120000 => 100644 tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
>  mode change 120000 => 100644 tests/qemuxml2xmloutdata/luks-disks.xml
>  mode change 120000 => 100644 tests/qemuxml2xmloutdata/user-aliases.xml

[...]

> diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encryption_conf.c
> index 2df4ec96af..e8da02b605 100644
> --- a/src/conf/storage_encryption_conf.c
> +++ b/src/conf/storage_encryption_conf.c
> @@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
>                "default", "qcow", "luks", "luks2",
>  );
>  
> +VIR_ENUM_IMPL(virStorageEncryptionEngine,
> +              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
> +              "default", "qemu",
> +);
> +
>  static void
>  virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
>  {
> @@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *src)
>      ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets);
>      ret->nsecrets = src->nsecrets;
>      ret->format = src->format;
> +    ret->engine = src->engine;
>  
>      for (i = 0; i < src->nsecrets; i++) {
>          if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
> @@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
>      xmlNodePtr *nodes = NULL;
>      virStorageEncryption *encdef = NULL;
>      virStorageEncryption *ret = NULL;
> +    g_autofree char *engine_str = NULL;
>      g_autofree char *format_str = NULL;
>      int n;
>      size_t i;
> @@ -239,6 +246,16 @@ virStorageEncryptionParseNode(xmlNodePtr node,
>          goto cleanup;
>      }
>  
> +    if ((engine_str = virXPathString("string(./@engine)", ctxt))) {
> +        if ((encdef->engine =
> +             virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {

'default' must not be an allowed value, thus <=

> +            virReportError(VIR_ERR_XML_ERROR,
> +                           _("unknown volume encryption engine type %s"),
> +                           engine_str);
> +            goto cleanup;
> +        }
> +    }

But you can replace all of above and parse this as:

    if (virXMLPropEnum(node, "engine",
                       virStorageEncryptionEngineTypeFromString,
                       VIR_XML_PROP_NONZERO,
                       &encdef->engine) < 0)
      goto cleanup;

This does the proper type check and everything internally and doesn't
require temp variables. Additionally it allows you to declare 'engine'
as the correct enum type [1].


> +
>      if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
>          goto cleanup;
>  

[...]

> diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encryption_conf.h
> index 32e3a1243a..c722f832f5 100644
> --- a/src/conf/storage_encryption_conf.h
> +++ b/src/conf/storage_encryption_conf.h

[...]

> @@ -64,6 +72,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
>  
>  typedef struct _virStorageEncryption virStorageEncryption;
>  struct _virStorageEncryption {
> +    int engine; /* virStorageEncryptionEngineType */

[1]

Declare this as:

    virStorageEncryptionEngine engine;

rather than using integer.

>      int format; /* virStorageEncryptionFormatType */
>      int payload_offset;
>

[...]

> diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
> deleted file mode 120000
> index ea9eb267ac..0000000000
> --- a/tests/qemuxml2xmloutdata/disk-nvme.xml
> +++ /dev/null
> @@ -1 +0,0 @@
> -../qemuxml2argvdata/disk-nvme.xml

Files that were originally symlinks ...

> \ No newline at end of file
> diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutdata/disk-nvme.xml
> new file mode 100644
> index 0000000000..9a5fafce7d
> --- /dev/null
> +++ b/tests/qemuxml2xmloutdata/disk-nvme.xml

... must not be expanded to full files. That is a drawback of using sed
-i to do the conversion.

> @@ -0,0 +1,64 @@
> +<domain type='qemu'>
> +  <name>QEMUGuest1</name>
> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> index be5cd25084..a058cbad61 100644

[..]

> diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
> deleted file mode 120000
> index a1a4f841e9..0000000000
> --- a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
> +++ /dev/null
> @@ -1 +0,0 @@
> -../qemuxml2argvdata/encrypted-disk-usage.xml

symlink ...

> \ No newline at end of file
> diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
> new file mode 100644
> index 0000000000..d2b87b94b6
> --- /dev/null
> +++ b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
> @@ -0,0 +1,37 @@
> +<domain type='qemu'>
> +  <name>encryptdisk</name>

[...]

> diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
> deleted file mode 120000
> index d65e470c32..0000000000
> --- a/tests/qemuxml2xmloutdata/luks-disks.xml
> +++ /dev/null
> @@ -1 +0,0 @@
> -../qemuxml2argvdata/luks-disks.xml
> \ No newline at end of file

symlink

> diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmloutdata/luks-disks.xml
> new file mode 100644
> index 0000000000..1c76f0dc26
> --- /dev/null
> +++ b/tests/qemuxml2xmloutdata/luks-disks.xml
> @@ -0,0 +1,46 @@
> +<domain type='qemu'>
> +  <name>encryptdisk</name>
> +  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>

[...]

> diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
> deleted file mode 120000
> index b5a27f08cd..0000000000
> --- a/tests/qemuxml2xmloutdata/user-aliases.xml
> +++ /dev/null
> @@ -1 +0,0 @@
> -../qemuxml2argvdata/user-aliases.xml

symlink

> \ No newline at end of file
> diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmloutdata/user-aliases.xml
> new file mode 100644
> index 0000000000..10b7749521
> --- /dev/null
> +++ b/tests/qemuxml2xmloutdata/user-aliases.xml
> @@ -0,0 +1,158 @@
> +<domain type='kvm'>
> +  <name>gentoo</name>
> +  <uuid>a75aca4b-a02f-2bcb-4a91-c93cd848c34b</uuid>
> +  <memory unit='KiB'>4194304</memory>

RE: [PATCH v3 4/5] conf: add encryption engine property

Posted by Or Ozeri 1 month, 2 weeks ago

                
            

Re: [PATCH v3 4/5] conf: add encryption engine property

Posted by Peter Krempa 1 month, 2 weeks ago
On Thu, Oct 07, 2021 at 11:31:42 +0000, Or Ozeri wrote:
>    -----"Peter Krempa" <[1]pkrempa@redhat.com> wrote: -----
>    >> diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >b/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >> deleted file mode 120000
>    >> index ea9eb267ac..0000000000
>    >> --- a/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >> +++ /dev/null
>    >> @@ -1 +0,0 @@
>    >> -../qemuxml2argvdata/disk-nvme.xml
>    >
>    >Files that were originally symlinks ...
>    >
>    >> \ No newline at end of file
>    >> diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >b/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >> new file mode 100644
>    >> index 0000000000..9a5fafce7d
>    >> --- /dev/null
>    >> +++ b/tests/qemuxml2xmloutdata/disk-nvme.xml
>    >
>    >... must not be expanded to full files. That is a drawback of using
>    >sed
>    >-i to do the conversion.
>    Should I create a new file
>    e.g. tests/qemuxml2xmloutdata/disk-nvme-content.xml
>    and point the disk-nvme.xml symlink to it?

No just keep symlinks as symlinks. You are not changing anything that
would warant a change to full output file. Namely if the output file is
a symlink to the input file, then the change to the input file should be
sufficient as the output file is the same one.

RE: [PATCH v3 4/5] conf: add encryption engine property

Posted by Or Ozeri 1 month, 2 weeks ago

                
            

Re: [PATCH v3 4/5] conf: add encryption engine property

Posted by Peter Krempa 1 month, 2 weeks ago
On Thu, Oct 07, 2021 at 12:41:52 +0000, Or Ozeri wrote:
>    But that means changing the input file from using the default engine, to
>    using "qemu" explicitly.
>    I was thinking that keeping the input xml unchanged gets a stronger test,
>    since it also checks that default uses qemu.

I think there's plenty of those. You are also adding one yourself in the
last patch.

>    Also since most users will still not use the new engine property, so
>    keeping the input xml unchanged also tests the more common workload.

That's happening in some of the other tests. There's no need to change
it everywhere.

For the two files which use symlinks just keep them as they are.