From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
216.205.24.124 as permitted sender) client-ip=216.205.24.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
with SMTPS id 1633636310848944.6453265967401;
Thu, 7 Oct 2021 12:51:50 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-163-QAU6fjf-Paav_6rWHOO9WQ-1; Thu, 07 Oct 2021 15:51:48 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
[10.5.11.23])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3A8225721D;
Thu, 7 Oct 2021 19:51:40 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id B57261E6E6D;
Thu, 7 Oct 2021 19:51:39 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 03FBE4EA38;
Thu, 7 Oct 2021 19:51:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
[10.11.54.4])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 197JS7lm031014 for ;
Thu, 7 Oct 2021 15:28:07 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 49F5B202696C; Thu, 7 Oct 2021 19:28:07 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B9682027EB4
for ; Thu, 7 Oct 2021 19:28:01 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[207.211.31.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A8F7C91B3E9
for ; Thu, 7 Oct 2021 19:21:33 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-461-oxOJ3gR9NjKBtKE8w2wN6Q-1; Thu, 07 Oct 2021 15:21:32 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
197J2fGA022834
for ; Thu, 7 Oct 2021 15:21:31 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bj6pxgavh-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 15:21:31 -0400
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197J2f2c022760
for ; Thu, 7 Oct 2021 15:21:30 -0400
Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com
[169.63.214.131])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bj6pxgav8-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 15:21:30 -0400
Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1])
by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIFYj016874;
Thu, 7 Oct 2021 19:21:30 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com
(b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
by ppma01dal.us.ibm.com with ESMTP id 3bef2fhc4y-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 19:21:29 +0000
Received: from b03ledav001.gho.boulder.ibm.com
(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 197JLRGZ36241764
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Thu, 7 Oct 2021 19:21:27 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id F25F66E059;
Thu, 7 Oct 2021 19:21:26 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 3B25E6E04E;
Thu, 7 Oct 2021 19:21:26 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
Thu, 7 Oct 2021 19:21:26 +0000 (GMT)
X-MC-Unique: QAU6fjf-Paav_6rWHOO9WQ-1
X-MC-Unique: oxOJ3gR9NjKBtKE8w2wN6Q-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v4 1/5] qemu: add disk post parse to qemublocktest
Date: Thu, 7 Oct 2021 14:21:17 -0500
Message-Id: <20211007192121.1052752-2-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: DMN0kPFacbRsk3dRLoOsHToBFct1BPp7
X-Proofpoint-ORIG-GUID: oPF3KJKVte0khFghdlL7rr-ES2fKDcEN
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
FMLib:17.0.607.475
definitions=2021-10-07_04,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
mlxscore=0 lowpriorityscore=0
malwarescore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0
impostorscore=0 mlxlogscore=999 clxscore=1015 bulkscore=0
priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633636312318100001
Content-Type: text/plain; charset="utf-8"
The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.
Specifically, this will be needed for tests that use luks encryption,
so that the default encryption engine (which is added in an upcoming commit)
will be overridden by qemu.
Signed-off-by: Or Ozeri
---
src/qemu/qemu_domain.c | 2 +-
src/qemu/qemu_domain.h | 3 +++
tests/qemublocktest.c | 29 ++++++++++++-----------------
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a755f8678e..288a40bca6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5259,7 +5259,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
}
=20
=20
-static int
+int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags)
{
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 64f92988b7..0642e44fbc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -872,6 +872,9 @@ int qemuDomainSecretPrepare(virQEMUDriver *driver,
int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+ unsigned int parseFlags);
+
int qemuDomainPrepareChannel(virDomainChrDef *chr,
const char *domainChannelTargetDir)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 3e61e923a9..0176fbd3f4 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -276,6 +276,9 @@ testQemuDiskXMLToProps(const void *opaque)
VIR_DOMAIN_DEF_PARSE_STATUS)))
return -1;
=20
+ if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+ return -1;
+
if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
return -1;
=20
@@ -470,32 +473,24 @@ testQemuImageCreateLoadDiskXML(const char *name,
virDomainXMLOption *xmlopt)
=20
{
- virDomainSnapshotDiskDef *diskdef =3D NULL;
- g_autoptr(xmlDoc) doc =3D NULL;
- g_autoptr(xmlXPathContext) ctxt =3D NULL;
- xmlNodePtr node;
+ virDomainDiskDef *disk =3D NULL;
g_autofree char *xmlpath =3D NULL;
- virStorageSource *ret =3D NULL;
+ g_autofree char *xmlstr =3D NULL;
=20
xmlpath =3D g_strdup_printf("%s%s.xml", testQemuImageCreatePath, name);
=20
- if (!(doc =3D virXMLParseFileCtxt(xmlpath, &ctxt)))
+ if (virTestLoadFile(xmlpath, &xmlstr) < 0)
return NULL;
=20
- if (!(node =3D virXPathNode("//disk", ctxt))) {
- VIR_TEST_VERBOSE("failed to find element\n");
+ /* qemu stores node names in the status XML portion */
+ if (!(disk =3D virDomainDiskDefParse(xmlstr, xmlopt,
+ VIR_DOMAIN_DEF_PARSE_STATUS)))
return NULL;
- }
=20
- diskdef =3D g_new0(virDomainSnapshotDiskDef, 1);
-
- if (virDomainSnapshotDiskDefParseXML(node, ctxt, diskdef,
- VIR_DOMAIN_DEF_PARSE_STATUS,
- xmlopt) =3D=3D 0)
- ret =3D g_steal_pointer(&diskdef->src);
+ if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+ return NULL;
=20
- virDomainSnapshotDiskDefFree(diskdef);
- return ret;
+ return disk->src;
}
=20
=20
--=20
2.25.1
From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1633639444087166.5181705692636;
Thu, 7 Oct 2021 13:44:04 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-450-Z3rU_q0-NcinqFKrBhcQ-g-1; Thu, 07 Oct 2021 16:43:54 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
[10.5.11.15])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E58D0E5185;
Thu, 7 Oct 2021 20:32:49 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 3E9E96D003;
Thu, 7 Oct 2021 20:32:49 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7B9274E590;
Thu, 7 Oct 2021 20:32:47 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
[10.11.54.4])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 197Jc2bN031962 for ;
Thu, 7 Oct 2021 15:38:02 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 1AF7920268FE; Thu, 7 Oct 2021 19:38:02 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 1212F2026D46
for ; Thu, 7 Oct 2021 19:38:02 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9505910BABA2
for ; Thu, 7 Oct 2021 19:21:35 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-29-skXftx-MNGOKMwCoVPSgdg-1; Thu, 07 Oct 2021 15:21:31 -0400
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
197Hb2AR023563
for ; Thu, 7 Oct 2021 15:21:30 -0400
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com
[169.62.189.11])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bhynjm6fp-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 15:21:30 -0400
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIMgn004717
for ; Thu, 7 Oct 2021 19:21:29 GMT
Received: from b03cxnp08027.gho.boulder.ibm.com
(b03cxnp08027.gho.boulder.ibm.com [9.17.130.19])
by ppma03dal.us.ibm.com with ESMTP id 3bef2e1ea1-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 19:21:29 +0000
Received: from b03ledav001.gho.boulder.ibm.com
(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 197JLSS919989180
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK) for ; Thu, 7 Oct 2021 19:21:28 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id E645A6E04E;
Thu, 7 Oct 2021 19:21:27 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 2F5C46E054;
Thu, 7 Oct 2021 19:21:27 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
Thu, 7 Oct 2021 19:21:27 +0000 (GMT)
X-MC-Unique: Z3rU_q0-NcinqFKrBhcQ-g-1
X-MC-Unique: skXftx-MNGOKMwCoVPSgdg-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v4 2/5] qemu: capablities: Detect presence of 'rbd-encryption'
as QEMU_CAPS_RBD_ENCRYPTION
Date: Thu, 7 Oct 2021 14:21:18 -0500
Message-Id: <20211007192121.1052752-3-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: TE7LglEQ6d7T9FKvnrzRIRIB2Yre0plV
X-Proofpoint-ORIG-GUID: TE7LglEQ6d7T9FKvnrzRIRIB2Yre0plV
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
FMLib:17.0.607.475
definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
priorityscore=1501
phishscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0
clxscore=1015
adultscore=0 impostorscore=0 mlxscore=0 bulkscore=0 mlxlogscore=592
malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633639445529100001
Content-Type: text/plain; charset="utf-8"
rbd encryption is new in qemu 6.1.0.
This commit adds capability probing for it.
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
3 files changed, 4 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 82687dbf39..ea0734db15 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -644,6 +644,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
"virtio-mem-pci", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI */
"memory-backend-file.reserve", /* QEMU_CAPS_MEMORY_BACKEND_R=
ESERVE */
"piix4.acpi-root-pci-hotplug", /* QEMU_CAPS_PIIX4_ACPI_ROOT_=
PCI_HOTPLUG */
+ "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
);
=20
=20
@@ -1565,6 +1566,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc=
hemaQueries[] =3D {
{ "blockdev-add/arg-type/+file/$dynamic-auto-read-only", QEMU_CAPS_BLO=
CK_FILE_AUTO_READONLY_DYNAMIC },
{ "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME },
{ "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING =
},
+ { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION },
{ "blockdev-add/arg-type/discard", QEMU_CAPS_DRIVE_DISCARD },
{ "blockdev-add/arg-type/detect-zeroes", QEMU_CAPS_DRIVE_DETECT_ZEROES=
},
{ "blockdev-backup", QEMU_CAPS_BLOCKDEV_BACKUP },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 2bbfc15dc4..674da98539 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -624,6 +624,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI, /* -device virtio-mem-pci */
QEMU_CAPS_MEMORY_BACKEND_RESERVE, /* -object memory-backend-*.reserve=
=3D */
QEMU_CAPS_PIIX4_ACPI_ROOT_PCI_HOTPLUG, /* -M pc PIIX4_PM.acpi-root-pci=
-hotplug */
+ QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
=20
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index 87b37a2b7c..8180cfd6c2 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -243,6 +243,7 @@
+
6001000
0
43100243
--=20
2.25.1
From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1633637043911596.0883249221656;
Thu, 7 Oct 2021 13:04:03 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-300-Dbdx6e6vPwGLgtCDD6gCxQ-1; Thu, 07 Oct 2021 16:04:00 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
[10.5.11.22])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A3E5CA71C6;
Thu, 7 Oct 2021 20:02:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 4BAAE10372C2;
Thu, 7 Oct 2021 20:02:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id E2E804EA39;
Thu, 7 Oct 2021 20:02:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
[10.11.54.6])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 197JLaaT030649 for ;
Thu, 7 Oct 2021 15:21:36 -0400
Received: by smtp.corp.redhat.com (Postfix)
id BA6092166B26; Thu, 7 Oct 2021 19:21:36 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id B4BC12166B2F
for ; Thu, 7 Oct 2021 19:21:36 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
[205.139.110.61])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9606F80A0B6
for ; Thu, 7 Oct 2021 19:21:36 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-482-CGIQK4H7NMWub0laZ9Sbbw-1; Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
197HX2bZ014738
for ; Thu, 7 Oct 2021 15:21:33 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bj4gm3srm-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 15:21:33 -0400
Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197Isb0M025851
for ; Thu, 7 Oct 2021 15:21:32 -0400
Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com
[169.55.91.170])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bj4gm3sr9-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 15:21:32 -0400
Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JHN3c020349;
Thu, 7 Oct 2021 19:21:32 GMT
Received: from b03cxnp08028.gho.boulder.ibm.com
(b03cxnp08028.gho.boulder.ibm.com [9.17.130.20])
by ppma02wdc.us.ibm.com with ESMTP id 3bef2cne1b-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 19:21:32 +0000
Received: from b03ledav001.gho.boulder.ibm.com
(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 197JLT8Y39780792
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Thu, 7 Oct 2021 19:21:29 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id EB2026E050;
Thu, 7 Oct 2021 19:21:28 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 2535F6E04E;
Thu, 7 Oct 2021 19:21:28 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
Thu, 7 Oct 2021 19:21:28 +0000 (GMT)
X-MC-Unique: Dbdx6e6vPwGLgtCDD6gCxQ-1
X-MC-Unique: CGIQK4H7NMWub0laZ9Sbbw-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v4 3/5] conf: add encryption engine property
Date: Thu, 7 Oct 2021 14:21:19 -0500
Message-Id: <20211007192121.1052752-4-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: RPzjvGDQ4w30MH3kpuey1WXIkzZWmytl
X-Proofpoint-ORIG-GUID: E3xo07wfmpCBIhO284pa3jCObLd2zCZk
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
FMLib:17.0.607.475
definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
clxscore=1015 mlxscore=0
spamscore=0 mlxlogscore=999 lowpriorityscore=0 impostorscore=0
malwarescore=0 bulkscore=0 suspectscore=0 phishscore=0
priorityscore=1501
adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637046089100001
Content-Type: text/plain; charset="utf-8"
This commit extends libvirt XML configuration to support a custom encryptio=
n engine.
This means that becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be add=
ed in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
docs/formatstorageencryption.html.in | 6 +++++
docs/schemas/domainbackup.rng | 7 +++++
docs/schemas/storagecommon.rng | 7 +++++
src/conf/storage_encryption_conf.c | 27 ++++++++++++++++++-
src/conf/storage_encryption_conf.h | 9 +++++++
src/qemu/qemu_block.c | 2 ++
src/qemu/qemu_domain.c | 20 ++++++++++++++
tests/qemustatusxml2xmldata/upgrade-out.xml | 6 ++---
tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
.../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
tests/qemuxml2argvdata/luks-disks.xml | 4 +--
tests/qemuxml2argvdata/user-aliases.xml | 2 +-
.../disk-slices.x86_64-latest.xml | 4 +--
tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
.../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
.../qemuxml2xmloutdata/luks-disks-source.xml | 10 +++----
16 files changed, 100 insertions(+), 24 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 7215c307d7..178fcd0d7c 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
content of the encryption
tag. Other format values may=
be
defined in the future.
+
+ The encryption
tag supports an optional engine
+ tag, which allows selecting which component actually handles
+ the encryption. Currently defined values of engine
are
+ qemu
.
+
The encryption
tag can currently contain a sequence of
secret
tags, each with mandatory attributes type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
luks
+
+
+
+ qemu
+
+
+
[
]
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..60dcfac06c 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -15,6 +15,13 @@
luks
+
+
+
+ qemu
+
+
+
[
]
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..59178b41ef 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
"default", "qcow", "luks",
);
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+ "default", "qemu",
+);
+
static void
virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
{
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
ret->nsecrets =3D src->nsecrets;
ret->format =3D src->format;
+ ret->engine =3D src->engine;
=20
for (i =3D 0; i < src->nsecrets; i++) {
if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
xmlNodePtr *nodes =3D NULL;
virStorageEncryption *encdef =3D NULL;
virStorageEncryption *ret =3D NULL;
+ g_autofree char *engine_str =3D NULL;
g_autofree char *format_str =3D NULL;
int n;
size_t i;
@@ -239,6 +246,12 @@ virStorageEncryptionParseNode(xmlNodePtr node,
goto cleanup;
}
=20
+ if (virXMLPropEnum(node, "engine",
+ virStorageEncryptionEngineTypeFromString,
+ VIR_XML_PROP_NONZERO,
+ &encdef->engine) < 0)
+ goto cleanup;
+
if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
goto cleanup;
=20
@@ -327,6 +340,7 @@ int
virStorageEncryptionFormat(virBuffer *buf,
virStorageEncryption *enc)
{
+ const char *engine;
const char *format;
size_t i;
=20
@@ -335,7 +349,18 @@ virStorageEncryptionFormat(virBuffer *buf,
"%s", _("unexpected encryption format"));
return -1;
}
- virBufferAsprintf(buf, "\n", format);
+ if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+ virBufferAsprintf(buf, "\n", format);
+ } else {
+ if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption engine"));
+ return -1;
+ }
+ virBufferAsprintf(buf, "\n=
",
+ format, engine);
+ }
+
virBufferAdjustIndent(buf, 2);
=20
for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..e0ac0fe4bf 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
char *ivgen_hash;
};
=20
+typedef enum {
+ VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+ VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngine;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
typedef enum {
/* "default" is only valid for volume creation */
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -63,6 +71,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
typedef struct _virStorageEncryption virStorageEncryption;
struct _virStorageEncryption {
+ virStorageEncryptionEngine engine;
int format; /* virStorageEncryptionFormatType */
int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 393d3f44d7..18c5852d2e 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
*src,
*encprops =3D NULL;
=20
if (!src->encryption ||
+ src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
!srcpriv ||
!srcpriv->encinfo)
return 0;
@@ -1448,6 +1449,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
* put a raw layer on top */
case VIR_STORAGE_FILE_RAW:
if (src->encryption &&
+ src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 288a40bca6..354f65c6d5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4811,6 +4811,18 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
}
}
=20
+ if (src->encryption) {
+ switch (src->encryption->engine) {
+ case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+ break;
+ case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
+ virReportEnumRangeError(virStorageEncryptionEngine,
+ src->encryption->engine);
+ return -1;
+ }
+ }
+
return 0;
}
=20
@@ -5263,6 +5275,8 @@ int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags)
{
+ virStorageSource *n;
+
/* set default disk types and drivers */
if (!virDomainDiskGetDriver(disk))
virDomainDiskSetDriver(disk, "qemu");
@@ -5277,6 +5291,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+ /* default disk encryption engine */
+ for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+ if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+ n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+ }
+
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) =
< 0)
return -1;
=20
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
-
+
@@ -333,7 +333,7 @@
-
+
@@ -354,7 +354,7 @@
-
+
diff --git a/tests/qemuxml2argvdata/disk-nvme.xml b/tests/qemuxml2argvdata/=
disk-nvme.xml
index 1ccbbfd598..9a5fafce7d 100644
--- a/tests/qemuxml2argvdata/disk-nvme.xml
+++ b/tests/qemuxml2argvdata/disk-nvme.xml
@@ -42,7 +42,7 @@
-
+
diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm=
l2argvdata/encrypted-disk-usage.xml
index 7c2da9ee83..d2b87b94b6 100644
--- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml
+++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml
@@ -18,7 +18,7 @@
-
+
diff --git a/tests/qemuxml2argvdata/luks-disks.xml b/tests/qemuxml2argvdata=
/luks-disks.xml
index ae6d3d996c..1c76f0dc26 100644
--- a/tests/qemuxml2argvdata/luks-disks.xml
+++ b/tests/qemuxml2argvdata/luks-disks.xml
@@ -18,7 +18,7 @@
-
+
@@ -27,7 +27,7 @@
-
+
diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvda=
ta/user-aliases.xml
index 47bfc56e73..10b7749521 100644
--- a/tests/qemuxml2argvdata/user-aliases.xml
+++ b/tests/qemuxml2argvdata/user-aliases.xml
@@ -55,7 +55,7 @@
-
+
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests=
/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
-
+
@@ -75,7 +75,7 @@
-
+
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm=
loutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
-
+
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest=
.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
-
+
@@ -30,7 +30,7 @@
-
+
@@ -44,7 +44,7 @@
-
+
@@ -54,7 +54,7 @@
-
+
@@ -67,7 +67,7 @@
-
+
@@ -77,14 +77,14 @@
-
+
-
+
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml=
2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
-
+
@@ -27,7 +27,7 @@
-
+
@@ -41,7 +41,7 @@
-
+
@@ -51,7 +51,7 @@
-
+
@@ -64,7 +64,7 @@
-
+
--=20
2.25.1
From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1633637064847657.7094329780865;
Thu, 7 Oct 2021 13:04:24 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-302-pbIzhy6XOW6_n7unnW_oVg-1; Thu, 07 Oct 2021 16:04:22 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4F1701009447;
Thu, 7 Oct 2021 20:03:11 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 460A3A7BB;
Thu, 7 Oct 2021 20:03:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id B97F1180598A;
Thu, 7 Oct 2021 20:02:49 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
[10.11.54.6])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 197JLcsd030659 for ;
Thu, 7 Oct 2021 15:21:38 -0400
Received: by smtp.corp.redhat.com (Postfix)
id DDE682166B26; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
by smtp.corp.redhat.com (Postfix) with ESMTPS id D88672166B2F
for ; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
[205.139.110.61])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BA73A189FE99
for ; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-326-qPdJ3tcSN2y9a7eWzZQrAA-1; Thu, 07 Oct 2021 15:21:35 -0400
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
197IVfF1023054
for ; Thu, 7 Oct 2021 15:21:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bj68js0u7-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 15:21:34 -0400
Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197IWWVl030749
for ; Thu, 7 Oct 2021 15:21:34 -0400
Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com
[169.62.189.10])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bj68js0u2-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1])
by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIlPE004714;
Thu, 7 Oct 2021 19:21:33 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
by ppma02dal.us.ibm.com with ESMTP id 3bef2e1du5-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 19:21:33 +0000
Received: from b03ledav001.gho.boulder.ibm.com
(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 197JLU2M35389778
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Thu, 7 Oct 2021 19:21:30 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id E35886E05D;
Thu, 7 Oct 2021 19:21:29 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 345E36E059;
Thu, 7 Oct 2021 19:21:29 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
Thu, 7 Oct 2021 19:21:29 +0000 (GMT)
X-MC-Unique: pbIzhy6XOW6_n7unnW_oVg-1
X-MC-Unique: qPdJ3tcSN2y9a7eWzZQrAA-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v4 4/5] qemu: add librbd encryption engine
Date: Thu, 7 Oct 2021 14:21:20 -0500
Message-Id: <20211007192121.1052752-5-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: N6Cl0pCjqiOUkNk1ptH5fRdL8tOZaX-w
X-Proofpoint-GUID: wdSrt66HspncpWQUmDP83TyiJkcZUUHf
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
FMLib:17.0.607.475
definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
mlxscore=0 bulkscore=0
suspectscore=0 clxscore=1015 lowpriorityscore=0 spamscore=0
malwarescore=0
priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0
mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637066594100001
Content-Type: text/plain; charset="utf-8"
rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
docs/formatstorageencryption.html.in | 7 +-
docs/schemas/storagecommon.rng | 1 +
src/conf/storage_encryption_conf.c | 2 +-
src/conf/storage_encryption_conf.h | 1 +
src/qemu/qemu_block.c | 26 +++++++
src/qemu/qemu_domain.c | 34 +++++++++
...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 +
...-network-rbd-encryption.x86_64-latest.args | 45 ++++++++++++
.../disk-network-rbd-encryption.xml | 63 +++++++++++++++++
tests/qemuxml2argvtest.c | 2 +
...k-network-rbd-encryption.x86_64-latest.xml | 70 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
12 files changed, 251 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-6.0.0.err
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x8=
6_64-latest.xml
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 178fcd0d7c..02ee8f8ca3 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,12 @@
The encryption
tag supports an optional engine
tag, which allows selecting which component actually handles
the encryption. Currently defined values of engine
are
- qemu
.
+ qemu
and librbd
.
+ Both qemu
and librbd
require using the qem=
u driver.
+ The librbd
engine requires qemu version >=3D 6.1.0,
+ and is only applicable for RBD network disks.
+ If the engine tag is not specified, the qemu
engine wil=
l be
+ used by default (assuming the qemu driver is used).
The encryption
tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 60dcfac06c..3ddff02e43 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -19,6 +19,7 @@
qemu
+ librbd
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 59178b41ef..3c1267ed40 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
VIR_ENUM_IMPL(virStorageEncryptionEngine,
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
- "default", "qemu",
+ "default", "qemu", "librbd",
);
=20
static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index e0ac0fe4bf..0931618608 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
typedef enum {
VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
} virStorageEncryptionEngine;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 18c5852d2e..5b1b5bea2e 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
g_autoptr(virJSONValue) servers =3D NULL;
virJSONValue *ret =3D NULL;
+ g_autoptr(virJSONValue) encrypt =3D NULL;
+ const char *encformat;
const char *username =3D NULL;
g_autoptr(virJSONValue) authmodes =3D NULL;
g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,36 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
return NULL;
}
=20
+ if (src->encryption &&
+ src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+ switch ((virStorageEncryptionFormatType) src->encryption->format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ encformat =3D "luks";
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormatType,
+ src->encryption->format);
+ return NULL;
+ }
+
+ if (virJSONValueObjectCreate(&encrypt,
+ "s:format", encformat,
+ "s:key-secret", srcPriv->encinfo->ali=
as,
+ NULL) < 0)
+ return NULL;
+ }
+
if (virJSONValueObjectCreate(&ret,
"s:pool", src->volume,
"s:image", src->path,
"S:snapshot", src->snapshot,
"S:conf", src->configFile,
"A:server", &servers,
+ "A:encrypt", &encrypt,
"S:user", username,
"A:auth-client-required", &authmodes,
"S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 354f65c6d5..13869dd79b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4814,6 +4814,40 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
if (src->encryption) {
switch (src->encryption->engine) {
case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+ switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+ src->encryption->format);
+ return -1;
+ }
+
+ break;
+ case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("librbd encryption is not supported b=
y this QEMU binary"));
+ return -1;
+ }
+
+ switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+ src->encryption->format);
+ return -1;
+ }
+
break;
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..69837a8003
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,45 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk1 \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk2 \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..d8c2d3dbe2
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,63 @@
+
+ encryptdisk
+ 496898a6-e6ff-f7c8-5dc2-3cf410945ee9
+ 1048576
+ 524288
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 94aaa2f53e..b14154fd0c 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1349,6 +1349,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("disk-network-gluster");
DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
DO_TEST_CAPS_LATEST("disk-network-rbd");
+ DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+ DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..d4942718bb
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,70 @@
+
+ encryptdisk
+ 496898a6-e6ff-f7c8-5dc2-3cf410945ee9
+ 1048576
+ 524288
+ 1
+
+ hvm
+
+
+
+ qemu64
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 69363ef85c..290ab1bed1 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
QEMU_CAPS_SCSI_BLOCK);
DO_TEST_NOCAPS("disk-network-gluster");
DO_TEST_NOCAPS("disk-network-rbd");
+ DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
DO_TEST_NOCAPS("disk-network-source-auth");
DO_TEST_NOCAPS("disk-network-sheepdog");
DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1
From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.129.124 as permitted sender) client-ip=170.10.129.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
with SMTPS id 1633637597056902.1951791271449;
Thu, 7 Oct 2021 13:13:17 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-19-r-VYBPgiN0COSeNNmx_pzw-1; Thu, 07 Oct 2021 16:13:14 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 23E951A272F;
Thu, 7 Oct 2021 20:06:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id CBC1B829D5;
Thu, 7 Oct 2021 20:06:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7B1361806D01;
Thu, 7 Oct 2021 20:06:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
[10.11.54.6])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 197JLbfD030654 for ;
Thu, 7 Oct 2021 15:21:37 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 4ECCB2166B2F; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 48C412166B26
for ; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2B36618154E6
for ; Thu, 7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-303-a_Nl2I9yNVKMM2a9wYmkCQ-1; Thu, 07 Oct 2021 15:21:35 -0400
Received: from pps.filterd (m0098413.ppops.net [127.0.0.1])
by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
197IcO1w028145
for ; Thu, 7 Oct 2021 15:21:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bhx6dnr0v-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 07 Oct 2021 15:21:34 -0400
Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197JG6x0008479
for ; Thu, 7 Oct 2021 15:21:34 -0400
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
[169.55.85.253])
by mx0b-001b2d01.pphosted.com with ESMTP id 3bhx6dnr0m-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JHtjt020346;
Thu, 7 Oct 2021 19:21:33 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
by ppma01wdc.us.ibm.com with ESMTP id 3bef2cndm2-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Thu, 07 Oct 2021 19:21:33 +0000
Received: from b03ledav001.gho.boulder.ibm.com
(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 197JLVZG15204696
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Thu, 7 Oct 2021 19:21:31 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id E1C5C6E059;
Thu, 7 Oct 2021 19:21:30 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 2B9BA6E053;
Thu, 7 Oct 2021 19:21:30 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
Thu, 7 Oct 2021 19:21:30 +0000 (GMT)
X-MC-Unique: r-VYBPgiN0COSeNNmx_pzw-1
X-MC-Unique: a_Nl2I9yNVKMM2a9wYmkCQ-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v4 5/5] conf: add luks2 encryption format
Date: Thu, 7 Oct 2021 14:21:21 -0500
Message-Id: <20211007192121.1052752-6-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: S5twEGZTx7xtRHlPkwWFeVX3vLtlATDW
X-Proofpoint-GUID: qP7sLkkotCin-PzNUITXo41ikzKL2_87
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
FMLib:17.0.607.475
definitions=2021-10-07_04,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
adultscore=0 mlxscore=0
lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0
suspectscore=0 mlxlogscore=999 spamscore=0 clxscore=1015 bulkscore=0
phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637598875100001
Content-Type: text/plain; charset="utf-8"
This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that becomes val=
id.
Currently librbd is the only engine that supports this new format.
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
docs/formatstorageencryption.html.in | 12 +++++++++++-
docs/schemas/storagecommon.rng | 1 +
src/conf/storage_encryption_conf.c | 2 +-
src/conf/storage_encryption_conf.h | 1 +
src/qemu/qemu_block.c | 5 +++++
src/qemu/qemu_domain.c | 5 ++++-
...isk-network-rbd-encryption.x86_64-latest.args | 16 ++++++++++------
.../disk-network-rbd-encryption.xml | 12 ++++++++++++
...disk-network-rbd-encryption.x86_64-latest.xml | 13 +++++++++++++
9 files changed, 58 insertions(+), 9 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 02ee8f8ca3..6cf1f94a9f 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
is encryption
, with a mandatory
attribute format
. Currently defined values
of format
are default
, qcow
,
- and luks
.
+ luks
, and luks2
.
Each value of format
implies some expectations about the
content of the encryption
tag. Other format values may=
be
defined in the future.
@@ -121,6 +121,16 @@
=20
+
+
+ The luks2
format is currently supported only by the
+ librbd
engine, and can only be applied to RBD network d=
isks.
+ luks2
encrypted RBD disks can be decrypted by the domai=
n,
+ but creation of such disks is currently not supported through libvir=
t.
+ A single
+ <secret type=3D'passphrase'...>
element is expect=
ed.
+
+
=20
=20
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 3ddff02e43..591a158209 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -13,6 +13,7 @@
default
qcow
luks
+ luks2
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 3c1267ed40..c312236d4c 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
=20
VIR_ENUM_IMPL(virStorageEncryptionFormat,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
- "default", "qcow", "luks",
+ "default", "qcow", "luks", "luks2",
);
=20
VIR_ENUM_IMPL(virStorageEncryptionEngine,
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 0931618608..312599ad44 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -65,6 +65,7 @@ typedef enum {
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
=20
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
} virStorageEncryptionFormatType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 5b1b5bea2e..62c40d39d1 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -908,6 +908,10 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *sr=
c,
encformat =3D "luks";
break;
=20
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+ encformat =3D "luks2";
+ break;
+
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
@@ -1355,6 +1359,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
*src,
break;
=20
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
virReportEnumRangeError(virStorageEncryptionFormatType,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 13869dd79b..8c2a5408da 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1228,7 +1228,8 @@ static bool
qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
{
if (!virStorageSourceIsEmpty(src) && src->encryption &&
- src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS =
&&
+ (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
||
+ src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
2) &&
src->encryption->nsecrets > 0)
return true;
=20
@@ -4820,6 +4821,7 @@ qemuDomainValidateStorageSource(virStorageSource *src,
break;
=20
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
virReportEnumRangeError(virStorageEncryptionFormat=
Type,
@@ -4837,6 +4839,7 @@ qemuDomainValidateStorageSource(virStorageSource *src,
=20
switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
break;
=20
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
index 69837a8003..9b3e8d31b8 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -27,18 +27,22 @@ XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.confi=
g \
-no-acpi \
-boot strict=3Don \
-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-4-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-4-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-4-format-encryption-secret0","file":"libvirt-4-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-4-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk1 \
-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk1 \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-2-format-encryption-secret0"},"node-name":"libvirt-2-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw=
","file":"libvirt-2-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk2 \
-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host=
":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322=
"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","=
key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-s=
torage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk2 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk3 \
-audiodev id=3Daudio1,driver=3Dnone \
-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
index d8c2d3dbe2..eeadbfeeba 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -50,6 +50,18 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
index d4942718bb..a91504202a 100644
--- a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -56,6 +56,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
--=20
2.25.1