From nobody Sun May 5 10:32:42 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1635069186889571.0609869886525;
Sun, 24 Oct 2021 02:53:06 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-584-kuWDGBFOM-y0OqJ8AVZkhg-1; Sun, 24 Oct 2021 05:53:02 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A4E681006AA2;
Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 87BD569117;
Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5765D1818480;
Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
[10.11.54.3])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 19O9pnCU030325 for ;
Sun, 24 Oct 2021 05:51:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 5FED51121319; Sun, 24 Oct 2021 09:51:49 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B1481121315
for ; Sun, 24 Oct 2021 09:51:46 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[205.139.110.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 896BA800B24
for ; Sun, 24 Oct 2021 09:51:46 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-136-2uR2UUBENDiuxenSgQqrzg-1; Sun, 24 Oct 2021 05:51:44 -0400
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
19O3L7Tl022703
for ; Sun, 24 Oct 2021 05:51:43 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bvygqv1qu-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Sun, 24 Oct 2021 05:51:43 -0400
Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9gwZu031152
for ; Sun, 24 Oct 2021 05:51:42 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
[169.53.41.122])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bvygqv1qr-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Sun, 24 Oct 2021 05:51:42 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9loeD001664;
Sun, 24 Oct 2021 09:51:42 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
by ppma04dal.us.ibm.com with ESMTP id 3bva19q4rq-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Sun, 24 Oct 2021 09:51:41 +0000
Received: from b03ledav004.gho.boulder.ibm.com
(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 19O9pdXg35914182
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Sun, 24 Oct 2021 09:51:39 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 29BEB7805E;
Sun, 24 Oct 2021 09:51:39 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 4FF187805C;
Sun, 24 Oct 2021 09:51:38 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
Sun, 24 Oct 2021 09:51:38 +0000 (GMT)
X-MC-Unique: kuWDGBFOM-y0OqJ8AVZkhg-1
X-MC-Unique: 2uR2UUBENDiuxenSgQqrzg-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v5 1/5] qemu: add disk post parse to qemublocktest
Date: Sun, 24 Oct 2021 04:51:26 -0500
Message-Id: <20211024095130.1171230-2-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: f7D_izyP2Ey6oaWfmi-XTs35T7LXQi4Y
X-Proofpoint-ORIG-GUID: wx3xfeLoeMzUeer4E6yyCQ-c1GqSBBzA
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
FMLib:17.0.607.475
definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
suspectscore=0
mlxlogscore=999 lowpriorityscore=0 mlxscore=0 bulkscore=0 phishscore=0
malwarescore=0 priorityscore=1501 clxscore=1015 spamscore=0
adultscore=0
impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069188107100002
Content-Type: text/plain; charset="utf-8"
The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.
Specifically, this will be needed for tests that use luks encryption,
so that the default encryption engine (which is added in an upcoming commit)
will be overridden by qemu.
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
src/qemu/qemu_domain.c | 2 +-
src/qemu/qemu_domain.h | 3 +++
tests/qemublocktest.c | 29 ++++++++++++-----------------
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1bd3730281..5ff602e3af 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5218,7 +5218,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
}
=20
=20
-static int
+int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags)
{
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 9cf5d5479e..6728ab047e 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -857,6 +857,9 @@ int qemuDomainSecretPrepare(virQEMUDriver *driver,
int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+ unsigned int parseFlags);
+
int qemuDomainPrepareChannel(virDomainChrDef *chr,
const char *domainChannelTargetDir)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 3e61e923a9..0176fbd3f4 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -276,6 +276,9 @@ testQemuDiskXMLToProps(const void *opaque)
VIR_DOMAIN_DEF_PARSE_STATUS)))
return -1;
=20
+ if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+ return -1;
+
if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
return -1;
=20
@@ -470,32 +473,24 @@ testQemuImageCreateLoadDiskXML(const char *name,
virDomainXMLOption *xmlopt)
=20
{
- virDomainSnapshotDiskDef *diskdef =3D NULL;
- g_autoptr(xmlDoc) doc =3D NULL;
- g_autoptr(xmlXPathContext) ctxt =3D NULL;
- xmlNodePtr node;
+ virDomainDiskDef *disk =3D NULL;
g_autofree char *xmlpath =3D NULL;
- virStorageSource *ret =3D NULL;
+ g_autofree char *xmlstr =3D NULL;
=20
xmlpath =3D g_strdup_printf("%s%s.xml", testQemuImageCreatePath, name);
=20
- if (!(doc =3D virXMLParseFileCtxt(xmlpath, &ctxt)))
+ if (virTestLoadFile(xmlpath, &xmlstr) < 0)
return NULL;
=20
- if (!(node =3D virXPathNode("//disk", ctxt))) {
- VIR_TEST_VERBOSE("failed to find
+
+ The encryption tag supports an optional engine
+ tag, which allows selecting which component actually handles
+ the encryption. Currently defined values of engine are
+ qemu.
+
The encryption tag can currently contain a sequence of
secret tags, each with mandatory attributes type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
luks
+
+
+
+ qemu
+
+
+
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..60dcfac06c 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -15,6 +15,13 @@
luks
+
+
+
+ qemu
+
+
+
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..7fd601e4a2 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
"default", "qcow", "luks",
);
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+ "default", "qemu",
+);
+
static void
virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
{
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
ret->nsecrets =3D src->nsecrets;
ret->format =3D src->format;
+ ret->engine =3D src->engine;
=20
for (i =3D 0; i < src->nsecrets; i++) {
if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -239,6 +245,12 @@ virStorageEncryptionParseNode(xmlNodePtr node,
goto cleanup;
}
=20
+ if (virXMLPropEnum(node, "engine",
+ virStorageEncryptionEngineTypeFromString,
+ VIR_XML_PROP_NONZERO,
+ &encdef->engine) < 0)
+ goto cleanup;
+
if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
goto cleanup;
=20
@@ -327,6 +339,7 @@ int
virStorageEncryptionFormat(virBuffer *buf,
virStorageEncryption *enc)
{
+ const char *engine;
const char *format;
size_t i;
=20
@@ -335,7 +348,18 @@ virStorageEncryptionFormat(virBuffer *buf,
"%s", _("unexpected encryption format"));
return -1;
}
- virBufferAsprintf(buf, "\n", format);
+ if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+ virBufferAsprintf(buf, "\n", format);
+ } else {
+ if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption engine"));
+ return -1;
+ }
+ virBufferAsprintf(buf, "\n=
",
+ format, engine);
+ }
+
virBufferAdjustIndent(buf, 2);
=20
for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..e0ac0fe4bf 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
char *ivgen_hash;
};
=20
+typedef enum {
+ VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+ VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngine;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
typedef enum {
/* "default" is only valid for volume creation */
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -63,6 +71,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
typedef struct _virStorageEncryption virStorageEncryption;
struct _virStorageEncryption {
+ virStorageEncryptionEngine engine;
int format; /* virStorageEncryptionFormatType */
int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index b6d6d95692..0e2395278a 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
*src,
*encprops =3D NULL;
=20
if (!src->encryption ||
+ src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
!srcpriv ||
!srcpriv->encinfo)
return 0;
@@ -1448,6 +1449,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
* put a raw layer on top */
case VIR_STORAGE_FILE_RAW:
if (src->encryption &&
+ src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 5ff602e3af..75cc656ed9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4770,6 +4770,18 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
}
}
=20
+ if (src->encryption) {
+ switch (src->encryption->engine) {
+ case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+ break;
+ case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
+ virReportEnumRangeError(virStorageEncryptionEngine,
+ src->encryption->engine);
+ return -1;
+ }
+ }
+
return 0;
}
=20
@@ -5222,6 +5234,8 @@ int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags)
{
+ virStorageSource *n;
+
/* set default disk types and drivers */
if (!virDomainDiskGetDriver(disk))
virDomainDiskSetDriver(disk, "qemu");
@@ -5236,6 +5250,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+ /* default disk encryption engine */
+ for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+ if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+ n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+ }
+
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) =
< 0)
return -1;
=20
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
The encryption tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 60dcfac06c..3ddff02e43 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -19,6 +19,7 @@
qemu
+ librbd
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 7fd601e4a2..d45ad717a0 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
VIR_ENUM_IMPL(virStorageEncryptionEngine,
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
- "default", "qemu",
+ "default", "qemu", "librbd",
);
=20
static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index e0ac0fe4bf..0931618608 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
typedef enum {
VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
} virStorageEncryptionEngine;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0e2395278a..4af06aea1b 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
g_autoptr(virJSONValue) servers =3D NULL;
virJSONValue *ret =3D NULL;
+ g_autoptr(virJSONValue) encrypt =3D NULL;
+ const char *encformat;
const char *username =3D NULL;
g_autoptr(virJSONValue) authmodes =3D NULL;
g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,40 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
return NULL;
}
=20
+ if (src->encryption &&
+ src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+ switch ((virStorageEncryptionFormatType) src->encryption->format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ encformat =3D "luks";
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("librbd encryption engine only supports l=
uks/luks2 formats"));
+ return NULL;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormatType,
+ src->encryption->format);
+ return NULL;
+ }
+
+ if (virJSONValueObjectCreate(&encrypt,
+ "s:format", encformat,
+ "s:key-secret", srcPriv->encinfo->ali=
as,
+ NULL) < 0)
+ return NULL;
+ }
+
if (virJSONValueObjectCreate(&ret,
"s:pool", src->volume,
"s:image", src->path,
"S:snapshot", src->snapshot,
"S:conf", src->configFile,
"A:server", &servers,
+ "A:encrypt", &encrypt,
"S:user", username,
"A:auth-client-required", &authmodes,
"S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 75cc656ed9..71cebec4e8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4773,6 +4773,44 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
if (src->encryption) {
switch (src->encryption->engine) {
case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+ switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+ src->encryption->format);
+ return -1;
+ }
+
+ break;
+ case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("librbd encryption is not supported b=
y this QEMU binary"));
+ return -1;
+ }
+
+ switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("librbd encryption engine only su=
pports luks/luks2 formats"));
+ return -1;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+ src->encryption->format);
+ return -1;
+ }
+
break;
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..474c245d60
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,45 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li=
bvirt-3-format","id":"virtio-disk0","bootindex":1}' \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x4","drive":"li=
bvirt-2-format","id":"virtio-disk1"}' \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"li=
bvirt-1-format","id":"virtio-disk2"}' \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add=
r":"0x3"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..d8c2d3dbe2
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,63 @@
+
+ encryptdisk
+ 496898a6-e6ff-f7c8-5dc2-3cf410945ee9
+ 1048576
+ 524288
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index e209b48fce..df7cfe020e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1344,6 +1344,8 @@ mymain(void)
DO_TEST_CAPS_LATEST("disk-network-gluster");
DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
DO_TEST_CAPS_LATEST("disk-network-rbd");
+ DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+ DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..d4942718bb
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,70 @@
+
+ encryptdisk
+ 496898a6-e6ff-f7c8-5dc2-3cf410945ee9
+ 1048576
+ 524288
+ 1
+
+ hvm
+
+
+
+ qemu64
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index b0a1212a54..90813f8cd8 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
QEMU_CAPS_SCSI_BLOCK);
DO_TEST_NOCAPS("disk-network-gluster");
DO_TEST_NOCAPS("disk-network-rbd");
+ DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
DO_TEST_NOCAPS("disk-network-source-auth");
DO_TEST_NOCAPS("disk-network-sheepdog");
DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1
From nobody Sun May 5 10:32:42 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=fail(p=none dis=none) header.from=il.ibm.com
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1635069153325692.0040314778507;
Sun, 24 Oct 2021 02:52:33 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-330-QNgvtSGzPoixy2jclNMBNw-1; Sun, 24 Oct 2021 05:52:28 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
[10.5.11.22])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6F75E1006AA2;
Sun, 24 Oct 2021 09:52:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 27C7A1001B3B;
Sun, 24 Oct 2021 09:52:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id C84801806D03;
Sun, 24 Oct 2021 09:52:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
[10.11.54.4])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 19O9pxmk030382 for ;
Sun, 24 Oct 2021 05:51:59 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 396E2202696C; Sun, 24 Oct 2021 09:51:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 332B82026D60
for ; Sun, 24 Oct 2021 09:51:56 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[205.139.110.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6258F8556F4
for ; Sun, 24 Oct 2021 09:51:56 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-40-VoUPx-UEN-KMKXDJNPbhdA-1; Sun, 24 Oct 2021 05:51:54 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
19O3K9VI003013
for ; Sun, 24 Oct 2021 05:51:53 -0400
Received: from pps.reinject (localhost [127.0.0.1])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bvyg944jf-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Sun, 24 Oct 2021 05:51:53 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9g7Z6000954
for ; Sun, 24 Oct 2021 05:51:52 -0400
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com
[169.47.144.27])
by mx0a-001b2d01.pphosted.com with ESMTP id 3bvyg944jb-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Sun, 24 Oct 2021 05:51:52 -0400
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9mKSK029942;
Sun, 24 Oct 2021 09:51:51 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com
(b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
by ppma05wdc.us.ibm.com with ESMTP id 3bva19c4qr-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT); Sun, 24 Oct 2021 09:51:51 +0000
Received: from b03ledav004.gho.boulder.ibm.com
(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
ESMTP id 19O9pnRr12517768
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK); Sun, 24 Oct 2021 09:51:49 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 016807805C;
Sun, 24 Oct 2021 09:51:49 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
by IMSVA (Postfix) with ESMTP id 27B5078066;
Sun, 24 Oct 2021 09:51:48 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
Sun, 24 Oct 2021 09:51:48 +0000 (GMT)
X-MC-Unique: QNgvtSGzPoixy2jclNMBNw-1
X-MC-Unique: VoUPx-UEN-KMKXDJNPbhdA-1
From: Or Ozeri
To: libvir-list@redhat.com
Subject: [PATCH v5 5/5] conf: add luks2 encryption format
Date: Sun, 24 Oct 2021 04:51:30 -0500
Message-Id: <20211024095130.1171230-6-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: G_hsO-J08q1SFITBhM4eKLyhWacJz4BH
X-Proofpoint-ORIG-GUID: VhnIaWu73VzB8JdNsHuN4bxQRwR-kxJb
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
FMLib:17.0.607.475
definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
malwarescore=0
lowpriorityscore=0 spamscore=0 impostorscore=0 clxscore=1015
priorityscore=1501 phishscore=0 mlxscore=0 mlxlogscore=999 adultscore=0
bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx
scancount=1
engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
Definition; Similar Internal Domain=false;
Similar Monitored External Domain=false;
Custom External Domain=false; Mimecast External Domain=false;
Newly Observed Domain=false; Internal User Name=false;
Custom Display Name List=false; Reply-to Address Mismatch=false;
Targeted Threat Dictionary=false;
Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri , to.my.trociny@gmail.com,
dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069155136100001
Content-Type: text/plain; charset="utf-8"
This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that becomes val=
id.
Currently librbd is the only engine that supports this new format.
Signed-off-by: Or Ozeri
Reviewed-by: Peter Krempa
---
docs/formatstorageencryption.html.in | 14 +++++++++++++-
docs/schemas/storagecommon.rng | 1 +
src/conf/storage_encryption_conf.c | 2 +-
src/conf/storage_encryption_conf.h | 1 +
src/qemu/qemu_block.c | 9 +++++++++
src/qemu/qemu_domain.c | 9 ++++++++-
...isk-network-rbd-encryption.x86_64-latest.args | 16 ++++++++++------
.../disk-network-rbd-encryption.xml | 12 ++++++++++++
...disk-network-rbd-encryption.x86_64-latest.xml | 13 +++++++++++++
9 files changed, 68 insertions(+), 9 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index fb04a6a0ad..86d884f93d 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
is encryption, with a mandatory
attribute format. Currently defined values
of format are default, qcow,
- and luks.
+ luks, and luks2.
Each value of format implies some expectations about the
content of the encryption tag. Other format values may=
be
defined in the future.
@@ -125,6 +125,18 @@
=20
+
+ The luks2 format is currently supported only by the
+ librbd engine, and can only be applied to RBD network d=
isks.
+ Since the librbd engine is currently not supported by t=
he
+ storage driver, you cannot use it to control such disks. However,
+ pre-formatted RBD luks2 disks can be loaded to a qemu VM using the q=
emu
+ VM driver.
+ A single
+ <secret type=3D'passphrase'...> element is expect=
ed.
+