1. Patchew
  2. Libvirt
  3. View series

[PATCH v1 0/7] qemu: add support for librbd layered encryption

Or Ozeri posted 7 patches 1 year, 1 month ago
Failed in applying to current master (apply log)
There is a newer version of this series
docs/formatstorageencryption.rst              |  11 +-
src/conf/schemas/storagecommon.rng            |   4 +-
src/qemu/qemu_alias.c                         |   8 +-
src/qemu/qemu_alias.h                         |   3 +-
src/qemu/qemu_block.c                         |  70 ++++++++----
src/qemu/qemu_block.h                         |   5 +-
src/qemu/qemu_blockjob.c                      |   6 +
src/qemu/qemu_capabilities.c                  |   2 +
src/qemu/qemu_capabilities.h                  |   1 +
src/qemu/qemu_command.c                       |  31 +++--
src/qemu/qemu_domain.c                        | 106 ++++++++++++++----
src/qemu/qemu_domain.h                        |   3 +-
src/qemu/qemu_hotplug.c                       |   2 +-
src/qemu/qemu_migration_params.c              |   2 +-
tests/qemublocktest.c                         |   7 +-
.../caps_8.0.0.x86_64.replies                 |   5 +
.../caps_8.0.0.x86_64.xml                     |   1 +
...k-rbd-encryption-layering.x86_64-7.2.0.err |   1 +
...rbd-encryption-layering.x86_64-latest.args |  39 +++++++
.../disk-network-rbd-encryption-layering.xml  |  40 +++++++
tests/qemuxml2argvtest.c                      |   2 +
...-rbd-encryption-layering.x86_64-latest.xml |  45 ++++++++
tests/qemuxml2xmltest.c                       |   1 +
23 files changed, 332 insertions(+), 63 deletions(-)
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-7.2.0.err
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml
create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.x86_64-latest.xml
[PATCH v1 0/7] qemu: add support for librbd layered encryption
Posted by Or Ozeri 1 year, 1 month ago 
Starting from Ceph 0f93f745 (unreleased 18.0.0) and qemu 0f385a24 (unreleased 8.0.0),
qemu and librbd users can use encrypted RBD cloned images, where the
parent image is encrypted using a different scheme (e.g. different passphrase).
Opening such image require supplying of multiple secrets.
This patch series allows libvirt users to supply multiple secrets necessary
for using such RBD images.
For example:
        <encryption format='luks' engine='librbd'>
          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
        </encryption>

Note that unlike the qemu and libvirt API, we don't allow the user
to specify the format of the parent image, but just the passphrase.
We do so to minimize the changes made in libvirt.
To still be able to support RBD images where the parent is encrypted
using a different format (e.g. LUKS2 cloned image of a LUKS parent),
an additional patch series allowing for LUKS* (luks-any) format
will be submitted.

In high-level, this patch series does the following:
- change the qemuBlockStorageSourceAttachData struct to support multiple secrets
- change the qemuDomainStorageSourcePrivate struct to support multiple secrets
- translate multiple secrets from virStorageEncryption to qemu private data

I manually patched the qemu 8.0.0 replies file to reflect relevant qemu support,
to allow my tests to run.
Note that any build qemu will not support this feature, unless compiled
while having a librbd that has this feature bundled.

Or Ozeri (7):
  tests: qemucapabilitiesdata: Add rbd encryption layering
  qemu: capabilities: Introduce QEMU_CAPS_RBD_ENCRYPTION_LAYERING
    capability
  qemu: add support for multiple secret aliases
  qemu: add multi-secret support in qemuBlockStorageSourceAttachData
  qemu: add multi-secret support in _qemuDomainStorageSourcePrivate
  qemu: support pass-on of multiple secrets to
    _qemuDomainStorageSourcePrivate
  qemu: add support for librbd layered encryption

 docs/formatstorageencryption.rst              |  11 +-
 src/conf/schemas/storagecommon.rng            |   4 +-
 src/qemu/qemu_alias.c                         |   8 +-
 src/qemu/qemu_alias.h                         |   3 +-
 src/qemu/qemu_block.c                         |  70 ++++++++----
 src/qemu/qemu_block.h                         |   5 +-
 src/qemu/qemu_blockjob.c                      |   6 +
 src/qemu/qemu_capabilities.c                  |   2 +
 src/qemu/qemu_capabilities.h                  |   1 +
 src/qemu/qemu_command.c                       |  31 +++--
 src/qemu/qemu_domain.c                        | 106 ++++++++++++++----
 src/qemu/qemu_domain.h                        |   3 +-
 src/qemu/qemu_hotplug.c                       |   2 +-
 src/qemu/qemu_migration_params.c              |   2 +-
 tests/qemublocktest.c                         |   7 +-
 .../caps_8.0.0.x86_64.replies                 |   5 +
 .../caps_8.0.0.x86_64.xml                     |   1 +
 ...k-rbd-encryption-layering.x86_64-7.2.0.err |   1 +
 ...rbd-encryption-layering.x86_64-latest.args |  39 +++++++
 .../disk-network-rbd-encryption-layering.xml  |  40 +++++++
 tests/qemuxml2argvtest.c                      |   2 +
 ...-rbd-encryption-layering.x86_64-latest.xml |  45 ++++++++
 tests/qemuxml2xmltest.c                       |   1 +
 23 files changed, 332 insertions(+), 63 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-7.2.0.err
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption-layering.xml
 create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption-layering.x86_64-latest.xml

-- 
2.25.1

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.