<font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2">The first Ceph version to support RBD encryption is 16.1.0.<div>Smaller versions will cause qemu (>=6.1.0) to return -ENOTSUP, "RBD library does not support image encryption".</div><div>Also, this only works on linux machines (e.g. will not work on BSD/windows).</div><div><div><br><div><font color="#990099">-----"Han Han" <<a href="mailto:hhan@redhat.com" target="_blank" rel="noopener noreferrer">hhan@redhat.com</a>> wrote: -----</font></div><br><br>>To: "Or Ozeri" <<a href="mailto:oro@il.ibm.com" target="_blank" rel="noopener noreferrer">oro@il.ibm.com</a>><br>>From: "Han Han" <<a href="mailto:hhan@redhat.com" target="_blank" rel="noopener noreferrer">hhan@redhat.com</a>><br>>Date: 10/28/2021 05:58AM<br>>Cc: <a href="mailto:libvir-list@redhat.com" target="_blank" rel="noopener noreferrer">libvir-list@redhat.com</a>, <a href="mailto:idryomov@gmail.com" target="_blank" rel="noopener noreferrer">idryomov@gmail.com</a>,<br>><a href="mailto:to.my.trociny@gmail.com" target="_blank" rel="noopener noreferrer">to.my.trociny@gmail.com</a>, <a href="mailto:dannyh@il.ibm.com" target="_blank" rel="noopener noreferrer">dannyh@il.ibm.com</a><br>>Subject: [EXTERNAL] Re: [PATCH v5 0/5] Add support for librbd<br>>encryption<br>><br>>                    Hi Or, I have a question about this feature. For<br>>rbd encryption in ceph, is it introduced from ceph-v16.2.0? Does it<br>>require the ceph cluster side >= this version? On Sun, Oct 24, 2021<br>>at 5:54 PM Or Ozeri <<a href="mailto:oro@il.ibm.com" target="_blank" rel="noopener noreferrer">oro@il.ibm.com</a>> wrote: ‍ ‍<br>><br>>     <br>>Hi Or,<br>>I have a question about this feature. For rbd encryption in ceph, is<br>>it introduced from ceph-v16.2.0?<br>>Does it require the ceph cluster side >= this version?<br>><br>>On Sun, Oct 24, 2021 at 5:54 PM Or Ozeri <<a href="mailto:oro@il.ibm.com" target="_blank" rel="noopener noreferrer">oro@il.ibm.com</a>> wrote:<br>>v5: rebased + nit fixes suggested by Peter<br>> v4:<br>>  - added disk post parse to image creation flow in qemublocktest<br>>(since more tests failed after adding engine validation)<br>>  - removed symlink changes<br>>  - added luks2 and engine documentation<br>>  - switched to using enum engine instead of int<br>>  - added validation for encryption engine and formats<br>> v3: rebased on master<br>> v2: addressed (hopefully) all of Peter's v1 comments (thanks Peter!)<br>> <br>> Feel free to make any other changes before pushing. Thanks!<br>> <br>> Or Ozeri (5):<br>>   qemu: add disk post parse to qemublocktest<br>>   qemu: capablities: Detect presence of 'rbd-encryption' as<br>>     QEMU_CAPS_RBD_ENCRYPTION<br>>   conf: add encryption engine property<br>>   qemu: add librbd encryption engine<br>>   conf: add luks2 encryption format<br>> <br>>  docs/formatstorageencryption.html.in          | 29 ++++++-<br>>  docs/schemas/domainbackup.rng                 |  7 ++<br>>  docs/schemas/storagecommon.rng                |  9 ++<br>>  src/conf/storage_encryption_conf.c            | 28 ++++++-<br>>  src/conf/storage_encryption_conf.h            | 11 +++<br>>  src/qemu/qemu_block.c                         | 41 +++++++++<br>>  src/qemu/qemu_capabilities.c                  |  2 +<br>>  src/qemu/qemu_capabilities.h                  |  1 +<br>>  src/qemu/qemu_domain.c                        | 69 ++++++++++++++-<br>>  src/qemu/qemu_domain.h                        |  3 +<br>>  tests/qemublocktest.c                         | 29 +++----<br>>  .../caps_6.1.0.x86_64.xml                     |  1 +<br>>  .../caps_6.2.0.x86_64.xml                     |  1 +<br>>  tests/qemustatusxml2xmldata/upgrade-out.xml   |  6 +-<br>>  ...sk-network-rbd-encryption.x86_64-6.0.0.err |  1 +<br>>  ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++<br>>  .../disk-network-rbd-encryption.xml           | 75<br>>+++++++++++++++++<br>>  tests/qemuxml2argvdata/disk-nvme.xml          |  2 +-<br>>  .../qemuxml2argvdata/encrypted-disk-usage.xml |  2 +-<br>>  tests/qemuxml2argvdata/luks-disks.xml         |  4 +-<br>>  tests/qemuxml2argvdata/user-aliases.xml       |  2 +-<br>>  tests/qemuxml2argvtest.c                      |  2 +<br>>  ...k-network-rbd-encryption.x86_64-latest.xml | 83<br>>+++++++++++++++++++<br>>  .../disk-slices.x86_64-latest.xml             |  4 +-<br>>  tests/qemuxml2xmloutdata/encrypted-disk.xml   |  2 +-<br>>  .../luks-disks-source-qcow2.x86_64-latest.xml | 14 ++--<br>>  .../qemuxml2xmloutdata/luks-disks-source.xml  | 10 +--<br>>  tests/qemuxml2xmltest.c                       |  1 +<br>>  28 files changed, 443 insertions(+), 45 deletions(-)<br>>  create mode 100644<br>>tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err<br>>  create mode 100644<br>>tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args<br>>  create mode 100644<br>>tests/qemuxml2argvdata/disk-network-rbd-encryption.xml<br>>  create mode 100644<br>>tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xm<br>>l<br>> <br>> -- <br>> 2.25.1<br>> <br>>   </div></div></font><BR>
<BR>