[libvirt] [PATCH v2 08/14] conf: Move LUKS encryption formatting to disk source
John Ferlan
jferlan at redhat.com
Sat Sep 16 00:30:11 UTC 2017
Alter the output of the formatting to be a child of the disk's source
rather than a child of the disk for LUKS encryption, but keep the legacy
QCOW encryption as a child of disk.
Update the various test outputs for existing disk tests to conform to
the new view. The qemuxml2xmlout-luks-disks.xml used to be a link to
the "source" tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml, but
with the change to move LUKS output to a child of <source>, the output
file now will differ. While a link would still work, that would require
changing the source file which wasn't the goal.
Add tests to validate that if the <encryption> was found in <source>, then
the resulting xml2xml and xml2arg works just fine.
Signed-off-by: John Ferlan <jferlan at redhat.com>
---
docs/formatdomain.html.in | 13 +++-
src/conf/domain_conf.c | 12 ++++
.../qemuxml2argv-luks-disks-source.args | 62 ++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
.../qemuxml2xmlout-luks-disks-source.xml | 84 ++++++++++++++++++++++
.../qemuxml2xmlout-luks-disks.xml | 48 ++++++++++++-
tests/qemuxml2xmltest.c | 1 +
7 files changed, 219 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml
mode change 120000 => 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index f56479953..5facb512a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2672,6 +2672,14 @@
attribute matching the key that was specified in the
secret object.
</dd>
+ <dd><span class="since">Since libvirt 3.8.0</span>, the
+ <code>encryption</code> can be a sub-element of the
+ <code>source</code> element for non "qcow" encrypted storage
+ sources (currently only "luks"). If present, specifies how the
+ storage source is encrypted. See the
+ <a href="formatstorageencryption.html">Storage Encryption</a>
+ page for more information.
+ </dd>
</dl>
<p>
@@ -3073,7 +3081,10 @@
<span class="since">Since 0.8.8</span>
</dd>
<dt><code>encryption</code></dt>
- <dd>If present, specifies how the volume is encrypted. See
+ <dd>Starting with <span class="since">libvirt 3.8.0</span> the
+ <code>encryption</code> element for non "qcow" encrypted storage
+ sources moved to be a sub-element of the <code>source</code> element.
+ If present, specifies how the volume is encrypted using "qcow". See
the <a href="formatstorageencryption.html">Storage Encryption</a> page
for more information.
</dd>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2a52462d0..5851bba44 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -21888,6 +21888,14 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf,
goto error;
}
+ /* For encryption formatting that's not the old/default QCOW
+ * format, let's format the <encryption> in source. This started
+ * with LUKS encryption */
+ if (src->encryption &&
+ src->encryption->format >= VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+ virStorageEncryptionFormat(&childBuf, src->encryption) < 0)
+ return -1;
+
if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0)
goto error;
}
@@ -22207,7 +22215,11 @@ virDomainDiskDefFormat(virBufferPtr buf,
virBufferEscapeString(buf, "<wwn>%s</wwn>\n", def->wwn);
virBufferEscapeString(buf, "<vendor>%s</vendor>\n", def->vendor);
virBufferEscapeString(buf, "<product>%s</product>\n", def->product);
+
+ /* Only for the older QCOW encryption - format the <encryption>
+ * as a child of <disk>. Others will now format as child of <source> */
if (def->src->encryption &&
+ def->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW &&
virStorageEncryptionFormat(buf, def->src->encryption) < 0)
return -1;
virDomainDeviceInfoFormat(buf, &def->info,
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args
new file mode 100644
index 000000000..fec46945c
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args
@@ -0,0 +1,62 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-x86_64 \
+-name encryptdisk \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
+-M pc-i440fx-2.1 \
+-m 1024 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-nographic \
+-nodefaults \
+-chardev socket,id=charmonitor,\
+path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=readline \
+-no-acpi \
+-boot c \
+-usb \
+-object secret,id=virtio-disk0-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=/storage/guest_disks/encryptdisk,\
+key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
+id=virtio-disk0 \
+-object secret,id=virtio-disk1-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=/storage/guest_disks/encryptdisk2,\
+key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \
+-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
+id=virtio-disk1 \
+-object secret,id=virtio-disk2-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
+6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-luks-secret0,\
+format=luks,if=none,id=drive-virtio-disk2 \
+-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
+id=virtio-disk2 \
+-object secret,id=virtio-disk3-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=iscsi://iscsi.example.com:3260/demo-target/3,\
+key-secret=virtio-disk3-luks-secret0,format=luks,if=none,id=drive-virtio-disk3 \
+-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\
+id=virtio-disk3 \
+-object secret,id=virtio-disk4-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\
+6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
+key-secret=virtio-disk4-luks-secret0,format=luks,if=none,\
+id=drive-virtio-disk4' \
+-device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\
+id=virtio-disk4 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 9a8caaa38..d7d9270d6 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1648,6 +1648,7 @@ mymain(void)
DO_TEST("encrypted-disk-usage", NONE);
# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
+ DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);
# else
DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
# endif
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml
new file mode 100644
index 000000000..1cad3af7a
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml
@@ -0,0 +1,84 @@
+<domain type='qemu'>
+ <name>encryptdisk</name>
+ <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/storage/guest_disks/encryptdisk'>
+ <encryption format='luks'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+ </encryption>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/storage/guest_disks/encryptdisk2'>
+ <encryption format='luks'>
+ <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
+ </encryption>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='iscsi' name='iqn.1992-01.com.example:storage/1'>
+ <host name='example.org' port='6000'/>
+ <auth username='myname'>
+ <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
+ </auth>
+ <encryption format='luks'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
+ </encryption>
+ </source>
+ <target dev='vdc' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+ </disk>
+ <disk type='volume' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
+ <encryption format='luks'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
+ </encryption>
+ </source>
+ <target dev='vdd' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='rbd' name='pool/image'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <encryption format='luks'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
+ </encryption>
+ </source>
+ <target dev='vde' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
deleted file mode 120000
index b59dc672f..000000000
--- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/qemuxml2argv-luks-disks.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
new file mode 100644
index 000000000..a16a550b0
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
@@ -0,0 +1,47 @@
+<domain type='qemu'>
+ <name>encryptdisk</name>
+ <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/storage/guest_disks/encryptdisk'>
+ <encryption format='luks'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+ </encryption>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/storage/guest_disks/encryptdisk2'>
+ <encryption format='luks'>
+ <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
+ </encryption>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 90ffb040b..110fb12ea 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -576,6 +576,7 @@ mymain(void)
DO_TEST("encrypted-disk", NONE);
DO_TEST("encrypted-disk-usage", NONE);
DO_TEST("luks-disks", NONE);
+ DO_TEST("luks-disks-source", NONE);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);
DO_TEST("blkiotune", NONE);
--
2.13.5
More information about the libvir-list
mailing list