[libvirt] [PATCH] storage: Add capability to use LUKS encryption for disk backend
John Ferlan
jferlan at redhat.com
Tue May 29 10:47:22 UTC 2018
ping?
Tks,
John
On 05/24/2018 07:50 PM, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1560946
>
> Following the model of the Logical backend, use qemu-img on
> the created device to set up for LUKS encryption.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>
> works much better with the settle patch applied from:
>
> https://www.redhat.com/archives/libvir-list/2018-May/msg01847.html
>
>
> src/storage/storage_backend_disk.c | 43 ++++++++++++++++++++++++--------------
> 1 file changed, 27 insertions(+), 16 deletions(-)
>
> diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c
> index 7b4549c34d..a3003fd0b5 100644
> --- a/src/storage/storage_backend_disk.c
> +++ b/src/storage/storage_backend_disk.c
> @@ -870,19 +870,13 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool,
> char *partFormat = NULL;
> unsigned long long startOffset = 0, endOffset = 0;
> virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
> + virErrorPtr save_err;
> virCommandPtr cmd = virCommandNewArgList(PARTED,
> def->source.devices[0].path,
> "mkpart",
> "--script",
> NULL);
>
> - if (vol->target.encryption != NULL) {
> - virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> - "%s", _("storage pool does not support encrypted "
> - "volumes"));
> - goto cleanup;
> - }
> -
> if (virStorageBackendDiskPartFormat(pool, vol, &partFormat) != 0)
> goto cleanup;
> virCommandAddArg(cmd, partFormat);
> @@ -893,6 +887,12 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool,
> goto cleanup;
> }
>
> + /* If we're going to encrypt using LUKS, then we could need up to
> + * an extra 2MB for the LUKS header - so account for that now */
> + if (vol->target.encryption &&
> + vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
> + endOffset += 2 * 1024 * 1024;
> +
> virCommandAddArgFormat(cmd, "%lluB", startOffset);
> virCommandAddArgFormat(cmd, "%lluB", endOffset);
>
> @@ -910,15 +910,15 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool,
> VIR_FREE(vol->target.path);
>
> /* Fetch actual extent info, generate key */
> - if (virStorageBackendDiskReadPartitions(pool, vol) < 0) {
> - /* Best effort to remove the partition. Ignore any errors
> - * since we could be calling this with vol->target.path == NULL
> - */
> - virErrorPtr save_err = virSaveLastError();
> - ignore_value(virStorageBackendDiskDeleteVol(pool, vol, 0));
> - virSetError(save_err);
> - virFreeError(save_err);
> - goto cleanup;
> + if (virStorageBackendDiskReadPartitions(pool, vol) < 0)
> + goto error;
> +
> + if (vol->target.encryption) {
> + /* Adjust the sizes to account for the LUKS header */
> + vol->target.capacity -= 2 * 1024 * 1024;
> + vol->target.allocation -= 2 * 1024 * 1024;
> + if (virStorageBackendCreateVolUsingQemuImg(pool, vol, NULL, 0) < 0)
> + goto error;
> }
>
> res = 0;
> @@ -927,8 +927,19 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool,
> VIR_FREE(partFormat);
> virCommandFree(cmd);
> return res;
> +
> + error:
> + /* Best effort to remove the partition. Ignore any errors
> + * since we could be calling this with vol->target.path == NULL
> + */
> + save_err = virSaveLastError();
> + ignore_value(virStorageBackendDiskDeleteVol(pool, vol, 0));
> + virSetError(save_err);
> + virFreeError(save_err);
> + goto cleanup;
> }
>
> +
> static int
> virStorageBackendDiskBuildVolFrom(virStoragePoolObjPtr pool,
> virStorageVolDefPtr vol,
>
More information about the libvir-list
mailing list