[PATCH v4 3/5] conf: add encryption engine property
Peter Krempa
pkrempa at redhat.com
Thu Oct 21 11:10:32 UTC 2021
On Thu, Oct 07, 2021 at 14:21:19 -0500, Or Ozeri wrote:
> This commit extends libvirt XML configuration to support a custom encryption engine.
> This means that <encryption format="luks" engine="qemu"> becomes valid.
> The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
> If no engine is specified, qemu will be used (assuming qemu driver is used).
>
> Signed-off-by: Or Ozeri <oro at il.ibm.com>
> ---
> docs/formatstorageencryption.html.in | 6 +++++
> docs/schemas/domainbackup.rng | 7 +++++
> docs/schemas/storagecommon.rng | 7 +++++
> src/conf/storage_encryption_conf.c | 27 ++++++++++++++++++-
> src/conf/storage_encryption_conf.h | 9 +++++++
> src/qemu/qemu_block.c | 2 ++
> src/qemu/qemu_domain.c | 20 ++++++++++++++
> tests/qemustatusxml2xmldata/upgrade-out.xml | 6 ++---
> tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
> .../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
> tests/qemuxml2argvdata/luks-disks.xml | 4 +--
> tests/qemuxml2argvdata/user-aliases.xml | 2 +-
> .../disk-slices.x86_64-latest.xml | 4 +--
> tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
> .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
> .../qemuxml2xmloutdata/luks-disks-source.xml | 10 +++----
> 16 files changed, 100 insertions(+), 24 deletions(-)
>
> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 7215c307d7..178fcd0d7c 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -23,6 +23,12 @@
> content of the <code>encryption</code> tag. Other format values may be
> defined in the future.
> </p>
> + <p>
> + The <code>encryption</code> tag supports an optional <code>engine</code>
> + tag, which allows selecting which component actually handles
> + the encryption. Currently defined values of <code>engine</code> are
> + <code>qemu</code>.
> + </p>
I'll add a note and possibly also a check that this works only in the
qemu VM driver, and not in the storage driver as this part of the docs
is shared between those two.
> <p>
> The <code>encryption</code> tag can currently contain a sequence of
> <code>secret</code> tags, each with mandatory attributes <code>type</code>
> @@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
> xmlNodePtr *nodes = NULL;
> virStorageEncryption *encdef = NULL;
> virStorageEncryption *ret = NULL;
> + g_autofree char *engine_str = NULL;
This is unused. I'll remove it before pushing.
> g_autofree char *format_str = NULL;
> int n;
> size_t i;
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
More information about the libvir-list
mailing list