[PATCH v1] qemu: Add support for librbd encryption
Or Ozeri
oro at il.ibm.com
Tue Sep 14 10:43:15 UTC 2021
Starting from ceph Pacific, RBD has built-in support for image-level encryption.
qemu 6.1 added support for this encryption using a new "encrypt" property
to the RBD qdict.
This commit extends the libvirt XML API to allow the user to choose between
the existing qemu encryption engine, and the new librbd encryption engine.
Signed-off-by: Or Ozeri <oro at il.ibm.com>
---
docs/formatstorageencryption.html.in | 8 +++-
docs/schemas/domainbackup.rng | 7 ++++
docs/schemas/storagecommon.rng | 8 ++++
src/conf/storage_encryption_conf.c | 30 +++++++++++++-
src/conf/storage_encryption_conf.h | 11 +++++
src/qemu/qemu_block.c | 40 +++++++++++++++++++
src/qemu/qemu_domain.c | 3 +-
.../backup-pull-encrypted.xml | 6 +--
.../backup-pull-internal-invalid.xml | 6 +--
.../backup-push-encrypted.xml | 6 +--
tests/qemustatusxml2xmldata/upgrade-out.xml | 6 +--
tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
tests/qemuxml2argvdata/disk-slices.xml | 4 +-
.../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
tests/qemuxml2argvdata/encrypted-disk.xml | 2 +-
.../luks-disks-source-qcow2.xml | 14 +++----
tests/qemuxml2argvdata/luks-disks-source.xml | 10 ++---
tests/qemuxml2argvdata/luks-disks.xml | 4 +-
tests/qemuxml2argvdata/user-aliases.xml | 2 +-
.../disk-slices.x86_64-latest.xml | 4 +-
tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
.../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++----
.../qemuxml2xmloutdata/luks-disks-source.xml | 10 ++---
.../storagevolxml2xmlout/vol-luks-cipher.xml | 2 +-
tests/storagevolxml2xmlout/vol-luks.xml | 2 +-
.../vol-qcow2-encryption.xml | 2 +-
tests/storagevolxml2xmlout/vol-qcow2-luks.xml | 2 +-
27 files changed, 154 insertions(+), 55 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index 7215c307d7..e0eb8697aa 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,11 +18,17 @@
is <code>encryption</code>, with a mandatory
attribute <code>format</code>. Currently defined values
of <code>format</code> are <code>default</code>, <code>qcow</code>,
- and <code>luks</code>.
+ <code>luks</code>, and <code>luks2</code>.
Each value of <code>format</code> implies some expectations about the
content of the <code>encryption</code> tag. Other format values may be
defined in the future.
</p>
+ <p>
+ The <code>encryption</code> tag supports an optional <code>engine</code>
+ tag, which allows selecting which component actually handles
+ the encryption. Currently defined values of <code>engine</code> are
+ <code>qemu</code> (default) and <code>librbd</code>.
+ </p>
<p>
The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes <code>type</code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
<value>luks</value>
</choice>
</attribute>
+ <optional>
+ <attribute name="engine">
+ <choice>
+ <value>qemu</value>
+ </choice>
+ </attribute>
+ </optional>
<interleave>
<ref name="secret"/>
<optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..3ddff02e43 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -15,6 +15,14 @@
<value>luks</value>
</choice>
</attribute>
+ <optional>
+ <attribute name="engine">
+ <choice>
+ <value>qemu</value>
+ <value>librbd</value>
+ </choice>
+ </attribute>
+ </optional>
<interleave>
<ref name="secret"/>
<optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encryption_conf.c
index 9112b96cc7..64044057bf 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,12 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
VIR_ENUM_IMPL(virStorageEncryptionFormat,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
- "default", "qcow", "luks",
+ "default", "qcow", "luks", "luks2",
+);
+
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+ "qemu", "librbd",
);
static void
@@ -217,6 +222,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
xmlNodePtr *nodes = NULL;
virStorageEncryption *encdef = NULL;
virStorageEncryption *ret = NULL;
+ g_autofree char *engine_str = NULL;
g_autofree char *format_str = NULL;
int n;
size_t i;
@@ -239,6 +245,18 @@ virStorageEncryptionParseNode(xmlNodePtr node,
goto cleanup;
}
+ if (!(engine_str = virXPathString("string(./@engine)", ctxt))) {
+ encdef->engine = VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+ } else {
+ if ((encdef->engine =
+ virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unknown volume encryption engine type %s"),
+ engine_str);
+ goto cleanup;
+ }
+ }
+
if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
goto cleanup;
@@ -327,15 +345,23 @@ int
virStorageEncryptionFormat(virBuffer *buf,
virStorageEncryption *enc)
{
+ const char *engine;
const char *format;
size_t i;
+ if (!(engine = virStorageEncryptionEngineTypeToString(enc->engine))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ "%s", _("unexpected encryption engine"));
+ return -1;
+ }
+
if (!(format = virStorageEncryptionFormatTypeToString(enc->format))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("unexpected encryption format"));
return -1;
}
- virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
+ virBufferAsprintf(buf, "<encryption format='%s' engine='%s'>\n", format,
+ engine);
virBufferAdjustIndent(buf, 2);
for (i = 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encryption_conf.h
index 34adbd5f7b..bd8787be98 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,11 +51,21 @@ struct _virStorageEncryptionInfoDef {
char *ivgen_hash;
};
+typedef enum {
+ /* "default" is only valid for volume creation */
+ VIR_STORAGE_ENCRYPTION_ENGINE_QEMU = 0, /* default */
+ VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
+
+ VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngineType;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
typedef enum {
/* "default" is only valid for volume creation */
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
} virStorageEncryptionFormatType;
@@ -63,6 +73,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
typedef struct _virStorageEncryption virStorageEncryption;
struct _virStorageEncryption {
+ int engine; /* virStorageEncryptionEngineType */
int format; /* virStorageEncryptionFormatType */
int payload_offset;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0bc92f6a23..e064e5a490 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
qemuDomainStorageSourcePrivate *srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
g_autoptr(virJSONValue) servers = NULL;
virJSONValue *ret = NULL;
+ g_autoptr(virJSONValue) encrypt = NULL;
+ const char *encformat;
const char *username = NULL;
g_autoptr(virJSONValue) authmodes = NULL;
g_autoptr(virJSONValue) mode = NULL;
@@ -899,12 +901,47 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
return NULL;
}
+ if (src->encryption &&
+ src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD) {
+ switch ((virStorageEncryptionFormatType) src->encryption->format) {
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ encformat = "luks";
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+ encformat = "luks2";
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormatType,
+ src->encryption->format);
+ return NULL;
+ }
+
+ if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->s.aes.alias) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("missing secret info for rbd encryption driver"));
+ return NULL;
+ }
+
+ encrypt = virJSONValueNewObject();
+ if (virJSONValueObjectAdd(encrypt,
+ "s:format", encformat,
+ "s:key-secret", srcPriv->encinfo->s.aes.alias,
+ NULL) < 0)
+ return NULL;
+ }
+
if (virJSONValueObjectCreate(&ret,
"s:pool", src->volume,
"s:image", src->path,
"S:snapshot", src->snapshot,
"S:conf", src->configFile,
"A:server", &servers,
+ "A:encrypt", &encrypt,
"S:user", username,
"A:auth-client-required", &authmodes,
"S:key-secret", keysecret,
@@ -1318,6 +1355,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
* VIR_DOMAIN_SECRET_INFO_TYPE_AES works here. The correct type needs to be
* instantiated elsewhere. */
if (!src->encryption ||
+ src->encryption->engine != VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
!srcpriv ||
!srcpriv->encinfo ||
srcpriv->encinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES)
@@ -1333,6 +1371,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
break;
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
virReportEnumRangeError(virStorageEncryptionFormatType,
@@ -1453,6 +1492,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource *src)
* put a raw layer on top */
case VIR_STORAGE_FILE_RAW:
if (src->encryption &&
+ src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 25b7f03204..cd7d19a0c5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1354,7 +1354,8 @@ static bool
qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
{
if (!virStorageSourceIsEmpty(src) && src->encryption &&
- src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+ (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS ||
+ src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2) &&
src->encryption->nsecrets > 0)
return true;
diff --git a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml b/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
index 42051d1d24..e975feddc5 100644
--- a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
+++ b/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
@@ -5,7 +5,7 @@
<disk name='vda' backup='yes' type='file' backupmode='incremental' incremental='1525889631' exportname='test-vda' exportbitmap='blah'>
<driver type='qcow2'/>
<scratch file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</scratch>
@@ -13,7 +13,7 @@
<disk name='vdb' backup='yes' type='file' backupmode='incremental' incremental='1525889631' exportname='test-vda' exportbitmap='blah'>
<driver type='qcow2'/>
<scratch file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdb'/>
</encryption>
</scratch>
@@ -21,7 +21,7 @@
<disk name='vdc' backup='yes' type='block' backupmode='incremental' incremental='1525889631'>
<driver type='qcow2'/>
<scratch dev='/dev/block'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdc'/>
</encryption>
</scratch>
diff --git a/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
index 092b6bf8a7..80c2c8f7d8 100644
--- a/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
+++ b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
@@ -5,7 +5,7 @@
<disk name='vda' backup='yes' state='running' type='file' backupmode='incremental' incremental='1525889631' exportname='test-vda' exportbitmap='blah'>
<driver type='qcow2'/>
<scratch file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</scratch>
@@ -13,7 +13,7 @@
<disk name='vdb' backup='yes' state='complete' type='file' backupmode='incremental' incremental='1525889631' exportname='test-vda' exportbitmap='blah'>
<driver type='qcow2'/>
<scratch file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdb'/>
</encryption>
</scratch>
@@ -21,7 +21,7 @@
<disk name='vdc' backup='yes' state='running' type='block' backupmode='incremental' incremental='1525889631'>
<driver type='qcow2'/>
<scratch dev='/dev/block'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdc'/>
</encryption>
</scratch>
diff --git a/tests/domainbackupxml2xmlout/backup-push-encrypted.xml b/tests/domainbackupxml2xmlout/backup-push-encrypted.xml
index 3b664b0dcb..95cf16a4b3 100644
--- a/tests/domainbackupxml2xmlout/backup-push-encrypted.xml
+++ b/tests/domainbackupxml2xmlout/backup-push-encrypted.xml
@@ -4,7 +4,7 @@
<disk name='vda' backup='yes' type='file' backupmode='incremental' incremental='1525889631'>
<driver type='qcow2'/>
<target file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</target>
@@ -12,7 +12,7 @@
<disk name='vdb' backup='yes' type='file' backupmode='incremental' incremental='1525889631'>
<driver type='raw'/>
<target file='/path/to/file'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdb'/>
</encryption>
</target>
@@ -20,7 +20,7 @@
<disk name='vdc' backup='yes' type='block' backupmode='incremental' incremental='1525889631'>
<driver type='qcow2'/>
<target dev='/dev/block'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/backup/vdc'/>
</encryption>
</target>
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatusxml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/b.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
@@ -333,7 +333,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/c.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
@@ -354,7 +354,7 @@
<auth username='testuser-iscsi'>
<secret type='iscsi' usage='testuser-iscsi-secret'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<privateData>
diff --git a/tests/qemuxml2argvdata/disk-nvme.xml b/tests/qemuxml2argvdata/disk-nvme.xml
index 1ccbbfd598..9a5fafce7d 100644
--- a/tests/qemuxml2argvdata/disk-nvme.xml
+++ b/tests/qemuxml2argvdata/disk-nvme.xml
@@ -42,7 +42,7 @@
<driver name='qemu' type='qcow2' cache='none'/>
<source type='pci' managed='no' namespace='2'>
<address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
diff --git a/tests/qemuxml2argvdata/disk-slices.xml b/tests/qemuxml2argvdata/disk-slices.xml
index 016aa1b905..849809f05a 100644
--- a/tests/qemuxml2argvdata/disk-slices.xml
+++ b/tests/qemuxml2argvdata/disk-slices.xml
@@ -44,7 +44,7 @@
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -69,7 +69,7 @@
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxml2argvdata/encrypted-disk-usage.xml
index 7c2da9ee83..d2b87b94b6 100644
--- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml
+++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml
@@ -18,7 +18,7 @@
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
diff --git a/tests/qemuxml2argvdata/encrypted-disk.xml b/tests/qemuxml2argvdata/encrypted-disk.xml
index e996cde889..a75ed7ebf4 100644
--- a/tests/qemuxml2argvdata/encrypted-disk.xml
+++ b/tests/qemuxml2argvdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
diff --git a/tests/qemuxml2argvdata/luks-disks-source-qcow2.xml b/tests/qemuxml2argvdata/luks-disks-source-qcow2.xml
index 7192ca00bd..46d2036cc3 100644
--- a/tests/qemuxml2argvdata/luks-disks-source-qcow2.xml
+++ b/tests/qemuxml2argvdata/luks-disks-source-qcow2.xml
@@ -17,7 +17,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -27,7 +27,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
@@ -41,7 +41,7 @@
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
@@ -50,7 +50,7 @@
<disk type='volume' device='disk'>
<driver name='qemu' type='qcow2'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
@@ -62,7 +62,7 @@
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
@@ -71,14 +71,14 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk5'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<backingStore type='file'>
<format type='qcow2'/>
<source file='/storage/guest_disks/base.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
diff --git a/tests/qemuxml2argvdata/luks-disks-source.xml b/tests/qemuxml2argvdata/luks-disks-source.xml
index 293877df9e..72d97d2f4b 100644
--- a/tests/qemuxml2argvdata/luks-disks-source.xml
+++ b/tests/qemuxml2argvdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -27,7 +27,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
@@ -41,7 +41,7 @@
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
@@ -50,7 +50,7 @@
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
@@ -62,7 +62,7 @@
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
diff --git a/tests/qemuxml2argvdata/luks-disks.xml b/tests/qemuxml2argvdata/luks-disks.xml
index ae6d3d996c..1c76f0dc26 100644
--- a/tests/qemuxml2argvdata/luks-disks.xml
+++ b/tests/qemuxml2argvdata/luks-disks.xml
@@ -18,7 +18,7 @@
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
@@ -27,7 +27,7 @@
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'/>
<target dev='vdb' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvdata/user-aliases.xml
index 47bfc56e73..10b7749521 100644
--- a/tests/qemuxml2argvdata/user-aliases.xml
+++ b/tests/qemuxml2argvdata/user-aliases.xml
@@ -55,7 +55,7 @@
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/OtherDemo.img'/>
<target dev='vdb' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
</encryption>
<alias name='ua-myEncryptedDisk1'/>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -75,7 +75,7 @@
<slices>
<slice type='storage' offset='1234' size='321'/>
</slices>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xmloutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -30,7 +30,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
@@ -44,7 +44,7 @@
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
@@ -54,7 +54,7 @@
<disk type='volume' device='disk'>
<driver name='qemu' type='qcow2'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
@@ -67,7 +67,7 @@
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
@@ -77,14 +77,14 @@
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk5'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
<backingStore type='file'>
<format type='qcow2'/>
<source file='/storage/guest_disks/base.qcow2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
</source>
@@ -27,7 +27,7 @@
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption>
</source>
@@ -41,7 +41,7 @@
<auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption>
</source>
@@ -51,7 +51,7 @@
<disk type='volume' device='disk'>
<driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption>
</source>
@@ -64,7 +64,7 @@
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption>
</source>
diff --git a/tests/storagevolxml2xmlout/vol-luks-cipher.xml b/tests/storagevolxml2xmlout/vol-luks-cipher.xml
index fd99793612..b3fbcbe9a3 100644
--- a/tests/storagevolxml2xmlout/vol-luks-cipher.xml
+++ b/tests/storagevolxml2xmlout/vol-luks-cipher.xml
@@ -12,7 +12,7 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
<cipher name='serpent' size='256' mode='cbc' hash='sha256'/>
<ivgen name='plain64' hash='sha256'/>
diff --git a/tests/storagevolxml2xmlout/vol-luks.xml b/tests/storagevolxml2xmlout/vol-luks.xml
index c011d4cc62..8ff345ecb3 100644
--- a/tests/storagevolxml2xmlout/vol-luks.xml
+++ b/tests/storagevolxml2xmlout/vol-luks.xml
@@ -12,7 +12,7 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
</encryption>
</target>
diff --git a/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml
index 837adf41b1..d9a34492bb 100644
--- a/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml
+++ b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml
@@ -12,7 +12,7 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
- <encryption format='qcow'>
+ <encryption format='qcow' engine='qemu'>
<secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
</encryption>
</target>
diff --git a/tests/storagevolxml2xmlout/vol-qcow2-luks.xml b/tests/storagevolxml2xmlout/vol-qcow2-luks.xml
index 78edc4239c..63f2bdf9b2 100644
--- a/tests/storagevolxml2xmlout/vol-qcow2-luks.xml
+++ b/tests/storagevolxml2xmlout/vol-qcow2-luks.xml
@@ -12,7 +12,7 @@
<group>0</group>
<label>unconfined_u:object_r:virt_image_t:s0</label>
</permissions>
- <encryption format='luks'>
+ <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
</encryption>
</target>
--
2.25.1
More information about the libvir-list
mailing list