Add parse and format of the luks/key secret including tests for
volume XML parsing.
Signed-off-by: John Ferlan
---
docs/formatsecret.html.in | 7 +++-
docs/formatstorageencryption.html.in | 24 +++-
docs/schemas/storagecommon.rng | 3 ++
src/qemu/qemu_process.c| 6 +++
src/storage/storage_backend.c | 3 +-
src/storage/storage_backend_fs.c | 7 +++-
src/storage/storage_backend_gluster.c | 2 +
src/util/virstorageencryption.c| 4 +-
src/util/virstorageencryption.h| 2 +
tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41
.../qemuxml2xmlout-luks-disks.xml | 45 ++
tests/qemuxml2xmltest.c| 1 +
tests/storagevolxml2xmlin/vol-luks.xml | 21 ++
tests/storagevolxml2xmlout/vol-luks.xml| 21 ++
tests/storagevolxml2xmltest.c | 1 +
15 files changed, 181 insertions(+), 7 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 3bb810a..a774199 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -248,7 +248,12 @@
This secret is a general purpose secret to be used by various libvirt
objects to provide a single key (or passphrase) as required by the
- object in order to perform its authentication.
+ object in order to perform its authentication. For example, this
+ secret will be used either by the
+ storage volume in order to
+ provide the key to encrypt a luks volume or by the
+ disk device in order to
+ provide the key to decrypt the luks volume for usage.
Since 1.3.6. The following is an example
of a key-secret.xml file:
diff --git a/docs/formatstorageencryption.html.in
b/docs/formatstorageencryption.html.in
index 048cc8e..ae2e815 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -59,8 +59,20 @@
the secret element is not present during volume creation,
a secret is automatically generated and attached to the volume.
+"luks" format
+
+ The luks format is specific to a luks encrypted volume
+ and the secret used in order to either encrypt or decrypt the volume.
+ A single element is expected.
+ The secret may be referenced via either a uuid or
+ usage attribute. One of the two must be present. When
+ present for volume creation, the secret will be used in order for
+ volume encryption. When present for domain usage, the secret will
+ be used as the key to decrypt the volume.
+ Since 1.3.6.
+
-Example
+Examples
Here is a simple example, specifying use of the qcow format:
@@ -70,5 +82,15 @@
+
+
+ Here is a simple example, specifying use of the luks format:
+
+
+
+
+
+
+
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index c5b71de..44d4315 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -12,6 +12,7 @@
default
qcow
+ luks
@@ -25,6 +26,7 @@
passphrase
+ key
@@ -81,6 +83,7 @@
fat
vhd
ploop
+ luks
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 513664e..3ed1e43 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2411,6 +2411,12 @@ qemuProcessInitPasswords(virConnectPtr conn,
!virDomainDiskGetSource(vm->def->disks[i]))
continue;
+if (vm->def->disks[i]->src->encryption->format !=
+VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT &&
+vm->def->disks[i]->src->encryption->format !=
+VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)
+continue;
+
VIR_FREE(secret);
if (qemuProcessGetVolumeQcowPassphrase(conn,
vm->def->disks[i],
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 11f6081..4965c9e 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -1027,8 +1027,7 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,