[libvirt] [PATCH 16/20] Attach encryption information to virDomainDiskDef.
Miloslav Trmač
mitr at redhat.com
Tue Aug 4 20:28:31 UTC 2009
The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "disk->encryption" is
non-NULL iff encryption information is available.
A domain with partial encryption information can be defined,
completeness of the information is not verified. The domain won't
start until the remaining information is added, of course.
Changes since the first submission:
- Add schema for the <encryption> tag.
- Document the <encryption> tag.
- Ignore VIR_DOMAIN_XML_SECURE, the <secret> tags are always output.
---
docs/formatdomain.html | 6 ++++++
docs/formatdomain.html.in | 8 ++++++++
docs/schemas/domain.rng | 3 +++
src/domain_conf.c | 19 +++++++++++++++++++
src/domain_conf.h | 2 ++
5 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/docs/formatdomain.html b/docs/formatdomain.html
index f2d7855..c483195 100644
--- a/docs/formatdomain.html
+++ b/docs/formatdomain.html
@@ -453,6 +453,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
<dl><dt><code>disk</code></dt><dd>The <code>disk</code> element is the main container for describing
@@ -478,6 +481,9 @@
<code>driver</code> element allows them to be selected. The <code>name</code>
attribute is the primary backend driver name, while the optional <code>type</code>
attribute provides the sub-type. <span class="since">Since 0.1.8</span>
+ </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage Encryption</a> page
+ for more information.
</dd></dl>
<h4>
<a name="elementsUSB" id="elementsUSB">USB and PCI devices</a>
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index eb12784..211f7ed 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -338,6 +338,9 @@
<driver name="tap" type="aio">
<source file='/var/lib/xen/images/fv0'/>
<target dev='hda' bus='ide'/>
+ <encryption type='...'>
+ ...
+ </encryption>
</disk>
...</pre>
@@ -373,6 +376,11 @@
attribute is the primary backend driver name, while the optional <code>type</code>
attribute provides the sub-type. <span class="since">Since 0.1.8</span>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>If present, specifies how the volume is encrypted. See
+ the <a href="formatstorageencryption.html">Storage Encryption</a> page
+ for more information.
+ </dd>
</dl>
<h4><a name="elementsUSB">USB and PCI devices</a></h4>
diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
index f857301..4defc1e 100644
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@@ -4,6 +4,8 @@
<start>
<ref name="domain"/>
</start>
+
+ <include href='storageencryption.rng'/>
<!--
We handle only document defining a domain
-->
@@ -336,6 +338,7 @@
<empty/>
</element>
</optional>
+ <ref name="encryption"/>
</define>
<!--
A disk description can be either of type file or block
diff --git a/src/domain_conf.c b/src/domain_conf.c
index 2301a96..710eff4 100644
--- a/src/domain_conf.c
+++ b/src/domain_conf.c
@@ -288,6 +288,7 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
VIR_FREE(def->dst);
VIR_FREE(def->driverName);
VIR_FREE(def->driverType);
+ virStorageEncryptionFree(def->encryption);
VIR_FREE(def);
}
@@ -658,6 +659,7 @@ virDomainDiskDefParseXML(virConnectPtr conn,
char *bus = NULL;
char *cachetag = NULL;
char *devaddr = NULL;
+ virStorageEncryptionPtr encryption = NULL;
if (VIR_ALLOC(def) < 0) {
virReportOOMError(conn);
@@ -715,6 +717,17 @@ virDomainDiskDefParseXML(virConnectPtr conn,
} else if ((flags & VIR_DOMAIN_XML_INTERNAL_STATUS) &&
xmlStrEqual(cur->name, BAD_CAST "state")) {
devaddr = virXMLPropString(cur, "devaddr");
+ } else if (encryption == NULL &&
+ xmlStrEqual(cur->name, BAD_CAST "encryption")) {
+ encryption = virStorageEncryptionParseNode(conn, node->doc,
+ cur);
+ if (encryption == NULL)
+ goto error;
+ if (encryption->format ==
+ VIR_STORAGE_ENCRYPTION_FORMAT_UNENCRYPTED) {
+ virStorageEncryptionFree(encryption);
+ encryption = NULL;
+ }
}
}
cur = cur->next;
@@ -833,6 +846,8 @@ virDomainDiskDefParseXML(virConnectPtr conn,
driverName = NULL;
def->driverType = driverType;
driverType = NULL;
+ def->encryption = encryption;
+ encryption = NULL;
cleanup:
VIR_FREE(bus);
@@ -844,6 +859,7 @@ cleanup:
VIR_FREE(driverName);
VIR_FREE(cachetag);
VIR_FREE(devaddr);
+ virStorageEncryptionFree(encryption);
return def;
@@ -3501,6 +3517,9 @@ virDomainDiskDefFormat(virConnectPtr conn,
virBufferAddLit(buf, " <readonly/>\n");
if (def->shared)
virBufferAddLit(buf, " <shareable/>\n");
+ if (def->encryption != NULL &&
+ virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+ return -1;
if (flags & VIR_DOMAIN_XML_INTERNAL_STATUS) {
virBufferAddLit(buf, " <state");
diff --git a/src/domain_conf.h b/src/domain_conf.h
index 63fca76..c8ff282 100644
--- a/src/domain_conf.h
+++ b/src/domain_conf.h
@@ -30,6 +30,7 @@
#include "internal.h"
#include "capabilities.h"
+#include "storage_encryption.h"
#include "util.h"
#include "threads.h"
@@ -117,6 +118,7 @@ struct _virDomainDiskDef {
unsigned bus;
unsigned slot;
} pci_addr;
+ virStorageEncryptionPtr encryption;
};
static inline int
--
1.6.2.5
More information about the libvir-list
mailing list