[libvirt] [PATCH 15/19] encryption: Add luks parsing for storageencryption
Peter Krempa
pkrempa at redhat.com
Tue Jun 21 14:25:17 UTC 2016
On Mon, Jun 13, 2016 at 20:27:54 -0400, John Ferlan wrote:
> Add parse and format of the luks/key secret including tests for
> volume XML parsing.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> docs/formatsecret.html.in | 7 +++-
> docs/formatstorageencryption.html.in | 24 +++++++++++-
> docs/schemas/storagecommon.rng | 3 ++
> src/qemu/qemu_process.c | 6 +++
> src/storage/storage_backend.c | 3 +-
> src/storage/storage_backend_fs.c | 7 +++-
> src/storage/storage_backend_gluster.c | 2 +
> src/util/virstorageencryption.c | 4 +-
> src/util/virstorageencryption.h | 2 +
> tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++++++++++++++++++
> .../qemuxml2xmlout-luks-disks.xml | 45 ++++++++++++++++++++++
> tests/qemuxml2xmltest.c | 1 +
> tests/storagevolxml2xmlin/vol-luks.xml | 21 ++++++++++
> tests/storagevolxml2xmlout/vol-luks.xml | 21 ++++++++++
> tests/storagevolxml2xmltest.c | 1 +
> 15 files changed, 181 insertions(+), 7 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
> create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
> create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
> create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml
[]
> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 048cc8e..ae2e815 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -59,8 +59,20 @@
> the <code>secret</code> element is not present during volume creation,
> a secret is automatically generated and attached to the volume.
> </p>
> + <h3><a name="StorageEncryptionLuks">"luks" format</a></h3>
> + <p>
> + The <code>luks</code> format is specific to a luks encrypted volume
> + and the secret used in order to either encrypt or decrypt the volume.
> + A single <code><secret type='key'></code> element is expected.
I've explained in some other patch why 'key' is not a desired name.
> + The secret may be referenced via either a <code>uuid</code> or
> + <code>usage</code> attribute. One of the two must be present. When
> + present for volume creation, the secret will be used in order for
> + volume encryption. When present for domain usage, the secret will
> + be used as the key to decrypt the volume.
> + <span class="since">Since 1.3.6</span>.
> + </p>
>
> - <h2><a name="example">Example</a></h2>
> + <h2><a name="example">Examples</a></h2>
>
> <p>
> Here is a simple example, specifying use of the <code>qcow</code> format:
I'll like to see a updated version.
More information about the libvir-list
mailing list