[libvirt] [PATCH 19/19] qemu: Add luks support for domain disk
John Ferlan
jferlan at redhat.com
Tue Jun 21 22:08:07 UTC 2016
On 06/21/2016 09:03 AM, Peter Krempa wrote:
> On Mon, Jun 13, 2016 at 20:27:58 -0400, John Ferlan wrote:
>> Generate the luks command line using the AES secret key to encrypt the
>> luks secret. A luks secret object will be in addition to a an AES secret.
>>
>> Add tests for sample output
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>> src/qemu/qemu_command.c | 12 ++++++--
>> src/qemu/qemu_domain.c | 19 ++++++++++--
>> .../qemuxml2argv-luks-disk-cipher.args | 36 ++++++++++++++++++++++
>> .../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 ++++++++++++++++++++++
>> tests/qemuxml2argvtest.c | 11 ++++++-
>> 5 files changed, 109 insertions(+), 5 deletions(-)
>> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args
>> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args
>
> Note that this won't work with disk hotplug until you add code that will
> add the secret objects too.
Oh right - I had forgotten about the secret object... I had the same
issue with the TLS code, so I know what has to be done...
>
> Also I've noticed that RBD hotplug is now broken too due to the same
> reason. The code that selects whether to use plaintext password or pass
> it via the secret object does not check whether it's called on the
> hotplug path and thus uses the secret object.
Oh damn... I think that's a disconnect in qemuDomainSecretSetup (called
from qemuDomainSecretDiskPrepare from hotplug) and the assumption of an
AES secinfo for RBD when there's a secret object available.
>
> The secret object is not added using the monitor though. You'll need to
> fix that first and if you opt for the correct approach this will then
> work automagically.
>
> Looks okay but I can't ACK this with hotplug not working.
>
> Also please note that on hot-unplug you need to remove the secrets as
> you'll possibly be adding a secret with the same name (Since alias will
> be reused)
yep...
>
>>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 490260f..7062c17 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -1103,6 +1103,7 @@ qemuBuildDriveStr(virDomainDiskDefPtr disk,
>> int actualType = virStorageSourceGetActualType(disk->src);
>> qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>> qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
>> + qemuDomainSecretInfoPtr encinfo = diskPriv->encinfo;
>> bool emitDeviceSyntax = qemuDiskBusNeedsDeviceArg(disk->bus);
>>
>> if (idx < 0) {
>> @@ -1237,10 +1238,13 @@ qemuBuildDriveStr(virDomainDiskDefPtr disk,
>> qemuBufferEscapeComma(&opt, source);
>> virBufferAddLit(&opt, ",");
>>
>> - if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
>> + if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
>> virBufferAsprintf(&opt, "password-secret=%s,",
>> secinfo->s.aes.alias);
>> - }
>> +
>> + if (encinfo)
>> + virQEMUBuildLuksOpts(&opt, disk->src->encryption,
>> + encinfo->s.aes.alias);
>
> This wrapper is not really useful here. It only adds "key-secret=" all
> the other options are necessary only if creating the volume.
>
I was thinking of the future if/when new things are added. I'm not
clear yet what would have to be done for block-copy and snapshots.
>>
>> if (disk->src->format > 0 &&
>> disk->src->type != VIR_STORAGE_TYPE_DIR)
>> @@ -1920,6 +1924,7 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
>> virDomainDiskDefPtr disk = def->disks[i];
>> qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>> qemuDomainSecretInfoPtr secinfo = diskPriv->secinfo;
>> + qemuDomainSecretInfoPtr encinfo = diskPriv->encinfo;
>>
>> /* PowerPC pseries based VMs do not support floppy device */
>> if ((disk->device == VIR_DOMAIN_DISK_DEVICE_FLOPPY) &&
>> @@ -1949,6 +1954,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
>> if (qemuBuildDiskSecinfoCommandLine(cmd, secinfo) < 0)
>> return -1;
>>
>> + if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0)
>> + return -1;
>> +
>> virCommandAddArg(cmd, "-drive");
>>
>> optstr = qemuBuildDriveStr(disk,
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index c288fa0..fb3e91f 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
>
> [...]
>
>> @@ -1026,7 +1028,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
>> src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)) {
>>
>> virSecretUsageType secretUsageType;
>> - qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
>>
>> if (VIR_ALLOC(secinfo) < 0)
>> return -1;
>> @@ -1044,6 +1045,20 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
>> diskPriv->secinfo = secinfo;
>> }
>>
>> + if (conn && !virStorageSourceIsEmpty(src) &&
>
> This part is the same with the block above. It may be worth extracting
> it ...
>
Oh right... I think I had it that way at one time, too...
Thanks again -
John
>> + src->encryption && src->format == VIR_STORAGE_FILE_LUKS) {
>> +
>> + if (VIR_ALLOC(secinfo) < 0)
>> + return -1;
>> +
>> + if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
>> + VIR_SECRET_USAGE_TYPE_KEY, NULL,
>> + &src->encryption->secrets[0]->secdef) < 0)
>> + goto error;
>> +
>> + diskPriv->encinfo = secinfo;
>> + }
>> +
>> return 0;
>>
>> error:
More information about the libvir-list
mailing list