Re: [PATCH 21/24] conf: backup: Store 'tlsAlias' and 'tlsSecretAlias' as internals of a backup
On 7/2/20 9:40 AM, Peter Krempa wrote:
Add fields for storing the aliases necessary to clean up the TLS env
for
a backup job after it finishes.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@@ -0,0 +1,36 @@
+<domainbackup mode='pull'>
+ <incremental>1525889631</incremental>
+ <server transport='tcp' name='localhost' port='10809'/>
Are you also planning on encrypting the NBD server? As written, this is
still a plain-text NBD server.
+ <disks>
+ <disk name='vda' backup='yes' state='running'
type='file' exportname='test-vda' exportbitmap='blah'>
+ <driver type='qcow2'/>
+ <scratch file='/path/to/file'>
+ <encryption format='luks'>
+ <secret type='passphrase'
uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
It looks like this patch is just encrypting the temporary file (ensuring
that guest data cannot be read at rest on the host machine).
But even without NBD encryption, this is a nice improvement.
Reviewed-by: Eric Blake <eblake(a)redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org