On Thu, Oct 07, 2021 at 14:21:19 -0500, Or Ozeri wrote:
This commit extends libvirt XML configuration to support a custom encryption engine. This means that <encryption format="luks" engine="qemu"> becomes valid. The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit. If no engine is specified, qemu will be used (assuming qemu driver is used).
Signed-off-by: Or Ozeri <oro@il.ibm.com> --- docs/formatstorageencryption.html.in | 6 +++++ docs/schemas/domainbackup.rng | 7 +++++ docs/schemas/storagecommon.rng | 7 +++++ src/conf/storage_encryption_conf.c | 27 ++++++++++++++++++- src/conf/storage_encryption_conf.h | 9 +++++++ src/qemu/qemu_block.c | 2 ++ src/qemu/qemu_domain.c | 20 ++++++++++++++ tests/qemustatusxml2xmldata/upgrade-out.xml | 6 ++--- tests/qemuxml2argvdata/disk-nvme.xml | 2 +- .../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- tests/qemuxml2argvdata/luks-disks.xml | 4 +-- tests/qemuxml2argvdata/user-aliases.xml | 2 +- .../disk-slices.x86_64-latest.xml | 4 +-- tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++----- .../qemuxml2xmloutdata/luks-disks-source.xml | 10 +++---- 16 files changed, 100 insertions(+), 24 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 7215c307d7..178fcd0d7c 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -23,6 +23,12 @@ content of the <code>encryption</code> tag. Other format values may be defined in the future. </p> + <p> + The <code>encryption</code> tag supports an optional <code>engine</code> + tag, which allows selecting which component actually handles + the encryption. Currently defined values of <code>engine</code> are + <code>qemu</code>. + </p>
I'll add a note and possibly also a check that this works only in the qemu VM driver, and not in the storage driver as this part of the docs is shared between those two.
<p> The <code>encryption</code> tag can currently contain a sequence of <code>secret</code> tags, each with mandatory attributes <code>type</code>
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node, xmlNodePtr *nodes = NULL; virStorageEncryption *encdef = NULL; virStorageEncryption *ret = NULL; + g_autofree char *engine_str = NULL;
This is unused. I'll remove it before pushing.
g_autofree char *format_str = NULL; int n; size_t i;
Reviewed-by: Peter Krempa <pkrempa@redhat.com>