Re: [PATCH v4 3/5] conf: add encryption engine property
On Thu, Oct 07, 2021 at 14:21:19 -0500, Or Ozeri wrote:
This commit extends libvirt XML configuration to support a custom
encryption engine.
This means that <encryption format="luks" engine="qemu">
becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be added in an
upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).
Signed-off-by: Or Ozeri <oro(a)il.ibm.com>
---
docs/formatstorageencryption.html.in | 6 +++++
docs/schemas/domainbackup.rng | 7 +++++
docs/schemas/storagecommon.rng | 7 +++++
src/conf/storage_encryption_conf.c | 27 ++++++++++++++++++-
src/conf/storage_encryption_conf.h | 9 +++++++
src/qemu/qemu_block.c | 2 ++
src/qemu/qemu_domain.c | 20 ++++++++++++++
tests/qemustatusxml2xmldata/upgrade-out.xml | 6 ++---
tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
.../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
tests/qemuxml2argvdata/luks-disks.xml | 4 +--
tests/qemuxml2argvdata/user-aliases.xml | 2 +-
.../disk-slices.x86_64-latest.xml | 4 +--
tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
.../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
.../qemuxml2xmloutdata/luks-disks-source.xml | 10 +++----
16 files changed, 100 insertions(+), 24 deletions(-)
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index 7215c307d7..178fcd0d7c 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
content of the <code>encryption</code> tag. Other format values may
be
defined in the future.
</p>
+ <p>
+ The <code>encryption</code> tag supports an optional
<code>engine</code>
+ tag, which allows selecting which component actually handles
+ the encryption. Currently defined values of <code>engine</code> are
+ <code>qemu</code>.
+ </p>
I'll add a note and possibly also a check that this works only in the
qemu VM driver, and not in the storage driver as this part of the docs
is shared between those two.
<p>
The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes
<code>type</code>
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
xmlNodePtr *nodes = NULL;
virStorageEncryption *encdef = NULL;
virStorageEncryption *ret = NULL;
+ g_autofree char *engine_str = NULL;
This is unused. I'll remove it before pushing.
g_autofree char *format_str = NULL;
int n;
size_t i;
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>