Re: [PATCH v3 5/5] qemu: add librbd encryption engine
On Wed, Oct 06, 2021 at 05:18:46 -0500, Or Ozeri wrote:
rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.
Signed-off-by: Or Ozeri <oro(a)il.ibm.com>
---
docs/formatstorageencryption.html.in | 2 +-
docs/schemas/storagecommon.rng | 1 +
src/conf/storage_encryption_conf.c | 2 +-
src/conf/storage_encryption_conf.h | 1 +
src/qemu/qemu_block.c | 30 +++++++
src/qemu/qemu_domain.c | 24 ++++++
...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 +
...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
.../disk-network-rbd-encryption.xml | 75 +++++++++++++++++
tests/qemuxml2argvtest.c | 2 +
...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
12 files changed, 269 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
create mode 100644
tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
create mode 100644
tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index 5783381a4a..31ec2698a1 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,7 @@
The <code>encryption</code> tag supports an optional
<code>engine</code>
tag, which allows selecting which component actually handles
the encryption. Currently defined values of <code>engine</code> are
- <code>qemu</code>.
+ <code>qemu</code> and <code>librbd</code>.
Some more explanation might be a good thing to avoid user confusion.
</p>
<p>
The <code>encryption</code> tag can currently contain a sequence of
[...]
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 21099d7635..871a708a19 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4812,6 +4812,30 @@ qemuDomainValidateStorageSource(virStorageSource *src,
}
}
+ if (src->encryption &&
+ src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD) {
[1]
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("librbd encryption is not supported by this QEMU
binary"));
+ return -1;
+ }
+
+ switch ((virStorageEncryptionFormatType) src->encryption->format) {
So something like this definitely belongs in one of the previous
commits, but it must also care about the 'qemu' encryption driver and
the corresponding protocols and formats where it supported.
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+ break;
+
+ case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+ default:
+ virReportEnumRangeError(virStorageEncryptionFormatType,
+ src->encryption->format);
+ return -1;
+ }
+ }
[...]
The rest looks good. Good test coverage!