On Wed, Oct 06, 2021 at 05:18:46 -0500, Or Ozeri wrote:
rbd encryption is new in qemu 6.1.0. This commit adds a new encryption engine property which allows the user to use this new encryption engine.
Signed-off-by: Or Ozeri <oro@il.ibm.com> --- docs/formatstorageencryption.html.in | 2 +- docs/schemas/storagecommon.rng | 1 + src/conf/storage_encryption_conf.c | 2 +- src/conf/storage_encryption_conf.h | 1 + src/qemu/qemu_block.c | 30 +++++++ src/qemu/qemu_domain.c | 24 ++++++ ...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 + ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++ .../disk-network-rbd-encryption.xml | 75 +++++++++++++++++ tests/qemuxml2argvtest.c | 2 + ...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 12 files changed, 269 insertions(+), 2 deletions(-) create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 5783381a4a..31ec2698a1 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -27,7 +27,7 @@ The <code>encryption</code> tag supports an optional <code>engine</code> tag, which allows selecting which component actually handles the encryption. Currently defined values of <code>engine</code> are - <code>qemu</code>. + <code>qemu</code> and <code>librbd</code>.
Some more explanation might be a good thing to avoid user confusion.
</p> <p> The <code>encryption</code> tag can currently contain a sequence of
[...]
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 21099d7635..871a708a19 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4812,6 +4812,30 @@ qemuDomainValidateStorageSource(virStorageSource *src, } }
+ if (src->encryption && + src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD) {
[1]
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("librbd encryption is not supported by this QEMU binary")); + return -1; + } + + switch ((virStorageEncryptionFormatType) src->encryption->format) {
So something like this definitely belongs in one of the previous commits, but it must also care about the 'qemu' encryption driver and the corresponding protocols and formats where it supported.
+ case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS: + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2: + break; + + case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: + case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW: + case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: + default: + virReportEnumRangeError(virStorageEncryptionFormatType, + src->encryption->format); + return -1; + } + }
[...] The rest looks good. Good test coverage!