On Thu, Jun 13, 2024 at 08:06:17PM -0700, melanie witt wrote:
Hi,
I have been trying to use the librbd engine to run a guest from an encrypted RBD image and am running into some problems.
What I would like to do is:
1. Start from an unencrypted raw image with an OS 2. Make an encrypted clone of that image 3. Boot a guest from the encrypted clone image
What I have tried so far (simplified):
1. Make a clone of the unencrypted image
rbd clone images/unencrypted@snap images/encryptedclone
2. Format the clone image with encryption
rbd encryption format images/encryptedclone luks1 passphrase.bin
3. Create guest XML with the encrypted clone
[...] <disk type="network" device="disk"> <driver type="raw" cache="writeback"/> <source protocol="rbd" name="images/encryptedclone"> <host name="127.0.0.1" port="6789"/> <encryption format="luks" engine="librbd"> <secret type="passphrase" uuid="secretuuid"/> </encryption> </source> <auth username="cinder"> <secret type="ceph" uuid="othersecretuuid"/> </auth> <target dev="vda" bus="virtio"/> </disk> [...]
and virDomainCreateWithFlags() with the XML.
I don't get any errors from libvirt (no errors about loading encryption) but this configuration does not seem to work, the guest won't boot.
If anyone can give me a hint what I'm doing wrong, I would appreciate it.
Can you share the corresponding QEMU command line that gets generated. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|