tests: qemublock: Add test combining authentication and encryption

iscsi and rbd support authentication of the connection. Combine it with
encryption of qcow2.

The top level disk image would generate the following '-drive' cmdline:

-drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
            mon_host=host1.example.com\;host2.example.com,
            file.password-secret=node-a-s-secalias,encrypt.format=luks,
            encrypt.key-secret=node-b-f-encalias,format=qcow2,
            if=none,id=drive-dummy
-device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
Peter Krempa 2018-03-19 12:51:20 +01:00
parent 2c71edcf90
commit 18458e8fd1
3 changed files with 92 additions and 0 deletions

View File

@ -464,6 +464,7 @@ mymain(void)
TEST_DISK_TO_JSON("file-qcow2-backing-chain-noopts"); TEST_DISK_TO_JSON("file-qcow2-backing-chain-noopts");
TEST_DISK_TO_JSON("file-qcow2-backing-chain-unterminated"); TEST_DISK_TO_JSON("file-qcow2-backing-chain-unterminated");
TEST_DISK_TO_JSON("file-qcow2-backing-chain-encryption"); TEST_DISK_TO_JSON("file-qcow2-backing-chain-encryption");
TEST_DISK_TO_JSON("network-qcow2-backing-chain-encryption_auth");
cleanup: cleanup:
virHashFree(diskxmljsondata.schema); virHashFree(diskxmljsondata.schema);

View File

@ -0,0 +1,51 @@
{
"node-name": "node-b-f",
"read-only": false,
"driver": "qcow2",
"encrypt": {
"format": "luks",
"key-secret": "node-b-f-encalias"
},
"file": {
"driver": "rbd",
"pool": "rbdpool",
"image": "rbdimg",
"server": [
{
"host": "host1.example.com",
"port": "0"
},
{
"host": "host2.example.com",
"port": "0"
}
],
"user": "testuser-rbd",
"node-name": "node-a-s",
"read-only": false,
"discard": "unmap"
},
"backing": "node-b-f"
}
{
"node-name": "node-b-f",
"read-only": true,
"driver": "qcow2",
"encrypt": {
"format": "aes",
"key-secret": "node-b-f-encalias"
},
"file": {
"driver": "iscsi",
"portal": "example.org:3260",
"target": "iqn.2016-09.com.example:iscsitarget",
"lun": 1,
"transport": "tcp",
"user": "testuser-iscsi",
"password-secret": "node-b-s-secalias",
"node-name": "node-b-s",
"read-only": true,
"discard": "unmap"
},
"backing": null
}

View File

@ -0,0 +1,40 @@
<disk type='network' device='disk'>
<driver name='qemu' type='qcow2'/>
<source protocol='rbd' name='rbdpool/rbdimg'>
<host name='host1.example.com'/>
<host name='host2.example.com'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<auth username='testuser-rbd'>
<secret type='ceph' usage='testuser-rbd-secret'/>
</auth>
<privateData>
<nodenames>
<nodename type='storage' name='node-a-s'/>
<nodename type='format' name='node-b-f'/>
</nodenames>
</privateData>
</source>
<backingStore type='network' index='1'>
<format type='qcow2'/>
<source protocol='iscsi' name='iqn.2016-09.com.example:iscsitarget/1'>
<host name='example.org'/>
<privateData>
<nodenames>
<nodename type='storage' name='node-b-s'/>
<nodename type='format' name='node-b-f'/>
</nodenames>
</privateData>
<encryption format='qcow'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<auth username='testuser-iscsi'>
<secret type='iscsi' usage='testuser-iscsi-secret'/>
</auth>
</source>
<backingStore/>
</backingStore>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
</disk>