util: Add 'usage' for encryption

In order to use more common code and set up for a future type, modify the
encryption secret to allow the "usage" attribute or the "uuid" attribute
to define the secret. The "usage" in the case of a volume secret would be
the path to the volume as dictated by the backwards compatibility brought
on by virStorageGenerateQcowEncryption where it set up the usage field as
the vol->target.path and didn't allow someone to provide it. This carries
into virSecretObjListFindByUsageLocked which takes the secret usage attribute
value from from the domain disk definition and compares it against the
usage type from the secret definition. Since none of the code dealing
with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
cosmetic change. The real usage comes in a future path where the encryption
is expanded to be a luks volume and the secret will allow definition of
the usage field.

This code will make use of the virSecretLookup{Parse|Format}Secret common code.

Signed-off-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
John Ferlan 2016-05-30 07:47:46 -04:00
parent c84380106f
commit 47e88b33be
12 changed files with 98 additions and 36 deletions

View File

@ -25,10 +25,14 @@
<p>
The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes <code>type</code>
and <code>uuid</code>. The only currently defined value of
<code>type</code> is <code>passphrase</code>. <code>uuid</code>
refers to a secret known to libvirt. libvirt can use a secret value
previously set using <code>virSecretSetValue()</code>, or, if supported
and either <code>uuid</code> or <code>usage</code>
(<span class="since">since 2.1.0</span>). The only currently defined
value of <code>type</code> is <code>passphrase</code>. The
<code>uuid</code> is "uuid" of the <code>secret</code> while
<code>usage</code> is the value "usage" subelement field.
A secret value can be set in libvirt by the
<a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
<code>virSecretSetValue</code></a> API. Alternatively, if supported
by the particular volume format and driver, automatically generate a
secret value at the time of volume creation, and store it using the
specified <code>uuid</code>.

View File

@ -27,9 +27,14 @@
<value>passphrase</value>
</choice>
</attribute>
<attribute name='uuid'>
<ref name="UUID"/>
</attribute>
<choice>
<attribute name='uuid'>
<ref name="UUID"/>
</attribute>
<attribute name='usage'>
<text/>
</attribute>
</choice>
</element>
</define>

View File

@ -70,6 +70,7 @@
#include "virnuma.h"
#include "virstring.h"
#include "virhostdev.h"
#include "secret_util.h"
#include "storage/storage_driver.h"
#include "configmake.h"
#include "nwfilter_conf.h"
@ -377,7 +378,6 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
char **secretRet,
size_t *secretLen)
{
virSecretPtr secret;
char *passphrase;
unsigned char *data;
size_t size;
@ -416,14 +416,9 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
goto cleanup;
}
secret = conn->secretDriver->secretLookupByUUID(conn,
enc->secrets[0]->uuid);
if (secret == NULL)
goto cleanup;
data = conn->secretDriver->secretGetValue(secret, &size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
virObjectUnref(secret);
if (data == NULL)
if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,
VIR_SECRET_USAGE_TYPE_VOLUME,
&data, &size) < 0)
goto cleanup;
if (memchr(data, '\0', size) != NULL) {

View File

@ -648,7 +648,8 @@ virStorageGenerateQcowEncryption(virConnectPtr conn,
goto cleanup;
enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
memcpy(enc_secret->uuid, secret->uuid, VIR_UUID_BUFLEN);
enc_secret->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid, VIR_UUID_BUFLEN);
enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
enc->secrets[0] = enc_secret; /* Space for secrets[0] allocated above */
enc_secret = NULL;

View File

@ -1312,7 +1312,8 @@ virStorageBackendFileSystemLoadDefaultSecrets(virConnectPtr conn,
vol->target.encryption->secrets[0] = encsec;
encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
virSecretGetUUID(sec, encsec->uuid);
encsec->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
virSecretGetUUID(sec, encsec->seclookupdef.u.uuid);
virObjectUnref(sec);
return 0;

View File

@ -34,6 +34,7 @@
#include "virerror.h"
#include "viruuid.h"
#include "virfile.h"
#include "virsecret.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@ -114,6 +115,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
virStorageEncryptionSecretPtr ret;
char *type_str = NULL;
char *uuidstr = NULL;
char *usagestr = NULL;
if (VIR_ALLOC(ret) < 0)
return NULL;
@ -133,21 +135,12 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
type_str);
goto cleanup;
}
if (virSecretLookupParseSecret(node, &ret->seclookupdef) < 0)
goto cleanup;
VIR_FREE(type_str);
if ((uuidstr = virXPathString("string(./@uuid)", ctxt))) {
if (virUUIDParse(uuidstr, ret->uuid) < 0) {
virReportError(VIR_ERR_XML_ERROR,
_("malformed volume encryption uuid '%s'"),
uuidstr);
goto cleanup;
}
VIR_FREE(uuidstr);
} else {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing volume encryption uuid"));
goto cleanup;
}
ctxt->node = old_node;
return ret;
@ -155,6 +148,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
VIR_FREE(type_str);
virStorageEncryptionSecretFree(ret);
VIR_FREE(uuidstr);
VIR_FREE(usagestr);
ctxt->node = old_node;
return NULL;
}
@ -244,7 +238,6 @@ virStorageEncryptionSecretFormat(virBufferPtr buf,
virStorageEncryptionSecretPtr secret)
{
const char *type;
char uuidstr[VIR_UUID_STRING_BUFLEN];
if (!(type = virStorageEncryptionSecretTypeToString(secret->type))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@ -252,9 +245,8 @@ virStorageEncryptionSecretFormat(virBufferPtr buf,
return -1;
}
virUUIDFormat(secret->uuid, uuidstr);
virBufferAsprintf(buf, "<secret type='%s' uuid='%s'/>\n",
type, uuidstr);
virSecretLookupFormatSecret(buf, type, &secret->seclookupdef);
return 0;
}

View File

@ -25,6 +25,7 @@
# include "internal.h"
# include "virbuffer.h"
# include "virsecret.h"
# include "virutil.h"
# include <libxml/tree.h>
@ -40,7 +41,7 @@ typedef struct _virStorageEncryptionSecret virStorageEncryptionSecret;
typedef virStorageEncryptionSecret *virStorageEncryptionSecretPtr;
struct _virStorageEncryptionSecret {
int type; /* virStorageEncryptionSecretType */
unsigned char uuid[VIR_UUID_BUFLEN];
virSecretLookupTypeDef seclookupdef;
};
typedef enum {

View File

@ -0,0 +1,24 @@
LC_ALL=C \
PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name encryptdisk \
-S \
-M pc \
-m 1024 \
-smp 1 \
-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
-nographic \
-nodefaults \
-monitor unix:/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
-no-acpi \
-boot c \
-usb \
-drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\
id=drive-virtio-disk0 \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

View File

@ -0,0 +1,36 @@
<domain type='qemu'>
<name>encryptdisk</name>
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='i686' machine='pc'>hvm</type>
<boot dev='hd'/>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/>
<encryption format='qcow'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
</encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</memballoon>
</devices>
</domain>

View File

@ -1341,6 +1341,7 @@ mymain(void)
driver.caps->host.cpu = cpuDefault;
DO_TEST("encrypted-disk", NONE);
DO_TEST("encrypted-disk-usage", NONE);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);

View File

@ -0,0 +1 @@
../qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml

View File

@ -501,6 +501,7 @@ mymain(void)
DO_TEST("pci-serial-dev-chardev");
DO_TEST("encrypted-disk");
DO_TEST("encrypted-disk-usage");
DO_TEST("memtune");
DO_TEST("memtune-unlimited");
DO_TEST("blkiotune");