mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-11 04:15:49 +00:00
qemuDomainSecretStorageSourcePrepare: Change aliases for disk secrets
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for. This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa
parent
86fecaedf5
commit
70d2758a9c
@ -1778,7 +1778,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv,
|
||||
&src->auth->seclookupdef);
|
||||
} else {
|
||||
srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol,
|
||||
NULL,
|
||||
"auth",
|
||||
usageType,
|
||||
src->auth->username,
|
||||
&src->auth->seclookupdef);
|
||||
@ -1790,7 +1790,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv,
|
||||
|
||||
if (hasEnc) {
|
||||
if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasformat,
|
||||
"luks",
|
||||
"encryption",
|
||||
VIR_SECRET_USAGE_TYPE_VOLUME,
|
||||
NULL,
|
||||
&src->encryption->secrets[0]->seclookupdef)))
|
||||
|
||||
@ -39,12 +39,12 @@ id=virtio-disk1 \
|
||||
if=none,id=drive-virtio-disk2 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk2,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=virtio-disk3-secret0,\
|
||||
-object secret,id=virtio-disk3-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
|
||||
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
|
||||
6322,file.password-secret=virtio-disk3-secret0,format=qcow2,if=none,\
|
||||
6322,file.password-secret=virtio-disk3-auth-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk3' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk3,\
|
||||
id=virtio-disk3 \
|
||||
|
||||
@ -81,15 +81,15 @@ id=virtio-disk2 \
|
||||
"node-name":"libvirt-15-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-15-format","read-only":true,"driver":"qcow2",\
|
||||
"file":"libvirt-15-storage","backing":null}' \
|
||||
-object secret,id=libvirt-14-storage-secret0,\
|
||||
-object secret,id=libvirt-14-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
|
||||
"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
|
||||
"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
|
||||
"auth-client-required":["cephx","none"],\
|
||||
"key-secret":"libvirt-14-storage-secret0","node-name":"libvirt-14-storage",\
|
||||
"auto-read-only":true,"discard":"unmap"}' \
|
||||
"key-secret":"libvirt-14-storage-auth-secret0",\
|
||||
"node-name":"libvirt-14-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-14-format","read-only":false,"driver":"qcow2",\
|
||||
"file":"libvirt-14-storage","backing":"libvirt-15-format"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-14-format,\
|
||||
|
||||
@ -28,13 +28,13 @@ server,nowait \
|
||||
-no-acpi \
|
||||
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-secret0,\
|
||||
-object secret,id=virtio-disk0-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file.driver=iscsi,file.portal=example.org:6000,\
|
||||
file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\
|
||||
file.user=myname,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,\
|
||||
if=none,id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=hostdev0-secret0,\
|
||||
|
||||
@ -38,22 +38,22 @@ file.target=iqn.1992-01.com.example,file.lun=1,file.transport=tcp,format=raw,\
|
||||
if=none,id=drive-virtio-disk1 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,\
|
||||
id=virtio-disk1 \
|
||||
-object secret,id=virtio-disk2-secret0,\
|
||||
-object secret,id=virtio-disk2-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file.driver=iscsi,file.portal=example.org:6000,\
|
||||
file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\
|
||||
file.user=myname,file.password-secret=virtio-disk2-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk2 \
|
||||
file.user=myname,file.password-secret=virtio-disk2-auth-secret0,format=raw,\
|
||||
if=none,id=drive-virtio-disk2 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=virtio-disk3-secret0,\
|
||||
-object secret,id=virtio-disk3-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file.driver=iscsi,file.portal=example.org:6000,\
|
||||
file.target=iqn.1992-01.com.example:storage,file.lun=2,file.transport=tcp,\
|
||||
file.user=myname,file.password-secret=virtio-disk3-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk3 \
|
||||
file.user=myname,file.password-secret=virtio-disk3-auth-secret0,format=raw,\
|
||||
if=none,id=drive-virtio-disk3 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,\
|
||||
id=virtio-disk3 \
|
||||
-drive file.driver=iscsi,file.portal=example.org:3260,\
|
||||
|
||||
@ -43,23 +43,23 @@ id=virtio-disk0,bootindex=1 \
|
||||
"file":"libvirt-4-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-4-format,\
|
||||
id=virtio-disk1 \
|
||||
-object secret,id=libvirt-3-storage-secret0,\
|
||||
-object secret,id=libvirt-3-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"iscsi","portal":"example.org:6000",\
|
||||
"target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\
|
||||
"user":"myname","password-secret":"libvirt-3-storage-secret0",\
|
||||
"user":"myname","password-secret":"libvirt-3-storage-auth-secret0",\
|
||||
"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\
|
||||
"file":"libvirt-3-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-3-format,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=libvirt-2-storage-secret0,\
|
||||
-object secret,id=libvirt-2-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"iscsi","portal":"example.org:6000",\
|
||||
"target":"iqn.1992-01.com.example:storage","lun":2,"transport":"tcp",\
|
||||
"user":"myname","password-secret":"libvirt-2-storage-secret0",\
|
||||
"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\
|
||||
"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\
|
||||
"file":"libvirt-2-storage"}' \
|
||||
|
||||
@ -45,12 +45,12 @@ id=virtio-disk2 \
|
||||
format=raw,if=none,id=drive-virtio-disk3 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk3,\
|
||||
id=virtio-disk3 \
|
||||
-object secret,id=virtio-disk4-secret0,\
|
||||
-object secret,id=virtio-disk4-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
|
||||
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
|
||||
6322,file.password-secret=virtio-disk4-secret0,format=raw,if=none,\
|
||||
6322,file.password-secret=virtio-disk4-auth-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk4' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk4,\
|
||||
id=virtio-disk4 \
|
||||
|
||||
@ -57,14 +57,14 @@ id=virtio-disk2 \
|
||||
"file":"libvirt-3-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-3-format,\
|
||||
id=virtio-disk3 \
|
||||
-object secret,id=libvirt-2-storage-secret0,\
|
||||
-object secret,id=libvirt-2-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
|
||||
"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
|
||||
"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
|
||||
"auth-client-required":["cephx","none"],\
|
||||
"key-secret":"libvirt-2-storage-secret0","node-name":"libvirt-2-storage",\
|
||||
"key-secret":"libvirt-2-storage-auth-secret0","node-name":"libvirt-2-storage",\
|
||||
"auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\
|
||||
"file":"libvirt-2-storage"}' \
|
||||
|
||||
@ -27,21 +27,21 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
|
||||
-no-acpi \
|
||||
-boot strict=on \
|
||||
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
||||
-object secret,id=virtio-disk0-secret0,\
|
||||
-object secret,id=virtio-disk0-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file.driver=iscsi,file.portal=example.org:6000,\
|
||||
file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\
|
||||
file.user=myname,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,\
|
||||
if=none,id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=virtio-disk1-secret0,\
|
||||
-object secret,id=virtio-disk1-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
|
||||
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
|
||||
6322,file.password-secret=virtio-disk1-secret0,format=raw,if=none,\
|
||||
6322,file.password-secret=virtio-disk1-auth-secret0,format=raw,if=none,\
|
||||
id=drive-virtio-disk1' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk1,\
|
||||
id=virtio-disk1 \
|
||||
|
||||
@ -28,25 +28,25 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
|
||||
-no-acpi \
|
||||
-boot strict=on \
|
||||
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
||||
-object secret,id=libvirt-2-storage-secret0,\
|
||||
-object secret,id=libvirt-2-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"iscsi","portal":"example.org:6000",\
|
||||
"target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\
|
||||
"user":"myname","password-secret":"libvirt-2-storage-secret0",\
|
||||
"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\
|
||||
"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\
|
||||
"file":"libvirt-2-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-2-format,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=libvirt-1-storage-secret0,\
|
||||
-object secret,id=libvirt-1-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
|
||||
"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
|
||||
"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
|
||||
"auth-client-required":["cephx","none"],\
|
||||
"key-secret":"libvirt-1-storage-secret0","node-name":"libvirt-1-storage",\
|
||||
"key-secret":"libvirt-1-storage-auth-secret0","node-name":"libvirt-1-storage",\
|
||||
"auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
|
||||
"file":"libvirt-1-storage"}' \
|
||||
|
||||
@ -47,7 +47,7 @@ id=virtio-disk1 \
|
||||
"file":"libvirt-2-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=libvirt-2-format,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=libvirt-1-format-luks-secret0,\
|
||||
-object secret,id=libvirt-1-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"nvme","device":"0001:02:00.0","namespace":2,\
|
||||
@ -55,7 +55,7 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
"auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-1-format","read-only":false,\
|
||||
"cache":{"direct":true,"no-flush":false},"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-1-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-1-format-encryption-secret0"},\
|
||||
"file":"libvirt-1-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=libvirt-1-format,\
|
||||
id=virtio-disk3,write-cache=on \
|
||||
|
||||
@ -27,11 +27,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
||||
-no-shutdown \
|
||||
-no-acpi \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-luks-secret0,\
|
||||
-object secret,id=virtio-disk0-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
|
||||
@ -27,11 +27,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
||||
-no-shutdown \
|
||||
-no-acpi \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-luks-secret0,\
|
||||
-object secret,id=virtio-disk0-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
|
||||
@ -27,53 +27,53 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
||||
-no-shutdown \
|
||||
-no-acpi \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-luks-secret0,\
|
||||
-object secret,id=virtio-disk0-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=virtio-disk1-luks-secret0,\
|
||||
-object secret,id=virtio-disk1-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk2,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk1-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk1-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk1 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
||||
id=virtio-disk1 \
|
||||
-object secret,id=virtio-disk2-luks-secret0,\
|
||||
-object secret,id=virtio-disk2-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
|
||||
6000/iqn.1992-01.com.example%3Astorage/1,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk2-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk2 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=virtio-disk3-luks-secret0,\
|
||||
-object secret,id=virtio-disk3-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk3-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk3 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\
|
||||
id=virtio-disk3 \
|
||||
-object secret,id=virtio-disk4-luks-secret0,\
|
||||
-object secret,id=virtio-disk4-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\
|
||||
6321\;mon2.example.org\:6322\;mon3.example.org\:6322,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk4-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk4-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk4' \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\
|
||||
id=virtio-disk4 \
|
||||
-object secret,id=virtio-disk5-luks-secret0,\
|
||||
-object secret,id=virtio-disk5-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk5,encrypt.format=luks,\
|
||||
encrypt.key-secret=virtio-disk5-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=virtio-disk5-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-virtio-disk5 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x9,drive=drive-virtio-disk5,\
|
||||
id=virtio-disk5 \
|
||||
|
||||
@ -28,53 +28,53 @@ file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
|
||||
-no-acpi \
|
||||
-boot strict=on \
|
||||
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
||||
-object secret,id=libvirt-7-format-luks-secret0,\
|
||||
-object secret,id=libvirt-7-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk",\
|
||||
"node-name":"libvirt-7-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-7-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-7-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-7-format-encryption-secret0"},\
|
||||
"file":"libvirt-7-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-7-format,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=libvirt-6-format-luks-secret0,\
|
||||
-object secret,id=libvirt-6-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk2",\
|
||||
"node-name":"libvirt-6-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-6-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-6-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-6-format-encryption-secret0"},\
|
||||
"file":"libvirt-6-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-6-format,\
|
||||
id=virtio-disk1 \
|
||||
-object secret,id=libvirt-5-storage-secret0,\
|
||||
-object secret,id=libvirt-5-storage-auth-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-object secret,id=libvirt-5-format-luks-secret0,\
|
||||
-object secret,id=libvirt-5-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"iscsi","portal":"example.org:6000",\
|
||||
"target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\
|
||||
"user":"myname","password-secret":"libvirt-5-storage-secret0",\
|
||||
"user":"myname","password-secret":"libvirt-5-storage-auth-secret0",\
|
||||
"node-name":"libvirt-5-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-5-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-5-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-5-format-encryption-secret0"},\
|
||||
"file":"libvirt-5-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-5-format,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=libvirt-4-format-luks-secret0,\
|
||||
-object secret,id=libvirt-4-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"iscsi","portal":"iscsi.example.com:3260",\
|
||||
"target":"demo-target","lun":3,"transport":"tcp",\
|
||||
"node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-4-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-4-format-encryption-secret0"},\
|
||||
"file":"libvirt-4-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=libvirt-4-format,\
|
||||
id=virtio-disk3 \
|
||||
-object secret,id=libvirt-3-format-luks-secret0,\
|
||||
-object secret,id=libvirt-3-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
|
||||
@ -82,25 +82,25 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
"port":"6322"},{"host":"mon3.example.org","port":"6322"}],\
|
||||
"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-3-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-3-format-encryption-secret0"},\
|
||||
"file":"libvirt-3-storage"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=libvirt-3-format,\
|
||||
id=virtio-disk4 \
|
||||
-object secret,id=libvirt-2-format-luks-secret0,\
|
||||
-object secret,id=libvirt-2-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"file","filename":"/storage/guest_disks/base.qcow2",\
|
||||
"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-2-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-2-format-encryption-secret0"},\
|
||||
"file":"libvirt-2-storage","backing":null}' \
|
||||
-object secret,id=libvirt-1-format-luks-secret0,\
|
||||
-object secret,id=libvirt-1-format-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk5",\
|
||||
"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2",\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-1-format-luks-secret0"},\
|
||||
"encrypt":{"format":"luks","key-secret":"libvirt-1-format-encryption-secret0"},\
|
||||
"file":"libvirt-1-storage","backing":"libvirt-2-format"}' \
|
||||
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=libvirt-1-format,\
|
||||
id=virtio-disk5 \
|
||||
|
||||
@ -27,41 +27,45 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
||||
-no-shutdown \
|
||||
-no-acpi \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-luks-secret0,\
|
||||
-object secret,id=virtio-disk0-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk,\
|
||||
key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \
|
||||
key-secret=virtio-disk0-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=virtio-disk1-luks-secret0,\
|
||||
-object secret,id=virtio-disk1-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk2,\
|
||||
key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \
|
||||
key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk1 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
||||
id=virtio-disk1 \
|
||||
-object secret,id=virtio-disk2-luks-secret0,\
|
||||
-object secret,id=virtio-disk2-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
|
||||
6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-luks-secret0,\
|
||||
format=luks,if=none,id=drive-virtio-disk2 \
|
||||
6000/iqn.1992-01.com.example%3Astorage/1,\
|
||||
key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk2 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
|
||||
id=virtio-disk2 \
|
||||
-object secret,id=virtio-disk3-luks-secret0,\
|
||||
-object secret,id=virtio-disk3-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,\
|
||||
key-secret=virtio-disk3-luks-secret0,format=luks,if=none,id=drive-virtio-disk3 \
|
||||
key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk3 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\
|
||||
id=virtio-disk3 \
|
||||
-object secret,id=virtio-disk4-luks-secret0,\
|
||||
-object secret,id=virtio-disk4-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\
|
||||
6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
|
||||
key-secret=virtio-disk4-luks-secret0,format=luks,if=none,\
|
||||
key-secret=virtio-disk4-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk4' \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\
|
||||
id=virtio-disk4 \
|
||||
|
||||
@ -27,18 +27,20 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
||||
-no-shutdown \
|
||||
-no-acpi \
|
||||
-usb \
|
||||
-object secret,id=virtio-disk0-luks-secret0,\
|
||||
-object secret,id=virtio-disk0-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk,\
|
||||
key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \
|
||||
key-secret=virtio-disk0-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk0 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
||||
id=virtio-disk0,bootindex=1 \
|
||||
-object secret,id=virtio-disk1-luks-secret0,\
|
||||
-object secret,id=virtio-disk1-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/storage/guest_disks/encryptdisk2,\
|
||||
key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \
|
||||
key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,\
|
||||
id=drive-virtio-disk1 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
||||
id=virtio-disk1 \
|
||||
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
|
||||
|
||||
@ -48,11 +48,11 @@ id=drive-ua-myDisk1,cache=none \
|
||||
id=drive-ua-myDisk2 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-ua-myDisk2,id=ua-myDisk2,\
|
||||
bootindex=1 \
|
||||
-object secret,id=ua-myEncryptedDisk1-luks-secret0,\
|
||||
-object secret,id=ua-myEncryptedDisk1-encryption-secret0,\
|
||||
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
||||
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
||||
-drive file=/var/lib/libvirt/images/OtherDemo.img,encrypt.format=luks,\
|
||||
encrypt.key-secret=ua-myEncryptedDisk1-luks-secret0,format=qcow2,if=none,\
|
||||
encrypt.key-secret=ua-myEncryptedDisk1-encryption-secret0,format=qcow2,if=none,\
|
||||
id=drive-ua-myEncryptedDisk1 \
|
||||
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-ua-myEncryptedDisk1,\
|
||||
id=ua-myEncryptedDisk1 \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user