mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 22:55:23 +00:00
77c9663d72
This commit enables libvirt users to use layered encryption of RBD images, using the librbd encryption engine. This allows opening of an encrypted cloned image whose parent is encrypted with a possibly different encryption key. To open such images, multiple encryption secrets are expected to be defined under the encryption XML tag. Signed-off-by: Or Ozeri <oro@il.ibm.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
47 lines
1.8 KiB
XML
47 lines
1.8 KiB
XML
<domain type='qemu'>
|
|
<name>encryptdisk</name>
|
|
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
|
|
<memory unit='KiB'>1048576</memory>
|
|
<currentMemory unit='KiB'>524288</currentMemory>
|
|
<vcpu placement='static'>1</vcpu>
|
|
<os>
|
|
<type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
|
|
<boot dev='hd'/>
|
|
</os>
|
|
<cpu mode='custom' match='exact' check='none'>
|
|
<model fallback='forbid'>qemu64</model>
|
|
</cpu>
|
|
<clock offset='utc'/>
|
|
<on_poweroff>destroy</on_poweroff>
|
|
<on_reboot>restart</on_reboot>
|
|
<on_crash>destroy</on_crash>
|
|
<devices>
|
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
|
<disk type='network' device='disk'>
|
|
<driver name='qemu' type='raw'/>
|
|
<source protocol='rbd' name='pool/image'>
|
|
<host name='mon1.example.org' port='6321'/>
|
|
<host name='mon2.example.org' port='6322'/>
|
|
<host name='mon3.example.org' port='6322'/>
|
|
<encryption format='luks' engine='librbd'>
|
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
|
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
|
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
|
|
</encryption>
|
|
</source>
|
|
<target dev='vda' bus='virtio'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
|
|
</disk>
|
|
<controller type='usb' index='0' model='piix3-uhci'>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
|
|
</controller>
|
|
<controller type='pci' index='0' model='pci-root'/>
|
|
<input type='mouse' bus='ps2'/>
|
|
<input type='keyboard' bus='ps2'/>
|
|
<audio id='1' type='none'/>
|
|
<memballoon model='virtio'>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
|
</memballoon>
|
|
</devices>
|
|
</domain>
|