mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 07:05:28 +00:00
da86c6c226
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 Generate the luks command line using the AES secret key to encrypt the luks secret. A luks secret object will be in addition to a an AES secret. For hotplug, check if the encinfo exists and if so, add the AES secret for the passphrase for the secret object used to decrypt the device. Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle find a uuid or a volume usage with a specific path prefix in the XML (corresponds to the already generated XML tests). Add error message when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39' altered the error message generation to rely on the errors from the secret_driver (or it's faked replacement). Add the .args output for adding the LUKS disk to the domain Signed-off-by: John Ferlan <jferlan@redhat.com>
37 lines
1.3 KiB
Plaintext
37 lines
1.3 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/home/test \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
QEMU_AUDIO_DRV=none \
|
|
/usr/bin/qemu \
|
|
-name encryptdisk \
|
|
-S \
|
|
-object secret,id=masterKey0,format=raw,\
|
|
file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
|
|
-M pc-i440fx-2.1 \
|
|
-m 1024 \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
|
|
-nographic \
|
|
-nodefaults \
|
|
-monitor unix:/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
|
-no-acpi \
|
|
-boot c \
|
|
-usb \
|
|
-object secret,id=virtio-disk0-luks-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=/storage/guest_disks/encryptdisk,\
|
|
key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
|
id=virtio-disk0 \
|
|
-object secret,id=virtio-disk1-luks-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=/storage/guest_disks/encryptdisk2,\
|
|
key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
|
id=virtio-disk1 \
|
|
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
|