mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
70d2758a9c
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for. This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
73 lines
3.1 KiB
Plaintext
73 lines
3.1 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/tmp/lib/domain--1-encryptdisk \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
XDG_DATA_HOME=/tmp/lib/domain--1-encryptdisk/.local/share \
|
|
XDG_CACHE_HOME=/tmp/lib/domain--1-encryptdisk/.cache \
|
|
XDG_CONFIG_HOME=/tmp/lib/domain--1-encryptdisk/.config \
|
|
QEMU_AUDIO_DRV=none \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name encryptdisk \
|
|
-S \
|
|
-object secret,id=masterKey0,format=raw,\
|
|
file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
|
|
-machine pc-i440fx-2.1,accel=tcg,usb=off,dump-guest-core=off \
|
|
-m 1024 \
|
|
-realtime mlock=off \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
|
|
-display none \
|
|
-no-user-config \
|
|
-nodefaults \
|
|
-chardev socket,id=charmonitor,\
|
|
path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
|
|
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
-rtc base=utc \
|
|
-no-shutdown \
|
|
-no-acpi \
|
|
-usb \
|
|
-object secret,id=virtio-disk0-encryption-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=/storage/guest_disks/encryptdisk,\
|
|
key-secret=virtio-disk0-encryption-secret0,format=luks,if=none,\
|
|
id=drive-virtio-disk0 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
|
id=virtio-disk0,bootindex=1 \
|
|
-object secret,id=virtio-disk1-encryption-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=/storage/guest_disks/encryptdisk2,\
|
|
key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,\
|
|
id=drive-virtio-disk1 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
|
id=virtio-disk1 \
|
|
-object secret,id=virtio-disk2-encryption-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
|
|
6000/iqn.1992-01.com.example%3Astorage/1,\
|
|
key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,\
|
|
id=drive-virtio-disk2 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
|
|
id=virtio-disk2 \
|
|
-object secret,id=virtio-disk3-encryption-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,\
|
|
key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,\
|
|
id=drive-virtio-disk3 \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\
|
|
id=virtio-disk3 \
|
|
-object secret,id=virtio-disk4-encryption-secret0,\
|
|
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
|
|
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
|
|
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\
|
|
6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\
|
|
key-secret=virtio-disk4-encryption-secret0,format=luks,if=none,\
|
|
id=drive-virtio-disk4' \
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\
|
|
id=virtio-disk4 \
|
|
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
|