mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-05 12:51:12 +00:00
39cef12a95
Starting with QEMU 2.9, encryption convert processing requires a multi-step process in order to generate an encrypted image from some non encrypted raw image. Processing requires to first create an encrypted image using the sizing parameters from the input source and second to use the --image-opts, -n, and --target-image-opts options along with inline driver options to describe the input and output files, generating two commands such as: $ qemu-img create -f luks \ --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \ -o key-secret=demo.img_encrypt0 \ demo.img 500K Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0 $ qemu-img convert --image-opts -n --target-image-opts \ --object secret,id=demo.img_encrypt0,file=/path/to/secretFile \ driver=raw,file.filename=sparse.img \ driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0 $ This patch handles the convert processing by running the processing in a do..while loop essentially reusing the existing create logic and arguments to create the target vol from the inputvol and then converting the inputvol using new arguments. This then allows the following virsh command to work properly: virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default where encrypt1-luks.xml would provided the path and secret for the new image, while data.img would be the source image. Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
10 lines
467 B
Plaintext
10 lines
467 B
Plaintext
qemu-img create -f luks \
|
|
--object secret,id=OtherDemo.img_encrypt0,file=/path/to/secretFile \
|
|
-o key-secret=OtherDemo.img_encrypt0 \
|
|
/var/lib/libvirt/images/OtherDemo.img 5242880K
|
|
qemu-img convert --image-opts -n --target-image-opts \
|
|
--object secret,id=OtherDemo.img_encrypt0,file=/path/to/secretFile \
|
|
driver=raw,file.filename=/var/lib/libvirt/images/sparse.img \
|
|
driver=luks,file.filename=/var/lib/libvirt/images/OtherDemo.img,\
|
|
key-secret=OtherDemo.img_encrypt0
|