mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-22 05:59:18 +00:00
18458e8fd1
iscsi and rbd support authentication of the connection. Combine it with
encryption of qcow2.
The top level disk image would generate the following '-drive' cmdline:
-drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
mon_host=host1.example.com\;host2.example.com,
file.password-secret=node-a-s-secalias,encrypt.format=luks,
encrypt.key-secret=node-b-f-encalias,format=qcow2,
if=none,id=drive-dummy
-device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
41 lines
1.3 KiB
XML
41 lines
1.3 KiB
XML
<disk type='network' device='disk'>
|
|
<driver name='qemu' type='qcow2'/>
|
|
<source protocol='rbd' name='rbdpool/rbdimg'>
|
|
<host name='host1.example.com'/>
|
|
<host name='host2.example.com'/>
|
|
<encryption format='luks'>
|
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
|
</encryption>
|
|
<auth username='testuser-rbd'>
|
|
<secret type='ceph' usage='testuser-rbd-secret'/>
|
|
</auth>
|
|
<privateData>
|
|
<nodenames>
|
|
<nodename type='storage' name='node-a-s'/>
|
|
<nodename type='format' name='node-b-f'/>
|
|
</nodenames>
|
|
</privateData>
|
|
</source>
|
|
<backingStore type='network' index='1'>
|
|
<format type='qcow2'/>
|
|
<source protocol='iscsi' name='iqn.2016-09.com.example:iscsitarget/1'>
|
|
<host name='example.org'/>
|
|
<privateData>
|
|
<nodenames>
|
|
<nodename type='storage' name='node-b-s'/>
|
|
<nodename type='format' name='node-b-f'/>
|
|
</nodenames>
|
|
</privateData>
|
|
<encryption format='qcow'>
|
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
|
</encryption>
|
|
<auth username='testuser-iscsi'>
|
|
<secret type='iscsi' usage='testuser-iscsi-secret'/>
|
|
</auth>
|
|
</source>
|
|
<backingStore/>
|
|
</backingStore>
|
|
<target dev='vda' bus='virtio'/>
|
|
<alias name='virtio-disk0'/>
|
|
</disk>
|