mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-27 16:15:23 +00:00
f2f9742d4d
The rule generating the HTML docs passing the --html flag to xsltproc. This makes it use the legacy HTML parser, which either ignores or tries to fix all sorts of broken XML tags. There's no reason why we should be writing broken XML in the first place, so removing --html and adding the XHTML doctype to all files forces us to create good XML. This adds the XHTML doc type and fixes many, many XML tag problems it exposes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
68 lines
3.0 KiB
XML
68 lines
3.0 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<body>
|
|
<h1>Storage volume encryption XML format</h1>
|
|
|
|
<ul id="toc"></ul>
|
|
|
|
<h2><a name="StorageEncryption">Storage volume encryption XML</a></h2>
|
|
|
|
<p>
|
|
Storage volumes may be encrypted, the XML snippet described below is used
|
|
to represent the details of the encryption. It can be used as a part
|
|
of a domain or storage configuration.
|
|
</p>
|
|
<p>
|
|
The top-level tag of volume encryption specification
|
|
is <code>encryption</code>, with a mandatory
|
|
attribute <code>format</code>. Currently defined values
|
|
of <code>format</code> are <code>default</code> and <code>qcow</code>.
|
|
Each value of <code>format</code> implies some expectations about the
|
|
content of the <code>encryption</code> tag. Other format values may be
|
|
defined in the future.
|
|
</p>
|
|
<p>
|
|
The <code>encryption</code> tag can currently contain a sequence of
|
|
<code>secret</code> tags, each with mandatory attributes <code>type</code>
|
|
and <code>uuid</code>. The only currently defined value of
|
|
<code>type</code> is <code>passphrase</code>. <code>uuid</code>
|
|
refers to a secret known to libvirt. libvirt can use a secret value
|
|
previously set using <code>virSecretSetValue()</code>, or, if supported
|
|
by the particular volume format and driver, automatically generate a
|
|
secret value at the time of volume creation, and store it using the
|
|
specified <code>uuid</code>.
|
|
</p>
|
|
<h3><a name="StorageEncryptionDefault">"default" format</a></h3>
|
|
<p>
|
|
<code><encryption type="default"/></code> can be specified only
|
|
when creating a volume. If the volume is successfully created, the
|
|
encryption formats, parameters and secrets will be auto-generated by
|
|
libvirt and the attached <code>encryption</code> tag will be updated.
|
|
The unmodified contents of the <code>encryption</code> tag can be used
|
|
in later operations with the volume, or when setting up a domain that
|
|
uses the volume.
|
|
</p>
|
|
<h3><a name="StorageEncryptionQcow">"qcow" format</a></h3>
|
|
<p>
|
|
The <code>qcow</code> format specifies that the built-in encryption
|
|
support in <code>qcow</code>- or <code>qcow2</code>-formatted volume
|
|
images should be used. A single
|
|
<code><secret type='passphrase'></code> element is expected. If
|
|
the <code>secret</code> element is not present during volume creation,
|
|
a secret is automatically generated and attached to the volume.
|
|
</p>
|
|
|
|
<h2><a name="example">Example</a></h2>
|
|
|
|
<p>
|
|
Here is a simple example, specifying use of the <code>qcow</code> format:
|
|
</p>
|
|
|
|
<pre>
|
|
<encryption format='qcow'>
|
|
<secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
|
|
</encryption></pre>
|
|
</body>
|
|
</html>
|