mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
5fd6ae3f2e
docs/formatsecret.html.in: (s/domain\.html/formatdomain\.html/g)
94 lines
3.4 KiB
XML
94 lines
3.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<body>
|
|
<h1>Secret XML format</h1>
|
|
|
|
<ul id="toc"></ul>
|
|
|
|
<h2><a name="SecretAttributes">Secret XML</a></h2>
|
|
|
|
<p>
|
|
Secrets stored by libvirt may have attributes associated with them, using
|
|
the <code>secret</code> element. The <code>secret</code> element has two
|
|
optional attributes, each with values '<code>yes</code>' and
|
|
'<code>no</code>', and defaulting to '<code>no</code>':
|
|
</p>
|
|
<dl>
|
|
<dt><code>ephemeral</code></dt>
|
|
<dd>This secret must only be kept in memory, never stored persistently.
|
|
</dd>
|
|
<dt><code>private</code></dt>
|
|
<dd>The value of the secret must not be revealed to any caller of libvirt,
|
|
nor to any other node.
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
The top-level <code>secret</code> element may contain the following
|
|
elements:
|
|
</p>
|
|
<dl>
|
|
<dt><code>uuid</code></dt>
|
|
<dd>
|
|
An unique identifier for this secret (not necessarily in the UUID
|
|
format). If omitted when defining a new secret, a random UUID is
|
|
generated.
|
|
</dd>
|
|
<dt><code>description</code></dt>
|
|
<dd>A human-readable description of the purpose of the secret.
|
|
</dd>
|
|
<dt><code>usage</code></dt>
|
|
<dd>
|
|
Specifies what this secret is used for. A mandatory
|
|
<code>type</code> attribute specifies the usage category, currently
|
|
only <code>volume</code>, <code>ceph</code> and <code>iscsi</code>
|
|
are defined. Specific usage categories are described below.
|
|
</dd>
|
|
</dl>
|
|
|
|
<h3>Usage type "volume"</h3>
|
|
|
|
<p>
|
|
This secret is associated with a volume, and it is safe to delete the
|
|
secret after the volume is deleted. The <code><usage
|
|
type='volume'></code> element must contain a
|
|
single <code>volume</code> element that specifies the key of the volume
|
|
this secret is associated with.
|
|
</p>
|
|
|
|
<h3>Usage type "ceph"</h3>
|
|
|
|
<p>
|
|
This secret is associated with a Ceph RBD (rados block device).
|
|
The <code><usage type='ceph'></code> element must contain
|
|
a single <code>name</code> element that specifies a usage name
|
|
for the secret. The Ceph secret can then be used by UUID or by
|
|
this usage name via the <code><auth></code> element of
|
|
a <a href="formatdomain.html#elementsDisks">disk
|
|
device</a>. <span class="since">Since 0.9.7</span>.
|
|
</p>
|
|
|
|
<h3>Usage type "iscsi"</h3>
|
|
|
|
<p>
|
|
This secret is associated with an iSCSI target for CHAP authentication.
|
|
The <code><usage type='iscsi'></code> element must contain
|
|
a single <code>target</code> element that specifies a usage name
|
|
for the secret. The iSCSI secret can then be used by UUID or by
|
|
this usage name via the <code><auth></code> element of
|
|
a <a href="formatdomain.html#elementsDisks">disk
|
|
device</a>. <span class="since">Since 1.0.4</span>.
|
|
</p>
|
|
|
|
<h2><a name="example">Example</a></h2>
|
|
|
|
<pre>
|
|
<secret ephemeral='no' private='yes'>
|
|
<description>LUKS passphrase for the main hard drive of our mail server</description>
|
|
<usage type='volume'>
|
|
<volume>/var/lib/libvirt/images/mail.img</volume>
|
|
</usage>
|
|
</secret></pre>
|
|
</body>
|
|
</html>
|