libvirt/docs/formatsecret.html.in
Daniel P. Berrange f2f9742d4d Fix multiple formatting problems in HTML docs
The rule generating the HTML docs passing the --html flag
to xsltproc. This makes it use the legacy HTML parser, which
either ignores or tries to fix all sorts of broken XML tags.
There's no reason why we should be writing broken XML in
the first place, so removing --html and adding the XHTML
doctype to all files forces us to create good XML.

This adds the XHTML doc type and fixes many, many XML tag
problems it exposes.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 15:56:15 +01:00

94 lines
3.4 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<h1>Secret XML format</h1>
<ul id="toc"></ul>
<h2><a name="SecretAttributes">Secret XML</a></h2>
<p>
Secrets stored by libvirt may have attributes associated with them, using
the <code>secret</code> element. The <code>secret</code> element has two
optional attributes, each with values '<code>yes</code>' and
'<code>no</code>', and defaulting to '<code>no</code>':
</p>
<dl>
<dt><code>ephemeral</code></dt>
<dd>This secret must only be kept in memory, never stored persistently.
</dd>
<dt><code>private</code></dt>
<dd>The value of the secret must not be revealed to any caller of libvirt,
nor to any other node.
</dd>
</dl>
<p>
The top-level <code>secret</code> element may contain the following
elements:
</p>
<dl>
<dt><code>uuid</code></dt>
<dd>
An unique identifier for this secret (not necessarily in the UUID
format). If omitted when defining a new secret, a random UUID is
generated.
</dd>
<dt><code>description</code></dt>
<dd>A human-readable description of the purpose of the secret.
</dd>
<dt><code>usage</code></dt>
<dd>
Specifies what this secret is used for. A mandatory
<code>type</code> attribute specifies the usage category, currently
only <code>volume</code> and <code>ceph</code> are defined.
Specific usage categories are described below.
</dd>
</dl>
<h3>Usage type "volume"</h3>
<p>
This secret is associated with a volume, and it is safe to delete the
secret after the volume is deleted. The <code>&lt;usage
type='volume'&gt;</code> element must contain a
single <code>volume</code> element that specifies the key of the volume
this secret is associated with.
</p>
<h3>Usage type "ceph"</h3>
<p>
This secret is associated with a Ceph RBD (rados block device).
The <code>&lt;usage type='ceph'&gt;</code> element must contain
a single <code>name</code> element that specifies a usage name
for the secret. The Ceph secret can then be used by UUID or by
this usage name via the <code>&lt;auth&gt;</code> element of
a <a href="domain.html#elementsDisks">disk
device</a>. <span class="since">Since 0.9.7</span>.
</p>
<h3>Usage type "iscsi"</h3>
<p>
This secret is associated with an iSCSI target for CHAP authentication.
The <code>&lt;usage type='iscsi'&gt;</code> element must contain
a single <code>target</code> element that specifies a usage name
for the secret. The iSCSI secret can then be used by UUID or by
this usage name via the <code>&lt;auth&gt;</code> element of
a <a href="domain.html#elementsDisks">disk
device</a>. <span class="since">Since 1.0.4</span>.
</p>
<h2><a name="example">Example</a></h2>
<pre>
&lt;secret ephemeral='no' private='yes'&gt;
&lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
&lt;usage type='volume'&gt;
&lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
&lt;/usage&gt;
&lt;/secret&gt;</pre>
</body>
</html>