mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
f2f9742d4d
The rule generating the HTML docs passing the --html flag to xsltproc. This makes it use the legacy HTML parser, which either ignores or tries to fix all sorts of broken XML tags. There's no reason why we should be writing broken XML in the first place, so removing --html and adding the XHTML doctype to all files forces us to create good XML. This adds the XHTML doc type and fixes many, many XML tag problems it exposes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
94 lines
3.4 KiB
XML
94 lines
3.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<body>
|
|
<h1>Secret XML format</h1>
|
|
|
|
<ul id="toc"></ul>
|
|
|
|
<h2><a name="SecretAttributes">Secret XML</a></h2>
|
|
|
|
<p>
|
|
Secrets stored by libvirt may have attributes associated with them, using
|
|
the <code>secret</code> element. The <code>secret</code> element has two
|
|
optional attributes, each with values '<code>yes</code>' and
|
|
'<code>no</code>', and defaulting to '<code>no</code>':
|
|
</p>
|
|
<dl>
|
|
<dt><code>ephemeral</code></dt>
|
|
<dd>This secret must only be kept in memory, never stored persistently.
|
|
</dd>
|
|
<dt><code>private</code></dt>
|
|
<dd>The value of the secret must not be revealed to any caller of libvirt,
|
|
nor to any other node.
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
The top-level <code>secret</code> element may contain the following
|
|
elements:
|
|
</p>
|
|
<dl>
|
|
<dt><code>uuid</code></dt>
|
|
<dd>
|
|
An unique identifier for this secret (not necessarily in the UUID
|
|
format). If omitted when defining a new secret, a random UUID is
|
|
generated.
|
|
</dd>
|
|
<dt><code>description</code></dt>
|
|
<dd>A human-readable description of the purpose of the secret.
|
|
</dd>
|
|
<dt><code>usage</code></dt>
|
|
<dd>
|
|
Specifies what this secret is used for. A mandatory
|
|
<code>type</code> attribute specifies the usage category, currently
|
|
only <code>volume</code> and <code>ceph</code> are defined.
|
|
Specific usage categories are described below.
|
|
</dd>
|
|
</dl>
|
|
|
|
<h3>Usage type "volume"</h3>
|
|
|
|
<p>
|
|
This secret is associated with a volume, and it is safe to delete the
|
|
secret after the volume is deleted. The <code><usage
|
|
type='volume'></code> element must contain a
|
|
single <code>volume</code> element that specifies the key of the volume
|
|
this secret is associated with.
|
|
</p>
|
|
|
|
<h3>Usage type "ceph"</h3>
|
|
|
|
<p>
|
|
This secret is associated with a Ceph RBD (rados block device).
|
|
The <code><usage type='ceph'></code> element must contain
|
|
a single <code>name</code> element that specifies a usage name
|
|
for the secret. The Ceph secret can then be used by UUID or by
|
|
this usage name via the <code><auth></code> element of
|
|
a <a href="domain.html#elementsDisks">disk
|
|
device</a>. <span class="since">Since 0.9.7</span>.
|
|
</p>
|
|
|
|
<h3>Usage type "iscsi"</h3>
|
|
|
|
<p>
|
|
This secret is associated with an iSCSI target for CHAP authentication.
|
|
The <code><usage type='iscsi'></code> element must contain
|
|
a single <code>target</code> element that specifies a usage name
|
|
for the secret. The iSCSI secret can then be used by UUID or by
|
|
this usage name via the <code><auth></code> element of
|
|
a <a href="domain.html#elementsDisks">disk
|
|
device</a>. <span class="since">Since 1.0.4</span>.
|
|
</p>
|
|
|
|
<h2><a name="example">Example</a></h2>
|
|
|
|
<pre>
|
|
<secret ephemeral='no' private='yes'>
|
|
<description>LUKS passphrase for the main hard drive of our mail server</description>
|
|
<usage type='volume'>
|
|
<volume>/var/lib/libvirt/images/mail.img</volume>
|
|
</usage>
|
|
</secret></pre>
|
|
</body>
|
|
</html>
|