From 2518fd3b6a640ad92630acf9945390ddc1cefd8a Mon Sep 17 00:00:00 2001
From: John Ferlan <jferlan@redhat.com>
Date: Fri, 6 Oct 2017 16:30:47 -0400
Subject: [PATCH] storage: Allow creation of a LUKS using logical volume

https://bugzilla.redhat.com/show_bug.cgi?id=1427049

Use virStorageBackendCreateVolUsingQemuImg to apply the LUKS information
to the logical volume just created.  As part of the processing of the
lvcreate command add 2MB to the capacity to account for the LUKS header
when it's determined that the volume desires to use encryption.
---
 src/storage/storage_backend_logical.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c
index 93f4e0a595..5df30de29d 100644
--- a/src/storage/storage_backend_logical.c
+++ b/src/storage/storage_backend_logical.c
@@ -942,13 +942,14 @@ virStorageBackendLogicalLVCreate(virStorageVolDefPtr vol,
                                  virStoragePoolDefPtr def)
 {
     int ret;
+    unsigned long long capacity = vol->target.capacity;
     virCommandPtr cmd = NULL;
 
     cmd = virCommandNewArgList(LVCREATE,
                                "--name", vol->name,
                                NULL);
     virCommandAddArg(cmd, "-L");
-    if (vol->target.capacity != vol->target.allocation) {
+    if (capacity != vol->target.allocation) {
         virCommandAddArgFormat(cmd, "%lluK",
                                VIR_DIV_UP(vol->target.allocation
                                           ? vol->target.allocation : 1, 1024));
@@ -956,8 +957,14 @@ virStorageBackendLogicalLVCreate(virStorageVolDefPtr vol,
         virCommandAddArg(cmd, "--virtualsize");
         vol->target.sparse = true;
     }
-    virCommandAddArgFormat(cmd, "%lluK", VIR_DIV_UP(vol->target.capacity,
-                                                    1024));
+
+    /* If we're going to encrypt using LUKS, then we could need up to
+     * an extra 2MB for the LUKS header - so account for that now */
+    if (vol->target.encryption &&
+        vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
+        capacity += 2 * 1024 * 1024;
+    virCommandAddArgFormat(cmd, "%lluK", VIR_DIV_UP(capacity, 1024));
+
     if (virStorageSourceHasBacking(&vol->target))
         virCommandAddArgList(cmd, "-s", vol->target.backingStore->path, NULL);
     else
@@ -979,13 +986,6 @@ virStorageBackendLogicalCreateVol(virConnectPtr conn,
     virErrorPtr err;
     struct stat sb;
 
-    if (vol->target.encryption != NULL) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       "%s", _("storage pool does not support encrypted "
-                               "volumes"));
-        return -1;
-    }
-
     vol->type = VIR_STORAGE_VOL_BLOCK;
 
     VIR_FREE(vol->target.path);
@@ -996,6 +996,10 @@ virStorageBackendLogicalCreateVol(virConnectPtr conn,
     if (virStorageBackendLogicalLVCreate(vol, def) < 0)
         return -1;
 
+    if (vol->target.encryption &&
+        virStorageBackendCreateVolUsingQemuImg(conn, pool, vol, NULL, 0) < 0)
+        goto error;
+
     if ((fd = virStorageBackendVolOpen(vol->target.path, &sb,
                                        VIR_STORAGE_VOL_OPEN_DEFAULT)) < 0)
         goto error;
-- 
GitLab