From 2b05485f3e751837a0d86309eaa0dfdca7e91e19 Mon Sep 17 00:00:00 2001
From: Michal Privoznik
- <secret ephemeral='no' private='yes'> - <description>Super secret name of my first puppy</description> - <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> - <usage type='volume'> - <volume>/var/lib/libvirt/images/puppyname.img</volume> - </usage> - </secret> +<secret ephemeral='no' private='yes'> + <description>Super secret name of my first puppy</description> + <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> + <usage type='volume'> + <volume>/var/lib/libvirt/images/puppyname.img</volume> + </usage> +</secret>
Define the secret and set the passphrase as follows:
- # virsh secret-define volume-secret.xml - Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created - # - # MYSECRET=`printf %s "open sesame" | base64` - # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET - Secret value set - # +# virsh secret-define volume-secret.xml +Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created +# +# MYSECRET=`printf %s "open sesame" | base64` +# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET +Secret value set +#
@@ -88,9 +88,9 @@ volume encryption as follows:
- <encryption format='qcow'> - <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> - </encryption> +<encryption format='qcow'> + <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> +</encryption>
@@ -102,22 +102,22 @@ since 2.1.0. An example follows:
- # cat luks-secret.xml - <secret ephemeral='no' private='yes'> - <description>LUKS Sample Secret</description> - <uuid>f52a81b2-424e-490c-823d-6bd4235bc57</uuid> - <usage type='volume'> - <volume>/var/lib/libvirt/images/luks-sample.img</volume> - </usage> - </secret> - - # virsh secret-define luks-secret.xml - Secret f52a81b2-424e-490c-823d-6bd4235bc57 created - # - # MYSECRET=`printf %s "letmein" | base64` - # virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET - Secret value set - # +# cat luks-secret.xml +<secret ephemeral='no' private='yes'> + <description>LUKS Sample Secret</description> + <uuid>f52a81b2-424e-490c-823d-6bd4235bc57</uuid> + <usage type='volume'> + <volume>/var/lib/libvirt/images/luks-sample.img</volume> + </usage> +</secret> + +# virsh secret-define luks-secret.xml +Secret f52a81b2-424e-490c-823d-6bd4235bc57 created +# +# MYSECRET=`printf %s "letmein" | base64` +# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET +Secret value set +#
- <secret ephemeral='no' private='yes'> - <description>CEPH passphrase example</description> - <usage type='ceph'> - <name>ceph_example</name> - </usage> - </secret> +<secret ephemeral='no' private='yes'> + <description>CEPH passphrase example</description> + <usage type='ceph'> + <name>ceph_example</name> + </usage> +</secret>
@@ -149,19 +149,19 @@ chosen secret pass phrase.
- # virsh secret-define ceph-secret.xml - Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created - # - # virsh secret-list - UUID Usage - ----------------------------------------------------------- - 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example - # - # CEPHPHRASE=`printf %s "pass phrase" | base64` - # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE - Secret value set - - # +# virsh secret-define ceph-secret.xml +Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created +# +# virsh secret-list + UUID Usage +----------------------------------------------------------- + 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example +# +# CEPHPHRASE=`printf %s "pass phrase" | base64` +# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE +Secret value set + +#
@@ -171,9 +171,9 @@ element as follows:
- <auth username='myname'> - <secret type='ceph' usage='ceph_example'/> - </auth> +<auth username='myname'> + <secret type='ceph' usage='ceph_example'/> +</auth>
@@ -182,9 +182,9 @@
<source>
element as follows:
- <auth type='ceph' username='myname'> - <secret usage='ceph_example'/> - </auth> +<auth type='ceph' username='myname'> + <secret usage='ceph_example'/> +</auth>
- <target iqn.2013-07.com.example:iscsi-pool> - backing-store /home/tgtd/iscsi-pool/disk1 - backing-store /home/tgtd/iscsi-pool/disk2 - incominguser myname mysecret - </target> +<target iqn.2013-07.com.example:iscsi-pool> +backing-store /home/tgtd/iscsi-pool/disk1 +backing-store /home/tgtd/iscsi-pool/disk2 +incominguser myname mysecret +</target>
Define an iscsi-secret.xml file to describe the secret. Use the @@ -219,12 +219,12 @@ or disk XML description.
- <secret ephemeral='no' private='yes'> - <description>Passphrase for the iSCSI example.com server</description> - <usage type='iscsi'> - <target>libvirtiscsi</target> - </usage> - </secret> +<secret ephemeral='no' private='yes'> + <description>Passphrase for the iSCSI example.com server</description> + <usage type='iscsi'> + <target>libvirtiscsi</target> + </usage> +</secret>
@@ -235,18 +235,18 @@ used in the iSCSI authentication configuration file.
- # virsh secret-define secret.xml - Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created - - # virsh secret-list - UUID Usage - ----------------------------------------------------------- - c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi - - # MYSECRET=`printf %s "mysecret" | base64` - # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET - Secret value set - # +# virsh secret-define secret.xml +Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created + +# virsh secret-list + UUID Usage +----------------------------------------------------------- + c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi + +# MYSECRET=`printf %s "mysecret" | base64` +# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET +Secret value set +#
@@ -256,9 +256,9 @@ element as follows:
- <auth username='myname'> - <secret type='iscsi' usage='libvirtiscsi'/> - </auth> +<auth username='myname'> + <secret type='iscsi' usage='libvirtiscsi'/> +</auth>
@@ -267,9 +267,9 @@
<source>
element as follows:
- <auth type='chap' username='myname'> - <secret usage='libvirtiscsi'/> - </auth> +<auth type='chap' username='myname'> + <secret usage='libvirtiscsi'/> +</auth>
- # cat tls-secret.xml - <secret ephemeral='no' private='yes'> - <description>sample tls secret</description> - <usage type='tls'> - <name>TLS_example</name> - </usage> - </secret> - - # virsh secret-define tls-secret.xml - Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created - - # virsh secret-list - UUID Usage - ----------------------------------------------------------- - 718c71bd-67b5-4a2b-87ec-a24e8ca200dc tls TLS_example - # +# cat tls-secret.xml +<secret ephemeral='no' private='yes'> + <description>sample tls secret</description> + <usage type='tls'> + <name>TLS_example</name> + </usage> +</secret> + +# virsh secret-define tls-secret.xml +Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created + +# virsh secret-list + UUID Usage +----------------------------------------------------------- + 718c71bd-67b5-4a2b-87ec-a24e8ca200dc tls TLS_example +#@@ -320,9 +320,9 @@
- # MYSECRET=`printf %s "letmein" | base64` - # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET - Secret value set +# MYSECRET=`printf %s "letmein" | base64` +# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET +Secret value set-- GitLab