1. 28 7月, 2016 1 次提交
    • D
      storage: remove "luks" storage volume type · a48c7141
      Daniel P. Berrange 提交于
      The current LUKS support has a "luks" volume type which has
      a "luks" encryption format.
      
      This partially makes sense if you consider the QEMU shorthand
      syntax only requires you to specify a format=luks, and it'll
      automagically uses "raw" as the next level driver. QEMU will
      however let you override the "raw" with any other driver it
      supports (vmdk, qcow, rbd, iscsi, etc, etc)
      
      IOW the intention though is that the "luks" encryption format
      is applied to all disk formats (whether raw, qcow2, rbd, gluster
      or whatever). As such it doesn't make much sense for libvirt
      to say the volume type is "luks" - we should be saying that it
      is a "raw" file, but with "luks" encryption applied.
      
      IOW, when creating a storage volume we should use this XML
      
        <volume>
          <name>demo.raw</name>
          <capacity>5368709120</capacity>
          <target>
            <format type='raw'/>
            <encryption format='luks'>
              <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
            </encryption>
          </target>
        </volume>
      
      and when configuring a guest disk we should use
      
        <disk type='file' device='disk'>
          <driver name='qemu' type='raw'/>
          <source file='/home/berrange/VirtualMachines/demo.raw'/>
          <target dev='sda' bus='scsi'/>
          <encryption format='luks'>
            <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
          </encryption>
        </disk>
      
      This commit thus removes the "luks" storage volume type added
      in
      
        commit 318ebb36
        Author: John Ferlan <jferlan@redhat.com>
        Date:   Tue Jun 21 12:59:54 2016 -0400
      
          util: Add 'luks' to the FileTypeInfo
      
      The storage file probing code is modified so that it can probe
      the actual encryption formats explicitly, rather than merely
      probing existance of encryption and letting the storage driver
      guess the format.
      
      The rest of the code is then adapted to deal with
      VIR_STORAGE_FILE_RAW w/ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS
      instead of just VIR_STORAGE_FILE_LUKS.
      
      The commit mentioned above was included in libvirt v2.0.0.
      So when querying volume XML this will be a change in behaviour
      vs the 2.0.0 release - it'll report 'raw' instead of 'luks'
      for the volume format, but still report 'luks' for encryption
      format.  I think this change is OK because the storage driver
      did not include any support for creating volumes, nor starting
      guets with luks volumes in v2.0.0 - that only since then.
      Clearly if we change this we must do it before v2.1.0 though.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      a48c7141
  2. 15 7月, 2016 1 次提交
    • J
      tests: Adjust LUKS tests to use 'volume' secret type · a8d0afc7
      John Ferlan 提交于
      Commit id's '9bbf0d7e' and '2552fec2' added some XML parsing tests
      for a LUKS volume to use a 'passphrase' secret format. After commit,
      this was deemed to be incorrect, so covert the various tests to use
      the volume usage format where the 'usage' is the path to the volume
      rather than a user defined name string.
      
      Also, removed the qemuxml2argv-luks-disk-cipher.xml since it was
      just a duplicate of qemuxml2argv-luks-disks.xml.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      a8d0afc7
  3. 02 7月, 2016 2 次提交
  4. 26 11月, 2013 1 次提交
    • E
      storage: expose volume meta-type in XML · 1b5c8d4c
      Eric Blake 提交于
      I got annoyed at having to use both 'virsh vol-list $pool --details'
      AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
      the volume correctly.  Since two-thirds of the data present in
      virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
      this just adds the remaining piece of information, as:
      
      <volume type='...'>
        ...
      </volume>
      
      * docs/formatstorage.html.in: Document new <volume type=...>.
      * docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
      * src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
      * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
      the metatype.
      (virStorageVolDefParseXML): Parse it, for unit tests.
      * tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      1b5c8d4c
  5. 22 11月, 2013 1 次提交
    • E
      storage: use valid XML for awkward volume names · 6cc4d6a3
      Eric Blake 提交于
      $ touch /var/lib/libvirt/images/'a<b>c'
      $ virsh pool-refresh default
      $ virsh vol-dumpxml 'a<b>c' default | head -n2
      <volume>
        <name>a<b>c</name>
      
      Oops.  That's not valid XML.  And when we fix the XML
      generation, it fails RelaxNG validation.
      
      I'm also tired of seeing <key>(null)</key> in the example
      output for volume xml; while we used NULLSTR() to avoid
      a NULL deref rather than relying on glibc's printf
      extension behavior, it's even better if we avoid the issue
      in the first place.  But this requires being careful that
      we don't invalidate any storage backends that were relying
      on key being unassigned during virStoragVolCreateXML[From].
      
      I would have split this into two patches (one for escaping,
      one for avoiding <key>(null)</key>), but since they both
      end up touching a lot of the same test files, I ended up
      merging it into one.
      
      Note that this patch allows pretty much any volume name
      that can appear in a directory (excluding . and .. because
      those are special), but does nothing to change the current
      (unenforced) RelaxNG claim that pool names will consist
      only of letters, numbers, _, -, and +.  Tightening the C
      code to match RelaxNG patterns and/or relaxing the grammar
      to match the C code for pool names is a task for another
      day (but remember, we DID recently tighten C code for
      domain names to exclude a leading '.').
      
      * src/conf/storage_conf.c (virStoragePoolSourceFormat)
      (virStoragePoolDefFormat, virStorageVolTargetDefFormat)
      (virStorageVolDefFormat): Escape user-controlled strings.
      (virStorageVolDefParseXML): Parse key, for use in unit tests.
      * src/storage/storage_driver.c (storageVolCreateXML)
      (storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
      volume creation.
      * docs/schemas/basictypes.rng (volName): Relax definition.
      * tests/storagepoolxml2xmltest.c (mymain): Test it.
      * tests/storagevolxml2xmltest.c (mymain): Likewise.
      * tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
      * tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
      * tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
      * tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      6cc4d6a3
  6. 25 7月, 2013 1 次提交
  7. 25 2月, 2013 1 次提交
  8. 16 10月, 2009 1 次提交
  9. 02 9月, 2009 1 次提交
    • M
      Attach encryption information to virStorageVolDef. · eda3af24
      Miloslav Trmač 提交于
      The XML allows <encryption format='unencrypted'/>, this implementation
      canonicalizes the internal representation so that "vol->encryption" is
      non-NULL iff the volume is encrypted.
      
      Note that partial encryption information (e.g. specifying an encryption
      format, but not the key/passphrase) is valid, libvirt will automatically
      choose value for the missing information during volume creation.  The
      user can read the volume XML, and use the unmodified <encryption> tag in
      future operations (without having to be able to understand) its contents.
      
      * docs/formatstorage.html, docs/formatstorage.html.in: Document
        storage volume encryption options
      * src/storage_conf.c, src/storage_conf.h: Hook up storage
        encryption XML handling
      * tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
        schema changes
      eda3af24
  10. 29 5月, 2009 1 次提交
  11. 27 1月, 2009 1 次提交