- 28 7月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
The current LUKS support has a "luks" volume type which has a "luks" encryption format. This partially makes sense if you consider the QEMU shorthand syntax only requires you to specify a format=luks, and it'll automagically uses "raw" as the next level driver. QEMU will however let you override the "raw" with any other driver it supports (vmdk, qcow, rbd, iscsi, etc, etc) IOW the intention though is that the "luks" encryption format is applied to all disk formats (whether raw, qcow2, rbd, gluster or whatever). As such it doesn't make much sense for libvirt to say the volume type is "luks" - we should be saying that it is a "raw" file, but with "luks" encryption applied. IOW, when creating a storage volume we should use this XML <volume> <name>demo.raw</name> <capacity>5368709120</capacity> <target> <format type='raw'/> <encryption format='luks'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/> </encryption> </target> </volume> and when configuring a guest disk we should use <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/home/berrange/VirtualMachines/demo.raw'/> <target dev='sda' bus='scsi'/> <encryption format='luks'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/> </encryption> </disk> This commit thus removes the "luks" storage volume type added in commit 318ebb36 Author: John Ferlan <jferlan@redhat.com> Date: Tue Jun 21 12:59:54 2016 -0400 util: Add 'luks' to the FileTypeInfo The storage file probing code is modified so that it can probe the actual encryption formats explicitly, rather than merely probing existance of encryption and letting the storage driver guess the format. The rest of the code is then adapted to deal with VIR_STORAGE_FILE_RAW w/ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS instead of just VIR_STORAGE_FILE_LUKS. The commit mentioned above was included in libvirt v2.0.0. So when querying volume XML this will be a change in behaviour vs the 2.0.0 release - it'll report 'raw' instead of 'luks' for the volume format, but still report 'luks' for encryption format. I think this change is OK because the storage driver did not include any support for creating volumes, nor starting guets with luks volumes in v2.0.0 - that only since then. Clearly if we change this we must do it before v2.1.0 though. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 15 7月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Commit id's '9bbf0d7e' and '2552fec2' added some XML parsing tests for a LUKS volume to use a 'passphrase' secret format. After commit, this was deemed to be incorrect, so covert the various tests to use the volume usage format where the 'usage' is the path to the volume rather than a user defined name string. Also, removed the qemuxml2argv-luks-disk-cipher.xml since it was just a duplicate of qemuxml2argv-luks-disks.xml. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 02 7月, 2016 2 次提交
-
-
由 John Ferlan 提交于
For a luks device, allow the configuration of a specific cipher to be used for encrypting the volume. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Add parse and format of the luks/passphrase secret including tests for volume XML parsing. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 26 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
I got annoyed at having to use both 'virsh vol-list $pool --details' AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated the volume correctly. Since two-thirds of the data present in virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(), this just adds the remaining piece of information, as: <volume type='...'> ... </volume> * docs/formatstorage.html.in: Document new <volume type=...>. * docs/schemas/storagevol.rng (vol): Add it to RelaxNG. * src/conf/storage_conf.h (virStorageVolTypeToString): Declare. * src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output the metatype. (virStorageVolDefParseXML): Parse it, for unit tests. * tests/storagevolxml2xmlout/vol-*.xml: Update tests to match. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 22 11月, 2013 1 次提交
-
-
由 Eric Blake 提交于
$ touch /var/lib/libvirt/images/'a<b>c' $ virsh pool-refresh default $ virsh vol-dumpxml 'a<b>c' default | head -n2 <volume> <name>a<b>c</name> Oops. That's not valid XML. And when we fix the XML generation, it fails RelaxNG validation. I'm also tired of seeing <key>(null)</key> in the example output for volume xml; while we used NULLSTR() to avoid a NULL deref rather than relying on glibc's printf extension behavior, it's even better if we avoid the issue in the first place. But this requires being careful that we don't invalidate any storage backends that were relying on key being unassigned during virStoragVolCreateXML[From]. I would have split this into two patches (one for escaping, one for avoiding <key>(null)</key>), but since they both end up touching a lot of the same test files, I ended up merging it into one. Note that this patch allows pretty much any volume name that can appear in a directory (excluding . and .. because those are special), but does nothing to change the current (unenforced) RelaxNG claim that pool names will consist only of letters, numbers, _, -, and +. Tightening the C code to match RelaxNG patterns and/or relaxing the grammar to match the C code for pool names is a task for another day (but remember, we DID recently tighten C code for domain names to exclude a leading '.'). * src/conf/storage_conf.c (virStoragePoolSourceFormat) (virStoragePoolDefFormat, virStorageVolTargetDefFormat) (virStorageVolDefFormat): Escape user-controlled strings. (virStorageVolDefParseXML): Parse key, for use in unit tests. * src/storage/storage_driver.c (storageVolCreateXML) (storageVolCreateXMLFrom): Ensure parsed key doesn't confuse volume creation. * docs/schemas/basictypes.rng (volName): Relax definition. * tests/storagepoolxml2xmltest.c (mymain): Test it. * tests/storagevolxml2xmltest.c (mymain): Likewise. * tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file. * tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise. * tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise. * tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise. * tests/storagevolxml2xmlout/vol-*.xml: Fix fallout. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 25 7月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
Reuse the XML files in storagevolxml2xmlin. (This requires changing a few backing files to /dev/null, since virStorageBackendCreateQemuImgCmd checks for its presence)
-
- 25 2月, 2013 1 次提交
-
-
由 Ján Tomko 提交于
-
- 16 10月, 2009 1 次提交
-
-
由 Cole Robinson 提交于
-
- 02 9月, 2009 1 次提交
-
-
由 Miloslav Trmač 提交于
The XML allows <encryption format='unencrypted'/>, this implementation canonicalizes the internal representation so that "vol->encryption" is non-NULL iff the volume is encrypted. Note that partial encryption information (e.g. specifying an encryption format, but not the key/passphrase) is valid, libvirt will automatically choose value for the missing information during volume creation. The user can read the volume XML, and use the unmodified <encryption> tag in future operations (without having to be able to understand) its contents. * docs/formatstorage.html, docs/formatstorage.html.in: Document storage volume encryption options * src/storage_conf.c, src/storage_conf.h: Hook up storage encryption XML handling * tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption schema changes
-
- 29 5月, 2009 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/schemas/storagevol.rng docs/formatstorage.html[.in] tests/storagevolschemadata/vol-qcow2.xml: fix storage volume inconsistencies in schema and document, patch by Ryota Ozaki daniel
-
- 27 1月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
-