[libvirt] Add support for (qcow*) volume encryption (v3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
the following patches add full support for qcow/qcow2 volume encryption,
assuming a client that supports it.

(Main changes since the previous version:
 * Significantly change the internal API, basing it on virSecretPtr instead of
   (virConnectPtr, secret_id); details in patch 1
 * Make virsh commands more similar to the existing commands
 * Remove <encryption format='unencrypted'/>
 * Rename "secret_id" to "uuid" in the XML and API
 * Use "unsigned char *" for secret value
 See the specific patch change logs for more details; patches without
 change logs are unchanged.)

New XML tags are defined to represent encryption parameters (currently
format and passphrase, more can be added in the future), e.g.
     <encryption format='qcow'>
       <secret type='passphrase'
               uuid='724d95f2-0ed2-6ff9-84d0-0f3d1618428d'/>
     </encryption>

The <encryption> tag can be added to a <volume> node passed to
virStorageVolCreateXML() to create an encrypted volume, or to a
<disk> node inside a <domain> to specify what encryption parameters to
use for a domain.

uuid above refers to a separately-managed secret, which was created
using virSecretDefineXML() and set using virSecretSetValue().  Other
properties of the secret can be managed using an XML representation.

Detailed documentation of the formats and features is inside the patches.


--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]