On 04/25/2018 11:15 AM, Peter Krempa wrote: > iscsi and rbd support authentication of the connection. Combine it with > encryption of qcow2. > > The top level disk image would generate the following '-drive' cmdline: > > -drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none: > mon_host=host1.example.com\;host2.example.com, > file.password-secret=node-a-s-secalias,encrypt.format=luks, > encrypt.key-secret=node-b-f-encalias,format=qcow2, > if=none,id=drive-dummy > -device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy > > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > tests/qemublocktest.c | 1 + > ...etwork-qcow2-backing-chain-encryption_auth.json | 51 ++++++++++++++++++++++ > ...network-qcow2-backing-chain-encryption_auth.xml | 40 +++++++++++++++++ > 3 files changed, 92 insertions(+) > create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json > create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml > The iSCSI target IQN listed here probably isn't valid, but no big deal. You could prefix with something like "iqn.2016-09.com.example:" - changes output a bit. Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx> John qcow encrypted iSCSI chained with a LUKS encrypted RBD... That's a trick! -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
