Re: [PATCH 32/35] tests: qemublock: Add test combining authentication and encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 04/25/2018 11:15 AM, Peter Krempa wrote:
> iscsi and rbd support authentication of the connection. Combine it with
> encryption of qcow2.
> 
> The top level disk image would generate the following '-drive' cmdline:
> 
> -drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
>             mon_host=host1.example.com\;host2.example.com,
>             file.password-secret=node-a-s-secalias,encrypt.format=luks,
>             encrypt.key-secret=node-b-f-encalias,format=qcow2,
>             if=none,id=drive-dummy
> -device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy
> 
> Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> ---
>  tests/qemublocktest.c                              |  1 +
>  ...etwork-qcow2-backing-chain-encryption_auth.json | 51 ++++++++++++++++++++++
>  ...network-qcow2-backing-chain-encryption_auth.xml | 40 +++++++++++++++++
>  3 files changed, 92 insertions(+)
>  create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
>  create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml
> 

The iSCSI target IQN listed here probably isn't valid, but no big deal.
You could prefix with something like "iqn.2016-09.com.example:" -
changes output a bit.

Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx>

John

qcow encrypted iSCSI chained with a LUKS encrypted RBD... That's a trick!

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux