ping? Tks, John On 05/24/2018 07:50 PM, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1560946 > > Following the model of the Logical backend, use qemu-img on > the created device to set up for LUKS encryption. > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > --- > > works much better with the settle patch applied from: > > https://www.redhat.com/archives/libvir-list/2018-May/msg01847.html > > > src/storage/storage_backend_disk.c | 43 ++++++++++++++++++++++++-------------- > 1 file changed, 27 insertions(+), 16 deletions(-) > > diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c > index 7b4549c34d..a3003fd0b5 100644 > --- a/src/storage/storage_backend_disk.c > +++ b/src/storage/storage_backend_disk.c > @@ -870,19 +870,13 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool, > char *partFormat = NULL; > unsigned long long startOffset = 0, endOffset = 0; > virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool); > + virErrorPtr save_err; > virCommandPtr cmd = virCommandNewArgList(PARTED, > def->source.devices[0].path, > "mkpart", > "--script", > NULL); > > - if (vol->target.encryption != NULL) { > - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, > - "%s", _("storage pool does not support encrypted " > - "volumes")); > - goto cleanup; > - } > - > if (virStorageBackendDiskPartFormat(pool, vol, &partFormat) != 0) > goto cleanup; > virCommandAddArg(cmd, partFormat); > @@ -893,6 +887,12 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool, > goto cleanup; > } > > + /* If we're going to encrypt using LUKS, then we could need up to > + * an extra 2MB for the LUKS header - so account for that now */ > + if (vol->target.encryption && > + vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) > + endOffset += 2 * 1024 * 1024; > + > virCommandAddArgFormat(cmd, "%lluB", startOffset); > virCommandAddArgFormat(cmd, "%lluB", endOffset); > > @@ -910,15 +910,15 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool, > VIR_FREE(vol->target.path); > > /* Fetch actual extent info, generate key */ > - if (virStorageBackendDiskReadPartitions(pool, vol) < 0) { > - /* Best effort to remove the partition. Ignore any errors > - * since we could be calling this with vol->target.path == NULL > - */ > - virErrorPtr save_err = virSaveLastError(); > - ignore_value(virStorageBackendDiskDeleteVol(pool, vol, 0)); > - virSetError(save_err); > - virFreeError(save_err); > - goto cleanup; > + if (virStorageBackendDiskReadPartitions(pool, vol) < 0) > + goto error; > + > + if (vol->target.encryption) { > + /* Adjust the sizes to account for the LUKS header */ > + vol->target.capacity -= 2 * 1024 * 1024; > + vol->target.allocation -= 2 * 1024 * 1024; > + if (virStorageBackendCreateVolUsingQemuImg(pool, vol, NULL, 0) < 0) > + goto error; > } > > res = 0; > @@ -927,8 +927,19 @@ virStorageBackendDiskCreateVol(virStoragePoolObjPtr pool, > VIR_FREE(partFormat); > virCommandFree(cmd); > return res; > + > + error: > + /* Best effort to remove the partition. Ignore any errors > + * since we could be calling this with vol->target.path == NULL > + */ > + save_err = virSaveLastError(); > + ignore_value(virStorageBackendDiskDeleteVol(pool, vol, 0)); > + virSetError(save_err); > + virFreeError(save_err); > + goto cleanup; > } > > + > static int > virStorageBackendDiskBuildVolFrom(virStoragePoolObjPtr pool, > virStorageVolDefPtr vol, > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
