On 7/2/20 9:40 AM, Peter Krempa wrote:
Add fields for storing the aliases necessary to clean up the TLS env for a backup job after it finishes. Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> ---
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml @@ -0,0 +1,36 @@ +<domainbackup mode='pull'> + <incremental>1525889631</incremental> + <server transport='tcp' name='localhost' port='10809'/>
Are you also planning on encrypting the NBD server? As written, this is still a plain-text NBD server.
+ <disks> + <disk name='vda' backup='yes' state='running' type='file' exportname='test-vda' exportbitmap='blah'> + <driver type='qcow2'/> + <scratch file='/path/to/file'> + <encryption format='luks'> + <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
It looks like this patch is just encrypting the temporary file (ensuring that guest data cannot be read at rest on the host machine).
But even without NBD encryption, this is a nice improvement. Reviewed-by: Eric Blake <eblake@xxxxxxxxxx> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
