On Wed, Oct 06, 2021 at 05:18:46 -0500, Or Ozeri wrote:
> rbd encryption is new in qemu 6.1.0.
> This commit adds a new encryption engine property which
> allows the user to use this new encryption engine.
>
> Signed-off-by: Or Ozeri <oro@xxxxxxxxxx>
> ---
> docs/formatstorageencryption.html.in | 2 +-
> docs/schemas/storagecommon.rng | 1 +
> src/conf/storage_encryption_conf.c | 2 +-
> src/conf/storage_encryption_conf.h | 1 +
> src/qemu/qemu_block.c | 30 +++++++
> src/qemu/qemu_domain.c | 24 ++++++
> ...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 +
> ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
> .../disk-network-rbd-encryption.xml | 75 +++++++++++++++++
> tests/qemuxml2argvtest.c | 2 +
> ...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++
> tests/qemuxml2xmltest.c | 1 +
> 12 files changed, 269 insertions(+), 2 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
> create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
> create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
>
> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 5783381a4a..31ec2698a1 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -27,7 +27,7 @@
> The <code>encryption</code> tag supports an optional <code>engine</code>
> tag, which allows selecting which component actually handles
> the encryption. Currently defined values of <code>engine</code> are
> - <code>qemu</code>.
> + <code>qemu</code> and <code>librbd</code>.
Some more explanation might be a good thing to avoid user confusion.
> </p>
> <p>
> The <code>encryption</code> tag can currently contain a sequence of
[...]
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 21099d7635..871a708a19 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -4812,6 +4812,30 @@ qemuDomainValidateStorageSource(virStorageSource *src,
> }
> }
>
> + if (src->encryption &&
> + src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD) {
[1]
> + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("librbd encryption is not supported by this QEMU binary"));
> + return -1;
> + }
> +
> + switch ((virStorageEncryptionFormatType) src->encryption->format) {
So something like this definitely belongs in one of the previous
commits, but it must also care about the 'qemu' encryption driver and
the corresponding protocols and formats where it supported.
> + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
> + case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
> + break;
> +
> + case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
> + case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
> + case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
> + default:
> + virReportEnumRangeError(virStorageEncryptionFormatType,
> + src->encryption->format);
> + return -1;
> + }
> + }
[...]
The rest looks good. Good test coverage!
