Smaller versions will cause qemu (>=6.1.0) to return -ENOTSUP, "RBD library does not support image encryption".
Also, this only works on linux machines (e.g. will not work on BSD/windows).
-----"Han Han" <hhan@xxxxxxxxxx> wrote: -----
>To: "Or Ozeri" <oro@xxxxxxxxxx>
>From: "Han Han" <hhan@xxxxxxxxxx>
>Date: 10/28/2021 05:58AM
>Cc: libvir-list@xxxxxxxxxx, idryomov@xxxxxxxxx,
>to.my.trociny@xxxxxxxxx, dannyh@xxxxxxxxxx
>Subject: [EXTERNAL] Re: [PATCH v5 0/5] Add support for librbd
>encryption
>
> Hi Or, I have a question about this feature. For
>rbd encryption in ceph, is it introduced from ceph-v16.2.0? Does it
>require the ceph cluster side >= this version? On Sun, Oct 24, 2021
>at 5:54 PM Or Ozeri <oro@xxxxxxxxxx> wrote:
>
>
>Hi Or,
>I have a question about this feature. For rbd encryption in ceph, is
>it introduced from ceph-v16.2.0?
>Does it require the ceph cluster side >= this version?
>
>On Sun, Oct 24, 2021 at 5:54 PM Or Ozeri <oro@xxxxxxxxxx> wrote:
>v5: rebased + nit fixes suggested by Peter
> v4:
> - added disk post parse to image creation flow in qemublocktest
>(since more tests failed after adding engine validation)
> - removed symlink changes
> - added luks2 and engine documentation
> - switched to using enum engine instead of int
> - added validation for encryption engine and formats
> v3: rebased on master
> v2: addressed (hopefully) all of Peter's v1 comments (thanks Peter!)
>
> Feel free to make any other changes before pushing. Thanks!
>
> Or Ozeri (5):
> qemu: add disk post parse to qemublocktest
> qemu: capablities: Detect presence of 'rbd-encryption' as
> QEMU_CAPS_RBD_ENCRYPTION
> conf: add encryption engine property
> qemu: add librbd encryption engine
> conf: add luks2 encryption format
>
> docs/formatstorageencryption.html.in | 29 ++++++-
> docs/schemas/domainbackup.rng | 7 ++
> docs/schemas/storagecommon.rng | 9 ++
> src/conf/storage_encryption_conf.c | 28 ++++++-
> src/conf/storage_encryption_conf.h | 11 +++
> src/qemu/qemu_block.c | 41 +++++++++
> src/qemu/qemu_capabilities.c | 2 +
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_domain.c | 69 ++++++++++++++-
> src/qemu/qemu_domain.h | 3 +
> tests/qemublocktest.c | 29 +++----
> .../caps_6.1.0.x86_64.xml | 1 +
> .../caps_6.2.0.x86_64.xml | 1 +
> tests/qemustatusxml2xmldata/upgrade-out.xml | 6 +-
> ...sk-network-rbd-encryption.x86_64-6.0.0.err | 1 +
> ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
> .../disk-network-rbd-encryption.xml | 75
>+++++++++++++++++
> tests/qemuxml2argvdata/disk-nvme.xml | 2 +-
> .../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +-
> tests/qemuxml2argvdata/luks-disks.xml | 4 +-
> tests/qemuxml2argvdata/user-aliases.xml | 2 +-
> tests/qemuxml2argvtest.c | 2 +
> ...k-network-rbd-encryption.x86_64-latest.xml | 83
>+++++++++++++++++++
> .../disk-slices.x86_64-latest.xml | 4 +-
> tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +-
> .../luks-disks-source-qcow2.x86_64-latest.xml | 14 ++--
> .../qemuxml2xmloutdata/luks-disks-source.xml | 10 +--
> tests/qemuxml2xmltest.c | 1 +
> 28 files changed, 443 insertions(+), 45 deletions(-)
> create mode 100644
>tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
> create mode 100644
>tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
> create mode 100644
>tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
> create mode 100644
>tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xm
>l
>
> --
> 2.25.1
>
>