Hi,
I have been trying to use the librbd engine to run a guest from an
encrypted RBD image and am running into some problems.
What I would like to do is:
1. Start from an unencrypted raw image with an OS
2. Make an encrypted clone of that image
3. Boot a guest from the encrypted clone image
What I have tried so far (simplified):
1. Make a clone of the unencrypted image
rbd clone images/unencrypted@snap images/encryptedclone
2. Format the clone image with encryption
rbd encryption format images/encryptedclone luks1 passphrase.bin
3. Create guest XML with the encrypted clone
[...]
<disk type="network" device="disk">
<driver type="raw" cache="writeback"/>
<source protocol="rbd" name="images/encryptedclone">
<host name="127.0.0.1" port="6789"/>
<encryption format="luks" engine="librbd">
<secret type="passphrase" uuid="secretuuid"/>
</encryption>
</source>
<auth username="cinder">
<secret type="ceph" uuid="othersecretuuid"/>
</auth>
<target dev="vda" bus="virtio"/>
</disk>
[...]
and virDomainCreateWithFlags() with the XML.
I don't get any errors from libvirt (no errors about loading encryption)
but this configuration does not seem to work, the guest won't boot.
If anyone can give me a hint what I'm doing wrong, I would appreciate it.
Cheers,
-melwitt
