On Thu, Jun 13, 2024 at 08:06:17PM -0700, melanie witt wrote: > Hi, > > I have been trying to use the librbd engine to run a guest from an encrypted > RBD image and am running into some problems. > > What I would like to do is: > > 1. Start from an unencrypted raw image with an OS > 2. Make an encrypted clone of that image > 3. Boot a guest from the encrypted clone image > > What I have tried so far (simplified): > > 1. Make a clone of the unencrypted image > > rbd clone images/unencrypted@snap images/encryptedclone > > 2. Format the clone image with encryption > > rbd encryption format images/encryptedclone luks1 passphrase.bin > > 3. Create guest XML with the encrypted clone > > [...] > <disk type="network" device="disk"> > <driver type="raw" cache="writeback"/> > <source protocol="rbd" name="images/encryptedclone"> > <host name="127.0.0.1" port="6789"/> > <encryption format="luks" engine="librbd"> > <secret type="passphrase" uuid="secretuuid"/> > </encryption> > </source> > <auth username="cinder"> > <secret type="ceph" uuid="othersecretuuid"/> > </auth> > <target dev="vda" bus="virtio"/> > </disk> > [...] > > and virDomainCreateWithFlags() with the XML. > > I don't get any errors from libvirt (no errors about loading encryption) but > this configuration does not seem to work, the guest won't boot. > > If anyone can give me a hint what I'm doing wrong, I would appreciate it. Can you share the corresponding QEMU command line that gets generated. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
