2013-02-18 20:43:28 +08:00
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include "internal.h"
|
|
|
|
#include "testutils.h"
|
|
|
|
#include "datatypes.h"
|
2017-01-12 01:04:15 +08:00
|
|
|
#include "storage/storage_util.h"
|
2013-02-18 20:43:28 +08:00
|
|
|
#include "testutilsqemu.h"
|
2013-04-03 18:36:23 +08:00
|
|
|
#include "virstring.h"
|
2013-02-18 20:43:28 +08:00
|
|
|
|
2013-06-07 23:10:28 +08:00
|
|
|
#define VIR_FROM_THIS VIR_FROM_NONE
|
|
|
|
|
2013-02-18 20:43:28 +08:00
|
|
|
const char create_tool[] = "qemu-img";
|
|
|
|
|
2013-07-22 21:55:40 +08:00
|
|
|
/* createVol sets this on volume creation */
|
|
|
|
static void
|
|
|
|
testSetVolumeType(virStorageVolDefPtr vol,
|
|
|
|
virStoragePoolDefPtr pool)
|
|
|
|
{
|
2013-07-26 19:10:12 +08:00
|
|
|
if (!vol || !pool)
|
2013-07-22 21:55:40 +08:00
|
|
|
return;
|
|
|
|
|
|
|
|
switch (pool->type) {
|
|
|
|
case VIR_STORAGE_POOL_DIR:
|
|
|
|
case VIR_STORAGE_POOL_FS:
|
|
|
|
case VIR_STORAGE_POOL_NETFS:
|
|
|
|
vol->type = VIR_STORAGE_VOL_FILE;
|
|
|
|
return;
|
|
|
|
|
|
|
|
case VIR_STORAGE_POOL_LOGICAL:
|
|
|
|
vol->type = VIR_STORAGE_VOL_BLOCK;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-02-18 20:43:28 +08:00
|
|
|
static int
|
|
|
|
testCompareXMLToArgvFiles(bool shouldFail,
|
|
|
|
const char *poolxml,
|
|
|
|
const char *volxml,
|
2013-07-22 21:55:40 +08:00
|
|
|
const char *inputpoolxml,
|
2013-02-18 20:43:28 +08:00
|
|
|
const char *inputvolxml,
|
|
|
|
const char *cmdline,
|
|
|
|
unsigned int flags,
|
2015-02-17 23:57:02 +08:00
|
|
|
unsigned long parse_flags)
|
2013-02-18 20:43:28 +08:00
|
|
|
{
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
virStorageVolEncryptConvertStep convertStep = VIR_STORAGE_VOL_ENCRYPT_NONE;
|
2013-02-18 20:43:28 +08:00
|
|
|
int ret = -1;
|
2017-05-09 04:02:36 +08:00
|
|
|
virStoragePoolDefPtr def = NULL;
|
|
|
|
virStoragePoolObjPtr obj = NULL;
|
2019-10-15 21:16:31 +08:00
|
|
|
g_autofree char *actualCmdline = NULL;
|
2019-10-15 20:47:50 +08:00
|
|
|
g_autoptr(virStorageVolDef) vol = NULL;
|
|
|
|
g_autoptr(virStorageVolDef) inputvol = NULL;
|
|
|
|
g_autoptr(virStoragePoolDef) inputpool = NULL;
|
|
|
|
g_autoptr(virCommand) cmd = NULL;
|
2013-02-18 20:43:28 +08:00
|
|
|
|
2017-05-09 04:02:36 +08:00
|
|
|
if (!(def = virStoragePoolDefParseFile(poolxml)))
|
2013-02-18 20:43:28 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-05-09 04:02:36 +08:00
|
|
|
if (!(obj = virStoragePoolObjNew())) {
|
|
|
|
virStoragePoolDefFree(def);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
virStoragePoolObjSetDef(obj, def);
|
2013-02-18 20:43:28 +08:00
|
|
|
|
2013-07-22 21:55:40 +08:00
|
|
|
if (inputpoolxml) {
|
2015-04-23 23:10:15 +08:00
|
|
|
if (!(inputpool = virStoragePoolDefParseFile(inputpoolxml)))
|
2013-07-22 21:55:40 +08:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
2015-02-17 23:54:53 +08:00
|
|
|
if (inputvolxml)
|
|
|
|
parse_flags |= VIR_VOL_XML_PARSE_NO_CAPACITY;
|
|
|
|
|
2017-05-09 04:02:36 +08:00
|
|
|
if (!(vol = virStorageVolDefParseFile(def, volxml, parse_flags)))
|
2013-02-18 20:43:28 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (inputvolxml &&
|
2015-04-23 23:10:15 +08:00
|
|
|
!(inputvol = virStorageVolDefParseFile(inputpool, inputvolxml, 0)))
|
2013-02-18 20:43:28 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2017-05-09 04:02:36 +08:00
|
|
|
testSetVolumeType(vol, def);
|
2013-07-22 21:55:40 +08:00
|
|
|
testSetVolumeType(inputvol, inputpool);
|
|
|
|
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
/* Using an input file for encryption requires a multi-step process
|
|
|
|
* to create an image of the same size as the inputvol and then to
|
|
|
|
* convert the inputvol afterwards. Since we only care about the
|
|
|
|
* command line we have to copy code from storageBackendCreateQemuImg
|
|
|
|
* and adjust it for the test needs. */
|
2018-08-21 00:25:44 +08:00
|
|
|
if (inputvol && (vol->target.encryption || inputvol->target.encryption))
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
convertStep = VIR_STORAGE_VOL_ENCRYPT_CREATE;
|
|
|
|
|
|
|
|
do {
|
2019-02-01 02:16:44 +08:00
|
|
|
virCommandFree(cmd);
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
cmd = virStorageBackendCreateQemuImgCmdFromVol(obj, vol,
|
|
|
|
inputvol, flags,
|
|
|
|
create_tool,
|
|
|
|
"/path/to/secretFile",
|
2018-08-21 00:25:44 +08:00
|
|
|
"/path/to/inputSecretFile",
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
convertStep);
|
|
|
|
if (!cmd) {
|
|
|
|
if (shouldFail) {
|
|
|
|
virResetLastError();
|
|
|
|
ret = 0;
|
|
|
|
}
|
|
|
|
goto cleanup;
|
2013-02-18 20:43:28 +08:00
|
|
|
}
|
|
|
|
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
if (convertStep != VIR_STORAGE_VOL_ENCRYPT_CONVERT) {
|
qemu: use line breaks in command line args written to log
The QEMU command line arguments are very long and currently all written
on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces
logic to add line breaks after every env variable and "-" optional
argument, and every positional argument. This will create a clearer log
file, which will in turn present better in bug reports when people cut +
paste from the log into a bug comment.
An example log file entry now looks like this:
2018-12-14 12:57:03.677+0000: starting up libvirt version: 5.0.0, qemu version: 3.0.0qemu-3.0.0-1.fc29, kernel: 4.19.5-300.fc29.x86_64, hostname: localhost.localdomain
LC_ALL=C \
PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \
HOME=/home/berrange \
USER=berrange \
LOGNAME=berrange \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-ppc64 \
-name guest=guest,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/home/berrange/.config/libvirt/qemu/lib/domain-33-guest/master-key.aes \
-machine pseries-2.10,accel=tcg,usb=off,dump-guest-core=off \
-m 1024 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c8a74977-ab18-41d0-ae3b-4041c7fffbcd \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=23,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
-device qemu-xhci,id=usb,bus=pci.0,addr=0x1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2018-12-14 12:57:03.730+0000: shutting down, reason=failed
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-14 20:07:08 +08:00
|
|
|
if (!(actualCmdline = virCommandToString(cmd, false)))
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
goto cleanup;
|
|
|
|
} else {
|
|
|
|
char *createCmdline = actualCmdline;
|
2019-10-15 21:16:31 +08:00
|
|
|
g_autofree char *cvtCmdline = NULL;
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
|
qemu: use line breaks in command line args written to log
The QEMU command line arguments are very long and currently all written
on a single line to /var/log/libvirt/qemu/$GUEST.log. This introduces
logic to add line breaks after every env variable and "-" optional
argument, and every positional argument. This will create a clearer log
file, which will in turn present better in bug reports when people cut +
paste from the log into a bug comment.
An example log file entry now looks like this:
2018-12-14 12:57:03.677+0000: starting up libvirt version: 5.0.0, qemu version: 3.0.0qemu-3.0.0-1.fc29, kernel: 4.19.5-300.fc29.x86_64, hostname: localhost.localdomain
LC_ALL=C \
PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \
HOME=/home/berrange \
USER=berrange \
LOGNAME=berrange \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-ppc64 \
-name guest=guest,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/home/berrange/.config/libvirt/qemu/lib/domain-33-guest/master-key.aes \
-machine pseries-2.10,accel=tcg,usb=off,dump-guest-core=off \
-m 1024 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c8a74977-ab18-41d0-ae3b-4041c7fffbcd \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=23,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-boot strict=on \
-device qemu-xhci,id=usb,bus=pci.0,addr=0x1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
2018-12-14 12:57:03.730+0000: shutting down, reason=failed
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-14 20:07:08 +08:00
|
|
|
if (!(cvtCmdline = virCommandToString(cmd, false)))
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
actualCmdline = g_strdup_printf("%s\n%s", createCmdline, cvtCmdline);
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
|
|
|
|
VIR_FREE(createCmdline);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (convertStep == VIR_STORAGE_VOL_ENCRYPT_NONE)
|
|
|
|
convertStep = VIR_STORAGE_VOL_ENCRYPT_DONE;
|
|
|
|
else if (convertStep == VIR_STORAGE_VOL_ENCRYPT_CREATE)
|
|
|
|
convertStep = VIR_STORAGE_VOL_ENCRYPT_CONVERT;
|
|
|
|
else if (convertStep == VIR_STORAGE_VOL_ENCRYPT_CONVERT)
|
|
|
|
convertStep = VIR_STORAGE_VOL_ENCRYPT_DONE;
|
|
|
|
|
|
|
|
} while (convertStep != VIR_STORAGE_VOL_ENCRYPT_DONE);
|
2013-06-05 16:49:15 +08:00
|
|
|
|
2016-05-26 23:01:53 +08:00
|
|
|
if (virTestCompareToFile(actualCmdline, cmdline) < 0)
|
2013-02-18 20:43:28 +08:00
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
2014-03-25 14:53:44 +08:00
|
|
|
cleanup:
|
2017-10-08 21:09:09 +08:00
|
|
|
virStoragePoolObjEndAPI(&obj);
|
2013-02-18 20:43:28 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct testInfo {
|
|
|
|
bool shouldFail;
|
|
|
|
const char *pool;
|
|
|
|
const char *vol;
|
2013-07-22 21:55:40 +08:00
|
|
|
const char *inputpool;
|
2013-02-18 20:43:28 +08:00
|
|
|
const char *inputvol;
|
|
|
|
const char *cmdline;
|
|
|
|
unsigned int flags;
|
2015-02-17 23:57:02 +08:00
|
|
|
unsigned long parseflags;
|
2013-02-18 20:43:28 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
testCompareXMLToArgvHelper(const void *data)
|
|
|
|
{
|
|
|
|
const struct testInfo *info = data;
|
2019-10-15 21:16:31 +08:00
|
|
|
g_autofree char *poolxml = NULL;
|
|
|
|
g_autofree char *inputpoolxml = NULL;
|
|
|
|
g_autofree char *volxml = NULL;
|
|
|
|
g_autofree char *inputvolxml = NULL;
|
|
|
|
g_autofree char *cmdline = NULL;
|
2013-02-18 20:43:28 +08:00
|
|
|
|
2019-10-22 21:26:14 +08:00
|
|
|
if (info->inputvol)
|
|
|
|
inputvolxml = g_strdup_printf("%s/storagevolxml2xmlin/%s.xml",
|
|
|
|
abs_srcdir, info->inputvol);
|
|
|
|
if (info->inputpool)
|
|
|
|
inputpoolxml = g_strdup_printf("%s/storagepoolxml2xmlin/%s.xml",
|
|
|
|
abs_srcdir, info->inputpool);
|
|
|
|
poolxml = g_strdup_printf("%s/storagepoolxml2xmlin/%s.xml",
|
|
|
|
abs_srcdir, info->pool);
|
|
|
|
volxml = g_strdup_printf("%s/storagevolxml2xmlin/%s.xml",
|
|
|
|
abs_srcdir, info->vol);
|
|
|
|
cmdline = g_strdup_printf("%s/storagevolxml2argvdata/%s.argv",
|
|
|
|
abs_srcdir, info->cmdline);
|
2013-02-18 20:43:28 +08:00
|
|
|
|
2019-02-02 01:03:16 +08:00
|
|
|
return testCompareXMLToArgvFiles(info->shouldFail, poolxml, volxml,
|
|
|
|
inputpoolxml, inputvolxml,
|
|
|
|
cmdline, info->flags,
|
|
|
|
info->parseflags);
|
2013-02-18 20:43:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
mymain(void)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
unsigned int flags = VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA;
|
|
|
|
|
2015-02-17 23:57:02 +08:00
|
|
|
#define DO_TEST_FULL(shouldFail, parseflags, pool, vol, inputpool, inputvol, \
|
2018-04-18 05:32:23 +08:00
|
|
|
cmdline, flags) \
|
2017-11-03 20:09:47 +08:00
|
|
|
do { \
|
2013-07-22 21:55:40 +08:00
|
|
|
struct testInfo info = { shouldFail, pool, vol, inputpool, inputvol, \
|
2018-04-18 05:00:33 +08:00
|
|
|
cmdline, flags, parseflags }; \
|
2017-11-03 20:09:47 +08:00
|
|
|
if (virTestRun("Storage Vol XML-2-argv " cmdline, \
|
|
|
|
testCompareXMLToArgvHelper, &info) < 0) \
|
|
|
|
ret = -1; \
|
|
|
|
} \
|
2013-02-18 20:43:28 +08:00
|
|
|
while (0);
|
|
|
|
|
2017-11-03 20:09:47 +08:00
|
|
|
#define DO_TEST(pool, ...) \
|
2015-02-17 23:57:02 +08:00
|
|
|
DO_TEST_FULL(false, 0, pool, __VA_ARGS__)
|
2013-07-22 15:11:50 +08:00
|
|
|
|
2017-11-03 20:09:47 +08:00
|
|
|
#define DO_TEST_FAIL(pool, ...) \
|
2015-02-17 23:57:02 +08:00
|
|
|
DO_TEST_FULL(true, 0, pool, __VA_ARGS__)
|
2013-07-22 15:11:50 +08:00
|
|
|
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-compat", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-nobacking",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-nobacking-prealloc-compat", flags);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-nobacking",
|
|
|
|
"pool-dir", "vol-file",
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-nobacking-convert-prealloc-compat", flags);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-lazy",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-lazy", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-1.1",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-1.1", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST_FAIL("pool-dir", "vol-qcow2-0.10-lazy",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-0.10-lazy", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-nobacking",
|
|
|
|
"pool-logical", "vol-logical",
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-from-logical-compat", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
DO_TEST("pool-logical", "vol-logical",
|
|
|
|
"pool-dir", "vol-qcow2-nobacking",
|
2018-04-18 05:32:23 +08:00
|
|
|
"logical-from-qcow2", 0);
|
2014-07-15 16:49:47 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-nocow",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-nocow-compat", 0);
|
2015-02-17 23:54:53 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-nocapacity",
|
|
|
|
"pool-dir", "vol-file",
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-nocapacity-convert-prealloc", flags);
|
2015-07-01 04:19:04 +08:00
|
|
|
DO_TEST("pool-dir", "vol-qcow2-zerocapacity",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-zerocapacity", 0);
|
2015-02-17 23:57:02 +08:00
|
|
|
DO_TEST_FULL(false, VIR_VOL_XML_PARSE_OPT_CAPACITY,
|
|
|
|
"pool-dir", "vol-qcow2-nocapacity-backing", NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"qcow2-nocapacity", 0);
|
2013-08-20 23:37:08 +08:00
|
|
|
|
2017-03-07 23:50:59 +08:00
|
|
|
DO_TEST("pool-dir", "vol-file-iso",
|
|
|
|
NULL, NULL,
|
2018-04-18 05:32:23 +08:00
|
|
|
"iso", 0);
|
2017-03-07 23:50:59 +08:00
|
|
|
DO_TEST("pool-dir", "vol-file",
|
|
|
|
"pool-dir", "vol-file-iso",
|
2018-04-18 05:32:23 +08:00
|
|
|
"iso-input", 0);
|
2017-03-07 23:50:59 +08:00
|
|
|
|
2018-06-21 04:21:50 +08:00
|
|
|
DO_TEST_FAIL("pool-dir", "vol-qcow2-encryption",
|
|
|
|
NULL, NULL,
|
|
|
|
"qcow2-encryption", 0);
|
|
|
|
|
2018-06-19 22:59:48 +08:00
|
|
|
DO_TEST("pool-dir", "vol-luks",
|
|
|
|
NULL, NULL,
|
|
|
|
"luks", 0);
|
|
|
|
DO_TEST("pool-dir", "vol-luks-cipher",
|
|
|
|
NULL, NULL,
|
|
|
|
"luks-cipher", 0);
|
|
|
|
|
storage: Add support for using inputvol for encryption
Starting with QEMU 2.9, encryption convert processing requires
a multi-step process in order to generate an encrypted image from
some non encrypted raw image.
Processing requires to first create an encrypted image using the
sizing parameters from the input source and second to use the
--image-opts, -n, and --target-image-opts options along with inline
driver options to describe the input and output files, generating
two commands such as:
$ qemu-img create -f luks \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
-o key-secret=demo.img_encrypt0 \
demo.img 500K
Formatting 'demo.img', fmt=luks size=512000 key-secret=demo.img_encrypt0
$ qemu-img convert --image-opts -n --target-image-opts \
--object secret,id=demo.img_encrypt0,file=/path/to/secretFile \
driver=raw,file.filename=sparse.img \
driver=luks,file.filename=demo.img,key-secret=demo.img_encrypt0
$
This patch handles the convert processing by running the processing
in a do..while loop essentially reusing the existing create logic and
arguments to create the target vol from the inputvol and then converting
the inputvol using new arguments.
This then allows the following virsh command to work properly:
virsh vol-create-from default encrypt1-luks.xml data.img --inputpool default
where encrypt1-luks.xml would provided the path and secret for
the new image, while data.img would be the source image.
Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2018-06-21 03:51:47 +08:00
|
|
|
DO_TEST("pool-dir", "vol-luks-convert",
|
|
|
|
"pool-dir", "vol-file",
|
|
|
|
"luks-convert", 0);
|
|
|
|
|
2018-08-21 21:53:12 +08:00
|
|
|
DO_TEST("pool-dir", "vol-luks-convert",
|
|
|
|
"pool-dir", "vol-file-qcow2",
|
|
|
|
"luks-convert-qcow2", 0);
|
|
|
|
|
2018-08-21 00:25:44 +08:00
|
|
|
DO_TEST("pool-dir", "vol-encrypt2",
|
|
|
|
"pool-dir", "vol-encrypt1",
|
|
|
|
"luks-convert-encrypt", 0);
|
|
|
|
|
|
|
|
DO_TEST("pool-dir", "vol-file",
|
|
|
|
"pool-dir", "vol-encrypt2",
|
|
|
|
"luks-convert-encrypt2fileraw", 0);
|
|
|
|
|
|
|
|
DO_TEST("pool-dir", "vol-file-qcow2",
|
|
|
|
"pool-dir", "vol-encrypt2",
|
|
|
|
"luks-convert-encrypt2fileqcow2", 0);
|
|
|
|
|
2014-03-17 17:38:38 +08:00
|
|
|
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
2013-02-18 20:43:28 +08:00
|
|
|
}
|
|
|
|
|
2017-03-29 22:45:42 +08:00
|
|
|
VIR_TEST_MAIN(mymain)
|