NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

conf: add encryption engine property

Browse Source 
This commit extends libvirt XML configuration to support a custom encryption engine.
This means that <encryption format="luks" engine="qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Or Ozeri 2021-10-24 04:51:28 -05:00 committed by Peter Krempa
parent 0398be5da6
commit ab1d46d612
16 changed files with 99 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/formatstorageencryption.html.in
View File

@ -23,6 +23,12 @@
content of the <code>encryption</code> tag. Other format values may be content of the <code>encryption</code> tag. Other format values may be
defined in the future. defined in the future.
</p> </p>
<p>
The <code>encryption</code> tag supports an optional <code>engine</code>
tag, which allows selecting which component actually handles
the encryption. Currently defined values of <code>engine</code> are
<code>qemu</code>.
</p>
<p> <p>
The <code>encryption</code> tag can currently contain a sequence of The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes <code>type</code> <code>secret</code> tags, each with mandatory attributes <code>type</code>

7
docs/schemas/domainbackup.rng
View File

@ -14,6 +14,13 @@
<value>luks</value> <value>luks</value>
</choice> </choice>
</attribute> </attribute>
<optional>
<attribute name="engine">
<choice>
<value>qemu</value>
</choice>
</attribute>
</optional>
<interleave> <interleave>
<ref name="secret"/> <ref name="secret"/>
<optional> <optional>

7
docs/schemas/storagecommon.rng
View File

@ -15,6 +15,13 @@
<value>luks</value> <value>luks</value>
</choice> </choice>
</attribute> </attribute>
<optional>
<attribute name="engine">
<choice>
<value>qemu</value>
</choice>
</attribute>
</optional>
<interleave> <interleave>
<ref name="secret"/> <ref name="secret"/>
<optional> <optional>

26
src/conf/storage_encryption_conf.c
View File

@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
"default", "qcow", "luks", "default", "qcow", "luks",
); );
VIR_ENUM_IMPL(virStorageEncryptionEngine,
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
"default", "qemu",
);
static void static void
virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def) virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
{ {
@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *src)
ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets); ret->secrets = g_new0(virStorageEncryptionSecret *, src->nsecrets);
ret->nsecrets = src->nsecrets; ret->nsecrets = src->nsecrets;
ret->format = src->format; ret->format = src->format;
ret->engine = src->engine;
for (i = 0; i < src->nsecrets; i++) { for (i = 0; i < src->nsecrets; i++) {
if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i]))) if (!(ret->secrets[i] = virStorageEncryptionSecretCopy(src->secrets[i])))
@ -239,6 +245,12 @@ virStorageEncryptionParseNode(xmlNodePtr node,
goto cleanup; goto cleanup;
} }
if (virXMLPropEnum(node, "engine",
virStorageEncryptionEngineTypeFromString,
VIR_XML_PROP_NONZERO,
&encdef->engine) < 0)
goto cleanup;
if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0) if ((n = virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
goto cleanup; goto cleanup;
@ -327,6 +339,7 @@ int
virStorageEncryptionFormat(virBuffer *buf, virStorageEncryptionFormat(virBuffer *buf,
virStorageEncryption *enc) virStorageEncryption *enc)
{ {
const char *engine;
const char *format; const char *format;
size_t i; size_t i;
@ -335,7 +348,18 @@ virStorageEncryptionFormat(virBuffer *buf,
"%s", _("unexpected encryption format")); "%s", _("unexpected encryption format"));
return -1; return -1;
} }
virBufferAsprintf(buf, "<encryption format='%s'>\n", format); if (enc->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
virBufferAsprintf(buf, "<encryption format='%s'>\n", format);
} else {
if (!(engine = virStorageEncryptionEngineTypeToString(enc->engine))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("unexpected encryption engine"));
return -1;
}
virBufferAsprintf(buf, "<encryption format='%s' engine='%s'>\n",
format, engine);
}
virBufferAdjustIndent(buf, 2); virBufferAdjustIndent(buf, 2);
for (i = 0; i < enc->nsecrets; i++) { for (i = 0; i < enc->nsecrets; i++) {

9
src/conf/storage_encryption_conf.h
View File

@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
char *ivgen_hash; char *ivgen_hash;
}; };
typedef enum {
VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT = 0,
VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
} virStorageEncryptionEngine;
VIR_ENUM_DECL(virStorageEncryptionEngine);
typedef enum { typedef enum {
/* "default" is only valid for volume creation */ /* "default" is only valid for volume creation */
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0, VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
@ -63,6 +71,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
typedef struct _virStorageEncryption virStorageEncryption; typedef struct _virStorageEncryption virStorageEncryption;
struct _virStorageEncryption { struct _virStorageEncryption {
virStorageEncryptionEngine engine;
int format; /* virStorageEncryptionFormatType */ int format; /* virStorageEncryptionFormatType */
int payload_offset; int payload_offset;

2
src/qemu/qemu_block.c
View File

@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
*encprops = NULL; *encprops = NULL;
if (!src->encryption || if (!src->encryption ||
src->encryption->engine != VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
!srcpriv || !srcpriv ||
!srcpriv->encinfo) !srcpriv->encinfo)
return 0; return 0;
@ -1448,6 +1449,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStorageSource *src)
* put a raw layer on top */ * put a raw layer on top */
case VIR_STORAGE_FILE_RAW: case VIR_STORAGE_FILE_RAW:
if (src->encryption && if (src->encryption &&
src->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_QEMU &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0) if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
return NULL; return NULL;

20
src/qemu/qemu_domain.c
View File

@ -4770,6 +4770,18 @@ qemuDomainValidateStorageSource(virStorageSource *src,
} }
} }
if (src->encryption) {
switch (src->encryption->engine) {
case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
break;
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
virReportEnumRangeError(virStorageEncryptionEngine,
src->encryption->engine);
return -1;
}
}
return 0; return 0;
} }
@ -5222,6 +5234,8 @@ int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk, qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
unsigned int parseFlags) unsigned int parseFlags)
{ {
virStorageSource *n;
/* set default disk types and drivers */ /* set default disk types and drivers */
if (!virDomainDiskGetDriver(disk)) if (!virDomainDiskGetDriver(disk))
virDomainDiskSetDriver(disk, "qemu"); virDomainDiskSetDriver(disk, "qemu");
@ -5236,6 +5250,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
disk->mirror->format == VIR_STORAGE_FILE_NONE) disk->mirror->format == VIR_STORAGE_FILE_NONE)
disk->mirror->format = VIR_STORAGE_FILE_RAW; disk->mirror->format = VIR_STORAGE_FILE_RAW;
/* default disk encryption engine */
for (n = disk->src; virStorageSourceIsBacking(n); n = n->backingStore) {
if (n->encryption && n->encryption->engine == VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT)
n->encryption->engine = VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
}
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0) if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0)
return -1; return -1;

6
tests/qemustatusxml2xmldata/upgrade-out.xml
View File

@ -316,7 +316,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/b.qcow2'> <source file='/var/lib/libvirt/images/b.qcow2'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
<privateData> <privateData>
@ -333,7 +333,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/c.qcow2'> <source file='/var/lib/libvirt/images/c.qcow2'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
<privateData> <privateData>
@ -354,7 +354,7 @@
<auth username='testuser-iscsi'> <auth username='testuser-iscsi'>
<secret type='iscsi' usage='testuser-iscsi-secret'/> <secret type='iscsi' usage='testuser-iscsi-secret'/>
</auth> </auth>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
<privateData> <privateData>

2
tests/qemuxml2argvdata/disk-nvme.xml
View File

@ -42,7 +42,7 @@
<driver name='qemu' type='qcow2' cache='none'/> <driver name='qemu' type='qcow2' cache='none'/>
<source type='pci' managed='no' namespace='2'> <source type='pci' managed='no' namespace='2'>
<address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/> <address domain='0x0001' bus='0x02' slot='0x00' function='0x0'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>

2
tests/qemuxml2argvdata/encrypted-disk-usage.xml
View File

@ -18,7 +18,7 @@
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/> <source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/> <target dev='vda' bus='virtio'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/> <secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
</encryption> </encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

4
tests/qemuxml2argvdata/luks-disks.xml
View File

@ -18,7 +18,7 @@
<driver name='qemu' type='raw'/> <driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'/> <source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/> <target dev='vda' bus='virtio'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
@ -27,7 +27,7 @@
<driver name='qemu' type='raw'/> <driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'/> <source file='/storage/guest_disks/encryptdisk2'/>
<target dev='vdb' bus='virtio'/> <target dev='vdb' bus='virtio'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/> <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption> </encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>

2
tests/qemuxml2argvdata/user-aliases.xml
View File

@ -55,7 +55,7 @@
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/OtherDemo.img'/> <source file='/var/lib/libvirt/images/OtherDemo.img'/>
<target dev='vdb' bus='virtio'/> <target dev='vdb' bus='virtio'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/> <secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
</encryption> </encryption>
<alias name='ua-myEncryptedDisk1'/> <alias name='ua-myEncryptedDisk1'/>

4
tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
View File

@ -49,7 +49,7 @@
<slices> <slices>
<slice type='storage' offset='1234' size='321'/> <slice type='storage' offset='1234' size='321'/>
</slices> </slices>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>
@ -75,7 +75,7 @@
<slices> <slices>
<slice type='storage' offset='1234' size='321'/> <slice type='storage' offset='1234' size='321'/>
</slices> </slices>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>

2
tests/qemuxml2xmloutdata/encrypted-disk.xml
View File

@ -18,7 +18,7 @@
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'/> <source file='/storage/guest_disks/encryptdisk'/>
<target dev='vda' bus='virtio'/> <target dev='vda' bus='virtio'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

14
tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
View File

@ -20,7 +20,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk'> <source file='/storage/guest_disks/encryptdisk'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>
@ -30,7 +30,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk2'> <source file='/storage/guest_disks/encryptdisk2'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/> <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption> </encryption>
</source> </source>
@ -44,7 +44,7 @@
<auth username='myname'> <auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/> <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth> </auth>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption> </encryption>
</source> </source>
@ -54,7 +54,7 @@
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'> <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption> </encryption>
</source> </source>
@ -67,7 +67,7 @@
<host name='mon1.example.org' port='6321'/> <host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/> <host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/> <host name='mon3.example.org' port='6322'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption> </encryption>
</source> </source>
@ -77,14 +77,14 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/> <driver name='qemu' type='qcow2'/>
<source file='/storage/guest_disks/encryptdisk5'> <source file='/storage/guest_disks/encryptdisk5'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>
<backingStore type='file'> <backingStore type='file'>
<format type='qcow2'/> <format type='qcow2'/>
<source file='/storage/guest_disks/base.qcow2'> <source file='/storage/guest_disks/base.qcow2'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>

10
tests/qemuxml2xmloutdata/luks-disks-source.xml
View File

@ -17,7 +17,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='raw'/> <driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk'> <source file='/storage/guest_disks/encryptdisk'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption> </encryption>
</source> </source>
@ -27,7 +27,7 @@
<disk type='file' device='disk'> <disk type='file' device='disk'>
<driver name='qemu' type='raw'/> <driver name='qemu' type='raw'/>
<source file='/storage/guest_disks/encryptdisk2'> <source file='/storage/guest_disks/encryptdisk2'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/> <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
</encryption> </encryption>
</source> </source>
@ -41,7 +41,7 @@
<auth username='myname'> <auth username='myname'>
<secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/> <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
</auth> </auth>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
</encryption> </encryption>
</source> </source>
@ -51,7 +51,7 @@
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name='qemu' type='raw'/> <driver name='qemu' type='raw'/>
<source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'> <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
</encryption> </encryption>
</source> </source>
@ -64,7 +64,7 @@
<host name='mon1.example.org' port='6321'/> <host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/> <host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/> <host name='mon3.example.org' port='6322'/>
<encryption format='luks'> <encryption format='luks' engine='qemu'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
</encryption> </encryption>
</source> </source>