Bug 1375870

Summary: rbd pool should support vol-create a encrypted volume
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: yisun
Component: libvirtAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DEFERRED QA Contact: Meina Li <meili>
Severity: medium Docs Contact:
Priority: medium    
Version: ---CC: dyuan, jferlan, lmen, rbalakri, xuzhang, yisun
Target Milestone: pre-dev-freezeKeywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-06 12:36:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description yisun 2016-09-14 07:06:45 UTC 
Description of problem:
rbd pool should support vol-create a encrypted volume

Version-Release number of selected component (if applicable):
libvirt-2.0.0-8.el7.x86_64

How reproducible:
100%

This is from 
https://bugzilla.redhat.com/show_bug.cgi?id=1301021#c9


Steps to Reproduce:
# virsh pool-dumpxml rbd
<pool type='rbd'>
  <name>rbd</name>
  <uuid>ab987a2a-e5c1-4b67-ad2f-ea2801541766</uuid>
  <capacity unit='bytes'>152820314112</capacity>
  <allocation unit='bytes'>260358</allocation>
  <available unit='bytes'>61114695680</available>
  <source>
    <host name='10.x.x.x' port='6789'/>
    <host name='10.x.x.x' port='6789'/>
    <name>yisun-pool</name>
  </source>
</pool>

And I edit a vol xml:
# cat rbd_vol1.xml 
<volume type='network'>
<name>luks_vol1.img</name>
<source>
</source>
<capacity unit='bytes'>6368709120</capacity>
<allocation unit='bytes'>6368709120</allocation>
<target>
<format type='raw'/>
<encryption format='luks'>
  <secret type='passphrase' uuid='4ff78f8c-6ee6-4a8d-b638-2b59d5d49279'/>
  <cipher name='twofish' size='256' mode='cbc' hash='sha256'/>
  <ivgen name='plain64' hash='sha256'/>
</encryption>
</target>
</volume>

And I try to create this volume in the rbd pool, got error:
# virsh vol-create rbd rbd_vol1.xml 
error: Failed to create vol from rbd_vol1.xml
error: unsupported configuration: storage pool does not support encrypted volumes




Actual results:
vol-create failed

Expected results:
should support 

=======Additional info=======
we can use pure qemu cmd to create a rbd vol with luks encryption as follow:
# qemu-img create -f luks --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -o key-secret=sec0 rbd:yisun-pool/ys2.img:mon_host=10.73.75.52 1G
Formatting 'rbd:yisun-pool/ys2.img:mon_host=10.73.75.52', fmt=luks size=1073741824 key-secret=sec0


# qemu-img info rbd:yisun-pool/ys2.img:mon_host=10.73.75.52
image: rbd:yisun-pool/ys2.img:mon_host=10.73.75.52
file format: luks
virtual size: 1.0G (1073741824 bytes)
disk size: unavailable
encrypted: yes
Comment 2 John Ferlan 2017-04-04 19:03:27 UTC 
Move to 7.5 - this is going to require a bit more work.
Comment 4 Jaroslav Suchanek 2020-11-06 12:36:20 UTC 
This bug was closed deferred as a result of bug triage.

Please reopen if you disagree and provide justification why this bug should
get enough priority. Most important would be information about impact on
customer or layered product. Please indicate requested target release.