Bug 1375870 - rbd pool should support vol-create a encrypted volume
Summary: rbd pool should support vol-create a encrypted volume
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: libvirt
Version: ---
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: pre-dev-freeze
: ---
Assignee: Virtualization Maintenance
QA Contact: Meina Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-14 07:06 UTC by yisun
Modified: 2020-11-06 12:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-06 12:36:20 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description yisun 2016-09-14 07:06:45 UTC 
Description of problem:
rbd pool should support vol-create a encrypted volume

Version-Release number of selected component (if applicable):
libvirt-2.0.0-8.el7.x86_64

How reproducible:
100%

This is from 
https://bugzilla.redhat.com/show_bug.cgi?id=1301021#c9


Steps to Reproduce:
# virsh pool-dumpxml rbd
<pool type='rbd'>
  <name>rbd</name>
  <uuid>ab987a2a-e5c1-4b67-ad2f-ea2801541766</uuid>
  <capacity unit='bytes'>152820314112</capacity>
  <allocation unit='bytes'>260358</allocation>
  <available unit='bytes'>61114695680</available>
  <source>
    <host name='10.x.x.x' port='6789'/>
    <host name='10.x.x.x' port='6789'/>
    <name>yisun-pool</name>
  </source>
</pool>

And I edit a vol xml:
# cat rbd_vol1.xml 
<volume type='network'>
<name>luks_vol1.img</name>
<source>
</source>
<capacity unit='bytes'>6368709120</capacity>
<allocation unit='bytes'>6368709120</allocation>
<target>
<format type='raw'/>
<encryption format='luks'>
  <secret type='passphrase' uuid='4ff78f8c-6ee6-4a8d-b638-2b59d5d49279'/>
  <cipher name='twofish' size='256' mode='cbc' hash='sha256'/>
  <ivgen name='plain64' hash='sha256'/>
</encryption>
</target>
</volume>

And I try to create this volume in the rbd pool, got error:
# virsh vol-create rbd rbd_vol1.xml 
error: Failed to create vol from rbd_vol1.xml
error: unsupported configuration: storage pool does not support encrypted volumes




Actual results:
vol-create failed

Expected results:
should support 

=======Additional info=======
we can use pure qemu cmd to create a rbd vol with luks encryption as follow:
# qemu-img create -f luks --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -o key-secret=sec0 rbd:yisun-pool/ys2.img:mon_host=10.73.75.52 1G
Formatting 'rbd:yisun-pool/ys2.img:mon_host=10.73.75.52', fmt=luks size=1073741824 key-secret=sec0


# qemu-img info rbd:yisun-pool/ys2.img:mon_host=10.73.75.52
image: rbd:yisun-pool/ys2.img:mon_host=10.73.75.52
file format: luks
virtual size: 1.0G (1073741824 bytes)
disk size: unavailable
encrypted: yes
Comment 2 John Ferlan 2017-04-04 19:03:27 UTC 
Move to 7.5 - this is going to require a bit more work.
Comment 4 Jaroslav Suchanek 2020-11-06 12:36:20 UTC 
This bug was closed deferred as a result of bug triage.

Please reopen if you disagree and provide justification why this bug should
get enough priority. Most important would be information about impact on
customer or layered product. Please indicate requested target release.
Note You need to log in before you can comment on or make changes to this bug.