mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-22 13:33:52 +03:00
73c27a9dd2
* F #1345: KVM support for persistent luks volmes Support for attaching a persistent qemu luks encrypted disk, created as per the libvirt/qemu documentation. Private secret must be defined on the hypervisor for decryption and the image should contain "LUKS_SECRET" attribute. 1) Create the image and import into datastore: # qemu-img create --object secret,id=sec0,data=secretphrase -o key-secret=sec0 -f luks volume 1G 2) Create the secret on the hypervisor: # virsh secret-define volume-secret.xml # MYSECRET=`printf %s "secretphrase" | base64` # virsh secret-set-value $MYUUID $MYSECRET # virsh secret-dumpxml $MYUUID <secret ephemeral='no' private='yes'> <uuid>$MYUUID</uuid> <description>luks key</description> <usage type='volume'> <volume>rbd:one/one-123</volume> </usage> </secret> 3) Set the UUID in the image attributes, ie: # oneimage show 123 |grep LUKS LUKS_SECRET="$MYUUID" This should allow the disk attach to decryt the luks image and use as a normal disk within the VM. Co-authored-by: Laurence <laurencegill@users.noreply.github.com> |
||
---|---|---|
.. | ||
cron.d | ||
sysctl.d | ||
defaultrc | ||
oned.conf |