diff options
| author | Or Ozeri <oro@il.ibm.com> | 2023-01-29 05:31:20 -0600 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2023-02-23 19:49:35 +0100 |
| commit | 0f385a2420d2c3f8ae7ed65fbe2712027664059e (patch) | |
| tree | d905bdcbc1c0a79bb22ada3431bf95162aee320f /qapi | |
| parent | b8f218ef6036d4d62968f6da9319c9d0663539dd (diff) | |
block/rbd: Add support for layered encryption
Starting from ceph Reef, RBD has built-in support for layered encryption,
where each ancestor image (in a cloned image setting) can be possibly
encrypted using a unique passphrase.
A new function, rbd_encryption_load2, was added to librbd API.
This new function supports an array of passphrases (via "spec" structs).
This commit extends the qemu rbd driver API to use this new librbd API,
in order to support this new layered encryption feature.
Signed-off-by: Or Ozeri <oro@il.ibm.com>
Message-Id: <20230129113120.722708-4-oro@oro.sl.cloud9.ibm.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'qapi')
| -rw-r--r-- | qapi/block-core.json | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/qapi/block-core.json b/qapi/block-core.json index 5f09b1d31a..c05ad0c07e 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3999,10 +3999,19 @@ ## # @RbdEncryptionOptions: # +# @format: Encryption format. +# +# @parent: Parent image encryption options (for cloned images). +# Can be left unspecified if this cloned image is encrypted +# using the same format and secret as its parent image (i.e. +# not explicitly formatted) or if its parent image is not +# encrypted. (Since 8.0) +# # Since: 6.1 ## { 'union': 'RbdEncryptionOptions', - 'base': { 'format': 'RbdImageEncryptionFormat' }, + 'base': { 'format': 'RbdImageEncryptionFormat', + '*parent': 'RbdEncryptionOptions' }, 'discriminator': 'format', 'data': { 'luks': 'RbdEncryptionOptionsLUKS', 'luks2': 'RbdEncryptionOptionsLUKS2', |