KVM support for luks volmes?
Is there any plans to support luks volumes for virtual machines? I have not managed to find any discussions around this on any opennebula mailing lists.
I think it would require qemu 2.6:
...and also libvirt 2.2.0, and I'd guess you need to create a secret on the hypervisor, unless it could be randomly generated if you are creating a empty datablock to install to. Although if you created the volume outside of opennebula I suppose you could pass the parameters through using the raw kvm contextualisation.
Thoughts? Silly idea?
#1 Updated by Laurence Gill about 1 month ago
I made a bit of progress on this, see
Tested on debian jessie and you need to install the qemu/libvirt packages from backports to get the encryption support:
apt-get -t jessie-backports install libvirt0
apt-get -t jessie-backports install qemu-kvm qemu-utils qemu-block-extra qemu-system-common qemu-system-x86
Then create the image and import, create the libvirt secret etc, then you can attach the disk and it is decrypted, if it doesn't work you will still see the device as an encrypted luks disk (luksDump)
The question now is how to generate this the libvirt xml at deployment to contain the libvirt xml? I am a bit stuck here, does the LibVirtDriverKVM.cc file need changing, or is there a simpler way to change what is generated in the deployment file when instantiating the VM?
#2 Updated by Anton Todorov about 1 month ago
There is an entry in the backlog addressing the option to alter the VM deployment XML before deploy (#4880).
Currently I am patching the vmm/kvm/deploy script to execute a script to edit the deployment XML file before it is passed to libvirt.
#3 Updated by Laurence Gill about 1 month ago
On balance, I figured it would be less lines of code to patch the driver:
Seems to work, requires some further testing though...