block/rbd: Add luks-any encryption opening option

Ceph RBD encryption API required specifying the encryption format for loading encryption. The supported formats were LUKS (v1) and LUKS2. Starting from Reef release, RBD also supports loading with "luks-any" format, which works for both versions of LUKS. This commit extends the qemu rbd driver API to enable qemu users to use this luks-any wildcard format. Signed-off-by: Or Ozeri <oro@il.ibm.com> Message-Id: <20230129113120.722708-3-oro@oro.sl.cloud9.ibm.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-07-20 18:04:35 +00:00 · 2023-01-29 05:31:19 -06:00 · 2023-01-29 05:31:19 -06:00 · b8f218ef60
parent a4ac51ac4e
commit b8f218ef60
2 changed files with 33 additions and 2 deletions
--- a/block/rbd.c
+++ b/block/rbd.c
@ -469,6 +469,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
    g_autofree char *passphrase = NULL;
    rbd_encryption_luks1_format_options_t luks_opts;
    rbd_encryption_luks2_format_options_t luks2_opts;
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+    rbd_encryption_luks_format_options_t luks_any_opts;
+#endif
    rbd_encryption_format_t format;
    rbd_encryption_options_t opts;
    size_t opts_size;
@ -502,6 +505,22 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
            luks2_opts.passphrase = passphrase;
            break;
        }
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+        case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ANY: {
+            memset(&luks_any_opts, 0, sizeof(luks_any_opts));
+            format = RBD_ENCRYPTION_FORMAT_LUKS;
+            opts = &luks_any_opts;
+            opts_size = sizeof(luks_any_opts);
+            r = qemu_rbd_convert_luks_options(
+                    qapi_RbdEncryptionOptionsLUKSAny_base(&encrypt->u.luks_any),
+                    &passphrase, &luks_any_opts.passphrase_size, errp);
+            if (r < 0) {
+                return r;
+            }
+            luks_any_opts.passphrase = passphrase;
+            break;
+        }
+#endif
        default: {
            r = -ENOTSUP;
            error_setg_errno(
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@ -3922,10 +3922,12 @@
 ##
 # @RbdImageEncryptionFormat:
 #
+# @luks-any: Used for opening either luks or luks2 (Since 8.0)
+#
 # Since: 6.1
 ##
 { 'enum': 'RbdImageEncryptionFormat',
-  'data': [ 'luks', 'luks2' ] }
+  'data': [ 'luks', 'luks2', 'luks-any' ] }

 ##
 # @RbdEncryptionOptionsLUKSBase:
@ -3967,6 +3969,15 @@
  'base': 'RbdEncryptionOptionsLUKSBase',
  'data': { } }

+##
+# @RbdEncryptionOptionsLUKSAny:
+#
+# Since: 8.0
+##
+{ 'struct': 'RbdEncryptionOptionsLUKSAny',
+  'base': 'RbdEncryptionOptionsLUKSBase',
+  'data': { } }
+
 ##
 # @RbdEncryptionCreateOptionsLUKS:
 #
@ -3994,7 +4005,8 @@
  'base': { 'format': 'RbdImageEncryptionFormat' },
  'discriminator': 'format',
  'data': { 'luks': 'RbdEncryptionOptionsLUKS',
-            'luks2': 'RbdEncryptionOptionsLUKS2' } }
+            'luks2': 'RbdEncryptionOptionsLUKS2',
+            'luks-any': 'RbdEncryptionOptionsLUKSAny'} }

 ##
 # @RbdEncryptionCreateOptions: