</p>
<pre>
- <secret ephemeral='no' private='yes'>
- <description>Super secret name of my first puppy</description>
- <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
- <usage type='volume'>
- <volume>/var/lib/libvirt/images/puppyname.img</volume>
- </usage>
- </secret>
+<secret ephemeral='no' private='yes'>
+ <description>Super secret name of my first puppy</description>
+ <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
+ <usage type='volume'>
+ <volume>/var/lib/libvirt/images/puppyname.img</volume>
+ </usage>
+</secret>
</pre>
<p>
Define the secret and set the passphrase as follows:
</p>
<pre>
- # virsh secret-define volume-secret.xml
- Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
- #
- # MYSECRET=`printf %s "open sesame" | base64`
- # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
- Secret value set
- #
+# virsh secret-define volume-secret.xml
+Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
+#
+# MYSECRET=`printf %s "open sesame" | base64`
+# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
+Secret value set
+#
</pre>
<p>
volume <a href="formatstorageencryption.html">encryption</a> as follows:
</p>
<pre>
- <encryption format='qcow'>
- <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
- </encryption>
+<encryption format='qcow'>
+ <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+</encryption>
</pre>
<p>
<span class="since">since 2.1.0</span>. An example follows:
</p>
<pre>
- # cat luks-secret.xml
- <secret ephemeral='no' private='yes'>
- <description>LUKS Sample Secret</description>
- <uuid>f52a81b2-424e-490c-823d-6bd4235bc57</uuid>
- <usage type='volume'>
- <volume>/var/lib/libvirt/images/luks-sample.img</volume>
- </usage>
- </secret>
-
- # virsh secret-define luks-secret.xml
- Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
- #
- # MYSECRET=`printf %s "letmein" | base64`
- # virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
- Secret value set
- #
+# cat luks-secret.xml
+<secret ephemeral='no' private='yes'>
+ <description>LUKS Sample Secret</description>
+ <uuid>f52a81b2-424e-490c-823d-6bd4235bc57</uuid>
+ <usage type='volume'>
+ <volume>/var/lib/libvirt/images/luks-sample.img</volume>
+ </usage>
+</secret>
+
+# virsh secret-define luks-secret.xml
+Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
+#
+# MYSECRET=`printf %s "letmein" | base64`
+# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
+Secret value set
+#
</pre>
<h3><a name="CephUsageType">Usage type "ceph"</a></h3>
</p>
<pre>
- <secret ephemeral='no' private='yes'>
- <description>CEPH passphrase example</description>
- <usage type='ceph'>
- <name>ceph_example</name>
- </usage>
- </secret>
+<secret ephemeral='no' private='yes'>
+ <description>CEPH passphrase example</description>
+ <usage type='ceph'>
+ <name>ceph_example</name>
+ </usage>
+</secret>
</pre>
<p>
chosen secret pass phrase.
</p>
<pre>
- # virsh secret-define ceph-secret.xml
- Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
- #
- # virsh secret-list
- UUID Usage
- -----------------------------------------------------------
- 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
- #
- # CEPHPHRASE=`printf %s "pass phrase" | base64`
- # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
- Secret value set
-
- #
+# virsh secret-define ceph-secret.xml
+Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
+#
+# virsh secret-list
+ UUID Usage
+-----------------------------------------------------------
+ 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
+#
+# CEPHPHRASE=`printf %s "pass phrase" | base64`
+# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
+Secret value set
+
+#
</pre>
<p>
element as follows:
</p>
<pre>
- <auth username='myname'>
- <secret type='ceph' usage='ceph_example'/>
- </auth>
+<auth username='myname'>
+ <secret type='ceph' usage='ceph_example'/>
+</auth>
</pre>
<p>
<code><source></code> element as follows:
</p>
<pre>
- <auth type='ceph' username='myname'>
- <secret usage='ceph_example'/>
- </auth>
+<auth type='ceph' username='myname'>
+ <secret usage='ceph_example'/>
+</auth>
</pre>
<h3><a name="iSCSIUsageType">Usage type "iscsi"</a></h3>
authentication file:
</p>
<pre>
- <target iqn.2013-07.com.example:iscsi-pool>
- backing-store /home/tgtd/iscsi-pool/disk1
- backing-store /home/tgtd/iscsi-pool/disk2
- incominguser myname mysecret
- </target>
+<target iqn.2013-07.com.example:iscsi-pool>
+backing-store /home/tgtd/iscsi-pool/disk1
+backing-store /home/tgtd/iscsi-pool/disk2
+incominguser myname mysecret
+</target>
</pre>
<p>
Define an iscsi-secret.xml file to describe the secret. Use the
or disk XML description.
</p>
<pre>
- <secret ephemeral='no' private='yes'>
- <description>Passphrase for the iSCSI example.com server</description>
- <usage type='iscsi'>
- <target>libvirtiscsi</target>
- </usage>
- </secret>
+<secret ephemeral='no' private='yes'>
+ <description>Passphrase for the iSCSI example.com server</description>
+ <usage type='iscsi'>
+ <target>libvirtiscsi</target>
+ </usage>
+</secret>
</pre>
<p>
used in the iSCSI authentication configuration file.
</p>
<pre>
- # virsh secret-define secret.xml
- Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
-
- # virsh secret-list
- UUID Usage
- -----------------------------------------------------------
- c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
-
- # MYSECRET=`printf %s "mysecret" | base64`
- # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
- Secret value set
- #
+# virsh secret-define secret.xml
+Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
+
+# virsh secret-list
+ UUID Usage
+-----------------------------------------------------------
+ c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
+
+# MYSECRET=`printf %s "mysecret" | base64`
+# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
+Secret value set
+#
</pre>
<p>
element as follows:
</p>
<pre>
- <auth username='myname'>
- <secret type='iscsi' usage='libvirtiscsi'/>
- </auth>
+<auth username='myname'>
+ <secret type='iscsi' usage='libvirtiscsi'/>
+</auth>
</pre>
<p>
<code><source></code> element as follows:
</p>
<pre>
- <auth type='chap' username='myname'>
- <secret usage='libvirtiscsi'/>
- </auth>
+<auth type='chap' username='myname'>
+ <secret usage='libvirtiscsi'/>
+</auth>
</pre>
<h3><a name="tlsUsageType">Usage type "tls"</a></h3>
</p>
<pre>
- # cat tls-secret.xml
- <secret ephemeral='no' private='yes'>
- <description>sample tls secret</description>
- <usage type='tls'>
- <name>TLS_example</name>
- </usage>
- </secret>
-
- # virsh secret-define tls-secret.xml
- Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
-
- # virsh secret-list
- UUID Usage
- -----------------------------------------------------------
- 718c71bd-67b5-4a2b-87ec-a24e8ca200dc tls TLS_example
- #
+# cat tls-secret.xml
+<secret ephemeral='no' private='yes'>
+ <description>sample tls secret</description>
+ <usage type='tls'>
+ <name>TLS_example</name>
+ </usage>
+</secret>
+
+# virsh secret-define tls-secret.xml
+Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
+
+# virsh secret-list
+ UUID Usage
+-----------------------------------------------------------
+ 718c71bd-67b5-4a2b-87ec-a24e8ca200dc tls TLS_example
+#
</pre>
</p>
<pre>
- # MYSECRET=`printf %s "letmein" | base64`
- # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
- Secret value set
+# MYSECRET=`printf %s "letmein" | base64`
+# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
</pre>
projects / libvirt.git / commitdiff