On Thu, Apr 01, 2021 at 15:13:02 +0100, lejeczek wrote:> Hi guys.
>
> I have KVM guests stored on glusterFS volume and I recently added TLS
> encryption to Gluster.
> What changes, tweaks are required at libvirtd/qemu's end?
Looking at the definition of the gluster backend object in qemu:
<cite>
##
# @BlockdevOptionsGluster:
#
# Driver specific block device options for Gluster
#
# @volume: name of gluster volume where VM image resides
#
# @path: absolute path to image file in gluster volume
#
# @server: gluster servers description
#
# @debug: libgfapi log level (default '4' which is Error)
# (Since 2.8)
#
# @logfile: libgfapi log file (default /dev/stderr) (Since 2.8)
#
# Since: 2.9
##
{ 'struct': 'BlockdevOptionsGluster',
'data': { 'volume': 'str',
'path': 'str',
'server': ['SocketAddress'],
'*debug': 'int',
'*logfile': 'str' } }
</cite>
it doesn't seem to yet support TLS encryption of the transport or a way
to set it in a non-implicit way (it still might be possible to trick
libgfapi to support it via a config file or such).
That means you'll probably need to submit qemu patches implementing the
support for configuring TLS for gluster to qemu first, and then do the
same for libvirt.
Libvirt already has some infrastructure for that for NBD and VXHS disks,
so you can then take inspiration there when implementing it in libvirt.