1.创建qcow2加密磁盘
[root@Coc-5 test_encrypt]# qemu-img convert -f qcow2 -O qcow2 -o encryption template_xp encry1.qcow2
Disk image 'encry1.qcow2' is encrypted.
password: //这里输入密码 123456
[root@Coc-5 test_encrypt]# qemu-img info encry1.qcow2
image: encry1.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 2.1G
encrypted: yes
cluster_size: 65536
2.virsh edit修改配置文件,将磁盘改为encry1.qcow2
3.virsh start 显示错误
virsh # start instance-00000009
error: Failed to start domain instance-00000009
error: internal error: unable to execute QEMU command 'cont': 'drive-virtio-disk0' (/usr/local/noc/var/lib/noc/instances/test_encrypt/encry1.qcow2) is encrypted
4.在本地创建一个秘钥xml
[root@Coc-5 test_encrypt]# cat secret.xml
<secret ephemeral='no' private='yes'>
</secret>
5.define秘钥
[root@Coc-5 test_encrypt]# virsh secret-define secret.xml
Secret 3f8475e9-868c-4543-a510-7f668ba83d46 created
6.为秘钥设置密码
密码就用上面的123456
[root@Coc-5 test_encrypt]# MYSECRET=`printf %s "123456" | base64`
[root@Coc-5 test_encrypt]# echo $MYSECRET
MTIzNDU2
[root@Noc-5 test_encrypt]# virsh secret-set-value 3f8475e9-868c-4543-a510-7f668ba83d46 $MYSECRET
Secret value set
7.在libvirt配置文件磁盘段中添加秘钥
<encryption format='qcow'>
<secret type='passphrase' uuid='3f8475e9-868c-4543-a510-7f668ba83d46'/>
</encryption>
8.运行虚拟机
[root@Coc-5 test_encrypt]# virsh start instance-00000009
Domain instance-00000009 started
[root@Coc-5 test_encrypt]# qemu-img convert -f qcow2 -O qcow2 -o encryption template_xp encry1.qcow2
Disk image 'encry1.qcow2' is encrypted.
password: //这里输入密码 123456
[root@Coc-5 test_encrypt]# qemu-img info encry1.qcow2
image: encry1.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 2.1G
encrypted: yes
cluster_size: 65536
2.virsh edit修改配置文件,将磁盘改为encry1.qcow2
3.virsh start 显示错误
virsh # start instance-00000009
error: Failed to start domain instance-00000009
error: internal error: unable to execute QEMU command 'cont': 'drive-virtio-disk0' (/usr/local/noc/var/lib/noc/instances/test_encrypt/encry1.qcow2) is encrypted
4.在本地创建一个秘钥xml
[root@Coc-5 test_encrypt]# cat secret.xml
<secret ephemeral='no' private='yes'>
</secret>
5.define秘钥
[root@Coc-5 test_encrypt]# virsh secret-define secret.xml
Secret 3f8475e9-868c-4543-a510-7f668ba83d46 created
6.为秘钥设置密码
密码就用上面的123456
[root@Coc-5 test_encrypt]# MYSECRET=`printf %s "123456" | base64`
[root@Coc-5 test_encrypt]# echo $MYSECRET
MTIzNDU2
[root@Noc-5 test_encrypt]# virsh secret-set-value 3f8475e9-868c-4543-a510-7f668ba83d46 $MYSECRET
Secret value set
7.在libvirt配置文件磁盘段中添加秘钥
<encryption format='qcow'>
<secret type='passphrase' uuid='3f8475e9-868c-4543-a510-7f668ba83d46'/>
</encryption>
8.运行虚拟机
[root@Coc-5 test_encrypt]# virsh start instance-00000009
Domain instance-00000009 started