Libvirt provides an API to create, store, and use secrets. Secrets are objects that contain sensitive information such as passwords, that can be associated with different volume backend types. Recall from the Working with storage pools recipe, which we created an iSCSI pool and volume from a remote iSCSI target and used it as the image for a KVM guest. In production environments, more often than not iSCSI targets are presented with CHAP authentication. In this recipe, we are going to create a secret to be used with an iSCSI volume.
For this recipe, we are going to need the following:
- A storage pool with an iSCSI-backed volume
- The
libvirt
package
To define and list secrets with libvirt, perform the steps outlined here:
- List all available secrets:
root@kvm:~# virsh secret-list UUID Usage ------------------------------------------------------------------- root@kvm:~#
- Create the following secrets definition:
root@kvm:~# cat volume_secret.xml <secret ephemeral...