What were you trying to do that didn't work?

Based off BZ 2318252:
Spawning a VM using a encrypted bootable volume leads to ERROR state. The message from libvirt shows LUKS version 2 is not supported.

Nova and Cinder has dependencies on libvirt and qemu to allow this before it may be encoded into Openstack.

This is a request for LUKS2 support in libvirt

What is the impact of this issue to you?

unable to create a VM using LUKS2 encryption.

Please provide the package NVR for which the bug is seen:

libvirt 9.0.0-10.5.el9_2.x86_64

How reproducible is this bug?:

very

Steps to reproduce

1. Create secret order key (LUKS passphrase)
2. Get the secret reference from the secret order key ( this will be used as cinder_encryption_key_id )
3. Create the key for encrypted image
4. Create encrypted image
5. Store encrypted image
6. Define Encrypted volume type
7. Create Encrypted Bootable volume
8. Create a VM using Encrypted Bootable volume

Expected results

LUKS2 encrypted volume gets attached and instance boots successfully.

Actual results

'nova.exception.RescheduledException: Build of instance xxxxxx was re-scheduled: internal error: process exited while connecting to monitor: 2024-10-11T05:53:15.334130Z qemu-kvm: -blockdev {"node-name":"libvirt-1-format","read-only":false,"discard":"unmap","cache":

,"driver":"luks","key-secret":"libvirt-1-format-encryption-secret0","file":"libvirt-1-storage"}: LUKS version 2 is not supported\n'