CN117171771A - Disk management method, device, terminal equipment and storage medium - Google Patents

Disk management method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN117171771A
CN117171771A CN202311143402.2A CN202311143402A CN117171771A CN 117171771 A CN117171771 A CN 117171771A CN 202311143402 A CN202311143402 A CN 202311143402A CN 117171771 A CN117171771 A CN 117171771A
Authority
CN
China
Prior art keywords
virtual machine
disk
target virtual
information
global
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311143402.2A
Other languages
Chinese (zh)
Inventor
马圆
郑翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202311143402.2A priority Critical patent/CN117171771A/en
Publication of CN117171771A publication Critical patent/CN117171771A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application is suitable for the technical field of information and provides a disk management method, a device, terminal equipment and a storage medium. According to the method, when the ciphertext of the disk mounting request sent by the target virtual machine is received, the ciphertext of the disk mounting request is decrypted through the preset key, and the plaintext of the disk mounting request is obtained; and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, and through configuration of encryption communication between the virtual machine management equipment and the virtual machine, the third party program can be prevented from stealing the disk information and sensitive data of the target virtual machine through kneading information, and the mounting of all disks can be executed in parallel through the spontaneous disk mounting request and the self-response disk mounting request of the virtual machine when the virtual machine wakes up, so that the disk mounting speed is improved, the disk mounting is prevented from being executed by adopting the third party program, and the data leakage risk is further reduced.

Description

Disk management method, device, terminal equipment and storage medium
Technical Field
The present application relates to the field of information processing technologies, and in particular, to a disk management method, a device, a terminal device, and a storage medium.
Background
With the rapid development of electronic technology, the scenes such as artificial intelligence and cloud computing have increased higher requirements on computing resources, the auxiliary computing is performed by providing heterogeneous acceleration resources through a virtualization platform, so that a great development trend is realized, and more developers begin to pay attention to the working efficiency of the virtualization platform. Compared with the local management of the file system by the entity terminal, the file system of the virtual machine needs to be managed by the host end (namely the corresponding entity terminal), for example, the host end controls to carry out disk mounting or disk unloading on the virtual machine, and the virtual machine needs to carry out disk mounting again after being started each time, so that the working efficiency is affected.
At present, a script program can be written to automatically mount a disk when the virtual machine is started, the script program needs to log in the virtual machine through an SSH (Secure Shell), so that a certain password leakage risk exists in the virtual machine, the script program can only execute serial operation, and the next disk can be mounted after one disk is mounted, so that the disk mounting efficiency is low. Therefore, how to improve the disk mounting efficiency of the virtual machine while ensuring the data security is a current urgent problem to be solved.
Disclosure of Invention
In view of the above, the embodiments of the present application provide a disk management method, apparatus, terminal device, and storage medium, so as to solve the problems of low disk mounting efficiency and low data security of the existing virtual machine.
A first aspect of an embodiment of the present application provides a disk management method, a virtual machine management device, where the virtual machine management device is configured to run and manage at least one virtual machine, and the method includes:
decrypting the ciphertext of the disk mounting request through a preset key when receiving the ciphertext of the disk mounting request sent by the target virtual machine, so as to obtain a plaintext of the disk mounting request;
performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine;
the ciphertext of the disk mounting request is automatically generated when the target virtual machine is switched from a dormant state to an awake state, and the preset secret key is a shared secret key between the virtual machine management equipment and the target virtual machine; and the target virtual machine is used for executing disk mounting according to the first global disk information.
In one embodiment, the performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, including:
performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, and encrypting the plaintext of the corresponding first global disk information through a preset key if the target virtual machine passes the identity verification to obtain the ciphertext of the first global disk information;
sending the ciphertext of the first global disk information to the target virtual machine; the target virtual machine is used for decrypting the ciphertext of the first global disk information according to the preset key to obtain the plaintext of the first global disk information, and executing disk mounting according to the plaintext of the first global disk information.
In one embodiment, the performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, including:
acquiring the identity information of the target virtual machine according to the plaintext of the disk mounting request, and verifying the identity information of the target virtual machine;
Or comparing the coding structure of the plaintext of the disk mounting request with a preset coding structure to verify the identity information of the target virtual machine;
and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine.
In one embodiment, the method further comprises:
when a disk adding request of a target virtual machine is received, controlling the target virtual machine to add a new disk;
and storing the sub-disk information of the new disk into first global disk information corresponding to the target virtual machine, and sending the sub-disk information of the new disk to the target virtual machine.
In one embodiment, the target virtual machine is configured to store sub-disk information of the new disk into second global disk information corresponding to the target virtual machine, where the first global disk information is stored in the virtual machine management device, and the second global disk information is stored in the target virtual machine;
and the target virtual machine is also used for comparing the first global disk information with the second global disk information after receiving the first global disk information, and executing disk mounting on the disk with consistent sub-disk information comparison.
In one embodiment, the first global disk information includes name information, disk identifier information, identification information, and location information corresponding to each disk in the target virtual machine.
In one embodiment, the virtual machine management device and the target virtual machine transmit a disk mount request and first global disk information through serial port communication.
According to the disk management method, when a ciphertext of a disk mounting request sent by a target virtual machine is received, the ciphertext of the disk mounting request is decrypted through a preset key to obtain a plaintext of the disk mounting request; and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, and through configuration of encryption communication between the virtual machine management equipment and the virtual machine, the third party program can be prevented from stealing the disk information and sensitive data of the target virtual machine through kneading information, and the mounting of all disks can be executed in parallel through the spontaneous disk mounting request and the self-response disk mounting request of the virtual machine when the virtual machine wakes up, so that the disk mounting speed is improved, the disk mounting is prevented from being executed by adopting the third party program, and the data leakage risk is further reduced.
A second aspect of an embodiment of the present application provides a disk management apparatus, including:
the mounting request module is used for decrypting the ciphertext of the disk mounting request through a preset key when receiving the ciphertext of the disk mounting request sent by the target virtual machine, so as to obtain the plaintext of the disk mounting request;
the disk information sending module is used for carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, the corresponding first global disk information is sent to the target virtual machine;
the ciphertext of the disk mounting request is automatically generated when the target virtual machine is switched from a dormant state to an awake state, and the preset secret key is a shared secret key between the virtual machine management equipment and the target virtual machine; and the target virtual machine is used for executing disk mounting according to the first global disk information.
A third aspect of the embodiments of the present application provides a virtual machine management apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the disk management method provided in the first aspect of the embodiments of the present application when the computer program is executed by the processor.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the disk management method provided in the first aspect of the embodiments of the present application.
It will be appreciated that the advantages of the second to fourth aspects may be found in the relevant description of the first aspect and are not repeated here.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an architecture for virtual machine management device to run and manage virtual machines according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a first flow of a disk management method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a second flow chart of a disk management method according to an embodiment of the present application;
FIG. 5 is a third flowchart of a disk management method according to an embodiment of the present application;
FIG. 6 is a timing diagram of interactions between a virtual machine and a virtual machine management device provided by an embodiment of the present application;
fig. 7 is a schematic structural diagram of a disk management apparatus according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
In application, at present, disk mounting can be automatically performed when a virtual machine is started by writing a script program, the script program needs to log in the virtual machine through an SSH (Secure Shell), so that a certain password leakage risk exists in the virtual machine, the script program can only perform serial operation, and mounting of the next disk can be performed after mounting of one disk is completed, so that disk mounting efficiency is low. Therefore, how to improve the disk mounting efficiency of the virtual machine while ensuring the data security is a current urgent problem to be solved.
In view of the above technical problems, an embodiment of the present application provides a disk management method, where when a ciphertext of a disk mounting request sent by a target virtual machine is received, the ciphertext of the disk mounting request is decrypted by a preset key to obtain a plaintext of the disk mounting request; and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, and through configuration of encryption communication between the virtual machine management equipment and the virtual machine, the third party program can be prevented from stealing the disk information and sensitive data of the target virtual machine through kneading information, and the mounting of all disks can be executed in parallel through the spontaneous disk mounting request and the self-response disk mounting request of the virtual machine when the virtual machine wakes up, so that the disk mounting speed is improved, the disk mounting is prevented from being executed by adopting the third party program, and the data leakage risk is further reduced.
The disk management method provided by the embodiment of the application can be applied to virtual machine management equipment. The Virtual machine management device may be a cell phone, tablet, wearable device, in-vehicle device, augmented Reality (AR)/Virtual Reality (VR) device, notebook, ultra-Mobile Personal Computer (UMPC), netbook, personal digital assistant (Personal Digital Assistant, PDA), etc. The embodiment of the application does not limit the specific type of the virtual machine management equipment.
As shown in fig. 1, an embodiment of the present application provides a virtual machine management device 100 including a memory 101, a processor 102, and a computer program 103 stored in the memory 101 and executable on the processor, where the steps in the respective image optimization method embodiments described above are implemented when the processor 102 executes the computer program 103.
In application, the processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In an application, the memory may in some embodiments be an internal storage unit of the virtual machine management device, such as a hard disk or memory of the virtual machine management device. The memory may also be an external storage device of the virtual machine management device in other embodiments, such as a plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card) or the like, which are provided on the virtual machine management device. Further, the memory may also include both internal storage units and external storage devices of the virtual machine management device. The memory is used to store an operating system, application programs, boot loader (BootLoader), data, and other programs, etc., such as program code for a computer program, etc. The memory may also be used to temporarily store data that has been output or is to be output.
In the application, the Virtual Machine management device may run and manage at least one Virtual Machine (VM), where the Virtual Machine runs by means of hardware of the Virtual Machine management device, and the Virtual Machine may be a Linux Virtual Machine, a Mac Virtual Machine, a BM Virtual Machine, a microsoft Virtual Machine, or the like, and specifically may be a KVM (Kernel-based Virtual Machine, a Linux-based open source Virtual Machine) Virtual Machine. The embodiment of the application does not limit the specific type of the virtual machine.
FIG. 2 illustrates an architecture diagram of a virtual machine management device running and managing virtual machines.
It should be understood that the structure illustrated in the embodiments of the present application does not constitute a specific limitation on the virtual machine management apparatus 100. In other embodiments of the application, virtual machine management device 100 may include more or fewer components than shown, or may combine certain components, or may be different components, for example, may also include input-output devices, network access devices, and the like. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
As shown in fig. 3, the disk management method provided by the embodiment of the present application is applied to a virtual machine management device, and includes the following steps S301 and S302:
step S301, when receiving a ciphertext of a disk mounting request sent by a target virtual machine, decrypting the ciphertext of the disk mounting request through a preset key to obtain a plaintext of the disk mounting request; the ciphertext of the disk mounting request is automatically generated when the target virtual machine is switched from a dormant state to an awake state, and the preset secret key is a shared secret key between the virtual machine management equipment and the target virtual machine.
In the application, the target virtual machine may be any virtual machine managed by the virtual machine management device, if a disk is added to the target virtual machine in the wake-up state, the disk mounting request may be automatically generated when the target virtual machine is switched from the sleep state to the wake-up state again, and the plaintext of the disk mounting request is encrypted by a preset key, so as to obtain the ciphertext of the disk mounting request and send the ciphertext to the virtual machine management device.
In the application, the virtual machine management device can monitor whether the ciphertext of the disk mounting request sent by the target virtual machine is received or not in real time, and decrypt the ciphertext through a preset key in real time when the ciphertext is received, so that the plaintext of the disk mounting request is obtained.
The encryption algorithm adopted between the virtual machine management device and the target virtual machine may be a symmetric encryption algorithm (Symmetric Encryption Algorithm) or an asymmetric encryption algorithm (Asymmetric Cryptographic Algorithm), and specifically may be a symmetric encryption algorithm such as RC4 (Rivest Cipher 4, a stream encryption algorithm), RC2 (Rivest Cipher 2, another stream encryption algorithm), DES (Data Encryption Standard ) or AES (Advanced Encryption Standard, advanced encryption standard); alternatively, an asymmetric encryption algorithm such as RSA (Ron Rivest-Adi Shamir-Leonard Adleman, a public key cryptography algorithm), ECC (Elliptic Curve Cryptography, elliptic curve algorithm), DSA (Digital Signature Algorithm, a digital signature algorithm) may be used. The specific type of encryption algorithm in the embodiment of the application is not limited in any way.
It should be noted that, independent secret keys are adopted between the virtual machine management device and each virtual machine, so that information leakage caused by the fact that different virtual machines adopt the same secret key is avoided.
Step S302, carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine;
the target virtual machine is used for executing disk mounting according to the first global disk information.
In the application, after obtaining the plaintext of the disk mounting request, the virtual machine management device may perform identity verification according to the plaintext of the disk mounting request, where the specific identity verification method is as follows:
in one embodiment, step S302 includes:
acquiring the identity information of the target virtual machine according to the plaintext of the disk mounting request, and verifying the identity information of the target virtual machine;
or comparing the coding structure of the plaintext of the disk mounting request with a preset coding structure to verify the identity information of the target virtual machine;
and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine.
In the application, the plaintext of the disk mounting request may include identity information of the target virtual machine, the identity information may be a unique identification code of the target virtual machine, and the virtual machine management device may perform comparison according to locally stored preset identity information, so as to verify the identity information of the target virtual machine.
In application, the target virtual machine and the virtual machine management device can agree on a preset coding structure of the disk mounting request, so that the target virtual machine adopts the preset coding structure when generating the disk mounting request, and the virtual machine management device can rapidly verify the identity information of the target virtual machine and occupy less computing resources by verifying whether the coding structure of a plaintext of the disk mounting request is the preset coding structure.
In the application, if the identity information of the target virtual machine fails to pass verification, stopping responding to the disk mounting request.
In the application, if the identity information of the target virtual machine passes the verification, the virtual machine management device may send corresponding first global disk information to the target virtual machine, and the target virtual machine may execute disk mounting on all the disks in parallel according to the first global disk information.
In one embodiment, step S302 further includes:
in the application, the first global disk information includes name information, drive letter information, identification information and position information corresponding to each disk in the target virtual machine.
In the application, the target virtual machine performs disk mounting on each disk accurately according to name information (name information is given by a user and supports customization), disk character information (which can be given by the user and can be automatically allocated by the target virtual machine, such as a c disk, a d disk, an e disk and the like, and the disk character of each disk is unique), identification information (which can be given by the user and can be automatically allocated by virtual machine management equipment) and position information (which is used for determining the storage position of the disk in the target virtual machine), and can accurately distinguish a common disk and a mirror image disk, so that the situation of mounting dislocation is avoided, and the accuracy of disk mounting is improved.
In the application, when the target virtual machine performs disk mounting according to the first global disk information, for any disk, the corresponding disk can be firstly determined by comparison according to the name information of the disk, then the corresponding disk is compared according to the identification information, finally the disk is compared according to the identifier information, if the comparison of the three times is consistent, the disk mounting is performed on the corresponding disk, and all operation authorities of the target virtual machine for the corresponding disk are given.
In one embodiment, step S302 further includes:
and the virtual machine management equipment and the target virtual machine transmit a disk mounting request and first global disk information through serial port communication.
In application, the target virtual machine can generate a simulated serial device, and establish connection with the virtual machine management device through the simulated serial device, so that a disk mounting request and first global disk information are transmitted through serial communication, and compared with the transmission of the disk mounting request and the first global disk information through network connection, the data leakage risk and the attacked risk can be reduced, and the data security and the transmission stability are improved. The generation of the simulated serial device can be realized by a Vm-Agent component in Qemu (a virtual machine management program), and the embodiment of the application does not limit the generation method of the simulated serial device.
In the application, when receiving a ciphertext of a disk mounting request sent by a target virtual machine, decrypting the ciphertext of the disk mounting request through a preset key to obtain a plaintext of the disk mounting request; and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine, and by configuring encrypted communication between the virtual machine management equipment and the virtual machine, the third party program or the third party virtual machine can be prevented from stealing the disk information and sensitive data of the target virtual machine through kneading information, and the disk mounting request and the self-response disk mounting request can be automatically initiated by the virtual machine when the virtual machine wakes up, so that the mounting of all the disks can be executed in parallel, the disk mounting speed is improved, the disk mounting is prevented from being executed by the third party program, and the data leakage risk is further reduced.
As shown in fig. 4, in one embodiment, based on the embodiment corresponding to fig. 3, the following steps S401 to S403 are included:
and step S401, when receiving the ciphertext of the disk mounting request sent by the target virtual machine, decrypting the ciphertext of the disk mounting request through a preset key to obtain the plaintext of the disk mounting request.
In application, the disk management method provided in step S401 is consistent with the disk management method provided in step S301, and will not be described herein.
Step S402, carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and encrypting the plaintext of the corresponding first global disk information through a preset key if the target virtual machine passes the identity verification to obtain the ciphertext of the first global disk information;
step S403, a ciphertext of the first global disk information is sent to a target virtual machine; the target virtual machine is used for decrypting the ciphertext of the first global disk information according to the preset key to obtain the plaintext of the first global disk information, and executing disk mounting according to the plaintext of the first global disk information.
In application, after the target virtual machine passes the authentication, the virtual machine management device may encrypt the first global disk information before returning the first global disk information, and the encryption method may refer to the related description in step S301, which is not described herein. After the target virtual machine receives the ciphertext of the first global disk information, the ciphertext of the first global disk information can be obtained through decryption by a preset key, so that malicious information can be prevented from being received in the disk mounting process. Specifically, if the first global disk information received by the target virtual machine is not encrypted, or if the first global disk information received by the target virtual machine is encrypted and fails to be decrypted by the preset key: the first global disk information is indicated to be sent by the non-virtual machine management device, the target virtual machine can refuse to receive the first global disk information, and the third party program is prevented from attacking the target virtual machine by disguising the first global disk information.
In the application, the target virtual machine encrypts when the disk mounting request is initiated, so that the third party program or the third party virtual machine can be prevented from stealing the data of the target virtual machine to the virtual machine management equipment, and similarly, the target virtual machine can encrypt when the virtual machine management equipment sends the first global disk information to the target virtual machine, the third party program is prevented from attacking the target virtual machine by disguising the first global disk information, the bidirectional encryption in the disk mounting process is realized, and the data security and the running stability of the target virtual machine are improved.
As shown in fig. 5, in one embodiment, based on the embodiment corresponding to fig. 4, the following steps S501 to S505 are included:
step S501, when a disk adding request of a target virtual machine is received, controlling the target virtual machine to add a new disk;
step S502, storing the sub-disk information of the new disk into the first global disk information corresponding to the target virtual machine, and sending the sub-disk information of the new disk to the target virtual machine.
In the application, a user can initiate a disk adding request on a target virtual machine, can initiate a disk adding request aiming at the target virtual machine on virtual machine management equipment, and can control the target virtual machine to add a new built disk when the disk adding request of the target virtual machine is received on the virtual machine management equipment.
In application, the following describes a management method after adding a new disk, where the management method is used to support a target virtual machine to realize automatic disk mounting:
in the application, the virtual machine management equipment stores sub-disk information of a newly-built disk into first global disk information corresponding to a target virtual machine; and transmitting the sub-disk information of the new disk to the target virtual machine, wherein the target virtual machine can store the sub-disk information of the new disk into second global disk information corresponding to the target virtual machine, the first global disk information is stored in the virtual machine management equipment, and the second global disk information is stored in the target virtual machine.
In the application, the first global disk information and the second global disk information are stored in a distributed mode, when the target virtual machine executes automatic disk mounting, the first global disk information and the second global disk information are compared according to the received first global disk information, a disk with consistent sub-disk information comparison is obtained, and disk mounting is executed on the disk with consistent comparison. If the sub-disk information is compared with the inconsistent disk, the fact that the sub-disk information of the corresponding disk is deleted or modified in the target virtual machine or the virtual machine management equipment by the user is described, and if the sub-disk information is compared with the inconsistent disk to carry out disk mounting, mounting dislocation easily occurs, so that data disorder is caused.
Taking a Linux system as a virtual machine management device and a KVM virtual machine as an example, the following describes an example of the bottom implementation of the disk management method:
the addition of the new magnetic disk can be realized through a virtual machine management component, specifically can be realized through any one component of Kubevirt, libvirtd or Qemu components, and can also be realized cooperatively by the three components, and the new magnetic disk can support hot plug so as to support a user to mount or unload the magnetic disk when the virtual machine is in an awakening state; further, the newly-built disk may be a distributed disk supporting hot plug (specifically, a Ceph disk, where Ceph is a distributed file system in Linux);
the virtual machine management device can be responsible for processing local input and transmission of sub-disk information through a Controller (Controller), the first global disk information can be stored in an xml format and in a Json package, and the storage position can be in a designated Domain (Domain) connected with the Controller;
the virtual machine can simulate serial port equipment through the Vm-Agent component, and is used for transmitting a disk mounting request and first global disk information; the disk mounting request can be transmitted only through the analog serial port device, the first global disk information can be received through the local area network, and the local area network transmission can be realized through a Socket interface based on the TCP/IP protocol.
Step S503, when receiving the ciphertext of the disk mounting request sent by the target virtual machine, decrypting the ciphertext of the disk mounting request through a preset key to obtain the plaintext of the disk mounting request;
step S504, carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and encrypting the plaintext of the corresponding first global disk information through a preset key if the target virtual machine passes the identity verification to obtain the ciphertext of the first global disk information;
step S505, a ciphertext of the first global disk information is sent to a target virtual machine; the target virtual machine is used for decrypting the ciphertext of the first global disk information according to the preset key to obtain the plaintext of the first global disk information, and executing disk mounting according to the plaintext of the first global disk information.
In application, the disk management method provided in step S503 to step S505 may refer to the related descriptions in step S401 to step S403, and will not be described herein.
In the application, when a new disk is added to the target virtual machine, the two-terminal disk information is recorded at the two terminals of the target virtual machine and the virtual machine management equipment, so that the two-terminal sub disk information can be compared when the target virtual machine executes the automatic mounting of the disk, the phenomenon that the disk with inconsistent two-terminal sub disk information is mounted is avoided, and the occurrence of the situation of disk mounting dislocation is reduced.
For ease of understanding, FIG. 6 illustrates a timing diagram of interactions between a virtual machine and a virtual machine management device.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
As shown in fig. 7, the embodiment of the present application further provides a disk management apparatus 7, configured to perform the steps in the embodiment of the disk management method applied to the virtual machine management device. The disk management device 7 may be a virtual device (virtual appliance) in the virtual machine management apparatus, and may be executed by a processor of the virtual machine management apparatus, or may be the virtual machine management apparatus itself.
As shown in fig. 7, a disk management apparatus 7 according to an embodiment of the present application includes:
the mounting request module 71 is configured to decrypt, when receiving a ciphertext of a disk mounting request sent by a target virtual machine, the ciphertext of the disk mounting request through a preset key, to obtain a plaintext of the disk mounting request;
the disk information sending module 72 is configured to perform identity verification on the target virtual machine according to the plaintext of the disk mounting request, and send corresponding first global disk information to the target virtual machine if the target virtual machine passes the identity verification;
The method comprises the steps that a ciphertext of a disk mounting request is automatically generated when a target virtual machine is switched from a dormant state to an awake state, and a preset secret key is a shared secret key between virtual machine management equipment and the target virtual machine; the target virtual machine is used for executing disk mounting according to the first global disk information.
In one embodiment, the disk information sending module 72 includes:
the verification unit is used for carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, encrypting the plaintext of the corresponding first global disk information through a preset key to obtain the ciphertext of the first global disk information;
the sending unit is used for sending the ciphertext of the first global disk information to the target virtual machine; the target virtual machine is used for decrypting the ciphertext of the first global disk information according to the preset key to obtain the plaintext of the first global disk information, and executing disk mounting according to the plaintext of the first global disk information.
In one embodiment, the disk information sending module 72 includes:
the identity verification unit is used for acquiring the identity information of the target virtual machine according to the plaintext of the disk mounting request and verifying the identity information of the target virtual machine;
Or comparing the coding structure of the plaintext of the disk mounting request with a preset coding structure to verify the identity information of the target virtual machine;
and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine.
In one embodiment, the disk management apparatus 7 further includes:
the disk adding module is used for controlling the target virtual machine to add a new disk when receiving a disk adding request of the target virtual machine;
and storing the sub-disk information of the new disk into first global disk information corresponding to the target virtual machine, and sending the sub-disk information of the new disk to the target virtual machine.
In application, each module in the disk management device may be a software program module, may be implemented by different logic circuits integrated in a processor, or may be implemented by a plurality of distributed processors.
It should be noted that, because the content of information interaction and execution process between the modules and the embodiment of the method of the present application are based on the same concept, specific functions and technical effects thereof may be referred to in the method embodiment section, and details thereof are not repeated herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The functional modules in the embodiment may be integrated in one processing module, or each module may exist alone physically, or two or more modules may be integrated in one module, where the integrated modules may be implemented in a form of hardware or a form of software functional modules. In addition, the specific names of the functional modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the modules in the system may refer to the corresponding process in the embodiment of the disk management method, which is not described herein.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the embodiments of the disk management method described above.
The integrated modules, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable storage medium may include at least: any entity or device capable of carrying computer program code to a photo terminal equipment, a recording medium, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunication signal, and a software distribution medium. Such as a U-disk, removable hard disk, magnetic or optical disk, etc.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed terminal device and method may be implemented in other manners. For example, the above-described embodiments of the terminal device are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division in actual implementation, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or modules, which may be in electrical, mechanical or other forms.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (10)

1. A disk management method applied to a virtual machine management device for running and managing at least one virtual machine, the method comprising:
decrypting the ciphertext of the disk mounting request through a preset key when receiving the ciphertext of the disk mounting request sent by the target virtual machine, so as to obtain a plaintext of the disk mounting request;
performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine;
The ciphertext of the disk mounting request is automatically generated when the target virtual machine is switched from a dormant state to an awake state, and the preset secret key is a shared secret key between the virtual machine management equipment and the target virtual machine; and the target virtual machine is used for executing disk mounting according to the first global disk information.
2. The disc management method according to claim 1, wherein the authenticating the target virtual machine according to the plaintext of the disc mount request, and if the target virtual machine passes the authentication, sending corresponding first global disc information to the target virtual machine, includes:
performing identity verification on the target virtual machine according to the plaintext of the disk mounting request, and encrypting the plaintext of the corresponding first global disk information through a preset key if the target virtual machine passes the identity verification to obtain the ciphertext of the first global disk information;
sending the ciphertext of the first global disk information to the target virtual machine; the target virtual machine is used for decrypting the ciphertext of the first global disk information according to the preset key to obtain the plaintext of the first global disk information, and executing disk mounting according to the plaintext of the first global disk information.
3. The disc management method according to claim 1, wherein the authenticating the target virtual machine according to the plaintext of the disc mount request, and if the target virtual machine passes the authentication, sending corresponding first global disc information to the target virtual machine, includes:
acquiring the identity information of the target virtual machine according to the plaintext of the disk mounting request, and verifying the identity information of the target virtual machine;
or comparing the coding structure of the plaintext of the disk mounting request with a preset coding structure to verify the identity information of the target virtual machine;
and if the target virtual machine passes the identity verification, sending corresponding first global disk information to the target virtual machine.
4. The disk management method according to claim 1, wherein the method further comprises:
when a disk adding request of a target virtual machine is received, controlling the target virtual machine to add a new disk;
and storing the sub-disk information of the new disk into first global disk information corresponding to the target virtual machine, and sending the sub-disk information of the new disk to the target virtual machine.
5. The disk management method according to claim 4, wherein the target virtual machine is configured to save sub-disk information of the new disk to second global disk information corresponding to the target virtual machine, the first global disk information being saved in the virtual machine management device, the second global disk information being saved in the target virtual machine;
and the target virtual machine is also used for comparing the first global disk information with the second global disk information after receiving the first global disk information, and executing disk mounting on the disk with consistent sub-disk information comparison.
6. The disk management method according to any one of claims 1 to 5, wherein the first global disk information includes name information, disk identifier information, identification information, and location information of each disk in the corresponding target virtual machine.
7. The disk management method according to any one of claims 1 to 5, wherein the disk mount request and the first global disk information are transmitted between the virtual machine management apparatus and the target virtual machine through serial port communication.
8. A disk management apparatus, comprising:
The mounting request module is used for decrypting the ciphertext of the disk mounting request through a preset key when receiving the ciphertext of the disk mounting request sent by the target virtual machine, so as to obtain the plaintext of the disk mounting request;
the disk information sending module is used for carrying out identity verification on the target virtual machine according to the plaintext of the disk mounting request, and if the target virtual machine passes the identity verification, the corresponding first global disk information is sent to the target virtual machine;
the ciphertext of the disk mounting request is automatically generated when the target virtual machine is switched from a dormant state to an awake state, and the preset secret key is a shared secret key between the virtual machine management equipment and the target virtual machine; and the target virtual machine is used for executing disk mounting according to the first global disk information.
9. A virtual machine management device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the virtual machine management device runs and manages at least one virtual machine;
the processor, when executing the computer program, implements the steps of the disk management method as claimed in any one of claims 1 to 7.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the disk management method according to any one of claims 1 to 7.
CN202311143402.2A 2023-09-05 2023-09-05 Disk management method, device, terminal equipment and storage medium Pending CN117171771A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311143402.2A CN117171771A (en) 2023-09-05 2023-09-05 Disk management method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311143402.2A CN117171771A (en) 2023-09-05 2023-09-05 Disk management method, device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117171771A true CN117171771A (en) 2023-12-05

Family

ID=88942534

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311143402.2A Pending CN117171771A (en) 2023-09-05 2023-09-05 Disk management method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117171771A (en)

Similar Documents

Publication Publication Date Title
EP3540626B1 (en) Enclave launch and authentication
US10013274B2 (en) Migrating virtual machines to perform boot processes
CN109858265B (en) Encryption method, device and related equipment
US10885197B2 (en) Merging multiple compute nodes with trusted platform modules utilizing authentication protocol with active trusted platform module provisioning
US9792427B2 (en) Trusted execution within a distributed computing system
US20200104528A1 (en) Data processing method, device and system
US20140281560A1 (en) Secure zone on a virtual machine for digital communications
US11050570B1 (en) Interface authenticator
CN104462965A (en) Method for verifying integrity of application program and network device
US11727115B2 (en) Secured computer system
CN110580420A (en) data processing method based on integrated chip, computer equipment and storage medium
US20230195473A1 (en) Peripheral component interconnect express device startup method and apparatus, and storage medium
EP4332810A1 (en) Method for realizing virtualized trusted platform module, and secure processor and storage medium
JP2018117185A (en) Information processing apparatus, information processing method
CN114969713A (en) Equipment verification method, equipment and system
CN114296873B (en) Virtual machine image protection method, related device, chip and electronic equipment
US20210328779A1 (en) Method and apparatus for fast symmetric authentication and session key establishment
WO2014141206A1 (en) Secure zone on a virtual machine for digital communications
CN108154037B (en) Inter-process data transmission method and device
JP5806187B2 (en) Secret information exchange method and computer
CN117171771A (en) Disk management method, device, terminal equipment and storage medium
CN116186709B (en) Method, device and medium for unloading UEFI (unified extensible firmware interface) safe start based on virtualized VirtIO technology
EP4354792A1 (en) A device and a method for performing a cryptographic operation
US20230379142A1 (en) Authentication mechanism for computational storage download program
CN117555713A (en) Fault reproduction method, system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination