* [pve-devel] [PATCH qemu-server] fix #4822: vzdump: fix pbs encryption for no-disk guests
@ 2023-07-03 7:03 Fabian Grünbichler
2023-07-06 15:45 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2023-07-03 7:03 UTC (permalink / raw)
To: pve-devel
these are backed up directly with proxmox-backup-client, and the invocation was
lacking the key parameters.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Should possibly be cherry-picked for stable-7 (no changes required)
PVE/VZDump/QemuServer.pm | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/PVE/VZDump/QemuServer.pm b/PVE/VZDump/QemuServer.pm
index af197882..e1f46f89 100644
--- a/PVE/VZDump/QemuServer.pm
+++ b/PVE/VZDump/QemuServer.pm
@@ -526,6 +526,24 @@ sub archive_pbs {
if (defined(my $ns = $scfg->{namespace})) {
push @$cmd, '--ns', $ns;
}
+ if (-e $keyfile) {
+ $self->loginfo("enabling encryption");
+ push @$cmd, '--keyfile', $keyfile;
+ if (defined($master_keyfile)) {
+ if (-e $master_keyfile) {
+ $self->loginfo("enabling master key feature");
+ push @$cmd, '--master-pubkey-file', $master_keyfile;
+ } elsif ($scfg->{'master-pubkey'}) {
+ die "master public key configured but no key file found\n";
+ }
+ }
+ } else {
+ my $encryption_fp = $scfg->{'encryption-key'};
+ die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
+ if $encryption_fp;
+ $self->loginfo("WARNING: backup target is configured with master key, but this backup is not encrypted - master key settings will be ignored!")
+ if defined($master_keyfile) && -e $master_keyfile;
+ }
push @$cmd, "qemu-server.conf:$conffile";
push @$cmd, "fw.conf:$firewall" if -e $firewall;
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH qemu-server] fix #4822: vzdump: fix pbs encryption for no-disk guests
2023-07-03 7:03 [pve-devel] [PATCH qemu-server] fix #4822: vzdump: fix pbs encryption for no-disk guests Fabian Grünbichler
@ 2023-07-06 15:45 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2023-07-06 15:45 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
Am 03/07/2023 um 09:03 schrieb Fabian Grünbichler:
> these are backed up directly with proxmox-backup-client, and the invocation was
> lacking the key parameters.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> Should possibly be cherry-picked for stable-7 (no changes required)
>
> PVE/VZDump/QemuServer.pm | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
>
applied, thanks!
Made a few follow-ups, and while I tested the backup and especially the encryption
case for disks and disk-less VMs for regression, it might be worth if you please
take another look just to ensure I didn't mess anything up.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-06 15:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-03 7:03 [pve-devel] [PATCH qemu-server] fix #4822: vzdump: fix pbs encryption for no-disk guests Fabian Grünbichler
2023-07-06 15:45 ` [pve-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.