Bug 2023674
Summary: | [incremental_backup] Cannot encrypt backup scratch file/blockdev anymore | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | yisun |
Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
libvirt sub component: | General | QA Contact: | yisun |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | medium | ||
Priority: | low | CC: | jdenemar, jsuchane, pkrempa, virt-maint, xuzhang |
Version: | 9.0 | Keywords: | Automation, Regression, Triaged |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libvirt-7.10.0-1.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-17 12:45:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | 7.10.0 |
Embargoed: |
Description
yisun
2021-11-16 10:27:07 UTC
Fixed upstream: commit 1e085019cadcafe87dd96975900c5798dfe46060 Author: Peter Krempa <pkrempa> Date: Tue Nov 16 14:45:53 2021 +0100 qemuDomainPrepareStorageSourceBlockdev: Set default encryption engine also when preparing virStorageSource Originally the default encryption engine is populated in the disk post-parse callback code. This works for disks but for any additional images introduced either via the block copy API or via the backup API we don't populate the default. In case when the backup or block copy is requested on an encrypted image this would then lead to an error: error: internal error: Unexpected enum value 0 for virStorageEncryptionEngine This patch adds another point where we populate the default which is when setting up a virStorageSource for actual usage. We keep the original setting in the post-parse callback as that's the only point that is recorded in the XML file after definition. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2023674 Fixes: ab1d46d6128 Signed-off-by: Peter Krempa <pkrempa> Reviewed-by: Ján Tomko <jtomko> v7.9.0-187-g1e085019ca pre-verified with upstream build and result is PASS [root@yisun-upstream-test ~]# rpm -qa | grep libvirt-7 libvirt-7.10.0-1.fc34.x86_64 [root@yisun-upstream-test ~]# cat sec.xml <secret ephemeral='no' private='yes'> <description>LUKS Secret</description> <usage type='volume'> <volume>/tmp/scratch</volume> </usage> </secret> [root@yisun-upstream-test ~]# virsh secret-define sec.xml Secret d533acbb-37ac-4983-a82d-1be85148b0c1 created [root@yisun-upstream-test ~]# MYSECRET=`printf %s "redhat" | base64` [root@yisun-upstream-test ~]# virsh secret-set-value d533acbb-37ac-4983-a82d-1be85148b0c1 $MYSECRET error: Passing secret value as command-line argument is insecure! Secret value set [root@yisun-upstream-test ~]# virsh domstate lmn running [root@yisun-upstream-test ~]# virsh domblklist lmn Target Source --------------------------------------------- sda /var/lib/libvirt/images/lmn.qcow2 [root@yisun-upstream-test ~]# cat backup.xml <domainbackup mode="pull"> <server name="localhost" port="10809" /> <disks> <disk backup="yes" name="sda" type="file"> <scratch file="/tmp/scratch_file"> <encryption format="luks"> <secret type="passphrase" uuid="d533acbb-37ac-4983-a82d-1be85148b0c1" /> </encryption> </scratch> </disk> </disks> </domainbackup> [root@yisun-upstream-test ~]# virsh backup-begin lmn backup.xml Backup started [root@yisun-upstream-test ~]# qemu-img info /tmp/scratch_file -U image: /tmp/scratch_file file format: qcow2 virtual size: 10 GiB (10737418240 bytes) disk size: 2.19 MiB encrypted: yes cluster_size: 65536 backing file: /var/lib/libvirt/images/lmn.qcow2 backing file format: qcow2 Format specific information: compat: 1.1 compression type: zlib lazy refcounts: false refcount bits: 16 encrypt: ivgen alg: plain64 hash alg: sha256 cipher alg: aes-256 uuid: ea6631ad-bb66-456e-adeb-2c88c1bbaced format: luks cipher mode: xts slots: [0]: active: true iters: 1253078 key offset: 4096 stripes: 4000 [1]: active: false key offset: 262144 [2]: active: false key offset: 520192 [3]: active: false key offset: 778240 [4]: active: false key offset: 1036288 [5]: active: false key offset: 1294336 [6]: active: false key offset: 1552384 [7]: active: false key offset: 1810432 payload offset: 2068480 master key iters: 333062 corrupt: false extended l2: false Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: libvirt), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2390 |