2021-02-11 19:11:12 +03:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Stefan Reiter <s.reiter@proxmox.com>
|
|
|
|
Date: Wed, 10 Feb 2021 11:07:06 +0100
|
|
|
|
Subject: [PATCH] PBS: add master key support
|
|
|
|
MIME-Version: 1.0
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
|
|
this requires a new enough libproxmox-backup-qemu0, and allows querying
|
|
|
|
from the PVE side to avoid QMP calls with unsupported parameters.
|
|
|
|
|
|
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
|
|
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
|
2022-01-13 12:34:33 +03:00
|
|
|
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
2021-02-11 19:11:12 +03:00
|
|
|
---
|
|
|
|
block/monitor/block-hmp-cmds.c | 1 +
|
|
|
|
pve-backup.c | 3 +++
|
|
|
|
qapi/block-core.json | 7 +++++++
|
|
|
|
3 files changed, 11 insertions(+)
|
|
|
|
|
|
|
|
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
|
2022-12-14 17:16:32 +03:00
|
|
|
index 71ed202491..c7468e5d3b 100644
|
2021-02-11 19:11:12 +03:00
|
|
|
--- a/block/monitor/block-hmp-cmds.c
|
|
|
|
+++ b/block/monitor/block-hmp-cmds.c
|
2021-10-11 14:55:34 +03:00
|
|
|
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
|
2021-02-11 19:11:12 +03:00
|
|
|
false, NULL, // PBS password
|
|
|
|
false, NULL, // PBS keyfile
|
|
|
|
false, NULL, // PBS key_password
|
|
|
|
+ false, NULL, // PBS master_keyfile
|
|
|
|
false, NULL, // PBS fingerprint
|
|
|
|
false, NULL, // PBS backup-id
|
|
|
|
false, 0, // PBS backup-time
|
|
|
|
diff --git a/pve-backup.c b/pve-backup.c
|
2022-12-14 17:16:32 +03:00
|
|
|
index 109498eaf9..4b5134ed27 100644
|
2021-02-11 19:11:12 +03:00
|
|
|
--- a/pve-backup.c
|
|
|
|
+++ b/pve-backup.c
|
2022-12-14 17:16:32 +03:00
|
|
|
@@ -529,6 +529,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
2021-02-11 19:11:12 +03:00
|
|
|
bool has_password, const char *password,
|
|
|
|
bool has_keyfile, const char *keyfile,
|
|
|
|
bool has_key_password, const char *key_password,
|
|
|
|
+ bool has_master_keyfile, const char *master_keyfile,
|
|
|
|
bool has_fingerprint, const char *fingerprint,
|
|
|
|
bool has_backup_id, const char *backup_id,
|
|
|
|
bool has_backup_time, int64_t backup_time,
|
2022-12-14 17:16:32 +03:00
|
|
|
@@ -677,6 +678,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
2021-02-11 19:11:12 +03:00
|
|
|
has_password ? password : NULL,
|
|
|
|
has_keyfile ? keyfile : NULL,
|
|
|
|
has_key_password ? key_password : NULL,
|
|
|
|
+ has_master_keyfile ? master_keyfile : NULL,
|
|
|
|
has_compress ? compress : true,
|
|
|
|
has_encrypt ? encrypt : has_keyfile,
|
|
|
|
has_fingerprint ? fingerprint : NULL,
|
2022-12-14 17:16:32 +03:00
|
|
|
@@ -1040,5 +1042,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
2021-03-16 19:30:22 +03:00
|
|
|
ret->pbs_dirty_bitmap_savevm = true;
|
2021-02-11 19:11:12 +03:00
|
|
|
ret->pbs_dirty_bitmap_migration = true;
|
2021-03-16 19:30:22 +03:00
|
|
|
ret->query_bitmap_info = true;
|
2021-02-11 19:11:12 +03:00
|
|
|
+ ret->pbs_masterkey = true;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
diff --git a/qapi/block-core.json b/qapi/block-core.json
|
2022-12-14 17:16:32 +03:00
|
|
|
index 4e8c35a3a2..d8c7331090 100644
|
2021-02-11 19:11:12 +03:00
|
|
|
--- a/qapi/block-core.json
|
|
|
|
+++ b/qapi/block-core.json
|
update submodule and patches to 7.1.0
Notable changes:
* The only big change is the switch to using a custom QIOChannel for
savevm-async, because the previously used QEMUFileOps was dropped.
Changes to the current implementation:
* Switch to vector based methods as required for an IO channel. For
short reads the passed-in IO vector is stuffed with zeroes at the
end, just to be sure.
* For reading: The documentation in include/io/channel.h states that
at least one byte should be read, so also error out when whe are
at the very end instead of returning 0.
* For reading: Fix off-by-one error when request goes beyond end.
The wrong code piece was:
if ((pos + size) > maxlen) {
size = maxlen - pos - 1;
}
Previously, the last byte would not be read. It's actually
possible to get a snapshot .raw file that has content all the way
up the final 512 byte (= BDRV_SECTOR_SIZE) boundary without any
trailing zero bytes (I wrote a script to do it).
Luckily, it didn't cause a real issue, because qemu_loadvm_state()
is not interested in the final (i.e. QEMU_VM_VMDESCRIPTION)
section. The buffer for reading it is simply freed up afterwards
and the function will assume that it read the whole section, even
if that's not the case.
* For writing: Make use of the generated blk_pwritev() wrapper
instead of manually wrapping the coroutine to simplify and save a
few lines.
* Adapt to changed interfaces for blk_{pread,pwrite}:
* a9262f551e ("block: Change blk_{pread,pwrite}() param order")
* 3b35d4542c ("block: Add a 'flags' param to blk_pread()")
* bf5b16fa40 ("block: Make blk_{pread,pwrite}() return 0 on success")
Those changes especially affected the qemu-img dd patches, because
the context also changed, but also some of our block drivers used
the functions.
* Drop qemu-common.h include: it got renamed after essentially
everything was moved to other headers. The only remaining user I
could find for things dropped from the header between 7.0 and 7.1
was qemu_get_vm_name() in the iscsi-initiatorname patch, but it
already includes the header to which the function was moved.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2022-10-14 15:07:13 +03:00
|
|
|
@@ -813,6 +813,8 @@
|
2021-02-11 19:11:12 +03:00
|
|
|
#
|
|
|
|
# @key-password: password for keyfile (optional for format 'pbs')
|
|
|
|
#
|
|
|
|
+# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
|
|
|
|
+#
|
|
|
|
# @fingerprint: server cert fingerprint (optional for format 'pbs')
|
|
|
|
#
|
|
|
|
# @backup-id: backup ID (required for format 'pbs')
|
update submodule and patches to 7.1.0
Notable changes:
* The only big change is the switch to using a custom QIOChannel for
savevm-async, because the previously used QEMUFileOps was dropped.
Changes to the current implementation:
* Switch to vector based methods as required for an IO channel. For
short reads the passed-in IO vector is stuffed with zeroes at the
end, just to be sure.
* For reading: The documentation in include/io/channel.h states that
at least one byte should be read, so also error out when whe are
at the very end instead of returning 0.
* For reading: Fix off-by-one error when request goes beyond end.
The wrong code piece was:
if ((pos + size) > maxlen) {
size = maxlen - pos - 1;
}
Previously, the last byte would not be read. It's actually
possible to get a snapshot .raw file that has content all the way
up the final 512 byte (= BDRV_SECTOR_SIZE) boundary without any
trailing zero bytes (I wrote a script to do it).
Luckily, it didn't cause a real issue, because qemu_loadvm_state()
is not interested in the final (i.e. QEMU_VM_VMDESCRIPTION)
section. The buffer for reading it is simply freed up afterwards
and the function will assume that it read the whole section, even
if that's not the case.
* For writing: Make use of the generated blk_pwritev() wrapper
instead of manually wrapping the coroutine to simplify and save a
few lines.
* Adapt to changed interfaces for blk_{pread,pwrite}:
* a9262f551e ("block: Change blk_{pread,pwrite}() param order")
* 3b35d4542c ("block: Add a 'flags' param to blk_pread()")
* bf5b16fa40 ("block: Make blk_{pread,pwrite}() return 0 on success")
Those changes especially affected the qemu-img dd patches, because
the context also changed, but also some of our block drivers used
the functions.
* Drop qemu-common.h include: it got renamed after essentially
everything was moved to other headers. The only remaining user I
could find for things dropped from the header between 7.0 and 7.1
was qemu_get_vm_name() in the iscsi-initiatorname patch, but it
already includes the header to which the function was moved.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2022-10-14 15:07:13 +03:00
|
|
|
@@ -832,6 +834,7 @@
|
2021-02-11 19:11:12 +03:00
|
|
|
'*password': 'str',
|
|
|
|
'*keyfile': 'str',
|
|
|
|
'*key-password': 'str',
|
|
|
|
+ '*master-keyfile': 'str',
|
|
|
|
'*fingerprint': 'str',
|
|
|
|
'*backup-id': 'str',
|
|
|
|
'*backup-time': 'int',
|
update submodule and patches to 7.1.0
Notable changes:
* The only big change is the switch to using a custom QIOChannel for
savevm-async, because the previously used QEMUFileOps was dropped.
Changes to the current implementation:
* Switch to vector based methods as required for an IO channel. For
short reads the passed-in IO vector is stuffed with zeroes at the
end, just to be sure.
* For reading: The documentation in include/io/channel.h states that
at least one byte should be read, so also error out when whe are
at the very end instead of returning 0.
* For reading: Fix off-by-one error when request goes beyond end.
The wrong code piece was:
if ((pos + size) > maxlen) {
size = maxlen - pos - 1;
}
Previously, the last byte would not be read. It's actually
possible to get a snapshot .raw file that has content all the way
up the final 512 byte (= BDRV_SECTOR_SIZE) boundary without any
trailing zero bytes (I wrote a script to do it).
Luckily, it didn't cause a real issue, because qemu_loadvm_state()
is not interested in the final (i.e. QEMU_VM_VMDESCRIPTION)
section. The buffer for reading it is simply freed up afterwards
and the function will assume that it read the whole section, even
if that's not the case.
* For writing: Make use of the generated blk_pwritev() wrapper
instead of manually wrapping the coroutine to simplify and save a
few lines.
* Adapt to changed interfaces for blk_{pread,pwrite}:
* a9262f551e ("block: Change blk_{pread,pwrite}() param order")
* 3b35d4542c ("block: Add a 'flags' param to blk_pread()")
* bf5b16fa40 ("block: Make blk_{pread,pwrite}() return 0 on success")
Those changes especially affected the qemu-img dd patches, because
the context also changed, but also some of our block drivers used
the functions.
* Drop qemu-common.h include: it got renamed after essentially
everything was moved to other headers. The only remaining user I
could find for things dropped from the header between 7.0 and 7.1
was qemu_get_vm_name() in the iscsi-initiatorname patch, but it
already includes the header to which the function was moved.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2022-10-14 15:07:13 +03:00
|
|
|
@@ -884,6 +887,9 @@
|
2021-02-11 19:11:12 +03:00
|
|
|
# migration cap if this is false/unset may lead
|
|
|
|
# to crashes on migration!
|
|
|
|
#
|
|
|
|
+# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
|
|
|
|
+# parameter.
|
|
|
|
+#
|
|
|
|
# @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
|
|
|
|
#
|
|
|
|
##
|
update submodule and patches to 7.1.0
Notable changes:
* The only big change is the switch to using a custom QIOChannel for
savevm-async, because the previously used QEMUFileOps was dropped.
Changes to the current implementation:
* Switch to vector based methods as required for an IO channel. For
short reads the passed-in IO vector is stuffed with zeroes at the
end, just to be sure.
* For reading: The documentation in include/io/channel.h states that
at least one byte should be read, so also error out when whe are
at the very end instead of returning 0.
* For reading: Fix off-by-one error when request goes beyond end.
The wrong code piece was:
if ((pos + size) > maxlen) {
size = maxlen - pos - 1;
}
Previously, the last byte would not be read. It's actually
possible to get a snapshot .raw file that has content all the way
up the final 512 byte (= BDRV_SECTOR_SIZE) boundary without any
trailing zero bytes (I wrote a script to do it).
Luckily, it didn't cause a real issue, because qemu_loadvm_state()
is not interested in the final (i.e. QEMU_VM_VMDESCRIPTION)
section. The buffer for reading it is simply freed up afterwards
and the function will assume that it read the whole section, even
if that's not the case.
* For writing: Make use of the generated blk_pwritev() wrapper
instead of manually wrapping the coroutine to simplify and save a
few lines.
* Adapt to changed interfaces for blk_{pread,pwrite}:
* a9262f551e ("block: Change blk_{pread,pwrite}() param order")
* 3b35d4542c ("block: Add a 'flags' param to blk_pread()")
* bf5b16fa40 ("block: Make blk_{pread,pwrite}() return 0 on success")
Those changes especially affected the qemu-img dd patches, because
the context also changed, but also some of our block drivers used
the functions.
* Drop qemu-common.h include: it got renamed after essentially
everything was moved to other headers. The only remaining user I
could find for things dropped from the header between 7.0 and 7.1
was qemu_get_vm_name() in the iscsi-initiatorname patch, but it
already includes the header to which the function was moved.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2022-10-14 15:07:13 +03:00
|
|
|
@@ -892,6 +898,7 @@
|
2021-02-11 19:11:12 +03:00
|
|
|
'query-bitmap-info': 'bool',
|
2021-03-16 19:30:22 +03:00
|
|
|
'pbs-dirty-bitmap-savevm': 'bool',
|
2021-02-11 19:11:12 +03:00
|
|
|
'pbs-dirty-bitmap-migration': 'bool',
|
|
|
|
+ 'pbs-masterkey': 'bool',
|
|
|
|
'pbs-library-version': 'str' } }
|
|
|
|
|
|
|
|
##
|