d03e1b3ce3
User-facing breaking change: The slirp submodule for user networking got removed. It would be necessary to add the --enable-slirp option to the build and/or install the appropriate library to continue building it. Since PVE is not explicitly supporting it, it would require additionally installing the libslirp0 package on all installations and there is *very* little mention on the community forum when searching for "slirp" or "netdev user", the plan is to only enable it again if there is some real demand for it. Notable changes: * The big change for this release is the rework of job locking, using a job mutex and introducing _locked() variants of job API functions moving away from call-side AioContext locking. See (in the qemu submodule) commit 6f592e5aca ("job.c: enable job lock/unlock and remove Aiocontext locks") and previous commits for context. Changes required for the backup patches: * Use WITH_JOB_LOCK_GUARD() and call the _locked() variant of job API functions where appropriate (many are only availalbe as a _locked() variant). * Remove acquiring/releasing AioContext around functions taking the job mutex lock internally. The patch introducing sequential transaction support for jobs needs to temporarily unlock the job mutex to call job_start() when starting the next job in the transaction. * The zeroinit block driver now marks its child as primary. The documentation in include/block/block-common.h states: > Filter node has exactly one FILTERED|PRIMARY child, and may have > other children which must not have these bits Without this, an assert will trigger when copying to a zeroinit target with qemu-img convert, because bdrv_child_cb_attach() expects any non-PRIMARY child to be not FILTERED: > qemu-img convert -n -p -f raw -O raw input.raw zeroinit:output.raw > qemu-img: ../block.c:1476: bdrv_child_cb_attach: Assertion > `!(child->role & BDRV_CHILD_FILTERED)' failed. Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
99 lines
3.9 KiB
Diff
99 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Reiter <s.reiter@proxmox.com>
|
|
Date: Wed, 10 Feb 2021 11:07:06 +0100
|
|
Subject: [PATCH] PBS: add master key support
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
this requires a new enough libproxmox-backup-qemu0, and allows querying
|
|
from the PVE side to avoid QMP calls with unsupported parameters.
|
|
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
|
|
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
---
|
|
block/monitor/block-hmp-cmds.c | 1 +
|
|
pve-backup.c | 3 +++
|
|
qapi/block-core.json | 7 +++++++
|
|
3 files changed, 11 insertions(+)
|
|
|
|
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
|
|
index 71ed202491..c7468e5d3b 100644
|
|
--- a/block/monitor/block-hmp-cmds.c
|
|
+++ b/block/monitor/block-hmp-cmds.c
|
|
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
|
|
false, NULL, // PBS password
|
|
false, NULL, // PBS keyfile
|
|
false, NULL, // PBS key_password
|
|
+ false, NULL, // PBS master_keyfile
|
|
false, NULL, // PBS fingerprint
|
|
false, NULL, // PBS backup-id
|
|
false, 0, // PBS backup-time
|
|
diff --git a/pve-backup.c b/pve-backup.c
|
|
index 109498eaf9..4b5134ed27 100644
|
|
--- a/pve-backup.c
|
|
+++ b/pve-backup.c
|
|
@@ -529,6 +529,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
|
bool has_password, const char *password,
|
|
bool has_keyfile, const char *keyfile,
|
|
bool has_key_password, const char *key_password,
|
|
+ bool has_master_keyfile, const char *master_keyfile,
|
|
bool has_fingerprint, const char *fingerprint,
|
|
bool has_backup_id, const char *backup_id,
|
|
bool has_backup_time, int64_t backup_time,
|
|
@@ -677,6 +678,7 @@ UuidInfo coroutine_fn *qmp_backup(
|
|
has_password ? password : NULL,
|
|
has_keyfile ? keyfile : NULL,
|
|
has_key_password ? key_password : NULL,
|
|
+ has_master_keyfile ? master_keyfile : NULL,
|
|
has_compress ? compress : true,
|
|
has_encrypt ? encrypt : has_keyfile,
|
|
has_fingerprint ? fingerprint : NULL,
|
|
@@ -1040,5 +1042,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
|
|
ret->pbs_dirty_bitmap_savevm = true;
|
|
ret->pbs_dirty_bitmap_migration = true;
|
|
ret->query_bitmap_info = true;
|
|
+ ret->pbs_masterkey = true;
|
|
return ret;
|
|
}
|
|
diff --git a/qapi/block-core.json b/qapi/block-core.json
|
|
index 4e8c35a3a2..d8c7331090 100644
|
|
--- a/qapi/block-core.json
|
|
+++ b/qapi/block-core.json
|
|
@@ -813,6 +813,8 @@
|
|
#
|
|
# @key-password: password for keyfile (optional for format 'pbs')
|
|
#
|
|
+# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
|
|
+#
|
|
# @fingerprint: server cert fingerprint (optional for format 'pbs')
|
|
#
|
|
# @backup-id: backup ID (required for format 'pbs')
|
|
@@ -832,6 +834,7 @@
|
|
'*password': 'str',
|
|
'*keyfile': 'str',
|
|
'*key-password': 'str',
|
|
+ '*master-keyfile': 'str',
|
|
'*fingerprint': 'str',
|
|
'*backup-id': 'str',
|
|
'*backup-time': 'int',
|
|
@@ -884,6 +887,9 @@
|
|
# migration cap if this is false/unset may lead
|
|
# to crashes on migration!
|
|
#
|
|
+# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
|
|
+# parameter.
|
|
+#
|
|
# @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
|
|
#
|
|
##
|
|
@@ -892,6 +898,7 @@
|
|
'query-bitmap-info': 'bool',
|
|
'pbs-dirty-bitmap-savevm': 'bool',
|
|
'pbs-dirty-bitmap-migration': 'bool',
|
|
+ 'pbs-masterkey': 'bool',
|
|
'pbs-library-version': 'str' } }
|
|
|
|
##
|