proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-08-13 20:48:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

vzdump: log only once that encryption is enabled

Browse Source 
our backup logs are still quite noise at the task start part so avoid
logging that the task is running with encryption enabled twice for
the master-key feature.

The definedness check on master_keyfile isn't required anymore, it
was never for the no-disk case, and for the standard case it isn't
since  781fb80 ("vzdump: error out for master-key backup but no QEMU
support")

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-07-05 07:40:26 +02:00
parent 781fb80309
commit b241ddbf15
1 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
PVE/VZDump/QemuServer.pm
View File

@ -507,8 +507,8 @@ sub archive_pbs {
my $master_keyfile = PVE::Storage::PBSPlugin::pbs_master_pubkey_file_name($scfg, $opts->{storage});
my $diskcount = scalar(@{$task->{disks}});
# proxmox-backup-client can only handle raw files and block devs
# only use it (directly) for disk-less VMs
# proxmox-backup-client can only handle raw files and block devs, so only use it (directly) for
# disk-less VMs
if (!$diskcount) {
$self->loginfo("backup contains no disks");
@ -526,15 +526,14 @@ sub archive_pbs {
push @$cmd, '--ns', $ns;
}
if (-e $keyfile) {
$self->loginfo("enabling encryption");
push @$cmd, '--keyfile', $keyfile;
if (defined($master_keyfile)) {
if (-e $master_keyfile) {
$self->loginfo("enabling master key feature");
push @$cmd, '--master-pubkey-file', $master_keyfile;
} elsif ($scfg->{'master-pubkey'}) {
die "master public key configured but no key file found\n";
}
if (-e $master_keyfile) {
$self->loginfo("enabling encryption with master key feature");
push @$cmd, '--master-pubkey-file', $master_keyfile;
} elsif ($scfg->{'master-pubkey'}) {
die "master public key configured but no key file found\n";
} else {
$self->loginfo("enabling client-side encryption");
}
} else {
my $encryption_fp = $scfg->{'encryption-key'};
@ -606,16 +605,15 @@ sub archive_pbs {
$params->{fingerprint} = $fingerprint if defined($fingerprint);
$params->{'firewall-file'} = $firewall if -e $firewall;
if (-e $keyfile) {
$self->loginfo("enabling encryption");
$params->{keyfile} = $keyfile;
$params->{encrypt} = JSON::true;
if (defined($master_keyfile)) {
if (-e $master_keyfile) {
$self->loginfo("enabling master key feature");
$params->{"master-keyfile"} = $master_keyfile;
} elsif ($scfg->{'master-pubkey'}) {
die "master public key configured but no key file found\n";
}
if (-e $master_keyfile) {
$self->loginfo("enabling encryption with master key feature");
$params->{"master-keyfile"} = $master_keyfile;
} elsif ($scfg->{'master-pubkey'}) {
die "master public key configured but no key file found\n";
} else {
$self->loginfo("enabling encryption");
}
} else {
my $encryption_fp = $scfg->{'encryption-key'};