]> git.proxmox.com Git - qemu-server.git/commitdiff
projects / qemu-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 781fb80)
vzdump: log only once that encryption is enabled
authorThomas Lamprecht <t.lamprecht@proxmox.com>
Wed, 5 Jul 2023 05:40:26 +0000 (07:40 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Thu, 6 Jul 2023 13:01:13 +0000 (15:01 +0200)
our backup logs are still quite noise at the task start part so avoid
logging that the task is running with encryption enabled twice for
the master-key feature.

The definedness check on master_keyfile isn't required anymore, it
was never for the no-disk case, and for the standard case it isn't
since  781fb80 ("vzdump: error out for master-key backup but no QEMU
support")

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
PVE/VZDump/QemuServer.pm patch | blob | blame | history

diff --git a/PVE/VZDump/QemuServer.pm b/PVE/VZDump/QemuServer.pm
index 7bd2a4150704809bc0d1f0f81d9c4413b0a6add8..3c4ba52821ce1393ba6639343759d63661457bd8 100644 (file)
--- a/PVE/VZDump/QemuServer.pm
+++ b/PVE/VZDump/QemuServer.pm
@@ -507,8 +507,8 @@ sub archive_pbs {
     my $master_keyfile = PVE::Storage::PBSPlugin::pbs_master_pubkey_file_name($scfg, $opts->{storage});
 
     my $diskcount = scalar(@{$task->{disks}});
-    # proxmox-backup-client can only handle raw files and block devs
-    # only use it (directly) for disk-less VMs
+    # proxmox-backup-client can only handle raw files and block devs, so only use it (directly) for
+    # disk-less VMs
     if (!$diskcount) {
        $self->loginfo("backup contains no disks");
 
@@ -526,15 +526,14 @@ sub archive_pbs {
            push @$cmd, '--ns', $ns;
        }
        if (-e $keyfile) {
-           $self->loginfo("enabling encryption");
            push @$cmd, '--keyfile', $keyfile;
-           if (defined($master_keyfile)) {
-               if (-e $master_keyfile) {
-                   $self->loginfo("enabling master key feature");
-                   push @$cmd, '--master-pubkey-file', $master_keyfile;
-               } elsif ($scfg->{'master-pubkey'}) {
-                   die "master public key configured but no key file found\n";
-               }
+           if (-e $master_keyfile) {
+               $self->loginfo("enabling encryption with master key feature");
+               push @$cmd, '--master-pubkey-file', $master_keyfile;
+           } elsif ($scfg->{'master-pubkey'}) {
+               die "master public key configured but no key file found\n";
+           } else {
+               $self->loginfo("enabling client-side encryption");
            }
        } else {
            my $encryption_fp = $scfg->{'encryption-key'};
@@ -606,16 +605,15 @@ sub archive_pbs {
        $params->{fingerprint} = $fingerprint if defined($fingerprint);
        $params->{'firewall-file'} = $firewall if -e $firewall;
        if (-e $keyfile) {
-           $self->loginfo("enabling encryption");
            $params->{keyfile} = $keyfile;
            $params->{encrypt} = JSON::true;
-           if (defined($master_keyfile)) {
-               if (-e $master_keyfile) {
-                   $self->loginfo("enabling master key feature");
-                   $params->{"master-keyfile"} = $master_keyfile;
-               } elsif ($scfg->{'master-pubkey'}) {
-                   die "master public key configured but no key file found\n";
-               }
+           if (-e $master_keyfile) {
+               $self->loginfo("enabling encryption with master key feature");
+               $params->{"master-keyfile"} = $master_keyfile;
+           } elsif ($scfg->{'master-pubkey'}) {
+               die "master public key configured but no key file found\n";
+           } else {
+               $self->loginfo("enabling encryption");
            }
        } else {
            my $encryption_fp = $scfg->{'encryption-key'};
Virtual Machine Manager