From b241ddbf154ff62d582866e1be2354f1098e9551 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 5 Jul 2023 07:40:26 +0200 Subject: [PATCH] vzdump: log only once that encryption is enabled our backup logs are still quite noise at the task start part so avoid logging that the task is running with encryption enabled twice for the master-key feature. The definedness check on master_keyfile isn't required anymore, it was never for the no-disk case, and for the standard case it isn't since 781fb80 ("vzdump: error out for master-key backup but no QEMU support") Signed-off-by: Thomas Lamprecht --- PVE/VZDump/QemuServer.pm | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/PVE/VZDump/QemuServer.pm b/PVE/VZDump/QemuServer.pm index 7bd2a41..3c4ba52 100644 --- a/PVE/VZDump/QemuServer.pm +++ b/PVE/VZDump/QemuServer.pm @@ -507,8 +507,8 @@ sub archive_pbs { my $master_keyfile = PVE::Storage::PBSPlugin::pbs_master_pubkey_file_name($scfg, $opts->{storage}); my $diskcount = scalar(@{$task->{disks}}); - # proxmox-backup-client can only handle raw files and block devs - # only use it (directly) for disk-less VMs + # proxmox-backup-client can only handle raw files and block devs, so only use it (directly) for + # disk-less VMs if (!$diskcount) { $self->loginfo("backup contains no disks"); @@ -526,15 +526,14 @@ sub archive_pbs { push @$cmd, '--ns', $ns; } if (-e $keyfile) { - $self->loginfo("enabling encryption"); push @$cmd, '--keyfile', $keyfile; - if (defined($master_keyfile)) { - if (-e $master_keyfile) { - $self->loginfo("enabling master key feature"); - push @$cmd, '--master-pubkey-file', $master_keyfile; - } elsif ($scfg->{'master-pubkey'}) { - die "master public key configured but no key file found\n"; - } + if (-e $master_keyfile) { + $self->loginfo("enabling encryption with master key feature"); + push @$cmd, '--master-pubkey-file', $master_keyfile; + } elsif ($scfg->{'master-pubkey'}) { + die "master public key configured but no key file found\n"; + } else { + $self->loginfo("enabling client-side encryption"); } } else { my $encryption_fp = $scfg->{'encryption-key'}; @@ -606,16 +605,15 @@ sub archive_pbs { $params->{fingerprint} = $fingerprint if defined($fingerprint); $params->{'firewall-file'} = $firewall if -e $firewall; if (-e $keyfile) { - $self->loginfo("enabling encryption"); $params->{keyfile} = $keyfile; $params->{encrypt} = JSON::true; - if (defined($master_keyfile)) { - if (-e $master_keyfile) { - $self->loginfo("enabling master key feature"); - $params->{"master-keyfile"} = $master_keyfile; - } elsif ($scfg->{'master-pubkey'}) { - die "master public key configured but no key file found\n"; - } + if (-e $master_keyfile) { + $self->loginfo("enabling encryption with master key feature"); + $params->{"master-keyfile"} = $master_keyfile; + } elsif ($scfg->{'master-pubkey'}) { + die "master public key configured but no key file found\n"; + } else { + $self->loginfo("enabling encryption"); } } else { my $encryption_fp = $scfg->{'encryption-key'}; -- 2.39.2