Actions
Bug #63184
open[luks] opening a clone under migration requires duplicating encryption spec
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Create a clone encrypted differently from its parent:
$ rbd create --size 1G parent $ rbd encryption format parent luks1 passphrase1 $ rbd snap create parent@snap $ rbd snap protect parent@snap $ rbd clone parent@snap clone $ rbd encryption format clone luks2 passphrase2
Opening it requires passing two encryption specs, as expected:
$ sudo rbd device map -t nbd -o encryption-format=luks2,encryption-passphrase-file=passphrase2,encryption-format=luks1,encryption-passphrase-file=passphrase1 clone /dev/nbd0
However opening the same clone under migration with the same command fails:
$ sudo rbd device unmap -t nbd clone $ rbd migration prepare clone migr-clone $ sudo rbd device map -t nbd -o encryption-format=luks2,encryption-passphrase-file=passphrase2,encryption-format=luks1,encryption-passphrase-file=passphrase1 migr-clone 2023-10-11T14:35:10.021-0400 7f29b6ffd700 -1 librbd::crypto::LoadRequest: 0x558cb50f9ee0 handle_load: failed to load encryption. image name: clone rbd-nbd: failed to load encryption: (22) Invalid argument rbd: rbd-nbd failed with error: /home/dis/src/ceph-b/build/bin/rbd-nbd: exit status: 1
Duplicating clone's encryption spec helps:
$ sudo rbd device map -t nbd -o encryption-format=luks2,encryption-passphrase-file=passphrase2,encryption-format=luks2,encryption-passphrase-file=passphrase2,encryption-format=luks1,encryption-passphrase-file=passphrase1 migr-clone /dev/nbd0
No data to display
Actions