qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 'qemu-img create' to backup encrypted qcow2 - ?

From: Peter Maydell
Subject: Re: 'qemu-img create' to backup encrypted qcow2 - ?
Date: Mon, 16 Aug 2021 15:39:29 +0100 
On Mon, 16 Aug 2021 at 15:14, lejeczek <peljasz@yahoo.co.uk> wrote:
> On 16/08/2021 10:02, Peter Maydell wrote:
> > Please don't make me try to reconstruct what you ran. Run
> > the command, and cut-and-paste the command line and the
> > output from your terminal into an email.

> reconstruct?

"work out what you actually ran by putting together a collection of
pieces of information supplied in multiple different emails"

> -> $ qemu-img create -f qcow2 -o
> encrypt.key-secret=3fd57349-3671-4cf2-ab00-f13b8ba00d4b -b
> /00.GLUSTER-mnt/VMs3/enc.locallan.qcow2 -F qcow2
> ./enc.locallan.qcow2.bkp
> qemu-img: ./enc.locallan.qcow2.bkp: Parameter
> 'encrypt.key-secret' is required for cipher
> Could not open backing image to determine size.

Thank you. What qemu-img version are you using?

With the one from current QEMU you don't get that error, but
instead get
"Parameter 'encrypt.format' is missing".
Fixing that (with "-o encrypt.format=luks") gives
"No secret with id '3fd57349-3671-4cf2-ab00-f13b8ba00d4b'"
which is because the encrypt.key-secret argument should be
the ID of a secret specified with the --object secret,...
option, eg:

./build/x86/qemu-img create -f qcow2 -o encrypt.key-secret=my-secret
-o encrypt.format=luks --object secret,id=my-secret,data=654321 -b
/tmp/foo.qcow2 -F qcow2 /tmp/out.bkp

That at least creates an image file.

There are more sensible ways to specify the secret than on
the commandline, see
https://qemu-project.gitlab.io/qemu/system/secrets.html
for other options like "read it from a file". NB that
hyphens aren't valid in ID names.

-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]