search

openzfsonwindows / openzfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
455 stars 16 forks source link

Key load error: No keylocation=http:// back-end. #359

Closed oldshensheep closed 6 months ago

oldshensheep commented 6 months ago

System information

Type Version/Name
Distribution Name Windows 11 Pro
Distribution Version 23H2
Kernel Version 22635.3212
Architecture x64
OpenZFS Version OpenZFSOnWindows-debug-2.2.99-13-gfddfb6aeb5.exe

Describe the problem you're observing

these pools are created on Linux.

On Windows:

❯ zfs get all | rg key
poolname       keylocation           http://127.0.0.1:8080/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  local
poolname       keyformat             raw                                                                 -
poolname       keystatus             unavailable                                                         -
poolname/xxx       keylocation           http://127.0.0.1:8080/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy  local
poolname/xxx       keyformat             raw                                                                 -
poolname/xxx       keystatus             unavailable                                                         -
poolname/yyy       keylocation           none                                                                default
poolname/yyy       keyformat             raw                                                                 -
poolname/yyy       keystatus             unavailable                                                         -

❯ zfs load-key -a
Key load error: No keylocation=http:// back-end.
Key load error: No keylocation=http:// back-end.
0 / 2 key(s) successfully loaded

Describe how to reproduce the problem

looks like http backend is not suppoerted?

 ❯ zfs create -o encryption=on -o keyformat=raw -o keylocation=http:///127.0.0.1:8080/test poolname/123
cannot create 'poolname/123': No keylocation=http:// back-end.

Include any warning/errors/backtraces from the system logs

lundman commented 6 months ago

Ah they must have added it somewhere along the line, and we don't have it yet.

lundman commented 6 months ago

Ah I see. It needs either LIBFETCH_DYNAMIC, LIBFETCH_IS_FETCH or LIBFETCH_IS_LIBCURL. Easiest there is probably libcurl.

lundman commented 6 months ago

e059d61

$ SSL_NO_VERIFY_PEER=1 ./zfs create -o encryption=on -o keyformat=raw \
      -o keylocation=https://lundman.net/key.bin \
      BOOM/ccm

$ ./zfs get keylocation BOOM/ccm
NAME      PROPERTY     VALUE                        SOURCE
BOOM/ccm  keylocation  https://lundman.net/key.bin  local
oldshensheep commented 6 months ago

Working fine now

Erwin53 commented 4 months ago

I'm still getting this error:

PS [Erwin@VERWIN] C:\> zfs get all | grep keysta

dpool  keystatus             unavailable                         -

PS [Erwin@VERWIN] C:\> zfs load-key -a

Key load error: Couldn't GET http://192.168.0.10:84/zfs/zfs-key: No error
0 / 1 key(s) successfully loaded

PS [Erwin@VERWIN] C:\> zfs get all | grep keysta

dpool  keystatus             unavailable                         -

PS [Erwin@VERWIN] C:\> zfs set keylocation=file:///zfs-key dpool
PS [Erwin@VERWIN] C:\> zfs load-key -a

1 / 1 key(s) successfully loaded

The curl command mentioned before works nicely.

Any ideas?

Cheers, Erwin

lundman commented 4 months ago

I am assuming you know what you are doing enough not to have to ask about port 84. I did wonder if we should maybe keep libfetch VERBOSE on, otherwise it is far too quiet. https://github.com/openzfsonwindows/openzfs/blob/development/lib/libzfs/libzfs_crypto.c#L586

Erwin53 commented 4 months ago

Thanks for the quick response. This is a pure testing environment. Changing the port to e.g. 8088 didn't solve anything:

Key load error: Couldn't GET http://192.168.0.10:8088/zfs/zfs-key: No error
0 / 1 key(s) successfully loaded

All these work fine in my Ubuntu environments.

lundman commented 4 months ago

well, you can just telnet 192.168.0.10 8088 then send GET /zfs/zfs-key HTTP/1.0 return, return.