NFS Remote encryption problem
-
i cannot get the NFS Remotes encryption to work for me. When creating a new remote without encryption it works. When creating the same remote, but with an encryption key (32 characters, also tried hexadecimal format), it fails with:
"message": "ENOENT: no such file or directory, open '/run/xo-server/mounts/e782c43e-2ac7-472c-...etc.../metadata.json'",
(in both cases I have enabled "Store backup as multiple data blocks instead of a whole VHD file.")
Has anyone got this working, and what is the trick here (or my mistake)?
-
Hi,
Have you tested with XOA or XO from the sources?
-
@olivierlambert XO from sources commit a7d7c
-
Do you have the same issue on XOA Latest?
-
@olivierlambert yes, same problem with XO commit 78ae1
-
No, I meant XOA on the latest release channel, not XO from the sources.
-
@olivierlambert oh sorry. I don't use XOA. Why would that make a difference? is encryption not working in XO for NFS remotes?
Please note that I am running this just in my homelab and I have no budget for licensing XOA features that I would need.
-
It's a way to check if it's your installation from the sources or the environment. Differential diag, if you prefer. You can enable the trial to test it for free without any commitment. It's just to help tracking the issue, not to make you purchase XOA
-
@olivierlambert OK i gave this a shot but deployment is stuck at 20%. I had provided valid network parameters. When looking at the XOA VM (using XO), I can see that the VIF is configured incorrectly (at least at this deploymentstage of 20%), although I have provided parameters that will work when they are actually used.
I can also tell you that a friend who wanted to try out XOA had the same problem, installation being stuck at 20%.
I don't think that XOA is the right path for me.
-
What do you mean exactly? The import task is stuck at 20%? Please wait for a while to see if after 10 or 20 minutes it works. Deploying an XOA should be straightforward.
-
@olivierlambert Yes sorry, I guess I was not patient enough, the import of the VM was incomplete, now it is running and XOA deployment at 80%. I will wait and let you know the outcome.
-
@olivierlambert I have setup a NFS remote for backup as I did in the XO from source. I get the exact same behavior as already described for the XO instance from source, i.e. the remote works without encryption and fails with encryption key, error is the same as described above.
-
Okay pinging @julien-f about the encryption seems broken.
-
@olivierlambert thanks! I have tried to put the remote on a different filer and there it works with encryption.
unraid: does not work
truenas core: worksThis was just for testing purposes. I cannot use the truenas filer, as it does not have enough storage for my XCP backups. The unRAID filer is my only option here. Is there any chance to figure out what goes wrong there?
The part that is irritating is that it works without encryption. The way I understood the implementation of remote encryption is that it is independent of the underlying storage (protocol) and thereby there should be no difference for the NFS daemon whether encryption is used or not. Right?
-
@olivierlambert @julien-f OK I got this figured out and it may be worth putting this as a tipp in the XO documentation:
unRAID offers two kinds NFS exports as shares:
- user (a virtual fs layer across the array of several disks)
- disk (direkt fs access to the disk, not going through the array fs layer)
Normally the disk type share is more compatible and faster. This is where XO remote encryption does not work.
XO remote encryption works fine with the user type of shares.
I am currently running some backups to see if not just the mount works and that it is actually working in operation.
-
I am now also seeing the "Trying to add data in unsupported state" problem,
see this thread: https://xcp-ng.org/forum/post/84594
That did never occur when the remote used for this backup was not encrypted.
-
@djingo said in NFS Remote encryption problem:
"message": "ENOENT: no such file or directory, open '/run/xo-server/mounts/e782c43e-2ac7-472c-...etc.../metadata.json'"
Hi,
Can you see if the specified path and file exist?
-
@stephane-m-dev the path exists but it was empty.
-
@djingo said in NFS Remote encryption problem:
@stephane-m-dev the path exists but it was empty.
The problem doesn't happen on our enterprise NFS server with encryption.
But I tested on a freshly installed personal NFS server, and I get the same error as you if I use encryption.
We are investigating and will keep you informed.
-
It seems the problem happens when the directory shared contains non-hidden files.
Can you try to add a NFS remote with encryption on an new empty directory, and let us know if it works?This is not specified, but the encrypted remote must not contain encrypted and unencrypted file, as they may conflict.
We should add this information.
