Skip to content

linstor: fix encrypted volume snapshot backup and restore#13486

Open
rp- wants to merge 1 commit into
apache:4.22from
LINBIT:linstor-4.22-fix-encrypted-snapshot-restore
Open

linstor: fix encrypted volume snapshot backup and restore#13486
rp- wants to merge 1 commit into
apache:4.22from
LINBIT:linstor-4.22-fix-encrypted-snapshot-restore

Conversation

@rp-

@rp- rp- commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Description

This PR fixes a bug that was reported on the linstor-server github project: LINBIT/linstor-server#495

Encrypted Linstor volumes use a LUKS layer inside the DRBD stack, so the storage-layer snapshot device holds ciphertext while the DRBD device CloudStack restores to is the decrypted view. Backing up the raw snapshot and writing it back to the decrypted device corrupted the volume (different data, unbootable root).

Back up encrypted snapshots from the decrypted DRBD device (forcing the temporary-resource path) and store them as a LUKS-encrypted qcow2 using the volume passphrase, so snapshots are not kept in clear text on secondary storage. On revert, decrypt the qcow2 and write plaintext to the DRBD device; the LUKS layer re-encrypts it. The qemu-img shrink is skipped for encrypted volumes (the DRBD device is already net-sized).

Add an integration test (test_linstor_encrypted_snapshots.py): the encrypted-root snapshot revert round-trip, that
create-volume-from-encrypted-snapshot is rejected by CloudStack core, and a best-effort check that the backed-up qcow2 is LUKS-encrypted at rest.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Added/Run integration tests to restore encrypted volumes.

@rp- rp- self-assigned this Jun 24, 2026
@rp-
linstor: fix encrypted volume snapshot backup and restore
b44339a 
Encrypted Linstor volumes use a LUKS layer inside the DRBD stack, so
the storage-layer snapshot device holds ciphertext while the DRBD
device CloudStack restores to is the decrypted view. Backing up the
raw snapshot and writing it back to the decrypted device corrupted the
volume (different data, unbootable root).

Back up encrypted snapshots from the decrypted DRBD device (forcing
the temporary-resource path) and store them as a LUKS-encrypted qcow2
using the volume passphrase, so snapshots are not kept in clear text
on secondary storage. On revert, decrypt the qcow2 and write plaintext
to the DRBD device; the LUKS layer re-encrypts it. The qemu-img shrink
is skipped for encrypted volumes (the DRBD device is already
net-sized).

Add an integration test (test_linstor_encrypted_snapshots.py): the
encrypted-root snapshot revert round-trip, that
create-volume-from-encrypted-snapshot is rejected by CloudStack core,
and a best-effort check that the backed-up qcow2 is LUKS-encrypted at
rest.
@rp- rp- force-pushed the linstor-4.22-fix-encrypted-snapshot-restore branch from 63786c5 to b44339a Compare June 24, 2026 13:32
@codecov

codecov Bot commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 32 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.67%. Comparing base (288f9a9) to head (b44339a).

Files with missing lines Patch % Lines
...e/wrapper/LinstorBackupSnapshotCommandWrapper.java 0.00% 18 Missing ⚠️
...per/LinstorRevertBackupSnapshotCommandWrapper.java 0.00% 9 Missing ⚠️
...tore/driver/LinstorPrimaryDataStoreDriverImpl.java 0.00% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##               4.22   #13486   +/-   ##
=========================================
  Coverage     17.67%   17.67%           
- Complexity    15790    15793    +3     
=========================================
  Files          5922     5922           
  Lines        533173   533196   +23     
  Branches      65209    65217    +8     
=========================================
+ Hits          94218    94227    +9     
- Misses       428309   428322   +13     
- Partials      10646    10647    +1
Flag Coverage Δ
uitests 3.69% <ø> (ø)
unittests 18.74% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rp- rp-

Labels

3rd-party:linstor component:integration-test component:primary-storage component:storage Python Warning... Python code Ahead!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rp-