Key load error: No keylocation=http:// back-end.

Question

Key load error: No keylocation=http:// back-end.

oldshensheep opened this issue 10 months ago · 8 comments

System information

Type	Version/Name
Distribution Name	Windows 11 Pro
Distribution Version	23H2
Kernel Version	22635.3212
Architecture	x64
OpenZFS Version	OpenZFSOnWindows-debug-2.2.99-13-gfddfb6aeb5.exe

Describe the problem you're observing

these pools are created on Linux.

On Windows:

❯ zfs get all | rg key
poolname       keylocation           http://127.0.0.1:8080/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  local
poolname       keyformat             raw                                                                 -
poolname       keystatus             unavailable                                                         -
poolname/xxx       keylocation           http://127.0.0.1:8080/yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy  local
poolname/xxx       keyformat             raw                                                                 -
poolname/xxx       keystatus             unavailable                                                         -
poolname/yyy       keylocation           none                                                                default
poolname/yyy       keyformat             raw                                                                 -
poolname/yyy       keystatus             unavailable                                                         -

❯ zfs load-key -a
Key load error: No keylocation=http:// back-end.
Key load error: No keylocation=http:// back-end.
0 / 2 key(s) successfully loaded

Describe how to reproduce the problem

looks like http backend is not suppoerted?

 ❯ zfs create -o encryption=on -o keyformat=raw -o keylocation=http:///127.0.0.1:8080/test poolname/123
cannot create 'poolname/123': No keylocation=http:// back-end.

Include any warning/errors/backtraces from the system logs

Answer 1 · 2024-03-06T03:24:14.000Z

Ah they must have added it somewhere along the line, and we don't have it yet.

Answer 2 · 2024-03-06T09:52:53.000Z

Ah I see. It needs either LIBFETCH_DYNAMIC, LIBFETCH_IS_FETCH or LIBFETCH_IS_LIBCURL. Easiest there is probably libcurl.

Answer 3 · 2024-03-12T04:52:20.000Z

e059d61

$ SSL_NO_VERIFY_PEER=1 ./zfs create -o encryption=on -o keyformat=raw \
      -o keylocation=https://lundman.net/key.bin \
      BOOM/ccm

$ ./zfs get keylocation BOOM/ccm
NAME      PROPERTY     VALUE                        SOURCE
BOOM/ccm  keylocation  https://lundman.net/key.bin  local

Answer 4 · 2024-03-17T04:56:21.000Z

Working fine now

Answer 5 · 2024-06-01T08:12:20.000Z

I'm still getting this error:

PS [Erwin@VERWIN] C:\> zfs get all | grep keysta

dpool  keystatus             unavailable                         -

PS [Erwin@VERWIN] C:\> zfs load-key -a

Key load error: Couldn't GET http://192.168.0.10:84/zfs/zfs-key: No error
0 / 1 key(s) successfully loaded

PS [Erwin@VERWIN] C:\> zfs get all | grep keysta

dpool  keystatus             unavailable                         -

PS [Erwin@VERWIN] C:\> zfs set keylocation=file:///zfs-key dpool
PS [Erwin@VERWIN] C:\> zfs load-key -a

1 / 1 key(s) successfully loaded

The curl command mentioned before works nicely.

Any ideas?

Cheers,
Erwin

Answer 6 · 2024-06-01T08:41:32.000Z

I am assuming you know what you are doing enough not to have to ask about port 84. I did wonder if we should maybe keep libfetch VERBOSE on, otherwise it is far too quiet.
https://github.com/openzfsonwindows/openzfs/blob/development/lib/libzfs/libzfs_crypto.c#L586

Answer 7 · 2024-06-01T08:59:17.000Z

Thanks for the quick response. This is a pure testing environment.
Changing the port to e.g. 8088 didn't solve anything:

Key load error: Couldn't GET http://192.168.0.10:8088/zfs/zfs-key: No error
0 / 1 key(s) successfully loaded

All these work fine in my Ubuntu environments.

Answer 8 · 2024-06-01T09:05:46.000Z

well, you can just telnet 192.168.0.10 8088 then send GET /zfs/zfs-key HTTP/1.0 return, return.