ceph-disk: fix dmcrypt_map() usage for LUKS activate

29431944c77adbc3464a8faeb7e052b24f821780 added a call to dmcrypt_map()
during disk activation. The change is not suitable for use alongside
the recently added dmcrypt LUKS support, because:
- The callers don't correctly provide cryptsetup_parameters or luks
  arguments.
- dmcrypt_map() calls LuksFormat, which should never be performed
  during disk activation.
- The key file paths don't carry the luks suffix when required.

This commit addresses these issues. Corresponding tests and a udev file
update will follow.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Conflicts:
	src/ceph-disk

diff --git a/src/ceph-disk b/src/ceph-disk
index c6c4c9bcef6924d0bc59452d3e7dedade8d07c51..a57c3a6fb253bca51c0650c4e1f74d677ecc153b 100755 (executable)
--- a/src/ceph-disk
+++ b/src/ceph-disk
@@ -996,7 +996,8 @@ def dmcrypt_map(
     keypath,
     _uuid,
     cryptsetup_parameters,
-    luks
+    luks,
+    format_dev=False,
     ):
     """
     Maps a device to a dmcrypt device.
@@ -1033,7 +1034,8 @@ def dmcrypt_map(
 
     try:
         if luks:
-            command_check_call(luksFormat_args)
+            if format_dev:
+                   command_check_call(luksFormat_args)
             command_check_call(luksOpen_args)
         else:
             # Plain mode has no format function, nor any validation that the key is correct.
@@ -1590,7 +1592,14 @@ def prepare_dev(
 
     dev = None
     if osd_dm_keypath:
-        dev = dmcrypt_map(rawdev, osd_dm_keypath, osd_uuid, cryptsetup_parameters, luks)
+        dev = dmcrypt_map(
+                rawdev=rawdev,
+                keypath=osd_dm_keypath,
+                _uuid=osd_uuid,
+                cryptsetup_parameters=cryptsetup_parameters,
+                luks=luks,
+                format_dev=True,
+                )
     else:
         dev = rawdev
 
@@ -2123,11 +2132,24 @@ def mount_activate(
             # proceeding.
             rawdev = dev
             ptype = get_partition_type(rawdev)
-            if ptype not in [DMCRYPT_OSD_UUID]:
+            if ptype in [DMCRYPT_OSD_UUID]:
+                luks = False
+                cryptsetup_parameters = ['--key-size', '256']
+            elif ptype in [DMCRYPT_LUKS_OSD_UUID]:
+                luks = True
+                cryptsetup_parameters = []
+            else:
                 raise Error('activate --dmcrypt called for invalid dev %s' % (dev))
             part_uuid = get_partition_uuid(rawdev)
-            dmcrypt_key_path = os.path.join(dmcrypt_key_dir, part_uuid)
-            dev = dmcrypt_map(rawdev, dmcrypt_key_path, part_uuid)
+            dmcrypt_key_path = get_dmcrypt_key_path(part_uuid, dmcrypt_key_dir, luks)
+            dev = dmcrypt_map(
+                    rawdev=rawdev,
+                    keypath=dmcrypt_key_path,
+                    _uuid=part_uuid,
+                    cryptsetup_parameters=cryptsetup_parameters,
+                    luks=luks,
+                    format_dev=False,
+                    )
 
     try:
         fstype = detect_fstype(dev=dev)
@@ -2481,11 +2503,24 @@ def main_activate_journal(args):
             # it before proceeding.
             rawdev = args.dev
             ptype = get_partition_type(rawdev)
-            if ptype not in [DMCRYPT_JOURNAL_UUID]:
+            if ptype in [DMCRYPT_JOURNAL_UUID]:
+                luks = False
+                cryptsetup_parameters = ['--key-size', '256']
+            elif ptype in [DMCRYPT_LUKS_JOURNAL_UUID]:
+                luks = True
+                cryptsetup_parameters = []
+            else:
                 raise Error('activate-journal --dmcrypt called for invalid dev %s' % (rawdev))
             part_uuid = get_partition_uuid(rawdev)
-            dmcrypt_key_path = os.path.join(args.dmcrypt_key_dir, part_uuid)
-            dev = dmcrypt_map(rawdev, dmcrypt_key_path, part_uuid)
+            dmcrypt_key_path = get_dmcrypt_key_path(part_uuid, args.dmcrypt_key_dir, luks)
+            dev = dmcrypt_map(
+                    rawdev=rawdev,
+                    keypath=dmcrypt_key_path,
+                    _uuid=part_uuid,
+                    cryptsetup_parameters=cryptsetup_parameters,
+                    luks=luks,
+                    format_dev=False,
+                    )
         else:
             dev = args.dev