From fcae1458bfbb724772b604dc01b53758ec38d671 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Sun, 9 Aug 2015 17:52:32 +0200 Subject: [PATCH] ceph-disk: fix dmcrypt_map() usage for LUKS activate 29431944c77adbc3464a8faeb7e052b24f821780 added a call to dmcrypt_map() during disk activation. The change is not suitable for use alongside the recently added dmcrypt LUKS support, because: - The callers don't correctly provide cryptsetup_parameters or luks arguments. - dmcrypt_map() calls LuksFormat, which should never be performed during disk activation. - The key file paths don't carry the luks suffix when required. This commit addresses these issues. Corresponding tests and a udev file update will follow. Signed-off-by: David Disseldorp Conflicts: src/ceph-disk --- src/ceph-disk | 53 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/src/ceph-disk b/src/ceph-disk index c6c4c9bcef692..a57c3a6fb253b 100755 --- a/src/ceph-disk +++ b/src/ceph-disk @@ -996,7 +996,8 @@ def dmcrypt_map( keypath, _uuid, cryptsetup_parameters, - luks + luks, + format_dev=False, ): """ Maps a device to a dmcrypt device. @@ -1033,7 +1034,8 @@ def dmcrypt_map( try: if luks: - command_check_call(luksFormat_args) + if format_dev: + command_check_call(luksFormat_args) command_check_call(luksOpen_args) else: # Plain mode has no format function, nor any validation that the key is correct. @@ -1590,7 +1592,14 @@ def prepare_dev( dev = None if osd_dm_keypath: - dev = dmcrypt_map(rawdev, osd_dm_keypath, osd_uuid, cryptsetup_parameters, luks) + dev = dmcrypt_map( + rawdev=rawdev, + keypath=osd_dm_keypath, + _uuid=osd_uuid, + cryptsetup_parameters=cryptsetup_parameters, + luks=luks, + format_dev=True, + ) else: dev = rawdev @@ -2123,11 +2132,24 @@ def mount_activate( # proceeding. rawdev = dev ptype = get_partition_type(rawdev) - if ptype not in [DMCRYPT_OSD_UUID]: + if ptype in [DMCRYPT_OSD_UUID]: + luks = False + cryptsetup_parameters = ['--key-size', '256'] + elif ptype in [DMCRYPT_LUKS_OSD_UUID]: + luks = True + cryptsetup_parameters = [] + else: raise Error('activate --dmcrypt called for invalid dev %s' % (dev)) part_uuid = get_partition_uuid(rawdev) - dmcrypt_key_path = os.path.join(dmcrypt_key_dir, part_uuid) - dev = dmcrypt_map(rawdev, dmcrypt_key_path, part_uuid) + dmcrypt_key_path = get_dmcrypt_key_path(part_uuid, dmcrypt_key_dir, luks) + dev = dmcrypt_map( + rawdev=rawdev, + keypath=dmcrypt_key_path, + _uuid=part_uuid, + cryptsetup_parameters=cryptsetup_parameters, + luks=luks, + format_dev=False, + ) try: fstype = detect_fstype(dev=dev) @@ -2481,11 +2503,24 @@ def main_activate_journal(args): # it before proceeding. rawdev = args.dev ptype = get_partition_type(rawdev) - if ptype not in [DMCRYPT_JOURNAL_UUID]: + if ptype in [DMCRYPT_JOURNAL_UUID]: + luks = False + cryptsetup_parameters = ['--key-size', '256'] + elif ptype in [DMCRYPT_LUKS_JOURNAL_UUID]: + luks = True + cryptsetup_parameters = [] + else: raise Error('activate-journal --dmcrypt called for invalid dev %s' % (rawdev)) part_uuid = get_partition_uuid(rawdev) - dmcrypt_key_path = os.path.join(args.dmcrypt_key_dir, part_uuid) - dev = dmcrypt_map(rawdev, dmcrypt_key_path, part_uuid) + dmcrypt_key_path = get_dmcrypt_key_path(part_uuid, args.dmcrypt_key_dir, luks) + dev = dmcrypt_map( + rawdev=rawdev, + keypath=dmcrypt_key_path, + _uuid=part_uuid, + cryptsetup_parameters=cryptsetup_parameters, + luks=luks, + format_dev=False, + ) else: dev = args.dev -- 2.39.5