Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
ceph.2107
0020-ceph-disk-map-dmcrypt-devices-prior.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0020-ceph-disk-map-dmcrypt-devices-prior.patch of Package ceph.2107
From: David Disseldorp <ddiss@suse.de> Date: Tue, 12 May 2015 17:07:30 +0200 Subject: [PATCH] ceph-disk: map dmcrypt devices prior to activation Support mapping of dmcrypt devices during activation via the new ceph-disk activate[-journal] --dmcrypt and --dmcrypt-key-dir parameters. Signed-off-by: David Disseldorp <ddiss@suse.de> (cherry picked from commit 29431944c77adbc3464a8faeb7e052b24f821780) --- src/ceph-disk | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/src/ceph-disk b/src/ceph-disk index 42f33b9..7da31f1 100755 --- a/src/ceph-disk +++ b/src/ceph-disk @@ -43,6 +43,7 @@ Prepare: - triggered by administrator or ceph-deploy, e.g. 'ceph-disk <data disk> [journal disk] Activate: + - if encrypted, map the dmcrypt volume - mount the volume in a temp location - allocate an osd id (if needed) - remount in the correct location /var/lib/ceph/osd/$cluster-$id @@ -1945,8 +1946,21 @@ def mount_activate( dev, activate_key_template, init, + dmcrypt, + dmcrypt_key_dir, ): + if dmcrypt: + # dev corresponds to a dmcrypt cyphertext device - map it before + # proceeding. + rawdev = dev + ptype = get_partition_type(rawdev) + if ptype not in [DMCRYPT_OSD_UUID]: + raise Error('activate --dmcrypt called for invalid dev %s' % (dev)) + part_uuid = get_partition_uuid(rawdev) + dmcrypt_key_path = os.path.join(dmcrypt_key_dir, part_uuid) + dev = dmcrypt_map(rawdev, dmcrypt_key_path, part_uuid) + try: fstype = detect_fstype(dev=dev) except (subprocess.CalledProcessError, @@ -2206,6 +2220,8 @@ def main_activate(args): dev=args.path, activate_key_template=args.activate_key_template, init=args.mark_init, + dmcrypt=args.dmcrypt, + dmcrypt_key_dir=args.dmcrypt_key_dir, ) elif stat.S_ISDIR(mode): @@ -2278,15 +2294,34 @@ def main_activate_journal(args): cluster = None osd_id = None osd_uuid = None + dev = None activate_lock.acquire() # noqa try: - osd_uuid = get_journal_osd_uuid(args.dev) + if args.dmcrypt: + # journal dev corresponds to a dmcrypt cyphertext device - map + # it before proceeding. + rawdev = args.dev + ptype = get_partition_type(rawdev) + if ptype not in [DMCRYPT_JOURNAL_UUID]: + raise Error('activate-journal --dmcrypt called for invalid dev %s' % (rawdev)) + part_uuid = get_partition_uuid(rawdev) + dmcrypt_key_path = os.path.join(args.dmcrypt_key_dir, part_uuid) + dev = dmcrypt_map(rawdev, dmcrypt_key_path, partd_uuid) + else: + dev = args.dev + + # FIXME: For an encrypted journal dev, does this return the cyphertext + # or plaintext dev uuid!? Also, if the journal is encrypted, is the data + # partition also always encrypted, or are mixed pairs supported!? + osd_uuid = get_journal_osd_uuid(dev) path = os.path.join('/dev/disk/by-partuuid/', osd_uuid.lower()) (cluster, osd_id) = mount_activate( dev=path, activate_key_template=args.activate_key_template, init=args.mark_init, + dmcrypt=args.dmcrypt, + dmcrypt_key_dir=args.dmcrypt_key_dir, ) start_daemon( @@ -2322,10 +2357,13 @@ def main_activate_all(args): LOG.info('Activating %s', path) activate_lock.acquire() # noqa try: + # never map dmcrypt cyphertext devices (cluster, osd_id) = mount_activate( dev=path, activate_key_template=args.activate_key_template, init=args.mark_init, + dmcrypt=False, + dmcrypt_key_dir='', ) start_daemon( cluster=cluster, @@ -2874,6 +2912,17 @@ def parse_args(): nargs='?', help='path to block device or directory', ) + activate_parser.add_argument( + '--dmcrypt', + action='store_true', default=None, + help='map DATA and/or JOURNAL devices with dm-crypt', + ) + activate_parser.add_argument( + '--dmcrypt-key-dir', + metavar='KEYDIR', + default='/etc/ceph/dmcrypt-keys', + help='directory where dm-crypt keys are stored', + ) activate_parser.set_defaults( activate_key_template='{statedir}/bootstrap-osd/{cluster}.keyring', func=main_activate, @@ -2898,6 +2947,17 @@ def parse_args(): default='auto', choices=INIT_SYSTEMS, ) + activate_journal_parser.add_argument( + '--dmcrypt', + action='store_true', default=None, + help='map DATA and/or JOURNAL devices with dm-crypt', + ) + activate_journal_parser.add_argument( + '--dmcrypt-key-dir', + metavar='KEYDIR', + default='/etc/ceph/dmcrypt-keys', + help='directory where dm-crypt keys are stored', + ) activate_journal_parser.set_defaults( activate_key_template='{statedir}/bootstrap-osd/{cluster}.keyring', func=main_activate_journal,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor