diff options
| author | Lars Wirzenius <liw@liw.fi> | 2022-01-01 10:36:58 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2022-01-01 10:36:58 +0200 |
| commit | 18572583219acbcb78a95a7ddb0878206abdd590 (patch) | |
| tree | f705d10539a7f9a06f611adaef96eb6ee863a4a8 | |
| parent | d9956b88d68d881113bed48987e0f143f508be7a (diff) | |
| download | vmdb2-18572583219acbcb78a95a7ddb0878206abdd590.tar.gz | |
feat: cryptsetup step
Sponsored-by: author
| -rw-r--r-- | vmdb/plugins/cryptsetup.mdwn | 18 | ||||
| -rw-r--r-- | vmdb/plugins/cryptsetup_plugin.py | 46 |
2 files changed, 64 insertions, 0 deletions
diff --git a/vmdb/plugins/cryptsetup.mdwn b/vmdb/plugins/cryptsetup.mdwn new file mode 100644 index 0000000..f438e4f --- /dev/null +++ b/vmdb/plugins/cryptsetup.mdwn @@ -0,0 +1,18 @@ +Step: cryptsetup +----------------------------------------------------------------------------- + +Use cryptsetup to set up encryption of a block device. + +Step keys: + +* `cryptsetup` — REQUIRED; tag of block device + +* `password` — REQUIRED; the encryption password + +* `name` — REQUIRED; name of the encrypted device when opened + +Example (in the .vmdb file): + + - cryptsetup: cleartext_pv0 + password: hunter2 + name: pv0 diff --git a/vmdb/plugins/cryptsetup_plugin.py b/vmdb/plugins/cryptsetup_plugin.py new file mode 100644 index 0000000..12d5c22 --- /dev/null +++ b/vmdb/plugins/cryptsetup_plugin.py @@ -0,0 +1,46 @@ +# Copyright 2022 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# =*= License: GPL-3+ =*= + + +import os +import shutil +import tempfile + +import vmdb + + +class CryptsetupPlugin(vmdb.Plugin): + def enable(self): + self.app.step_runners.add(CryptsetupStepRunner()) + + +class CryptsetupStepRunner(vmdb.StepRunnerInterface): + def get_key_spec(self): + return {"cryptsetup": str, "password": str, "name": str} + + def run(self, step, settings, state): + cleartext_tag = step["cryptsetup"] + password = step["password"] + name = step["name"] + + device = state.tags.get_dev(cleartext_tag) + tmp = tempfile.mkdtemp() + key = os.path.join(tmp, "key") + with open(key, "w") as f: + f.write(password) + vmdb.runcmd(["cleartext", "luksFormat", device, key]) + shutil.rmtree(tmp) |