diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-01-01 10:36:58 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-01-01 21:59:41 +0200 |
commit | 55b4931b80b5b740f595efd82dc6bf0e9aceda5b (patch) | |
tree | 60e10932ae4bed1dad60e45fbcfd71db1648f288 /vmdb/plugins/fstab_plugin.py | |
parent | d9956b88d68d881113bed48987e0f143f508be7a (diff) | |
download | vmdb2-55b4931b80b5b740f595efd82dc6bf0e9aceda5b.tar.gz |
feat: cryptsetup step
This adds a step to use cryptsetup to encrypt a block device with
LUKS, using the cryptsetup tool. A crypttab is written by the fstab
step.
Sponsored-by: author
Diffstat (limited to 'vmdb/plugins/fstab_plugin.py')
-rw-r--r-- | vmdb/plugins/fstab_plugin.py | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/vmdb/plugins/fstab_plugin.py b/vmdb/plugins/fstab_plugin.py index de21ed7..fdc358c 100644 --- a/vmdb/plugins/fstab_plugin.py +++ b/vmdb/plugins/fstab_plugin.py @@ -34,29 +34,50 @@ class FstabStepRunner(vmdb.StepRunnerInterface): chroot = state.tags.get_builder_mount_point(tag) filesystems = [] + crypts = [] for tag in state.tags.get_tags(): device = state.tags.get_dev(tag) mount_point = state.tags.get_target_mount_point(tag) + + fstype = state.tags.get_fstype(tag) + fsuuid = state.tags.get_fsuuid(tag) + luksuuid = state.tags.get_luksuuid(tag) + dm = state.tags.get_dm(tag) + if mount_point is not None: - fstype = state.tags.get_fstype(tag) - output = vmdb.runcmd( - ["blkid", "-c", "/dev/null", "-o", "value", "-s", "UUID", device] - ) - if output: - uuid = output.decode().strip() - filesystems.append( - {"uuid": uuid, "mount_point": mount_point, "fstype": fstype} - ) - else: + if fsuuid is None: raise Exception( "Unknown UUID for device {} (to be mounted on {})".format( device, mount_point ) ) + filesystems.append( + { + "uuid": fsuuid, + "mount_point": mount_point, + "fstype": fstype, + } + ) + elif luksuuid is not None and dm is not None: + crypts.append( + { + "dm": dm, + "luksuuid": luksuuid, + } + ) + fstab_path = os.path.join(chroot, "etc/fstab") line = "UUID={uuid} {mount_point} {fstype} errors=remount-ro 0 1\n" with open(fstab_path, "w") as fstab: for entry in filesystems: fstab.write(line.format(**entry)) + + vmdb.progress(f"crypts: {crypts}") + if crypts: + crypttab_path = os.path.join(chroot, "etc/crypttab") + line = "{dm} UUID={luksuuid} none luks,discard\n" + with open(crypttab_path, "w") as crypttab: + for entry in crypts: + crypttab.write(line.format(**entry)) |