2022-03-08 10:45:56 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"io/fs"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"path/filepath"
|
2023-02-01 23:28:36 +00:00
|
|
|
"sort"
|
2022-03-08 10:45:56 +00:00
|
|
|
"strconv"
|
2024-11-04 15:18:53 +00:00
|
|
|
"syscall"
|
2022-03-08 10:45:56 +00:00
|
|
|
|
2024-11-04 15:18:53 +00:00
|
|
|
udev "github.com/jochenvg/go-udev"
|
2024-01-20 15:41:54 +00:00
|
|
|
"github.com/rs/zerolog/log"
|
|
|
|
|
2022-04-04 08:29:28 +00:00
|
|
|
config "novit.tech/direktil/pkg/bootstrapconfig"
|
2024-01-20 15:41:54 +00:00
|
|
|
|
|
|
|
"novit.tech/direktil/initrd/lvm"
|
2022-03-08 10:45:56 +00:00
|
|
|
)
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
func sortedKeys[T any](m map[string]T) (keys []string) {
|
|
|
|
keys = make([]string, 0, len(m))
|
|
|
|
for k := range m {
|
|
|
|
keys = append(keys, k)
|
|
|
|
}
|
|
|
|
sort.Strings(keys)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-03-08 10:45:56 +00:00
|
|
|
func setupLVM(cfg *config.Config) {
|
|
|
|
if len(cfg.LVM) == 0 {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msg("no LVM VG configured.")
|
2022-03-08 10:45:56 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
// [dev] = filesystem
|
|
|
|
// eg: [/dev/sda1] = ext4
|
|
|
|
createdDevs := map[string]string{}
|
|
|
|
|
2022-03-08 10:45:56 +00:00
|
|
|
run("pvscan")
|
|
|
|
run("vgscan", "--mknodes")
|
|
|
|
|
|
|
|
for _, vg := range cfg.LVM {
|
|
|
|
setupVG(vg)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, vg := range cfg.LVM {
|
2023-02-01 23:28:36 +00:00
|
|
|
setupLVs(vg, createdDevs)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
run("vgchange", "--sysinit", "-a", "ly")
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
setupCrypt(cfg.Crypt, createdDevs)
|
|
|
|
|
|
|
|
devs := make([]string, 0, len(createdDevs))
|
|
|
|
for k := range createdDevs {
|
|
|
|
devs = append(devs, k)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
2023-02-01 23:28:36 +00:00
|
|
|
sort.Strings(devs)
|
2022-03-08 10:45:56 +00:00
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
for _, dev := range devs {
|
|
|
|
setupFS(dev, createdDevs[dev])
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func setupVG(vg config.LvmVG) {
|
|
|
|
pvs := lvm.PVSReport{}
|
|
|
|
err := runJSON(&pvs, "pvs", "--reportformat", "json")
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to list LVM PVs: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
vgExists := false
|
|
|
|
devNeeded := vg.PVs.N
|
|
|
|
for _, pv := range pvs.PVs() {
|
|
|
|
if pv.VGName == vg.VG {
|
|
|
|
vgExists = true
|
|
|
|
devNeeded--
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log := log.With().Str("vg", vg.VG).Logger()
|
|
|
|
|
2022-03-08 10:45:56 +00:00
|
|
|
if devNeeded <= 0 {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msg("LVM VG has all its devices")
|
2022-03-08 10:45:56 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if vgExists {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msgf("LVM VG misses %d devices", devNeeded)
|
2022-03-08 10:45:56 +00:00
|
|
|
} else {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msg("LVM VG does not exists, creating")
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
|
2024-11-04 15:18:53 +00:00
|
|
|
devNames := make([]NameAliases, 0)
|
|
|
|
{
|
|
|
|
devRefs := map[uint64]*NameAliases{}
|
|
|
|
|
|
|
|
enum := new(udev.Udev).NewEnumerate()
|
|
|
|
enum.AddMatchSubsystem("block")
|
|
|
|
|
|
|
|
devs, err := enum.Devices()
|
|
|
|
if err != nil {
|
|
|
|
fatal("udev enumeration failed")
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
|
2024-11-04 15:18:53 +00:00
|
|
|
for _, dev := range devs {
|
|
|
|
num := dev.Devnum()
|
|
|
|
|
|
|
|
n := dev.PropertyValue("DEVNAME")
|
|
|
|
idx := len(devNames)
|
|
|
|
devNames = append(devNames, nameAlias(n))
|
|
|
|
|
|
|
|
ref := uint64(num.Major())<<8 | uint64(num.Minor())
|
|
|
|
devRefs[ref] = &devNames[idx]
|
|
|
|
}
|
|
|
|
|
|
|
|
err = filepath.Walk("/dev", func(n string, fi fs.FileInfo, err error) error {
|
|
|
|
if fi.Mode().Type() == os.ModeDevice {
|
|
|
|
stat := fi.Sys().(*syscall.Stat_t)
|
|
|
|
ref := stat.Rdev
|
|
|
|
if na := devRefs[ref]; na != nil {
|
|
|
|
na.AddAlias(n)
|
|
|
|
}
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
2024-11-04 15:18:53 +00:00
|
|
|
return err
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to walk /dev: %v", err)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
2024-11-04 15:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, dev := range devNames {
|
|
|
|
log.Info().Str("name", dev.Name).Any("aliases", dev.Aliases).Msg("found block device")
|
|
|
|
}
|
2022-03-08 10:45:56 +00:00
|
|
|
|
|
|
|
m := regexpSelectN(vg.PVs.N, vg.PVs.Regexps, devNames)
|
|
|
|
if len(m) == 0 {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Error().Strs("regexps", vg.PVs.Regexps).Msg("no device match the regexps")
|
2022-03-08 10:45:56 +00:00
|
|
|
fatalf("failed to setup VG %s", vg.VG)
|
|
|
|
}
|
|
|
|
|
|
|
|
if vgExists {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Strs("devices", m).Msg("LVM VG: extending")
|
2022-03-08 10:45:56 +00:00
|
|
|
run("vgextend", append([]string{vg.VG}, m...)...)
|
|
|
|
devNeeded -= len(m)
|
|
|
|
} else {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Strs("devices", m).Msg("LVM VG: creating")
|
2022-03-08 10:45:56 +00:00
|
|
|
run("vgcreate", append([]string{vg.VG}, m...)...)
|
|
|
|
devNeeded -= len(m)
|
|
|
|
}
|
|
|
|
|
|
|
|
if devNeeded > 0 {
|
|
|
|
fatalf("VG %s does not have enough devices (%d missing)", vg.VG, devNeeded)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
func setupLVs(vg config.LvmVG, createdDevs map[string]string) {
|
2022-03-08 10:45:56 +00:00
|
|
|
lvsRep := lvm.LVSReport{}
|
|
|
|
err := runJSON(&lvsRep, "lvs", "--reportformat", "json")
|
|
|
|
if err != nil {
|
|
|
|
fatalf("lvs failed: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
lvs := lvsRep.LVs()
|
|
|
|
|
|
|
|
defaults := vg.Defaults
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
for idx, lv := range vg.LVs {
|
|
|
|
log := log.With().Str("vg", vg.VG).Str("lv", lv.Name).Logger()
|
2022-03-08 10:45:56 +00:00
|
|
|
|
|
|
|
if contains(lvs, func(v lvm.LV) bool {
|
|
|
|
return v.VGName == vg.VG && v.Name == lv.Name
|
|
|
|
}) {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msg("LV exists")
|
2022-03-08 10:45:56 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Msg("LV does not exist")
|
2022-03-08 10:45:56 +00:00
|
|
|
|
|
|
|
if lv.Raid == nil {
|
|
|
|
lv.Raid = defaults.Raid
|
|
|
|
}
|
|
|
|
|
|
|
|
args := make([]string, 0)
|
|
|
|
|
|
|
|
if lv.Name == "" {
|
2024-01-20 15:41:54 +00:00
|
|
|
fatalf("LV[%d] has no name", idx)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
args = append(args, vg.VG, "--name", lv.Name)
|
|
|
|
|
|
|
|
if lv.Size != "" && lv.Extents != "" {
|
|
|
|
fatalf("LV has both size and extents defined!")
|
|
|
|
} else if lv.Size == "" && lv.Extents == "" {
|
|
|
|
fatalf("LV does not have size or extents defined!")
|
|
|
|
} else if lv.Size != "" {
|
|
|
|
args = append(args, "-L", lv.Size)
|
|
|
|
} else /* if lv.Extents != "" */ {
|
|
|
|
args = append(args, "-l", lv.Extents)
|
|
|
|
}
|
|
|
|
|
|
|
|
if raid := lv.Raid; raid != nil {
|
|
|
|
if raid.Mirrors != 0 {
|
|
|
|
args = append(args, "--mirrors", strconv.Itoa(raid.Mirrors))
|
|
|
|
}
|
|
|
|
if raid.Stripes != 0 {
|
|
|
|
args = append(args, "--stripes", strconv.Itoa(raid.Stripes))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Strs("args", args).Msg("LV: creating")
|
2022-03-08 10:45:56 +00:00
|
|
|
run("lvcreate", args...)
|
|
|
|
|
|
|
|
dev := "/dev/" + vg.VG + "/" + lv.Name
|
|
|
|
zeroDevStart(dev)
|
2023-02-01 23:28:36 +00:00
|
|
|
|
|
|
|
fs := lv.FS
|
|
|
|
if fs == "" {
|
|
|
|
fs = vg.Defaults.FS
|
|
|
|
}
|
|
|
|
createdDevs[dev] = fs
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func zeroDevStart(dev string) {
|
|
|
|
f, err := os.OpenFile(dev, os.O_WRONLY, 0600)
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to open %s: %v", dev, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
_, err = f.Write(make([]byte, 8192))
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to zero the beginning of %s: %v", dev, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-17 12:48:18 +00:00
|
|
|
var cryptDevs = map[string]bool{}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
func setupCrypt(devSpecs []config.CryptDev, createdDevs map[string]string) {
|
2022-03-08 10:45:56 +00:00
|
|
|
var password []byte
|
|
|
|
passwordVerified := false
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
// flat, expanded devices to open
|
|
|
|
devNames := make([]config.CryptDev, 0, len(devSpecs))
|
|
|
|
|
|
|
|
for _, devSpec := range devSpecs {
|
|
|
|
if devSpec.Dev == "" && devSpec.Prefix == "" {
|
|
|
|
fatalf("crypt: name %q: no dev or match set", devSpec.Name)
|
|
|
|
}
|
|
|
|
if devSpec.Dev != "" && devSpec.Prefix != "" {
|
|
|
|
fatalf("crypt: name %q: both dev (%q) and match (%q) are set", devSpec.Name, devSpec.Dev, devSpec.Prefix)
|
|
|
|
}
|
|
|
|
|
|
|
|
if devSpec.Dev != "" {
|
|
|
|
// already flat
|
|
|
|
devNames = append(devNames, devSpec)
|
2022-03-08 10:45:56 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
matches, err := filepath.Glob(devSpec.Prefix + "*")
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to search for device matches: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, m := range matches {
|
|
|
|
suffix := m[len(devSpec.Prefix):]
|
|
|
|
|
|
|
|
devNames = append(devNames, config.CryptDev{Dev: m, Name: devSpec.Name + suffix})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, devName := range devNames {
|
|
|
|
name, dev := devName.Name, devName.Dev
|
|
|
|
|
|
|
|
if name == "" {
|
|
|
|
name = filepath.Base(dev)
|
|
|
|
}
|
|
|
|
|
|
|
|
if cryptDevs[name] {
|
|
|
|
fatalf("duplicate crypt device name: %s", name)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
2023-02-01 23:28:36 +00:00
|
|
|
cryptDevs[name] = true
|
2022-03-08 10:45:56 +00:00
|
|
|
|
|
|
|
retryOpen:
|
|
|
|
if len(password) == 0 {
|
|
|
|
password = askSecret("crypt password")
|
|
|
|
|
|
|
|
if len(password) == 0 {
|
|
|
|
fatalf("empty password given")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
fs := createdDevs[dev]
|
|
|
|
delete(createdDevs, dev)
|
|
|
|
|
|
|
|
tgtDev := "/dev/mapper/" + name
|
2022-03-08 10:45:56 +00:00
|
|
|
|
|
|
|
needFormat := !devInitialized(dev)
|
|
|
|
if needFormat {
|
|
|
|
if !passwordVerified {
|
|
|
|
retry:
|
|
|
|
p2 := askSecret("verify crypt password")
|
|
|
|
|
|
|
|
eq := bytes.Equal(password, p2)
|
|
|
|
|
|
|
|
for i := range p2 {
|
|
|
|
p2[i] = 0
|
|
|
|
}
|
|
|
|
|
|
|
|
if !eq {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Error().Msg("passwords don't match")
|
2022-03-08 10:45:56 +00:00
|
|
|
goto retry
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Str("dev", dev).Msg("formatting encrypted device")
|
2022-03-08 10:45:56 +00:00
|
|
|
cmd := exec.Command("cryptsetup", "luksFormat", dev, "--key-file=-")
|
|
|
|
cmd.Stdin = bytes.NewBuffer(password)
|
|
|
|
cmd.Stdout = stdout
|
|
|
|
cmd.Stderr = stderr
|
|
|
|
err := cmd.Run()
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed luksFormat: %v", err)
|
|
|
|
}
|
2023-02-01 23:28:36 +00:00
|
|
|
|
|
|
|
createdDevs[tgtDev] = fs
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(password) == 0 {
|
|
|
|
password = askSecret("crypt password")
|
|
|
|
|
|
|
|
if len(password) == 0 {
|
|
|
|
fatalf("empty password given")
|
|
|
|
}
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Str("name", name).Str("dev", dev).Msg("openning encrypted device")
|
2023-02-01 23:28:36 +00:00
|
|
|
cmd := exec.Command("cryptsetup", "open", dev, name, "--key-file=-")
|
2022-03-08 10:45:56 +00:00
|
|
|
cmd.Stdin = bytes.NewBuffer(password)
|
|
|
|
cmd.Stdout = stdout
|
|
|
|
cmd.Stderr = stderr
|
|
|
|
err := cmd.Run()
|
|
|
|
if err != nil {
|
|
|
|
// maybe the password is wrong
|
|
|
|
for i := range password {
|
|
|
|
password[i] = 0
|
|
|
|
}
|
|
|
|
password = password[:0]
|
|
|
|
passwordVerified = false
|
|
|
|
goto retryOpen
|
|
|
|
}
|
|
|
|
|
|
|
|
if needFormat {
|
2023-02-01 23:28:36 +00:00
|
|
|
zeroDevStart(tgtDev)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
passwordVerified = true
|
|
|
|
}
|
|
|
|
|
|
|
|
for i := range password {
|
|
|
|
password[i] = 0
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func devInitialized(dev string) bool {
|
|
|
|
f, err := os.Open(dev)
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to open %s: %v", dev, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
ba := make([]byte, 8192)
|
|
|
|
_, err = f.Read(ba)
|
|
|
|
if err != nil {
|
|
|
|
fatalf("failed to read %s: %v", dev, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, b := range ba {
|
|
|
|
if b != 0 {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
func setupFS(dev, fs string) {
|
|
|
|
if devInitialized(dev) {
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Str("dev", dev).Msg("device already formatted")
|
2023-02-01 23:28:36 +00:00
|
|
|
return
|
|
|
|
}
|
2022-03-08 10:45:56 +00:00
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
if fs == "" {
|
|
|
|
fs = "ext4"
|
|
|
|
}
|
2022-03-08 10:45:56 +00:00
|
|
|
|
2024-01-20 15:41:54 +00:00
|
|
|
log.Info().Str("dev", dev).Str("fs", fs).Msg("formatting device")
|
2023-02-01 23:28:36 +00:00
|
|
|
args := make([]string, 0)
|
2022-03-08 10:45:56 +00:00
|
|
|
|
2023-02-01 23:28:36 +00:00
|
|
|
switch fs {
|
|
|
|
case "btrfs":
|
|
|
|
args = append(args, "-f")
|
|
|
|
case "ext4":
|
|
|
|
args = append(args, "-F")
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|
2023-02-01 23:28:36 +00:00
|
|
|
|
|
|
|
run("mkfs."+fs, append(args, dev)...)
|
2022-03-08 10:45:56 +00:00
|
|
|
}
|