mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
rbd: log stdError for cryptosetup command
If we hit any error while running the cryptosetup commands we are logging only the error message. with only error message it is difficult to analyze the problem, logging the stdError will help us to check what is the problem. updates: #2610 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
7e22180125
commit
0f0cda49a7
@ -196,20 +196,21 @@ func VolumeMapper(volumeID string) (mapperFile, mapperFilePath string) {
|
|||||||
|
|
||||||
// EncryptVolume encrypts provided device with LUKS.
|
// EncryptVolume encrypts provided device with LUKS.
|
||||||
func EncryptVolume(ctx context.Context, devicePath, passphrase string) error {
|
func EncryptVolume(ctx context.Context, devicePath, passphrase string) error {
|
||||||
log.DebugLog(ctx, "Encrypting device %s with LUKS", devicePath)
|
log.DebugLog(ctx, "Encrypting device %q with LUKS", devicePath)
|
||||||
if _, _, err := LuksFormat(devicePath, passphrase); err != nil {
|
_, stdErr, err := LuksFormat(devicePath, passphrase)
|
||||||
return fmt.Errorf("failed to encrypt device %s with LUKS: %w", devicePath, err)
|
if err != nil || stdErr != "" {
|
||||||
|
log.ErrorLog(ctx, "failed to encrypt device %q with LUKS (%v): %s", devicePath, err, stdErr)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// OpenEncryptedVolume opens volume so that it can be used by the client.
|
// OpenEncryptedVolume opens volume so that it can be used by the client.
|
||||||
func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase string) error {
|
func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase string) error {
|
||||||
log.DebugLog(ctx, "Opening device %s with LUKS on %s", devicePath, mapperFile)
|
log.DebugLog(ctx, "Opening device %q with LUKS on %q", devicePath, mapperFile)
|
||||||
_, stderr, err := LuksOpen(devicePath, mapperFile, passphrase)
|
_, stdErr, err := LuksOpen(devicePath, mapperFile, passphrase)
|
||||||
if err != nil {
|
if err != nil || stdErr != "" {
|
||||||
log.ErrorLog(ctx, "failed to open LUKS device %q: %s", devicePath, stderr)
|
log.ErrorLog(ctx, "failed to open device %q (%v): %s", devicePath, err, stdErr)
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
@ -217,10 +218,10 @@ func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase
|
|||||||
|
|
||||||
// ResizeEncryptedVolume resizes encrypted volume so that it can be used by the client.
|
// ResizeEncryptedVolume resizes encrypted volume so that it can be used by the client.
|
||||||
func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {
|
func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {
|
||||||
log.DebugLog(ctx, "Resizing LUKS device %s", mapperFile)
|
log.DebugLog(ctx, "Resizing LUKS device %q", mapperFile)
|
||||||
_, stderr, err := LuksResize(mapperFile)
|
_, stdErr, err := LuksResize(mapperFile)
|
||||||
if err != nil {
|
if err != nil || stdErr != "" {
|
||||||
log.ErrorLog(ctx, "failed to resize LUKS device %s: %s", mapperFile, stderr)
|
log.ErrorLog(ctx, "failed to resize LUKS device %q (%v): %s", mapperFile, err, stdErr)
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
@ -228,8 +229,11 @@ func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {
|
|||||||
|
|
||||||
// CloseEncryptedVolume closes encrypted volume so it can be detached.
|
// CloseEncryptedVolume closes encrypted volume so it can be detached.
|
||||||
func CloseEncryptedVolume(ctx context.Context, mapperFile string) error {
|
func CloseEncryptedVolume(ctx context.Context, mapperFile string) error {
|
||||||
log.DebugLog(ctx, "Closing LUKS device %s", mapperFile)
|
log.DebugLog(ctx, "Closing LUKS device %q", mapperFile)
|
||||||
_, _, err := LuksClose(mapperFile)
|
_, stdErr, err := LuksClose(mapperFile)
|
||||||
|
if err != nil || stdErr != "" {
|
||||||
|
log.ErrorLog(ctx, "failed to close LUKS device %q (%v): %s", mapperFile, err, stdErr)
|
||||||
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -249,13 +253,13 @@ func DeviceEncryptionStatus(ctx context.Context, devicePath string) (mappedDevic
|
|||||||
return devicePath, "", nil
|
return devicePath, "", nil
|
||||||
}
|
}
|
||||||
mapPath := strings.TrimPrefix(devicePath, mapperFilePathPrefix+"/")
|
mapPath := strings.TrimPrefix(devicePath, mapperFilePathPrefix+"/")
|
||||||
stdout, _, err := LuksStatus(mapPath)
|
stdout, stdErr, err := LuksStatus(mapPath)
|
||||||
if err != nil {
|
if err != nil || stdErr != "" {
|
||||||
log.DebugLog(ctx, "device %s is not an active LUKS device: %v", devicePath, err)
|
log.DebugLog(ctx, "%q is not an active LUKS device (%v): %s", devicePath, err, stdErr)
|
||||||
|
|
||||||
return devicePath, "", nil
|
return devicePath, "", nil
|
||||||
}
|
}
|
||||||
lines := strings.Split(string(stdout), "\n")
|
lines := strings.Split(stdout, "\n")
|
||||||
if len(lines) < 1 {
|
if len(lines) < 1 {
|
||||||
return "", "", fmt.Errorf("device encryption status returned no stdout for %s", devicePath)
|
return "", "", fmt.Errorf("device encryption status returned no stdout for %s", devicePath)
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// LuksFormat sets up volume as an encrypted LUKS partition.
|
// LuksFormat sets up volume as an encrypted LUKS partition.
|
||||||
func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
|
func LuksFormat(devicePath, passphrase string) (string, string, error) {
|
||||||
return execCryptsetupCommand(
|
return execCryptsetupCommand(
|
||||||
&passphrase,
|
&passphrase,
|
||||||
"-q",
|
"-q",
|
||||||
@ -39,28 +39,28 @@ func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error
|
|||||||
}
|
}
|
||||||
|
|
||||||
// LuksOpen opens LUKS encrypted partition and sets up a mapping.
|
// LuksOpen opens LUKS encrypted partition and sets up a mapping.
|
||||||
func LuksOpen(devicePath, mapperFile, passphrase string) (stdout, stderr []byte, err error) {
|
func LuksOpen(devicePath, mapperFile, passphrase string) (string, string, error) {
|
||||||
// cryptsetup option --disable-keyring (introduced with cryptsetup v2.0.0)
|
// cryptsetup option --disable-keyring (introduced with cryptsetup v2.0.0)
|
||||||
// will be ignored with luks1
|
// will be ignored with luks1
|
||||||
return execCryptsetupCommand(&passphrase, "luksOpen", devicePath, mapperFile, "--disable-keyring", "-d", "/dev/stdin")
|
return execCryptsetupCommand(&passphrase, "luksOpen", devicePath, mapperFile, "--disable-keyring", "-d", "/dev/stdin")
|
||||||
}
|
}
|
||||||
|
|
||||||
// LuksResize resizes LUKS encrypted partition.
|
// LuksResize resizes LUKS encrypted partition.
|
||||||
func LuksResize(mapperFile string) (stdout, stderr []byte, err error) {
|
func LuksResize(mapperFile string) (string, string, error) {
|
||||||
return execCryptsetupCommand(nil, "resize", mapperFile)
|
return execCryptsetupCommand(nil, "resize", mapperFile)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LuksClose removes existing mapping.
|
// LuksClose removes existing mapping.
|
||||||
func LuksClose(mapperFile string) (stdout, stderr []byte, err error) {
|
func LuksClose(mapperFile string) (string, string, error) {
|
||||||
return execCryptsetupCommand(nil, "luksClose", mapperFile)
|
return execCryptsetupCommand(nil, "luksClose", mapperFile)
|
||||||
}
|
}
|
||||||
|
|
||||||
// LuksStatus returns encryption status of a provided device.
|
// LuksStatus returns encryption status of a provided device.
|
||||||
func LuksStatus(mapperFile string) (stdout, stderr []byte, err error) {
|
func LuksStatus(mapperFile string) (string, string, error) {
|
||||||
return execCryptsetupCommand(nil, "status", mapperFile)
|
return execCryptsetupCommand(nil, "status", mapperFile)
|
||||||
}
|
}
|
||||||
|
|
||||||
func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte, err error) {
|
func execCryptsetupCommand(stdin *string, args ...string) (string, string, error) {
|
||||||
var (
|
var (
|
||||||
program = "cryptsetup"
|
program = "cryptsetup"
|
||||||
cmd = exec.Command(program, args...) // #nosec:G204, commands executing not vulnerable.
|
cmd = exec.Command(program, args...) // #nosec:G204, commands executing not vulnerable.
|
||||||
@ -74,11 +74,14 @@ func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte
|
|||||||
if stdin != nil {
|
if stdin != nil {
|
||||||
cmd.Stdin = strings.NewReader(*stdin)
|
cmd.Stdin = strings.NewReader(*stdin)
|
||||||
}
|
}
|
||||||
|
err := cmd.Run()
|
||||||
|
stdout := stdoutBuf.String()
|
||||||
|
stderr := stderrBuf.String()
|
||||||
|
|
||||||
if err := cmd.Run(); err != nil {
|
if err != nil {
|
||||||
return stdoutBuf.Bytes(), stderrBuf.Bytes(), fmt.Errorf("an error (%v)"+
|
return stdout, stderr, fmt.Errorf("an error (%v)"+
|
||||||
" occurred while running %s args: %v", err, program, sanitizedArgs)
|
" occurred while running %s args: %v", err, program, sanitizedArgs)
|
||||||
}
|
}
|
||||||
|
|
||||||
return stdoutBuf.Bytes(), nil, nil
|
return stdout, stderr, err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user