rbd: log stdError for cryptosetup command

If we hit any error while running the cryptosetup commands we are logging only the error message. with only error message it is difficult to analyze the problem, logging the stdError will help us to check what is the problem. updates: #2610 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-12-18 02:50:30 +00:00 · 2021-11-08 13:26:23 +05:30 · 2021-11-08 13:26:23 +05:30 · 0f0cda49a7
commit 0f0cda49a7
parent 7e22180125
2 changed files with 34 additions and 27 deletions
--- a/internal/util/crypto.go
+++ b/internal/util/crypto.go
@ -196,20 +196,21 @@ func VolumeMapper(volumeID string) (mapperFile, mapperFilePath string) {

 // EncryptVolume encrypts provided device with LUKS.
 func EncryptVolume(ctx context.Context, devicePath, passphrase string) error {
-	log.DebugLog(ctx, "Encrypting device %s with LUKS", devicePath)
-	if _, _, err := LuksFormat(devicePath, passphrase); err != nil {
-		return fmt.Errorf("failed to encrypt device %s with LUKS: %w", devicePath, err)
+	log.DebugLog(ctx, "Encrypting device %q	 with LUKS", devicePath)
+	_, stdErr, err := LuksFormat(devicePath, passphrase)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to encrypt device %q with LUKS (%v): %s", devicePath, err, stdErr)
 	}

-	return nil
+	return err
 }

 // OpenEncryptedVolume opens volume so that it can be used by the client.
 func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase string) error {
-	log.DebugLog(ctx, "Opening device %s with LUKS on %s", devicePath, mapperFile)
-	_, stderr, err := LuksOpen(devicePath, mapperFile, passphrase)
-	if err != nil {
-		log.ErrorLog(ctx, "failed to open LUKS device %q: %s", devicePath, stderr)
+	log.DebugLog(ctx, "Opening device %q with LUKS on %q", devicePath, mapperFile)
+	_, stdErr, err := LuksOpen(devicePath, mapperFile, passphrase)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to open device %q (%v): %s", devicePath, err, stdErr)
 	}

 	return err
@ -217,10 +218,10 @@ func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase

 // ResizeEncryptedVolume resizes encrypted volume so that it can be used by the client.
 func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {
-	log.DebugLog(ctx, "Resizing LUKS device %s", mapperFile)
-	_, stderr, err := LuksResize(mapperFile)
-	if err != nil {
-		log.ErrorLog(ctx, "failed to resize LUKS device %s: %s", mapperFile, stderr)
+	log.DebugLog(ctx, "Resizing LUKS device %q", mapperFile)
+	_, stdErr, err := LuksResize(mapperFile)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to resize LUKS device %q (%v): %s", mapperFile, err, stdErr)
 	}

 	return err
@ -228,8 +229,11 @@ func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {

 // CloseEncryptedVolume closes encrypted volume so it can be detached.
 func CloseEncryptedVolume(ctx context.Context, mapperFile string) error {
-	log.DebugLog(ctx, "Closing LUKS device %s", mapperFile)
-	_, _, err := LuksClose(mapperFile)
+	log.DebugLog(ctx, "Closing LUKS device %q", mapperFile)
+	_, stdErr, err := LuksClose(mapperFile)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to close LUKS device %q (%v): %s", mapperFile, err, stdErr)
+	}

 	return err
 }
@ -249,13 +253,13 @@ func DeviceEncryptionStatus(ctx context.Context, devicePath string) (mappedDevic
 		return devicePath, "", nil
 	}
 	mapPath := strings.TrimPrefix(devicePath, mapperFilePathPrefix+"/")
-	stdout, _, err := LuksStatus(mapPath)
-	if err != nil {
-		log.DebugLog(ctx, "device %s is not an active LUKS device: %v", devicePath, err)
+	stdout, stdErr, err := LuksStatus(mapPath)
+	if err != nil || stdErr != "" {
+		log.DebugLog(ctx, "%q is not an active LUKS device (%v): %s", devicePath, err, stdErr)

 		return devicePath, "", nil
 	}
-	lines := strings.Split(string(stdout), "\n")
+	lines := strings.Split(stdout, "\n")
 	if len(lines) < 1 {
 		return "", "", fmt.Errorf("device encryption status returned no stdout for %s", devicePath)
 	}
--- a/internal/util/cryptsetup.go
+++ b/internal/util/cryptsetup.go
@ -24,7 +24,7 @@ import (
 )

 // LuksFormat sets up volume as an encrypted LUKS partition.
-func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
+func LuksFormat(devicePath, passphrase string) (string, string, error) {
 	return execCryptsetupCommand(
 		&passphrase,
 		"-q",
@ -39,28 +39,28 @@ func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error
 }

 // LuksOpen opens LUKS encrypted partition and sets up a mapping.
-func LuksOpen(devicePath, mapperFile, passphrase string) (stdout, stderr []byte, err error) {
+func LuksOpen(devicePath, mapperFile, passphrase string) (string, string, error) {
 	// cryptsetup option --disable-keyring (introduced with cryptsetup v2.0.0)
 	// will be ignored with luks1
 	return execCryptsetupCommand(&passphrase, "luksOpen", devicePath, mapperFile, "--disable-keyring", "-d", "/dev/stdin")
 }

 // LuksResize resizes LUKS encrypted partition.
-func LuksResize(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksResize(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "resize", mapperFile)
 }

 // LuksClose removes existing mapping.
-func LuksClose(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksClose(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "luksClose", mapperFile)
 }

 // LuksStatus returns encryption status of a provided device.
-func LuksStatus(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksStatus(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "status", mapperFile)
 }

-func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte, err error) {
+func execCryptsetupCommand(stdin *string, args ...string) (string, string, error) {
 	var (
 		program       = "cryptsetup"
 		cmd           = exec.Command(program, args...) // #nosec:G204, commands executing not vulnerable.
@ -74,11 +74,14 @@ func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte
 	if stdin != nil {
 		cmd.Stdin = strings.NewReader(*stdin)
 	}
+	err := cmd.Run()
+	stdout := stdoutBuf.String()
+	stderr := stderrBuf.String()

-	if err := cmd.Run(); err != nil {
-		return stdoutBuf.Bytes(), stderrBuf.Bytes(), fmt.Errorf("an error (%v)"+
+	if err != nil {
+		return stdout, stderr, fmt.Errorf("an error (%v)"+
 			" occurred while running %s args: %v", err, program, sanitizedArgs)
 	}

-	return stdoutBuf.Bytes(), nil, nil
+	return stdout, stderr, err
 }