filesystem: create zpool with encryption info
This commit is contained in:
parent
1b00eb5616
commit
a8c1143eee
|
@ -20,6 +20,7 @@ from curtin.block import get_resize_fstypes
|
||||||
from subiquity.common.filesystem import boot, gaps
|
from subiquity.common.filesystem import boot, gaps
|
||||||
from subiquity.common.types import Bootloader
|
from subiquity.common.types import Bootloader
|
||||||
from subiquity.models.filesystem import Partition, align_up
|
from subiquity.models.filesystem import Partition, align_up
|
||||||
|
from subiquitycore.utils import write_named_tempfile
|
||||||
|
|
||||||
log = logging.getLogger("subiquity.common.filesystem.manipulator")
|
log = logging.getLogger("subiquity.common.filesystem.manipulator")
|
||||||
|
|
||||||
|
@ -188,7 +189,16 @@ class FilesystemManipulator:
|
||||||
self.create_filesystem(dmc, dict(fstype="swap"))
|
self.create_filesystem(dmc, dict(fstype="swap"))
|
||||||
return dmc
|
return dmc
|
||||||
|
|
||||||
def create_zpool(self, device, pool, mountpoint, boot=False, canmount="on"):
|
def create_zpool(
|
||||||
|
self,
|
||||||
|
device,
|
||||||
|
pool,
|
||||||
|
mountpoint,
|
||||||
|
boot=False,
|
||||||
|
canmount="on",
|
||||||
|
encryption_style=None,
|
||||||
|
key=None,
|
||||||
|
):
|
||||||
fs_properties = dict(
|
fs_properties = dict(
|
||||||
atime=None,
|
atime=None,
|
||||||
acltype="posixacl",
|
acltype="posixacl",
|
||||||
|
@ -201,6 +211,10 @@ class FilesystemManipulator:
|
||||||
xattr="sa",
|
xattr="sa",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
keyfile = None
|
||||||
|
if key is not None:
|
||||||
|
keyfile = write_named_tempfile("zpool-key-", key)
|
||||||
|
|
||||||
pool_properties = dict(ashift=12, autotrim="on", version=None)
|
pool_properties = dict(ashift=12, autotrim="on", version=None)
|
||||||
default_features = True
|
default_features = True
|
||||||
if boot:
|
if boot:
|
||||||
|
@ -217,6 +231,8 @@ class FilesystemManipulator:
|
||||||
default_features=default_features,
|
default_features=default_features,
|
||||||
fs_properties=fs_properties,
|
fs_properties=fs_properties,
|
||||||
pool_properties=pool_properties,
|
pool_properties=pool_properties,
|
||||||
|
encryption_style=encryption_style,
|
||||||
|
keyfile=keyfile,
|
||||||
)
|
)
|
||||||
|
|
||||||
def delete(self, obj):
|
def delete(self, obj):
|
||||||
|
|
|
@ -1310,6 +1310,8 @@ class ZPool:
|
||||||
fs_properties: Optional[dict] = None
|
fs_properties: Optional[dict] = None
|
||||||
|
|
||||||
default_features: Optional[bool] = True
|
default_features: Optional[bool] = True
|
||||||
|
encryption_style: Optional[str] = None
|
||||||
|
keyfile: Optional[str] = None
|
||||||
|
|
||||||
component_name = "vdev"
|
component_name = "vdev"
|
||||||
|
|
||||||
|
@ -2255,6 +2257,8 @@ class FilesystemModel:
|
||||||
default_features=True,
|
default_features=True,
|
||||||
fs_properties=None,
|
fs_properties=None,
|
||||||
pool_properties=None,
|
pool_properties=None,
|
||||||
|
encryption_style=None,
|
||||||
|
keyfile=None,
|
||||||
):
|
):
|
||||||
zpool = ZPool(
|
zpool = ZPool(
|
||||||
m=self,
|
m=self,
|
||||||
|
@ -2264,6 +2268,8 @@ class FilesystemModel:
|
||||||
default_features=default_features,
|
default_features=default_features,
|
||||||
pool_properties=pool_properties,
|
pool_properties=pool_properties,
|
||||||
fs_properties=fs_properties,
|
fs_properties=fs_properties,
|
||||||
|
encryption_style=encryption_style,
|
||||||
|
keyfile=keyfile,
|
||||||
)
|
)
|
||||||
self._actions.append(zpool)
|
self._actions.append(zpool)
|
||||||
return zpool
|
return zpool
|
||||||
|
|
|
@ -565,7 +565,9 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
||||||
bootfs_size = align_up(sizes.get_bootfs_size(gap.size), part_align)
|
bootfs_size = align_up(sizes.get_bootfs_size(gap.size), part_align)
|
||||||
gap_boot, gap_rest = gap.split(bootfs_size)
|
gap_boot, gap_rest = gap.split(bootfs_size)
|
||||||
bpart = self.create_partition(device, gap_boot, dict(fstype=None))
|
bpart = self.create_partition(device, gap_boot, dict(fstype=None))
|
||||||
encrypted = choice.password is not None
|
encryption_style = None
|
||||||
|
if encrypted := choice.password is not None:
|
||||||
|
encryption_style = "luks_keystore"
|
||||||
|
|
||||||
avail = gap_rest.size - self._info.min_size
|
avail = gap_rest.size - self._info.min_size
|
||||||
swap_size = align_down(swap.suggested_swapsize(avail=avail), part_align)
|
swap_size = align_down(swap.suggested_swapsize(avail=avail), part_align)
|
||||||
|
@ -586,7 +588,14 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
||||||
bpool.create_zfs("BOOT", canmount="off", mountpoint="none")
|
bpool.create_zfs("BOOT", canmount="off", mountpoint="none")
|
||||||
bpool.create_zfs(f"BOOT/ubuntu_{uuid}", mountpoint="/boot")
|
bpool.create_zfs(f"BOOT/ubuntu_{uuid}", mountpoint="/boot")
|
||||||
|
|
||||||
rpool = self.create_zpool(rpart, "rpool", "/", canmount="off")
|
rpool = self.create_zpool(
|
||||||
|
rpart,
|
||||||
|
"rpool",
|
||||||
|
"/",
|
||||||
|
canmount="off",
|
||||||
|
encryption_style=encryption_style,
|
||||||
|
key=choice.password,
|
||||||
|
)
|
||||||
rpool.create_zfs("ROOT", canmount="off", mountpoint="none")
|
rpool.create_zfs("ROOT", canmount="off", mountpoint="none")
|
||||||
rpool.create_zfs(f"ROOT/ubuntu_{uuid}", mountpoint="/")
|
rpool.create_zfs(f"ROOT/ubuntu_{uuid}", mountpoint="/")
|
||||||
rpool.create_zfs(f"ROOT/ubuntu_{uuid}/var", canmount="off")
|
rpool.create_zfs(f"ROOT/ubuntu_{uuid}/var", canmount="off")
|
||||||
|
|
|
@ -581,6 +581,8 @@ class TestGuided(IsolatedAsyncioTestCase):
|
||||||
[rpool] = self.model._all(type="zpool", pool="rpool")
|
[rpool] = self.model._all(type="zpool", pool="rpool")
|
||||||
self.assertIsNone(rpool.path)
|
self.assertIsNone(rpool.path)
|
||||||
self.assertEqual([root], rpool.vdevs)
|
self.assertEqual([root], rpool.vdevs)
|
||||||
|
self.assertIsNone(rpool.encryption_style)
|
||||||
|
self.assertIsNone(rpool.keyfile)
|
||||||
[bpool] = self.model._all(type="zpool", pool="bpool")
|
[bpool] = self.model._all(type="zpool", pool="bpool")
|
||||||
self.assertIsNone(bpool.path)
|
self.assertIsNone(bpool.path)
|
||||||
self.assertEqual([boot], bpool.vdevs)
|
self.assertEqual([boot], bpool.vdevs)
|
||||||
|
@ -618,6 +620,9 @@ class TestGuided(IsolatedAsyncioTestCase):
|
||||||
[rpool] = self.model._all(type="zpool", pool="rpool")
|
[rpool] = self.model._all(type="zpool", pool="rpool")
|
||||||
self.assertIsNone(rpool.path)
|
self.assertIsNone(rpool.path)
|
||||||
self.assertEqual([root], rpool.vdevs)
|
self.assertEqual([root], rpool.vdevs)
|
||||||
|
self.assertEqual("luks_keystore", rpool.encryption_style)
|
||||||
|
with open(rpool.keyfile) as fp:
|
||||||
|
self.assertEqual("passw0rd", fp.read())
|
||||||
[bpool] = self.model._all(type="zpool", pool="bpool")
|
[bpool] = self.model._all(type="zpool", pool="bpool")
|
||||||
self.assertIsNone(bpool.path)
|
self.assertIsNone(bpool.path)
|
||||||
self.assertEqual([boot], bpool.vdevs)
|
self.assertEqual([boot], bpool.vdevs)
|
||||||
|
|
Loading…
Reference in New Issue