Ensure encryption-proider.yaml present in luks
Following checks and enhacement are done in this commit to handle the patching scenarios: - Added check for encryption-proider.yaml to be moved to luks volume from /etc/kubernetes directory if not present. - If encryption-proider.yaml already present in luks volume and also exists in /etc/kubernetes directory, then delete the encryption-proider.yaml file from /etc/kubernetes directory. - Remove the encryption-provider.yaml from the /opt/platform/config/${sftw_ver}/kubernetes if exists. Test Plan: PASSED: build-pkgs -c -p luks-fs-mgr PASSED: build-image PASSED: AIO-SX patch testing: Verified that the encryption-proider.yaml file is present only in luks volume. Luks service is up and running. Story: 2010873 Task: 49533 Change-Id: If0891ed5b93f538953912e22afc940c6e4742800 Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
This commit is contained in:
parent
8764fbf385
commit
90223dda23
|
@ -908,6 +908,25 @@ void luksMgrSignalHandler(int signo) {
|
||||||
exitFlag.store(true);
|
exitFlag.store(true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* ***********************************************************************
|
||||||
|
*
|
||||||
|
* Name : getSoftwareVersion
|
||||||
|
*
|
||||||
|
* Description: This function gets the current software version.
|
||||||
|
*
|
||||||
|
* ************************************************************************/
|
||||||
|
string getSoftwareVersion() {
|
||||||
|
string swVersionCmd = "grep 'SW_VERSION' /etc/build.info | "
|
||||||
|
"cut -d'=' -f2 | tr -d '\"'";
|
||||||
|
string outResult;
|
||||||
|
int rc = execCmd(swVersionCmd, outResult);
|
||||||
|
if (rc != 0) {
|
||||||
|
log("Command failed: "+ swVersionCmd + " Error code: "
|
||||||
|
+to_string(rc), LOG_ERR);
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
return outResult;
|
||||||
|
}
|
||||||
/* ***********************************************************************
|
/* ***********************************************************************
|
||||||
*
|
*
|
||||||
* Name : copyKubeProviderFile
|
* Name : copyKubeProviderFile
|
||||||
|
@ -956,24 +975,14 @@ int copyKubeProviderFile(bool isController) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the SW_Version from build.info
|
// Get the SW_Version from build.info
|
||||||
string swVersionCmd = "grep 'SW_VERSION' /etc/build.info | "
|
string softwareVersion = getSoftwareVersion();
|
||||||
"cut -d'=' -f2 | tr -d '\"'";
|
if (softwareVersion.empty()) {
|
||||||
rc = execCmd(swVersionCmd, outResult);
|
log("Could not get software version from /etc/build.info", LOG_ERR);
|
||||||
if (rc != 0) {
|
|
||||||
log("Command failed: "+ swVersionCmd + " Error code: "
|
|
||||||
+to_string(rc), LOG_ERR);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (outResult.empty()) {
|
|
||||||
log(swVersionCmd +
|
|
||||||
": Could not get software version from /etc/build.info", LOG_ERR);
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify if encryption-provider.yaml file exists.
|
// Verify if encryption-provider.yaml file exists.
|
||||||
// If exists, then move to luks volume.
|
// If exists, then move to luks volume.
|
||||||
string platformConfigPath = "/opt/platform/config/" +outResult+
|
string platformConfigPath = "/opt/platform/config/" +softwareVersion+
|
||||||
"/kubernetes/encryption-provider.yaml";
|
"/kubernetes/encryption-provider.yaml";
|
||||||
if (access(platformConfigPath.c_str(), F_OK) == 0) {
|
if (access(platformConfigPath.c_str(), F_OK) == 0) {
|
||||||
log("File: "+platformConfigPath+" exists.", LOG_INFO);
|
log("File: "+platformConfigPath+" exists.", LOG_INFO);
|
||||||
|
@ -994,15 +1003,31 @@ int copyKubeProviderFile(bool isController) {
|
||||||
// Note: access() does not detect symlink file.
|
// Note: access() does not detect symlink file.
|
||||||
string encryptionFilePath = "/etc/kubernetes/encryption-provider.yaml";
|
string encryptionFilePath = "/etc/kubernetes/encryption-provider.yaml";
|
||||||
if (access(encryptionFilePath.c_str(), F_OK) == 0) {
|
if (access(encryptionFilePath.c_str(), F_OK) == 0) {
|
||||||
string delEncryptionFileCmd = "/usr/bin/rm -f " +
|
// If encrption-provider.yaml exists in luks volume, then
|
||||||
encryptionFilePath;
|
// its already copied to luks volume from the
|
||||||
log("Delete File: "+delEncryptionFileCmd, LOG_INFO);
|
// /opt/platform/config/${sftw_ver}/kubernetes
|
||||||
rc = execCmd(delEncryptionFileCmd, outResult);
|
if (access(sourceFilePath.c_str(), F_OK) != 0) {
|
||||||
if (rc != 0) {
|
string moveEncryptFileCmd = "/usr/bin/mv " +
|
||||||
log("Command failed: " + delEncryptionFileCmd +
|
encryptionFilePath + " " + luksKubernetesDirPath;
|
||||||
" Error code: " + to_string(rc), LOG_ERR);
|
log("Move File: "+moveEncryptFileCmd, LOG_INFO);
|
||||||
return rc;
|
rc = execCmd(moveEncryptFileCmd, outResult);
|
||||||
} // Check if symlink exists at /etc/kubernetes/
|
if (rc != 0) {
|
||||||
|
log("Command failed: " + moveEncryptFileCmd +
|
||||||
|
" Error code: " + to_string(rc), LOG_ERR);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
string delEncryptionFileCmd = "/usr/bin/rm -f " +
|
||||||
|
encryptionFilePath;
|
||||||
|
log("Remove File: "+delEncryptionFileCmd, LOG_INFO);
|
||||||
|
rc = execCmd(delEncryptionFileCmd, outResult);
|
||||||
|
if (rc != 0) {
|
||||||
|
log("Command failed: " + delEncryptionFileCmd +
|
||||||
|
" Error code: " + to_string(rc), LOG_ERR);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Check if symlink exists at /etc/kubernetes/
|
||||||
} else if (isSymlink(encryptionFilePath.c_str())) {
|
} else if (isSymlink(encryptionFilePath.c_str())) {
|
||||||
log(encryptionFilePath + " already exists", LOG_INFO);
|
log(encryptionFilePath + " already exists", LOG_INFO);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -1380,6 +1405,13 @@ int initialVolCreate(string &passphrase, string &volName) {
|
||||||
* ************************************************************************/
|
* ************************************************************************/
|
||||||
void monitorLUKSVolume(bool isController, const string& volumeName) {
|
void monitorLUKSVolume(bool isController, const string& volumeName) {
|
||||||
log("Monitoring LUKS volume: " + volumeName, LOG_INFO);
|
log("Monitoring LUKS volume: " + volumeName, LOG_INFO);
|
||||||
|
string softwareVersion = getSoftwareVersion();
|
||||||
|
if (softwareVersion.empty()) {
|
||||||
|
log("Could not get software version from /etc/build.info", LOG_ERR);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
string platformConfigPath = "/opt/platform/config/"
|
||||||
|
+softwareVersion+"/kubernetes/encryption-provider.yaml";
|
||||||
while (!exitFlag.load()) {
|
while (!exitFlag.load()) {
|
||||||
string statusCommand = "cryptsetup status " + volumeName +
|
string statusCommand = "cryptsetup status " + volumeName +
|
||||||
" 2>/dev/null";
|
" 2>/dev/null";
|
||||||
|
@ -1391,6 +1423,22 @@ void monitorLUKSVolume(bool isController, const string& volumeName) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (isController == true) {
|
if (isController == true) {
|
||||||
|
// encyption-provider.yaml should only be present in luks volume,
|
||||||
|
// incase if it is present in
|
||||||
|
// /opt/platform/config/${sftw_ver}/kubernetes, then delete it
|
||||||
|
if (access(platformConfigPath.c_str(), F_OK) == 0) {
|
||||||
|
string outResult;
|
||||||
|
string delEncryptionFileCmd = "/usr/bin/rm -f " +
|
||||||
|
platformConfigPath;
|
||||||
|
log("Delete File: "+delEncryptionFileCmd, LOG_INFO);
|
||||||
|
int rc = execCmd(delEncryptionFileCmd, outResult);
|
||||||
|
if (rc != 0) {
|
||||||
|
// Continue in the error case, so that it can
|
||||||
|
// be tried to delete the file again.
|
||||||
|
log("Command failed: " + delEncryptionFileCmd +
|
||||||
|
" Error code: " + to_string(rc), LOG_ERR);
|
||||||
|
}
|
||||||
|
}
|
||||||
int rc = syncLuksVolumeChange(luksControllerDataPath);
|
int rc = syncLuksVolumeChange(luksControllerDataPath);
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
log("Sync failed. Error code: " + to_string(rc), LOG_ERR);
|
log("Sync failed. Error code: " + to_string(rc), LOG_ERR);
|
||||||
|
|
Loading…
Reference in New Issue