| Message ID | 20221026070418.259351-3-xiubli@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | encrypt: add ceph support | expand |
On Wed, Oct 26, 2022 at 03:04:18PM +0800, xiubli@redhat.com wrote: > From: Xiubo Li <xiubli@redhat.com> > > For ceph we couldn't use the mkfs to check whether the encryption > is support or not, we need to mount it first and then check the > 'set_encpolicy', etc. > > Signed-off-by: Xiubo Li <xiubli@redhat.com> > --- > common/encrypt | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/common/encrypt b/common/encrypt > index fd620c41..e837c9de 100644 > --- a/common/encrypt > +++ b/common/encrypt > @@ -153,6 +153,23 @@ _scratch_check_encrypted() > # erase the UBI volume; reformated automatically on next mount > $UBIUPDATEVOL_PROG ${SCRATCH_DEV} -t > ;; > + ceph) > + # Try to mount the filesystem. We need to check whether the encryption > + # is support or not via the ioctl cmd, such as 'set_encpolicy'. > + if ! _try_scratch_mount &>>$seqres.full; then > + _notrun "kernel is unaware of $FSTYP encryption feature," \ > + "or mkfs options are not compatible with encryption" > + fi > + > + mkdir $SCRATCH_MNT/tmpdir > + if _set_encpolicy $SCRATCH_MNT/tmpdir 2>&1 >>$seqres.full | \ > + grep -Eq 'Inappropriate ioctl for device|Operation not supported' > + then > + _notrun "kernel does not support $FSTYP encryption" > + fi > + rmdir $SCRATCH_MNT/tmpdir > + _scratch_unmount As I replied in patch 1/2, this function is a mkfs function, if ceph need a specific mkfs way, you can do it in this function, or you even can keep it empty ceph) ;; Or does a simple cleanup ceph) _scratch_cleanup_files ... ;; I'm not familar with ceph, that depends on you. But the change in this patch is not "mkfs", it's a checking, checking if the current $SCRATCH_MNT supports encryption, you should do it in other function which does that checking job, not change a mkfs function to be a check function. Thanks, Zorro > + ;; > *) > _notrun "No encryption support for $FSTYP" > ;; > -- > 2.31.1 >
On 26/10/2022 22:12, Zorro Lang wrote: > On Wed, Oct 26, 2022 at 03:04:18PM +0800, xiubli@redhat.com wrote: >> From: Xiubo Li <xiubli@redhat.com> >> >> For ceph we couldn't use the mkfs to check whether the encryption >> is support or not, we need to mount it first and then check the >> 'set_encpolicy', etc. >> >> Signed-off-by: Xiubo Li <xiubli@redhat.com> >> --- >> common/encrypt | 17 +++++++++++++++++ >> 1 file changed, 17 insertions(+) >> >> diff --git a/common/encrypt b/common/encrypt >> index fd620c41..e837c9de 100644 >> --- a/common/encrypt >> +++ b/common/encrypt >> @@ -153,6 +153,23 @@ _scratch_check_encrypted() >> # erase the UBI volume; reformated automatically on next mount >> $UBIUPDATEVOL_PROG ${SCRATCH_DEV} -t >> ;; >> + ceph) >> + # Try to mount the filesystem. We need to check whether the encryption >> + # is support or not via the ioctl cmd, such as 'set_encpolicy'. >> + if ! _try_scratch_mount &>>$seqres.full; then >> + _notrun "kernel is unaware of $FSTYP encryption feature," \ >> + "or mkfs options are not compatible with encryption" >> + fi >> + >> + mkdir $SCRATCH_MNT/tmpdir >> + if _set_encpolicy $SCRATCH_MNT/tmpdir 2>&1 >>$seqres.full | \ >> + grep -Eq 'Inappropriate ioctl for device|Operation not supported' >> + then >> + _notrun "kernel does not support $FSTYP encryption" >> + fi >> + rmdir $SCRATCH_MNT/tmpdir >> + _scratch_unmount > As I replied in patch 1/2, this function is a mkfs function, if ceph need a > specific mkfs way, you can do it in this function, or you even can keep it > empty > > ceph) > ;; > > Or does a simple cleanup > > ceph) > _scratch_cleanup_files > ... > ;; > > I'm not familar with ceph, that depends on you. But the change in this patch is > not "mkfs", it's a checking, checking if the current $SCRATCH_MNT supports > encryption, you should do it in other function which does that checking job, not > change a mkfs function to be a check function. Sounds good. Let me check how to that. Thanks Zorro again. - Xiubo > Thanks, > Zorro > >> + ;; >> *) >> _notrun "No encryption support for $FSTYP" >> ;; >> -- >> 2.31.1 >>
diff --git a/common/encrypt b/common/encrypt index fd620c41..e837c9de 100644 --- a/common/encrypt +++ b/common/encrypt @@ -153,6 +153,23 @@ _scratch_check_encrypted() # erase the UBI volume; reformated automatically on next mount $UBIUPDATEVOL_PROG ${SCRATCH_DEV} -t ;; + ceph) + # Try to mount the filesystem. We need to check whether the encryption + # is support or not via the ioctl cmd, such as 'set_encpolicy'. + if ! _try_scratch_mount &>>$seqres.full; then + _notrun "kernel is unaware of $FSTYP encryption feature," \ + "or mkfs options are not compatible with encryption" + fi + + mkdir $SCRATCH_MNT/tmpdir + if _set_encpolicy $SCRATCH_MNT/tmpdir 2>&1 >>$seqres.full | \ + grep -Eq 'Inappropriate ioctl for device|Operation not supported' + then + _notrun "kernel does not support $FSTYP encryption" + fi + rmdir $SCRATCH_MNT/tmpdir + _scratch_unmount + ;; *) _notrun "No encryption support for $FSTYP" ;;