WebSVN – zfs_utils – Diff – /trunk/ZFS_Utils.pm



# $geliConfig - hashref containing configuration for geli
# Returns the pool name on success, empty string on error.
sub mountGeli {
   my $geliConfig = shift;
 
   logMsg( "geli config detected, attempting to mount geli disks" );
   # Can't continue at all if no pool name
   unless ( $geliConfig->{'poolname'} ) {
      logMsg "Could not find pool name in configuration file\n";
      return '';
   }
 
   # find the keyfile disk and mount it
   $geliConfig->{secureKey}->{path} = mountDriveByLabel( $geliConfig->{secureKey} );
   unless ( $geliConfig->{secureKey}->{path} ) {
      logMsg "Could not find or mount keyfile disk with label: " . $geliConfig->{secureKey}->{label};
      return '';
   }
   # create the combined geli keyfile in target location
   unless ( makeGeliKey( $geliConfig ) ) {
         logMsg "Could not create geli keyfile\n";
         return '';
      }
   # decrypt and mount the geli disks and zfs pool
 
   my $poolname = decryptAndMountGeli( $geliConfig );
   return $poolname;
                                                
}
 

## Returns the pool name on success, empty on error.
sub decryptAndMountGeli {
   my ($geliConfig) = shift;
   
   # if no list of disks provided, try to find them
   $geliConfig->{'diskList'} //= [ findGeliDisks() ];
   
   my $diskList = $geliConfig->{'diskList'};
   my $poolname = $geliConfig->{'poolname'};
   my $keyfile = $geliConfig->{'target'};
   unless ( -e $keyfile ) {

 
   my @decrypted_devices;
 
   # Decrypt each disk in the list
   foreach my $disk (@{$geliConfig->{'diskList'}}) {
      $disk = '/dev/' . $disk unless $disk =~ m|/dev|;
      unless ( -e $disk ) {
         logMsg "Disk $disk does not exist\n";
         return '';
      }
 
      # Derive the decrypted device name (.eli suffix on FreeBSD)
      my $decrypted = $disk . '.eli';
 
      # Decrypt using geli attach with the keyfile
      logMsg("Decrypting $disk with keyfile $keyfile");
      if ( my $result = runCmd("geli attach -k $geliConfig->{target} $disk ") ) {
         logMsg "Failed to decrypt $disk (exit $result)\n";
         next; # ignore failed disks and continue to see if we can import the pool
      }
 
      unless ( -e $decrypted ) {

Rev 38	Rev 39
Line 254...	Line 254...
254	`# $geliConfig - hashref containing configuration for geli`	254	`# $geliConfig - hashref containing configuration for geli`
255	`# Returns the pool name on success, empty string on error.`	255	`# Returns the pool name on success, empty string on error.`
256	`sub mountGeli {`	256	`sub mountGeli {`
257	`my $geliConfig = shift;`	257	`my $geliConfig = shift;`
258		258
-		259	`logMsg( "geli config detected, attempting to mount geli disks" );`
259	`# Can't continue at all if no pool name`	260	`# Can't continue at all if no pool name`
260	`unless ( $geliConfig->{'poolname'} ) {`	261	`unless ( $geliConfig->{'poolname'} ) {`
261	`logMsg "Could not find pool name in configuration file\n";`	262	`logMsg "Could not find pool name in configuration file\n";`
262	`return '';`	263	`return '';`
263	`}`	264	`}`
264		-
265	`# find the keyfile disk and mount it`	265	`# find the keyfile disk and mount it`
266	`$geliConfig->{secureKey}->{path} = mountDriveByLabel( $geliConfig->{secureKey}->{label} );`	266	`$geliConfig->{secureKey}->{path} = mountDriveByLabel( $geliConfig->{secureKey} );`
267	`unless ( $geliConfig->{secureKey}->{path} ne '' ) {`	267	`unless ( $geliConfig->{secureKey}->{path} ) {`
268	`logMsg "Could not find or mount keyfile disk with label: " . $geliConfig->{secureKey}->{label};`	268	`logMsg "Could not find or mount keyfile disk with label: " . $geliConfig->{secureKey}->{label};`
269	`return '';`	269	`return '';`
270	`}`	270	`}`
271	`# create the combined geli keyfile in target location`	271	`# create the combined geli keyfile in target location`
272	`unless ( makeGeliKey( $geliConfig ) ) {`	272	`unless ( makeGeliKey( $geliConfig ) ) {`
273	`logMsg "Could not create geli keyfile\n";`	273	`logMsg "Could not create geli keyfile\n";`
274	`return '';`	274	`return '';`
275	`}`	275	`}`
276	`# decrypt and mount the geli disks and zfs pool`	276	`# decrypt and mount the geli disks and zfs pool`
277	`die;`	-
278	`my $poolname = decryptAndMountGeli( $geliConfig );`	277	`my $poolname = decryptAndMountGeli( $geliConfig );`
279	`return $poolname;`	278	`return $poolname;`
280		279
281	`}`	280	`}`
282		281
Line 310...	Line 309...
310	`## Returns the pool name on success, empty on error.`	309	`## Returns the pool name on success, empty on error.`
311	`sub decryptAndMountGeli {`	310	`sub decryptAndMountGeli {`
312	`my ($geliConfig) = shift;`	311	`my ($geliConfig) = shift;`
313		312
314	`# if no list of disks provided, try to find them`	313	`# if no list of disks provided, try to find them`
315	`$geliConfig->{'diskList'} //= findGeliDisks();`	314	`$geliConfig->{'diskList'} //= [ findGeliDisks() ];`
316		315
317	`my $diskList = $geliConfig->{'diskList'};`	316	`my $diskList = $geliConfig->{'diskList'};`
318	`my $poolname = $geliConfig->{'poolname'};`	317	`my $poolname = $geliConfig->{'poolname'};`
319	`my $keyfile = $geliConfig->{'target'};`	318	`my $keyfile = $geliConfig->{'target'};`
320	`unless ( -e $keyfile ) {`	319	`unless ( -e $keyfile ) {`
Line 324...	Line 323...
324		323
325	`my @decrypted_devices;`	324	`my @decrypted_devices;`
326		325
327	`# Decrypt each disk in the list`	326	`# Decrypt each disk in the list`
328	`foreach my $disk (@{$geliConfig->{'diskList'}}) {`	327	`foreach my $disk (@{$geliConfig->{'diskList'}}) {`
-		328	`$disk = '/dev/' . $disk unless $disk =~ m\|/dev\|;`
329	`unless ( -e $disk ) {`	329	`unless ( -e $disk ) {`
330	`logMsg "Disk $disk does not exist\n";`	330	`logMsg "Disk $disk does not exist\n";`
331	`return '';`	331	`return '';`
332	`}`	332	`}`
333		333
334	`# Derive the decrypted device name (.eli suffix on FreeBSD)`	334	`# Derive the decrypted device name (.eli suffix on FreeBSD)`
335	`my $decrypted = $disk . '.eli';`	335	`my $decrypted = $disk . '.eli';`
336		336
337	`# Decrypt using geli attach with the keyfile`	337	`# Decrypt using geli attach with the keyfile`
338	`logMsg("Decrypting $disk with keyfile $keyfile");`	338	`logMsg("Decrypting $disk with keyfile $keyfile");`
339	`if ( my $result = system('geli', 'attach', '-k', $geliConfig->{'target'}, $disk) == 0 ) {`	339	`if ( my $result = runCmd("geli attach -k $geliConfig->{target} $disk ") ) {`
340	`logMsg "Failed to decrypt $disk (exit $result)\n";`	340	`logMsg "Failed to decrypt $disk (exit $result)\n";`
341	`next; # ignore failed disks and continue to see if we can import the pool`	341	`next; # ignore failed disks and continue to see if we can import the pool`
342	`}`	342	`}`
343		343
344	`unless ( -e $decrypted ) {`	344	`unless ( -e $decrypted ) {`

Subversion Repositories zfs_utils

(root)/trunk/ZFS_Utils.pm – Rev 38 → 39