Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initializer: add cryptsetup subcommand #1153

Merged
merged 2 commits into from
Jan 28, 2025
Merged

initializer: add cryptsetup subcommand #1153

merged 2 commits into from
Jan 28, 2025
+216 −89

Conversation

jmxnzo
Copy link
Contributor

@jmxnzo jmxnzo commented Jan 14, 2025
edited
Loading

This PR translates the bash entrypoint currently used for setting up an encrypted volume with cryptsetup to a cryptsetup subcommand in the initializer binary, which takes the device path and the required mount point as flags.

  • adds wrapper functions of the following commands of the cryptsetup executable: cryptsetup open, isLuks, luksFormat
  • setupEncryptedMount function reimplements the current bash entrypoint of initializer/cryptsetup: rework bash entrypoint #1140 as a go function
  • introduces new cryptsetup Cobra subcommand to the initializer command, wrapping the setupEncryptedMount function -- follow-up on initializer: add Cobra for subcommands #1157
  • const workloadSecretPath is shared between initializer main.go and mount.go

The shared code of mounting mechanisms between the coordinator and initializer was moved to internal/mount in #1163 .

e2e volumestatefulset: https://github.com/edgelesssys/contrast/actions/runs/13008716710/job/36281340998

@jmxnzo jmxnzo added the changelog PRs that should be part of the release notes label Jan 14, 2025
@jmxnzo jmxnzo requested a review from burgerdev January 14, 2025 16:45
burgerdev
burgerdev reviewed Jan 15, 2025
View reviewed changes
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
packages/containers.nix Show resolved Hide resolved
cli/cmd/generate.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 2 times, most recently from 845c276 to a715e67 Compare January 15, 2025 15:41
@jmxnzo jmxnzo mentioned this pull request Jan 15, 2025
Merged
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 4 times, most recently from b17526d to c982c25 Compare January 16, 2025 15:29
@jmxnzo jmxnzo force-pushed the cryptsetup/initializer/rework-bash branch 4 times, most recently from 5e7c79c to ec4f47e Compare January 16, 2025 15:48
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from c982c25 to f28e6c8 Compare January 16, 2025 15:54
@jmxnzo jmxnzo mentioned this pull request Jan 17, 2025
Merged
@jmxnzo jmxnzo marked this pull request as ready for review January 17, 2025 10:11
@jmxnzo jmxnzo requested a review from katexochen as a code owner January 17, 2025 10:11
@jmxnzo jmxnzo requested a review from burgerdev January 17, 2025 14:12
@jmxnzo jmxnzo force-pushed the cryptsetup/initializer/rework-bash branch from ec4f47e to c176341 Compare January 20, 2025 09:12
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from f28e6c8 to 957cc7f Compare January 20, 2025 09:17
@burgerdev burgerdev mentioned this pull request Jan 20, 2025
Merged
@jmxnzo jmxnzo force-pushed the cryptsetup/initializer/rework-bash branch 3 times, most recently from b0f9a62 to 7253c27 Compare January 21, 2025 07:35
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from 957cc7f to 0ff8c32 Compare January 21, 2025 08:13
@jmxnzo jmxnzo force-pushed the cryptsetup/initializer/rework-bash branch 2 times, most recently from 01c9cfb to c9f2576 Compare January 21, 2025 11:58
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 2 times, most recently from 1bbc7e2 to a6c11ec Compare January 21, 2025 12:17
@jmxnzo jmxnzo changed the title initializer/cryptsetup: add option to setupEncryptedMount initializer: add setupEncryptedMount subcommand Jan 23, 2025
burgerdev
burgerdev reviewed Jan 23, 2025
View reviewed changes
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Show resolved Hide resolved
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from a42d754 to 78b8457 Compare January 24, 2025 14:33
@jmxnzo jmxnzo changed the title initializer: add setupEncryptedMount subcommand initializer: add cryptsetup subcommand Jan 24, 2025
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 2 times, most recently from 2aa561d to 0ad0b12 Compare January 24, 2025 14:56
burgerdev
burgerdev reviewed Jan 24, 2025
View reviewed changes
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
internal/kuberesource/parts.go Show resolved Hide resolved
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from 0ad0b12 to 20a409d Compare January 27, 2025 08:59
3u13r
3u13r previously requested changes Jan 27, 2025
View reviewed changes
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
initializer/mount.go Outdated Show resolved Hide resolved
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 4 times, most recently from 1bbe4a0 to 2439efa Compare January 27, 2025 10:47
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 27, 2025
edited
Loading

PR Preview Action v1.6.0
Preview removed because the pull request was closed.
2025-01-28 11:43 UTC

@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 2 times, most recently from 82299c7 to 1e96856 Compare January 27, 2025 11:05
@jmxnzo jmxnzo requested a review from 3u13r January 27, 2025 11:11
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from 1e96856 to 87c3bfd Compare January 27, 2025 11:28
@jmxnzo jmxnzo requested a review from burgerdev January 27, 2025 12:01
burgerdev
burgerdev reviewed Jan 27, 2025
View reviewed changes
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
docs/docs/architecture/secrets.md Outdated Show resolved Hide resolved
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch 2 times, most recently from f550c48 to 195a55f Compare January 27, 2025 15:02
@jmxnzo jmxnzo requested a review from burgerdev January 27, 2025 16:28
@jmxnzo jmxnzo force-pushed the initializer/cryptsetup-integration-jla branch from a69da93 to 1573898 Compare January 28, 2025 10:38
@burgerdev burgerdev dismissed 3u13r’s stale review January 28, 2025 11:25

All requests are addressed.

@jmxnzo jmxnzo merged commit 2356a91 into main Jan 28, 2025
14 checks passed
@jmxnzo jmxnzo deleted the initializer/cryptsetup-integration-jla branch January 28, 2025 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidweisse davidweisse davidweisse left review comments

@burgerdev burgerdev burgerdev approved these changes

@katexochen katexochen Awaiting requested review from katexochen katexochen is a code owner

@3u13r 3u13r Awaiting requested review from 3u13r

Assignees
No one assigned
Labels
changelog PRs that should be part of the release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jmxnzo @burgerdev @3u13r @davidweisse