in VMEncryption/main/handle.py [0:0]
def encrypt_inplace_without_seperate_header_file(passphrase_file,
device_item,
disk_util,
bek_util,
status_prefix='',
ongoing_item_config=None):
"""
if ongoing_item_config is not None, then this is a resume case.
this function will return the phase
"""
logger.log("encrypt_inplace_without_seperate_header_file")
current_phase = CommonVariables.EncryptionPhaseBackupHeader
if ongoing_item_config is None:
ongoing_item_config = OnGoingItemConfig(encryption_environment=encryption_environment, logger=logger)
ongoing_item_config.current_block_size = CommonVariables.default_block_size
ongoing_item_config.current_slice_index = 0
ongoing_item_config.device_size = device_item.size
ongoing_item_config.file_system = device_item.file_system
ongoing_item_config.luks_header_file_path = None
ongoing_item_config.mapper_name = str(uuid.uuid4())
ongoing_item_config.mount_point = device_item.mount_point
if os.path.exists(os.path.join('/dev/', device_item.name)):
ongoing_item_config.original_dev_name_path = os.path.join('/dev/', device_item.name)
ongoing_item_config.original_dev_path = os.path.join('/dev/', device_item.name)
else:
ongoing_item_config.original_dev_name_path = os.path.join('/dev/mapper/', device_item.name)
ongoing_item_config.original_dev_path = os.path.join('/dev/mapper/', device_item.name)
ongoing_item_config.phase = CommonVariables.EncryptionPhaseBackupHeader
ongoing_item_config.commit()
else:
logger.log(msg="ongoing item config is not none, this is resuming, info: {0}".format(ongoing_item_config),
level=CommonVariables.WarningLevel)
logger.log(msg=("encrypting device item: {0}".format(ongoing_item_config.get_original_dev_path())))
# we only support ext file systems.
current_phase = ongoing_item_config.get_phase()
original_dev_path = ongoing_item_config.get_original_dev_path()
mapper_name = ongoing_item_config.get_mapper_name()
device_size = ongoing_item_config.get_device_size()
luks_header_size = CommonVariables.luks_header_size
size_shrink_to = (device_size - luks_header_size) / CommonVariables.sector_size
while current_phase != CommonVariables.EncryptionPhaseDone:
if current_phase == CommonVariables.EncryptionPhaseBackupHeader:
logger.log(msg="the current phase is " + str(CommonVariables.EncryptionPhaseBackupHeader),
level=CommonVariables.InfoLevel)
# log an appropriate warning if the file system type is not supported
device_fs = ongoing_item_config.get_file_system().lower()
if not device_fs in CommonVariables.inplace_supported_file_systems:
if device_fs in CommonVariables.format_supported_file_systems:
msg = "Encrypting {0} file system is not supported for data-preserving encryption. Consider using the encrypt-format-all option.".format(device_fs)
else:
msg = "AzureDiskEncryption does not support the {0} file system".format(device_fs)
logger.log(msg=msg, level=CommonVariables.WarningLevel)
ongoing_item_config.clear_config()
return current_phase
chk_shrink_result = disk_util.check_shrink_fs(dev_path=original_dev_path, size_shrink_to=size_shrink_to)
if chk_shrink_result != CommonVariables.process_success:
logger.log(msg="check shrink fs failed with code {0} for {1}".format(chk_shrink_result, original_dev_path),
level=CommonVariables.ErrorLevel)
logger.log(msg="your file system may not have enough space to do the encryption.")
# remove the ongoing item.
ongoing_item_config.clear_config()
return current_phase
else:
ongoing_item_config.current_slice_index = 0
ongoing_item_config.current_source_path = original_dev_path
ongoing_item_config.current_destination = encryption_environment.copy_header_slice_file_path
ongoing_item_config.current_total_copy_size = CommonVariables.default_block_size
ongoing_item_config.from_end = False
ongoing_item_config.header_slice_file_path = encryption_environment.copy_header_slice_file_path
ongoing_item_config.original_dev_path = original_dev_path
ongoing_item_config.commit()
if os.path.exists(encryption_environment.copy_header_slice_file_path):
logger.log(msg="the header slice file is there, remove it.", level=CommonVariables.WarningLevel)
os.remove(encryption_environment.copy_header_slice_file_path)
copy_result = disk_util.copy(ongoing_item_config=ongoing_item_config, status_prefix=status_prefix)
if copy_result != CommonVariables.process_success:
logger.log(msg="copy the header block failed, return code is: {0}".format(copy_result),
level=CommonVariables.ErrorLevel)
return current_phase
else:
ongoing_item_config.current_slice_index = 0
ongoing_item_config.phase = CommonVariables.EncryptionPhaseEncryptDevice
ongoing_item_config.commit()
current_phase = CommonVariables.EncryptionPhaseEncryptDevice
elif current_phase == CommonVariables.EncryptionPhaseEncryptDevice:
logger.log(msg="the current phase is {0}".format(CommonVariables.EncryptionPhaseEncryptDevice),
level=CommonVariables.InfoLevel)
encrypt_result = disk_util.encrypt_disk(dev_path=original_dev_path,
passphrase_file=passphrase_file,
mapper_name=mapper_name,
header_file=None)
# after the encrypt_disk without seperate header, then the uuid
# would change.
if encrypt_result != CommonVariables.process_success:
logger.log(msg="encrypt file system failed.", level=CommonVariables.ErrorLevel)
return current_phase
else:
ongoing_item_config.current_slice_index = 0
ongoing_item_config.phase = CommonVariables.EncryptionPhaseCopyData
ongoing_item_config.commit()
current_phase = CommonVariables.EncryptionPhaseCopyData
elif current_phase == CommonVariables.EncryptionPhaseCopyData:
logger.log(msg="the current phase is {0}".format(CommonVariables.EncryptionPhaseCopyData),
level=CommonVariables.InfoLevel)
device_mapper_path = os.path.join(CommonVariables.dev_mapper_root, mapper_name)
ongoing_item_config.current_destination = device_mapper_path
ongoing_item_config.current_source_path = original_dev_path
ongoing_item_config.current_total_copy_size = (device_size - luks_header_size)
ongoing_item_config.from_end = True
ongoing_item_config.phase = CommonVariables.EncryptionPhaseCopyData
ongoing_item_config.commit()
copy_result = disk_util.copy(ongoing_item_config=ongoing_item_config, status_prefix=status_prefix)
if copy_result != CommonVariables.process_success:
logger.log(msg="copy the main content block failed, return code is: {0}".format(copy_result),
level=CommonVariables.ErrorLevel)
return current_phase
else:
ongoing_item_config.phase = CommonVariables.EncryptionPhaseRecoverHeader
ongoing_item_config.commit()
current_phase = CommonVariables.EncryptionPhaseRecoverHeader
elif current_phase == CommonVariables.EncryptionPhaseRecoverHeader:
logger.log(msg="the current phase is " + str(CommonVariables.EncryptionPhaseRecoverHeader),
level=CommonVariables.InfoLevel)
ongoing_item_config.from_end = False
backed_up_header_slice_file_path = ongoing_item_config.get_header_slice_file_path()
ongoing_item_config.current_slice_index = 0
ongoing_item_config.current_source_path = backed_up_header_slice_file_path
device_mapper_path = os.path.join(CommonVariables.dev_mapper_root, mapper_name)
ongoing_item_config.current_destination = device_mapper_path
ongoing_item_config.current_total_copy_size = CommonVariables.default_block_size
ongoing_item_config.commit()
copy_result = disk_util.copy(ongoing_item_config=ongoing_item_config, status_prefix=status_prefix)
if copy_result == CommonVariables.process_success:
crypt_item_to_update = CryptItem()
crypt_item_to_update.mapper_name = mapper_name
original_dev_name_path = ongoing_item_config.get_original_dev_name_path()
crypt_item_to_update.dev_path = disk_util.get_persistent_path_by_sdx_path(original_dev_name_path)
crypt_item_to_update.luks_header_path = "None"
crypt_item_to_update.file_system = ongoing_item_config.get_file_system()
crypt_item_to_update.uses_cleartext_key = False
crypt_item_to_update.current_luks_slot = 0
# if the original mountpoint is empty, then leave
# it as None
mount_point = ongoing_item_config.get_mount_point()
if mount_point == "" or mount_point is None:
crypt_item_to_update.mount_point = "None"
else:
crypt_item_to_update.mount_point = mount_point
update_crypt_item_result = disk_util.add_crypt_item(crypt_item_to_update, passphrase_file)
if not update_crypt_item_result:
logger.log(msg="update crypt item failed", level=CommonVariables.ErrorLevel)
if mount_point:
logger.log(msg="removing entry for unencrypted drive from fstab",
level=CommonVariables.InfoLevel)
disk_util.modify_fstab_entry_encrypt(mount_point, os.path.join(CommonVariables.dev_mapper_root, mapper_name))
else:
logger.log(msg=original_dev_name_path + " is not defined in fstab, no need to update",
level=CommonVariables.InfoLevel)
if os.path.exists(encryption_environment.copy_header_slice_file_path):
os.remove(encryption_environment.copy_header_slice_file_path)
current_phase = CommonVariables.EncryptionPhaseDone
ongoing_item_config.phase = current_phase
ongoing_item_config.commit()
expand_fs_result = disk_util.expand_fs(dev_path=device_mapper_path)
if crypt_item_to_update.mount_point != "None":
disk_util.mount_filesystem(device_mapper_path, ongoing_item_config.get_mount_point())
else:
logger.log("the crypt_item_to_update.mount_point is None, so we do not mount it.")
ongoing_item_config.clear_config()
if expand_fs_result != CommonVariables.process_success:
logger.log(msg="expand fs result is: {0}".format(expand_fs_result),
level=CommonVariables.ErrorLevel)
return current_phase
else:
logger.log(msg="recover header failed result is: {0}".format(copy_result),
level=CommonVariables.ErrorLevel)
return current_phase