Class: DmCryptHelper

Inherits:
RemoteCommandHandler show all
Defined in:
lib/help/dm_crypt_helper.rb

Overview

This class implements helper methods for Dm Encryption (see #Scripts::EC2::DmEncrypt)

Instance Attribute Summary

Attributes inherited from RemoteCommandHandler

#logger, #ssh_session, #use_sudo

Instance Method Summary collapse

Methods inherited from RemoteCommandHandler

#connect, #connect_with_keyfile, #create_filesystem, #disable_sudoers_requiretty, #disconnect, #drive_mounted?, #drive_mounted_as?, #echo, #enable_sudoers_requiretty, #file_exists?, #file_size, #get_device_label, #get_device_label_ext, #get_device_partition, #get_output, #get_partition_device, #get_partition_fs_type, #get_partition_table, #get_root_device, #get_root_fs_type, #initialize, #install, #is_port_open?, #local_decompress_and_dump, #local_dump, #local_dump_and_compress, #local_rcopy, #local_rsync, #mkdir, #mount, #mount_output, #remote_execute, #remote_rsync, #remote_rsync_old, #retrieve_os, #scp, #set_device_label, #set_device_label_ext, #set_partition_table, #stdout_contains?, #tools_installed?, #umount, #upload, #zip

Constructor Details

This class inherits a constructor from RemoteCommandHandler

Instance Method Details

#encrypt_storage(name, password, device, path) ⇒ Object

Encrypts the device and mounting it using dm-crypt tools. Params

  • name: name of the virtual volume

  • password: paraphrase to be used for encryption

  • device: device to be encrypted

  • path: path to which the encrypted device is mounted



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/help/dm_crypt_helper.rb', line 13

def encrypt_storage(name, password, device, path)
  if file_exists?(device)
    if !file_exists?("/dev/mapper/#{name}")
      @logger.debug("mapper device #{name} not yet existing")
      #device not configured, go ahead
      remote_execute("cryptsetup luksFormat  -q #{device}", password)
      @logger.debug("device #{device} formatted as #{name}")
      remote_execute("cryptsetup luksOpen #{device} #{name}",password)
      @logger.debug("device #{device} / #{name} opened")
      self.create_filesystem("ext3", "/dev/mapper/#{name}")
      @logger.debug("filesystem created on /dev/mapper/#{name}")
      self.mkdir(path)
      self.mount("/dev/mapper/#{name}", path)
      #TODO: make a final check that everything worked? ?
    else
      #device already exists, just re-activate it
      @logger.debug("mapper device #{name} is existing")
      remote_execute("cryptsetup luksOpen #{device} #{name}")
      @logger.debug("device #{device} /dev/mapper/#{name} opened")
      self.mkdir(path) unless file_exists?(path)
      self.mount("/dev/mapper/#{name}", path) unless drive_mounted_as?("/dev/mapper/#{name}", path)
    end
  else
    #device does not even exist
    raise Exception.new("device #{device} does not exist")
  end

end

#test_storage_encryption(password, mount_point, path) ⇒ Object

Check if the storage is encrypted (not yet implemented).



43
44
 
# File 'lib/help/dm_crypt_helper.rb', line 43

def test_storage_encryption(password, mount_point, path)
end

#undo_encryption(name, path) ⇒ Object 



46
47
48
49
50
51
 
# File 'lib/help/dm_crypt_helper.rb', line 46

def undo_encryption(name, path)
  remote_execute("umount #{path}", nil, true)
  @logger.debug("drive #{path} unmounted")
  remote_execute("cryptsetup luksClose /dev/mapper/#{name}", nil, true)
  @logger.debug("closed /dev/mapper/#{name} unmounted")
end