Add init script to load keys
Add new init scripts which allow automatic loading of keys if keylocation property is set to a URI. Reviewed-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Benedikt Neuffer <ogelpre@itfriend.de> Closes #11659 Closes #11662
This commit is contained in:
parent
487bb77623
commit
d76917b2ec
|
@ -1,4 +1,4 @@
|
||||||
# ZoL userland configuration.
|
# OpenZFS userland configuration.
|
||||||
|
|
||||||
# NOTE: This file is intended for sysv init and initramfs.
|
# NOTE: This file is intended for sysv init and initramfs.
|
||||||
# Changing some of these settings may not make any difference on
|
# Changing some of these settings may not make any difference on
|
||||||
|
@ -9,6 +9,12 @@
|
||||||
# To enable a boolean setting, set it to yes, on, true, or 1.
|
# To enable a boolean setting, set it to yes, on, true, or 1.
|
||||||
# Anything else will be interpreted as unset.
|
# Anything else will be interpreted as unset.
|
||||||
|
|
||||||
|
# Run `zfs load-key` during system start?
|
||||||
|
ZFS_LOAD_KEY='yes'
|
||||||
|
|
||||||
|
# Run `zfs unload-key` during system stop?
|
||||||
|
ZFS_UNLOAD_KEY='no'
|
||||||
|
|
||||||
# Run `zfs mount -a` during system start?
|
# Run `zfs mount -a` during system start?
|
||||||
ZFS_MOUNT='yes'
|
ZFS_MOUNT='yes'
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
zfs-import
|
zfs-import
|
||||||
|
zfs-load-key
|
||||||
zfs-mount
|
zfs-mount
|
||||||
zfs-share
|
zfs-share
|
||||||
zfs-zed
|
zfs-zed
|
||||||
|
|
|
@ -3,7 +3,7 @@ include $(top_srcdir)/config/Shellcheck.am
|
||||||
|
|
||||||
EXTRA_DIST += README.md
|
EXTRA_DIST += README.md
|
||||||
|
|
||||||
init_SCRIPTS = zfs-import zfs-mount zfs-share zfs-zed
|
init_SCRIPTS = zfs-import zfs-load-key zfs-mount zfs-share zfs-zed
|
||||||
|
|
||||||
SUBSTFILES += $(init_SCRIPTS)
|
SUBSTFILES += $(init_SCRIPTS)
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,7 @@ INSTALLING INIT SCRIPT LINKS
|
||||||
(or derived) system, run the following commands (the order is important!):
|
(or derived) system, run the following commands (the order is important!):
|
||||||
|
|
||||||
update-rc.d zfs-import start 07 S . stop 07 0 1 6 .
|
update-rc.d zfs-import start 07 S . stop 07 0 1 6 .
|
||||||
|
update-rc.d zfs-load-key start 02 2 3 4 5 . stop 06 0 1 6 .
|
||||||
update-rc.d zfs-mount start 02 2 3 4 5 . stop 06 0 1 6 .
|
update-rc.d zfs-mount start 02 2 3 4 5 . stop 06 0 1 6 .
|
||||||
update-rc.d zfs-zed start 07 2 3 4 5 . stop 08 0 1 6 .
|
update-rc.d zfs-zed start 07 2 3 4 5 . stop 08 0 1 6 .
|
||||||
update-rc.d zfs-share start 27 2 3 4 5 . stop 05 0 1 6 .
|
update-rc.d zfs-share start 27 2 3 4 5 . stop 05 0 1 6 .
|
||||||
|
@ -50,6 +51,7 @@ INSTALLING INIT SCRIPT LINKS
|
||||||
To do the same on RedHat, Fedora and/or CentOS:
|
To do the same on RedHat, Fedora and/or CentOS:
|
||||||
|
|
||||||
chkconfig zfs-import
|
chkconfig zfs-import
|
||||||
|
chkconfig zfs-load-key
|
||||||
chkconfig zfs-mount
|
chkconfig zfs-mount
|
||||||
chkconfig zfs-zed
|
chkconfig zfs-zed
|
||||||
chkconfig zfs-share
|
chkconfig zfs-share
|
||||||
|
@ -57,6 +59,7 @@ INSTALLING INIT SCRIPT LINKS
|
||||||
On Gentoo:
|
On Gentoo:
|
||||||
|
|
||||||
rc-update add zfs-import boot
|
rc-update add zfs-import boot
|
||||||
|
rc-update add zfs-load-key boot
|
||||||
rc-update add zfs-mount boot
|
rc-update add zfs-mount boot
|
||||||
rc-update add zfs-zed default
|
rc-update add zfs-zed default
|
||||||
rc-update add zfs-share default
|
rc-update add zfs-share default
|
||||||
|
|
|
@ -0,0 +1,131 @@
|
||||||
|
#!@DEFAULT_INIT_SHELL@
|
||||||
|
#
|
||||||
|
# zfs-load-key This script will load/unload the zfs filesystems keys.
|
||||||
|
#
|
||||||
|
# chkconfig: 2345 06 99
|
||||||
|
# description: This script will load or unload the zfs filesystems keys during
|
||||||
|
# system boot/shutdown. Only filesystems with key path set
|
||||||
|
# in keylocation property. See the zfs(8) man page for details.
|
||||||
|
# probe: true
|
||||||
|
#
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: zfs-load-key
|
||||||
|
# Required-Start: $local_fs zfs-import
|
||||||
|
# Required-Stop: $local_fs zfs-import
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# X-Start-Before: zfs-mount
|
||||||
|
# X-Stop-After: zfs-zed
|
||||||
|
# Short-Description: Load ZFS keys for filesystems and volumes
|
||||||
|
# Description: Run the `zfs load-key` or `zfs unload-key` commands.
|
||||||
|
### END INIT INFO
|
||||||
|
#
|
||||||
|
# Released under the 2-clause BSD license.
|
||||||
|
#
|
||||||
|
# This script is based on debian/zfsutils.zfs.init from the
|
||||||
|
# Debian GNU/kFreeBSD zfsutils 8.1-3 package, written by Aurelien Jarno.
|
||||||
|
|
||||||
|
# Source the common init script
|
||||||
|
. @sysconfdir@/zfs/zfs-functions
|
||||||
|
|
||||||
|
# ----------------------------------------------------
|
||||||
|
|
||||||
|
do_depend()
|
||||||
|
{
|
||||||
|
# bootmisc will log to /var which may be a different zfs than root.
|
||||||
|
before bootmisc logger zfs-mount
|
||||||
|
|
||||||
|
after zfs-import sysfs
|
||||||
|
keyword -lxc -openvz -prefix -vserver
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load keys for all datasets/filesystems
|
||||||
|
do_load_keys()
|
||||||
|
{
|
||||||
|
zfs_log_begin_msg "Load ZFS filesystem(s) keys"
|
||||||
|
|
||||||
|
"$ZFS" list -Ho name,encryptionroot,keystatus,keylocation |
|
||||||
|
while IFS=" " read -r name encryptionroot keystatus keylocation; do
|
||||||
|
if [ "$encryptionroot" != "-" ] &&
|
||||||
|
[ "$name" = "$encryptionroot" ] &&
|
||||||
|
[ "$keystatus" = "unavailable" ] &&
|
||||||
|
[ "$keylocation" != "prompt" ] &&
|
||||||
|
[ "$keylocation" != "none" ]
|
||||||
|
then
|
||||||
|
zfs_action "Load key for $encryptionroot" \
|
||||||
|
"$ZFS" load-key "$encryptionroot"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
zfs_log_end_msg 0
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# Unload keys for all datasets/filesystems
|
||||||
|
do_unload_keys()
|
||||||
|
{
|
||||||
|
zfs_log_begin_msg "Unload ZFS filesystem(s) key"
|
||||||
|
|
||||||
|
"$ZFS" list -Ho name,encryptionroot,keystatus | sed '1!G;h;$!d' |
|
||||||
|
while IFS=" " read -r name encryptionroot keystatus; do
|
||||||
|
if [ "$encryptionroot" != "-" ] &&
|
||||||
|
[ "$name" = "$encryptionroot" ] &&
|
||||||
|
[ "$keystatus" = "available" ]
|
||||||
|
then
|
||||||
|
zfs_action "Unload key for $encryptionroot" \
|
||||||
|
"$ZFS" unload-key "$encryptionroot"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
zfs_log_end_msg 0
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
do_start()
|
||||||
|
{
|
||||||
|
check_boolean "$ZFS_LOAD_KEY" || exit 0
|
||||||
|
|
||||||
|
check_module_loaded "zfs" || exit 0
|
||||||
|
|
||||||
|
do_load_keys
|
||||||
|
}
|
||||||
|
|
||||||
|
do_stop()
|
||||||
|
{
|
||||||
|
check_boolean "$ZFS_UNLOAD_KEY" || exit 0
|
||||||
|
|
||||||
|
check_module_loaded "zfs" || exit 0
|
||||||
|
|
||||||
|
do_unload_keys
|
||||||
|
}
|
||||||
|
|
||||||
|
# ----------------------------------------------------
|
||||||
|
|
||||||
|
if [ ! -e /sbin/openrc-run ]
|
||||||
|
then
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
do_start
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
do_stop
|
||||||
|
;;
|
||||||
|
force-reload|condrestart|reload|restart|status)
|
||||||
|
# no-op
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
[ -n "$1" ] && echo "Error: Unknown command $1."
|
||||||
|
echo "Usage: $0 {start|stop}"
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit $?
|
||||||
|
else
|
||||||
|
# Create wrapper functions since Gentoo don't use the case part.
|
||||||
|
depend() { do_depend; }
|
||||||
|
start() { do_start; }
|
||||||
|
stop() { do_stop; }
|
||||||
|
fi
|
|
@ -1,5 +1,5 @@
|
||||||
# This is a script with common functions etc used by zfs-import, zfs-mount,
|
# This is a script with common functions etc used by zfs-import, zfs-load-key,
|
||||||
# zfs-share and zfs-zed.
|
# zfs-mount, zfs-share and zfs-zed.
|
||||||
#
|
#
|
||||||
# It is _NOT_ to be called independently
|
# It is _NOT_ to be called independently
|
||||||
#
|
#
|
||||||
|
@ -92,6 +92,8 @@ ZPOOL="@sbindir@/zpool"
|
||||||
ZPOOL_CACHE="@sysconfdir@/zfs/zpool.cache"
|
ZPOOL_CACHE="@sysconfdir@/zfs/zpool.cache"
|
||||||
|
|
||||||
# Sensible defaults
|
# Sensible defaults
|
||||||
|
ZFS_LOAD_KEY='yes'
|
||||||
|
ZFS_UNLOAD_KEY='no'
|
||||||
ZFS_MOUNT='yes'
|
ZFS_MOUNT='yes'
|
||||||
ZFS_UNMOUNT='yes'
|
ZFS_UNMOUNT='yes'
|
||||||
ZFS_SHARE='yes'
|
ZFS_SHARE='yes'
|
||||||
|
@ -104,7 +106,8 @@ fi
|
||||||
|
|
||||||
# ----------------------------------------------------
|
# ----------------------------------------------------
|
||||||
|
|
||||||
export ZFS ZED ZPOOL ZPOOL_CACHE ZFS_MOUNT ZFS_UNMOUNT ZFS_SHARE ZFS_UNSHARE
|
export ZFS ZED ZPOOL ZPOOL_CACHE ZFS_LOAD_KEY ZFS_UNLOAD_KEY ZFS_MOUNT ZFS_UNMOUNT \
|
||||||
|
ZFS_SHARE ZFS_UNSHARE
|
||||||
|
|
||||||
zfs_action()
|
zfs_action()
|
||||||
{
|
{
|
||||||
|
|
|
@ -424,6 +424,7 @@ fi
|
||||||
%else
|
%else
|
||||||
if [ -x /sbin/chkconfig ]; then
|
if [ -x /sbin/chkconfig ]; then
|
||||||
/sbin/chkconfig --add zfs-import
|
/sbin/chkconfig --add zfs-import
|
||||||
|
/sbin/chkconfig --add zfs-load-key
|
||||||
/sbin/chkconfig --add zfs-mount
|
/sbin/chkconfig --add zfs-mount
|
||||||
/sbin/chkconfig --add zfs-share
|
/sbin/chkconfig --add zfs-share
|
||||||
/sbin/chkconfig --add zfs-zed
|
/sbin/chkconfig --add zfs-zed
|
||||||
|
@ -454,6 +455,7 @@ fi
|
||||||
%else
|
%else
|
||||||
if [ "$1" = "0" -o "$1" = "remove" ] && [ -x /sbin/chkconfig ]; then
|
if [ "$1" = "0" -o "$1" = "remove" ] && [ -x /sbin/chkconfig ]; then
|
||||||
/sbin/chkconfig --del zfs-import
|
/sbin/chkconfig --del zfs-import
|
||||||
|
/sbin/chkconfig --del zfs-load-key
|
||||||
/sbin/chkconfig --del zfs-mount
|
/sbin/chkconfig --del zfs-mount
|
||||||
/sbin/chkconfig --del zfs-share
|
/sbin/chkconfig --del zfs-share
|
||||||
/sbin/chkconfig --del zfs-zed
|
/sbin/chkconfig --del zfs-zed
|
||||||
|
|
Loading…
Reference in New Issue