Skip to content

block .py - Addition(s) to pull clevis and /etc/crypttab data for issue #2755 #2756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

block .py - Addition(s) to pull clevis and /etc/crypttab data for issue #2755 #2756

wants to merge 7 commits into from

Conversation

cbrashaw
Copy link

@cbrashaw cbrashaw commented Nov 11, 2021
edited
Loading

Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines

  • [ x] Is the commit message split over multiple lines and hard-wrapped at 72 characters?
  • [x ] Is the subject and message clear and concise?
  • [ x] Does the subject start with [plugin_name] if submitting a plugin patch or a [section_name] if part of the core sosreport code?
  • Does the commit contain a Signed-off-by: First Lastname [email protected]?
  • Are any related Issues or existing PRs properly referenced via a Closes (Issue) or Resolved (PR) line?

@cbrashaw
Add files via upload
714f022 
Added two commands to block.py LUKS loop to grab "clevis luks list <dev>" and grab a copy of the /etc/crypttab file
@cbrashaw
Merge pull request #1 from cbrashaw/cbrashaw-NBDE_LUKS_additions.bloc…
845a0d1 
…k.py

Added block.py via upload to extend the LUKS loop and pull clevis and crypttab data.
@cbrashaw
Update block.py
02076b1
@packit-as-a-service
Copy link

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

  • sudo yum install -y dnf-plugins-core on RHEL 8
  • sudo dnf install -y dnf-plugins-core on Fedora
  • dnf copr enable packit/sosreport-sos-2756
  • And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

@cbrashaw cbrashaw mentioned this pull request Nov 11, 2021
Open
@cbrashaw
Copy link
Author

block.py - NBDE/LUKS data - fixed comment to pass flake test.

@cbrashaw
Copy link
Author

cbrashaw commented Nov 12, 2021
edited
Loading

Wanted to try putting the /etc/crypttab pull in the LUKS block - as I'm thinking care should likely be taken when pulling this data (ensure there is a LUKS device present, and not pull any sensitive customer data). If this needs to be moved I can/will move this outside (linearly) with other file/data pulls.

@pmoravec
Copy link
Contributor

ACK to the change itself, but:

  • creating the extra block.py copy is superfluous
  • the two oldest commits changing the sos/report/plugins/block.py should be squashed into one
  • one minor change in comment

pmoravec
pmoravec reviewed Nov 12, 2021
View reviewed changes
sos/report/plugins/block.py Outdated
@@ -59,11 +59,13 @@ def setup(self):
self.add_blockdev_cmd(cmds, blacklist='ram.*')

lsblk = self.collect_cmd_output("lsblk -f -a -l")
# for LUKS devices, collect cryptsetup luksDump
# for LUKS devs, pull cryptsetup luksDump, clevis, and /etc/crypttab.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe worth explaining (on an extra comment line) that we need to collect /etc/crypttab when any LUKS device exists, hence add_copy_spec called for every such device. E.g.:

    # for LUKS devices, collect cryptsetup, luksDump and clevis
    # if a LUKS device exists, ensure /etc/crypttab is collected

That will also resolve the concise language due to line length :).

@cbrashaw
Updated comments to fix line length.
d13c757 
If LUKS device(s) are present ensure we grab a copy of the /etc/crypttab
@cbrashaw
Copy link
Author

cbrashaw commented Nov 12, 2021 via email

@cbrashaw
Copy link
Author

Hi Pavel, Thanks again for you suggestions. I'm still new to GIT and this project so not sure if I covered all the issues noted; any help in getting this PR squared away would be greatly appreciated :)

@pmoravec
Copy link
Contributor

Hello,
I think the final code change is OK. Just squash the 7 commits into one, please :)

One option is to do a rebase, drop&squash individual commits, but this way is more elegant:

git reset --soft HEAD~7   # roll back git history 7 commits (the yours) back, but leave code changes as they are
git commit                # now commit all the changes in one commit
git push --force          # forcefully update your local branch on github

TurboTurtle
TurboTurtle requested changes Nov 17, 2021
View reviewed changes
Copy link
Member

@TurboTurtle TurboTurtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Single note below, but otherwise echo'ing @pmoravec on needing the squash the fixups commits into a single commit.

block.py
if lsblk['status'] == 0:
for line in lsblk['output'].splitlines():
if 'crypto_LUKS' in line:
dev = line.split()[0]
self.add_cmd_output('cryptsetup luksDump /dev/%s' % dev)
self.add_cmd_output('clevis luks list -d /dev/%s' % dev)
self.add_copy_spec('/etc/crypttab')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not following why this needs to be in the for loop?

If there are no LUKS devices, there should be either not be an /etc/crypttab or it should be empty, right? add_copy_spec() gracefully handles when a requested file doesn't exist, and copying an empty/template file doesn't seem all that bad to me.

Is there some condition causing us to not want to collect this file if it exists, yet no LUKS devices are present?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you are right - there won't be an /etc/crypttab if no LUKS devices are present. I figured inserting it into the loop would be a clean way to keep the block module compact and the LUKS data capture contained in a single loop. We could of course move this outside of the LUKS loop and just grab it anyway - just wanted to minimize the chances of pulling any irrelevant data. I can see why it's redundant as it would pull the file for every LUKS device found; but as you say it does handle situations like that gracefully - so I would defer to your direction here :)

@arif-ali
Copy link
Member

@cbrashaw is this still something you plan to work on?

@arif-ali arif-ali added the Status/Need More Info Feedback is required to reproduce issue or to continue work label Nov 20, 2024
@jcastill jcastill added the Status/RedHat Eng RedHat Engineering has been requested to review label Nov 21, 2024
@cbrashaw
Copy link
Author

cbrashaw commented Nov 25, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmoravec pmoravec pmoravec left review comments

@TurboTurtle TurboTurtle TurboTurtle requested changes

Assignees
No one assigned
Labels
Status/Need More Info Feedback is required to reproduce issue or to continue work Status/RedHat Eng RedHat Engineering has been requested to review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cbrashaw @pmoravec @arif-ali @TurboTurtle @jcastill