LUKS support touchups
This commit is contained in:
AlexSSD7
parent
64d3891c48
commit
598234d161
5 changed files with 44 additions and 20 deletions
22
cmd/root.go
22
cmd/root.go
|
|
@ -1,6 +1,7 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
|
@ -26,12 +27,19 @@ func Execute() {
|
|||
}
|
||||
}
|
||||
|
||||
var vmDebugFlag bool
|
||||
var unrestrictedNetworkingFlag bool
|
||||
var vmMemAllocFlag uint32
|
||||
var vmSSHSetupTimeoutFlag uint32
|
||||
var vmOSUpTimeoutFlag uint32
|
||||
var dataDirFlag string
|
||||
var (
|
||||
vmDebugFlag bool
|
||||
unrestrictedNetworkingFlag bool
|
||||
vmMemAllocFlag uint32
|
||||
vmSSHSetupTimeoutFlag uint32
|
||||
vmOSUpTimeoutFlag uint32
|
||||
dataDirFlag string
|
||||
)
|
||||
|
||||
const (
|
||||
defaultMemAlloc = 512
|
||||
defaultMemAllocLUKS = 2048
|
||||
)
|
||||
|
||||
func init() {
|
||||
slog.SetDefault(slog.New(slog.NewTextHandler(os.Stderr, nil)))
|
||||
|
|
@ -45,7 +53,7 @@ func init() {
|
|||
|
||||
rootCmd.PersistentFlags().BoolVar(&vmDebugFlag, "vm-debug", false, "Enables the VM debug mode. This will open an accessible VM monitor. You can log in with root user and no password.")
|
||||
rootCmd.PersistentFlags().BoolVar(&unrestrictedNetworkingFlag, "vm-unrestricted-networking", false, "Enables unrestricted networking. This will allow the VM to connect to the internet.")
|
||||
rootCmd.PersistentFlags().Uint32Var(&vmMemAllocFlag, "vm-mem-alloc", 512, "Specifies the VM memory allocation in KiB")
|
||||
rootCmd.PersistentFlags().Uint32Var(&vmMemAllocFlag, "vm-mem-alloc", defaultMemAlloc, fmt.Sprintf("Specifies the VM memory allocation in KiB (the default is %v in LUKS mode)", defaultMemAllocLUKS))
|
||||
rootCmd.PersistentFlags().Uint32Var(&vmOSUpTimeoutFlag, "vm-os-up-timeout", 30, "Specifies the VM OS-up timeout in seconds.")
|
||||
rootCmd.PersistentFlags().Uint32Var(&vmSSHSetupTimeoutFlag, "vm-ssh-setup-timeout", 60, "Specifies the VM SSH server setup timeout in seconds. This cannot be lower than the OS-up timeout.")
|
||||
|
||||
|
|
|
|||
23
cmd/run.go
23
cmd/run.go
|
|
@ -45,6 +45,15 @@ var runCmd = &cobra.Command{
|
|||
os.Exit(1)
|
||||
}
|
||||
|
||||
if luksFlag && !allowLUKSLowMemoryFlag {
|
||||
if vmMemAllocFlag < 2048 {
|
||||
if vmMemAllocFlag != defaultMemAlloc {
|
||||
slog.Warn("Enforcing minimum LUKS memory allocation. Please add --allow-luks-low-memory to disable this.", "min", vmMemAllocFlag, "specified", vmMemAllocFlag)
|
||||
}
|
||||
vmMemAllocFlag = defaultMemAllocLUKS
|
||||
}
|
||||
}
|
||||
|
||||
os.Exit(runVM(args[0], func(ctx context.Context, i *vm.VM, fm *vm.FileManager, tapCtx *share.NetTapRuntimeContext) int {
|
||||
slog.Info("Mounting the device", "dev", vmMountDevName, "fs", fsType, "luks", luksFlag)
|
||||
|
||||
|
|
@ -83,14 +92,18 @@ var runCmd = &cobra.Command{
|
|||
},
|
||||
}
|
||||
|
||||
var luksFlag bool
|
||||
var shareListenIPFlag string
|
||||
var ftpExtIPFlag string
|
||||
var shareBackendFlag string
|
||||
var smbUseExternAddrFlag bool
|
||||
var (
|
||||
luksFlag bool
|
||||
allowLUKSLowMemoryFlag bool
|
||||
shareListenIPFlag string
|
||||
ftpExtIPFlag string
|
||||
shareBackendFlag string
|
||||
smbUseExternAddrFlag bool
|
||||
)
|
||||
|
||||
func init() {
|
||||
runCmd.Flags().BoolVarP(&luksFlag, "luks", "l", false, "Use cryptsetup to open a LUKS volume (password will be prompted).")
|
||||
runCmd.Flags().BoolVar(&allowLUKSLowMemoryFlag, "allow-luks-low-memory", false, "Allow VM memory allocation lower than 2048 MiB when LUKS is enabled.")
|
||||
|
||||
var defaultShareType string
|
||||
switch runtime.GOOS {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
)
|
||||
|
||||
func IsSMBExtModeDefault() bool {
|
||||
return runtime.GOOS == "windows1"
|
||||
return runtime.GOOS == "windows"
|
||||
}
|
||||
|
||||
var defaultListenIP = net.ParseIP("127.0.0.1")
|
||||
|
|
|
|||
|
|
@ -50,13 +50,13 @@ func RunSSHCmd(ctx context.Context, sc *ssh.Client, cmd string) ([]byte, error)
|
|||
}
|
||||
|
||||
func NewSSHSession(ctx context.Context, timeout time.Duration, sc *ssh.Client, fn func(*ssh.Session) error) error {
|
||||
return NewSSHSessionWithDelayedTimeout(ctx, timeout, sc, func(sess *ssh.Session, startTimeout func()) error {
|
||||
startTimeout()
|
||||
return NewSSHSessionWithDelayedTimeout(ctx, timeout, sc, func(sess *ssh.Session, startTimeout func(preTimeout func())) error {
|
||||
startTimeout(nil)
|
||||
return fn(sess)
|
||||
})
|
||||
}
|
||||
|
||||
func NewSSHSessionWithDelayedTimeout(ctx context.Context, timeout time.Duration, sc *ssh.Client, fn func(sess *ssh.Session, startTimeout func()) error) error {
|
||||
func NewSSHSessionWithDelayedTimeout(ctx context.Context, timeout time.Duration, sc *ssh.Client, fn func(sess *ssh.Session, startTimeout func(preTimeout func())) error) error {
|
||||
s, err := sc.NewSession()
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "create new ssh session")
|
||||
|
|
@ -77,12 +77,13 @@ func NewSSHSessionWithDelayedTimeout(ctx context.Context, timeout time.Duration,
|
|||
}
|
||||
}()
|
||||
|
||||
err = fn(s, func() {
|
||||
err = fn(s, func(preTimeout func()) {
|
||||
// Now start a thread which will close the session
|
||||
// down when the timeout hits.
|
||||
go func() {
|
||||
select {
|
||||
case <-time.After(timeout):
|
||||
preTimeout()
|
||||
timedOut = true
|
||||
_ = sc.Close()
|
||||
case <-done:
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ const luksDMName = "cryptmnt"
|
|||
func (fm *FileManager) luksOpen(sc *ssh.Client, fullDevPath string) error {
|
||||
lg := fm.logger.With("vm-path", fullDevPath)
|
||||
|
||||
return sshutil.NewSSHSessionWithDelayedTimeout(fm.vm.ctx, time.Second*15, sc, func(sess *ssh.Session, startTimeout func()) error {
|
||||
return sshutil.NewSSHSessionWithDelayedTimeout(fm.vm.ctx, time.Second*15, sc, func(sess *ssh.Session, startTimeout func(preTimeout func())) error {
|
||||
stdinPipe, err := sess.StdinPipe()
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "create vm ssh session stdin pipe")
|
||||
|
|
@ -106,7 +106,9 @@ func (fm *FileManager) luksOpen(sc *ssh.Client, fullDevPath string) error {
|
|||
|
||||
// We start the timeout countdown now only to avoid timing out
|
||||
// while the user is entering the password, or shortly after that.
|
||||
startTimeout()
|
||||
startTimeout(func() {
|
||||
lg.Warn("LUKS open command timed out. If you are using large-memory key derivation function, try increasing the VM memory allocation using --vm-mem-alloc flag.")
|
||||
})
|
||||
|
||||
var wErr error
|
||||
var wWG sync.WaitGroup
|
||||
|
|
@ -136,7 +138,7 @@ func (fm *FileManager) luksOpen(sc *ssh.Client, fullDevPath string) error {
|
|||
err = sess.Wait()
|
||||
if err != nil {
|
||||
if strings.Contains(stderrBuf.String(), "Not enough available memory to open a keyslot.") {
|
||||
fm.logger.Warn("Detected not enough memory to open a LUKS device, please allocate more memory using --vm-mem-alloc flag")
|
||||
fm.logger.Warn("Detected not enough memory to open a LUKS device, please allocate more memory using --vm-mem-alloc flag.")
|
||||
}
|
||||
|
||||
return utils.WrapErrWithLog(err, "wait for cryptsetup luksopen cmd to finish", stderrBuf.String())
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue