Documentation ¶
Overview ¶
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
Package setup handles setting up rejoinclient and recoveryserver for the disk-mapper.
On success of either of these services, the state disk is decrypted and the node is tainted as initialized by updating it's PCRs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConfigurationGenerator ¶
type ConfigurationGenerator interface {
Generate(volumeName, encryptedDevice, keyFile, options string) error
}
ConfigurationGenerator is an interface for generating systemd-cryptsetup@.service unit files.
type DeviceMapper ¶
type DeviceMapper interface { DiskUUID() (string, error) FormatDisk(passphrase string) error MapDisk(target string, passphrase string) error UnmapDisk(target string) error }
DeviceMapper is an interface for device mapping operations.
type DiskMounter ¶
type DiskMounter struct{}
DiskMounter uses the syscall package to mount disks.
func (DiskMounter) MkdirAll ¶
func (m DiskMounter) MkdirAll(path string, perm fs.FileMode) error
MkdirAll uses os.MkdirAll to create the directory.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles formatting, mapping, mounting and unmounting of state disks.
func New ¶
func New(log *slog.Logger, csp string, diskPath string, fs afero.Afero, mapper DeviceMapper, mounter Mounter, openDevice vtpm.TPMOpenFunc, ) *Manager
New initializes a SetupManager with the given parameters.
func (*Manager) LogDevices ¶ added in v2.6.0
LogDevices logs all available block devices and partitions (lsblk like).
func (*Manager) PrepareExistingDisk ¶
func (s *Manager) PrepareExistingDisk(recover RecoveryDoer) error
PrepareExistingDisk requests and waits for a decryption key to remap the encrypted state disk. Once the disk is mapped, the function taints the node as initialized by updating it's PCRs.
func (*Manager) PrepareNewDisk ¶
PrepareNewDisk prepares an instances state disk by formatting the disk as a LUKS device using a random passphrase.
type MetadataAPI ¶
type MetadataAPI interface { metadata.InstanceSelfer metadata.InstanceLister GetLoadBalancerEndpoint(ctx context.Context) (host, port string, err error) }
MetadataAPI is an interface for accessing cloud metadata.
type Mounter ¶
type Mounter interface { Mount(source string, target string, fstype string, flags uintptr, data string) error Unmount(target string, flags int) error MkdirAll(path string, perm fs.FileMode) error }
Mounter is an interface for mount and unmount operations.
type NodeRecoverer ¶
type NodeRecoverer struct {
// contains filtered or unexported fields
}
NodeRecoverer bundles a RecoveryServer and RejoinClient.
func NewNodeRecoverer ¶
func NewNodeRecoverer(recoveryServer RecoveryServer, rejoinClient RejoinClient) *NodeRecoverer
NewNodeRecoverer initializes a new nodeRecoverer.
func (*NodeRecoverer) Do ¶
func (r *NodeRecoverer) Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error)
Do performs a recovery procedure on the given state disk. The method starts a gRPC server to allow manual recovery by a user. At the same time it tries to request a decryption key from all available Constellation control-plane nodes.
type RecoveryDoer ¶
type RecoveryDoer interface {
Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error)
}
RecoveryDoer is an interface to perform key recovery operations. Calls to Do may be blocking, and if successful return a passphrase and measurementSecret.