setup

package
v2.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Overview

Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only

Package setup handles setting up rejoinclient and recoveryserver for the disk-mapper.

On success of either of these services, the state disk is decrypted and the node is tainted as initialized by updating it's PCRs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ConfigurationGenerator

type ConfigurationGenerator interface {
	Generate(volumeName, encryptedDevice, keyFile, options string) error
}

ConfigurationGenerator is an interface for generating systemd-cryptsetup@.service unit files.

type DeviceMapper

type DeviceMapper interface {
	DiskUUID() (string, error)
	FormatDisk(passphrase string) error
	MapDisk(target string, passphrase string) error
	UnmapDisk(target string) error
}

DeviceMapper is an interface for device mapping operations.

type DiskMounter

type DiskMounter struct{}

DiskMounter uses the syscall package to mount disks.

func (DiskMounter) MkdirAll

func (m DiskMounter) MkdirAll(path string, perm fs.FileMode) error

MkdirAll uses os.MkdirAll to create the directory.

func (DiskMounter) Mount

func (m DiskMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error

Mount performs a mount syscall.

func (DiskMounter) Unmount

func (m DiskMounter) Unmount(target string, flags int) error

Unmount performs an unmount syscall.

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles formatting, mapping, mounting and unmounting of state disks.

func New

func New(log *slog.Logger, csp string, diskPath string, fs afero.Afero,
	mapper DeviceMapper, mounter Mounter, openDevice vtpm.TPMOpenFunc,
) *Manager

New initializes a SetupManager with the given parameters.

func (*Manager) LogDevices added in v2.6.0

func (s *Manager) LogDevices() error

LogDevices logs all available block devices and partitions (lsblk like).

func (*Manager) PrepareExistingDisk

func (s *Manager) PrepareExistingDisk(recoverer RecoveryDoer) error

PrepareExistingDisk requests and waits for a decryption key to remap the encrypted state disk. Once the disk is mapped, the function taints the node as initialized by updating it's PCRs.

func (*Manager) PrepareNewDisk

func (s *Manager) PrepareNewDisk() error

PrepareNewDisk prepares an instances state disk by formatting the disk as a LUKS device using a random passphrase.

type MetadataAPI

type MetadataAPI interface {
	metadata.InstanceSelfer
	metadata.InstanceLister
	GetLoadBalancerEndpoint(ctx context.Context) (host, port string, err error)
}

MetadataAPI is an interface for accessing cloud metadata.

type Mounter

type Mounter interface {
	Mount(source string, target string, fstype string, flags uintptr, data string) error
	Unmount(target string, flags int) error
	MkdirAll(path string, perm fs.FileMode) error
}

Mounter is an interface for mount and unmount operations.

type NodeRecoverer

type NodeRecoverer struct {
	// contains filtered or unexported fields
}

NodeRecoverer bundles a RecoveryServer and RejoinClient.

func NewNodeRecoverer

func NewNodeRecoverer(recoveryServer RecoveryServer, rejoinClient RejoinClient) *NodeRecoverer

NewNodeRecoverer initializes a new nodeRecoverer.

func (*NodeRecoverer) Do

func (r *NodeRecoverer) Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error)

Do performs a recovery procedure on the given state disk. The method starts a gRPC server to allow manual recovery by a user. At the same time it tries to request a decryption key from all available Constellation control-plane nodes.

type RecoveryDoer

type RecoveryDoer interface {
	Do(uuid, endpoint string) (passphrase, measurementSecret []byte, err error)
}

RecoveryDoer is an interface to perform key recovery operations. Calls to Do may be blocking, and if successful return a passphrase and measurementSecret.

type RecoveryServer

type RecoveryServer interface {
	Serve(context.Context, net.Listener, string) (key, secret []byte, err error)
}

RecoveryServer interface serves a recovery server.

type RejoinClient

type RejoinClient interface {
	Start(context.Context, string) (key, secret []byte)
}

RejoinClient interface starts a rejoin client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL