Added C++ code which is designed for managing encrypted filesystems
for securely managing data on StarlingX. The code gets executed
when the luks-fs-mgr service is started.
The program does the following steps:
- Generates a passphrase using a PassphraseGenerator.
- Creates a default directory for LUKS operations if it doesn't exist.
- Parses the JSON configuration and extracts LUKS volume attributes.
- Checks if the LUKS vault file exists. If it does, it proceeds
to open and mount it. If not, it creates the vault file,
sets up encryption, opens it, creates a filesystem, and mounts it.
- Logs the relevant information.
- Cleans up the JSON object.
- The program returns 0 on successful execution and 1 on failure.
Depends-On: https://review.opendev.org/c/starlingx/integ/+/894531
Test Plan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: build-image
PASSED: AIO-SX bootstrap
PASSED: binary available at /usr/local/sbin/
PASSED: systemd unit file available at /lib/systemd/system
PASSED: luks_config.json avaiable at /etc/luks-fs-mgr.d/
PASSED: Started service on booted host with already created,
mounted luks volume
PASSED: Started service on booted host with sealed/closed
luks volume
PASSED: Started service on booted host with unsealed/open luks
volume and unmounted mountPath but mountPath exists
PASSED: Started service on booted host with unsealed/open luks
volume and FS is unmounted and vault img file also doesnt
exists.
PASSED: Started service on booted host with sealed/closed luks
volume and mountpath is unmounted and deleted
PASSED: Started service on booted host with sealed/closed luks
volume and mountpath is unmounted and deleted but vault
img file exits
PASSED: Started service on first boot host with changed config
file where vault size has 1G space
PASSED: Started service on first boot host with changed config
file where vault size has no suffix
PASSED: Started service on first boot host with changed config
file where vault size has no suffix as well as the numerical
value is less than the default size
PASSED: Started service on first boot host with changed config
file where vault size has incorrect suffix and numerical
value is less than the default size
PASSED: Started service on first boot host with changed config
file with changed mount path
PASSED: Started service on first boot host with changed config
file where vault size has incorrect suffix
PASSED: Started service on booted host with changed config file
where mount path has changed to incorrect path
PASSED: Started service on first boot with changed config file
where MOUNT_PATH is changed to different name under
default directory
PASSED: Started service on booted host with changed config file
where mount path has changed and volume name is changed
PASSED: Started service on booted host with changed config file
where we have 2 luks volume with mounted paths and then
these mounted paths are exchanged with the luks volume
PASSED: Started service on booted host with unsealed/open luks
volume and FS is unmounted, deleted and vault img file
also doesnt exists.
PASSED: Started service on first boot with changed config file
where MOUNT_PATH doesnt contain the full directory path
PASSED: Started service on booted host with changed config file
where 2 mount points are associated with 1 luks volume
and the change is persistent on both the mount points
PASSED: Started service on booted host with missing attribute
in json config file
PASSED: Started service on booted host with changed config file
where mount path has changed
Story: 2010872
Task: 48769
Change-Id: I17cb56b91f9c0d956138aa52a2e255f54908acc4
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
c6ebac4cd5