curtin

Merge ~dbungert/curtin:lp-2057661-flock-zfs-ctd into curtin:master

  1. Git
  2. lp:~dbungert/curtin
  3. lp-2057661-flock-zfs-ctd
  4. Merge into master
Proposed by Dan Bungert
Status: Merged
Merged at revision: e4c7d7186c59ade359652db5accb6cb7156df499
Proposed branch: ~dbungert/curtin:lp-2057661-flock-zfs-ctd
Merge into: curtin:master
Diff against target: 63 lines (+15/-4)
2 files modified
curtin/block/zfs.py (+14/-4)
curtin/util.py (+1/-0)
Reviewer Review Type Date Requested Status
Server Team CI bot continuous-integration Approve
Michael Hudson-Doyle Approve
Review via email: mp+464246@code.launchpad.net

Commit message

do not squash

Description of the change

zfs: add flock for keystore

In LP: #2057661 and the (currently) 4 duplicates, the luksFormat of
keystore can randomly fail. stracing of udevd looking for
https://systemd.io/BLOCK_DEVICE_LOCKING/ shows that indeed udevd is
examining these keystore devices.

Lock the keystore, and add some `udevadm settle` to be more like
Ubiquity behavior.

To post a comment you must log in.
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:3fc197239e3a0ebb366e188c0d2a7c8e0a36bbaf
https://jenkins.canonical.com/server-team/job/curtin-ci/265/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/265/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/265//rebuild

review: Approve (continuous-integration)
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

I think this is fine and probably helps. I think it's a bit overbroad probably but maybe that's not a real problem considering how much overbroad stuff there is in curtin currently...

review: Approve
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:e4c7d7186c59ade359652db5accb6cb7156df499
https://jenkins.canonical.com/server-team/job/curtin-ci/266/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/266/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/266//rebuild

review: Approve (continuous-integration)
Revision history for this message
Dan Bungert (dbungert) :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/curtin/block/zfs.py b/curtin/block/zfs.py
2index ccdddbb..519fa51 100644
3--- a/curtin/block/zfs.py
4+++ b/curtin/block/zfs.py
5@@ -12,6 +12,7 @@ from contextlib import ExitStack
6 from pathlib import Path
7
8 from curtin.config import merge_config
9+from curtin.udev import udevadm_settle
10 from curtin import distro
11 from curtin import util
12 from . import blkid, get_supported_filesystems
13@@ -89,25 +90,34 @@ class ZPoolEncryption:
14 zfs_create(
15 self.poolname, "keystore", {"encryption": "off"}, keystore_size,
16 )
17+ keystore_volume = f"/dev/zvol/{self.poolname}/keystore"
18+ udevadm_settle(exists=keystore_volume)
19
20 with ExitStack() as es:
21 for vdev in self.vdevs:
22 es.enter_context(util.FlockEx(vdev))
23
24 # cryptsetup format and open this keystore
25- keystore_volume = f"/dev/zvol/{self.poolname}/keystore"
26 cmd = ["cryptsetup", "luksFormat", keystore_volume, self.keyfile]
27- util.subp(cmd)
28+
29+ # strace has shown that udevd does indeed probe this keystore
30+ with util.FlockEx(keystore_volume):
31+ util.subp(cmd, capture=True)
32+
33+ udevadm_settle()
34+
35 dm_name = f"keystore-{self.poolname}"
36 cmd = [
37 "cryptsetup", "open", "--type", "luks", keystore_volume,
38 dm_name, "--key-file", self.keyfile,
39 ]
40- util.subp(cmd)
41+ util.subp(cmd, capture=True)
42+
43+ dmpath = f"/dev/mapper/{dm_name}"
44+ udevadm_settle(exists=dmpath)
45
46 with ExitStack() as es:
47 # format as ext4, mount it, move the previously-generated systemkey
48- dmpath = f"/dev/mapper/{dm_name}"
49 es.enter_context(util.FlockEx(dmpath))
50 cmd = ["mke2fs", "-t", "ext4", dmpath, "-L", dm_name]
51 util.subp(cmd, capture=True)
52diff --git a/curtin/util.py b/curtin/util.py
53index 66735e8..d9b7962 100644
54--- a/curtin/util.py
55+++ b/curtin/util.py
56@@ -1452,6 +1452,7 @@ class FlockEx:
57 raise TimeoutError("Failed to acquire LOCK_EX on {self.device}")
58
59 def __exit__(self, *args):
60+ LOG.debug(f"Releasing fcntl LOCK_EX on {self.device}")
61 with suppress(Exception):
62 fcntl.flock(self.lock_fd, fcntl.LOCK_UN)
63 with suppress(Exception):

Subscribers

People subscribed via source and target branches