curtin

Merge ~dbungert/curtin:lp-2057661-flock-zfs-ctd into curtin:master

  1. Git
  2. lp:~dbungert/curtin
  3. lp-2057661-flock-zfs-ctd
  4. Merge into master
Proposed by Dan Bungert
Status: Merged
Merged at revision: e4c7d7186c59ade359652db5accb6cb7156df499
Proposed branch: ~dbungert/curtin:lp-2057661-flock-zfs-ctd
Merge into: curtin:master
Diff against target: 63 lines (+15/-4)
2 files modified
curtin/block/zfs.py (+14/-4)
curtin/util.py (+1/-0)
Reviewer Review Type Date Requested Status
Server Team CI bot continuous-integration Approve
Michael Hudson-Doyle Approve
Review via email: mp+464246@code.launchpad.net

Commit message

do not squash

Description of the change

zfs: add flock for keystore

In LP: #2057661 and the (currently) 4 duplicates, the luksFormat of
keystore can randomly fail. stracing of udevd looking for
https://systemd.io/BLOCK_DEVICE_LOCKING/ shows that indeed udevd is
examining these keystore devices.

Lock the keystore, and add some `udevadm settle` to be more like
Ubiquity behavior.

To post a comment you must log in.
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:3fc197239e3a0ebb366e188c0d2a7c8e0a36bbaf
https://jenkins.canonical.com/server-team/job/curtin-ci/265/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/265/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/265/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/265//rebuild

review: Approve (continuous-integration)
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

I think this is fine and probably helps. I think it's a bit overbroad probably but maybe that's not a real problem considering how much overbroad stuff there is in curtin currently...

review: Approve
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:e4c7d7186c59ade359652db5accb6cb7156df499
https://jenkins.canonical.com/server-team/job/curtin-ci/266/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-amd64/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-arm64/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-ppc64el/266/
    SUCCESS: https://jenkins.canonical.com/server-team/job/curtin-ci/nodes=metal-s390x/266/

Click here to trigger a rebuild:
https://jenkins.canonical.com/server-team/job/curtin-ci/266//rebuild

review: Approve (continuous-integration)
Revision history for this message
Dan Bungert (dbungert) :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/curtin/block/zfs.py b/curtin/block/zfs.py
index ccdddbb..519fa51 100644
--- a/curtin/block/zfs.py
+++ b/curtin/block/zfs.py
@@ -12,6 +12,7 @@ from contextlib import ExitStack
12from pathlib import Path12from pathlib import Path
1313
14from curtin.config import merge_config14from curtin.config import merge_config
15from curtin.udev import udevadm_settle
15from curtin import distro16from curtin import distro
16from curtin import util17from curtin import util
17from . import blkid, get_supported_filesystems18from . import blkid, get_supported_filesystems
@@ -89,25 +90,34 @@ class ZPoolEncryption:
89 zfs_create(90 zfs_create(
90 self.poolname, "keystore", {"encryption": "off"}, keystore_size,91 self.poolname, "keystore", {"encryption": "off"}, keystore_size,
91 )92 )
93 keystore_volume = f"/dev/zvol/{self.poolname}/keystore"
94 udevadm_settle(exists=keystore_volume)
9295
93 with ExitStack() as es:96 with ExitStack() as es:
94 for vdev in self.vdevs:97 for vdev in self.vdevs:
95 es.enter_context(util.FlockEx(vdev))98 es.enter_context(util.FlockEx(vdev))
9699
97 # cryptsetup format and open this keystore100 # cryptsetup format and open this keystore
98 keystore_volume = f"/dev/zvol/{self.poolname}/keystore"
99 cmd = ["cryptsetup", "luksFormat", keystore_volume, self.keyfile]101 cmd = ["cryptsetup", "luksFormat", keystore_volume, self.keyfile]
100 util.subp(cmd)102
103 # strace has shown that udevd does indeed probe this keystore
104 with util.FlockEx(keystore_volume):
105 util.subp(cmd, capture=True)
106
107 udevadm_settle()
108
101 dm_name = f"keystore-{self.poolname}"109 dm_name = f"keystore-{self.poolname}"
102 cmd = [110 cmd = [
103 "cryptsetup", "open", "--type", "luks", keystore_volume,111 "cryptsetup", "open", "--type", "luks", keystore_volume,
104 dm_name, "--key-file", self.keyfile,112 dm_name, "--key-file", self.keyfile,
105 ]113 ]
106 util.subp(cmd)114 util.subp(cmd, capture=True)
115
116 dmpath = f"/dev/mapper/{dm_name}"
117 udevadm_settle(exists=dmpath)
107118
108 with ExitStack() as es:119 with ExitStack() as es:
109 # format as ext4, mount it, move the previously-generated systemkey120 # format as ext4, mount it, move the previously-generated systemkey
110 dmpath = f"/dev/mapper/{dm_name}"
111 es.enter_context(util.FlockEx(dmpath))121 es.enter_context(util.FlockEx(dmpath))
112 cmd = ["mke2fs", "-t", "ext4", dmpath, "-L", dm_name]122 cmd = ["mke2fs", "-t", "ext4", dmpath, "-L", dm_name]
113 util.subp(cmd, capture=True)123 util.subp(cmd, capture=True)
diff --git a/curtin/util.py b/curtin/util.py
index 66735e8..d9b7962 100644
--- a/curtin/util.py
+++ b/curtin/util.py
@@ -1452,6 +1452,7 @@ class FlockEx:
1452 raise TimeoutError("Failed to acquire LOCK_EX on {self.device}")1452 raise TimeoutError("Failed to acquire LOCK_EX on {self.device}")
14531453
1454 def __exit__(self, *args):1454 def __exit__(self, *args):
1455 LOG.debug(f"Releasing fcntl LOCK_EX on {self.device}")
1455 with suppress(Exception):1456 with suppress(Exception):
1456 fcntl.flock(self.lock_fd, fcntl.LOCK_UN)1457 fcntl.flock(self.lock_fd, fcntl.LOCK_UN)
1457 with suppress(Exception):1458 with suppress(Exception):

Subscribers

People subscribed via source and target branches