Issue stratisd 3598

[mulkieran]

No description provided.

[mulkieran]

Current help text for create pool:

$ PYTHONPATH=./src ./bin/stratis pool create --help
usage: stratis pool create [-h] [--clevis {nbde,tang,tpm2}]
                           [--tang-url TANG_URL]
                           [--trust-url | --thumbprint THUMBPRINT]
                           [--integrity {no,pre-allocate}]
                           [--journal-size JOURNAL_SIZE]
                           [--tag-spec {32b,512b}] [--key-desc KEY_DESC]
                           [--no-overprovision]
                           pool_name blockdevs [blockdevs ...]

positional arguments:
  pool_name             Name of new pool
  blockdevs             Create the pool using these block devs

options:
  -h, --help            show this help message and exit
  --key-desc KEY_DESC   Key description of key in kernel keyring to use for
                        encryption
  --no-overprovision    Do not allow the sum of the logical size of the pool's
                        filesystems to exceed the size of the pool's data
                        area.

clevis:
  Arguments controlling creation with Clevis encryption

  --clevis {nbde,tang,tpm2}
                        Specification for binding with Clevis.
  --tang-url TANG_URL   URL of Clevis tang server (--clevis=[tang|nbde] must
                        be set)
  --trust-url           Omit verification of tang server credentials (--tang-
                        url option must be set)
  --thumbprint THUMBPRINT
                        Thumbprint of tang server (--tang-url option must be
                        set)

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --integrity {no,pre-allocate}
                        Integrity options for this pool. If "no" no space will
                        be allocated for integrity metadata and it will never
                        be possible to turn on integrity functionality for
                        this pool. If "pre-allocate" then space will be
                        allocated for integrity metadata and it will be
                        possible to switch on integrity functionality in
                        future. The default is "pre-allocate".
  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The default is 128 MiB.
  --tag-spec {32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. All size specifications are in
                        bits. The default is 512b.

[mulkieran]

How the pool detail view looks now:

UUID: cf285532-c12b-4e6e-b8f6-84d76a843b5c
Name: pn
Alerts: 0
Metadata Version: 2
Actions Allowed: fully_operational
Cache: No
Filesystem Limit: 10
Allows Overprovisioning: Yes
Encryption Enabled: Yes
    Token Slot: 0
        Key Description: key
    Token Slot: 1
        Clevis Pin: tang
        Clevis Configuration: {'stratis:tang:trust_url': True, 'url': 'url'}
Fully Allocated: No
    Size: 512 EiB
    Allocated: 2.50 GiB
    Used: 0 B

[drckeefe]

The output of the pool create and the pool detailed view look good to me.

[mulkieran]

Pool help is now modified so that all the encryption options are shown together:

usage: stratis pool create [-h] [--key-desc KEY_DESC]
                           [--clevis {nbde,tang,tpm2}] [--tang-url TANG_URL]
                           [--trust-url | --thumbprint THUMBPRINT]
                           [--integrity {no,pre-allocate}]
                           [--journal-size JOURNAL_SIZE]
                           [--tag-spec {32b,512b}] [--no-overprovision]
                           pool_name blockdevs [blockdevs ...]

positional arguments:
  pool_name             Name of new pool
  blockdevs             Create the pool using these block devs

options:
  -h, --help            show this help message and exit
  --no-overprovision    Do not allow the sum of the logical size of the pool's
                        filesystems to exceed the size of the pool's data
                        area.

encryption:
  Arguments controlling creation with encryption

  --key-desc KEY_DESC   Key description of key in kernel keyring to use for
                        encryption
  --clevis {nbde,tang,tpm2}
                        Specification for binding with Clevis.
  --tang-url TANG_URL   URL of Clevis tang server (--clevis=[tang|nbde] must
                        be set)
  --trust-url           Omit verification of tang server credentials (--tang-
                        url option must be set)
  --thumbprint THUMBPRINT
                        Thumbprint of tang server (--tang-url option must be
                        set)

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --integrity {no,pre-allocate}
                        Integrity options for this pool. If "no" no space will
                        be allocated for integrity metadata and it will never
                        be possible to turn on integrity functionality for
                        this pool. If "pre-allocate" then space will be
                        allocated for integrity metadata and it will be
                        possible to switch on integrity functionality in
                        future. The default is "pre-allocate".
  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The default is 128 MiB.
  --tag-spec {32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. All size specifications are in
                        bits. The default is 512b.

[mulkieran]

Unbind help text:

$ PYTHONPATH=./src ./bin/stratis pool unbind --help
usage: stratis pool unbind [-h] [--token-slot TOKEN_SLOT]
                           {keyring,clevis} pool_name

positional arguments:
  {keyring,clevis}      Encryption method to unbind
  pool_name             Pool name

options:
  -h, --help            show this help message and exit
  --token-slot TOKEN_SLOT
                        token slot; must be specified if there is more than
                        one binding with the specified method

Rebind help text for Clevis:

$ PYTHONPATH=./src ./bin/stratis pool rebind clevis --help
usage: stratis pool rebind clevis [-h] [--token-slot TOKEN_SLOT] pool_name

positional arguments:
  pool_name             Pool name

options:
  -h, --help            show this help message and exit
  --token-slot TOKEN_SLOT
                        token slot; must be specified if there is more than
                        one binding with the specified method

[mulkieran]

All unittests passing, coverage failures.

[mulkieran]

Current help text for stratis pool start --help:

$ PYTHONPATH=./src ./bin/stratis pool start --help
usage: stratis pool start [-h] [--keyfile-path KEYFILE_PATH | --capture-key]
                          [--unlock-method {any,clevis,keyring}]
                          (--uuid UUID | --name NAME)

options:
  -h, --help            show this help message and exit
  --unlock-method {any,clevis,keyring}
                        Method to use to unlock the pool if encrypted.
  --uuid UUID           UUID of the pool to start
  --name NAME           name of the pool to start

Key Specification:
  Arguments to allow specifying a key

  --keyfile-path KEYFILE_PATH
                        Path to a key file containing a key
  --capture-key         Read key from stdin

Proposed help text:

usage: stratis pool start [-h]
                          [--unlock-method {any,clevis,keyring} | --token-slot TOKEN_SLOT]
                          [--keyfile-path KEYFILE_PATH | --capture-key]
                          (--uuid UUID | --name NAME)

options:
  -h, --help            show this help message and exit
  --uuid UUID           UUID of the pool to start
  --name NAME           name of the pool to start

Unlock Method:
  Arguments to allow specifying an unlock method when pool is encrypted

  --unlock-method {any,clevis,keyring}
                        Method to use to unlock the pool
  --token-slot TOKEN_SLOT
                        token slot; alternative way of specifying an unlock
                        method; for V2 pools only

Key Specification:
  Arguments to allow specifying a key

  --keyfile-path KEYFILE_PATH
                        Path to a key file containing a key
  --capture-key         Read key from stdin

[mulkieran]

/packit build

[packit-as-a-service]

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

• sudo yum install -y dnf-plugins-core on RHEL 8
• sudo dnf install -y dnf-plugins-core on Fedora
• dnf copr enable packit/stratis-storage-stratis-cli-1116
• And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

[mulkieran]

rebased

[mulkieran]

/packit build