diff options
| author | Jason King <jasonbking@users.noreply.github.com> | 2020-02-26 15:24:12 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-26 15:24:12 -0600 |
| commit | 5cbb72a848d670186cc8a950e564d70c7208f889 (patch) | |
| tree | 1486942b762acd89d8999985429feea7032b788b | |
| parent | 5a729fe69e23102eef6f8e706f2b9ebe88059abf (diff) | |
| download | illumos-joyent-5cbb72a848d670186cc8a950e564d70c7208f889.tar.gz | |
OS-7880 Add encryption support to fs-joyent (#250)release-20200227
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Mike Gerdts <mike.gerdts@joyent.com>
Approved by: Mike Gerdts <mike.gerdts@joyent.com>
| -rwxr-xr-x | usr/src/cmd/svc/milestone/fs-joyent | 32 | ||||
| -rw-r--r-- | usr/src/cmd/svc/milestone/joyent-fs.xml | 8 |
2 files changed, 36 insertions, 4 deletions
diff --git a/usr/src/cmd/svc/milestone/fs-joyent b/usr/src/cmd/svc/milestone/fs-joyent index 9082f22e46..f8b4ffb53d 100755 --- a/usr/src/cmd/svc/milestone/fs-joyent +++ b/usr/src/cmd/svc/milestone/fs-joyent @@ -11,7 +11,7 @@ # # -# Copyright (c) 2018, Joyent, Inc. +# Copyright 2020 Joyent, Inc. # set -o xtrace @@ -70,6 +70,24 @@ function mount_zfs echo ${output} 1>&2 } +function unlock_pool +{ + local pool=$1 + + # If the key is already loaded, don't bother trying again + local keystatus="$(zfs get -Hpo value keystatus $pool)" + if [[ "$keystatus" == "available" ]]; then + return + fi + + kbmadm unlock $pool && return + + echo "Failed to unlock $pool; recovery may be required" | \ + tee -a /dev/console >&2 + + exit $SMF_EXIT_ERR_FATAL +} + /bin/bootparams | grep "^noimport=true" >/dev/null if [ $? -ne 0 ]; then # If the zpool doesn't exist, then there's nothing to mount. @@ -87,11 +105,17 @@ if [ $? -ne 0 ]; then for pool in $pools; do zpool import -f $pool - # Due to early, failed attempts to support the filesystem_limits - # feature we now need to ensure the dependent feature is enabled. - zpool set feature@extensible_dataset=enabled $pool + + is_encr="$(zfs get -Hpo value encryption $pool)" + + [[ "$is_encr" != "off" ]] && unlock_pool $pool + + # Due to early, failed attempts to support the filesystem_limits + # feature we now need to ensure the dependent feature is enabled. + zpool set feature@extensible_dataset=enabled $pool if [[ -f /$pool/.system_pool ]]; then SYS_ZPOOL=$pool + [[ "$is_encr" != "off" ]] && kbmadm set-syspool $pool fi done diff --git a/usr/src/cmd/svc/milestone/joyent-fs.xml b/usr/src/cmd/svc/milestone/joyent-fs.xml index 3d004e8d33..f21eae27d8 100644 --- a/usr/src/cmd/svc/milestone/joyent-fs.xml +++ b/usr/src/cmd/svc/milestone/joyent-fs.xml @@ -44,6 +44,14 @@ <service_fmri value='svc:/system/filesystem/usr' /> </dependency> + <dependency + name='kbmd' + grouping='optional_all' + restart_on='none' + type='service'> + <service_fmri value='svc:/system/kbmd:default' /> + </dependency> + <!-- Start method timeout is infinite to handle potentially unbounded fsck times. |