Class: Arver::SystemdOpenAction

Inherits:
Action
  • Object
show all
Defined in:
lib/arver/systemd_open_action.rb

Instance Attribute Summary

Attributes inherited from Action

#generator, #key, #keystore, #slot_of_target_user, #target_list, #target_user

Instance Method Summary collapse

Methods inherited from Action

#load_key, #needs_target_user?, #new_key_generator, #on_user, #open_keystore, #post_action, #post_host, #post_partition, #pre_action, #pre_host, #pre_partition, #run_on, #verify_key_on_target

Constructor Details

#initialize(target_list) ⇒ SystemdOpenAction

Returns a new instance of SystemdOpenAction.



5
6
7
8
 
# File 'lib/arver/systemd_open_action.rb', line 5

def initialize( target_list )
  super( target_list )
  self.open_keystore
end

Instance Method Details

#execute_partition(partition) ⇒ Object 



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/arver/systemd_open_action.rb', line 58

def execute_partition( partition )
  Arver::Log.info( "opening: "+partition.path )
  socket = nil
  partid = nil
  host = partition.parent

  partid = get_uuid(partition)
  socket = get_socket(host, partid)
  if socket.nil?
    Arver::Log.error( "Disk is not waiting to be opened" )
    throw( :abort_action )
  end

  # Upload password-agent binary and supply password to the correct socket
  binary = File.join(ROOT_DIR, "vendor", "password-agent")
  unless File.exist?(binary)
    puts "This gem is missing the native password-agent binary"
    throw( :abort_action )
  end
  # This is an epic hack to have a binary with exec permission
  # initrd does not have chmod, so we copy an existing binary and override it
  r = Arver::SSHCommandWrapper.create("cp", ["/bin/true", "/run/password-agent"], host, true, true).execute
  r = Arver::SSHCommandWrapper.create("cat", ["- > /run/password-agent"], host, true, true)
  r.execute(File.read(binary))
  unless r.success?
    puts "Could not upload password-agent"
    throw( :abort_action )
  end

  # Pass password
  a = Arver::SSHCommandWrapper.create("/run/password-agent", [socket], host, true, true)
  a.execute(key)

  Arver::Log.info("Trying to validate opening of #{partition.path} ..." )
  verified = false
  3.times do
    verified = verify_partition(partition)
    break if verified
    sleep 3
  end
  if verified
    Arver::Log.info("Success in validating opening of #{partition.path} ..." )
  else
    Arver::Log.error("Failed to validate opening of #{partition.path} ..." )
  end
end

#get_socket(host, partid) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/arver/systemd_open_action.rb', line 24

def get_socket(host, partid)
  # Check which partitions are waiting for a password
  # see https://systemd.io/PASSWORD_AGENTS/
  # systemd might have a while until they pop up does we try a few times
  3.times do
    found = false
    files_exec = ''
    3.times do
      files_exec = Arver::SSHCommandWrapper.create("ls", ["/run/systemd/ask-password/ask.*","2>","/dev/null"], host, true, true)
      files_exec.execute
      found = files_exec.success?
      break if found
      Arver::Log.error( "No ask-password definition found, retrying in 3 secs..." )
      sleep 3
    end
    if found
      files = files_exec.output.split("\n")

      # Find the socket for the partition we want to open
      files.each do |f|
        f_exec = Arver::SSHCommandWrapper.create("cat", [f], host, true, true)
        f_exec.execute
        ask_file = f_exec.output
        if ask_file =~ /#{partid}/
          ask_file =~ /Socket=(.*)/
          return $1
        end
      end
    end
  end
  Arver::Log.error( "No ask-password definitions found to scan. Aborting..." )
  nil
end

#verify?(partition) ⇒ Boolean

Returns:

  • (Boolean) 


10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/arver/systemd_open_action.rb', line 10

def verify?( partition )
  if(Arver::SSHCommandWrapper.is_system_running?(partition))
    Arver::Log.error( "#{partition.parent.name} already up. Use normal open, skipping." )
    return false
  end
  return false unless load_key( partition )

  if verify_partition(partition)
    Arver::Log.info( "#{partition.path} is already open! Skipping..." )
    return false
  end
  true
end