Project

General

Profile

Feature #29096

Bug #28712: Need ability to import encrypted volumes

Add API to decrypt disks and import pool

Added by Peter Southwell over 1 year ago. Updated about 1 year ago.

Status:
Done
Priority:
No priority
Assignee:
William Grzybowski
Category:
Middleware
Target version:
Estimated time:
Severity:
Medium
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

http://192.168.1.3/legacy/storage/auto-import/?X-Progress-ID=6013ea8d-2871-4b9d-8098-60b192beb23f

Need an API to replace this....

Seems it takes an array of information.

This is in legacy UI. Detach an ecnrtyped volume.. (Not destroying it's data.. just a detach).
It'll appear in iport volumes.. If it's un ecnrytped to start... If not.. it wont untill you select.. yes unencrypt..
Then for each zpool.. You need the passphrase and gelikey... It'll auto unecrypt those resource.. And make them pop up as imports.

I need the part that lets me unecnrypt them. :)

For each volume it'd auto un-encrypt it takes..

[ { passphrase: "passphrase",
uploadedKey: "Place to take multi part upload of key"}, ... ]

That's my understanding of waht ui/legacy does :) APloogies if the api is present.. I looked hard for it.. but dind't find that particular one.. The strange part (well harder part).. being it takes geli.key files... I already have the upload form data there..

Cool that's the whole idea.

screenshot-20180313-133308.jpg (11.8 KB) screenshot-20180313-133308.jpg Erin Clark, 03/13/2018 01:33 PM
15097

Related issues

Related to FreeNAS - Umbrella #25917: Move business logic from Django to middlewared and make websocket API feature completeDone2017-07-24
Related to FreeNAS - Bug #35785: When importing a pool, do not get disks of UNAVAIL/OFFLINE vdevsDone

Associated revisions

Revision d461cd09 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): add disk.get_encrypted

Ticket: #29096

Revision bd1f6cc4 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): implement `disk.decrypt`

This will be used to import encrypted pool.

Ticket: #29096

Revision ab542404 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use middleware to decrypt disks

Ticket: #29096

Revision 34353f69 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): import pool.import_pool

Ticket: #29096

Revision 71b16787 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared/pool): add pool.import_find

Ticket: #29096

Revision 8c90b9fd (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/pool): skip UNAVAIL and existing guid pools

Ticket: #29096

Revision 37da24dd (diff)
Added by William Grzybowski over 1 year ago

feat(guiO0: use pool.import_find

Ticket: #29096

Revision 2905d091 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): import pool using pool.import_pool

Ticket: #29096

Revision 577377b7 (diff)
Added by William Grzybowski over 1 year ago

fix(gui): use passphrase and enc_disks

Ticket: #29096

Revision 8a76cf7d (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): add disk.get_encrypted

Ticket: #29096

Revision ce199b5a (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): implement `disk.decrypt`

This will be used to import encrypted pool.

Ticket: #29096

Revision dc268a44 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use middleware to decrypt disks

Ticket: #29096

Revision 79230256 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): import pool.import_pool

Ticket: #29096

Revision afda7cbf (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared/pool): add pool.import_find

Ticket: #29096

Revision 2771b189 (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/pool): skip UNAVAIL and existing guid pools

Ticket: #29096

Revision b4ade831 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use pool.import_find

Ticket: #29096

Revision b060e735 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): import pool using pool.import_pool

Ticket: #29096

Revision 6e31bb7c (diff)
Added by William Grzybowski over 1 year ago

fix(gui): use passphrase and enc_disks

Ticket: #29096

Revision d01a0b45 (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/disk): pep8

Ticket: #29096

Revision 948a330c (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): add disk.get_encrypted

Ticket: #29096

Revision 01541387 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): implement `disk.decrypt`

This will be used to import encrypted pool.

Ticket: #29096

Revision d99c164b (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use middleware to decrypt disks

Ticket: #29096

Revision 72e8209a (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): import pool.import_pool

Ticket: #29096

Revision b6125907 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared/pool): add pool.import_find

Ticket: #29096

Revision a8b0b71d (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/pool): skip UNAVAIL and existing guid pools

Ticket: #29096

Revision 04473e8e (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use pool.import_find

Ticket: #29096

Revision f83fa537 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): import pool using pool.import_pool

Ticket: #29096

Revision 88827716 (diff)
Added by William Grzybowski over 1 year ago

fix(gui): use passphrase and enc_disks

Ticket: #29096

Revision 03f1f91b (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/disk): pep8

Ticket: #29096

Revision 0ec443f4 (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared): pipe checking and private attribute

Pointed out by @themylogin.

Ticket: #29096

Revision 60368c1a (diff)
Added by William Grzybowski over 1 year ago

fix(gui): make sure to seek file object before reusing it

Ticket: #29096

Revision c53c4881 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): add disk.get_encrypted

Ticket: #29096

Revision bb30be73 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): implement `disk.decrypt`

This will be used to import encrypted pool.

Ticket: #29096

Revision 632de791 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use middleware to decrypt disks

Ticket: #29096

Revision 9b0b6fe1 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared): import pool.import_pool

Ticket: #29096

Revision 1f552812 (diff)
Added by William Grzybowski over 1 year ago

feat(middlewared/pool): add pool.import_find

Ticket: #29096

Revision ee893749 (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/pool): skip UNAVAIL and existing guid pools

Ticket: #29096

Revision 2c7e7fea (diff)
Added by William Grzybowski over 1 year ago

feat(gui): use pool.import_find

Ticket: #29096

Revision fdfa1a26 (diff)
Added by William Grzybowski over 1 year ago

feat(gui): import pool using pool.import_pool

Ticket: #29096

Revision 022cdf82 (diff)
Added by William Grzybowski over 1 year ago

fix(gui): use passphrase and enc_disks

Ticket: #29096

Revision e2fdb48b (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared/disk): pep8

Ticket: #29096

Revision 508d2666 (diff)
Added by William Grzybowski over 1 year ago

fix(middlewared): pipe checking and private attribute

Pointed out by @themylogin.

Ticket: #29096

Revision 9da2eb0c (diff)
Added by William Grzybowski over 1 year ago

fix(gui): make sure to seek file object before reusing it

Ticket: #29096

History

#1 Updated by William Grzybowski over 1 year ago

Heh, Its very hard to parse that description :)

Let me see if I understood some of it.

You want an API that will take a list of geli and decrypt them with the given key and passphrase? Like the screen to decrypt in Auto Import Legacy UI (Yes or No only please : )

#2 Updated by William Grzybowski over 1 year ago

  • Status changed from Not Started to Blocked
  • Reason for Blocked set to Waiting for feedback

#3 Updated by Erin Clark over 1 year ago

15097

I think he does mean he needs an api for unlocking encrypted volumes, so he can do something like in the screenshot attached

----- Yap Erin that is what I meant

#4 Updated by Dru Lavigne over 1 year ago

  • Status changed from Blocked to Not Started
  • Target version changed from Master - FreeNAS Nightlies to 11.2-RC2
  • Reason for Blocked deleted (Waiting for feedback)

#5 Updated by Erin Clark over 1 year ago

  • Target version changed from 11.2-RC2 to 11.2-BETA1

#6 Updated by William Grzybowski over 1 year ago

  • Status changed from Not Started to In Progress

#7 Updated by William Grzybowski over 1 year ago

  • Related to Umbrella #25917: Move business logic from Django to middlewared and make websocket API feature complete added

#8 Updated by William Grzybowski over 1 year ago

  • Subject changed from Need an API that figures out how many Detached but not destroyed volumes are present.. And Auto Un-Encrypt them. This then makes them.. Importable volumes. to API to decrypt geli disks and import pool

#9 Updated by William Grzybowski over 1 year ago

  • Status changed from In Progress to Done

Here are the new API calls:

disk.get_encrypted [{"unused": true}] -- This will return a list of encrypted disks that can be used to import an encrypted pool

disk.decrypt [ ["gptid/foo", "gptid/bar"], "passphrase" ] -- This will decrypt the given disks using an encryption key and using "passphrase". IMPORTANT: This is an special method, its a job and you need to upload the key using /_upload/ URL (To see how this works see how "Upload Config" works in the new UI.

pool.import_find -- This is to be called after disk.encrypt finishes successfully and will show all pools available for import

pool.import_pool [{"guid": "guid returned in pool.import_find", "devices": [""gptid/foo", "gptid/bar"], "passphrase": "passphrase here"}] -- IMPORTANT: this is also a job and just like disk.decrypt, you need to upload key using /_upload/

Let me know on RC if you have any questions.

#10 Updated by Dru Lavigne over 1 year ago

  • Subject changed from API to decrypt geli disks and import pool to Add API to decrypt disks and import pool
  • Needs Doc changed from Yes to No

#11 Updated by Dru Lavigne over 1 year ago

  • Needs Merging changed from Yes to No

#12 Updated by Dru Lavigne about 1 year ago

  • Status changed from Done to Ready for Testing

#13 Avatar?id=55038&size=24x24 Updated by Zackary Welch about 1 year ago

  • Severity set to Medium

Import_find and import_pool both work for an unencrypted pool. For an encrypted pool I have not been able to test this due to a related bug. disk/get_encrypted works fine. I will test import_find/import_pool/decrypt when https://redmine.ixsystems.com/issues/35785 is closed.

#14 Updated by Dru Lavigne about 1 year ago

  • Related to Bug #35785: When importing a pool, do not get disks of UNAVAIL/OFFLINE vdevs added

#15 Updated by Bonnie Follweiler about 1 year ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Test Passed in FreeNAS 11.2Internal 12

#16 Updated by Dru Lavigne about 1 year ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF