search

coreos / butane

Butane translates human-readable Butane Configs into machine-readable Ignition Configs.
https://coreos.github.io/butane/
Apache License 2.0
255 stars 70 forks source link

add: Support LUKS encryption using IBM CEX secure keys on s390x #536

Open madhu-pillai opened 5 months ago

madhu-pillai commented 5 months ago

Added the feature of IBM CEX card based LUKS encryption. Kindly review..

madhu-pillai commented 4 months ago

Hi @travier , Can i've a review on this?

madhu-pillai commented 4 months ago

Hi @travier , I've changed the schema part to Cex. Kindly review it.

madhu-pillai commented 4 months ago 
$ butane % cat bin/arm64/openshift.bu 
variant: openshift
version: 4.17.0-experimental
metadata:
  name: MachineConfig
  labels:
    machineconfiguration.openshift.io/role: master1
boot_device:
  layout: s390x-eckd
  luks:
    device: /dev/dasda
    cex:
      enabled: true
 $ ./butane openshift.bu -o openshift.ign --pretty && cat openshift.ign
# Generated by Butane; do not edit
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master1
  name: MachineConfig
spec:
  config:
    ignition:
      version: 3.5.0-experimental
    storage:
      filesystems:
        - device: /dev/mapper/root
          format: xfs
          label: root
          wipeFilesystem: true
      luks:
        - cex:
            enabled: true
          device: /dev/dasda2
          label: luks-root
          name: root
          wipeVolume: true
madhu-pillai commented 4 months ago

Hi @prestist , Could you please review the updated comment?.

madhu-pillai commented 3 weeks ago 
[root@a3elp53 s390x]# ./butane boot.bu -o boot.ign --pretty
[root@a3elp53 s390x]# cat boot.bu
variant: fcos
version: 1.6.0-experimental
boot_device:
  layout: s390x-zfcp
  luks:
    device: /dev/sdb
    cex:
      enabled: true
[root@a3elp53 s390x]# cat boot.ign
{
  "ignition": {
    "version": "3.5.0-experimental"
  },
  "storage": {
    "filesystems": [
      {
        "device": "/dev/mapper/root",
        "format": "xfs",
        "label": "root",
        "wipeFilesystem": true
      }
    ],
    "luks": [
      {
        "cex": {
          "enabled": true
        },
        "device": "/dev/sdb4",
        "label": "luks-root",
        "name": "root",
        "wipeVolume": true
      }
    ]
  }
}
madhu-pillai commented 2 weeks ago

Hi, Is this pr ok to approve? or anything pending from my side?

prestist commented 5 days ago

@madhu-pillai , I am going to run through and review from my perspective, but will not be merging until I hear from @travier since he had a lot of feedback, and I want to ensure his concerns are resolved.

Note: the now latest version of ignition is 2.20.0 which has the functionality this sugar uses in stable, I would prefer to get this in before we update butane with that version and its new specs.

madhu-pillai commented 5 days ago

Please make sure that you have resolved, and fixed any review comments, there seems to be one which has gramar issues still here, and more importantly a question about structure here

Hi @prestist , These reviews were already updated in the last commit. Sorry i missed to update the review message. Now done.