def get_encryption_status(self):
encryption_status = {
"data": "NotEncrypted",
"os": "NotEncrypted"
}
mount_items = self.get_mount_items()
os_drive_encrypted = False
data_drives_found = False
data_drives_encrypted = True
for mount_item in mount_items:
if mount_item["fs"] in ["ext2", "ext4", "ext3", "xfs"] and \
not "/mnt" == mount_item["dest"] and \
not "/" == mount_item["dest"] and \
not "/oldroot/mnt/resource" == mount_item["dest"] and \
not "/oldroot/boot" == mount_item["dest"] and \
not "/oldroot" == mount_item["dest"] and \
not "/mnt/resource" == mount_item["dest"] and \
not "/boot" == mount_item["dest"]:
data_drives_found = True
if not "/dev/mapper" in mount_item["src"]:
self.logger.log("Data volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"]))
data_drives_encrypted = False
if mount_item["dest"] == "/" and \
"/dev/mapper" in mount_item["src"] or \
"/dev/dm" in mount_item["src"]:
self.logger.log("OS volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"]))
os_drive_encrypted = True
if not data_drives_found:
encryption_status["data"] = "NotMounted"
elif data_drives_encrypted:
encryption_status["data"] = "Encrypted"
if os_drive_encrypted:
encryption_status["os"] = "Encrypted"
encryption_marker = EncryptionMarkConfig(self.logger, self.encryption_environment)
decryption_marker = DecryptionMarkConfig(self.logger, self.encryption_environment)
if decryption_marker.config_file_exists():
encryption_status["data"] = "DecryptionInProgress"
elif encryption_marker.config_file_exists():
encryption_config = EncryptionConfig(self.encryption_environment, self.logger)
volume_type = encryption_config.get_volume_type().lower()
if volume_type == CommonVariables.VolumeTypeData.lower() or \
volume_type == CommonVariables.VolumeTypeAll.lower():
encryption_status["data"] = "EncryptionInProgress"
if volume_type == CommonVariables.VolumeTypeOS.lower() or \
volume_type == CommonVariables.VolumeTypeAll.lower():
encryption_status["os"] = "EncryptionInProgress"
elif os.path.exists('/dev/mapper/osencrypt') and not os_drive_encrypted:
encryption_status["os"] = "VMRestartPending"
return json.dumps(encryption_status)
def get_encryption_status(self):
encryption_status = {
"data": "NotEncrypted",
"os": "NotEncrypted"
}
mount_items = self.get_mount_items()
os_drive_encrypted = False
data_drives_found = False
data_drives_encrypted = True
osmapper_path = os.path.join(CommonVariables.dev_mapper_root, CommonVariables.osmapper_name)
for mount_item in mount_items:
if mount_item["fs"] in ["ext2", "ext4", "ext3", "xfs"] and \
not "/mnt" == mount_item["dest"] and \
not "/" == mount_item["dest"] and \
not "/oldroot/mnt/resource" == mount_item["dest"] and \
not "/oldroot/boot" == mount_item["dest"] and \
not "/oldroot" == mount_item["dest"] and \
not "/mnt/resource" == mount_item["dest"] and \
not "/boot" == mount_item["dest"]:
data_drives_found = True
if not CommonVariables.dev_mapper_root in mount_item["src"]:
self.logger.log("Data volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"]))
data_drives_encrypted = False
if self.is_os_disk_lvm():
grep_result = self.command_executor.ExecuteInBash('pvdisplay | grep {0}'.format(osmapper_path), suppress_logging=True)
if grep_result == 0 and not os.path.exists('/volumes.lvm'):
self.logger.log("OS PV is encrypted")
os_drive_encrypted = True
elif mount_item["dest"] == "/" and \
CommonVariables.dev_mapper_root in mount_item["src"] or \
"/dev/dm" in mount_item["src"]:
self.logger.log("OS volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"]))
os_drive_encrypted = True
if not data_drives_found:
encryption_status["data"] = "NotMounted"
elif data_drives_encrypted:
encryption_status["data"] = "Encrypted"
if os_drive_encrypted:
encryption_status["os"] = "Encrypted"
encryption_marker = EncryptionMarkConfig(self.logger, self.encryption_environment)
decryption_marker = DecryptionMarkConfig(self.logger, self.encryption_environment)
if decryption_marker.config_file_exists():
encryption_status["data"] = "DecryptionInProgress"
elif encryption_marker.config_file_exists():
encryption_config = EncryptionConfig(self.encryption_environment, self.logger)
volume_type = encryption_config.get_volume_type().lower()
if volume_type == CommonVariables.VolumeTypeData.lower() or \
volume_type == CommonVariables.VolumeTypeAll.lower():
encryption_status["data"] = "EncryptionInProgress"
if volume_type == CommonVariables.VolumeTypeOS.lower() or \
volume_type == CommonVariables.VolumeTypeAll.lower():
encryption_status["os"] = "EncryptionInProgress"
elif os.path.exists(osmapper_path) and not os_drive_encrypted:
encryption_status["os"] = "VMRestartPending"
return json.dumps(encryption_status)
