def get_encryption_status(self): encryption_status = { "data": "NotEncrypted", "os": "NotEncrypted" } mount_items = self.get_mount_items() os_drive_encrypted = False data_drives_found = False data_drives_encrypted = True for mount_item in mount_items: if mount_item["fs"] in ["ext2", "ext4", "ext3", "xfs"] and \ not "/mnt" == mount_item["dest"] and \ not "/" == mount_item["dest"] and \ not "/oldroot/mnt/resource" == mount_item["dest"] and \ not "/oldroot/boot" == mount_item["dest"] and \ not "/oldroot" == mount_item["dest"] and \ not "/mnt/resource" == mount_item["dest"] and \ not "/boot" == mount_item["dest"]: data_drives_found = True if not "/dev/mapper" in mount_item["src"]: self.logger.log("Data volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"])) data_drives_encrypted = False if mount_item["dest"] == "/" and \ "/dev/mapper" in mount_item["src"] or \ "/dev/dm" in mount_item["src"]: self.logger.log("OS volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"])) os_drive_encrypted = True if not data_drives_found: encryption_status["data"] = "NotMounted" elif data_drives_encrypted: encryption_status["data"] = "Encrypted" if os_drive_encrypted: encryption_status["os"] = "Encrypted" encryption_marker = EncryptionMarkConfig(self.logger, self.encryption_environment) decryption_marker = DecryptionMarkConfig(self.logger, self.encryption_environment) if decryption_marker.config_file_exists(): encryption_status["data"] = "DecryptionInProgress" elif encryption_marker.config_file_exists(): encryption_config = EncryptionConfig(self.encryption_environment, self.logger) volume_type = encryption_config.get_volume_type().lower() if volume_type == CommonVariables.VolumeTypeData.lower() or \ volume_type == CommonVariables.VolumeTypeAll.lower(): encryption_status["data"] = "EncryptionInProgress" if volume_type == CommonVariables.VolumeTypeOS.lower() or \ volume_type == CommonVariables.VolumeTypeAll.lower(): encryption_status["os"] = "EncryptionInProgress" elif os.path.exists('/dev/mapper/osencrypt') and not os_drive_encrypted: encryption_status["os"] = "VMRestartPending" return json.dumps(encryption_status)
def get_encryption_status(self): encryption_status = { "data": "NotEncrypted", "os": "NotEncrypted" } mount_items = self.get_mount_items() os_drive_encrypted = False data_drives_found = False data_drives_encrypted = True osmapper_path = os.path.join(CommonVariables.dev_mapper_root, CommonVariables.osmapper_name) for mount_item in mount_items: if mount_item["fs"] in ["ext2", "ext4", "ext3", "xfs"] and \ not "/mnt" == mount_item["dest"] and \ not "/" == mount_item["dest"] and \ not "/oldroot/mnt/resource" == mount_item["dest"] and \ not "/oldroot/boot" == mount_item["dest"] and \ not "/oldroot" == mount_item["dest"] and \ not "/mnt/resource" == mount_item["dest"] and \ not "/boot" == mount_item["dest"]: data_drives_found = True if not CommonVariables.dev_mapper_root in mount_item["src"]: self.logger.log("Data volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"])) data_drives_encrypted = False if self.is_os_disk_lvm(): grep_result = self.command_executor.ExecuteInBash('pvdisplay | grep {0}'.format(osmapper_path), suppress_logging=True) if grep_result == 0 and not os.path.exists('/volumes.lvm'): self.logger.log("OS PV is encrypted") os_drive_encrypted = True elif mount_item["dest"] == "/" and \ CommonVariables.dev_mapper_root in mount_item["src"] or \ "/dev/dm" in mount_item["src"]: self.logger.log("OS volume {0} is mounted from {1}".format(mount_item["dest"], mount_item["src"])) os_drive_encrypted = True if not data_drives_found: encryption_status["data"] = "NotMounted" elif data_drives_encrypted: encryption_status["data"] = "Encrypted" if os_drive_encrypted: encryption_status["os"] = "Encrypted" encryption_marker = EncryptionMarkConfig(self.logger, self.encryption_environment) decryption_marker = DecryptionMarkConfig(self.logger, self.encryption_environment) if decryption_marker.config_file_exists(): encryption_status["data"] = "DecryptionInProgress" elif encryption_marker.config_file_exists(): encryption_config = EncryptionConfig(self.encryption_environment, self.logger) volume_type = encryption_config.get_volume_type().lower() if volume_type == CommonVariables.VolumeTypeData.lower() or \ volume_type == CommonVariables.VolumeTypeAll.lower(): encryption_status["data"] = "EncryptionInProgress" if volume_type == CommonVariables.VolumeTypeOS.lower() or \ volume_type == CommonVariables.VolumeTypeAll.lower(): encryption_status["os"] = "EncryptionInProgress" elif os.path.exists(osmapper_path) and not os_drive_encrypted: encryption_status["os"] = "VMRestartPending" return json.dumps(encryption_status)