From b7ee3d930a69c08ddf1a2899674751274a568b4a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 7 Jul 2020 14:44:50 +0000 Subject: [PATCH 01/18] Adding code for unlock and added encryptformatall --- src/vm-repair/azext_vm_repair/repair_utils.py | 4 +- .../scripts/mount-encrypted-disk.sh | 150 +++++++++++++++--- .../scripts/mount-encrypted-disk.sh.ceschi | 126 +++++++++++++++ .../scripts/mount-encrypted-disk.sh.old | 125 +++++++++++++++ .../scripts/mount-encrypted-disk.sh.original | 49 ++++++ 5 files changed, 430 insertions(+), 24 deletions(-) create mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi create mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old create mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original diff --git a/src/vm-repair/azext_vm_repair/repair_utils.py b/src/vm-repair/azext_vm_repair/repair_utils.py index 8783e582eae..c70fd34327c 100644 --- a/src/vm-repair/azext_vm_repair/repair_utils.py +++ b/src/vm-repair/azext_vm_repair/repair_utils.py @@ -214,10 +214,10 @@ def _unlock_singlepass_encrypted_disk(source_vm, is_linux, repair_group_name, re try: if encryption_type is Encryption.SINGLE_WITH_KEK: - install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --key-encryption-key {kek_url} --volume-type {volume}' \ + install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --key-encryption-key {kek_url} --volume-type {volume} --encrypt-format-all' \ .format(g=repair_group_name, repair=repair_vm_name, vault=key_vault, kek_url=kekurl, volume=volume_type) elif encryption_type is Encryption.SINGLE_WITHOUT_KEK: - install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --volume-type {volume}' \ + install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --volume-type {volume} --encrypt-format-all' \ .format(g=repair_group_name, repair=repair_vm_name, vault=key_vault, volume=volume_type) logger.info('Unlocking attached copied disk...') _call_az_command(install_ade_extension_command) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index 05199f83139..ba032b2d0c2 100644 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -1,49 +1,155 @@ #!/bin/bash - +duplication_validation () +{ #/boot/efi duplication validation efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "$efi_cnt" -eq 2 ] +if [ "${efi_cnt}" -eq 2 ] then umount /boot/efi fi +} + +get_data_disk () +{ +export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` +echo "The data disk is ${data_disk}" +} -#creating mountpoint directories +create_mountpoints () +{ mkdir /{investigateboot,investigateroot} +} -#Getting boot and root partition info -mounted_disks=`df -Ph | awk '{print $1}' | egrep -iv "filesystem|tmpfs|udev" | sed 's/[0-9]//g' | xargs | sed 's/ /|/g'` +rename_local_lvm () +{ +echo "Renaming Local VG" +vgrename -y ${local_vg_list} rescuevg +} + +check_local_lvm () +{ +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` +local_vg_number=`vgs --noheadings -o vg_name | wc -l` +if [ ${local_vg_number} -eq 1 ] + then + echo "1 VG found, renaming it" + rename_local_lvm + else + echo "VGs found different than 1, we found ${local_vg_number}" +fi +} -root=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | sed -n 1p | awk '$4 > 60000000{print $1}'` -if [ -z $root ] +data_os_lvm_check () +{ +export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` +echo ${lvm_part} +if [ -z ${lvm_part} ] then - boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 1p` - root_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` +export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` +echo "Your OS partition on the data drive is ${root_part}" else - root_part="$root" - boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` +export root_part=${lvm_part} +echo "Your OS partition on the data drive is ${lvm_part}" fi +} + +locate_mount_data_boot () +{ +#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash +#get partitions on the data disk +export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` +echo "Your data partitions are: ${data_parts}" + +#create mountpoints for all the data parts +for i in ${data_parts} ; do echo "Creating mountpoint for ${i}" ; mkdir -p /tmp${i}; done + +#mount all partitions +for i in ${data_parts} ; do echo "Mounting ${i} on /tmp/${i}" ; mount ${i} /tmp${i}; done +export luksheaderpath=`find /tmp -name osluksheader` +echo "The luksheader part is ${luksheaderpath}" +export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` +echo "The boot partition on the data disk is ${boot_part}" +} +mount_cmd () +{ mount_cmd=`mount -o nouuid 2> /dev/null` if [ $? -gt 0 ] then - mount_cmd="mount" + export mount_cmd="mount" else - mount_cmd="mount -o nouuid" + export mount_cmd="mount -o nouuid" fi +} -#mouning the boot partition +mount_lvm () +{ +echo "Mounting LVM structures found on ${root_part}" +${mount_cmd} /dev/rootvg/rootlv /investigateroot +${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ +${mount_cmd} /dev/rootvg/homelv /investigateroot/home +${mount_cmd} /dev/rootvg/optlv /investigateroot/opt +${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr +${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp +} -$mount_cmd $boot_part /investigateboot +unlock_root () +{ +echo "unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" +cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt +} -#unlocking the root partition using passphrase +verify_root_unlock () +{ +lsblk -f | grep osencrypt +if [ $? -gt 0 ] +then + echo "device osencrypt was not found" + exit +else + echo "device osencrypt found" +fi +} -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader $root_part osencrypt +mount_encrypted () +{ +if [ -z ${lvm_part} ] +then +echo "The data disk doesn't have LVM" +echo "Mounting /dev/mapper/osencrypt on /investigateroot" +${mount_cmd} /dev/mapper/osencrypt /investigateroot +else + sleep 5 + mount_lvm +fi +} -#mounting the unlocked root partition +mount_boot () +{ +echo "Unmounting the boot partition ${boot_part} on the data drive from the temp mount" +umount -l ${boot_part} +echo "Mounting the boot partition ${boot_part} on /investigateboot" +${mount_cmd} ${boot_part} /investigateboot/ +} -$mount_cmd /dev/mapper/osencrypt /investigateroot +remount_boot () +{ +echo "Unmounting the boot partition ${boot_part} on the data drive from the temp mount" +umount -l ${boot_part} +echo "Mounting the boot partition ${boot_part} on /investigateroot/boot" +${mount_cmd} ${boot_part} /investigateroot/boot +} -#nmounting boot and mounting it inside rootpartition. -umount -l /investigateboot -$mount_cmd $boot_part /investigateroot/boot +duplication_validation +create_mountpoints +get_data_disk +check_local_lvm +data_os_lvm_check +mount_cmd +locate_mount_data_boot +mount_boot +unlock_root +verify_root_unlock +mount_encrypted +remount_boot diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi new file mode 100644 index 00000000000..f0622a8b94a --- /dev/null +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi @@ -0,0 +1,126 @@ +#!/bin/bash +duplication_validation () +{ +#/boot/efi duplication validation +efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` +if [ "${efi_cnt}" -eq 2 ] +then + umount /boot/efi +fi +} + +get_data_disk () +{ +export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` +echo "The data disk is ${data_disk}" +} + +create_mountpoints () +{ +mkdir /{investigateboot,investigateroot} +} + +rename_local_lvm () +{ +echo "Renaming Local VG" +vgrename -y ${local_vg_list} rescuevg +} + +check_local_lvm () +{ +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` +local_vg_number=`vgs --noheadings -o vg_name | wc -l` +if [ ${local_vg_number} -eq 1 ] + then + echo "1 VG found, renaming it" + rename_local_lvm + else + echo "VGs found different than 1, we found ${local_vg_number}" +fi +} + +data_os_lvm_check () +{ +export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` +echo ${lvm_part} +if [ -z ${lvm_part} ] +then +export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` +echo "Your OS partition on the data drive is ${root_part}" +else +export root_part=${lvm_part} +echo "Your OS partition on the data drive is ${lvm_part}" +fi +} + +locate_mount_data_boot () +{ +#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash +#get partitions on the data disk +export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` +echo "Your data partitions are: ${data_parts}" + +#create mountpoints for all the data parts +for i in ${data_parts} ; do mkdir /tmp${i}; done + +#mount all partitions +for i in ${data_parts} ; do mount ${i} /tmp${i}; done + +export luksheaderpath=`find /tmp -name osluksheader` +export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` +} + +mount_lvm () +{ +${mount_cmd} /dev/rootvg/rootlv /investigateroot +${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ +${mount_cmd} /dev/rootvg/homelv /investigateroot/home +${mount_cmd} /dev/rootvg/optlv /investigateroot/opt +${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr +${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp +} + +mount_cmd () +{ +export mount_cmd=`mount -o nouuid 2> /dev/null` +if [ $? -gt 0 ] +then + export mount_cmd="mount" +else + export mount_cmd="mount -o nouuid" +fi +} + +unlock_root () +{ +cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader ${root_part} osencrypt +} + +mount_encrypted () +{ +if [ -z ${lvm_part} ] +then + +${mount_cmd} /dev/mapper/osencrypt /investigateroot +else + sleep 5 + mount_lvm +fi +} + +remount_boot () +{ +umount -l ${boot_part} +${mount_cmd} ${boot_part} /investigateroot/boot +} + +duplication_validation +create_mountpoints +get_data_disk +check_local_lvm +data_os_lvm_check +mount_cmd +locate_mount_data_boot +unlock_root +mount_encrypted +remount_boot diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old new file mode 100644 index 00000000000..d1de3cdb4ad --- /dev/null +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old @@ -0,0 +1,125 @@ +#!/bin/bash +duplication_validation () +{ +#/boot/efi duplication validation +efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` +if [ "${efi_cnt}" -eq 2 ] +then + umount /boot/efi +fi +} + +create_mountpoints () +{ +mkdir /{investigateboot,investigateroot} +} + +get_boot_root_info () +{ +#Getting boot and root partition info +export mounted_disks=`df -Ph |grep ^/ | awk '{print $1}'` +} + +rename_local_lvm () +{ +echo "Renaming Local VG" +vgrename -y ${local_vg_list} rescuevg +} + +check_local_lvm () +{ +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` +local_vg_number=`vgs --noheadings -o vg_name | wc -l` +if [ ${local_vg_number} -eq 1 ] + then + echo "1 VG found, renaming it" + rename_local_lvm + else + echo "VGs found different than 1, we found ${local_vg_number}" +fi +} + +data_os_lvm_check () +{ +export lvm_part=`fdisk -l | egrep -iv "${mounted_disks}" | grep -i lvm | awk '{print $1}'` +echo ${lvm_part} +if [ -z ${lvm_part} ] +then +export root_part=`fdisk -l | egrep -iv "${mounted_disks}" | grep ^/ |awk '$4 > 60000000{print $1}'` +else +export root_part=${lvm_part} +fi +} + +locate_mount_data_boot () +{ +#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash +#get partitions on the data disk +export data_parts=`fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` + +#create mountpoints for all the data parts +for i in ${data_parts} ; do mkdir /tmp${i}; done + +#mount all partitions +for i in ${data_parts} ; do mount ${i} /tmp${i}; done + +export luksheaderpath=`find /tmp -name osluksheader` +export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` +} + + + +mount_lvm () +{ +${mount_cmd} /dev/rootvg/rootlv /investigateroot +${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ +${mount_cmd} /dev/rootvg/homelv /investigateroot/home +${mount_cmd} /dev/rootvg/optlv /investigateroot/opt +${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr +${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp +} + +mount_cmd () +{ +export mount_cmd=`mount -o nouuid 2> /dev/null` +if [ $? -gt 0 ] +then + export mount_cmd="mount" +else + export mount_cmd="mount -o nouuid" +fi +} + +unlock_root () +{ +cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader ${root_part} osencrypt +} + +mount_encrypted () +{ +if [ -z ${lvm_part} ] +then + +${mount_cmd} /dev/mapper/osencrypt /investigateroot +else + sleep 5 + mount_lvm +fi +} + +remount_boot () +{ +umount -l ${boot_part} +${mount_cmd} ${boot_part} /investigateroot/boot +} + +duplication_validation +create_mountpoints +get_boot_root_info +check_local_lvm +data_os_lvm_check +mount_cmd +locate_mount_data_boot +unlock_root +mount_encrypted +remount_boot diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original new file mode 100644 index 00000000000..05199f83139 --- /dev/null +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original @@ -0,0 +1,49 @@ +#!/bin/bash + +#/boot/efi duplication validation +efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` +if [ "$efi_cnt" -eq 2 ] +then + umount /boot/efi +fi + +#creating mountpoint directories +mkdir /{investigateboot,investigateroot} + +#Getting boot and root partition info +mounted_disks=`df -Ph | awk '{print $1}' | egrep -iv "filesystem|tmpfs|udev" | sed 's/[0-9]//g' | xargs | sed 's/ /|/g'` + +root=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | sed -n 1p | awk '$4 > 60000000{print $1}'` +if [ -z $root ] +then + boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 1p` + root_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` +else + root_part="$root" + boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` +fi + +mount_cmd=`mount -o nouuid 2> /dev/null` +if [ $? -gt 0 ] +then + mount_cmd="mount" +else + mount_cmd="mount -o nouuid" +fi + +#mouning the boot partition + +$mount_cmd $boot_part /investigateboot + +#unlocking the root partition using passphrase + +cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader $root_part osencrypt + +#mounting the unlocked root partition + +$mount_cmd /dev/mapper/osencrypt /investigateroot + +#nmounting boot and mounting it inside rootpartition. + +umount -l /investigateboot +$mount_cmd $boot_part /investigateroot/boot From a767bd71d9b2f69352207c49386022d4ebf68aa1 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 7 Jul 2020 14:51:43 +0000 Subject: [PATCH 02/18] removing temp files --- .../scripts/mount-encrypted-disk.sh.ceschi | 126 ------------------ .../scripts/mount-encrypted-disk.sh.old | 125 ----------------- .../scripts/mount-encrypted-disk.sh.original | 49 ------- 3 files changed, 300 deletions(-) delete mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi delete mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old delete mode 100644 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi deleted file mode 100644 index f0622a8b94a..00000000000 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.ceschi +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash -duplication_validation () -{ -#/boot/efi duplication validation -efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "${efi_cnt}" -eq 2 ] -then - umount /boot/efi -fi -} - -get_data_disk () -{ -export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` -echo "The data disk is ${data_disk}" -} - -create_mountpoints () -{ -mkdir /{investigateboot,investigateroot} -} - -rename_local_lvm () -{ -echo "Renaming Local VG" -vgrename -y ${local_vg_list} rescuevg -} - -check_local_lvm () -{ -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` -local_vg_number=`vgs --noheadings -o vg_name | wc -l` -if [ ${local_vg_number} -eq 1 ] - then - echo "1 VG found, renaming it" - rename_local_lvm - else - echo "VGs found different than 1, we found ${local_vg_number}" -fi -} - -data_os_lvm_check () -{ -export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` -echo ${lvm_part} -if [ -z ${lvm_part} ] -then -export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` -echo "Your OS partition on the data drive is ${root_part}" -else -export root_part=${lvm_part} -echo "Your OS partition on the data drive is ${lvm_part}" -fi -} - -locate_mount_data_boot () -{ -#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash -#get partitions on the data disk -export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` -echo "Your data partitions are: ${data_parts}" - -#create mountpoints for all the data parts -for i in ${data_parts} ; do mkdir /tmp${i}; done - -#mount all partitions -for i in ${data_parts} ; do mount ${i} /tmp${i}; done - -export luksheaderpath=`find /tmp -name osluksheader` -export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` -} - -mount_lvm () -{ -${mount_cmd} /dev/rootvg/rootlv /investigateroot -${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ -${mount_cmd} /dev/rootvg/homelv /investigateroot/home -${mount_cmd} /dev/rootvg/optlv /investigateroot/opt -${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr -${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp -} - -mount_cmd () -{ -export mount_cmd=`mount -o nouuid 2> /dev/null` -if [ $? -gt 0 ] -then - export mount_cmd="mount" -else - export mount_cmd="mount -o nouuid" -fi -} - -unlock_root () -{ -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader ${root_part} osencrypt -} - -mount_encrypted () -{ -if [ -z ${lvm_part} ] -then - -${mount_cmd} /dev/mapper/osencrypt /investigateroot -else - sleep 5 - mount_lvm -fi -} - -remount_boot () -{ -umount -l ${boot_part} -${mount_cmd} ${boot_part} /investigateroot/boot -} - -duplication_validation -create_mountpoints -get_data_disk -check_local_lvm -data_os_lvm_check -mount_cmd -locate_mount_data_boot -unlock_root -mount_encrypted -remount_boot diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old deleted file mode 100644 index d1de3cdb4ad..00000000000 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.old +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -duplication_validation () -{ -#/boot/efi duplication validation -efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "${efi_cnt}" -eq 2 ] -then - umount /boot/efi -fi -} - -create_mountpoints () -{ -mkdir /{investigateboot,investigateroot} -} - -get_boot_root_info () -{ -#Getting boot and root partition info -export mounted_disks=`df -Ph |grep ^/ | awk '{print $1}'` -} - -rename_local_lvm () -{ -echo "Renaming Local VG" -vgrename -y ${local_vg_list} rescuevg -} - -check_local_lvm () -{ -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` -local_vg_number=`vgs --noheadings -o vg_name | wc -l` -if [ ${local_vg_number} -eq 1 ] - then - echo "1 VG found, renaming it" - rename_local_lvm - else - echo "VGs found different than 1, we found ${local_vg_number}" -fi -} - -data_os_lvm_check () -{ -export lvm_part=`fdisk -l | egrep -iv "${mounted_disks}" | grep -i lvm | awk '{print $1}'` -echo ${lvm_part} -if [ -z ${lvm_part} ] -then -export root_part=`fdisk -l | egrep -iv "${mounted_disks}" | grep ^/ |awk '$4 > 60000000{print $1}'` -else -export root_part=${lvm_part} -fi -} - -locate_mount_data_boot () -{ -#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash -#get partitions on the data disk -export data_parts=`fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` - -#create mountpoints for all the data parts -for i in ${data_parts} ; do mkdir /tmp${i}; done - -#mount all partitions -for i in ${data_parts} ; do mount ${i} /tmp${i}; done - -export luksheaderpath=`find /tmp -name osluksheader` -export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` -} - - - -mount_lvm () -{ -${mount_cmd} /dev/rootvg/rootlv /investigateroot -${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ -${mount_cmd} /dev/rootvg/homelv /investigateroot/home -${mount_cmd} /dev/rootvg/optlv /investigateroot/opt -${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr -${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp -} - -mount_cmd () -{ -export mount_cmd=`mount -o nouuid 2> /dev/null` -if [ $? -gt 0 ] -then - export mount_cmd="mount" -else - export mount_cmd="mount -o nouuid" -fi -} - -unlock_root () -{ -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader ${root_part} osencrypt -} - -mount_encrypted () -{ -if [ -z ${lvm_part} ] -then - -${mount_cmd} /dev/mapper/osencrypt /investigateroot -else - sleep 5 - mount_lvm -fi -} - -remount_boot () -{ -umount -l ${boot_part} -${mount_cmd} ${boot_part} /investigateroot/boot -} - -duplication_validation -create_mountpoints -get_boot_root_info -check_local_lvm -data_os_lvm_check -mount_cmd -locate_mount_data_boot -unlock_root -mount_encrypted -remount_boot diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original deleted file mode 100644 index 05199f83139..00000000000 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh.original +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -#/boot/efi duplication validation -efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "$efi_cnt" -eq 2 ] -then - umount /boot/efi -fi - -#creating mountpoint directories -mkdir /{investigateboot,investigateroot} - -#Getting boot and root partition info -mounted_disks=`df -Ph | awk '{print $1}' | egrep -iv "filesystem|tmpfs|udev" | sed 's/[0-9]//g' | xargs | sed 's/ /|/g'` - -root=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | sed -n 1p | awk '$4 > 60000000{print $1}'` -if [ -z $root ] -then - boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 1p` - root_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` -else - root_part="$root" - boot_part=`fdisk -l | egrep -iv "$mounted_disks" | grep -i sd | grep -iv disk | awk '{print $1}' | sed -n 2p` -fi - -mount_cmd=`mount -o nouuid 2> /dev/null` -if [ $? -gt 0 ] -then - mount_cmd="mount" -else - mount_cmd="mount -o nouuid" -fi - -#mouning the boot partition - -$mount_cmd $boot_part /investigateboot - -#unlocking the root partition using passphrase - -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 --header /investigateboot/luks/osluksheader $root_part osencrypt - -#mounting the unlocked root partition - -$mount_cmd /dev/mapper/osencrypt /investigateroot - -#nmounting boot and mounting it inside rootpartition. - -umount -l /investigateboot -$mount_cmd $boot_part /investigateroot/boot From 14f0244f673f34e2298acb068dac19336ab1915a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 17 Jul 2020 23:58:51 +0000 Subject: [PATCH 03/18] Changes to logging and logic --- .../scripts/mount-encrypted-disk.sh | 338 ++++++++++-------- 1 file changed, 183 insertions(+), 155 deletions(-) mode change 100644 => 100755 src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh old mode 100644 new mode 100755 index ba032b2d0c2..67d6fb33493 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -1,155 +1,183 @@ -#!/bin/bash -duplication_validation () -{ -#/boot/efi duplication validation -efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "${efi_cnt}" -eq 2 ] -then - umount /boot/efi -fi -} - -get_data_disk () -{ -export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` -echo "The data disk is ${data_disk}" -} - -create_mountpoints () -{ -mkdir /{investigateboot,investigateroot} -} - -rename_local_lvm () -{ -echo "Renaming Local VG" -vgrename -y ${local_vg_list} rescuevg -} - -check_local_lvm () -{ -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` -local_vg_number=`vgs --noheadings -o vg_name | wc -l` -if [ ${local_vg_number} -eq 1 ] - then - echo "1 VG found, renaming it" - rename_local_lvm - else - echo "VGs found different than 1, we found ${local_vg_number}" -fi -} - -data_os_lvm_check () -{ -export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` -echo ${lvm_part} -if [ -z ${lvm_part} ] -then -export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` -echo "Your OS partition on the data drive is ${root_part}" -else -export root_part=${lvm_part} -echo "Your OS partition on the data drive is ${lvm_part}" -fi -} - -locate_mount_data_boot () -{ -#for i in `fdisk -l \`ls -l /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'\`| grep ^/ | awk '{print $1}'` ; do echo "mkdir -p /tmp$i ; mount $i /tmp$i" ; done | bash -#get partitions on the data disk -export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` -echo "Your data partitions are: ${data_parts}" - -#create mountpoints for all the data parts -for i in ${data_parts} ; do echo "Creating mountpoint for ${i}" ; mkdir -p /tmp${i}; done - -#mount all partitions -for i in ${data_parts} ; do echo "Mounting ${i} on /tmp/${i}" ; mount ${i} /tmp${i}; done -export luksheaderpath=`find /tmp -name osluksheader` -echo "The luksheader part is ${luksheaderpath}" -export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` -echo "The boot partition on the data disk is ${boot_part}" -} - -mount_cmd () -{ -mount_cmd=`mount -o nouuid 2> /dev/null` -if [ $? -gt 0 ] -then - export mount_cmd="mount" -else - export mount_cmd="mount -o nouuid" -fi -} - -mount_lvm () -{ -echo "Mounting LVM structures found on ${root_part}" -${mount_cmd} /dev/rootvg/rootlv /investigateroot -${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ -${mount_cmd} /dev/rootvg/homelv /investigateroot/home -${mount_cmd} /dev/rootvg/optlv /investigateroot/opt -${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr -${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp -} - -unlock_root () -{ -echo "unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt -} - -verify_root_unlock () -{ -lsblk -f | grep osencrypt -if [ $? -gt 0 ] -then - echo "device osencrypt was not found" - exit -else - echo "device osencrypt found" -fi -} - -mount_encrypted () -{ -if [ -z ${lvm_part} ] -then -echo "The data disk doesn't have LVM" -echo "Mounting /dev/mapper/osencrypt on /investigateroot" -${mount_cmd} /dev/mapper/osencrypt /investigateroot -else - sleep 5 - mount_lvm -fi -} - -mount_boot () -{ -echo "Unmounting the boot partition ${boot_part} on the data drive from the temp mount" -umount -l ${boot_part} -echo "Mounting the boot partition ${boot_part} on /investigateboot" -${mount_cmd} ${boot_part} /investigateboot/ -} - -remount_boot () -{ -echo "Unmounting the boot partition ${boot_part} on the data drive from the temp mount" -umount -l ${boot_part} -echo "Mounting the boot partition ${boot_part} on /investigateroot/boot" -${mount_cmd} ${boot_part} /investigateroot/boot -} - - -duplication_validation -create_mountpoints -get_data_disk -check_local_lvm -data_os_lvm_check -mount_cmd -locate_mount_data_boot -mount_boot -unlock_root -verify_root_unlock -mount_encrypted -remount_boot +#!/bin/bash +setlog () +{ +export logpath=/var/log/vmrepair +export logfile=vmrepair.log +mkdir -p ${logpath} +echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} 2>&1 +} + +duplication_validation () +{ +#/boot/efi duplication validation +echo "`date` Validating boot/efi" >> ${logpath}/${logfile} 2>&1 +efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` +if [ "${efi_cnt}" -eq 2 ] +then + umount /boot/efi >> ${logpath}/${logfile} 2>&1 +fi +} + +get_data_disk () +{ +echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 +export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` >> ${logpath}/${logfile} 2>&1 +if [ -z ${data_disk} ] +then +echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} 2>&1 +exit +else +echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} 2>&1 +fi +} + +create_mountpoints () +{ +echo "`date` Creating mountpoints" >> ${logpath}/${logfile} 2>&1 +mkdir /{investigateboot,investigateroot} >> ${logpath}/${logfile} 2>&1 +} + +rename_local_lvm () +{ +echo "`date` Renaming Local VG" >> ${logpath}/${logfile} 2>&1 +vgrename -y ${local_vg_list} rescuevg >> ${logpath}/${logfile} 2>&1 +} + +check_local_lvm () +{ +echo "`date` Checking Local LVM" >> ${logpath}/${logfile} 2>&1 +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} 2>&1 +local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} 2>&1 +if [ ${local_vg_number} -eq 1 ] + then + echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} 2>&1 + rename_local_lvm + else + echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} 2>&1 +fi +} + +data_os_lvm_check () +{ +echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} 2>&1 +export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 +echo ${lvm_part} >> ${logpath}/${logfile} 2>&1 +if [ -z ${lvm_part} ] +then +export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} 2>&1 +echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} 2>&1 +echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} 2>&1 +else +export root_part=${lvm_part} >> ${logpath}/${logfile} 2>&1 +echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} 2>&1 +echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} 2>&1 +fi +} + +locate_mount_data_boot () +{ +echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} 2>&1 +export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 +echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} 2>&1 + +#create mountpoints for all the data parts +echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} 2>&1 +for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} 2>&1 ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} 2>&1 ; done + +#mount all partitions +echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} 2>&1 +for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} 2>&1 ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done +echo "`date`Locating luksheader" >> ${logpath}/${logfile} 2>&1 +export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} 2>&1 +echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} 2>&1 +export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 +echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} 2>&1 +} + +mount_cmd () +{ +echo "`date` Determine mount command" >> ${logpath}/${logfile} 2>&1 +mount_cmd=`mount -o nouuid 2> /dev/null` +if [ $? -gt 0 ] +then + export mount_cmd="mount" +else + export mount_cmd="mount -o nouuid" +fi +} + +mount_lvm () +{ +echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} 2>&1 +lsblk -f >> ${logpath}/${logfile} 2>&1 +} + +unlock_root () +{ +echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} 2>&1 +cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} 2>&1 +} + +verify_root_unlock () +{ +echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} 2>&1 +lsblk -f | grep osencrypt >> ${logpath}/${logfile} 2>&1 +if [ $? -gt 0 ] +then + echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} 2>&1 + exit +else + echo "`date` device osencrypt found" >> ${logpath}/${logfile} 2>&1 +fi +} + +mount_encrypted () +{ +echo "`date` Mounting root" >> ${logpath}/${logfile} 2>&1 +if [ -z ${lvm_part} ] +then +echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} 2>&1 +${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} 2>&1 +else + sleep 5 + mount_lvm +fi +} + +mount_boot () +{ +echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} 2>&1 +umount -l ${boot_part} >> ${logpath}/${logfile} 2>&1 +echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} 2>&1 +${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} 2>&1 +} + +remount_boot () +{ +echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} 2>&1 +umount -l ${boot_part} >> ${logpath}/${logfile} 2>&1 +echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} 2>&1 +${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} 2>&1 +} + +setlog +duplication_validation +create_mountpoints +get_data_disk +check_local_lvm +data_os_lvm_check +mount_cmd +locate_mount_data_boot +mount_boot +unlock_root +verify_root_unlock +mount_encrypted +remount_boot + + From 07e7ace5d6096b40a017584f38c9e4acf91848c5 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sat, 15 Aug 2020 22:12:27 +0000 Subject: [PATCH 04/18] Fixing code for data disk detection on RedHat --- src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index 67d6fb33493..8b7d34d64cd 100755 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -21,7 +21,7 @@ fi get_data_disk () { echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 -export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F. '{print "/dev"$7}'` >> ${logpath}/${logfile} 2>&1 +export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'` >> ${logpath}/${logfile} 2>&1 if [ -z ${data_disk} ] then echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} 2>&1 From 9342e13dd6a7a55ed8c42242044282151a39aa41 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 25 Aug 2020 20:36:43 +0000 Subject: [PATCH 05/18] add NF for finding the data disk with awk --- src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index 8b7d34d64cd..bc16e3e2932 100755 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -21,7 +21,7 @@ fi get_data_disk () { echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 -export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$9}'` >> ${logpath}/${logfile} 2>&1 +export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` >> ${logpath}/${logfile} 2>&1 if [ -z ${data_disk} ] then echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} 2>&1 From f455fe2d69ec67624fc264563e5c460fb8a613eb Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 31 Aug 2020 20:05:05 +0000 Subject: [PATCH 06/18] Adding error traps to allow stderr to be printed --- .../scripts/mount-encrypted-disk.sh | 287 +++++++++--------- 1 file changed, 146 insertions(+), 141 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index bc16e3e2932..0cb8d8a37ef 100755 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -1,169 +1,175 @@ #!/bin/bash -setlog () -{ -export logpath=/var/log/vmrepair -export logfile=vmrepair.log -mkdir -p ${logpath} -echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} 2>&1 -} - -duplication_validation () -{ -#/boot/efi duplication validation -echo "`date` Validating boot/efi" >> ${logpath}/${logfile} 2>&1 -efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` -if [ "${efi_cnt}" -eq 2 ] -then - umount /boot/efi >> ${logpath}/${logfile} 2>&1 -fi +setlog () { + export logpath=/var/log/vmrepair + export logfile=vmrepair.log + mkdir -p ${logpath} + echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} } -get_data_disk () -{ -echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 -export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` >> ${logpath}/${logfile} 2>&1 -if [ -z ${data_disk} ] -then -echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} 2>&1 -exit -else -echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} 2>&1 -fi +trapper () { + trap 'catch $? $LINENO' ERR + catch () { + echo "`date` Trapped error code $1 on line $2" >> ${logpath}/${logfile} + } } -create_mountpoints () -{ -echo "`date` Creating mountpoints" >> ${logpath}/${logfile} 2>&1 -mkdir /{investigateboot,investigateroot} >> ${logpath}/${logfile} 2>&1 +duplication_validation () { + trapper + #/boot/efi duplication validation + echo "`date` Validating boot/efi" >> ${logpath}/${logfile} + efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` + if [ "${efi_cnt}" -eq 2 ] + then + umount /boot/efi >> ${logpath}/${logfile} + fi } -rename_local_lvm () -{ -echo "`date` Renaming Local VG" >> ${logpath}/${logfile} 2>&1 -vgrename -y ${local_vg_list} rescuevg >> ${logpath}/${logfile} 2>&1 +get_data_disk () { + trapper + echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 + export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` + if [ -z ${data_disk} ] + then + echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} + exit + else + echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} + fi } -check_local_lvm () -{ -echo "`date` Checking Local LVM" >> ${logpath}/${logfile} 2>&1 -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} 2>&1 -local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} 2>&1 +create_mountpoints () { + trapper + echo "`date` Creating mountpoints" >> ${logpath}/${logfile} + mkdir /{investigateboot,investigateroot} +} + +rename_local_lvm () { + trapper + echo "`date` Renaming Local VG" >> ${logpath}/${logfile} + vgrename -y ${local_vg_list} rescuevg +} + +check_local_lvm () { + trapper +echo "`date` Checking Local LVM" >> ${logpath}/${logfile} +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} +local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} if [ ${local_vg_number} -eq 1 ] then - echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} 2>&1 + echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} rename_local_lvm else - echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} 2>&1 + echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} fi } -data_os_lvm_check () -{ -echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} 2>&1 -export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 -echo ${lvm_part} >> ${logpath}/${logfile} 2>&1 -if [ -z ${lvm_part} ] -then -export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} 2>&1 -echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} 2>&1 -echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} 2>&1 -else -export root_part=${lvm_part} >> ${logpath}/${logfile} 2>&1 -echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} 2>&1 -echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} 2>&1 -fi +data_os_lvm_check () { + trapper + echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} + export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} + echo ${lvm_part} >> ${logpath}/${logfile} + if [ -z ${lvm_part} ] + then + export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} + else + export root_part=${lvm_part} >> ${logpath}/${logfile} + echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} + fi } -locate_mount_data_boot () -{ -echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} 2>&1 -export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 -echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} 2>&1 - -#create mountpoints for all the data parts -echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} 2>&1 -for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} 2>&1 ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} 2>&1 ; done - -#mount all partitions -echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} 2>&1 -for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} 2>&1 ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done -echo "`date`Locating luksheader" >> ${logpath}/${logfile} 2>&1 -export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} 2>&1 -echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} 2>&1 -export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} 2>&1 -echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} 2>&1 -} - -mount_cmd () -{ -echo "`date` Determine mount command" >> ${logpath}/${logfile} 2>&1 -mount_cmd=`mount -o nouuid 2> /dev/null` -if [ $? -gt 0 ] -then - export mount_cmd="mount" -else - export mount_cmd="mount -o nouuid" -fi +locate_mount_data_boot () { + trapper + echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} + export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} + echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} + + #create mountpoints for all the data parts + echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} + for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} ; done + + #mount all partitions + echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} + for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done + echo "`date`Locating luksheader" >> ${logpath}/${logfile} + export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} + echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} + export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} + echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} } -mount_lvm () -{ -echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} 2>&1 -lsblk -f >> ${logpath}/${logfile} 2>&1 -} - -unlock_root () -{ -echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} 2>&1 -cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} 2>&1 -} - -verify_root_unlock () -{ -echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} 2>&1 -lsblk -f | grep osencrypt >> ${logpath}/${logfile} 2>&1 -if [ $? -gt 0 ] -then - echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} 2>&1 - exit -else - echo "`date` device osencrypt found" >> ${logpath}/${logfile} 2>&1 -fi +mount_cmd () { + trapper + echo "`date` Determine mount command" >> ${logpath}/${logfile} + mount_cmd=`mount -o nouuid 2> /dev/null` >> ${logpath}/${logfile} 2>&1 + if [ $? -gt 0 ] + then + export mount_cmd="mount" + else + export mount_cmd="mount -o nouuid" + fi } -mount_encrypted () -{ -echo "`date` Mounting root" >> ${logpath}/${logfile} 2>&1 -if [ -z ${lvm_part} ] -then -echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} 2>&1 -${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} 2>&1 -else - sleep 5 - mount_lvm -fi +mount_lvm () { + trapper + echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} + lsblk -f >> ${logpath}/${logfile} +} + +unlock_root () { + trapper + echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} + cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} +} + +verify_root_unlock () { + trapper + echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} + lsblk -f | grep osencrypt >> ${logpath}/${logfile} + if [ $? -gt 0 ] + then + echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} + exit + else + echo "`date` device osencrypt found" >> ${logpath}/${logfile} + fi +} + +mount_encrypted () { + trapper + echo "`date` Mounting root" >> ${logpath}/${logfile} + if [ -z ${lvm_part} ] + then + echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} + ${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} + else + sleep 5 + mount_lvm + fi } -mount_boot () -{ -echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} 2>&1 -umount -l ${boot_part} >> ${logpath}/${logfile} 2>&1 -echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} 2>&1 -${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} 2>&1 +mount_boot () { + trapper + echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} + umount -l ${boot_part} >> ${logpath}/${logfile} + echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} + ${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} } -remount_boot () -{ -echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} 2>&1 -umount -l ${boot_part} >> ${logpath}/${logfile} 2>&1 -echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} 2>&1 -${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} 2>&1 +remount_boot () { + trapper + echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} + umount -l ${boot_part} >> ${logpath}/${logfile} + echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} + ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} } setlog @@ -180,4 +186,3 @@ verify_root_unlock mount_encrypted remount_boot - From 2497ff033b8af5ecebfc0389f762efc52a2dfb4b Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 16 Sep 2020 19:52:01 +0000 Subject: [PATCH 07/18] add utils again --- src/vm-repair/azext_vm_repair/repair_utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/repair_utils.py b/src/vm-repair/azext_vm_repair/repair_utils.py index a414df39cb6..8b8d0fb3f18 100644 --- a/src/vm-repair/azext_vm_repair/repair_utils.py +++ b/src/vm-repair/azext_vm_repair/repair_utils.py @@ -281,10 +281,10 @@ def _unlock_singlepass_encrypted_disk(source_vm, resource_group_name, repair_vm_ try: if encryption_type is Encryption.SINGLE_WITH_KEK: - install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --key-encryption-key {kek_url} --volume-type {volume} --encrypt-format-all' \ + install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --key-encryption-key {kek_url} --volume-type {volume}' \ .format(g=repair_group_name, repair=repair_vm_name, vault=key_vault, kek_url=kekurl, volume=volume_type) elif encryption_type is Encryption.SINGLE_WITHOUT_KEK: - install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --volume-type {volume} --encrypt-format-all' \ + install_ade_extension_command = 'az vm encryption enable --disk-encryption-keyvault {vault} --name {repair} --resource-group {g} --volume-type {volume}' \ .format(g=repair_group_name, repair=repair_vm_name, vault=key_vault, volume=volume_type) # Add format-all flag for linux vms if is_linux: From 4c97088e2d5c3dd723fe42cb4aeff3869fd9b89b Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 9 Oct 2020 18:10:04 +0000 Subject: [PATCH 08/18] adding logic for detecting BEK volume and mounting it --- .../scripts/mount-encrypted-disk.sh | 31 ++++++++++++++++--- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index e63307f1443..143fc45edb9 100755 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -24,6 +24,30 @@ duplication_validation () { fi } +locatebekvol () { + trapper + echo "`date` Locating BEK volume" >> ${logpath}/${logfile} + export bekdisk=`lsblk -l -o LABEL,NAME| grep BEK | awk '{print $NF}'` + if [ -z ${bekdisk} ] + then + echo "`date` No BEK disk found, cannot continue" >> ${logpath}/${logfile} + exit + else + echo "`date` the BEK Volume is ${bekdisk}" >> ${logpath}/${logfile} + export bekdisk=/dev/${bekdisk} + fi +} + +mountbekvol () { + trapper + echo "`date` Mounting BEK volume" >> ${logpath}/${logfile} + export bekmountpath=/mnt/azure_bek_disk/ + mkdir -p ${bekmountpath} + mount ${bekdisk} ${bekmountpath} + echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} +} + + get_data_disk () { trapper echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 @@ -175,6 +199,8 @@ remount_boot () { setlog duplication_validation create_mountpoints +locatebekvol +mountbekvol get_data_disk check_local_lvm data_os_lvm_check @@ -184,9 +210,4 @@ mount_boot unlock_root verify_root_unlock mount_encrypted -<<<<<<< HEAD remount_boot - -======= -remount_boot ->>>>>>> upstream/master From d9bf8be3e7349a626658c461429ee9c9b5ebb3be Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 12 Nov 2020 21:11:19 +0000 Subject: [PATCH 09/18] Adding suppression of errors to stdout --- .../azext_vm_repair/scripts/mount-encrypted-disk.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh index e63307f1443..bdd715ef906 100755 --- a/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh @@ -66,11 +66,11 @@ fi data_os_lvm_check () { trapper echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} - export lvm_part=`fdisk -l ${data_disk}| grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} + export lvm_part=`fdisk -l ${data_disk} 2>&1 | grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} echo ${lvm_part} >> ${logpath}/${logfile} if [ -z ${lvm_part} ] then - export root_part=`fdisk -l ${data_disk} | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} else @@ -83,7 +83,7 @@ data_os_lvm_check () { locate_mount_data_boot () { trapper echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} - export data_parts=`fdisk -l ${data_disk} | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} + export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} #create mountpoints for all the data parts From a791bfd5d93c581f7a0fe0aec09d01d91fda3818 Mon Sep 17 00:00:00 2001 From: "jofrance@microsoft.com" Date: Wed, 17 Aug 2022 04:39:49 +0000 Subject: [PATCH 10/18] fixing script to unlock on ADE --- src/vm-repair/azext_vm_repair/custom.py | 158 ++--------- src/vm-repair/azext_vm_repair/repair_utils.py | 75 ++--- .../scripts/linux-mount-encrypted-disk.sh | 260 +----------------- 3 files changed, 54 insertions(+), 439 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/custom.py b/src/vm-repair/azext_vm_repair/custom.py index 9f999c08748..fbaeaeada00 100644 --- a/src/vm-repair/azext_vm_repair/custom.py +++ b/src/vm-repair/azext_vm_repair/custom.py @@ -4,16 +4,15 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long, too-many-locals, too-many-statements, broad-except, too-many-branches -import json import timeit import traceback import requests - from knack.log import get_logger from azure.cli.command_modules.vm.custom import get_vm, _is_linux_os from azure.cli.command_modules.storage.storage_url_helpers import StorageResourceIdentifier from msrestazure.tools import parse_resource_id +from .exceptions import SkuDoesNotSupportHyperV from .command_helper_class import command_helper from .repair_utils import ( @@ -33,15 +32,17 @@ _fetch_disk_info, _unlock_singlepass_encrypted_disk, _invoke_run_command, + _check_hyperV_gen, _get_cloud_init_script, _select_distro_linux, _check_linux_hyperV_gen, _select_distro_linux_gen2, _set_repair_map_url, _is_gen2, - _check_n_start_vm + _unlock_encrypted_vm_run, + _create_repair_vm ) -from .exceptions import AzCommandError, SkuNotAvailableError, UnmanagedDiskCopyError, WindowsOsNotAvailableError, RunScriptNotFoundForIdError, SkuDoesNotSupportHyperV, ScriptReturnsError, SupportingResourceNotFoundError, CommandCanceledByUserError +from .exceptions import AzCommandError, SkuNotAvailableError, UnmanagedDiskCopyError, WindowsOsNotAvailableError, RunScriptNotFoundForIdError, SkuDoesNotSupportHyperV, ScriptReturnsError logger = get_logger(__name__) @@ -125,30 +126,31 @@ def create(cmd, vm_name, resource_group_name, repair_password=None, repair_usern # Copy OS Disk logger.info('Copying OS disk of source VM...') copy_disk_id = _call_az_command(copy_disk_command).strip('\n') - # For Linux the disk gets not attached at VM creation time. To prevent an incorrect boot state it is required to attach the disk after the VM got created. - if not is_linux: - # Add copied OS Disk to VM creat command so that the VM is created with the disk attached - create_repair_vm_command += ' --attach-data-disks {id}'.format(id=copy_disk_id) - # Validate create vm create command to validate parameters before runnning copy disk command - validate_create_vm_command = create_repair_vm_command + ' --validate' - logger.info('Validating VM template before continuing...') - _call_az_command(validate_create_vm_command, secure_params=[repair_password, repair_username]) - # Create repair VM - logger.info('Creating repair VM...') - _call_az_command(create_repair_vm_command, secure_params=[repair_password, repair_username]) - if is_linux: - # Attach copied managed disk to new vm + # Create VM according to the two conditions: is_linux, unlock_encrypted_vm + # Only in the case of a Linux VM without encryption the data-disk gets attached after VM creation. + # This is required to prevent an incorrect boot due to an UUID mismatch + if not is_linux: + # windows + _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username) + + if not is_linux and unlock_encrypted_vm: + # windows with encryption + _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username) + _unlock_encrypted_vm_run(repair_vm_name, repair_group_name, is_linux) + + if is_linux and unlock_encrypted_vm: + # linux with encryption + _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username) + _unlock_encrypted_vm_run(repair_vm_name, repair_group_name, is_linux) + + if is_linux and (not unlock_encrypted_vm): + # linux without encryption + _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username, fix_uuid=True) logger.info('Attaching copied disk to repair VM as data disk...') attach_disk_command = "az vm disk attach -g {g} --name {disk_id} --vm-name {vm_name} ".format(g=repair_group_name, disk_id=copy_disk_id, vm_name=repair_vm_name) _call_az_command(attach_disk_command) - # Handle encrypted VM cases - if unlock_encrypted_vm: - stdout, stderr = _unlock_singlepass_encrypted_disk(repair_vm_name, repair_group_name, is_linux) - logger.debug('Unlock script STDOUT:\n%s', stdout) - if stderr: - logger.warning('Encryption unlock script error was generated:\n%s', stderr) # UNMANAGED DISK else: @@ -531,113 +533,3 @@ def list_scripts(cmd, preview=None): return return_dict - -def reset_nic(cmd, vm_name, resource_group_name, yes=False): - - # Init command helper object - command = command_helper(logger, cmd, 'vm repair reset-nic') - DYNAMIC_CONFIG = 'Dynamic' - - try: - # 0) Check if VM is deallocated or off. If it is, ask to run start the VM. - VM_OFF_MESSAGE = 'VM is not running. The VM must be in running to reset its NIC.\n' - vm_instance_view = get_vm(cmd, resource_group_name, vm_name, 'instanceView') - VM_started = _check_n_start_vm(vm_name, resource_group_name, not yes, VM_OFF_MESSAGE, vm_instance_view) - if not VM_started: - raise CommandCanceledByUserError("Could not get consent to run VM before resetting the NIC.") - - # 1) Fetch vm network info - logger.info('Fetching necessary VM network information to reset the NIC...\n') - # Fetch primary nic id. The primary field is null or true for primary nics. - get_primary_nic_id_command = 'az vm nic list -g {g} --vm-name {n} --query "[[?primary].id || [?primary==null].id][0][0]" -o tsv' \ - .format(g=resource_group_name, n=vm_name) - primary_nic_id = _call_az_command(get_primary_nic_id_command) - if not primary_nic_id: - # Raise no primary nic excpetion - raise SupportingResourceNotFoundError('The primary NIC for the VM was not found on Azure.') - primary_nic_name = primary_nic_id.split('/')[-1] - - # Get ip config info to get: vnet name, current private ip, ipconfig name, subnet id - get_primary_ip_config = 'az network nic ip-config list -g {g} --nic-name {nic_name} --query [[?primary]][0][0]' \ - .format(g=resource_group_name, nic_name=primary_nic_name) - ip_config_string = _call_az_command(get_primary_ip_config) - if not ip_config_string: - # Raise primary ip_config not found - raise SupportingResourceNotFoundError('The primary IP configuration for the VM NIC was not found on Azure.') - ip_config_object = json.loads(ip_config_string) - - subnet_id = ip_config_object['subnet']['id'] - subnet_id_tokens = subnet_id.split('/') - subnet_name = subnet_id_tokens[-1] - vnet_name = subnet_id_tokens[-3] - ipconfig_name = ip_config_object['name'] - orig_ip_address = ip_config_object['privateIpAddress'] - # Dynamic | Static - orig_ip_allocation_method = ip_config_object['privateIpAllocationMethod'] - - # Get aviailable ip address within subnet - get_available_ip_command = 'az network vnet subnet list-available-ips -g {g} --vnet-name {vnet} --name {subnet} --query [0] -o tsv' \ - .format(g=resource_group_name, vnet=vnet_name, subnet=subnet_name) - swap_ip_address = _call_az_command(get_available_ip_command) - if not swap_ip_address: - # Raise available IP not found - raise SupportingResourceNotFoundError('Available IP address was not found within the VM subnet.') - - # 3) Update private IP address to another in subnet. This will invoke and wait for a VM restart. - logger.info('Updating VM IP configuration. This might take a few minutes...\n') - # Update IP address - update_ip_command = 'az network nic ip-config update -g {g} --nic-name {nic} -n {config} --private-ip-address {ip} ' \ - .format(g=resource_group_name, nic=primary_nic_name, config=ipconfig_name, ip=swap_ip_address) - _call_az_command(update_ip_command) - - # 4) Change things back. This will also invoke and wait for a VM restart. - logger.info('NIC reset is complete. Now reverting back to your original configuration...\n') - # If user had dynamic config, change back to dynamic - revert_ip_command = None - if orig_ip_allocation_method == DYNAMIC_CONFIG: - # Revert Static to Dynamic - revert_ip_command = 'az network nic ip-config update -g {g} --nic-name {nic} -n {config} --set privateIpAllocationMethod={method}' \ - .format(g=resource_group_name, nic=primary_nic_name, config=ipconfig_name, method=DYNAMIC_CONFIG) - else: - # Revert to original static ip - revert_ip_command = 'az network nic ip-config update -g {g} --nic-name {nic} -n {config} --private-ip-address {ip} ' \ - .format(g=resource_group_name, nic=primary_nic_name, config=ipconfig_name, ip=orig_ip_address) - - _call_az_command(revert_ip_command) - logger.info('VM guest NIC reset is complete and all configurations are reverted.') - # Some error happened. Stop command and revert back as needed. - except KeyboardInterrupt: - command.set_status_error() - command.error_stack_trace = traceback.format_exc() - command.error_message = "Command interrupted by user input." - command.message = "Command interrupted by user input." - except AzCommandError as azCommandError: - command.set_status_error() - command.error_stack_trace = traceback.format_exc() - command.error_message = str(azCommandError) - command.message = "Reset NIC failed." - except SupportingResourceNotFoundError as resourceError: - command.set_status_error() - command.error_stack_trace = traceback.format_exc() - command.error_message = str(resourceError) - command.message = "Reset NIC could not be initiated." - except CommandCanceledByUserError as canceledError: - command.set_status_error() - command.error_stack_trace = traceback.format_exc() - command.error_message = str(canceledError) - command.message = VM_OFF_MESSAGE - except Exception as exception: - command.set_status_error() - command.error_stack_trace = traceback.format_exc() - command.error_message = str(exception) - command.message = 'An unexpected error occurred. Try running again with the --debug flag to debug.' - else: - command.set_status_success() - command.message = 'VM guest NIC reset complete. The VM is in running state.' - finally: - if command.error_stack_trace: - logger.debug(command.error_stack_trace) - # Generate return object and log errors if needed - return_dict = command.init_return_dict() - - return return_dict diff --git a/src/vm-repair/azext_vm_repair/repair_utils.py b/src/vm-repair/azext_vm_repair/repair_utils.py index 3205afb6e1a..120ae1845ba 100644 --- a/src/vm-repair/azext_vm_repair/repair_utils.py +++ b/src/vm-repair/azext_vm_repair/repair_utils.py @@ -2,7 +2,7 @@ # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- -# pylint: disable=line-too-long, deprecated-method, global-statement + # from logging import Logger # , log import subprocess import shlex @@ -16,7 +16,9 @@ from knack.prompting import prompt_y_n, NoTTYException from .encryption_types import Encryption + from .exceptions import (AzCommandError, WindowsOsNotAvailableError, RunScriptNotFoundForIdError, SkuDoesNotSupportHyperV, SuseNotAvailableError) +# pylint: disable=line-too-long, deprecated-method REPAIR_MAP_URL = 'https://raw.githubusercontent.com/Azure/repair-script-library/master/map.json' @@ -200,53 +202,6 @@ def _clean_up_resources(resource_group_name, confirm): logger.error("Clean up failed.") -def _check_n_start_vm(vm_name, resource_group_name, confirm, vm_off_message, vm_instance_view): - """ - Checks if the VM is running and prompts to auto-start it. - Returns: True if VM is already running or succeeded in running it. - False if user selected not to run the VM or running in non-interactive mode. - Raises: AzCommandError if vm start command fails - Exception if something went wrong while fetching VM power state - """ - VM_RUNNING = 'PowerState/running' - try: - logger.info('Checking VM power state...\n') - VM_TURNED_ON = False - vm_statuses = vm_instance_view.instance_view.statuses - for vm_status in vm_statuses: - if vm_status.code == VM_RUNNING: - VM_TURNED_ON = True - # VM already on - if VM_TURNED_ON: - logger.info('VM is running\n') - return True - - logger.warning(vm_off_message) - # VM Stopped or Deallocated. Ask to run it - if confirm: - if not prompt_y_n('Continue to auto-start VM?'): - logger.warning('Skipping VM start') - return False - - start_vm_command = 'az vm start --resource-group {rg} --name {n}'.format(rg=resource_group_name, n=vm_name) - logger.info('Starting the VM. This might take a few minutes...\n') - _call_az_command(start_vm_command) - logger.info('VM started\n') - # NoTTYException exception only thrown from confirm block - except NoTTYException: - logger.warning('Cannot confirm VM auto-start in non-interactive mode.') - logger.warning('Skipping auto-start') - return False - except AzCommandError as azCommandError: - logger.error("Failed to start VM.") - raise azCommandError - except Exception as exception: - logger.error("Failed to check VM power status.") - raise exception - else: - return True - - def _fetch_compatible_sku(source_vm, hyperv): location = source_vm.location @@ -363,10 +318,13 @@ def _check_linux_hyperV_gen(source_vm): fetch_hypervgen_command = 'az vm get-instance-view --ids {id} --query "[instanceView.hyperVGeneration]" -o json'.format(id=source_vm.id) hyperVGen_list = loads(_call_az_command(fetch_hypervgen_command)) hyperVGen = hyperVGen_list[0] - if hyperVGen != 'V2': + if hyperVGen == 'V2': + return hyperVGen + else: hyperVGen = 'V1' - - return hyperVGen + return hyperVGen + else: + return hyperVGen def _secret_tag_check(resource_group_name, copy_disk_name, secreturl): @@ -682,3 +640,18 @@ def _get_function_param_dict(frame): if param in values: values[param] = '********' return values + +def _unlock_encrypted_vm_run(repair_vm_name, repair_group_name, is_linux): + stdout, stderr = _unlock_singlepass_encrypted_disk(repair_vm_name, repair_group_name, is_linux) + logger.debug('Unlock script STDOUT:\n%s', stdout) + if stderr: + logger.warning('Encryption unlock script error was generated:\n%s', stderr) + +def _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username, fix_uuid=False): + if not fix_uuid: + create_repair_vm_command += ' --attach-data-disks {id}'.format(id=copy_disk_id) + logger.info('Validating VM template before continuing...') + _call_az_command(create_repair_vm_command + ' --validate', secure_params=[repair_password, repair_username]) + logger.info('Creating repair VM...') + _call_az_command(create_repair_vm_command, secure_params=[repair_password, repair_username]) + diff --git a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh index 99e11ca00df..2fb61156c1d 100644 --- a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh @@ -1,218 +1,3 @@ -<<<<<<< HEAD:src/vm-repair/azext_vm_repair/scripts/mount-encrypted-disk.sh -#!/bin/bash -setlog () { - export logpath=/var/log/vmrepair - export logfile=vmrepair.log - mkdir -p ${logpath} - echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} -} - -trapper () { - trap 'catch $? $LINENO' ERR - catch () { - echo "`date` Trapped error code $1 on line $2" >> ${logpath}/${logfile} - } -} - -duplication_validation () { - trapper - #/boot/efi duplication validation - echo "`date` Validating boot/efi" >> ${logpath}/${logfile} - efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` - if [ "${efi_cnt}" -eq 2 ] - then - umount /boot/efi >> ${logpath}/${logfile} - fi -} - -locatebekvol () { - trapper - echo "`date` Locating BEK volume" >> ${logpath}/${logfile} - export bekdisk=`lsblk -l -o LABEL,NAME| grep BEK | awk '{print $NF}'` - if [ -z ${bekdisk} ] - then - echo "`date` No BEK disk found, cannot continue" >> ${logpath}/${logfile} - exit - else - echo "`date` the BEK Volume is ${bekdisk}" >> ${logpath}/${logfile} - export bekdisk=/dev/${bekdisk} - fi -} - -mountbekvol () { - trapper - echo "`date` Mounting BEK volume" >> ${logpath}/${logfile} - export bekmountpath=/mnt/azure_bek_disk/ - mkdir -p ${bekmountpath} - mount ${bekdisk} ${bekmountpath} - echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} -} - - -get_data_disk () { - trapper - echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 - export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` - if [ -z ${data_disk} ] - then - echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} - exit - else - echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} - fi -} - -create_mountpoints () { - trapper - echo "`date` Creating mountpoints" >> ${logpath}/${logfile} - mkdir /{investigateboot,investigateroot} -} - -rename_local_lvm () { - trapper - echo "`date` Renaming Local VG" >> ${logpath}/${logfile} - vgrename -y ${local_vg_list} rescuevg -} - -check_local_lvm () { - trapper -echo "`date` Checking Local LVM" >> ${logpath}/${logfile} -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} -local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} -if [ ${local_vg_number} -eq 1 ] - then - echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} - rename_local_lvm - else - echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} -fi -} - -data_os_lvm_check () { - trapper - echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} - export lvm_part=`fdisk -l ${data_disk} 2>&1 | grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} - echo ${lvm_part} >> ${logpath}/${logfile} - if [ -z ${lvm_part} ] - then - export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} - echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} - else - export root_part=${lvm_part} >> ${logpath}/${logfile} - echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} - fi -} - -locate_mount_data_boot () { - trapper - echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} - export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} - echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} - - #create mountpoints for all the data parts - echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} - for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} ; done - - #mount all partitions - echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} - for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done - echo "`date`Locating luksheader" >> ${logpath}/${logfile} - export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} - echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} - export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} - echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} -} - -mount_cmd () { - trapper - echo "`date` Determine mount command" >> ${logpath}/${logfile} - mount_cmd=`mount -o nouuid 2> /dev/null` >> ${logpath}/${logfile} 2>&1 - if [ $? -gt 0 ] - then - export mount_cmd="mount" - else - export mount_cmd="mount -o nouuid" - fi -} - -mount_lvm () { - trapper - echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} - lsblk -f >> ${logpath}/${logfile} -} - -unlock_root () { - trapper - echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} - cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} -} - -verify_root_unlock () { - trapper - echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} - lsblk -f | grep osencrypt >> ${logpath}/${logfile} - if [ $? -gt 0 ] - then - echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} - exit - else - echo "`date` device osencrypt found" >> ${logpath}/${logfile} - fi -} - -mount_encrypted () { - trapper - echo "`date` Mounting root" >> ${logpath}/${logfile} - if [ -z ${lvm_part} ] - then - echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} - ${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} - else - sleep 5 - mount_lvm - fi -} - -mount_boot () { - trapper - echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} - umount -l ${boot_part} >> ${logpath}/${logfile} - echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} - ${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} -} - -remount_boot () { - trapper - echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} - umount -l ${boot_part} >> ${logpath}/${logfile} - echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} - ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} -} - -setlog -duplication_validation -create_mountpoints -locatebekvol -mountbekvol -get_data_disk -check_local_lvm -data_os_lvm_check -mount_cmd -locate_mount_data_boot -mount_boot -unlock_root -verify_root_unlock -mount_encrypted -remount_boot -======= #!/bin/bash setlog () { export logpath=/var/log/vmrepair @@ -262,6 +47,7 @@ mountbekvol () { echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} } + get_data_disk () { trapper echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 @@ -308,30 +94,20 @@ data_os_lvm_check () { echo ${lvm_part} >> ${logpath}/${logfile} if [ -z ${lvm_part} ] then - #Updaing the below command to use lsblk instead of fdisk for accounting for different distros - #export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} - export root_part=`lsblk ${data_disk} -l -n -p 2>&1 | grep -w -v ${data_disk} |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} else - #adding a check to see if the returned value is just the partition number or partition full path. - if grep -q ${data_disk} <<< ${lvm_part} - then - export root_part=${lvm_part} >> ${logpath}/${logfile} - else - export root_part=${data_disk}${lvm_part} >> ${logpath}/${logfile} - fi + export root_part=${lvm_part} >> ${logpath}/${logfile} echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} fi } locate_mount_data_boot () { trapper echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} - #export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} - #The below is updated to use lsblk, as fdisk output is diffferent between distros while the lsblk command is the same. - export data_parts=`lsblk ${data_disk} -l -o name -n -p | grep -v -w ${data_disk}` >> ${logpath}/${logfile} + export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} #create mountpoints for all the data parts @@ -363,9 +139,6 @@ mount_cmd () { mount_lvm () { trapper echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} - #adding below lines to make sure that volume groups are activated before trying to mount. - vgs >> ${logpath}/${logfile} - vgchange -ay rootvg >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} @@ -422,30 +195,8 @@ remount_boot () { echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} } -install_required_packages() -{ - echo "`date` Checking about the required packages and instal the misssing ones" >> ${logpath}/${logfile} - echo "`date` Checking the distro of the recovery VM .." >> ${logpath}/${logfile} - output=`which apt` - if [ $? -eq 0 ] - then - echo "`date` This is ubuntu VM" >> ${logpath}/${logfile} - apt-get install -y cryptsetup lvm2 >> ${logpath}/${logfile} - else - output=`which zypper` - if [ $? -eq 0 ] - then - echo "`date` This is a sles VM" >> ${logpath}/${logfile} - zypper --non-interactive --no-refresh install cryptsetup lvm2 - else - echo "`date` This a yum based distro" >> ${logpath}/${logfile} - yum install -y cryptsetup lvm2 - fi - fi -} setlog -install_required_packages duplication_validation create_mountpoints locatebekvol @@ -460,4 +211,3 @@ unlock_root verify_root_unlock mount_encrypted remount_boot ->>>>>>> 65cec441c03bf85e88bf28dc0ae76727eaadecf4:src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh From b8797d130f9dd98d767f6e8406cfb208cf6b7ecd Mon Sep 17 00:00:00 2001 From: "jofrance@microsoft.com" Date: Wed, 17 Aug 2022 05:05:56 +0000 Subject: [PATCH 11/18] updating unlock script --- .../scripts/linux-mount-encrypted-disk.sh.1 | 247 ++++++++++++++++++ 1 file changed, 247 insertions(+) create mode 100644 src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 diff --git a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 new file mode 100644 index 00000000000..701e6d4029b --- /dev/null +++ b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 @@ -0,0 +1,247 @@ +#!/bin/bash +setlog () { + export logpath=/var/log/vmrepair + export logfile=vmrepair.log + mkdir -p ${logpath} + echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} +} + +trapper () { + trap 'catch $? $LINENO' ERR + catch () { + echo "`date` Trapped error code $1 on line $2" >> ${logpath}/${logfile} + } +} + +duplication_validation () { + trapper + #/boot/efi duplication validation + echo "`date` Validating boot/efi" >> ${logpath}/${logfile} + efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` + if [ "${efi_cnt}" -eq 2 ] + then + umount /boot/efi >> ${logpath}/${logfile} + fi +} + +locatebekvol () { + trapper + echo "`date` Locating BEK volume" >> ${logpath}/${logfile} + export bekdisk=`lsblk -l -o LABEL,NAME| grep BEK | awk '{print $NF}'` + if [ -z ${bekdisk} ] + then + echo "`date` No BEK disk found, cannot continue" >> ${logpath}/${logfile} + exit + else + echo "`date` the BEK Volume is ${bekdisk}" >> ${logpath}/${logfile} + export bekdisk=/dev/${bekdisk} + fi +} + +mountbekvol () { + trapper + echo "`date` Mounting BEK volume" >> ${logpath}/${logfile} + export bekmountpath=/mnt/azure_bek_disk/ + mkdir -p ${bekmountpath} + mount ${bekdisk} ${bekmountpath} + echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} +} + +get_data_disk () { + trapper + echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 + export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` + if [ -z ${data_disk} ] + then + echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} + exit + else + echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} + fi +} + +create_mountpoints () { + trapper + echo "`date` Creating mountpoints" >> ${logpath}/${logfile} + mkdir /{investigateboot,investigateroot} +} + +rename_local_lvm () { + trapper + echo "`date` Renaming Local VG" >> ${logpath}/${logfile} + vgrename -y ${local_vg_list} rescuevg +} + +check_local_lvm () { + trapper +echo "`date` Checking Local LVM" >> ${logpath}/${logfile} +export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} +local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} +if [ ${local_vg_number} -eq 1 ] + then + echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} + rename_local_lvm + else + echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} +fi +} + +data_os_lvm_check () { + trapper + echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} + export lvm_part=`fdisk -l ${data_disk} 2>&1 | grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} + echo ${lvm_part} >> ${logpath}/${logfile} + if [ -z ${lvm_part} ] + then + #Updaing the below command to use lsblk instead of fdisk for accounting for different distros + #export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + export root_part=`lsblk ${data_disk} -l -n -p 2>&1 | grep -w -v ${data_disk} |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} + else + #adding a check to see if the returned value is just the partition number or partition full path. + if grep -q ${data_disk} <<< ${lvm_part} + then + export root_part=${lvm_part} >> ${logpath}/${logfile} + else + export root_part=${data_disk}${lvm_part} >> ${logpath}/${logfile} + fi + echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} + fi +} + +locate_mount_data_boot () { + trapper + echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} + #export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} + #The below is updated to use lsblk, as fdisk output is diffferent between distros while the lsblk command is the same. + export data_parts=`lsblk ${data_disk} -l -o name -n -p | grep -v -w ${data_disk}` >> ${logpath}/${logfile} + echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} + + #create mountpoints for all the data parts + echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} + for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} ; done + + #mount all partitions + echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} + for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done + echo "`date`Locating luksheader" >> ${logpath}/${logfile} + export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} + echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} + export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} + echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} +} + +mount_cmd () { + trapper + echo "`date` Determine mount command" >> ${logpath}/${logfile} + mount_cmd=`mount -o nouuid 2> /dev/null` >> ${logpath}/${logfile} 2>&1 + if [ $? -gt 0 ] + then + export mount_cmd="mount" + else + export mount_cmd="mount -o nouuid" + fi +} + +mount_lvm () { + trapper + echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} + #adding below lines to make sure that volume groups are activated before trying to mount. + vgs >> ${logpath}/${logfile} + vgchange -ay rootvg >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} + ${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} + lsblk -f >> ${logpath}/${logfile} +} + +unlock_root () { + trapper + echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} + cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} +} + +verify_root_unlock () { + trapper + echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} + lsblk -f | grep osencrypt >> ${logpath}/${logfile} + if [ $? -gt 0 ] + then + echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} + exit + else + echo "`date` device osencrypt found" >> ${logpath}/${logfile} + fi +} + +mount_encrypted () { + trapper + echo "`date` Mounting root" >> ${logpath}/${logfile} + if [ -z ${lvm_part} ] + then + echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} + ${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} + else + sleep 5 + mount_lvm + fi +} + +mount_boot () { + trapper + echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} + umount -l ${boot_part} >> ${logpath}/${logfile} + echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} + ${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} +} + +remount_boot () { + trapper + echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} + umount -l ${boot_part} >> ${logpath}/${logfile} + echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} + ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} +} +install_required_packages() +{ + echo "`date` Checking about the required packages and instal the misssing ones" >> ${logpath}/${logfile} + echo "`date` Checking the distro of the recovery VM .." >> ${logpath}/${logfile} + output=`which apt` + if [ $? -eq 0 ] + then + echo "`date` This is ubuntu VM" >> ${logpath}/${logfile} + apt-get install -y cryptsetup lvm2 >> ${logpath}/${logfile} + else + output=`which zypper` + if [ $? -eq 0 ] + then + echo "`date` This is a sles VM" >> ${logpath}/${logfile} + zypper --non-interactive --no-refresh install cryptsetup lvm2 + else + echo "`date` This a yum based distro" >> ${logpath}/${logfile} + yum install -y cryptsetup lvm2 + fi + fi +} + +setlog +install_required_packages +duplication_validation +create_mountpoints +locatebekvol +mountbekvol +get_data_disk +check_local_lvm +data_os_lvm_check +mount_cmd +locate_mount_data_boot +mount_boot +unlock_root +verify_root_unlock +mount_encrypted +remount_boot \ No newline at end of file From 289b1f90e551ef8e4b6762e2ee46882ab1abc8fd Mon Sep 17 00:00:00 2001 From: "jofrance@microsoft.com" Date: Wed, 17 Aug 2022 05:09:13 +0000 Subject: [PATCH 12/18] updating unlock script --- .../scripts/linux-mount-encrypted-disk.sh | 46 +++- .../scripts/linux-mount-encrypted-disk.sh.1 | 247 ------------------ 2 files changed, 40 insertions(+), 253 deletions(-) delete mode 100644 src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 diff --git a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh index 2fb61156c1d..701e6d4029b 100644 --- a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh +++ b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh @@ -47,7 +47,6 @@ mountbekvol () { echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} } - get_data_disk () { trapper echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 @@ -94,20 +93,30 @@ data_os_lvm_check () { echo ${lvm_part} >> ${logpath}/${logfile} if [ -z ${lvm_part} ] then - export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + #Updaing the below command to use lsblk instead of fdisk for accounting for different distros + #export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} + export root_part=`lsblk ${data_disk} -l -n -p 2>&1 | grep -w -v ${data_disk} |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} else - export root_part=${lvm_part} >> ${logpath}/${logfile} + #adding a check to see if the returned value is just the partition number or partition full path. + if grep -q ${data_disk} <<< ${lvm_part} + then + export root_part=${lvm_part} >> ${logpath}/${logfile} + else + export root_part=${data_disk}${lvm_part} >> ${logpath}/${logfile} + fi echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${lvm_part}" >> ${logpath}/${logfile} + echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} fi } locate_mount_data_boot () { trapper echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} - export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} + #export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} + #The below is updated to use lsblk, as fdisk output is diffferent between distros while the lsblk command is the same. + export data_parts=`lsblk ${data_disk} -l -o name -n -p | grep -v -w ${data_disk}` >> ${logpath}/${logfile} echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} #create mountpoints for all the data parts @@ -139,6 +148,9 @@ mount_cmd () { mount_lvm () { trapper echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} + #adding below lines to make sure that volume groups are activated before trying to mount. + vgs >> ${logpath}/${logfile} + vgchange -ay rootvg >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} @@ -195,8 +207,30 @@ remount_boot () { echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} } +install_required_packages() +{ + echo "`date` Checking about the required packages and instal the misssing ones" >> ${logpath}/${logfile} + echo "`date` Checking the distro of the recovery VM .." >> ${logpath}/${logfile} + output=`which apt` + if [ $? -eq 0 ] + then + echo "`date` This is ubuntu VM" >> ${logpath}/${logfile} + apt-get install -y cryptsetup lvm2 >> ${logpath}/${logfile} + else + output=`which zypper` + if [ $? -eq 0 ] + then + echo "`date` This is a sles VM" >> ${logpath}/${logfile} + zypper --non-interactive --no-refresh install cryptsetup lvm2 + else + echo "`date` This a yum based distro" >> ${logpath}/${logfile} + yum install -y cryptsetup lvm2 + fi + fi +} setlog +install_required_packages duplication_validation create_mountpoints locatebekvol @@ -210,4 +244,4 @@ mount_boot unlock_root verify_root_unlock mount_encrypted -remount_boot +remount_boot \ No newline at end of file diff --git a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 b/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 deleted file mode 100644 index 701e6d4029b..00000000000 --- a/src/vm-repair/azext_vm_repair/scripts/linux-mount-encrypted-disk.sh.1 +++ /dev/null @@ -1,247 +0,0 @@ -#!/bin/bash -setlog () { - export logpath=/var/log/vmrepair - export logfile=vmrepair.log - mkdir -p ${logpath} - echo "`date` Initiating vmrepair mount script" >> ${logpath}/${logfile} -} - -trapper () { - trap 'catch $? $LINENO' ERR - catch () { - echo "`date` Trapped error code $1 on line $2" >> ${logpath}/${logfile} - } -} - -duplication_validation () { - trapper - #/boot/efi duplication validation - echo "`date` Validating boot/efi" >> ${logpath}/${logfile} - efi_cnt=`lsblk | grep -i "/boot/efi" | wc -l` - if [ "${efi_cnt}" -eq 2 ] - then - umount /boot/efi >> ${logpath}/${logfile} - fi -} - -locatebekvol () { - trapper - echo "`date` Locating BEK volume" >> ${logpath}/${logfile} - export bekdisk=`lsblk -l -o LABEL,NAME| grep BEK | awk '{print $NF}'` - if [ -z ${bekdisk} ] - then - echo "`date` No BEK disk found, cannot continue" >> ${logpath}/${logfile} - exit - else - echo "`date` the BEK Volume is ${bekdisk}" >> ${logpath}/${logfile} - export bekdisk=/dev/${bekdisk} - fi -} - -mountbekvol () { - trapper - echo "`date` Mounting BEK volume" >> ${logpath}/${logfile} - export bekmountpath=/mnt/azure_bek_disk/ - mkdir -p ${bekmountpath} - mount ${bekdisk} ${bekmountpath} - echo "`date` BEK Volume ${bekdisk} mounted on ${bekmountpath}" >> ${logpath}/${logfile} -} - -get_data_disk () { - trapper - echo "`date` Getting data disk" >> ${logpath}/${logfile} 2>&1 - export data_disk=`ls -la /dev/disk/azure/scsi1/lun0 | awk -F/ '{print "/dev/"$NF}'` - if [ -z ${data_disk} ] - then - echo "`date` OS disk attached as data disk was not found, cannot continue" >> ${logpath}/${logfile} - exit - else - echo "`date` The data disk is ${data_disk}" >> ${logpath}/${logfile} - fi -} - -create_mountpoints () { - trapper - echo "`date` Creating mountpoints" >> ${logpath}/${logfile} - mkdir /{investigateboot,investigateroot} -} - -rename_local_lvm () { - trapper - echo "`date` Renaming Local VG" >> ${logpath}/${logfile} - vgrename -y ${local_vg_list} rescuevg -} - -check_local_lvm () { - trapper -echo "`date` Checking Local LVM" >> ${logpath}/${logfile} -export local_vg_list=`vgs --noheadings -o vg_name| tr -d ' '` >> ${logpath}/${logfile} -local_vg_number=`vgs --noheadings -o vg_name | wc -l` >> ${logpath}/${logfile} -if [ ${local_vg_number} -eq 1 ] - then - echo "`date` 1 VG found, renaming it" >> ${logpath}/${logfile} - rename_local_lvm - else - echo "`date` VGs found different than 1, we found ${local_vg_number}" >> ${logpath}/${logfile} -fi -} - -data_os_lvm_check () { - trapper - echo "`date` Looking for LVM on the data disk" >> ${logpath}/${logfile} - export lvm_part=`fdisk -l ${data_disk} 2>&1 | grep -i lvm | awk '{print $1}'` >> ${logpath}/${logfile} - echo ${lvm_part} >> ${logpath}/${logfile} - if [ -z ${lvm_part} ] - then - #Updaing the below command to use lsblk instead of fdisk for accounting for different distros - #export root_part=`fdisk -l ${data_disk} 2>&1 | grep ^/ |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} - export root_part=`lsblk ${data_disk} -l -n -p 2>&1 | grep -w -v ${data_disk} |awk '$4 > 60000000{print $1}'` >> ${logpath}/${logfile} - echo "`date` LVM not found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} - else - #adding a check to see if the returned value is just the partition number or partition full path. - if grep -q ${data_disk} <<< ${lvm_part} - then - export root_part=${lvm_part} >> ${logpath}/${logfile} - else - export root_part=${data_disk}${lvm_part} >> ${logpath}/${logfile} - fi - echo "`date` LVM found on the data disk" >> ${logpath}/${logfile} - echo "`date` The OS partition on the data drive is ${root_part}" >> ${logpath}/${logfile} - fi -} - -locate_mount_data_boot () { - trapper - echo "`date` Locating the partitions on the data drive" >> ${logpath}/${logfile} - #export data_parts=`fdisk -l ${data_disk} 2>&1 | grep ^/ | awk '{print $1}'` >> ${logpath}/${logfile} - #The below is updated to use lsblk, as fdisk output is diffferent between distros while the lsblk command is the same. - export data_parts=`lsblk ${data_disk} -l -o name -n -p | grep -v -w ${data_disk}` >> ${logpath}/${logfile} - echo "`date` Your data partitions are: ${data_parts}" >> ${logpath}/${logfile} - - #create mountpoints for all the data parts - echo "`date` Creating mountpoints for all partitions on the data drive" >> ${logpath}/${logfile} - for dpart in ${data_parts} ; do echo "`date` Creating mountpoint for ${dpart}" >> ${logpath}/${logfile} ; mkdir -p /tmp${dpart} >> ${logpath}/${logfile} ; done - - #mount all partitions - echo "`date` Mounting all partitions on the data drive" >> ${logpath}/${logfile} - for part in ${data_parts} ; do echo "`date` Mounting ${part} on /tmp/${part}" >> ${logpath}/${logfile} ; mount ${part} /tmp${part} >> ${logpath}/${logfile} 2>&1 ; done - echo "`date`Locating luksheader" >> ${logpath}/${logfile} - export luksheaderpath=`find /tmp -name osluksheader` >> ${logpath}/${logfile} - echo "`date` The luksheader part is ${luksheaderpath}" >> ${logpath}/${logfile} - export boot_part=`df -h $luksheaderpath | grep ^/ |awk '{print $1}'` >> ${logpath}/${logfile} - echo "`date` The boot partition on the data disk is ${boot_part}" >> ${logpath}/${logfile} -} - -mount_cmd () { - trapper - echo "`date` Determine mount command" >> ${logpath}/${logfile} - mount_cmd=`mount -o nouuid 2> /dev/null` >> ${logpath}/${logfile} 2>&1 - if [ $? -gt 0 ] - then - export mount_cmd="mount" - else - export mount_cmd="mount -o nouuid" - fi -} - -mount_lvm () { - trapper - echo "`date` Mounting LVM structures found on ${root_part}" >> ${logpath}/${logfile} - #adding below lines to make sure that volume groups are activated before trying to mount. - vgs >> ${logpath}/${logfile} - vgchange -ay rootvg >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/rootlv /investigateroot >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/varlv /investigateroot/var/ >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/homelv /investigateroot/home >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/optlv /investigateroot/opt >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/usrlv /investigateroot/usr >> ${logpath}/${logfile} - ${mount_cmd} /dev/rootvg/tmplv /investigateroot/tmp >> ${logpath}/${logfile} - lsblk -f >> ${logpath}/${logfile} -} - -unlock_root () { - trapper - echo "`date` unlocking root with command: cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt" >> ${logpath}/${logfile} - cryptsetup luksOpen --key-file /mnt/azure_bek_disk/LinuxPassPhraseFileName --header /investigateboot/luks/osluksheader ${root_part} osencrypt >> ${logpath}/${logfile} -} - -verify_root_unlock () { - trapper - echo "`date` Verifying osencrypt unlock" >> ${logpath}/${logfile} - lsblk -f | grep osencrypt >> ${logpath}/${logfile} - if [ $? -gt 0 ] - then - echo "`date` device osencrypt was not found" >> ${logpath}/${logfile} - exit - else - echo "`date` device osencrypt found" >> ${logpath}/${logfile} - fi -} - -mount_encrypted () { - trapper - echo "`date` Mounting root" >> ${logpath}/${logfile} - if [ -z ${lvm_part} ] - then - echo "`date` Mounting /dev/mapper/osencrypt on /investigateroot" >> ${logpath}/${logfile} - ${mount_cmd} /dev/mapper/osencrypt /investigateroot >> ${logpath}/${logfile} - else - sleep 5 - mount_lvm - fi -} - -mount_boot () { - trapper - echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} - umount -l ${boot_part} >> ${logpath}/${logfile} - echo "`date` Mounting the boot partition ${boot_part} on /investigateboot" >> ${logpath}/${logfile} - ${mount_cmd} ${boot_part} /investigateboot/ >> ${logpath}/${logfile} -} - -remount_boot () { - trapper - echo "`date` Unmounting the boot partition ${boot_part} on the data drive from the temp mount" >> ${logpath}/${logfile} - umount -l ${boot_part} >> ${logpath}/${logfile} - echo "`date` Mounting the boot partition ${boot_part} on /investigateroot/boot" >> ${logpath}/${logfile} - ${mount_cmd} ${boot_part} /investigateroot/boot >> ${logpath}/${logfile} -} -install_required_packages() -{ - echo "`date` Checking about the required packages and instal the misssing ones" >> ${logpath}/${logfile} - echo "`date` Checking the distro of the recovery VM .." >> ${logpath}/${logfile} - output=`which apt` - if [ $? -eq 0 ] - then - echo "`date` This is ubuntu VM" >> ${logpath}/${logfile} - apt-get install -y cryptsetup lvm2 >> ${logpath}/${logfile} - else - output=`which zypper` - if [ $? -eq 0 ] - then - echo "`date` This is a sles VM" >> ${logpath}/${logfile} - zypper --non-interactive --no-refresh install cryptsetup lvm2 - else - echo "`date` This a yum based distro" >> ${logpath}/${logfile} - yum install -y cryptsetup lvm2 - fi - fi -} - -setlog -install_required_packages -duplication_validation -create_mountpoints -locatebekvol -mountbekvol -get_data_disk -check_local_lvm -data_os_lvm_check -mount_cmd -locate_mount_data_boot -mount_boot -unlock_root -verify_root_unlock -mount_encrypted -remount_boot \ No newline at end of file From f29dffa5ef1fd5eaf54e0b6df6d88a26aef9522d Mon Sep 17 00:00:00 2001 From: "jofrance@microsoft.com" Date: Thu, 18 Aug 2022 21:34:07 +0000 Subject: [PATCH 13/18] change format query tag validation to lower case --- src/vm-repair/azext_vm_repair/_validators.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vm-repair/azext_vm_repair/_validators.py b/src/vm-repair/azext_vm_repair/_validators.py index fd832cc32c0..88cd839316a 100644 --- a/src/vm-repair/azext_vm_repair/_validators.py +++ b/src/vm-repair/azext_vm_repair/_validators.py @@ -304,7 +304,7 @@ def fetch_repair_vm(namespace): # Find repair VM tag = _get_repair_resource_tag(namespace.resource_group_name, namespace.vm_name) try: - find_repair_command = 'az resource list --tag {tag} --query "[?type==\'Microsoft.Compute/virtualMachines\']" -o json' \ + find_repair_command = 'az resource list --tag {tag} --query "[?type==\'microsoft.compute/virtualmachines\']" -o json' \ .format(tag=tag) logger.info('Searching for repair-vm within subscription...') output = _call_az_command(find_repair_command) From 8e49f5ea970ba06dff9407d4b84813830274f6fc Mon Sep 17 00:00:00 2001 From: "jofrance@microsoft.com" Date: Fri, 19 Aug 2022 21:31:15 +0000 Subject: [PATCH 14/18] add second validation for tag casing --- src/vm-repair/azext_vm_repair/_validators.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vm-repair/azext_vm_repair/_validators.py b/src/vm-repair/azext_vm_repair/_validators.py index 88cd839316a..077513fbadc 100644 --- a/src/vm-repair/azext_vm_repair/_validators.py +++ b/src/vm-repair/azext_vm_repair/_validators.py @@ -304,7 +304,7 @@ def fetch_repair_vm(namespace): # Find repair VM tag = _get_repair_resource_tag(namespace.resource_group_name, namespace.vm_name) try: - find_repair_command = 'az resource list --tag {tag} --query "[?type==\'microsoft.compute/virtualmachines\']" -o json' \ + find_repair_command = 'az resource list --tag {tag} --query "[?type==\'microsoft.compute/virtualmachines\' || type==\'Microsoft.Compute/virtualMachines\']" -o json' \ .format(tag=tag) logger.info('Searching for repair-vm within subscription...') output = _call_az_command(find_repair_command) From 477673d8b14731e3c53e9449b87e78b195caa960 Mon Sep 17 00:00:00 2001 From: Haider Agha Date: Fri, 14 Oct 2022 01:59:16 -0400 Subject: [PATCH 15/18] fixes --- src/vm-repair/azext_vm_repair/_validators.py | 2 +- src/vm-repair/azext_vm_repair/custom.py | 6 +-- src/vm-repair/azext_vm_repair/repair_utils.py | 2 +- .../tests/latest/test_repair_commands.py | 42 ++++++++++--------- 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/_validators.py b/src/vm-repair/azext_vm_repair/_validators.py index 22277011c0b..e5d08f31c37 100644 --- a/src/vm-repair/azext_vm_repair/_validators.py +++ b/src/vm-repair/azext_vm_repair/_validators.py @@ -87,7 +87,7 @@ def validate_create(cmd, namespace): # Validate vm password validate_vm_password(namespace.repair_password, is_linux) # Prompt input for public ip usage - if not namespace.associate_public_ip: + if (not namespace.associate_public_ip) and (not namespace.yes): _prompt_public_ip(namespace) diff --git a/src/vm-repair/azext_vm_repair/custom.py b/src/vm-repair/azext_vm_repair/custom.py index 751ced9b8c3..8e972ac1fbb 100644 --- a/src/vm-repair/azext_vm_repair/custom.py +++ b/src/vm-repair/azext_vm_repair/custom.py @@ -45,9 +45,10 @@ logger = get_logger(__name__) -def create(cmd, vm_name, resource_group_name, repair_password=None, repair_username=None, repair_vm_name=None, copy_disk_name=None, repair_group_name=None, unlock_encrypted_vm=False, enable_nested=False, associate_public_ip=False, distro='ubuntu'): +def create(cmd, vm_name, resource_group_name, repair_password=None, repair_username=None, repair_vm_name=None, copy_disk_name=None, repair_group_name=None, unlock_encrypted_vm=False, enable_nested=False, associate_public_ip=False, distro='ubuntu', yes=False): # Init command helper object command = command_helper(logger, cmd, 'vm repair create') + logger.debug("value for yes is %s", yes) # Main command calling block try: # Fetch source VM data @@ -64,13 +65,12 @@ def create(cmd, vm_name, resource_group_name, repair_password=None, repair_usern created_resources = [] # Fetch OS image urn and set OS type for disk create - if is_linux: + if is_linux and _uses_managed_disk(source_vm): # os_image_urn = "UbuntuLTS" os_type = 'Linux' hyperV_generation_linux = _check_linux_hyperV_gen(source_vm) if hyperV_generation_linux == 'V2': logger.info('Generation 2 VM detected, RHEL/Centos/Oracle 6 distros not available to be used for rescue VM ') - logger.debug('gen2 machine detected') os_image_urn = _select_distro_linux_gen2(distro) else: os_image_urn = _select_distro_linux(distro) diff --git a/src/vm-repair/azext_vm_repair/repair_utils.py b/src/vm-repair/azext_vm_repair/repair_utils.py index 3205afb6e1a..5cf82462843 100644 --- a/src/vm-repair/azext_vm_repair/repair_utils.py +++ b/src/vm-repair/azext_vm_repair/repair_utils.py @@ -358,7 +358,7 @@ def _check_linux_hyperV_gen(source_vm): .format(i=disk_id) hyperVGen = loads(_call_az_command(show_disk_command)) if hyperVGen != 'V2': - logger.info('Trying to check on the source VM if it has the parameter of gen2') + logger.info('Checking if source VM is gen2') # if image is created from Marketplace gen2 image , the disk will not have the mark for gen2 fetch_hypervgen_command = 'az vm get-instance-view --ids {id} --query "[instanceView.hyperVGeneration]" -o json'.format(id=source_vm.id) hyperVGen_list = loads(_call_az_command(fetch_hypervgen_command)) diff --git a/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py b/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py index c59af8abbc2..4d926fa89fb 100644 --- a/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py +++ b/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py @@ -4,6 +4,8 @@ # -------------------------------------------------------------------------------------------- # pylint: disable=line-too-long, unused-argument import time + +import pytest from azure.cli.testsdk import LiveScenarioTest, ResourceGroupPreparer STATUS_SUCCESS = 'SUCCESS' @@ -24,7 +26,7 @@ def test_vmrepair_WinManagedCreateRestore(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 -o json --yes').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -58,7 +60,7 @@ def test_vmrepair_WinUnmanagedCreateRestore(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -77,9 +79,10 @@ def test_vmrepair_WinUnmanagedCreateRestore(self, resource_group): assert source_vm['storageProfile']['osDisk']['vhd']['uri'] == result['copied_disk_uri'] +@pytest.mark.linux class LinuxManagedDiskCreateRestoreTest(LiveScenarioTest): - @ResourceGroupPreparer(location='westus2') + @ResourceGroupPreparer(location='eastus') def test_vmrepair_LinuxManagedCreateRestore(self, resource_group): self.kwargs.update({ 'vm': 'vm1' @@ -92,7 +95,7 @@ def test_vmrepair_LinuxManagedCreateRestore(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -111,9 +114,10 @@ def test_vmrepair_LinuxManagedCreateRestore(self, resource_group): assert source_vm['storageProfile']['osDisk']['name'] == result['copied_disk_name'] +@pytest.mark.linux class LinuxUnmanagedDiskCreateRestoreTest(LiveScenarioTest): - @ResourceGroupPreparer(location='westus2') + @ResourceGroupPreparer(location='eastus') def test_vmrepair_LinuxUnmanagedCreateRestore(self, resource_group): self.kwargs.update({ 'vm': 'vm1' @@ -126,7 +130,7 @@ def test_vmrepair_LinuxUnmanagedCreateRestore(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -160,7 +164,7 @@ def test_vmrepair_WinManagedCreateRestorePublicIp(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -194,7 +198,7 @@ def test_vmrepair_WinUnmanagedCreateRestorePublicIp(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -215,7 +219,7 @@ def test_vmrepair_WinUnmanagedCreateRestorePublicIp(self, resource_group): class LinuxManagedDiskCreateRestoreTestwithpublicip(LiveScenarioTest): - @ResourceGroupPreparer(location='westus2') + @ResourceGroupPreparer(location='eastus') def test_vmrepair_LinuxManagedCreateRestorePublicIp(self, resource_group): self.kwargs.update({ 'vm': 'vm1' @@ -228,7 +232,7 @@ def test_vmrepair_LinuxManagedCreateRestorePublicIp(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -262,7 +266,7 @@ def test_vmrepair_LinuxUnmanagedCreateRestorePublicIp(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -315,7 +319,7 @@ def test_vmrepair_WinSinglepassKekEncryptedManagedDiskCreateRestore(self, resour self.cmd('vm encryption enable -g {rg} -n {vm} --disk-encryption-keyvault {kv} --key-encryption-key {key}') # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -370,7 +374,7 @@ def test_vmrepair_LinuxSinglepassKekEncryptedManagedDiskCreateRestore(self, reso time.sleep(300) # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -415,7 +419,7 @@ def test_vmrepair_WinSinglepassNoKekEncryptedManagedDiskCreateRestore(self, reso self.cmd('vm encryption enable -g {rg} -n {vm} --disk-encryption-keyvault {kv}') # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -462,7 +466,7 @@ def test_vmrepair_LinuxSinglepassNoKekEncryptedManagedDiskCreateRestoreTest(self time.sleep(300) # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -538,7 +542,7 @@ def test_vmrepair_WinManagedCreateRestoreGen2(self, resource_group): assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -592,7 +596,7 @@ def test_vmrepair_LinuxSinglepassKekEncryptedManagedDiskCreateRestoreRHEL8(self, time.sleep(300) # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro rhel8 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro rhel8 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -638,7 +642,7 @@ def test_vmrepair_LinuxSinglepassNoKekEncryptedManagedDiskCreateRestoreTestSLES1 time.sleep(300) # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro sles15 --unlock-encrypted-vm -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro sles15 --unlock-encrypted-vm --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM @@ -671,7 +675,7 @@ def test_vmrepair_LinuxManagedCreateRestoreOracle8PublicIp(self, resource_group) assert len(vms) == 1 # Test create - result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro oracle8 --associate-public-ip -o json').get_output_in_json() + result = self.cmd('vm repair create -g {rg} -n {vm} --repair-username azureadmin --repair-password !Passw0rd2018 --distro oracle8 --yes -o json').get_output_in_json() assert result['status'] == STATUS_SUCCESS, result['error_message'] # Check repair VM From da3e88e500d1a5fc9f9e5190dcde6d19242a3d8d Mon Sep 17 00:00:00 2001 From: Haider Agha Date: Fri, 14 Oct 2022 02:47:53 -0400 Subject: [PATCH 16/18] adding help --- src/vm-repair/azext_vm_repair/_params.py | 1 + .../azext_vm_repair/tests/latest/test_repair_commands.py | 1 + 2 files changed, 2 insertions(+) diff --git a/src/vm-repair/azext_vm_repair/_params.py b/src/vm-repair/azext_vm_repair/_params.py index e6091691ec8..8312dea3220 100644 --- a/src/vm-repair/azext_vm_repair/_params.py +++ b/src/vm-repair/azext_vm_repair/_params.py @@ -32,6 +32,7 @@ def load_arguments(self, _): c.argument('enable_nested', help='enable nested hyperv.') c.argument('associate_public_ip', help='Option to create repair vm with public ip') c.argument('distro', help='Option to create repair vm from a specific linux distro (rhel7|rhel8|suse12|ubuntu20|centos7|oracle7)') + c.argument('yes', help='Option to skip associate_public_ip prompt and confirm yes to it in no Tty mode') with self.argument_context('vm repair restore') as c: c.argument('repair_vm_id', help='Repair VM resource id.') diff --git a/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py b/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py index 4d926fa89fb..994f6ad6314 100644 --- a/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py +++ b/src/vm-repair/azext_vm_repair/tests/latest/test_repair_commands.py @@ -285,6 +285,7 @@ def test_vmrepair_LinuxUnmanagedCreateRestorePublicIp(self, resource_group): assert source_vm['storageProfile']['osDisk']['vhd']['uri'] == result['copied_disk_uri'] +@pytest.mark.encryption class WindowsSinglepassKekEncryptedManagedDiskCreateRestoreTest(LiveScenarioTest): @ResourceGroupPreparer(location='westus2') From 2f9776ab0a749e9a628091c3cb80112b62ffe963 Mon Sep 17 00:00:00 2001 From: Haider Agha Date: Tue, 18 Oct 2022 11:25:38 -0400 Subject: [PATCH 17/18] fixing static analysis --- src/vm-repair/azext_vm_repair/custom.py | 5 ++--- src/vm-repair/azext_vm_repair/repair_utils.py | 1 + 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/vm-repair/azext_vm_repair/custom.py b/src/vm-repair/azext_vm_repair/custom.py index 98bf096c6ba..09b0ac8685e 100644 --- a/src/vm-repair/azext_vm_repair/custom.py +++ b/src/vm-repair/azext_vm_repair/custom.py @@ -144,15 +144,14 @@ def create(cmd, vm_name, resource_group_name, repair_password=None, repair_usern # linux with encryption _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username) _unlock_encrypted_vm_run(repair_vm_name, repair_group_name, is_linux) - - if is_linux and (not unlock_encrypted_vm): + + if is_linux and (not unlock_encrypted_vm): # linux without encryption _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username, fix_uuid=True) logger.info('Attaching copied disk to repair VM as data disk...') attach_disk_command = "az vm disk attach -g {g} --name {disk_id} --vm-name {vm_name} ".format(g=repair_group_name, disk_id=copy_disk_id, vm_name=repair_vm_name) _call_az_command(attach_disk_command) - # UNMANAGED DISK else: logger.info('Source VM uses unmanaged disks. Creating repair VM with unmanaged disks.\n') diff --git a/src/vm-repair/azext_vm_repair/repair_utils.py b/src/vm-repair/azext_vm_repair/repair_utils.py index 49b0cf7bc8d..efe37ddf49a 100644 --- a/src/vm-repair/azext_vm_repair/repair_utils.py +++ b/src/vm-repair/azext_vm_repair/repair_utils.py @@ -690,6 +690,7 @@ def _unlock_encrypted_vm_run(repair_vm_name, repair_group_name, is_linux): if stderr: logger.warning('Encryption unlock script error was generated:\n%s', stderr) + def _create_repair_vm(copy_disk_id, create_repair_vm_command, repair_password, repair_username, fix_uuid=False): if not fix_uuid: create_repair_vm_command += ' --attach-data-disks {id}'.format(id=copy_disk_id) From 13b2bc2f4658e32cb567699a6986f4dabf9c00f2 Mon Sep 17 00:00:00 2001 From: Haider Agha Date: Mon, 24 Oct 2022 12:22:35 -0400 Subject: [PATCH 18/18] history and bump version --- src/vm-repair/HISTORY.rst | 4 ++++ src/vm-repair/azext_vm_repair/_params.py | 2 +- src/vm-repair/setup.py | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/vm-repair/HISTORY.rst b/src/vm-repair/HISTORY.rst index ee30596bf7e..5724981f511 100644 --- a/src/vm-repair/HISTORY.rst +++ b/src/vm-repair/HISTORY.rst @@ -2,6 +2,10 @@ Release History =============== +0.4.8 +++++++ +Fix for encrypted vm's and fixing test cases + 0.4.7 ++++++ Setting subscription account for reset-nic diff --git a/src/vm-repair/azext_vm_repair/_params.py b/src/vm-repair/azext_vm_repair/_params.py index 8312dea3220..a5e132f2a33 100644 --- a/src/vm-repair/azext_vm_repair/_params.py +++ b/src/vm-repair/azext_vm_repair/_params.py @@ -32,7 +32,7 @@ def load_arguments(self, _): c.argument('enable_nested', help='enable nested hyperv.') c.argument('associate_public_ip', help='Option to create repair vm with public ip') c.argument('distro', help='Option to create repair vm from a specific linux distro (rhel7|rhel8|suse12|ubuntu20|centos7|oracle7)') - c.argument('yes', help='Option to skip associate_public_ip prompt and confirm yes to it in no Tty mode') + c.argument('yes', help='Option to skip prompt for associating public ip and confirm yes to it in no Tty mode') with self.argument_context('vm repair restore') as c: c.argument('repair_vm_id', help='Repair VM resource id.') diff --git a/src/vm-repair/setup.py b/src/vm-repair/setup.py index 84eee56eec0..f4f0da7ba68 100644 --- a/src/vm-repair/setup.py +++ b/src/vm-repair/setup.py @@ -8,7 +8,7 @@ from codecs import open from setuptools import setup, find_packages -VERSION = "0.4.7" +VERSION = "0.4.8" CLASSIFIERS = [ 'Development Status :: 4 - Beta',