From 4bde1b963f422ed47c63215e0752f74f79aac0f6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 23 Jul 2021 16:54:57 -0400 Subject: [PATCH] Transfer encryption key on capture --- imgutil/imgutil | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/imgutil/imgutil b/imgutil/imgutil index 33004565..5f14ee6f 100644 --- a/imgutil/imgutil +++ b/imgutil/imgutil @@ -138,8 +138,10 @@ def capture_remote(opts, args): targ = args[0] outdir = args[1] os.umask(0o022) - if '/' not in outdir: - outdir = os.path.join('/var/lib/confluent/public/os/', outdir) + if '/' in outdir: + raise Exception('Full path not supported, supply only the profile name') + outdir = os.path.join('/var/lib/confluent/public/os/', outdir) + privdir = os.path.join('/var/lib/confluent/private/os/', outdir) # need kernel, initramfs, shim, grub # maybe break pack_image into three, one that is common to call # with here locally, @@ -159,7 +161,12 @@ def capture_remote(opts, args): utillib = os.path.join(utillib, '{}/dracut/'.format(oscat)) subprocess.check_call(['rsync', '-a', utillib, '{0}:/usr/lib/dracut/modules.d/97confluent'.format(targ)]) subprocess.check_call(['ssh', '-t', targ, 'python3', '/run/imgutil/capenv/imgutil', 'capturelocalboot']) + sys.stdout.write('Transferring image...') + sys.stdout.flush() subprocess.check_call(['rsync', '-a', '{0}:/run/imgutil/capout/'.format(targ), outdir]) + subprocess.check_call(['rsync', '-a', '{0}:/run/imgutil/private.key'.format(targ), '{}/pending/rootimg.key'.format(privdir)]) + sys.stdout.write('Done\n') + sys.stdout.flush() subprocess.check_call(['ssh', '-t', targ, 'python3', '/run/imgutil/capenv/imgutil', 'capturelocalcleanup']) profname = os.path.basename(outdir) os.symlink('/var/lib/confluent/public/site/initramfs.cpio',