Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow setting journal size and tag size for integrity metadata pre-allocations on create #1110

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

mulkieran
Copy link
Member

No description provided.

@mulkieran mulkieran self-assigned this Nov 27, 2024
@mulkieran mulkieran force-pushed the integrity-pre branch 4 times, most recently from 059e7ab to 5bd84c3 Compare November 27, 2024 19:41
@mulkieran
Copy link
Member Author

mulkieran commented Dec 2, 2024

Current pool create help text:

usage: stratis pool create [-h] [--clevis {nbde,tang,tpm2}]
                           [--tang-url TANG_URL]
                           [--trust-url | --thumbprint THUMBPRINT]
                           [--journal-size JOURNAL_SIZE] [--tag-size TAG_SIZE]
                           [--key-desc KEY_DESC] [--no-overprovision]
                           pool_name blockdevs [blockdevs ...]

positional arguments:
  pool_name             Name of new pool
  blockdevs             Create the pool using these block devs

options:
  -h, --help            show this help message and exit
  --key-desc KEY_DESC   Key description of key in kernel keyring to use for
                        encryption
  --no-overprovision    Do not allow the sum of the logical size of the pool's
                        filesystems to exceed the size of the pool's data
                        area.

clevis:
  Arguments controlling creation with Clevis encryption

  --clevis {nbde,tang,tpm2}
                        Specification for binding with Clevis.
  --tang-url TANG_URL   URL of Clevis tang server (--clevis=[tang|nbde] must
                        be set)
  --trust-url           Omit verification of tang server credentials (--tang-
                        url option must be set)
  --thumbprint THUMBPRINT
                        Thumbprint of tang server (--tang-url option must be
                        set)

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The size of must be a multiple of 4 KiB.
  --tag-size TAG_SIZE   Size of tag to use to verify correctness of 4KiB
                        block, e.g, 64B. Must be a power of 2 and less than
                        128B.

We could call the two newly added options, --integrity-journal-size and --integrity-tag-size.

@mulkieran mulkieran requested a review from drckeefe December 2, 2024 15:45
@mulkieran
Copy link
Member Author

man pages not yet written.

@mulkieran mulkieran changed the title Integrity pre Allow setting journal size and tag size for integrity metadata pre-allocations on create Dec 4, 2024
@mulkieran mulkieran force-pushed the integrity-pre branch 3 times, most recently from 459ef4c to 9024bd6 Compare December 17, 2024 18:08
@mulkieran
Copy link
Member Author

New help text:

$ PYTHONPATH=./src ./bin/stratis pool create --help
usage: stratis pool create [-h] [--clevis {nbde,tang,tpm2}]
                           [--tang-url TANG_URL]
                           [--trust-url | --thumbprint THUMBPRINT]
                           [--journal-size JOURNAL_SIZE]
                           [--tag-spec {0b,32b,512b}] [--key-desc KEY_DESC]
                           [--no-overprovision]
                           pool_name blockdevs [blockdevs ...]

positional arguments:
  pool_name             Name of new pool
  blockdevs             Create the pool using these block devs

options:
  -h, --help            show this help message and exit
  --key-desc KEY_DESC   Key description of key in kernel keyring to use for
                        encryption
  --no-overprovision    Do not allow the sum of the logical size of the pool's
                        filesystems to exceed the size of the pool's data
                        area.

clevis:
  Arguments controlling creation with Clevis encryption

  --clevis {nbde,tang,tpm2}
                        Specification for binding with Clevis.
  --tang-url TANG_URL   URL of Clevis tang server (--clevis=[tang|nbde] must
                        be set)
  --trust-url           Omit verification of tang server credentials (--tang-
                        url option must be set)
  --thumbprint THUMBPRINT
                        Thumbprint of tang server (--tang-url option must be
                        set)

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The size of the journal must be a multiple of
                        4 KiB.
  --tag-spec {0b,32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. stratisd chooses a default
                        specification if none is given.

@mulkieran
Copy link
Member Author

squashed

"checksum or other value for each "
"block on a device. stratisd chooses "
"a default specification if none is "
"given."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some information about what the defaults might be and would the choices be in bytes or bits could help users.

@mulkieran mulkieran force-pushed the integrity-pre branch 2 times, most recently from 2bf50e8 to 5703023 Compare December 18, 2024 17:39
@mulkieran
Copy link
Member Author

Revised help text:

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The default is 128 MiB. Specify 0B if you
                        have determined that you will never make use of
                        integrity features.
  --tag-spec {0b,32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. All size specifications are in
                        bits. The default is 512b. Specify 0b if you have
                        determined that you will never make use of integrity
                        features.

stratis will implement these defaults. At present they coincide with the stratisd defaults.

@mulkieran
Copy link
Member Author

Or...

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --integrity {no, pre-allocate, yes}                   # yes will not be available in the CLI yet
        no if this pool will never make use of integrity features.
        pre-allocate if this pool should pre-allocate space so that
        integrity features can be turned on later. The default is
        pre-allocate.

  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The default is 128 MiB.

  --tag-spec {32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. All size specifications are in
                        bits. The default is 512b.

If --integrity is set to "no" the two other options will be rejected if set by the user. If to pre-allocate, they are still optional.

In future, we can use the same options for "yes" as we do for pre-allocate.

@mulkieran
Copy link
Member Author

New look is:

integrity:
  Optional parameters for configuring integrity metadata pre-allocation

  --integrity {no,pre-allocate}
                        Integrity options for this pool. If "no" no space will
                        be allocated for integrity metadata and it will never
                        be possible to turn on integrity functionality for
                        this pool. If "pre-allocate" then space will be
                        allocated for integrity metadata and it will be
                        possible to switch on integrity functionality in
                        future. The default is "pre-allocate".
  --journal-size JOURNAL_SIZE
                        Size of integrity device's journal. Each block is
                        written to this journal before being written to its
                        address. The default is 128 MiB.
  --tag-spec {32b,512b}
                        Integrity tag specification defining the size of the
                        tag used to store a checksum or other value for each
                        block on a device. All size specifications are in
                        bits. The default is 512b.

@mulkieran mulkieran force-pushed the integrity-pre branch 3 times, most recently from 341adbc to f2f86ae Compare December 21, 2024 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: In Progress
Development

Successfully merging this pull request may close these issues.

2 participants