Skip to content

Support for in-place re-encryption, encryption, decryption#1257

Merged
mulkieran merged 12 commits intostratis-storage:masterfrom
mulkieran:issue-stratisd-3597
Apr 21, 2026
Merged

Support for in-place re-encryption, encryption, decryption#1257
mulkieran merged 12 commits intostratis-storage:masterfrom
mulkieran:issue-stratisd-3597

Conversation

@mulkieran
Copy link
Copy Markdown
Member

@mulkieran mulkieran commented Jan 15, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • New Features

    • Added pool encryption management: encrypt unencrypted pools, decrypt encrypted pools, and re-encrypt with a new master key
    • Pool information now displays the "Last Time Reencrypted" timestamp to track encryption operation history
    • Support for in-place encryption operations to enable long-running encryption transactions

  • Improvements

    • Reduced D-Bus timeout from 120 to 60 seconds to improve responsiveness

@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented Jan 15, 2026

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

  • sudo dnf install -y 'dnf*-command(copr)'
  • dnf copr enable packit/stratis-storage-stratis-cli-1257-copr_pull
  • And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch 2 times, most recently from d535137 to b3e85bf Compare January 15, 2026 17:18
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 15, 2026
edited
Loading

Right now, we do have the option of making the timeout shorter for our long-running operations than for our other operations. The best way to do this properly is to import only the methods we need in building the dbus-python-client-gen methods and do it exactly where the methods are used. We could still use the public make_class method, but modify the spec file passed to it.

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from 816930b to 04dfaf9 Compare January 15, 2026 18:40
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 16, 2026

Long running operation decorator needs to specify the function that is allowed to run for a long time. Otherwise, if it's GetManagedObjects that is the long-running function, "Operation initiated" may be erroneously returned. Should allow it to take a list argument, just to be on the safe side.

@jbaublitz
Copy link
Copy Markdown
Member

jbaublitz commented Jan 16, 2026

Just one observation: I don't think GetManagedObjects every can be the long-running operation in the current state of stratisd but I'm aware that could change in the future with changes to our locking.

@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 16, 2026
edited
Loading

Just one observation: I don't think GetManagedObjects every can be the long-running operation in the current state of stratisd but I'm aware that could change in the future with changes to our locking.

In a bunch of method we call GetManagedObjects() first and then, e.g., EncryptPool. If GetManagedObjects is the method that times out, we need to treat that as an actual timeout..., with the non-specific decorator on the Python methods stratis-cli is reporting "Operation initiated" on a GetManagedObjects timeout, which is wrong. That's what needs to be fixed.

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from fbae33b to 44a7c56 Compare January 16, 2026 16:10
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from 44a7c56 to 2c7de08 Compare January 25, 2026 23:39
@mulkieran mulkieran mentioned this pull request Jan 26, 2026
Merged
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from f5b8dc0 to 7548550 Compare January 28, 2026 18:11
@mulkieran mulkieran mentioned this pull request Jan 28, 2026
Merged
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 28, 2026

I do not know why building stratisd man pages was failing...but we do not need those pages built to test stratisd, so I'm just fixing that in the most basic way.

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from 7548550 to 4f0ec4c Compare January 28, 2026 20:37
@mulkieran mulkieran self-assigned this Jan 28, 2026
@mulkieran mulkieran added this to the v3.9.0 milestone Jan 28, 2026
@mulkieran mulkieran moved this to In Progress in 2026January Jan 28, 2026
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch 2 times, most recently from 7826449 to db3c0ab Compare January 29, 2026 14:55
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 29, 2026

Ok. Redirects are working....

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch 3 times, most recently from 62146b1 to b635291 Compare January 29, 2026 18:06
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Jan 29, 2026

Works again...

@mulkieran mulkieran moved this from In Progress to In Review in 2026January Jan 29, 2026
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch 3 times, most recently from 9f0dde8 to a68cb52 Compare January 29, 2026 23:49
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from b3aa925 to 654082b Compare March 30, 2026 19:00
@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Mar 30, 2026

rebased, conflicts resolved.

@mulkieran
Copy link
Copy Markdown
Member Author

mulkieran commented Mar 30, 2026

Need to catch a few more exceptions.

@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch 2 times, most recently from 13de65b to afe8ada Compare April 6, 2026 19:05
@mulkieran mulkieran removed this from 2026March Apr 11, 2026
@mulkieran mulkieran moved this to In Review in 2026April Apr 11, 2026
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from afe8ada to 588d141 Compare April 13, 2026 21:36
@mulkieran
Update introspection data
8cfa6d7 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Set up clevis + keyring options for sharing
7a6b5d3 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Add commands for encrypt, re-encrypt, and unencrypt
12d54ec 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Test parsing clevis options in encryption on
8fdd64f 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Add an --in-place option
6d047a7 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Half D-Bus timeout
a590c2d 
We had it as high as two minutes to give a chance of returning on fairly
long-running task, like creating encrypted pools, since each device had
to be separately encrypted. We do not do that anymore, as the whole pool
is encrypted these days, so the create method returns faster.

We are about to introduce really long running commands, where 120
minutes will not be enough in almost all cases.

So shortening the D-Bus timeout seems like a reasonable thing to do.

60 seconds is a plenty long time to wait for any error messsages that
stratisd might return.

Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Add a decorator for our long running operations
9053613 
This way we can relatively cheaply avoid printing the timeout error
message and return a zero exit code on the timeout.

Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Display last time re-encrypted in pool detail view
aa46061 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Add man page entries for the moved subcommands
d70d14d 
These are bind, unbind, and rebind. The new commands use the
mandatory --name, --uuid option mechanism for specifying the pool to
operate on, while the old commands just used name.

Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from 588d141 to c4df279 Compare April 21, 2026 00:06
@mulkieran
man: Add entries for encryption on, off, and re-encrypt
3221491 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
man: Add entry for the "Last Time Reencrypted" field
7e12d43 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran
Time out after ten seconds for long-running methods
1c9b873 
Signed-off-by: mulhern <amulhern@redhat.com>
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from c4df279 to 39d133e Compare April 21, 2026 00:10
@mulkieran mulkieran removed the request for review from drckeefe April 21, 2026 15:48
@mulkieran mulkieran changed the title Issue stratisd 3597 Support for in-place re-encryption, encryption, decryption Apr 21, 2026
@mulkieran mulkieran force-pushed the issue-stratisd-3597 branch from 39d133e to 1c9b873 Compare April 21, 2026 16:54
@mulkieran mulkieran marked this pull request as ready for review April 21, 2026 16:54
@mulkieran mulkieran merged commit da5df5a into stratis-storage:master Apr 21, 2026
9 checks passed
@github-project-automation github-project-automation Bot moved this from In Review to Done in 2026April Apr 21, 2026
@mulkieran mulkieran deleted the issue-stratisd-3597 branch April 21, 2026 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jbaublitz jbaublitz jbaublitz approved these changes

Assignees

@mulkieran mulkieran

Labels

None yet

Projects

2026April
Status: Done

Milestone

v3.9.0

Development

Successfully merging this pull request may close these issues.

3 participants

@mulkieran @jbaublitz @fsuba