rbd: log stdError for cryptosetup command

If we hit any error while running the cryptosetup
commands we are logging only the error message.
with only error message it is difficult to analyze
the problem, logging the stdError will help us to
check what is the problem.

updates: ceph#2610

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

internal/util/crypto.go

@@ -196,40 +196,44 @@ func VolumeMapper(volumeID string) (mapperFile, mapperFilePath string) {
 
 // EncryptVolume encrypts provided device with LUKS.
 func EncryptVolume(ctx context.Context, devicePath, passphrase string) error {
-	log.DebugLog(ctx, "Encrypting device %s with LUKS", devicePath)
-	if _, _, err := LuksFormat(devicePath, passphrase); err != nil {
-		return fmt.Errorf("failed to encrypt device %s with LUKS: %w", devicePath, err)
+	log.DebugLog(ctx, "Encrypting device %q	 with LUKS", devicePath)
+	_, stdErr, err := LuksFormat(devicePath, passphrase)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to encrypt device %q with LUKS (%v): %s", devicePath, err, stdErr)
 	}
 
-	return nil
+	return err
 }
 
 // OpenEncryptedVolume opens volume so that it can be used by the client.
 func OpenEncryptedVolume(ctx context.Context, devicePath, mapperFile, passphrase string) error {
-	log.DebugLog(ctx, "Opening device %s with LUKS on %s", devicePath, mapperFile)
-	_, stderr, err := LuksOpen(devicePath, mapperFile, passphrase)
-	if err != nil {
-		log.ErrorLog(ctx, "failed to open LUKS device %q: %s", devicePath, stderr)
+	log.DebugLog(ctx, "Opening device %q with LUKS on %q", devicePath, mapperFile)
+	_, stdErr, err := LuksOpen(devicePath, mapperFile, passphrase)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to open device %q (%v): %s", devicePath, err, stdErr)
 	}
 
 	return err
 }
 
 // ResizeEncryptedVolume resizes encrypted volume so that it can be used by the client.
 func ResizeEncryptedVolume(ctx context.Context, mapperFile string) error {
-	log.DebugLog(ctx, "Resizing LUKS device %s", mapperFile)
-	_, stderr, err := LuksResize(mapperFile)
-	if err != nil {
-		log.ErrorLog(ctx, "failed to resize LUKS device %s: %s", mapperFile, stderr)
+	log.DebugLog(ctx, "Resizing LUKS device %q", mapperFile)
+	_, stdErr, err := LuksResize(mapperFile)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to resize LUKS device %q (%v): %s", mapperFile, err, stdErr)
 	}
 
 	return err
 }
 
 // CloseEncryptedVolume closes encrypted volume so it can be detached.
 func CloseEncryptedVolume(ctx context.Context, mapperFile string) error {
-	log.DebugLog(ctx, "Closing LUKS device %s", mapperFile)
-	_, _, err := LuksClose(mapperFile)
+	log.DebugLog(ctx, "Closing LUKS device %q", mapperFile)
+	_, stdErr, err := LuksClose(mapperFile)
+	if err != nil || stdErr != "" {
+		log.ErrorLog(ctx, "failed to close LUKS device %q (%v): %s", mapperFile, err, stdErr)
+	}
 
 	return err
 }
@@ -249,13 +253,13 @@ func DeviceEncryptionStatus(ctx context.Context, devicePath string) (mappedDevic
 		return devicePath, "", nil
 	}
 	mapPath := strings.TrimPrefix(devicePath, mapperFilePathPrefix+"/")
-	stdout, _, err := LuksStatus(mapPath)
-	if err != nil {
-		log.DebugLog(ctx, "device %s is not an active LUKS device: %v", devicePath, err)
+	stdout, stdErr, err := LuksStatus(mapPath)
+	if err != nil || stdErr != "" {
+		log.DebugLog(ctx, "%q is not an active LUKS device (%v): %s", devicePath, err, stdErr)
 
 		return devicePath, "", nil
 	}
-	lines := strings.Split(string(stdout), "\n")
+	lines := strings.Split(stdout, "\n")
 	if len(lines) < 1 {
 		return "", "", fmt.Errorf("device encryption status returned no stdout for %s", devicePath)
 	}

internal/util/cryptsetup.go

@@ -24,7 +24,7 @@ import (
 )
 
 // LuksFormat sets up volume as an encrypted LUKS partition.
-func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error) {
+func LuksFormat(devicePath, passphrase string) (string, string, error) {
 	return execCryptsetupCommand(
 		&passphrase,
 		"-q",
@@ -39,28 +39,28 @@ func LuksFormat(devicePath, passphrase string) (stdout, stderr []byte, err error
 }
 
 // LuksOpen opens LUKS encrypted partition and sets up a mapping.
-func LuksOpen(devicePath, mapperFile, passphrase string) (stdout, stderr []byte, err error) {
+func LuksOpen(devicePath, mapperFile, passphrase string) (string, string, error) {
 	// cryptsetup option --disable-keyring (introduced with cryptsetup v2.0.0)
 	// will be ignored with luks1
 	return execCryptsetupCommand(&passphrase, "luksOpen", devicePath, mapperFile, "--disable-keyring", "-d", "/dev/stdin")
 }
 
 // LuksResize resizes LUKS encrypted partition.
-func LuksResize(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksResize(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "resize", mapperFile)
 }
 
 // LuksClose removes existing mapping.
-func LuksClose(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksClose(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "luksClose", mapperFile)
 }
 
 // LuksStatus returns encryption status of a provided device.
-func LuksStatus(mapperFile string) (stdout, stderr []byte, err error) {
+func LuksStatus(mapperFile string) (string, string, error) {
 	return execCryptsetupCommand(nil, "status", mapperFile)
 }
 
-func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte, err error) {
+func execCryptsetupCommand(stdin *string, args ...string) (string, string, error) {
 	var (
 		program       = "cryptsetup"
 		cmd           = exec.Command(program, args...) // #nosec:G204, commands executing not vulnerable.
@@ -74,11 +74,14 @@ func execCryptsetupCommand(stdin *string, args ...string) (stdout, stderr []byte
 	if stdin != nil {
 		cmd.Stdin = strings.NewReader(*stdin)
 	}
+	err := cmd.Run()
+	stdout := stdoutBuf.String()
+	stderr := stderrBuf.String()
 
-	if err := cmd.Run(); err != nil {
-		return stdoutBuf.Bytes(), stderrBuf.Bytes(), fmt.Errorf("an error (%v)"+
+	if err != nil {
+		return stdout, stderr, fmt.Errorf("an error (%v)"+
 			" occurred while running %s args: %v", err, program, sanitizedArgs)
 	}
 
-	return stdoutBuf.Bytes(), nil, nil
+	return stdout, stderr, err
 }