diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index ddee6bd04fbe738aa745c48ec9cd9ecad20eed5d..8f5183ba18defdfc9e1e8eefc155cb7ccb923b6b 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -7,6 +7,7 @@
## Features
- cta/CTA#1054 - Fix filing of disk buffer when recalling from tapeservers with RAO
- cta/CTA#1076 - Retrieve fails if disk system configuration is removed
+- cta/CTA#1087 - Add new tapeserver config option UseEncryption
## Bug fixes
- cta/CTA#1092 - Fix overflow error with drive state latestBandwith causing cta frontend crash
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh
index 6de89b95b1a149837a21ccc0eea2e3771c287f8f..d96a947d6d159e7e460c6111bc5e2a8dfd63b10c 100755
--- a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh
@@ -51,6 +51,7 @@ echo ${DATABASEURL} > /etc/cta/cta-catalogue.conf
echo "taped BufferCount 200" >> /etc/cta/cta-taped.conf
echo "taped MountCriteria 2000000, 100" >> /etc/cta/cta-taped.conf
echo "ObjectStore BackendPath $OBJECTSTOREURL" >> /etc/cta/cta-taped.conf
+ echo "taped UseEncryption no" >> /etc/cta/cta-taped.conf
echo "${tpconfig}" > /etc/cta/TPCONFIG
####
diff --git a/scheduler/DriveConfig.cpp b/scheduler/DriveConfig.cpp
index 279a700b9056f269179b8b408f45d45f1a757aac..cc8f1a17920aa6374410229219209d0222227519 100644
--- a/scheduler/DriveConfig.cpp
+++ b/scheduler/DriveConfig.cpp
@@ -42,6 +42,7 @@ void DriveConfig::setTapedConfiguration(const cta::tape::daemon::TapedConfigurat
setConfigToDB(&config->nbDiskThreads, catalogue, tapeDriveName);
setConfigToDB(&config->useRAO, catalogue, tapeDriveName);
setConfigToDB(&config->raoLtoAlgorithm, catalogue, tapeDriveName);
+ setConfigToDB(&config->useEncryption, catalogue, tapeDriveName);
setConfigToDB(&config->externalEncryptionKeyScript, catalogue, tapeDriveName);
setConfigToDB(&config->raoLtoOptions, catalogue, tapeDriveName);
setConfigToDB(&config->wdScheduleMaxSecs, catalogue, tapeDriveName);
diff --git a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
index 103d391c91a756e057939c91cce59d46bea2d3ca..bd5b46e5b846d5fc097d44622a6cd3283f764fa5 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
@@ -42,7 +42,7 @@ castor::tape::tapeserver::daemon::CleanerSession::CleanerSession(
m_vid(vid),
m_waitMediaInDrive(waitMediaInDrive),
m_tapeLoadTimeout(waitMediaInDriveTimeout),
- m_encryptionControl(externalEncryptionKeyScript),
+ m_encryptionControl(true, externalEncryptionKeyScript),
m_catalogue(catalogue),
m_scheduler(scheduler)
{}
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.cpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.cpp
index d6da76b4afa53fa43f89123ca78bfa4456f6e552..01a3c92c465ae88afcc2a2a09962f5bb98d7a55e 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.cpp
@@ -33,6 +33,7 @@ castor::tape::tapeserver::daemon::DataTransferConfig::DataTransferConfig()
nbDiskThreads(0),
useLbp(false),
useRAO(false),
+ useEncryption(true),
externalEncryptionKeyScript(""),
fetchEosFreeSpaceScript(""){}
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.hpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.hpp
index 7907d1f4a30a942303a5e6cf47275dc832c92159..9f2a16a868026bb17186f05f7db79bfed89b9484 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferConfig.hpp
@@ -122,16 +122,21 @@ struct DataTransferConfig {
*/
std::string raoLtoAlgorithmOptions;
+ /**
+ * The boolean variable describing to use on not to use Encryption
+ */
+ bool useEncryption;
+
/**
* The path to the operator provided encyption control script (or empty string)
*/
- std::string externalEncryptionKeyScript;
-
+ std::string externalEncryptionKeyScript;
+
/**
* The path to the operator provided EOS free space fetch script (or empty string)
*/
std::string fetchEosFreeSpaceScript;
-
+
/**
* The timeout after which the mount of a tape is considered failed
*/
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
index 4d68215d03f35629e0fa100d08649deeb970036a..12fbef8b1d655c86baf46f4d28892c34305f1ff5 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
@@ -248,7 +248,7 @@ castor::tape::tapeserver::daemon::Session::EndOfSessionAction
TapeReadSingleThread trst(*drive, m_mc, tsr, m_volInfo,
m_castorConf.bulkRequestRecallMaxFiles,m_capUtils,rwd,lc,rrp,
- m_castorConf.useLbp, m_castorConf.useRAO, m_castorConf.externalEncryptionKeyScript,*retrieveMount, m_castorConf.tapeLoadTimeout);
+ m_castorConf.useLbp, m_castorConf.useRAO, m_castorConf.useEncryption, m_castorConf.externalEncryptionKeyScript,*retrieveMount, m_castorConf.tapeLoadTimeout);
DiskWriteThreadPool dwtp(m_castorConf.nbDiskThreads,
rrp,
rwd,
@@ -379,6 +379,7 @@ castor::tape::tapeserver::daemon::Session::EndOfSessionAction
m_castorConf.maxFilesBeforeFlush,
m_castorConf.maxBytesBeforeFlush,
m_castorConf.useLbp,
+ m_castorConf.useEncryption,
m_castorConf.externalEncryptionKeyScript,
*archiveMount,
m_castorConf.tapeLoadTimeout);
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
index fd04f5e65483abe0327d67c38faf9cbb05471d2f..175990ae4ee4a665de16b26403c32d308d3cb0f8 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
@@ -585,6 +585,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionGooddayRecall) {
castorConf.bulkRequestRecallMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -793,6 +794,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongRecall) {
castorConf.bulkRequestRecallMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -975,6 +977,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecall) {
castorConf.nbDiskThreads = 1;
castorConf.useRAO = true;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -1161,6 +1164,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallLinearAlgorithm) {
castorConf.useRAO = true;
castorConf.raoLtoAlgorithm = "linear";
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -1347,6 +1351,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallRAOAlgoDoesNotExistS
castorConf.useRAO = true;
castorConf.tapeLoadTimeout = 300;
castorConf.raoLtoAlgorithm = "DOES_NOT_EXIST";
+ castorConf.useEncryption = false;
+
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -1536,6 +1542,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallSLTFRAOAlgorithm) {
castorConf.tapeLoadTimeout = 300;
castorConf.raoLtoAlgorithm = "sltf";
castorConf.raoLtoAlgorithmOptions = "cost_heuristic_name:cta";
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -1713,6 +1720,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionNoSuchDrive) {
castorConf.bufsz = 1024;
castorConf.tapeLoadTimeout = 300;
castorConf.nbBufs = 10;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
castor::messages::TapeserverProxyDummy initialProcess;
@@ -1865,6 +1873,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionFailtoMount) {
castorConf.bulkRequestRecallMaxFiles = 1000;
castorConf.nbDiskThreads = 3;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -2001,6 +2010,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionGooddayMigration) {
castorConf.bulkRequestMigrationMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -2155,6 +2165,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionMissingFilesMigration) {
castorConf.maxBytesBeforeFlush = 9999999;
castorConf.maxFilesBeforeFlush = 9999999;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -2314,6 +2325,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionTapeFullMigration) {
castorConf.bulkRequestMigrationMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -2480,6 +2492,7 @@ TEST_P(DataTransferSessionTest, DataTransferSessionTapeFullOnFlushMigration) {
castorConf.bulkRequestMigrationMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCap capUtils;
@@ -2608,6 +2621,7 @@ TEST_P(DataTransferSessionTest, CleanerSessionFailsShouldPutTheDriveDown) {
castorConf.bulkRequestMigrationMaxFiles = 1000;
castorConf.nbDiskThreads = 1;
castorConf.tapeLoadTimeout = 300;
+ castorConf.useEncryption = false;
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::MediaChangerFacade mc(dummyLog);
cta::server::ProcessCapDummy capUtils;
diff --git a/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.cpp b/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.cpp
index 05d9f19132f6aecac0e9d472243b8d8263a9cfd2..e526233778ef530b40810a1cf3c60c613be2dc0b 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.cpp
@@ -30,7 +30,8 @@ namespace daemon {
//------------------------------------------------------------------------------
// Constructor
//------------------------------------------------------------------------------
-EncryptionControl::EncryptionControl(const std::string& scriptPath):
+EncryptionControl::EncryptionControl(bool useEncryption, const std::string& scriptPath):
+m_useEncryption(useEncryption),
m_path(scriptPath) {
if (m_path.size() && m_path[0] != '/') {
cta::exception::Exception ex("In EncryptionControl::EncryptionControl: the script path is not absolute: ");
@@ -45,6 +46,13 @@ auto EncryptionControl::enable(castor::tape::tapeserver::drive::DriveInterface &
const std::string& vid, SetTag st) -> EncryptionStatus {
EncryptionStatus encStatus;
if (m_path.empty()) {
+ if (m_useEncryption) {
+ //if encryption is enabled, an external script is required
+ cta::exception::Exception ex;
+ ex.getMessage() << "In EncryptionControl::enableEncryption: "
+ "failed to enable encryption: path provided is empty but tapeserver is configured to use encryption";
+ throw ex;
+ }
encStatus = { false, "", "", ""};
return encStatus;
}
diff --git a/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp b/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp
index 82f71cf48ef2dea7c8579ea0fb28f184b020c4c6..5b655ed72d431974ef68f6981d46e4ef9678ea26 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp
@@ -50,7 +50,7 @@ class EncryptionControl {
};
/** @param scriptPath The path to the operator provided script for acquiring the key */
- explicit EncryptionControl(const std::string & scriptPath);
+ explicit EncryptionControl(const bool useEncryption, const std::string & scriptPath);
/**
* Will call the encryption script provided by the operators to acquire the encryption key and then enable the
* encryption if necessary.
@@ -69,7 +69,10 @@ class EncryptionControl {
bool disable(castor::tape::tapeserver::drive::DriveInterface &m_drive);
private:
+ bool m_useEncryption; // Wether encryption must be enabled for the tape
+
std::string m_path; // Path to the key management script file
+
/**
* Parse the JSON output of the key management script and translate information into Encryption Status struct.
* Expected to find keys key_id, encryption_key, message and the respective values as JSON strings.
diff --git a/tapeserver/castor/tape/tapeserver/daemon/LabelSession.cpp b/tapeserver/castor/tape/tapeserver/daemon/LabelSession.cpp
index 4e4c1dbe64ac94b3b95c0a87e1aff5e0cb9284be..bbd783173499fc455055652ba890b8c164f32154 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/LabelSession.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/LabelSession.cpp
@@ -52,7 +52,7 @@ castor::tape::tapeserver::daemon::LabelSession::LabelSession(
m_labelSessionConfig (labelSessionConfig),
m_force(force),
m_lbp(lbp),
- m_encryptionControl(externalEncryptionKeyScript) {}
+ m_encryptionControl(false, externalEncryptionKeyScript) {}
//------------------------------------------------------------------------------
// execute
diff --git a/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp b/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
index 88e63067f73227b7fd53592de6d47556bc6647b7..18ff406f5aa6f1b957b54297400aebaf16ec3717 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
@@ -101,7 +101,7 @@ namespace unitTests
cta::server::ProcessCap& cap,
const uint32_t tapeLoadTimeout,
cta::log::LogContext & lc):
- TapeSingleThreadInterface<TapeReadTask>(drive, mc, tsr, volInfo,cap, lc, "", tapeLoadTimeout){}
+ TapeSingleThreadInterface<TapeReadTask>(drive, mc, tsr, volInfo,cap, lc, false, "", tapeLoadTimeout){}
~FakeSingleTapeReadThread(){
const unsigned int size= m_tasks.size();
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
index 675a8e22cc4d02b5701bcb5781b557148e487ef5..f49e360dd840000e84204f1139c21d439ba68c9d 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
@@ -31,11 +31,12 @@ castor::tape::tapeserver::daemon::TapeReadSingleThread::TapeReadSingleThread(
RecallReportPacker &rrp,
const bool useLbp,
const bool useRAO,
+ const bool useEncryption,
const std::string & externalEncryptionKeyScript,
const cta::RetrieveMount& retrieveMount,
const uint32_t tapeLoadTimeout) :
TapeSingleThreadInterface<TapeReadTask>(drive, mc, initialProcess, volInfo,
- capUtils, lc, externalEncryptionKeyScript,tapeLoadTimeout),
+ capUtils, lc, useEncryption, externalEncryptionKeyScript,tapeLoadTimeout),
m_maxFilesRequest(maxFilesRequest),
m_watchdog(watchdog),
m_rrp(rrp),
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
index dbb56bd4fc0c6cb73d8de16ba588e2592cc50ba1..445378b906a379dd1d6222bc0a83c58608621681 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
@@ -62,6 +62,7 @@ public:
RecallReportPacker &rrp,
const bool useLbp,
const bool useRAO,
+ const bool useEncryption,
const std::string & externalEncryptionKeyScript,
const cta::RetrieveMount &retrieveMount,
const uint32_t tapeLoadTimeout);
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
index 7d31468130edac6fa43dd66b7fe1d691e17ab53c..71be4706cd4b1aad60619dc9b3ec28ed1c77e9fe 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
@@ -289,11 +289,12 @@ public:
cta::mediachanger::MediaChangerFacade &mc,
TapeServerReporter & tsr,
const VolumeInfo& volInfo,
- cta::server::ProcessCap &capUtils,cta::log::LogContext & lc,
+ cta::server::ProcessCap &capUtils,cta::log::LogContext & lc,
+ const bool useEncryption,
const std::string & externalEncryptionKeyScript, const uint32_t tapeLoadTimeout):m_capUtils(capUtils),
m_drive(drive), m_mc(mc), m_initialProcess(tsr), m_vid(volInfo.vid), m_logContext(lc),
m_volInfo(volInfo),m_hardwareStatus(Session::MARK_DRIVE_AS_UP),
- m_encryptionControl(externalEncryptionKeyScript),m_tapeLoadTimeout(tapeLoadTimeout) {}
+ m_encryptionControl(useEncryption, externalEncryptionKeyScript),m_tapeLoadTimeout(tapeLoadTimeout) {}
}; // class TapeSingleThreadInterface
} // namespace daemon
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
index 6cd26f97efb0342fff304f326849a8dac0ef4eda..89f624248740aa11d0b079d9d4d1f02eefd3c9dd 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
@@ -31,11 +31,12 @@ castor::tape::tapeserver::drive::DriveInterface & drive,
MigrationReportPacker & repPacker,
cta::server::ProcessCap &capUtils,
uint64_t filesBeforeFlush, uint64_t bytesBeforeFlush,
- const bool useLbp, const std::string & externalEncryptionKeyScript,
+ const bool useLbp, const bool useEncryption,
+ const std::string & externalEncryptionKeyScript,
const cta::ArchiveMount & archiveMount,
const uint64_t tapeLoadTimeout):
TapeSingleThreadInterface<TapeWriteTask>(drive, mc, tsr, volInfo,
- capUtils, lc, externalEncryptionKeyScript,tapeLoadTimeout),
+ capUtils, lc, useEncryption, externalEncryptionKeyScript,tapeLoadTimeout),
m_filesBeforeFlush(filesBeforeFlush),
m_bytesBeforeFlush(bytesBeforeFlush),
m_drive(drive),
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
index ad1cb963c1aa3bfb3db587807a5ae3aa1a9f5360..17c3c139d567bac909f1d8b9313fab30d2d70209 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
@@ -63,6 +63,7 @@ public:
MigrationReportPacker & repPacker,
cta::server::ProcessCap &capUtils,
uint64_t filesBeforeFlush, uint64_t bytesBeforeFlush, const bool useLbp,
+ const bool useEncryption,
const std::string & externalEncryptionKeyScript,
const cta::ArchiveMount & archiveMount,
const uint64_t tapeLoadTimeout);
diff --git a/tapeserver/daemon/DriveHandler.cpp b/tapeserver/daemon/DriveHandler.cpp
index 1e6274b8616eb631e96cb98180953d68b430afd1..41456ce694b81c81846e88dc5ac83883bfc670e9 100644
--- a/tapeserver/daemon/DriveHandler.cpp
+++ b/tapeserver/daemon/DriveHandler.cpp
@@ -1069,6 +1069,7 @@ int DriveHandler::runChild() {
dataTransferConfig.fetchEosFreeSpaceScript = m_tapedConfig.fetchEosFreeSpaceScript.value();
dataTransferConfig.tapeLoadTimeout = m_tapedConfig.tapeLoadTimeout.value();
dataTransferConfig.xrootPrivateKey = "";
+ dataTransferConfig.useEncryption = m_tapedConfig.useEncryption.value() == "yes" ? true : false;
dataTransferConfig.externalEncryptionKeyScript = m_tapedConfig.externalEncryptionKeyScript.value();
// Before launching, and if this is the first session since daemon start, we will
diff --git a/tapeserver/daemon/TapedConfiguration.cpp b/tapeserver/daemon/TapedConfiguration.cpp
index 83b41062a478df4fa85833b35897ed9574193d8d..1955d3090d89dbd0605636e2561a16065c955568 100644
--- a/tapeserver/daemon/TapedConfiguration.cpp
+++ b/tapeserver/daemon/TapedConfiguration.cpp
@@ -96,6 +96,7 @@ TapedConfiguration TapedConfiguration::createFromCtaConf(
ret.logMask.setFromConfigurationFile(cf, generalConfigPath);
ret.tpConfigPath.setFromConfigurationFile(cf, generalConfigPath);
ret.externalEncryptionKeyScript.setFromConfigurationFile(cf, generalConfigPath);
+ ret.useEncryption.setFromConfigurationFile(cf, generalConfigPath);
// Memory management
ret.bufferSizeBytes.setFromConfigurationFile(cf, generalConfigPath);
ret.bufferCount.setFromConfigurationFile(cf, generalConfigPath);
@@ -139,6 +140,7 @@ TapedConfiguration TapedConfiguration::createFromCtaConf(
ret.logMask.log(log);
ret.tpConfigPath.log(log);
ret.externalEncryptionKeyScript.log(log);
+ ret.useEncryption.log(log);
ret.bufferSizeBytes.log(log);
ret.bufferCount.log(log);
@@ -165,7 +167,7 @@ TapedConfiguration TapedConfiguration::createFromCtaConf(
ret.fetchEosFreeSpaceScript.log(log);
ret.tapeLoadTimeout.log(log);
-
+
for (auto & i:ret.driveConfigs) {
i.second.log(log);
}
diff --git a/tapeserver/daemon/TapedConfiguration.hpp b/tapeserver/daemon/TapedConfiguration.hpp
index 3c95ba98af3f5a6c3e9c39514c37e54fe17566ca..15faaa13031034b76aabd756b0381ffe639555a5 100644
--- a/tapeserver/daemon/TapedConfiguration.hpp
+++ b/tapeserver/daemon/TapedConfiguration.hpp
@@ -163,8 +163,13 @@ struct TapedConfiguration {
};
//----------------------------------------------------------------------------
- // Tape encryption script
+ // Tape encryption support
//----------------------------------------------------------------------------
+
+ cta::SourcedParameter<std::string> useEncryption {
+ "taped", "UseEncryption","yes", "Compile time default"
+ };
+
cta::SourcedParameter<std::string> externalEncryptionKeyScript {
"taped", "externalEncryptionKeyScript","","Compile time default"
};
diff --git a/tapeserver/daemon/cta-taped.conf.example b/tapeserver/daemon/cta-taped.conf.example
index 66d5f1f303b71ef7f8ba1d6f65efdc1fed9d7ce3..e85d6645856f4a9c98a5fdc2133ecf4b4d557fea 100644
--- a/tapeserver/daemon/cta-taped.conf.example
+++ b/tapeserver/daemon/cta-taped.conf.example
@@ -47,3 +47,6 @@
#
# Disable Maintenance process.
# taped DisableMaintenanceProcess yes
+#
+# Enable encryption
+# taped UseEncryption yes
\ No newline at end of file
diff --git a/tapeserver/tapelabel/TapeLabelCmd.cpp b/tapeserver/tapelabel/TapeLabelCmd.cpp
index ac7645cb05cacfc4cfee6a3b09acc75fc187bfdb..83a499d8cf5c7ec40a2e4d9233221bfa00c1a7fe 100644
--- a/tapeserver/tapelabel/TapeLabelCmd.cpp
+++ b/tapeserver/tapelabel/TapeLabelCmd.cpp
@@ -35,7 +35,7 @@ TapeLabelCmd::TapeLabelCmd(std::istream &inStream, std::ostream &outStream,
cta::mediachanger::MediaChangerFacade &mc):
CmdLineTool(inStream, outStream, errStream),
m_log(log),
- m_encryptionControl(""),
+ m_encryptionControl(false, ""),
m_mc(mc),
m_useLbp(true),
m_driveSupportLbp(true),