Back to bug 1384014
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ondrej Kozina | 2016-10-12 11:37:41 UTC | CC | systemd-maint-list | |
| Component | cryptsetup | systemd | ||
| Assignee | lvm-team | systemd-maint | ||
| QA Contact | release-test-team | qe-baseos-daemons | ||
| RHEL Program Management | 2016-10-12 12:10:22 UTC | Keywords | FutureFeature | |
| Ondrej Benes | 2016-11-07 08:54:11 UTC | CC | systemd-maint | |
| Flags | needinfo?(systemd-maint) | |||
| Lukáš Nykrýn | 2016-11-07 09:05:52 UTC | Flags | needinfo?(systemd-maint) | |
| Filip Krska | 2016-11-29 11:55:13 UTC | Blocks | 1298243 | |
| Branislav Blaškovič | 2016-12-02 16:24:16 UTC | CC | bblaskov | |
| Chris Williams | 2017-03-08 18:24:25 UTC | Blocks | 1420851 | |
| Lukáš Nykrýn | 2017-07-14 15:34:00 UTC | Blocks | 1466365 | |
| Mark Thacker | 2017-08-08 13:17:20 UTC | CC | mthacker | |
| Lukáš Nykrýn | 2017-09-13 12:27:14 UTC | Assignee | systemd-maint | lnykryn |
| Lukáš Nykrýn | 2017-09-25 10:33:38 UTC | Status | NEW | POST |
| Jiri Jaburek | 2017-09-25 16:38:11 UTC | See Also | https://bugzilla.redhat.com/show_bug.cgi?id=1477757 | |
| Lukáš Nykrýn | 2017-09-27 13:11:32 UTC | Status | POST | MODIFIED |
| Fixed In Version | systemd-219-45.el7 | |||
| errata-xmlrpc | 2017-09-27 13:34:17 UTC | Status | MODIFIED | ON_QA |
| Frantisek Sumsal | 2017-10-12 13:51:19 UTC | CC | fsumsal | |
| QA Contact | qe-baseos-daemons | fsumsal | ||
| Frantisek Sumsal | 2017-10-12 13:54:39 UTC | Status | ON_QA | VERIFIED |
| Lenka Špačková | 2017-12-04 16:35:31 UTC | Docs Contact | msuchane | |
| Marek Suchánek | 2017-12-06 17:57:56 UTC | CC | lnykryn | |
| Flags | needinfo?(lnykryn) | |||
| Michal Sekletar | 2017-12-07 09:12:46 UTC | CC | msekleta | |
| Doc Text | Feature: Ability to unlock network based encrypted storage devices. Reason: Previously it wasn't possible to unlock e.g. iSCSI based block device during system boot, because encryption of block devices was ordered before start of the network. However in order to connect the device we need to have networking available. Additional unit remote-cryptsetup.target was added to systemd package and necessary patches were applied to lift previous limitation. Result: It is now possible to unlock an encrypted block device that is connected via network (e.g. iSCSI) during system boot and mount file-systems residing on such block device. In order to ensure correct ordering between services during system boot the device must be marked with _netdev option in /etc/crypttab. This feature can be used standalone, but most users are likely to come in contact with the feature while using network-bound disk encryption that is now available in Red Hat Enterprise Linux 7.5. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_network-bound_disk_encryption | |||
| Doc Type | If docs needed, set a value | Enhancement | ||
| Marek Suchánek | 2017-12-22 20:55:26 UTC | Doc Text | Feature: Ability to unlock network based encrypted storage devices. Reason: Previously it wasn't possible to unlock e.g. iSCSI based block device during system boot, because encryption of block devices was ordered before start of the network. However in order to connect the device we need to have networking available. Additional unit remote-cryptsetup.target was added to systemd package and necessary patches were applied to lift previous limitation. Result: It is now possible to unlock an encrypted block device that is connected via network (e.g. iSCSI) during system boot and mount file-systems residing on such block device. In order to ensure correct ordering between services during system boot the device must be marked with _netdev option in /etc/crypttab. This feature can be used standalone, but most users are likely to come in contact with the feature while using network-bound disk encryption that is now available in Red Hat Enterprise Linux 7.5. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_network-bound_disk_encryption | The boot process can now unlock encrypted devices connected by network Previously, the boot process attempted to unlock block devices connected by network before starting network services. Because the network was not activated, it was not possible to connect and decrypt these devices. With this update, the `remote-cryptsetup.target` unit and other patches have been added to `systemd` packages. As a result, it is now possible to unlock encrypted block devices that are connected by network during system boot and to mount file systems on such block devices. To ensure correct ordering between services during system boot, you must mark the network device with the `_netdev` option in the `/etc/crypttab` configuration file. A common use case for this feature is together with network-bound disk encryption. For more information on network-bound disk encryption, see the following chapter in the Red Hat Enterprise Linux Security Guide: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_network-bound_disk_encryption |
| Flags | needinfo?(lnykryn) | needinfo?(msekleta) | ||
| Michal Sekletar | 2017-12-28 18:08:46 UTC | Flags | needinfo?(msekleta) | |
| PnT Account Manager | 2018-02-14 23:08:41 UTC | CC | bblaskov | |
| errata-xmlrpc | 2018-04-10 04:00:26 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2018-04-10 11:16:36 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2018-04-10 07:16:36 UTC | |||
| errata-xmlrpc | 2018-04-10 11:18:54 UTC | Link ID | Red Hat Product Errata RHBA-2018:0711 |
Back to bug 1384014