Bug 1404836

Summary: [RFE] Overcloud ramdisk shall include lvm and crypt modules
Product: Red Hat OpenStack Reporter: Yolanda Robla <yroblamo>
Component: openstack-tripleo-commonAssignee: Yolanda Robla <yroblamo>
Status: CLOSED ERRATA QA Contact: mlammon
Severity: medium Docs Contact:
Priority: medium    
Version: 11.0 (Ocata)CC: brault, dtantsur, fzdarsky, jcoufal, jdonohue, mburns, mlammon, nlevinki, racedo, racedoro, rhel-osp-director-maint, slinaber, tvignaud, yroblamo
Target Milestone: Upstream M2Keywords: FutureFeature, Reopened, Triaged
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-common-7.1.1-0.20170616124957.93d87e0.el7ost. Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-13 20:54:56 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1355903, 1389435, 1442136, 1474678    

Description Yolanda Robla 2016-12-14 19:06:13 UTC 
Latest release of python-tripleoclient allows to use whole disk images for overcloud.
This was done for security reasons, because customers may need to create their whole images with partitions, volumes, encryption, etc...
We started to work in a whole disk image with two partitions (one for boot, one for root). We divided the root filesystem into several volumes (root, var, home, tmp...)
However, when trying to boot the image, we are hitting the problem that root filesystem cannot be mounted.
We are getting an error like:
[ ***  ] A start job is running for dev-mapp....device

A quick look to the ramdisk shows that lvm modules are not included, so the system is unable to mount the root filesystem that is on a volume.

The process to build the ramdisk needs to be updated to include those lvm modules properly.
Comment 1 Yolanda Robla 2016-12-15 18:08:39 UTC 
Same problem happens when trying to use luks encryption. When adding a luks partition to fstab, it complains about "crypt failed: invalid argument".
It needs to have crypt module enabled as well.
Comment 2 Yolanda Robla 2017-01-11 14:02:22 UTC 
 I started some test in diskimage-builder to add these modules to dracut.
Comment 3 Yolanda Robla 2017-01-11 15:25:00 UTC 
Added upstream bug: https://bugs.launchpad.net/tripleo/+bug/1655681
Comment 5 Yolanda Robla 2017-01-28 08:15:57 UTC 
Changes landed for Ocata
Comment 11 Yolanda Robla 2017-06-01 15:26:44 UTC 
To verify, you need to access to the generate image, and look at the latest /boot/initramfs-*.img

Contents of the initramfs image can be accessed with lsinitrd /boot/initramfs-*.img, then you can grep for lvm and crypt:

><fs> sh 'lsinitrd /boot/initramfs-3.10.0-514.21.1.el7.x86_64.img | grep lvm'
Arguments: --force --add 'crypt lvm' -f
lvm
drwxr-xr-x   2 root     root            0 May 29 07:19 etc/lvm
-rw-r--r--   1 root     root           44 May 29 07:19 etc/lvm/lvm.conf
-rw-r--r--   1 root     root          776 Sep 12  2013 etc/udev/rules.d/64-lvm.rules
-rwxr-xr-x   1 root     root          596 May 25 21:07 usr/lib/dracut/hooks/cmdline/30-parse-lvm.sh
-r--r--r--   1 root     root         2454 Apr 19 15:27 usr/lib/udev/rules.d/11-dm-lvm.rules
-r--r--r--   1 root     root         4308 May 29 07:19 usr/lib/udev/rules.d/69-dm-lvm-metad.rules
-r-xr-xr-x   1 root     root        11320 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2mirror.so
-r-xr-xr-x   1 root     root        11312 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2raid.so
-r-xr-xr-x   1 root     root        15576 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2snapshot.so
-r-xr-xr-x   1 root     root        15656 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2thin.so
-r-xr-xr-x   1 root     root        11320 May 29 07:19 usr/lib64/libdevmapper-event-lvm2.so.2.02
lrwxrwxrwx   1 root     root           46 May 29 07:19 usr/lib64/libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so
lrwxrwxrwx   1 root     root           44 May 29 07:19 usr/lib64/libdevmapper-event-lvm2raid.so -> device-mapper/libdevmapper-event-lvm2raid.so
lrwxrwxrwx   1 root     root           48 May 29 07:19 usr/lib64/libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so
lrwxrwxrwx   1 root     root           44 May 29 07:19 usr/lib64/libdevmapper-event-lvm2thin.so -> device-mapper/libdevmapper-event-lvm2thin.so
-r-xr-xr-x   1 root     root      1744504 May 29 07:19 usr/lib64/liblvm2cmd.so.2.02
-r-xr-xr-x   1 root     root      1779848 May 29 07:19 usr/sbin/lvm
-rwxr-xr-x   1 root     root         3664 May 25 21:07 usr/sbin/lvm_scan


sh 'lsinitrd /boot/initramfs-3.10.0-514.el7.x86_64.img | grep crypt'
drwxr-xr-x   2 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto
-rw-r--r--   1 root     root        21545 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto/crc32c-intel.ko
-rw-r--r--   1 root     root        12001 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto/crct10dif-pclmul.ko
drwxr-xr-x   3 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto
-rw-r--r--   1 root     root         6833 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/arc4.ko
drwxr-xr-x   2 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx
-rw-r--r--   1 root     root         9785 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx/async_tx.ko
-rw-r--r--   1 root     root        11417 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx/async_xor.ko
-rw-r--r--   1 root     root         4985 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/crct10dif_common.ko
-rw-r--r--   1 root     root         6217 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/crct10dif_generic.ko
-rw-r--r--   1 root     root        20793 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/xor.ko
-rw-r--r--   1 root     root          366 Sep 13  2016 usr/lib/systemd/system/cryptsetup.target
-rwxr-xr-x   1 root     root        40824 Oct 31  2016 usr/lib64/libcrypt-2.17.so
lrwxrwxrwx   1 root     root           16 Oct 31  2016 usr/lib64/libcrypt.so.1 -> libcrypt-2.17.so
-rwxr-xr-x   1 root     root      2025480 Oct 31  2016 usr/lib64/libcrypto.so.1.0.1e
lrwxrwxrwx   1 root     root           19 Oct 31  2016 usr/lib64/libcrypto.so.10 -> libcrypto.so.1.0.1e
lrwxrwxrwx   1 root     root           19 Oct 31  2016 usr/lib64/libgcrypt.so.11 -> libgcrypt.so.11.8.2
-rwxr-xr-x   1 root     root       534488 Oct 31  2016 usr/lib64/libgcrypt.so.11.8.2
lrwxrwxrwx   1 root     root           18 Oct 31  2016 usr/lib64/libk5crypto.so.3 -> libk5crypto.so.3.1
-rwxr-xr-x   1 root     root       202568 Oct 31  2016 usr/lib64/libk5crypto.so.3.1
Comment 14 mlammon 2017-11-15 14:02:38 UTC 
This can now be marked verified and tested. Whole Disk Image was tested and deployed into the overcloud containing the requirements of lvm & crypt modules


openstack overcloud image build --image-name overcloud-hardened-full --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images.yaml --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-rhel7.yaml --verbose

cd
mv ~/images/overcloud-full.qcow2 ~/images/overcloud-full-old.qcow2
cp ~/images/overcloud-hardened-full.qcow2 overcloud-full.qcow2

The number of LVM_COUNT and CRYPT_COUNT FILES were 20 and 137 respectively.
#######################################
LVM_COUNT is one or more. Total:  20.
#######################################
CRYPT_COUNT is one or more. Total:  137.
#######################################
Comment 15 mlammon 2017-11-15 14:08:37 UTC 
This can now be marked verified and tested. Whole Disk Image was tested and deployed into the overcloud containing the requirements of lvm & crypt modules.

openstack overcloud image build --image-name overcloud-hardened-full --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images.yaml --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-rhel7.yaml --verbose

cd
mv ~/images/overcloud-full.qcow2 ~/images/overcloud-full-old.qcow2
cp ~/images/overcloud-hardened-full.qcow2 overcloud-full.qcow2
Comment 18 errata-xmlrpc 2017-12-13 20:54:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462