Bug 1436304

Summary: RHEL 7 kickstart text mode installation halts when just --encrypted is mentioned
Product: Red Hat Enterprise Linux 7 Reporter: Abhijeet Sadawarte <asadawar>
Component: anacondaAssignee: Vendula Poncova <vponcova>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact: Sharon Moroney <smoroney>
Priority: medium    
Version: 7.3CC: apstallard92, asadawar, cww, dan, dominik, dverbeeck, jcastran, jkonecny, jstodola, pasik, phil.seeley, sbueno, smoroney, vponcova, vslavik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: anaconda-21.48.22.139-1 Doc Type: Bug Fix
Doc Text:
Text mode will now prompt for a passphrase if a Kickstart file does not provide one while enabling encryption Prior to this update, if you used the text mode interface with a Kickstart file that enabled disk encryption but did not provide a passphrase, the installation failed with an error. This update prompts the user to provide a passphrase during installation if the partitioning specified in the provided Kickstart file requires one.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 07:52:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1477664, 1557360    
Attachments:
Description Flags
Anaconda Log
none
Anaconda Interface Config Log
none
Anaconda Yum Log
none
Anaconda Program Log
none
Anaconda Storage Log none

Description Abhijeet Sadawarte 2017-03-27 15:44:59 UTC 
Description of problem:

When RHEL7 is kickstarted in text mode using the following partitioning, it fails with unfinished Disk configuration (Error checking storage configuration) error and would not prompt for luks password as RHEL 6 text mode or RHEL 7 graphical installation.

~~~
clearpart --all --initlabel
part /home --fstype=ext4 --size=500  --encrypted	
part /boot --fstype=ext4 --size=200
part swap --size=1000
part / --fstype=ext4 --grow --size=200
~~~

In RHEL 6 text mode, this was prompting the user to provide the password and even RHEL7 documentation mentions as follows.

 --encrypted — Specifies that this logical volume should be encrypted, using the passphrase provided in the --passphrase= option. If you do not specify a passphrase, the installation program will use the default, system-wide passphrase set with the autopart --passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.

Version-Release number of selected component (if applicable):
RHEL7.x 

How reproducible:
Always

Steps to Reproduce:
1. Use the partitioning mentioned above and start the installation in text mode.
2. See the error


Actual results:
anaconda installer fails with "Error checking storage configuration" error and doesn't prompt for luck passphrase 

Expected results:
It should have asked for password for passphrase like RHEL6 and as per documentation.

Additional info:
Similar bug (Bug 1185466) was filed for RHEL 7 graphical installation and resolved with an error but customer is expecting same behaviour in RHEL 7 text mode installation as well.
Comment 2 Samantha N. Bueno 2017-08-03 07:48:13 UTC 
Please attach logs to this bug as individual, text/plain attachments. They can be found in /tmp.
Comment 3 Dan Snider 2017-09-05 12:12:43 UTC 
Created attachment 1322176 [details]
Anaconda Log
Comment 4 Dan Snider 2017-09-05 12:13:38 UTC 
Created attachment 1322177 [details]
Anaconda Interface Config Log
Comment 5 Dan Snider 2017-09-05 12:14:37 UTC 
Created attachment 1322178 [details]
Anaconda Yum Log
Comment 6 Dan Snider 2017-09-05 12:15:19 UTC 
Created attachment 1322180 [details]
Anaconda Program Log
Comment 7 Dan Snider 2017-09-05 12:16:17 UTC 
Created attachment 1322181 [details]
Anaconda Storage Log
Comment 8 Dan Snider 2017-09-05 12:30:33 UTC 
(In reply to Samantha N. Bueno from comment #2)
> Please attach logs to this bug as individual, text/plain attachments. They
> can be found in /tmp.

I have attached logs of a kickstarted text installation of RHEL 7.4 on a virtual machine using the following kickstart partitioning scheme:

-
# System bootloader configuration.
bootloader --location=mbr --boot-drive=vda
clearpart --all --initlabel --drives=vda
zerombr

# Disk partitioning information.
part /home --fstype=ext4 --size=2048 --encrypted	
part /boot --fstype=ext4 --size=512
part swap --size=1000
part / --fstype=ext4 --grow --size=200
-

The error I get in Anaconda is:
"LUKS device vda2 has no encryption key"

If I provide a blank --passphrase flag Anaconda dies with the error:
"The following problem occurred on line 40 of the kickstart file:

--passphrase option requires an argument"
Comment 9 Adam Stallard 2017-10-27 22:06:18 UTC 
I am experiencing this issue as well. I am using a plaintext passphrase right now, but this is very undesirable as the config is stored on our PXE install server and then shows up in original-ks.cfg in /root. 

Are there plans to implement an encrypted passphrase such as it is done with the root password? I noticed some discussion here years back but haven't found info on the current state of that as of today with centOS 7.
Comment 12 Vendula Poncova 2018-05-03 17:12:44 UTC 
Fixed in a pull request: https://github.com/rhinstaller/anaconda/pull/1468
Comment 14 Jan Stodola 2018-07-19 10:40:34 UTC 
Verified with anaconda-21.48.22.143-2.el7.
Anaconda running in text mode asks for the encryption password. Tested the autopart, part and pv kickstart commands.
Also retested cmdline and graphical installations for possible regressions - no change comparing to RHEL-7.5 GA was found.

Moving to VERIFIED.
Comment 21 errata-xmlrpc 2018-10-30 07:52:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3035