Bug 1934863

Summary: [4.7.z] rootfs too small when enabling NBDE
Product: OpenShift Container Platform Reporter: Micah Abbott <miabbott>
Component: RHCOSAssignee: Jonathan Lebon <jlebon>
Status: CLOSED ERRATA QA Contact: Michael Nguyen <mnguyen>
Severity: high Docs Contact:
Priority: high    
Version: 4.7CC: bbreard, bsmitley, imcleod, jlebon, jligon, keyoung, miabbott, mnguyen, nstielau, omichael, slowrie, wking, ykashtan
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The growpart script didn't consider in-place LUKS rootfs reprovisioning as requiring growing. Consequence: Machines which enabled in-place LUKS encryption ended up with a rootfs too small. Fix: The growpart script (now ignition-ostree-growfs) now does consider in-place LUKS rootfs reprovisioning as requiring growing. Result: Machines which enable in-place LUKS encryption have a rootfs which takes up all the space available.
 Story Points: ---
Clone Of: 1934174 Environment:
Last Closed: 2021-03-25 01:53:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1934174, 1935174    
Bug Blocks:    

Description Micah Abbott 2021-03-03 21:48:22 UTC 
+++ This bug was initially created as a clone of Bug #1934174 +++

Description of problem:
rootfs is created too small
```
# lsblk
NAME     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda        8:0    0   30G  0 disk  
├─sda1     8:1    0    1M  0 part  
├─sda2     8:2    0  127M  0 part  
├─sda3     8:3    0  384M  0 part  /boot
├─sda4     8:4    0    3G  0 part  
│ └─root 253:0    0    3G  0 crypt /sysroot
└─sda5     8:5    0   65M  0 part
```

when using the documented procedure for NBDE 
https://github.com/openshift/openshift-docs/blob/enterprise-4.7/modules/installation-special-config-encrypt-disk-tang.adoc

without NBDE, rootfs is spaning the full disk size:
```
$ lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0   30G  0 disk 
├─sda1   8:1    0    1M  0 part 
├─sda2   8:2    0  127M  0 part 
├─sda3   8:3    0  384M  0 part /boot
├─sda4   8:4    0 29.4G  0 part /sysroot
└─sda5   8:5    0   65M  0 part 
```

Version-Release number of selected component (if applicable):
4.8-nightly

How reproducible:
everytime

Steps to Reproduce:
1. follow official steps to enable nbde

Actual results:
mcd crash because not enough disk space

Expected results:
installation to succeed 

Additional info:
Comment 2 Micah Abbott 2021-03-12 13:55:22 UTC 
This landed in RHCOS 47.83.202103112143-0
Comment 5 Michael Nguyen 2021-03-15 15:57:57 UTC 
Verified on RHCOS 47.83.202103142039-0

[core@localhost ~]$ sudo clevis luks list -d /dev/disk/by-partlabel/root
1: sss '{"t":1,"pins":{"tang":[{"url":"http://54.188.0.197"}]}}'
[core@localhost ~]$ lsblk
NAME     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
vda      252:0    0   20G  0 disk  
|-vda1   252:1    0    1M  0 part  
|-vda2   252:2    0  127M  0 part  
|-vda3   252:3    0  384M  0 part  /boot
`-vda4   252:4    0 19.5G  0 part  
  `-root 253:0    0 19.5G  0 crypt /sysroot
[core@localhost ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://8285d9a5f1e55ba0f267aea1fa7996aaddbabe6972509c0c963ad0afdd796a85
                   Version: 47.83.202103142039-0 (2021-03-14T20:42:23Z)


without NBDE
[core@localhost ~]$ lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
vda    252:0    0   20G  0 disk 
|-vda1 252:1    0    1M  0 part 
|-vda2 252:2    0  127M  0 part 
|-vda3 252:3    0  384M  0 part /boot
`-vda4 252:4    0 19.5G  0 part /sysroot
Comment 9 Micah Abbott 2021-03-18 18:22:10 UTC 
Per the 4.8 BZ for this issue, we need to revisit the fix in 4.8 and then backport it to 4.7.

https://bugzilla.redhat.com/show_bug.cgi?id=1934174#c4

Moving back to ASSIGNED until that fix lands.
Comment 11 Micah Abbott 2021-03-22 20:59:58 UTC 
This BZ was erroneously attached to an errata before it was properly fixed/delivered as part of RHCOS.  (Bad bots!)

Please see this BZ to track delivery of the fix in RHCOS 4.7 - https://bugzilla.redhat.com/show_bug.cgi?id=1941760
Comment 12 errata-xmlrpc 2021-03-25 01:53:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.3 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0821