Bug 1959908

Summary: [NBDE] RHVH 4.4.6 host fails to startup, without prompting for passphrase
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: SATHEESARAN <sasundar>
Component: rhhiAssignee: Gobinda Das <godas>
Status: CLOSED CURRENTRELEASE QA Contact: SATHEESARAN <sasundar>
Severity: high Docs Contact:
Priority: high    
Version: rhhiv-1.8CC: mburman, rhs-bugs
Target Milestone: ---Keywords: ZStream
Target Release: RHHI-V 1.8.z Batch Update 5   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1959945 (view as bug list) Environment:
Last Closed: 2021-06-16 07:46:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1959945    
Bug Blocks:    

Description SATHEESARAN 2021-05-12 15:29:28 UTC 
Description of problem:
-----------------------
After binding to tang server, the RHVH 4.4.6 fails to start automatically without prompting for passphrase

Version-Release number of selected component (if applicable):
-------------------------------------------------------------
RHVH 4.4.6
clevis-dracut-15-1.el8.x86_64
clevis-15-1.el8.x86_64
clevis-luks-15-1.el8.x86_64
clevis-systemd-15-1.el8.x86_64

How reproducible:
-----------------
Always

Steps to Reproduce:
--------------------
1. Bind to tang server
2. Reboot the RHVH node

Actual results:
----------------
RHVH fails to start automatically without passphrase

Expected results:
------------------
RHVH should start automatically without prompting for passphrase

Additional info:
Comment 1 SATHEESARAN 2021-05-12 15:45:09 UTC 
While rebuilding initramfs on RHVH 4.4.6, clevis and clevis-pin-tang dracut modules are missing

[root@ ~]# dracut -vf --regenerate-all --hostonly-cmdline
dracut: Executing: /usr/bin/dracut --kver=4.18.0-304.el8.x86_64 -vf --hostonly-cmdline
dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found!
dracut: dracut module 'ifcfg' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'clevis' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'clevis' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'clevis-pin-sss' depends on 'clevis', which can't be installed
dracut: dracut module 'clevis-pin-tang' depends on 'clevis', which can't be installed
..........


[root@ ~]# lsinitrd | grep -i clevis
[root@ ~]#

The same was working well with RHVH 4.4.4-async
Comment 2 SATHEESARAN 2021-05-12 17:12:27 UTC 
I have found out the root cause of this issue.
vdsm has dropped the dracut configuration file that omits 'clevis' dracut module
This is the reason initramfs lacked clevis and clevis-pin-tang dracut modules, which prevented
the RHVH host from starting up automatically without prompting for passphrase.

[root@ ~]# rpm -qf /usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf 
vdsm-4.40.50.10-1.el8ev.x86_64

[root@ ~]# cat /usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf
omit_dracutmodules+=" ifcfg clevis "

So this makes the clevis dracut module not to be included.

Now we need to understand, why clevis dracut module was omitted.
And vdsm should not omit 'clevis' along with 'ifcfg'
Comment 3 SATHEESARAN 2021-05-18 05:59:41 UTC 
The dependent RHV bug is in MODIFIED state and now targeted for RHV 4.4.6 async.
Comment 5 SATHEESARAN 2021-06-02 11:45:01 UTC 
Verified with the latest RHVH 4.4.6 ISO - RHVH-4.4-20210527.0-RHVH-x86_64-dvd1.iso and
redhat-virtualization-host-image-update-4.4.6-20210527.3.el8_4.x86_64.rpm.

1. RHHI-V deployment with NBDE ansible playbook worked as expected.
2. Post NBDE deployment, the RHVH 4.4.6 host could start up automatically without prompting for passphrase
3. Upgraded RHVH 4.4.5 to 4.4.6, and everything worked as expected