Bug 461702
Summary: | LUKS device identifiers should use UUID, not device nodes | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | David Lehman <dlehman> |
Component: | anaconda | Assignee: | David Lehman <dlehman> |
Status: | CLOSED ERRATA | QA Contact: | Alexander Todorov <atodorov> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.3 | CC: | atodorov, borgan |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-20 21:36:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Lehman
2008-09-10 00:02:31 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Fixed in anaconda-11.1.2.126-1. (In reply to comment #0) > The proposal has three parts. First, dm-crypt mapping names created by anaconda > will no longer take the form > > "luks-<device>" (eg: luks-sda3) > > Instead they will be of the form > > "luks-<luksuuid>" (eg: luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8) > This works, see: # mount | grep luks /dev/mapper/luks-742aea3a-205d-41c5-ace6-0c10cc127596 on /data type ext3 (rw) > Second, crypttab entries will no longer refer to to devices by device node. > Instead, devices will be identified using the LUKS UUID. > Also works, see: # cat /etc/crypttab luks-742aea3a-205d-41c5-ace6-0c10cc127596 UUID=742aea3a-205d-41c5-ace6-0c10cc127596 none > The third part serves to facilitate testing and validation. Entries for > encrypted block devices in /etc/fstab will no longer refer to devices using the > filesystem UUID -- instead, they will be referred to using the mapped device > name. This name is constant and unique (like the UUID alone) since the name is > based on the LUKS UUID, and not a device node subject to change across reboots, > hardware reconfiguration, &c. > Doesn't really work (/data is encrypted): # cat /etc/fstab LABEL=/ / ext3 defaults 1 1 LABEL=/data /data ext3 defaults 1 2 /dev/sda1 /boot/efi vfat defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 LABEL=SWAP-sda2 swap swap defaults 0 0 I would expect instead of LABEL=/data to see /dev/mapper/luks-742aea3a-205d-41c5-ace6-0c10cc127596 in the first column. FAILS_QA seems appropriate to me. Fix for final item (don't use label in fstab for LUKS devs) is in anaconda-11.1.2.135-1. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0164.html |