1404836 – [RFE] Overcloud ramdisk shall include lvm and crypt modules

Bug 1404836 - [RFE] Overcloud ramdisk shall include lvm and crypt modules

Summary: [RFE] Overcloud ramdisk shall include lvm and crypt modules

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-common
Sub Component:
Version:	11.0 (Ocata)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Upstream M2
Target Release:	12.0 (Pike)
Assignee:	Yolanda Robla
QA Contact:	mlammon
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1355903 1389435 1442136 1474678
TreeView+	depends on / blocked

Reported:	2016-12-14 19:06 UTC by Yolanda Robla
Modified:	2018-02-05 19:02 UTC (History)
CC List:	14 users (show)
Fixed In Version:	openstack-tripleo-common-7.1.1-0.20170616124957.93d87e0.el7ost.
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-13 20:54:56 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1655681	None	None	None	2017-02-02 15:22:01 UTC
OpenStack gerrit	420698	None	MERGED	Add element to regenerate dracut	2020-12-01 10:27:14 UTC
Red Hat Product Errata	RHEA-2017:3462	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 12.0 Enhancement Advisory	2018-02-16 01:43:25 UTC

Description Yolanda Robla 2016-12-14 19:06:13 UTC

Latest release of python-tripleoclient allows to use whole disk images for overcloud.
This was done for security reasons, because customers may need to create their whole images with partitions, volumes, encryption, etc...
We started to work in a whole disk image with two partitions (one for boot, one for root). We divided the root filesystem into several volumes (root, var, home, tmp...)
However, when trying to boot the image, we are hitting the problem that root filesystem cannot be mounted.
We are getting an error like:
[ ***  ] A start job is running for dev-mapp....device

A quick look to the ramdisk shows that lvm modules are not included, so the system is unable to mount the root filesystem that is on a volume.

The process to build the ramdisk needs to be updated to include those lvm modules properly.

Comment 1 Yolanda Robla 2016-12-15 18:08:39 UTC

Same problem happens when trying to use luks encryption. When adding a luks partition to fstab, it complains about "crypt failed: invalid argument".
It needs to have crypt module enabled as well.

Comment 2 Yolanda Robla 2017-01-11 14:02:22 UTC

 I started some test in diskimage-builder to add these modules to dracut.

Comment 3 Yolanda Robla 2017-01-11 15:25:00 UTC

Added upstream bug: https://bugs.launchpad.net/tripleo/+bug/1655681

Comment 5 Yolanda Robla 2017-01-28 08:15:57 UTC

Changes landed for Ocata

Comment 11 Yolanda Robla 2017-06-01 15:26:44 UTC

To verify, you need to access to the generate image, and look at the latest /boot/initramfs-*.img

Contents of the initramfs image can be accessed with lsinitrd /boot/initramfs-*.img, then you can grep for lvm and crypt:

><fs> sh 'lsinitrd /boot/initramfs-3.10.0-514.21.1.el7.x86_64.img | grep lvm'
Arguments: --force --add 'crypt lvm' -f
lvm
drwxr-xr-x   2 root     root            0 May 29 07:19 etc/lvm
-rw-r--r--   1 root     root           44 May 29 07:19 etc/lvm/lvm.conf
-rw-r--r--   1 root     root          776 Sep 12  2013 etc/udev/rules.d/64-lvm.rules
-rwxr-xr-x   1 root     root          596 May 25 21:07 usr/lib/dracut/hooks/cmdline/30-parse-lvm.sh
-r--r--r--   1 root     root         2454 Apr 19 15:27 usr/lib/udev/rules.d/11-dm-lvm.rules
-r--r--r--   1 root     root         4308 May 29 07:19 usr/lib/udev/rules.d/69-dm-lvm-metad.rules
-r-xr-xr-x   1 root     root        11320 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2mirror.so
-r-xr-xr-x   1 root     root        11312 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2raid.so
-r-xr-xr-x   1 root     root        15576 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2snapshot.so
-r-xr-xr-x   1 root     root        15656 May 29 07:19 usr/lib64/device-mapper/libdevmapper-event-lvm2thin.so
-r-xr-xr-x   1 root     root        11320 May 29 07:19 usr/lib64/libdevmapper-event-lvm2.so.2.02
lrwxrwxrwx   1 root     root           46 May 29 07:19 usr/lib64/libdevmapper-event-lvm2mirror.so -> device-mapper/libdevmapper-event-lvm2mirror.so
lrwxrwxrwx   1 root     root           44 May 29 07:19 usr/lib64/libdevmapper-event-lvm2raid.so -> device-mapper/libdevmapper-event-lvm2raid.so
lrwxrwxrwx   1 root     root           48 May 29 07:19 usr/lib64/libdevmapper-event-lvm2snapshot.so -> device-mapper/libdevmapper-event-lvm2snapshot.so
lrwxrwxrwx   1 root     root           44 May 29 07:19 usr/lib64/libdevmapper-event-lvm2thin.so -> device-mapper/libdevmapper-event-lvm2thin.so
-r-xr-xr-x   1 root     root      1744504 May 29 07:19 usr/lib64/liblvm2cmd.so.2.02
-r-xr-xr-x   1 root     root      1779848 May 29 07:19 usr/sbin/lvm
-rwxr-xr-x   1 root     root         3664 May 25 21:07 usr/sbin/lvm_scan


sh 'lsinitrd /boot/initramfs-3.10.0-514.el7.x86_64.img | grep crypt'
drwxr-xr-x   2 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto
-rw-r--r--   1 root     root        21545 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto/crc32c-intel.ko
-rw-r--r--   1 root     root        12001 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/arch/x86/crypto/crct10dif-pclmul.ko
drwxr-xr-x   3 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto
-rw-r--r--   1 root     root         6833 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/arc4.ko
drwxr-xr-x   2 root     root            0 Oct 31  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx
-rw-r--r--   1 root     root         9785 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx/async_tx.ko
-rw-r--r--   1 root     root        11417 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/async_tx/async_xor.ko
-rw-r--r--   1 root     root         4985 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/crct10dif_common.ko
-rw-r--r--   1 root     root         6217 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/crct10dif_generic.ko
-rw-r--r--   1 root     root        20793 Oct 19  2016 usr/lib/modules/3.10.0-514.el7.x86_64/kernel/crypto/xor.ko
-rw-r--r--   1 root     root          366 Sep 13  2016 usr/lib/systemd/system/cryptsetup.target
-rwxr-xr-x   1 root     root        40824 Oct 31  2016 usr/lib64/libcrypt-2.17.so
lrwxrwxrwx   1 root     root           16 Oct 31  2016 usr/lib64/libcrypt.so.1 -> libcrypt-2.17.so
-rwxr-xr-x   1 root     root      2025480 Oct 31  2016 usr/lib64/libcrypto.so.1.0.1e
lrwxrwxrwx   1 root     root           19 Oct 31  2016 usr/lib64/libcrypto.so.10 -> libcrypto.so.1.0.1e
lrwxrwxrwx   1 root     root           19 Oct 31  2016 usr/lib64/libgcrypt.so.11 -> libgcrypt.so.11.8.2
-rwxr-xr-x   1 root     root       534488 Oct 31  2016 usr/lib64/libgcrypt.so.11.8.2
lrwxrwxrwx   1 root     root           18 Oct 31  2016 usr/lib64/libk5crypto.so.3 -> libk5crypto.so.3.1
-rwxr-xr-x   1 root     root       202568 Oct 31  2016 usr/lib64/libk5crypto.so.3.1

Comment 14 mlammon 2017-11-15 14:02:38 UTC

This can now be marked verified and tested. Whole Disk Image was tested and deployed into the overcloud containing the requirements of lvm & crypt modules


openstack overcloud image build --image-name overcloud-hardened-full --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images.yaml --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-rhel7.yaml --verbose

cd
mv ~/images/overcloud-full.qcow2 ~/images/overcloud-full-old.qcow2
cp ~/images/overcloud-hardened-full.qcow2 overcloud-full.qcow2

The number of LVM_COUNT and CRYPT_COUNT FILES were 20 and 137 respectively.
#######################################
LVM_COUNT is one or more. Total:  20.
#######################################
CRYPT_COUNT is one or more. Total:  137.
#######################################

Comment 15 mlammon 2017-11-15 14:08:37 UTC

This can now be marked verified and tested. Whole Disk Image was tested and deployed into the overcloud containing the requirements of lvm & crypt modules.

openstack overcloud image build --image-name overcloud-hardened-full --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images.yaml --config-file /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-rhel7.yaml --verbose

cd
mv ~/images/overcloud-full.qcow2 ~/images/overcloud-full-old.qcow2
cp ~/images/overcloud-hardened-full.qcow2 overcloud-full.qcow2

Comment 18 errata-xmlrpc 2017-12-13 20:54:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462

Note You need to log in before you can comment on or make changes to this bug.