Hide Forgot
Description of problem: Systemd prompts for a passphrase for (an already open) device if the crypttab/fstab listing do not match the existing mapping on the system. Version-Release number of selected component (if applicable): systemd-219-42.el7_4.6.x86_64 cryptsetup-1.7.4-3.el7_4.1.x86_64 * Also seen in earlier versions of RHEL/systemd How Reproducible: Always Steps to Reproduce: 1.Have an entry in /etc/crypttab: luks-a65b15b1-0590-4c6a-9360-ee50848f9e51 UUID=a65b15b1-0590-4c6a-9360-ee50848f9e51 /root/passfile.txt 2. Have an entry in /etc/fstab: /dev/mapper/luks-a65b15b1-0590-4c6a-9360-ee50848f9e51 /luks-mnt2 ext4 defaults 0 0 3. Manually decrypt this device with a different mapping: # cryptsetup luksClose /dev/mapper/luks-a65b15b1-0590-4c6a-9360-ee50848f9e51 # cryptsetup luksOpen /dev/sdb luks-sdb -d /root/passfile.txt Actual results: [root@localhost ~]# cryptsetup luksOpen /dev/sdb luks-sdb -d /root/passfile.txt [root@localhost ~]# Broadcast message from root@localhost.localdomain (Fri 2018-04-06 12:39:42 EDT): Password entry required for 'Please enter passphrase for disk QEMU_HARDDISK (luks-a65b15b1-0590-4c6a-9360-ee50848f9e51) on /luks-mnt2!' (PID 1585). Please enter password with the systemd-tty-ask-password-agent tool! # tail -n20 /var/log/messages Apr 6 12:39:16 localhost systemd: Stopping Encrypted Volumes. Apr 6 12:39:16 localhost systemd: Stopping Cryptography Setup for luks-a65b15b1-0590-4c6a-9360-ee50848f9e51... Apr 6 12:39:16 localhost systemd-cryptsetup: crypt_init() failed: No such device Apr 6 12:39:16 localhost systemd: systemd-cryptsetup@luks\x2da65b15b1\x2d0590\x2d4c6a\x2d9360\x2dee50848f9e51.service: control process exited, code=exited status=1 Apr 6 12:39:16 localhost systemd: Stopped Cryptography Setup for luks-a65b15b1-0590-4c6a-9360-ee50848f9e51. Apr 6 12:39:16 localhost systemd: Unit systemd-cryptsetup@luks\x2da65b15b1\x2d0590\x2d4c6a\x2d9360\x2dee50848f9e51.service entered failed state. Apr 6 12:39:16 localhost systemd: systemd-cryptsetup@luks\x2da65b15b1\x2d0590\x2d4c6a\x2d9360\x2dee50848f9e51.service failed. Apr 6 12:39:40 localhost systemd: Mounting /luks-mnt2... Apr 6 12:39:40 localhost systemd: Starting Cryptography Setup for luks-a65b15b1-0590-4c6a-9360-ee50848f9e51... Apr 6 12:39:41 localhost mount: mount: special device /dev/mapper/luks-a65b15b1-0590-4c6a-9360-ee50848f9e51 does not exist Apr 6 12:39:41 localhost systemd: luks\x2dmnt2.mount mount process exited, code=exited status=32 Apr 6 12:39:41 localhost systemd: Failed to mount /luks-mnt2. Apr 6 12:39:41 localhost systemd: Unit luks\x2dmnt2.mount entered failed state. Apr 6 12:39:41 localhost systemd-cryptsetup: Key file /root/passfile.txt is world-readable. This is not a good idea! Apr 6 12:39:41 localhost systemd-cryptsetup: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/disk/by-uuid/a65b15b1-0590-4c6a-9360-ee50848f9e51. Apr 6 12:39:42 localhost systemd-cryptsetup: Failed to activate with key file '/root/passfile.txt': Device or resource busy Apr 6 12:39:42 localhost systemd: Starting Forward Password Requests to Wall... Apr 6 12:39:42 localhost systemd: Stopped Forward Password Requests to Plymouth Directory Watch. Apr 6 12:39:42 localhost systemd: Stopping Forward Password Requests to Plymouth Directory Watch. Apr 6 12:39:42 localhost systemd: Started Forward Password Requests to Wall. Apr 6 12:40:01 localhost chronyd[1051]: Source 38.229.71.1 replaced with 64.6.144.6 Expected results: No prompt for password Additional info: We also see prompts when we reload/restart certain services. [root@localhost ~]# systemctl restart network Please enter passphrase for disk QEMU_HARDDISK (luks-a65b15b1-0590-4c6a-9360-ee50848f9e51) on /luks-mnt2! If we have the mapping the same, there is no issue when restarting any services This may also belong to cryptsetup.
I can reproduce the scenario on 7.3 and 7.4, but not on 7.5.
Not reproducible anymore. Customer case closed.