Bug 1934863 - [4.7.z] rootfs too small when enabling NBDE
Summary: [4.7.z] rootfs too small when enabling NBDE
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RHCOS
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.z
Assignee: Jonathan Lebon
QA Contact: Michael Nguyen
URL:
Whiteboard:
Depends On: 1934174 1935174
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-03 21:48 UTC by Micah Abbott
Modified: 2021-03-31 15:15 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The growpart script didn't consider in-place LUKS rootfs reprovisioning as requiring growing. Consequence: Machines which enabled in-place LUKS encryption ended up with a rootfs too small. Fix: The growpart script (now ignition-ostree-growfs) now does consider in-place LUKS rootfs reprovisioning as requiring growing. Result: Machines which enable in-place LUKS encryption have a rootfs which takes up all the space available.
Clone Of: 1934174
Environment:
Last Closed: 2021-03-25 01:53:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:0821 0 None None None 2021-03-25 01:53:14 UTC

Description Micah Abbott 2021-03-03 21:48:22 UTC 
+++ This bug was initially created as a clone of Bug #1934174 +++

Description of problem:
rootfs is created too small
```
# lsblk
NAME     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda        8:0    0   30G  0 disk  
├─sda1     8:1    0    1M  0 part  
├─sda2     8:2    0  127M  0 part  
├─sda3     8:3    0  384M  0 part  /boot
├─sda4     8:4    0    3G  0 part  
│ └─root 253:0    0    3G  0 crypt /sysroot
└─sda5     8:5    0   65M  0 part
```

when using the documented procedure for NBDE 
https://github.com/openshift/openshift-docs/blob/enterprise-4.7/modules/installation-special-config-encrypt-disk-tang.adoc

without NBDE, rootfs is spaning the full disk size:
```
$ lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0   30G  0 disk 
├─sda1   8:1    0    1M  0 part 
├─sda2   8:2    0  127M  0 part 
├─sda3   8:3    0  384M  0 part /boot
├─sda4   8:4    0 29.4G  0 part /sysroot
└─sda5   8:5    0   65M  0 part 
```

Version-Release number of selected component (if applicable):
4.8-nightly

How reproducible:
everytime

Steps to Reproduce:
1. follow official steps to enable nbde

Actual results:
mcd crash because not enough disk space

Expected results:
installation to succeed 

Additional info:
Comment 2 Micah Abbott 2021-03-12 13:55:22 UTC 
This landed in RHCOS 47.83.202103112143-0
Comment 5 Michael Nguyen 2021-03-15 15:57:57 UTC 
Verified on RHCOS 47.83.202103142039-0

[core@localhost ~]$ sudo clevis luks list -d /dev/disk/by-partlabel/root
1: sss '{"t":1,"pins":{"tang":[{"url":"http://54.188.0.197"}]}}'
[core@localhost ~]$ lsblk
NAME     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
vda      252:0    0   20G  0 disk  
|-vda1   252:1    0    1M  0 part  
|-vda2   252:2    0  127M  0 part  
|-vda3   252:3    0  384M  0 part  /boot
`-vda4   252:4    0 19.5G  0 part  
  `-root 253:0    0 19.5G  0 crypt /sysroot
[core@localhost ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://8285d9a5f1e55ba0f267aea1fa7996aaddbabe6972509c0c963ad0afdd796a85
                   Version: 47.83.202103142039-0 (2021-03-14T20:42:23Z)


without NBDE
[core@localhost ~]$ lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
vda    252:0    0   20G  0 disk 
|-vda1 252:1    0    1M  0 part 
|-vda2 252:2    0  127M  0 part 
|-vda3 252:3    0  384M  0 part /boot
`-vda4 252:4    0 19.5G  0 part /sysroot
Comment 9 Micah Abbott 2021-03-18 18:22:10 UTC 
Per the 4.8 BZ for this issue, we need to revisit the fix in 4.8 and then backport it to 4.7.

https://bugzilla.redhat.com/show_bug.cgi?id=1934174#c4

Moving back to ASSIGNED until that fix lands.
Comment 11 Micah Abbott 2021-03-22 20:59:58 UTC 
This BZ was erroneously attached to an errata before it was properly fixed/delivered as part of RHCOS.  (Bad bots!)

Please see this BZ to track delivery of the fix in RHCOS 4.7 - https://bugzilla.redhat.com/show_bug.cgi?id=1941760
Comment 12 errata-xmlrpc 2021-03-25 01:53:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.3 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0821
Note You need to log in before you can comment on or make changes to this bug.