Bug 498231 - Entries in /etc/crypttab are not mounted on boot
Entries in /etc/crypttab are not mounted on boot
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-04-29 10:38 EDT by Mark Watts
Modified: 2014-03-16 23:18 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-30 15:27:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark Watts 2009-04-29 10:38:19 EDT
I have two hard disks.

/dev/sda1  /boot
/dev/sda2  LUKS Encrypted partition containing an LVM volume containing / and swap
/dev/sdb1  LUKS Encrypted partition contianing an LVM volume containing /home

Originally, both /dev/sda and /dev/sdb were partitioned and setup for encryption during installation.
After install, I replaced /dev/sdb with another drive, and set it up as before.
Obviously the new drives LUKS volume has a new UUID, so I modified /etc/crypttab accordingly.

On boot, my root partition is decrypted and mounted, but /home is not touched, causing the entry in /etc/fstab to halt the boot process due to a missing LVM device.

Booting without /home mentioned in fstab, and doing "cryptsetup luksOpen" on /dev/sdb1, allows me to "lvchange -ay /dev/VolGroup01/LogVol00" and then mount /home.

I can see / being decrypted/mounted from my initrd, but there is no mention of either my old /home disk or the new one, so I'm not sure why the old disk was processed but the new one isn't.

[root@mwatts ~]# cryptsetup luksDump /dev/sda2 | grep UUID
UUID:          	9867d209-846c-4de8-8d78-479f42ecce2a
[root@mwatts ~]# cryptsetup luksDump /dev/sdb1 | grep UUID
UUID:          	b94a0dc2-b333-4196-9e15-0cd94b594473
[root@mwatts ~]# cat /etc/crypttab
luks-9867d209-846c-4de8-8d78-479f42ecce2a UUID=9867d209-846c-4de8-8d78-479f42ecce2a none
luks-b94a0dc2-b333-4196-9e15-0cd94b594473 UUID-b94a0dc2-b333-4196-9e15-0cd94b594473 none

[root@mwatts ~]# cat /etc/fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults        1 1
/dev/VolGroup01/LogVol00 /home                   ext4    defaults        1 2
UUID=e51ffd53-fddd-4d0e-9204-38e8d5dd5779 /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
Comment 1 Bill Nottingham 2009-04-29 12:08:10 EDT
What happens if you remake the initrd?b
Comment 2 Mark Watts 2009-04-29 12:22:29 EDT
No change:

# mkinitrd -f test.img
# lsinitrd test.img | grep luksOpen
plymouth ask-for-password --command "cryptsetup luksOpen /dev/sda2 luks-9867d209-846c-4de8-8d78-479f42ecce2a"

Compared to:

# lsinitrd /boot/initrd- | grep luksOpen
plymouth ask-for-password --command "cryptsetup luksOpen /dev/sda2 luks-9867d209-846c-4de8-8d78-479f42ecce2a"
Comment 3 Bill Nottingham 2009-04-29 14:26:58 EDT
Hm, what happens if you remove/recreate /etc/blkid/blkid.tab?
Comment 4 Mark Watts 2009-04-30 04:16:50 EDT
On boot, blkid.tab appears to be regenerated automatically, and contains this:

<device DEVNO="0x0801" TIME="1241078809" LABEL="/boot" UUID="e51ffd53-fddd-4d0e-9204-38e8d5dd5779" TYPE="ext3" SEC_TYPE="ext2">/dev/sda1</device>
<device DEVNO="0x0802" TIME="1241078297" UUID="9867d209-846c-4de8-8d78-479f42ecce2a" TYPE="crypt_LUKS">/dev/sda2</device>
<device DEVNO="0xfd00" TIME="1241078297" UUID="sgWWKy-SLBW-2cGy-hi62-pa8M-H4uv-qXB88c" TYPE="lvm2pv">/dev/dm-0</device>
<device DEVNO="0xfd01" TIME="1241078297" LABEL="F10-i686-Live" UUID="354b94c6-01ce-4126-9c93-29f0ba74a015" TYPE="ext3">/dev/dm-1</device>
<device DEVNO="0xfd02" TIME="1241078297" TYPE="swap">/dev/dm-2</device>
<device DEVNO="0x0811" TIME="1241078297" UUID="b94a0dc2-b333-4196-9e15-0cd94b594473" TYPE="crypt_LUKS">/dev/sdb1</device>

The latter entry is the correct UUID for my new sdb1 LUKS volume.
Note that I've manually luksOpen'd and mounted sdb1 by the time I've looked at this file.

However, the blkid.tab file that was present before I rebooted looked different:

<device DEVNO="0x0802" TIME="1241021981" UUID="9867d209-846c-4de8-8d78-479f42ecce2a" TYPE="crypt_LUKS">/dev/sda2</device>
<device DEVNO="0x0801" TIME="1241021981" LABEL="/boot" UUID="e51ffd53-fddd-4d0e-9204-38e8d5dd5779" TYPE="ext3" SEC_TYPE="ext2">/dev/sda1</device>
<device DEVNO="0xfd01" TIME="1241021981" PRI="45" LABEL="F10-i686-Live" UUID="354b94c6-01ce-4126-9c93-29f0ba74a015" TYPE="ext3">/dev/mapper/VolGroup00-LogVol00</device>
<device DEVNO="0xfd02" TIME="1241021981" PRI="45" TYPE="swap">/dev/mapper/VolGroup00-LogVol01</device>
<device DEVNO="0xfd00" TIME="1241021981" PRI="40" UUID="sgWWKy-SLBW-2cGy-hi62-pa8M-H4uv-qXB88c" TYPE="lvm2pv">/dev/mapper/luks-9867d209-846c-4de8-8d78-479f42ecce2a</device>
<device DEVNO="0xfd01" TIME="1241021981" LABEL="F10-i686-Live" UUID="354b94c6-01ce-4126-9c93-29f0ba74a015" TYPE="ext3">/dev/VolGroup00/LogVol00</device>
<device DEVNO="0xfd02" TIME="1241021981" TYPE="swap">/dev/VolGroup00/LogVol01</device>
<device DEVNO="0x0811" TIME="1241021981" UUID="b94a0dc2-b333-4196-9e15-0cd94b594473" TYPE="crypt_LUKS">/dev/sdb1</device>
<device DEVNO="0xfd03" TIME="1241021981" UUID="tsc7tj-4qDK-1IQ4-dhP1-KSgG-g1Hs-nZ89z7" TYPE="lvm2pv">/dev/mapper/luks-b94a0dc2-b333-4196-9e15-0cd94b594473</device>
<device DEVNO="0xfd04" TIME="1241021981" UUID="92d7f012-9c0a-44c8-9193-0a3330da5acc" TYPE="ext4">/dev/mapper/VolGroup01-LogVol00</device>

Also, the same file after running "blkid" looks like this:

<device DEVNO="0x0801" TIME="1241079217" LABEL="/boot" UUID="e51ffd53-fddd-4d0e-9204-38e8d5dd5779" TYPE="ext3" SEC_TYPE="ext2">/dev/sda1</device>
<device DEVNO="0x0802" TIME="1241079217" UUID="9867d209-846c-4de8-8d78-479f42ecce2a" TYPE="crypt_LUKS">/dev/sda2</device>
<device DEVNO="0xfd00" TIME="1241079217" UUID="sgWWKy-SLBW-2cGy-hi62-pa8M-H4uv-qXB88c" TYPE="lvm2pv">/dev/dm-0</device>
<device DEVNO="0xfd01" TIME="1241079217" LABEL="F10-i686-Live" UUID="354b94c6-01ce-4126-9c93-29f0ba74a015" TYPE="ext3">/dev/dm-1</device>
<device DEVNO="0xfd02" TIME="1241079217" TYPE="swap">/dev/dm-2</device>
<device DEVNO="0x0811" TIME="1241079217" UUID="b94a0dc2-b333-4196-9e15-0cd94b594473" TYPE="crypt_LUKS">/dev/sdb1</device>
<device DEVNO="0xfd03" TIME="1241079217" UUID="tsc7tj-4qDK-1IQ4-dhP1-KSgG-g1Hs-nZ89z7" TYPE="lvm2pv">/dev/dm-3</device>
<device DEVNO="0xfd04" TIME="1241079217" UUID="92d7f012-9c0a-44c8-9193-0a3330da5acc" TYPE="ext4">/dev/dm-4</device>

In each case, the UUID of the /dev/sdb1 LUKS volume is correct, but its just not being processed.
I don't even get asked for a second passphrase (even though the passphrase is the same on both /dev/sda2 and /dev/sdb1).
Comment 5 Bill Nottingham 2009-04-30 12:05:18 EDT
Just to confirm; you're running the errata initscripts, correct?

Are /dev/sda and /dev/sdb on the same controller?
Comment 6 Mark Watts 2009-04-30 12:10:59 EDT

/dev/sda is a SATA disk connected to my motherboard.
/dev/sdb is a Hardware RAID-1 on an Adaptec 2410SA card.
Comment 7 Bill Nottingham 2009-04-30 13:05:55 EDT
It's a gross hack, but... what happens if you add a 'sleep 5' before the 'scsi_wait_scan' lines in rc.sysinit?
Comment 8 Mark Watts 2009-04-30 14:47:23 EDT
I added a "sleep 10" (for good measure :) where you said.
I see the boot process pausing for 10 seconds right after setting the hostname, and then we're back to square one - no Logical Volumes found.

After typing my root password to enter "disk fixing mode", I checked dmesg and the Adaptec controller is being detected just fine, before my ethernet cards.
Comment 9 Bill Nottingham 2009-04-30 14:57:45 EDT
And presumably:
- the partition check for those disks occurs there as well (early, during udev)
- changing the entry in crypttab to /dev/disk/by-uuid/b94a0dc2-b333-4196-9e15-0cd94b594473 does not help?
Comment 10 Mark Watts 2009-04-30 15:18:58 EDT

luks-9867d209-846c-4de8-8d78-479f42ecce2a UUID=9867d209-846c-4de8-8d78-479f42ecce2a none
luks-b94a0dc2-b333-4196-9e15-0cd94b594473 UUID-b94a0dc2-b333-4196-9e15-0cd94b594473 none

Spot the typo...

Nothing to see here... move along...

Although, nothing complained about incorrect syntax, which would have been nice.
Comment 11 Bill Nottingham 2009-04-30 15:27:56 EDT
We have:

        [ -b "$src" ] || continue

I suppose we could instrument that to throw an error/warning. In any case, closing.

Note You need to log in before you can comment on or make changes to this bug.