Bug 710839 - FIXED_IN_GIT: systemd breaks encrypted swap
Summary: FIXED_IN_GIT: systemd breaks encrypted swap
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 15
Hardware: x86_64
OS: Linux
medium
urgent
Target Milestone: ---
Assignee: Lennart Poettering
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 710259 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-05 07:37 UTC by udo
Modified: 2012-04-10 14:59 UTC (History)
11 users (show)

Fixed In Version: systemd-26-3.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-15 23:52:34 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description udo 2011-06-05 07:37:29 UTC
Description of problem:
After upgrading to fedora 15 my encrypted swap is not set up by systemd which calls itself a drop-in replacement for SysV scripts.


Version-Release number of selected component (if applicable):
systemd-26-2.fc15.x86_64

How reproducible:
Have F14 box with encrypted swap
Upgrade to F15 using preupgrade.
Once booted into upgraded box notice lack of swap.

Steps to Reproduce:
1. See above
2.
3.
  
Actual results:
No swap

Expected results:
Encrypted swap

Additional info:
I fear for upgrading the other boxes to F15: SysV startup scripts as for mythTV don't work anymore, don't output anything and pretend they start the daemon OK when they don't. Same for mysql: pid directory is removed everytime so mysqld can't start; why doesn't systemd fix this?

Comment 1 udo 2011-06-05 08:01:15 UTC
 ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Jun  5 08:50 control
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-homelv -> ../dm-0
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-mythlv -> ../dm-3
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-rootlv -> ../dm-5
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-srclv -> ../dm-2
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-usrlv -> ../dm-4
lrwxrwxrwx 1 root root       7 Jun  5 08:50 my_vg-varlv -> ../dm-1
lrwxrwxrwx 1 root root       7 Jun  5 08:50 swap -> ../dm-6

So we do have swap dm-partition, but:
# swapon -a
swapon: /dev/mapper/swap: read swap header failed: Invalid argument
# mkswap /dev/mapper/swap
mkswap: /dev/mapper/swap: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 2097148 KiB
no label, UUID=b0cfcbd1-a2a6-4f57-a64a-f4f1f76054f8
# swapon -a

So why isn't this done like it used to be?

# cat /etc/crypttab 
swap	/dev/sda2	/dev/urandom	swap,cipher=aes-cbc-essiv:sha256,size=256

So the partition is clearly marked as to be swap after encrypting. Also fstab shows the swap as swap.
This worked very well in F14. F15 breaks this functionality.

Comment 2 udo 2011-06-05 08:17:53 UTC
Also, in dmesg:

<30>systemd-cryptsetup[2279]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sda2.
<28>systemd[1]: Job dev-mapper-swap.device/start timed out.
<29>systemd[1]: Job dev-mapper-swap.swap/start failed with result 'dependency'.
<29>systemd[1]: Job dev-mapper-swap.device/start failed with result 'timeout'.

Timed out for what?
Dependency on what? LVM was already up, usr, var etc fscked...

Comment 3 Bert DeKnuydt 2011-06-05 19:49:22 UTC
On top of that, this 'timeout' costs you 60 seconds of additional boot time.

Comment 4 udo 2011-06-06 03:03:32 UTC
Indeed, even while we have /dev/urandom as our source of password.
So is my /dev/urandom not good anymore?

Comment 5 Bert DeKnuydt 2011-06-06 10:08:28 UTC
Workaround:

*) Edit /lib/systemd/systemd/swap.target and add a line.  (The default delay
   is not 60 secs as I said earlier, but 90.)

   TimeoutSec=5

*) Add to the file /etc/rc.local something along the lines of

   mkswap /dev/mapper/swap
   swapon -a

This works, but brings the swap up very very late in the boot process.

Comment 6 Michal Schmidt 2011-06-06 12:14:51 UTC
I reproduced the bug where systemd fails to run mkswap automatically on the device.

The bug is in cryptsetup-generator.c. It parses the options from /etc/crypttab incorrectly. It only works if "swap" is the very last option in the list. I can provide a patch later.

Comment 7 udo 2011-06-06 17:23:39 UTC
So if I make 
/etc/crypttab to have:
swap /dev/sda2 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,swap

that should make stuff work without the patch?

Comment 9 Bert DeKnuydt 2011-06-07 09:59:54 UTC
To comment 7:

I've tried exactly that: makes no difference whatsoever.

To comment 8:

I've now these versions:

[root@yingchang system]# rpm -aq | grep systemd
systemd-units-26-2.fc15.m1.i686
systemd-26-2.fc15.m1.i686
systemd-sysv-26-2.fc15.m1.i686

But the problem is still there:

[...]
[   11.960163] udev[495]: renamed network interface eth0 to em1
[   12.668204] systemd-fsck[656]: /dev/mapper/vg_yingchang-LogVol02: clean, 41/43687936 files, 2792471/174743552 blocks
[   12.850134] EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: acl,quota
[   13.028129] systemd-cryptsetup[673]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/mapper/vg_yingchang-LogVol01.
[   99.942840] systemd[1]: Job dev-mapper-swap.device/start timed out.
[   99.943283] systemd[1]: Job dev-mapper-swap.swap/start failed with result 'dependency'.
[   99.943615] systemd[1]: Job dev-mapper-swap.device/start failed with result 'timeout'.
[  100.429294] p4-clockmod: P4/Xeon(TM) CPU On-Demand Clock Modulation available
[  100.466867] ntpd[729]: ntpd 4.2.6p3 Fri May  6 16:27:05 UTC 2011 (1)
[  100.471675] ntpd[729]: proto: precision = 0.657 usec
[...]

Boot is ok, minus the swap...

Maybe we are looking at more than one problem here ...

Comment 10 Michal Schmidt 2011-06-07 10:16:43 UTC
(In reply to comment #9)
> Maybe we are looking at more than one problem here ...

Yes, I'm pretty sure we are. Please file a new bug and attach this information to it:
 - the output of 'dmesg' after booting with 'log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg'
 - /etc/fstab
 - /etc/crypttab

Comment 11 Bert DeKnuydt 2011-06-07 12:08:21 UTC
See Bugzilla #711394

This one can be closed I guess?

Comment 12 Michal Schmidt 2011-06-07 12:16:10 UTC
(In reply to comment #11)
> This one can be closed I guess?

No. The fix has not been pushed to Fedora updates yet.

Comment 13 udo 2011-06-07 13:02:18 UTC
Do I understand correctly that the 'swap' keyword in crypttab isn't handled fully at all, independent of placement of the keyword?

Comment 14 Bert DeKnuydt 2011-06-07 13:15:18 UTC
Well, yes and no ...

* Because of this here error, the 'swap' keyword is only seen, when it is NOT followed by a ',' (comma).  So if you put 'swap' at the end that problem is circumvented.  A patch for that is made by M. Schmidt, but not yet pushed.

If this 'swap' is not recognized, the crypt stuff is started up, but no swap header is written to the LVM; i.e. you'd need to manually run 'mkswap' and then 'swapon'.

* But, at least I have yet another problem, that when this one is solved,
the swap is made (like with 'mkswap'), but the 'swapon' is not ran.
That's bz. #711394.

Comment 15 Dag 2011-06-09 13:07:08 UTC
*** Bug 710259 has been marked as a duplicate of this bug. ***

Comment 16 udo 2011-06-11 08:37:35 UTC
When can we test the fix(es) for the swap issue(s)? (i.e.: please provide an rpm)

Comment 17 Fedora Update System 2011-06-13 00:00:30 UTC
systemd-26-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/systemd-26-3.fc15

Comment 18 udo 2011-06-13 05:21:17 UTC
After installing the 26-3 updates and a reboot:

$ ssh root@recorder
Last login: Sun Jun 12 20:54:01 2011 from surfplank2
[root@recorder ~]# free
             total       used       free     shared    buffers     cached
Mem:       3797992     428548    3369444          0      26628     152772
-/+ buffers/cache:     249148    3548844
Swap:            0          0          0
[root@recorder ~]# swapon -a
[root@recorder ~]# free
             total       used       free     shared    buffers     cached
Mem:       3797992     446096    3351896          0      26648     167068
-/+ buffers/cache:     252380    3545612
Swap:      2097148          0    2097148
[root@recorder ~]# cat /etc/crypttab 
swap	/dev/sda2	/dev/urandom	swap,cipher=aes-cbc-essiv:sha256,size=256
[root@recorder ~]# rpm -qa|grep systemd
systemd-sysv-26-3.fc15.x86_64
systemd-units-26-3.fc15.x86_64
systemd-26-3.fc15.x86_64

Comment 19 udo 2011-06-13 05:52:03 UTC
Other box:

# free
             total       used       free     shared    buffers     cached
Mem:       4053528     761308    3292220          0      58428     358148
-/+ buffers/cache:     344732    3708796
Swap:      2072376          0    2072376
# cat /etc/crypttab 
crypto UUID=4a65c764-b0b1-4b1f-94fb-c76d1bc3e287 none
swapa    /dev/sda4       /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256
swapb    /dev/sdb4       /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256
swapc    /dev/sdc4       /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256
swapd    /dev/sdd4       /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256

# swapon -a
# free
             total       used       free     shared    buffers     cached
Mem:       4053528     817028    3236500          0      85924     358052
-/+ buffers/cache:     373052    3680476
Swap:      4144752          0    4144752

Comment 20 Michal Schmidt 2011-06-13 06:40:50 UTC
(In reply to comment #18)

That implies mkswap was run automatically, but swapon was not, i.e. it is likely bug 711394.

Comment 21 Fedora Update System 2011-06-15 05:35:20 UTC
Package systemd-26-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing systemd-26-3.fc15'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/systemd-26-3.fc15
then log in and leave karma (feedback).

Comment 22 Fedora Update System 2011-06-15 23:52:15 UTC
systemd-26-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Sami Farin 2011-07-29 08:48:06 UTC
encrypted swap does not work in systemd-30

[    7.441347] Adding 4194296k swap on /dev/loop6.  Priority:10 extents:1 across:4194296k 
[    7.848455] Adding 4200956k swap on /dev/loop4.  Priority:10 extents:1 across:4200956k 

# swapon -s
Filename                                Type            Size    Used    Priority
/dev/sda1                               partition       4200960 280100  0
/dev/sdb5                               partition       4194300 280096  0

# losetup /dev/loop4
loop: can't get info on device /dev/loop4: No such device or address

# grep swap /etc/fstab
LABEL=wd1swap   swap                    swap    pri=10,encryption=AES128,loop=/dev/loop6
LABEL=wd2swap   swap                    swap    pri=10,encryption=AES128,loop=/dev/loop4

# cat /etc/crypttab
cat: /etc/crypttab: No such file or directory

Comment 24 Michal Schmidt 2011-07-29 17:40:01 UTC
Sami,
your setup is significantly different from the situation solved in this bug. Please file it as a separate bugzilla ticket.
Thanks.

Comment 25 udo 2012-04-10 14:59:21 UTC
Michal:

# free
             total       used       free     shared    buffers     cached
Mem:       4053584    3869076     184508          0      32740    1666724
-/+ buffers/cache:    2169612    1883972
Swap:      2072376      38192    2034184
# swapon -a
# free
             total       used       free     shared    buffers     cached
Mem:       4053584    3870420     183164          0      32780    1667572
-/+ buffers/cache:    2170068    1883516
Swap:      4144752      38192    4106560

So yes it works partly, some of the time. (I have 4 swaps)

# udevadm info -q all -n /dev/mapper/swap*|grep SYST
E: SUBSYSTEM=block
E: SYSTEMD_READY=0
# rpm -q udisks
udisks-1.0.4-3.fc16.x86_64

So what is the workaround here?
When will we see a solution to this very elementary issue? (for the user it is
we just need swap, please make it behave like it did before systemd was
'introduced')

BTW: my swap is NOT swap on encrypted LVM  volumes.
My swap is on a regular partition. (even more basic than just that!)


Note You need to log in before you can comment on or make changes to this bug.