On Tue, Nov 27, 2018 at 3:14 PM mark <m.roth@xxxxxxxxx> wrote:
> What we do is to have the encryption key of the secondary filesystem in
> /etc/crypttab, which is, of course, 600. As it boots, it decrypts from
> that as
> it mounts the rest of the system.
>
> mark
>
Thanks, this is working as expected and it gave me the hint needed to find
the actual problem. The problem is that the initramfs image generated by
dracut -f does not include the /etc/crypttab from the OS (it only contains
the entry for the root device). Once I have manually added the other
volumes in the /etc/crypttab file from the initramfs image, clevis is able
to decrypt all volumes.
Now the question is why the generated iniramfs image has a different
/etc/crypttab. How can I specify /etc/crypttab for the initramfs so that
furhter kernel updates will not replace it with the wrong file?
Radu
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
