Fw: Systemd keeps trying to re-open an already active LUKS volume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Begin forwarded message:

I forwarded this to test since F26 is still not released, and they are
deciding whether to release this week.  You are much more likely to get
an answer to your question there.

Date: Mon, 29 May 2017 16:46:05 +0200
From: Andrej Podzimek <andrej@xxxxxxxxxxxx>
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Systemd keeps trying to re-open an already active LUKS volume


Hi,

I need a piece of advice concerning an encrypted root partition on
Fedora 26. I'm running a custom manual setup created using dnf.

Further context:
* The installation procedure is outlined in this tread -- and quite
likely irrelevant to this question anyway:
https://lists.fedorahosted.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/3MUQLH4II636LEHREOOG7XCXCIB4GMDC/
* The disk layout is described in this comment:
https://bugzilla.redhat.com/show_bug.cgi?id=1297188#c2

Unlike Fedora 23 and 24, both of which booted just fine, Fedora 26 has
two glitches related to my encrypted LUKS root partition:

1. Dracut fails to automatically add the crypt module. It doesn't seem
to care about LUKS-related settings in /etc/default/grub and/or about
the fact that the system runs off an encrypted volume. I had to
manually add add_dracutmodules+="crypt" into /etc/dracut.conf, or else
I wouldn't get a password prompt on boot and the early systemd would
freeze waiting for the root partition to appear. It works normally with
add_dracutmodules+="crypt".

2. Possibly as a consequence of (1), systemd doesn't realize that the
root partition has been already activated and luksOpen'ed at boot time
and keeps trying to unlock it over and over. The consoles are spammed
by messages like this one, basically on every sudo invocation: Password
entry required for 'Please enter passphrase for disk cryptprdell-luks
(plainprdell)!' (PID 5492). Please enter password with the
systemd-tty-ask-password-agent tool!

Of course I tried to run the systemd-tty-ask-password-agent tool and
type in the password. But then systemctl --failed showed a failure in
systemd-cryptsetup@plainprdell.service, the auto-generated unit for the
LUKS volume. Presumably, journalctl revealed that the error message had
been "Failed to activate: Device or resource busy". Well, that's indeed
what happens when you try to open a LUKS volume that's already opened.

If I don't use systemd-tty-ask-password-agent at all, systemctl status
permanently shows "starting" and never reaches "running", because of
the LUKS volume it thinks it needs to activate. (I tried systemctl
disable, but nope, that had no effect.)

This appears to have something in common with an ancient bug from 2013:
https://bugzilla.redhat.com/show_bug.cgi?id=924581

Has anything changed (1) in the way Dracut finds out whether the crypt
module is needed (which worked at least up to Fedora 24) or (2) in the
way systemd generates its automatic units for encrypted volumes?
Something must have changed, but I have no idea what it is and how to
get the old behavior back. :-/

My /etc/default/grub and /etc/crypttab are attached. The current kernel
version is 4.11.0-2.fc26.x86_64.

Cheers,
Andrej
plainprdell     UUID=f5340cc4-d856-453e-9a19-70fd6adf5d90       none    allow-discards,luks
GRUB_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT=1
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_GFXMODE=auto
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_CMDLINE_LINUX='rootfstype=btrfs rd.md=0 rd.dm=0 rd.luks=1 rd.lvm=1 rd.lvm.lv=cryptprdell/luks rd.luks.uuid=f5340cc4-d856-453e-9a19-70fd6adf5d90 rd.luks.allow-discards=f5340cc4-d856-453e-9a19-70fd6adf5d90 rd.lvm.lv=plainprdell/swap rd.lvm.lv=plainprdell/root resume=/dev/mapper/plainprdell-swap i915.fastboot=1 loglevel=3 vga=current vconsole.font=ter-v32n rhgb quiet'
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux