search

dracutdevs / dracut

dracut the event driven initramfs infrastructure
https://github.com/dracutdevs/dracut/wiki
GNU General Public License v2.0
600 stars 400 forks source link

Dracut isn't unlocking LUKS root volume with Clevis at boot #474

Closed michaelbarkdoll closed 6 years ago

michaelbarkdoll commented 6 years ago

On Ubuntu 18.04, I can get secondary volumes with LUKS to unlock with clevis at boot to work but root volumes are giving me issues unlocking at bootup and I think the issue is related to dracut.

Anyone have an idea what is wrong or if this is a bug or how I can check logs for dracut to make sure it is working properly with clevis? Thanks,

/etc/fstab

root@cisadmin-VirtualBox:~# cat /etc/fstab 
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/sda5_crypt /               ext4    defaults,_netdev 0       2
# /boot was on /dev/sda1 during installation
UUID=45c8c1b2-3558-43d1-9e41-cf49dccf4ab2 /boot           ext4    defaults        0       2
/swapfile                                 none            swap    sw              0       0

/etc/crypttab

root@cisadmin-VirtualBox:~# cat /etc/crypttab 
sda5_crypt UUID=5ed3b55e-0e4a-41fb-99c5-fb1b467a738d    none    _netdev
root@cisadmin-VirtualBox:~#
root@cisadmin-VirtualBox:~# blkid
/dev/mapper/sda5_crypt: UUID="8d8941f6-af80-434a-9b48-40ed52cec6c6" TYPE="ext4"
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/loop4: TYPE="squashfs"
/dev/loop5: TYPE="squashfs"
/dev/loop6: TYPE="squashfs"
/dev/sda1: UUID="45c8c1b2-3558-43d1-9e41-cf49dccf4ab2" TYPE="ext4" PARTUUID="35fc3636-01"
/dev/sda5: UUID="5ed3b55e-0e4a-41fb-99c5-fb1b467a738d" TYPE="crypto_LUKS" PARTUUID="35fc3636-05"
root@cisadmin-VirtualBox:~# lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
loop0            7:0    0  86.9M  1 loop  /snap/core/4917
loop1            7:1    0  34.7M  1 loop  /snap/gtk-common-themes/319
loop2            7:2    0 140.9M  1 loop  /snap/gnome-3-26-1604/70
loop3            7:3    0   2.3M  1 loop  /snap/gnome-calculator/180
loop4            7:4    0   3.7M  1 loop  /snap/gnome-system-monitor/51
loop5            7:5    0  14.5M  1 loop  /snap/gnome-logs/37
loop6            7:6    0    13M  1 loop  /snap/gnome-characters/103
sda              8:0    0    10G  0 disk  
├─sda1           8:1    0   476M  0 part  /boot
├─sda2           8:2    0     1K  0 part  
└─sda5           8:5    0   9.5G  0 part  
  └─sda5_crypt 253:0    0   9.5G  0 crypt /
sr0             11:0    1  1024M  0 rom   
root@cisadmin-VirtualBox:~# 
root@cisadmin-VirtualBox:~# cryptsetup luksDump /dev/sda5
LUKS header information for /dev/sda5

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      c5 9e 51 60 01 24 ec a9 58 99 9a 1d 68 7d a8 ae 74 dc 3f 95 
MK salt:        a8 99 82 36 0a 62 83 49 fe 39 1d f2 17 35 0d 24 
                80 57 66 93 53 99 74 c1 f3 03 86 1e 36 fd 0c f3 
MK iterations:  94025
UUID:           5ed3b55e-0e4a-41fb-99c5-fb1b467a738d

Key Slot 0: ENABLED
    Iterations:             1504412
    Salt:                   a6 b9 ac e9 f9 77 94 74 cb 2b 35 b0 64 61 6f f9 
                            18 52 34 f7 b2 ed 6e 5e c6 52 4f 53 0a f4 9a 31 
    Key material offset:    8
    AF stripes:             4000
Key Slot 1: ENABLED
    Iterations:             1148494
    Salt:                   9d 6e b5 7a 02 d8 de a6 3d 82 4f 30 49 ca fb 02 
                            8d d0 76 c5 8d 0b bd 81 fe 41 c3 e6 03 81 fe c8 
    Key material offset:    512
    AF stripes:             4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
root@cisadmin-VirtualBox:~# 
root@cisadmin-VirtualBox:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:96:ad:bd brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.13/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
       valid_lft 1063sec preferred_lft 1063sec
    inet6 fe80::3071:4aa0:17cb:5e13/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
root@cisadmin-VirtualBox:~# dracut -f --kernel-cmdline "ip=10.0.2.13 netmask=255.255.255.0 gateway=10.0.2.1 nameserver=127.0.0.53"                               dracut: Executing: /usr/bin/dracut -f --kernel-cmdline "ip=10.0.2.13 netmask=255.255.255.0 gateway=10.0.2.1 nameserver=127.0.0.53"
dracut: dracut module 'bootchart' will not be installed, because command '/sbin/bootchartd' could not be found!
dracut: dracut module 'plymouth' will not be installed, because command 'plymouth-set-default-theme' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut: *** Including module: bash ***
dracut: *** Including module: dash ***
dracut: *** Including module: systemd ***
dracut: *** Including module: systemd-initrd ***
dracut: *** Including module: console-setup ***
dracut: *** Including module: network ***
dracut: *** Including module: ifcfg ***
dracut: *** Including module: clevis ***
dracut: *** Including module: aufs ***
dracut: *** Including module: crypt ***
dracut: *** Including module: dm ***
dracut: Skipping udev rule: 10-dm.rules
dracut: Skipping udev rule: 13-dm-disk.rules
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: *** Including module: kernel-modules ***
dracut: *** Including module: kernel-network-modules ***
dracut: *** Including module: overlay-root ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: terminfo ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: dracut-systemd ***
dracut: *** Including module: usrmount ***
dracut: *** Including module: base ***
dracut: *** Including module: fs-lib ***
dracut: *** Including module: shutdown ***
dracut: *** Including modules done ***
dracut-install: Failed to find module 'crc32c'
dracut: FAILED:  /usr/lib/dracut/dracut-install -D /var/tmp/dracut.yuEatz/initramfs --kerneldir /lib/modules/4.15.0-29-generic/ -m crc32c
dracut: *** Installing kernel module dependencies ***
dracut: *** Installing kernel module dependencies done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done***
dracut: *** Stripping files ***
dracut: *** Stripping files done ***
dracut: *** Generating early-microcode cpio image ***
dracut: *** Constructing GenuineIntel.bin ****
dracut: *** Store current command line parameters ***
dracut: Stored kernel commandline:
dracut:  ip=10.0.2.13 netmask=255.255.255.0 gateway=10.0.2.1 nameserver=127.0.0.53
dracut:  rd.luks.uuid=luks-5ed3b55e-0e4a-41fb-99c5-fb1b467a738d
dracut:  root=/dev/mapper/sda5_crypt rootfstype=ext4 rootflags=rw,relatime,data=ordered
dracut: rd.neednet=1
dracut: *** Creating image file '/boot/initramfs-4.15.0-29-generic.img' ***
dracut: *** Creating initramfs image file '/boot/initramfs-4.15.0-29-generic.img' done ***
root@cisadmin-VirtualBox:~#
root@cisadmin-VirtualBox:~# update-grub2
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-29-generic
Found initrd image: /boot/initrd.img-4.15.0-29-generic
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
done
root@cisadmin-VirtualBox:~# reboot
archeious commented 5 years ago

Did you find a work around for this. I am having the same issue.