add regenerate-all to the dracut command - Githubissues

linux-system-roles / nbde_client

Ansible role for configuring Network Bound Disk Encryption clients (e.g. clevis)

https://linux-system-roles.github.io/nbde_client/

MIT License

14 stars 24 forks source link

add regenerate-all to the dracut command #48

Closed lessfoobar closed 3 years ago

lessfoobar commented 3 years ago

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-manual-enrollment-of-volumes-using-clevis_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption

section 9.9 point 5 recommends using dracut -f plus --regenerate-all sometimes the systems can not be booted

richm commented 3 years ago

[citest commit:1f74c3cf042ce7fd439e3c6970bec09e8c5f41a4]

richm commented 3 years ago

lgtm - @sergio-correia ?

sergio-correia commented 3 years ago

lgtm - @sergio-correia ?

lgtm as well, but I would also update RedHat_9.yml with the same change.

richm commented 3 years ago

ping - any update?

sergio-correia commented 3 years ago

@lessfoobar: are you planning on updating this PR to also update RedHat_9.yml? It would be great if we could merge this fix.

lessfoobar commented 3 years ago

there were new changes to the RHEL docu thus the second update.

richm commented 3 years ago

[citest pending]

richm commented 3 years ago

[citest pending]