reboot doesn't honor disk encryption setting in earlier tinkerbell action during EKS anywhere cluster creation for bare metal

[ygao-armada]

I try to setup the the disk encryption for directory like /var in a tinkerbell action (right before tinkerbell action reboot). Everything looks good in following areas:

1. /dev/mapper/ has cryption target name "sda1_crypt"
2. /etc/fstab maps "/var" to "/dev/mapper/sda1_crypt" with type "ext4"
3. /etc/crypttab maps target "sda1_crypt" to partition "/dev/sda1", which is consistent with output of "fdisk -l"

Only interesting thing is that, after command "cryptsetup luksOpen /dev/sda1 sda1_crypt" in the tinkerbell action, dummy file /etc/crypttab is not generated (if we run the command in command line, we will see /etc/crypttab shows up with a comment line).

However, tinkerbell action "reboot" doesn't ask for passphrase, and after reboot, all the cryption setting mentioned above disappears.

Expected Behaviour

reboot asks for encryption passphrase, and after reboot, the disk encryption setting will stay

Current Behaviour

Possible Solution

Steps to Reproduce (for bugs)

1. 2. 3. 4.

Context

Your Environment

• Operating System and version (e.g. Linux, Windows, MacOS):

• How are you running Tinkerbell? Using Vagrant & VirtualBox, Vagrant & Libvirt, on Packet using Terraform, or give details:

• Link to your project or a code example to reproduce issue: