Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to shut down initramfs-activated dm-crypt volumes?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Irom
Tux's lil' helper
Tux's lil' helper


Joined: 07 Oct 2003
Posts: 91
Location: am arsch..

PostPosted: Sun Sep 12, 2010 7:59 pm    Post subject: How to shut down initramfs-activated dm-crypt volumes? Reply with quote

Hi,

my setup: I have 13 logical volumes: 3 are unencrypted (/boot/, /usr/, /usr/portage/), the rest are encrypted.
"/" is an encrypted volume too, so I made an initramfs.
I don't have to type 10 passwords during boot, the initramfs luksOpen's all volumes with the same password, that I only have to type once.

Gentoo isn't involved in bringing up the encrypted volumes, and therefore doesn't know about them. This works fine during boot, but on shutdown my problems begin:
  • Where to luksClose?
    • the only possibility that I found to do my own luksClose was overwriting /lib/rcscripts/addons/dm-crypt-stop.sh. Not the best solution, because I would have to take care that the file never gets overwritten. Writing an init.d-script didn't work, because there is no way to run it after umount, but before lvm-stop.sh AFAICT.
    • /etc/conf.d/dmcrypt doesn't work, because I only need gentoo to *stop* the volumes
  • Gentoo can't stop LVM/RAID
    • /lib/rcscripts/addons/lvm-stop.sh is not able to stop the volume group (can't deactivate volume group"), because the encrypted root ist still active.
    • the vgchange command (/sbin/lvchange --config "${config}" --sysinit -a ln ${VGS}) used in /lib/rcscripts/addons/lvm-stop.sh results in "node ... was not removed by udev. Falling back to direct node removal". udev ist still running at this point. The activation in initramfs works fine, without any error messages.

Can anybody nudge me in the right direction how to deactivate dm-crypt volumes during shutdown in baselayout1?

Or maybe there is a better way to do this? I don't want to do RAID -> fdisk -> dm-crypt -> lvm, because that seems very inflexible. I don't want to use genkernel or /etc/conf.d/dmcrypt, because (I guess) it doesn't allow me to decrypt all volumes with a single password prompt. I don't want to use key files, because I don't want to store the keys on disk.
_________________
http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
http://apfelboymchen.net/gnu/
Back to top
View user's profile Send private message
stelardactek
n00b
n00b


Joined: 28 Aug 2005
Posts: 35

PostPosted: Wed Sep 29, 2010 8:41 am    Post subject: Reply with quote

I actually have a similar problem. I'm not using encryption, but I have the same issue with /lib/rcscripts/addons/lvm-stop.sh trying (and failing) to deactivate the volume group at shutdown because the root LV is still active (and cannot be deactivated because / is still mounted).
I'm thinking the way to properly unmount and deactivate the root LV is to have the system mount a RAM FS at shutdown and swap to that. But I don't know how to go about doing that, or how to get lvm-stop.sh to give an unsightly error message when it tries to do that too early...
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4122
Location: Houston, Republic of Texas

PostPosted: Wed Sep 29, 2010 8:50 am    Post subject: Reply with quote

I'd be happy if I got an initramfs that actually worked for crypt-root. Every attempt I've made has failed. Got it working years ago, no idea how I did it =/


</unhelpful off-topic reply>

The only thing I could possibly suggest, which is likely an idea you've had already as you mention your BL version, is drawing inspiration from the init script used for this on BL2. No idea how it would handle root unfortunately.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2464
Location: Germany

PostPosted: Wed Sep 29, 2010 6:14 pm    Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? Reply with quote

You're seeing problems where there are none. luksClose and deactivating LVM do not actually write anything on disk, they just remove the kernel resources that allow access to the mapped devices. The same thing will happen anyway when you shutdown / reboot, so you can just skip that step entirely. What your system already should do is remount the root partition read-only during shutdown; once that's done, all physical write operations are done too, and it's safe to cut power at that point. Strictly speaking, you could remove lvm-stop.sh entirely since all it does is waste time. It's still good to have it though so it can show error messages if there is actually something really wrong with your setup (like when there's something still mounted that shouldn't be - can't be helped for the root partition).

If you really wanted to, you could put in some effort to work around this, like switching the root partition back to a memory file system (same way you switch from initramfs to the root partition). However getting that right is not easy (you have to obtain, and exec the init process itself, can't be done in an init subscript), and the effort is entirely pointless.
Back to top
View user's profile Send private message
Irom
Tux's lil' helper
Tux's lil' helper


Joined: 07 Oct 2003
Posts: 91
Location: am arsch..

PostPosted: Wed Sep 29, 2010 6:46 pm    Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? Reply with quote

Thanks all for the answers.

I kind of worked around the dm-crypt problem: after configuring /etc/conf.d/dmcrypt I get informational messages that the encrypted volumes are already opened at boot, and gentoo takes care of them at shutdown. I can live with that.

cach0rr0 wrote:
[...] drawing inspiration from the init script used for this on BL2

Actually I didn't consider this, because I've read that baselayout2 is very different to baselayout1. But maybe it will help!

Re: switching back to tmpfs: thinking of it, this seems the only solution... but as frostschutz said, it is too complicated. How do other people solve this?! Looking around the web root on LVM does not seem to be an extravagant idea.

frostschutz wrote:
You're seeing problems where there are none.

I'm seeing an error message where there shouldn't be one ;)
Are you sure that not deactivating the LVM is no problem? I agree that the fs will be OK after "remount,ro", but are there guarantees for the integrity of my logical volumes? It doesn't feel right to me.

Btw, here's my current initramfs, if anybody is interested.
http://apfelboymchen.homeunix.net/gnu/configstuff/initramfs/initramfs.gz

(Edit: typo)
_________________
http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
http://apfelboymchen.net/gnu/
Back to top
View user's profile Send private message
stelardactek
n00b
n00b


Joined: 28 Aug 2005
Posts: 35

PostPosted: Thu Sep 30, 2010 1:29 pm    Post subject: Reply with quote

Thank you, frostschutz. I do hope you're right about this.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2464
Location: Germany

PostPosted: Sat Oct 02, 2010 9:46 pm    Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? Reply with quote

Irom wrote:
Are you sure that not deactivating the LVM is no problem?


Yes. Deactivating does not change anything on the disk. You can easily verify yourself with a spare partition.

Code:

# pvcreate /dev/sdd10
  Physical volume "/dev/sdd10" successfully created
# vgcreate testbed /dev/sdd10
  Volume group "testbed" successfully created
# lvcreate -n foo -L 100m testbed
  Logical volume "foo" created
# lvcreate -n bar -L 50m testbed
  Rounding up size to full physical extent 52.00 MiB
  Logical volume "bar" created
# lvcreate -n foobar -L 50m testbed
  Rounding up size to full physical extent 52.00 MiB
  Logical volume "foobar" created
# lvcreate -n barfoo -L 77m testbed
  Rounding up size to full physical extent 80.00 MiB
  Logical volume "barfoo" created
# vgchange -a y testbed
  4 logical volume(s) in volume group "testbed" now active
# ls /dev/testbed/
bar  barfoo  foo  foobar
# md5sum /dev/sdd10
60be77c23c4503c15a95c8c3c41d868f  /dev/sdd10
# vgchange -a n testbed
  0 logical volume(s) in volume group "testbed" now active
# md5sum /dev/sdd10
60be77c23c4503c15a95c8c3c41d868f  /dev/sdd10


Irom wrote:
Btw, here's my current initramfs, if anybody is interested.


Looks horrible.
Back to top
View user's profile Send private message
Irom
Tux's lil' helper
Tux's lil' helper


Joined: 07 Oct 2003
Posts: 91
Location: am arsch..

PostPosted: Sat Oct 02, 2010 10:32 pm    Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? Reply with quote

frostschutz wrote:

Irom wrote:
Btw, here's my current initramfs, if anybody is interested.


Looks horrible.

Did you un-cpio it? :wink:
_________________
http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
http://apfelboymchen.net/gnu/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum