View previous topic :: View next topic |
Author |
Message |
Irom Tux's lil' helper
Joined: 07 Oct 2003 Posts: 95 Location: am arsch..
|
Posted: Sun Sep 12, 2010 7:59 pm Post subject: How to shut down initramfs-activated dm-crypt volumes? |
|
|
Hi,
my setup: I have 13 logical volumes: 3 are unencrypted (/boot/, /usr/, /usr/portage/), the rest are encrypted.
"/" is an encrypted volume too, so I made an initramfs.
I don't have to type 10 passwords during boot, the initramfs luksOpen's all volumes with the same password, that I only have to type once.
Gentoo isn't involved in bringing up the encrypted volumes, and therefore doesn't know about them. This works fine during boot, but on shutdown my problems begin:
- Where to luksClose?
- the only possibility that I found to do my own luksClose was overwriting /lib/rcscripts/addons/dm-crypt-stop.sh. Not the best solution, because I would have to take care that the file never gets overwritten. Writing an init.d-script didn't work, because there is no way to run it after umount, but before lvm-stop.sh AFAICT.
- /etc/conf.d/dmcrypt doesn't work, because I only need gentoo to *stop* the volumes
- Gentoo can't stop LVM/RAID
- /lib/rcscripts/addons/lvm-stop.sh is not able to stop the volume group (can't deactivate volume group"), because the encrypted root ist still active.
- the vgchange command (/sbin/lvchange --config "${config}" --sysinit -a ln ${VGS}) used in /lib/rcscripts/addons/lvm-stop.sh results in "node ... was not removed by udev. Falling back to direct node removal". udev ist still running at this point. The activation in initramfs works fine, without any error messages.
Can anybody nudge me in the right direction how to deactivate dm-crypt volumes during shutdown in baselayout1?
Or maybe there is a better way to do this? I don't want to do RAID -> fdisk -> dm-crypt -> lvm, because that seems very inflexible. I don't want to use genkernel or /etc/conf.d/dmcrypt, because (I guess) it doesn't allow me to decrypt all volumes with a single password prompt. I don't want to use key files, because I don't want to store the keys on disk. _________________ http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
https://apfelboymchen.net/gnu/ |
|
Back to top |
|
|
stelardactek n00b
Joined: 28 Aug 2005 Posts: 45
|
Posted: Wed Sep 29, 2010 8:41 am Post subject: |
|
|
I actually have a similar problem. I'm not using encryption, but I have the same issue with /lib/rcscripts/addons/lvm-stop.sh trying (and failing) to deactivate the volume group at shutdown because the root LV is still active (and cannot be deactivated because / is still mounted).
I'm thinking the way to properly unmount and deactivate the root LV is to have the system mount a RAM FS at shutdown and swap to that. But I don't know how to go about doing that, or how to get lvm-stop.sh to give an unsightly error message when it tries to do that too early... |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Wed Sep 29, 2010 8:50 am Post subject: |
|
|
I'd be happy if I got an initramfs that actually worked for crypt-root. Every attempt I've made has failed. Got it working years ago, no idea how I did it =/
</unhelpful off-topic reply>
The only thing I could possibly suggest, which is likely an idea you've had already as you mention your BL version, is drawing inspiration from the init script used for this on BL2. No idea how it would handle root unfortunately. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Wed Sep 29, 2010 6:14 pm Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? |
|
|
You're seeing problems where there are none. luksClose and deactivating LVM do not actually write anything on disk, they just remove the kernel resources that allow access to the mapped devices. The same thing will happen anyway when you shutdown / reboot, so you can just skip that step entirely. What your system already should do is remount the root partition read-only during shutdown; once that's done, all physical write operations are done too, and it's safe to cut power at that point. Strictly speaking, you could remove lvm-stop.sh entirely since all it does is waste time. It's still good to have it though so it can show error messages if there is actually something really wrong with your setup (like when there's something still mounted that shouldn't be - can't be helped for the root partition).
If you really wanted to, you could put in some effort to work around this, like switching the root partition back to a memory file system (same way you switch from initramfs to the root partition). However getting that right is not easy (you have to obtain, and exec the init process itself, can't be done in an init subscript), and the effort is entirely pointless. |
|
Back to top |
|
|
Irom Tux's lil' helper
Joined: 07 Oct 2003 Posts: 95 Location: am arsch..
|
Posted: Wed Sep 29, 2010 6:46 pm Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? |
|
|
Thanks all for the answers.
I kind of worked around the dm-crypt problem: after configuring /etc/conf.d/dmcrypt I get informational messages that the encrypted volumes are already opened at boot, and gentoo takes care of them at shutdown. I can live with that.
cach0rr0 wrote: | [...] drawing inspiration from the init script used for this on BL2 |
Actually I didn't consider this, because I've read that baselayout2 is very different to baselayout1. But maybe it will help!
Re: switching back to tmpfs: thinking of it, this seems the only solution... but as frostschutz said, it is too complicated. How do other people solve this?! Looking around the web root on LVM does not seem to be an extravagant idea.
frostschutz wrote: | You're seeing problems where there are none. |
I'm seeing an error message where there shouldn't be one ;)
Are you sure that not deactivating the LVM is no problem? I agree that the fs will be OK after "remount,ro", but are there guarantees for the integrity of my logical volumes? It doesn't feel right to me.
Btw, here's my current initramfs, if anybody is interested.
http://apfelboymchen.homeunix.net/gnu/configstuff/initramfs/initramfs.gz
(Edit: typo) _________________ http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
https://apfelboymchen.net/gnu/ |
|
Back to top |
|
|
stelardactek n00b
Joined: 28 Aug 2005 Posts: 45
|
Posted: Thu Sep 30, 2010 1:29 pm Post subject: |
|
|
Thank you, frostschutz. I do hope you're right about this. |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Sat Oct 02, 2010 9:46 pm Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? |
|
|
Irom wrote: | Are you sure that not deactivating the LVM is no problem? |
Yes. Deactivating does not change anything on the disk. You can easily verify yourself with a spare partition.
Code: |
# pvcreate /dev/sdd10
Physical volume "/dev/sdd10" successfully created
# vgcreate testbed /dev/sdd10
Volume group "testbed" successfully created
# lvcreate -n foo -L 100m testbed
Logical volume "foo" created
# lvcreate -n bar -L 50m testbed
Rounding up size to full physical extent 52.00 MiB
Logical volume "bar" created
# lvcreate -n foobar -L 50m testbed
Rounding up size to full physical extent 52.00 MiB
Logical volume "foobar" created
# lvcreate -n barfoo -L 77m testbed
Rounding up size to full physical extent 80.00 MiB
Logical volume "barfoo" created
# vgchange -a y testbed
4 logical volume(s) in volume group "testbed" now active
# ls /dev/testbed/
bar barfoo foo foobar
# md5sum /dev/sdd10
60be77c23c4503c15a95c8c3c41d868f /dev/sdd10
# vgchange -a n testbed
0 logical volume(s) in volume group "testbed" now active
# md5sum /dev/sdd10
60be77c23c4503c15a95c8c3c41d868f /dev/sdd10
|
Irom wrote: | Btw, here's my current initramfs, if anybody is interested. |
Looks horrible. |
|
Back to top |
|
|
Irom Tux's lil' helper
Joined: 07 Oct 2003 Posts: 95 Location: am arsch..
|
Posted: Sat Oct 02, 2010 10:32 pm Post subject: Re: How to shut down initramfs-activated dm-crypt volumes? |
|
|
frostschutz wrote: |
Irom wrote: | Btw, here's my current initramfs, if anybody is interested. |
Looks horrible. |
Did you un-cpio it? _________________ http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
https://apfelboymchen.net/gnu/ |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|