View previous topic :: View next topic |
Author |
Message |
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Tue Nov 02, 2010 9:35 pm Post subject: Not mounting LVM volumes (inside LUKS) at boot |
|
|
Edit: Changed the partition setup a bit: please read my reply (Sat Nov 06) instead.
decided to use following partition setup:
unencrypted: /boot, /
encrypted: LVM2 container (inside swap, /usr, /var, /home, /usr/portage)
Well.. I understand that it may not be the best (or most logical: having / unencrypted while encrypting /usr), but I thought it may be a bit more simple, safe and less "error prune" than encrypting everything except /boot. Anyway.. that's not the case.
For some reason I'm not getting password prompt at boot. I have configured /etc/conf.d/dmcrypt as following:
Code: | target=encrypted
source='/dev/sda6' |
/dev/sda6 is the correct partition - I'm able to open it manually with cryptsetup luksOpen.
/etc/fstab is following: (although I don't think it matters as no /dev/mapper/... device(s) is created)
Code: |
/dev/sda3 /boot ext2 noauto,noatime 1 2
/dev/sda5 / ext4 noatime 0 1
/dev/mapper/enc-swap none swap sw 0 0
/dev/mapper/enc-var /var reiserfs noatime,notail 0 1
/dev/mapper/enc-usr /usr ext4 noatime 0 1
/dev/mapper/enc-portage /usr/portage reiserfs noatime,nolog 0 1
/dev/mapper/enc-home /home ext4 noatime 0 1
tmpfs /tmp tmpfs size=512M,mode=1777,noatime,nosuid 0 0
proc /proc proc defaults 0 0
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 |
There doesn't seem to be any errors at start-up - at least before system tries to mount /dev/mapper/... volumes. Also LVM seems to start fine, but doesn't find any volumes as the partition isn't decrypted.
Why dmcrypt isn't asking me password? Should I add it somewhere?
Could someone please help me.
PS! Using kernel-genkernel-x86-2.6.36-gentoo
Last edited by Nublet on Sat Nov 06, 2010 7:40 pm; edited 3 times in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Thu Nov 04, 2010 1:45 am Post subject: |
|
|
Encrypting /usr and leaving / exposed seems like a strange choice. Generally, / has more secrets than /usr (root's files, /etc/shadow, and customized configuration files). Your setup is probably one of the more rare designs. Most people who use encryption either restrict the encryption to /home or encrypt everything except /boot.
What is the output of emerge --info? |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Thu Nov 04, 2010 1:46 pm Post subject: |
|
|
Hu wrote: | Encrypting /usr and leaving / exposed seems like a strange choice. Generally, / has more secrets than /usr (root's files, /etc/shadow, and customized configuration files). Your setup is probably one of the more rare designs. Most people who use encryption either restrict the encryption to /home or encrypt everything except /boot. | Good points indeed. Thanks.
Hu wrote: | What is the output of emerge --info? | Here it is:
Code: | Portage 2.1.9.24 (default/linux/x86/10.0/desktop/gnome, gcc-4.4.3, glibc-2.11.2-r0, 2.6.36-gentoo i686)
=================================================================
System uname: Linux-2.6.36-gentoo-i686-Intel-R-_Core-TM-2_Duo_CPU_P8400_@_2.26GHz-with-gentoo-1.12.13
Timestamp of tree: Tue, 02 Nov 2010 16:15:01 +0000
ccache version 2.4 [enabled]
app-shells/bash: 4.1_p7
dev-java/java-config: 2.1.11-r1
dev-lang/python: 2.6.5-r3, 3.1.2-r4
dev-util/ccache: 2.4-r8
dev-util/cmake: 2.8.1-r2
sys-apps/baselayout: 1.12.13
sys-apps/sandbox: 2.3-r1
sys-devel/autoconf: 2.65-r1
sys-devel/automake: 1.11.1
sys-devel/binutils: 2.20.1-r1
sys-devel/gcc: 4.4.3-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool: 2.2.10
sys-devel/make: 3.81-r2
virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
DISTDIR="/var/portage/distfiles"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://trumpetti.atm.tut.fi/gentoo http://gentoo.tups.lv/source http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_GB en et"
MAKEOPTS="-j3"
PKGDIR="/var/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acpi alsa avi bash-completion berkdb bittorrent bluetooth branding bzip2 bzlib cairo cdda cddb cdparanoia cdr cli consolekit cracklib crypt css cups cvs cxx dbus djvu dri dts dvd dvdr eds emboss encode exif fam fbcon ffmpeg firefox flac fontconfig foomaticdb ftp gd gdbm gdu gif gimp gnome gnome-keyring gnutls gphoto2 gpm gstreamer gtk gtk2 hal hardened hddtemp iconv icu ieee1394 imagemagick imap imlib ipv6 irc jadetex java java6 javascript jpeg jpeg2k lame laptop lcms ldap libnotify libsamplerate libwww lm_sensors mad matroska mhash mikmod mime mmx mng modules mp3 mp4 mpeg mplayer msn mudflap nautilus ncurses nls nptl nptlonly offensive ogg opengl openmp pam pango pcmia pcre pdf pdflib perl png policykit ppds pppd python qt3support quicktime raw readline rss samba scanner sdl session smartcard smp speex spell sse sse2 ssl startup-notification subversion svg symlink sysfs tcpd threads tiff truetype udev unicode usb vnc vorbis wav wifi wmf x264 x86 xcb xine xml xmms xorg xscreensaver xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev synaptics keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en et" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fglrx radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS |
|
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sat Nov 06, 2010 1:31 pm Post subject: |
|
|
I decided to do as Hu suggested and reinstalled my system with full encryption except /boot (and Windows partitions). Otherwise the disk setup is the same:
/boot 100M ext2
/dev/sda5 -> LUKS encrypted LVM2 volume that contains: SWAP, /, /var, /usr, /usr/portage, /home partitions (/tmp is tmpfs)
I used Arantius.com guide (and Gentoo Handbook) as reference. Now it asks me for passphrase during the boot and / partition (inside the encrypted LVM this time) is mounted succesfully, but no other partitions. However LVM states that it finds the partitions:
Code: | >> Activating mdev
>> Scanning for Volume Groups
Reading all physical volumes. This may take a while ...
Enter passphrase for /dev/sda5:
>> LUKS device /dev/sda5 opened
>> Scanning for Volume Groups
Reading all physical volumes. This may take a while ...
Found volume group "enc" using metadata type lvm2
>> Activating Volume Groups
6 logical volume(s) in volume group "enc" now active
>> Determining root devices...
>> Mounting root...
>> Booting (initramfs)..
INIT: version 2.88 booting |
What makes it even more weird is that I can't even find LVM device for / (or ofcourse any other partiton) under /dev/mapper. The folder contains only one file: control. If I try manually to decrypt LVM volume and then mount partitions I get this:
Code: |
# cryptsetup luksOpen /dev/sda5 encrypted
Enter passphrase for /dev/sda5:
# vgscan
Reading all physical volumes. This may take a while...
Found duplicate PV XXXXxxxxXXXXxxxXXXXXXXX: using /dev/mapper/encrypted not /dev/dm-0
Found volume group "enc" using metadata type lvm2
# vgchange -a y
Found duplicate PV XXXXxxxxXXXXxxxXXXXXXXX: using /dev/mapper/encrypted not /dev/dm-0
6 logical volume(s) in volume group "enc" now active
# ls -AlF /dev/mapper
crw------- 1 root root 10, 236 Nov 6 15:03 control
lrwxrwxrwx 1 root root 7 Nov 6 15:06 encrypted -> ../dm-7
| No devices created? Also tried mounting partitions by their label (I have set the labels to partitions), but its not succesful either (no such partition found).
Running genkernel-x86-2.6.36-gentoo. I installed it with following options (genkernel.conf was unmodified):
Code: | # genkernel --makeopts="-j3" --symlink --lvm --luks --disklabel --menuconfig --install all |
Code: | Device Drivers --->
[*] Multiple devices driver support (RAID and LVM) --->
<*> Device mapper support
<*> Crypt target support
-*- Cryptographic API --->
*** Digest ***
<*> SHA224 and SHA256 digest algorithm
<*> SHA384 and SHA512 digest algorithms
*** Ciphers ***
<*> AES cipher algorithms |
vgdisplay:
Code: | --- Volume group ---
VG Name enc
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 7
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 6
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 34.91 GiB
PE Size 4.00 MiB
Total PE 8936
Alloc PE / Size 6987 / 27.29 GiB
Free PE / Size 1949 / 7.61 GiB
VG UUID a6Soyk-X28a-Co3a-83fX-Z6G9-vyU0-AuRAf1 |
lvdisplay:
Code: | /dev/mapper/enc-swap: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/swap
VG Name enc
LV UUID 1OSuIN-0GK0-Kupv-LVjy-ATLJ-EP3n-GJsivS
LV Write Access read/write
LV Status NOT available
LV Size 3.50 GiB
Current LE 896
Segments 1
Allocation inherit
Read ahead sectors auto
/dev/mapper/enc-root: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/root
VG Name enc
LV UUID EBQbvT-dT13-qCaj-YSGQ-sJAe-D2yF-3GAt8K
LV Write Access read/write
LV Status NOT available
LV Size 1.00 GiB
Current LE 256
Segments 1
Allocation inherit
Read ahead sectors auto
/dev/mapper/enc-var: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/var
VG Name enc
LV UUID EKTY4Q-7tNl-afzw-wY0s-z7Q1-zW0h-x3xRTy
LV Write Access read/write
LV Status NOT available
LV Size 3.50 GiB
Current LE 896
Segments 1
Allocation inherit
Read ahead sectors auto
/dev/mapper/enc-portage: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/portage
VG Name enc
LV UUID Ynzs6h-oNgU-XFMq-U8jA-LbB6-yXvx-GjBChL
LV Write Access read/write
LV Status NOT available
LV Size 300.00 MiB
Current LE 75
Segments 1
Allocation inherit
Read ahead sectors auto
/dev/mapper/enc-usr: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/usr
VG Name enc
LV UUID tshLLW-oaQH-QyEo-45pm-cFn1-e1Fm-VEbsVo
LV Write Access read/write
LV Status NOT available
LV Size 12.00 GiB
Current LE 3072
Segments 1
Allocation inherit
Read ahead sectors auto
/dev/mapper/enc-home: open failed: No such file or directory
--- Logical volume ---
LV Name /dev/enc/home
VG Name enc
LV UUID HdaF1h-Zgxo-UMjf-n1d6-KIZn-bMho-AYrOCL
LV Write Access read/write
LV Status NOT available
LV Size 7.00 GiB
Current LE 1792
Segments 1
Allocation inherit
Read ahead sectors auto
|
mount:
Code: | rootfs on / type rootfs (rw)
/dev/mapper/enc-root on / type ext4 (rw,noatime,barrier=1,data=ordered)
proc on /proc type proc (rw,relatime)
rc-svcdir on /lib/rc/init.d type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1024k,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
udev on /dev type tmpfs (rw,nosuid,relatime,size=10240k,mode=755)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,noatime,size=512M,mode=1777)
usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid) |
/etc/fstab:
Code: | LABEL=BOOT /boot ext2 noauto,noatime 1 2
LABEL=SWAP none swap sw 0 0
LABEL=ROOT / ext4 noatime 0 1
LABEL=VAR /var reiserfs noatime,notail 0 1
LABEL=USR /usr ext4 noatime 0 1
LABEL=PORTAGE /usr/portage reiserfs noatime,nolog 0 1
LABEL=HOME /home ext4 noatime 0 1
tmpfs /tmp tmpfs size=512M,mode=1777,noatime,nosuid 0 0
proc /proc proc defaults 0 0
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0 |
I have also tried using /dev/mapper/enc-... names instead of labels, but it doesn't make difference.
grub.conf:
Code: | default 0
timeout 30
title Gentoo Linux
root (hd0,2)
kernel /boot/kernel-genkernel-x86-2.6.36-gentoo dolvm init=/linuxrc ramdis=8192 root=/dev/ram0 crypt_root=/dev/sda5 real_root=/dev/mapper/enc-root
initrd /boot/initramfs-genkernel-x86-2.6.36-gentoo
title Windows 7
rootnoverify (hd0,0)
makeactive
chainloader +1 |
emerge --info (I had to boot from the install CD and mount, chroot there to get it as I'm unable to mount the volumes if I boot from the installed system - as stated above):
Code: | Portage 2.1.9.24 (default/linux/x86/10.0/desktop/gnome, gcc-4.4.5, glibc-2.12.1-r3, 2.6.34-gentoo-r6 i686)
=================================================================
System uname: Linux-2.6.34-gentoo-r6-i686-Intel-R-_Core-TM-2_Duo_CPU_P8400_@_2.26GHz-with-gentoo-2.0.1
Timestamp of tree: Thu, 04 Nov 2010 17:15:01 +0000
ccache version 2.4 [enabled]
app-shells/bash: 4.1_p9
dev-java/java-config: 2.1.11-r1
dev-lang/python: 2.6.6-r1, 3.1.2-r4
dev-util/ccache: 2.4-r8
dev-util/cmake: 2.8.1-r2
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc: 0.6.3
sys-apps/sandbox: 2.3-r1
sys-devel/autoconf: 2.68
sys-devel/automake: 1.11.1
sys-devel/binutils: 2.20.1-r1
sys-devel/gcc: 4.4.5
sys-devel/gcc-config: 1.4.1
sys-devel/libtool: 2.2.10
sys-devel/make: 3.82
virtual/os-headers: 2.6.35 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
DISTDIR="/var/portage/distfiles"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://trumpetti.atm.tut.fi/gentoo http://gentoo.tups.lv/source http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_GB en et"
MAKEOPTS="-j3"
PKGDIR="/var/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acpi alsa avi bash-completion berkdb bittorrent bluetooth branding bzip2 bzlib cairo cdda cddb cdparanoia cdr cli consolekit cracklib crypt css cups cvs cxx dbus djvu dri dts dvd dvdr eds emboss encode exif fam fbcon ffmpeg firefox flac fontconfig foomaticdb ftp gd gdbm gdu gif gimp gnome gnome-keyring gnutls gphoto2 gpm gstreamer gtk gtk2 hal hardened hddtemp iconv icu ieee1394 imagemagick imap imlib ipv6 irc java java6 javascript jpeg jpeg2k lame laptop lcms ldap libnotify libsamplerate libwww lm_sensors mad matroska mhash mikmod mime mmx mng modules mp3 mp4 mpeg mplayer msn mudflap nautilus ncurses nls nptl nptlonly offensive ogg opengl openmp pam pango pcmia pcre pdf pdflib perl png policykit ppds pppd python qt3support quicktime raw readline rss samba scanner sdl session smartcard smp speex spell sse sse2 ssl startup-notification subversion svg symlink sysfs tcpd threads tiff truetype udev unicode usb vnc vorbis wav wifi wmf x264 x86 xcb xine xml xmms xorg xscreensaver xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev synaptics keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en et" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fglrx radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS |
Any advice or suggestion is really welcome. I'm so lost here :'(
Thanks in advance. |
|
Back to top |
|
|
jathlon Tux's lil' helper
Joined: 26 Sep 2006 Posts: 89 Location: Canada
|
Posted: Sat Nov 06, 2010 2:05 pm Post subject: Re: dmcrypt not opening volume at boot? |
|
|
Nublet wrote: | Also LVM seems to start fine, but doesn't find any volumes as the partition isn't decrypted. |
Last time I seen this behavior, I had forgot to set the partition type to LVM.
Code: | fdisk -l /dev/sdc
<snip>
Device Boot Start End Blocks Id System
/dev/sdc1 63 976762079 488381008+ 8e Linux LVM
/dev/sdc2 976762080 1953525167 488381544 8e Linux LVM
|
In this case I was lucky and I just went in with fdisk and changed the partitions to type 8e and I didn't have to restore the data.
Just something else that you can double check for yourself.
joe |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sat Nov 06, 2010 3:26 pm Post subject: Re: dmcrypt not opening volume at boot? |
|
|
jathlon wrote: | Last time I seen this behavior, I had forgot to set the partition type to LVM. | Hmm.. my LVM partition is inside LUKS' partition. Should I set LUKS partition (/dev/sda5) type to LVM? I mean .. I don't think there's partition table inside LUKS - at least fdisk tells me that if I try to open /dev/mapper/encrypted (created with cryptsetup luksOpen /dev/sda5 encrypted - while booted from install cd). |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Sat Nov 06, 2010 4:25 pm Post subject: |
|
|
The partition type should not matter here. LVM clearly finds the volumes or it would not be producing so much output from lvdisplay. This looks like a problem triggered by the failure to allocate the expected device nodes. I see that /dev/dm-7 exists. What about lower numbered dm-X nodes?
I have seen reports of some issues recently with some versions of lvm and/or udev interacting in a way that did not set up all the device nodes in their traditional locations. I do not know which package is at fault for this. |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sat Nov 06, 2010 4:57 pm Post subject: |
|
|
Hu wrote: | I see that /dev/dm-7 exists. What about lower numbered dm-X nodes? | There are nodes dm-0 to dm-6 after booting. dm-7 was created when I did "cryptsetup luksOpen ..." manually.
Here's whole output of ls -AlF /dev.
Output of blkid /dev/dm-*:
Code: | /dev/dm-0: UUID="QoMwZY-y03W-r6oZ-SuAI-vEFC-3AGI-eZgENB" TYPE="LVM2_member"
/dev/dm-1: LABEL="SWAP" UUID="f0b2467c-94c6-4f09-8f1e-a901d82b1d2c" TYPE="swap"
/dev/dm-2: LABEL="ROOT" UUID="62dd64e0-5738-4d54-bdab-ffeef6c32bad" TYPE="ext4"
/dev/dm-3: LABEL="VAR" UUID="11bd3088-607d-418a-8ec6-c935b4e3fbdb" TYPE="reiserfs"
/dev/dm-4: LABEL="PORTAGE" UUID="906bcceb-6ae4-4716-b9a5-7cc6d9a13c24" TYPE="reiserfs"
/dev/dm-5: LABEL="USR" UUID="aee31d49-456b-4da2-81d1-d964b324fded" TYPE="ext4"
/dev/dm-6: LABEL="HOME" UUID="02d3a486-8c58-413b-84c8-30cb9b537f9b" TYPE="ext4" |
I suppose I should use those names in /etc/fstab instead? Should everything work then as intended or may it cause problems? I mean even lvdisplay is still trying to access them under /dev/mapper/. Should I manually create symlinks?
PS! Tried mounting /dev/dm-3 and got error:
Code: | # mount -o notail,noatime /dev/dm-3 /var
mount: special device /dev/mapper/enc-var does not exist | Same with other nodes |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Sat Nov 06, 2010 8:24 pm Post subject: |
|
|
That fits with what I expected. For some reason, udev is not creating the /dev/mapper nodes. When the lvm commands create them, they are running in the initramfs. You are then able to mount the root node while in the initramfs, but those nodes are lost after the switch_root. The dm-X nodes are numbered in discovery order, so you should avoid using them in any long term configuration. You might be able to work around this by enabling CONFIG_DEVTMPFS, modifying your initscript to use that for your /dev, and then allowing udev to mount that same devtmpfs when it takes control in the main system. |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sun Nov 07, 2010 4:01 pm Post subject: |
|
|
Hu wrote: | You might be able to work around this by enabling CONFIG_DEVTMPFS, modifying your initscript to use that for your /dev, and then allowing udev to mount that same devtmpfs when it takes control in the main system. | I recompiled kernel with CONFIG_DEVTMPFS and CONFIG_DEVTMPFS_MOUNT and now mount shows that /dev is mounted as devtmpfs (before it was tmpfs), but it still doesn't contain /dev/mapper nodes. Code: | udev on /dev type devtmpfs (rw,nosuid,relatime,size=10249k,nr_inodes=218481,mode=755) | So I suppose I haven't done it right.
You told I should modify the initscript. I suppose it is inside initramfs? Haven't ever nibbled with it tho'. Well.. I suppose I have to do some research then.
Thanks a lot for your suggestions tho'. Would never have figured it out myself.
PS! As I understand it is not intended behaviour? So there is hope for some fix in foreseeable future if I don't manage to get this work around working? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Sun Nov 07, 2010 4:42 pm Post subject: |
|
|
I suggested devtmpfs because it persists across mounts (but not across reboots), so nodes created in a devtmpfs survive being unmounted from the initramfs and remounted in the main system. Thus, if your initramfs had mounted devtmpfs prior to running vgscan, the nodes it created would be there in the main boot process and allow you to boot successfully. The change you need to your initramfs is to ensure that it mounts devtmpfs on /dev before it runs cryptsetup.
I do not know if the behavior you are seeing is intended, but it is not an isolated event. Personally, I consider this behavior undesirable, but it could just be a matter of having some program misconfigured, rather than an actual bug. |
|
Back to top |
|
|
Nublet n00b
Joined: 31 Oct 2010 Posts: 9
|
Posted: Sun Nov 07, 2010 9:41 pm Post subject: |
|
|
Made a custom initramfs with following initscript:
Code: | #!/bin/busybox sh
# Mount the /proc and /sys filesystems.
mount -t proc none /proc
mount -t sysfs none /sys
# Mount /devtmpfs for using USB-Disks
mount -t devtmpfs none /dev
# Open encrypted parition.
cryptsetup luksOpen /dev/sda5 encrypted
# Establish LVM.
lvm vgscan
lvm vgchange -a y
# Mount root.
mount -t ext4 -o noatime /dev/mapper/enc-root /mnt/root
# Bind /dev.
mount -o bind /dev /mnt/root/dev
# Clean up.
#umount /dev
umount /sys
umount /proc
# Boot the real thing.
exec switch_root /mnt/root /sbin/init | Still need to improve it further, but it seems to work. Dunno if using "-o bind" is the best solution, but at least now the nodes are visible in the main system (and mounted according to fstab).
Used following guide and thread to figure it out:
Initramfs - Gentoo Linux Wiki
Gentoo LUKS+LVM init help [solved]
And big thanks to Hu for pointing me in right direction |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21631
|
Posted: Sun Nov 07, 2010 10:17 pm Post subject: |
|
|
Nublet wrote: | Code: | # Bind /dev.
mount -o bind /dev /mnt/root/dev
#umount /dev |
| You could probably remove the bind mount and uncomment the umount. The entire point of pushing you to use devtmpfs is that, unlike a regular tmpfs, it persists its contents across being unmounted and remounted. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|