[Bug 1267225] Re: initramfs in cloud-images does not contain crypt modules

Scott Moser smoser at ubuntu.com
Thu Feb 6 08:09:15 UTC 2014 

** No longer affects: cryptsetup (Ubuntu)

** Also affects: cloud-initramfs-tools (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Changed in: cloud-initramfs-tools (Ubuntu Saucy)
       Status: New => Confirmed

** Changed in: cloud-initramfs-tools (Ubuntu Saucy)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1267225

Title:
  initramfs in cloud-images does not contain crypt modules

Status in “cloud-initramfs-tools” package in Ubuntu:
  Fix Released
Status in “cloud-initramfs-tools” source package in Saucy:
  Confirmed

Bug description:
  overlayroot with crypt seems busted at the moment in trusty cloud images.
  To show this:
  1.) boot an image
    I booted us-east-1/ebs/ubuntu-trusty-daily-amd64-server-20140108 (ami-ef665086) as an m1.small on amazon with:
    euca-run-instances -t m1.small ami-ef665086

   2.) configure overlayroot
    echo "overlayroot='crypt:dev=xvdb'" | sudo tee -a /etc/overlayroot.conf
   3.) reboot

  You expect to be booted into crypt overlayroot, but you wont be.

  Further investigation shows the following in /dev/.initramfs/overlayroot.log:
  | /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.local.conf set cfgdisk='LABEL=OROOTCFG'
  | get_cfg(LABEL=OROOTCFG): not present
  | fstype=ext4 pass= mapname=secure
  | mkfs=1 dev=/dev/xvdb timeout=0
  | [warning]: setting up new luks device at /dev/xvdb
  | [failure]: luksFormat /dev/xvdb failed
  | [failure]: failed setup crypt for crypt:dev=xvdb (per /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.conf)

  Then, console output shows:

  
  | Warning: overlayroot: setting up new luks device at /dev/xvdb
  | 6 bytes were erased at offset 0x0 (crypto_LUKS)
  | they were: 4c 55 4b 53 ba be
  | [57432116.935753] device-mapper: table: 252:0: crypt: Error allocating crypto tfm
  | [57432116.935767] device-mapper: ioctl: error adding target to table
  | device-mapper: reload ioctl on temporary-cryptsetup-171 failed: No such file or directory
  | Failed to open temporary keystore device.
  | device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
  | device-mapper: reload ioctl on temporary-cryptsetup-171 failed: No such device or address
  | device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
  | device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
  | device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
  | device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
  | Failure: overlayroot: luksFormat /dev/xvdb failed
  | Failure: overlayroot: failed setup crypt for crypt:dev=/dev/xvdb (per /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.conf)
  | done.

  
  The root of the problem seems to be that initramfs is stale, or for some reason does not contain necessary crypt modules.  Running 'update-initramfs -u' will fix this problem.

  See the diff between the shipped version of initramfs and the newly
  updated one.

  --- list.orig  2014-01-08 19:34:30.517630999 +0000
  +++ list.new   2014-01-08 19:34:18.313630999 +0000
  @@ -1,4 +1,4 @@
  -$ lsinitramfs /boot/initrd.img-3.12.0-7-generic.orig | sort > list.orig
  +$ lsinitramfs /boot/initrd.img-3.12.0-7-generic | sort > list.new
   .
   bin
   bin/busybox
  @@ -29,7 +29,7 @@
   bin/sha512sum
   bin/sleep
   bin/udevadm
  -/boot/initrd.img-3.12.0-7-generic.orig
  +/boot/initrd.img-3.12.0-7-generic
   conf
   conf/arch.conf
   conf/conf.d
  @@ -73,7 +73,17 @@
   lib/modules
   lib/modules/3.12.0-7-generic
   lib/modules/3.12.0-7-generic/kernel
  +lib/modules/3.12.0-7-generic/kernel/arch
  +lib/modules/3.12.0-7-generic/kernel/arch/x86
  +lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto
  +lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/ablk_helper.ko
  +lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/aesni-intel.ko
  +lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/aes-x86_64.ko
  +lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/glue_helper.ko
   lib/modules/3.12.0-7-generic/kernel/crypto
  +lib/modules/3.12.0-7-generic/kernel/crypto/cryptd.ko
  +lib/modules/3.12.0-7-generic/kernel/crypto/gf128mul.ko
  +lib/modules/3.12.0-7-generic/kernel/crypto/lrw.ko
   lib/modules/3.12.0-7-generic/kernel/crypto/xor.ko
   lib/modules/3.12.0-7-generic/kernel/drivers
   lib/modules/3.12.0-7-generic/kernel/drivers/ata

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: overlayroot 0.21ubuntu2
  ProcVersionSignature: User Name 3.12.0-7.15-generic 3.12.4
  Uname: Linux 3.12.0-7-generic x86_64
  ApportVersion: 2.12.7-0ubuntu6
  Architecture: amd64
  Date: Wed Jan  8 19:35:58 2014
  Ec2AMI: ami-ef665086
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-1e
  Ec2InstanceType: m1.small
  Ec2Kernel: aki-88aa75e1
  Ec2Ramdisk: unavailable
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: cloud-initramfs-tools
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.overlayroot.conf: 2014-01-08T18:53:17.189849

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1267225/+subscriptions

More information about the foundations-bugs mailing list