[Bug 1422153] Re: cryptdisk start too late at boot process - disks ignored by zfs mount
Steve Langasek
steve.langasek at canonical.com
Tue Feb 17 17:03:24 UTC 2015
> /usr/bin/add-apt-repository ppa:zfs-native/trusty
The zpool-import job in this package does:
start on ( starting mountall )
And mountall is 'start on startup' - which makes zpool-import the very
first job to run on the system, *including* before udev. If this job
does not correctly handle the underlying disks not yet being available,
then that's entirely a bug in zpool-import.
> Even if ignoring details of zfs: I have booted the machine with nosplash
> to see the boot process messages. Opening these two encrypted disks
> happens very late, almost at the end of boot message. Which means that -
> beyond the zfs problem - regular services and daemons would fail to
> start if they had to access these disks instead of running from the boot
> device.
That's not at all true. The opening of encrypted disks is, at *latest*,
done in /etc/rcS.d, which is called from /etc/init/rc-sysinit.conf
before switching runlevels. And if the devices being mounted are part
of the core filesystem, the rc-sysinit job will be triggered by the
'failsafe-boot' event, with the 'filesystem' event happening only after
the disks have been unlocked and mounted. So both jobs configured to
start on 'filesystem' and jobs configured to start on 'runlevel' will
trigger after /etc/init/cryptdisks.conf.
Now, if the setup of those disks /after/ being decrypted is slow, there
could be a race between 'runlevel' and mounting those disks. (Since
we've been triggered by the 'failsafe-boot', everything at that point is
best-effort.) However, /etc/init/cryptdisks.conf is itself a failsafe
which is not expected to trigger in the normal case, and you haven't
provided any direct evidence that it is being triggered here. All your
problems here are is explained by the fact that zpool-import is run
before mountall and don't cope with newly-discovered devices.
** Changed in: cryptsetup (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1422153
Title:
cryptdisk start too late at boot process - disks ignored by zfs mount
Status in cryptsetup package in Ubuntu:
Invalid
Bug description:
Hi,
I have the following setup:
- System booting from encrypted SSD (luks, btrfs),
- two more hard-disks, both encrypted (luks) and with zfs (that's because the linux version of zfs does not have encrypted, I've therefore put it on two luks-encrypted disks
- encrypted zfs disks have no partition tables, i.e. luks is put directly into sda and sdb.
- luks-key for zfs disks is derived from boot partition using the key-script coming with cryptsetup
Problem:
the system starts these two encrypted disks too late, i.e. through
/etc/init/cryptdisks.conf. The initramfs does not mount them early,
since it mounts only root and resume partitions. /etc/init/cryptdisks-
udev.conf does not seem to detect the disks.
The problem is, that this runs after /etc/init/zpool-import.conf is
triggered and run, thus zfs does not find it's disks when trying to
mount them at boot time.
I can easily start the zfs disks by simply running zfs import
NAMEOFPOOL manually, but that's not the idea, it should be mounted
automatically.
My first guess would be that /etc/init/cryptdisks-udev.conf is not run properly. Maybe that's because the encrypted device is not put in a partition table slice, but directly into /dev/sda and /dev/sdb. Maybe the
start on block-device-added ID_FS_USAGE=crypto
is not triggered.
/sbin/blkid -o udev -p /dev/sda
ID_FS_UUID=af83410f-2b2a-4271-b7ba-1ef5ccdb1bc5
ID_FS_UUID_ENC=af83410f-2b2a-4271-b7ba-1ef5ccdb1bc5
ID_FS_VERSION=1
ID_FS_TYPE=crypto_LUKS
ID_FS_USAGE=crypto
says ID_FS_USAGE is crypto, which seems correct, however, it does not
work.
regards
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cryptsetup 2:1.6.1-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13
Uname: Linux 3.13.0-45-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: XFCE
Date: Sun Feb 15 19:23:12 2015
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab:
sdc3_crypt UUID=cdb53b1b-58d8-4c61-baad-68e7f19b3920 none luks,discard
sdc2_crypt UUID=b800eec1-ec70-44fd-aa17-0cc6dec90a9f sdc3_crypt luks,discard,swap,keyscript=/lib/cryptsetup/scripts/decrypt_derived
sda_crypt UUID=af83410f-2b2a-4271-b7ba-1ef5ccdb1bc5 sdc3_crypt luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
sdb_crypt UUID=5824d863-1bb8-4e56-92f4-7866c7878097 sdc3_crypt luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1422153/+subscriptions
More information about the foundations-bugs
mailing list