[Bug 1267225] [NEW] initramfs in cloud-images does not contain crypt modules

Scott Moser smoser at ubuntu.com
Wed Jan 8 19:44:41 UTC 2014


Public bug reported:

overlayroot with crypt seems busted at the moment in trusty cloud images.
To show this:
1.) boot an image
  I booted us-east-1/ebs/ubuntu-trusty-daily-amd64-server-20140108 (ami-ef665086) as an m1.small on amazon with:
  euca-run-instances -t m1.small ami-ef665086

 2.) configure overlayroot
  echo "overlayroot='crypt:dev=xvdb'" | sudo tee -a /etc/overlayroot.conf
 3.) reboot

You expect to be booted into crypt overlayroot, but you wont be.

Further investigation shows the following in /dev/.initramfs/overlayroot.log:
| /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.local.conf set cfgdisk='LABEL=OROOTCFG'
| get_cfg(LABEL=OROOTCFG): not present
| fstype=ext4 pass= mapname=secure
| mkfs=1 dev=/dev/xvdb timeout=0
| [warning]: setting up new luks device at /dev/xvdb
| [failure]: luksFormat /dev/xvdb failed
| [failure]: failed setup crypt for crypt:dev=xvdb (per /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.conf)

Then, console output shows:


| Warning: overlayroot: setting up new luks device at /dev/xvdb
| 6 bytes were erased at offset 0x0 (crypto_LUKS)
| they were: 4c 55 4b 53 ba be
| [57432116.935753] device-mapper: table: 252:0: crypt: Error allocating crypto tfm
| [57432116.935767] device-mapper: ioctl: error adding target to table
| device-mapper: reload ioctl on temporary-cryptsetup-171 failed: No such file or directory
| Failed to open temporary keystore device.
| device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
| device-mapper: reload ioctl on temporary-cryptsetup-171 failed: No such device or address
| device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
| device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
| device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
| device-mapper: remove ioctl on temporary-cryptsetup-171 failed: No such device or address
| Failure: overlayroot: luksFormat /dev/xvdb failed
| Failure: overlayroot: failed setup crypt for crypt:dev=/dev/xvdb (per /dev/disk/by-label/cloudimg-rootfs/etc/overlayroot.conf)
| done.


The root of the problem seems to be that initramfs is stale, or for some reason does not contain necessary crypt modules.  Running 'update-initramfs -u' will fix this problem.

See the diff between the shipped version of initramfs and the newly
updated one.

--- list.orig  2014-01-08 19:34:30.517630999 +0000
+++ list.new   2014-01-08 19:34:18.313630999 +0000
@@ -1,4 +1,4 @@
-$ lsinitramfs /boot/initrd.img-3.12.0-7-generic.orig | sort > list.orig
+$ lsinitramfs /boot/initrd.img-3.12.0-7-generic | sort > list.new
 .
 bin
 bin/busybox
@@ -29,7 +29,7 @@
 bin/sha512sum
 bin/sleep
 bin/udevadm
-/boot/initrd.img-3.12.0-7-generic.orig
+/boot/initrd.img-3.12.0-7-generic
 conf
 conf/arch.conf
 conf/conf.d
@@ -73,7 +73,17 @@
 lib/modules
 lib/modules/3.12.0-7-generic
 lib/modules/3.12.0-7-generic/kernel
+lib/modules/3.12.0-7-generic/kernel/arch
+lib/modules/3.12.0-7-generic/kernel/arch/x86
+lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto
+lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/ablk_helper.ko
+lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/aesni-intel.ko
+lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/aes-x86_64.ko
+lib/modules/3.12.0-7-generic/kernel/arch/x86/crypto/glue_helper.ko
 lib/modules/3.12.0-7-generic/kernel/crypto
+lib/modules/3.12.0-7-generic/kernel/crypto/cryptd.ko
+lib/modules/3.12.0-7-generic/kernel/crypto/gf128mul.ko
+lib/modules/3.12.0-7-generic/kernel/crypto/lrw.ko
 lib/modules/3.12.0-7-generic/kernel/crypto/xor.ko
 lib/modules/3.12.0-7-generic/kernel/drivers
 lib/modules/3.12.0-7-generic/kernel/drivers/ata

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: overlayroot 0.21ubuntu2
ProcVersionSignature: User Name 3.12.0-7.15-generic 3.12.4
Uname: Linux 3.12.0-7-generic x86_64
ApportVersion: 2.12.7-0ubuntu6
Architecture: amd64
Date: Wed Jan  8 19:35:58 2014
Ec2AMI: ami-ef665086
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1e
Ec2InstanceType: m1.small
Ec2Kernel: aki-88aa75e1
Ec2Ramdisk: unavailable
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cloud-initramfs-tools
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.overlayroot.conf: 2014-01-08T18:53:17.189849

** Affects: cloud-initramfs-tools (Ubuntu)
     Importance: High
         Status: Confirmed


** Tags: amd64 apport-bug cloud-images cloud-images-build ec2-images trusty

** Changed in: cloud-initramfs-tools (Ubuntu)
       Status: New => Confirmed

** Changed in: cloud-initramfs-tools (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1267225

Title:
  initramfs in cloud-images does not contain crypt modules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1267225/+subscriptions



More information about the Ubuntu-server-bugs mailing list