[Bug 1185512] New: dracut (mkinitrd) does not update /etc/crypttab
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 Bug ID: 1185512 Summary: dracut (mkinitrd) does not update /etc/crypttab Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: Ulrich.Windl@rz.uni-regensburg.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After changing /etc/crypttab and rebuilding initrd, I noticed (after booting) that the system failed to boot as the /etc/inittab in initrd was obsolete: # ll /etc/crypttab; lsinitrd |grep crypttab -rw------- 1 root root 173 Apr 30 18:35 /etc/crypttab -rw------- 1 root root 37 Mar 13 17:02 etc/crypttab Problem caused during boot: 2021-04-29T14:01:30.712242+02:00 localhost systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-7135c231\x2d90f1\x2d4a16\x2daf63\x2d3d7190a1f1c0.device. 2021-04-29T14:01:30.712591+02:00 localhost systemd[1]: Dependency failed for /dev/disk/by-uuid/7135c231-90f1-4a16-af63-3d7190a1f1c0. 2021-04-29T14:01:30.712973+02:00 localhost systemd[1]: dev-disk-by\x2duuid-7135c231\x2d90f1\x2d4a16\x2daf63\x2d3d7190a1f1c0.swap: Job dev-disk-by\x2duuid-7135c231\x2d90f1\x2d4a16\x2daf63\ x2d3d7190a1f1c0.swap/start failed with result 'dependency'. The workaround was to mount the root, add "nofail" to /etc/fstab, them rebuild initrd and reboot. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c2 --- Comment #2 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- Created attachment 849255 --> http://bugzilla.opensuse.org/attachment.cgi?id=849255&action=edit Output of blkid (In reply to Thomas Blume from comment #1)
Could you please attach the output of:
blkid
from your machine?
I'm somewhat unsure what you are trying to find. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(Ulrich.Windl@rz.u | |ni-regensburg.de) | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c4 --- Comment #4 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- (In reply to Thomas Blume from comment #3)
The blkid output shows that none of the devices has the failing uuid: 7135c231-d90f1-d4a16-daf63-d3d7190a1f1c0
The swap device has the uuid:
/dev/mapper/cr-swap-1: LABEL="epage" UUID="a7fcb7d6-d707-421d-8e76-2be487630368" TYPE="swap"
so, it seems that the original swap device with the missing uuid was replaced. Still, that uuid is configured somewhere, maybe as resume boot parameter or in /etc/fstab. Please try to find that uuid and replace it with the UUID of the current swap device from blkid.
Well I or the system did re-create the swap, probably because of option "swap" in crypttab. But still that's not the issue: The issue is that mkinitrd (dracut) does not copy /etc/crypttab into the initrd. As long as you never change devices activated from initrd (root, boot, swap typically) you won't notice. At the moment it looks like this: # ll /etc/crypttab; lsinitrd |grep crypttab -rw------- 1 root root 173 Apr 30 18:35 /etc/crypttab -rw-r--r-- 1 root root 75 Apr 29 08:12 etc/crypttab (See date, size, and permissions) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c6 --- Comment #6 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- (In reply to Thomas Blume from comment #5) ...
Yes, dracut doesn't copy /etc/crypttab, it only parses for the devices needed and writes them into the initrd crypttab.
Thanks for explaing; however I wonder whether that is worth the effort: Is it to save a few bytes, or is it to avoid some problems? Would any devices fount in crypttab be activated through initrd? ...
So, the systems crypttab and the initrd crypttab are not identical. You can double check whether it works correctly, if you add:
set -x
at the beginning of the module-setup.sh file, then run mkinitrd and check the output for the entries written.
With the info given, I could verify that the crypttabs are not conflicting at least: # lsinitrd -f /etc/crypttab >/tmp/a # diff -uw /etc/crypttab /tmp/a --- /etc/crypttab 2021-04-30 18:35:43.643070835 +0200 +++ /tmp/a 2021-05-12 07:56:49.674237743 +0200 @@ -1,4 +1,2 @@ cr-swap-1 /dev/nvme0n1p3 none discard cr-sys-1 /dev/nvme0n1p4 none discard -cr-home /dev/nvme0n1p5 none discard -#cr_swap UUID=b1d64f3d-697e-449c-9cf1-ee03990785ae What still is surprising in comment 0 is that the crypttab in initrd seems older than that from /etc, even after bebuilding initrd. I re-tried: Before: # lsinitrd |grep crypttab -rw-r--r-- 1 root root 75 Apr 29 08:12 etc/crypttab # ll /etc/crypttab -rw------- 1 root root 173 Apr 30 18:35 /etc/crypttab After mkinitrd: # lsinitrd |grep crypttab -rw-r--r-- 1 root root 75 Apr 29 08:12 etc/crypttab Once again, just to verify: # mkinitrd 2>&1 |grep -i crypt dracut: *** Including module: crypt *** # -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c8 --- Comment #8 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- I deleted initrd (symlink and file), then recreated it, but still the /etc/crypttab in initrd is "old": # rm /boot/initrd # rm /boot/initrd-5.3.18-lp152.72-default # mkinitrd Creating initrd: /boot/initrd-5.3.18-lp152.72-default dracut: Executing: /usr/bin/dracut --logfile /var/log/YaST2/mkinitrd.log --force /boot/initrd-5.3.18-lp152.72-default 5.3.18-lp152.72-default ... dracut: *** Creating initramfs image file '/boot/initrd-5.3.18-lp152.72-default' done *** # lsinitrd |grep crypttab -rw-r--r-- 1 root root 75 Apr 29 08:12 etc/crypttab # ll /etc/crypttab -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c9 --- Comment #9 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- Sorry, the last line in comment 8 is missing: # ll /etc/crypttab -rw------- 1 root root 173 Apr 30 18:35 /etc/crypttab -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1185512 http://bugzilla.opensuse.org/show_bug.cgi?id=1185512#c18 --- Comment #18 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- Why would keeping the original time stamp (using touch -r in code of comment #5) make the image non reproducible? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com