after kernel update dracut/clevis cannot unlock drive on boot time

General support questions
Post Reply
faramirza
Posts: 27
Joined: 2019/03/19 12:13:28

after kernel update dracut/clevis cannot unlock drive on boot time

Post by faramirza » 2019/03/25 12:12:47

Hi,

I updated Centos 7.6 to the latest kernel, 3.10.0-957.5.1.el7.x86_64. After doing so I see that dracut_initqueue cannot connect to the Tang server anymore. Not sure where to start. If I boot the older kernel I have no problems.

Code: Select all

$ uname -r
3.10.0-957.5.1.el7.x86_64

What I see when the device boots up the main issue seems:
Error: inet address is expected rather than "2.37.1.". Why is dracut reading the IP in reverse? This does not seem to be the issue though as when I boot with an older kernel the drive gets unlocked automatically and boots up correctly while showing the previous error.

Code: Select all

[ OK ] Reached target Paths.
[ OK ] Started Forward Password Requests to Plymouth Directory Watch.
Mounting Configuration File System...
[ OK ] Mounted Configuration File System.
[ OK 1 Found device /dev/disk/by-uuid/fc...885651e9 .
Starting Cryptography Setup for luks-fc...885651e9. . .
[ 4.382545] dracut-initqueue[363]: RTNETLINK answers: File exists
[ 4.671054] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 5.289608] dracut-initqueue[363]: Error: inet address is expected rather than "2.37.1.".
[ 5.313995] dracut-initqueue[363]: vusr/bin/snc: line 11: exec: ncat: not found
[ 5.436777] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 6.052918] dracut-initqueue[3631]: vusr/bin/nc: line 11: exec: ncat: not found
[ 6.670685] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 7.288132] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 7.984676] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 8.521897] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 9.140044] dracut-initqueue[363]: vusr/bin/nc: line 11: exec: ncat: not found
[ 9.760030] dracut-initqueue[363]: vusr/bin/snc: line 11: exec: ncat: not found
[10 .377169] dracut-initqueue(363]: /usr/bin/nc: line 11: exec: ncat: not found
After some tinkering it got worse:

Code: Select all

Starting Cryptography Setup for luks-fc...5651e9. . .
[ OK ] Started Forward Password Requests to Plymouth.
[ 2.3129181 dracut-initqueue[38@]: RTNETLINK answers: Network is unreachable
Please enter passphrase for disk luks-fc...5651e9! :[  4.455311) dracut-initqueue[380]: /usr/bin/nc: 1ine 11: exec: ncat: not found
[ 4.4886251 dracut-initqueue[38@]: RTNETLINK answers: File exists
[ 4.5995981 dracut-initqueue[380]: /usr/bin/nc: line 11: exec: ncat: not found
[ 5.2264201 dracut-initqueue[3801]: /usr/bin/nc: line 11: exec: ncat: not found
[ 5.8400321 dracut-initqueue[380]: /usr/bin/snc: line 11: exec: ncat: not found
[ 6.4592981 dracut-initqueue[380]: /usr/bin/nc: line 11: exec: ncat: not found
[ 7.6788871 dracut-initqueue[380]: /usr/binvnc: line 11: exec: ncat: not found
[ 7.6968921 dracut-initqueue[380]: /usr/bin/nc: line 11: exec: ncat: not found
[ 8.314441] dracut-initqueue(3801: /usr/bin/nc: line 11: exec: ncat: not found
[ 8.929760] dracut-initqueve[388]: /usr/bin/nc: line 11: exec: ncat: not found
[ 9.545918] dracut-initqueue[380]: /usr/bin/snc: line 11: exec: ncat: not found
[ 10.1629271 dracut-initqueue(380]: /usr/binync: line 11: exec: ncat: not found
[ 16.7807121 dracut-initqueuve[380]: /usr/binvnc: line 11: exec: ncat: not found
[ 11.3970431 dracut-initqueuve[380]: /usr/binync: line 11: exec: ncat: not found
[ 12.6150291 dracut-initqueuve[380]: /usr/binvnc: line 11: exec: ncat: not found
[ 12.6332911 dracut-initqueuve[380]: /usr/binync: line 11: exec: ncat: not found
[ 13.2497221 dracut-initqueuve[380]: /usr/binvnc: line 11: exec: ncat: not found
[ 13.8674481 dracut-initqueuve[380]: /usr/binync: line 11: exec: ncat: not found
[ 14.4868031 dracut-initqueue[380]: /usr/binync: line 11: exec: ncat: not found
Attachments
error_0.jpg
error_0.jpg (148.13 KiB) Viewed 1821 times
error_1.jpg
error_1.jpg (126.94 KiB) Viewed 1830 times

faramirza
Posts: 27
Joined: 2019/03/19 12:13:28

Re: after kernel update dracut/clevis cannot unlock drive on boot time

Post by faramirza » 2019/03/25 12:57:51

As a temporary resort I uninstalled the new kernel (3.10.0-957.10.1) and booting up with the previous (3.10.0-957.5.1.el7.x86_64) without issues.

faramirza
Posts: 27
Joined: 2019/03/19 12:13:28

Re: after kernel update dracut/clevis cannot unlock drive on boot time

Post by faramirza » 2019/04/01 05:41:35

I can confirm this is an issue. Updated another server to the same kernel and it was also not able to automatically boot up anymore.

shoughton
Posts: 1
Joined: 2019/05/07 20:40:50

Re: after kernel update dracut/clevis cannot unlock drive on boot time

Post by shoughton » 2019/05/07 20:49:33

Seconding this as an issue. Have a Tang/Clevis setup that works fine on kernel version 3.10.0-957.el7.x86_64. When updating to 3.10.0-957.10.el7.x86_64 the NBDE pre-boot authentication breaks. Same issue on 3.10.0-957.12.1.el7.x86_64.

Works fine by either selecting 3.10.0-957.el7.x86_64 as the kernel option in Grub or removing the 2 mentioned kernel packages.

Is there a specific way of compiling the kernel that is necessary with this or can we claim theres an incompatibility with certain kernel versions?

faramirza
Posts: 27
Joined: 2019/03/19 12:13:28

Re: after kernel update dracut/clevis cannot unlock drive on boot time

Post by faramirza » 2020/02/13 07:17:47

Hi,
Did you by any chance use the Atomic repo and updated netcat from that repo?

Post Reply