Hi,
I have created an encrypted drive using the following commands:
#>cryptsetup --verify-passphrase -- hash=sha256 --keyfile=/dir/file create testcui /dev/sdb
#>mkfs.ext4 /dev/mapper/testcui
I did this all at single user level. running centos 7 on a VM.
this all works well until I reboot the system and then it fails to mount the device and drops down it to emergency mode. This is the journalctl output I get. ( yeah I know about the acls on the key file ) hence the device name "testcui"
Sep 20 14:19:53 jubilee systemd[1]: Starting Cryptography Setup for /dev/mapper/testcui...
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is world-readable. This is not a good idea!
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 20 14:19:53 jubilee systemd[1]: Started Forward Password Requests to Plymouth.
What is the invalid argument that it is complaining about?
Once in emergency mode I can :
#>cryptsetup create testcui /dev/sdb
( passcode)
And it continues just fine.
-- crypttab --
# test disk
#
/dev/mapper/testcui /dev/sdb /etc/keys plain
--fstab--
#
# /etc/fstab
# Created by anaconda on Tue Dec 15 12:05:51 2015
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=c4cc85f2-9dbb-4bf8-8b3e-edaa5af3dae9 / xfs defaults 1 1
UUID=2f178edb-b16e-4ea1-85c3-d8243b07a75b /boot xfs defaults 1 2
UUID=a34fac21-a385-494a-a6cc-cae22b87c8c9 swap swap defaults 0 0
/dev/mapper/testcui /cui ext4 defaults 1 2
I need this to prompt for the password at boot time and then complete the boot process without dropping into emergency mode!
systemd-cryptsetup fails to create mapper device
-
- Posts: 17
- Joined: 2010/01/19 19:50:55
Re: systemd-cryptsetup fails to create mapper device
Fix that first.Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is world-readable. This is not a good idea!
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 17
- Joined: 2010/01/19 19:50:55
Re: systemd-cryptsetup fails to create mapper device
Trevor,
The fact that my key file does not have the correct acl's should not affect the fact that systemd-cryptsetup is failing to map my encrypted drive.
The root of the problem is this:
Sep 26 10:11:40 jubilee systemd-cryptsetup[450]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Failed to activate: Invalid argument
I need to know what "invalid argument" this is looking at.
#
# test disk
#
/dev/mapper/testcui /dev/sdb /etc/keys plain
It would be nice if the systemd 'folks' would step up!
The fact that my key file does not have the correct acl's should not affect the fact that systemd-cryptsetup is failing to map my encrypted drive.
The root of the problem is this:
Sep 26 10:11:40 jubilee systemd-cryptsetup[450]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Failed to activate: Invalid argument
I need to know what "invalid argument" this is looking at.
#
# test disk
#
/dev/mapper/testcui /dev/sdb /etc/keys plain
It would be nice if the systemd 'folks' would step up!
Re: systemd-cryptsetup fails to create mapper device
I'd hazard a guess that it means your key file is world readable so it's not even trying. Fix that first.I need to know what "invalid argument" this is looking at.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 17
- Joined: 2010/01/19 19:50:55
Re: systemd-cryptsetup fails to create mapper device
thanks, the only problem is that it happens whether the file has the correct acl's or not. That's why I need someone to look at the problem of an "invalid argument".
I have been beating on this on two different systems running the same os for 2 1/2 weeks. It is a systemd problem!
I have been beating on this on two different systems running the same os for 2 1/2 weeks. It is a systemd problem!
-
- Posts: 17
- Joined: 2010/01/19 19:50:55
Re: systemd-cryptsetup fails to create mapper device
Trevor,
Just so I can keep going forward, I changed the acl's on the keys file, here is the results:
[root@jubilee ~]# ll /etc/keys
-r-------- 1 root root 30 Sep 20 14:45 /etc/keys
<journalctl>
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Failed to activate: Invalid argument
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service: main process exited, code=exited, status=1/FAILURE
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed.
-- Subject: Unit cryptsetup.target has failed
-- Unit cryptsetup.target has failed.
Sep 26 14:45:03 jubilee systemd[1]: Job cryptsetup.target/start failed with result 'dependency'.
Sep 26 14:45:03 jubilee systemd[1]: Unit systemd-cryptsetup@-dev-mapper-testcui.service entered failed state.
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service failed.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:48:20 jubilee systemd-cryptsetup[893]: Volume /dev/mapper/testcui already active.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished starting up.
-- Subject: Unit cryptsetup.target has finished start-up
-- Unit cryptsetup.target has finished starting up.
-- Subject: Unit cryptsetup.target has begun start-up
-- Unit cryptsetup.target has begun starting up.
-------------------------------------------------------------------------------------------------------------
I really appreciate the help. This has been the most "replies" that I have gotten an the 4 different forums I submitted it on. <cudos> to you!
But it does not answer the problem.
thanks,
Just so I can keep going forward, I changed the acl's on the keys file, here is the results:
[root@jubilee ~]# ll /etc/keys
-r-------- 1 root root 30 Sep 20 14:45 /etc/keys
<journalctl>
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Failed to activate: Invalid argument
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service: main process exited, code=exited, status=1/FAILURE
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed.
-- Subject: Unit cryptsetup.target has failed
-- Unit cryptsetup.target has failed.
Sep 26 14:45:03 jubilee systemd[1]: Job cryptsetup.target/start failed with result 'dependency'.
Sep 26 14:45:03 jubilee systemd[1]: Unit systemd-cryptsetup@-dev-mapper-testcui.service entered failed state.
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service failed.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:48:20 jubilee systemd-cryptsetup[893]: Volume /dev/mapper/testcui already active.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished starting up.
-- Subject: Unit cryptsetup.target has finished start-up
-- Unit cryptsetup.target has finished starting up.
-- Subject: Unit cryptsetup.target has begun start-up
-- Unit cryptsetup.target has begun starting up.
-------------------------------------------------------------------------------------------------------------
I really appreciate the help. This has been the most "replies" that I have gotten an the 4 different forums I submitted it on. <cudos> to you!
But it does not answer the problem.
thanks,