systemd-cryptsetup fails to create mapper device

Issues related to applications and software problems
Post Reply
coloradosky
Posts: 17
Joined: 2010/01/19 19:50:55

systemd-cryptsetup fails to create mapper device

Post by coloradosky » 2017/09/21 21:53:50

Hi,

I have created an encrypted drive using the following commands:

#>cryptsetup --verify-passphrase -- hash=sha256 --keyfile=/dir/file create testcui /dev/sdb

#>mkfs.ext4 /dev/mapper/testcui

I did this all at single user level. running centos 7 on a VM.

this all works well until I reboot the system and then it fails to mount the device and drops down it to emergency mode. This is the journalctl output I get. ( yeah I know about the acls on the key file ) hence the device name "testcui"

Sep 20 14:19:53 jubilee systemd[1]: Starting Cryptography Setup for /dev/mapper/testcui...
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/li ... temd-devel
--
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is world-readable. This is not a good idea!
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 20 14:19:53 jubilee systemd[1]: Started Forward Password Requests to Plymouth.

What is the invalid argument that it is complaining about?

Once in emergency mode I can :

#>cryptsetup create testcui /dev/sdb

( passcode)

And it continues just fine.

-- crypttab --

# test disk
#
/dev/mapper/testcui /dev/sdb /etc/keys plain

--fstab--
#
# /etc/fstab
# Created by anaconda on Tue Dec 15 12:05:51 2015
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=c4cc85f2-9dbb-4bf8-8b3e-edaa5af3dae9 / xfs defaults 1 1
UUID=2f178edb-b16e-4ea1-85c3-d8243b07a75b /boot xfs defaults 1 2
UUID=a34fac21-a385-494a-a6cc-cae22b87c8c9 swap swap defaults 0 0
/dev/mapper/testcui /cui ext4 defaults 1 2

I need this to prompt for the password at boot time and then complete the boot process without dropping into emergency mode!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: systemd-cryptsetup fails to create mapper device

Post by TrevorH » 2017/09/21 23:36:18

Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is world-readable. This is not a good idea!
Fix that first.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

coloradosky
Posts: 17
Joined: 2010/01/19 19:50:55

Re: systemd-cryptsetup fails to create mapper device

Post by coloradosky » 2017/09/26 18:01:35

Trevor,
The fact that my key file does not have the correct acl's should not affect the fact that systemd-cryptsetup is failing to map my encrypted drive.
The root of the problem is this:
Sep 26 10:11:40 jubilee systemd-cryptsetup[450]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 10:11:48 jubilee systemd-cryptsetup[450]: Failed to activate: Invalid argument

I need to know what "invalid argument" this is looking at.

#
# test disk
#
/dev/mapper/testcui /dev/sdb /etc/keys plain

It would be nice if the systemd 'folks' would step up!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: systemd-cryptsetup fails to create mapper device

Post by TrevorH » 2017/09/26 21:16:57

I need to know what "invalid argument" this is looking at.
I'd hazard a guess that it means your key file is world readable so it's not even trying. Fix that first.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

coloradosky
Posts: 17
Joined: 2010/01/19 19:50:55

Re: systemd-cryptsetup fails to create mapper device

Post by coloradosky » 2017/09/26 21:42:21

thanks, the only problem is that it happens whether the file has the correct acl's or not. That's why I need someone to look at the problem of an "invalid argument".

I have been beating on this on two different systems running the same os for 2 1/2 weeks. It is a systemd problem!

coloradosky
Posts: 17
Joined: 2010/01/19 19:50:55

Re: systemd-cryptsetup fails to create mapper device

Post by coloradosky » 2017/09/26 21:58:03

Trevor,
Just so I can keep going forward, I changed the acl's on the keys file, here is the results:
[root@jubilee ~]# ll /etc/keys
-r-------- 1 root root 30 Sep 20 14:45 /etc/keys
<journalctl>

-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
Sep 26 14:44:58 jubilee systemd-cryptsetup[444]: Failed to activate with key file '/etc/keys': Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Loading of cryptographic parameters failed: Invalid argument
Sep 26 14:45:03 jubilee systemd-cryptsetup[444]: Failed to activate: Invalid argument
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service: main process exited, code=exited, status=1/FAILURE
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has failed.
-- Subject: Unit cryptsetup.target has failed
-- Unit cryptsetup.target has failed.
Sep 26 14:45:03 jubilee systemd[1]: Job cryptsetup.target/start failed with result 'dependency'.
Sep 26 14:45:03 jubilee systemd[1]: Unit systemd-cryptsetup@-dev-mapper-testcui.service entered failed state.
Sep 26 14:45:03 jubilee systemd[1]: systemd-cryptsetup@-dev-mapper-testcui.service failed.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has begun starting up.
Sep 26 14:48:20 jubilee systemd-cryptsetup[893]: Volume /dev/mapper/testcui already active.
-- Subject: Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished start-up
-- Unit systemd-cryptsetup@-dev-mapper-testcui.service has finished starting up.
-- Subject: Unit cryptsetup.target has finished start-up
-- Unit cryptsetup.target has finished starting up.
-- Subject: Unit cryptsetup.target has begun start-up
-- Unit cryptsetup.target has begun starting up.
-------------------------------------------------------------------------------------------------------------

I really appreciate the help. This has been the most "replies" that I have gotten an the 4 different forums I submitted it on. <cudos> to you!
:) :) :)

But it does not answer the problem. :( :(

thanks,

Post Reply