systemd cryptsetup not working after kernel upgrade
systemd cryptsetup not working after kernel upgrade
Hi all,
after an upgrade to Centos 7.5 (3.10.0-862.14.4.el7.x86_64) it is not possible to encrypt my luks container with the included root partition (on lvm) on system startup. It is only possible with an older rescue image (3.10.0-327.el7.x86_64).
Following errors occur during system boot:
systemd: Dependency failed for Cryptography Setup for luks-...ID...
systemd: Dependency failed for Local Encrypted Volumes.
systemd: Job cryptsetup.taget/start failed with result 'dependency'.
systemd: Job systemd-cryptsetup@luks\...ID...service/start failed with result 'dependency'.
systemd: Job dev-disk-by\...ID....device/start failed with result 'timeout'.
Installed (maybe relevant) packages:
Updated cryptsetup-1.6.7-1.el7.x86_64 @anaconda
Update 1.7.4-4.el7.x86_64 @base
Updated cryptsetup-libs-1.6.7-1.el7.x86_64 @anaconda
Update 1.7.4-4.el7.x86_64 @base
Updated device-mapper-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-event-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-event-libs-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-libs-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-persistent-data-0.5.5-1.el7.x86_64 @anaconda
Update 0.7.3-3.el7.x86_64 @base
Updated systemd-219-19.el7.x86_64 @anaconda
Update 219-57.el7.x86_64 @base
Updated systemd-libs-219-19.el7.x86_64 @anaconda
Dep-Install systemd-libs-219-57.el7.i686 @base
Update systemd-libs-219-57.el7.x86_64 @base
Updated systemd-sysv-219-19.el7.x86_64 @anaconda
Update 219-57.el7.x86_64 @base
/etc/crypttab:
luks-...ID... UUID=...ID... none
/proc/cmdline (rescue image, same options of the actual kernel options)
BOOT_IMAGE=/vmlinuz-0-rescue-2fbcab4aa18842679257440bf3f685b0 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.luks.uuid=luks-...ID... rd.lvm.lv=centos/swap rhgb quiet
Can someone help?
Thanks
after an upgrade to Centos 7.5 (3.10.0-862.14.4.el7.x86_64) it is not possible to encrypt my luks container with the included root partition (on lvm) on system startup. It is only possible with an older rescue image (3.10.0-327.el7.x86_64).
Following errors occur during system boot:
systemd: Dependency failed for Cryptography Setup for luks-...ID...
systemd: Dependency failed for Local Encrypted Volumes.
systemd: Job cryptsetup.taget/start failed with result 'dependency'.
systemd: Job systemd-cryptsetup@luks\...ID...service/start failed with result 'dependency'.
systemd: Job dev-disk-by\...ID....device/start failed with result 'timeout'.
Installed (maybe relevant) packages:
Updated cryptsetup-1.6.7-1.el7.x86_64 @anaconda
Update 1.7.4-4.el7.x86_64 @base
Updated cryptsetup-libs-1.6.7-1.el7.x86_64 @anaconda
Update 1.7.4-4.el7.x86_64 @base
Updated device-mapper-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-event-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-event-libs-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-libs-7:1.02.107-5.el7.x86_64 @anaconda
Update 7:1.02.146-4.el7.x86_64 @base
Updated device-mapper-persistent-data-0.5.5-1.el7.x86_64 @anaconda
Update 0.7.3-3.el7.x86_64 @base
Updated systemd-219-19.el7.x86_64 @anaconda
Update 219-57.el7.x86_64 @base
Updated systemd-libs-219-19.el7.x86_64 @anaconda
Dep-Install systemd-libs-219-57.el7.i686 @base
Update systemd-libs-219-57.el7.x86_64 @base
Updated systemd-sysv-219-19.el7.x86_64 @anaconda
Update 219-57.el7.x86_64 @base
/etc/crypttab:
luks-...ID... UUID=...ID... none
/proc/cmdline (rescue image, same options of the actual kernel options)
BOOT_IMAGE=/vmlinuz-0-rescue-2fbcab4aa18842679257440bf3f685b0 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.luks.uuid=luks-...ID... rd.lvm.lv=centos/swap rhgb quiet
Can someone help?
Thanks
Last edited by e-Ra on 2018/12/02 18:43:24, edited 1 time in total.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: systemd cryptsetup not working with kernel
I have recently updated a box which has 3 LUKS devices and it decrypts properly on boot.
Do you mean encrypt or decrypt?
What is the output of:
Do you mean encrypt or decrypt?
What is the output of:
Code: Select all
systemctl cat cryptsetup.target
Re: systemd cryptsetup not working with kernel
I believe that you will need to remove rhgb quiet from your kernel command line in order to see the passphrase prompt...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: systemd cryptsetup not working with kernel
I mean decrypt on system startuphunter86_bg wrote: ↑2018/12/02 02:57:23I have recently updated a box which has 3 LUKS devices and it decrypts properly on boot.
Do you mean encrypt or decrypt?
What is the output of:Code: Select all
systemctl cat cryptsetup.target
Code: Select all
systemctl cat cryptsetup.target
# /usr/lib/systemd/system/cryptsetup.target
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: systemd cryptsetup not working after kernel upgrade
Does the UUID in /etc/crypttab match the output of:
cryptsetup luksUUID /luks/device
cryptsetup luksUUID /luks/device
Re: systemd cryptsetup not working after kernel upgrade
hunter86_bg wrote: ↑2018/12/04 10:44:08Does the UUID in /etc/crypttab match the output of:
cryptsetup luksUUID /luks/device
Code: Select all
/etc/crypttab:
luks-...ID... UUID=...ID... none
cryptsetup luksUUID /dev/sda3
...ID...
Is the behavior maybe related to this: https://github.com/systemd/systemd/issues/6381
Re: systemd cryptsetup not working after kernel upgrade
You know uuids are not security sensitive information?
Did you try any of the workarounds/tests listed in that bug report?
Did you try any of the workarounds/tests listed in that bug report?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: systemd cryptsetup not working after kernel upgrade
Our workstation has 3 LUKS devices and I still don't get what is so different from your setup.
I will check the cmd line and try to find the differences.
I will check the cmd line and try to find the differences.
Re: systemd cryptsetup not working after kernel upgrade
Yes, didn't want to copy the letters from the screen.
I tried the 'luks.options=timeout=30s' kernel option without effect.
The other stuff seems to be more arch related.