dracut 005 question

dracut 005 question

[jaivuk]

Hello guys,

I use Fedora 13, dracut 005, I have encrypted root and I tried to have
crypto key on my USB stick working.
After some modifications to dracut, I'm almost done, however I have
one last issue:

My root partition and other partitions on the same lvm group mount
fine, but my second volume group (vg3) is not OK:
My root partition is configured like that:
md raid -> luks1 -> LVM vg2 -> filesystem

My second volume group:
LVM vg3 -> luks2 -> filesystem

I use the same key for both partitions and  I use rd_LUKS_KEYDEV_UUID
kernel parameter for all my luks partitions and I know all are mounted
successfully by dracut - all partitions are present in the /dev/mapper
in dracut - I tested that.
(I also tested that cryptsetup luksOpen returns zero in dracut for all
partitions - this is OK as well)
The issue is that when init process starts, for some reason luks2
partition on vg3 is not present in the /dev/mapper (however vg2 on
luks1 is OK).

I also tried to specify all partitions into rd_LVM_LV arguments, but
it did not help either.

Do you please have any hint how can I force dracut to pass all
partitions from the /dev/mapper to the init process or where do you
think the issue can be?
I also know I can create a workaround and change init script to mount
addtional partition on vg3, but I would prefer it is done by dracut,
so USB stick with the key does not have to be inserted during the
whole boot process (which takse quite some time on my slow machine).

Thank you very much,

Jaiv

Re: dracut 005 question

[Amadeusz Żołnowski]

[-- Attachment #1: Type: text/plain, Size: 1025 bytes --]

Hi,

Dracut 005? Keys are supported since 006, IIRC.

Excerpts from jaivuk's message of Mon Mar 14 11:53:59 +0100 2011:
> My root partition and other partitions on the same lvm group mount
> fine, but my second volume group (vg3) is not OK:
> My root partition is configured like that:
> md raid -> luks1 -> LVM vg2 -> filesystem
> 
> My second volume group:
> LVM vg3 -> luks2 -> filesystem

Do you I understand correctly, that you'd like Dracut to mount all
partitions? Or even activate all volume groups? Dracut is meant to mount
root partition and as soon it's done, he switches to it. You cannot
expect it will mount any other stuff. The rest should be done by
system's init scripts.

I have actually a setup, where I have one volume group divided between
two physical devices. Dracut opens only part of it where root is, then
switches to it and the second physical device is activated by init
scripts.
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: dracut 005 question

[jaivuk]

Hi guys,

Let me tell you what I want to achieve here - I have a host with
several luks partitions using the same key and I want them to be
unlocked by plugging USB stick with the key during the boot and not
typing the key via the keyboard at any stage.

I managed to install F14 with dracut-006-6.fc14 and I configured
second key and I assumed it will work. But it didn't. To my surpsire I
do not see rd_LUKS_KEYDEV_UUID anywhere in the 90crypt/* folder. I
searched whole modules.d and I did not find it either. So it looks to
me this version of dracut actually dropped support of key on external
device entirely?

What I would like to do now is to install dracut 008 (or the latest
version) in my F14 and try my USB key with it. I checked dracut 006
has dependency on plymouth-scripts, can you please advise me if it is
the same for dracut 008? Do I have to install latests plymouth-scripts
or is it optional?
And can you please give me any hint what is the best way of upgrade
from 006 to the latest one?

Thank you very much,

Jaiv

Re: dracut 005 question

[Amadeusz Żołnowski]

[-- Attachment #1: Type: text/plain, Size: 1700 bytes --]

Excerpts from jaivuk's message of Tue Mar 15 10:25:06 +0100 2011:
> Let me tell you what I want to achieve here - I have a host with
> several luks partitions using the same key and I want them to be
> unlocked by plugging USB stick with the key during the boot and not
> typing the key via the keyboard at any stage.
>
> I managed to install F14 with dracut-006-6.fc14 and I configured
> second key and I assumed it will work. But it didn't. To my surpsire I
> do not see rd_LUKS_KEYDEV_UUID anywhere in the 90crypt/* folder. I
> searched whole modules.d and I did not find it either. So it looks to
> me this version of dracut actually dropped support of key on external
> device entirely?

I don't know how Fedora releases the packages, but support for keys on
external device *started* with 007 [0]. And with 008 [1] parameters
names have changed. With 008 logic of probing devices for key has
changed. You might want to try how it behaves for your case.


> What I would like to do now is to install dracut 008 (or the latest
> version) in my F14 and try my USB key with it. I checked dracut 006
> has dependency on plymouth-scripts, can you please advise me if it is
> the same for dracut 008? Do I have to install latests plymouth-scripts
> or is it optional?
> And can you please give me any hint what is the best way of upgrade
> from 006 to the latest one?

You can try using source package from sf.net.


[0]
http://sourceforge.net/projects/dracut/files/dracut-007.tar.bz2/download

[1]
http://sourceforge.net/projects/dracut/files/dracut-008.tar.bz2/download
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: dracut 005 question

[Harald Hoyer]

Am 15.03.2011 11:43, schrieb Amadeusz Żołnowski:
> Excerpts from jaivuk's message of Tue Mar 15 10:25:06 +0100 2011:
>> Let me tell you what I want to achieve here - I have a host with
>> several luks partitions using the same key and I want them to be
>> unlocked by plugging USB stick with the key during the boot and not
>> typing the key via the keyboard at any stage.
>>
>> I managed to install F14 with dracut-006-6.fc14 and I configured
>> second key and I assumed it will work. But it didn't. To my surpsire I
>> do not see rd_LUKS_KEYDEV_UUID anywhere in the 90crypt/* folder. I
>> searched whole modules.d and I did not find it either. So it looks to
>> me this version of dracut actually dropped support of key on external
>> device entirely?
> 
> I don't know how Fedora releases the packages, but support for keys on
> external device *started* with 007 [0]. And with 008 [1] parameters
> names have changed. With 008 logic of probing devices for key has
> changed. You might want to try how it behaves for your case.
> 
> 
>> What I would like to do now is to install dracut 008 (or the latest
>> version) in my F14 and try my USB key with it. I checked dracut 006
>> has dependency on plymouth-scripts, can you please advise me if it is
>> the same for dracut 008? Do I have to install latests plymouth-scripts
>> or is it optional?
>> And can you please give me any hint what is the best way of upgrade
>> from 006 to the latest one?
> 
> You can try using source package from sf.net.
> 
> 
> [0]
> http://sourceforge.net/projects/dracut/files/dracut-007.tar.bz2/download
> 
> [1]
> http://sourceforge.net/projects/dracut/files/dracut-008.tar.bz2/download

Fedora 15 has dracut-008 ... should work on older systems, too