Using full disk encryption, on a multipath device (in this case FCP) ended up in trying to open/unlock a wrong DM device

Bug #1825189 reported by Frank Heimes on 2019-04-17
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Medium
Dimitri John Ledkov
partman-multipath (Ubuntu)
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

When doing a full disk encrypted installation with d-i using
"Guided - use entire disk and setup encrypted LVM"
on a multipath device (in this case zFCP/SCSI)
the post-install reboot ends in busybox/initramfs
while trying to open/unlock an incorrect device-maper device.
initrd tries to open /dev/mapper/mpatha5 but only /dev/mapper/mpatha-part5 exists.

Fixing the wrong device in crypttab like:
echo "mpatha5_crypt /dev/mapper/mpatha-part5 none luks,discard" > ./
cryptroot/crypttab
and trying to open it manually:
cryptsetup open --key-file /etc/zkey/repository/mpatha5_crypt.skey --key-size 1024 --cipher paes-xts-plain64 /dev/mapper/mpatha-part5 mpatha5_crypt
and leaving busybox again seems to work.

For more details see attachment ...

Frank Heimes (frank-heimes) wrote :
description: updated
tags: added: architecture-s39064 s390x
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package multipath-tools - 0.7.9-3ubuntu2

---------------
multipath-tools (0.7.9-3ubuntu2) eoan; urgency=medium

  * Ensure udebs have the same udev rules as installed systems. LP:
    #1825189

 -- Dimitri John Ledkov <email address hidden> Tue, 21 May 2019 12:34:41 +0100

Changed in multipath-tools (Ubuntu):
status: New → Fix Released
Changed in ubuntu-z-systems:
status: New → In Progress
Dimitri John Ledkov (xnox) wrote :

Next steps is to try to use eoan debian-installer, to see if this is now good or not.

Changed in parted (Ubuntu):
status: New → Fix Committed
Changed in partman-base (Ubuntu):
status: New → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package partman-base - 206ubuntu2

---------------
partman-base (206ubuntu2) eoan; urgency=medium

  * Multipath support:
    - lib/base.sh: is_multipath_part(): Use '-part' as multipath
    disk-partition separator. As otherwise there are differences in
    devices naming between d-i and the installed systems. LP: #1825189

 -- Dimitri John Ledkov <email address hidden> Mon, 17 Jun 2019 15:47:54 +0100

Changed in partman-base (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package parted - 3.2-25ubuntu1

---------------
parted (3.2-25ubuntu1) eoan; urgency=medium

  * _device_get_part_path: use -partN for dm partitions. As otherwise
    there are differences in devices naming between what parted creates,
    and what `udevadm trigger` will rename them to. LP: #1825189

 -- Dimitri John Ledkov <email address hidden> Mon, 17 Jun 2019 16:21:08 +0100

Changed in parted (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Dimitri John Ledkov (xnox) wrote :

@frank stop marking things as done prematurely. this is far from done at the moment.

Changed in ubuntu-z-systems:
status: Fix Released → Confirmed
Dimitri John Ledkov (xnox) wrote :

Also my parted upload is broken!

Changed in parted (Ubuntu):
status: Fix Released → Triaged
Frank Heimes (frank-heimes) wrote :

According to our conversation and a quick test on eoan the initial issue reported by me seemed to be solved - and I just touched the project entry.
But since you mentioned that you discovered further issues, and more packages were added as being affected, I'll leave further updates up to you.

Changed in multipath-tools (Ubuntu):
status: Fix Released → New
tags: added: block-proposed
tags: removed: block-proposed
no longer affects: multipath-tools (Ubuntu)
no longer affects: parted (Ubuntu)
no longer affects: partman-base (Ubuntu)
no longer affects: debian-installer (Ubuntu)
tags: added: block-proposed
no longer affects: cryptsetup (Ubuntu)
Changed in partman-multipath (Ubuntu):
status: New → Fix Committed
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1825189

tags: added: iso-testing
tags: removed: block-proposed
Dimitri John Ledkov (xnox) wrote :

So i think i undid all the bogus red-herring fixes that didn't fix anything.

and finally uploaded partman-multipath tools that should now work.

tested with Eoan-proposed it all looks good. Please wait for partman-multipath to publish in eoan release pocket and then retest.

_everything_ should just work. I.e. encrypted lvm on multipath; lvm on multipath; ecnrypted non-lvm on multipath and so on.

I am not sure about lvm, on encrypted, on raid, on multipath. But i believe that should also work.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package partman-multipath - 4ubuntu7

---------------
partman-multipath (4ubuntu7) eoan; urgency=medium

  * finish.d/multipath_partitions: undo init.d/multipath_partitions to use
    in-target -part names, such that later lvm2 can take backup names as
    seen in-target and cryptsetup can generate correct crypttab in the
    initrd. LP: #1825189

 -- Dimitri John Ledkov <email address hidden> Fri, 21 Jun 2019 12:12:03 +0100

Changed in partman-multipath (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Bug attachments