# proceed with the installation until the additional (installer) components got loaded: ┌────────────────────┤ Loading additional components ├────────────────────┐ │ │ │ 0% │ │ │ │ Retrieving apt-setup-udeb │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # open a d-i shell - with the help of a second ssh session to d-i ┌────────────────────────┤ [!!] Configuring d-i ├─────────────────────────┐ │ │ │ This is the network console for the Debian installer. From here, you │ │ may start the Debian installer, or execute an interactive shell. │ │ │ │ To return to this menu, you will need to log in again. │ │ │ │ Network console option: │ │ │ │ Start installer │ │ Start installer (expert mode) │ │ Start shell │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # and verify if an initial master key was configured for the available crypto domain by generating a test key BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu7) built-in shell (ash) Enter 'help' for a list of built-in commands. ~ # zkey -v zkey version 2.8.0-build-20190315 Copyright IBM Corp. 2017, 2018 ~ # zkey generate --xts --name test ~ # zkey list Key : test ------------------------------------------------------------------------------------- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : (none) APQNs : (none) Key file name : /etc/zkey/repository/test.skey Sector size : (system default) Volume type : luks2 Verification pattern : 29033f24e660063cb8b0b21fbc730b07 2e28b52e346f71099e2a201a220ef9fa Created : 2019-04-20 04:25:58 Changed : (never) Re-enciphered : (never) ~ # # exit from the second d-i shell and proceed with the installation as usual ... # and pick a zFCP/SCSI (multipath) disk: ┌─────────┤ [!!] Configure direct access storage devices (DASD) ├─────────┐ │ │ │ The following direct access storage devices (DASD) are available. │ │ Please select each device you want to use one at a time. │ │ │ │ Select "Finish" at the bottom of the list when you are done. │ │ │ │ Available devices: │ │ │ │ 0.0.2629 ↑ │ │ 0.0.262a ▒ │ │ 0.0.262b ▒ │ │ 0.0.262c ▒ │ │ 0.0.262d ▒ │ │ 0.0.262e ▒ │ │ 0.0.262f ▮ │ │ Finish ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────┤ [!!] Activate FCP devices for installation ├──────────────┐ │ │ │ The following FCP devices are available for installation. Select │ │ each FCP device you want to activate for accessing FC-attached SCSI │ │ devices. Depending on your FCP device configuration, you will be │ │ asked further setup questions. │ │ │ │ Select "Finish" when you have all FCP devices activated for your │ │ installation. │ │ │ │ Available FCP devices: │ │ │ │ 0.0.e000 ↑ │ │ 0.0.e001 ▮ │ │ 0.0.e002 ▒ │ │ 0.0.e003 ▒ │ │ 0.0.e004 ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────┤ [!!] Activate FCP devices for installation ├──────────────┐ │ │ │ The following FCP devices are available for installation. Select │ │ each FCP device you want to activate for accessing FC-attached SCSI │ │ devices. Depending on your FCP device configuration, you will be │ │ asked further setup questions. │ │ │ │ Select "Finish" when you have all FCP devices activated for your │ │ installation. │ │ │ │ Available FCP devices: │ │ │ │ 0.0.e000 (configured) ↑ │ │ 0.0.e001 ▮ │ │ 0.0.e002 ▒ │ │ 0.0.e003 ▒ │ │ 0.0.e004 ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────┤ [!!] Activate FCP devices for installation ├──────────────┐ │ │ │ The following FCP devices are available for installation. Select │ │ each FCP device you want to activate for accessing FC-attached SCSI │ │ devices. Depending on your FCP device configuration, you will be │ │ asked further setup questions. │ │ │ │ Select "Finish" when you have all FCP devices activated for your │ │ installation. │ │ │ │ Available FCP devices: │ │ │ │ 0.0.e00e ↑ │ │ 0.0.e00f ▒ │ │ 0.0.e100 ▮ │ │ 0.0.e101 ▒ │ │ 0.0.e102 ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────┤ [!!] Activate FCP devices for installation ├──────────────┐ │ │ │ The following FCP devices are available for installation. Select │ │ each FCP device you want to activate for accessing FC-attached SCSI │ │ devices. Depending on your FCP device configuration, you will be │ │ asked further setup questions. │ │ │ │ Select "Finish" when you have all FCP devices activated for your │ │ installation. │ │ │ │ Available FCP devices: │ │ │ │ 0.0.e00e ↑ │ │ 0.0.e00f ▒ │ │ 0.0.e100 (configured) ▮ │ │ 0.0.e101 ▒ │ │ 0.0.e102 ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────┤ [!!] Activate FCP devices for installation ├──────────────┐ │ │ │ The following FCP devices are available for installation. Select │ │ each FCP device you want to activate for accessing FC-attached SCSI │ │ devices. Depending on your FCP device configuration, you will be │ │ asked further setup questions. │ │ │ │ Select "Finish" when you have all FCP devices activated for your │ │ installation. │ │ │ │ Available FCP devices: │ │ │ │ 0.0.e10c ↑ │ │ 0.0.e10d ▒ │ │ 0.0.e10e ▒ │ │ 0.0.e10f ▮ │ │ Finish ↓ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐ │ │ │ The installer can guide you through partitioning a disk (using │ │ different standard schemes) or, if you prefer, you can do it │ │ manually. With guided partitioning you will still have a chance later │ │ to review and customise the results. │ │ │ │ If you choose guided partitioning for an entire disk, you will next │ │ be asked which disk should be used. │ │ │ │ Partitioning method: │ │ │ │ Guided - resize LVM VG mpatha1, LV mpatha1 and use freed space │ │ Guided - use entire disk │ │ Guided - use entire disk and set up LVM │ │ Guided - use entire disk and set up encrypted LVM │ │ Manual │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # select 'Guided - use entire disk and set up encrypted LVM' ┌────────────────────────┤ [!!] Partition disks ├─────────────────────────┐ │ │ │ Note that all data on the disk you select will be erased, but not │ │ before you have confirmed that you really want to make the changes. │ │ │ │ Select disk to partition: │ │ │ │ Multipath mpatha (WWID 36005076306ffd6b60000000000002603) - 68.7 │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # confirm the disk to be partitioned: ┌───────────────────────┤ [!!] Partition disks ├────────────────────────┐ │ │ │ Before the Logical Volume Manager can be configured, the current │ │ partitioning scheme has to be written to disk. These changes cannot │ │ be undone. │ │ │ │ After the Logical Volume Manager is configured, no additional changes │ │ to the partitioning scheme of disks containing physical volumes are │ │ allowed during the installation. Please decide if you are satisfied │ │ with the current partitioning scheme before continuing. │ │ │ │ The partition tables of the following devices are changed: │ │ Multipath mpatha (WWID 36005076306ffd6b60000000000002603) │ │ │ │ Write the changes to disks and configure LVM? │ │ │ │ │ │ │ └───────────────────────────────────────────────────────────────────────┘ # acknowledge to write the changes to disk ┌────────────────────────┤ [!!] Partition disks ├────────────────────────┐ │ │ │ You need to choose a passphrase to encrypt Multipath mpatha │ │ (partition #5). │ │ │ │ The overall strength of the encryption depends strongly on this │ │ passphrase, so you should take care to choose a passphrase that is │ │ not easy to guess. It should not be a word or sentence found in │ │ dictionaries, or a phrase that could be easily associated with you. │ │ │ │ A good passphrase will contain a mixture of letters, numbers and │ │ punctuation. Passphrases are recommended to have a length of 20 or │ │ more characters. │ │ │ │ ____________________________________________________________________ │ │ │ │ [ ] Show Password in Clear │ │ │ │ │ │ │ └────────────────────────────────────────────────────────────────────────┘ # specify as usual a passpharse ┌────────────────────────┤ [!!] Partition disks ├────────────────────────┐ │ │ │ You need to choose a passphrase to encrypt Multipath mpatha │ │ (partition #5). │ │ │ │ The overall strength of the encryption depends strongly on this │ │ passphrase, so you should take care to choose a passphrase that is │ │ not easy to guess. It should not be a word or sentence found in │ │ dictionaries, or a phrase that could be easily associated with you. │ │ │ │ A good passphrase will contain a mixture of letters, numbers and │ │ punctuation. Passphrases are recommended to have a length of 20 or │ │ more characters. │ │ │ │ ********____________________________________________________________ │ │ │ │ [ ] Show Password in Clear │ │ │ │ │ │ │ └────────────────────────────────────────────────────────────────────────┘ # and confirm the passphrase ┌───────────────────────┤ [!!] Partition disks ├────────────────────────┐ │ │ │ Please enter the same passphrase again to verify that you have typed │ │ it correctly. │ │ │ │ Re-enter passphrase to verify: │ │ │ │ ********_____________________________________________________________ │ │ │ │ [ ] Show Password in Clear │ │ │ │ │ │ │ └───────────────────────────────────────────────────────────────────────┘ # specify the max amount of space for the volume: ┌─────────────────────────┤ [!] Partition disks ├─────────────────────────┐ │ │ │ You may use the whole volume group for guided partitioning, or part │ │ of it. If you use only part of it, or if you add more disks later, │ │ then you will be able to grow logical volumes later using the LVM │ │ tools, so using a smaller part of the volume group at installation │ │ time may offer more flexibility. │ │ │ │ The minimum size of the selected partitioning recipe is 1.9 GB (or │ │ 2%); please note that the packages you choose to install may require │ │ more space than this. The maximum available size is 67.9 GB. │ │ │ │ Hint: "max" can be used as a shortcut to specify the maximum size, or │ │ enter a percentage (e.g. "20%") to use that percentage of the maximum │ │ size. │ │ │ │ max__________________________________________________________________ │ │ │ │ │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────┤ Starting up the partitioner ├─────────────────────┐ │ │ │ 83% │ │ │ │ Please wait... │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # again confirm the partitioning changes: ┌───────────────────────┤ [!!] Partition disks ├───────────────────────┐ │ │ │ If you continue, the changes listed below will be written to the │ │ disks. Otherwise, you will be able to make further changes manually. │ │ │ │ The following partitions are going to be formatted: │ │ LVM VG s1lp15-vg, LV root as ext4 │ │ LVM VG s1lp15-vg, LV swap_1 as swap │ │ │ │ Write the changes to disks? │ │ │ │ │ │ │ └──────────────────────────────────────────────────────────────────────┘ ┌─────────────────────┤ Installing the base system ├──────────────────────┐ │ │ │ 6% │ │ │ │ Retrieving ca-certificates... │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # and proceed with the installation as usual ... ┌───────────────────────┤ [!] Configuring tasksel ├───────────────────────┐ │ │ │ Applying updates on a frequent basis is an important part of keeping │ │ your system secure. │ │ │ │ By default, updates need to be applied manually using package │ │ management tools. Alternatively, you can choose to have this system │ │ automatically download and install security updates, or you can │ │ choose to manage this system over the web as part of a group of │ │ systems using Canonical's Landscape service. │ │ │ │ How do you want to manage upgrades on this system? │ │ │ │ No automatic updates │ │ Install security updates automatically │ │ Manage system with Landscape │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────┤ Select and install software ├─────────────────────┐ │ │ │ 55% │ │ │ │ Unpacking vim-runtime (s390x) │ │ │ └─────────────────────────────────────────────────────────────────────────┘ ┌─────────────────────┤ Select and install software ├─────────────────────┐ │ │ │ 97% │ │ │ │ Cleaning up... │ │ │ └─────────────────────────────────────────────────────────────────────────┘ # and complete the installation with a reboot ┌─────────────────────┤ Finishing the installation ├──────────────────────┐ │ │ │ 95% │ │ │ │ Connection to 10.245.236.15 closed by remote host. │ Connection to 10.245.236.15 closed. │ fheimes@T570:~$ ────────────────────────────────────────────────────────────┘ # Now carefully watch the boot up in the console (with LPAR installation this is the 'Operating Systems Messages' task) # until you are asked to unlock the encrypted disk: ... Begin: Running /scripts/init-premount ... done. Begin: Mounting root file system ... Begin: Running /scripts/local-top ... WAR NING: Failed to connect to lvmetad. Falling back to device scanning. Volume group "s1lp15-vg" not found Cannot process volume group s1lp15-vg WARNING: Failed to connect to lvmetad. Falling back to device scanning. Volume group "s1lp15-vg" not found Cannot process volume group s1lp15-vg cryptsetup: Waiting for encrypted source device /dev/mapper/mpatha5... ALERT! encrypted source device /dev/mapper/mpatha5 does not exist, can't unlock mpatha5_crypt. Check cryptopts=source= bootarg: cat /proc/cmdline or missing modules, devices: cat /proc/modules; ls /dev Dropping to a shell. BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu7) built-in shell (ash) Enter 'help' for a list of built-in commands. (initramfs) (initramfs) [6n ls -la /dev/mapper/mpath* lrwxrwxrwx 1 7 /dev/mapper/mpatha-part5 -> ../dm-3 lrwxrwxrwx 1 7 /dev/mapper/mpatha-part2 -> ../dm-2 lrwxrwxrwx 1 7 /dev/mapper/mpatha-part1 -> ../dm-1 lrwxrwxrwx 1 7 /dev/mapper/mpatha -> ../dm-0 (initramfs) [6n zkey list Key : mpatha5_crypt -------------------------------------------------------------------------------- ----- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : /dev/mapper/mpatha5:mpatha5_crypt APQNs : (none) Key file name : /etc/zkey/repository/mpatha5_crypt.skey Sector size : 4096 bytes Volume type : luks2 Verification pattern : eb883c594e101ef79c6a33ea9a66fbea 53695afad9102bdf77d3b33bbc848495 Created : 2019-04-20 04:31:10 Changed : (never) Re-enciphered : (never) Key : test -------------------------------------------------------------------------------- ----- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : (none) APQNs : (none) Key file name : /etc/zkey/repository/test.skey ls -lA /etc/zkey/repository/mpatha5_crypt.skey -rw-r--r-- 1 128 /etc/zkey/repository/mpatha5_crypt.skey cryptsetup status mpatha5_crypt /dev/mapper/mpatha5_crypt is inactive. lszcrypt -V CARD.DOMAIN TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER -------------------------------------------------------------------------------- ------------ 00 CEX5C CCA-Coproc online 1 0 11 08 S--D--N-- cex4card 00.000a CEX5C CCA-Coproc online 1 0 11 08 S--D--N-- cex4queue cat /etc/crypttab cat: can't open '/etc/crypttab': No such file or directory cat ./cryptroot/crypttab mpatha5_crypt /dev/mapper/mpatha5 none luks,discard cp ./cryptroot/crypttab ./cryptroot/crypttab_bkup (initramfs) [6n echo "mpatha5_crypt /dev/mapper/mpatha-part5 none luks,discard" > ./ cryptroot/crypttab (initramfs) [6n cat ./cryptroot/crypttab mpatha5_crypt /dev/mapper/mpatha-part5 none luks,discard (initramfs) [6n cryptsetup open --key-file /etc/zkey/repository/mpatha5_crypt.skey --key-size 1024 --cipher paes-xts-plain64 /dev/mapper/mpatha-part5 mpatha5_crypt exit cryptsetup: WARNING: 'card' is missing some arguments, see crypttab(5) done. Begin: Running /scripts/local-premount ... Scanning for Btrfs filesystems Begin: Waiting for udev to settle (multipath) ... done. [ 6243.731180] Btrfs loaded, crc32c=crc32c-vx Begin: Waiting for suspend/resume device ... Begin: Running /scripts/local-block ... Please unlock disk mpatha5_crypt: No key available with this passphrase. cryptsetup: ERROR: mpatha5_crypt: cryptsetup failed, bad password or options? Please unlock disk mpatha5_crypt: [ 6330.513591] device-mapper: crypt: xts(paes) using implementation "xts-paes-s390" WARNING: Failed to connect to lvmetad. Falling back to device scanning. cryptsetup: mpatha5_crypt: set up successfully mdadm: No arrays found in config file or automatically WARNING: Failed to connect to lvmetad. Falling back to device scanning. done. mdadm: No arrays found in config file or automatically mdadm: error opening /dev/md?*: No such file or directory mdadm: No arrays found in config file or automatically done. Begin: Will now check root file system ... fsck from util-linux 2.33.1 [/sbin/fsck.ext4 (1) -- /dev/mapper/s1lp15--vg-root] fsck.ext4 -a -C0 /dev/mappe r/s1lp15--vg-root /dev/mapper/s1lp15--vg-root: clean, 61606/4087808 files, 689995/16333824 blocks done. done. Begin: Running /scripts/local-bottom ... Begin: Stopping multipathd ... done. [ 6331.851951] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null) done. Begin: Running /scripts/init-bottom ... done. [ 6336.073888] systemd[1]: systemd 240 running in system mode. (+PAM +AUDIT +SEL INUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL + XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybr id) [ 6336.074120] systemd[1]: Detected architecture s390x. [ 6336.078622] systemd[1]: Set hostname to . Welcome to [1mUbuntu 19.04[0m! [[0;32m OK [0m] Set up automount [0;1;39mArbitrary s File System Automount Po int[0m. [[0;32m OK [0m] Reached target [0;1;39mUser and Group Name Lookups[0m. [[0;32m OK [0m] Started [0;1;39mForward Password R uests to Wall Directory Wa tch[0m. [[0;32m OK [0m] Listening on [0;1;39minitctl Compatibility Named Pipe[0m. [[0;32m OK [0m] Listening on [0;1;39mJournal Audit Socket[0m. [[0;32m OK [0m] Listening on [0;1;39mSyslog Socket[0m. [[0;32m OK [0m] Listening on [0;1;39mLVM2 metadata daemon socket[0m. [[0;32m OK [0m] Created slice [0;1;39mUser and Session Slice[0m. [[0;32m OK [0m] Listening on [0;1;39mudev Control Socket[0m. [[0;32m OK [0m] Reached target [0;1;39mSlices[0m. [[0;32m OK [0m] Listening on [0;1;39mDevice-mapper event daemon FIFOs[0m. [[0;32m OK [0m] Listening on [0;1;39mJournal Socket (/dev/log)[0m. [[0;32m OK [0m] Listening on [0;1;39mJournal Socket[0m. Starting [0;1;39mSet the console keyboard layout[0m... Mounting [0;1;39mHuge Pages File System[0m... Mounting [0;1;39mKernel Debug File System[0m... Starting [0;1;39mCreate list of re odes for the current kernel[0m... Starting [0;1;39mUncomplicated firewall[0m... Starting [0;1;39mLoad Kernel Modules[0m... Starting [0;1;39mJournal Service[0m... Mounting [0;1;39mPOSIX Message Queue File System[0m... [[0;32m OK [0m] Created slice [0;1;39msystem-systemd\x2dcryptsetup.slice[0m. [[0;32m OK [0m] Listening on [0;1;39mudev Kernel Socket[0m. Starting [0;1;39mudev Coldplug all Devices[0m... [[0;32m OK [0m] Created slice [0;1;39msystem-systemd\x2dfsck.slice[0m. [ 6337.530706] systemd[1]: Set up automount Arbitrary Executable File Formats Fi le System Automount Point. [ 6337.530964] systemd[1]: Reached target User and Group Name Lookups. [ 6337.531016] systemd[1]: Started Forward Password Requests to Wall Directory W atch. [ 6337.531081] systemd[1]: Listening on initctl Compatibility Named Pipe. [ 6337.531208] systemd[1]: Listening on Journal Audit Socket. [ 6337.531281] systemd[1]: Listening on Syslog Socket. [ 6337.531353] systemd[1]: Listening on LVM2 metadata daemon socket. [ 6337.565903] EXT4-fs (dm-5): re-mounted. Opts: errors=remount-ro [ 6337.568654] Loading iSCSI transport class v2.0-870. [ 6337.577145] systemd-journald[3511]: Received request to flush runtime journal from PID 1 [ 6337.582544] iscsi: registered transport (tcp) [ 6337.595282] iscsi: registered transport (iser) [[0;32m OK [0m] Listening on [0;1;39mfsck to fsckd communication Socket[0m. Starting [0;1;39mRemount Root and Kernel File Systems[0m... Starting [0;1;39mMonitoring of LVM meventd or progress polling[0m... [[0;32m OK [0m] Listening on [0;1;39mLVM2 poll daemon socket[0m. [[0;32m OK [0m] Created slice [0;1;39msystem-serial\x2dgetty.slice[0m. [[0;32m OK [0m] Mounted [0;1;39mHuge Pages File System[0m. [[0;32m OK [0m] Mounted [0;1;39mKernel Debug File System[0m. [[0;32m OK [0m] Started [0;1;39mCreate list of req nodes for the current ker nel[0m. [[0;32m OK [0m] Started [0;1;39mUncomplicated firewall[0m. [[0;32m OK [0m] Mounted [0;1;39mPOSIX Message Queue File System[0m. [[0;32m OK [0m] Started [0;1;39mRemount Root and Kernel File Systems[0m. Starting [0;1;39mLoad/Save Random Seed[0m... Starting [0;1;39mCreate System Users[0m... [[0;32m OK [0m] Started [0;1;39mJournal Service[0m. Starting [0;1;39mFlush Journal to Persistent Storage[0m... [[0;32m OK [0m] Started [0;1;39mLoad/Save Random Seed[0m. [[0;32m OK [0m] Started [0;1;39mLoad Kernel Modules[0m. Mounting [0;1;39mFUSE Control File System[0m... Mounting [0;1;39mKernel Configuration File System[0m... Starting [0;1;39mApply Kernel Variables[0m... [[0;32m OK [0m] Started [0;1;39mCreate System Users[0m. [[0;32m OK [0m] Started [0;1;39mFlush Journal to Persistent Storage[0m. [[0;32m OK [0m] Mounted [0;1;39mFUSE Control File System[0m. [[0;32m OK [0m] Mounted [0;1;39mKernel Configuration File System[0m. Starting [0;1;39mCreate Static Device Nodes in /dev[0m... [[0;32m OK [0m] Started [0;1;39mApply Kernel Variables[0m. [[0;32m OK [0m] Started [0;1;39mSet the console keyboard layout[0m. [[0;32m OK [0m] Started [0;1;39mCreate Static Device Nodes in /dev[0m. Starting [0;1;39mudev Kernel Device Manager[0m... [[0;32m OK [0m] Started [0;1;39mudev Kernel Device Manager[0m. Starting [0;1;39mNetwork Service[0m... [[0;32m OK [0m] Started [0;1;39mNetwork Service[0m. Starting [0;1;39mWait for Network to be Configured[0m... [[0;32m OK [0m] Started [0;1;39mudev Coldplug all Devices[0m. Starting [0;1;39mudev Wait for Complete Device Initialization[0m... [[0;32m OK [0m] Started [0;1;39mDispatch Password ts to Console Directory Wa tch[0m. [[0;32m OK [0m] Found device [0;1;39m/dev/sclp_line0[0m. [[0;32m OK [0m] Found device [0;1;39m/dev/ttysclp0[0m. [[0;32m OK [0m] Found device [0;1;39m/dev/mapper/s1lp15--vg-swap_1[0m. Activating swap [0;1;39m/dev/mapper/s1lp15--vg-swap_1[0m... [[0;32m OK [0m] Activated swap [0;1;39m/dev/mapper/s1lp15--vg-swap_1[0m. [[0;32m OK [0m] Created slice [0;1;39msystem-lvm2\x2dpvscan.slice[0m. [[0;32m OK [0m] Reached target [0;1;39mSwap[0m. [[0;32m OK [0m] Found device [0;1;39m/dev/disk/by- 4-c7b6-42f5-a54f-1054baa39 630[0m. Starting [0;1;39mCryptography Setup for mpatha5_crypt[0m... [[0;32m OK [0m] Found device [0;1;39m/dev/mapper/mpatha-part1[0m. [[0;32m OK [0m] Started [0;1;39mCryptography Setup for mpatha5_crypt[0m. [[0;32m OK [0m] Reached target [0;1;39mLocal Encrypted Volumes[0m. [[0;32m OK [0m] Started [0;1;39mudev Wait for Complete Device Initialization[0 m. Starting [0;1;39mDevice-Mapper Multipath Device Controller[0m... [[0;32m OK [0m] Started [0;1;39mDevice-Mapper Multipath Device Controller[0m. [[0;32m OK [0m] Started [0;1;39mLVM2 metadata daemon[0m. Starting [0;1;39mLVM2 PV scan on device 253:4[0m... [[0;32m OK [0m] Started [0;1;39mMonitoring of LVM2 dmeventd or progress poll ing[0m. [[0;32m OK [0m] Reached target [0;1;39mLocal File Systems (Pre)[0m. Starting [0;1;39mFile System Check on /dev/mapper/mpatha-part1[0m... [[0;32m OK [0m] Started [0;1;39mFile System Check Daemon to report status[0m. [[0;32m OK [0m] Started [0;1;39mFile System Check on /dev/mapper/mpatha-part1[ 0m. Mounting [0;1;39m/boot[0m... [[0;32m OK [0m] Mounted [0;1;39m/boot[0m. [[0;32m OK [0m] Reached target [0;1;39mLocal File Systems[0m. Starting [0;1;39mApply Control Program Identification (CPI)[0m... Starting [0;1;39mTell Plymouth To Write Out Runtime Data[0m... Starting [0;1;39mLoad AppArmor profiles[0m... Starting [0;1;39mSet console font and keymap[0m... Starting [0;1;39mCreate Volatile Files and Directories[0m... Starting [0;1;39mCreate final runt dir for shutdown pivot root[0m... [[0;32m OK [0m] Started [0;1;39mSet console font and keymap[0m. [[0;32m OK [0m] Started [0;1;39mCreate final runtime dir for shutdown pivot ro ot[0m. [[0;32m OK [0m] Started [0;1;39mLVM2 PV scan on device 253:4[0m. [[0;32m OK [0m] Started [0;1;39mCreate Volatile Files and Directories[0m. Starting [0;1;39mNetwork Name Resolution[0m... Starting [0;1;39mNetwork Time Synchronization[0m... Starting [0;1;39mUpdate UTMP about System Boot/Shutdown[0m... [[0;32m OK [0m] Started [0;1;39mTell Plymouth To Write Out Runtime Data[0m. [[0;32m OK [0m] Started [0;1;39mUpdate UTMP about System Boot/Shutdown[0m. [[0;32m OK [0m] Started [0;1;39mNetwork Time Synchronization[0m. [[0;32m OK [0m] Reached target [0;1;39mSystem Time Synchronized[0m. [[0;32m OK [0m] Started [0;1;39mNetwork Name Resolution[0m. [[0;32m OK [0m] Reached target [0;1;39mHost and Network Name Lookups[0m. [[0;32m OK [0m] Reached target [0;1;39mNetwork[0m. [[0;32m OK [0m] Started [0;1;39mLoad AppArmor profiles[0m. [[0;32m OK [0m] Reached target [0;1;39mSystem Initialization[0m. [[0;32m OK [0m] Started [0;1;39mDaily Cleanup of Temporary Directories[0m. [[0;32m OK [0m] Started [0;1;39mDiscard unused blocks once a week[0m. [[0;32m OK [0m] Listening on [0;1;39mD-Bus System Message Bus Socket[0m. [[0;32m OK [0m] Started [0;1;39mDaily rotation of log files[0m. [[0;32m OK [0m] Started [0;1;39mMessage of the Day[0m. [[0;32m OK [0m] Started [0;1;39mDaily man-db regeneration[0m. Starting [0;1;39mSocket activation for snappy daemon[0m. [[0;32m OK [0m] Started [0;1;39mDaily apt download activities[0m. [[0;32m OK [0m] Started [0;1;39mDaily apt upgrade and clean activities[0m. [[0;32m OK [0m] Reached target [0;1;39mTimers[0m. [[0;32m OK [0m] Reached target [0;1;39mPaths[0m. [[0;32m OK [0m] Listening on [0;1;39mOpen-iSCSI iscsid Socket[0m. [[0;32m OK [0m] Listening on [0;1;39mUUID daemon activation socket[0m. [[0;32m OK [0m] Listening on [0;1;39mSocket activation for snappy daemon[0m. [[0;32m OK [0m] Reached target [0;1;39mSockets[0m. [[0;32m OK [0m] Reached target [0;1;39mBasic System[0m. Starting [0;1;39mLogin Service[0m... [[0;32m OK [0m] Started [0;1;39mirqbalance daemon[0m. [[0;32m OK [0m] Started [0;1;39mD-Bus System Message Bus[0m. [[0;32m OK [0m] Started [0;1;39mRegular background program processing daemon[0 m. Starting [0;1;39mDispatcher daemon for systemd-networkd[0m... [[0;32m OK [0m] Started [0;1;39mSave initial kernel messages after boot[0m. Starting [0;1;39mConfigure dump on panic for System z[0m... Starting [0;1;39mSystem Logging Service[0m... [[0;32m OK [0m] Started [0;1;39mSet the CPU Frequency Scaling governor[0m. Starting [0;1;39mCPACF statistics ocess for Linux on System z[0m... Starting [0;1;39mAccounts Service[0m... Starting [0;1;39mSnappy daemon[0m... Starting [0;1;39mCleanup of Temporary Directories[0m... [[0;32m OK [0m] Started [0;1;39mCPACF statistics c process for Linux on Syste m z[0m. [[0;32m OK [0m] Started [0;1;39mSystem Logging Service[0m. [[0;32m OK [0m] Started [0;1;39mLogin Service[0m. [[0;32m OK [0m] Started [0;1;39mUnattended Upgrades Shutdown[0m. [[0;32m OK [0m] Started [0;1;39mCleanup of Temporary Directories[0m. [[0;32m OK [0m] Started [0;1;39mConfigure dump on panic for System z[0m. [[0;32m OK [0m] Started [0;1;39mAccounts Service[0m. [[0;32m OK [0m] Started [0;1;39mWait for Network to be Configured[0m. [[0;32m OK [0m] Reached target [0;1;39mNetwork is Online[0m. Starting [0;1;39mPollinate to seed udo random number generator[0m... [[0;32m OK [0m] Reached target [0;1;39mRemote File Systems (Pre)[0m. [[0;32m OK [0m] Reached target [0;1;39mRemote File Systems[0m. Starting [0;1;39mPermit User Sessions[0m... Starting [0;1;39mDeferred execution scheduler[0m... Starting [0;1;39mLSB: automatic crash report generation[0m... Starting [0;1;39mAvailability of block devices[0m... [[0;32m OK [0m] Started [0;1;39mPermit User Sessions[0m. [[0;32m OK [0m] Started [0;1;39mDeferred execution scheduler[0m. [[0;32m OK [0m] Started [0;1;39mAvailability of block devices[0m. Starting [0;1;39mTerminate Plymouth Boot Screen[0m... Starting [0;1;39mHold until boot process finishes up[0m... [[0;32m OK [0m] Started [0;1;39mHold until boot process finishes up[0m. [[0;32m OK [0m] Started [0;1;39mSerial Getty on ttysclp0[0m. Starting [0;1;39mSet console scheme[0m... [[0;32m OK [0m] Started [0;1;39mSerial Getty on sclp_line0[0m. [[0;32m OK [0m] Started [0;1;39mTerminate Plymouth Boot Screen[0m. [[0;32m OK [0m] Started [0;1;39mSet console scheme[0m. [[0;32m OK [0m] Created slice [0;1;39msystem-getty.slice[0m. [[0;32m OK [0m] Started [0;1;39mGetty on tty1[0m. [[0;32m OK [0m] Reached target [0;1;39mLogin Prompts[0m. [[0;32m OK [0m] Started [0;1;39mLSB: automatic crash report generation[0m. [[0;32m OK [0m] Started [0;1;39mDispatcher daemon for systemd-networkd[0m. [[0;32m OK [0m] Started [0;1;39mSnappy daemon[0m. Starting [0;1;39mWait until snapd is fully seeded[0m... [[0;32m OK [0m] Started [0;1;39mPollinate to seed seudo random number genera tor[0m. Starting [0;1;39mOpenBSD Secure Shell server[0m... [[0;32m OK [0m] Started [0;1;39mOpenBSD Secure Shell server[0m. [[0;32m OK [0m] Started [0;1;39mApply Control Program Identification (CPI)[0m. [[0;32m OK [0m] Started [0;1;39mWait until snapd is fully seeded[0m. [[0;32m OK [0m] Reached target [0;1;39mMulti-User System[0m. [[0;32m OK [0m] Reached target [0;1;39mGraphical Interface[0m. Starting [0;1;39mUpdate UTMP about System Runlevel Changes[0m... [[0;32m OK [0m] Started [0;1;39mUpdate UTMP about System Runlevel Changes[0m. Ubuntu 19.04 s1lp15 sclp_line0 s1lp15 login: ubuntu Password: Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-13-generic s390x) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Wed Apr 17 07:30:51 EDT 2019 System load: 0.0 Memory usage: 3% Processes: 189 Usage of /: 2.3% of 61.08GB Swap usage: 0% Users logged in: 0 0 updates can be installed immediately. 0 of these updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. sudo zkey list Key : mpatha5_crypt -------------------------------------------------------------------------------- ----- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : /dev/mapper/mpatha5:mpatha5_crypt APQNs : (none) Key file name : /etc/zkey/repository/mpatha5_crypt.skey Sector size : 4096 bytes Volume type : luks2 Verification pattern : eb883c594e101ef79c6a33ea9a66fbea 53695afad9102bdf77d3b33bbc848495 Created : 2019-04-20 04:31:10 Changed : (never) Re-enciphered : (never) Key : test -------------------------------------------------------------------------------- ----- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : (none) APQNs : (none) Key file name : /etc/zkey/repository/test.skey Sector size : (system default) Volume type : luks2 Verification pattern : 29033f24e660063cb8b0b21fbc730b07 2e28b52e346f71099e2a201a220ef9fa Created : 2019-04-20 04:25:58 Changed : (never) Re-enciphered : (never) ubuntu@s1lp15:~$ awk '{ print $1 }' /etc/crypttab mpatha5_crypt ubuntu@s1lp15:~$ sudo cryptsetup status $(awk '{ print $1 }' /etc/crypttab ) /dev/mapper/mpatha5_crypt is active and is in use. type: LUKS2 cipher: paes-xts-plain64 keysize: 1024 bits key location: keyring device: /dev/mapper/mpatha-part5 sector size: 4096 offset: 32768 sectors size: 132683776 sectors mode: read/write flags: discards ubuntu@s1lp15:~$ lszcrypt -V CARD.DOMAIN TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER -------------------------------------------------------------------------------- ------------ 00 CEX5C CCA-Coproc online 4 0 11 08 S--D--N-- cex4card 00.000a CEX5C CCA-Coproc online 4 0 11 08 S--D--N-- cex4queue __________ # Be carefully and watch the boot up in the console (with LPAR installation this is the 'Operating Systems Messages' task) # until you are asked to unlock the encrypted disk: Please unlock disk mpatha5_crypt: # now type in the passphrase that was specified during the installation and the installation will proceed # and the following message is displayed: Please unlock disk mpatha5_crypt: [ 233.629510] NET: Registered protocol family 38 [ 233.688101] device-mapper: crypt: xts(paes) using implementation "xts-paes-s390" # once the system is up and running - and you see the console's login prompt: [[0;32m OK [0m] Started [0;1;39mApply Control Program Identification (CPI)[0m. Ubuntu 19.04 s1lp15 sclp_line0 s1lp15 login: # login (best via an ssh connection) ... user@workstation:~$ ssh ubuntu@10.245.236.15 ubuntu@10.245.236.15's password: Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-13-generic s390x) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. ubuntu@s1lp15:~$ # and finally execute - just for verification purposes: ubuntu@s1lp15:~$ sudo zkey list [sudo] password for ubuntu: Key : mpatha5_crypt ------------------------------------------------------------------------------------- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : /dev/mapper/mpatha5:mpatha5_crypt APQNs : (none) Key file name : /etc/zkey/repository/mpatha5_crypt.skey Sector size : 4096 bytes Volume type : luks2 Verification pattern : eb883c594e101ef79c6a33ea9a66fbea 53695afad9102bdf77d3b33bbc848495 Created : 2019-04-20 04:31:10 Changed : (never) Re-enciphered : (never) Key : test ------------------------------------------------------------------------------------- Description : Secure key size : 128 bytes Clear key size : 512 bits XTS type key : Yes Volumes : (none) APQNs : (none) Key file name : /etc/zkey/repository/test.skey Sector size : (system default) Volume type : luks2 Verification pattern : 29033f24e660063cb8b0b21fbc730b07 2e28b52e346f71099e2a201a220ef9fa Created : 2019-04-20 04:25:58 Changed : (never) Re-enciphered : (never) ubuntu@s1lp15:~$ ubuntu@s1lp15:~$ awk '{ print $1 }' /etc/crypttab mpatha5_crypt ubuntu@s1lp15:~$ ubuntu@s1lp15:~$ sudo cryptsetup status mpatha5_crypt /dev/mapper/mpatha5_crypt is active and is in use. type: LUKS2 cipher: paes-xts-plain64 keysize: 1024 bits key location: keyring device: /dev/mapper/mpatha-part5 sector size: 4096 offset: 32768 sectors size: 132683776 sectors mode: read/write flags: discards ubuntu@s1lp15:~$ # or all-in-one: ubuntu@s1lp15:~$ sudo cryptsetup status $(awk '{ print $1 }' /etc/crypttab ) /dev/mapper/mpatha5_crypt is active and is in use. type: LUKS2 cipher: paes-xts-plain64 keysize: 1024 bits key location: keyring device: /dev/mapper/mpatha-part5 sector size: 4096 offset: 32768 sectors size: 132683776 sectors mode: read/write flags: discards ubuntu@s1lp15:~$ ubuntu@s1lp15:~$ lszcrypt -V CARD.DOMAIN TYPE MODE STATUS REQUESTS PENDING HWTYPE QDEPTH FUNCTIONS DRIVER -------------------------------------------------------------------------------------------- 00 CEX5C CCA-Coproc online 4 0 11 08 S--D--N-- cex4card 00.000a CEX5C CCA-Coproc online 4 0 11 08 S--D--N-- cex4queue ubuntu@s1lp15:~$ # Btw. the 'test' key is only listed here if the optional step to create a test key was performed during the installation