vaultlocker

Bug #1838607
Comment #17

Comment 17 for bug 1838607

Revision history for this message

Nicolas Pochet (npochet) wrote on 2020-01-15:

#17

As described in the original bug, there's an interface that is DOWN with NO-CARRIER:
ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:ad:4f:a6 brd ff:ff:ff:ff:ff:ff
3: ens8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:06:3e:6c brd ff:ff:ff:ff:ff:ff

When rebooting, we can see the following in the logs:
grep mnt /var/log/syslog
Jan 15 11:07:33 vm1 systemd[1]: Dependency failed for /mnt/test.
Jan 15 11:07:33 vm1 systemd[1]: mnt-test.mount: Job mnt-test.mount/start failed with result 'dependency'.

The version of vaultlocker is:
dpkg -l | grep vaultlocker
ii vaultlocker 1.0.3-0ubuntu1.18.10.1~ubuntu18.04.1 all Secure storage of dm-crypt keys in Hashicorp Vault

I upgraded the vaultlocker package from James Page's PPA:
sudo apt-add-repository ppa:james-page/bionic
sudo apt update
sudo apt upgrade

dpkg -l | grep vaultlocker
ii vaultlocker 1.0.4-0ubuntu0.19.04.1~ubuntu18.04.1~ppa1 all Secure storage of dm-crypt keys in Hashicorp Vault

Rebooting the machine does not show the same errors in the logs:

grep mnt /var/log/syslog
Jan 15 11:34:09 vm1 systemd[1]: Mounting /mnt/test...
Jan 15 11:34:09 vm1 systemd[1]: Mounted /mnt/test.

For the original bug point of view, this patch is fixing the issue in the version proposed by James Page in his PPA. This package is in the queue to be backported to bionic-backports.

Validation for Bionic from James Page PPA.
I created a bionic VM, configured vault on another machine and installed vaultlocker from the repo.
Used vaultlocker to encrypt a partition:
lsblk 
NAME                                           MAJ:MIN RM SIZE RO TYPE  MOUNTPOINT
sda                                              8:0    0  20G  0 disk  
└─sda1                                           8:1    0  20G  0 part  /
sdb                                              8:16   0   5G  0 disk  
└─sdb1                                           8:17   0   5G  0 part  
  └─crypt-be9500f2-b3cd-4027-b7db-435a6bb8cd90 253:0    0   5G  0 crypt /mnt/test

The version of vaultlocker is:
dpkg -l | grep vaultlocker
ii  vaultlocker                           1.0.3-0ubuntu1.18.10.1~ubuntu18.04.1            all          Secure storage of dm-crypt keys in Hashicorp Vault

I upgraded the vaultlocker package from James Page's PPA:
sudo apt-add-repository ppa:james-page/bionic
sudo apt update
sudo apt upgrade

dpkg -l | grep vaultlocker
ii  vaultlocker                           1.0.4-0ubuntu0.19.04.1~ubuntu18.04.1~ppa1       all          Secure storage of dm-crypt keys in Hashicorp Vault

Rebooting the machine does not show the same errors in the logs:

grep mnt /var/log/syslog
Jan 15 11:34:09 vm1 systemd[1]: Mounting /mnt/test...
Jan 15 11:34:09 vm1 systemd[1]: Mounted /mnt/test.

For the original bug point of view, this patch is fixing the issue in the version proposed by James Page in his PPA. This package is in the queue to be backported to bionic-backports.