[SOLVED] Crypttab issue

Hey guys,

I recently installed Fedora 29 Workstation on my main machine and cannot get the RAID to automatically mount at access.

The complete stack is like this:

  • ext4
  • LVM
  • LUKS
  • md raid 5
  • 4 * 1 TB sata disks

I first added a keyslot using a file and checked if I can open it using cryptsetup --key-file /etc/raid.key open ... which worked fine.

I then added an entry to /etc/crypttab:

luks-d2674f88-b48d-4ed4-9eb8-e37a3a4bf438 UUID=d2674f88-b48d-4ed4-9eb8-e37a3a4bf438 /etc/raid.key noauto,luks

The UUID is the correct one:

blkid|grep d2674f88-b48d-4ed4-9eb8-e37a3a4bf438
/dev/md0: UUID="d2674f88-b48d-4ed4-9eb8-e37a3a4bf438" TYPE="crypto_LUKS"
cat /proc/mdstat 
Personalities : [raid6] [raid5] [raid4] 
md0 : active raid5 sdb1[1] sde1[4] sdd1[2] sda1[0]
      2929582080 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/8 pages [0KB], 65536KB chunk

unused devices: <none>

Then I added an entry to fstab using the LV:

grep raid /etc/fstab
/dev/raid-vg/raid	/raid			ext4	noauto,x-systemd.automount 0 2

Unfortunately this does not unlock the volume when accessing it.
Instead the program hangs while trying to do I/O.

Everything is working correctly if I manually execute cryptsetup open.

Any ideas why this is not working? :roll_eyes:

The only pointer that I found in the journal log is:

Mar 31 21:49:47 hyperion systemd[1]: Timed out waiting for device dev-raid\x2dvg-raid.device.

It also seems like systemd-cryptsetup-generator does not generate the unit for the entry.

Thanks!

Digging deeper I found out that a .service file is actually generated:

cat /var/run/systemd/generator/[email protected]\\x2dd2674f88\\x2db48d\\x2d4ed4\\x2d9eb8\\x2de37a3a4bf438.service 
# Automatically generated by systemd-cryptsetup-generator

[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:[email protected](8)
SourcePath=/etc/crypttab
DefaultDependencies=no
Conflicts=umount.target
IgnoreOnIsolate=true
After=cryptsetup-pre.target
Before=cryptsetup.target
RequiresMountsFor=/etc/raid.key
BindsTo=dev-disk-by\x2duuid-d2674f88\x2db48d\x2d4ed4\x2d9eb8\x2de37a3a4bf438.device
After=dev-disk-by\x2duuid-d2674f88\x2db48d\x2d4ed4\x2d9eb8\x2de37a3a4bf438.device
Before=umount.target

[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
ExecStart=/usr/lib/systemd/systemd-cryptsetup attach 'luks-d2674f88-b48d-4ed4-9eb8-e37a3a4bf438' '/dev/disk/by-uuid/d2674f88-b48d-4ed4-9eb8-e37a3a4bf438' '/etc/raid.key' 'noauto,luks'
ExecStop=/usr/lib/systemd/systemd-cryptsetup detach 'luks-d2674f88-b48d-4ed4-9eb8-e37a3a4bf438'

But it seems like it is not used.

systemctl list-unit-files --all --full|grep cryptsetup
[email protected]\x2dd2674f88\x2db48d\x2d4ed4\x2d9eb8\x2de37a3a4bf438.service generated
cryptsetup-pre.target                                                               static         
cryptsetup.target                                                                   static         
remote-cryptsetup.target                                                            disabled                                                   

When manually starting it /raid is usable.

I also tried adding the luks.uuid= kernel parameter without success.

Well I guess this is a typical case of a layer 8 problem.
It cannot work, because there is no link between the fstab entry and the crypttab entry.
When removing the noauto flag from crypttab it works :laughing: