NBDE client booting even when tang server is missing.
I am testing the Network-Bound disk encryption framework and I've been following a series of documents available both in and out RedHat's knowledge base.
One of the documents I've been following:
USING NETWORK-BOUND DISK ENCRYPTION
I have a kickstart that binds the encrypted disk to a tang server next remove the password, here is the %post section of the kickstart file:
** kickstart **
%post
clevis bind luks -f -k- -d /dev/sda2 tang '{"url":"http://192.168.1.20","thp":"lQvJI-QgwTBV6rn0bNimB6rnCUI"}' <<< "temppass"
echo -n "temppass" | cryptsetup luksRemoveKey /dev/sda2 -
%end
** Client **
[root@server ~]# luksmeta show -d /dev/sda2
0 inactive empty
1 active cb6e8904-81ff-40da-a84a-07ab9ab5715e
2 inactive empty
3 inactive empty
4 inactive empty
5 inactive empty
6 inactive empty
7 inactive empty
However, I am able to boot the server up typing the encyrping password, at boot time and at the console, when the tang server is not available.
I stop the tang server using this command:
systemctl disable tangd.socket --now
According to the documentation, this should not happen, I am looking for help and feedback.