Automount LUKS Volume fails
I built a RHEL 6u4 64 system as a lab for the RHCSA but the LUKS filesystem will not automount. The host was installed with the virtual host profile in the anaconda installer.
I can successfully mount the filesystem manually with the following: (This appears to be whats broken with init)
[root@kauai ~]# cryptsetup luksOpen /dev/sdb1 cryptLV
Enter passphrase for /dev/sdb1:
[root@kauai ~]# blkid
/dev/sda2: UUID="bb098ec9-b535-4f3a-8f02-a3db2a9a08c9" TYPE="ext4"
/dev/sda1: UUID="fcd19106-34c5-4593-bf30-3ef3f90b1aaf" TYPE="swap"
/dev/sdb1: UUID="d07c1901-4940-4944-8e33-e34c2b49f543" TYPE="crypto_LUKS"
/dev/mapper/cryptLV: UUID="c96a5e58-3f3b-4ab3-8eb4-afbb4d32fcf6" TYPE="ext4"
[root@kauai ~]# mount /mnt/cryptvol
[root@kauai ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 62G 45G 14G 77% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/mapper/cryptLV 2.0G 35M 1.9G 2% /mnt/cryptvol
[root@kauai ~]# cat /var/log/boot.log |grep -C3 -i -e err -e fail
Starting udev: [ OK ]
Setting hostname kauai.example.net: [ OK ]
INSECURE MODE FOR /etc/luks.key
modprobe: FATAL: Error inserting padlock_sha (/lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/crypto/padlock-sha.ko): No such device
Setting up Logical Volume Management: No volume groups foundILED]
[ OK ]
INSECURE MODE FOR /etc/luks.key
Checking filesystems [FAILED]
/dev/sda2: clean, 112203/4063232 files, 11860114/16252672 blocks
[ OK ]
Remounting root filesystem in read-write mode: [ OK ]
Mounting local filesystems: mount: special device /dev/mapper/cryptLV does not exist
[FAILED]
Enabling local filesystem quotas: [ OK ]
INSECURE MODE FOR /etc/luks.key
Enabling /etc/fstab swaps: [ OK ]
Entering non-interactive startup
Calling the system activity data collector (sadc)...
Checking acpi hot plug [ OK ]
--
VM communication interface: [ OK ]
VM communication interface socket family: [ OK ]
Guest filesystem driver: [ OK ]
Mounting HGFS shares: [FAILED]
Blocking file system: [ OK ]
Guest operating system daemon: [ OK ]
Starting cgconfig service: [ OK ]
--
Starting NFS statd: [ OK ]
Starting cups: [ OK ]
Mounting filesystems: mount: special device /dev/mapper/cryptLV does not exist
[FAILED]
Starting acpi daemon: [ OK ]
Starting HAL daemon: [ OK ]
Hyper-V drivers are not loaded.
Hyper-V KVP daemon not started: [WARNING]
Retrigger failed udev events [ OK ]
Loading autofs4: [ OK ]
Starting automount: [ OK ]
[root@kauai ~]# cat /etc/crypttab /etc/fstab
#/etc/crypttab
#DevMapperName #BlkDev #Passwd #Opts;2;3
cryptLV /dev/sdb1 /etc/luks.key
#
# /etc/fstab
# Created by anaconda on Thu Nov 21 14:05:06 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=bb098ec9-b535-4f3a-8f02-a3db2a9a08c9 / ext4 defaults 1 1
UUID=fcd19106-34c5-4593-bf30-3ef3f90b1aaf swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
#cryptfs
/dev/mapper/cryptLV /mnt/cryptvol ext4 defaults 0 0
##Password is 'passwdfs'
[root@kauai ~]# cat /etc/luks.key
passwdfs
Responses
A number of security-related tools (e.g., SSH) will refuse to work if the permissions on config files or directories are wrong. In your outputs, your error logs show:
INSECURE MODE FOR /etc/luks.key
Were it me, I'd start by verifying that the permissions on that file are set adequately-restricted (e.g. mode 400).
Hi Matthew,
I think that;
modprobe: FATAL: Error inserting padlock_sha (/lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/crypto/padlock-sha.ko): No such device
is a red herring in this case. It refers to a module that accesses hardware crypto to improve performance. If your hardware does not support the module, it will not load.
After changing the mode of /etc/luks.key to 400, does the system boot as expected (disregarding the padlock.sha error)?
Many thanks,
Mark
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
