How Do I Remove a LUKS Encrypted Device from the Boot Process on a RHEL v7.6 System
Good-day Folks,
I have a Virtual Machine running Red Hat Linux v7.6 (Maipo) that was shutdown gracefully over the weekend to accommodate a power outage. System was running fine without any issues, at least that I was aware of. Today I bring up the VM Hosts, power up this VM, provide the LUKS password to decrypt and noticed that it would not successfully boot up. When inspecting the boot process, as posted to the console, I noticed the following error:
[ TIME ] Time out waiting for device dev-disk-by\x2duuid-46c2fc88\x2d3cb4\x2d41cc\x2d87b7\x2dfe86c5b417c1.device.
[DEPEND] Dependency failed for Cryptography Setup for luks-46c2fc88-3cb4-41cc-87b7-fe86c5b417c1.
[DEPEND] Dependency failed for Local Encrypted Volumes
I started troubleshooting by popping in an install disk and booting into recovery mode, where I was able to get into Single User Mode with the root credentials and inspected the /etc/fstab
configuration, where I found an entry with the UUID referenced in the error above. However, it was commented out. So in uncommented it - thinking, perhaps, that a colleague may have accidentally commented it out. But before rebooting to retry, I noticed that that line was mapped to /home
, and there was another entry in the file that was also mapped to /home
but with a different UUID. So, I changed the mountpoint to /home2
, saved the fstab file, created the /home2
directory, and rebooted. The result was still the same, the boot process was hanging because the system was still trying to mount a device with UUID 46c2fc88-3cb4-41cc-87b7-fe86c5b417c1
.
I booted back into Single User Mode and ran blkid
to see if there was a block device with that UUID; there was not. For a sanity check, I also ran ls -l /dev/disk/by-uuid/
, lsblk
, and ls -lthr /dev/mapper
and all commands returned a list of devices that did not include the suspect UUID. At this point I'm convinced that this device does not exist.
So, how do I get LUKS to essentially forget about this device and stop it from being included in a decryption attempt at boot time?