The officially official Devuan Forum!

You are not logged in.

#26 2019-08-21 17:19:02

Jafa
Member
Registered: 2019-08-21
Posts: 5  

Re: Shutdown encrypted LVM on Beowulf

My approach to this was to change the line:

for i in 1 2 4 8 16 32; do

to:

for i in 1; do

My reasoning is this; This do_stop() function always fails. Always. The failure is innocuous. Always. Soo .. the only thing I need to do is mitigate the timeout interval before failure.

I read somewhere on a Debian site that the function is trying to affect something that has already shut down or unmounted.

Offline

#27 2019-10-26 19:30:51

devujan
Member
Registered: 2019-10-26
Posts: 3  

Re: Shutdown encrypted LVM on Beowulf

I had the same problem with DEVUAN ASCII.
I filed a bug and a patch - but nobody was/felt responsible....
https://bugs.devuan.org/db/23/237.html

For beowulf I had to change it slightly - I didn't file it yet. Here is the part
from my ascii patch which basically needs other line numbers is beowulf.
(The obvious problem is still there - unpatched.)
If you look for the file "cryptdisks.functions" and change the function "do_stop()" accordingly the problem is solved.
In beowulf I also adjusted the local variables to only "vgs" and "vg" as far as I remember.
I plan to file the next day a patch for beowulf.
Maybe this time - this quality issue can be resolved.

------------------------patch------------------------------------------------------
--- /lib/cryptsetup/cryptdisks.functions.orig   2018-08-14 17:12:31.543227705 +0200
+++ /lib/cryptsetup/cryptdisks.functions        2018-08-23 16:36:23.849064962 +0200
@@ -763,9 +763,17 @@
 
 # Removes all mappings in crypttab
 do_stop () {
-       local dst src key opts opencount major minor
+       local dst src key opts opencount major minor vgs vg
 
        dmsetup mknodes
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1 
+          done 
+         fi
+        fi
        log_action_begin_msg "Stopping $INITSTATE crypto disks"
 
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
------------------------patch/-----------------------------------------------------

.

The above patch silently varys off the VGs and makes handle_crypttab_line_stop work

So shame on the cryptsetup admins of debian and devuan.
They never tested the system with a encrypted root partition.

Offline

#28 2019-10-27 13:01:12

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,244  

Re: Shutdown encrypted LVM on Beowulf

There are no devuan cryptsetup devs to shame.

I did get someone else to look at this, and we will probably make a package that replaces the functions file similar to the one that mx/antix uses.

Offline

#29 2019-10-27 19:41:43

devujan
Member
Registered: 2019-10-26
Posts: 3  

Re: Shutdown encrypted LVM on Beowulf

Dear fsmithred, thank you for having somebody looking on how to incorporate that solution to another package - which will replace the cryptdisks.functions in the future.
It would be nice if #720340 could be closed with the help of:

--- /lib/cryptsetup/cryptdisks-functions.orig   2019-09-30 21:17:28.999962846 +0200
+++ /lib/cryptsetup/cryptdisks-functions        2019-09-30 21:24:53.219944630 +0200
@@ -180,6 +180,15 @@
 # Removes all mappings in crypttab
 do_stop() {
     dmsetup mknodes
+    local vgs vg
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
+          done
+         fi
+        fi
     log_action_begin_msg "Stopping $INITSTATE crypto disks"

     crypttab_foreach_entry _do_stop_callback

I just failed with submitting that solution via reportbug.

Offline

#30 2019-10-27 21:57:29

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,244  

Re: Shutdown encrypted LVM on Beowulf

You can run reportbug to get a report, but you need to submit the bug by email. For cryptsetup, you'd need to send it to debian's bug list, but I wouldn't bother. They aren't going to fix it. From the bug report you cited:

There's no easy solution to fix this instead of using a initramfs which
is executed just after root device has been unmounted. To my knowledge,
this is not implemented for sysvinit shutdown process in Debian yet.
Tagging the bug as wontfix for that reason.

Offline

#31 2019-10-28 17:49:25

devujan
Member
Registered: 2019-10-26
Posts: 3  

Re: Shutdown encrypted LVM on Beowulf

Thank you - but to my experience - “using a initramfs hook after root device has been unmounted” is not necessary.
It is completely sufficient to vary off the volume groups with vgchange - as demonstrated in my patch. (My computers (with root on encrypted lvm) running with that patch - shut down immediately, when I click on shutdown...)
The only concerns that might arise with that patch - are possible compatibility problems for high availability frame works. But to my experience those are usually that generic - that you have to “tattoo” the hardware environment into their surrounding scripts anyway. So this additional “feature” of safely shutting down all  volume groups - might be in there in another way already - and would be redundant with this patch in place...

Offline

Board footer