The officially official Devuan Forum!

You are not logged in.

#26 2019-08-21 17:19:02

Jafa
Member
Registered: 2019-08-21
Posts: 5  

Re: Shutdown encrypted LVM on Beowulf

My approach to this was to change the line:

for i in 1 2 4 8 16 32; do

to:

for i in 1; do

My reasoning is this; This do_stop() function always fails. Always. The failure is innocuous. Always. Soo .. the only thing I need to do is mitigate the timeout interval before failure.

I read somewhere on a Debian site that the function is trying to affect something that has already shut down or unmounted.

Offline

#27 2019-10-26 19:30:51

devujan
Member
Registered: 2019-10-26
Posts: 8  

Re: Shutdown encrypted LVM on Beowulf

I had the same problem with DEVUAN ASCII.
I filed a bug and a patch - but nobody was/felt responsible....
https://bugs.devuan.org/db/23/237.html

For beowulf I had to change it slightly - I didn't file it yet. Here is the part
from my ascii patch which basically needs other line numbers is beowulf.
(The obvious problem is still there - unpatched.)
If you look for the file "cryptdisks.functions" and change the function "do_stop()" accordingly the problem is solved.
In beowulf I also adjusted the local variables to only "vgs" and "vg" as far as I remember.
I plan to file the next day a patch for beowulf.
Maybe this time - this quality issue can be resolved.

------------------------patch------------------------------------------------------
--- /lib/cryptsetup/cryptdisks.functions.orig   2018-08-14 17:12:31.543227705 +0200
+++ /lib/cryptsetup/cryptdisks.functions        2018-08-23 16:36:23.849064962 +0200
@@ -763,9 +763,17 @@
 
 # Removes all mappings in crypttab
 do_stop () {
-       local dst src key opts opencount major minor
+       local dst src key opts opencount major minor vgs vg
 
        dmsetup mknodes
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1 
+          done 
+         fi
+        fi
        log_action_begin_msg "Stopping $INITSTATE crypto disks"
 
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
------------------------patch/-----------------------------------------------------

.

The above patch silently varys off the VGs and makes handle_crypttab_line_stop work

So shame on the cryptsetup admins of debian and devuan.
They never tested the system with a encrypted root partition.

Offline

#28 2019-10-27 13:01:12

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

There are no devuan cryptsetup devs to shame.

I did get someone else to look at this, and we will probably make a package that replaces the functions file similar to the one that mx/antix uses.

Offline

#29 2019-10-27 19:41:43

devujan
Member
Registered: 2019-10-26
Posts: 8  

Re: Shutdown encrypted LVM on Beowulf

Dear fsmithred, thank you for having somebody looking on how to incorporate that solution to another package - which will replace the cryptdisks.functions in the future.
It would be nice if #720340 could be closed with the help of:

--- /lib/cryptsetup/cryptdisks-functions.orig   2019-09-30 21:17:28.999962846 +0200
+++ /lib/cryptsetup/cryptdisks-functions        2019-09-30 21:24:53.219944630 +0200
@@ -180,6 +180,15 @@
 # Removes all mappings in crypttab
 do_stop() {
     dmsetup mknodes
+    local vgs vg
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
+          done
+         fi
+        fi
     log_action_begin_msg "Stopping $INITSTATE crypto disks"

     crypttab_foreach_entry _do_stop_callback

I just failed with submitting that solution via reportbug.

Offline

#30 2019-10-27 21:57:29

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

You can run reportbug to get a report, but you need to submit the bug by email. For cryptsetup, you'd need to send it to debian's bug list, but I wouldn't bother. They aren't going to fix it. From the bug report you cited:

There's no easy solution to fix this instead of using a initramfs which
is executed just after root device has been unmounted. To my knowledge,
this is not implemented for sysvinit shutdown process in Debian yet.
Tagging the bug as wontfix for that reason.

Offline

#31 2019-10-28 17:49:25

devujan
Member
Registered: 2019-10-26
Posts: 8  

Re: Shutdown encrypted LVM on Beowulf

Thank you - but to my experience - “using a initramfs hook after root device has been unmounted” is not necessary.
It is completely sufficient to vary off the volume groups with vgchange - as demonstrated in my patch. (My computers (with root on encrypted lvm) running with that patch - shut down immediately, when I click on shutdown...)
The only concerns that might arise with that patch - are possible compatibility problems for high availability frame works. But to my experience those are usually that generic - that you have to “tattoo” the hardware environment into their surrounding scripts anyway. So this additional “feature” of safely shutting down all  volume groups - might be in there in another way already - and would be redundant with this patch in place...

Offline

#32 2020-06-05 06:38:26

rolfie
Member
Registered: 2017-11-25
Posts: 377  

Re: Shutdown encrypted LVM on Beowulf

Yes, I can confirm it still works and is required for new installs.

rolfie

Online

#33 2020-06-05 09:57:41

larsH
Member
Registered: 2020-05-05
Posts: 95  

Re: Shutdown encrypted LVM on Beowulf

Hi

I will just mention that if you don't need LVM don't use it. I know that lvm on top of luks are the quite normal. But if you just want encryption then everything works just fine with plain luks encryption. But if you really need LVM and luks use the patch above. To help others that happens to get this problem please respnd to them and share the link to the patch with them.

Have a nice day
Lars H

Offline

#34 2020-06-05 10:42:14

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

Here's a copy of patched /lib/cryptsetup/cryptdisks-functions for beowulf:
https://git.devuan.org/devuan/cryptsetu … -functions
This will eventually be packaged and added to the devuan repo.

Last edited by fsmithred (2020-06-27 20:35:47)

Offline

#35 2020-06-06 10:18:14

Vizitor
Member
Registered: 2018-06-08
Posts: 13  

Re: Shutdown encrypted LVM on Beowulf

larsH wrote:

... if you don't need LVM don't use it...

I always search for (ultra rare) Distro that have "FDE without LVM" enabled throuhg installer.
So, today I was delighted with Refracta installer from latest Live.iso! One of the best installer out there.
Ofcourse I picked FDE, without LVM, separate /boot partition - to have LUKS v.2, separate swap partition, and everything else on / ;
installation (in VBox) was quick.
Again, I thought this time will be different ..

Then, after rebooting from installed system, there was a suspicious 40 sec
delay ... but no any visible messages. Next time I pressed shutdown instead of reboot, and, as I suspected :

Stopping remaining crypt disks...root_fs (busy)...root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy)...... 

hmm

Offline

#36 2020-06-06 10:59:42

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

Vizitor wrote:
Stopping remaining crypt disks...root_fs (busy)...root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy)...... 

hmm

Replace /lib/cryptsetup/cryptdisks-functions with the patched copy I linked above.

Offline

#37 2020-06-06 12:38:31

larsH
Member
Registered: 2020-05-05
Posts: 95  

Re: Shutdown encrypted LVM on Beowulf

Hi

I would suggest you to try with the debian installer (netinstall Iso). The reason is I know it works with encryption on multiple disks, as well as a auto lvm+encryption on one disk. I am using encryption myself without any problems on multiple disks. It might be a bug or problem with the refracta installer. I haven't tried it because I can do anything I want (and a lot more) with the netinstall which I know from around 100 installs of debian, and is among the most flexible out there.

Have a nice day
Lars H

Offline

#38 2020-06-06 14:09:57

szutt
Member
Registered: 2019-02-03
Posts: 26  

Re: Shutdown encrypted LVM on Beowulf

In my case, I installed two devuan systems (jessie and ascii) with the debian installer and it ends up with the same message (without the fsmithred patch).

Offline

#39 2020-06-06 14:53:30

Vizitor
Member
Registered: 2018-06-08
Posts: 13  

Re: Shutdown encrypted LVM on Beowulf

Correct me if I am wrong, but doesn't fsmithred's patch applys only to the LVM FDE? I mean, will that work on non-LVM FDE system?

I will try with the debian installer (netinstall Iso) and report here after that.

Edit: by "non-LVME FDE" I mean simple luks encrypted system (root) not using LVME, having EFI and /boot unencrypted.

Last edited by Vizitor (2020-06-06 15:02:04)

Offline

#40 2020-06-06 15:17:37

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

The copy of cryptdisks-functions that I linked has two patches applied to it. One for lvm and one for plain luks-encrypted partitions.

For jessie and ascii, the file is cryptdisks.functions, not cryptidisks-functions. The files are very different, but the same changes work. I'm sure it's documented in several threads on this forum, probably including this one.

We did not fork cryptsetup, so you'll get the shutdown delay no matter how you install the system.

Offline

#41 2020-06-06 15:36:33

Vizitor
Member
Registered: 2018-06-08
Posts: 13  

Re: Shutdown encrypted LVM on Beowulf

fsmithred wrote:

We did not fork cryptsetup

OK, thank You, this explains a lot.

Offline

#42 2020-06-06 16:03:33

Vizitor
Member
Registered: 2018-06-08
Posts: 13  

Re: Shutdown encrypted LVM on Beowulf

I can confirm after replacing cryptdisks-functions with fsmithred's file, system shutdown delay is one second!
Thanks again!
P.S.
Long Live Refracta Installer!

Offline

#43 2020-06-07 16:37:46

rolfie
Member
Registered: 2017-11-25
Posts: 377  

Re: Shutdown encrypted LVM on Beowulf

Outlook to Chimaera: there the issue is fixed.

rolfie

Online

#44 2020-06-27 17:46:09

kuleszdl
Member
Registered: 2018-11-03
Posts: 84  

Re: Shutdown encrypted LVM on Beowulf

@fsmithred: The link to your modified version stopped working, I assume this one is supposed to be the current one:

https://git.devuan.org/devuan/cryptsetu … -functions

Offline

#45 2020-06-27 20:33:36

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,593  

Re: Shutdown encrypted LVM on Beowulf

kuleszdl wrote:

@fsmithred: The link to your modified version stopped working, I assume this one is supposed to be the current one:

https://git.devuan.org/devuan/cryptsetu … -functions

Yeah, that's it. 'devuan-packages' on git changed to 'devuan' on the new server.

git.devuan.org is now the same place as gitea.devuan.dev. The old git is at gitlab.devuan.org in case anyone wants to retrieve something before it goes away completely.

Thanks. I fixed the link in my earlier post.

Offline

#46 2020-08-04 19:02:36

devujan
Member
Registered: 2019-10-26
Posts: 8  

Re: Shutdown encrypted LVM on Beowulf

@fsmithred until now 4. Aug CEST 2020 the patch is not active in beowulf. I am installing an pcengines apu with beowulf and get well known errors on shutdown.

Best wishes Jan

Offline

Board footer