Shutdown encrypted LVM on Beowulf

Jafa · 2019-08-21 17:19:02

My approach to this was to change the line:

for i in 1 2 4 8 16 32; do

to:

for i in 1; do

My reasoning is this; This do_stop() function always fails. Always. The failure is innocuous. Always. Soo .. the only thing I need to do is mitigate the timeout interval before failure.

I read somewhere on a Debian site that the function is trying to affect something that has already shut down or unmounted.

devujan · 2019-10-26 19:30:51

I had the same problem with DEVUAN ASCII.
I filed a bug and a patch - but nobody was/felt responsible....
https://bugs.devuan.org/db/23/237.html

For beowulf I had to change it slightly - I didn't file it yet. Here is the part
from my ascii patch which basically needs other line numbers is beowulf.
(The obvious problem is still there - unpatched.)
If you look for the file "cryptdisks.functions" and change the function "do_stop()" accordingly the problem is solved.
In beowulf I also adjusted the local variables to only "vgs" and "vg" as far as I remember.
I plan to file the next day a patch for beowulf.
Maybe this time - this quality issue can be resolved.

------------------------patch------------------------------------------------------
--- /lib/cryptsetup/cryptdisks.functions.orig   2018-08-14 17:12:31.543227705 +0200
+++ /lib/cryptsetup/cryptdisks.functions        2018-08-23 16:36:23.849064962 +0200
@@ -763,9 +763,17 @@
 
 # Removes all mappings in crypttab
 do_stop () {
-       local dst src key opts opencount major minor
+       local dst src key opts opencount major minor vgs vg
 
        dmsetup mknodes
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1 
+          done 
+         fi
+        fi
        log_action_begin_msg "Stopping $INITSTATE crypto disks"
 
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
------------------------patch/-----------------------------------------------------

.

The above patch silently varys off the VGs and makes handle_crypttab_line_stop work

So shame on the cryptsetup admins of debian and devuan.
They never tested the system with a encrypted root partition.

fsmithred · 2019-10-27 13:01:12

There are no devuan cryptsetup devs to shame.

I did get someone else to look at this, and we will probably make a package that replaces the functions file similar to the one that mx/antix uses.

devujan · 2019-10-27 19:41:43

Dear fsmithred, thank you for having somebody looking on how to incorporate that solution to another package - which will replace the cryptdisks.functions in the future.
It would be nice if #720340 could be closed with the help of:

--- /lib/cryptsetup/cryptdisks-functions.orig   2019-09-30 21:17:28.999962846 +0200
+++ /lib/cryptsetup/cryptdisks-functions        2019-09-30 21:24:53.219944630 +0200
@@ -180,6 +180,15 @@
 # Removes all mappings in crypttab
 do_stop() {
     dmsetup mknodes
+    local vgs vg
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
+          done
+         fi
+        fi
     log_action_begin_msg "Stopping $INITSTATE crypto disks"

     crypttab_foreach_entry _do_stop_callback

I just failed with submitting that solution via reportbug.

fsmithred · 2019-10-27 21:57:29

You can run reportbug to get a report, but you need to submit the bug by email. For cryptsetup, you'd need to send it to debian's bug list, but I wouldn't bother. They aren't going to fix it. From the bug report you cited:

There's no easy solution to fix this instead of using a initramfs which
is executed just after root device has been unmounted. To my knowledge,
this is not implemented for sysvinit shutdown process in Debian yet.
Tagging the bug as wontfix for that reason.

devujan · 2019-10-28 17:49:25

Thank you - but to my experience - “using a initramfs hook after root device has been unmounted” is not necessary.
It is completely sufficient to vary off the volume groups with vgchange - as demonstrated in my patch. (My computers (with root on encrypted lvm) running with that patch - shut down immediately, when I click on shutdown...)
The only concerns that might arise with that patch - are possible compatibility problems for high availability frame works. But to my experience those are usually that generic - that you have to “tattoo” the hardware environment into their surrounding scripts anyway. So this additional “feature” of safely shutting down all volume groups - might be in there in another way already - and would be redundant with this patch in place...

rolfie · 2020-06-05 06:38:26

Yes, I can confirm it still works and is required for new installs.

rolfie

larsH · 2020-06-05 09:57:41

Hi

I will just mention that if you don't need LVM don't use it. I know that lvm on top of luks are the quite normal. But if you just want encryption then everything works just fine with plain luks encryption. But if you really need LVM and luks use the patch above. To help others that happens to get this problem please respnd to them and share the link to the patch with them.

Have a nice day
Lars H

fsmithred · 2020-06-05 10:42:14

Here's a copy of patched /lib/cryptsetup/cryptdisks-functions for beowulf:
https://git.devuan.org/devuan/cryptsetu … -functions
This will eventually be packaged and added to the devuan repo.

Last edited by fsmithred (2020-06-27 20:35:47)

Vizitor · 2020-06-06 10:18:14

larsH wrote:

... if you don't need LVM don't use it...

I always search for (ultra rare) Distro that have "FDE without LVM" enabled throuhg installer.
So, today I was delighted with Refracta installer from latest Live.iso! One of the best installer out there.
Ofcourse I picked FDE, without LVM, separate /boot partition - to have LUKS v.2, separate swap partition, and everything else on / ;
installation (in VBox) was quick.
Again, I thought this time will be different ..

Then, after rebooting from installed system, there was a suspicious 40 sec
delay ... but no any visible messages. Next time I pressed shutdown instead of reboot, and, as I suspected :

Stopping remaining crypt disks...root_fs (busy)...root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy)......

fsmithred · 2020-06-06 10:59:42

Vizitor wrote:

Stopping remaining crypt disks...root_fs (busy)...root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy).....root_fs (busy)......

Replace /lib/cryptsetup/cryptdisks-functions with the patched copy I linked above.

larsH · 2020-06-06 12:38:31

Hi

I would suggest you to try with the debian installer (netinstall Iso). The reason is I know it works with encryption on multiple disks, as well as a auto lvm+encryption on one disk. I am using encryption myself without any problems on multiple disks. It might be a bug or problem with the refracta installer. I haven't tried it because I can do anything I want (and a lot more) with the netinstall which I know from around 100 installs of debian, and is among the most flexible out there.

Have a nice day
Lars H

szutt · 2020-06-06 14:09:57

In my case, I installed two devuan systems (jessie and ascii) with the debian installer and it ends up with the same message (without the fsmithred patch).

Vizitor · 2020-06-06 14:53:30

Correct me if I am wrong, but doesn't fsmithred's patch applys only to the LVM FDE? I mean, will that work on non-LVM FDE system?

I will try with the debian installer (netinstall Iso) and report here after that.

Edit: by "non-LVME FDE" I mean simple luks encrypted system (root) not using LVME, having EFI and /boot unencrypted.

Last edited by Vizitor (2020-06-06 15:02:04)

fsmithred · 2020-06-06 15:17:37

The copy of cryptdisks-functions that I linked has two patches applied to it. One for lvm and one for plain luks-encrypted partitions.

For jessie and ascii, the file is cryptdisks.functions, not cryptidisks-functions. The files are very different, but the same changes work. I'm sure it's documented in several threads on this forum, probably including this one.

We did not fork cryptsetup, so you'll get the shutdown delay no matter how you install the system.

Vizitor · 2020-06-06 15:36:33

fsmithred wrote:

We did not fork cryptsetup

OK, thank You, this explains a lot.

Vizitor · 2020-06-06 16:03:33

I can confirm after replacing cryptdisks-functions with fsmithred's file, system shutdown delay is one second!
Thanks again!
P.S.
Long Live Refracta Installer!

rolfie · 2020-06-07 16:37:46

Outlook to Chimaera: there the issue is fixed.

rolfie

kuleszdl · 2020-06-27 17:46:09

@fsmithred: The link to your modified version stopped working, I assume this one is supposed to be the current one:

https://git.devuan.org/devuan/cryptsetu … -functions

fsmithred · 2020-06-27 20:33:36

kuleszdl wrote:

@fsmithred: The link to your modified version stopped working, I assume this one is supposed to be the current one:
https://git.devuan.org/devuan/cryptsetu … -functions

Yeah, that's it. 'devuan-packages' on git changed to 'devuan' on the new server.

git.devuan.org is now the same place as gitea.devuan.dev. The old git is at gitlab.devuan.org in case anyone wants to retrieve something before it goes away completely.

Thanks. I fixed the link in my earlier post.

devujan · 2020-08-04 19:02:36

@fsmithred until now 4. Aug CEST 2020 the patch is not active in beowulf. I am installing an pcengines apu with beowulf and get well known errors on shutdown.

Best wishes Jan

fsmithred · 2020-08-10 12:17:45

@devujan:

Sorry for the long delay. You can now install cryptsetup-modified-functions in beowulf to correct the problem. The package is now in beowulf-proposed-updates.

Download and install the package:
https://pkgmaster.devuan.org/devuan/poo … n1_all.deb

Or add beowulf-proposed-updates to sources.list:

deb http://deb.devuan.org/merged beowulf-proposed-updates main

devujan · 2020-08-15 11:48:13

@fsmithred

Thank you! Works like a charm. I'll include that in my tutorial on full disk encrypted devuan.

walter · 2021-05-20 18:00:46

I can confirm that the situation persists.
My recent update of
cryptsetup (2:2.3.4-1) to 2:2.3.5-1~bpo10+1
cryptsetup-bin (2:2.3.4-1) to 2:2.3.5-1~bpo10+1
cryptsetup-initramfs (2:2.3.4-1) to 2:2.3.5-1~bpo10+1
cryptsetup-run (2:2.3.4-1) to 2:2.3.5-1~bpo10+1
replaced /lib/cryptsetup/cryptdisks-functions and created the same issue of hangup during shutdown. Edit of /lib/cryptsetup/cryptdisks-functions and inserting of

dmsetup mknodes
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1 
+          done 
+         fi
+        fi
log_action_begin_msg "Stopping $INITSTATE crypto disks"

did the job.
Works very well on my setup and shutdown is as fast as expected.

tylerdurden · 2021-06-08 12:10:29

I keep a copy of that patch around on my machines in case I do a fresh reinstall. Has worked like a charm for me. Thanks for this!

The officially official Devuan Forum!

#26 2019-08-21 17:19:02

Re: Shutdown encrypted LVM on Beowulf

#27 2019-10-26 19:30:51

Re: Shutdown encrypted LVM on Beowulf

#28 2019-10-27 13:01:12

Re: Shutdown encrypted LVM on Beowulf

#29 2019-10-27 19:41:43

Re: Shutdown encrypted LVM on Beowulf

#30 2019-10-27 21:57:29

Re: Shutdown encrypted LVM on Beowulf

#31 2019-10-28 17:49:25

Re: Shutdown encrypted LVM on Beowulf

#32 2020-06-05 06:38:26

Re: Shutdown encrypted LVM on Beowulf

#33 2020-06-05 09:57:41

Re: Shutdown encrypted LVM on Beowulf

#34 2020-06-05 10:42:14

Re: Shutdown encrypted LVM on Beowulf

#35 2020-06-06 10:18:14

Re: Shutdown encrypted LVM on Beowulf

#36 2020-06-06 10:59:42

Re: Shutdown encrypted LVM on Beowulf

#37 2020-06-06 12:38:31

Re: Shutdown encrypted LVM on Beowulf

#38 2020-06-06 14:09:57

Re: Shutdown encrypted LVM on Beowulf

#39 2020-06-06 14:53:30

Re: Shutdown encrypted LVM on Beowulf

#40 2020-06-06 15:17:37

Re: Shutdown encrypted LVM on Beowulf

#41 2020-06-06 15:36:33

Re: Shutdown encrypted LVM on Beowulf

#42 2020-06-06 16:03:33

Re: Shutdown encrypted LVM on Beowulf

#43 2020-06-07 16:37:46

Re: Shutdown encrypted LVM on Beowulf

#44 2020-06-27 17:46:09

Re: Shutdown encrypted LVM on Beowulf

#45 2020-06-27 20:33:36

Re: Shutdown encrypted LVM on Beowulf

#46 2020-08-04 19:02:36

Re: Shutdown encrypted LVM on Beowulf

#47 2020-08-10 12:17:45

Re: Shutdown encrypted LVM on Beowulf

#48 2020-08-15 11:48:13

Re: Shutdown encrypted LVM on Beowulf

#49 2021-05-20 18:00:46

Re: Shutdown encrypted LVM on Beowulf

#50 2021-06-08 12:10:29

Re: Shutdown encrypted LVM on Beowulf

Board footer