So I think I have the issue where a patch for LVM2 corrupted initrd. I have tried to walk through the solution noted here but am running into an issue where I have several partitions encrypted which is preventing @lipinger script from working.
Your post is a bit short on information, so it is hard to be explicit.
I am using an encrypted LVM.
If I need to do a rescue, then
1: Boot from the install media in rescue mode or from live media. It needs to be the same architecture.
2: Open the encrypted partition.
cryptsetup luksOpen /dev/sda5 cr_lvm
the “cr_lvm” name is just a virtual name, though it is best that it match what is in “/etc/crypttab”. The tricky part is that you cannot yet read “/etc/crypttab”. So I sometimes use an arbitrary name, to read “/etc/crypttab”. And then, I start over and use the name from “/etc/crypttab”.
2: Access the LVM:
vgchange -a y
ls /dev/mapper
The second of those lines will tell you whether you accessed it or not. In your case, the LVM is named “system”, but it could be something else. So I’ll use “lvmname” for that.
3:
mount /dev/mapper/lvmname-root /mnt
mount /dev/mapper/lvmname-home /mnt/home
mount /dev/sda2 /mnt/boot ### check appropriate device for this
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
mount --bind /dev /mnt/dev
chroot /mnt
4: Then, within the “chroot” environment, you should be able to run “mkinitrd”, and possibly grub update commands
5:
exit
I hope that helps.
After a successful reboot, check if swap is properly setup. If not, do that manually and do another “mkinitrd” on the booted system.
Let me know what additional information would be helpful in getting this resolved.
I am booting into rescue mode using a 13.1 OpenSuse dvd, same which was used to install the system.
When I try to open sda5 I get the following
cryptsetup luksOpen /dev/sda5 cr_lvm5
Enter passphrase for /dev/sda5
/dev/mapper/temporary-cryptsetup-1850: mknod for temporary-cryptsetup-1850 failed: Read-only file system
Failed to open temporary keystore device.
So it is complaining about a read only file system but not sure why as I am running this in rescue under “Root” and permissions are 755 on /dev/mapper
Thanks again for the quick response and I am happy to provide additional information which will help resolve the issue.
I’m not sure about that “read only” problem. It might be referring to the DVD, which is read-only. But booting from the DVD in rescue mode should have provided some sort of read-write file system, usually a ramdisk.
Are those three partitions (flagged as LVM) all encrypted? Are they independent, or are they all part of a single LVM that combines several partitions?
I’m still a little puzzled by the “readonly” problem you are seeing.
Maybe boot the install DVD into install mode, rather than rescue mode. Then, at the first screen (maybe license acceptance screen), use CTRL-ALT-F2 to get to a virtual console. Try opening the encrypted partitions from there. Or download the live rescue CD, which runs XFCE and may be easier to use.
Are they independent, or are they all part of a single LVM that combines several partitions?
I believe they are independent but I could be wrong. I believe the partitions are as follows.
sda1 = unknown
sda2 = MBR/unknown
sda3 = root/system partition
sda4 = home partition
sda5 = swap partition
Maybe boot the install DVD into install mode, rather than rescue mode. Then, at the first screen (maybe license acceptance screen), use CTRL-ALT-F2 to get to a virtual console. Try opening the encrypted partitions from there. Or download the live rescue CD, which runs XFCE and may be easier to use.
I will download the rescue CD but going back to my root issue I believe my main issue is the LVM2 update, as documented in the solution post I noted, the rescue mode was used.
Based on the post by Lipinger, this issue should be recoverable, however without decrypting my partitions I believe that is where I am stuck.
At minimum I would need to recover the data in my home directory and unfortunately my last backup is too old to be sufficient without considerable loss.
I used a bootable usb with the rescue image using the Xfce.
Using the bootable USB I am able to access the various points which are all noted as LVM2_members.
# cryptsetup luksOpen /dev/sda3 cr_lvm
Enter passphrase for /dev/sda3:
# vgchange -a y
WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
Couldn't find device with uuid pOpdt0-4y04-Wzuj-Rmuv-o9p4-e2c4-yFqgeS.
Couldn't find device with uuid QpS6uy-an2l-NHmy-dkIm-o1Oq-2dcK-12zHqU.
Refusing activation of partial LV home. Use --partial to override.
# cryptsetup luksOpen /dev/sda4 cr_lvn
Enter passphrase for /dev/sda4:
# cryptsetup luksOpen /dev/sda5 cr_lvo
Enter passphrase for /dev/sda5:
From there I am able to mount root, home and swap.
Now that I am able to access the encrypted partition, I need to correct the initrd to correct the faulty LVM2. This is where I could use some additional help to ensure I get it done correctly.
Look in the root file system. In particular, look at “/etc/fstab” (relative to that system-root). See if there is a separate “/boot” and find where it is.
Maybe, while you are about it, you should look at “/etc/crypttab”. Perhaps print it or hand-write it (should be short). The names used there are the best names to use in “cryptsetup” when unlocking a LUKS file system.
I see no point in having separate partitions if you plan on LVM. LVM is made to expand and can be linked together. Normally you would have one LVM container on a drive with the file systems as separate entities in the container. That way you only need one password. using 3 LVM you would need a password for each.
Look in the root file system. In particular, look at “/etc/fstab” (relative to that system-root). See if there is a separate “/boot” and find where it is.
Here is fstab - I am a bit unsure about the whole by-id mapping for boot.
Going back to my root issue, fixing initrd. Based on all the information I have provided, what and where should I mount my filesystem so I can fix this issue where system-root can’t be found when booting?
I just followed the install setup and the only change I made was to have my home mount to have the greatest disk space vs root and for home to be encrypted. Not sure how I ended up with this setup but it is what I have, what I really wish I had a solution for was the patch which totally forked my initrd so I can get this system back up and running.
The “-part2” indicates that it is partition 2 on whatever drive. Looking at your earlier “fdisk” output, it looks as if “/boot” is “/dev/sda2” and your EFI partition is “/dev/sda1”.
For your recovery attempt, try this (after making the LVM accessible):
# mount /dev/mapper/system-root /mnt
# mount /dev/mapper/system-home /mnt/home ## probably not strictly needed
# mount /dev/sda2 /mnt/boot
# mount /dev/sda1 /mnt/boot/efi
#### and now some bind mounts
# mount --bind /dev /mnt/dev
# mount --bind /proc /mnt/proc
# mount --bind /sys /mnt/sys
#### next, chroot into the mounted system
# chroot /mnt
# mkinitrd ### rebuild the "initrd"
# exit ### leave the chroot environment
Anything above following “###” is a comment and you don’t need to enter that. The single "# " at the beginning of the line is the shell prompt, though it might be different.
When done, reboot and see if the problem is solved.
I’m not sure this will solve the problem. If this solves the problem, then the problem should not have occurred in the first place. Still, it is worth trying.
When booting, after this attempt, hit ESC soon after you have provided the encryption key. That way you will see a lot of messages on screen. Maybe they will hint at other problems.
Well I keep telling people they must read the partition scheme screen and understand it before accepting it. It may not be what you thought you set. This comes from not totally understanding partitioning. and the mired of options. The installer does nothing fancy by itself. Often for encryption LVM is used since it is a nice container that is easy to encrypt. However normally you only have one LVM container. A LVM container can hold multiple file systems. LVM containser can be changed together to even across drive to provide a logical file storage space Your set up is just more complicated then it needs to be. I think you may always have problems with it IMO you should take a deep breath and reinstall doing things correctly and paying attention to the scheme screen before accepting what the installer THINKS you want.
I hate the take this thread on a tangent however you certainly make some valid points and in the sake of better understanding best practices I have a few questions.
Should root, swap and home be its own partition? if not why?
Would you use a different partitioning scheme when a installing an encrypted setup?
If I was to fix reinstall, what would your recommendation be to setup this system with “Best Practices” in mind, with the home directory having majority of the storage and encrypted?
I have certainly learned a few things trying to recover this system and considering I have been able to backup all my data at this time, while I would hate to loose another 2 hours to reinstall. It might be the best solution in the end.
Thanks for your time, I appreciate a detailed reply.
Ok You need to distinguish between classical partitions and LVM containers. Then we have file systems.
You can put any classical partition and thus file system in a LVM
swap is its own file system so should be separate from any other file system, though it can also be set to use a file on root but I’d expect some speed degradation.
root is the base of the system so it should be in its own partition but some people break out directories to their own partitions to ease maintenance.
home is a directory off of / it does not have to be a separate partition but ease of maintenance and upgrades says it is wise to keep it separate because that is where all users personal data and settings live.
There is no RIGHT way to partition but there are some tried a truly configuration that make life easier. The default swap/root/home partitions are tried and true. LVM is good for encryption and large system because it is extensible and acts as a container thus simplifying encryption. With encrypted LVM you need to make a /boot partition also outside any LVM since grub can’t boot to a LVM or any encrypted partition. So I’d set up a /boot partition about 500 meg then the rest of free space I’d put an encrypted LVM in that LVM I’d add swap/root/home of appropriate size and file system. If you have special needs then you may want to consider other configuration but this one is fine for most Desktop users
However, I did ask you to check “/etc/crypttab”. You never responded on that.
Up through opensuse 13.1, the “mkinitrd” looked at what was actually mounted, so would work even without an entry in “/etc/crypttab”. With the switch to “dracut”, this is no longer true. People who did not have an entry for their LVM in “/etc/crypttab” ran into problems when they updated 13.1 to 13.2.
That rebuilds for a specific kernel. I hope that is the kernel that you are using.
At some time during 13.1, some people ran into problems with “lvmetad”. You might check “/etc/lvm/lvm.conf” and check the line “use_lvmetad = 0”. If it is not set to 0, try setting to 0. Then you will have to rebuild the “initrd” again after any change.
I never ran into those problems on my systems, so I’m not sure that it is related.e
I am aware of that and that is why I felt the solution first noted applied to my issue.
Checked my lvm.conf and mine is set to zero
I am going to run through the steps again and and post in hopes of correcting this issue.
Your assistance with crypto luks has allowed me to access my home partition and backup everything to an external drive.
@gogalthrop has been so kind to point out the error in my system setup I may just wipe the system and do a clean install with 13.2 if I am unable to resolve the issue.