Dracut not including crypttab and cryptsetup

ingham · April 27, 2021, 8:17pm

My old laptop died. I ordered a new one, and it came with Ubuntu preinstalled.

I moved three m.2 storage devices from the old to the new system. The new system will not boot into my Tumbleweed system, even though all of the storage is working file—I can see it and work with the files from the Ubuntu system.

Tumbleweed’s grub is working fine, and I can (try to) boot Tumbleweed or successfully boot Ubuntu.

The Tumbleweed problem seems to center around the encrypted (LUKS) storage, which is not getting set up properly and so it will not boot.

The system contains 4 m.2 drives:

nvme0: 1 LUKS partition, Tumbleweed
nvme1: EFI, /boot (unencrypted), and remainder is LUKS partition, all Tumbleweed
nvme2: 1 LUKS partition, Tumbleweed
nvme3: Ubuntu EFI, an unknown vfat partition, and the Ubuntu OS

The LUKS partitions when unencrypted make up physical volumes for LVM. When I type:


for u in 211543a5-8fbc-4a63-a5a3-0be8ae09387f 5d991118-3418-4f82-95b7-d7cd6f59ea31 d86f8c15-cd9f-44a3-9ac2-8af0a77d8b6a
do
    sudo cryptsetup open /dev/disk/by-partuuid/$u cr_$u
done
sudo vgscan

I can access the LVM volumes.

The initial problem was that

/etc/crypttab

had incorrect device names since things had changed from the old laptop. I fixed by using

/dev/disk/by-partuuid/

paths. The updated crypttab file works over in the Ubuntu system.

When in the chroot Tumbleweed, I rebuilt the initramfs using:

dracut  --install /etc/crypttab --no-hostonly --kmoddir ./lib/modules/5.11.15-1-default /boot/initrd-new 5.11.15-1-default

Unfortunately, this does not include /etc/crypttab, nor does it put cryptsetup in the initramfs (based on using lsinitrd on the created initrd file). I discovered this by waiting and then having dracut drop be into the emergency shell.

I do not know if it is related to the problem or not, but the Ubuntu kernel is an older one than what Tumbleweed is using. I am using this kernel when in the chroot environment.

So, my primary question is, how can I get dracut to put the files I need into the initramfs?
A secondary question is, I ran

zypper dup

in the chroot environment and it brought in a new kernel and rebuilt the initrd. However, this also did not work. Why not?

Thanks in advance for any suggestions.
Kenneth

nrickert · April 27, 2021, 9:12pm

I puzzled by this. For me, it has always worked. Whether I use “mkinitrd” or install a new kernel, the resulting “initrd” always has “/etc/crypttab”.

I have actually had problems with “ubuntu”. It seemed to not include “cryptab” if that file began with a comment line. I haven’t actually tried that in openSUSE, where I don’t think I have ever put a comment line in the file.

I’ll note, however, that my encrypted LVM uses only one partition. I am not combining several partitions to make up the LVM.

I normally use UUID to identify the partition in “crypttab”. Each partition you use should have a LUKS header with a UUID in that header.

arvidjaar · April 27, 2021, 9:19pm

ingham:

dracut  --install /etc/crypttab --no-hostonly --kmoddir ./lib/modules/5.11.15-1-default /boot/initrd-new 5.11.15-1-default
Unfortunately, this does not include /etc/crypttab, nor does it put cryptsetup in the initramfs

If you failed to boot you probably executed this command form Ubuntu and you never mentioned chroot into your installed system so /etc/crypttab refers to file on Ubuntu that probably does not exist. cryptsetup is not included if initrd is based on systemd and systemd is default on openSUSE.

ingham · April 27, 2021, 10:46pm

Before the old laptop died, I never had any problems with this either; it just worked and I never had to investigate it.

The dracut command was run while chrooted into the Tumbleweed environment. (I said this right above the code block containing the dracut command line I was using.)
Also to be clear, the grub config file references the dracut-produced initrd file.

My (new) crypttab uses UUID through /dev/disk/by-partuuid/abc123… paths. Specifically, here is my crypttab from the chroot (Tumbleweed) environment:

cr-auto-1  /dev/disk/by-partuuid/211543a5-8fbc-4a63-a5a3-0be8ae09387f none  x-initrd.attach
cr-auto-2  /dev/disk/by-partuuid/5d991118-3418-4f82-95b7-d7cd6f59ea31 none  x-initrd.attach
cr-auto-3  /dev/disk/by-partuuid/d86f8c15-cd9f-44a3-9ac2-8af0a77d8b6a none  x-initrd.attach

My crypttab does not start with a comment (I just checked). I also saw a bug report saying that missing a newline in the crypttab would cause it to be left out, so my file ends with a blank line just in case.

From some of what I have been reading, does dracut’s systemd even use cryptsetup? Could I be looking in the wrong place? But I am still baffled by why the file I explicitly ask to have installed into the initramfs is not.

Kenneth

ingham · April 27, 2021, 10:53pm

OK, this is really weird. I tried one more time and this time everything worked. I am typing this form booting into the Tumbleweed environment. I wish I could explain why it suddenly worked.

Thanks for the suggestions.

nrickert · April 28, 2021, 12:55am

I’m glad it is working, even if that is unexplained.