This topic is a note to future self, with lots of keywords for better googling (because searching for e.g. “ERROR: failed to install '/usr/bin/ldd:” provides whopping 4 (four) results none of which are relevant).
Problem: if you have an LUKS encrypted LVM and after updating the kernel and/or grub the system does not boot “Failed to execute /init (error -2)”, “no working init found”, and passing the boot parameter “init=/bin/bash” does not work as well — it means that the initramfs / initrd could not decrypt the root partition (“error -2” means “no such file” — i.e. no /sbin/init and no /bin/bash found on the root partition).
Solution:
- burn a bootable CD or LiveUSB, openSUSE preferred but any will work;
- boot from LiveUSB into the “Rescue system” (note: on openSUSE 15 rescue the login is “root” and the password is empty)
- decrypt the hard drive and mount the root partition of the installed system, or decrypt the LVM root partition and mount it
- mount remaining necessary directories then chroot into installed system
- run mkinitrd to regenerate the initial ram disk with all neccessary modules (lvm, etc), and run grub2-mkconfig to regenerate the grub boot menu config; watch for the errors and fix if any warnings/errors found!
- reboot and enjoy.
I hope no explanation needed for steps 1-2 so starting with step number 3)
we will mount the installed system into /mnt/, ensure that it is empty. if not - choose another directory; e.g. create it with mkdir /mychroot/ and use “/mychroot/” instead of “/mnt/” in all commands below
ls -la /mnt/
find which partitions are: LVM, boot drive, boot/EFI (if needed)
fdisk -l
example:
#Device Start End Sectors Size Type
#/dev/sda1 2048 616447 614400 300M Linux filesystem
#/dev/sda2 616448 821247 204800 100M EFI System
#/dev/sda3 821248 6309887 5488640 2.6G Linux swap
#/dev/sda4 6309888 500119268 493809381 235.5G Linux LVM
in my example sda1 is /boot/, sda2 is /boot/efi/, sda3 is swap (not needed in rescue), and sda4 is partition with encrypted LVM
the next steps vary depending on how you encrypted your system: you may have whole encrypted HDD partition and LVM inside it (as in my example); or you may have LVM on top with encrypted partition inside.
if encrypted HDD partition with LVM inside:
decrypt the partition
cryptsetup luksOpen /dev/sda4 sdasda
find the volume group
vgscan -v
fing the LVM
lvscan -v
activate the LVM with name “LVM-NAME”, found in the previous command, if not active yet.
lvchange -a y LVM-NAME
find the name of the root LVM partition with “ls -l /dev/LVM-NAME/” then mount it
mount /dev/LVM-NAME/PARTITION /mnt/
if LVM on top, with encrypted partition inside:
find the volume group
vgscan -v
fing the LVM
lvscan -v
activate the LVM with name “LVM-NAME”, found in the previous command
lvchange -a y LVM-NAME
decrypt the root partition of the installed system
cryptsetup luksOpen /dev/LVM-NAME/PARTITION asdasd
mount the root partition
mount /dev/mapper/asdasd /mnt/
Step number 4)
we need to mount boot partition of the HDD and several directories from the Rescue system inside the installed system:
/boot is most important! initrd will be stored there.
mount /dev/sda1 /mnt/boot/
mount /dev/sda2 /mnt/boot/efi/
mount --bind /proc/ /mnt/proc/
mount --bind /dev/ /mnt/dev/
mount --bind /dev/pts/ /mnt/dev/pts/
mount --bind /sys/ /mnt/sys/
not really necessary but will help if you want to connect to the internet using the NetworkManager
mount --bind /run/ /mnt/run/
mount --bind /var/run/ /mnt/var/run/
chroot into the installed system
chroot /mnt/
Step number 5)
generate the initramfs with the necessary modules
mkinitrd -f lvm2 -m “aes sha256 dm-crypt” 2>&1 | tee mk.log
read the log and search for errors and warnings and fix them
less mk.log
for example, I had a lot of errors like: dracut-install: ERROR: failed to install ‘/usr/bin/ldd:’ for ‘/bin/sh’ (note the colon after ldd), for ‘/usr/bin/udevadm’, and so on.
After running “/usr/bin/ldd” directly I saw something like “/usr/bin/ldd: /usr/bin/bash: no such file or directory”, and there really was no /usr/bin/bash in the installed system.
So I made a symlink “ln -s /bin/bash /usr/bin/bash” and errors went away.
generate initrd again if you found and fixed some errors. not necessary if there were no errors in the previous run.
mkinitrd -f lvm2 -m “aes sha256 dm-crypt” 2>&1 | tee mk.log
read the log and search for errors and warnings and fix them. repeat until there are no errors.
less mk.log
re-generate the boot config
grub2-mkconfig > grub_new.cfg
compare the old config with the new one. if everything looks good - replace the old config with the new one:
diff -u -w -B /boot/grub2/grub.cfg grub_new.cfg
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_backup
mv -f grub_new.cfg /boot/grub2/grub.cfg
Step number 6)
exit from the chroot, unmount all partitions, close the LUKS partition, reboot and enjoy.
exit
sync
umount /mnt/sys/
umount /mnt/proc/
umount /mnt/dev/pts/
umount /mnt/dev/
umount /mnt/var/run/
umount /mnt/run/
umount /mnt/boot/efi/
umount /mnt/boot/
umount/mnt/
if you have an encrypted HDD partition with LVM inside (like in my example):
lvchange -a n LVM-NAME
cryptsetup luksClose sdasda
or if you have an encrypted partition within LVM:
cryptsetup luksClose asdasd
lvchange -a n LVM-NAME
init 6 # reboot and hope for the best 
BONUS: how to connect to the Internet using NetworkManager inside chroot
systemd will not run any service, e.g. running
systemctl start NetworkManager
will result in “Running in chroot, ignoring request.”, so we need to run the binaries directly.
assuming that we are inside chroot already
#chroot /mnt
start DBUS
dbus-daemon --system
run NetworkManager directly, in the background. wpa_supplicant should start automatically with NetworkManager, if not - run it manually.
NetworkManager &
start udev to be able to use cards/modems
udevd --daemon
rescan connected devices
udevadm control -R
if you use mobile internet - run ModemManager directly, in the background.
ModemManager &
and connect to the Internet using your configured connection
nmcli connection up YOUR-CONNECTION-NAME
note: to be able to unmount the chroot directories you will have to kill all started programs, e.g. killall NetworkManager, wpa_supplicant, udevd, etc.
Cheers and Have a lot of fun!