← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1879980] Re: Fail to boot with LUKS on top of RAID1 if the array is broken/degraded

 

** Changed in: mdadm (Ubuntu)
       Status: Confirmed => Opinion

** Changed in: initramfs-tools (Ubuntu)
       Status: Confirmed => In Progress

** Also affects: mdadm (Ubuntu Groovy)
   Importance: Medium
     Assignee: Guilherme G. Piccoli (gpiccoli)
       Status: Opinion

** Also affects: cryptsetup (Ubuntu Groovy)
   Importance: Medium
     Assignee: Guilherme G. Piccoli (gpiccoli)
       Status: In Progress

** Also affects: initramfs-tools (Ubuntu Groovy)
   Importance: Medium
     Assignee: Guilherme G. Piccoli (gpiccoli)
       Status: In Progress

** Also affects: mdadm (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: cryptsetup (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: initramfs-tools (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: mdadm (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: cryptsetup (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: initramfs-tools (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: mdadm (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: cryptsetup (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: initramfs-tools (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: mdadm (Ubuntu Xenial)
       Status: New => Opinion

** Changed in: mdadm (Ubuntu Bionic)
       Status: New => Opinion

** Changed in: cryptsetup (Ubuntu Xenial)
       Status: New => Opinion

** Changed in: cryptsetup (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: cryptsetup (Ubuntu Bionic)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: cryptsetup (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: cryptsetup (Ubuntu Xenial)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: cryptsetup (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: cryptsetup (Ubuntu Xenial)
       Status: Opinion => Won't Fix

** Changed in: cryptsetup (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: cryptsetup (Ubuntu Focal)
       Status: New => In Progress

** Changed in: cryptsetup (Ubuntu Focal)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: initramfs-tools (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: initramfs-tools (Ubuntu Xenial)
       Status: New => Won't Fix

** Changed in: initramfs-tools (Ubuntu Xenial)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: initramfs-tools (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: initramfs-tools (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: initramfs-tools (Ubuntu Bionic)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: initramfs-tools (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: initramfs-tools (Ubuntu Focal)
       Status: New => In Progress

** Changed in: initramfs-tools (Ubuntu Focal)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: mdadm (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: mdadm (Ubuntu Xenial)
       Status: Opinion => Won't Fix

** Changed in: mdadm (Ubuntu Xenial)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: mdadm (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: mdadm (Ubuntu Bionic)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

** Changed in: mdadm (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: mdadm (Ubuntu Focal)
       Status: New => Opinion

** Changed in: mdadm (Ubuntu Focal)
     Assignee: (unassigned) => Guilherme G. Piccoli (gpiccoli)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1879980

Title:
  Fail to boot with LUKS on top of RAID1 if the array is broken/degraded

Status in cryptsetup package in Ubuntu:
  In Progress
Status in initramfs-tools package in Ubuntu:
  In Progress
Status in mdadm package in Ubuntu:
  Opinion
Status in cryptsetup source package in Xenial:
  Won't Fix
Status in initramfs-tools source package in Xenial:
  Won't Fix
Status in mdadm source package in Xenial:
  Won't Fix
Status in cryptsetup source package in Bionic:
  In Progress
Status in initramfs-tools source package in Bionic:
  In Progress
Status in mdadm source package in Bionic:
  Opinion
Status in cryptsetup source package in Focal:
  In Progress
Status in initramfs-tools source package in Focal:
  In Progress
Status in mdadm source package in Focal:
  Opinion
Status in cryptsetup source package in Groovy:
  In Progress
Status in initramfs-tools source package in Groovy:
  In Progress
Status in mdadm source package in Groovy:
  Opinion
Status in cryptsetup package in Debian:
  New

Bug description:
  [Impact]
  * Considering a setup of a encrypted rootfs on top of md RAID1 device, Ubuntu is currently unable to decrypt the rootfs if the array gets degraded, like for example if one of the array members gets removed.

  * The problem has 2 main aspects: first, cryptsetup initramfs script
  attempts to decrypt the array only in the local-top boot stage, and in
  case it fails, it gives-up and show user a shell (boot is aborted).

  * Second, mdadm initramfs script that assembles degraded arrays
  executes later on boot, in the local-block stage. So, in a stacked
  setup of encrypted root on top of RAID, if the RAID is degraded,
  cryptsetup fails early in the boot, preventing mdadm to assemble the
  degraded array.

  [Proposed solution]
  * The solution hereby proposed has 3 components: first, cryptsetup script is modified to allow a gentle failure on local-top stage, then it retries for a while in a later stage (local-block). This gives time to other initramfs scripts to run, like mdadm in local-block stage.

  * Second, mdadm script was adjusted - currently, it retries for a
  while to assemble the arrays in a non-degraded mode, by waiting for
  udev to discover the missing devices. After some time, it gives-up and
  assembles all arrays as degraded. The adjust we made was only to
  reduce this number of attempts and fallback a bit faster to degraded
  array assembly.

  * Third, there's a difference in Ubuntu initramfs-tools compared to
  Debian's : in Ubuntu, we rely on wait-for-root, a binary meant to
  speed-up the boot process. Problem is that currently this approach
  prevents local-block scripts to run more than once (thus retrying
  mechanisms will fail). Our proposed solution changes initramfs-tools
  to allow some looping in local-block stage (as Debian), but still
  relying on wait-for-root. Also, we increased a bit the default
  rootdelay from 30 seconds to 60 seconds.

  
  [Test case]
  * Install Ubuntu in a Virtual Machine with 2 disks. Use the installer to create a RAID1 volume and an encrypted root on top of it.

  * Boot the VM, and use "sgdisk"/"wipefs" to erase the partition table
  from one of the RAID members. Reboot and it will fail to mount rootfs
  and continue boot process.

  
  [Regression potential]

  * There are potential for regressions, since this is a change in 3
  boot components. The patches were designed in a way to keep the
  regular case working, it changes the failure case which is not
  currently working anyway.

  * A potential issue in the initramfs-tools change is a bad script in
  local-block, lacking a good "halt" mechanism, to induce a boot loop
  condition. This problem would be exposed by the hereby proposed
  modification.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1879980/+subscriptions