From owner-freebsd-stable@FreeBSD.ORG Sun Jan 16 01:04:38 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C6E61065693 for ; Sun, 16 Jan 2011 01:04:38 +0000 (UTC) (envelope-from cjr@cruwe.de) Received: from cruwe.de (t1850.greatnet.de [83.133.124.96]) by mx1.freebsd.org (Postfix) with ESMTP id DE7B98FC13 for ; Sun, 16 Jan 2011 01:04:37 +0000 (UTC) Received: (qmail 6258 invoked from network); 16 Jan 2011 01:04:35 -0000 Received: from p5b379ea7.dip.t-dialin.net (HELO dijkstra) (smtpallow@91.55.158.167) by t1850.greatnet.de with ESMTPA; 16 Jan 2011 01:04:35 -0000 Date: Sun, 16 Jan 2011 02:04:37 +0100 From: "Christopher J. Ruwe" To: freebsd-stable@freebsd.org Message-ID: <20110116020437.4e3e697e@dijkstra> In-Reply-To: <20110115213056.GE5335@garage.freebsd.pl> References: <20110113220019.0c18c7ef@dijkstra> <20110115213056.GE5335@garage.freebsd.pl> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; amd64-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/_CN0Zwcs0+Zmxq4Y.WAWLbS"; protocol="application/pgp-signature" Subject: Re: geli problems after installkernel & installworld X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2011 01:04:38 -0000 --Sig_/_CN0Zwcs0+Zmxq4Y.WAWLbS Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 15 Jan 2011 22:30:56 +0100 Pawel Jakub Dawidek wrote: > On Thu, Jan 13, 2011 at 10:00:19PM +0100, Christopher J. Ruwe wrote: > > I use a mostly geli encrypted hd on my Thinkpad R500, > > with /compat, /usr, /tmp and /var all on the encrypted geli > > provider. > >=20 > > After an upgrade of kernel and world (STABLE), I experience a weird > > issue: While booting, I am asked for the geli passphrase as usual. > > Completing password authentication for geli returns a success > > message, > >=20 > > cryptosoft0: on motherboard > > GEOM_ELI: Device ada0p3.eli created. > > GEOM_ELI: Encryption: AES-CBC 256 > > GEOM_ELI: Crypto: software > >=20 > > however, the zpool on geli is unavailable. > >=20 > > Logging in a root, I can attach the geli provider manually as geli > > itself should do from /etc/rc.conf. After a successful zfs mount > > -a, I can resume as usual after manually starting > > the /usr/local/rc.d services.=20 > >=20 > > Neither have I noticed a change in the device names nor any unusual > > messages from dmesg. Currently, I am doing a new compile run on > > world and kernel to attempt anew tomorrow. > >=20 > > Am I missing something? >=20 > Can you show the output of 'geli list' from a running system? >=20 Sure I can ... I'll additionally comment the output with what I do to. First I boot and my /usr/local/rc.d/ - schripts do not start. Likewise does zsh. =46rom doing geli list, I get (on stdout) Geom name: ada0p3.eli State: ACTIVE EncryptionAlgorithm: AES-CBC KeyLength: 256 Crypto: software UsedKey: 0 Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT, RW-DETACH Providers: 1. Name: ada0p3.eli Mediasize: 249656594432 (233G) Sectorsize: 4096 Mode: r0w0e0 Consumers: 1. Name: ada0p3 Mediasize: 249656596992 (233G) Sectorsize: 512 Mode: r1w1e1 Doing a zpool status -v gives on stdout pool: ntank state: UNAVAIL status: One or more devices could not be opened. There are insufficient replicas for the pool to continue functioning. action: Attach the missing device and online it using 'zpool online'. see: http://www.sun.com/msg/ZFS-8000-3C scrub: none requested config: NAME STATE READ WRITE CKSUM ntank UNAVAIL 0 0 0 insufficient replicas ada0p3.eli UNAVAIL 0 0 0 cannot open pool: rpool state: ONLINE status: The pool is formatted using an older on-disk format. The pool can still be used, but some features are unavailable. action: Upgrade the pool using 'zpool upgrade'. Once this is done, the pool will no longer be accessible on older software versions. scrub: none requested config: NAME STATE READ WRITE CKSUM rpool ONLINE 0 0 0 gptid/3ab00705-d22f-11df-8e1b-002713b40a7b ONLINE 0 0 0 errors: No known data errors and on stderr ( I noticed the output on stderr as I ran the command, so I just typed that) GEOM_ELI[1]: Device ada0p3.eli is still open, so it cannot be definitely removed. GEOM_ELI[1]: Detached ada0p3.eli on last close. When doing a geli attach -k /pathtomykey/key /dev/ada0p3 directly followed by a zfs mount -a, I have my filesystems where I am used to finding them. I run my /usr/local/rc.ds from there and am functional again. Then (I post this anwe, I will point out why later on), I get for geli list Geom name: ada0p3.eli State: ACTIVE EncryptionAlgorithm: AES-CBC KeyLength: 256 Crypto: software UsedKey: 0 Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT Providers: 1. Name: ada0p3.eli Mediasize: 249656594432 (233G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: ada0p3 Mediasize: 249656596992 (233G) Sectorsize: 512 Mode: r1w1e1 I never noticed that before, but, as I did not know which geli output you were asking for (the one not working or the one working), I diffed the two files and noticed, that directly after booting, the RW-DETACH flag is set. I do not know what that means nor do I know whether that matters, I find that curious, though. Thank you for your help, have a nice Sunday, kind regards, --=20 Christopher J. Ruwe TZ GMT + 1 --Sig_/_CN0Zwcs0+Zmxq4Y.WAWLbS Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBAgAGBQJNMkQsAAoJEJTIKW/o3iwU9+sQAJRiF2DLAwiW+j0tD4kFEAl5 UzFaKSmAbg6ujZtfaI04U3lMcm08NkET390SN98GLyu82OwwiW2jgHLU+5DL6yTZ 2fgnaLQd0ztYv5ynUwzMZSCVTMI8Du9NKy1zenzMe4WHRFZThZAqVW3U4VazRhlz AjhXQPD04nQI0AJW1N+9vPTzIshmYm3PPlzsj5VcaKhjixaP2jcJmQLlEkc1fr2u hPM62ZoFO0WP1raayaeu9t5No0lO1dHeWynyY6vAeraye2ldQE+LqA5b1GRhgEus 5Q6RdkbAyukXv7RQ1QaV01enUup5kLNYQPKN4rPiIaLIv57tJjcRuj00ZceugwQl 5Deh1Nuo1axljlGvbLrfbUPsUmW1ofD7aZmNuGX2+nAt8w2Z9JsDsUYqnzcNEcE5 0WOkpET/reVoIP1/bk+yI4DV+R6+rR6ta5yVYTIhQn4GGN12PLHKNspZ/qxXh6Wu 6raOH0N6oqU6GNTtlB8u0CHi/nYBGiYRNNljhX7mO1hgnW+sDpLYvzNPy+3BLJxi 9dU+VM81vrTeTs0OrfTYK9Fe10QETQvaRn69c6BG7ViiHKNi5IJ067LOEizQmdOL ImOetX1knCZvTU/6i7e2L9ECqmRQc2f7tuVZ6SdL87aLfQyOuuBdzNBsr2KLPmJ0 bfZkjI20Vtq5ETWzPJoO =D9rF -----END PGP SIGNATURE----- --Sig_/_CN0Zwcs0+Zmxq4Y.WAWLbS--