From owner-freebsd-stable@FreeBSD.ORG Sun Jan 16 13:37:07 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 76D771065670 for ; Sun, 16 Jan 2011 13:37:07 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.18.44]) by mx1.freebsd.org (Postfix) with ESMTP id 082038FC0C for ; Sun, 16 Jan 2011 13:37:06 +0000 (UTC) Received: from [87.79.151.163] (helo=r500.local) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1PeSbF-0006zI-73; Sun, 16 Jan 2011 14:24:55 +0100 Date: Sun, 16 Jan 2011 14:24:58 +0100 From: Fabian Keil To: "Christopher J. Ruwe" Message-ID: <20110116142458.46435fde@r500.local> In-Reply-To: <20110116020437.4e3e697e@dijkstra> References: <20110113220019.0c18c7ef@dijkstra> <20110115213056.GE5335@garage.freebsd.pl> <20110116020437.4e3e697e@dijkstra> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; amd64-portbld-freebsd9.0) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2008-08-18.asc Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/xVlvc0Ksf75rivFNMbnOj18"; protocol="application/pgp-signature" X-Df-Sender: 775067 Cc: freebsd-stable@freebsd.org Subject: Re: geli problems after installkernel & installworld X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2011 13:37:07 -0000 --Sig_/xVlvc0Ksf75rivFNMbnOj18 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "Christopher J. Ruwe" wrote: > On Sat, 15 Jan 2011 22:30:56 +0100 > Pawel Jakub Dawidek wrote: >=20 > > On Thu, Jan 13, 2011 at 10:00:19PM +0100, Christopher J. Ruwe wrote: > > > I use a mostly geli encrypted hd on my Thinkpad R500, > > > with /compat, /usr, /tmp and /var all on the encrypted geli > > > provider. > > >=20 > > > After an upgrade of kernel and world (STABLE), I experience a weird > > > issue: While booting, I am asked for the geli passphrase as usual. > > > Completing password authentication for geli returns a success > > > message, > > >=20 > > > cryptosoft0: on motherboard > > > GEOM_ELI: Device ada0p3.eli created. > > > GEOM_ELI: Encryption: AES-CBC 256 > > > GEOM_ELI: Crypto: software > > >=20 > > > however, the zpool on geli is unavailable. > > >=20 > > > Logging in a root, I can attach the geli provider manually as geli > > > itself should do from /etc/rc.conf. After a successful zfs mount > > > -a, I can resume as usual after manually starting > > > the /usr/local/rc.d services.=20 > > >=20 > > > Neither have I noticed a change in the device names nor any unusual > > > messages from dmesg. Currently, I am doing a new compile run on > > > world and kernel to attempt anew tomorrow. > > >=20 > > > Am I missing something? > >=20 > > Can you show the output of 'geli list' from a running system? > >=20 >=20 > Sure I can ... I'll additionally comment the output with what I do to. >=20 > First I boot and my /usr/local/rc.d/ - schripts do not start. Likewise > does zsh. >=20 > From doing geli list, I get (on stdout) >=20 > Geom name: ada0p3.eli > State: ACTIVE > EncryptionAlgorithm: AES-CBC > KeyLength: 256 > Crypto: software > UsedKey: 0 > Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT, RW-DETACH > Providers: > 1. Name: ada0p3.eli > Mediasize: 249656594432 (233G) > Sectorsize: 4096 > Mode: r0w0e0 > Consumers: > 1. Name: ada0p3 > Mediasize: 249656596992 (233G) > Sectorsize: 512 > Mode: r1w1e1 >=20 > Doing a zpool status -v gives on stdout >=20 > pool: ntank > state: UNAVAIL > status: One or more devices could not be opened. There are insufficient > replicas for the pool to continue functioning. > action: Attach the missing device and online it using 'zpool online'. > see: http://www.sun.com/msg/ZFS-8000-3C > scrub: none requested > config: >=20 > NAME STATE READ WRITE CKSUM > ntank UNAVAIL 0 0 0 insufficient replicas > ada0p3.eli UNAVAIL 0 0 0 cannot open >=20 > pool: rpool > state: ONLINE > status: The pool is formatted using an older on-disk format. The pool > can still be used, but some features are unavailable. > action: Upgrade the pool using 'zpool upgrade'. Once this is done, the > pool will no longer be accessible on older software versions. > scrub: none requested > config: >=20 > NAME STATE READ > WRITE CKSUM rpool > ONLINE 0 0 0 > gptid/3ab00705-d22f-11df-8e1b-002713b40a7b ONLINE 0 > 0 0 >=20 > errors: No known data errors >=20 > and on stderr ( I noticed the output on stderr as I ran the command, so > I just typed that) >=20 > GEOM_ELI[1]: Device ada0p3.eli is still open, so it cannot be definitely > removed. > GEOM_ELI[1]: Detached ada0p3.eli on last close. >=20 > When doing a geli attach -k /pathtomykey/key /dev/ada0p3 directly > followed by a zfs mount -a, I have my filesystems where I am used to > finding them. I run my /usr/local/rc.ds from there and am functional > again. >=20 > Then (I post this anwe, I will point out why later on), I get for geli > list >=20 > Geom name: ada0p3.eli > State: ACTIVE > EncryptionAlgorithm: AES-CBC > KeyLength: 256 > Crypto: software > UsedKey: 0 > Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT > Providers: > 1. Name: ada0p3.eli > Mediasize: 249656594432 (233G) > Sectorsize: 4096 > Mode: r1w1e1 > Consumers: > 1. Name: ada0p3 > Mediasize: 249656596992 (233G) > Sectorsize: 512 > Mode: r1w1e1 >=20 > I never noticed that before, but, as I did not know which geli output > you were asking for (the one not working or the one working), I diffed > the two files and noticed, that directly after booting, the RW-DETACH > flag is set. I do not know what that means nor do I know whether that > matters, I find that curious, though. I'm no sure if it's the cause of your problem, but it certainly does matter: http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/117158 Fabian --Sig_/xVlvc0Ksf75rivFNMbnOj18 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAk0y8a0ACgkQBYqIVf93VJ3ImwCfaQsylcgDzrj1vwY7NU9v8BwY k1AAoKfIUEDUDqplhvjdYU1laVDYVkbI =kN4f -----END PGP SIGNATURE----- --Sig_/xVlvc0Ksf75rivFNMbnOj18--