Date: Sun, 16 Jan 2011 15:56:08 +0100 From: "Christopher J. Ruwe" <cjr@cruwe.de> To: freebsd-stable@freebsd.org Subject: Re: geli problems after installkernel & installworld Message-ID: <20110116155608.63995be9@dijkstra> In-Reply-To: <20110116142458.46435fde@r500.local> References: <20110113220019.0c18c7ef@dijkstra> <20110115213056.GE5335@garage.freebsd.pl> <20110116020437.4e3e697e@dijkstra> <20110116142458.46435fde@r500.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/I4tAbax92PsU4f4=zJlpchZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 16 Jan 2011 14:24:58 +0100 Fabian Keil <freebsd-listen@fabiankeil.de> wrote: > "Christopher J. Ruwe" <cjr@cruwe.de> wrote: >=20 > > On Sat, 15 Jan 2011 22:30:56 +0100 > > Pawel Jakub Dawidek <pjd@FreeBSD.org> wrote: > >=20 > > > On Thu, Jan 13, 2011 at 10:00:19PM +0100, Christopher J. Ruwe > > > wrote: > > > > I use a mostly geli encrypted hd on my Thinkpad R500, > > > > with /compat, /usr, /tmp and /var all on the encrypted geli > > > > provider. > > > >=20 > > > > After an upgrade of kernel and world (STABLE), I experience a > > > > weird issue: While booting, I am asked for the geli passphrase > > > > as usual. Completing password authentication for geli returns a > > > > success message, > > > >=20 > > > > cryptosoft0: <software crypto> on motherboard > > > > GEOM_ELI: Device ada0p3.eli created. > > > > GEOM_ELI: Encryption: AES-CBC 256 > > > > GEOM_ELI: Crypto: software > > > >=20 > > > > however, the zpool on geli is unavailable. > > > >=20 > > > > Logging in a root, I can attach the geli provider manually as > > > > geli itself should do from /etc/rc.conf. After a successful zfs > > > > mount -a, I can resume as usual after manually starting > > > > the /usr/local/rc.d services.=20 > > > >=20 > > > > Neither have I noticed a change in the device names nor any > > > > unusual messages from dmesg. Currently, I am doing a new > > > > compile run on world and kernel to attempt anew tomorrow. > > > >=20 > > > > Am I missing something? > > >=20 > > > Can you show the output of 'geli list' from a running system? > > >=20 > >=20 > > Sure I can ... I'll additionally comment the output with what I do > > to. > >=20 > > First I boot and my /usr/local/rc.d/ - schripts do not start. > > Likewise does zsh. > >=20 > > From doing geli list, I get (on stdout) > >=20 > > Geom name: ada0p3.eli > > State: ACTIVE > > EncryptionAlgorithm: AES-CBC > > KeyLength: 256 > > Crypto: software > > UsedKey: 0 > > Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT, RW-DETACH > > Providers: > > 1. Name: ada0p3.eli > > Mediasize: 249656594432 (233G) > > Sectorsize: 4096 > > Mode: r0w0e0 > > Consumers: > > 1. Name: ada0p3 > > Mediasize: 249656596992 (233G) > > Sectorsize: 512 > > Mode: r1w1e1 > >=20 > > Doing a zpool status -v gives on stdout > >=20 > > pool: ntank > > state: UNAVAIL > > status: One or more devices could not be opened. There are > > insufficient replicas for the pool to continue functioning. > > action: Attach the missing device and online it using 'zpool > > online'. see: http://www.sun.com/msg/ZFS-8000-3C > > scrub: none requested > > config: > >=20 > > NAME STATE READ WRITE CKSUM > > ntank UNAVAIL 0 0 0 insufficient > > replicas ada0p3.eli UNAVAIL 0 0 0 cannot open > >=20 > > pool: rpool > > state: ONLINE > > status: The pool is formatted using an older on-disk format. The > > pool can still be used, but some features are unavailable. > > action: Upgrade the pool using 'zpool upgrade'. Once this is done, > > the pool will no longer be accessible on older software versions. > > scrub: none requested > > config: > >=20 > > NAME STATE READ > > WRITE CKSUM rpool > > ONLINE 0 0 0 > > gptid/3ab00705-d22f-11df-8e1b-002713b40a7b ONLINE 0 > > 0 0 > >=20 > > errors: No known data errors > >=20 > > and on stderr ( I noticed the output on stderr as I ran the > > command, so I just typed that) > >=20 > > GEOM_ELI[1]: Device ada0p3.eli is still open, so it cannot be > > definitely removed. > > GEOM_ELI[1]: Detached ada0p3.eli on last close. > >=20 > > When doing a geli attach -k /pathtomykey/key /dev/ada0p3 directly > > followed by a zfs mount -a, I have my filesystems where I am used to > > finding them. I run my /usr/local/rc.ds from there and am functional > > again. > >=20 > > Then (I post this anwe, I will point out why later on), I get for > > geli list > >=20 > > Geom name: ada0p3.eli > > State: ACTIVE > > EncryptionAlgorithm: AES-CBC > > KeyLength: 256 > > Crypto: software > > UsedKey: 0 > > Flags: SINGLE-KEY, NATIVE-BYTE-ORDER, BOOT > > Providers: > > 1. Name: ada0p3.eli > > Mediasize: 249656594432 (233G) > > Sectorsize: 4096 > > Mode: r1w1e1 > > Consumers: > > 1. Name: ada0p3 > > Mediasize: 249656596992 (233G) > > Sectorsize: 512 > > Mode: r1w1e1 > >=20 > > I never noticed that before, but, as I did not know which geli > > output you were asking for (the one not working or the one > > working), I diffed the two files and noticed, that directly after > > booting, the RW-DETACH flag is set. I do not know what that means > > nor do I know whether that matters, I find that curious, though. >=20 > I'm no sure if it's the cause of your problem, > but it certainly does matter: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/117158 >=20 > Fabian Thank you. What you mentioned apparently was part of my problem. After setting geli_autodetach=3D"no", at least the geli part of my problem goes away. This is most interesting as I did not change anything on my geli-setup, so I believe behaviour might have changed somewhere, either in rc.defaults or somewhere else. Another interesting point, although the zpools sit right where and how they belong, the fs on the pool sitting on the geli still need manually mounting, which requires manually zfs mount -a and then manually the /usr/local/rc.d/ . I can live with that for some time, though, until I have found a solution for that. I could easily (and just as dirtily) solve that with some rc.local line, but that probably won't help me with my /usr/local/rc.d stuff. Again, thank you for your hint, cheers, --=20 Christopher J. Ruwe TZ GMT + 1 --Sig_/I4tAbax92PsU4f4=zJlpchZ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBAgAGBQJNMwcOAAoJEJTIKW/o3iwUcuMP/A15MVBpoF8stK0iokeduFLS XzsqiUnaqH5L4mMhNylA9Hi43tcMFyc7nz3bN7Gw172WAZyBqowGEwrHYRIqqLDv 6dodARjtg6pN4U+9/zV8NQuAWW2CBZre8CanvmWQgcLuiJ1pXI9QPMMmrk9oQTo5 wF/dS2RAx1ug5CmBSA7Io/ekI+bQVwUe9eCdhiSV17qvERCnisK9G9Cpx6V9er3H tmmfDd/RUtnLEYYP96lYuind2ilY51yrWFjubbmYjT9t9vkV8PNCauzjbl5HqT3L bi3iCQCrqsHxteoJSlqSgEYJw+VJdDTZapfCqgz9/XphiAWqpFmzbHosACmSBTHW atBGNqkLUbo7rntF082SIVaO3wV+rxGn433YMdquu/dYqGKRzqj+zK8tVw753cQp 3JeFVqXhGgY/yzte0AQDUtDxRWxD3gQb0BipKq3Y71JIUNTibrkAuAusHvXBGcBs M4Qj7sIIXQgwkY6/65xpdMM2pepUQCSSfIH0nVSdKGSWRkPx3N9TA9MyQDHsttqJ ZPyqICUoxrJ4R0EdmsyJs4kFqSTJUMJu5mfgzKbAiYffi8m6aQHrGfEx7VXr/tAA L77SW5J4jg5Nuc84BtVl1pJWoYM81XDnAw3gJ8rhVQpg4NOWjyV6NW68vutBXpLV 2XMP/PudvXVh41UV/QyW =awg1 -----END PGP SIGNATURE----- --Sig_/I4tAbax92PsU4f4=zJlpchZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110116155608.63995be9>