#2509 Issue closed: New finalize script to adapt /mnt/local/etc/crypttab to new LUKS UUIDs¶
Labels: enhancement, needs sponsorship, no-issue-activity
jsmeix opened issue at 2020-11-05 12:04:¶
When "rear recover" recreates LUKS volumes
but there is no uuid=<UUID_from_the_original_system>
or when there is no uuid option set for crypt entries in
disklayout.conf
then "rear recover" recreates LUKS volumes with new UUIDs
that are different than those on the original system.
In this case automatically mounting those LUKS volumes during boot
fails
so that the recreated system fails to boot.
So what is missing is a usr/share/rear/finalize/ script that
adapts /mnt/local/etc/crypttab to new UUIDs if needed
before the initrd is recreated and the bootloader is (re)-installed.
Cf.
https://github.com/rear/rear/pull/2506#issuecomment-722315498
Normally there are uuid=<UUID_from_the_original_system> for crypt
entries in disklayout.conf
so that "rear recover" recreates LUKS volumes with same UUIDs as on the
original system
and then all works well.
So this issue is an enhancement to make "rear recover" more robust
also in exceptional cases but it is questionable if this is really
needed.
jsmeix commented at 2020-11-05 16:25:¶
When "rear recover" recreates LUKS volumes with new UUIDs
that are different than those on the original system
it is a so called "system migration" and then it is in general
recommended to run "rear recover" with enforced migration mode.
When "rear recover" runs in migration mode there are user dialogs
that interrupt the recovery procedure at important "milestones"
so that the user can manually modify things as needed.
In this particular case the right milestone to manually adapt
the restored /mnt/local/etc/crypttab is after the backup was restored
and before the initrd is recreated and the bootloader is (re)-installed.
I tested this and then a LUKS UUID migration work reasonably
straightforward
(excerpts from what happened on my terminal during "rear -D recover"):
RESCUE linux-uxxi:~ # rear -D recover
...
Comparing disks
Device sda has expected (same) size 21474836480 bytes (will be used for 'recover')
Device sdb has expected (same) size 1073741824 bytes (will be used for 'recover')
Disk configuration looks identical
UserInput -I DISK_LAYOUT_PROCEED_RECOVERY needed in /usr/share/rear/layout/prepare/default/250_compare_disks.sh line 148
Proceed with 'recover' (yes) otherwise manual disk layout configuration is enforced
(default 'yes' timeout 30 seconds)
no
UserInput: No choices - result is 'no'
User enforced manual disk layout configuration
Using /dev/sda (same name and same size) for recreating /dev/sda
Using /dev/sdb (same name and same size) for recreating /dev/sdb
Current disk mapping table (source => target):
/dev/sda => /dev/sda
/dev/sdb => /dev/sdb
UserInput -I LAYOUT_MIGRATION_CONFIRM_MAPPINGS needed in /usr/share/rear/layout/prepare/default/300_map_disks.sh line 275
Confirm or edit the disk mapping
1) Confirm disk mapping and continue 'rear recover'
2) Confirm identical disk mapping and proceed without manual configuration
3) Edit disk mapping (/var/lib/rear/layout/disk_mappings)
4) Use Relax-and-Recover shell and return back to here
5) Abort 'rear recover'
(default '1' timeout 300 seconds)
UserInput: No real user input (empty or only spaces) - using default input
UserInput: Valid choice number result 'Confirm disk mapping and continue 'rear recover''
User confirmed disk mapping
...
UserInput -I LAYOUT_FILE_CONFIRMATION needed in /usr/share/rear/layout/prepare/default/500_confirm_layout_file.sh line 26
Confirm or edit the disk layout file
1) Confirm disk layout and continue 'rear recover'
2) Edit disk layout (/var/lib/rear/layout/disklayout.conf)
3) View disk layout (/var/lib/rear/layout/disklayout.conf)
4) View original disk space usage (/var/lib/rear/layout/config/df.txt)
5) Use Relax-and-Recover shell and return back to here
6) Abort 'rear recover'
(default '1' timeout 300 seconds)
UserInput: No real user input (empty or only spaces) - using default input
UserInput: Valid choice number result 'Confirm disk layout and continue 'rear recover''
User confirmed disk layout file
...
UserInput -I LAYOUT_CODE_CONFIRMATION needed in /usr/share/rear/layout/recreate/default/100_confirm_layout_code.sh line 26
Confirm or edit the disk recreation script
1) Confirm disk recreation script and continue 'rear recover'
2) Edit disk recreation script (/var/lib/rear/layout/diskrestore.sh)
3) View disk recreation script (/var/lib/rear/layout/diskrestore.sh)
4) View original disk space usage (/var/lib/rear/layout/config/df.txt)
5) Use Relax-and-Recover shell and return back to here
6) Abort 'rear recover'
(default '1' timeout 300 seconds)
UserInput: No real user input (empty or only spaces) - using default input
UserInput: Valid choice number result 'Confirm disk recreation script and continue 'rear recover''
User confirmed disk recreation script
Start system layout restoration.
Disk '/dev/sda': creating 'gpt' partition table
Disk '/dev/sda': creating partition number 1 with name ''sda1''
Disk '/dev/sda': creating partition number 2 with name ''sda2''
Disk '/dev/sdb': creating 'gpt' partition table
Disk '/dev/sdb': creating partition number 1 with name ''sdb1''
Disk '/dev/sdb': creating partition number 2 with name ''sdb2''
Creating LUKS volume cr_ata-QEMU_HARDDISK_QM00004-part1 on /dev/sdb1
Set the password for LUKS volume cr_ata-QEMU_HARDDISK_QM00004-part1 (for 'cryptsetup luksFormat' on /dev/sdb1):
Enter passphrase for /dev/sdb1:
Enter the password for LUKS volume cr_ata-QEMU_HARDDISK_QM00004-part1 (for 'cryptsetup luksOpen' on /dev/sdb1):
Enter passphrase for /dev/sdb1:
Creating LUKS volume cr_ata-QEMU_HARDDISK_QM00001-part2 on /dev/sda2
Set the password for LUKS volume cr_ata-QEMU_HARDDISK_QM00001-part2 (for 'cryptsetup luksFormat' on /dev/sda2):
Enter passphrase for /dev/sda2:
Enter the password for LUKS volume cr_ata-QEMU_HARDDISK_QM00001-part2 (for 'cryptsetup luksOpen' on /dev/sda2):
Enter passphrase for /dev/sda2:
Creating LVM PV /dev/mapper/cr_ata-QEMU_HARDDISK_QM00001-part2
Creating LVM VG 'system'; Warning: some properties may not be preserved...
Creating LVM volume 'system/home'; Warning: some properties may not be preserved...
Creating LVM volume 'system/root'; Warning: some properties may not be preserved...
Creating LVM volume 'system/swap'; Warning: some properties may not be preserved...
Creating filesystem of type btrfs with mount point / on /dev/mapper/system-root.
Mounting filesystem /
Running snapper/installation-helper
Creating filesystem of type ext4 with mount point /luks1test on /dev/mapper/cr_ata-QEMU_HARDDISK_QM00004-part1.
Mounting filesystem /luks1test
Creating filesystem of type xfs with mount point /home on /dev/mapper/system-home.
Mounting filesystem /home
Creating swap on /dev/mapper/system-swap
Creating LUKS volume luks2test on /dev/sdb2
Set the password for LUKS volume luks2test (for 'cryptsetup luksFormat' on /dev/sdb2):
Enter passphrase for /dev/sdb2:
Enter the password for LUKS volume luks2test (for 'cryptsetup luksOpen' on /dev/sdb2):
Enter passphrase for /dev/sdb2:
Creating filesystem of type ext4 with mount point /luks2test on /dev/mapper/luks2test.
Mounting filesystem /luks2test
Disk layout created.
UserInput -I LAYOUT_MIGRATED_CONFIRMATION needed in /usr/share/rear/layout/recreate/default/200_run_layout_code.sh line 98
Confirm the recreated disk layout or go back one step
1) Confirm recreated disk layout and continue 'rear recover'
2) Go back one step to redo disk layout recreation
3) Use Relax-and-Recover shell and return back to here
4) Abort 'rear recover'
(default '1' timeout 300 seconds)
UserInput: No real user input (empty or only spaces) - using default input
UserInput: Valid choice number result 'Confirm recreated disk layout and continue 'rear recover''
User confirmed recreated disk layout
Restoring from '/tmp/rear.hZXMTGZnhFxaDdz/outputfs/linux-uxxi/backup.tar.gz' (restore log in /var/lib/rear/restore/recover.backup.tar.gz.843.restore.log) ...
Backup restore program 'tar' started in subshell (PID=5379)
Restored 166 MiB [avg. 42721 KiB/sec]
...
Restored 2868 MiB [avg. 31589 KiB/sec]
OK
Restored 2882 MiB in 96 seconds [avg. 30746 KiB/sec]
Restoring finished (verify backup restore log messages in /var/lib/rear/restore/recover.backup.tar.gz.843.restore.log)
Created SELinux /mnt/local/.autorelabel file : after reboot SELinux will relabel all files
Recreating directories (with permissions) from /var/lib/rear/recovery/directories_permissions_owner_group
Migrating disk-by-id mappings in certain restored files in /mnt/local to current disk-by-id mappings ...
Replacing restored udev rule '/mnt/local//etc/udev/rules.d/70-persistent-net.rules' with the one from the ReaR rescue system
Migrating restored network configuration files according to the mapping files ...
UserInput -I RESTORED_FILES_CONFIRMATION needed in /usr/share/rear/finalize/default/520_confirm_finalize.sh line 41
Confirm restored config files are OK or adapt them as needed
1) Confirm it is OK to recreate initrd and reinstall bootloader and continue 'rear recover'
2) Edit restored etc/fstab (/mnt/local/etc/fstab)
3) View restored etc/fstab (/mnt/local/etc/fstab)
4) Use Relax-and-Recover shell and return back to here
5) Abort 'rear recover'
(default '1' timeout 300 seconds)
4
...
rear> lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,SIZE,MOUNTPOINT,UUID
NAME KNAME PKNAME TRAN TYPE FSTYPE SIZE MOUNTPOINT UUID
/dev/sda /dev/sda ata disk 20G
|-/dev/sda1 /dev/sda1 /dev/sda part 8M
`-/dev/sda2 /dev/sda2 /dev/sda part crypto_LUKS 20G 580ec2b9-efd9-4315-a384-381f3dae4815
`-/dev/mapper/cr_ata-QEMU_HARDDISK_QM00001-part2
/dev/dm-1 /dev/sda2 crypt LVM2_member 20G zJalOt-2mjE-OrW4-MRxO-ErID-beeL-rRwzOp
|-/dev/mapper/system-home /dev/dm-2 /dev/dm-1 lvm xfs 5.4G /mnt/local/home c9a5ebc9-3eac-4aa8-a768-731295af64a8
|-/dev/mapper/system-root /dev/dm-3 /dev/dm-1 lvm btrfs 12.6G /mnt/local bd326c18-0806-47d7-a740-97d5047d7de4
`-/dev/mapper/system-swap /dev/dm-4 /dev/dm-1 lvm swap 2G a88670c6-43c7-4024-822f-f0fa0d00cfbc
/dev/sdb /dev/sdb ata disk 1G
|-/dev/sdb1 /dev/sdb1 /dev/sdb part crypto_LUKS 307M db429fe1-3337-4bf1-9d38-78ac4a9cd51a
| `-/dev/mapper/cr_ata-QEMU_HARDDISK_QM00004-part1
| /dev/dm-0 /dev/sdb1 crypt ext4 305M /mnt/local/luks1test 745a0d13-2b73-4a81-a81c-96906c45ef5a
`-/dev/sdb2 /dev/sdb2 /dev/sdb part crypto_LUKS 409M 208c3ee4-3e1f-4e37-9386-d938a5df3349
`-/dev/mapper/luks2test /dev/dm-5 /dev/sdb2 crypt ext4 405M /mnt/local/luks2test 850e0fcc-6739-4190-9940-0b27cb82ee66
/dev/sr0 /dev/sr0 ata rom iso9660 76.9M 2020-11-05-16-26-22-81
rear> vi -C /mnt/local/etc/crypttab
...
rear> cat /mnt/local/etc/crypttab
cr_ata-QEMU_HARDDISK_QM00001-part2 UUID=580ec2b9-efd9-4315-a384-381f3dae4815
cr_ata-QEMU_HARDDISK_QM00004-part1 UUID=db429fe1-3337-4bf1-9d38-78ac4a9cd51a
rear> exit
Are you sure you want to exit the Relax-and-Recover shell ? y
exit
UserInput -I RESTORED_FILES_CONFIRMATION needed in /usr/share/rear/finalize/default/520_confirm_finalize.sh line 41
Confirm restored config files are OK or adapt them as needed
1) Confirm it is OK to recreate initrd and reinstall bootloader and continue 'rear recover'
2) Edit restored etc/fstab (/mnt/local/etc/fstab)
3) View restored etc/fstab (/mnt/local/etc/fstab)
4) Use Relax-and-Recover shell and return back to here
5) Abort 'rear recover'
(default '1' timeout 300 seconds)
UserInput: No real user input (empty or only spaces) - using default input
UserInput: Valid choice number result 'Confirm it is OK to recreate initrd and reinstall bootloader and continue 'rear recover''
User confirmed restored files
Running mkinitrd...
Recreated initrd (/sbin/mkinitrd).
Installing GRUB2 boot loader...
Determining where to install GRUB2 (no GRUB2_INSTALL_DEVICES specified)
Found possible boot disk /dev/sda - installing GRUB2 there
Finished 'recover'. The target system is mounted at '/mnt/local'.
Exiting rear recover (PID 843) and its descendant processes ...
Running exit tasks
You should also rm -Rf /tmp/rear.hZXMTGZnhFxaDdz
RESCUE linux-uxxi:~ reboot
The recreated system with manually adapted /mnt/local/etc/crypttab reboots well.
github-actions commented at 2021-01-05 02:33:¶
Stale issue message
[Export of Github issue for rear/rear.]