Incorrect key file in crypttab entry for volume xxx #500
Description
playbook
vars:
storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
disks: "{{ unused_disks }}"
volumes:
- name: test1
mount_point: "{{ mount_location }}"
size: 4g
encryption: true
encryption_key: "{{ storage_test_key_file.path }}"
encryption_luks_version: luks2
encryption_key_size: 256
encryption_cipher: "{{ __luks_cipher }}"
encryption_password: yabbadabbadoo
- name: test2
size: 10g
encryption: true
encryption_key: "{{ storage_test_key_file.path }}"
encryption_luks_version: luks1
encryption_key_size: 512
encryption_cipher: "{{ __luks_cipher }}"
encryption_password: yabbadabbadoo
- name: Verify role results
include_tasks: verify-role-results.yml
- name: overwrite size and luks
include_role:
name: rhel-system-roles.storage
vars:
storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
disks: "{{ unused_disks }}"
volumes:
- name: test3
size: 3g
- name: test2
mount_point: "{{ mount_location }}"
size: 5g
- name: test1
mount_point: "{{ mount_location_2 }}"
size: 5g
encryption_key_size: 512
encryption: true
encryption_key: "{{ storage_test_key_file.path }}"
encryption_luks_version: luks1
- name: Verify role results
include_tasks: verify-role-results.yml
result
nvme0n1 259:2 0 1.5T 0 disk
├─foo-test2 253:3 0 10G 0 lvm
│ └─luks-fefd8e9b-24a7-4b6c-b7f2-c508998682e9 253:4 0 10G 0 crypt /opt/test1
├─foo-test1 253:5 0 4G 0 lvm
│ └─luks-cc83126a-feed-46cf-9c2d-7dc965c9701e 253:6 0 4G 0 crypt /opt/test2
└─foo-test3 253:7 0 3G 0 lvm
nvme1n1 259:3 0 1.5T 0 disk
# cryptsetup luksDump /dev/mapper/foo-test1
LUKS header information
Version: 2
Epoch: 4
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: cc83126a-feed-46cf-9c2d-7dc965c9701e
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 256 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 256 bits
PBKDF: argon2id
Time cost: 4
Memory: 1048576
Threads: 4
Salt: f8 20 85 50 11 aa 66 cb c5 1e b3 ae b2 2c aa 72
e7 42 42 cd 63 b7 60 1d cf 47 f3 79 ab 11 39 89
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:131072 [bytes]
Digest ID: 0
1: luks2
Key: 256 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 256 bits
PBKDF: argon2id
Time cost: 4
Memory: 1048576
Threads: 4
Salt: 5d bc 03 0f 2d b4 d9 7d 5c bc d3 4e 3b 9b 94 0b
1d a6 24 88 d6 df 9f 1f d4 a9 ce 13 7a d3 80 62
AF stripes: 4000
AF hash: sha256
Area offset:163840 [bytes]
Area length:131072 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 175935
Salt: 7b 97 63 e8 9b e3 f1 c8 e0 77 d8 60 a8 f0 1d 19
37 eb 5c 19 90 ff 2c 33 b5 5c 8c fb 00 5c 42 4e
Digest: 69 c2 27 68 67 61 ea 5a 75 43 59 69 c2 6e 9e 24
0e df 0b 58 ae 06 79 2c 48 9f e1 9a 13 6d c9 2e
two questions here
- the volume size don't resize successful with task overwrite size and luks
- the luks vol convert luks size and luks version failed
just confirm, did the role support to vol resize and convert ?
if no supported, it should feedback some failure info ?
looks change mount_point successful, so did the role just support change mount_point ?
- hit the error
TASK [Check key file of crypttab entry] **************************************************************************************************
fatal: [localhost]: FAILED! => {
"assertion": "_storage_test_crypttab_entries[0].split()[2] == _storage_test_expected_crypttab_key_file",
"changed": false,
"evaluated_to": false,
"msg": "Incorrect key file in crypttab entry for volume test2"
}
# cat /etc/crypttab
luks-fefd8e9b-24a7-4b6c-b7f2-c508998682e9 /dev/mapper/foo-test2 VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
luks-cc83126a-feed-46cf-9c2d-7dc965c9701e /dev/mapper/foo-test1 VALUE_SPECIFIED_IN_NO_LOG_PARAMETER