Bug 1165702

Summary: Yast installer stores device id in crypttab vs fstab uuid breaking encryption as id's are different in live system
Product: [openSUSE] openSUSE Distribution Reporter: t neo <tneo>
Component: InstallationAssignee: YaST Team <yast-internal>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P3 - Medium CC: aschnell, mfilka, nwr10cst-oslnx, tneo
Version: Leap 15.1   
Target Milestone: ---   
Hardware: x86-64   
OS: SLED 15   
URL: https://trello.com/c/RJ2YOnR3
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: log tar file

Description t neo 2020-03-04 14:35:21 UTC 
The Yast installation process reports the following devices:
SDA == SSD, root
SDB == SSD, home
SDC == HDD, windows
SDD == HDD, data
SDE == HDD, data

SDD is a hardware raid configuration. Both the SDB and SDD drives are encrypted and use XFS as filesystem. Upon installing openSUSE Leap or Tumbleweed, both partitions are recognized by Yast. Upon entering the passphrase Yast can successfully mount both drives. 

Once installation is complete booting fails as the boot process can't decrypt one drive. It reports that LUKS is not able to decrypt drive SDD1. And after a minute and a half wait the boot drops to the emergency prompt. At this point I'm not able to access the GUI. 

I checked my /etc/fstab configuration vs the /dev/disk/by-uuid directory and the encrypted UUID's are correct. The decryption process fails for cr-auto-1. As it turns out in /etc/crypttab there are 2 entries: 

cr-auto-1 /dev/sdd1
cr-auto-2 /dev/sdb1

Based upon the configuration of YAST2 installation these device ID's are correct. But when I run fdisk -l it turns out that my encrypted partition is not on SDD1, but on SDC1:

SDA == SSD, root
SDB == SSD, home
SDC == HDD, data
SDD == HDD, windows
SDE == HDD, data

Thus between the installation process and the live run system my device ID's changed for 2 drives while the configuration has not changed.

I was able to fix this by changing the values in the crypttab, but it is not desired to have to edit this file manually. Also I think that in the crypttab file the UUID should be used to prevent this issue from happening.
Comment 1 Neil Rickert 2020-03-04 17:08:17 UTC 
I can confirm that the installer uses device names in "/etc/crypttab".

Fortunately, it has worked for me.  However, I don't like it, so I change "crypttab" to use the UUID of the encrypted partition.  And then I run "mkinitrd" before rebooting to check that everything still works.

So, yes, I think it a mistake to use device names in "/etc/crypttab".  Better to always use UUID, with one exception.  The exception is when using a randomly encrypted swap, where you cannot use UUID because the UUID changes on each boot.  In that case I recommend the device-id rather than the device name.
Comment 2 t neo 2020-03-11 23:05:59 UTC 
This bug is even more annoying after it turned out that every reboot my device id's got swapped. Using the UUID for the drive resolved the issue for me.
Comment 3 Arvin Schnell 2020-03-27 08:38:35 UTC 
For me YaST does write UUID to crypttab.

Please provide YaST logs of the installation, see http://en.opensuse.org/openSUSE:Bugreport_YaST.
Comment 4 t neo 2020-03-29 17:18:55 UTC 
Created attachment 834137 [details]
log tar file
Comment 5 t neo 2020-03-29 17:19:43 UTC 
I found the attached file in /var/log/Yast2
Comment 6 Arvin Schnell 2020-04-01 17:43:14 UTC 
OK, the logs show that the LUKS devices already existed before the
installation. In that case YaST indeed uses the device name.
Comment 7 Arvin Schnell 2020-04-01 17:48:48 UTC 
Same with latest Tumbleweed.
Comment 8 Steffen Winterfeldt 2020-05-14 11:34:58 UTC 
fix:

https://github.com/yast/yast-storage-ng/pull/1095
Comment 9 Steffen Winterfeldt 2020-05-14 11:36:04 UTC 
The fix is for Tumbleweed only, no backport to Leap 15.1 planned.