How to unsubscribe from here?
On Thu, Jan 16, 2025, 2:56 PM Sumit Kumar <sumit.kum...@trellix.com> wrote:
> Hi ,
>
> Our Linux based system uses an external storage disk called capture.
> The capture disk is encrypted with LUKS to protect stored data. During
> system boot, system uses the LUKS utilities to decrypt the disk before
> mounting the file systems containing the stored data. Due to an issue with
> inconsistent ordering of decryption and mounting services during system
> bootup, during reboots the system with capture disk can get into emergency
> mode.
>
> Do we have any configuration problem ?
>
> *System details, logs and unit files details : *
> systemd version: 252
> Used distribution : AlmaLinux 9.4
> Linux kernel version used : 5.15.160-1.11.10.0.x86_64
> Journalctl -xb output for error message:
>
> Jan 10 09:53:04 ps systemd[1]: Listening on udev Control Socket.
> Jan 10 09:53:04 ps systemd[1]: Listening on udev Kernel Socket.
> Jan 10 09:53:04 ps systemd[1]: capture.mount: Directory /capture to mount
> over is not empty, mounting anyway.
> Jan 10 09:53:04 ps systemd[1]: Mounting /capture...
> Jan 10 09:53:04 ps systemd[1]: Mounting Huge Pages File System...
> Jan 10 09:53:04 ps systemd[1]: Mounting POSIX Message Queue File System...
> Jan 10 09:53:04 ps systemd[1]: Mounting /sys/kernel/debug...
> Jan 10 09:53:04 ps systemd[1]: Mounting Kernel Trace File System...
> Jan 10 09:53:04 ps systemd[1]: Kernel Module supporting RPCSEC_GSS was
> skipped because of an unmet condition check
> (ConditionPathExists=/etc/krb5.keytab).
> Jan 10 09:53:04 ps systemd[1]: Starting Availability of block devices...
> Jan 10 09:53:04 ps systemd[1]: Starting Create List of Static Device Nodes...
> Jan 10 09:53:04 ps systemd[1]: Starting Load legacy module configuration...
> Jan 10 09:53:04 ps systemd[1]: Starting Monitoring of LVM2 mirrors, snapshots
> etc. using dmeventd or progress polling...
> Jan 10 09:53:04 ps systemd[1]: Starting Load Kernel Module configfs...
> Jan 10 09:53:04 ps systemd[1]: Starting Load Kernel Module drm...
> Jan 10 09:53:04 ps systemd[1]: Starting Load Kernel Module efi_pstore...
> Jan 10 09:53:04 ps systemd[1]: Starting Load Kernel Module fuse...
> Jan 10 09:53:04 ps systemd[1]: Starting Read and set NIS domainname from
> /etc/sysconfig/network...
> Jan 10 09:53:04 ps systemd[1]: First Boot Wizard was skipped because of an
> unmet condition check (ConditionFirstBoot=yes).
> Jan 10 09:53:04 ps systemd[1]: Rebuild Hardware Database was skipped because
> of an unmet condition check (ConditionNeedsUpdate=/etc).
> Jan 10 09:53:04 ps systemd[1]: systemd-journald.service: unit configures an
> IP firewall, but the local system does not support BPF/cgroup firewalling.
> Jan 10 09:53:04 ps systemd[1]: (This warning is only shown for the first unit
> using IP firewalling.)
> Jan 10 09:53:04 ps systemd[1]: Starting Journal Service...
> Jan 10 09:53:04 ps systemd[1]: Starting Load Kernel Modules...
> Jan 10 09:53:04 ps systemd[1]: Starting Generate network units from Kernel
> command line...
> Jan 10 09:53:04 ps systemd[1]: TPM2 PCR Machine ID Measurement was skipped
> because of an unmet condition check
> (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
> Jan 10 09:53:04 ps systemd[1]: Create System Users was skipped because no
> trigger condition checks were met.
> Jan 10 09:53:04 ps systemd[1]: Starting Coldplug All udev Devices...*Jan 10
> 09:53:04 ps systemd[1]: capture.mount: Mount process exited, code=exited,
> status=32/n/a
> Jan 10 09:53:04 ps systemd[1]: capture.mount: Failed with result
> 'exit-code'*.*Jan 10 09:53:04 ps systemd[1]: Failed to mount /capture.*
> Jan 10 09:53:04 ps systemd[1]: Dependency failed for Local File Systems.
> Jan 10 09:53:04 ps systemd[1]: Dependency failed for Systemd service ordering.
> Jan 10 09:53:04 ps systemd[1]: service-ordering.service: Job
> service-ordering.service/start failed with result 'dependency'.
> Jan 10 09:53:04 ps systemd[1]: Dependency failed for Create Volatile Files
> and Directories.
> Jan 10 09:53:04 ps systemd[1]: systemd-tmpfiles-setup.service: Job
> systemd-tmpfiles-setup.service/start failed with result 'dependency'.
> Jan 10 09:53:04 ps systemd[1]: Dependency failed for Mark the need to relabel
> after reboot.
> Jan 10 09:53:04 ps systemd[1]: selinux-autorelabel-mark.service: Job
> selinux-autorelabel-mark.service/start failed with result 'dependency'.
> Jan 10 09:53:04 ps systemd[1]: local-fs.target: Job local-fs.target/start
> failed with result 'dependency'.
> Jan 10 09:53:04 ps systemd[1]: local-fs.target: Triggering OnFailure=
> dependencies.
> Jan 10 09:53:04 ps systemd[1]: Unnecessary job was removed for /dev/ttyS0.
> Jan 10 09:53:04 ps systemd[1]: Mounted Huge Pages File System.
>
> *systemctl list-units --failed*
>
> UNIT LOAD ACTIVE SUB DESCRIPTION* capture.mount loaded failed
> failed /capture
>
> LOAD = Reflects whether the unit definition was properly loaded.
> ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
> SUB = The low-level unit activation state, values depend on unit type.
> 1 loaded units listed.
> *systemctl status capture.mount*
> x capture.mount - /capture
> Loaded: loaded (/etc/fstab; generated)
> Active: failed (Result: exit-code) since Fri 2025-01-10 09:53:03 UTC;
> 39min ago
> Where: /capture
> What: /dev/mapper/encr-sdd
> Docs: man:fstab(5)
> man:systemd-fstab-generator(8)
> CPU: 5ms
>
> Jan 10 09:53:04 ps mount[784]: mount: /capture: special device
> /dev/mapper/encr-sdd does not exist.
> Notice: journal has been rotated since unit was started, output may be
> incomplete.
>
> *systemctl cat capture.mount*# /run/systemd/generator/capture.mount#
> Automatically generated by systemd-fstab-generator
>
> [Unit]
> Documentation=man:fstab(5) man:systemd-fstab-generator(8)
> SourcePath=/etc/fstab
> After=cryptsetup.target
> Requires=cryptsetup.target
> Before=local-fs.target
> Requires=systemd-fsck@dev-mapper-encr\x2dsdd.service
> After=systemd-fsck@dev-mapper-encr\x2dsdd.service
> After=blockdev@dev-mapper-encr\x2dsdd.target
>
> [Mount]
> What=/dev/mapper/encr-sdd
> Where=/capture
> Type=ext4
> Options=defaults,nosuid,x-systemd.requires=cryptsetup.target
> *cat /etc/crypttab*
> encr-sdd UUID=6af9171e-82c7-4be2-bd70-14979067727f /.encr/sdd
>
> cat /etc/fstab
> /dev/disk/by-label/boot /boot vfat
> ro,defaults 1 2
> /dev/disk/by-label/opt /opt ext4 ro,defaults 1 2
> /dev/disk/by-label/root / ext4 ro,defaults 1 1
> /dev/disk/by-label/notused /notused ext4
> defaults,ro,noauto 0 0
> /dev/disk/by-label/rescue /rescue ext4
> ro,defaults,noauto 0 0
> /dev/disk/by-label/var /var ext4 defaults 1 2
> /dev/disk/by-label/var_log /var/log ext4 defaults 1 2
> /dev/disk/by-label/config /config ext4 defaults,nosuid
> 1 2
> /dev/disk/by-label/swap swap swap
> defaults */dev/mapper/encr-sdd /capture ext4
> defaults,nosuid,x-systemd.requires=cryptsetup.target 1 2*
> /dev/mapper/v0-deferred /deferred
> ext4 defaults,noatime,noexec,nosuid 1 3
> /dev/mapper/v0-scandir /scandir
> ext4 defaults,noatime,noexec,nosuid,nobarrier 1 3
> /dev/mapper/v0-logs /logs ext4
> defaults,noatime,noexec,nosuid 1 3
> /dev/mapper/v0-wk /wk ext4
> defaults,nosuid 1 3
> /var/etc /etc none
> bind,x-systemd.requires-mounts-for=/var 0 0 0
> /wk/tmp /tmp none
> bind,x-systemd.requires-mounts-for=/wk 0 0 0
> /wk/root /root none
> bind,x-systemd.requires-mounts-for=/wk 0 0 0
> /wk/home /home none
> bind,x-systemd.requires-mounts-for=/wk 0 0 0
> /wk/AgentDB/db /var/McAfee/agent/db none
> bind,x-systemd.requires-mounts-for=/wk 1 0 0
> /dev/cdrom /media/cdrom iso9660 noexec,nosuid,noauto,owner,ro 0 0
> /dev/cdrom-0 /media/cdrom-0 iso9660 noexec,nosuid,noauto,owner,ro 0 0
> /dev/cdrom-usb /media/cdrom-usb iso9660 noexec,nosuid,noauto,owner,ro 0 0
> none /proc/fs/nfsd nfsd noauto 0 0
> nodev /sys/kernel/debug debugfs defaults 0 0
>
> *systemctl list-unit-files | grep systemd-cryptsetup*
> systemd-cryptsetup@encr\x2dsdd.service generated -
> *systemctl status systemd-cryptsetup@encr\x2dsdd.service **
> systemd-cryptsetup@encr\x2dsdd.service - Cryptography Setup for encr-sdd
> Loaded: loaded (/etc/crypttab; generated)
> Active: inactive (dead)
> Docs: man:crypttab(5)
> man:systemd-cryptsetup-generator(8)
> man:systemd-cryptsetup@.service(8)
>
> *cryptsetup status encr-sdd*
> /dev/mapper/encr-sdd is inactive.
> *ls -lrt /dev/mapper/**
> crw------- 1 root root 10, 236 Jan 10 09:53 /dev/mapper/control
> lrwxrwxrwx 1 root root 7 Jan 10 09:53 /dev/mapper/v0-deferred -> ../dm-0
> lrwxrwxrwx 1 root root 7 Jan 10 09:53 /dev/mapper/v0-scandir -> ../dm-1
> lrwxrwxrwx 1 root root 7 Jan 10 09:53 /dev/mapper/v0-wk -> ../dm-3
> lrwxrwxrwx 1 root root 7 Jan 10 09:53 /dev/mapper/v0-logs -> ../dm-2
>
>
> systemctl show systemd-cryptsetup@encr\x2dsdd.service
> Type=oneshot
> ExitType=main
> Restart=no
> NotifyAccess=none
> RestartUSec=100ms
> TimeoutStartUSec=infinity
> TimeoutStopUSec=infinity
> TimeoutAbortUSec=infinity
> TimeoutStartFailureMode=terminate
> TimeoutStopFailureMode=terminate
> RuntimeMaxUSec=infinity
> RuntimeRandomizedExtraUSec=0
> WatchdogUSec=infinity
> WatchdogTimestampMonotonic=0
> RootDirectoryStartOnly=no
> RemainAfterExit=yes
> GuessMainPID=yes
> MainPID=0
> ControlPID=0
> FileDescriptorStoreMax=0
> NFileDescriptorStore=0
> StatusErrno=0
> Result=success
> ReloadResult=success
> CleanResult=success
> UID=[not set]
> GID=[not set]
> NRestarts=0
> OOMPolicy=stop
> ReloadSignal=1
> ExecMainStartTimestampMonotonic=0
> ExecMainExitTimestampMonotonic=0
> ExecMainPID=0
> ExecMainCode=0
> ExecMainStatus=0
> ExecStart={ path=/usr/lib/systemd/systemd-cryptsetup ;
> argv[]=/usr/lib/systemd/systemd-cryptsetup attach encr-sdd
> /dev/disk/by-uuid/6af9171e-82c7-4be2-bd70-14979067727f /.encr/sdd ;
> ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ;
> status=0/0 }
> ExecStartEx={ path=/usr/lib/systemd/systemd-cryptsetup ;
> argv[]=/usr/lib/systemd/systemd-cryptsetup attach encr-sdd
> /dev/disk/by-uuid/6af9171e-82c7-4be2-bd70-14979067727f /.encr/sdd ; flags= ;
> start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
> ExecStop={ path=/usr/lib/systemd/systemd-cryptsetup ;
> argv[]=/usr/lib/systemd/systemd-cryptsetup detach encr-sdd ; ignore_errors=no
> ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
> ExecStopEx={ path=/usr/lib/systemd/systemd-cryptsetup ;
> argv[]=/usr/lib/systemd/systemd-cryptsetup detach encr-sdd ; flags= ;
> start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
> Slice=system-systemd\x2dcryptsetup.slice
> ControlGroupId=0
> MemoryCurrent=[not set]
> MemoryAvailable=infinity
> CPUUsageNSec=[not set]
> TasksCurrent=[not set]
> IPIngressBytes=[no data]
> IPIngressPackets=[no data]
> IPEgressBytes=[no data]
> IPEgressPackets=[no data]
> IOReadBytes=18446744073709551615
> IOReadOperations=18446744073709551615
> IOWriteBytes=18446744073709551615
> IOWriteOperations=18446744073709551615
> Delegate=no
> CPUAccounting=yes
> CPUWeight=[not set]
> StartupCPUWeight=[not set]
> CPUShares=[not set]
> StartupCPUShares=[not set]
> CPUQuotaPerSecUSec=infinity
> CPUQuotaPeriodUSec=infinity
> IOAccounting=no
> IOWeight=[not set]
> StartupIOWeight=[not set]
> BlockIOAccounting=no
> BlockIOWeight=[not set]
> StartupBlockIOWeight=[not set]
> MemoryAccounting=yes
> DefaultMemoryLow=0
> DefaultMemoryMin=0
> MemoryMin=0
> MemoryLow=0
> MemoryHigh=infinity
> MemoryMax=infinity
> MemorySwapMax=infinity
> MemoryLimit=infinity
> DevicePolicy=auto
> TasksAccounting=yes
> TasksMax=50833
> IPAccounting=no
> ManagedOOMSwap=auto
> ManagedOOMMemoryPressure=auto
> ManagedOOMMemoryPressureLimit=0
> ManagedOOMPreference=none
> UMask=0022
> LimitCPU=infinity
> LimitCPUSoft=infinity
> LimitFSIZE=infinity
> LimitFSIZESoft=infinity
> LimitDATA=infinity
> LimitDATASoft=infinity
> LimitSTACK=infinity
> LimitSTACKSoft=8388608
> LimitCORE=infinity
> LimitCORESoft=0
> LimitRSS=infinity
> LimitRSSSoft=infinity
> LimitNOFILE=524288
> LimitNOFILESoft=1024
> LimitAS=infinity
> LimitASSoft=infinity
> LimitNPROC=31771
> LimitNPROCSoft=31771
> LimitMEMLOCK=8388608
> LimitMEMLOCKSoft=8388608
> LimitLOCKS=infinity
> LimitLOCKSSoft=infinity
> LimitSIGPENDING=31771
> LimitSIGPENDINGSoft=31771
> LimitMSGQUEUE=819200
> LimitMSGQUEUESoft=819200
> LimitNICE=0
> LimitNICESoft=0
> LimitRTPRIO=0
> LimitRTPRIOSoft=0
> LimitRTTIME=infinity
> LimitRTTIMESoft=infinity
> OOMScoreAdjust=500
> CoredumpFilter=0x23
> Nice=0
> IOSchedulingClass=2
> IOSchedulingPriority=4
> CPUSchedulingPolicy=0
> CPUSchedulingPriority=0
> CPUAffinityFromNUMA=no
> NUMAPolicy=n/a
> TimerSlackNSec=50000
> CPUSchedulingResetOnFork=no
> NonBlocking=no
> StandardInput=null
> StandardOutput=journal
> StandardError=inherit
> TTYReset=no
> TTYVHangup=no
> TTYVTDisallocate=no
> SyslogPriority=30
> SyslogLevelPrefix=yes
> SyslogLevel=6
> SyslogFacility=3
> LogLevelMax=-1
> LogRateLimitIntervalUSec=0
> LogRateLimitBurst=0
> SecureBits=0
> CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
> cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
> cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
> cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio
> cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot
> cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod
> cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override
> cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read
> cap_perfmon cap_bpf cap_checkpoint_restore
> DynamicUser=no
> RemoveIPC=no
> PrivateTmp=no
> PrivateDevices=no
> ProtectClock=no
> ProtectKernelTunables=no
> ProtectKernelModules=no
> ProtectKernelLogs=no
> ProtectControlGroups=no
> PrivateNetwork=no
> PrivateUsers=no
> PrivateMounts=no
> PrivateIPC=no
> ProtectHome=no
> ProtectSystem=no
> SameProcessGroup=no
> UtmpMode=init
> IgnoreSIGPIPE=yes
> NoNewPrivileges=no
> SystemCallErrorNumber=2147483646
> LockPersonality=no
> RuntimeDirectoryPreserve=no
> RuntimeDirectoryMode=0755
> StateDirectoryMode=0755
> CacheDirectoryMode=0755
> LogsDirectoryMode=0755
> ConfigurationDirectoryMode=0755
> TimeoutCleanUSec=infinity
> MemoryDenyWriteExecute=no
> RestrictRealtime=no
> RestrictSUIDSGID=no
> RestrictNamespaces=no
> MountAPIVFS=no
> KeyringMode=shared
> ProtectProc=default
> ProcSubset=all
> ProtectHostname=no
> KillMode=control-group
> KillSignal=15
> RestartKillSignal=15
> FinalKillSignal=9
> SendSIGKILL=yes
> SendSIGHUP=no
> WatchdogSignal=6
>
>
> *systemctl show cryptsetup.target*
> Id=cryptsetup.target
> Names=cryptsetup.target
> Requires="systemd-cryptsetup@encr\\x2dsdd.service"
> RequiredBy=capture.mount
> WantedBy=sysinit.target
> Before=capture.mount
> After=cryptsetup-pre.target systemd-pcrphase-initrd.service
> "systemd-cryptsetup@encr\\x2dsdd.service" systemd-ask-password-console.path
> systemd-ask-password-wall.path
> Description=cryptsetup.target
> LoadState=masked
> ActiveState=inactive
> FreezerState=running
> SubState=dead
> FragmentPath=/etc/systemd/system/cryptsetup.target
> UnitFileState=masked
> UnitFilePreset=enabled
> StateChangeTimestamp=Fri 2025-01-10 09:53:06 UTC
> StateChangeTimestampMonotonic=11420678
> InactiveExitTimestampMonotonic=0
> ActiveEnterTimestampMonotonic=0
> ActiveExitTimestampMonotonic=0
> InactiveEnterTimestampMonotonic=0
> CanStart=no
> CanStop=yes
> CanReload=no
> CanIsolate=no
> CanFreeze=no
> StopWhenUnneeded=no
> RefuseManualStart=no
> RefuseManualStop=no
> AllowIsolate=no
> DefaultDependencies=yes
> OnSuccessJobMode=fail
> OnFailureJobMode=replace
> IgnoreOnIsolate=no
> NeedDaemonReload=no
> JobTimeoutUSec=infinity
> JobRunningTimeoutUSec=infinity
> JobTimeoutAction=none
> ConditionResult=no
> AssertResult=no
> ConditionTimestampMonotonic=0
> AssertTimestampMonotonic=0
> LoadError=org.freedesktop.systemd1.UnitMasked "Unit cryptsetup.target is
> masked."
> Transient=no
> Perpetual=no
> StartLimitIntervalUSec=10s
> StartLimitBurst=5
> StartLimitAction=none
> FailureAction=none
> SuccessAction=none
> CollectMode=inactive
>
>
> Also, Pasted all the logs in
> https://gist.github.com/sumitkumar1-trellix/cefb8477e9e6bde05419f8a0e842994d
>
> Please let me know if any other config/logs required.
>
>
>
