-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reboot doesn't honor disk encryption setting in earlier tinkerbell action during EKS anywhere cluster creation for bare metal #7700
Comments
Hey @ygao-armada , mind sharing your full Tinkerbell workflow? A few things to note:
|
@jacobweinstock thanks for your explanation. My full Tinkerbell workflow is in the EKS anywhere machine template, the main ones are the last 2, "partition_cmds" and "reboot":
|
What happened:
I try to introduce disk encryption in EKS anywhere cluster for bare metal as follows:
I try to setup the the disk encryption for directory like /var in a tinkerbell action (right before tinkerbell action reboot).
Everything looks good in following areas:
Only interesting thing is that, after command "cryptsetup luksOpen /dev/sda1 sda1_crypt" in the tinkerbell action, dummy file /etc/crypttab is not generated (if we run the command in command line, we will see /etc/crypttab shows up with a comment line).
However, tinkerbell action "reboot" doesn't ask for passphrase, and after reboot, all the cryption setting mentioned above disappears.
What you expected to happen:
I expected reboot will ask for encryption passphrase, and after reboot, the encryption settings will stay
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
The text was updated successfully, but these errors were encountered: