New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve error and docs re resizing LUKS rootfs #1077
Comments
I just tried your config with 35.20220116.2.0 and it worked for me. What version of Fedora CoreOS are you running? It shouldn't affect your issue, but you can also spell the
|
My apologies, I originally got the error using luks key_file not tpm2. Using https://console.aws.amazon.com/ec2/home?region=us-east-1#launchAmi=ami-0ebf4b94cc66b73f2 on t3a.medium. I will try the partitioning as suggested. Attached: rdsosreport.txt.gz Here is the correct ignition: variant: fcos
version: 1.4.0
passwd:
users:
- name: core
password_hash: $6$ubjP0
ssh_authorized_keys:
- ssh-rsa AAAA
storage:
disks:
- device: /dev/nvme0n1
partitions:
- label: ceph
# 12G + 1 MiB for the partition table, 384 for `/boot`, 127 for `/boot/efi`
start_mib: 12801
size_mib: 0
luks:
- name: root
label: luks-root
device: /dev/disk/by-partlabel/root
wipe_volume: true
# using key_file on a rootfs will ask for pass on boot
key_file:
inline: "canttellyou"
filesystems:
- device: /dev/mapper/root
format: btrfs
label: root
mount_options:
- compress=zstd:1
wipe_filesystem: true |
Using password LUKS unlocking is not supported for the rootfs. Did you actually intend to deploy this configuration in a production environment, or was it more to play around? If the former, can you provide more details about your use case? |
I was using password LUKS for testing ignition on AWS to ensure my ignition file works properly before deploying with tang in my prod setup. I do not have a tangd setup in AWS, It's mainly for quick iteration of the ignition file to validate as deployment in AWS is much faster than my prod hosting. |
Ah, I see. You may want to do a scratch Tang deployment for that purpose. We opted not to support password-based LUKS for the rootfs because someone would have to type in a password on console, which doesn't make sense for server nodes that are automatically deployed and managed. I'll leave this open to track improvement of the error message and docs. |
I didnt see this documented as a limitation, but ignition fails with
ignition-ostree-growfs 'nothing to read on input'
Seems to come from: https://github.com/coreos/fedora-coreos-config/blob/532fd714e4fff8ee6f6f77cd09f4889560512299/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh#L88
Here is an ignition
The text was updated successfully, but these errors were encountered: