I reproducibly fail installing Debian with LUKS harddrive encryption via debootstrap. The same configuration installed with Debian installer works great. Unfortunately, I need to install the production systems via debootstrap.
My setup is:
sd{a,b}1 1049kB 538MB 537MB boot raid
sd{a,b}2 538MB 26.3GB 25.8GB
sd{a,b}3 26.3GB 2000GB 1974GB lvm raid
sd{a,b} 128 2000GB 2000GB 3219kB bios_grub
sd{a,b}1 are md0.
sd{a,b}3 are md1.
md1 is md1_crypto, which forms volume group vg0.
As written before, everything works great if the installation was done with Debian installer. If the installation was done with debootstrap, I struggle with some issues:
The system installed via Debian installer has no issue with an unset CRYPTTAB_NAME parameter. It just mounts the encrypted root lv and starts init.ssh host
To unlock root partition, and maybe others like swap, run `cryptroot-unlock`
~ # cryptroot-unlock
/bin/cryptroot-unlock: line 1: CRYPTTAB_NAME: parameter not set
WTF is "cryptroot"? I never set this name, it only appears if installed via debootstrap. The system installed with Debian installer only asks to unlock md1_crypt. The debootstrap based system is locked in a loop because it can't unlock md1_crypt that it may have already unlocked as cryptroot.Server screen:
Please unlock disk cryptroot:
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Reading all physical volumes. This may take a while...
Found volume group "vg0" using metadata type lvm2
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
2 logical volume(s) in volume group "vg0" now active
cryptsetup (cryptroot): set up successfully
Please unlock disk md1_crypt:
Cannot use device /dev/disk/by-uuid/965........ which is in use (already mapped or mounted),
cryptsetup (md1_crypt): cryptsetup failed, bad password or options?
/etc/crypttab in both cases is identical and only contains one line: md1_crypt UUID=... none luks
/conf/conf.d/cryptroot in both cases is identical too and only contains: target=md1_crypt,source=UUID=...,rootdev,lvm=vg0-root,key=none
I'm investigating this problem since three days and I don't get what goes wrong. In my lab I've a virtual machine installed via Debian installer and one installed via debootstrap. I tried to find configuration differences with md5sum checksum comparison, but all(?) relevant config files are identical.
Any ideas? Thx alot