Auto-unlock with keyfile

Hi,

I’m trying to switch to auto-unlock with keyfile but this is the result in cryptab for file (also shown in web console): /root/keyfile-

it actually does create that file so I’m gonna use it (will rename it though) but I do sense some troubles if adding more disks?

@Jorma_Tuomainen Hello again. And thanks for the report. I take it you are running our latest testing rpm here.
Re:

Yes, that does look dodgy. The following is the pull request from way back when we added LUKS capability.

Noting here as it can help to identify where the relevant code is. Much as changed in the interim but not a great deal in regards to this particular code however. So it would be good to have another look.

See how you get on and once we have some concrete defined failing we can move to GitHub issues for each.

From the pics there it seems like we are missing a uuid of sorts, and from memory this is retrieved from the luks subsystem so likely pretty important. But also likely a nice fix to have so thanks again for the report. We surprisingly haven’t had many ‘takers’ on this testing front.

Could you detail the Rockstor version and base OS that is in-play here. I.e. 4.5.8-0 on openSUSE Leap 15.4. It would be great to get this fixed before the next stable release and I suspect its been around as a bug for quite a while now.

N.B.:

This may well upset things more, but I’ve not been in that code area for a bit so not certain. This was all developed while we were still on a CentOS base so there may be some bits-and-bobs we need to modify.

Cheers and thanks again for the report. Much appreciated.

2 Likes

I renamed the file and changed from /etc/crypttab to include the uuid part, rebooted and worked like a charm, added the disk to raid1 pool and it is balancing.

1 Like

@Jorma_Tuomainen Thanks for the update.

I think we have enough to at least take an initial look at this so I’ve created the following GitHub issue to work against:

LUKS capability is super important and I would really like to have this in-shape before our next stable release so I will try to tend to this issue shortly.

Thanks again for the report.

I think you should rework the UI too, it’s not really intuitive when switching to keyfile.

Best option would be to require passphrase but the way it could be input via ssh (or web) for non-ROOT pools.

@Jorma_Tuomainen
Re:

I think that would be for our next testing channel as we are now at Release Candidate 6 and any key Web-UI changes would also required doc rewrites etc. such as here:
https://rockstor.com/docs/howtos/luks.html

Lest just get it working as intended again first, and hopefully not as a hot fix on stable (master channel). Then we can discuss a Web-UI rework here on the forum under a dedicated forum post. If that then gets sufficient community involvement then we can hopefully gather developer interest to see to that as and when. But for plain old bugs in what we already have must take priority.

Hope that helps, at least from the priority point of view. But yes, more community input on the whole LUKS think would be good: in time. But for context we have, up until your post, had zero input in this area to date.

1 Like

First time having problem with it too. I’m using safari even that rockstor nags about it on every page load :slight_smile:

@Jorma_Tuomainen Hello again.
Re:

What ‘nag’ is this. I’ve not used safari to access Rockstor so unfamiliar on that front.

Cheers.

static/storageadmin/js/rockstor.js:        $('#browsermsg').html('<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">&times;</button>The RockStor WebUI is supported only on Firefox or Chrome. Some features may not work correctly.</div>');
static/storageadmin/js/storageadmin.js:        $('#browsermsg').html('<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">&times;</button>The RockStor WebUI is supported only on Firefox or Chrome. Some features may not work correctly.</div>');
1 Like