Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1687753 - clevis-dracut can't reach tang server for automatic LUKS decryption over NBDE
Summary: clevis-dracut can't reach tang server for automatic LUKS decryption over NBDE
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: dracut
Version: 29
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: dracut-maint-list
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-12 10:12 UTC by Martin Zelený
Modified: 2019-03-18 16:10 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Martin Zelený 2019-03-12 10:12:15 UTC
Description of problem:
NBDE scenario on F29 does not work (works on RHEL-8)

Version-Release number of selected component (if applicable):
    # rpm -q dracut clevis{,-luks,-dracut}
    dracut-049-25.git20181204.fc29.x86_64
    clevis-11-4.fc29.x86_64
    clevis-luks-11-4.fc29.x86_64
    clevis-dracut-11-4.fc29.x86_64

Setup automatic unlocking LUKS volume during early boot:

    yum install clevis-luks
    clevis luks bind -d /dev/vda2 tang '{"url":"10.37.162.15"}'
    yum install clevis-dracut
    dracut -f
    reboot

Actual results after reboot:
Multiple output on console:
[    9.839506] dracut-initqueue[485]: Error communicating with the server!

Expected results:
Proceed with unlocked LUKS volume.

Additional info:
Communitaction with tang server works with corresponding tcp traffic on tang server:

    # echo 'hi there' | clevis encrypt tang '{"url":"10.37.162.15"}' | clevis decrypt
    hi there


Note You need to log in before you can comment on or make changes to this bug.