You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ReaR version ("/usr/sbin/rear -V"): Relax-and-Recover 2.6 / 2020-06-17
If your ReaR version is not the current version, explain why you can't upgrade:
Enviroment has no direct internet access. Limited to a Nexus-Repository only.
OS version ("cat /etc/os-release" or "lsb_release -a" or "cat /etc/rear/os.conf"):
to enable NBDE unlocking the rear restore no longer works.
After using clevis to bind the key you have to run dracut in order for the VM to boot properly as described here.
I can capture a backup and restore the image but upon reboot the error I receive is:
dracut-initqueue[683]:
Failed to start systemd-cryptsetup@luks\x2d....service:
Unit systemd-cryptsetup@lus\x2d.....service not found
Dependency failed for cryptography Setup for luks-...
I went through this post but my UUIDs in the crypttab matched fine.
I even set a partlabel on the working VM LUKS partition and modified the crypttab to use PARTLABEL= instead of UUID but that did not work either.
Is there a module that is not getting put into the initrd upon restore?
Attachments, as applicable ("rear -D mkrescue/mkbackup/recover" debug log files): rear-mkbackup.log
The text was updated successfully, but these errors were encountered:
I just wanted to update that I found a workaround for this issue by using the PRE_BACKUP_SCRIPT and POST_BACKUP_SCRIPT settings.
The pre script unbinds the tang key and then the post script adds it back.
Seems to work well.
The PRE_BACKUP_SCRIPT is set to run right before the backup phase from what I understand.
I needed it to happen earlier in the process.
I changed the name and moved
/usr/share/rear/backup/default/010_pre_backup_script.sh
to /usr/share/rear/init/default/001_pre_backup_script.sh
and this ran the script earlier in the process
and I was able to achieve the outcome that is needed.
If there is a better way to change the order of processes, then please let me know.
@Herpgon
sorry that noone replied to your posting here.
I assume this is because everyone was busy with other issues
and/or noone has sufficient clevis knowlegde or uses clevis.
At least I know nothing about clevis nor did I ever use it.
Currently there is no support for clevis in ReaR
('clevis' does not appear in any ReaR source file).
So what is needed - as far as I see - is adding
at least basic clevis support in ReaR.
As far as I see your workaround is "OK-ish".
ReaR is meant to be adapted for specific use cases
(even with quick and dirty hacks if needed).
If you like to do it and if you would also maintain it
for some reasonable time until basic clevis support
works reasonably well in ReaR, we would appreciate
a GitHub pull request from you that adds basic clevis
support in ReaR.
jsmeix
changed the title
clevis luks bind
clevis luks bind (no clevis support in ReaR)
Apr 10, 2024
ReaR version ("/usr/sbin/rear -V"):
Relax-and-Recover 2.6 / 2020-06-17
If your ReaR version is not the current version, explain why you can't upgrade:
Enviroment has no direct internet access. Limited to a Nexus-Repository only.
OS version ("cat /etc/os-release" or "lsb_release -a" or "cat /etc/rear/os.conf"):
Hardware vendor/product (PC or PowerNV BareMetal or ARM) or VM (KVM guest or PowerVM LPAR):
ESXi 7.0 U2 VM
System architecture (x86 compatible or PPC64/PPC64LE or what exact ARM device):
x86-64
Firmware (BIOS or UEFI or Open Firmware) and bootloader (GRUB or ELILO or Petitboot):
UEFI Secure boot enabled
Storage (local disk or SSD) and/or SAN (FC or iSCSI or FCoE) and/or multipath (DM or NVMe):
Local VMHD
Storage layout ("lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,LABEL,SIZE,MOUNTPOINT"):
I have a LUKS encrypted LVM that can be successfully captured and restored using rear.
The problem is when I use
to enable NBDE unlocking the rear restore no longer works.
After using clevis to bind the key you have to run dracut in order for the VM to boot properly as described here.
I can capture a backup and restore the image but upon reboot the error I receive is:
I went through this post but my UUIDs in the crypttab matched fine.
I even set a partlabel on the working VM LUKS partition and modified the crypttab to use PARTLABEL= instead of UUID but that did not work either.
Is there a module that is not getting put into the initrd upon restore?
rear-mkbackup.log
The text was updated successfully, but these errors were encountered: