Encrypted Swap will not mount at boot

gserlenga

I am having an issue with Lab 10.2: Encrypted Swap

I already have an LVM logical volume which contains my entire root partition, it is LUKS encrypted with the passphrase entered interactively at boot.

I am able to create, encrypt, and activate the swap partition successfully inside of a linux session and I edited /etc/fstab and /etc/crypttab with what I believe are the correct entries to start it up at boot.

The encrypted swap will not mount on reboot. The kernel boot log shows:

systemd[1]: Reached target RPC Port Mapper
systemd[1]: Timed out waiting for device dev-mapper-swap\x2dcrypt.device
systemd[1]: Dependency failed for /dev/mapper/crypt-swap
systemd[1]: Dependency failed for Swap

My /etc/fstab entry is:

/dev/mapper/crypt-swap none swap defaults 0 0

My /etc/crypttab entry is:

crypt-swap /dev/mapper/vg-swap /dev/urandom swap

/dev/mapper/vg-swap is the mapped device name of the swap partition contained on an LVM logical volume on my system.

crypt-swap is the mapped device name of the swap partition when unlocked/unencrypted.

Since I already have one encrypted partition(root) for which I interactively enter a passphrase at boot, how do I get the second encrypted partition to prompt for a passphrase, or load a keyfile? I've spent alot of time screwing with --key-file=xxx in the 3rd field of /etc/crypttab, but I get a different set of kernel log errors in that case and can only decrypt and mount the encrypted swap manually from within a linux session.

Not sure if this is some sort of systemd specific issue or not. Can anyone help me or point me in the right direction with this?

luisviveropena

Hi,

Can you try creating a new partition? Your current issue may be related to https://bugzilla.redhat.com/show_bug.cgi?id=1160429 or https://bugzilla.redhat.com/show_bug.cgi?id=708574 , so please use another partition for this lab and not the root one.

Regards,
Luis.

gserlenga

Thank you for replying, after several further attempts I did also realize this is likely related to the bugs you referenced, I will take your suggestion and create the encrypted swap on a non-root partition.

luisviveropena

Excellent, it's a pleasure

Luis.