cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
IvanLabrovic
Flight Engineer
Flight Engineer
‎05-05-2025 07:59 PM
  • 914 Views

luks device not decrypting at boot

Jump to solution

Hi i'm struggling with the lab in CH3 protecting with LUKS and NBDE.
/dev/vdb1 created and cryptsetup luksFormat went ok.
maual open and close works fine.
playbook did not give any errors, i even copied the playbook from the solution to be sure.
On serverb, the encrypted /dev/vdb1 is nicely opened when i use "cryptsetup open"
i checked /etc/crypttab several time and seems ok
servers c and d are both configured
i can reach both serverc:80 and serverd:80 from serverb
also "clevis luks list /dev/vdb1" shows the pin configuration which looks fine.
But the device wont open after reboot.
/dev/mapper does not show the opened device.
Tried to skip the _netdev option, but then the bootprompt asks for password (as expected, too soon network not up yet), make sence so i put _netdev back into /etc/crypttab
Could not find any logging on serverb
Any suggestions how to troubleshoot or what i may have forgotten?

Join the discussion
1 Solution

Accepted Solutions
IvanLabrovic
Flight Engineer
Flight Engineer
‎05-06-2025 07:43 PM
  • 846 Views

Jump to solution

Just recreated the lab and finally got it working after doing basically the same steps again.
Dont know exactly why because i didnt do anything different.
I hope someone still has more troubleshooting tips&tricks for cases where nbde does not do as expected.

View solution in original post

3 Replies
IvanLabrovic
Flight Engineer
Flight Engineer
‎05-06-2025 07:43 PM
  • 847 Views

Jump to solution

Just recreated the lab and finally got it working after doing basically the same steps again.
Dont know exactly why because i didnt do anything different.
I hope someone still has more troubleshooting tips&tricks for cases where nbde does not do as expected.

Chetan_Tiwary_
Community Manager
Community Manager
‎05-06-2025 08:05 PM
  • 842 Views

Jump to solution

@IvanLabrovic great that it is working fine in a newly created lab environment which means you did everything correct. May be something from the previous lab works messed up the expected result because in a new lab environment it worked fine.

Anyways, I am glad that it is resolved for you - please let me know if you face this issue again.

telefonica_khya
Cadet
Cadet
‎06-03-2025 01:16 PM
  • 595 Views

Jump to solution

key commands for troubleshooting would be:

 

clevis luks list -d <device> <---- this should display the binded tang keys if its blank something went wrong somewhere

curl http:<tang server>/adv < ----- this should show the keys being advertised from the tang servers

 

on the tang servers:

 

tang-show-keys <--- displays which keys are in use by tang currently 

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use