fai and cryptsetup

[Patrick Schoenfeld]

Hi,

On Sat, Sep 25, 2010 at 01:29:47PM +0200, Michael Tautschnig wrote:
> Thanks for pointing out the typo, it made debugging much easier; I'll also try
> to make the error message a bit more helpful. But, well, debugging revealed a
> problem in your config:

just as a remark: The installation worked this way. However with the
current support in setup-storage a fai-installed system will NOT be able
to boot from a crypto-root-filesystem.

1. The keyfile is written to /tmp/fai (or /var/log/fai/localhost/last/
on the resulting installed machine) where it will never be available
during the boot.

2. The crypttab is written with the /tmp/fai filename which gets invalid
as soon as the system is rebooted.

3. Booting from a cryptoroot with a keyfile seems to be problematic
anyway. At least I haven't yet managed to get a working installation
with it (and don't want to invest much time in it as its not the wanted
goal anyway).

What I'll now try to get a crypted fai installation bootable:
Add a script to add a new luksKey, a default passphrase and change the
crypttab so that it does not reference a keyfile. Then trigger initramfs
recreation.

Any other options (with setup-storage support itself, maybe?)

Best Regards,
Patrick