[CentOS] *****SPAM***** CentOS 8 installer bug

Fri Aug 28 10:39:15 UTC 2020
Guillaume-Jean Herbiet <gjherbiet at restena.lu>


(Sorry, Thunderbird crashed while writing the previous message and seems to have sent it while closing...)

I successfully installed servers with kickstart using the following:

clearpart --all --initlabel
ignoredisk --only-use=sda

part /boot     --asprimary --ondisk=sda --label=BOOT --fstype="ext4"  --size=256
part /boot/efi --asprimary --ondisk=sda --label=EFI  --fstype="efi"   --size=256 --fsoptions=umask=0077,shortname=winnt
part pv.01                 --ondisk=sda              --fstype="lvmpv" --grow --encrypted --luks-version=luks2 --cipher=aes-xts-plain64 --passphrase=mysecret

volgroup system --pesize=4096 pv.01
logvol swap     --vgname=system --name=swap   --label="SWAP"   --fstype="swap"  --recommended --fsoptions=swap
logvol /        --vgname=system --name=root   --label="ROOT"   --fstype="xfs"   --percent=50
logvol /backup  --vgname=system --name=backup --label="BACKUP" --fstype="xfs"   --percent=50

I didn't know about the `reqpart` option (which seems to cause trouble here as the installation fails while creating `/boot/efi`).

Nevertheless, I was also wondering whether this scheme could be "optimized":

* only create a `/boot` partition (no `/boot/efi`) that will contain both boot and EFI files (hence formatted with `fstype="efi"`)

* do not use LVM to hold the encrypted partitions, but create a simple encrypted partition, mount it to `/dev/mapper` and create partitions (for `/`, swap, etc.) inside it.

The latter doesn't seem to be possible with pure-kickstart commands but using `%pre` commands[1].

Has anyone successfully experienced one or both of the options?

Thanks in advance.

[1] https://dark.ca/2009/08/03/complex-partitioning-in-kickstart/

On 2020-08-27 18:19, isdtor wrote:
> Has anyone managed to create an encrypted disk partition with CentOS 8 kickstart?
> 1 reqpart --add-boot
> 2 part /boot --fstype ext3 --size=1024 --ondrive=sda
> 3 part pv.1 --size=1 --grow --ondrive=sda --encrypted --pashphrase="bla"
> 4 volgroup vol0 pv.100000
> 5 logvol / --vgname=vg_00 --name=lv_root --size=102400 --fstype=ext4
> ...
> No matter what I specify in line 3, the installer bombs out. The only way to successful kickstart is to not encrypt the lvm pv. The contents of the passphrase are not to blame, installer still dies after accepting a passphrase from the console.
> 15:57:45,280 DBG kickstart: Looking for platform-specific boot requirements.
> 15:57:45,281 DBG kickstart: Applying requirements:
> PartSpec instance (0x7fbd40f44320) -- 
>   mountpoint = /boot/efi  lv = False  thin = False  btrfs = False
> ...
> PartSpec instance (0x7fbd4048b4e0) -- 
>   mountpoint = /boot  lv = False  thin = False  btrfs = False
> ...
> 15:57:45,283 DBG bootloader: stage1 device cannot be of type disk
> 15:57:45,334 DBG exception: running handleException
> 15:57:45,334 CRT exception: Traceback (most recent call last):
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Guillaume-Jean Herbiet, PhD
System engineer

Fondation Restena / DNS-LU
2, avenue de l'Université
L-4365 Esch-sur-Alzette
tel.: +352.424409
fax.: +352.422473
https://www.restena.lu  https://www.dns.lu

Public key ID: 0x3A4C47C7

Email is an asynchronous, store-and-forward system.
Hence, there is no such thing as an urgent mail.
For immediate response, please contact me otherwise.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20200828/b93646e5/attachment-0004.sig>