zfs: Hide harmless error message in dracut

1c8c508d · James T. Lee · fdbc2c8c · 1c8c508d · 1c8c508d · 1c8c508d
Commit 1c8c508d authored May 31, 2019 by James T. Lee
Showing with 56 additions and 1 deletion

files/zfs/zfs-load-key.sh files/zfs/zfs-load-key.sh +47 -0

manifests/profile/base/dracut.pp manifests/profile/base/dracut.pp +0 -1

manifests/profile/base/zfs.pp manifests/profile/base/zfs.pp +9 -0

No files found.
--- a/files/zfs/zfs-load-key.sh
+++ b/files/zfs/zfs-load-key.sh
+#!/bin/sh
+# only run this on systemd systems, we handle the decrypt in mount-zfs.sh in the mount hook otherwise
+[ -e /bin/systemctl ] || return 0
+# This script only gets executed on systemd systems, see mount-zfs.sh for non-systemd systems
+# import the libs now that we know the pool imported
+[ -f /lib/dracut-lib.sh ] && dracutlib=/lib/dracut-lib.sh
+[ -f /usr/lib/dracut/modules.d/99base/dracut-lib.sh ] && dracutlib=/usr/lib/dracut/modules.d/99base/dracut-lib.sh
+# shellcheck source=./lib-zfs.sh.in
+. "$dracutlib"
+# load the kernel command line vars
+[ -z "$root" ] && root="$(getarg root=)"
+# If root is not ZFS= or zfs: or rootfstype is not zfs then we are not supposed to handle it.
+[ "${root##zfs:}" = "${root}" ] && [ "${root##ZFS=}" = "${root}" ] && [ "$rootfstype" != "zfs" ] && exit 0
+# There is a race between the zpool import and the pre-mount hooks, so we wait for a pool to be imported
+while true; do
+    zpool list -H 2>/dev/null | grep -q -v '^$' && break
+    [ "$(systemctl is-failed zfs-import-cache.service)" = 'failed' ] && exit 1
+    [ "$(systemctl is-failed zfs-import-scan.service)" = 'failed' ] && exit 1
+    sleep 0.1s
+done
+# run this after import as zfs-import-cache/scan service is confirmed good
+if [ "${root}" = "zfs:AUTO" ] ; then
+    root="$(zpool list -H -o bootfs | awk '$1 != "-" {print; exit}')"
+else
+    root="${root##zfs:}"
+    root="${root##ZFS=}"
+fi
+# if pool encryption is active and the zfs command understands '-o encryption'
+if [ "$(zpool list -H -o feature@encryption $(echo "${root}" | awk -F\/ '{print $1}'))" = 'active' ]; then
+    # if the root dataset has encryption enabled
+    ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot "${root}")
+    if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
+        # decrypt them
+        TRY_COUNT=5
+        while [ $TRY_COUNT -gt 0 ]; do
+            systemd-ask-password "Encrypted ZFS password for ${root}" --no-tty | zfs load-key "${ENCRYPTIONROOT}" && break
+            TRY_COUNT=$((TRY_COUNT - 1))
+        done
+    fi
+fi
--- a/manifests/profile/base/dracut.pp
+++ b/manifests/profile/base/dracut.pp
@@ -23,7 +23,6 @@ class nest::profile::base::dracut {
    $base_config_content = @(EOT)
      add_dracutmodules+=" crypt "
      early_microcode="yes"
-      force_drivers+=" zfs "
      hostonly="yes"
      hostonly_cmdline="no"
      | EOT

--- a/manifests/profile/base/zfs.pp
+++ b/manifests/profile/base/zfs.pp
@@ -3,6 +3,15 @@ class nest::profile::base::zfs {
    ensure => installed,
  }
+  file { '/usr/lib/dracut/modules.d/90zfs/zfs-load-key.sh':
+    mode    => '0755',
+    owner   => 'root',
+    group   => 'root',
+    source  => 'puppet:///modules/nest/zfs/zfs-load-key.sh',
+    require => Package['sys-fs/zfs'],
+    notify  => Class['::nest::profile::base::dracut'],
+  }
  # On systems without ZFS root, the zfs module doesn't get loaded by dracut
  file { '/etc/modules-load.d/zfs.conf':
    mode    => '0644',