Cryptswap and Linux assigning different devices letters to disk

I had this weird issue recently: I had a simple Ubuntu setup with cryptesetup and swap, and the crypt swap device (say /dev/mapper/mycryptoswap1) keept disappearing.
Caution: fiddling with cryptsetup and disk devices is dangerous for data and OS. I personally made a full backup on a separate disk and then umplugged it to be sure it wouldn’t be involved in any mishap.

Turns out is a little worse that that: Linux is changing the drive devices assignations (eg /dev/sdb /dev/sdg) at every boot under my nose. I did not notice at first because I am using UUIDs, so everything looked fine. Unfortunately my raw partition did not have any UUID.  Probably there’s a way to assign an UUID to a general partition, but I didn’t address this issue.
Having the disk changing its letter any time was the reason why the crypttab device wasn’t created a boot.  I was lucky: would a partition with valuable data be present in the other disk, it would be overwritten with encrypted swap data.

I decided to fix the original issue and keep Linux from messing with drive letters. Most people won’t experience this behavior because they have all disk in a single controller, while this specific machine had two separate controllers. I learn that In the old days Linux used to initialize hardware devices at boot in a sequential way. Today for speed consideration they are initialized in parallel; so I suppose, who gets first gets the device /dev/sda, and so on. This has nothing to do with BIOS order. That one decides who’s first in every controller, but says nothing on who’s the first controller on the line, the one whose disks take /dev/sda and so on.
I decided to use udev rules to fix this, indirectly. I can’t assign drive letters themselves (and if I could, I wouldn’t want to mess with my OS initiatives), but I can assign a Symlink.
So I created an udev rule in /etc/udev/rules.d/ with an high priority (but no so high, it’s a symlink, I am not attempting to change drive letters/devices).
SUBSYSTEM=="block", SUBSYSTEMS=="scsi", ATTRS{model}=="WDCXXXXXXXXXXX", SYMLINK+="disktwo%n"

the rules just looks for hardisk with the specific models and assigns a symlink and restarted udev. I had just two different disks, with no specific serial or other peculiar characteristic other than  model and size showing in udevadm info -a -p $(udevadm info -q path -n /dev/sdg)
Having identical disk on this one could be very annoying.
I now have a symlinked device like /dev/diskone and used that in /etc/crypttab without any issue.
In the process of discovering the information required for this fix, I got two interesting articles (unrelated)
Hole hawg 
and an interesting overview on the danger of rm
Safety Precautions When Using the ‘rm’ Command.

TODO: discovering if a label can be assigned to a raw partition and use UUID in  crypttab and use that instead of assigning the device symlink (could be handy having identical devices with no peculiar serial showing in udevadm).
Update (27/09/2012): this not so easy at all, as the UUID of the encrypted swap partition changes at every boot, and because the UUID of the raw partition disappears (and the /dev/mapper/cryptwhateverdevice isn’t created. I’ve tried.)
But Archilinux wiki gave me an interesting idea:try with id.
Working with ids survived reboot and everything seems fine.
In a nutshell:

d~$ ls /dev/disk/by-id/
[you get the disk like
and I use /dev/disks/by-id/scsi-SATA_xxxxxxxxxxx-_xxxxxxxxxxxxxxxx-part2 like I would with /dev/disks/by-UUID.
Don't quote me up on this one,but let's say our swap partition is scsi-SATA_xxxxxxxxxxx-_xxxxxxxxxxxxxxxx-part2, (and I guess it's better to triple check this...or a valuable partition data will be busted):
sudo cryptsetup create -d /dev/random mycryswap1 /dev/disk/by-id/scsi-SATA_xxxxxxxxxxx-_xxxxxxxxxxxxxxxx-part2 swap,cipher=aes-cbc-essiv:sha256,hash=ripem

while in my /etc/crypttab I would have something like

cat /etc/crypttab
mycryswap1 /dev/disk/by-id/scsi-SATA_xxxxxxxxxxx-_xxxxxxxxxxxxxxxx-part2 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,hash=ripemd160,size=25
but in  /etc/fstab I'm not gonna use UUIDs just for swap.
# I will use the device and not the UUID just for the swap partition.
mycryswap1 none swap sw 0 0
but that should not be a problem, since /dev/mapper/mycryswap1 is not gonna change like a disk device would.

I understand that using Luks with the option –offset I would be possible avoiding the UUID of the /dev/mapper/ device changing at every boot, but my need of using UUIDs anywhere doesn’t go so far.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s