我的设置:

我的设置:

在全新安装有 Xen 的 Ubuntu 上(学习 Xen,精通 Ubuntu),我尝试使用 LUKS 加密创建 domU PV VM,整个设置过程顺利进行,包括创建、解锁加密卷和完成完整安装。
然而,在重新启动时,它失败了initramfs

我将非常感激任何帮助,使我能够正确地修复此设置,因为我觉得它一定非常接近,这里可能有一些愚蠢的东西,正确的知识可以解锁。

我的设置:

硬件:2011 i7 8GB RAM vt-x + vt-d,新 SSD
主机操作系统(dom0):Ubuntu 18.04,无加密
Xen:4.9
客户机操作系统(domU #1):Ubuntu 18.04

dom0 中用于 domU 的磁盘卷

(dom0) /dev/vg0/lv-1 20GB 设置为 /dev/xvda (domU)
(dom0) /dev/vg0/lv-1swap 12GB 设置为 /dev/xvdb (domU)

domU 上的磁盘卷:

/dev/xvda 分区为:
/dev/xvda1 ext4 1GB 用于 /boot(可启动,无时间) /dev/xvda5 可用空间,LUKS 卷 /dev/xvdb1 可用空间,LUKS 卷 /dev/xvda5_crypt ext4 /(无时间) /dev/xvdb1_crypt 交换

安装后第一次启动 domU 1,控制台输出(使用屏幕):

# xl create -c /etc/xen/domu1.cfg
Parsing config from /etc/xen/domu1.cfg
Using <class 'grub.GrubConf.Grub2ConfigFile'> to parse /grub/grub.cfg
WARNING:root:grub2's saved_entry/next_entry not supported
WARNING:root:Unknown directive else
WARNING:root:Unknown directive menuentry_id_option
WARNING:root:Unknown directive else
WARNING:root:Unknown directive menuentry_id_option
WARNING:root:Unknown directive export
WARNING:root:Unknown directive font
WARNING:root:Unknown directive else
WARNING:root:Unknown directive else
WARNING:root:Unknown directive font
WARNING:root:Unknown directive load_video
WARNING:root:Unknown directive terminal_output
WARNING:root:Unknown directive else
WARNING:root:Unknown directive elif
WARNING:root:Unknown directive clear
WARNING:root:Unknown directive else
WARNING:root:Unknown directive else
WARNING:root:Unknown directive else
WARNING:root:Unknown directive else
WARNING:root:Unknown directive export
WARNING:root:Unknown image directive recordfail
WARNING:root:Unknown image directive load_video
WARNING:root:Unknown image directive gfxmode
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive else
WARNING:root:Unknown image directive fi
WARNING:root:Unknown image directive recordfail
WARNING:root:Unknown image directive load_video   
WARNING:root:Unknown image directive gfxmode
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive else
WARNING:root:Unknown image directive fi
WARNING:root:Unknown image directive recordfail
WARNING:root:Unknown image directive load_video
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive else
WARNING:root:Unknown image directive fi
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive else
WARNING:root:Unknown image directive fi
WARNING:root:Unknown image directive knetbsd
WARNING:root:Unknown image directive if
WARNING:root:Unknown image directive else
WARNING:root:Unknown image directive fi
WARNING:root:Unknown directive source
WARNING:root:Unknown directive elif
WARNING:root:Unknown directive source


    pyGRUB  version 0.6
 ┌────────────────────────────────────────────────────────────────────────┐
 │ Ubuntu                                                                 │
 │ Ubuntu, with Linux 4.15.0-36-generic                                   │
 │ Ubuntu, with Linux 4.15.0-36-generic (recovery mode)                   │
 │ Memory test (memtest86+)                                               │
 │ Memory test (memtest86+, serial console 115200)                        │
 │                                                                        │
 │                                                                        │
 │                                                                        │
 └────────────────────────────────────────────────────────────────────────┘
     Use the ^ and ┴ keys to select which entry is highlighted.
     Press enter to boot the selected OS, 'e' to edit the
     commands before booting, 'a' to modify the kernel arguments
     before booting, or 'c' for a command line.







[    0.000000] e820: Cannot find an available gap in the 32-bit address range
[    0.000000] e820: PCI devices with unassigned 32-bit BARs may not work!
[    0.452369] dmi: Firmware registration failed.

Please unlock disk xvda5_crypt**********
cryptsetup (xvda5_crypt): set up successfully

Please unlock disk xvdb1_crypt**********
cryptsetup (xvdb1_crypt): set up successfully
/dev/xvda1: clean, 311/61056 files, 27841/243968 blocks
mount: mounting /dev on /root/dev failed: No such file or directory
mount: mounting /dev on /root/dev failed: No such file or directory
mount: mounting /run on /root/run failed: No such file or directory
run-init: opening console: No such file or directory
Target filesystem doesn't have requested /sbin/init.
run-init: opening console: No such file or directory
run-init: opening console: No such file or directory
run-init: opening console: No such file or directory
run-init: opening console: No such file or directory
run-init: opening console: No such file or directory
No init found. Try passing init= bootarg.


BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs)

我的 grub 配置似乎有点问题,但它仍然提供启动选项,继续启动,请求 LUKS 密码,但随后又失败了initramfs


我不知道这是否重要,但 mount 显示xvda1已安装为/root,而不是/boot&我看不到加密卷:

(initramfs) mount
rootfs on / type rootfs (rw)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=944232k,nr_inodes=236058,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=195040k,mode=755)
/dev/xvda1 on /root type ext4 (ro,relatime,data=ordered)

(initramfs) lsblk
sh: lsblk: not found

(initramfs) ls -l /dev/xvd*
brw-------    1  202,  17 /dev/xvdb1
brw-------    1  202,  16 /dev/xvdb
brw-------    1  202,   5 /dev/xvda5
brw-------    1  202,   2 /dev/xvda2
brw-------    1  202,   1 /dev/xvda1
brw-------    1  202,   0 /dev/xvda

(domU)/etc/grub/grub.cfg:

(initramfs) cat grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi 

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}
function recordfail {
  set recordfail=1
  if [ -n "${have_grubenv}" ]; then if [ -z "${boot_once}" ]; then save_env recordfail; fi; fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_msdos
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
else
  search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
fi  
    font="/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_GB
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=hidden
    set timeout=10
  # Fallback hidden-timeout code in case the timeout_style feature is
  # unavailable.
  elif sleep --interruptible 10 ; then
    set timeout=0
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
if background_color 44,0,30,0; then
  clear
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
        set gfxpayload="${1}"
        if [ "${1}" = "keep" ]; then
                set vt_handoff=vt.handoff=1
        else
                set vt_handoff=
        fi
}
if [ "${recordfail}" != 1 ]; then
  if [ -e ${prefix}/gfxblacklist.txt ]; then
    if hwmatch ${prefix}/gfxblacklist.txt 3; then
      if [ ${match} = 0 ]; then
        set linux_gfx_mode=keep
      else
        set linux_gfx_mode=text
      fi
    else
      set linux_gfx_mode=text
    fi
  else
    set linux_gfx_mode=keep
  fi
else
  set linux_gfx_mode=text
fi
export linux_gfx_mode
menuentry 'Ubuntu' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-3260e51a-3ccd-4af5-89a6-d201954bcacb' {
        recordfail
        load_video
        gfxmode $linux_gfx_mode
        insmod gzio
        if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
        insmod part_msdos
        insmod ext2
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
        else
          search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
        fi
        linux   /vmlinuz-4.15.0-36-generic root=UUID=3260e51a-3ccd-4af5-89a6-d201954bcacb ro  quiet splash $vt_handoff
        initrd  /initrd.img-4.15.0-36-generic
}
submenu 'Advanced options for Ubuntu' $menuentry_id_option 'gnulinux-advanced-3260e51a-3ccd-4af5-89a6-d201954bcacb' {
        menuentry 'Ubuntu, with Linux 4.15.0-36-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.15.0-36-generic-advanced-3260e51a-3ccd-4af5-89a6-d201954bcacb' {
                recordfail
                load_video
                gfxmode $linux_gfx_mode
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_msdos
                insmod ext2
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
                else
                  search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
                fi
                echo    'Loading Linux 4.15.0-36-generic ...'
                linux   /vmlinuz-4.15.0-36-generic root=UUID=3260e51a-3ccd-4af5-89a6-d201954bcacb ro  quiet splash $vt_handoff
                echo    'Loading initial ramdisk ...'
                initrd  /initrd.img-4.15.0-36-generic
        }
        menuentry 'Ubuntu, with Linux 4.15.0-36-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.15.0-36-generic-recovery-3260e51a-3ccd-4af5-89a6-d201954bcacb' {
                recordfail
                load_video
                insmod gzio
                if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
                insmod part_msdos
                insmod ext2
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
                else
                  search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
                fi
                echo    'Loading Linux 4.15.0-36-generic ...'
                linux   /vmlinuz-4.15.0-36-generic root=UUID=3260e51a-3ccd-4af5-89a6-d201954bcacb ro recovery nomodeset
                echo    'Loading initial ramdisk ...'
                initrd  /initrd.img-4.15.0-36-generic
        }
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_memtest86+ ###
menuentry 'Memory test (memtest86+)' {
        insmod part_msdos
        insmod ext2
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
        else
          search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
        fi
        knetbsd /memtest86+.elf
}
menuentry 'Memory test (memtest86+, serial console 115200)' {
        insmod part_msdos
        insmod ext2
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root  94f039b9-bd0d-4938-bbdf-362f13ba99a1
        else
          search --no-floppy --fs-uuid --set=root 94f039b9-bd0d-4938-bbdf-362f13ba99a1
        fi
        linux16 /memtest86+.bin console=ttyS0,115200n8
}
### END /etc/grub.d/20_memtest86+ ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

(dom0)domu1.cfg:

注意:初始 kernel&ramdisk=/var/lib 用于网络启动,按照以下说明执行安装过程:Ubuntu Xen 指南

# cat domu1.cfg 
# Guest name
name = "domu1"

# 128-bit UUID for the domain as a hexadecimal number.
# Use "uuidgen" to generate one if required.
# The default behavior is to generate a new UUID each time the guest is started.
#uuid = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

# Kernel image to boot
#kernel = "/boot/vmlinuz"
#kernel = "/var/lib/xen/images/ubuntu-netboot/Ubuntu18.04-bionic-beaver/vmlinuz"
# Ramdisk (optional)
#ramdisk = "/boot/initrd.gz"
#ramdisk = "/var/lib/xen/images/ubuntu-netboot/Ubuntu18.04-bionic-beaver/initrd.gz"
bootloader = "/usr/lib/xen-4.9/bin/pygrub"

# Kernel command line options
extra = "root=/dev/xvda1"

# Initial memory allocation (MB)
memory = 2048

# Maximum memory (MB)
# If this is greater than `memory' then the slack will start ballooned
# (this assumes guest kernel support for ballooning)
maxmem = 6144

# Number of VCPUS
vcpus = 7

# Network devices
# A list of 'vifspec' entries as described in docs/misc/xl-network-configuration.markdown
vif = [ 'bridge=xenbr0' ]

# Disk Devices
# A list of `diskspec' entries as described in docs/misc/xl-disk-configuration.txt
disk = [ '/dev/vg0/lv-1,raw,xvda,rw','/dev/vg0/lv-1swap,raw,xvdb,rw' ]

编辑:(在 dom0 上)文件系统可读且有效:

# guestfish -a /dev/vg0/lv-1
><fs> run
><fs> luks-open /dev/sda5 sda5_crypt
><fs> mount /dev/mapper/sda5_crypt /
><fs> mount /dev/sda1 /boot

><fs> ll /boot/grub
total 2388
drwxr-xr-x 5 0 0    4096 Oct 12 11:22 .
drwxr-xr-x 4 0 0    4096 Oct 12 11:23 ..
drwxr-xr-x 2 0 0    4096 Oct 12 11:22 fonts
-rw-r--r-- 1 0 0     712 Oct 12 11:08 gfxblacklist.txt
-r--r--r-- 1 0 0    6857 Oct 12 11:22 grub.cfg
-rw-r--r-- 1 0 0    1024 Oct 12 11:22 grubenv
drwxr-xr-x 2 0 0   12288 Oct 12 11:22 i386-pc
drwxr-xr-x 2 0 0    4096 Oct 12 11:22 locale
-rw-r--r-- 1 0 0 2397557 Oct 12 11:08 unicode.pf2

><fs> ll /initrd.img
-rw-r--r-- 1 0 0 56938107 Oct 12 11:23 /sysroot/boot/initrd.img-4.15.0-36-generic

编辑2:

为了尝试恢复加密设置,我做了以下操作:

losetup -f
losetup /dev/loop15 /dev/vg0/lv-1
kpartx -av /dev/loop15
udisksctl unlock -b /dev/mapper/loop15p5
mount /dev/dm-9 /mnt/d1
mount /dev/mapper/loop15p1 /mnt/d1/boot
ln -s /dev/mapper/luks-ba3b60bf-f06c-48d8-819a-1c2a2620252a /dev/mapper/xvda5

losetup -f
losetup /dev/loop16 /dev/vg0/lv-1swap 
kpartx -av /dev/loop16
udisksctl unlock -b /dev/mapper/loop16p1 
ln -s /dev/mapper/luks-e3a84c9d-f9e8-424d-a473-48af7dc22500 /dev/mapper/xvdb1

mount --bind /dev /mnt/d1/dev
mount --bind /sys /mnt/d1/sys
mount --bind /proc /mnt/d1/proc
chroot /mnt/d1

ln -s /dev/mapper/loop15p5 /dev/mapper/xvda5_crypt
ln -s /dev/mapper/loop16p1 /dev/mapper/xvdb1_crypt
cat /etc/crypttab

    xvda5_crypt UUID=ba3b60bf-f06c-48d8-819a-1c2a2620252a none luks,discard
    xvdb1_crypt UUID=e3a84c9d-f9e8-424d-a473-48af7dc22500 none luks,swap,discard

update-initramfs -k all -c

最后一个命令产生以下输出:

update-initramfs: Generating /boot/initrd.img-4.15.0-36-generic
Warning: /sbin/fsck.crypto_LUKS doesn't exist, can't install to initramfs, ignoring.

继续更新 grub,退出 chroot(不安装 grub!),卸载链接并重新启动:我甚至无法重新启动主机系统,我不得不从 USB 启动,修复 grub 并重新启动。但我的 domU 仍然无法启动(同样的故障回到了 initramfs),所以我的行动可能毫无意义。

相关内容