修复 Ubuntu dist-upgrade 后系统使用 RAID 1 和 LVM 的加密配置

修复 Ubuntu dist-upgrade 后系统使用 RAID 1 和 LVM 的加密配置

我最近尝试对按照以下方式设置的系统进行 dist-upgrade如何在加密的 RAID 1 上安装 Ubuntu 15.10升级到 Ubuntu 19.10。

不幸的是,重新启动后我收到以下错误消息:

...
Volumen group "vgubuntu" not found
Cannot process volume group vgubuntu
...

正如所怀疑的那样,RAID1、加密(luks)和 LUKS 容器内的 LVM 均未损坏,只有配置被 distupgrade 破坏了。我想分享我修复它的步骤。

答案1

基本步骤如下:

  1. 使用 Ubuntu 实时系统创建 USB 棒(我使用的是 Ubuntu 20.04)
  2. 从 USB 启动系统
  3. 组装 RAID、解锁加密、挂载卷组和分区以准备 chroot
  4. chroot 到系统进行修复
  5. 安装 mdadm,修复 crypttab、/etc/modules、update-initramfs 和 update-grub 的内容
  6. 重启系统

以下是步骤 3 和步骤 5 的更多详细信息:

在步骤 3 之前保存步骤 5 的脚本,以便步骤 3 的脚本将其放置在正确的位置。我把所有内容都放在脚本中,这样我就可以更轻松地恢复我的工作。

步骤 3(将其保存到实时系统中可用的某个卷以使其可重现,并根据您的设置调整目录):

#!/bin/bash
# script to assemble the raid, open the encryption, open the volume group and mount all partitions for inspection for a system configured as in https://superuser.com/questions/1020806/how-to-install-ubuntu-15-10-on-an-encrypted-raid-1
# the directory in which the system to inspect is mounted
MOUNT_DIRECTORY="/media/system_to_fix"
if [ -d "$MOUNT_DIRECTORY" ]; then
    echo "$MOUNT_DIRECTORY already exists, please delete (after checking) and start again"
    exit
fi
# the name of the script to fix the broken system for execution in the chroot
CHROOT_SCRIPT_SOURCE_FILE="install_mdadm_and_fix_grub_in_chroot.sh"
# the path to the script file
CHROOT_SCRIPT_SOURCE_PATH="/media/ubuntu/stick/$CHROOT_SCRIPT_SOURCE_FILE"
if [ ! -f "$CHROOT_SCRIPT_SOURCE_PATH" ]; then
    echo "$CHROOT_SCRIPT_SOURCE_PATH doesn't exists, please check and start again"
    exit
fi

read -p "verify that your system is setup according to https://superuser.com/questions/1020806/how-to-install-ubuntu-15-10-on-an-encrypted-raid-1 or adapt accordingly"
sudo apt-get install mdadm cryptsetup
echo "assemble raid"
sudo mdadm --assemble --scan
echo "open ecrypted partition 2 in raid"
sudo cryptsetup luksOpen /dev/md0p2 lukslvm
sudo vgchange -a y
echo "updating volumn group metadata, as this was not up to data and caused a warning"
sudo vgck --updatemetadata vgubuntu

echo "creating directories for mounting"
sudo mkdir $MOUNT_DIRECTORY
sudo mkdir $MOUNT_DIRECTORY/root
sudo mkdir $MOUNT_DIRECTORY/root/home
echo "mounting root"
sudo mount /dev/mapper/vgubuntu-root $MOUNT_DIRECTORY/root
echo "mounting home"
sudo mount /dev/mapper/vgubuntu-home $MOUNT_DIRECTORY/root/home
echo "mounting boot"
sudo mount /dev/md0p1 $MOUNT_DIRECTORY/root/boot/
echo "mounting dev from livesystem"
sudo mount -o rbind /dev $MOUNT_DIRECTORY/root/dev
echo "mounting proc from livesystem"
sudo mount -t proc proc $MOUNT_DIRECTORY/root/proc/
echo "mounting sys from livesystem"
sudo mount -t sysfs sys $MOUNT_DIRECTORY/root/sys
echo "copy resolv.conf from livesystem to system to inspect/fix"
sudo cp /etc/resolv.conf $MOUNT_DIRECTORY/root/etc/resolv.conf
echo "copy script for execution in chroot to $MOUNT_DIRECTORY/root/tmp/$CHROOT_SCRIPT_SOURCE_FILE"
sudo cp $CHROOT_SCRIPT_SOURCE_PATH $MOUNT_DIRECTORY/root/tmp/$CHROOT_SCRIPT_SOURCE_FILE
echo "chroot setup, call 'sudo chroot $MOUNT_DIRECTORY/root /bin/bash' to chroot and execute sh /tmp/$CHROOT_SCRIPT_SOURCE_FILE"

执行下一个脚本之前不要忘记 chroot。

步骤 5(将其保存到实时系统中某个可用卷上的“install_mdadm_and_fix_grub_in_chroot.sh”以使其可重现,并根据您的设置调整目录):

#!/bin/bash
# script to fix installation of mdadm, content of crypttab, /etc/modules and execution of update-initramfs and update-grup or exection in chroot of a system configured as in https://superuser.com/questions/1020806/how-to-install-ubuntu-15-10-on-an-encrypted-raid-1
echo "updating package cache and install emacs and mdadm"
sudo apt-get update
sudo apt-get install emacs mdadm
read -p "reading UUID of root device /dev/md0p2"
blkid /dev/md0p2 
read -p "edit crypttab add line 'lukslvm UUID=<VOLUME_ID> none luks'"
emacs /etc/crypttab
read -p "edit modules add line 'dm-crypt'"
emacs /etc/modules
update-initramfs -u -k all
read -p "add 'kopt=root=/dev/mapper/vgubuntu-root' to 'GRUB_CMDLINE_LINUX_DEFAULT' in /etc/default/grub"
emacs /etc/default/grub
echo "updating grub"
sudo update-grub
echo "reboot and enjoy ;)"

在修复过程中,我遇到了更新 initramfs 的问题:

cryptsetup: WARNING: target 'lukslvm'

这阻碍了最初问题的解决。我并没有真正弄清楚是什么解决了这个问题。在我向脚本中添加了一些便利功能后,这个问题“神奇地”得到了解决。我记得的唯一区别是,我还挂载了“/home”,而我在之前的脚本版本中没有这样做。但这根本不会影响加密配置,至少这是我所期望的。

相关内容