-
Bug
-
Resolution: Unresolved
-
Blocker
-
rhel-9.6, rhel-10.0
-
python-blivet-3.10.0-16.el10_0
-
No
-
Critical
-
rhel-sst-storage-management
-
ssg_platform_storage
-
30
-
31
-
1
-
False
-
-
Yes
-
None
-
Approved Blocker
-
Bug Fix
-
-
Done
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
fstrim doesn't work on `/` partition for ostree based deployments installed by anaconda/blivet.
The fstrim is enabled by default for a long time by /etc/crypttab, however, given the fact that ostree based systems won't build initrd on system the systemd-cryptsetup-generator will not know about it when opening a root LUKS and won't set the discard option correctly.
What is the impact of this issue to you?
The system with these conditions:
- LUKS partition on `/` mount
- SSD drive
- ostree based system
will not have working fstrim.
That means that after unspecified number of IO operations your system might became completely unresponsive.
Please provide the package NVR for which the bug is seen:
All the ostree based systems are impacted. This bug is impacting all ostree based systems deployed by anaconda/blivet.
How reproducible is this bug?:
Always
Steps to reproduce
- Install ostree based system
- In the installed system run `sudo fstrim -av`
- If you see "fstrim: /: the discard operation is not supported" the system is impacted
Expected results
The fstrim command should work on `/` mount.
Actual results
The fstrim command raise error on `/` mount.
Notes
This could be fixed on newly installed systems but we can't fix this on already installed systems as there are security implications. To fix this on existing system you need to run:
cryptsetup --allow-discards --persistent refresh <luks device>
where the luks device could be read from `lsbkl` or `/dev/mapper/luks-*`.
The system might require a reboot to make the changes working.
- clones
-
-
- Release Pending
-
- is blocked by
-
-
- Release Pending
-
- is cloned by
-
-
- Release Pending
-
- links to
-
RHBA-2024:138641
python-blivet bug fix and enhancement update
[RHEL-82884] RHEL-10: ostree-based systems deployed with blivet can't fstrim LUKS-encrypted partitions of SSD hard drive by default
Hi vtrefny@redhat.com, I filed the documentation for the RN and we are discussing that this information should be also included into the installation guide directly. Feel free to change my documentation string if you don't agree with it.
python-blivet-3.10.0-16.el10_0 is included in RHEL-10.0-20250320.3, moving to Release Pending.
Tested with python-blivet-3.10.0-16.el10_0, all looks good on the installed system:
[root@localhost ~]# fstrim -av
/var/home: 155.1 GiB (166589366272 bytes) trimmed on /dev/mapper/rhel-home
/boot/efi: 590.4 MiB (619106304 bytes) trimmed on /dev/nvme0n1p1
/boot: 1 GiB (1073741824 bytes) trimmed on /dev/nvme0n1p2
/etc: 70 GiB (75161927680 bytes) trimmed on /dev/mapper/rhel-root
[root@localhost ~]# dmsetup table
luks-cd531d5e-3204-4d69-926c-c2e1e4f511e3: 0 496756736 crypt aes-xts-plain64 :64:logon:cryptsetup:cd531d5e-3204-4d69-926c-c2e1e4f511e3-d0 0 259:3 32768 1 allow_discards
rhel-home: 0 325369856 linear 253:0 146802688
rhel-root: 0 146800640 linear 253:0 2048
rhel-swap: 0 24584192 linear 253:0 472172544
[root@localhost ~]# lsblk -D
NAME DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO
sda 0 512B 0B 0
nvme0n1 0 512B 2T 0
├─nvme0n1p1 0 512B 2T 0
├─nvme0n1p2 0 512B 2T 0
└─nvme0n1p3 0 512B 2T 0
└─luks-cd531d5e-3204-4d69-926c-c2e1e4f511e3 0 512B 2T 0
├─rhel-root 0 512B 2T 0
├─rhel-swap 0 512B 2T 0
└─rhel-home 0 512B 2T 0
[root@localhost ~]#
Preliminary testing: Pass
The 'blocked by' issue RHEL-82885 is transitioned to Release Pending.
The release blocker/exception task has completed successfully and your blocker/exception request has been set as Approved Blocker. Please plan/complete this work accordingly.
The release note looks good to me, thank you Jirka.