I'm sorry, but grep -i crypt /var/log/anaconda/anaconda.program.log returns nothing. But I have got an entry in /etc/crypttab. I only found this with grep -i luks /var/log/anaconda/anaconda.*: /var/log/anaconda/anaconda.storage.log:20:47:55,959 DEBUG blivet: LUKS.__init__: /var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui: LUKS.__init__: /var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui: getFormat('luks') returning LUKS instance /var/log/anaconda/anaconda.storage.log:20:49:25,014 DEBUG storage.ui: PartitionDevice._setFormat: sda2 ; current: None ; type: luks ; /var/log/anaconda/anaconda.storage.log:20:49:25,015 INFO storage.ui: registered action: [23] Create Format luks on partition sda2 (id 15) /var/log/anaconda/anaconda.storage.log:20:49:25,018 DEBUG storage.ui: LUKSDevice._setFormat: luks-sda2 ; current: None ; type: lvmpv ; /var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui: added luks/dm-crypt luks-sda2 (id 21) to device tree /var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui: registered action: [24] Create Device luks/dm-crypt luks-sda2 (id 21) /var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui: registered action: [25] Create Format lvmpv on luks/dm-crypt luks-sda2 (id 21) /var/log/anaconda/anaconda.storage.log:20:49:25,020 DEBUG storage.ui: LUKSDevice.addChild: kids: 0 ; name: luks-sda2 ; ... Seems as there is no command to crib. :-( Regards Tim Am 06.03.2015 um 07:10 schrieb Chris Murphy: > On Thu, Mar 5, 2015 at 10:25 PM, Tim <lists@xxxxxxxx> wrote: >> Hi Chris, >> >> thanks for your answer. >> >> It is the first time I decided to encrypt my lvm. I choosed to encrypt the >> volume group, not every logical volume itself, because in case of doing lvm >> snapshots in that group they will be encrypted too? > > Yes, anything that's COW'd is also encrypted in this case. > >> And how do I create a new encrypted volume group? > > Strictly speaking the VG isn't the target of the encryption, the > underlying PV is. Also, it's not absolutely necessary to partition the > drive at all if you have no need for unencrypted space on this new > drive. Since I use drives on multiple platforms, I always partition so > that other OS's recognize the drive space is spoken for instead of > appearing unpartitioned and hence blank. Linux via libblkid always > looks at disk contents whether partitioned or not so if this is a > Linux only drive you don't have to partition it. > > 1. Use cryptsetup to create a LUKS volume on the whole disk or a > partition thereof. For the exact command, you can cheat by doing 'grep > cryptsetup /var/log/anaconda/program.log' which will show you the > command Anaconda used when setting up your first drive. PLEASE make > sure you don't use that command directly or it'll wipe the LUKS header > on your current drive. You have to change the /dev/sdX designation to > point to the new drive or partition. > > 2 cryptsetup luksOpen /dev/sdX newdrive > 3. pvcreate /dev/mapper/newdrive > 4. vgcreate newvg /dev/mapper/newdrive > 5. lvcreate -L 300G -n morestuff newvg > 6. mkfs.xfs /dev/mapper/newvg-morestuff > > Adapt as needed. Don't forget crypttab is used to point to the LUKS > volume, once it's unlocked the PV is revealed and lvm will activate > the VG and the LVs on it, and then in your fstab you'll have the UUID > for the XFS volume and mount this whereever you want it mounted. > > > > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos