Re: LVM encryption and new volume group

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I'm sorry, but grep -i crypt /var/log/anaconda/anaconda.program.log
returns nothing. But I have got an entry in /etc/crypttab.

I only found this with grep -i luks /var/log/anaconda/anaconda.*:
/var/log/anaconda/anaconda.storage.log:20:47:55,959 DEBUG blivet:
LUKS.__init__:
/var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui:
               LUKS.__init__:
/var/log/anaconda/anaconda.storage.log:20:49:25,009 DEBUG storage.ui:
getFormat('luks') returning LUKS instance
/var/log/anaconda/anaconda.storage.log:20:49:25,014 DEBUG storage.ui:
                  PartitionDevice._setFormat: sda2 ; current: None ;
type: luks ;
/var/log/anaconda/anaconda.storage.log:20:49:25,015 INFO storage.ui:
registered action: [23] Create Format luks on partition sda2 (id 15)
/var/log/anaconda/anaconda.storage.log:20:49:25,018 DEBUG storage.ui:
                   LUKSDevice._setFormat: luks-sda2 ; current: None ;
type: lvmpv ;
/var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui:
added luks/dm-crypt luks-sda2 (id 21) to device tree
/var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui:
registered action: [24] Create Device luks/dm-crypt luks-sda2 (id 21)
/var/log/anaconda/anaconda.storage.log:20:49:25,019 INFO storage.ui:
registered action: [25] Create Format lvmpv on luks/dm-crypt luks-sda2
(id 21)
/var/log/anaconda/anaconda.storage.log:20:49:25,020 DEBUG storage.ui:
                LUKSDevice.addChild: kids: 0 ; name: luks-sda2 ;
...

Seems as there is no command to crib. :-(

Regards
Tim



Am 06.03.2015 um 07:10 schrieb Chris Murphy:
> On Thu, Mar 5, 2015 at 10:25 PM, Tim <lists@xxxxxxxx> wrote:
>> Hi Chris,
>>
>> thanks for your answer.
>>
>> It is the first time I decided to encrypt my lvm. I choosed to encrypt the
>> volume group, not every logical volume itself, because in case of doing lvm
>> snapshots in that group they will be encrypted too?
> 
> Yes, anything that's COW'd is also encrypted in this case.
> 
>> And how do I create a new encrypted volume group?
> 
> Strictly speaking the VG isn't the target of the encryption, the
> underlying PV is. Also, it's not absolutely necessary to partition the
> drive at all if you have no need for unencrypted space on this new
> drive. Since I use drives on multiple platforms, I always partition so
> that other OS's recognize the drive space is spoken for instead of
> appearing unpartitioned and hence blank. Linux via libblkid always
> looks at disk contents whether partitioned or not so if this is a
> Linux only drive you don't have to partition it.
> 
> 1. Use cryptsetup to create a LUKS volume on the whole disk or a
> partition thereof. For the exact command, you can cheat by doing 'grep
> cryptsetup /var/log/anaconda/program.log' which will show you the
> command Anaconda used when setting up your first drive. PLEASE make
> sure you don't use that command directly or it'll wipe the LUKS header
> on your current drive. You have to change the /dev/sdX designation to
> point to the new drive or partition.
> 
> 2 cryptsetup luksOpen /dev/sdX newdrive
> 3. pvcreate /dev/mapper/newdrive
> 4. vgcreate newvg /dev/mapper/newdrive
> 5. lvcreate -L 300G -n morestuff newvg
> 6. mkfs.xfs /dev/mapper/newvg-morestuff
> 
> Adapt as needed. Don't forget crypttab is used to point to the LUKS
> volume, once it's unlocked the PV is revealed and lvm will activate
> the VG and the LVs on it, and then in your fstab you'll have the UUID
> for the XFS volume and mount this whereever you want it mounted.
> 
> 
> 
> 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux