Re: Fedora 32: setup with encrypted LVM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Mar 22, 2020 at 1:56 PM Dario Lesca <d.lesca@xxxxxxxxxx> wrote:
>
> I have try to install a Fedora 32 Beta on a existent previous Fedora 31 system using an encrypted LVM
>
> Something is wrong
>
> I have not format the /home LV volume and format only the other swap, / and /var old LV volume.
>
> The setup keeps the original Encrypted LVM partition but encrypt also the swap, / and /var LV device and make the FS on the encrypted LV device into the VG partition already encrypted.
>
> This is the post install situation.
>
> /dev/mapper/luks-b84fa2fd-1c38-466d-ac79-d4d4a6db9ef3: UUID="cXpRFb-vcUQ-K90X-p1cd-YQBT-M2p6-k36Lrr" TYPE="LVM2_member"
>
> /dev/mapper/dododell-root: UUID="3e0bd54f-1aa6-49c5-8a00-98f18b1526d4" TYPE="crypto_LUKS"
>
> /dev/mapper/dododell-home: LABEL="home" UUID="95239f07-6bb0-4fbf-8506-c75f563ae356" BLOCK_SIZE="512" TYPE="xfs"
>
> /dev/mapper/dododell-swap: UUID="bdfd5321-f1ce-4382-9897-504f7f3c81d8" TYPE="crypto_LUKS"
>
> /dev/mapper/dododell-var: UUID="b855d0eb-1d13-4af2-8880-ea73961b13bd" TYPE="crypto_LUKS"
>
> /dev/mapper/luks-b855d0eb-1d13-4af2-8880-ea73961b13bd: LABEL="var" UUID="03abae3d-b344-497e-9c31-e7181c10097c" BLOCK_SIZE="512" TYPE="xfs"
>
> /dev/mapper/luks-3e0bd54f-1aa6-49c5-8a00-98f18b1526d4: LABEL="root" UUID="6cc68b6d-b9d7-4310-b2b6-ba8e5598b7b4" BLOCK_SIZE="512" TYPE="xfs"
>
> /dev/mapper/luks-bdfd5321-f1ce-4382-9897-504f7f3c81d8: LABEL="swap" UUID="2b02cc55-12c0-47ed-b866-e3f3619bb675" TYPE="swap"
>
>
> I do not want this situation, I want only the VG device encrypted and the filesystem created on LV device

I think I understand what you want to do: You want a disk partition ->
LUKS -> LVM PV -> LVM VG, and then /, /var, /home, swap to be XFS
formatted LVs.

I'm not certain it's actually possible to do this, except maybe in
Advanced partitioning. Here's why.

If you use Fedora Workstation, Automatic/Default partitioning, at
Destination Installation where you pick the drive to install to, there
is a checkbox "Encrypt my Data" This does what you want, except it
uses ext4and no separate /var. You can get close, if you use Fedora
Server netinstaller, but choose to install Fedora Workstation instead
of Server - this will use XFS but still no separate /var.

Going back to Workstation ISO, Custom partitioning, each mount point
has its own encrypt checkbox. This will separately encrypt each LV,
rather than making a partition a LUKS volume into an LVM PV. As I
think about it, there's no work around for this custom partitioning.

I'm pretty sure the Advanced (blivet-gui) option can do this. But you
have to build each layer yourself. if it crashes, that's a bug that
needs to be reported against anaconda component; it might also be a
blocker bug.

https://fedoraproject.org/wiki/Fedora_32_Final_Release_Criteria#Disk_layouts
https://qa.fedoraproject.org/blockerbugs/propose_bug


-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux