<div dir="ltr"><div>I'll have to double check my laptop at home. I know the installer will do the RightThing automagically so that's the easiest way to fix it.<br><br></div>Seems like the PV has to be outside the crypt container at the least as individual LVs can be crypted. Usuall routine is to crypt everything but /boot so even swap get protected. In Fedora, default setup is a /boot, a PV with a single LV that contains / and swap and /home partitions. Thus my (probably faulty) thinking that the encryption occurs inside the LV itself.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 11, 2014 at 5:19 PM, Derek Atkins <span dir="ltr"><<a href="mailto:derek@ihtfp.com" target="_blank">derek@ihtfp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span style="font-family:Arial">I think you have those commands backwards. If you want to create an encrypted drive ala the installer I think you need to cryptsetup, then pvcreate, then lvcreate, then mkfs. This mirrors what my encrypted system looks like. The lvm is inside the crypto.<br>
<br>-derek<br><br>Sent from my HTC smartphone<div><div class="h5"><br><br><br><div>----- Reply message -----<br>From: "Jim Kinney" <<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>><br>
To: "Atlanta Linux Enthusiasts" <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>><br>Subject: [ale] changes to fstab in fedora 20<br>Date: Tue, Mar 11, 2014 5:03 PM<br><br></div></div></div></span><div class="HOEnZb">
<div class="h5"><br><div dir="ltr"><div><div><div><div>I know the encrypt drives process JustWorks during _installation_ of F20. I'm 90% certain it encrypts the contents of an LVM and not the other way around. If you encrypt a container that holds PVM/LVM IDs, the kernel will not know how to use it (I think - still digging in systemd as well). Also, F20 is using grub2 which is also a vertical learning curve.<br>
<br></div>I think you need to go the following order:<br><br></div>pvcreate<br></div><div>lvcreate<br></div>cryptsetup<br></div>mkfs<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 11, 2014 at 4:36 PM, Scott Castaline <span dir="ltr"><<a href="mailto:skotchman@gmail.com" target="_blank">skotchman@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Anyone understand the changes made to filesystem mounting at boot-time in Fedora 20? Apparently systemd now controls it all? The reason i ask is that when I had originally upgraded to F 20 I had setup all 5 drives in the installer. Since then everytime the door leading to the garage, under the room my systems are in, slams shut it causes the floor to pop up and my system will sometimes jump. Normally everyone is careful about opening and closing this door and I had also moved the computers over to the other side of the room the last time I went through the hassle of crashed drives. This one day was exceptionally windy and the door really slammed hard. Immediately I started getting warnings of read/write errors, bad sectors, etc., etc. on one drive then 2 more drives suddenly unmounted. The system then rebooted itself and never came back up.<br>
<br>
Since it was toast I went ahead and ran smartctl tests followed by badblocks which pointed to my 4th drive (hmm not the 5th or 3rd drives). I then ran dd if=/dev/urandom of=/dev/sd? on the remaining 4 drives. I did the boot drive seperately so that I could get my system at least partially back up. I reinstalled F 20 with just the one hdd figuring that the remaining 3 drive I could manually add back in. By the way I don't use raid so that is not to be figured into my problem, I do however setup LUKS on the raw device followed by LVM. My steps are:<br>
<br>
1. cryptsetup luksFormat /dev/sd? (exact syntax maybe wrong as I'm doing this by memory which admittedly has gone downhill lately).<br>
<br>
2. blkid /dev/sd? (to get the luks UUID of the drive for the next 2 steps)<br>
<br>
3. cryptsetup luksOpen /dev/sd? luks-<Block UUID ><br>
<br>
4. pvcreate /dev/mapper/luks-<Block UUID ><br>
<br>
5. vgcreate <name used for vg> /dev/mapper/luks-<Block UUID ><br>
<br>
6. lvcreate -L <size of lv> -n <name of lv> <name of vg><br>
<br>
7. mkfs.ext4 /dev/mapper/vg-name/lv-name<br>
<br>
8. I'll go ahead and mount it where I plan to mount it in fstab and verify that all is well.<br>
<br>
9. Add the luks UUID in /etc/crypttab and enter the mounting info of the lv in fstab. (This is where it is different. I noticed that the mount options part is different from the past in that it'll have "defaults;x-systemd.device-<u></u>timeout=0 1 2" on lvs that were created by the installer. So I duplicated this for the lvs that I added.<br>
<br>
10. Unmount lvs, close luks volume and reboot.<br>
<br>
The system will then either hang on boot or dump out to maintenance mode when trying to mount my lv. I can however manually mount the lv and the boot will continue. So what's the deal? Anyone know? This is the way I've done it in the past with NFP. I found the docs on this very confusing in that it keeps on referring to something else which will refer to something else again, so on & so on, eventually it goes around in a circle.<br>
<br>
Hellllppp Meeeeeeeeeeee (in my best human-fly imitation from the spider web).<br>
<br>
Scott C.<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>