[ale] LUKS/LVM2 on Fedora 18
Jim Kinney
jim.kinney at gmail.com
Tue May 14 07:10:50 EDT 2013
HA!
On Tue, May 14, 2013 at 12:40 AM, Scott Castaline <skotchman at gmail.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On non boot drives I don't partition them with either fdisk, gdisk, or
> parted. I just luksFormat /dev/sdb no sdb1, 2 or 3 (just like Scotty
> in TNG episode NCC1701 no A, B, c, or D). I only create LVs within the
> VG. Previous Fedora installers would do this, Fedora 18 didn't. I had
> physical partitions before encryption was done, so the installer works
> differently in Fedora 18 in more ways than just on the interface.
>
> Just before reading your response I had just rebooted with the entry
> for the problem LV uncommented and it seems to work fine now. If you
> pour enough Tommy Knockers down my throat this Thursday I might tell
> you what it was. I'm too embarrassed in a sober state to say it now.
>
>
> On 05/13/2013 11:50 PM, Jim Kinney wrote:
> > That seems overly complicated to me.
> >
> > Just write random noise to all the drives then do a basic Fedora
> > install with a manual partition. Be sure to check the box "Encrypt
> > filesystem"
> >
> > Now used sda1 for unencrypted boot. Use all the remaining space on
> > the drives to make a physical volume with. Then join all 3 to make
> > a single logical volume. That get encrypted. Split that volume
> > into swap, /, and /home and your done.
> >
> > Or create a 3-way mirror of /boot across all 3 drives (assuming
> > all 3 drives are the same size this makes sense) then bond the
> > three into a PV, then encrypted VG and finally swap, /, and /home
> > partitions.
> >
> > Check fedora bugzilla for anaconda bugs related to 3 drives. There
> > may be a problem.
> >
> > Anaconda on RHEL6 has an issue with ext4 in that it has a total
> > filesize limit around 40TB. sucks when your making a 52TB
> > filesystem :-(. fortunately, XFS does NOT have that limitation so
> > the big partition is XFS.
> >
> >
> > On Mon, May 13, 2013 at 11:01 PM, Scott Castaline
> > <skotchman at gmail.com <mailto:skotchman at gmail.com>> wrote:
> >
> > So I recently lost a drive due to hits from my wife slamming the
> > door to the garage. How does that happen? Let's just say that my
> > computer is in the bonus room and was on a spot on the floor that
> > turned out to be right above the door that for some reason my wife
> > felt she had to slam in order for it to close. On windy days if
> > the back windows are open and the garage door is open this door
> > has slammed shut so hard that my monitor has jumped. Actually a
> > total of 3 drives had to be replaced. When I go the new drive I
> > decided to run badblocks on the rest of the drives to verify that
> > they were okay.
> >
> > Now on to the on topic part. I like to encrypt the drives at the
> > device level and all drives are encrypted. So after running
> > badblocks on the new and old working drives I did the writing of
> > random bits to the drives (dd if=/dev/urandom of=/dev/sd?) My boot
> > drive was setup as the boot drive so using gdisk the first 2
> > partitions are clear (GUID 2MB Part. and 498MB /boot). The balance
> > of the drive is encrypted. On the LVM part I currently have 1
> > physical volume (PV) for each Volume Group (VG) and each VG has at
> > least 2 Logical Volumes (LV).
> >
> > The steps I used to go from after doing the random pattern writen
> > to device are as follows:
> >
> > 1. cryptsetup luksFormat /dev/sd? (sda3 in the case of the boot
> > drive otherwise it was with no partition specified.)
> >
> > 2. cryptsetup luksOpen /dev/sd? VG_name (being somewhat uncreative
> > I used the same for the LUKS volume as the VG name, I couldn't find
> > anything that said that I couldn't or shouldn't).
> >
> > 3. pvcreate /dev/mapper/LUKS-name (which as noted above is VG_0?
> >
> > 4. vgcreate VG_0? /dev/mapper/VG_0?
> >
> > 5. lvcreate -C y -L ?G /dev/mapper/VG_0? (I break up total swap
> > and spread it over all drives so there is a swap LV on each VG)
> >
> > 6. lvcreate -L ???G (or -l +100%FREE when I was using the rest of
> > the VG for that LV) VG_0? -n (the LV name is essetially what it is
> > being used for ie: /root = root)
> >
> > 7. Formatting: mkswap /dev/mapper/VG_0?-swap0? mkfs.ext4
> > /dev/mapper/VG_0?-LVname -L same as LVname
> >
> > 8. mounting: swapon /dev/mapper/VG_0?-swap0? mount
> > /dev/mapper/VG_0?-LVname /path/of/mount
> >
> > 9. Added the UUID (from blkid /dev/sd?) to crypttab mirroring the
> > previous entries for entry format for each UUID.
> >
> > 10.Added mounting info for each LV in the fstab using defaults for
> > eack LV type (data or swap)
> >
> > The first drive I could not get past the disk partitioning part of
> > anaconda on the Fedora 18 install, so I finally gave up and redid
> > it with the installer. I then had 2 more drives ready so I did the
> > above steps to those drives, but again I could not boot, so I
> > reinstalled again. This time I only had to format the system LVs
> > and not the data LVs like home etc. And all was happier than pigs
> > eatin' $**t. Things remained happy until the last 2 drives were
> > ready to be added.
> >
> > I went through the same procedure as before, but this time I
> > noticed that it was actually hanging on the reboot after having
> > added them back in and restored from my backup what belonged on
> > each LV. It would hang after listing mounting all LVs except for
> > one. I then rebooted into safe mode from the DVD and commented out
> > the one LV that hadn't gotten mounted. All would boot fine and
> > then I was able to manually mount the one LV. I have not tried to
> > uncomment it out yet and reboot to see if it still hangs, but
> > thinking back it seemed that it was hanging before in the same
> > area on the last LV to be mounted.
> >
> > Previously I had noticed that it was listing that it was "Starting
> > Monitoring of LVM2 mirroring, snapshots etc" (I didn't get the
> > rest). I also didn't do anything to it the previous time when I
> > had also rebooted into safe mode from DVD, so I'm not sure how it
> > booted that time. I did notice that the last LV from the last VG
> > did not get mounted. That VG had 3 LVs and in both cases the swap
> > LV did get added to total swap and in the case of the first time
> > the first LV on that VG did get mounted.
> >
> > So, does anyone have any ideas as to what I missed on this setup.
> > Once I'm up and running and all mounted, everybody seems to be
> > happy and having a party.
> >
> > So for the long dissertation, I hope I didn't put anyone to sleep.
> > If I did maybe Jim K. might have some extra java (the drinkable
> > type).
> >
> > Scott C. _______________________________________________ Ale
> > mailing list Ale at ale.org <mailto:Ale at ale.org>
> > http://mail.ale.org/mailman/listinfo/ale See JOBS, ANNOUNCE and
> > SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> >
> >
> >
> >
> > -- -- James P. Kinney III //// ////Every time you stop a school,
> > you will have to build a jail. What you gain at one end you lose
> > at the other. It's like feeding a dog on his own tail. It won't
> > fatten the dog. - Speech 11/23/1900 Mark Twain ////
> > http://electjimkinney.org http://heretothereideas.blogspot.com/
> > ////
> >
> >
> > _______________________________________________ Ale mailing list
> > Ale at ale.org http://mail.ale.org/mailman/listinfo/ale See JOBS,
> > ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJRkcBNAAoJEIefqZ0kni1drIYP/3Fao82LbbRuMO9OIADFGcJs
> +JfwdBeWMYptR4c+gOwX5UMTw0kNHn0uxizNeT7oQniPsI4okpcTGjlQbA/rJ6Gk
> bz0UgPpaBneNProiuI1lLLTw7JA6ggpS2d5gKca1yXezHMWNISz4K44SFjr7Mmm4
> jGrjMIFQ+3MxUu5i3t14v3oZG9dpkiGvV4JV0j7YWDaezdLMHXyquT4KyvXtYaDF
> IedqNQjgoKDRp88e7yT5xvn/oL3ii4jyouP2DyJVJNm81g+lI7NmH3V/Obbali7Y
> H7rB6a8JZ7BmxqSY+zf9SzWEGmRpAn3X2UCuS1RYW8S4atCm0BPvKIAmhayA5XXB
> +fI79ESSe/sbTRZpsZprHqsgpAptV3l0UjD+R1qB+UNWneHbh+ydanK/3WLb8GKt
> nhaeB5NpyYJJUzzmmDfjNYVC1MVTeBYrq0w4bI/bpfECPXHYmyEi/nTtq3MkHJ6S
> sbe5UGB1Glh3h2xW08DiLDzL+VkHVOgn1lZbwhwFurFOqcyo0oSK4tTNw+1ScBkt
> 4u2eI3EMVdX5e48yYLpZM7JbI5Y+UdykjQF0e8w7Zl8SLmRCUFwvTZIAuFy2rO5t
> DRkZb3ZTT3zUJhSGXqpnazeyLG5LzgINQZ/W7/b+5w5TnW23mI1Z5Vc2lsge5IIu
> eBcMJZz2U+TlsZnqp5CO
> =fEyb
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130514/ce8993ad/attachment-0001.html>
More information about the Ale
mailing list