setup-storage does not create crypttab

Andreas Heinlein aheinlein at gmx.com
Tue Sep 22 13:08:57 CEST 2009 

Michael Tautschnig schrieb:
>> Michael Tautschnig schrieb:
>>     
>>>> I have defined encrypted swap and tmp like this
>>>>
>>>> disk_config lvm
>>>> vg vg1 disk1.6
>>>> vg1-swap	swap:encrypt 	2048	swap	sw
>>>> vg1-tmp		/tmp:encrypt	1024	ext2	rw
>>>> ...
>>>>
>>>> This works during setup, two device-mapper devices crypt_dev_vg1_tmp and crypt_dev_vg1_swap are created and written to fstab, but no crypttab is generated. I am doing this now with a script, but from taking a look at setup-storage source it looks like it shoud create a correct crypttab, right?
>>>>
>>>>     
>>>>         
>>> Indeed it should, yes :-) Hmm, are you using the experimental FAI version or
>>> 3.2.20 or something? Looking at my experimental patch named
>>> setup-storage_full-crypto-support the comment induces that it might not work on
>>> LVM devices without this patch :-) That means:
>>>
>>> - Are you using the experimental builds or the stable release?
>>> - Would you be willing to test the experimental version in this case?
>>> - If so, I'd happily merge that patch into mainline as I just left it in the
>>>   experimental branch because it had not seen sufficient testing.
>>>
>>> Thanks a lot,
>>> Michael
>>>   
>>>       
>> I am using the stable packages (3.2.20) from the lenny repository. I
>> would give the experimental version a try.
>>     
> pi> 
>
> You can download/install them by adding the experimental/koeln repository as
> described on the wiki page:
>
> http://faiwiki.debian.net/index.php/Main_Page#getting_FAI
>
> Best,
> Michael
>   
I tried today with 3.2.23beta4, and it did not work :-(

What I see is a crypttab which is in /tmp/fai/crypttab during install
and later saved to the log folder, but this one does not get copied to
the target. Moreover, this crypttab refers to a keyfile in /tmp, like this:

crypt_dev_vg1_tmp   /dev/mapper/vg1-tmp   /tmp/fai/crypt_dev_vg1_tmp   luks

But what I want is

crypt_dev_vg1_tmp   /dev/mapper/vg1-tmp   /dev/urandom   tmp

That's what setup-storage is supposed to do, right? (At least if using
the :randinit option)

Additionally, I forgot to mention in my first post that I need to load
the device mapper modules including dm_crypt manually using a
partition.DEFAULT hook. Without that, no LVM (even without encryption)
will work, complaining about lack of device-mapper support.

Bye,
Andreas

More information about the linux-fai mailing list