setup-storage and encrypted LVM

Andreas Heinlein aheinlein at gmx.com
Mon Aug 2 10:43:58 CEST 2010


Am 18.06.2010 11:58, schrieb Michael Tautschnig:
>> Hello,
>>
>> I'd like to (almost) fully encrypt a system using LUKS and LVM. That is,
>> one small unencrypted /boot and a large partition, which is encrypted
>> with luks, which in turn is the physical volume for the LVM containg
>> several LVs. My disk config looks like this:
>>
>> disk_config disk1 disklabel_msdos bootable:1
>> primary /boot 300 ext3 -
>> logical - 1024- - -
>>
>> disk_config cryptsetup
>> luks - /dev/sda5 - -
>>
>> disk_config lvm
>> vg vg1 *missing*
>> vg1-root / 10240 ext4 rw,errors=remount-ro
>> vg1-swap swap 2048 swap defaults
>> vg1-tmp /tmp 1024 ext3 defaults
>> vg1-home /home 1024- ext4 defaults
>>
>> What am I supposed to put as *missing*? In other words, how do I
>> reference the encrypted LUKS partition?
>>
>>     
> The way this is *supposed* to work, if I remember it correctly, is that you just
> use /dev/sda5 and setup-storage will take care of the renaming thing internally.
> Now there may be points where I this is not done properly, so please expect
> bugs; if you do come across such issues it would be great if you could let me
> know and send along a debug log.
>
> Thanks a lot,
> Michael
>
>   
Hello,

after quite some time I have to come back to this again. Indeed this
seems to work halfway through, but not quite right yet. I have attached
fai.log up to the point where it fails. Apparently setup-storage is
creating an unencrypted LVM and filesystems on it first and then creates
the crypt'ed volume; instead of the other way round. Can you have a look
at this?

Thanks,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fai.log.gz
Type: application/x-gzip
Size: 2120 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20100802/05d17511/attachment.bin 


More information about the linux-fai mailing list