FAI with RAID+CRYPT+LVM

Tue Sep 20 13:57:13 CEST 2016

Also, as I've just managed to work, to have LUKS encrypt an LVM LV you
need to specify the path to the LV, for example:

disk_config cryptsetup
luks   /srv/node/obj01  /dev/vgobj01/lvobj01  xfs  rw  createopts="-L
obj01"

That took a bit of head bashing to work out, initially I was trying
vgobj01-lvobj01 and /dev/mapper/vgobj01-lvobj01.

The sample above worked, and I'm just running the package installation
phase of my build now. ;)

On a similar note, is it possible to use uuid's in /etc/crypttab
instead of the device name?

Cheers,
Andrew

On Tue, 2016-09-20 at 11:36 +0000, Paul Schulz wrote:
> Woot! (.. for setup-storage anyway)
> Thanks everyone for your suggestions.
> 
> The solution to my problem is to not worry about the name of the
> 'cryptsetup' partition, 'setup-storage' handles this automatically.
> 
> Cryptsetup is called and creates a device called "crypt_format_md1"
> (in my case) which is then fed correctly to LVM.
> 
> Can this be put into the documentation somewhere?
> (./man/setup-storage.8 ?) I only found this out somewhat by accident.
> 
> Cheers,
> Paul
> 
> ps. FAI installes the system installs but doesn't boot, so that's the
> next thing to solve. Fails to decrypt the luks partition and find
> /dev/mapper/Base-Root
> 
> 
> On Fri, 16 Sep 2016 at 00:58 Paul Schulz <paul at mawsonlakes.org>
> wrote:
> > I am still having an isse with the setup-disk configuration
> > 
> > I'm now getting the following error after the file is parsed..
> > "Cannot determine size of /dev/mapper/md1_crypt - scheme unknown"
> > 
> > See attached files:
> >   raid1-disk1-disk2t.txt - Just RAID1
> >   lvm-disk1-disk2.txt - RAID1+LVM (works)
> >   crypt-disk1-disk2.txt - RAID1+CRYPT+LVM (error)
> > 
> > For testing, I have two external USB 90G disks attached for testing
> > and am using the following:
> >   ./bin/setup-storage -D"sdb sdc" -fcrypt-disk1-disk2.txt
> > (With  export PERL5LIB=`pwd`/lib/setup-storage)
> > or
> >  /usr/sbin/setup-storage -D"sdb sdc" -fcrypt-disk1-disk2.txt
> > (Ubuntu 16.04)
> > 
> > Q. Do I need to know or set the size of the crypted drive before it
> > is created? It is then used by LVM, so maybe I do?
> > 
> > My Plan B is to take the log from ' lvm-disk1-disk2.txt' and then
> > modify it manually setup the encrypted partition. I can then run
> > this script in place of setup-storage in the FAI partitioning step.
> > 
> > Regards
> > Paul
> > 
> > On Thu, 25 Aug 2016 at 13:15 Paul Schulz <paul at mawsonlakes.org>
> > wrote:
> > > Hi Alexandros
> > >  
> > > Thank you for your reply. It was helpful and I have made some
> > > progress,
> > > but I'm still getting errors when processing the 'cryptsetup'
> > > stanza.
> > > 
> > > I have attached my FAI configuration files that I am tying to
> > > parse.
> > >   FSRAID - produces error on 'luks' line
> > >   FSRAID-parses
> > > 
> > > (If I comment out the 'luks' line I can parse.but I don't know
> > > what output
> > > or commands it will produce.)
> > > 
> > > To test this, I have used copy of the latest github code, and
> > > have modified
> > > the code so it can access it's perl modules (without
> > > installation).
> > > 
> > > Also, I gen another error if I don't use the full path
> > > '/dev/mapper/md1_crypt' 
> > > in the luks line, BUT cryptsetup only uses the filename part '
> > > md1_crypt'.
> > > 
> > > I am trying to grok the parser code...
> > > 
> > > Regards,
> > > Paul
> > > 
> > > On Tue, 23 Aug 2016 at 20:04 Alexandros Afentoulis <alexaf at noc.gr
> > > net.gr> wrote:
> > > > On 08/22/2016 09:56 AM, Paul Schulz wrote:
> > > > > (Repeated as first attempt didn't go through.)
> > > > >
> > > > > Greetings,
> > > > > I have been asked to setup some systems with an encrypted
> > > > disk
> > > > > configuration (see below for FAI setup-storage format),
> > > > essentially two
> > > > > disks with:
> > > > >    RAID1(/boot+other) < Crypt(other) < LVM((Root,Home,Swap)
> > > > >
> > > > > Should I expect this to work? If not, what would need to be
> > > > done to
> > > > > include this support in LVM.  Can I run setup-storage
> > > > multiple times(3
> > > > > confiig files)?
> > > > 
> > > > Hello there,
> > > > 
> > > > yes the disk scheme you aim for is feasible. In fact I did
> > > > setup a node
> > > > like that a couple of days ago.
> > >  
> > > (snip)
> > > 
> > > > Hope I helped,
> > > > Greetings
> > > > 
> > > 
> > 
-- 
Andrew Ruthven, Wellington, New Zealand
andrew at etc.gen.nz             | linux.conf.au 2017, Hobart, AU 
  New Zealand's only Cloud:   |   The Future of Open Source
https://catalyst.net.nz/cloud |     http://linux.conf.au