Preserving encrypted disks
Andrew Ruthven
andrew at etc.gen.nz
Wed Sep 21 06:31:52 CEST 2016
On Wed, 2016-09-21 at 03:49 +0000, Paul Schulz wrote:
> (How is the Isle of the Long White Cloud?)
It's fantastic! ;) (We actually use the Land of the Long White Cloud
- there's a few islands that make up NZ.)
> Are the encrypted disks separate? (ed. sdc,sdd?)
> If so, you could run it in a hook script with just the drives you
> want to partition. Using the '-D' option allows you to set the disks.
Yes, they are different disks. Yeah, I guess I could do that. A little
bit awkward, but certainly do-able.
Cheers,
Andrew
> On Wed, 21 Sep 2016 at 10:43 Andrew Ruthven <andrew at etc.gen.nz>
> wrote:
> > Hey,
> >
> > I'm happily creating encrypted file systems now, which is great,
> > but
> > I'd like to look forward to having to rebuild the system. The
> > encrypted
> > file systems are for data storage only. Ideally if we rebuild the
> > server, the data storage disks would be left alone.
> >
> > I've run into three problems here:
> >
> > 1) preserve for LUKS isn't supported.
> > 2) preserve_always requires the disks to already be configured and
> > won't change them.
> > 3) preserve_reinstall requires you to set a class for the first
> > build.
> >
> > To resolve 1, ideally setup-storage would honour preserve flags and
> > let
> > me worry about the crypt files etc.
> >
> > But the behaviour with 2 & 3 are a problem. Ideally we'd have
> > lazyformat back. ;) I don't want to have to set any classes for
> > the
> > first build, or modify the disk_config for future builds.
> >
> > I could potentially have a class file that looks to see if a
> > partition
> > exists on the first hard drive, and if it doesn't exist, set the
> > INITIAL class. But that seems a bit brittle to me.
> >
> > How are others handling that situation?
> >
> > Cheers,
> > Andrew
> >
> > --
> > Andrew Ruthven, Wellington, New Zealand
> > andrew at etc.gen.nz | linux.conf.au 2017, Hobart, AU
> > New Zealand's only Cloud: | The Future of Open Source
> > https://catalyst.net.nz/cloud | http://linux.conf.au
> >
> >
> >
> >
--
Andrew Ruthven, Wellington, New Zealand
andrew at etc.gen.nz | linux.conf.au 2017, Hobart, AU
New Zealand's only Cloud: | The Future of Open Source
https://catalyst.net.nz/cloud | http://linux.conf.au
More information about the linux-fai
mailing list