Preserving encrypted disks

Andrew Ruthven andrew at etc.gen.nz
Wed Sep 21 06:31:52 CEST 2016 

On Wed, 2016-09-21 at 03:49 +0000, Paul Schulz wrote:
> (How is the Isle of the Long White Cloud?)

It's fantastic!  ;)  (We actually use the Land of the Long White Cloud
- there's a few islands that make up NZ.)

> Are the encrypted disks separate? (ed. sdc,sdd?)
> If so, you could run it in a hook script with just the drives you
> want to partition. Using the '-D' option allows you to set the disks.

Yes, they are different disks. Yeah, I guess I could do that. A little
bit awkward, but certainly do-able.

Cheers,
Andrew

> On Wed, 21 Sep 2016 at 10:43 Andrew Ruthven <andrew at etc.gen.nz>
> wrote:
> > Hey,
> > 
> > I'm happily creating encrypted file systems now, which is great,
> > but
> > I'd like to look forward to having to rebuild the system. The
> > encrypted
> > file systems are for data storage only. Ideally if we rebuild the
> > server, the data storage disks would be left alone.
> > 
> > I've run into three problems here:
> > 
> > 1) preserve for LUKS isn't supported.
> > 2) preserve_always requires the disks to already be configured and
> > won't change them.
> > 3) preserve_reinstall requires you to set a class for the first
> > build.
> > 
> > To resolve 1, ideally setup-storage would honour preserve flags and
> > let
> > me worry about the crypt files etc.
> > 
> > But the behaviour with 2 & 3 are a problem. Ideally we'd have
> > lazyformat back. ;)  I don't want to have to set any classes for
> > the
> > first build, or modify the disk_config for future builds.
> > 
> > I could potentially have a class file that looks to see if a
> > partition
> > exists on the first hard drive, and if it doesn't exist, set the
> > INITIAL class. But that seems a bit brittle to me.
> > 
> > How are others handling that situation?
> > 
> > Cheers,
> > Andrew
> > 
> > --
> > Andrew Ruthven, Wellington, New Zealand
> > andrew at etc.gen.nz             | linux.conf.au 2017, Hobart, AU
> >   New Zealand's only Cloud:   |   The Future of Open Source
> > https://catalyst.net.nz/cloud |     http://linux.conf.au
> > 
> > 
> > 
> > 
-- 
Andrew Ruthven, Wellington, New Zealand
andrew at etc.gen.nz             | linux.conf.au 2017, Hobart, AU
  New Zealand's only Cloud:   |   The Future of Open Source
https://catalyst.net.nz/cloud |     http://linux.conf.au

More information about the linux-fai mailing list