AW: cryptsetup disk_config example(s) ?
Schulz, Reiner
R.Schulz at dvz-mv.de
Wed Dec 18 09:40:22 CET 2024
Hi!
here a snip of the solution i use:
disik_config:
5 disk_config disk1 align-at:1M fstabkey:label bootable:1
6 primary /boot 1024 xfs defaults createopts="-L BOOT"
7 primary - 1025- - -
8 disk_config disk2 align-at:1M fstabkey:label
9 primary - 100% - -
10
11 disk_config lvm
12
13 vg vgsys disk1.2,disk2.1
14 # createopts= -L Label in fstag, -m root reserve
15 vgsys-swap swap 4G swap sw
16 vgsys-var /var 6G xfs defaults createopts="-L VAR"
17 vgsys-vartmp /var/tmp 2G xfs defaults createopts="-L VARTMP"
18 vgsys-root / 5G xfs defaults createopts="-L ROOT"
19 vgsys-tmp /tmp 2G xfs defaults createopts="-L TMP"
...
22 vgsys-postgres_encrypt - 10G - -
...
27
28 disk_config cryptsetup
...
30 luks:"< $PASSPHRASE >" /opt/db/postgres /dev/vgsys/postgres_encrypt xfs defaults,x-systemd.mount-timeout=30,_netdev createopts="-L POSTGRES
...
Scripts/TANGCLIENTS
37 CRYPT_DEVs=$(cut -f2 $target/etc/crypttab)
...
52 PIN='{ "t":1, "pins": { } }'
...
56 for TANGSERVER in ${_TANGSERVER} ;
57 do
...
59 TANGSERVER_JSON='{"url":"http://'${TANGSERVER}':7500"}'
...
65 PIN="$(echo "$PIN" | jq --argjson TANGSERVER "$(echo ${TANGSERVER_JSON})" '.pins.tang += [$TANGSERVER]')"
66 done
...
68 # Syntax Check
69 jq -Me . <<< $PIN >/dev/null ; echo "JSON Check RC: $?"
70
...
76 for CRYPT_DEV in ${CRYPT_DEVs[*]}; do
77 $ROOTCMD clevis luks bind -f -y -k $PASSPHRASE -d ${CRYPT_DEV} sss "${PIN}"
78 done
Unforturnately it work only at install
Reiner
-----Ursprüngliche Nachricht-----
Von: linux-fai <linux-fai-bounces at uni-koeln.de> Im Auftrag von Robert Moulton
Gesendet: Freitag, 6. Dezember 2024 22:30
An: fully automatic installation for Linux <linux-fai at uni-koeln.de>
Betreff: cryptsetup disk_config example(s) ?
Does anyone have working examples to share, with standard partitions and/or lvm?
thanks,
-r
More information about the linux-fai
mailing list