[ale] LUKS/LVM2 on Fedora 18

[Jim Kinney]

That seems overly complicated to me.

Just write random noise to all the drives then do a basic Fedora install
with a manual partition. Be sure to check the box "Encrypt filesystem"

Now used sda1 for unencrypted boot. Use all the remaining space on the
drives to make a physical volume with. Then join all 3 to make a single
logical volume. That get encrypted. Split that volume into swap, /, and
/home and your done.

Or create a 3-way mirror of /boot across all 3 drives (assuming all 3
drives are the same size this makes sense) then bond the three into a PV,
then encrypted VG and finally swap, /, and /home partitions.

Check fedora bugzilla for anaconda bugs related to 3 drives. There may be a
problem.

Anaconda on RHEL6 has an issue with ext4 in that it has a total filesize
limit around 40TB. sucks when your making a 52TB filesystem :-(.
fortunately, XFS does NOT have that limitation so the big partition is XFS.


On Mon, May 13, 2013 at 11:01 PM, Scott Castaline <skotchman at gmail.com>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So I recently lost a drive due to hits from my wife slamming the door
> to the garage. How does that happen? Let's just say that my computer
> is in the bonus room and was on a spot on the floor that turned out to
> be right above the door that for some reason my wife felt she had to
> slam in order for it to close. On windy days if the back windows are
> open and the garage door is open this door has slammed shut so hard
> that my monitor has jumped. Actually a total of 3 drives had to be
> replaced. When I go the new drive I decided to run badblocks on the
> rest of the drives to verify that they were okay.
>
> Now on to the on topic part. I like to encrypt the drives at the
> device level and all drives are encrypted. So after running badblocks
> on the new and old working drives I did the writing of random bits to
> the drives (dd if=/dev/urandom of=/dev/sd?) My boot drive was setup as
> the boot drive so using gdisk the first 2 partitions are clear (GUID
> 2MB Part. and 498MB /boot). The balance of the drive is encrypted. On
> the LVM part I currently have 1 physical volume (PV) for each Volume
> Group (VG) and each VG has at least 2 Logical Volumes (LV).
>
> The steps I used to go from after doing the random pattern writen to
> device are as follows:
>
> 1. cryptsetup luksFormat /dev/sd? (sda3 in the case of the boot drive
> otherwise it was with no partition specified.)
>
> 2. cryptsetup luksOpen /dev/sd? VG_name (being somewhat uncreative I
> used the same for the LUKS volume as the VG name, I couldn't find
> anything that said that I couldn't or shouldn't).
>
> 3. pvcreate /dev/mapper/LUKS-name (which as noted above is VG_0?
>
> 4. vgcreate VG_0? /dev/mapper/VG_0?
>
> 5. lvcreate -C y -L ?G /dev/mapper/VG_0?  (I break up total swap and
> spread it over all drives so there is a swap LV on each VG)
>
> 6. lvcreate -L ???G (or -l +100%FREE when I was using the rest of the
> VG for that LV) VG_0? -n (the LV name is essetially what it is being
> used for ie: /root = root)
>
> 7. Formatting:
>    mkswap /dev/mapper/VG_0?-swap0?
>    mkfs.ext4 /dev/mapper/VG_0?-LVname -L same as LVname
>
> 8. mounting:
>    swapon /dev/mapper/VG_0?-swap0?
>    mount /dev/mapper/VG_0?-LVname /path/of/mount
>
> 9. Added the UUID (from blkid /dev/sd?) to crypttab mirroring the
> previous entries for entry format for each UUID.
>
> 10.Added mounting info for each LV in the fstab using defaults for
> eack LV type (data or swap)
>
> The first drive I could not get past the disk partitioning part of
> anaconda on the Fedora 18 install, so I finally gave up and redid it
> with the installer. I then had 2 more drives ready so I did the above
> steps to those drives, but again I could not boot, so I reinstalled
> again. This time I only had to format the system LVs and not the data
> LVs like home etc. And all was happier than pigs eatin' $**t. Things
> remained happy until the last 2 drives were ready to be added.
>
> I went through the same procedure as before, but this time I noticed
> that it was actually hanging on the reboot after having added them
> back in and restored from my backup what belonged on each LV. It would
> hang after listing mounting all LVs except for one. I then rebooted
> into safe mode from the DVD and commented out the one LV that hadn't
> gotten mounted. All would boot fine and then I was able to manually
> mount the one LV. I have not tried to uncomment it out yet and reboot
> to see if it still hangs, but thinking back it seemed that it was
> hanging before in the same area on the last LV to be mounted.
>
> Previously I had noticed that it was listing that it was "Starting
> Monitoring of LVM2 mirroring, snapshots etc" (I didn't get the rest).
> I also didn't do anything to it the previous time when I had also
> rebooted into safe mode from DVD, so I'm not sure how it booted that
> time. I did notice that the last LV from the last VG did not get
> mounted. That VG had 3 LVs and in both cases the swap LV did get added
> to total swap and in the case of the first time the first LV on that
> VG did get mounted.
>
> So, does anyone have any ideas as to what I missed on this setup. Once
> I'm up and running and all mounted, everybody seems to be happy and
> having a party.
>
> So for the long dissertation, I hope I didn't put anyone to sleep. If
> I did maybe Jim K. might have some extra java (the drinkable type).
>
> Scott C.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJRkajwAAoJEIefqZ0kni1d7n4P/j4S5FvrPqpAcLy606Jjtmpp
> Dc9awf6rOM/ZGuP7iMmPijv7sa/ZtHtZrBCcqzDCSp4zvpjevpDPuHRn/4GQBxyK
> Wx3qHBOu8PkyPqpabIS+3+2HGMVeI0Ee/9f8wsPMLI2sRuSh9GJSepw+vHQhXTad
> Q06PHrqZnBSCAB91J1WoNXX9irxUJ4qLIGzAmQDWf5vWo4BaWAJq9zkXmqBI+rzR
> yyqlxydrG8SO5mY7MMyGt4jVQqDPMp14cLx8nz2XjrxyYohxCGHwBf3OCuNh67GM
> yQI5Gn/E9x4DSWuM+0NydAdluv6Ua3RmkF0e+YtkhA9chEjNlI7gteEZNcDSaiTh
> swWxVugcTCFLNxYpv7upNkL/L1O3ZORHb/qVHDhoob8qy3K5TJyrRHFeYLrPaFlw
> 2UKDjqUyvRf4ik4UMXnwPdj7I4PIOFszTtONcgB/aoY0TpfqNbDcb2enbsXHGC3D
> fSefVwP3H3iJFhsph5S7SstoNjDMMTie/n65sgzsv1tZO04XZU7pfntE31N2Xj0M
> Ux1k6RYH0oILwEctPb/ARNEK0mTS4AkT33Dn8E3cy/a7utSawEFGGt+TVERafDKn
> d3Lu32NXRRkdx+Z9qvosYPgyQpZqomxvpvGAWFs9tKqhWnSxNSVkGvmUDo2Qtqo/
> ZrO9r4o29hNgMYHkiFui
> =kPzo
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130513/c3867f50/attachment-0001.html>