[ale] LUKS/LVM2 on Fedora 18

Scott Castaline skotchman at gmail.com
Tue May 14 00:40:50 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On non boot drives I don't partition them with either fdisk, gdisk, or
parted. I just luksFormat /dev/sdb no sdb1, 2 or 3 (just like Scotty
in TNG episode NCC1701 no A, B, c, or D). I only create LVs within the
VG. Previous Fedora installers would do this, Fedora 18 didn't. I had
physical partitions before encryption was done, so the installer works
differently in Fedora 18 in more ways than just on the interface.

Just before reading your response I had just rebooted with the entry
for the problem LV uncommented and it seems to work fine now. If you
pour enough Tommy Knockers down my throat this Thursday I might tell
you what it was. I'm too embarrassed in a sober state to say it now.


On 05/13/2013 11:50 PM, Jim Kinney wrote:
> That seems overly complicated to me.
> 
> Just write random noise to all the drives then do a basic Fedora 
> install with a manual partition. Be sure to check the box "Encrypt 
> filesystem"
> 
> Now used sda1 for unencrypted boot. Use all the remaining space on 
> the drives to make a physical volume with. Then join all 3 to make 
> a single logical volume. That get encrypted. Split that volume
> into swap, /, and /home and your done.
> 
> Or create a 3-way mirror of /boot across all 3 drives (assuming
> all 3 drives are the same size this makes sense) then bond the
> three into a PV, then encrypted VG and finally swap, /, and /home 
> partitions.
> 
> Check fedora bugzilla for anaconda bugs related to 3 drives. There 
> may be a problem.
> 
> Anaconda on RHEL6 has an issue with ext4 in that it has a total 
> filesize limit around 40TB. sucks when your making a 52TB 
> filesystem :-(. fortunately, XFS does NOT have that limitation so 
> the big partition is XFS.
> 
> 
> On Mon, May 13, 2013 at 11:01 PM, Scott Castaline 
> <skotchman at gmail.com <mailto:skotchman at gmail.com>> wrote:
> 
> So I recently lost a drive due to hits from my wife slamming the 
> door to the garage. How does that happen? Let's just say that my 
> computer is in the bonus room and was on a spot on the floor that 
> turned out to be right above the door that for some reason my wife 
> felt she had to slam in order for it to close. On windy days if
> the back windows are open and the garage door is open this door
> has slammed shut so hard that my monitor has jumped. Actually a
> total of 3 drives had to be replaced. When I go the new drive I
> decided to run badblocks on the rest of the drives to verify that
> they were okay.
> 
> Now on to the on topic part. I like to encrypt the drives at the 
> device level and all drives are encrypted. So after running 
> badblocks on the new and old working drives I did the writing of 
> random bits to the drives (dd if=/dev/urandom of=/dev/sd?) My boot 
> drive was setup as the boot drive so using gdisk the first 2 
> partitions are clear (GUID 2MB Part. and 498MB /boot). The balance 
> of the drive is encrypted. On the LVM part I currently have 1 
> physical volume (PV) for each Volume Group (VG) and each VG has at 
> least 2 Logical Volumes (LV).
> 
> The steps I used to go from after doing the random pattern writen 
> to device are as follows:
> 
> 1. cryptsetup luksFormat /dev/sd? (sda3 in the case of the boot 
> drive otherwise it was with no partition specified.)
> 
> 2. cryptsetup luksOpen /dev/sd? VG_name (being somewhat uncreative 
> I used the same for the LUKS volume as the VG name, I couldn't find
> anything that said that I couldn't or shouldn't).
> 
> 3. pvcreate /dev/mapper/LUKS-name (which as noted above is VG_0?
> 
> 4. vgcreate VG_0? /dev/mapper/VG_0?
> 
> 5. lvcreate -C y -L ?G /dev/mapper/VG_0?  (I break up total swap 
> and spread it over all drives so there is a swap LV on each VG)
> 
> 6. lvcreate -L ???G (or -l +100%FREE when I was using the rest of 
> the VG for that LV) VG_0? -n (the LV name is essetially what it is 
> being used for ie: /root = root)
> 
> 7. Formatting: mkswap /dev/mapper/VG_0?-swap0? mkfs.ext4 
> /dev/mapper/VG_0?-LVname -L same as LVname
> 
> 8. mounting: swapon /dev/mapper/VG_0?-swap0? mount 
> /dev/mapper/VG_0?-LVname /path/of/mount
> 
> 9. Added the UUID (from blkid /dev/sd?) to crypttab mirroring the 
> previous entries for entry format for each UUID.
> 
> 10.Added mounting info for each LV in the fstab using defaults for
>  eack LV type (data or swap)
> 
> The first drive I could not get past the disk partitioning part of
>  anaconda on the Fedora 18 install, so I finally gave up and redid 
> it with the installer. I then had 2 more drives ready so I did the 
> above steps to those drives, but again I could not boot, so I 
> reinstalled again. This time I only had to format the system LVs 
> and not the data LVs like home etc. And all was happier than pigs 
> eatin' $**t. Things remained happy until the last 2 drives were 
> ready to be added.
> 
> I went through the same procedure as before, but this time I 
> noticed that it was actually hanging on the reboot after having 
> added them back in and restored from my backup what belonged on 
> each LV. It would hang after listing mounting all LVs except for 
> one. I then rebooted into safe mode from the DVD and commented out 
> the one LV that hadn't gotten mounted. All would boot fine and
> then I was able to manually mount the one LV. I have not tried to 
> uncomment it out yet and reboot to see if it still hangs, but 
> thinking back it seemed that it was hanging before in the same
> area on the last LV to be mounted.
> 
> Previously I had noticed that it was listing that it was "Starting
>  Monitoring of LVM2 mirroring, snapshots etc" (I didn't get the 
> rest). I also didn't do anything to it the previous time when I
> had also rebooted into safe mode from DVD, so I'm not sure how it 
> booted that time. I did notice that the last LV from the last VG 
> did not get mounted. That VG had 3 LVs and in both cases the swap 
> LV did get added to total swap and in the case of the first time 
> the first LV on that VG did get mounted.
> 
> So, does anyone have any ideas as to what I missed on this setup. 
> Once I'm up and running and all mounted, everybody seems to be 
> happy and having a party.
> 
> So for the long dissertation, I hope I didn't put anyone to sleep. 
> If I did maybe Jim K. might have some extra java (the drinkable 
> type).
> 
> Scott C. _______________________________________________ Ale 
> mailing list Ale at ale.org <mailto:Ale at ale.org> 
> http://mail.ale.org/mailman/listinfo/ale See JOBS, ANNOUNCE and 
> SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> 
> 
> 
> 
> -- -- James P. Kinney III //// ////Every time you stop a school, 
> you will have to build a jail. What you gain at one end you lose
> at the other. It's like feeding a dog on his own tail. It won't
> fatten the dog. - Speech 11/23/1900 Mark Twain //// 
> http://electjimkinney.org http://heretothereideas.blogspot.com/ 
> ////
> 
> 
> _______________________________________________ Ale mailing list 
> Ale at ale.org http://mail.ale.org/mailman/listinfo/ale See JOBS, 
> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRkcBNAAoJEIefqZ0kni1drIYP/3Fao82LbbRuMO9OIADFGcJs
+JfwdBeWMYptR4c+gOwX5UMTw0kNHn0uxizNeT7oQniPsI4okpcTGjlQbA/rJ6Gk
bz0UgPpaBneNProiuI1lLLTw7JA6ggpS2d5gKca1yXezHMWNISz4K44SFjr7Mmm4
jGrjMIFQ+3MxUu5i3t14v3oZG9dpkiGvV4JV0j7YWDaezdLMHXyquT4KyvXtYaDF
IedqNQjgoKDRp88e7yT5xvn/oL3ii4jyouP2DyJVJNm81g+lI7NmH3V/Obbali7Y
H7rB6a8JZ7BmxqSY+zf9SzWEGmRpAn3X2UCuS1RYW8S4atCm0BPvKIAmhayA5XXB
+fI79ESSe/sbTRZpsZprHqsgpAptV3l0UjD+R1qB+UNWneHbh+ydanK/3WLb8GKt
nhaeB5NpyYJJUzzmmDfjNYVC1MVTeBYrq0w4bI/bpfECPXHYmyEi/nTtq3MkHJ6S
sbe5UGB1Glh3h2xW08DiLDzL+VkHVOgn1lZbwhwFurFOqcyo0oSK4tTNw+1ScBkt
4u2eI3EMVdX5e48yYLpZM7JbI5Y+UdykjQF0e8w7Zl8SLmRCUFwvTZIAuFy2rO5t
DRkZb3ZTT3zUJhSGXqpnazeyLG5LzgINQZ/W7/b+5w5TnW23mI1Z5Vc2lsge5IIu
eBcMJZz2U+TlsZnqp5CO
=fEyb
-----END PGP SIGNATURE-----


More information about the Ale mailing list