iscsi with Luks issues
Greetings
I am self-studying for my RHCE (since i cannot afford 2.500 euros for full course) and i came a across with some issues regarding iscsi with cryptsetup. Since i dont have an instructor to help me with the relevant issues i was hopping to get some help from here. So: I am to the point where i am learning that you can encrypt an iscsi partition for better security and my question is: 1) Does the target (server) encrypts the block device and then the initiator (client) while attaches the iscsi drive locally it then encrypts it |OR| The client mounts the iscsi drive, then create a partition, "LUKS IT", unlock it and mount it. I tried the second approach, meaning i shared an iscsi drive from my server and then from my client pc (RHEL 6) i created a partition , encypted --> unlock --> created fs --> mount it. It all went well but i am stuck automating the above procedure. My question is: 2) when automounting iscsi partition, you just add an entry on the fstab with the UUID of the iscsi block device with the important option of _netdev which indicates that the relevant device is a network device hence the system will first bring up the network and then try to mount. However on encrypted luks devices there is no option like _devnet on the /etc/crypttab file. How is this issue addressed? So far what i have tried is the below: added my iscsi block device for automatic unlocking during boot in /etc/crypttab Code:
root@rhel6 ~]# cat /etc/crypttab Code:
[root@rhel6 ~]# cat /etc/fstab Could this be an issue that the network might not be yet up and the system is trying to unlock a device that it is not there yet? |
I think your "crypttab" is set up wrong.
The first entry is the mapper name WITHOUT the path Something like this Code:
iscsi-secret UUID="448523a8-dbce-4a28-aba7-7e9d38abe7c7" none Code:
|
Quote:
Thanks also for the tip. I thought that the luks id was the same as the blkid |
All times are GMT -5. The time now is 10:08 PM. |