I have two drives, /dev/sda and /dev/sdb. I set up a volume group called "fileshare" which is composed of a bunch of logical volumes (called "music," "video," etc.) spread across both drives. Then I formatted them.
Everything shows up fine in the actual system; I can mount /dev/mapper/fileshare-video and read and write to it just fine. I want to encrypt everything but /boot and the / directory but am having trouble figuring out the most elegant way to do it.
I can easily use cryptsetup to encrypt /dev/mapper/fileshare-(whatever) but it seems hackish. Case in point-
cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/mapper/fileshare-video
cryptsetup luksOpen /dev/mapper/fileshare-video video
mount /dev/mapper/video /var/fileserver/video
This will do the trick, but now in the /dev/mapper directory I have two entries pointing to the same thing-- /dev/mapper/fileshare-video (the LV) and /dev/mapper/video (the encrypted device).
Is this simply *the* way to do it or is there a way to avoid having to create a separate /dev/mapper entry? I've read that one can encrypt the whole VG, which spares me from having to enter the key once for every partition when I decrypt them at boot. Can't figure out how to do that though, as:
cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/fileshare
results in a device can't be accessed error. Which makes sense since /dev/fileshare just points to the individual partitions, but I don't see how else to encrypt the entire VG.
Any tips would be appreciated!