LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Adding a volume to a LUKS/LVM setup (http://www.linuxquestions.org/questions/slackware-14/adding-a-volume-to-a-luks-lvm-setup-796841/)

bgeddy 03-21-2010 08:58 AM

Adding a volume to a LUKS/LVM setup
 
I have been following Alien Bob's README_CRYPT.TXT on the install disk and playing around with LUKS and LVM as highlighted in the section Combining LUKS and LVM. I got this working following the examples in the readme however I now wish to add another volume to the volume group. I have got this working and extended the group with an encrypted volume so it's now bigger. I want the two included physical volumes in the volume group (which are both encrypted) to be opened on bootup.

As it is now I am prompted for a password for the first physical volume (the passwords are set to be the same) and that opens and boots the volume. It has a problem with the second PV I have added and doesn't open this. There are errors on boot up about this and pvdisplay give this:
Code:

Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  --- Physical volume ---
  PV Name              /dev/block/253:0
  VG Name              cryptvg
  PV Size              13.97 GB / not usable 2.89 MB
  Allocatable          yes (but full)
  PE Size (KByte)      4096
  Total PE              3576
  Free PE              0
  Allocated PE          3576
  PV UUID              qLElW3-5PNN-UztG-0tE3-GoZy-V2GN-iPty9X
 
  --- Physical volume ---
  PV Name              unknown device
  VG Name              cryptvg
  PV Size              2.00 GB / not usable 2.31 MB
  Allocatable          yes
  PE Size (KByte)      4096
  Total PE              511
  Free PE              28
  Allocated PE          483
  PV UUID              JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8

I think something needs to be added to the initrd to get it to open the second PV of the volume group but neither mkinitrd_command_generator nor man mkinitrd helps me with this.

If I open this volume manually from the CLI with this:
Code:

cryptsetup luksOpen /dev/sdb1 drive2
then pvdisplay finds both volumes in the group and doesn't error.

Alien Bob 03-21-2010 10:03 AM

GazL added support for multiple volumes in a patch found here: http://www.linuxquestions.org/questi...74#post3851074

However I was unable to make this work for me, with the current version of mkinitrd.

Eric

GazL 03-21-2010 10:34 AM

There were some changes to current's initrd so the old patch doesn't work anymore.

I've attached a new patch that can be applied against the slackware64-current/source/a/mkinitrd to build a new mkinitrd package (only tested here on current64)

It doesn't yet support Eric's new keyfile based unlocking stuff. I'm going to have a look at integrating keyfile support in the near future, but was still deciding on the best way to approach it.

NO WARRANTY. USE AT YOUR OWN RISK AND ALL THAT STUFF

Make sure you read the updated manpage for mkinitrd. Specifically, -r and -C are used differently to the stock version.

Feedback is welcome if anyone does try this out.


PS.

An alternative approach would be to put your second disk in a separate volumegroup and unlock that from /etc/crypttab after the system has booted.


update :

This has now been included in Slackware so I'll remove the attachment as it 's no longer needed.

bgeddy 03-21-2010 12:31 PM

Thank you both for the help. I have ran the patch on a Slackware 13.0 system and re ran mkinitrd which worked OK. Then lilo then rebooted and the boot sequence asked me for two passphrases - logical as I now have two LUKS volumes in the LVM. I entered the passwords (both the same BTW - possibly the boot should accept the one for both LUKS volumes ?) - and the boot up proceeded but then failed with:
Code:

mount: mounting /dev/cryptvg/root on /mnt failed: No such file or directory.
I'm not sure if the required parameters to mkinitrd have been changed and maybe I've supplied the wrong ones - I'll look into this.

GazL 03-21-2010 06:39 PM

Are you using the one I posted in the thread Eric linked to? or the new one I posted above? For 13.0 you want that old one.

The one eric linked to was definitely working on my box when I tested it on 64/13.0
The mkinitrd command I used at the time looked something like this
Code:

mkinitrd -c -k 2.6.xx.yy \
        -m ext4:ehci-hcd:uhci-hcd:usbhid \
        -f ext4 -r /dev/rootvg/lvroot \
        -l uk -L -C /dev/sda5:/dev/sda3

Did you get the "N logical volumes in volume group 'cryptvg' now active" message? And does everything look present and correct under /dev/cryptvg when it fails to mount the root fs.


BTW, Having to enter the passphrase once for each encrypted device is an issue I'm aware of and something I need to think a little more about. I tend to think that I'd rather have a little inconvenience than over-complicate the scripts by including logic to try and second guess whether the user has used the same passphrase on multiple devices or not. I'll probably come back and look at this once it's fully working and proven.

bgeddy 03-21-2010 07:15 PM

I used the old patch against my system. I have redone the process but this time saved my old style initial ram disk, (that prompts for the one password), to another backup file and made another lilo stanza as recovering with the Slackware DVD when the boot is messed up is a real pain with LVM + LUKS enabled.

Anyway - something was amiss before as it now works fine. Troubleshooting this has taught me a fair bit about LVM and LUKS.

Thanks a lot for this patch and your time.

GazL 03-21-2010 07:37 PM

You're welcome mate. Glad you got it sorted. :)


All times are GMT -5. The time now is 01:58 PM.