Adding a volume to a LUKS/LVM setup
I have been following Alien Bob's README_CRYPT.TXT on the install disk and playing around with LUKS and LVM as highlighted in the section Combining LUKS and LVM. I got this working following the examples in the readme however I now wish to add another volume to the volume group. I have got this working and extended the group with an encrypted volume so it's now bigger. I want the two included physical volumes in the volume group (which are both encrypted) to be opened on bootup.
As it is now I am prompted for a password for the first physical volume (the passwords are set to be the same) and that opens and boots the volume. It has a problem with the second PV I have added and doesn't open this. There are errors on boot up about this and pvdisplay give this: Code:
Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'. If I open this volume manually from the CLI with this: Code:
cryptsetup luksOpen /dev/sdb1 drive2 |
GazL added support for multiple volumes in a patch found here: http://www.linuxquestions.org/questi...74#post3851074
However I was unable to make this work for me, with the current version of mkinitrd. Eric |
There were some changes to current's initrd so the old patch doesn't work anymore.
I've attached a new patch that can be applied against the slackware64-current/source/a/mkinitrd to build a new mkinitrd package (only tested here on current64) It doesn't yet support Eric's new keyfile based unlocking stuff. I'm going to have a look at integrating keyfile support in the near future, but was still deciding on the best way to approach it. NO WARRANTY. USE AT YOUR OWN RISK AND ALL THAT STUFF Make sure you read the updated manpage for mkinitrd. Specifically, -r and -C are used differently to the stock version. Feedback is welcome if anyone does try this out. PS. An alternative approach would be to put your second disk in a separate volumegroup and unlock that from /etc/crypttab after the system has booted. update : This has now been included in Slackware so I'll remove the attachment as it 's no longer needed. |
Thank you both for the help. I have ran the patch on a Slackware 13.0 system and re ran mkinitrd which worked OK. Then lilo then rebooted and the boot sequence asked me for two passphrases - logical as I now have two LUKS volumes in the LVM. I entered the passwords (both the same BTW - possibly the boot should accept the one for both LUKS volumes ?) - and the boot up proceeded but then failed with:
Code:
mount: mounting /dev/cryptvg/root on /mnt failed: No such file or directory. |
Are you using the one I posted in the thread Eric linked to? or the new one I posted above? For 13.0 you want that old one.
The one eric linked to was definitely working on my box when I tested it on 64/13.0 The mkinitrd command I used at the time looked something like this Code:
mkinitrd -c -k 2.6.xx.yy \ BTW, Having to enter the passphrase once for each encrypted device is an issue I'm aware of and something I need to think a little more about. I tend to think that I'd rather have a little inconvenience than over-complicate the scripts by including logic to try and second guess whether the user has used the same passphrase on multiple devices or not. I'll probably come back and look at this once it's fully working and proven. |
I used the old patch against my system. I have redone the process but this time saved my old style initial ram disk, (that prompts for the one password), to another backup file and made another lilo stanza as recovering with the Slackware DVD when the boot is messed up is a real pain with LVM + LUKS enabled.
Anyway - something was amiss before as it now works fine. Troubleshooting this has taught me a fair bit about LVM and LUKS. Thanks a lot for this patch and your time. |
You're welcome mate. Glad you got it sorted. :)
|
All times are GMT -5. The time now is 02:02 PM. |