LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-21-2010, 07:58 AM   #1
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Rep: Reputation: 227Reputation: 227Reputation: 227
Adding a volume to a LUKS/LVM setup


I have been following Alien Bob's README_CRYPT.TXT on the install disk and playing around with LUKS and LVM as highlighted in the section Combining LUKS and LVM. I got this working following the examples in the readme however I now wish to add another volume to the volume group. I have got this working and extended the group with an encrypted volume so it's now bigger. I want the two included physical volumes in the volume group (which are both encrypted) to be opened on bootup.

As it is now I am prompted for a password for the first physical volume (the passwords are set to be the same) and that opens and boots the volume. It has a problem with the second PV I have added and doesn't open this. There are errors on boot up about this and pvdisplay give this:
Code:
 Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  Couldn't find device with uuid 'JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8'.
  --- Physical volume ---
  PV Name               /dev/block/253:0
  VG Name               cryptvg
  PV Size               13.97 GB / not usable 2.89 MB
  Allocatable           yes (but full)
  PE Size (KByte)       4096
  Total PE              3576
  Free PE               0
  Allocated PE          3576
  PV UUID               qLElW3-5PNN-UztG-0tE3-GoZy-V2GN-iPty9X
   
  --- Physical volume ---
  PV Name               unknown device
  VG Name               cryptvg
  PV Size               2.00 GB / not usable 2.31 MB
  Allocatable           yes 
  PE Size (KByte)       4096
  Total PE              511
  Free PE               28
  Allocated PE          483
  PV UUID               JVirxL-lmqH-SUym-3lXG-MnXx-Qjk8-JZRha8
I think something needs to be added to the initrd to get it to open the second PV of the volume group but neither mkinitrd_command_generator nor man mkinitrd helps me with this.

If I open this volume manually from the CLI with this:
Code:
cryptsetup luksOpen /dev/sdb1 drive2
then pvdisplay finds both volumes in the group and doesn't error.
 
Old 03-21-2010, 09:03 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,184

Rep: Reputation: Disabled
GazL added support for multiple volumes in a patch found here: http://www.linuxquestions.org/questi...74#post3851074

However I was unable to make this work for me, with the current version of mkinitrd.

Eric
 
Old 03-21-2010, 09:34 AM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,312

Rep: Reputation: Disabled
There were some changes to current's initrd so the old patch doesn't work anymore.

I've attached a new patch that can be applied against the slackware64-current/source/a/mkinitrd to build a new mkinitrd package (only tested here on current64)

It doesn't yet support Eric's new keyfile based unlocking stuff. I'm going to have a look at integrating keyfile support in the near future, but was still deciding on the best way to approach it.

NO WARRANTY. USE AT YOUR OWN RISK AND ALL THAT STUFF

Make sure you read the updated manpage for mkinitrd. Specifically, -r and -C are used differently to the stock version.

Feedback is welcome if anyone does try this out.


PS.

An alternative approach would be to put your second disk in a separate volumegroup and unlock that from /etc/crypttab after the system has booted.


update :

This has now been included in Slackware so I'll remove the attachment as it 's no longer needed.

Last edited by GazL; 05-05-2010 at 10:23 AM.
 
Old 03-21-2010, 11:31 AM   #4
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Original Poster
Rep: Reputation: 227Reputation: 227Reputation: 227
Thank you both for the help. I have ran the patch on a Slackware 13.0 system and re ran mkinitrd which worked OK. Then lilo then rebooted and the boot sequence asked me for two passphrases - logical as I now have two LUKS volumes in the LVM. I entered the passwords (both the same BTW - possibly the boot should accept the one for both LUKS volumes ?) - and the boot up proceeded but then failed with:
Code:
mount: mounting /dev/cryptvg/root on /mnt failed: No such file or directory.
I'm not sure if the required parameters to mkinitrd have been changed and maybe I've supplied the wrong ones - I'll look into this.
 
Old 03-21-2010, 05:39 PM   #5
GazL
Senior Member
 
Registered: May 2008
Posts: 3,312

Rep: Reputation: Disabled
Are you using the one I posted in the thread Eric linked to? or the new one I posted above? For 13.0 you want that old one.

The one eric linked to was definitely working on my box when I tested it on 64/13.0
The mkinitrd command I used at the time looked something like this
Code:
mkinitrd -c -k 2.6.xx.yy \
         -m ext4:ehci-hcd:uhci-hcd:usbhid \
         -f ext4 -r /dev/rootvg/lvroot \
         -l uk -L -C /dev/sda5:/dev/sda3
Did you get the "N logical volumes in volume group 'cryptvg' now active" message? And does everything look present and correct under /dev/cryptvg when it fails to mount the root fs.


BTW, Having to enter the passphrase once for each encrypted device is an issue I'm aware of and something I need to think a little more about. I tend to think that I'd rather have a little inconvenience than over-complicate the scripts by including logic to try and second guess whether the user has used the same passphrase on multiple devices or not. I'll probably come back and look at this once it's fully working and proven.

Last edited by GazL; 03-21-2010 at 05:49 PM.
 
Old 03-21-2010, 06:15 PM   #6
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Original Poster
Rep: Reputation: 227Reputation: 227Reputation: 227
I used the old patch against my system. I have redone the process but this time saved my old style initial ram disk, (that prompts for the one password), to another backup file and made another lilo stanza as recovering with the Slackware DVD when the boot is messed up is a real pain with LVM + LUKS enabled.

Anyway - something was amiss before as it now works fine. Troubleshooting this has taught me a fair bit about LVM and LUKS.

Thanks a lot for this patch and your time.
 
Old 03-21-2010, 06:37 PM   #7
GazL
Senior Member
 
Registered: May 2008
Posts: 3,312

Rep: Reputation: Disabled
You're welcome mate. Glad you got it sorted.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Luks/Lvm after dd duplication brodo Slackware 10 03-12-2009 03:56 PM
Slackware 12.1, LUKS, LVM on external HD. How? randomsel Slackware - Installation 7 06-26-2008 06:35 PM
Adding new HD to LVM volume? Yig Linux - Hardware 1 01-30-2008 02:08 AM
luks cryptsetup and lvm question ruzzed Linux - Software 3 09-16-2007 07:21 PM
lvm:didn't do pvcreate on partition, before adding it to volume group kpachopoulos Linux - General 3 03-11-2007 08:22 AM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration