LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 05-03-2013, 01:57 AM   #1
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Rep: Reputation: 157Reputation: 157
root partition spanning multiple LUKS volumes


Will initrd support an encrypted root partition in a volume group that spans across more than one LUKS volume?

Here's an example where all the PVs are part of one volume group, hence the root partition (logical volume) is part of the VG that spans multiple encyrpted volumes.

Code:
/dev/sda1 - SATA 100MB for non-LVM unencrypted /boot directory
/dev/sda5 - SATA 300GB LVM PV in VG group vg00, LUKS encrypted
/dev/sdb5 - SATA 300GB LVM PV in VG group vg00, LUKS encrypted
/dev/sdc5 - SATA 256GB LVM PV in VG group vg00, LUKS encrypted

cryptsetup -s 256 -y luksFormat /dev/sda5
cryptsetup -s 256 -y luksFormat /dev/sdb5
cryptsetup -s 256 -y luksFormat /dev/sdc5

cryptsetup luksOpen /dev/sda5 zero
cryptsetup luksOpen /dev/sdb5 one
cryptsetup luksOpen /dev/sdC5 two

pvcreate /dev/mapper/zero /dev/mapper/one /dev/mapper/two

vgcreate vg00 /dev/mapper/zero /dev/mapper/one /dev/mapper/two

lvcreate -L 2G -n swap0 vg00
lvcreate -L 18G -n root vg00
lvcreate -L 6G -n var vg00
lvcreate -L 450GB -n home vg00
lvcreate -L 2G -n swap1 vg00
This didn't work when I first tried it a few years ago. I haven't asked or tried recently, so I thought I'd check to see if anything has changed in this area.

If this is still not supported by initrd, I'll create a primary partition on the first drive for the root and var logical volumes and put them in a small single PV volume group, then put everything else in a second volume group that spans all the remaining partitions.
 
Old 05-03-2013, 05:01 AM   #2
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
The -C option of mkinitrd can be used to specify multiple devices to luksOpen during the initrd. You will be prompted for the passphrase per device however.
 
Old 05-03-2013, 05:15 AM   #3
yenn
Member
 
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo
Posts: 153

Rep: Reputation: 21
Wouldn't it be better to build LVM on top of a software RAID (mdadm) instead of LVM RAID?

Last edited by yenn; 05-03-2013 at 05:18 AM.
 
Old 05-03-2013, 09:27 AM   #4
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Original Poster
Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by GazL View Post
The -C option of mkinitrd can be used to specify multiple devices to luksOpen during the initrd. You will be prompted for the passphrase per device however.
GazL, I've been adding multiple devices with the -C option of mkinitrd since release 13.1. I recall that I learned about the multiple device support from you in another thread. I get the password prompts during boot for all of the devices I specify. But the volume group that contains the root partition must have a single PV, or the boot fails after I get prompted for passwords. When I tried in the past to have multiple PVs in the volume group that contained the root partition, I got errors like these:

Code:
Reading all physical volumes.  THis may take a while...
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
mount: mounting /dev/vg00/root on /mnt failed: No such file or directory
ERROR: No /sbin/init found on rootdev (or not mounted). Trouble ahead.
       You can try to fix it.  Type 'exit' when things are done.
Here is the thread where I originally discussed it with you and Alien Bob.

12.1 LUKS and LVM install on system with multiple SATA and IDE HDD

Last edited by Z038; 05-03-2013 at 09:34 AM.
 
Old 05-03-2013, 09:32 AM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Original Poster
Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by yenn View Post
Wouldn't it be better to build LVM on top of a software RAID (mdadm) instead of LVM RAID?
I don't know, I'm not using a RAID of any kind. I'm just using LVM and LUKS encrypted partitions.
 
Old 05-03-2013, 09:51 AM   #6
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
I've no idea then. if all the devices that contain the PVs that make up the volume group have been unlocked during the initrd then there is no reason why the vgscan should not find them.
 
Old 05-03-2013, 06:57 PM   #7
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Original Poster
Rep: Reputation: 157Reputation: 157
Thanks GazL. Perhaps Eric will know. He was the one who confirmed that initrd didn't support that configuration back in 2008 and 2010.
 
Old 05-04-2013, 04:56 AM   #8
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Quote:
Originally Posted by Z038 View Post
Perhaps Eric will know. He was the one who confirmed that initrd didn't support that configuration back in 2008 and 2010.
Yes, but Eric's comment referred to the situation before the -C option was enhanced to support more than one device. The whole point of the changes we introduced was to support exactly this possibility. As I said above it should work and I have certainly run a rootvg consisting of 2 luks devices in the past (back around 12.2 or 13.0). If you're encountering this error now on a relatively recent version of slackware when using the -C option to unlock all your PVs then something must be going wrong.
 
Old 05-04-2013, 08:51 AM   #9
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Original Poster
Rep: Reputation: 157Reputation: 157
Those error messages were from when I tried it back in 2008. I'm not getting them now because I haven't tried mulitple PVs in the root VG since then. I am having the initrd unlock multiple LUKS devices with the -C option during boot, but each device is in a different VG.

Now I'm preparing to go to a 64-bit 14.0 from a 32-bit 13.37, so I have to do a full install rather than an upgrade. I thought this would be a good time to give it another shot. You're saying it should work now, so I'll try it.

Thank you for the clarification.
 
Old 05-07-2013, 05:14 AM   #10
yenn
Member
 
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo
Posts: 153

Rep: Reputation: 21
Quote:
Originally Posted by Z038 View Post
I don't know, I'm not using a RAID of any kind. I'm just using LVM and LUKS encrypted partitions.
Do you intent to span volume group across multiple hard drives to extend it's size? In that case you are using RAID 0 with linear stripping (also known as concatenation).

You can create RAID with LVM (like you did), but it might be better to separate LVM and RAID. Advantage of this approach is that you will have one RAID device consisting of as many physical hard drives as you want (lets say /dev/md0) and then you are building LVM and LUKS encrypted partition on exactly one (meta)device, not all of them. RAID array will take care of the low-level stuff. And in case of hard drive failure, you will just replace that hard drive, restore data from backup and re-assemble RAID array. No need to fiddle with LVM.

Disadvantage is that it adds another layer which needs to be taken care of in initrd.

If you interested in this setup, take a look at this: http://www.iverbi.de/slackware/RAID1...2_2_Howto.html

Last edited by yenn; 05-07-2013 at 05:29 AM. Reason: added link
 
Old 05-07-2013, 04:10 PM   #11
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Original Poster
Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by yenn View Post
Do you intent to span volume group across multiple hard drives to extend it's size? In that case you are using RAID 0 with linear stripping (also known as concatenation).
yenn, my intent is simply to be able to add space to the volume group easily so I can expand any of my LVM filesystems as needed. I am not striping the data (RAID 0), and I'm not interested in redundancy (RAID 1 or 5, etc) at the moment. Disk drives have gotten so cheap that I might well go with a RAID 5 setup in the future, but for now, I don't want to add the overhead of software RAID to my system.

Thanks for the info. The referenced articles were worth reading.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Decrypting Multiple LUKS Volumes During Boot flokofcgulls Slackware 11 04-20-2013 11:53 PM
[SOLVED] LUKS / LVM2: Root partition unable to boot, initrd errors ADX Slackware 5 01-13-2012 04:57 PM
[SOLVED] Initramfs with decrypting a luks root partition questions dman777 Linux - Software 3 05-18-2011 09:58 AM
Luks Root Partition on Laptop dman777 Linux - Security 1 05-10-2011 08:13 AM
luks and logical volumes manyrootsofallevil Linux - Software 2 02-21-2011 01:58 AM


All times are GMT -5. The time now is 05:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration