LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Setup slack13 over 2 dm-crypted lvm hdds (http://www.linuxquestions.org/questions/slackware-14/setup-slack13-over-2-dm-crypted-lvm-hdds-756782/)

carlitoco 09-21-2009 09:47 AM

Setup slack13 over 2 dm-crypted lvm hdds
 
Hey!
I planed to setup my favorite distribution since 4 years onto 2 120GB hdds.
They should be an 240GB lvm and dm-crypted device.
How can I reach this?
I've already worked with lvms and dmcrypted systems but only on one physical hdd.

My first thougth was
'I have just to made a lvm over the two already dm-crypted, openend devices'
but it doesn't work.
Please help me! And pre thanks to all linux developers :D

gegechris99 09-21-2009 10:09 AM

Hello,

This README_CRYPT.TXT should be of help in your endeavour. There is a section "Combining LUKS and LVM"

Also, have a look at README_LVM.TXT for details of setting up LVM.

GazL 09-21-2009 10:35 AM

The Slackware initrd only has code in it to unlock one encrypted device, so if the volume group that contains your rootfs contains more than one encrypted PV then it won't come online, your rootfs won't be available and the system will fail to boot.

There are a few ways around this, non of them ideal. The easiest would probably be to have your rootfs outside of lvm in its own partition and then use encrypted lvm partitions for the rest of your filesystems.

carlitoco 09-22-2009 07:18 PM

hmm a bit of mudd
 
My version to get a dm-crypted 200GB "home" partition, with two 120GB HDD's.
It works since 8 hours and 2 reboots :D

The init decrypt and mount the volumes, the system need to boot.
A script should resume the decryption of sdy1 and make "vgscan --mknodes", "vgchange -ay" and "mount /dev/box2vg/home /home"

1.
make 2 partitions on /dev/sdx
first is the boot device, my is huge 300MB
2.
Code:

crypsetup -s 256 -y luksFormat /dev/sdx2 box1
...
crypsetup -s 256 -y luksFormat /dev/sdy1 box2
...
pvcreate /dev/mapper/box1
vgcreate box1vg /dev/mapper/box1
lvcreate -L 25G -n root box1vg
lvcreate -L 3,7G -n swap box1vg
lvcreate -L G85,5 -n homebox1 box1vg
...
pvcreate /dev/box1vg/homebox1 /dev/mapper/box2
vgcreate box2vg /dev/box1vg/homebox1 /dev/mapper/box2
lvcreate -L  199.9G -n home box2vg


carlitoco 09-24-2009 02:18 PM

This is not some kind of documentation for dm-crypt on Slackware Linux
13, but a real world example. I simply publish my experiences here.
You can read this in addition to README_CRYPT.TXT
on your Slackware 13.0 disks.

Infact crypt support improved much and I had no problems, you should
really skip this and read the README_CRYPT.TXT.

# dd if=/dev/urandom of=/dev/sdx

I like cfdisk for creating tables (reboot afterwards required).

# cfdisk

It looks like that. sda1 is /boot and sda2 & sdb1 is the rest.

Disk /dev/sda: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xa18e45fd

Device Boot Start End Blocks Id System
/dev/sda1 * 1 36 289138+ 83 Linux
/dev/sda2 37 14946 119764575 83 Linux

Disk /dev/sdb: 122.9 GB, 122942324736 bytes
255 heads, 63 sectors/track, 14946 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x70a8edb5

Device Boot Start End Blocks Id System
/dev/sdb1 1 14946 120053713+ 83 Linux

We need to encrypt sda2 & sdb1.

# cryptsetup -s 256 -y luksFormat /dev/sda2

# cryptsetup -s 256 -y luksFormat /dev/sdb1

And now we open this one in order to be able to install on to it.

# cryptsetup luksOpen /dev/sda2 box1luks

# cryptsetup luksOpen /dev/sdb1 box2luks


Now we create LVM volumes. I just list the steps.

# pvcreate /dev/mapper/box1luks
# vgcreate box1vg /dev/mapper/box1luks
# lvcreate -L 25G -n root box1vg
# lvcreate -L 3,7G -n swap box1vg
# lvcreate -L 85.5G -n home box1vg
# pvcreate /dev/box1vg/home
# vgcreate homevg /dev/mapper/box1vg-home
# vgexpand homevg /dev/mapper/box2
# lvcreate -L 199.9G -n home homevg
# vgscan --mknodes
# vgchange -ay

We have to run mkswap on our new swap partition so that the setup will detect it as such.

# mkswap /dev/box1vg/swap

Now you can start the setup program.
During setup make sure to install to /dev/box1vg/root rather then to /dev/sda2 also not to something like /dev/mapper/*. But dont't forget to chose /dev/sda1 as /boot and /dev/homevg/home as /home.
Don't reboot after setup, but chroot into your new system and create a custom initrd.

# chroot /mnt

Check with

# ls -l /boot/vmlinuz

which kernel you use and than run

# mkinitrd -c -k 2.6.29.6 -m ext4 -f ext4 -r /dev/box1vg/root -C /dev/sda2 -L -l de -h /dev/box1vg/swap

In order to use this initrd.gz you need to edit /etc/lilo.conf.

# cat /etc/lilo.conf
# LILO configuration file
# generated by 'liloconfig'
#
# Start LILO global section
boot = /dev/sda
compact # faster, but won't work on all systems.
# Boot BMP Image.
# Bitmap in BMP format: 640x480x8
bitmap = /boot/slack.bmp
# Menu colors (foreground, background, shadow, highlighted
# foreground, highlighted background, highlighted shadow):
bmp-colors = 255,0,255,0,255,0
# Location of the option table: location x, location y, number of
# columns, lines per column (max 15), "spill" (this is how many
# entries must be in the first column before the next begins to
# be used. We don't specify it here, as there's just one column.
bmp-table = 60,6,1,16
# Timer location x, timer location y, foreground color,
# background color, shadow color.
bmp-timer = 65,27,0,255
# Standard menu.
# Or, you can comment out the bitmap menu above and
# use a boot message with the standard menu:
#message = /boot/boot_message.txt

# Append any additional kernel parameters:
append="resume=/dev/box1vg/swap vt.default_utf8=0"
prompt
timeout = 50
# VESA framebuffer console @ 1024x768x64k
vga = 791
# ramdisk = 0 # paranoia setting
# End LILO global section
# Linux bootable partition config begins
image = /boot/vmlinuz
initrd = /boot/initrd.gz
root = /dev/box1vg/root
label = linux
read-only # Partitions should be mounted read-only for checking
# Linux bootable partition config ends

Dont forget to run lilo in order to apply the changes.

# lilo

Edit # joe /etc/rc.d/rc.local

/root/run.sh

Edit # joe /root/run.sh

cryptsetup luksOpen /dev/sdb1 box2
vgscan --mknodes
vgchange -ay
mount /dev/homevg/home /home

After rebooting you have a encrypted suspend to disk capable Slackware Linux system you can put it to sleep with.

# echo -n disk > /sys/power/state


All times are GMT -5. The time now is 11:43 AM.