LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2014, 08:53 AM   #1
tripialos
Member
 
Registered: Apr 2012
Posts: 166

Rep: Reputation: Disabled
iscsi with Luks issues


Greetings

I am self-studying for my RHCE (since i cannot afford 2.500 euros for full course) and i came a across with some issues regarding iscsi with cryptsetup.

Since i dont have an instructor to help me with the relevant issues i was hopping to get some help from here.

So:

I am to the point where i am learning that you can encrypt an iscsi partition for better security and my question is:

1) Does the target (server) encrypts the block device and then the initiator (client) while attaches the iscsi drive locally it then encrypts it

|OR|

The client mounts the iscsi drive, then create a partition, "LUKS IT", unlock it and mount it.


I tried the second approach, meaning i shared an iscsi drive from my server and then from my client pc (RHEL 6) i created a partition , encypted --> unlock --> created fs --> mount it.

It all went well but i am stuck automating the above procedure. My question is:

2) when automounting iscsi partition, you just add an entry on the fstab with the UUID of the iscsi block device with the important option of _netdev which indicates that the relevant device is a network device hence the system will first bring up the network and then try to mount.

However on encrypted luks devices there is no option like _devnet on the /etc/crypttab file. How is this issue addressed?

So far what i have tried is the below:

added my iscsi block device for automatic unlocking during boot in /etc/crypttab

Code:
root@rhel6 ~]# cat /etc/crypttab 
/dev/mapper/iscsi-secret UUID="448523a8-dbce-4a28-aba7-7e9d38abe7c7"
then added on the fstab an entry that would auto mount the unlocked partition


Code:
[root@rhel6 ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Sun Feb 23 12:36:10 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_rhel6-lv_root /                       ext4    defaults        1 1
UUID=33fc8ec5-b0bb-45cd-8610-7bfa2c36cb83 /boot                   ext4    defaults        1 2
/dev/mapper/vg_rhel6-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

/dev/mapper/iscsi_secret /storage ext4 _netdev 0 0
Upon reboot, the system prompts me to enter the password for the encrypted device but it doesn't accept the password! When i cancel the procedure and the system boots, i login, open a console and manually unlocking the partition without any issues. For some reason, on boot prompt for unlocking the device my password is not accepted.

Could this be an issue that the network might not be yet up and the system is trying to unlock a device that it is not there yet?
 
Old 02-24-2014, 11:31 AM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,977
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
I think your "crypttab" is set up wrong.

The first entry is the mapper name WITHOUT the path

Something like this

Code:
iscsi-secret UUID="448523a8-dbce-4a28-aba7-7e9d38abe7c7" none
Also make sure the UUID line is the luks UUID (not the blkid ) found with

Code:
cryptsetup luksUUID <device>
--C

Last edited by custangro; 02-24-2014 at 04:11 PM.
 
Old 02-24-2014, 03:59 PM   #3
tripialos
Member
 
Registered: Apr 2012
Posts: 166

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by custangro View Post
I think you're "crypttab" is set up wrong.

The first entry is the mapper name WITHOUT the path

Something like this

<code>
iscsi-secret UUID="448523a8-dbce-4a28-aba7-7e9d38abe7c7" none
</code>

Also make sure the UUID line is the luks UUID (not the blkid ) found with

<code>

cryptsetup luksUUID <device>

</code>


--C
Yap .. that did the trick... i went through that file over and over but after so many hours in the console mistake as such happens.

Thanks also for the tip. I thought that the luks id was the same as the blkid
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Performance issues - Samba & iSCSI heydonms Linux - Server 0 04-05-2013 10:44 AM
[SOLVED] pacemaker - iscsi: how to set up iscsi targets/logical units? eantoranz Linux - Server 9 01-02-2013 09:38 AM
[SOLVED] Gentoo 3.3.4 with LUKS, initramfs Issues unassailable Gentoo 1 05-10-2012 10:57 AM
[SOLVED] iscsi in RHEL6 - issues td3201 Red Hat 3 01-09-2012 09:46 PM
changes on other iscsi nodes attached to an ext3 iscsi target not being seen sldahlin Linux - Server 1 06-07-2008 03:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration