LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   LVM before and after Encryption? (https://www.linuxquestions.org/questions/linux-security-4/lvm-before-and-after-encryption-871379/)

Nemus 03-28-2011 12:30 AM
LVM before and after Encryption?
 
so I am trying to setup an encrypted lvm

I ran into the issue where I encrypted the file systems setup the LVM formatted the file system mounted just fine
rebooted to test it.

after the reboot I was able to open the encrypted file system but wasn't able to mount the lvm because /dev/lvm/volume didn't exist but lvscan did show the volume group and the volume.

So my question is which comes first the encryption of the lvm ?

should I setup a lvm then encrypt that or setup a encrypted volume then the lvm?

I am running Centos 5.5

rayfordj 03-28-2011 08:30 PM
RHEL's (extended to CentOS) default configuration is:
partition -> LUKS encryption -> pv -> vg -> lv -> fs

but there isn't necessarily any reason that you can not technically:
partition -> pv -> vg -> lv -> LUKS encryption -> fs



I'm having difficulty understanding what the exact process you followed is because of the ambiguous use of terms... If you care to clarify or walk through step-by-step the process (with command examples) you followed, I'll attempt to better answer [re-phrased] questions you have.



:study:

manyrootsofallevil 03-29-2011 08:35 AM
Quote:
Originally Posted by Nemus (Post 4305787)
so I am trying to setup an encrypted lvm

I ran into the issue where I encrypted the file systems setup the LVM formatted the file system mounted just fine
rebooted to test it.

after the reboot I was able to open the encrypted file system but wasn't able to mount the lvm because /dev/lvm/volume didn't exist but lvscan did show the volume group and the volume.

So my question is which comes first the encryption of the lvm ?

should I setup a lvm then encrypt that or setup a encrypted volume then the lvm?

I am running Centos 5.5
You should be able to mount it by using /dev/mapper/luksname

e.g. I named my luks encrypted LV lukslv (I know, I know, such boundless creativity should be channelled towards writing books or something).

I can mount it, to a directory called /lukstest, by typing
Code:
mount /dev/mapper/lukslv /lukstest
In /etc/crypttab, you need the following, in my case:

Code:
lukslv /dev/vol1/lv4 none
where /dev/vol1/lv4 is the original LV

If you have forgotten the name, you can get the name by using blkid. Somewhat confusingly, you want to use the entry whose type is NOT crypto_LUKS
Code:
/dev/mapper/vol1-lv4: UUID="0714a501-ba01-4eb1-be77-690427c8eef8" TYPE="crypto_LUKS"
/dev/mapper/lukslv: UUID="b135d367-ece1-489c-b34f-a0bd6d874199" TYPE="ext4"
Hope this helps.

Nemus 03-29-2011 10:12 AM
Issue
 
so I setup a partition like this
partition -> LUKS encryption -> pv -> vg -> lv -> fs

but after do the cryptsetup luksOPen /dev/sdwhatever whatever and do a lvscan I can see the lvm (vg) but /dev/vg/whatever doesn't exist in /dev

so I went to this model.
partition -> pv -> vg -> lv -> LUKS encryption -> fs

so I am just wondering if there is something I would need to do make the file system see the vg after I've mounted the encrpyted drive.


All times are GMT -5. The time now is 09:32 PM.