LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   root partition spanning multiple LUKS volumes (https://www.linuxquestions.org/questions/slackware-14/root-partition-spanning-multiple-luks-volumes-4175460525/)

Z038 05-03-2013 01:57 AM
root partition spanning multiple LUKS volumes
 
Will initrd support an encrypted root partition in a volume group that spans across more than one LUKS volume?

Here's an example where all the PVs are part of one volume group, hence the root partition (logical volume) is part of the VG that spans multiple encyrpted volumes.

Code:
/dev/sda1 - SATA 100MB for non-LVM unencrypted /boot directory
/dev/sda5 - SATA 300GB LVM PV in VG group vg00, LUKS encrypted
/dev/sdb5 - SATA 300GB LVM PV in VG group vg00, LUKS encrypted
/dev/sdc5 - SATA 256GB LVM PV in VG group vg00, LUKS encrypted

cryptsetup -s 256 -y luksFormat /dev/sda5
cryptsetup -s 256 -y luksFormat /dev/sdb5
cryptsetup -s 256 -y luksFormat /dev/sdc5

cryptsetup luksOpen /dev/sda5 zero
cryptsetup luksOpen /dev/sdb5 one
cryptsetup luksOpen /dev/sdC5 two

pvcreate /dev/mapper/zero /dev/mapper/one /dev/mapper/two

vgcreate vg00 /dev/mapper/zero /dev/mapper/one /dev/mapper/two

lvcreate -L 2G -n swap0 vg00
lvcreate -L 18G -n root vg00
lvcreate -L 6G -n var vg00
lvcreate -L 450GB -n home vg00
lvcreate -L 2G -n swap1 vg00
This didn't work when I first tried it a few years ago. I haven't asked or tried recently, so I thought I'd check to see if anything has changed in this area.

If this is still not supported by initrd, I'll create a primary partition on the first drive for the root and var logical volumes and put them in a small single PV volume group, then put everything else in a second volume group that spans all the remaining partitions.

GazL 05-03-2013 05:01 AM
The -C option of mkinitrd can be used to specify multiple devices to luksOpen during the initrd. You will be prompted for the passphrase per device however.

yenn 05-03-2013 05:15 AM
Wouldn't it be better to build LVM on top of a software RAID (mdadm) instead of LVM RAID?

Z038 05-03-2013 09:27 AM
Quote:
Originally Posted by GazL (Post 4943998)
The -C option of mkinitrd can be used to specify multiple devices to luksOpen during the initrd. You will be prompted for the passphrase per device however.
GazL, I've been adding multiple devices with the -C option of mkinitrd since release 13.1. I recall that I learned about the multiple device support from you in another thread. I get the password prompts during boot for all of the devices I specify. But the volume group that contains the root partition must have a single PV, or the boot fails after I get prompted for passwords. When I tried in the past to have multiple PVs in the volume group that contained the root partition, I got errors like these:

Code:
Reading all physical volumes.  THis may take a while...
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Couldn't find device with uuid 'H6TNIc-0rha-fk2i-cgUU-0EhR-hT03-23cvpD'.
 Couldn't find all physical volumes for volume group vg00.
 Volume group "vg00" not found
mount: mounting /dev/vg00/root on /mnt failed: No such file or directory
ERROR: No /sbin/init found on rootdev (or not mounted). Trouble ahead.
      You can try to fix it.  Type 'exit' when things are done.
Here is the thread where I originally discussed it with you and Alien Bob.

12.1 LUKS and LVM install on system with multiple SATA and IDE HDD

Z038 05-03-2013 09:32 AM
Quote:
Originally Posted by yenn (Post 4944006)
Wouldn't it be better to build LVM on top of a software RAID (mdadm) instead of LVM RAID?
I don't know, I'm not using a RAID of any kind. I'm just using LVM and LUKS encrypted partitions.

GazL 05-03-2013 09:51 AM
I've no idea then. if all the devices that contain the PVs that make up the volume group have been unlocked during the initrd then there is no reason why the vgscan should not find them.

Z038 05-03-2013 06:57 PM
Thanks GazL. Perhaps Eric will know. He was the one who confirmed that initrd didn't support that configuration back in 2008 and 2010.

GazL 05-04-2013 04:56 AM
Quote:
Originally Posted by Z038 (Post 4944483)
Perhaps Eric will know. He was the one who confirmed that initrd didn't support that configuration back in 2008 and 2010.
Yes, but Eric's comment referred to the situation before the -C option was enhanced to support more than one device. The whole point of the changes we introduced was to support exactly this possibility. As I said above it should work and I have certainly run a rootvg consisting of 2 luks devices in the past (back around 12.2 or 13.0). If you're encountering this error now on a relatively recent version of slackware when using the -C option to unlock all your PVs then something must be going wrong.

Z038 05-04-2013 08:51 AM
Those error messages were from when I tried it back in 2008. I'm not getting them now because I haven't tried mulitple PVs in the root VG since then. I am having the initrd unlock multiple LUKS devices with the -C option during boot, but each device is in a different VG.

Now I'm preparing to go to a 64-bit 14.0 from a 32-bit 13.37, so I have to do a full install rather than an upgrade. I thought this would be a good time to give it another shot. You're saying it should work now, so I'll try it.

Thank you for the clarification.

yenn 05-07-2013 05:14 AM
Quote:
Originally Posted by Z038 (Post 4944184)
I don't know, I'm not using a RAID of any kind. I'm just using LVM and LUKS encrypted partitions.
Do you intent to span volume group across multiple hard drives to extend it's size? In that case you are using RAID 0 with linear stripping (also known as concatenation).

You can create RAID with LVM (like you did), but it might be better to separate LVM and RAID. Advantage of this approach is that you will have one RAID device consisting of as many physical hard drives as you want (lets say /dev/md0) and then you are building LVM and LUKS encrypted partition on exactly one (meta)device, not all of them. RAID array will take care of the low-level stuff. And in case of hard drive failure, you will just replace that hard drive, restore data from backup and re-assemble RAID array. No need to fiddle with LVM.

Disadvantage is that it adds another layer which needs to be taken care of in initrd.

If you interested in this setup, take a look at this: http://www.iverbi.de/slackware/RAID1...2_2_Howto.html

Z038 05-07-2013 04:10 PM
Quote:
Originally Posted by yenn (Post 4946498)
Do you intent to span volume group across multiple hard drives to extend it's size? In that case you are using RAID 0 with linear stripping (also known as concatenation).
yenn, my intent is simply to be able to add space to the volume group easily so I can expand any of my LVM filesystems as needed. I am not striping the data (RAID 0), and I'm not interested in redundancy (RAID 1 or 5, etc) at the moment. Disk drives have gotten so cheap that I might well go with a RAID 5 setup in the future, but for now, I don't want to add the overhead of software RAID to my system.

Thanks for the info. The referenced articles were worth reading.


All times are GMT -5. The time now is 04:38 PM.