Hi, (Sorry, Thunderbird crashed while writing the previous message and seems to have sent it while closing...)
I successfully installed servers with kickstart using the following: ``` clearpart --all --initlabel ignoredisk --only-use=sda part /boot --asprimary --ondisk=sda --label=BOOT --fstype="ext4" --size=256 part /boot/efi --asprimary --ondisk=sda --label=EFI --fstype="efi" --size=256 --fsoptions=umask=0077,shortname=winnt part pv.01 --ondisk=sda --fstype="lvmpv" --grow --encrypted --luks-version=luks2 --cipher=aes-xts-plain64 --passphrase=mysecret volgroup system --pesize=4096 pv.01 logvol swap --vgname=system --name=swap --label="SWAP" --fstype="swap" --recommended --fsoptions=swap logvol / --vgname=system --name=root --label="ROOT" --fstype="xfs" --percent=50 logvol /backup --vgname=system --name=backup --label="BACKUP" --fstype="xfs" --percent=50 ``` I didn't know about the `reqpart` option (which seems to cause trouble here as the installation fails while creating `/boot/efi`). Nevertheless, I was also wondering whether this scheme could be "optimized": * only create a `/boot` partition (no `/boot/efi`) that will contain both boot and EFI files (hence formatted with `fstype="efi"`) * do not use LVM to hold the encrypted partitions, but create a simple encrypted partition, mount it to `/dev/mapper` and create partitions (for `/`, swap, etc.) inside it. The latter doesn't seem to be possible with pure-kickstart commands but using `%pre` commands[1]. Has anyone successfully experienced one or both of the options? Thanks in advance. [1] https://dark.ca/2009/08/03/complex-partitioning-in-kickstart/ On 2020-08-27 18:19, isdtor wrote: > Has anyone managed to create an encrypted disk partition with CentOS 8 > kickstart? > > 1 reqpart --add-boot > 2 part /boot --fstype ext3 --size=1024 --ondrive=sda > 3 part pv.1 --size=1 --grow --ondrive=sda --encrypted --pashphrase="bla" > 4 volgroup vol0 pv.100000 > 5 logvol / --vgname=vg_00 --name=lv_root --size=102400 --fstype=ext4 > ... > > No matter what I specify in line 3, the installer bombs out. The only way to > successful kickstart is to not encrypt the lvm pv. The contents of the > passphrase are not to blame, installer still dies after accepting a > passphrase from the console. > > 15:57:45,280 DBG kickstart: Looking for platform-specific boot requirements. > 15:57:45,281 DBG kickstart: Applying requirements: > PartSpec instance (0x7fbd40f44320) -- > mountpoint = /boot/efi lv = False thin = False btrfs = False > ... > PartSpec instance (0x7fbd4048b4e0) -- > mountpoint = /boot lv = False thin = False btrfs = False > ... > 15:57:45,283 DBG bootloader: stage1 device cannot be of type disk > 15:57:45,334 DBG exception: running handleException > 15:57:45,334 CRT exception: Traceback (most recent call last): > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- Guillaume-Jean Herbiet, PhD System engineer Fondation Restena / DNS-LU 2, avenue de l'Université L-4365 Esch-sur-Alzette tel.: +352.424409 fax.: +352.422473 https://www.restena.lu https://www.dns.lu Public key ID: 0x3A4C47C7 """ Email is an asynchronous, store-and-forward system. Hence, there is no such thing as an urgent mail. For immediate response, please contact me otherwise. """
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
