Re: [rlug] grub cu multiple luks

Andrei-Florian Staicu Fri, 25 Mar 2016 01:18:10 -0700

Salut,

Scuze de intarziere, nu am mai putut sa testez aseara. Se pare ca problema
nu era de la luks, ci de la faptul ca lv-urile ala la care se blocheaza
sunt thin. Am incercat cu un lv thick pe acelasi disc si il mounteaza fara
probleme si fara sa-l adaug in rd.lvm.lv.


Am vazut ca se poate rezolva si cu thin-uri in initramfs, dar pana la urma
le-am convertit la thick pentru ca oricum nu aveam nevoie.

Merci de ajutor.

On Thu, Mar 24, 2016 at 11:13 PM Catalin Muresan <[email protected]>
wrote:

> Poate te ajuta, am instalat rapid un centos7 cu 2 VG-uri luks:
>
> [root@localhost ~]# lsblk
> NAME                                          MAJ:MIN RM  SIZE RO TYPE
>  MOUNTPOINT
> sr0                                            11:0    1 1024M  0 rom
> vda                                           252:0    0   15G  0 disk
> ├─vda1                                        252:1    0  501M  0 part
>  /boot
> ├─vda2                                        252:2    0 11.1G  0 part
> │ └─luks-7f84ca0c-40e4-474b-af2a-529dec0ea330 253:0    0 11.1G  0 crypt
> │   ├─centos-usr                              253:2    0  6.4G  0 lvm
>  /usr
> │   └─centos-root                             253:3    0  4.8G  0 lvm   /
> └─vda3                                        252:3    0  3.4G  0 part
>   └─luks-8f5af8ea-c485-48cb-b613-7c653ee92927 253:1    0  3.4G  0 crypt
>     ├─VM-00                                   253:4    0  664M  0 lvm
> [SWAP]
>     └─VM-vm01                                 253:5    0  2.8G  0 lvm
>  /VMs
> [root@localhost ~]# df
> Filesystem              1K-blocks   Used Available Use% Mounted on
> /dev/mapper/centos-root   4974592  81292   4893300   2% /
> devtmpfs                   498728      0    498728   0% /dev
> tmpfs                      508548      0    508548   0% /dev/shm
> tmpfs                      508548   6780    501768   2% /run
> tmpfs                      508548      0    508548   0% /sys/fs/cgroup
> /dev/mapper/centos-usr    6645760 757692   5888068  12% /usr
> /dev/mapper/VM-vm01       2869248  32928   2836320   2% /VMs
> /dev/vda1                  509612 123780    385832  25% /boot
> [root@localhost ~]# swapon -s
> Filename Type Size Used Priority
> /dev/dm-4                               partition 679932 0 -1
> [root@localhost ~]# ll /dev/mapper/
> total 0
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07 centos-root -> ../dm-3
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07 centos-usr -> ../dm-2
> crw-------. 1 root root 10, 236 Mar 24 17:07 control
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07
> luks-7f84ca0c-40e4-474b-af2a-529dec0ea330 -> ../dm-0
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07
> luks-8f5af8ea-c485-48cb-b613-7c653ee92927 -> ../dm-1
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07 VM-00 -> ../dm-4
> lrwxrwxrwx. 1 root root       7 Mar 24 17:07 VM-vm01 -> ../dm-5
> [root@localhost ~]#
>
> grub2.cfg
>
> linux16 /vmlinuz-3.10.0-229.el7.x86_64 root=/dev/mapper/centos-root ro
> rd.lvm.lv=centos/usr crashkernel=auto
> rd.luks.uuid=luks-7f84ca0c-40e4-474b-af2a-529dec0ea330 rd.lvm.lv
> =centos/root
> rd.luks.uuid=luks-8f5af8ea-c485-48cb-b613-7c653ee92927 rd.lvm.lv=VM/00
> rhgb
> quiet LANG=en_US.UTF-8
>
> rd.luks.uuid sunt inainte de rd.lvm.lv.
>
> parolele sunt pe VG-uri nu pe LV-uri, sunt identice.
>
>
> 2016-03-24 20:53 GMT+00:00 Catalin Muresan <[email protected]>:
>
> > Ordinea ?
> >
> > pune toate rd.lvm.lv la inceput si dupa aia rd.luks.uuid-urile.
> >
> >
> > 2016-03-24 20:24 GMT+00:00 Andrei-Florian Staicu <
> [email protected]>
> > :
> >
> >> Crap. Sorry. Am modificat in rd.
> >> /etc/crypttab
> >> luks-4ad3c41f-ba52-4dc6-a003-30fe715ef949
> >> UUID=4ad3c41f-ba52-4dc6-a003-30fe715ef949 none        -> sda, sysvg
> >> luks-4fba8981-4992-4679-bd7f-477b10214333
> >> UUID=4fba8981-4992-4679-bd7f-477b10214333 none        -> sdb, vg_libvirt
> >> /boot/grub2/grub.cfg:
> >>         linux16 /vmlinuz-4.4.5-200.fc22.x86_64
> >> root=/dev/mapper/sysvg-lv_root ro rd.lvm.lv=sysvg/lv_usr
> >> rd.lvm.lv=sysvg/lv_swap
> >> rd.luks.uuid=luks-4ad3c41f-ba52-4dc6-a003-30fe715ef949
> >> rd.luks.uuid=luks-4fba8981-4992-4679-bd7f-477b10214333 rd.lvm.lv
> >> =sysvg/lv_root
> >> rd.driver.blacklist=nouveau nouveau.modeset=0
> rd.driver.blacklist=nouveau
> >> rhgb quiet
> >>
> >> Cam acelasi comportament, doar ca acum, cand zice starting cyrptography
> >> setup imi arata uuid-ul lui sbd (dar imi face unlock si la sda).
> >> Am incercat sa adaug si un lv din al doilea vg (rd.lvm.lv
> >> =vg_libvirt/lv_iso),
> >> la fel. Oricum am vazut ca nu sunt toate lv-urile puse in rd.lvm.lv; de
> >> exemplu sysvg/lv_var nu e acolo, dar il mounteaza cum trebuie.
> >>
> >> On Thu, Mar 24, 2016 at 10:02 PM Catalin Muresan <
> >> [email protected]>
> >> wrote:
> >>
> >> > 2016-03-24 19:18 GMT+00:00 Andrei-Florian Staicu <
> >> [email protected]
> >> > >:
> >> >
> >> > > Salutare,
> >> > >
> >> > > Am o problema la boot cu doua discuri cu luks pe ele. FC 22.
> Amandoua
> >> > sunt
> >> > > "full disk encryption" (tot block device-ul), cu parola. sda are
> sda1
> >> > /boot
> >> > > si sda2 pv in vg1, sdb e direct pv in vg2.
> >> > > Daca nu am nimic din vg2 in fstab si avand in grub
> rc.luks.uuid=uuid1
> >> > merge
> >> > > perfect, mai ales ca toate lv-urile "esentiale" sunt pe sda (sdb e
> de
> >> > > "storage"): imi cere parola pentru sda, si se mounteaza tot ce
> trebuie
> >> > > (dar, in mod ciudat, se deblocheaza si sdb; acceasi parola la luks,
> >> dar
> >> > nu
> >> > > ma intreaba in mod specific de parola pentru sdb).
> >> > > Daca incerc sa adauga ceva din vg2 in fstab si adaug in grub inca un
> >> > > rc.luks.uuid=uuid2, imi cere parola pentru sda si crapa cand
> incearca
> >> sa
> >> > > mounteze ceva din vg2:
> >> > >
> >> > > Timed out waiting for device dev-mapper-vg2\x2dlv_somelv.device.
> >> > >
> >> > > Aveti vreo idee de ce nu se uita grub la al doilea rc.luks.uuid? Sau
> >> > poate
> >> > > se uita, dar am omis eu ceva...
> >> > > Amandoua sunt puse in /etc/crypttab, dar cred ca problema e dinainte
> >> de
> >> > > uitat prin fs.
> >> > >
> >> >
> >> > Nu era mult mai simplu sa faci copy/paste la grub2.cfg (partea cu
> linux
> >> ...
> >> > ) si la /etc/crypttab ?
> >> >
> >> > nu e rc. e rd.
> >> >
> >> >
> >>
> https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_crypto_luks
> >> >
> >> >
> >> >
> >> > >
> >> > > Merci.
> >> > > --
> >> > > Beware of programmers who carry screwdrivers.
> >> > > _______________________________________________
> >> > > RLUG mailing list
> >> > > [email protected]
> >> > > http://lists.lug.ro/mailman/listinfo/rlug
> >> > >
> >> > _______________________________________________
> >> > RLUG mailing list
> >> > [email protected]
> >> > http://lists.lug.ro/mailman/listinfo/rlug
> >> >
> >> --
> >> Beware of programmers who carry screwdrivers.
> >> _______________________________________________
> >> RLUG mailing list
> >> [email protected]
> >> http://lists.lug.ro/mailman/listinfo/rlug
> >>
> >
> >
> _______________________________________________
> RLUG mailing list
> [email protected]
> http://lists.lug.ro/mailman/listinfo/rlug
>
-- 
Beware of programmers who carry screwdrivers.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

Re: [rlug] grub cu multiple luks

Raspunde prin e-mail lui