Also, as I've just managed to work, to have LUKS encrypt an LVM LV you need to specify the path to the LV, for example:
disk_config cryptsetup luks /srv/node/obj01 /dev/vgobj01/lvobj01 xfs rw createopts="-L obj01" That took a bit of head bashing to work out, initially I was trying vgobj01-lvobj01 and /dev/mapper/vgobj01-lvobj01. The sample above worked, and I'm just running the package installation phase of my build now. ;) On a similar note, is it possible to use uuid's in /etc/crypttab instead of the device name? Cheers, Andrew On Tue, 2016-09-20 at 11:36 +0000, Paul Schulz wrote: > Woot! (.. for setup-storage anyway) > Thanks everyone for your suggestions. > > The solution to my problem is to not worry about the name of the > 'cryptsetup' partition, 'setup-storage' handles this automatically. > > Cryptsetup is called and creates a device called "crypt_format_md1" > (in my case) which is then fed correctly to LVM. > > Can this be put into the documentation somewhere? > (./man/setup-storage.8 ?) I only found this out somewhat by accident. > > Cheers, > Paul > > ps. FAI installes the system installs but doesn't boot, so that's the > next thing to solve. Fails to decrypt the luks partition and find > /dev/mapper/Base-Root > > > On Fri, 16 Sep 2016 at 00:58 Paul Schulz <p...@mawsonlakes.org> > wrote: > > I am still having an isse with the setup-disk configuration > > > > I'm now getting the following error after the file is parsed.. > > "Cannot determine size of /dev/mapper/md1_crypt - scheme unknown" > > > > See attached files: > > raid1-disk1-disk2t.txt - Just RAID1 > > lvm-disk1-disk2.txt - RAID1+LVM (works) > > crypt-disk1-disk2.txt - RAID1+CRYPT+LVM (error) > > > > For testing, I have two external USB 90G disks attached for testing > > and am using the following: > > ./bin/setup-storage -D"sdb sdc" -fcrypt-disk1-disk2.txt > > (With export PERL5LIB=`pwd`/lib/setup-storage) > > or > > /usr/sbin/setup-storage -D"sdb sdc" -fcrypt-disk1-disk2.txt > > (Ubuntu 16.04) > > > > Q. Do I need to know or set the size of the crypted drive before it > > is created? It is then used by LVM, so maybe I do? > > > > My Plan B is to take the log from ' lvm-disk1-disk2.txt' and then > > modify it manually setup the encrypted partition. I can then run > > this script in place of setup-storage in the FAI partitioning step. > > > > Regards > > Paul > > > > On Thu, 25 Aug 2016 at 13:15 Paul Schulz <p...@mawsonlakes.org> > > wrote: > > > Hi Alexandros > > > > > > Thank you for your reply. It was helpful and I have made some > > > progress, > > > but I'm still getting errors when processing the 'cryptsetup' > > > stanza. > > > > > > I have attached my FAI configuration files that I am tying to > > > parse. > > > FSRAID - produces error on 'luks' line > > > FSRAID-parses > > > > > > (If I comment out the 'luks' line I can parse.but I don't know > > > what output > > > or commands it will produce.) > > > > > > To test this, I have used copy of the latest github code, and > > > have modified > > > the code so it can access it's perl modules (without > > > installation). > > > > > > Also, I gen another error if I don't use the full path > > > '/dev/mapper/md1_crypt' > > > in the luks line, BUT cryptsetup only uses the filename part ' > > > md1_crypt'. > > > > > > I am trying to grok the parser code... > > > > > > Regards, > > > Paul > > > > > > On Tue, 23 Aug 2016 at 20:04 Alexandros Afentoulis <ale...@noc.gr > > > net.gr> wrote: > > > > On 08/22/2016 09:56 AM, Paul Schulz wrote: > > > > > (Repeated as first attempt didn't go through.) > > > > > > > > > > Greetings, > > > > > I have been asked to setup some systems with an encrypted > > > > disk > > > > > configuration (see below for FAI setup-storage format), > > > > essentially two > > > > > disks with: > > > > > RAID1(/boot+other) < Crypt(other) < LVM((Root,Home,Swap) > > > > > > > > > > Should I expect this to work? If not, what would need to be > > > > done to > > > > > include this support in LVM. Can I run setup-storage > > > > multiple times(3 > > > > > confiig files)? > > > > > > > > Hello there, > > > > > > > > yes the disk scheme you aim for is feasible. In fact I did > > > > setup a node > > > > like that a couple of days ago. > > > > > > (snip) > > > > > > > Hope I helped, > > > > Greetings > > > > > > > > > -- Andrew Ruthven, Wellington, New Zealand and...@etc.gen.nz | linux.conf.au 2017, Hobart, AU New Zealand's only Cloud: | The Future of Open Source https://catalyst.net.nz/cloud | http://linux.conf.au