View previous topic :: View next topic |
Author |
Message |
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Wed Sep 16, 2015 9:31 pm Post subject: [SOLVED] Automount of LVM+LUKS partition |
|
|
Hello, community!
I've got an encrypted logical partition. Munual mounting is perfect:
Code: | home ~ # cryptsetup luksOpen -d /root/keys/store.key /dev/repo/store store
home ~ # mount /dev/mapper/store /opt/store/
|
Nevertheless, there's an error in boot process. It must mount the encrypted logical partition automatically.
Here are some config files
Code: | # cat /etc/conf.d/dmcrypt
target=store
source='/dev/repo/store'
key='/root/keys/store.key'
|
Code: | # cat /etc/fstab
/dev/md124 /boot ext4 noatime 1 2
/dev/md125 / ext4 noatime 0 1
/dev/md126 /home ext4 noatime 0 0
/dev/sda2 none swap sw 0 0
/dev/sdb2 none swap sw 0 0
/dev/mapper/store /opt/store ext4 noatime 0 0
|
Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
Do you have any ideas? _________________ Make a wish, this text is magic.
Last edited by umka69 on Thu Sep 17, 2015 4:09 pm; edited 1 time in total |
|
Back to top |
|
|
charles17 Advocate
Joined: 02 Mar 2008 Posts: 3664
|
Posted: Thu Sep 17, 2015 5:50 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
umka69 wrote: | Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
|
Could you please also show Quote: | $ rc-config show --all | grep 'dmcrypt\|lvm' |
And check /var/log/rc.log |
|
Back to top |
|
|
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Thu Sep 17, 2015 8:28 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
charles17 wrote: | umka69 wrote: | Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
|
Could you please also show Quote: | $ rc-config show --all | grep 'dmcrypt\|lvm' |
And check /var/log/rc.log |
Sure, here you are.
Code: | home ~ # sudo rc-config show --all | grep 'dmcrypt\|lvm'
dmcrypt [started]
lvm [started] |
Yes, there is a problem in rc.log.
Code: | * Shutting down the Logical Volume Manager
* Shutting Down LVs & VGs ...
WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
Logical volume repo/store is used by another device.
* Failed (possibly some LVs still needed for /usr or root)
[ !! ]
* Finished shutting down the Logical Volume Manager
* Stopping lvmetad ...
[ ok ]
* Removing dm-crypt mappings
* store ... |
It says, repo/store is used by another device. But who is using it?)
So lot of warnings here _________________ Make a wish, this text is magic. |
|
Back to top |
|
|
charles17 Advocate
Joined: 02 Mar 2008 Posts: 3664
|
Posted: Thu Sep 17, 2015 9:01 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
umka69 wrote: | Yes, there is a problem in rc.log.
Code: | * Shutting down the Logical Volume Manager
* Shutting Down LVs & VGs ... |
|
That one seems to be from "Shutting down". What about rc.log from booting? |
|
Back to top |
|
|
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Thu Sep 17, 2015 9:10 am Post subject: |
|
|
I am realy sorry. Here it is.
Code: | rc boot logging started at Thu Sep 17 14:14:35 2015
* Setting system clock using the hardware clock [Local Time] ...
[ ok ]
* Autoloaded 0 module(s)
* Setting up dm-crypt mappings ...
* source "/dev/repo/store" for store missing, skipping...
[ ok ]
* Starting lvmetad ...
[ ok ]
* Setting up the Logical Volume Manager ...
[ ok ]
* Checking local filesystems ...
/dev/md125: clean, 315120/6553600 files, 1331540/26197984 blocks
/dev/md124: clean, 360/25584 files, 39534/102272 blocks
[ ok ]
* Remounting root filesystem read/write ...
[ ok ]
* Remounting filesystems ...
[ ok ]
* Activating swap devices ...
[ ok ]
* Mounting local filesystems ...
mount: special device /dev/mapper/store does not exist
* Some local filesystem failed to mount
[ !! ]
* Mounting misc binary format filesystem ...
[ ok ]
* Loading custom binary format handlers ...
[ ok ]
* Configuring kernel parameters ...
[ ok ]
* Creating user login records ...
[ ok ]
* Wiping /tmp directory ...
[ ok ]
* Setting hostname to home ...
[ ok ]
* Setting terminal encoding [UTF-8] ...
[ ok ]
* Setting keyboard mode [UTF-8] ...
[ ok ]
* Loading key mappings [us] ...
[ ok ]
* Bringing up network interface lo ...
[ ok ]
* Starting mdadm monitor ...
[ ok ]
* Activating additional swap space ...
[ ok ]
* Setting up tmpfiles.d entries ...
[ ok ]
* Initializing random number generator ...
[ ok ]
rc boot logging stopped at Thu Sep 17 11:14:39 2015
|
It seems like dm-crypt starts earlier than LVM. dm-crypt can't find encrypted logical volume because of it.
Am I right? Is there a way to solve it? _________________ Make a wish, this text is magic. |
|
Back to top |
|
|
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Thu Sep 17, 2015 4:08 pm Post subject: |
|
|
There is a way to change rc-services boot priority. But it is hard.
I prefer to change the arkitect of data storage:
It used to be: RAID -> LVM -> LUKS
It is now: RAID -> LUKS -> LVM
PS: This command will list rc-services on the specified runlevel in order to its priority.
_________________ Make a wish, this text is magic. |
|
Back to top |
|
|
quilosaq Veteran
Joined: 22 Dec 2009 Posts: 1522
|
Posted: Thu Sep 17, 2015 4:49 pm Post subject: |
|
|
Code: | head -n 6 /etc/conf.d/dmcrypt | I think adding in /etc/conf.d/dmcrypt will work. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21628
|
Posted: Fri Sep 18, 2015 1:25 am Post subject: |
|
|
What is the point of using LUKS in this configuration? Encryption is normally used to prevent access by unauthorized persons who obtain physical control of the machine. However, if the volume is mounted automatically at boot, then anyone who steals the hardware can boot it and the volume will mount at boot, giving them the same access they would have without LUKS. |
|
Back to top |
|
|
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Sun Sep 20, 2015 10:30 am Post subject: |
|
|
quilosaq wrote: | Code: | head -n 6 /etc/conf.d/dmcrypt | I think adding in /etc/conf.d/dmcrypt will work. |
Thank you, good solution. I have tried it. _________________ Make a wish, this text is magic. |
|
Back to top |
|
|
umka69 Tux's lil' helper
Joined: 31 Mar 2013 Posts: 124
|
Posted: Sun Sep 20, 2015 10:33 am Post subject: |
|
|
Hu wrote: | What is the point of using LUKS in this configuration? Encryption is normally used to prevent access by unauthorized persons who obtain physical control of the machine. However, if the volume is mounted automatically at boot, then anyone who steals the hardware can boot it and the volume will mount at boot, giving them the same access they would have without LUKS. |
I'm going to store the key on a usb stick. It'll be safe. _________________ Make a wish, this text is magic. |
|
Back to top |
|
|
|