| View previous topic :: View next topic |
| Author |
Message |
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
 Posted: Wed Sep 16, 2015 9:31 pm Post subject: [SOLVED] Automount of LVM+LUKS partition |
 |
|
Hello, community!
I've got an encrypted logical partition. Munual mounting is perfect:
| Code: | home ~ # cryptsetup luksOpen -d /root/keys/store.key /dev/repo/store store
home ~ # mount /dev/mapper/store /opt/store/
|
Nevertheless, there's an error in boot process. It must mount the encrypted logical partition automatically.
Here are some config files
| Code: | # cat /etc/conf.d/dmcrypt
target=store
source='/dev/repo/store'
key='/root/keys/store.key'
|
| Code: | # cat /etc/fstab
/dev/md124 /boot ext4 noatime 1 2
/dev/md125 / ext4 noatime 0 1
/dev/md126 /home ext4 noatime 0 0
/dev/sda2 none swap sw 0 0
/dev/sdb2 none swap sw 0 0
/dev/mapper/store /opt/store ext4 noatime 0 0
|
| Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
Do you have any ideas?
_________________
Make a wish, this text is magic. 
Last edited by umka69 on Thu Sep 17, 2015 4:09 pm; edited 1 time in total |
|
| Back to top |
|
 |
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Thu Sep 17, 2015 5:50 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
| umka69 wrote: | | Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
|
Could you please also show | Quote: | | $ rc-config show --all | grep 'dmcrypt\|lvm' |
And check /var/log/rc.log |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Thu Sep 17, 2015 8:28 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
| charles17 wrote: | | umka69 wrote: | | Code: | home ~ # rc-update show | grep lvm
lvm | boot
home ~ # rc-update show | grep dmcrypt
dmcrypt | boot
|
|
Could you please also show | Quote: | | $ rc-config show --all | grep 'dmcrypt\|lvm' |
And check /var/log/rc.log |
Sure, here you are.
| Code: | home ~ # sudo rc-config show --all | grep 'dmcrypt\|lvm'
dmcrypt [started]
lvm [started] |
Yes, there is a problem in rc.log.
| Code: | * Shutting down the Logical Volume Manager
* Shutting Down LVs & VGs ...
WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
Logical volume repo/store is used by another device.
* Failed (possibly some LVs still needed for /usr or root)
[ !! ]
* Finished shutting down the Logical Volume Manager
* Stopping lvmetad ...
[ ok ]
* Removing dm-crypt mappings
* store ... |
It says, repo/store is used by another device. But who is using it?)
So lot of warnings here
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3664
|
| Posted: Thu Sep 17, 2015 9:01 am Post subject: Re: Automount of LVM+LUKS partition |
|
|
| umka69 wrote: | Yes, there is a problem in rc.log.
| Code: | * Shutting down the Logical Volume Manager
* Shutting Down LVs & VGs ... |
|
That one seems to be from "Shutting down". What about rc.log from booting? |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Thu Sep 17, 2015 9:10 am Post subject: |
|
|
I am realy sorry. Here it is.
| Code: | rc boot logging started at Thu Sep 17 14:14:35 2015
* Setting system clock using the hardware clock [Local Time] ...
[ ok ]
* Autoloaded 0 module(s)
* Setting up dm-crypt mappings ...
* source "/dev/repo/store" for store missing, skipping...
[ ok ]
* Starting lvmetad ...
[ ok ]
* Setting up the Logical Volume Manager ...
[ ok ]
* Checking local filesystems ...
/dev/md125: clean, 315120/6553600 files, 1331540/26197984 blocks
/dev/md124: clean, 360/25584 files, 39534/102272 blocks
[ ok ]
* Remounting root filesystem read/write ...
[ ok ]
* Remounting filesystems ...
[ ok ]
* Activating swap devices ...
[ ok ]
* Mounting local filesystems ...
mount: special device /dev/mapper/store does not exist
* Some local filesystem failed to mount
[ !! ]
* Mounting misc binary format filesystem ...
[ ok ]
* Loading custom binary format handlers ...
[ ok ]
* Configuring kernel parameters ...
[ ok ]
* Creating user login records ...
[ ok ]
* Wiping /tmp directory ...
[ ok ]
* Setting hostname to home ...
[ ok ]
* Setting terminal encoding [UTF-8] ...
[ ok ]
* Setting keyboard mode [UTF-8] ...
[ ok ]
* Loading key mappings [us] ...
[ ok ]
* Bringing up network interface lo ...
[ ok ]
* Starting mdadm monitor ...
[ ok ]
* Activating additional swap space ...
[ ok ]
* Setting up tmpfiles.d entries ...
[ ok ]
* Initializing random number generator ...
[ ok ]
rc boot logging stopped at Thu Sep 17 11:14:39 2015
|
It seems like dm-crypt starts earlier than LVM. dm-crypt can't find encrypted logical volume because of it.
Am I right? Is there a way to solve it?
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Thu Sep 17, 2015 4:08 pm Post subject: |
|
|
There is a way to change rc-services boot priority. But it is hard.
I prefer to change the arkitect of data storage:
It used to be: RAID -> LVM -> LUKS
It is now: RAID -> LUKS -> LVM
PS: This command will list rc-services on the specified runlevel in order to its priority.
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
quilosaq
Veteran
Joined: 22 Dec 2009
Posts: 1522
|
| Posted: Thu Sep 17, 2015 4:49 pm Post subject: |
|
|
| Code: | | head -n 6 /etc/conf.d/dmcrypt |
I think adding in /etc/conf.d/dmcrypt will work. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21628
|
| Posted: Fri Sep 18, 2015 1:25 am Post subject: |
|
|
| What is the point of using LUKS in this configuration? Encryption is normally used to prevent access by unauthorized persons who obtain physical control of the machine. However, if the volume is mounted automatically at boot, then anyone who steals the hardware can boot it and the volume will mount at boot, giving them the same access they would have without LUKS. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Sun Sep 20, 2015 10:30 am Post subject: |
|
|
| quilosaq wrote: | | Code: | | head -n 6 /etc/conf.d/dmcrypt |
I think adding in /etc/conf.d/dmcrypt will work. |
Thank you, good solution. I have tried it.
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Sun Sep 20, 2015 10:33 am Post subject: |
|
|
| Hu wrote: | | What is the point of using LUKS in this configuration? Encryption is normally used to prevent access by unauthorized persons who obtain physical control of the machine. However, if the volume is mounted automatically at boot, then anyone who steals the hardware can boot it and the volume will mount at boot, giving them the same access they would have without LUKS. |
I'm going to store the key on a usb stick. It'll be safe.
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
|
Installing Gentoo
