mewn
August 17th, 2008, 04:51 PM
Hi guys,
I have an installation with encrypted hard disk and LVM on top of it.
Working fine.
However I want now to turn my hard-disk into a raid1 one.
The actual system 8.04 LTS :
@spike:~$ uname -a
Linux spike 2.6.24.3-epia6 #1 Thu Aug 14 17:10:04 BST 2008 i686 GNU/Linux
I had to patch the source to get around #8653 ( http://bugzilla.kernel.org/show_bug.cgi?id=8563 ) and to get my grfx card working properly
=> this is not relevant to the problem at hand, just to give a bit of background info.
@spike:~$ cat /etc/crypttab
sda5_crypt /dev/disk/by-uuid/5d1cb1fe-fa9d-40dc-9260-a42d0af8e1d0 none luks
@spike:~$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/sda5_crypt
VG Name spike
PV Size 465.52 GB / not usable 1.33 MB
Allocatable yes (but full)
PE Size (KByte) 4096
Total PE 119173
Free PE 0
Allocated PE 119173
PV UUID 30mxhM-Kd0w-2QL3-Xq8s-0O2w-WVf6-oRzrFZ
@spike:~$ sudo lvdisplay
--- Logical volume ---
LV Name /dev/spike/root
VG Name spike
LV UUID ZK0MQ6-GclH-d35l-QMFa-chNb-rViG-l7MvcU
LV Write Access read/write
LV Status available
# open 1
LV Size 462.75 GB
Current LE 118464
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:1
--- Logical volume ---
LV Name /dev/spike/swap_1
VG Name spike
LV UUID RwaIR2-4EGB-E3Mg-4lbB-kQ8u-r3rT-gACsKQ
LV Write Access read/write
LV Status available
# open 2
LV Size 2.77 GB
Current LE 709
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:2
@spike:~$ df -PH
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/spike-root 493G 47G 422G 10% /
[...]
My new HD is sdb and the same model as sda.
My Action Plan was :
- create md0 with sdb5 in it
- encrypt md0 to md0_crypt
- pvcreate of md0_crypt
- add md0_crypt to my mainVG
- migrate all LV on mainVG to md0_crypt
- remove sda5_crypt from mainVG
- add sda5_crypt to md0
@spike:~$ cat /etc/crypttab
sda5_crypt /dev/disk/by-uuid/5d1cb1fe-fa9d-40dc-9260-a42d0af8e1d0 none luks
md0_crypt /dev/md0 none luks
@spike:~$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/sda5_crypt
VG Name spike
PV Size 465.52 GB / not usable 1.33 MB
Allocatable yes (but full)
PE Size (KByte) 4096
Total PE 119173
Free PE 0
Allocated PE 119173
PV UUID 30mxhM-Kd0w-2QL3-Xq8s-0O2w-WVf6-oRzrFZ
--- Physical volume ---
PV Name /dev/mapper/md0_crypt
VG Name spike
PV Size 465.52 GB
Allocatable NO
PE Size (KByte) 4096
Total PE 119173
Free PE 119173
Allocated PE 0
PV UUID M3Q9TJ-zy1S-ZgAR-RB4J-4NjO-OcUH-hCZHfJ
so I did it up to point 4 and the did a reboot to check that everything is fine.
Well no. It wasn't.
At boot time, I'm asked for the passphrase of sda5_crypt as usual.
But no question for md0_crypt. And after that it just cr*ped on me because one of the pv of the LVM was missing. Did a rescue boot and a reducevg to get myself out.
Now am doing some testing and I found out the following :
no matter what I do, how many lines I have in my crypptab, I am always only asked for the passphrase of my first line ( sda5_crypt )
My questions are :
- If we have many lines in crypttab, are we supposed to get as many prompt for a passphrase as boot time ?
- Any tips on what I missed ?
NB :
- luks is working fine for the first volume and passphrase is asked at boot time
- luks is working fine for the second volume ( I can luksOpen it )
I have an installation with encrypted hard disk and LVM on top of it.
Working fine.
However I want now to turn my hard-disk into a raid1 one.
The actual system 8.04 LTS :
@spike:~$ uname -a
Linux spike 2.6.24.3-epia6 #1 Thu Aug 14 17:10:04 BST 2008 i686 GNU/Linux
I had to patch the source to get around #8653 ( http://bugzilla.kernel.org/show_bug.cgi?id=8563 ) and to get my grfx card working properly
=> this is not relevant to the problem at hand, just to give a bit of background info.
@spike:~$ cat /etc/crypttab
sda5_crypt /dev/disk/by-uuid/5d1cb1fe-fa9d-40dc-9260-a42d0af8e1d0 none luks
@spike:~$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/sda5_crypt
VG Name spike
PV Size 465.52 GB / not usable 1.33 MB
Allocatable yes (but full)
PE Size (KByte) 4096
Total PE 119173
Free PE 0
Allocated PE 119173
PV UUID 30mxhM-Kd0w-2QL3-Xq8s-0O2w-WVf6-oRzrFZ
@spike:~$ sudo lvdisplay
--- Logical volume ---
LV Name /dev/spike/root
VG Name spike
LV UUID ZK0MQ6-GclH-d35l-QMFa-chNb-rViG-l7MvcU
LV Write Access read/write
LV Status available
# open 1
LV Size 462.75 GB
Current LE 118464
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:1
--- Logical volume ---
LV Name /dev/spike/swap_1
VG Name spike
LV UUID RwaIR2-4EGB-E3Mg-4lbB-kQ8u-r3rT-gACsKQ
LV Write Access read/write
LV Status available
# open 2
LV Size 2.77 GB
Current LE 709
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:2
@spike:~$ df -PH
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/spike-root 493G 47G 422G 10% /
[...]
My new HD is sdb and the same model as sda.
My Action Plan was :
- create md0 with sdb5 in it
- encrypt md0 to md0_crypt
- pvcreate of md0_crypt
- add md0_crypt to my mainVG
- migrate all LV on mainVG to md0_crypt
- remove sda5_crypt from mainVG
- add sda5_crypt to md0
@spike:~$ cat /etc/crypttab
sda5_crypt /dev/disk/by-uuid/5d1cb1fe-fa9d-40dc-9260-a42d0af8e1d0 none luks
md0_crypt /dev/md0 none luks
@spike:~$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/mapper/sda5_crypt
VG Name spike
PV Size 465.52 GB / not usable 1.33 MB
Allocatable yes (but full)
PE Size (KByte) 4096
Total PE 119173
Free PE 0
Allocated PE 119173
PV UUID 30mxhM-Kd0w-2QL3-Xq8s-0O2w-WVf6-oRzrFZ
--- Physical volume ---
PV Name /dev/mapper/md0_crypt
VG Name spike
PV Size 465.52 GB
Allocatable NO
PE Size (KByte) 4096
Total PE 119173
Free PE 119173
Allocated PE 0
PV UUID M3Q9TJ-zy1S-ZgAR-RB4J-4NjO-OcUH-hCZHfJ
so I did it up to point 4 and the did a reboot to check that everything is fine.
Well no. It wasn't.
At boot time, I'm asked for the passphrase of sda5_crypt as usual.
But no question for md0_crypt. And after that it just cr*ped on me because one of the pv of the LVM was missing. Did a rescue boot and a reducevg to get myself out.
Now am doing some testing and I found out the following :
no matter what I do, how many lines I have in my crypptab, I am always only asked for the passphrase of my first line ( sda5_crypt )
My questions are :
- If we have many lines in crypttab, are we supposed to get as many prompt for a passphrase as boot time ?
- Any tips on what I missed ?
NB :
- luks is working fine for the first volume and passphrase is asked at boot time
- luks is working fine for the second volume ( I can luksOpen it )