Upgraded a RAID. Copied everything from backup.
And then my manager said I had to encrypt the drive.
I've done that, and made the filesystem, but I can't mount it.
CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab.
Clues for the poor? Yes, the server will, at some point in the future, go to CentOS 7, but that needs my user to be off for a while, and his jobs run literally for weeks, with loads upwords of 30 on an HBS (honkin' big server)....
mark
Am 20.06.2017 um 16:53 schrieb m.roth@5-cent.us:
Upgraded a RAID. Copied everything from backup.
And then my manager said I had to encrypt the drive.
I've done that, and made the filesystem, but I can't mount it.
CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab.
Clues for the poor? Yes, the server will, at some point in the future, go to CentOS 7, but that needs my user to be off for a while, and his jobs run literally for weeks, with loads upwords of 30 on an HBS (honkin' big server)....
MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup luksUUID ${MAPDEVICE}) MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID ${MAPDEVICE}) /mnt
-- LF
Leon Fauster wrote:
Am 20.06.2017 um 16:53 schrieb m.roth@5-cent.us:
Upgraded a RAID. Copied everything from backup.
And then my manager said I had to encrypt the drive.
I've done that, and made the filesystem, but I can't mount it.
CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab.
Clues for the poor? Yes, the server will, at some point in the future, go to CentOS 7, but that needs my user to be off for a while, and his jobs run literally for weeks, with loads upwords of 30 on an HBS (honkin' big server)....
MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup luksUUID ${MAPDEVICE})
Something's not right. I did cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb)) --key-file /etc/crypt.pw
It did want the password, so I added --key-file, but it seems to have created /dev/mapper/luks, not the full luksUUID that's in both crypttab and fstab.
mark
MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID ${MAPDEVICE}) /mnt
-- LF
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Am 20.06.2017 um 17:12 schrieb m.roth@5-cent.us:
Leon Fauster wrote:
Am 20.06.2017 um 16:53 schrieb m.roth@5-cent.us:
Upgraded a RAID. Copied everything from backup.
And then my manager said I had to encrypt the drive.
I've done that, and made the filesystem, but I can't mount it.
CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab.
Clues for the poor? Yes, the server will, at some point in the future, go to CentOS 7, but that needs my user to be off for a while, and his jobs run literally for weeks, with loads upwords of 30 on an HBS (honkin' big server)....
MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup luksUUID ${MAPDEVICE})
Something's not right. I did cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb)) --key-file /etc/crypt.pw
It did want the password, so I added --key-file, but it seems to have created /dev/mapper/luks, not the full luksUUID that's in both crypttab and fstab.
unmap: cryptsetup luksClose /dev/mapper/luks
and then try again with following correction
NOT ...UUID $(/dev/sdb) ...UUID /dev/sdb
-- LF
Leon,
Leon Fauster wrote:
Am 20.06.2017 um 17:12 schrieb m.roth@5-cent.us: Leon Fauster wrote:
Am 20.06.2017 um 16:53 schrieb m.roth@5-cent.us:
<snip>
I've done that, and made the filesystem, but I can't mount it.
CentOS 6. I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the luks UUID in /etc/fstab. I cannot find the command that tells it to create the device in /dev/mapper from the info in /etc/crypttab.
<snip>>>>
MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup luksUUID ${MAPDEVICE})
Something's not right. I did cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb)) --key-file /etc/crypt.pw
It did want the password, so I added --key-file, but it seems to have created /dev/mapper/luks, not the full luksUUID that's in both crypttab and fstab.
unmap: cryptsetup luksClose /dev/mapper/luks
and then try again with following correction
NOT ...UUID $(/dev/sdb) ...UUID /dev/sdb
Thank you *very* much for the help, and such fast responses. Googling hadn't been helpful....
I'm good now (and will be documenting it for my manager and the other admin).
mark
-
Leon Fauster -
m.roth@5-cent.us