[CentOS] LVM encryption and new volume group

Fri Mar 6 12:29:12 UTC 2015
Tim <lists at kiuni.de>

I will have a look at the anaconda log. Thanks for the first help. I will have to buy a new Ultrabay case.

Am 6. März 2015 07:10:31 MEZ, schrieb Chris Murphy <lists at colorremedies.com>:
>On Thu, Mar 5, 2015 at 10:25 PM, Tim <lists at kiuni.de> wrote:
>> Hi Chris,
>>
>> thanks for your answer.
>>
>> It is the first time I decided to encrypt my lvm. I choosed to
>encrypt the
>> volume group, not every logical volume itself, because in case of
>doing lvm
>> snapshots in that group they will be encrypted too?
>
>Yes, anything that's COW'd is also encrypted in this case.
>
>> And how do I create a new encrypted volume group?
>
>Strictly speaking the VG isn't the target of the encryption, the
>underlying PV is. Also, it's not absolutely necessary to partition the
>drive at all if you have no need for unencrypted space on this new
>drive. Since I use drives on multiple platforms, I always partition so
>that other OS's recognize the drive space is spoken for instead of
>appearing unpartitioned and hence blank. Linux via libblkid always
>looks at disk contents whether partitioned or not so if this is a
>Linux only drive you don't have to partition it.
>
>1. Use cryptsetup to create a LUKS volume on the whole disk or a
>partition thereof. For the exact command, you can cheat by doing 'grep
>cryptsetup /var/log/anaconda/program.log' which will show you the
>command Anaconda used when setting up your first drive. PLEASE make
>sure you don't use that command directly or it'll wipe the LUKS header
>on your current drive. You have to change the /dev/sdX designation to
>point to the new drive or partition.
>
>2 cryptsetup luksOpen /dev/sdX newdrive
>3. pvcreate /dev/mapper/newdrive
>4. vgcreate newvg /dev/mapper/newdrive
>5. lvcreate -L 300G -n morestuff newvg
>6. mkfs.xfs /dev/mapper/newvg-morestuff
>
>Adapt as needed. Don't forget crypttab is used to point to the LUKS
>volume, once it's unlocked the PV is revealed and lvm will activate
>the VG and the LVs on it, and then in your fstab you'll have the UUID
>for the XFS volume and mount this whereever you want it mounted.
>
>
>
>
>-- 
>Chris Murphy
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos