Hi, (Sorry, Thunderbird crashed while writing the previous message and seems to have sent it while closing...) I successfully installed servers with kickstart using the following: ``` clearpart --all --initlabel ignoredisk --only-use=sda part /boot --asprimary --ondisk=sda --label=BOOT --fstype="ext4" --size=256 part /boot/efi --asprimary --ondisk=sda --label=EFI --fstype="efi" --size=256 --fsoptions=umask=0077,shortname=winnt part pv.01 --ondisk=sda --fstype="lvmpv" --grow --encrypted --luks-version=luks2 --cipher=aes-xts-plain64 --passphrase=mysecret volgroup system --pesize=4096 pv.01 logvol swap --vgname=system --name=swap --label="SWAP" --fstype="swap" --recommended --fsoptions=swap logvol / --vgname=system --name=root --label="ROOT" --fstype="xfs" --percent=50 logvol /backup --vgname=system --name=backup --label="BACKUP" --fstype="xfs" --percent=50 ``` I didn't know about the `reqpart` option (which seems to cause trouble here as the installation fails while creating `/boot/efi`). Nevertheless, I was also wondering whether this scheme could be "optimized": * only create a `/boot` partition (no `/boot/efi`) that will contain both boot and EFI files (hence formatted with `fstype="efi"`) * do not use LVM to hold the encrypted partitions, but create a simple encrypted partition, mount it to `/dev/mapper` and create partitions (for `/`, swap, etc.) inside it. The latter doesn't seem to be possible with pure-kickstart commands but using `%pre` commands[1]. Has anyone successfully experienced one or both of the options? Thanks in advance. [1] https://dark.ca/2009/08/03/complex-partitioning-in-kickstart/ On 2020-08-27 18:19, isdtor wrote: > Has anyone managed to create an encrypted disk partition with CentOS 8 kickstart? > > 1 reqpart --add-boot > 2 part /boot --fstype ext3 --size=1024 --ondrive=sda > 3 part pv.1 --size=1 --grow --ondrive=sda --encrypted --pashphrase="bla" > 4 volgroup vol0 pv.100000 > 5 logvol / --vgname=vg_00 --name=lv_root --size=102400 --fstype=ext4 > ... > > No matter what I specify in line 3, the installer bombs out. The only way to successful kickstart is to not encrypt the lvm pv. The contents of the passphrase are not to blame, installer still dies after accepting a passphrase from the console. > > 15:57:45,280 DBG kickstart: Looking for platform-specific boot requirements. > 15:57:45,281 DBG kickstart: Applying requirements: > PartSpec instance (0x7fbd40f44320) -- > mountpoint = /boot/efi lv = False thin = False btrfs = False > ... > PartSpec instance (0x7fbd4048b4e0) -- > mountpoint = /boot lv = False thin = False btrfs = False > ... > 15:57:45,283 DBG bootloader: stage1 device cannot be of type disk > 15:57:45,334 DBG exception: running handleException > 15:57:45,334 CRT exception: Traceback (most recent call last): > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > -- Guillaume-Jean Herbiet, PhD System engineer Fondation Restena / DNS-LU 2, avenue de l'Université L-4365 Esch-sur-Alzette tel.: +352.424409 fax.: +352.422473 https://www.restena.lu https://www.dns.lu Public key ID: 0x3A4C47C7 """ Email is an asynchronous, store-and-forward system. Hence, there is no such thing as an urgent mail. For immediate response, please contact me otherwise. """ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20200828/b93646e5/attachment-0005.sig>