我创建了一个逻辑卷并使用 luks 对其进行了加密。但是在重新启动服务器时。我收到一条错误消息(如下所示),因此我必须输入 root 密码并禁用 /etc/fstab 条目。因此,在使用 LUKS 重新启动期间,LUKS 分区的挂载不会持久。我在 RHEL6 上进行了此设置,想知道我可能遗漏了什么。我希望 LV 在重新启动时挂载。稍后我想用 UUID 而不是设备名称替换它。
重启时出现错误消息:“输入 root 密码进行维护(或键入 Control-D 继续):”
以下是从一开始的步骤:
[root@rhel6 ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
[root@rhel6 ~]# vgcreate vg01 /dev/sdb
Volume group "vg01" successfully created
[root@rhel6 ~]# lvcreate --size 500M -n lvol1 vg01
Logical volume "lvol1" created
[root@rhel6 ~]# lvdisplay
--- Logical volume ---
LV Name /dev/vg01/lvol1
VG Name vg01
LV UUID nX9DDe-ctqG-XCgO-2wcx-ddy4-i91Y-rZ5u91
LV Write Access read/write
LV Status available
# open 0
LV Size 500.00 MiB
Current LE 125
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
[root@rhel6 ~]# cryptsetup luksFormat /dev/vg01/lvol1
WARNING!
========
This will overwrite data on /dev/vg01/lvol1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
[root@rhel6 ~]# mkdir /house
[root@rhel6 ~]# cryptsetup luksOpen /dev/vg01/lvol1 house
Enter passphrase for /dev/vg01/lvol1:
[root@rhel6 ~]# mkfs.ext4 /dev/mapper/house
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
127512 inodes, 509952 blocks
25497 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
63 block groups
8192 blocks per group, 8192 fragments per group
2024 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@rhel6 ~]# mount -t ext4 /dev/mapper/house /house
PS: HERE I have successfully mounted:
[root@rhel6 ~]# ls /house/
lost+found
[root@rhel6 ~]# vim /etc/fstab -> as follow
/dev/mapper/house /house ext4 defaults 1 2
[root@rhel6 ~]# vim /etc/crypttab -> entry as follows
house /dev/vg01/lvol1 password
[root@rhel6 ~]# mount -o remount /house
[root@rhel6 ~]# ls /house/
lost+found
[root@rhel6 ~]# umount /house/
[root@rhel6 ~]# mount -a -> SUCCESSFUL AGAIN
[root@rhel6 ~]# ls /house/
lost+found
如果我遗漏了什么,请告诉我。
提前致谢。
答案1
这是我找到的解决方案,我只是为了让其他人受益而分享它。
仅在 /etc/crypttab 中输入密码对我来说不起作用 - 相反,我创建了一个随机密钥,用于通过以下命令加密密码 - 但是,密钥仍然不安全地存储在 /root/pass.key 下。
dd if=/dev/random of=/root/pass.key bs=32 count=1
cryptsetup luksAddKey /dev/vg01/lvol1 /root/pass.key
然后我使用 vim 编辑 /etc/crypttab 并添加密钥文件的路径。