我有一个 CentOS 6 VM,在其中使用以下 shell 脚本来安装和配置 MongoDB,以将辅助 LUKS (dm-crypt) 加密磁盘用于其数据库文件:
#!/bin/bash -e
# Set up the official mongodb repository
#
sudo cat >/etc/yum.repos.d/mongodb.repo <<EOL
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
gpgcheck=0
enabled=1
EOL
# create a keyfile that will be used for the device encryption
# key should be read-only by root only
sudo dd if=/dev/urandom of=/root/mongo-efs-key bs=1024 count=4
sudo chown root:root /root/mongo-efs-key
sudo chmod 400 /root/mongo-efs-key
# create partition on /dev/xvdc
sudo parted /dev/xvdc mklabel msdos
sudo parted /dev/xvdc mkpart primary 0% 100%
# create encrypted container in new device
sudo cryptsetup luksFormat -d /root/mongo-efs-key --batch-mode /dev/xvdc1
sudo cryptsetup luksOpen -d /root/mongo-efs-key /dev/xvdc1 mongoefs
# format and mount our encrypted volume
sudo mkfs.ext4 /dev/mapper/mongoefs
sudo mkdir -p /var/lib/mongo
sudo mount /dev/mapper/mongoefs /var/lib/mongo
# update the crypttab and fstab files with new partitions
echo "mongoefs /dev/sdb1 /root/mongo-efs-key luks" | sudo tee --append /etc/crypttab > /dev/null
sudo cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak
sudo dracut -f
echo "/dev/mapper/mongoefs /var/lib/mongo ext4 defaults 0 2" | sudo tee -- append /etc/fstab > /dev/null
# Install mongoDB
sudo yum -y install mongodb-org
# set permissions for mongo on our encrypted and mapped device
sudo chown mongod:mongod /var/lib/mongo
该脚本执行了预期的操作,但我遇到了一个问题,如果没有命令提示符询问我 /dev/xvdc1 的密码,我无法重新启动服务器。我不知道在这里要做什么,因为我没有为其指定密码。我的印象是它会按照本指南自动解锁和安装:https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile但事实并非如此。
如何更改配置以便无需密码即可重新启动服务器(安装了加密驱动器)?