LVM Verschlüsselung
Zur Navigation springen
Zur Suche springen
Install
- apt-get install lvm2
Szenario
- fdisk -l /dev/sdb
Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 33556479 33554432 16G 83 Linux /dev/sdb2 33556480 67108863 33552384 16G 83 Linux
LUKS-Medium erstellen
- cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdb1
WARNING! ======== This will overwrite data on /dev/sdb1 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sdb1: Verify passphrase:
LUKS-Medium öffnen mit dem Namen crypt-part1
- cryptsetup luksOpen /dev/sdb1 crypt-part1
Enter passphrase for /dev/sdb1:
Device vorbereiten für LVM
- pvcreate /dev/mapper/crypt-part1
Erstellen der Volumegruppe
- vgcreate vgdata /dev/mapper/crypt-part1
Erstellen der Logical Volumes data und media
- lvcreate -L 7G -n data vgdata
Logical volume "data" created.
- lvcreate -L 7G -n media vgdata
Logical volume "media" created.
Formatieren
- mkfs.ext4 /dev/mapper/vgdata-data
- mkfs.ext4 /dev/mapper/vgdata-media
Mountpoints erstellen
- mkdir /mnt/media
- mkdir /mnt/data
Ermitteln der UUID
- blkid /dev/sdb1
/dev/sdb1: UUID="ed724c90-84e3-4236-8417-4fd34c760bdb" TYPE="crypto_LUKS" PARTUUID="068d5994-01"
/etc/crypttab
crypt-part1 UUID=ed724c90-84e3-4236-8417-4fd34c760bdb none luks
Systemstart
So soll es aussehen
- df -h | grep mapper
/dev/mapper/vgdata-data 6.9G 32M 6.5G 1% /mnt/data /dev/mapper/vgdata-media 6.9G 32M 6.5G 1% /mnt/media