[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-fai
Subject:    Example setup-storage config for encrypted mdraid-1 with lvm
From:       Frank_Grötzner <FGroetzner () nicos-ag ! com>
Date:       2014-05-22 14:47:21
Message-ID: 164B589119CA444A91AF53EE9788AA3D6FDB621867 () exchange01 ! win ! nicos ! noc
[Download RAW message or body]

Hi,

here's a (for me) working example of an setup-storage configuration for fai in debian \
wheezy to get an lvm volumegroup on top of a luks encrypted mdraid-1 device:

-------------------------------------------------------

disk_config disk1
primary -       512       -   -
primary -       0-        -   -

disk_config disk2
primary -       512       -   -
primary -       0-        -   -

disk_config raid fstabkey:uuid
raid1 /boot disk1.1,disk2.1 ext4 defaults tuneopts="-c 0 -i 0"
raid1 -     disk1.2,disk2.2 -    -

disk_config cryptsetup
luks:"mykey" - md1 - -

disk_config lvm
vg      system        md1
system-root    /        8192  ext4  rw,errors=remount-ro tuneopts="-c 0 -i 0"
system-tmp     /tmp     2048  ext4  defaults tuneopts="-c 0 -i 0"
system-var     /var     10240 ext4  defaults tuneopts="-c 0 -i 0"
system-var_log /var/log 3072  ext4  defaults tuneopts="-c 0 -i 0"
system-var_tmp /var/tmp 2048  ext4  defaults tuneopts="-c 0 -i 0"
system-home    /home    2048  ext4  defaults tuneopts="-c 0 -i 0"
system-swap    swap     2048  swap  sw

-------------------------------------------------------

Of course you have to add cryptsetup to your packages (for the nfsroot as well as for \
the to-be-installed system) and you need the initrd to be build after cryptsetup has \
been installed. If you use dracut, the version in wheezy has a bug with initializing \
lvm volumes as well as opening luks devices, so you might want to use the \
jessie-version of dracut (and add rd.auto to the kernel paramters).

Best regards,
Frank


[prev in list] [next in list] [prev in thread] [next in thread]