From: Scott Castaline <skotchman@gmail.com>
To: dm-crypt <dm-crypt@saout.de>
Subject: Re: [dm-crypt] Need some suggestions on large drives
Date: Sat, 06 Mar 2010 20:27:24 -0500 [thread overview]
Message-ID: <4B9300FC.4090503@gmail.com> (raw)
In-Reply-To: <4B92AC30.5030304@redhat.com>
On 03/06/2010 02:25 PM, Milan Broz wrote:
> On 03/06/2010 06:45 PM, Scott Castaline wrote:
>> First, does anyone know how Fedora 12's installer installs LUKS with
>> LVM2? Do they do LUKS over LVM2 or LVM2 over LUKS?
>
> You can (manually) configure both modes during partitioning,
> the "encrypt whole system" checkbox will create partition, LUKS on it,
> and over it LVM2 with root + swap LV.
>
> Anaconda (Fedora installer) developers decided to use aes-xts-plain
> with 512 bits key (IOW AES256 in XTS mode).
>
Is there a way to change it to another cipher? I'm asking as I might
redo my install or I might just back up all filesystems on the 1st VG
and then manually do the LUKS/LVM2 prep and then restore my system.
>> Finally, as mentioned in the second paragraph, I have /var as seperate
>> LV which is within an encrypted VG. The LV is not additionally
>> encrypted, I had to expand the LV using free space from the 1st VG. I
>> did it through the GUI for LVM2.
>
> Not sure what's GUI - if it is system-config-lvm, it doesn't suport LUKS yet,
> so you must be very careful. (and there were nasty bugs in this GUI, should
> be fixed in recent version though).
>
Too late for the warning, I had already done it. It fails only on boot
right where it starts loading mods and starting services. It goes by
fairly quick so I can't catch what is above the red [FAILED] and it does
not show up in any of the logs that I've been able to find. All I've
been able to see is a reference about /var is busy and already mounted
then under that line is the red [FAILED]. I was thinking that it's
trying to do a fsck, so that's why I'm trying to do it manually.
> But because LUKS have no underlying device size stored in header,
> simply reactivate will reload the proper device size.
> (or use cryptsetup resize command for online change).
>
> ...
>> execute "e2fsck -VCa mapped-device", but I wasn't able to unmount the LV.
> then you maybe need to run it from recovery or LiveCD.
> (online resize LV is not problem, online resize FS on it - depends on configuration,
> ext3 should allow online extension)
>
Everything seems to be ok as if I check sizes and such it comes back
with all the right info, but I'm not sure if it's reporting just the LV
or the filesystem.
> Milan
next prev parent reply other threads:[~2010-03-07 1:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-06 17:45 [dm-crypt] Need some suggestions on large drives Scott Castaline
2010-03-06 19:25 ` Milan Broz
2010-03-07 1:27 ` Scott Castaline [this message]
2010-03-06 20:27 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B9300FC.4090503@gmail.com \
--to=skotchman@gmail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox