Re: [dm-crypt] gpt over luks - entire data disk encryption

[Milan Broz <gmazyland@gmail.com>]

On 07/19/2012 10:24 AM, Milan Broz wrote:
> On 07/18/2012 11:46 PM, Two Spirit wrote:
> /dev/mapper/raid51p1 is created by kpartx (or some internal code somewhere) and it should _not_ be there,
> MD can handle partitions in kernel since 2.6.38 kernel.
> 
> I see that problem on Fedora 17 as well. I will back to this later, not a LUKS problem but IMHO it is bug.
> 
> I guess you can "dmsetup remove raid51p1" to get rid of this before shutdown, but it is wrong.
> For me, it even doesn't set DM-UUID (someone wrongly copied code from kpartx seems :-)

and it is parted & partprobe...

If you move parted out of the way (I uninstalled parted just for test), the correct activation chain is:
- mdadm -A /dev/md0 [devs...] (or autoactivation)
- cryptsetup luksOpen /dev/md0 md0_crypt  (open LUKS over whole device)
- kpartx -a /dev/mapper/md0_crypt (to create partitions mapping)
(- mount fs etc)

now you should see something like

# lsblk /dev/md0
NAME                  MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
md0                     9:0    0 446.7G  0 raid5 
└─md0_crypt (dm-0)    253:0    0 446.7G  0 crypt 
  └─md0_crypt1 (dm-1) 253:1    0  33.4G  0 part  

Deactivation is reverse
(-umount fs)
- kpartx -d /dev/mapper/md0_crypt (delete part mapping)
- cryptsetup luksClose md0_crypt
- mdadm --stop /dev/md0

Parted create kpartx devices wrongly seems, so kpartx -d doesn't work for them...

IMHO it is better for you to use LVM here, it will get you more flexibility here.
(Create PV over LUKS mapping and just create LVs according to needs, no part table at all.)

Milan