LUKS container op LVM – Tech encounters by Vincent Pieper

Vandaag gaan we een LUKs encrypted container aanmaken, en hiervoor gebruiken we een dedicated LVM partitie.

Maak als eerste een LV (logisch volume) aan, met de gewenste grootte en naam.

Deze LV heet home_luks, wordt 15 GB groot, en komt onder de VG (volume groep) debian:

root@evenstar { ~ }$ lvcreate --size 15G debian --name home_luks
Logical volume "home_luks" created

Maak vervolgens de encrypted container aan:

root@evenstar { ~ }$ cryptsetup luksFormat  /dev/debian/home_luks

root@evenstar { ~ }$ cryptsetup -v luksAddKey /dev/debian/home_luks /root/home_crypt_secret_key

Enter any passphrase:
 Key slot 0 unlocked.
 Command successful.

root@evenstar { ~ }$ cryptsetup luksOpen /dev/debian/home_luks home_luks
 Enter passphrase for /dev/debian/home_luks:

root@evenstar { ~ }$ mkfs.ext4 /dev/mapper/home_luks
 mke2fs 1.42.12 (29-Aug-2014)
 Creating filesystem with 3931648 4k blocks and 983040 inodes
 Filesystem UUID: 0753eecc-e141-4727-ae52-427bf781fc1e
 Superblock backups stored on blocks:
         32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done
 Writing inode tables: done
 Creating journal (32768 blocks): done
 Writing superblocks and filesystem accounting information: done

root@evenstar { ~ }$ mount /dev/mapper/home_luks /home_luks/

root@evenstar { ~ }$ df -hT
 Filesystem                    Type      Size  Used Avail Use% Mounted on
 /dev/dm-1                     ext4      6.8G  4.4G  2.2G  68% /
 udev                          devtmpfs   10M     0   10M   0% /dev
 tmpfs                         tmpfs     1.2G   62M  1.2G   6% /run
 tmpfs                         tmpfs     3.0G     0  3.0G   0% /dev/shm
 tmpfs                         tmpfs     5.0M     0  5.0M   0% /run/lock
 tmpfs                         tmpfs     3.0G     0  3.0G   0% /sys/fs/cgroup
 /dev/mapper/debian-var        ext4       31G  7.7G   22G  27% /var
 /dev/mapper/debian-tmp        ext4      922M  1.2M  857M   1% /tmp
 /dev/mapper/debian-home       ext4      9.8G  5.7G  3.6G  62% /home
 /dev/mapper/storage-storage01 ext4      2.7T  2.6T   97G  97% /storage
 192.168.10.220:/home/vincent  nfs4      7.1G  2.0G  5.1G  29% /storage/opihome
 tmpfs                         tmpfs     598M     0  598M   0% /run/user/0
 /dev/mapper/home_luks         ext4       15G   38M   14G   1% /home_luks

root@evenstar { ~ }$ vi /etc/fstab

/dev/mapper/home_luks /home_luks       ext4    defaults,nofail   0 2

root@evenstar { ~ }$ cat /etc/crypttab

home_luks /dev/debian/home_luks /root/home_crypt_secret_key luks,timeout=60,nofail