[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Using anaconda over an existing LUKS-encrypted partition



Hi -
    I've scoured the web to find an answer for this, but haven't found an answer: Is anaconda able to install into LVM logical volumes over a LUKS-encrypted partition?

The Detail:
     - One drive (sda) divided into two partitions /boot (sda1) and the reamainder (sda2) using gparted (formatted in ext4)
     - Ran: `cryptsetup luksFormat /dev/sda2` with customized hash/ cipher (also tried using "aes-xts-plain" cipher w/ key-size of 512 and sha1 hash)
     - Created a LVM2 physical volume and volume group (named vg_primary) encompassing all of sda2
     - Created four logical volumes (lv_root, lv_home, lv_log, and lv_swap), formatted with ext4, except lv_swap -- formatted in mkswap)

The current kickstart script (abridged) contains the following:
     # Identify /boot
     part /boot -- --asprimary
     # Identify the LVM physical volume (on the encrypted device)
     part pv.0 -- --noformat
     # Identify the LVM volume group
     volgroup vg_primary pv.0 --noformat
     # Identify the LVM logical volumes
     logvol / --vgname=vg_primary --name=lv_root --noformat
     logvol /var/log --vgname=vg_primary --name=lv_log --noformat
     logvol /home --vgname=vg_primary --name=lv_home --noformat

     # Pre-script
     %pre
          #!/bin/bash
          #  Cycle LUKS/ LVM to ensure mountings
          # - - - - Unmount
          umount /media/*
          umount /mnt/*
          vgchange --available n --ignorelockingfailure
          cryptsetup luksClose dm-root
          # - - - - Mount
          echo -ne "fakepw" | cryptsetup --key-file=- luksOpen /dev/sda2 dm-root
          dmsetup mknodes
          vgscan --ignorelockingfailure
          vgchange --available y --ignorelockingfailure
     %end

However, the anaconda script fails with:
     "No preexisting partition with the name "mapper/dm-root" was found

Is the kickstart script incorrect, or is installation in this manner feasible? Also  - Is there an option to script the unattended unlock of storage media in anaconda (as opposed to typing it in during the install)

Thanks!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]