LVM and dm_crypt with MAAS mounting issue
Clash Royale CLAN TAG#URR8PPP up vote
1
down vote
favorite
I'm trying to have MAAS/Curtin encrypt a single drive on deployment and so far I'm hitting some roadblocks when implementing encryption using the dm_crypt module from curtin.
I can have curtin setup the LVM volumes the way I would like but once I add the encryption portion I don't full understand how to mount the encrypted volume(s) after they have been setup. Does that have to be done as an "late command"? I'm not too concerned with having the encryption key in a config file as I handle changing everything after the fact with Ansible.
This is a copy of my existing storage config in /etc/maas/preseed/etc...:
storage:
version: 1
config:
- id: sda
type: disk
ptable: gpt
path: /dev/sda
name: main_disk
preserve: false
wipe: superblock-recursive
grub_device: true
- id: sda1
type: partition
size: 3GB
device: sda
flag: boot
- id: sda5
type: partition
size: 50G
flag: logical
device: sda
- id: volgroup1
name: vg1
type: lvm_volgroup
devices:
- sda5
- id: lvm_crypt_1
type: dm_crypt
dm_name: lvm_crypt
volume: sda5
key: testkeytestkeytestkey12345
- id: sda1_root
type: format
fstype: fat32
volume: sda1
- id: sda1_mount
type: mount
path: /
device: sda1_root
- id: lv1_mount
type: mount
path: /
fstype: "ext4"
device: lvm_crypt_1
maas
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
asked Jun 11 at 18:52
Jonathan Paluch
61
add a comment |Â
up vote
1
down vote
favorite
I'm trying to have MAAS/Curtin encrypt a single drive on deployment and so far I'm hitting some roadblocks when implementing encryption using the dm_crypt module from curtin.
I can have curtin setup the LVM volumes the way I would like but once I add the encryption portion I don't full understand how to mount the encrypted volume(s) after they have been setup. Does that have to be done as an "late command"? I'm not too concerned with having the encryption key in a config file as I handle changing everything after the fact with Ansible.
This is a copy of my existing storage config in /etc/maas/preseed/etc...:
storage:
version: 1
config:
- id: sda
type: disk
ptable: gpt
path: /dev/sda
name: main_disk
preserve: false
wipe: superblock-recursive
grub_device: true
- id: sda1
type: partition
size: 3GB
device: sda
flag: boot
- id: sda5
type: partition
size: 50G
flag: logical
device: sda
- id: volgroup1
name: vg1
type: lvm_volgroup
devices:
- sda5
- id: lvm_crypt_1
type: dm_crypt
dm_name: lvm_crypt
volume: sda5
key: testkeytestkeytestkey12345
- id: sda1_root
type: format
fstype: fat32
volume: sda1
- id: sda1_mount
type: mount
path: /
device: sda1_root
- id: lv1_mount
type: mount
path: /
fstype: "ext4"
device: lvm_crypt_1
maas
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
asked Jun 11 at 18:52
Jonathan Paluch
61
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm trying to have MAAS/Curtin encrypt a single drive on deployment and so far I'm hitting some roadblocks when implementing encryption using the dm_crypt module from curtin.
I can have curtin setup the LVM volumes the way I would like but once I add the encryption portion I don't full understand how to mount the encrypted volume(s) after they have been setup. Does that have to be done as an "late command"? I'm not too concerned with having the encryption key in a config file as I handle changing everything after the fact with Ansible.
This is a copy of my existing storage config in /etc/maas/preseed/etc...:
storage:
version: 1
config:
- id: sda
type: disk
ptable: gpt
path: /dev/sda
name: main_disk
preserve: false
wipe: superblock-recursive
grub_device: true
- id: sda1
type: partition
size: 3GB
device: sda
flag: boot
- id: sda5
type: partition
size: 50G
flag: logical
device: sda
- id: volgroup1
name: vg1
type: lvm_volgroup
devices:
- sda5
- id: lvm_crypt_1
type: dm_crypt
dm_name: lvm_crypt
volume: sda5
key: testkeytestkeytestkey12345
- id: sda1_root
type: format
fstype: fat32
volume: sda1
- id: sda1_mount
type: mount
path: /
device: sda1_root
- id: lv1_mount
type: mount
path: /
fstype: "ext4"
device: lvm_crypt_1
maas
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
asked Jun 11 at 18:52
Jonathan Paluch
61
I'm trying to have MAAS/Curtin encrypt a single drive on deployment and so far I'm hitting some roadblocks when implementing encryption using the dm_crypt module from curtin.
I can have curtin setup the LVM volumes the way I would like but once I add the encryption portion I don't full understand how to mount the encrypted volume(s) after they have been setup. Does that have to be done as an "late command"? I'm not too concerned with having the encryption key in a config file as I handle changing everything after the fact with Ansible.
This is a copy of my existing storage config in /etc/maas/preseed/etc...:
storage:
version: 1
config:
- id: sda
type: disk
ptable: gpt
path: /dev/sda
name: main_disk
preserve: false
wipe: superblock-recursive
grub_device: true
- id: sda1
type: partition
size: 3GB
device: sda
flag: boot
- id: sda5
type: partition
size: 50G
flag: logical
device: sda
- id: volgroup1
name: vg1
type: lvm_volgroup
devices:
- sda5
- id: lvm_crypt_1
type: dm_crypt
dm_name: lvm_crypt
volume: sda5
key: testkeytestkeytestkey12345
- id: sda1_root
type: format
fstype: fat32
volume: sda1
- id: sda1_mount
type: mount
path: /
device: sda1_root
- id: lv1_mount
type: mount
path: /
fstype: "ext4"
device: lvm_crypt_1
maas
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
asked Jun 11 at 18:52
Jonathan Paluch
61
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
edited Jun 12 at 10:10
Stephen Rauch
1,1545716
1,1545716
asked Jun 11 at 18:52
Jonathan Paluch
61
asked Jun 11 at 18:52
Jonathan Paluch
61
asked Jun 11 at 18:52
Jonathan Paluch
61
61
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1045696%2flvm-and-dm-crypt-with-maas-mounting-issue%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password