Nethence Newdoc Olddoc Lab Your IP BBDock  

Setting up an encryption layer on a filesystem

On CentOS/RHEL, install the required packages for LUKS encryption,

yum install cryptsetup device-mapper util-linux

It is easier to maintain grows, shrinks and possibly PV migrations on the LVM layer, (vgextend & lvresize instead of pvresize) so I am nesting LUKS inside LVM, not the contrary (as LUKS could also behave as an LVM physical volume owner). Initialize the LUKS volume on top of an LVM container,

pvcreate /dev/sdb
vgcreate datavg /dev/sdb
lvcreate -n datalv -l 100%FREE datavg
cryptsetup --verify-passphrase luksFormat /dev/mapper/datavg-datalv
ENTER NEW PASSPHRASE (twice)
cryptsetup luksOpen /dev/mapper/datavg-datalv secretcontain
ENTER DEFINED PASSPHRASE
mkfs.xfs /dev/mapper/secretcontain
mkdir /data/
touch /data/NOT_MOUNTED
mount /dev/mapper/secretcontain /data/

check,

df -Ph /data

and don’t forget to edit /etc/fstab.


Home | GitHub | Donate | Contact