| 1 |
On Tue, Mar 8, 2016, at 15:06, Frank Steinmetzger wrote: |
| 2 |
> On Wed, Mar 09, 2016 at 12:02:23AM +0100, Frank Steinmetzger wrote: |
| 3 |
> |
| 4 |
> > > If you would like to get rid of the /run/lvm/lvmetad.socket error just |
| 5 |
> > > start lvm with "service lvm start". I still get the error when starting |
| 6 |
> > > up but it still works. |
| 7 |
> > |
| 8 |
> > I noticed that and quickly found /etc/init.d/lvmetad, but since I'm doing |
| 9 |
> > only the setup on this PC, I don't realler bother. |
| 10 |
> |
| 11 |
> I would actually prefer a simple partition table within the luks |
| 12 |
> container. |
| 13 |
> I have no real need for the flexibility of LVM and it would only embiggen |
| 14 |
> the required initramfs and make the boot process more complex. |
| 15 |
> But folks on IRC told me was not possible. |
| 16 |
> |
| 17 |
> -- |
| 18 |
> Gruß | Greetings | Qapla’ |
| 19 |
> Please do not share anything from, with or about me with any social |
| 20 |
> network. |
| 21 |
> |
| 22 |
> There are things of which I do not even talk to myself. |
| 23 |
|
| 24 |
Frank, I can attest that it is possible to have an encrypted root |
| 25 |
without involving LVM. I have done this on Gentoo and other distros many |
| 26 |
times. In fact, it can be a bit easier to deal with if you don't need |
| 27 |
the LVM flexibility within your dm-crypt container and truly it is one |
| 28 |
less thing to forget about when you are setting up your initrd/grub |
| 29 |
config. |
| 30 |
|
| 31 |
You are doing things in a reasonable order it seems to me. First you |
| 32 |
create the partition table, then you luksFormat the partition which is |
| 33 |
to be encrypted (presumably leaving /boot unencrypted), and then you run |
| 34 |
pvcreate on the encrypted partition (although if you do not wish to use |
| 35 |
lvm, you should just run mkfs on the dm-crypt device in /dev/mapper). |
| 36 |
|
| 37 |
LVM can be nice, though, as it lets you have a multitude of logical |
| 38 |
volumes all within a single encrypted disk partition (otherwise maybe |
| 39 |
you would have everything on one partition and your system would fail if |
| 40 |
/var got full, or you would have several separately encrypted partitions |
| 41 |
which could cause other troubles). |
| 42 |
|
| 43 |
Generally you can ignore those lvmetad messages as they don't |
| 44 |
necessarily stop the command from succeeding. |
| 45 |
|
| 46 |
Could you send us the output of "stat `readlink -f /dev/mapper/lvm`" (or |
| 47 |
in your first example, "stat `readlink -f /dev/mapper/tp`")? I am |
| 48 |
interested to see that the file exists and has the correct attributes |
| 49 |
after you perform your `cryptsetup luksOpen` operation. The files in |
| 50 |
/dev/mapper are symlinks to /dev/dm-* devices, this will resolve the |
| 51 |
symlink and then run stat on the real underlying dm-* device. |
| 52 |
|
| 53 |
Hope this helps, |
| 54 |
Max |
| 55 |
|
| 56 |
-- |
| 57 |
0x7D964D3361142ACF |
Archives