Monday, November 30, 2020

RHEL7 - Creating LUKs encripted device on redhat

 Creating LUKs encripted device on RHEL7

1. Add device to your system either through VMware or SAN
# ls -l /dev/sdb

2. Partition your drive
# gdisk /dev/sdb

Type ? for help
Type n for new partition
change partition type to LVM
press w to write the partition.
press Y to confirm.
# fdisk -l

3. Now, its time to encript your device.
# cryptsetup --force-password --cipher aes-xts-plain64 luksFormat /dev/sdb1
Confirm by typing YES and it will prompt you for password. Keep/remember this password.

4. Now, open this device
# cryptsetup luksOpen /dev/sdb1 luks-$(cryptsetup luksUUID /dev/sdb1)
# cryptsetup luksUUID /dev/sdb1

5. Now, add device to crypttab
# uuid=$(cryptsetup luksUID /dev/sdb1); echo luks-$uuid UUID=$uuid none >> /etc/crypttab
# cat /etc/crypttab

6. Bring this device under LVM control
# pvcreate /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)
# pvs

7. Create volume group
# vgcreate vg1 /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)

if you are extending
# vgextend vg1 /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)
# vgs
# lvs
# lvscan
# df -h /var
# lvextend -l +10G /dev/vg1/lv_var
# lvscan
# df -h /var
# xfs_growfs /dev/vg1/lv_var
# df -h /var # verify the change of the size.
8. Create logical volume out off volume group
# lvcreate -L 10G -n lv_www vg1

9. Create filesystem
# lvscan
# mkfs.xfs /dev/mapper/vg1-lv_www

10. Add entry to fstab and mount the device.

Note: If you want to have a shorter password, look on pwquality.conf file to change the length of the pw.

No comments:

Post a Comment