Creating LUKs encripted device on RHEL7
1. Add device to your system either through VMware or SAN
# ls -l /dev/sdb
2. Partition your drive
# gdisk /dev/sdb
Type ? for help
Type n for new partition
change partition type to LVM
press w to write the partition.
press Y to confirm.
# fdisk -l
3. Now, its time to encript your device.
# cryptsetup --force-password --cipher aes-xts-plain64 luksFormat /dev/sdb1
Confirm by typing YES and it will prompt you for password. Keep/remember this password.
4. Now, open this device
# cryptsetup luksOpen /dev/sdb1 luks-$(cryptsetup luksUUID /dev/sdb1)
# cryptsetup luksUUID /dev/sdb1
5. Now, add device to crypttab
# uuid=$(cryptsetup luksUID /dev/sdb1); echo luks-$uuid UUID=$uuid none >> /etc/crypttab
# cat /etc/crypttab
6. Bring this device under LVM control
# pvcreate /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)
# pvs
7. Create volume group
# vgcreate vg1 /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)
---------------------------------------------------------
if you are extending
# vgextend vg1 /dev/mapper/luks-$(cryptsetup luksUUID /dev/sdb1)
# vgs
# lvs
# lvscan
# df -h /var
# lvextend -l +10G /dev/vg1/lv_var
# lvscan
# df -h /var
# xfs_growfs /dev/vg1/lv_var
# df -h /var # verify the change of the size.
---------------------------------------------------------
8. Create logical volume out off volume group
# lvcreate -L 10G -n lv_www vg1
9. Create filesystem
# lvscan
# mkfs.xfs /dev/mapper/vg1-lv_www
10. Add entry to fstab and mount the device.
Note: If you want to have a shorter password, look on pwquality.conf file to change the length of the pw.
No comments:
Post a Comment