Re: creation of encrypted lvm, suggestions please

To: debian-user@lists.debian.org
Subject: Re: creation of encrypted lvm, suggestions please
From: Bob Proulx <bob@proulx.com>
Date: Tue, 5 Oct 2010 23:35:15 -0600
Message-id: <[🔎] 20101006053515.GA15936@hysteria.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] AANLkTinNgpChx9W0za3-+h6xWK0FfBuyPkfNW0qnv8vx@mail.gmail.com>
References: <[🔎] AANLkTinNgpChx9W0za3-+h6xWK0FfBuyPkfNW0qnv8vx@mail.gmail.com>

vishnu vardhan wrote:
> for long time, i want to encrypt partitions on my disk. recently i have
> found an article[@1] with screenshots and actually made some sense to my
> stupid mind. i have successfully, created encrypted lvm using the [@1].

Looks good to me.  The only change I would make in that walk through
is to shorten the LVM's volume group name.  They use DEBLVM in the
referenced guide.  That is fine.  But if the name is too long then
'df' will always wrap.  That is okay too but annoying.  (In the future
upstream is talking about making those columns more dynamically sized
while still trying to maintain backward compatibility.)

But to avoid the wrapping I find that if I use two letter volume group
names and four letters or less with the physical volume name then I
can avoid wrapping.  Example:

  $ df -lh
  Filesystem            Size  Used Avail Use% Mounted on
  /dev/mapper/v1-root    11G  6.5G  3.5G  66% /
  tmpfs                 1.9G     0  1.9G   0% /lib/init/rw
  udev                  1.9G  332K  1.9G   1% /dev
  tmpfs                 1.9G  748K  1.9G   1% /dev/shm
  /dev/md0              456M   32M  400M   8% /boot
  /dev/mapper/v1-var    5.5G  3.5G  1.8G  67% /var
  /dev/mapper/v1-srv     19G  5.1G   13G  30% /srv
  /dev/mapper/v1-lcl     92G  189M   87G   1% /usr/local
  /dev/mapper/v1-home   200G  167G   23G  89% /home

If the volume group is longer then lines will be broken onto two lines
unless the -P option is given.  My personal preference is just to make
sure that I use short names so that the field overflow and subsequent
line breaks are avoided.

[It would be nicer if the volumes were mounted by the names /dev/v1/var
intead of /dev/mapper/v1-var but so it goes.]

> however, i have some issues :
> 
> [1] i will set aside atleast a gb for future, should i create it as a
> primary partition and set as "do not use".

It doesn't really matter if you create a partition for it now or
later.  It is up to you.  You can always create the partition later.

> [2] the swap partition is starting with priority : -1, i assume it is
> correct because the writes are immediately effected in encrypted partitions.
> is there any issue with swap partition starting with -1 priority ?

Priority -1 is normal.  I am assuming that you are seeing this at boot
time?  Such as from dmesg?  That is normal.

  $ dmesg | grep swap
  [   11.158484] Adding 7811064k swap on /dev/mapper/v1-swap. Priority:-1 extents:1 across:7811064k 

> [3] "volume group "volume group name" not found". eventhough i am able to
> access the partitions, at the boot time it is showing the above message. can
> i assume the partition scheme is correct ?

That isn't normal.  Something isn't right.  You should dig deeper on
this problem.

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- creation of encrypted lvm, suggestions please
  - From: vishnu vardhan <vishnuvardhan.linux@gmail.com>

Prev by Date: creation of encrypted lvm, suggestions please
Next by Date: Re: cifs share is not mounted during boot
Previous by thread: creation of encrypted lvm, suggestions please
Next by thread: Re: creation of encrypted lvm, suggestions please
Index(es):
- Date
- Thread