사용이 가이드볼륨을 암호화했으며 수동으로 열고 마운트할 수 있습니다.
문제는 재부팅 후 발생합니다. 시작 시 시스템은 암호화된 볼륨을 열지 않으며 /dev/mapper에서 해독된 별칭도 사용할 수 없습니다.
다음을 사용하여 계속해서 별칭을 수동으로 만들 수 있습니다.
[root@dhcp100051 ~]# cryptsetup luksOpen /dev/VolGroup/db00 db_fips
Enter passphrase for /dev/VolGroup/db00: [entered]
[root@dhcp100051 ~]# ll /dev/mapper/db_fips
lrwxrwxrwx. 1 root root 7 Jun 2 13:55 /dev/mapper/db_fips -> ../dm-7
[root@dhcp100051 ~]# mkfs -t ext4 /dev/mapper/db_fips
[root@dhcp100051 ~]# mount /dev/mapper/db_fips /db/
[root@dhcp100051 ~]#
이제 암호화된 볼륨을 사용할 수 있지만 발행하면 reboot모든 것이 사라집니다(파일 시스템 mkfs 이후 /db/에 쓴 데이터 포함). 다음 재부팅 시 다시 손실될 때까지 수동으로 모두 다시 만들어야 합니다.
참고로 이는 단순히 요청을 받는 것과는 다른 문제입니다.시작할 때 암호화 비밀번호를 입력하세요.
시스템 재부팅 후 볼륨을 사용할 수 있도록 하려면 어떤 단계를 놓치고 있습니까?
다음은 가상 머신에서 사용한 전체 명령 체인입니다.
[root@dhcp100051 ~]# mkdir /www/db-backup
------------------------------------------------------------------
[root@dhcp100051 ~]# mv /db/* /www/db-backup
------------------------------------------------------------------
[root@dhcp100051 ~]# umount /db/
------------------------------------------------------------------
[root@dhcp100051 ~]# shred -v -n1 /dev/VolGroup/db00
------------------------------------------------------------------
shred: /dev/VolGroup/db00: pass 1/1 (random)...
shred: /dev/VolGroup/db00: pass 1/1 (random)...364MiB/2.0GiB 17%
shred: /dev/VolGroup/db00: pass 1/1 (random)...365MiB/2.0GiB 17%
shred: /dev/VolGroup/db00: pass 1/1 (random)...739MiB/2.0GiB 36%
shred: /dev/VolGroup/db00: pass 1/1 (random)...740MiB/2.0GiB 36%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.0GiB/2.0GiB 53%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.1GiB/2.0GiB 55%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.4GiB/2.0GiB 72%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.5GiB/2.0GiB 75%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.8GiB/2.0GiB 93%
shred: /dev/VolGroup/db00: pass 1/1 (random)...1.9GiB/2.0GiB 95%
shred: /dev/VolGroup/db00: pass 1/1 (random)...2.0GiB/2.0GiB 100%
------------------------------------------------------------------
[root@dhcp100051 ~]# cryptsetup -v --verify-passphrase luksFormat /dev/VolGroup/db00
Running in FIPS mode.
WARNING!
========
This will overwrite data on /dev/VolGroup/db00 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# cryptsetup luksOpen /dev/VolGroup/db00 db_fips
Enter passphrase for /dev/VolGroup/db00:
[root@dhcp100051 ~]# ll /dev/mapper/db_fips
lrwxrwxrwx. 1 root root 7 Jun 2 13:55 /dev/mapper/db_fips -> ../dm-7
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# mkfs -t ext4 /dev/mapper/db_fips
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
131072 inodes, 523776 blocks
26188 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=536870912
16 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 37 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# mount /dev/mapper/db_fips /db/
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# blkid
/dev/sda1: UUID="37e5d6db-4265-4d0d-a10e-951f1bc4beb0" TYPE="ext4"
/dev/sda2: UUID="f0079d24-daa2-472a-a557-384889dceb17" TYPE="swap"
/dev/sda3: UUID="K16Dlj-6QR2-LemJ-iBnJ-z4fa-khuP-jv2BoA" TYPE="LVM2_member"
/dev/mapper/VolGroup-LogVol01: UUID="425e6610-383b-4bb6-a3a3-1a68279a3460" TYPE="ext4"
/dev/mapper/VolGroup-LogVol05: UUID="fb04b576-fc59-409f-9049-c87b1c9c9437" TYPE="ext4"
/dev/mapper/VolGroup-LogVol04: UUID="2f88d451-03ac-4fe4-a21f-5ae2d786882b" TYPE="ext4"
/dev/mapper/VolGroup-LogVol06: UUID="6aaccab0-7e4d-423b-89d4-ef54a36bf520" TYPE="ext4"
/dev/mapper/VolGroup-LogVol03: UUID="6814ecfc-b28e-4f50-823e-7ba7d5380d90" TYPE="ext4"
/dev/mapper/VolGroup-LogVol02: UUID="b40668b5-cc3a-450c-973b-c2b09885c7b7" TYPE="ext4"
/dev/mapper/VolGroup-db00: UUID="a5320f38-2db4-4e71-8deb-c0169266c9fb" TYPE="crypto_LUKS"
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# dd if=/dev/urandom of=/root/keyfile bs=1024 count=4
4+0 records in
4+0 records out
4096 bytes (4.1 kB) copied, 0.0025613 s, 1.6 MB/s
[root@dhcp100051 ~]# chmod 0400 /root/keyfile
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# cryptsetup luksAddKey /dev/VolGroup/db00 /root/keyfile
Enter any passphrase:
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# cryptsetup luksOpen /dev/VolGroup/db00 db_fips --key-file=/root/keyfile
[root@dhcp100051 ~]#
------------------------------------------------------------------
[root@dhcp100051 ~]# vi /etc/crypttab
## INSERT
db_fips UUID=”a5320f38-2db4-4e71-8deb-c0169266c9fb″ /root/keyfile
## SAVE AND CLOSE
[root@dhcp100051 ~]# date >> /db/date.txt
[root@dhcp100051 ~]# shutdown -r now
------------------------------------------------------------------
[REBOOTED]
[root@dhcp100051 ~]# ll /dev/mapper/db_fips
[root@dhcp100051 ~]#
ls: cannot access /dev/mapper/db_fips: No such file or directory
[root@dhcp100051 ~]# ll /db
total 0
[root@dhcp100051 ~]#
답변1
배포판에 따라 파일을 설정해야 합니다./etc/cryptab부팅 시 잠금이 해제될 볼륨을 정의합니다.
초기 램디스크 이미지를 다시 생성해야 할 수도 있습니다. 이 파일은 파일 시스템이 마운트되기 전에 사용할 수 있어야 합니다.