标签:RH413
There are two major reasons for allocating fire systems separately: containment and mounting with more restrictive mount options.Containment reduces the impact a file systems has on the rest of the system if it fills up. For example, if a program has an error and creates several large temporary file in /tmp , it should not prevent system logging or keep users from saving files in their home directories.kickstart configuration:
part /home --fstype=ext4 --size=10000 --onpart=vda2 --encrypted --passphrase=PASSPHRARE
pvcreate /dev/sdb1
vgcreate storage /dev/sdb1
Volume group "storage" successfully created
lvcreate -l 100%FREE -n luks-test storage
Tips:
we don’t need to create a file system.
cryptsetup luksFormat /dev/storage/luks-test
WARNING!
This will overwrite data on /dev/storage/luks-test irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Unlock the encrypted volume and assign it a logical name:
cryptsetup luksOpen /dev/storage/luks-test luks
Enter passphrase for /dev/storage/luks-test:
luks is the logical name.
mkfs.ext4 /dev/mapper/luks
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65152 inodes, 260608 blocks
13030 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8144 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
Mount it:
mkdir /mnt/luks
mount /dev/mapper/luks /mnt/luks/
cryptsetup luksClose luks
dd if=/dev/urandom of=/root/luks.passwd bs=4096 count=1
chmod 600 /root/luks.passwd
Add the key file for LUKS using the following command:
cryptsetup luksAddKey /dev/storage/luks-test /root/luks.passwd
Enter any existing passphrase:
unlocked during system root.
name /dev/vdaN /path/to/password/file
such as:
luks /dev/storage/luks-test /root/luks.passwd
1.name: Name device mapper will use for the device
2.the underlying “Locked” device
3.the absolute pathname to the password file used to unlock the device
cryptsetup(8) crypttab(5)
RH413 Unit 3 Create File Systems
标签:RH413
原文地址:http://blog.51cto.com/scantydd/2096416