View previous topic :: View next topic |
Author |
Message |
ds2k5 n00b
Joined: 03 Nov 2011 Posts: 2
|
Posted: Thu Nov 03, 2011 5:47 pm Post subject: cryptsetup + initramfs + lvm2: i dont have /dev/myvg/mylv |
|
|
hello,
i installed gentoo from: install-amd64-minimal-20111020.iso.
i use cryptsetup and lvm2.
i boot with bootmedia to encrypt the harddisk.
the system boot from media, encrypt the disk, scan for volume groups an activate it, mount the lv´s from the disk
an come up.
but in the bootet system (on harddisk) i dont have /dev/myvg/rootfs, /dev/myvg/homefs, /dev/myvg/usrfs, /dev/myvg/varfs, /dev/myvg/optfs
if i check with vgdisplay and lvdisplay it looks fine.
but lvdisplay give error on eatch lv: /dev/myvg/lvname open failed: no such file or dir
what i did forgot to do that the /dev/myvg/lvnames are created at boottime (after switch/chroot to harddisk)?
thanks |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22686
|
Posted: Fri Nov 04, 2011 2:08 am Post subject: |
|
|
What is the output of pvscan; vgscan; lvscan; pvs; vgs; lvs? |
|
Back to top |
|
|
ds2k5 n00b
Joined: 03 Nov 2011 Posts: 2
|
Posted: Fri Nov 04, 2011 8:50 am Post subject: |
|
|
pvscan
PV /dev/dm-0 VG myvg lvm2 [10.00 GiB / 664.00 MiB free]
Total: 1 [10.00 GiB] / in use: 1 [10.00 GiB] / in no VG: 0 [0 ]
vgscan
Reading all physical volumes. This may take a while...
Found volume group "myvg" using metadata type lvm2
lvscan
ACTIVE '/dev/myvg/boot' [100.00 MiB] inherit
ACTIVE '/dev/myvg/root' [256.00 MiB] inherit
ACTIVE '/dev/myvg/home' [1.00 GiB] inherit
ACTIVE '/dev/myvg/usr' [5.00 GiB] inherit
ACTIVE '/dev/myvg/var' [1.00 GiB] inherit
ACTIVE '/dev/myvg/SWAP' [2.00 GiB] inherit
pvs
PV VG Fmt Attr PSize PFree
/dev/dm-0 myvg lvm2 a- 10.00g 664.00m
vgs
VG #PV #LV #SN Attr VSize VFree
myvg 1 6 0 wz--n- 10.00g 664.00m
lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
SWAP myvg -wi-ao 2.00g
boot myvg -wi-ao 100.00m
home myvg -wi-ao 1.00g
root myvg -wi-ao 256.00m
usr myvg -wi-ao 5.00g
var myvg -wi-ao 1.00g |
|
Back to top |
|
|
lyallp Veteran
Joined: 15 Jul 2004 Posts: 1599 Location: Adelaide/Australia
|
Posted: Wed Dec 14, 2011 12:10 am Post subject: |
|
|
I also use cryptsetup, a non-encrypted partition for /boot, the remaining partition encrypted with LVM inside.
I ended up writing my own initramfs and heavily customising an init script I found, to get the job done.
You will notice the LVM scan, about 3/4 the way down the init script.
To use this, you will need the following to be installed
init script
Code: | #!/bin/sh
################################################################################
# This script is meant to be run as the "init" script of an initramfs, which
# should be a writable filesystem (tmpfs or ramfs, tmpfs preferred).
#
# DO NOT ATTEMT TO RUN THIS IN AN INITRD (ramdisk) without modification
#
################################################################################
PATH="/bin:/sbin:/usr/bin:/usr/sbin"
# Path to directory to mount $ROOTDEV under in initrd
NEWROOT="/new-root"
# Defaults for root= and lvm= parameters in grub.conf
DEFAULT_LVMDEV="/dev/sda2"
DEFAULT_RTDEV="/dev/vg/root"
# Commands used in this initrd script
# Hardcode busybox to ensure availability of commands when /proc isn't
# mounted or symlinks aren't made yet
BBINSTALL="/bin/busybox --install -s"
CAT="/bin/busybox cat"
CHMOD="/bin/busybox chmod"
MOUNT="/bin/busybox mount"
UMOUNT="/bin/busybox umount"
SHELL="/bin/busybox sh"
MKDIR="/bin/busybox mkdir"
GREP="/bin/busybox grep"
AWK="/bin/busybox awk"
SWITCH="/bin/busybox switch_root"
RESUME="/bin/resume"
LOGGER="/bin/busybox logger -t initramfs"
# mdev (busybox symlinks should be usable when using this)
# This will populate /dev with devices.
MDEV="/bin/mdev"
# Kernel command-line (convenience variable)
KCMD="/proc/cmdline"
# Function for dropping to a shell
shell () {
# $1 = optional reason text for entering shell
$LOGGER "Rescue shell entered ($1)"
echo ' Entering rescue shell.'
echo ''
if [ "$1" = "" ]
then
echo ' Type rootdev root_device to set device to boot.'
echo ' ex: rootdev /dev/sda1'
else
echo "$1"
fi
echo ' Exit shell to continue booting.'
$SHELL
}
# Prints out 'Done.' or drops into a shell, for diagnostics
completed () {
# $1 = return code to test
# $2 = what failed
if [ "$1" != "0" ]
then
echo "Failed. ($2 - RC=$1)"
shell "$2"
else
echo "Done."
fi
}
# Create rootdev function
# Used to populate a file /rootdev, which we pre-fill with default values
# but gives us the opportunity to have the 'rescue shell' update the parameter.
echo '#!/bin/sh' > /bin/rootdev
echo 'echo "$1" > /rootdev' >> /bin/rootdev
echo 'exit $?' >> /bin/rootdev
$CHMOD 0755 /bin/rootdev
RDEV="/bin/rootdev"
# Create lvmdev function
# Used to populate a file /lvmdev, which we pre-fill with default values
# but gives us the opportunity to have the 'rescue shell' update the parameter.
echo '#!/bin/sh' > /bin/lvmdev
echo 'echo "$1" > /lvmdev' >> /bin/lvmdev
echo 'exit $?' >> /bin/lvmdev
$CHMOD 0755 /bin/lvmdev
LDEV="/bin/lvmdev"
$LOGGER "Entering initramfs"
# install all busybox symlinks before doing anything else
# /proc still needs to be mounted before the symlinks will work
# otherwise, every symlink points to /proc/this/exe (or something similar)
echo -n "Creating busybox symlinks..."
$BBINSTALL ; completed "$?" "Busybox symlink install failed."
# Ensure that basic directories exist
echo -n "Creating required directories..."
for dir in /proc /sys /dev
do
[ -d $dir ] || $MKDIR $dir
done
completed "$?" "Failed to create /proc, /sys or /dev"
# Mount /proc, necessary for other mounts
echo -n "Mounting procfs..."
$MOUNT -t proc proc /proc
completed "$?" "Failed to mount procfs"
# Mount /sys, necessary to create the device mapper control device
echo -n "Mounting sysfs..."
$MOUNT -t sysfs sys /sys
completed "$?" "Failed to mount sys"
# Mount tmpfs on /dev and set up /dev/pts
# Run mdev and populate /dev with device nodes
echo "Mounting tmpfs on /dev and running mdev..."
$MOUNT -t tmpfs dev /dev &&
$MKDIR -p /dev/pts &&
$MOUNT -t devpts devpts /dev/pts &&
echo "$MDEV" > /proc/sys/kernel/hotplug &&
$MDEV -s
completed "$?" "Failed to mount tmpfs and setup /dev/pts"
# Drop to shell if "shell" was passed as kernel param
$GREP -q 'shell' /proc/cmdline && shell "Requested Shell on boot command line."
# Get the args to pass to init, minus key=val pairs
INIT_ARGS="$($AWK '{gsub(/[[:graph:]]+=[[:graph:]]+/,""); print}' $KCMD)"
# remove any initramfs commands from INIT_ARGS
INIT_ARGS="$(echo $INIT_ARGS | $AWK '{gsub(/noresume/,""); print}')"
INIT_ARGS="$(echo $INIT_ARGS | $AWK '{gsub(/shell/,""); print}')"
# Init to run after switch_root to real system
INIT="$($AWK '/.*init=/ {sub(/.*init=/,""); sub(/[ ].*/,""); print}' $KCMD)"
INIT="${INIT:-/sbin/init}"
# Get the default root device if it exists on the kernel command-line
RTDEV="$($AWK '/root=/ {sub(/.*root=/,""); sub(/[ ].*/,""); print}' $KCMD)"
if [ "$RTDEV" = "" ]
then
RTDEV="${DEFAULT_RTDEV}"
fi
# Get the default lvm partition if it exists on the kernel command-line
LVMDEV="$($AWK '/lvm=/ {sub(/.*lvm=/,""); sub(/[ ].*/,""); print}' $KCMD)"
if [ "$LVMDEV" = "" ]
then
LVMDEV="${DEFAULT_LVMDEV}"
fi
echo -n "Checking for LVM partition parameter..."
# check if /lvmdev is empty or missing
if [ ! -s /lvmdev ]
then
# Use our little support function to pre-populate /lvmdev
$LDEV "$LVMDEV"
completed "$?" "Failed to make /lvmdev - please create /lvmdev containing the LVM partition, eg /dev/sda2"
fi
echo -n "Checking for Root volume parameter..."
# check if /rootdev is empty or missing
if [ ! -s /rootdev ]
then
# Use our little support function to pre-populate /rootdev
$RDEV "$RTDEV"
completed "$?" "Failed to make /rootdev - please create /rootdev containing the root volume, eg /dev/vg/root"
fi
#
# Give kernel time to finish finding USB devices
#
sleep 2
#
# Enable the Encrypted file system
#
echo "Activating encrypted LVM partition..."
RC=1
while [ "$RC" != "0" ]
do
LVMDEV="$($CAT /lvmdev)"
cryptsetup luksOpen ${LVMDEV} vault
RC="$?"
if [ "$RC" != "0" ]
then
completed "$RC" "Failed to enable decryption on $LVMDEV - use /bin/lvmdev YOUR_ENCRYPTED_LVM_DEVICE to set."
fi
done
echo -n "Activating LVM Volume Groups..."
RC=1
while [ "$RC" != "0" ]
do
lvm vgchange --available y --sysinit vg
RC="$?"
if [ "$RC" != "0" ]
then
completed "$RC" "Failed to activate LVM Volume Groups - please check /lvmdev and try again."
fi
done
if $GREP -qv 'noresume' /proc/cmdline
then
# Resume from hibernation, if possible. If there is no image, boot as normal.
$LOGGER "Attempting resume."
echo -n "Resuming..."
$RESUME 2> /dev/null 1> /dev/null
$LOGGER "Nothing to resume."
echo "Nothing to resume."
else
$LOGGER "noresume requested."
fi
$LOGGER "Booting."
echo "Booting..."
# Mount the root partition
# ensure that the directory we mount to exists
echo "Mounting new root filesystem"
SUCCESS=0
[ -d $NEWROOT ] || $MKDIR $NEWROOT
while [ "${SUCCESS}" != "1" ]
do
ROOTDEV="$($CAT /rootdev)"
if ! $MOUNT -t xfs -o ro "$ROOTDEV" "$NEWROOT"
then
echo ""
echo "Couldn't mount root FS read-only!"
echo "Tell me your root device by doing:"
echo "rootdev YOUR_ROOT_DEVICE"
shell "Couldn't mount root FS read-only!. execute '/rootdev YOUR_ROOT_DEVICE; exit 0'"
set -x
else
SUCCESS=1
fi
done
if [ ! -e "$NEWROOT/$INIT" ]
then
shell "$ROOTDEV successfully mounted but no $INIT found!"
fi
echo -n "Resetting kernel hotplugging..."
echo "" > /proc/sys/kernel/hotplug
completed "$?" "Resetting kernel hotplugging"
echo -n "Unmounting /sys..."
$UMOUNT /sys
completed "$?" "Unmounting /sys"
# Clean out /dev/vg so that it is populated properly by the main system init.
echo -n "Unmounting /dev..."
$UMOUNT /dev/pts &&
rm -f /dev/vg/* &&
rmdir /dev/vg &&
$UMOUNT /dev
completed "$?" "Unmounting /dev"
echo -n "Unmounting /proc..."
$UMOUNT /proc
completed "$?" "Unmounting /proc"
$LOGGER "Completed pre-boot."
# Change to the new root partition and execute /sbin/init
echo "Executing switch_root and spawning init"
if ! exec $SWITCH "$NEWROOT" "$INIT" $INIT_ARGS
then
echo ""
echo "Couldn't switch_root ($SWITCH $NEWROOT $INIT $INIT_ARGS)"
$MOUNT -t proc proc /proc
exec $SHELL
fi
|
README
Code: | Critical that init contains #!/bin/sh as the first line, or it won't run.
Problems during boot (you are in the rescue shell(s))
=====================================================
The following 2 files must exist.
/lvmdev - this should contain the partition in which LVM is configured
eg. /dev/sda2
/rootdev - this should contain the volume group on which the root filesystem is.
eg. /dev/vg/root
2 convenience functions will be available as /bin/lvmdev and /bin/rootdev, which take
a single parameter and populate the corresponding file with that value. You could simply
do an "echo /dev/vg/root > /lvmdev" if you wanted to.
To chroot into this initramfs to test
=====================================
****************************************
DO NOT RUN "busybox --install -s" unless you are IN A CHROOT PRISON.
YOU WILL DESTROY YOUR SYSTEM.
****************************************
mount -t proc none /tmp/initramfs/proc
mount -o bind /dev /tmp/initramfs/dev
chroot /tmp/initramfs /bin/sh
Don't forget to umount them after exiting the chroot prison
umount /tmp/initramfs/proc
umount /tmp/initramfs/dev
The script expects two kernel parameters in the grub.conf entry.
lvm=/dev/partition root=/dev/vg/partition
LVM Parameters
==============
lvm=/dev/sda3
The partition in which LVM is configured.
In this example, /dev/sda3 is configured as an Encrypted partition, using
# cryptsetup luksOpen /dev/sda3 vault
which will prompt for a password.
This will decrypt the partition such that LVM can find it using
# vgchange -ay vg
Kernel Parameters
=================
root=/dev/vg/root
The parition which contains the root filesystem.
In this case, it's a LVM filesystem, which is living on an encrypted parition.
Disabling Resume (in case of broken resume functionality)
=========================================================
noresume
This prevents the use of the 'resume' capability.
Refresh the files in this archive if the following packages have updates
* sys-fs/cryptsetup
* sys-fs/lvm2
* sys-apps/busybox
Use the script "UpdateFilesInArchive.sh"
This will copy files into the initramfs directory and recreate the initramfs.
Re-creating the initramfs without updating file versions.
=========================================================
# cd /boot/initramfs
# find . | cpio --quiet -o -H newc | gzip -9 > /boot/initramfs_gentoo_crypt_cpio.gz
|
Build/update the initramfs script
Code: | #!/bin/bash
if [ "${PWD}" != "/boot/initramfs" ]
then
echo "No way will I run this outside of /boot/initramfs."
exit 1
fi
cp /bin/busybox /sbin/cryptsetup /sbin/mdadm /usr/lib64/suspend/resume /boot/initramfs/bin || exit 1
cp /sbin/lvm.static /boot/initramfs/bin/lvm || exit 1
cp /etc/suspend.conf /boot/initramfs/etc/suspend.conf || exit 1
echo "/boot/initramfs updated with files from home system."
cd /boot/initramfs || exit 1
find . | cpio --quiet -o -H newc | gzip -9 > /boot/initramfs_gentoo_crypt_cpio.gz || exit 1
echo "/boot/initramfs_gentoo_crypt_cpio.gz has been updated."
|
Sample Grub entry
Code: | efault 0
timeout 10
#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
# 3.0.6 kernel
# Tested with hi res console
# Tested with kernel power regression workaround
# http://www.phoronix.com/scan.php?page=article&item=linux_2638_aspm&num=2
title Gentoo Linux 3.0.6 1920x1080-32@75
root (hd0,0)
kernel /boot/vmlinuz-3.0.6-gentoo root=/dev/vg/root lvm=/dev/sda2 video=uvesafb:1920x1080-32@75,mtrr:3,ywrap fbcon=scrollback:64K pcie_aspm=force
initrd /boot/initramfs_gentoo_crypt_cpio.gz
|
_________________ ...Lyall |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Wed Dec 14, 2011 10:29 am Post subject: |
|
|
yikes. that init is huge
I have a tiny one with things hard-coded
Code: |
#!/bin/busybox sh
rescue_shell() {
echo "Something went wrong. Dropping you to a shell."
busybox --install -s
exec /bin/sh
}
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
cryptsetup -T 5 luksOpen /dev/sda2 root
#you could put your LVM stuff here, before the mounting of root
mount -o ro /dev/mapper/root /mnt/root || rescue_shell
umount /proc
umount /sys
umount /dev
exec switch_root /mnt/root /sbin/init
|
_________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
lyallp Veteran
Joined: 15 Jul 2004 Posts: 1599 Location: Adelaide/Australia
|
Posted: Fri Dec 16, 2011 11:14 pm Post subject: |
|
|
It is huge, but it supports LVM, including root on LVM, suspend/resume and allows for screwups in kernel parameters (which got used during development).
It also has error checking _________________ ...Lyall |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|