Install with separate /home on RAID+LUKS+LVM doesn't work

[GeBruns]

Hello, I'm GeBruns and this is my first post on this great forum looking for some help.

I tried to install an encrypted Salix on SSD with /home on an encrypted RAID 5 array. Unfortunately, it doesn't work.

Before this attempt I had an encrypted installation on the SSD without separate /home. It worked fine. But I wasn't satisfied to have /home on the SSD. I've set up an encrypted RAID 5 for a /data logical volume and tried to mount it using the crypttab file and an additional mount point in the fstab. But that didn't work. I don't know why. (After that I wanted to link /home to the /data directory.) Then I did another installation re-using the RAID 5 array configured directly as /home during the Salix setup.

After starting the setup I choose the correct keymap and left the setup. Then I opened the LUKS devices I've formerly created:

Code: Select all

# cryptsetup luksOpen /dev/sda2 sda2luks
# cryptsetup luksOpen /dev/md0 md0luks

With lvdisplay I could see that all volumes were there:

Code: Select all

  --- Logical volume ---
  LV Path                /dev/cryptvg2/home
  LV Name                home
  VG Name                cryptvg2
  LV UUID                3ryrVR-Nu3k-fgA0-XgzT-DNJj-zYTo-00Ugie
  LV Write Access        read/write
  LV Creation host, time ln104, 2016-03-12 21:13:06 +0100
  LV Status              NOT available
  LV Size                1.82 TiB
  Current LE             476870
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
   
  --- Logical volume ---
  LV Path                /dev/cryptvg1/root
  LV Name                root
  VG Name                cryptvg1
  LV UUID                0yMo5N-egCi-YjWv-XFSl-Rb7Z-v01P-9GXmEU
  LV Write Access        read/write
  LV Creation host, time salix64, 2016-03-10 10:31:49 +0100
  LV Status              available
  # open                 1
  LV Size                221.00 GiB
  Current LE             56576
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1
   
  --- Logical volume ---
  LV Path                /dev/cryptvg1/swap
  LV Name                swap
  VG Name                cryptvg1
  LV UUID                9d65Io-o8eL-knOU-s9Ns-Glw2-IERm-rmTZaR
  LV Write Access        read/write
  LV Creation host, time salix64, 2016-03-10 10:38:36 +0100
  LV Status              available
  # open                 2
  LV Size                9.00 GiB
  Current LE             2303
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2

I've started setup again and let it install the system files. After installing lilo and when the dialog informed me that the installation was complete I didn't reboot but left to the command line.

I've started

Code: Select all

# /usr/share/mkinitrd/mkinitrd_command_generator.sh -r

and got this result:

Code: Select all

mkinitrd -c -k 3.10.17 -f ext4 -r /dev/cryptvg1/root -m usbhid:hid_generic:uhci-hcd:mbcache:jbd2:ext4 -C /dev/sda2 -L -u -o /boot/initrd.gz

I made a copy of /etc/mkinitrd.conf.sample and saved it as /etc/mkinitrd.conf:

Code: Select all

# mkinitrd.conf
# See "man mkinitrd.conf" for details on the syntax of this file
#
SOURCE_TREE="/boot/initrd-tree"
CLEAR_TREE="1"
OUTPUT_IMAGE="/boot/initrd.gz"
KERNEL_VERSION="$(uname -r)"
KEYMAP="de"
MODULE_LIST="usbhid:hid_generic:uhci-hcd:mbcache:jbd2:ext4"
LUKSDEV="/dev/sda2"
#LUKSKEY="LABEL=TRAVELSTICK:/keys/alienbob.luks"
ROOTDEV="/dev/cryptvg1/root"
ROOTFS="ext4"
RESUMEDEV="/dev/cryptvg1/swap"
RAID="1"
LVM="1"
UDEV="1"
#MODCONF="0"
WAIT="3"

Next I did

Code: Select all

# mkinitrd -F
# lilo

(Up to this point everything was the same as with my first installation when /home was on the SSD, too.)

I checked /etc/crypttab but it was empty. So I added:

Code: Select all

# /etc/crypttab
home	/dev/cryptvg2/home	/etc/home.keyfile

I created a keyfile with the LUKS key and saved it as /etc/home.keyfile. And I added a line in /etc/fstab:

Code: Select all

/dev/cryptvg2/home	/home	ext4	defaults	0	2

Now I did a reboot. The result was a kernel panic.

[GeBruns]

Is there nobody who can tell me about the mistake I made?

Or is there another way to have an encrypted root on one partition and an encrypted /home or /data partition on a separate RAID+LUKS+LVM?

I would appreciate any kind of help.

[gapan]

Sorry, I have no experience with anything like this.

But, have you read these?
http://slackware.uk/slackware/slackware ... ME_LVM.TXT
http://slackware.uk/slackware/slackware ... E_RAID.TXT
http://slackware.uk/slackware/slackware ... _CRYPT.TXT

[GeBruns]

Thank you, gapan. The procedure I've used was based on those Slackware files.

I think it should be possible to do something like that with Salix but I probably made some stupid mistakes.

For the time being I think I may use an encrypted NAS system to store the data and use NFS to connect Salix as client. Making backups should be more convenient that way.

[westms]

That does not quite fit the topic, but may contain information, especially devicenames and pathnames:

• Newsgroup: alt.os.linux.slackware
  Subject: Updated encrypted root partition instructions
  Message-ID: <nnd$05c9bb80$372986ca@cd3e775056364b37>

or without Usenet access:

• https://groups.google.com/forum/#!topic ... uYYC__SOMw

[GeBruns]

Thank you, westms. That's a very useful information.
My mistake was the wrong naming. After some time I'll try that with another box.