本文只是手记,包含创建和使用加密LVM的步骤,没有删除和修改的步骤。
环境为 CentOS 7 mini
[root@K80-01 ~]# yum install cryptsetup
已加载插件:fastestmirror
Determining fastest mirrors
base | 2.2 kB 00:00:00
epel | 3.3 kB 00:00:00
extras | 1.5 kB 00:00:00
updates | 1.5 kB 00:00:00
(1/7): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/7): epel/7/x86_64/group_gz | 95 kB 00:00:00
(3/7): base/7/x86_64/primary | 2.9 MB 00:00:00
(4/7): extras/7/x86_64/primary | 94 kB 00:00:00
(5/7): epel/7/x86_64/updateinfo | 1.0 MB 00:00:00
(6/7): updates/7/x86_64/primary | 2.5 MB 00:00:00
(7/7): epel/7/x86_64/primary | 3.8 MB 00:00:09
base 10070/10070
epel 13455/13455
extras 413/413
updates 1134/1134
正在解决依赖关系
--> 正在检查事务
---> 软件包 cryptsetup.x86_64.0.2.0.3-6.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
===========================================================================================================================================================================================
Package 架构 版本 源 大小
===========================================================================================================================================================================================
正在安装:
cryptsetup x86_64 2.0.3-6.el7 base 154 k
事务概要
===========================================================================================================================================================================================
安装 1 软件包
总下载量:154 k
安装大小:354 k
Is this ok [y/d/N]: y
Downloading packages:
cryptsetup-2.0.3-6.el7.x86_64.rpm | 154 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : cryptsetup-2.0.3-6.el7.x86_64 1/1
验证中 : cryptsetup-2.0.3-6.el7.x86_64 1/1
已安装:
cryptsetup.x86_64 0:2.0.3-6.el7
完毕!
[root@K80-01 ~]# fdisk -l
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.
磁盘 /dev/sda:68.7 GB, 68719476736 字节,134217728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:gpt
Disk identifier: 58287F59-80ED-4214-9314-15D58DBAB1E2
# Start End Size Type Name
1 2048 411647 200M EFI System EFI System Partition
2 411648 2508799 1G Microsoft basic
3 2508800 134215679 62.8G Linux LVM
磁盘 /dev/sdb:1099.5 GB, 1099511627776 字节,2147483648 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/mapper/centos-root:60.6 GB, 60557361152 字节,118276096 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/mapper/centos-swap:6874 MB, 6874464256 字节,13426688 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
[root@K80-01 ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
[root@K80-01 ~]# vgcreate vg-data /dev/sdb
Volume group "vg-data" successfully created
[root@K80-01 ~]# lvcreate -n lv-data -l 100%FREE vg-data
Logical volume "lv-data" created.
[root@K80-01 ~]# cryptsetup luksFormat /dev/mapper/vg--data-lv--data
WARNING!
========
这将覆盖 /dev/mapper/vg--data-lv--data 上的数据,该动作不可取消。
Are you sure? (Type uppercase yes): YES
输入 /dev/mapper/vg--data-lv--data 的口令:
确认密码:
[root@K80-01 ~]# cryptsetup luksOpen /dev/mapper/vg--data-lv--data data
输入 /dev/mapper/vg--data-lv--data 的口令:
[root@K80-01 ~]#
[root@K80-01 ~]# mkfs.ext4 /dev/mapper/data
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=
OS type: Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
67108864 inodes, 268433920 blocks
13421696 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=2415919104
8192 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Allocating group tables: 完成
正在写入inode表: 完成
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成
[root@K80-01 ~]# mkdir /data
[root@K80-01 ~]# mount /dev/mapper/data /data
[root@K80-01 ~]# df -ah
文件系统 容量 已用 可用 已用% 挂载点
sysfs 0 0 0 - /sys
proc 0 0 0 - /proc
devtmpfs 24G 0 24G 0% /dev
securityfs 0 0 0 - /sys/kernel/security
tmpfs 24G 0 24G 0% /dev/shm
devpts 0 0 0 - /dev/pts
tmpfs 24G 9.1M 24G 1% /run
tmpfs 24G 0 24G 0% /sys/fs/cgroup
cgroup 0 0 0 - /sys/fs/cgroup/systemd
pstore 0 0 0 - /sys/fs/pstore
efivarfs 0 0 0 - /sys/firmware/efi/efivars
cgroup 0 0 0 - /sys/fs/cgroup/pids
cgroup 0 0 0 - /sys/fs/cgroup/cpu,cpuacct
cgroup 0 0 0 - /sys/fs/cgroup/net_cls,net_prio
cgroup 0 0 0 - /sys/fs/cgroup/devices
cgroup 0 0 0 - /sys/fs/cgroup/cpuset
cgroup 0 0 0 - /sys/fs/cgroup/memory
cgroup 0 0 0 - /sys/fs/cgroup/freezer
cgroup 0 0 0 - /sys/fs/cgroup/hugetlb
cgroup 0 0 0 - /sys/fs/cgroup/perf_event
cgroup 0 0 0 - /sys/fs/cgroup/blkio
configfs 0 0 0 - /sys/kernel/config
/dev/mapper/centos-root 57G 7.6G 49G 14% /
selinuxfs 0 0 0 - /sys/fs/selinux
systemd-1 0 0 0 - /proc/sys/fs/binfmt_misc
debugfs 0 0 0 - /sys/kernel/debug
mqueue 0 0 0 - /dev/mqueue
hugetlbfs 0 0 0 - /dev/hugepages
/dev/sda2 1014M 209M 806M 21% /boot
/dev/sda1 200M 12M 189M 6% /boot/efi
sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs
tmpfs 4.8G 0 4.8G 0% /run/user/0
/dev/mapper/data 1008G 77M 957G 1% /data