Difference between revisions of "Category:HOWTO"

From Funtoo Linux
Jump to: navigation, search
(Created page with "You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.")
 
Line 1: Line 1:
 
You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.
 
You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.
 +
= Encrypted ROOTFS on LVM =
 +
This howto describes  how to setup LVM and rootfs with cryptoLUKS-encrypted drive
 +
 +
== Prepape the hard drive and make partitions ==
 +
This is an example partition scheme, you may want to choose defferent.
 +
/dev/sda1 used as /boot /dev/sda2 will be encrypted drive with LVM
 +
 +
<pre>/dev/sda1
 +
/dev/sda2
 +
dd if=/dev/zero of=/dev/sda2 bs=100M
 +
dd if=/dev/urandom of=/dev/sda2 bs=100M</pre>
 +
dd part is optional, only for security reason, with /dev/urandom it takes around 6 hours to complete for 200GB drive.
 +
 +
 +
== Encrypting the drive ==
 +
<pre>cryptsetup -c aes-xts-plain luksFormat /dev/sda2
 +
cryptsetup luksOpen /dev/sda2 dmcrypt_root</pre>
 +
 +
there you'll be promted to enter your password phrase for encrypted drive, type your paranoid password there
 +
 +
== Create logical volumes ==
 +
<pre>pvcreate /dev/mapper/dmcrypt_root
 +
vgcreate vg /dev/mapper/dmcrypt_root
 +
lvcreate -L10G -nroot vg          
 +
lvcreate -L2G -nswap vg
 +
lvcreate -L5G -nportage vg
 +
lvcreate -l 100%FREE -nhome vg</pre>
 +
 +
Feel free to specify your desired size
 +
 +
== Create a filesystem on volumes ==
 +
<pre>mkfs.ext2 /dev/sda1
 +
mkswap /dev/mapper/vg-swap
 +
mkfs.ext4 /dev/mapper/vg-root
 +
mkreiserfs /dev/mapper/vg-portage
 +
mkfs.xfs /dev/mapper/vg-home</pre>
 +
 +
== Basic system setup ==
 +
<pre>mkfs.ext2 /dev/sda1
 +
mkswap /dev/mapper/vg-swap
 +
mkfs.ext4 /dev/mapper/vg-root
 +
mkreiserfs /dev/mapper/vg-portage
 +
mkfs.xfs /dev/mapper/vg-home
 +
swapon /dev/mapper/vg-swap
 +
mount /dev/maper/vg-root /mnt/gentoo
 +
mount /dev/sda1 /mnt/gentoo/boot</pre>
 +
Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]
 +
don't forget to emerge next packages:
 +
 +
<pre># emerge cryptsetup lvm2 grub foo-sources</pre>
 +
 +
Re-emerge busybox with "static" USE flag
 +
 +
 +
== Kernel options ==
 +
Important, do not miss this part.
 +
Under General setup --->
 +
<pre>[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support</pre>
 +
 +
Under Device Drivers --->
 +
<pre>[*] Multiple devices driver support 
 +
<*>Device Mapper Support
 +
<*> Crypt target support</pre>
 +
 +
 +
Under Cryptographic API --->
 +
<pre>-*-AES cipher algorithms
 +
 +
<*> XTS supprot (EXPERIMENTAL)</pre>
 +
 +
 +
== Initramfs setup and configuration ==
 +
Piotr Karbowski initramfs project used for making initrd
 +
[http://github.com/slashbeast/better-initramfs]
 +
<pre>git clone git://github.com/slashbeast/better-initramfs.git
 +
oleg@orion ~ % cd better-initramfs 
 +
oleg@orion better-initramfs % make
 +
>>> initramfs.cpio.gz is ready</pre>
 +
 +
Copy resulting initramfs.cpio.gz to /boot
 +
 +
== Grub2 configuration ==
 +
An example of /etc/boot/conf, which reflects partition setup
 +
<pre>
 +
boot {
 +
  generate grub
 +
  default "Funtoo Linux"
 +
  timeout 3
 +
}
 +
"Funtoo Linux" {
 +
  kernel bzImage[-v]
 +
  initrd /initramfs.cpio.gz
 +
  params += dmcrypt_root=true enc_root=/dev/sda2 lvm=true root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
 +
}</pre>
 +
 +
/etc/fstab
 +
<pre>
 +
# <fs>  <mountpoint>  <type>  <opts>  <dump/pass>
 +
/dev/sda1  /boot  ext2  noauto,noatime  1 2
 +
/dev/mapper/vg-swap  none  swap  sw  0 0
 +
/dev/mapper/vg-root  /  ext4  noatime,nodiratime,defaults  0 1
 +
/dev/sr0  /mnt/cdrom  auto  noauto,ro  0 0
 +
/dev/mapper/vg-portage  /usr/portage  reiserfs  noatime,nodiratime  0 0
 +
/dev/mapper/vg-home  /home  xfs  noatime,nodiratime,osyncisdsync 0 0</pre>
 +
 +
== Final steps ==
 +
Umount everything, close encrypted drive and reboot
 +
<pre>umount /mnt/gentoo/proc (/dev, /home,/usr/portage, /boot)
 +
cryptsetup luksClose /dev/sda2 dmcrypt_root</pre>
 +
After reboot you will get the following:
 +
<pre>>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
 +
>>> Create all the symlinks to /bin/busybox.
 +
>>> Initiating /dev/dir
 +
>>> Getting LVM volumes up (if any)
 +
Reding all physical volumes. This make take awhile...
 +
No volume group found
 +
No volume group found
 +
>>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
 +
Enter passphrase fore /dev/sda2:</pre>
 +
Type you password
 +
 +
<pre>>>> Again, getting LVM volumes up (if any, after map dmcrypt).
 +
  Reading all physical volumes.  This may take a while...
 +
  Found volume group "vg" using metadata type lvm2
 +
  4 logical volume(s) in volume group "vg" now active
 +
>>> Mounting rootfs to /newroot
 +
>>> Umounting /sys and /proc.
 +
>>> Switching root to /newroot and executing /sbin/init.
 +
INIT: version 2.88 booting
 +
Loading /libexec/rc/console/keymap
 +
  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
 +
...boot messages omitted for clarity
 +
   
 +
orion login: oleg
 +
Password:
 +
Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
 +
oleg@orion ~ %</pre>
 +
== Additional links ==
 +
[http://en.gentoo-wiki.com/wiki/Root_filesystem_over_LVM2,_DM-Crypt_and_RAID]
 +
[http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt]
 +
 +
 +
 +
 +
 +
 +
 +
[[Category:HOWTO]]

Revision as of 13:56, 7 November 2010

You can do many things with Funtoo Linux. This is just a sample of how to do some tasks.

Contents

Encrypted ROOTFS on LVM

This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted drive

Prepape the hard drive and make partitions

This is an example partition scheme, you may want to choose defferent. /dev/sda1 used as /boot /dev/sda2 will be encrypted drive with LVM 

/dev/sda1 
/dev/sda2
dd if=/dev/zero of=/dev/sda2 bs=100M 
dd if=/dev/urandom of=/dev/sda2 bs=100M

dd part is optional, only for security reason, with /dev/urandom it takes around 6 hours to complete for 200GB drive.


Encrypting the drive 

cryptsetup -c aes-xts-plain luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 dmcrypt_root

there you'll be promted to enter your password phrase for encrypted drive, type your paranoid password there

Create logical volumes 

pvcreate /dev/mapper/dmcrypt_root
vgcreate vg /dev/mapper/dmcrypt_root
lvcreate -L10G -nroot vg           
lvcreate -L2G -nswap vg
lvcreate -L5G -nportage vg
lvcreate -l 100%FREE -nhome vg

Feel free to specify your desired size

Create a filesystem on volumes 

mkfs.ext2 /dev/sda1
mkswap /dev/mapper/vg-swap
mkfs.ext4 /dev/mapper/vg-root
mkreiserfs /dev/mapper/vg-portage
mkfs.xfs /dev/mapper/vg-home

Basic system setup 

mkfs.ext2 /dev/sda1
mkswap /dev/mapper/vg-swap
mkfs.ext4 /dev/mapper/vg-root
mkreiserfs /dev/mapper/vg-portage
mkfs.xfs /dev/mapper/vg-home
swapon /dev/mapper/vg-swap
mount /dev/maper/vg-root /mnt/gentoo
mount /dev/sda1 /mnt/gentoo/boot

Now perform all the steps required for basic system install, please follow [1] don't forget to emerge next packages: 

# emerge cryptsetup lvm2 grub foo-sources

Re-emerge busybox with "static" USE flag


Kernel options

Important, do not miss this part. Under General setup ---> 

[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support

Under Device Drivers ---> 

[*] Multiple devices driver support  
<*>Device Mapper Support
<*> Crypt target support


Under Cryptographic API ---> 

-*-AES cipher algorithms

<*> XTS supprot (EXPERIMENTAL)


Initramfs setup and configuration

Piotr Karbowski initramfs project used for making initrd [2] 

git clone git://github.com/slashbeast/better-initramfs.git
oleg@orion ~ % cd better-initramfs 
oleg@orion better-initramfs % make
>>> initramfs.cpio.gz is ready

Copy resulting initramfs.cpio.gz to /boot

Grub2 configuration

An example of /etc/boot/conf, which reflects partition setup 

boot {
  generate grub
  default "Funtoo Linux"
  timeout 3
}
"Funtoo Linux" {
  kernel bzImage[-v]
  initrd /initramfs.cpio.gz
  params += dmcrypt_root=true enc_root=/dev/sda2 lvm=true root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
}

/etc/fstab 

# <fs>  <mountpoint>  <type>  <opts>  <dump/pass>
/dev/sda1  /boot  ext2  noauto,noatime  1 2
/dev/mapper/vg-swap  none  swap  sw  0 0
/dev/mapper/vg-root  /  ext4  noatime,nodiratime,defaults  0 1
/dev/sr0  /mnt/cdrom  auto  noauto,ro  0 0
/dev/mapper/vg-portage  /usr/portage  reiserfs  noatime,nodiratime  0 0
/dev/mapper/vg-home  /home  xfs  noatime,nodiratime,osyncisdsync 0 0

Final steps

Umount everything, close encrypted drive and reboot 

umount /mnt/gentoo/proc (/dev, /home,/usr/portage, /boot) 
cryptsetup luksClose /dev/sda2 dmcrypt_root

After reboot you will get the following: 

>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
>>> Create all the symlinks to /bin/busybox.
>>> Initiating /dev/dir
>>> Getting LVM volumes up (if any)
Reding all physical volumes. This make take awhile...
No volume group found
No volume group found
>>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
Enter passphrase fore /dev/sda2:

Type you password 

>>> Again, getting LVM volumes up (if any, after map dmcrypt).
  Reading all physical volumes.  This may take a while...
  Found volume group "vg" using metadata type lvm2
  4 logical volume(s) in volume group "vg" now active
>>> Mounting rootfs to /newroot
>>> Umounting /sys and /proc.
>>> Switching root to /newroot and executing /sbin/init.
INIT: version 2.88 booting
Loading /libexec/rc/console/keymap
  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
...boot messages omitted for clarity
   
orion login: oleg
Password:
Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
oleg@orion ~ %

Additional links

[3] [4]

Subcategories

This category has the following 2 subcategories, out of 2 total.

K

M

Retrieved from "http://www.funtoo.org/index.php?title=Category:HOWTO&oldid=2096"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff