Difference between pages "Rootfs over encrypted lvm" and "Installing a Cron Daemon"

(Difference between pages)
m
 
(Installation)
 
Line 1: Line 1:
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted drive
+
== Introduction ==
 
+
Cron daemons allow you to configure certain tasks to be run at specific times. Installing a cron daemon is a good idea because some packages may assume that you have a cron daemon installed and create jobs to update their databases with a cron daemon. There are several different loggers available to Funtoo users:
= Prepare the hard drive and partitions =
+
* '''Fcron'''
This is an example partition scheme, you may want to choose differently.
+
* '''Cronie'''
<code>/dev/sda1</code> used as <code>/boot</code>. <code>/dev/sda2</code> will be encrypted drive with LVM.
+
* '''Vixie-Cron'''
 
+
* <code>/dev/sda1</code> -- <code>/boot</code> partition.
+
* <code>/dev/sda2</code> -- BIOS boot partition (not needed for MBR - only needed if you are using GPT) This step required for GRUB2. For more info, see: [http://www.funtoo.org/Funtoo_Linux_Installation#Prepare_Hard_Disk] for more information on GPT and MBR.
+
* <code>/dev/sda3</code> -- <code>/</code> partition, will be the drive with LUKS and LVM.
+
  
 +
== Installation ==
 +
To install the cron daemon, run the following command:
 
<console>
 
<console>
##r### ##b##dd if=/dev/zero of=/dev/sda3 bs=100M
+
# ##i## emerge --ask fcron
##r### ##b##dd if=/dev/urandom of=/dev/sda3 bs=100M
+
</console>
+
The <code>dd</code> part is optional, and the command only needs to be run for security reasons. It overwrites the lingering data on the device with random data. It takes around 6 hours to complete for a 200GB drive.
+
 
+
Note that you will get a message about reaching the end of the device when the <code>dd</code> command has finished. This behavior is intended.
+
 
+
= Encrypting the drive =
+
<console>
+
##r### ##b##cryptsetup --cipher aes-xts-plain64 luksFormat /dev/sda3
+
##r### ##b##cryptsetup luksOpen /dev/sda3 dmcrypt_root
+
</console>
+
 
+
There you'll be prompted to enter your password phrase for encrypted drive, type your paranoid password there.
+
 
+
= Create logical volumes =
+
<console>
+
##r### ##b##pvcreate /dev/mapper/dmcrypt_root
+
##r### ##b##vgcreate vg /dev/mapper/dmcrypt_root
+
##r### ##b##lvcreate -L10G --name root vg         
+
##r### ##b##lvcreate -L2G --name swap vg
+
##r### ##b##lvcreate -L5G --name portage vg
+
##r### ##b##lvcreate -l 100%FREE -nhome vg
+
</console>
+
Feel free to specify your desired size by altering the numbers after the -L flag. For example, to make your portage dataset 20GB's, use the flag -L20G instead of -L5G.
+
 
+
= Create a filesystem on volumes =
+
<console>
+
##r### ##b##mkfs.ext2 /dev/sda1
+
##r### ##b##mkswap /dev/mapper/vg-swap
+
##r### ##b##mkfs.ext4 /dev/mapper/vg-root
+
##r### ##b##mkfs.ext4 /dev/mapper/vg-portage
+
##r### ##b##mkfs.ext4 /dev/mapper/vg-home
+
</console>
+
 
+
= Basic system setup =
+
<console>
+
##r### ##b##swapon /dev/mapper/vg-swap
+
##r### ##b##mkdir /mnt/funtoo
+
##r### ##b##mount /dev/mapper/vg-root /mnt/funtoo
+
##r### ##b##mkdir -p /mnt/funtoo/{boot,usr/portage,home}
+
##r### ##b##mount /dev/sda1 /mnt/funtoo/boot
+
##r### ##b##mount /dev/mapper/vg-portage /mnt/funtoo/usr/portage
+
##r### ##b##mount /dev/mapper/vg-home /mnt/funtoo/home
+
</console>
+
Now perform all the steps required for basic system install, please follow [http://docs.funtoo.org/wiki/Funtoo_Linux_Installation]
+
don't forget to emerge next packages:
+
 
+
<pre># emerge cryptsetup lvm2 grub foo-sources</pre>
+
 
+
Re-emerge sys-apps/busybox and sys-fs/cryptsetup with the "static" USE flag
+
 
+
= Kernel options =
+
Important, do not miss this part.
+
Under General setup --->
+
<pre>[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support</pre>
+
 
+
Under Device Drivers --->
+
<pre>Generic Driver Options  --->
+
  [*] Maintain a devtmpfs filesystem to mount at /dev
+
[*] Multiple devices driver support  --->
+
  <*>Device Mapper Support
+
  <*> Crypt target support
+
</pre>
+
 
+
Under Cryptographic API --->
+
<pre>-*-AES cipher algorithms
+
 
+
<*> XTS support (EXPERIMENTAL)</pre>
+
 
+
 
+
= Initramfs setup and configuration =
+
Build your initramfs with [https://bitbucket.org/piotrkarbowski/better-initramfs better-initramfs] project.
+
 
+
{{fancynote|better-initramfs supports neither dynamic modules nor udev, so you should compile your kernel with built-in support for your block devices.}}
+
 
+
<console>
+
# git clone git://github.com/slashbeast/better-initramfs.git
+
# cd better-initramfs
+
# less README.rst
+
# bootstrap/bootstrap-all
+
# make prepare
+
# make image
+
</console>
+
 
+
Copy resulting <code>initramfs.cpio.gz</code> to <code>/boot</code>.
+
<pre># cp output/initramfs.cpio.gz /boot
+
</pre>
+
Alternatively pre-compiled binary initramfs available at https://bitbucket.org/piotrkarbowski/better-initramfs/downloads
+
<pre># wget https://bitbucket.org/piotrkarbowski/better-initramfs/downloads/release-x86_64-v0.7.2.tar.bz2
+
# tar xf release-x86_64-v0.5.tar.bz2
+
# cd release*
+
# gzip initramfs.cpio
+
# cp initramfs.cpio.gz /boot</pre>
+
 
+
Remember, better-initramfs project is a work in progress, so you need to update from time to time. It can be done easily with <code>git</code>. Go to the better-initramfs source dir and follow:
+
<pre># git pull
+
# less ChangeLog
+
</pre>
+
Please, read the ChangeLog carefuly and do necessary updates, to <code>/etc/boot.conf</code>, the example config below. Please, backup working <code>initramfs.cpio.gz</code> and <code>/etc/boot.conf</code> before updating initramfs.
+
 
+
= Genkernel approach =
+
Funtoo's genkernel capable to create initramfs for encrypted drive. Compile and install kernel and initramfs of your favorite kernel sources:
+
<pre>genkernel --kernel-config=/path/to/your/custom-kernel-config --no-mrproper --makeopts=-j5 --install --lvm --luks all</pre>
+
Configure the bootloader as described above, with correct kernel and initramfs images names. An example for genkernel and grub2:
+
 
+
{{code|/etc/boot.conf|<pre>
+
boot {
+
  generate grub
+
  default "Funtoo Linux"
+
  timeout 3
+
}
+
"Funtoo Linux" {
+
  kernel kernel-genkernel-x86_64-2.6.39
+
  initrd initramfs-genkernel-x86_64-2.6.39
+
  params += crypt_root=/dev/sda2 dolvm real_root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
+
}</pre>}}
+
 
+
= Grub2 configuration =
+
An example of <code>/etc/boot.conf</code> for better-initramfs
+
{{code|/etc/boot.conf|<pre>
+
boot {
+
  generate grub
+
  default "Funtoo Linux"
+
  timeout 3
+
}
+
"Funtoo Linux" {
+
  kernel bzImage[-v]
+
  initrd /initramfs.cpio.gz
+
  params += enc_root=/dev/sda2 lvm luks root=/dev/mapper/vg-root  rootfstype=ext4 resume=swap:/dev/mapper/vg-swap quiet
+
}</pre>}}
+
 
+
{{code|/etc/fstab|
+
<pre>
+
# <fs>                  <mountpoint>  <type>    <opts>                          <dump/pass>
+
/dev/sda1              /boot        ext2      noauto,noatime                  1 2
+
/dev/mapper/vg-swap    none          swap      sw                              0 0
+
/dev/mapper/vg-root    /            ext4      noatime,nodiratime,defaults    0 1
+
/dev/sr0                /mnt/cdrom    auto      noauto,ro                      0 0
+
/dev/mapper/vg-portage  /usr/portage  reiserfs  noatime,nodiratime              0 0
+
/dev/mapper/vg-home    /home        xfs      noatime,nodiratime,osyncisdsync 0 0</pre>}}
+
 
+
= Lilo configuration =
+
For oldschool geeks, an example for lilo bootloader. Emerge lilo with device-mapper support
+
<pre>
+
# echo 'sys-boot/lilo device-mapper' >> /etc/portage/package.use/lilo
+
# emerge lilo</pre>
+
 
+
{{code|/etc/lilo.conf|<pre>append="init=/linuxrc dolvm crypt_root=/dev/sda2 real_root=/dev/mapper/vg-root"
+
boot=/dev/sda
+
compact
+
default=funtoo
+
lba32
+
prompt
+
read-only
+
timeout=50
+
image=/boot/kernel-genkernel-x86_64-2.6.39
+
initrd=/boot/initramfs-genkernel-x86_64-2.6.39
+
label=funtoo
+
</pre>}}
+
= Syslinux bootloader setup =
+
Syslinux is another advanced bootloader which you can find on all live CD's.
+
<pre>
+
# emerge syslinux
+
# mkdir /boot/extlinux
+
# extlinux --install /boot/extlinux
+
# dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/mbr.bin of=/dev/sda
+
- or -
+
# sgdisk /dev/sda --attributes=1:set:2
+
# dd bs=440 conv=notrunc count=1 if=/usr/share/syslinux/gptmbr.bin of=/dev/sda, for GPT partition</pre>
+
{{code|/boot/extlinux/extlinux.conf|<pre>LABEL kernel1_bzImage-3.2.1
+
MENU LABEL Funtoo Linux bzImage-3.2.1
+
LINUX /bzImage-3.2.1
+
INITRD /initramfs.cpio.gz
+
APPEND rootfstype=ext4 luks enc_root=/dev/sda2 lvm root=/dev/mapper/vg-root
+
</pre>}}
+
 
+
= Final steps =
+
Umount everything, close encrypted drive and reboot
+
<pre>umount /mnt/funtoo/proc (/dev, /home, /usr/portage, /boot)
+
vgchange -a n
+
cryptsetup luksClose /dev/sda2 dmcrypt_root</pre>
+
After reboot you will get the following:
+
<pre>>>> better-initramfs started. Kernel version 2.6.35-gentoo-r10
+
>>> Create all the symlinks to /bin/busybox.
+
>>> Initiating /dev/dir
+
>>> Getting LVM volumes up (if any)
+
Reding all physical volumes. This make take awhile...
+
No volume group found
+
No volume group found
+
>>> Opening encrypted partition and mapping to /dev/mapper/dmcrypt_root
+
Enter passphrase fore /dev/sda2:</pre>
+
Type your password
+
  
<pre>>>> Again, getting LVM volumes up (if any, after map dmcrypt).
+
These are the packages that would be merged, in order:
  Reading all physical volumes.  This may take a while...
+
  Found volume group "vg" using metadata type lvm2
+
  4 logical volume(s) in volume group "vg" now active
+
>>> Mounting rootfs to /newroot
+
>>> Umounting /sys and /proc.
+
>>> Switching root to /newroot and executing /sbin/init.
+
INIT: version 2.88 booting
+
Loading /libexec/rc/console/keymap
+
  OpenRC 0.6.1 is starting up Funtoo Linux (x86_64)
+
...boot messages omitted for clarity
+
 
+
orion login: oleg
+
Password:
+
Last login: Thu Oct 14 20:49:21 EEST 2010 on tty1
+
oleg@orion ~ %</pre>
+
  
= Additional links =
+
Calculating dependencies... done!
* [[gentoo-wiki:Root filesystem over LVM2, DM-Crypt and RAID|Root filesystem over LVM2, DM-Crypt, and RAID]]
+
[ebuild  N    ] sys-process/cronbase-0.3.2-r1
* [http://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt System Encryption with LUKS for dm-crypt]
+
[ebuild  N    ] sys-process/fcron-3.1.2-r2  USE="mta pam readline system-crontab -debug (-selinux)" LINGUAS="-fr"
  
[[Category:HOWTO]]
+
##b## Would you like to merge these packages? [Yes/No]##i## yes
 +
[[Category:System]]

Revision as of 16:36, 19 October 2013

Introduction

Cron daemons allow you to configure certain tasks to be run at specific times. Installing a cron daemon is a good idea because some packages may assume that you have a cron daemon installed and create jobs to update their databases with a cron daemon. There are several different loggers available to Funtoo users:

  • Fcron
  • Cronie
  • Vixie-Cron

Installation

To install the cron daemon, run the following command:

#  emerge --ask fcron

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N     ] sys-process/cronbase-0.3.2-r1
[ebuild  N     ] sys-process/fcron-3.1.2-r2  USE="mta pam readline system-crontab -debug (-selinux)" LINGUAS="-fr" 

 Would you like to merge these packages? [Yes/No] yes
[[Category:System]]