Linux LVM 加密磁盘的创建及使用手记

本文只是手记，包含创建和使用加密LVM的步骤，没有删除和修改的步骤。

环境为 CentOS 7 mini

[[email protected] ~]# yum install cryptsetup
已加载插件：fastestmirror
Determining fastest mirrors
base                                                                                                                                                                | 2.2 kB  00:00:00     
epel                                                                                                                                                                | 3.3 kB  00:00:00     
extras                                                                                                                                                              | 1.5 kB  00:00:00     
updates                                                                                                                                                             | 1.5 kB  00:00:00     
(1/7): base/7/x86_64/group_gz                                                                                                                                       | 153 kB  00:00:00     
(2/7): epel/7/x86_64/group_gz                                                                                                                                       |  95 kB  00:00:00     
(3/7): base/7/x86_64/primary                                                                                                                                        | 2.9 MB  00:00:00     
(4/7): extras/7/x86_64/primary                                                                                                                                      |  94 kB  00:00:00     
(5/7): epel/7/x86_64/updateinfo                                                                                                                                     | 1.0 MB  00:00:00     
(6/7): updates/7/x86_64/primary                                                                                                                                     | 2.5 MB  00:00:00     
(7/7): epel/7/x86_64/primary                                                                                                                                        | 3.8 MB  00:00:09     
base                                                                                                                                                                           10070/10070
epel                                                                                                                                                                           13455/13455
extras                                                                                                                                                                             413/413
updates                                                                                                                                                                          1134/1134
正在解决依赖关系
--> 正在检查事务
---> 软件包 cryptsetup.x86_64.0.2.0.3-6.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

===========================================================================================================================================================================================
 Package                                        架构                                       版本                                             源                                        大小
===========================================================================================================================================================================================
正在安装:
 cryptsetup                                     x86_64                                     2.0.3-6.el7                                      base                                     154 k

事务概要
===========================================================================================================================================================================================
安装  1 软件包

总下载量：154 k
安装大小：354 k
Is this ok [y/d/N]: y
Downloading packages:
cryptsetup-2.0.3-6.el7.x86_64.rpm                                                                                                                                   | 154 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : cryptsetup-2.0.3-6.el7.x86_64                                                                                                                                          1/1 
  验证中      : cryptsetup-2.0.3-6.el7.x86_64                                                                                                                                          1/1 

已安装:
  cryptsetup.x86_64 0:2.0.3-6.el7                                                                                                                                                          

完毕！
[[email protected] ~]# fdisk -l
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.

磁盘 /dev/sda：68.7 GB, 68719476736 字节，134217728 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节
磁盘标签类型：gpt
Disk identifier: 58287F59-80ED-4214-9314-15D58DBAB1E2


#         Start          End    Size  Type            Name
 1         2048       411647    200M  EFI System      EFI System Partition
 2       411648      2508799      1G  Microsoft basic 
 3      2508800    134215679   62.8G  Linux LVM       

磁盘 /dev/sdb：1099.5 GB, 1099511627776 字节，2147483648 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节


磁盘 /dev/mapper/centos-root：60.6 GB, 60557361152 字节，118276096 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节


磁盘 /dev/mapper/centos-swap：6874 MB, 6874464256 字节，13426688 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 512 字节

[[email protected] ~]# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created.
[[email protected] ~]# vgcreate vg-data /dev/sdb
  Volume group "vg-data" successfully created
[[email protected] ~]# lvcreate -n lv-data  -l 100%FREE vg-data
  Logical volume "lv-data" created.
[[email protected] ~]# cryptsetup luksFormat /dev/mapper/vg--data-lv--data 

WARNING!
========
这将覆盖 /dev/mapper/vg--data-lv--data 上的数据，该动作不可取消。

Are you sure? (Type uppercase yes): YES
输入 /dev/mapper/vg--data-lv--data 的口令：
确认密码：

[[email protected] ~]# cryptsetup luksOpen /dev/mapper/vg--data-lv--data data
输入 /dev/mapper/vg--data-lv--data 的口令：
[[email protected] ~]# 
[[email protected] ~]# mkfs.ext4 /dev/mapper/data 
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=
OS type: Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
67108864 inodes, 268433920 blocks
13421696 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=2415919104
8192 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
	102400000, 214990848

Allocating group tables: 完成                            
正在写入inode表: 完成                            
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成     

[[email protected] ~]# mkdir /data
[[email protected] ~]# mount /dev/mapper/data /data
[[email protected] ~]# df -ah
文件系统                 容量  已用  可用 已用% 挂载点
sysfs                       0     0     0     - /sys
proc                        0     0     0     - /proc
devtmpfs                  24G     0   24G    0% /dev
securityfs                  0     0     0     - /sys/kernel/security
tmpfs                     24G     0   24G    0% /dev/shm
devpts                      0     0     0     - /dev/pts
tmpfs                     24G  9.1M   24G    1% /run
tmpfs                     24G     0   24G    0% /sys/fs/cgroup
cgroup                      0     0     0     - /sys/fs/cgroup/systemd
pstore                      0     0     0     - /sys/fs/pstore
efivarfs                    0     0     0     - /sys/firmware/efi/efivars
cgroup                      0     0     0     - /sys/fs/cgroup/pids
cgroup                      0     0     0     - /sys/fs/cgroup/cpu,cpuacct
cgroup                      0     0     0     - /sys/fs/cgroup/net_cls,net_prio
cgroup                      0     0     0     - /sys/fs/cgroup/devices
cgroup                      0     0     0     - /sys/fs/cgroup/cpuset
cgroup                      0     0     0     - /sys/fs/cgroup/memory
cgroup                      0     0     0     - /sys/fs/cgroup/freezer
cgroup                      0     0     0     - /sys/fs/cgroup/hugetlb
cgroup                      0     0     0     - /sys/fs/cgroup/perf_event
cgroup                      0     0     0     - /sys/fs/cgroup/blkio
configfs                    0     0     0     - /sys/kernel/config
/dev/mapper/centos-root   57G  7.6G   49G   14% /
selinuxfs                   0     0     0     - /sys/fs/selinux
systemd-1                   0     0     0     - /proc/sys/fs/binfmt_misc
debugfs                     0     0     0     - /sys/kernel/debug
mqueue                      0     0     0     - /dev/mqueue
hugetlbfs                   0     0     0     - /dev/hugepages
/dev/sda2               1014M  209M  806M   21% /boot
/dev/sda1                200M   12M  189M    6% /boot/efi
sunrpc                      0     0     0     - /var/lib/nfs/rpc_pipefs
tmpfs                    4.8G     0  4.8G    0% /run/user/0
/dev/mapper/data        1008G   77M  957G    1% /data