05 Feb 10 Linux LUKS Crypt HOWTO

Linux kernels now support encrypted filesystems. Setting one up should take 5 minutes, or 3 hours if you’re like me and can’t read.

Firstly, install the right tools: apt-get install cryptsetup

Make a new partition, and initialize it with: cryptsetup luksFormat /dev/sda3 mycrypto

Where /dev/sda3 is your newly created partition and ‘mycrypto’ is your name for the container.

You will be prompted to type YES in uppercase to confirm your understanding that your partition is about to be wiped. If, like me, you type ‘yes’ in lowercase, it will fail with “Command Failed.”. You’ll then spend hours checking for loaded kernel modules, log files, and trawling google for more information. The answer is to type ‘YES’ in uppercase as you’re told

Enter a passphrase, and you’re ready to go.

Next, ‘open’ the container. cryptsetup luksOpen /dev/sdb3 enter the passphrase, and you should at this point end up with a /dev/mapper/mycrypto

Format with your desired partition mkfs.ext3 /dev/mapper/mycrypto

Then, you can mount /dev/mapper/mycrypto as you would any other block device: mount /dev/mapper/mycrypto /mnt/my_mount_point

To close the container:
umount /dev/mapper/mycrypto
cryptsetup luksClose mycrypto

Easy

Tags: crypto, cryptsetup, Linux, luks, mount, umount

20 Oct 09 Setting up an LVM filesystem

Setting up an LVM filesystem is quite easy assuming you have the right tools installed and a recent kernel. LVM has a lot of advantages, most notably the ability to take snapshots of the current filesystem – this is why LVM is often used in live database environments.

Assuming a Debian Lenny machine, get the relevant packages. Some may already be installed:  apt-get install lvm2 dmsetup mdadm

In this example, we will assuming that /dev/sda is your boot drive, and that you want to leave it out of your LVM array, but include /dev/sdb and /dev/sdc. Both /dev/sdb and /dev/sdc should be of equal sizes.

Firstly, using fdisk, remove any existing partitions with ‘d’, on /dev/sdb and /dev/sdc, and create one new partition to span the drive. Change the partition type to ‘8e’ which is the LVM type.

Now prepare your physical disk for LVM with the ‘pvcreate’ tool:

pvcreate /dev/sdb1 /dev/sdc1

Note that you can reverse this with pvremove. You can also use pvdisplay now to display information on all physical volumes.

Oh – you do realie that you can use /dev/mdX just as easily to create LVM on your RAID devices?

Now, we need to create a ‘volume group’: vgcreate myvg /dev/sdb1 /dev/sdc1

(more…)

Tags: dd, ext3, kernel, Linux, lvcreate, lvdisplay, lvm, lvremove, mkfs, mount, pvcreate, pvdisplay, pvremove, resize, tar, vgcreate, vgdisplay, vgremove, xen

08 Mar 09 How to create a simple disk image formatted to ext3

We want a 48MB image, formatted to ext3

ns3:/tmp# dd if=/dev/zero of=./disk.img bs=1MiB count=48
48+0 records in
48+0 records out
50331648 bytes (50 MB) copied, 0.301372 s, 167 MB/s
ns3:/tmp# mkfs.ext3 ./disk.img
mke2fs 1.41.3 (12-Oct-2008)
./disk.img is not a block special device.
Proceed anyway? (y,n) y

ns3:/tmp# mkdir disk

ns3:/tmp# mount -oloop ./disk.img ./disk
ns3:/tmp# df -h ./disk
Filesystem            Size  Used Avail Use% Mounted on
/tmp/disk.img          47M  4.8M   40M  11% /tmp/disk

That’s it – now we can copy our content to ./disk before unmounting it, then use dd to write it to our target medium (such as a CF card or similar)

ns3:/tmp# umount ./disk

Tags: CF, df, disk image, ext3, loop, mkfs.ext3, mount, umount

05 Oct 08 APNIC Box – Linux on a Mikrotik 532a, Part 3 – Installing Debian, Prebuilt Disk Image

Follow on from 01 Oct 08 APNIC Box – Linux on a Mikrotik 532a, Part 2

The device runs a 2.4.30 kernel on a debian woody (mipsel) environment. If anyone can contribute anything for 2.6.x and debian etch, that would be great.

In this part, I’m going to provide a download link to a prebuilt image which you can write directly onto your own CF card with dd or similar tool. I’m also going to provide a step by step to installing debian yourself without my prebuilt disk image.

Prebuilt image is here:

The prebuilt image also contains a number of scripts and tools that I’ll comment on and come to in later parts.

Now installation instructions:
(more…)

Tags: 532a, apnicbox, apt-get, atftpd, CF, compile, cross compile, Custom Kernel, dd, debian, dhcpd, dhcpd.conf installer, forward, initrd, initrd.gz, iptables, ip_forward, kernel, Linux, linuxrc, masquerade, mikrotik, mipsel, mkfs, mknod, mount, partition, prebuild image, routerboard, routerboard 532a, scripts, sed, tftpd, vmlinux, wget

26 May 08 Linux device names & mounting

Recently I came across an annoying issue. I have three identical Seagate USB mass storage devices, plugged in to a debian etch 4.0 stable (2.6.18) machine. I could add those devices and mount points to /etc/fstab, but upon reboot, the /dev/sdX device names would change and therefore the drives would get mounted in the wrong place and bad things would happen. To summarize, “drive1″ would appear as /dev/sdb on one boot, but on another boot, “drive1″ would appear as /dev/sdc with “drive2″ appearing as /dev/sdb.

There are two options here, use the drive serial numbers and some UDEV trickery to ensure that a particular drive gets the same device name each time, but I wasn’t so sure about that.
(more…)

Tags: automounter, debian, drive, fstab, Linux, mass storage device, mount, partition, usb