Ua hoʻomaka ka moʻolelo i kahi manawa lōʻihi, i ka wā i hoʻokuʻu ʻia ai ʻo Centos 7 (RHEL 7). Inā ʻoe i hoʻohana i ka hoʻopili ʻana i nā drive me Centos 6, a laila ʻaʻohe pilikia me ka wehe ʻana i nā drive ke hoʻopili ʻoe i kahi USB flash drive me nā kī pono. Eia naʻe, i ka wā i hoʻokuʻu ʻia ai ʻo 7, ʻaʻole i holo nā mea a pau e like me kou maʻamau. A laila ua hiki ke loaʻa kahi hopena i ka hoʻihoʻi ʻana i ka dracut i sysvinit me ka hoʻohana ʻana i kahi laina maʻalahi i ka config: echo 'omit_dracutmodules+=" systemd "' > /etc/dracut.conf.d/luks-workaround.conf
Ka mea i hoʻonele koke iā mākou i ka nani a pau o systemd - wikiwiki a me ka hoʻomaka ʻana o nā lawelawe ʻōnaehana, i hoʻemi nui i ka manawa hoʻomaka ʻōnaehana.
Aia mau nā mea:
Me ke kali ʻole i kahi hoʻonā, hana wau noʻu iho, a i kēia manawa ke kaʻana like nei au me ka lehulehu, ka poʻe hoihoi, e heluhelu.
Hōʻike
ʻO Systemd, i koʻu hoʻomaka mua ʻana e hana pū me Centos 7, ʻaʻole i hoʻokumu i kekahi mau manaʻo, no ka mea ma waho o kahi hoʻololi liʻiliʻi i ka syntax hoʻokele lawelawe, ʻaʻole wau i manaʻo i kahi ʻokoʻa i ka wā mua. Ma hope iho, makemake au i ka systemd, akā ua ʻino iki ka manaʻo mua, no ka mea ʻaʻole i hoʻolōʻihi nā mea hoʻomohala dracut i ke kākoʻo ʻana i ke kaʻina hana boot me ka hoʻohana ʻana i ka systemd i hui pū me ka encryption disk. Ma keʻano laulā, ua hana ia, akā ʻo ke komo ʻana i ka ʻōlelo huna disk i kēlā me kēia manawa e hoʻomaka ai ke kikowaena ʻaʻole ia ka mea hoihoi loa.
Ma hope o ka ho'āʻo ʻana i kahi pūʻulu o nā ʻōlelo aʻo a aʻo i ka manual, ʻike wau i ka hoʻonohonoho ʻana i ka mode systemd me USB hiki ke hiki, akā me ka hui manual o kēlā me kēia disk me kahi kī ma kahi USB disk, a ʻo ka USB disk ponoʻī hiki ke hoʻopili wale ʻia e kāna. ʻAʻole i hana ʻo UUID, LABEL. ʻAʻole i maʻalahi ka mālama ʻana i kēia ma ka home, no laila ua hoʻomaka wau i ke kali ʻana a, ma hope o ke kali ʻana no kahi kokoke i 7 mau makahiki, ʻike wau ʻaʻohe mea e hoʻoponopono i ka pilikia.
Nā pilikia
ʻOiaʻiʻo, aneane hiki i kekahi ke kākau i kā lākou plugin no dracut, akā ʻaʻole maʻalahi ka hana ʻana. Ua ʻike ʻia ma muli o ke ʻano like o ka hoʻomaka ʻana o systemd, ʻaʻole maʻalahi ka hoʻokomo ʻana i kāu code a hoʻololi i ka holomua hoʻouka. ʻAʻole i wehewehe ka palapala no ka dracut i nā mea a pau. Eia naʻe, ma hope o nā hoʻokolohua lōʻihi, hiki iaʻu ke hoʻoponopono i ka pilikia.
Pehea e hana ai
Hoʻokumu ʻia ia ma luna o ʻekolu ʻāpana:
- luks-auto-key.service - ʻimi i nā pahu me nā kī no LUKS
- luks-auto.target - hana ma ke ʻano he hilinaʻi no nā ʻāpana systemd-cryptsetup i kūkulu ʻia
- luks-auto-clean.service - hoʻomaʻemaʻe i nā faila manawa i hana ʻia e luks-auto-key.service
A ʻo luks-auto-generator.sh kahi palapala i hoʻokuʻu ʻia e systemd a hana i nā ʻāpana e pili ana i nā ʻāpana kernel. Hana ʻia nā mea hana like e nā ʻāpana fstab, etc.
luks-auto-generator.sh
Ke hoʻohana nei i ka drop-in.conf, hoʻololi ʻia ke ʻano o ka systemd-cryptsetup maʻamau ma ka hoʻohui ʻana i ka luks-auto.target i ko lākou hilinaʻi.
luks-auto-key.service a me luks-auto-key.sh
Holo kēia ʻāpana i ka palapala luks-auto-key.sh, ma muli o nā kī rd.luks.*, loaʻa i ka media me nā kī a kope iā lākou i kahi papa kuhikuhi no ka hoʻohana hou ʻana. Ma hope o ka pau ʻana o ke kaʻina hana, holoi ʻia nā kī mai ka papa kuhikuhi manawaleʻa e luks-auto-clean.service.
Nā kumu:
/usr/lib/dracut/modules.d/99luks-auto/module-setup.sh
#!/bin/bash
check () {
if ! dracut_module_included "systemd"; then
"luks-auto needs systemd in the initramfs"
return 1
fi
return 255
}
depends () {
echo "systemd"
return 0
}
install () {
inst "$systemdutildir/systemd-cryptsetup"
inst_script "$moddir/luks-auto-generator.sh" "$systemdutildir/system-generators/luks-auto-generator.sh"
inst_script "$moddir/luks-auto-key.sh" "/etc/systemd/system/luks-auto-key.sh"
inst_script "$moddir/luks-auto.sh" "/etc/systemd/system/luks-auto.sh"
inst "$moddir/luks-auto.target" "${systemdsystemunitdir}/luks-auto.target"
inst "$moddir/luks-auto-key.service" "${systemdsystemunitdir}/luks-auto-key.service"
inst "$moddir/luks-auto-clean.service" "${systemdsystemunitdir}/luks-auto-clean.service"
ln_r "${systemdsystemunitdir}/luks-auto.target" "${systemdsystemunitdir}/initrd.target.wants/luks-auto.target"
ln_r "${systemdsystemunitdir}/luks-auto-key.service" "${systemdsystemunitdir}/initrd.target.wants/luks-auto-key.service"
ln_r "${systemdsystemunitdir}/luks-auto-clean.service" "${systemdsystemunitdir}/initrd.target.wants/luks-auto-clean.service"
}
/usr/lib/dracut/modules.d/99luks-auto/luks-auto-generator.sh
#!/bin/sh
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
. /lib/dracut-lib.sh
SYSTEMD_RUN='/run/systemd/system'
CRYPTSETUP='/usr/lib/systemd/systemd-cryptsetup'
TOUT=$(getargs rd.luks.key.tout)
if [ ! -z "$TOUT" ]; then
mkdir -p "${SYSTEMD_RUN}/luks-auto-key.service.d"
cat > "${SYSTEMD_RUN}/luks-auto-key.service.d/drop-in.conf" <<EOF
[Service]
Type=oneshot
ExecStartPre=/usr/bin/sleep $TOUT
EOF
fi
mkdir -p "$SYSTEMD_RUN/luks-auto.target.wants"
for argv in $(getargs rd.luks.uuid -d rd_LUKS_UUID); do
_UUID=${argv#luks-}
_UUID_ESC=$(systemd-escape -p $_UUID)
mkdir -p "${SYSTEMD_RUN}/systemd-cryptsetup@luksx2d${_UUID_ESC}.service.d"
cat > "${SYSTEMD_RUN}/systemd-cryptsetup@luksx2d${_UUID_ESC}.service.d/drop-in.conf" <<EOF
[Unit]
After=luks-auto.target
ConditionPathExists=!/dev/mapper/luks-${_UUID}
EOF
cat > "${SYSTEMD_RUN}/luks-auto@${_UUID_ESC}.service" <<EOF
[Unit]
Description=luks-auto Cryptography Setup for %I
DefaultDependencies=no
Conflicts=umount.target
IgnoreOnIsolate=true
Before=luks-auto.target
BindsTo=dev-disk-byx2duuid-${_UUID_ESC}.device
After=dev-disk-byx2duuid-${_UUID_ESC}.device luks-auto-key.service
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
ExecStart=/etc/systemd/system/luks-auto.sh ${_UUID}
ExecStop=$CRYPTSETUP detach 'luks-${_UUID}'
Environment=DRACUT_SYSTEMD=1
StandardInput=null
StandardOutput=syslog
StandardError=syslog+console
EOF
ln -fs ${SYSTEMD_RUN}/luks-auto@${_UUID_ESC}.service $SYSTEMD_RUN/luks-auto.target.wants/luks-auto@${_UUID_ESC}.service
done
/usr/lib/dracut/modules.d/99luks-auto/luks-auto-key.service
[Unit]
Description=LUKS AUTO key searcher
After=cryptsetup-pre.target
Before=luks-auto.target
DefaultDependencies=no
[Service]
Environment=DRACUT_SYSTEMD=1
Type=oneshot
ExecStartPre=/usr/bin/sleep 1
ExecStart=/etc/systemd/system/luks-auto-key.sh
RemainAfterExit=true
StandardInput=null
StandardOutput=syslog
StandardError=syslog+console
/usr/lib/dracut/modules.d/99luks-auto/luks-auto-key.sh
#!/bin/sh
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
export DRACUT_SYSTEMD=1
. /lib/dracut-lib.sh
MNT_B="/tmp/luks-auto"
ARG=$(getargs rd.luks.key)
IFS=$':' _t=(${ARG})
KEY=${_t[0]}
F_FIELD=''
F_VALUE=''
if [ ! -z $KEY ] && [ ! -z ${_t[1]} ];then
IFS=$'=' _t=(${_t[1]})
F_FIELD=${_t[0]}
F_VALUE=${_t[1]}
F_VALUE="${F_VALUE%"}"
F_VALUE="${F_VALUE#"}"
fi
mkdir -p $MNT_B
finding_luks_keys(){
local _DEVNAME=''
local _UUID=''
local _TYPE=''
local _LABEL=''
local _MNT=''
local _KEY="$1"
local _F_FIELD="$2"
local _F_VALUE="$3"
local _RET=0
blkid -s TYPE -s UUID -s LABEL -u filesystem | grep -v -E -e "TYPE=".*_member"" -e "TYPE="crypto_.*"" -e "TYPE="swap"" | while IFS=$'' read -r _line; do
IFS=$':' _t=($_line);
_DEVNAME=${_t[0]}
_UUID=''
_TYPE=''
_LABEL=''
_MNT=''
IFS=$' ' _t=(${_t[1]});
for _a in "${_t[@]}"; do
IFS=$'=' _v=(${_a});
temp="${_v[1]%"}"
temp="${temp#"}"
case ${_v[0]} in
'UUID')
_UUID=$temp
;;
'TYPE')
_TYPE=$temp
;;
'LABEL')
_LABEL=$temp
;;
esac
done
if [ ! -z "$_F_FIELD" ];then
case $_F_FIELD in
'UUID')
[ ! -z "$_F_VALUE" ] && [ "$_UUID" != "$_F_VALUE" ] && continue
;;
'LABEL')
[ ! -z "$_F_VALUE" ] && [ "$_LABEL" != "$_F_VALUE" ] && continue
;;
*)
[ "$_DEVNAME" != "$_F_FIELD" ] && continue
;;
esac
fi
_MNT=$(findmnt -n -o TARGET $_DEVNAME)
if [ -z "$_MNT" ]; then
_MNT=${MNT_B}/KEY-${_UUID}
mkdir -p "$_MNT" && mount -o ro "$_DEVNAME" "$_MNT"
_RET=$?
else
_RET=0
fi
if [ "${_RET}" -eq 0 ] && [ -f "${_MNT}/${_KEY}" ]; then
cp "${_MNT}/${_KEY}" "$MNT_B/${_UUID}.key"
info "Found ${_MNT}/${_KEY} on ${_UUID}"
fi
if [[ "${_MNT}" =~ "${MNT_B}" ]]; then
umount "$_MNT" && rm -rfd --one-file-system "$_MNT"
fi
done
return 0
}
finding_luks_keys $KEY $F_FIELD $F_VALUE
/usr/lib/dracut/modules.d/99luks-auto/luks-auto.target
[Unit]
Description=LUKS AUTO target
After=systemd-readahead-collect.service systemd-readahead-replay.service
After=cryptsetup-pre.target luks-auto-key.service
Before=cryptsetup.target
/usr/lib/dracut/modules.d/99luks-auto/luks-auto.sh
#!/bin/sh
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
export DRACUT_SYSTEMD=1
. /lib/dracut-lib.sh
MNT_B="/tmp/luks-auto"
CRYPTSETUP='/usr/lib/systemd/systemd-cryptsetup'
for i in $(ls -p $MNT_B | grep -v /);do
info "Trying $i on $1..."
$CRYPTSETUP attach "luks-$1" "/dev/disk/by-uuid/$1" $MNT_B/$i 'tries=1'
if [ "$?" -eq "0" ]; then
info "Found $i for $1"
exit 0
fi
done
warn "No key found for $1. Fallback to passphrase mode."
/usr/lib/dracut/modules.d/99luks-auto/luks-auto-clean.service
[Unit]
Description=LUKS AUTO key cleaner
After=cryptsetup.target
DefaultDependencies=no
[Service]
Type=oneshot
ExecStart=/usr/bin/rm -rfd --one-file-system /tmp/luks-auto
/etc/dracut.conf.d/luks-auto.conf
add_dracutmodules+=" luks-auto "Kāu Mau Koho Paʻamau
mkdir -p /usr/lib/dracut/modules.d/99luks-auto/
# размещаем тут почти все файлы
chmod +x /usr/lib/dracut/modules.d/99luks-auto/*.sh
# создаем файл /etc/dracut.conf.d/luks-auto.conf
# И генерируем новый initramfs
dracut -f
hopena
No ka maʻalahi, ua mālama au i ka launa pū me nā koho laina kauoha kernel e like me ke ʻano sysvinit, kahi e maʻalahi ai ka hoʻohana ʻana i nā hoʻonohonoho kahiko.
Source: www.habr.com