Pai te ao me te po katoa! Ka whai hua tenei pou ki te hunga e whakamahi ana i te whakamunatanga raraunga LUKS me te hiahia ki te wetewete i nga kōpae i raro i te Linux (Debian, Ubuntu) i runga te wahanga o te wetemunatanga o te wehewehenga pakiaka. A kaore i kitea e au nga korero penei i runga i te Ipurangi.
No tata nei, na te pikinga o te maha o nga kopae kei roto i nga whata, ka raru ahau ki te wetemuna kōpae ma te whakamahi i te tikanga tino rongonui ma te /etc/crypttab. Ko ahau ake, ka tohuhia e au etahi raru mo te whakamahi i tenei tikanga, ara ko te panui o te konae i muri noa i te utaina (whakapiki) i te arai pakiaka, e pa kino ana ki nga kawemai a ZFS, ina koa i kohia mai i nga wehewehenga i runga i te *_crypt device, i kohia mai ranei nga whakaeke mdadm mai i nga waahanga. E mohio ana tatou ka taea e koe te whakamahi wehe i runga i nga ipu LUKS, tika? A ko te raruraru o te timatanga wawe o etahi atu ratonga, i te mea kaore ano he raupapa, a whakamahi Kei te hiahia ahau ki tetahi mea (Kei te mahi ahau me te Proxmox VE 5.x me te ZFS i runga i te iSCSI).
He iti mo ZFSoverISCSIKo te mahi a iSCSI mo au ma te LIO, a, i te wa ka timata te whaainga iscsi kaore e kite i nga taputapu ZVOL, ka tangohia noa e ia mai i te whirihoranga, ka aukati i nga punaha manuhiri mai i te pupuhi. No reira, ma te whakahoki ano i te konae json taapiri, me te taapiri-a-ringa ranei i nga taputapu me nga tohu tohu o ia VM, he tino whakamataku mena he maha nga miihini penei me ia whirihoranga neke atu i te 1 kōpae.
A ko te patai tuarua ka whakaarohia e au me pehea te wetewete (koinei te kaupapa matua o te tuhinga). A ka korero tatou mo tenei i raro nei, haere ki te tapahi!
I te nuinga o nga wa kei runga i te Ipurangi ka whakamahi ratou i tetahi konae matua (i honoa aunoatia ki te mokamoka me te whakahau - cryptsetup luksAddKey), i etahi onge ranei (he iti noa nga korero mo te Ipurangi reo-Rusia) - te tuhinga decrypt_derived, kei roto /lib/cryptsetup/script/ (o te akoranga, tera ano etahi atu huarahi, engari i whakamahia e au enei e rua, i hanga te turanga o te tuhinga). I tohe ano ahau mo te whakahohenga mana motuhake i muri i te reboots, kaore he whakahau taapiri i roto i te papatohu, kia "take" nga mea katoa mo au i tenei wa. Na reira, he aha te tatari? —
Tatou kamata!
Ki ta matou whakaaro he punaha, hei tauira Debian, i whakauruhia ki runga i te sda3_crypt crypto arai me te tatini kopae kua rite ki te whakamuna me te hanga i nga mea katoa e hiahia ana to ngakau. Kei a matou he kupu matua (kupuhipa) hei iriti i te sda3_crypt a mai i tenei waahanga ka tangohia e matou te "hash" o te kupuhipa i runga i te punaha whakahaere (decrypted) ka taapiri atu ki etahi atu kōpae. He mea timatanga nga mea katoa, i roto i te papatohu ka mahia e matou:
/lib/cryptsetup/scripts/decrypt_derived sda3_crypt | cryptsetup luksFormat /dev/sdXkei hea a X a maatau kōpae, wehewehenga, aha atu.
Whai muri i te whakamuna i nga kopae me te hash mai i ta maatau kianga matua, me rapu koe i te UUID, ID ranei - i runga i te hunga e mohio ana ki te aha. Ka tangohia e matou nga raraunga mai i /dev/disk/by-uuid me by-id, ia.
Ko te waahanga e whai ake nei ko te whakarite i nga konae me nga tuhinga iti mo nga mahi e tika ana kia mahi, me haere tonu:
cp -p /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp -p /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/atu
touch /etc/initramfs-tools/hooks/decrypt && chmod +x /etc/initramfs-tools/hooks/decryptIhirangi o ../decrypt
#!/bin/sh
cp -p /lib/cryptsetup/scripts/decrypt_derived "$DESTDIR/bin/decrypt_derived"atu
touch /etc/initramfs-tools/hooks/partcopy && chmod +x /etc/initramfs-tools/hooks/partcopyIhirangi ../partcopy
#!/bin/sh
cp -p /sbin/partprobe "$DESTDIR/bin/partprobe"
cp -p /lib/x86_64-linux-gnu/libparted.so.2 "$DESTDIR/lib/x86_64-linux-gnu/libparted.so.2"
cp -p /lib/x86_64-linux-gnu/libreadline.so.7 "$DESTDIR/lib/x86_64-linux-gnu/libreadline.so.7"he iti ake
touch /etc/initramfs-tools/scripts/local-bottom/partprobe && chmod +x /etc/initramfs-tools/scripts/local-bottom/partprobeIhirangi ../partprobe
#!/bin/sh
$DESTDIR/bin/partprobeka mutu, i mua i te whakahou-initramfs, me whakatika e koe te konae /etc/initramfs-tools/scripts/local-top/cryptroot, timata mai i te raina ~360, he waahanga waehere kei raro
Tuhinga
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
message "cryptsetup ($crypttarget): set up successfully"
break
ka kawe mai ki tenei puka
Whakatikatika
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-uuid/ *CRYPT_MAP*
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-id/ *CRYPT_MAP*
message "cryptsetup ($crypttarget): set up successfully"
breakKia mahara ka taea te whakamahi i te UUID, ID ranei i konei. Ko te mea nui ko nga taraiwa e tika ana mo nga taputapu HDD / SSD ka taapirihia ki /etc/initramfs-tools/modules. Ka kitea e koe ko wai te taraiwa e whakamahia ana me te whakahau udevadm info -a -n /dev/sdX | egrep 'titiro|DRIVER'.
Inaianei kua oti, kua noho nga konae katoa, ka oma whakahou-initramfs -u -k katoa -v, i te takiuru me kore he hapa i te mahia o a maatau tuhinga. Ka whakaara ano, ka uru ki te kupu matua ka tatari mo te wa iti, i runga i te maha o nga kōpae. I muri mai, ka timata te punaha me te waahi whakamutunga o te whakaoho, ara i muri i te "whakapiki" i te wehewehenga pakiaka, ka mahia te whakahau partprobe - ka kitea, ka kohia nga waahanga katoa i hangaia i runga i nga taputapu LUKS me nga raupapa, ahakoa ZFS ranei mdadm, ka huihui kaore he raru! Na enei mea katoa i mua i te utaina nga ratonga matua e hiahia ana ki enei kopae/raupapa.
whakahou1: Pehea , ka mahi tenei tikanga mo LUKS1 anake.
Source: will.com