Lumelang letsatsi le bosiu bohle! Poso ena e tla ba molemo ho ba sebelisang encryption ea data ea LUKS mme ba batla ho hlakola li-disk tlasa Linux (Debian, Ubuntu) ho mokhahlelo oa decryption ea karohano ea motso. ’Me ha kea ka ka fumana boitsebiso bo joalo Inthaneteng.
Haufinyane tjena, ka keketseho ea palo ea li-disk tse lishelefong, ke ile ka kopana le bothata ba ho hlakola li-disk ka mokhoa o tsebahalang ho feta /etc/crypttab. Ka bonna, ke totobatsa mathata a 'maloa ka ho sebelisa mokhoa ona, e leng hore faele e baloa feela ka mor'a ho kenya (ho kenya) karohano ea motso, e amang thepa ea ZFS hampe, haholo-holo haeba e bokelloa ho tloha ho li-partitions ho sesebelisoa sa * _crypt, kapa litlhaselo tsa mdadm le tsona li bokelloa ho tloha likarolong. Kaofela rea tseba hore u ka sebelisa li-container tsa LUKS tse arohaneng, ho joalo? Hape le bothata ba ho qala pele ho litšebeletso tse ling, ha ho se na li-arrays, le sebelisa Ke se ke ntse ke hloka ho hong (ke sebetsa le Clustered Proxmox VE 5.x le ZFS holim'a iSCSI).
Hanyane ka ZFSoverISCSIiSCSI e sebetsa bakeng sa ka ka LIO, 'me ha e le hantle, ha sepheo sa iscsi se qala' me se sa bone lisebelisoa tsa ZVOL, se mpa se li tlosa ho tlhophiso, e thibelang litsamaiso tsa baeti ho qala. Kahoo, e ka ba ho khutlisa faele ea json ea "backup", kapa ho kenyelletsa lisebelisoa tse nang le li-identifiers tsa VM ka 'ngoe, e leng ntho e mpe ha ho na le mechini e joalo e mengata mme tlhophiso ka 'ngoe e na le disk e fetang 1.
'Me potso ea bobeli eo ke tla e hlahloba ke mokhoa oa ho hlakola (ena ke ntlha ea bohlokoa ea sehlooho). 'Me re tla bua ka sena ka tlase, e-ea ho sehiloeng!
Hangata Inthaneteng ba sebelisa faele ea bohlokoa (e ileng ea eketsoa ka mokhoa o ikemetseng ho slot ka taelo - cryptsetup luksAddKey), kapa ka mokhoa o sa tloaelehang (ho na le tlhahisoleseding e fokolang haholo Inthaneteng ea puo ea Serussia) - mongolo oa decrypt_derived, o teng. /lib/cryptsetup/script/ (ha e le hantle, ho na le litsela tse ling, empa ke sebelisitse tsena tse peli, tse entseng motheo oa sehlooho). Ke ile ka boela ka loanela ho kenya ts'ebetsong ka ho feletseng ka mor'a ho qala bocha, ntle le litaelo tse ling tse eketsehileng ho console, e le hore ntho e 'ngoe le e' ngoe e "tloha" bakeng sa ka hang-hang. Ka hona, ke hobane'ng ha u emetse? -
A re qaleng!
Re nahana ka sistimi, mohlala, Debian, e kentsoeng karolong ea sda3_crypt crypto le li-disk tse leshome le metso e 'meli tse ikemiselitseng ho ngolla le ho theha eng kapa eng eo pelo ea hau e e lakatsang. Re na le poleloana ea bohlokoa (passphrase) ho notlolla sda3_crypt 'me ke ho tsoa karolong ena moo re tla tlosa "hash" ea phasewete tsamaisong e sebetsang (decrypted) ebe re e kenya ho li-disk tse ling. Ntho e ngoe le e ngoe ke ea mantlha, ho console eo re e etsang:
/lib/cryptsetup/scripts/decrypt_derived sda3_crypt | cryptsetup luksFormat /dev/sdXmoo X e leng li-disk tsa rona, li-partitions, joalo-joalo.
Kamora ho koala li-disk ka hash ho tsoa polelong ea rona ea bohlokoa, o hloka ho fumana UUID kapa ID - ho latela hore na ke mang ea tloaetseng ho etsa eng. Re nka data ho tsoa /dev/disk/by-uuid le ka-id, ka ho latellana.
Mohato o latelang ke ho lokisa lifaele le li-mini-scripts bakeng sa mesebetsi eo re hlokang ho e sebetsa, ha re tsoeleng pele:
cp -p /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp -p /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/ho feta
touch /etc/initramfs-tools/hooks/decrypt && chmod +x /etc/initramfs-tools/hooks/decryptLitaba tsa ../decrypt
#!/bin/sh
cp -p /lib/cryptsetup/scripts/decrypt_derived "$DESTDIR/bin/decrypt_derived"ho feta
touch /etc/initramfs-tools/hooks/partcopy && chmod +x /etc/initramfs-tools/hooks/partcopyLitaba ../partcopy
#!/bin/sh
cp -p /sbin/partprobe "$DESTDIR/bin/partprobe"
cp -p /lib/x86_64-linux-gnu/libparted.so.2 "$DESTDIR/lib/x86_64-linux-gnu/libparted.so.2"
cp -p /lib/x86_64-linux-gnu/libreadline.so.7 "$DESTDIR/lib/x86_64-linux-gnu/libreadline.so.7"hanyane ho feta
touch /etc/initramfs-tools/scripts/local-bottom/partprobe && chmod +x /etc/initramfs-tools/scripts/local-bottom/partprobeLitaba ../partprobe
#!/bin/sh
$DESTDIR/bin/partprobe'me qetellong, pele u ntlafatsa-initramfs, u hloka ho hlophisa faele /etc/initramfs-tools/scripts/local-top/cryptroot, ho qala ho tloha moleng ~ 360, sengoathoana sa khoutu e ka tlase.
Ntho ea pele
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
message "cryptsetup ($crypttarget): set up successfully"
break
mme o e tlise ka mokgwa ona
E hlophisitsoe
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-uuid/ *CRYPT_MAP*
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-id/ *CRYPT_MAP*
message "cryptsetup ($crypttarget): set up successfully"
breakHlokomela hore UUID kapa ID e ka sebelisoa mona. Ntho e ka sehloohong ke hore bakhanni ba hlokahalang bakeng sa lisebelisoa tsa HDD / SSD ba kenngoa ho /etc/initramfs-tools/modules. U ka fumana hore na ke mokhanni ofe ea sebelisoang ka taelo udevadm info -a -n /dev/sdX | egrep 'sheba|DRIVER'.
Kaha joale re qetile mme lifaele tsohle li se li le teng, rea matha update-initramfs -u -k tsohle -v, ho rema lifate ha ea lokela ho ba liphoso ha ho etsoa lingoloa tsa rona. Re qala hape, kenya poleloana ea bohlokoa 'me u eme hanyenyane, ho itšetlehile ka palo ea li-disks. Ka mor'a moo, tsamaiso e tla qala 'me qetellong ea ho qala, e leng ka mor'a "ho phahamisa" karohano ea motso, taelo ea partprobe e tla etsoa - e tla fumana le ho nka likarolo tsohle tse entsoeng ho lisebelisoa tsa LUKS le lihlopha leha e le life, ekaba ZFS kapa mdadm, e tla bokelloa ntle le mathata! Mme tsena tsohle pele ho kenya litšebeletso tsa mantlha tse hlokang li-disk/arrays tsena.
ntjhafatso1: Joang , mokhoa ona o sebetsa feela bakeng sa LUKS1.
Source: www.habr.com