Mail archive
alpine-user

Re: [alpine-user] How to setup BTRFS and LUKS

From: Tristan Kohl <tristan_at_icetown.de>
Date: Sun, 19 Aug 2018 19:46:22 +0200

Well it it quite simple, I just use a RAID1 configuration for my home
server.

/etc/crypttab is not bein used by Alpine to decrypt volumes, I had this
figured out by Adam's tip. Rather you enter your details in
/etc/conf.d/dmcrypt like this:

target=pool0
source=UUID="<UUID>"
key=/root/keyfile

Afterwards you add "btrfs" to /etc/modules so your kernel knows how to
handle those volumes once dmcrypt has mapped them after decryption. The
only thing to do then is to drop "/sbin/btrfs device scan" above "mount
-at "$types" $no_netdev" in /etc/init.d/localmount so there is a BTRFS
device scan run before fstab gets executed.

This should be all you have to do in order for your RAID1/5/6/10 to work
properly.

Cheers,
Tristan


On 17.08.2018 10:19, Dave Jones wrote:
> Hi Tristan,
>
> Would you mind sharing your setup?  I tried to use keyfile to automount a
> luks encrypted volume: root(/) partiton, added the line
> "lvmcrypt /dev/vda2 /etc/mykeyfile luks" to /etc/crypttab, then run
> "mkinitfs"
> to regenerate initramfs, but it doesn't work.
> Still prompts for passphrase :(
>
> btw, i use ext4 file system, thanks.
>
> On Wed, Aug 15, 2018 at 12:20 AM, Tristan Kohl wrote:
>
> Oh...wait...That works!
>
> You sir deserve a medal! Thank you so much, I was absolutely sure I put
> it in there but must have removed it during one of my countless tries.
>
> Thanks again, I can finally move my full setup over to Alpine now :)
>
> Cheers,
> Tristan
>
> On 14.08.2018 16:49, Adam Růžička wrote:
> > Hi,
> > one thing comes to mind. I think I encountered something similar
> > and the cause was that the btrfs kernel module was not loaded
> > at the time when "btrfs device scan" was run. To put it another way,
> > the userspace btrfs tool tries to look for the drives but doesn't know
> > how to read them. Could you try
> >
> > echo 'btrfs' > /etc/modules.d/btrfs.conf
> >
> > and then reboot (+ lbu if you're using that).  Hope this helps
> >
> > -- Adam
> >
> > On Tue, Aug 14, 2018 at 12:58 PM, Tristan Kohl <tristan_at_icetown.de <mailto:tristan_at_icetown.de>
> > <mailto:tristan_at_icetown.de <mailto:tristan_at_icetown.de>>> wrote:
> >
> >     I want to give a little update on my progress so far:
> >
> >     Thanks to Adam I was able to have my drives encrypted during boot.
> >     However they still were not recognized by BTRFS as one
> coherent pool.
> >
> >     I then tried to put "btrfs device scan" at various places in
> >     /etc/runlevel/boot/localmount and others but that did not change
> >     anything. I can confirm that the command got executed since I
> wrote
> >     "btrfs device scan > /scan.txt" which created a file containing
> >     "Scanning for Btrfs filesystems" after boot. But somehow the
> scans'
> >     result got lost afterwards. Even puttig it right before the
> line "moun
> >     -at ..." inside localmount did not have any effect. I am lost
> right now
> >     as to what else I can try to fix this.
> >
> >     As I read in Arch and Gentoo wiki they use some hooks in their
> initramfs
> >     but I am not sure if that will help since decryption has to
> run before
> >     scanning plus I do not find anything as to how one would
> use/configure
> >     them in Alpine.
> >
> >     Does anyone smarter than me has any idea what else I could try?
> >
> >     Cheers,
> >     Tristan
> >
> >     On 13.08.2018 13:19, Tristan Kohl wrote:
> >     > Hey guys,
> >     >
> >     > I stumbled upon Alpine a while back when building new docker
> >     images for
> >     > my home server currently running Debian stable. Since I was
> quite
> >     > intrigued by its minimalism, I gave it a shot in a VM to play
> >     around. I
> >     > must admit, I fell in love and made an USB drive to use on
> my home
> >     > server. Most things work flawelessly (samba, docker, etc.) but I
> >     do not
> >     > get how one would get a BTRFS pool on LUKS drives working.
> >     >
> >     > I think I have to dig into OpenRC and drop some service in
> >     "sysinit" to
> >     > decrypt my drives before fstab kicks in (which as far as I
> can tell
> >     > happens in devfs). I have my crypttab setup to work with a
> keyfile
> >     which
> >     > resides in /root.
> >     >
> >     > What I need:
> >     > 1. Mapping all LUKS drives to /dev/mapper/poolX (setup in
> >     /etc/crypttab)
> >     > 2. Run btrfs device scan to detect my pool
> >     > 3. Mount pool according to fstab
> >     >
> >     > I am a Linux desktop user for 7 years and I do prefer
> command line for
> >     > many tasks but when it comes to server setups that are just
> a tad more
> >     > advanced I feel like an absolute beginner. When I build my
> server
> >     some 5
> >     > years ago I did just some copypasta from a vast number of sites
> >     without
> >     > documenting anything. Plus Debian did a lot of magic out of
> the box I
> >     > did not even knew of. However this "featurefullness" also always
> >     bugged
> >     > me since I had no idea what was actually going on behind the
> scenes.
> >     >
> >     > Hope someone can help me out here, any help is greatly
> appreciated.
> >     >
> >     > Cheers,
> >     > Tristan
> >     >
> >     >
> >     >
> >     >
> >     >
> >     >
> >     > ---
> >     > Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bunsubscribe_at_lists.alpinelinux.org>
> >     <mailto:alpine-user%2Bunsubscribe_at_lists.alpinelinux.org
> <mailto:alpine-user%252Bunsubscribe_at_lists.alpinelinux.org>>
> >     > Help:         alpine-user+help_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bhelp_at_lists.alpinelinux.org>
> >     <mailto:alpine-user%2Bhelp_at_lists.alpinelinux.org
> <mailto:alpine-user%252Bhelp_at_lists.alpinelinux.org>>
> >     > ---
> >     >
> >
> >
> >     ---
> >     Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bunsubscribe_at_lists.alpinelinux.org>
> >     <mailto:alpine-user%2Bunsubscribe_at_lists.alpinelinux.org
> <mailto:alpine-user%252Bunsubscribe_at_lists.alpinelinux.org>>
> >     Help:         alpine-user+help_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bhelp_at_lists.alpinelinux.org>
> >     <mailto:alpine-user%2Bhelp_at_lists.alpinelinux.org
> <mailto:alpine-user%252Bhelp_at_lists.alpinelinux.org>>
> >     ---
> >
> >
>
>
> ---
> Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bunsubscribe_at_lists.alpinelinux.org>
> Help:         alpine-user+help_at_lists.alpinelinux.org
> <mailto:alpine-user%2Bhelp_at_lists.alpinelinux.org>
> ---
>
>


---
Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-user+help_at_lists.alpinelinux.org
---
Received on Sun Aug 19 2018 - 19:46:22 GMT