Installing on an existing encrypted LVM

Help with issues regarding installation of Debian
Post Reply
Message
Author
rjmx
Posts: 4
Joined: 2007-09-06 00:26
Location: Brockton, Massachusetts, USA

Installing on an existing encrypted LVM

#1 Post by rjmx »

I'm about to switch back to Debian from another distribution (who shall remain nameless), and I have four boxes to do it on, so I'd like to save as much time as I can.
Each box consists of an encrypted LVM (with an unencrypted /boot, of course). I'd like to use the current LVM and encryption, mainly to save having to back up /home and restore it afterwards.
My first thought was that I could do this by:
- Booting from a netinst installer CD
- From a console, running cryptsetup to enable the encrypted drive and expose the LVM
- Telling the installer to use the LVM partitions (except /home)

Alas, the netinst CD doesn't contain cryptsetup, and I don't see any sign of apt-get or anything like it so I can install it.

Anyone have any suggestions?

fsmithred
Posts: 1872
Joined: 2008-01-02 14:52

Re: Installing on an existing encrypted LVM

#2 Post by fsmithred »

I think someone posted some information or instructions (or saga) of manual install to encrypted lvm about a year or two ago. (and I don't just mean manual partitioning.) Dig around and you may find it. Search for my name, but read the posts from the other guy.

You could try doing this from a live-CD that has the software that you need already installed (or if you have a lot of ram, you could install packages while running live).

rjmx
Posts: 4
Joined: 2007-09-06 00:26
Location: Brockton, Massachusetts, USA

Re: Installing on an existing encrypted LVM

#3 Post by rjmx »

Yep, the Live CD was the way to go. I used the current wheezy live CD and installed from within Live, as you suggested. I don't think it would have worked trying to install directly from the CD.
Here's what I did:
- Boot into Live OS

Code: Select all

# apt-get update
# apt-get install cryptsetup lvm2 (Live CD didn't have either of these)
# cryptsetup luksOpen /dev/<LVM device> stuff
# vgchange -ay
- Run installer from Live desktop. When you get to disk partitioning, select "Manual", and LV's should be recognised. Set up mount points and filesystems, but make sure /home (and any others you want to keep) are set to "do not format".
Let installer finish. D-I will not have set up to boot from an encrypted LVM, so you need to do a bit more:
- Boot into Live again

Code: Select all

# apt-get update
# apt-get install cryptsetup lvm2
# cryptsetup luksOpen /dev/<LVM device> stuff
# vgchange -ay
# mkdir /chroot
# mount /dev/mapper/stuff/<root LV> /chroot
# mount /dev/<boot device> /chroot/boot
# mount /dev/mapper/stuff/{var LV,opt LV....} /chroot/{var,opt,...}
# chroot /chroot /bin/bash
# vi /etc/initramfs-tools/modules
   - add dm-crypt and any others you need
# echo "target=lukspace,source=/dev/<LVM partition>,key=none,lvm=<VG name>" > /etc/initramfs-tools/conf.d/cryptroot
# apt-get install cryptsetup (D-I doesn't necessarily do this: cryptsetup-bin is _not_ sufficient)
# update-initramfs -u
# exit
Reboot, remove the Live CD/USB stick, and pray a lot.

Note too, that if you intend to use XFS as a filesystem, you may need to add 'xfsprogs' at each apt-get install stage. D-I doesn't seem to include it otherwise.

Thanks for your help.

.....Ron

Post Reply