rhel6.0磁盘分区加密3--自动挂载
使加密分区自动挂载,
1.查看分区的uuid 如下图:也可以使用blkid查看,
[root@server1 ~]# ll /dev/disk/by-uuid/
total 0
lrwxrwxrwx. 1 root root 10 Jul 16 05:57 3c 5611fe-9d40 -44f 1-aaae-63fd12b88586 -> ../../dm-0
lrwxrwxrwx. 1 root root 10 Jul 16 05:59 79a 9a 7b6-bfca-46b3-80d5-1323e 82c 38df -> ../../sda7
lrwxrwxrwx. 1 root root 10 Jul 16 05:57 912a 609f -1ddc -4c 72 -932a -c55ea 18c 934d -> ../../sda6
lrwxrwxrwx. 1 root root 10 Jul 16 05: 48 a 7a 09bba -751f -427a -b 3a 7-b91ee6eb 3a 5a -> ../../sda1
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 b714dd11 -0c 1e-4d 9a -9541-9512286bb56d -> ../../sda3
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 bf88fead-5856-4500-8913-a3ceb4d620ff -> ../../sda2
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 d 010c 333-c041-42b3 -98c 2-c5bc89983229 -> ../../sda5
lrwxrwxrwx. 1 root root 10 Jul 16 06:02 ee 8915c 1-0aca -470c -ac31-d13131792fef -> ../../dm-1
[root@server1 ~]# blkid
/dev/sda1: UUID="a 7a 09bba -751f -427a -b 3a 7-b91ee6eb 3a 5a " TYPE="ext4"
/dev/sda2: UUID="bf88fead-5856-4500-8913-a3ceb4d620ff" TYPE="ext4"
/dev/sda3: UUID="b714dd11 -0c 1e-4d 9a -9541-9512286bb56d" TYPE="ext4"
/dev/sda5: UUID="d 010c 333-c041-42b3 -98c 2-c5bc89983229" TYPE="swap"
/dev/sda6: UUID=" 912a 609f -1ddc -4c 72 -932a -c55ea 18c 934d" TYPE="crypto_LUKS"
/dev/sda7: UUID=" 79a 9a 7b6-bfca-46b3-80d5-1323e 82c 38df" TYPE="crypto_LUKS"
/dev/mapper/udisks-luks-uuid -912a 609f -1ddc -4c 72 -932a -c55ea 18c 934d-uid500: LABEL="opt" UUID=" 3c 5611fe-9d40 -44f 1-aaae-63fd12b88586" TYPE="ext4"
/dev/mapper/rhel: UUID="ee 8915c 1-0aca -470c -ac31-d13131792fef" TYPE="ext4"
2.在/etc/fstab文件中添加自动挂载项。如下图
[root@server1 ~]# vim /etc/fstab #
# /etc/fstab
# Created by anaconda on Thu Jul 14 10:07:44 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=bf88fead-5856-4500-8913-a3ceb4d620ff / ext4 defaults 1 1
UUID=a 7a 09bba -751f -427a -b 3a 7-b91ee6eb 3a 5a /boot ext4 defaults 1 2
UUID=b714dd11 -0c 1e-4d 9a -9541-9512286bb56d /home ext4 defaults 1 2
UUID=d 010c 333-c041-42b3 -98c 2-c5bc89983229 swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
UUID=ee 8915c 1-0aca -470c -ac31-d13131792fef /rhel ext4 defaults 0 0
3. 但是在系统重新启动时,不会自动挂载此分区,启动过程提示如下错误,
4.登录后,不会自动挂载,如下图:
[root@server1 ~]# mount
/dev/sda2 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
/dev/sda3 on /home type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
[root@server1 ~]# mount -a
mount: special device UUID=ee 8915c 1-0aca -470c -ac31-d13131792fef does not exist
[root@server1 ~]# df -hl
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 20G 4.0G 15G 22% /
tmpfs 250M 260K 250M 1% /dev/shm
/dev/sda1 194M 24M 161M 13% /boot
/dev/sda3 4.9G 140M 4.5G 3% /home
5.查看映射状态,提示没有此映射,如下图:
[root@server1 ~]# cryptsetup status rhel
/dev/mapper/rhel is inactive.
[root@server1 ~]# ll /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Jul 16 07:41 control
6.需要手动重新映射才可以成功,如下图:
[root@server1 ~]# cryptsetup luksOpen /dev/sda7 rhel
Enter passphrase for /dev/sda7:
[root@server1 ~]# mount –a 重新读取/etc/fstab挂载
[root@server1 ~]# df -hl
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 20G 4.0G 15G 22% /
tmpfs 250M 260K 250M 1% /dev/shm
/dev/sda1 194M 24M 161M 13% /boot
/dev/sda3 4.9G 139M 4.5G 3% /home
/dev/mapper/rhel 492M 11M 457M 3% /rhel
如果希望在系统启动时自动挂载加密分区,需要做如下配置,
1.建立加密分区的密钥文件,如下图:
[root@server1 ~]# cat rhel_pass
123456
[root@server1 ~]# cryptsetup luksAddKey /dev/sda7 /root/rhel_pass
Enter any passphrase:
2.修改配置文件/etc/crypttab,如下图:
[root@server1 ~]# cat /etc/crypttab
rhel /dev/sda7 /root/rhel_pass
映射名 分区 密码文件位置