Mounting an encrypted LVM

From Klaus' wiki
Jump to: navigation, search

If you want to mount an encrypted LVM disk on another system, for instance for recovery, follow this procedure:

First attach the disk to the system and identify the device

]# fdisk -l
Disk /dev/sda: 320.1 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xa028d32f
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   625141759   312057856   8e  Linux LVM
 
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00077ade
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *          63      401624      200781   83  Linux
/dev/sdb2          401625  1953520064   976559220   8e  Linux LVM
 
Disk /dev/dm-0: 53.7 GB, 53687091200 bytes
255 heads, 63 sectors/track, 6527 cylinders, total 104857600 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
 
Disk /dev/dm-0 doesn't contain a valid partition table
 
Disk /dev/dm-1: 5167 MB, 5167382528 bytes
255 heads, 63 sectors/track, 628 cylinders, total 10092544 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
 
Disk /dev/dm-1 doesn't contain a valid partition table
 
Disk /dev/dm-2: 260.7 GB, 260684382208 bytes
255 heads, 63 sectors/track, 31693 cylinders, total 509149184 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
 
Disk /dev/dm-2 doesn't contain a valid partition table

it is probably /dev/sdb

]# lvmdiskscan
  /dev/ram0                   [      16.00 MiB] 
  /dev/root                   [      50.00 GiB] 
  /dev/ram1                   [      16.00 MiB] 
  /dev/sda1                   [     500.00 MiB] 
  /dev/vg_klauslenovo/lv_swap [       4.81 GiB] 
  /dev/ram2                   [      16.00 MiB] 
  /dev/sda2                   [     297.60 GiB] LVM physical volume
  /dev/vg_klauslenovo/lv_home [     242.78 GiB] 
  /dev/ram3                   [      16.00 MiB] 
  /dev/ram4                   [      16.00 MiB] 
  /dev/ram5                   [      16.00 MiB] 
  /dev/ram6                   [      16.00 MiB] 
  /dev/ram7                   [      16.00 MiB] 
  /dev/ram8                   [      16.00 MiB] 
  /dev/ram9                   [      16.00 MiB] 
  /dev/ram10                  [      16.00 MiB] 
  /dev/ram11                  [      16.00 MiB] 
  /dev/ram12                  [      16.00 MiB] 
  /dev/ram13                  [      16.00 MiB] 
  /dev/ram14                  [      16.00 MiB] 
  /dev/ram15                  [      16.00 MiB] 
  /dev/sdb1                   [     196.08 MiB] 
  /dev/sdb2                   [     931.32 GiB] 
  3 disks
  19 partitions
  0 LVM physical volume whole disks
  1 LVM physical volume

in this case its the /dev/sdb2 partition we're after. It encrypted, so we need to give it a password to open it:

]# cryptsetup luksOpen /dev/sdb2 luks-fedora

if it returns without errors issue:

]# lvmdiskscan

once again and notice the difference:

  /dev/ram0                   [      16.00 MiB] 
  /dev/root                   [      50.00 GiB] 
  /dev/ram1                   [      16.00 MiB] 
  /dev/sda1                   [     500.00 MiB] 
  /dev/vg_klauslenovo/lv_swap [       4.81 GiB] 
  /dev/ram2                   [      16.00 MiB] 
  /dev/sda2                   [     297.60 GiB] LVM physical volume
  /dev/vg_klauslenovo/lv_home [     242.78 GiB] 
  /dev/ram3                   [      16.00 MiB] 
  /dev/mapper/luks-fedora     [     931.32 GiB] LVM physical volume
  /dev/ram4                   [      16.00 MiB] 
  /dev/ram5                   [      16.00 MiB] 
  /dev/ram6                   [      16.00 MiB] 
  /dev/ram7                   [      16.00 MiB] 
  /dev/ram8                   [      16.00 MiB] 
  /dev/ram9                   [      16.00 MiB] 
  /dev/ram10                  [      16.00 MiB] 
  /dev/ram11                  [      16.00 MiB] 
  /dev/ram12                  [      16.00 MiB] 
  /dev/ram13                  [      16.00 MiB] 
  /dev/ram14                  [      16.00 MiB] 
  /dev/ram15                  [      16.00 MiB] 
  /dev/sdb1                   [     196.08 MiB] 
  /dev/sdb2                   [     931.32 GiB] 
  3 disks
  19 partitions
  1 LVM physical volume whole disk
  1 LVM physical volume

the /dev/mapper/luks-fedora device is new!

Next insert a module in the kernel

]# modprobe dm-mod

We're almost there, be patient.

We can see issuing lvscan, that the volumes are not active:

]# lvscan
  inactive          '/dev/VolGroup00/LogVol00' [195.31 GiB] inherit
  inactive          '/dev/VolGroup00/LogVol02' [732.03 GiB] inherit
  inactive          '/dev/VolGroup00/LogVol01' [3.94 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_root' [50.00 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_home' [242.78 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_swap' [4.81 GiB] inherit

so we have to make them active by issuing:

]# vgchange -ay
  3 logical volume(s) in volume group "VolGroup00" now active
  /dev/mapper/VolGroup00-LogVol02 not set up by udev: Falling back to direct node creation.
  /dev/mapper/VolGroup00-LogVol01 not set up by udev: Falling back to direct node creation.
  The link /dev/VolGroup00/LogVol02 should had been created by udev but it was not found. Falling back to direct link creation.
  The link /dev/VolGroup00/LogVol01 should had been created by udev but it was not found. Falling back to direct link creation.
  3 logical volume(s) in volume group "vg_klauslenovo" now active
]# lvscan
  ACTIVE            '/dev/VolGroup00/LogVol00' [195.31 GiB] inherit
  ACTIVE            '/dev/VolGroup00/LogVol02' [732.03 GiB] inherit
  ACTIVE            '/dev/VolGroup00/LogVol01' [3.94 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_root' [50.00 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_home' [242.78 GiB] inherit
  ACTIVE            '/dev/vg_klauslenovo/lv_swap' [4.81 GiB] inherit


Now the partition we're interested in are active available for mounting. But since its a encrypted logical volume we'll have to find it in /dev/mapper

]# cd /dev/mapper
]# ll
total 0
crw-------. 1 root root 10, 62 Oct 13 09:14 control
lrwxrwxrwx. 1 root root      7 Oct 13 10:00 luks-fedora -> ../dm-3
lrwxrwxrwx. 1 root root      7 Oct 13 09:14 vg_klauslenovo-lv_home -> ../dm-2
lrwxrwxrwx. 1 root root      7 Oct 13 09:14 vg_klauslenovo-lv_root -> ../dm-0
lrwxrwxrwx. 1 root root      7 Oct 13 09:14 vg_klauslenovo-lv_swap -> ../dm-1
lrwxrwxrwx. 1 root root      7 Oct 13 10:04 VolGroup00-LogVol00 -> ../dm-4
lrwxrwxrwx. 1 root root      7 Oct 13 10:04 VolGroup00-LogVol01 -> ../dm-6
lrwxrwxrwx. 1 root root      7 Oct 13 10:04 VolGroup00-LogVol02 -> ../dm-5

Mount the /dev/VolGroup00/LogVol0x on a suitable directory fx. /media/lvm

If you choose to encrypt each partition you need to create access to it. Issue:

]# cryptsetup luksOpen /dev/VolGroup00/LogVol02 volgp2

Probably you'll see an error message, but fear not. Your device will be able to access the device anyway. First find what the volgp2 points to:

]# ll /dev/mapper
total 0
crw-------. 1 root root 10, 62 Oct 13 12:52 control
lrwxrwxrwx. 1 root root      7 Oct 13 13:41 luks-fedora -> ../dm-3
lrwxrwxrwx. 1 root root      7 Oct 13 14:27 luks-fedora2 -> ../dm-7
lrwxrwxrwx. 1 root root      7 Oct 13 12:53 vg_klauslenovo-lv_home -> ../dm-2
lrwxrwxrwx. 1 root root      7 Oct 13 12:52 vg_klauslenovo-lv_root -> ../dm-0
lrwxrwxrwx. 1 root root      7 Oct 13 12:52 vg_klauslenovo-lv_swap -> ../dm-1
lrwxrwxrwx. 1 root root      7 Oct 13 14:30 volgp2 -> ../dm-8
lrwxrwxrwx. 1 root root      7 Oct 13 14:25 VolGroup00-LogVol00 -> ../dm-4
lrwxrwxrwx. 1 root root      7 Oct 13 14:25 VolGroup00-LogVol01 -> ../dm-6
lrwxrwxrwx. 1 root root      7 Oct 13 14:30 VolGroup00-LogVol02 -> ../dm-5

here we see its mapped to /dev/dm-8

So mounting is easy:

]# mount /dev/dm-8 /media/lvm/

Beware of the access rights, though. You may need to change it or chroot it.