Posts

Showing posts from February, 2016

LUKS Encryption and Unattended boot on Headless Servers

The anaconda installer on Redhat-based Linux distributions provides the user with an option to encrypt the /home partition by selecting a simple check-box. This adds an obviously valuable security/privacy feature to the system if it's selected. Consequently, this prompts the user for a password during the boot process, which then decrypts the partition and mounts it in the designated location on the filesystem. The default behaviour is not very well suited for unattended reboots or on headless servers. The crypttab(5) manual page provides great information on how to facilitate the process for unattended boots: DESCRIPTION The /etc/crypttab file describes encrypted block devices that are set up during system boot. Empty lines and lines starting with the "#" character are ignored. Each of the remaining lines describes one encrypted block device, fields on the line are delimited by white space. The first two fields are mandatory, the

LVM Snapshot Causes Boot Failure

If you've created an LVM Snapshot before rebooting your system and found yourself staring at the dracut rescue shell you might be stricken by the same problem as I was.  Executing init U on the dracut commandline resulted in a descriptive error message (that might also be found in the journal/logs) about a missing dm-snapshot kernel module.  I've attempted to troubleshoot the problem for a couple of hours, failing to add the kernel module in the end--as I wasn't able to get to a working kernel.  Ultimately, the only solution was to remove the snapshot Volume, which proved to be more difficult than expected. To remove the snapshot LV, one executes: dracut #: lvm lvremove vg_name/lv_snapshot_name However, you might be confronted by an error message there as well.  It seems that the volume is locked at that time.  To get around this, simply remove the /etc/lvm/lvm.conf file from the volatile initramfs "filesystem". dracut #: rm /etc/lvm/lvm.conf