使加密分區自動掛載,
1.查看分區的uuid 如下圖:也可以使用blkid查看,
[root@server1 ~]# ll /dev/disk/by-uuid/
total 0
lrwxrwxrwx. 1 root root 10 Jul 16 05:57
lrwxrwxrwx. 1 root root 10 Jul 16 05:59
lrwxrwxrwx. 1 root root 10 Jul 16 05:57
lrwxrwxrwx. 1 root root 10 Jul 16 05:
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 b714dd11
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 bf88fead-5856-4500-8913-a3ceb4d620ff -> ../../sda2
lrwxrwxrwx. 1 root root 10 Jul 16 05:48 d
lrwxrwxrwx. 1 root root 10 Jul 16 06:02 ee
[root@server1 ~]# blkid
/dev/sda1: UUID="a
/dev/sda2: UUID="bf88fead-5856-4500-8913-a3ceb4d620ff" TYPE="ext4"
/dev/sda3: UUID="b714dd11
/dev/sda5: UUID="d
/dev/sda6: UUID="
/dev/sda7: UUID="
/dev/mapper/udisks-luks-uuid
/dev/mapper/rhel: UUID="ee
2.在/etc/fstab文件中添加自動掛載項。如下圖
[root@server1 ~]# vim /etc/fstab #
# /etc/fstab
# Created by anaconda on Thu Jul 14 10:07:44 2011
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=bf88fead-5856-4500-8913-a3ceb4d620ff / ext4 defaults 1 1
UUID=a
UUID=b714dd11
UUID=d
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
UUID=ee
3. 但是在系統重新啓動時,不會自動掛載此分區,啓動過程提示如下錯誤,
4.登錄後,不會自動掛載,如下圖:
[root@server1 ~]# mount
/dev/sda2 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
/dev/sda3 on /home type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
[root@server1 ~]# mount -a
mount: special device UUID=ee
[root@server1 ~]# df -hl
Filesystem Size Used Avail Use% Mounted on
/dev/sda2
tmpfs
/dev/sda1
/dev/sda3
5.查看映射狀態,提示沒有此映射,如下圖:
[root@server1 ~]# cryptsetup status rhel
/dev/mapper/rhel is inactive.
[root@server1 ~]# ll /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Jul 16 07:41 control
6.需要手動重新映射纔可以成功,如下圖:
[root@server1 ~]# cryptsetup luksOpen /dev/sda7 rhel
Enter passphrase for /dev/sda7:
[root@server1 ~]# mount –a 重新讀取/etc/fstab掛載
[root@server1 ~]# df -hl
Filesystem Size Used Avail Use% Mounted on
/dev/sda2
tmpfs
/dev/sda1
/dev/sda3
/dev/mapper/rhel
如果希望在系統啓動時自動掛載加密分區,需要做如下配置,
1.建立加密分區的密鑰文件,如下圖:
[root@server1 ~]# cat rhel_pass
123456
[root@server1 ~]# cryptsetup luksAddKey /dev/sda7 /root/rhel_pass
Enter any passphrase:
2.修改配置文件/etc/crypttab,如下圖:
[root@server1 ~]# cat /etc/crypttab
rhel /dev/sda7 /root/rhel_pass
映射名 分區 密碼文件位置