There are two major reasons for allocating fire systems separately: containment and mounting with more restrictive mount options.Containment reduces the impact a file systems has on the rest of the system if it fills up. For example, if a program has an error and creates several large temporary file in /tmp , it should not prevent system logging or keep users from saving files in their home directories.
kickstart configuration:
part /home --fstype=ext4 --size=10000 --onpart=vda2 --encrypted --passphrase=PASSPHRARE
pvcreate /dev/sdb1 vgcreate storage /dev/sdb1 Volume group "storage" successfully created lvcreate -l 100%FREE -n luks-test storage Tips: we don’t need to create a file system.
cryptsetup luksFormat /dev/storage/luks-test WARNING! This will overwrite data on /dev/storage/luks-test irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase: Verify passphrase:
Allocating group tables: done Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done
dd if=/dev/urandom of=/root/luks.passwd bs=4096 count=1 chmod 600 /root/luks.passwd
unlocked during system root. name /dev/vdaN /path/to/password/file such as: luks /dev/storage/luks-test /root/luks.passwd
1.name: Name device mapper will use for the device 2.the underlying “Locked” device 3.the absolute pathname to the password file used to unlock the device
cryptsetup(8) crypttab(5)