nomad
/
wiki-system
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

...

Michel Le Cocq 2020-06-23 14:18:54 +02:00
parent bde59ea303
commit 60e43d7fd2
3 changed files with 142 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
Unbuntu-20.04-encrypt-ZFS-install.md

@ -1,76 +1,77 @@
source : [Linsomniac's Articles - Encrypting ZFS on Ubuntu 20.04](https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/) source : [Linsomniac's Articles - Encrypting ZFS on Ubuntu 20.04](https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/)
# encrypt - Unbuntu 20.04 full ZFS install # encrypt - Unbuntu 20.04 full ZFS install
Here we are going to install Ubuntu 20.04 in **almost** full zfs updating **zsys-setup** to permit **zfs encryption**. Read bellow articles to understand why 2 differerent pools and full implementation. Here we are going to install Ubuntu 20.04 in **almost** full zfs updating **zsys-setup** to permit **zfs encryption**. Read bellow articles to understand why 2 differerent pools and full implementation.
* [ZFS focus on Ubuntu 20.04 LTS: whats new?](https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/) * [ZFS focus on Ubuntu 20.04 LTS: whats new?](https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys general presentation](https://didrocks.fr/2020/05/26/zfs-focus-on-ubuntu-20.04-lts-zsys-general-presentation/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys general presentation](https://didrocks.fr/2020/05/26/zfs-focus-on-ubuntu-20.04-lts-zsys-general-presentation/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys sate management](https://didrocks.fr/2020/05/28/zfs-focus-on-ubuntu-20.04-lts-zsys-general-principle-on-state-management/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys sate management](https://didrocks.fr/2020/05/28/zfs-focus-on-ubuntu-20.04-lts-zsys-general-principle-on-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys commands for state management](https://didrocks.fr/2020/06/02/zfs-focus-on-ubuntu-20.04-lts-zsys-commands-for-state-management/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys commands for state management](https://didrocks.fr/2020/06/02/zfs-focus-on-ubuntu-20.04-lts-zsys-commands-for-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys state collection](https://didrocks.fr/2020/06/04/zfs-focus-on-ubuntu-20.04-lts-zsys-state-collection/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys state collection](https://didrocks.fr/2020/06/04/zfs-focus-on-ubuntu-20.04-lts-zsys-state-collection/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys for system administrators](https://didrocks.fr/2020/06/09/zfs-focus-on-ubuntu-20.04-lts-zsys-for-system-administrators/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys for system administrators](https://didrocks.fr/2020/06/09/zfs-focus-on-ubuntu-20.04-lts-zsys-for-system-administrators/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys partition layout](https://didrocks.fr/2020/06/11/zfs-focus-on-ubuntu-20.04-lts-zsys-partition-layout/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys partition layout](https://didrocks.fr/2020/06/11/zfs-focus-on-ubuntu-20.04-lts-zsys-partition-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys dataset layout](https://didrocks.fr/2020/06/16/zfs-focus-on-ubuntu-20.04-lts-zsys-dataset-layout/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys dataset layout](https://didrocks.fr/2020/06/16/zfs-focus-on-ubuntu-20.04-lts-zsys-dataset-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys properties on ZFS datasets](https://didrocks.fr/2020/06/19/zfs-focus-on-ubuntu-20.04-lts-zsys-properties-on-zfs-datasets/) * [ZFS focus on Ubuntu 20.04 LTS: ZSys properties on ZFS datasets](https://didrocks.fr/2020/06/19/zfs-focus-on-ubuntu-20.04-lts-zsys-properties-on-zfs-datasets/)
## initial boot and ssh ## initial boot and ssh
Boot the Ubuntu 20.04 Desktop installer/live CD. Boot the Ubuntu 20.04 Desktop installer/live CD.
Click the “Try Ubuntu” button. Click the “Try Ubuntu” button.
launch a terminal. launch a terminal.
set a passwd to root to permit remote ssh set a passwd to root to permit remote ssh
~~~ ~~~
$ sudo su $ sudo su
## passwd ## passwd
New password : New password :
Retype new passord : Retype new passord :
passwd: password updated successfully passwd: password updated successfully
~~~ ~~~
Install ssh to simplfy configuration edit. Install ssh to simplfy configuration edit.
~~~ ~~~
## apt install ssh ## apt install ssh
~~~ ~~~
Edit **/etc/ssh/sshd_config** to **Enable PermitRootLogin** change *prohibit-password* to *yes* like bellow. Edit **/etc/ssh/sshd_config** to **Enable PermitRootLogin** change *prohibit-password* to *yes* like bellow.
~~~{.shell} ~~~{.shell}
#PermitRootLogin prohibit-password #PermitRootLogin prohibit-password
PermitRootLogin yes PermitRootLogin yes
~~~ ~~~
~~~ ~~~
service ssh restart service ssh restart
~~~ ~~~
find yout IP with : *ip a* find yout IP with : *ip a*
then connect remotely with : *ssh* then connect remotely with : *ssh*
## update zsys-setup to enable zfs encyption on rpool ## update zsys-setup to enable zfs encyption on rpool
bpool remain unencrypt. bpool remain unencrypt.
Search for “zpool create”, and make sure you have found the create command that has “rpool” on the last line. Search for “zpool create”, and make sure you have found the create command that has “rpool” on the last line.
Before the “zpool create” insert: echo MYPASSWORD | Before the “zpool create” insert: echo MYPASSWORD |
Before the last line of the command insert these lines: Before the last line of the command insert these lines:
~~~{.cpp} ~~~{.cpp}
-O recordsize=1M \ -O recordsize=1M \
-O encryption=aes-256-gcm \ -O encryption=aes-256-gcm \
-O keylocation=prompt \ -O keylocation=prompt \
-O keyformat=passphrase \ -O keyformat=passphrase \
~~~ ~~~
## swap ## swap
you may be interrested if you are on a laptop in : [right fit swap for laptop hibernation Ubuntu 20.04 full ZFS install](right-fit-swap-for-laptop-hibernation-Ubuntu-20.04-full-ZFS-install) you may be interrested if you are on a laptop in : [right fit swap for laptop hibernation Ubuntu 20.04 full ZFS install](right-fit-swap-for-laptop-hibernation-Ubuntu-20.04-full-ZFS-install)
## start installation ## start installation
Run ubiquity to start the installer and install as normal, selecting “Use entire disk” and the option to use ZFS. Run ubiquity to start the installer and install as normal, selecting “Use entire disk” and the option to use ZFS.
## questions to be solves ## questions to be solves
* what happen if zpool passwd is not given at boot shutdown ? * what happen if zpool passwd is not given at boot shutdown ?
* find a way to shut it down pass a delay

4
disable-encrypt-swap-partition.md

@ -12,7 +12,7 @@
* Turn off swap * Turn off swap
~~~ ~~~
swapoff /dev/mapper/cryptswap1 swapoff /dev/mapper/cryptswap
~~~ ~~~
* Undo the existing mapping. * Undo the existing mapping.
@ -64,3 +64,5 @@ mkswap /dev/nvme0n1p2
~~~ ~~~
swapon -a swapon -a
~~~ ~~~
Next you need to reboot to enable everything and test it.

120
encrypt-swap-Ubuntu-20.04.md

@ -1,58 +1,62 @@
## encrypt swap partition ## prerequisite
sources : * all command bellow are run has root
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) ## encrypt swap partition
~~~ sources :
apt-get install ecryptfs-utils * [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
swapoff -a * [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> cryptswap ~~~
mkswap /dev/mapper/cryptswap apt-get install ecryptfs-utils
~~~ swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
/!\ le point ci-dessous est sans doute inutile cryptsetup open /dev/nvme0n1p2 cryptswap
mkswap /dev/mapper/cryptswap
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs ~~~
~~~ /!\ le point ci-dessous est sans doute inutile
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~ * Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to remove resume part wich is now manage by initramfs
~~~ ~~~
update-grub GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~ ~~~
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow : ~~~
update-grub
~~~ ~~~
/dev/mapper/cryptswap none swap discard 0 0
~~~ Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
add your encrypt swap device define in /etc/crypttab ~~~
/dev/mapper/cryptswap none swap discard 0 0
~~~ ~~~
cryptswap /dev/nvme0n1p2 none luks
~~~ add your encrypt swap device define in /etc/crypttab
~~~ ~~~
swapon -a cryptswap /dev/nvme0n1p2 none luks
~~~ ~~~
~~~ ~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume swapon -a
~~~ ~~~
Register these changes. ~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~ ~~~
update-initramfs -u -k all
~~~ Register these changes.
### to be solve ~~~
update-initramfs -u -k all
~~~ ~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device ### to be solve
~~~
~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~