Re: Clone a system to an encrypted drive
Thank you! (The rsync flags that Anaconda uses is definitely a plus) On Wed, Jul 15, 2015, 23:58 Chris Murphy wrote: > The gist is: > > cryptsetup, you can use the defaults which uses aes-xts-plain64 with a > 256 bit key. I like the -y and -v options. > > You'll need to create or modify the /etc/crypttab file, which takes the > form of: > none > > The name can be anything but I do it the anaconda way which is > luks- and then is the LUKS UUID reported by blkid. > > Use that same UUID in the form rd.luks=UUID= as a boot parameter > in /etc/default/grub and then grub2-mkconfig -o /boot/grub2/grub.cfg > or > grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg > as the case may be if you have a UEFI system > > And finally, the fstab entry is created the same as if it weren't > encrypted, you still use the fs volume UUID as reported by blkid. > > And since i have it handy, the rsync command anaconda uses is: > > rsync -pogAXtlHrDx > > Chris Murphy > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Clone a system to an encrypted drive
The gist is: cryptsetup, you can use the defaults which uses aes-xts-plain64 with a 256 bit key. I like the -y and -v options. You'll need to create or modify the /etc/crypttab file, which takes the form of: none The name can be anything but I do it the anaconda way which is luks- and then is the LUKS UUID reported by blkid. Use that same UUID in the form rd.luks=UUID= as a boot parameter in /etc/default/grub and then grub2-mkconfig -o /boot/grub2/grub.cfg or grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg as the case may be if you have a UEFI system And finally, the fstab entry is created the same as if it weren't encrypted, you still use the fs volume UUID as reported by blkid. And since i have it handy, the rsync command anaconda uses is: rsync -pogAXtlHrDx Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Clone a system to an encrypted drive
Look Arch Linux's wiki for LUKS / dm-crypt, you will probably need to read some documentation but in an hour or less you should be able to create an encrypted partition, an encrypted swap, learn how to unlock it manually or via cryptab/cryptsecrets and so on. GL. On Wed, Jul 15, 2015, 22:21 Chris Adams wrote: > I have a running Fedora 21 system. I would like to make a backup of it > to a USB drive, a clone that can be booted. I know how to do all the > "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the > USB drive to be encrypted, and I don't know how to set that up manually > (I haven't messed with encrypted filesystems under Linux before). > > The system I'm backing is also headless, so no GUI tools. > > Pointers, tips, suggestions? Thanks. > -- > Chris Adams > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Clone a system to an encrypted drive
On Wed, Jul 15, 2015 at 20:21:25 -0500, Chris Adams wrote: I have a running Fedora 21 system. I would like to make a backup of it to a USB drive, a clone that can be booted. I know how to do all the "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the USB drive to be encrypted, and I don't know how to set that up manually (I haven't messed with encrypted filesystems under Linux before). The system I'm backing is also headless, so no GUI tools. Pointers, tips, suggestions? Thanks. cryptsetup is the program used to create LUKS devices. I run LUKS on top of separate raid arrays, but you might also want to have just one LUKS device and run LVM on top of that. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Clone a system to an encrypted drive
I have a running Fedora 21 system. I would like to make a backup of it to a USB drive, a clone that can be booted. I know how to do all the "normal" stuff (partition, LVM, mkfs, rsync, and GRUB), but I'd like the USB drive to be encrypted, and I don't know how to set that up manually (I haven't messed with encrypted filesystems under Linux before). The system I'm backing is also headless, so no GUI tools. Pointers, tips, suggestions? Thanks. -- Chris Adams -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org