LUKS disk encryption plugin

Alright..so for now i have to manually unlock disks from command line every time my server powers off but that is okay for now.

How is it going? Any news regarding this uber-necessery plug-in?

• Is it already compatible with omv 3?

And this one is important too

• "Create encryption" should offer partitions (/dev/sda1) not only the entire disk (/dev/sda) #12

Zitat

This feature is HIGHLY needed!

There are several devices which are capable running OMV and just have
the capability of one drive (Buffalo NAS, WD NAs, ~Plug Devices, and
many more running Debian). Since your OMV Plugin went public it gave me
the opportunity to finally use OMV with encryption (which was badly needed!)

I have several "one-disk"-solution and I can not setup the encryption
because the drive has a couple of partitions (including the
root-filesystem of omv). Even one partition with 5.8TB is empty I can't
use it! To bad!

Hope for this coming true some time...

Alles anzeigen

https://github.com/OpenMediaVa…-luksencryption/issues/12

Zitat von igrnt

No, it's not compatible with OMV 3 yet. I haven't the time to do it at the moment. Pull requests are welcome!

Still not sure about the partition issue - data partitions on the OS drive is an unsupported feature in OMV anyway, so probably best left to…

That's good to know! Thank you very much for the information!

Take your time & enjoy!

Zitat von igrnt

Still not sure about the partition issue - data partitions on the OS drive is an unsupported feature in OMV anyway, so probably best left to the user to do via command line if they want to take this route.

I guess what @OpenMediaVault meant was we should be able to create luks volume on a partition basis, and not only on device basis (asuming this is already possible, I didn't check), if for whatever reason, you need several partions on a disk.

I totally get your point of view.

It did seem to me that @OpenMediaVault did not get himself really clear, that's all.
And by "possible" I meant by command-line. So I do get your point of view.

Zitat von igrnt

It isn't already possible via the plugin UI, it operates like the OMV filesystem page, it only lists whole block devices as candidate devices.

What is possible is that, just like if you want to partition the OS drive, you must do this via the command line. If you create a LUKS device in this way, it should be usable perfectly fine in the plugin UI.

I think that since there is no UI for managing partitions in OMV, that it is fine to expect users to have to resort to the command line if they want to do this.

I see it's gettin busy down here

What I have:

• one drive (sda)
• several partitions on that drive (e.g. root) and one of them setup as LUKS+ext4 (sda4)

I tried to unlock it via GUI which doesn't work as descbribed above (not a block device -> so it's not visible at all)

I'm triying now to mount it via CLI:

cryptsetup luksOpen /dev/sda4 sda4

/dev/mapper/control: open failed: No such device
Failure to communicate with kernel device-mapper driver.
Check that device-mapper is available in the kernel.
Cannot initialize device-mapper. Is dm_mod kernel module loaded?

How can that be? How is the plugin handling the process without device-mapper?

Zitat von igrnt

So this is the cause of your problem. Check 3. and 4. like it says. Then, what's your setup, version of OMV, etc?

===============================================================================
= OS/Debian information
================================================================================
Distributor ID: debian
Description: Debian GNU/Linux 7 (wheezy)
Release: 7.11
Codename: wheezy


================================================================================
= openmediavault information
================================================================================
Release: 2.2.5
Codename: Stone burner


================================================================================
= System information
================================================================================
Linux 3.2.40 #2 SMP Fri Jan 16 07:20:20 UTC 2015 wd-2.0-rel armv7l GNU/Linux


================================================================================
= openmediavault plugins
================================================================================
ii  openmediavault 0.4          all          GnuPG archive keys of the OpenMed
ii  openmediavault 2.1.2        all          OpenMediaVault LUKS encryption pl
ii  openmediavault 2.13.2       all          OMV-Extras.org Package Repositori


================================================================================
= Linux Software RAID
================================================================================
md1 : active raid1 sda2[0] sda1[1]
Personalities : [raid1]
md1 : active raid1 sda2[0] sda1[1]
      1999808 blocks [2/2] [UU]


unused devices: <none>

Zitat von igrnt

I just tested LUKS on partitions (OMV 2.1.29, LUKs plugin 2.1.2) and it works fine, as I described:

• Create partitions with, e.g. fdisk on command line (/dev/sde1)
• Install plugin, then create LUKS containers on command line, e.g. cryptsetup luksFormat /dev/sde1
• Observe /dev/sde1 appears in Encryption plugin UI and can be unlocked, mounted, etc.

So the reason your LUKS partition is not visible in the plugin is not because it is not a raw block device (that restriction is only for creating new LUKS devices via the web UI), it is because there is something missing from your OS so the plugin can't detect existing LUKS devices.

Weird thing's happening. Thank's a lot for the information. I will investigate further.
Important Information: Eventhough the LUKS-OMV-Plugin can just create encryptions on block-devices it should be able to open the encrypted one based on partition!

Zitat von 0penMediaVault

Important Information: Eventhough the LUKS-OMV-Plugin can just create encryptions on block-devices it should be able to open the encrypted one based on partition!

Confirmed working!

You can mount kind'a everything encrypted with LUKS! Just the creation in omv is limited to a block-device!

I'm sorry - I just can't seem to get this to work.

I've tried this twice now:
- encrypt raw disks (3 of them)
- create RAID on top
- add shared folders

When I reboot I unlock the disks, but the RAID page is empty - how do I poke it to spot the now-available disks? Or should this happen automatically?

Thanks in advance.
Geoff

Zitat von geoff.house

I'm sorry - I just can't seem to get this to work.

I've tried this twice now:
- encrypt raw disks (3 of them)
- create RAID on top
- add shared folders

When I reboot I unlock the disks, but the RAID page is empty - how do I poke it to spot the now-available disks? Or should this happen automatically?

Thanks in advance.
Geoff

Alles anzeigen

Since the plugin is not ready for use in 3.x I currently using a small script i made. Had no time to make it use the key input as a variable and unlock all disks, so i have to past the key 3 times with right click after copy from my keepass password manager.

#!/bin/bash -e

service plexmediaserver stop
sudo cryptsetup luksOpen /dev/sda mnt
sudo cryptsetup luksOpen /dev/sdb mnt2
sudo cryptsetup luksOpen /dev/sdc mnt3
sudo mdadm --assemble -scan
service plexmediaserver restart
service plexpy restart

Works perfectly for me with plex and plexpy.

Thank you for a good plugin. I use it with 2.2.5 and encrypted volumes need to be unlocked one at a time. Is there a way to unlock multiple volumes at once in web UI?

Zitat von igrnt

Do this:

• Wipe disks
• Create RAID array from raw disks
• Create encrypted volume using RAID array
• Unlock encrypted volume, add shared folders

Thanks for the advice - much appreciated.

So now I've deleted everything and started again, created a RAID array, and now there are no devices listed in the drop down when I do encryption/create.

What am I missing?

Cheers,
Geoff

Hi Forum,

Is the OMV3 LUKS plugin already in a usable state?

Yesterday I have tried to install it with the steps in this forum, but all lead to popup errors on GUI. If it is already a working plugin then can someone write a step-by-step guide on how to install OMV3-LUKS to work?

Thanks.
Pery.