Need some assistance -- how to reinstall over an existing encrypted LVM setup?

[yallwatch]

Hi, this is a first-time post for me.  I'm hoping someone can shed some light on how I can install PCLOS over an existing encrypted LVM setup.  I currently have a dual-boot system --Ubuntu 11.10 and PCLOS 2011.6-- and I installed both operating systems on an encrypted LVM file system (using the same volume group for both Ubuntu and PCLOS).  I'd now like to install PCLOS 2012.2 over the current 2011.6 version, while keeping my current PCLOS home directory.  In keeping with some tips by "hastala" over at ubuntuforums, I've taken the following steps so far:

1.  Start LiveCD

2.  Install the LVM2 package using the synaptic package manager (the cryptsetup package appears to be installed already on the LiveCD)

3.  Load kernel modules (as superuser):

Code: [Select]

modprobe dm-mod
modprobe dm-crypt
4.  As superuser, unencrypt the encrypted partition (sda5 in my case) & enter passphrase:

Code: [Select]

cryptsetup luksOpen /dev/sda5 sda5crypt
5.  Find the volume group (VG):

Code: [Select]

vgscan
6.  Check to see if all logical volumes (LVs) are presented:

Code: [Select]

lvs
All of my LVs were listed after I took the above steps.  I then ran the live-installer's "install" function and chose the "custom disk partition" method, but this is where I ran into a stalemate.  As best I can tell, the installer simply does not see the LVM setup created by the previous installation.  The installer sees one non-encrypted boot partition and one encrypted Physical Volume (sda5), but it does not seem to see the VG at all.

Has anyone else installed PCLOS on an encrypted LVM file system, and then successfully reinstalled over that file system?  If so, I'd be grateful for your advice on where I'm going wrong.  Many thanks!

[AS]

4.  As superuser, unencrypt the encrypted partition (sda5 in my case) & enter passphrase:

cryptsetup luksOpen /dev/sda5 sda5crypt

Hi and welcome to PCLinuxOS forum,

here you will find a short article about encryption using PCLinuxOS, note that LVM is not used here but you may find some hints:
http://pclosmag.com/html/Issues/201108/page19.html

here there is another article, about encryption while using LVM:
http://www.linuxbsdos.com/2011/07/16/how-to-install-pclinuxos-2011-6-on-an-encrypted-lvm-file-system

about your proposed steps, the only thing I noticed immediately was about the used device, look like you are going to use LVM on top of an encrypted partition, instead you may want to use encryption on top of LVM (or I'm misunderstanding your desired setup):

cryptsetup luksOpen /dev/mapper/LV01 LV01crypt

If your PCLinuxOS 2011-06 is updated, you don't need to reinstall 2012-02, as you will end with the same result.
To provide further help, there is the need of more detailed info about your partition layout.

Personally I have never used LVM in PCLinuxOS because: you can easily resize partitions, it is very simple and fast to reinstall, if/when needed.

Here there is another thread (that one that originated the PCLOS Magazine article), with some additional note/hints ...
http://www.pclinuxos.com/forum/index.php/topic,93730.0.html

AS

[yallwatch]

AS, sorry for the slow reply on my part.  Many thanks for your assistance---I'm a relative newcomer to Linux, so a lot of this is still unfamiliar to me.  The link you provided --http://www.linuxbsdos.com/2011/07/16/how-to-install-pclinuxos-2011-6-on-an-encrypted-lvm-file-system-- is one of the references I used in setting up my dual-boot encrypted LVM system.

I did not realize that an updated PCLinuxOS 2011-06 is effectively the same as 2012-02.  With that in mind, I have no good reason to reinstall at this point.

That said, I'm still curious about how I would go about reinstalling PCLOS over my existing setup while retaining my existing home partition, if I ever needed to do so.  No matter what I try, I cannot seem to get the installer to "see inside" my encrypted Physical Volume (sda5).  I tried the change you suggested...

cryptsetup luksOpen /dev/mapper/LV01 LV01crypt

...but to no avail.

  I don't know if it helps or not, but below is the basic partition layout of my hard drive:

/dev/sda1          ext2               494.16MB          pclos_boot
/dev/sda2          extended         297.27GB
   /dev/sda5       crypt-luks        296.80GB
   /dev/sda6       ext2                476.00MB         ubuntu_boot

The encrypted Physical Volume resides on /dev/sda5.  Inside the Physical Volume is a single Volume Group containing five Logical Volumes:  one home partition for Ubuntu, one home partition for PCLOS, one root partition for Ubuntu, one root partition for PCLOS, and one Swap partition (used by both operating systems).

Any other thoughts?

[AS]

AS, sorry for the slow reply on my part.  Many thanks for your assistance---I'm a relative newcomer to Linux, so a lot of this is still unfamiliar to me.  The link you provided --http://www.linuxbsdos.com/2011/07/16/how-to-install-pclinuxos-2011-6-on-an-encrypted-lvm-file-system-- is one of the references I used in setting up my dual-boot encrypted LVM system.

I did not realize that an updated PCLinuxOS 2011-06 is effectively the same as 2012-02.  With that in mind, I have no good reason to reinstall at this point.

That said, I'm still curious about how I would go about reinstalling PCLOS over my existing setup while retaining my existing home partition, if I ever needed to do so.  No matter what I try, I cannot seem to get the installer to "see inside" my encrypted Physical Volume (sda5).  I tried the change you suggested...

cryptsetup luksOpen /dev/mapper/LV01 LV01crypt

...but to no avail.

Of course, no surprise that it doesn't work, it was just an example to highlight about the LVM layer ... no real references.

  I don't know if it helps or not, but below is the basic partition layout of my hard drive:

/dev/sda1          ext2               494.16MB          pclos_boot
/dev/sda2          extended         297.27GB
   /dev/sda5       crypt-luks        296.80GB
   /dev/sda6       ext2                476.00MB         ubuntu_boot

The encrypted Physical Volume resides on /dev/sda5.  Inside the Physical Volume is a single Volume Group containing five Logical Volumes:  one home partition for another distro, one home partition for PCLOS, one root partition for another distro, one root partition for PCLOS, and one Swap partition (used by both operating systems).

Any other thoughts?

If you boot a LiveCD, say KDE 2012.02, you should be able to run PCLOS Control Center -> Local Disks -> Manage Disk Partitions,
you can use the tool to explore your current partitions and setup.

Upon reinstallation, you can choose "Use existing partitions" or "Custom Partitions" and there you will setup again the correct mount points, you should be asked to provide the passphrase at some point when managing the encrypted partition.

As I don't use LVM, I don't have specific suggestions/experience ... I think it should work.

About your partition layout, it really doesn't look like a LVM setup ... look like a conventional partition table ... try the following command, (from root):

Code: [Select]

fdisk -l

[yallwatch]

Sorry, AS, I meant to note that when I tried the below:

cryptsetup luksOpen /dev/mapper/LV01 LV01crypt

I replaced the text with my own references.  Should have been more specific!   

I agree that, in theory, at some point I should be able to work with the existing encrypted partition.  I just haven't stumbled yet upon the correct "move" to make this happen.

Here's some additional reference resulting from "fdisk -l":

Code: [Select]

Disk /dev/sda: 320.1 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0004f844

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *          63     1012094      506016   83  Linux
/dev/sda2         1012156   624427007   311707426    5  Extended
/dev/sda5         1012158   623450519   311219181   83  Linux
/dev/sda6       623452160   624427007      487424   83  Linux

Disk /dev/mapper/sda5_crypt: 318.7 GB, 318687392768 bytes
255 heads, 63 sectors/track, 38744 cylinders, total 622436314 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/sda5_crypt doesn't contain a valid partition table

Disk /dev/mapper/vg0-root_pclos: 6291 MB, 6291456000 bytes
255 heads, 63 sectors/track, 764 cylinders, total 12288000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/vg0-root_pclos doesn't contain a valid partition table

Disk /dev/mapper/vg0-swap: 4194 MB, 4194304000 bytes
255 heads, 63 sectors/track, 509 cylinders, total 8192000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/vg0-swap doesn't contain a valid partition table

Disk /dev/mapper/vg0-home_pclos: 68.2 GB, 68157440000 bytes
255 heads, 63 sectors/track, 8286 cylinders, total 133120000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/vg0-home_pclos doesn't contain a valid partition table

Disk /dev/mapper/vg0-root_ubuntu: 6496 MB, 6496976896 bytes
255 heads, 63 sectors/track, 789 cylinders, total 12689408 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/vg0-root_ubuntu doesn't contain a valid partition table

Disk /dev/mapper/vg0-home_ubuntu: 65.0 GB, 64999129088 bytes
255 heads, 63 sectors/track, 7902 cylinders, total 126951424 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/vg0-home_ubuntu doesn't contain a valid partition table

[AS]

Disk /dev/mapper/sda5_crypt: 318.7 GB, 318687392768 bytes
255 heads, 63 sectors/track, 38744 cylinders, total 622436314 sectors

The above means:
/dev/sda5 -> (encrypted) -> /dev/mapper/crypt_sda5 (318 GB) -> LVM .....

back to your original question:

I'd now like to install PCLOS 2012.2 over the current 2011.6 version, while keeping my current PCLOS home directory.

At time of reinstallation you will need to select "Custom partitions",  you will open the encrypted partition /dev/sda5, the passphrase will be requested and the partition will be automatically mapped to /dev/mapper/crypt_sda5, you will reassign the encrypted partition to LVM.

Then you will need to duplicate exactly the current LVM setup, either by copying to current lvm related config files or manually re-adding each volume, can't say more because I've not used/tested LVM that much.

It's beyond me why you are using such complicate layout, considering that if you will ever need to restore your system from a backup it would be a real pain.
May be I'm missing the advantage of LVM. (not really, I think LVM may be useful on large servers, not on desktop installation, i.e. you could make up a single partition from 2 or more disks...).

AS

[yallwatch]

Thanks for your follow-up note, AS.  Even after following the steps you outlined, I just can't get the installer to work the way I envisioned.  Of course, I can't rule out user error, but I suspect that the installer just isn't up to the task I had in mind.  (Thankfully, rather than try any of this on my actual setup, I've been experimenting with an identical setup I created in Virtualbox.)

As for why I'm using this layout...I wanted a dual-boot system with full-disk encryption, and this was the only way I could figure out how to do it.  As I said, I'm new at this!     If I'm overlooking a simpler approach, I'm all ears....

In any event, thanks again for your help with my original question---you were very generous with your time, and I greatly appreciate it!

[AS]

As for why I'm using this layout...I wanted a dual-boot system with full-disk encryption, and this was the only way I could figure out how to do it.  As I said, I'm new at this!     If I'm overlooking a simpler approach, I'm all ears....

You could also set up your system as dual boot, while using encryption, and simply avoid LVM, which is the solution I have used too. Mainly you will need to setup an unencrypted /boot partition, say 300 MB, which will contain the kernel, the initrd and the bootloader related files.

I have detailed all steps in my article on PCLOS Magazine, including screenshots, link available in my first answer, therefore I will not repeat the article here. If something is not clear, or if you have further questions, please ask.

You could also evaluate to encrypt only your /home partition, for both systems you are going to install, in such case you will end up with a "normal" dual boot system and an encrypted storage for your data. This is also described in the same article, which in my intention was written to keep the whole encryption argument as simple as possible. 

I was planning to extend the argument by writing a next article, to include backups and system recovery, your feedback will be greatly appreciated, because will let me know about the weakness of the article and the areas that need to be expanded.

AS

[yallwatch]

AS, I took a look at your PCLOS Magazine article, which was very clear and helpful.  The next time I do a reinstall on my system (probably when another distro 12.04 comes out), I'll try your method, and I'll let you know how it goes.  Thanks again!