configure encrypted storage with LUKS on RHEL 7

I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…

**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb

**************************



This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…



**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab

**************************



So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.



**************************

[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost etc]$ sudo cryptsetup luksOpen /dev/sdb crypt-sdb
[sudo] password for <username>:
Device crypt-sdb already exists.
[<username>@localhost etc]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found


**************************


As a reference, I went through the article “How to configure encrypted storage with LUKS using passphrases” on Red Hat’s website but I’m apparently stuck between steps 1-3.


Please help. Thanks.
Tech_20Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Appending your question with the output of df will likely help people assist you.

Keep in mind, if there's some other disk layer on top of /dev/sdb like RAID or LVM or ZFS or unions or bind sets or many other layers...

Then you'll have to disconnect /dev/sdb from any other use, before you'll be able to effect it's contents.

I'd expect to see the messages you mention above if this device was part of a RAID set.
0
 
Tech_20Author Commented:
Thanks, David. Below is the df output.

________________

[<username>@localhost dev]$ df
Filesystem              1K-blocks    Used Available Use% Mounted on
/dev/mapper/centos-root  52403200 5489052  46914148  11% /
devtmpfs                  3959496       0   3959496   0% /dev
tmpfs                     3975612   17776   3957836   1% /dev/shm
tmpfs                     3975612   58300   3917312   2% /run
tmpfs                     3975612       0   3975612   0% /sys/fs/cgroup
/dev/sda1                  505580  318576    187004  64% /boot
/dev/mapper/centos-home 427041048  244448 426796600   1% /home
tmpfs                      795124      48    795076   1% /run/user/1000
0
All Courses

From novice to tech pro — start learning today.