configure encrypted storage with LUKS on RHEL 7

I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…


sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb


This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…


sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab


So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.


[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost etc]$ sudo cryptsetup luksOpen /dev/sdb crypt-sdb
[sudo] password for <username>:
Device crypt-sdb already exists.
[<username>@localhost etc]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found


As a reference, I went through the article “How to configure encrypted storage with LUKS using passphrases” on Red Hat’s website but I’m apparently stuck between steps 1-3.

Please help. Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Appending your question with the output of df will likely help people assist you.

Keep in mind, if there's some other disk layer on top of /dev/sdb like RAID or LVM or ZFS or unions or bind sets or many other layers...

Then you'll have to disconnect /dev/sdb from any other use, before you'll be able to effect it's contents.

I'd expect to see the messages you mention above if this device was part of a RAID set.
Tech_20Author Commented:
Thanks, David. Below is the df output.


[<username>@localhost dev]$ df
Filesystem              1K-blocks    Used Available Use% Mounted on
/dev/mapper/centos-root  52403200 5489052  46914148  11% /
devtmpfs                  3959496       0   3959496   0% /dev
tmpfs                     3975612   17776   3957836   1% /dev/shm
tmpfs                     3975612   58300   3917312   2% /run
tmpfs                     3975612       0   3975612   0% /sys/fs/cgroup
/dev/sda1                  505580  318576    187004  64% /boot
/dev/mapper/centos-home 427041048  244448 426796600   1% /home
tmpfs                      795124      48    795076   1% /run/user/1000
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.