![]() This option helps to identify the devices grouped by the logical volume instead of the original /dev/sd device names. On this variation of lsblk, we're listing the devices showing the dependencies in reverse order. Verify that the new file systems are mounted lsblk -fs Verify the information for physical volumes pvsĬreate the volume group by using the same devices already initialized: vgcreate vgdata /dev/mapper/Ĭheck the information for the volume group vgdisplay -v vgdataĬreate logical volumes lvcreate -L 10G -n lvdata1 vgdataĬheck the created logical volumes lvdisplayĬreate file systems on top of the structures for logical volumes echo "yes" | mkfs.ext4 /dev/vgdata/lvdata1Įcho "yes" | mkfs.ext4 /dev/vgdata/lvdata2Ĭreate the mount points for the new file systems mkdir /data0Īdd the new file systems to /etc/fstab and mount them echo "/dev/mapper/vgdata-lvdata1 /data0 ext4 defaults,nofail 0 0" >/etc/fstabĮcho "/dev/mapper/vgdata-lvdata2 /data1 ext4 defaults,nofail 0 0" >/etc/fstab The /dev/mapper/device names here need to be replaced for your actual values based on the output of lsblk. You'll get a warning that asks if it's OK to wipe out the file system signature. Configure LVM on top of the encrypted layers Create the physical volumes Instead of using the device name, use the /dev/mapper paths for each of the disks to create a physical volume (on the crypt layer on top of the disk, not on the disk itself). Now that the underlying disks are encrypted, you can create the LVM structures. Verify that the disks are not mounted and that the entries on /etc/fstab were removed lsblkĪnd verify that the disks are configured: cat /etc/fstab PowerShell: New-AzVm -ResourceGroupName $ doneĪnd remove the /etc/fstab entries: vi /etc/fstab The following commands are optional, but we recommend that you apply them on a newly deployed virtual machine (VM). We're using variables throughout the article. When you're using the "on-crypt" configurations, use the process outlined in the following procedures. The Azure Disk Encryption dual-pass version is on a deprecation path and should no longer be used on new encryptions. The procedures assume that you already reviewed the prerequisites in Azure Disk Encryption scenarios on Linux VMs and in Quickstart: Create and encrypt a Linux VM with the Azure CLI. For more information about this option, see Use the EncryptFormatAll feature for data disks on Linux VMs.Īlthough you can use this method when you're also encrypting the OS, we're just encrypting data drives here. RAID is an option when LVM can't be used because of specific application or environment limitations. A file system is created on top of the RAID device and added to /etc/fstab as a regular device. In a similar way, the RAID device is created on top of the encrypted layer on the disks. You create the volumes and add the required entries on /etc/fstab. The physical volumes are used to create the volume group. ![]() The physical volumes (PVs) are created on top of the encrypted layer. Configure RAID on top of encrypted devices (RAID-on-crypt)Īfter the underlying device or devices are encrypted, then you can create the LVM or RAID structures on top of that encrypted layer.Configure LVM on top of encrypted devices (LVM-on-crypt).The procedures in this article support the following scenarios: Azure Disk Encryption dual-pass extension. ![]() Azure Disk Encryption single-pass extension. ![]() The process applies to the following environments: This article is a step-by-step process for how to perform Logical Volume Management (LVM) and RAID on encrypted devices. ![]() Applies to: ✔️ Linux VMs ✔️ Flexible scale sets ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |