Linux
Debian preseed 無法正確使用 LUKS LVM 創建加密磁碟
我正在嘗試使用 Debian 10 (Buster) 上的 preseed 自動創建一個 LUKS LVM 磁碟分區。我只有一個
/dev/sda大小為 80GB 的磁碟,它的系統記憶體為 4GB這是我的完整預置配置:
#### Preseed preconfiguration file (for Debian buster) ### Partman early command ### Kernal parameter d-i debian-installer/add-kernel-opts string net.ifnames=0 biosdevname=0 console=ttyS0,19200n8 ### Localization d-i debian-installer/locale string en_US.UTF-8 d-i debian-installer/language string en d-i debian-installer/country string MY ### Keyboard selection d-i keyboard-configuration/xkb-keymap select us ### Network configuration d-i netcfg/choose_interface select eth0 d-i netcfg/use_dhcp string false d-i netcfg/disable_autoconfig boolean true d-i netcfg/dhcp_failed note d-i netcfg/dhcp_options select Configure network manually # IPv4 Static network configuration d-i netcfg/get_ipaddress string 172.14.5.185 d-i netcfg/get_netmask string 255.255.255.0 d-i netcfg/get_gateway string 172.14.5.1 d-i netcfg/get_nameservers string 139.12.11.5 d-i netcfg/confirm_static boolean true # Set a hostname d-i netcfg/get_hostname string sun d-i netcfg/get_domain string domain.com # Force a hostname d-i netcfg/hostname string sun.domain.com # Disable that annoying WEP key dialog d-i netcfg/wireless_wep string ### Mirror settings d-i mirror/country string manual d-i mirror/http/hostname string deb.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string ### Account setup # Skip creation of a normal user account d-i passwd/make-user boolean false # Set root password # or encrypted using a crypt(3) hash. d-i passwd/root-password-crypted password $6$R3C6TyiPkyqUwaw7$4rgc4Uluov6wm5ZXmEdssw3pZs5E5dsnOuVPa/VAHAJTsQCsxSeKjIj7hp3xJzZ9t5wQpx6UuYcXZxYpjbkn/ ### Clock and time zone setup # Set hardware clock to UTC d-i clock-setup/utc boolean true # Set timezone d-i time/zone string Asia/Kuala_Lumpur # Use NTP clock during installation d-i clock-setup/ntp boolean true ### Partitioning # LVM LUKS method d-i partman-auto/method string crypto d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true d-i partman-lvm/confirm boolean true d-i partman-auto-lvm/guided_size string max d-i partman-auto-lvm/new_vg_name string box1 d-i partman-auto/disk string /dev/sda d-i partman-auto/choose_recipe select boot-crypto d-i partman-auto/expert_recipe string \ boot-crypto :: \ 1024 1024 1024 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ 15360 15360 15360 ext4 \ $lvmok{ } lv_name{ root } \ in_vg { box1 } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 2048 2048 2048 ext4 \ $lvmok{ } lv_name{ tmp } \ in_vg { box1 } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ options/nosuid{ nosuid } \ options/noexec{ noexec } \ . \ 4096 4096 4096 linux-swap \ $lvmok{ } lv_name{ swap } \ in_vg { box1 } \ method{ swap } format{ } \ . \ 80896 80896 1000000 ext4 \ $lvmok{ } lv_name{ home } \ in_vg { box1 } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /home } \ options/nosuid{ nosuid } \ d-i partman-basicfilesystems/no_mount_point boolean false d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true ### Apt setup d-i apt-setup/cdrom/set-first boolean false d-i apt-setup/cdrom/set-next boolean false d-i apt-setup/cdrom/set-failed boolean false d-i apt-setup/services-select multiselect security, updates d-i apt-setup/security_host string security.debian.org ### Package selection tasksel tasksel/first multiselect standard # Individual additional packages to install d-i pkgsel/include string openssh-server popularity-contest popularity-contest/participate boolean false另一個預置配置成功執行。該磁碟是使用 LUKS LVM 創建的,但問題是缺少像 /home 這樣的分區(不是從一開始就創建的),但我確實在上面的預置文件中定義了它。此外,交換磁碟空間應該是 4GB,但它填滿了其餘空間。這是此預置配置如何創建磁碟結構的螢幕截圖:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 79G 0 disk |-sda1 8:1 0 976M 0 part /boot |-sda2 8:2 0 1K 0 part `-sda5 8:5 0 78G 0 part `-sda5_crypt 254:0 0 78G 0 crypt |-box1-root 254:1 0 14.3G 0 lvm / |-box1-tmp 254:2 0 1.9G 0 lvm /tmp `-box1-swap 254:3 0 61.8G 0 lvm [SWAP]這可能是什麼原因?我的分區預置文件中有任何錯誤嗎?
我的分區方案是這樣的:
TOTAL SPACE is 80 GB partition: /boot 1GB | FILE SYSTEM: ext4 | bootable flag: on | no need to encrypt # This is LVM container encryption called box1: partition: /root (/) 15 GB | FILE SYSTEM: ext4 partition: /tmp 2GB | FILE SYSTEM: ext4 | mount with: nosuid, noexec partition: swap 4GB partition: /home 60GB (or the rest space left) | FILE SYSTEM: ext4| mount with: nosuid
它正在工作!首先正如@cas 所提到的,我在聲明主目錄的大小時犯了一個錯誤,我不小心使用了整個磁碟的大小。但這裡的主要問題是阻止創建主目錄的語法錯誤。令人驚訝的是,
debconf-set-selections使用選項 -c 的語法檢查器並沒有抱怨預置文件中的這個錯誤。我所做的是,把這個缺失的點(沒有 \ 符號).在這一行之後:
$lvmok{ } lv_name{ home } \ in_vg { box1 } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /home } \ options/nosuid{ nosuid } \所以它看起來像這樣:
$lvmok{ } lv_name{ home } \ in_vg { box1 } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /home } \ options/nosuid{ nosuid } \ .