Reusing existing encrypted logical volumes while installing Ubuntu 8.10

…I couldn’t think of a longer title :)

Here’s the situation: I have a desktop which ran Debian Etch and later Lenny, and now I want to run Ubuntu Intrepid on it. Some might say that you could use the wonders of APT to dist-upgrade the system, but that seemed a bit of a long stretch to me. In any case, getting a fresh installation would be a lot easier.

However, I wanted to keep the partitions which had been carefully layed-out when I installed Etch: I mostly followed the recipe that’s in this earlier post of mine, which produced an encrypted volume with a few LVM volumes inside that. Keeping this structure saves you

  • moving the data in /home back and forth (actually, the forth part is still necessary, because you wouldn’t want to do this without backups, but at least you save yourself the back part)
  • going through the whole encrypted/LVM partitioning-shebang again (although you could reasonably opt out of filling the disk with random bits since that’s happened before)
  • uhm, I can’t remember point three…

Here’s the little problem: the Intrepid alternate installer doesn’t give you the option of opening existing LUKS volumes or activating LVM volumes. Luckily, I found some hints in this Debian bug-report. In fact going by the pointers that FJP gives there, you don’t really need me to tell you anything more – but I’ll still do it anyway to document that/how it works with the Intrepid alternate installer.

Some time before you enter the partitioner, you change to another console (e.g. Ctrl-Alt-F2), and type

modprobe dm-mod
modprobe aes
cryptsetup luksOpen /dev/sdx2 sdx2_crypt # replace x and 2
# enter the passphrase...
vgchange -a y group_name # replace group_name

After that, you can go into the partitioner, and your LVM volumes will appear. If you do the above after entering the partitioner, it doesn’t recognise them correctly for some reason that’s too deep for me to grasp. Now you’ll still have to set the mount points, and you need to be careful when choosing which volumes to format (not /home, for example). The installation then proceeds as usual. Read on before you reboot though:

I rebooted straight after the install finished, and ran into the problem that the installer hadn’t written /etc/crypttab, so that the encrypted volume did not get unlocked and booting failed. It was easily fixable, using the install-cd in rescue mode. For some reason in rescue mode it asks the same questions as during the install, but I ignored that and asked for a command prompt (it’s in the menu, sorry I didn’t take screenshots…):

modprobe dm-mod
modprobe aes
cryptsetup luksOpen /dev/sdx2 sdx2_crypt # replace as before
# enter passphrase
vgchange -a y group_name
mkdir /target # don't worry, this is in temporary space
mount -t ext3 /dev/group_name/root_vol /target # mount your root dir ("/")
mount -t ext3 /dev/group_name/home_vol /target/home # optional?
mount -t ext3 /dev/sdx1 /target/boot # replace x and 1
mount -t proc /proc /target/proc
mount -t sysfs /sys /target/sys
chroot /target

Now, you’re not fiddling in temporary space anymore – just thought I’d mention it. Oh and for some reason mount complained when I tried this without specifying the ext3 filesystem types, I don’t see why. Let’s continue: we’re going to make an entry in /etc/crypttab, and then rebuild the boot image.

echo "sdx2_crypt /dev/sdx2 none luks" >> /etc/crypttab
update-initramfs -u all

This rewrites the initrd images in your /boot, so that next time they’ll ask you to unlock the cryptodisk. I would not do the echoing, preferring an editor instead, but you get the idea. Most probably, you can also do all this before rebooting after the installer has done its work – that would save you some hassle (let me know if that works for you, thanks!).

Finally, in case you’re curious: Intrepid Ibex is quite neat. I’ll be a frequent user of the on-the-fly guest account feature


4 Responses to “Reusing existing encrypted logical volumes while installing Ubuntu 8.10”

  1. 1 John Wiersba 8 July 2009 at 11:03

    See also and for more information on reinstalling into an LVM partition inside an encrypted volume.

  2. 3 Frapell 8 July 2009 at 13:00

    Thank’s for sharing this, you have now 2 posts in my bookmarks :D


    PS: You mind if some day (when i have some time) i translate both your posts to spanish and put them in my blog ?

    • 4 yungchin 8 July 2009 at 13:16

      Not at all, you’re very welcome to use them! (I used to have a CC-license page on this blog, but I decided to remove it because the whole idea of blogging implies such licensing anyway :))

      Looking forward, with 9.10 using GRUB2, which may perhaps come with LUKS-support, we ought to play with that and document it, too!

Comments are currently closed.

%d bloggers like this: