the preflight check for the update to 4.3-2 diagnosed my /root as being too small for the apt-caches. I provisioned an additional virtual 20GB drive as scsi1, and after reboot, this new drive became /dev/sdb.
I started following the instructions for resizing here, but after pvcreate, pvs reported
# pvs PV VG Fmt Attr PSize PFree /dev/mapper/sda3_crypt vg_ucs lvm2 a-- 19,02g 0 /dev/sdb1 lvm2 a-- 20,00g 20,00g
This was where I realized that I want to ENCRYPT ALL THE PVs. In other words: I want to reach the following state:
# pvs-show-dream-target PV VG Fmt Attr PSize PFree /dev/mapper/sda3_crypt vg_ucs lvm2 a-- 19,02g 0 /dev/mapper/sdb2_crypt vg_ucs lvm2 a-- 20,00g 0
Furthermore, I don’t want to enter separate passphrases for the two volumes at bootup. This could e.g. be solved as
- two encrypted partitions sharing the same encryption parameters, or
- using a keyfile stored on the /root partition to decrypt the extension partition
This boils down to some quite hefty low level encryption meddling, which I am not quite up to par yet.
Can someone help? What is the UCS way of doing this? I can not possibly be alone with this problem…
Using a single passphrase to unlock multiple encrypted disks at boot - This quite recently warns about a bug in debian, and I am irritated if my UCS server is affected
How to decrypt multiple LUKS disks entering password just once? - This reddit thread from July 2016, while focussing on Archlinux, has some very intriguing solutions outlined…