LUKS disk encryption plugin

    • OMV 2.x
    • Is it possible so halt on boot and wait für the encrypted disks to be unlocked through ssh?

      I want to setup 2 encrypted drives and ZFS on top, so to prevent the pool to fail I need the drives unlocked quite early. Since there is almost no reboot, manual unlocking is fine for me, but it has to be possible through SSH, since I am physically not near the server.

      Edit: I managed to unlock my drives during boot by sticking to this howto
      Keyfile is stored in root directory.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett

      The post was edited 1 time, last by riff-raff ().

    • Hello,

      I've got a stressful problem with my encryption trough this plugin.

      I created a full-disk encryption for my drives and everything is running fine. But I was bored to enter the password trough the gui and wanted to do it trough ssh. I realised none of those command worked:

      > cryptsetup open /dev/sdd sdd-crypt
      > sudo cryptsetup luksOpen /dev/sdd sdd-crypt

      Maybe a key problem, adding a new key trough GUI create this issues similar to ml1950. My pass is made of 45 random char using all sorts special ones.

      Source Code

      1. Unable to add the key to the encrypted device: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /bin/bash -c 'echo -n '>[' | cryptsetup luksAddKey -q '/dev/sdd' <(echo -n 'haha')' 2>&1' with exit code '2':
      2. Error #0: exception 'OMV\Exception' with message 'Unable to add the key to the encrypted device: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; /bin/bash -c 'echo -n '>[' | cryptsetup luksAddKey -q '/dev/sdd' <(echo -n 'haha')' 2>&1' with exit code '2': ' in /usr/share/openmediavault/engined/rpc/luks.inc:530 Stack trace: #0 [internal function]: OMVRpcServiceLuksMgmt->addContainerKey(Array, Array) #1 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array(Array, Array) #2 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('addContainerKey', Array, Array) #3 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('LuksMgmt', 'addContainerKey', Array, Array, 1) #4 {main}

      So my question is:


      What is my password? apparently it was never registered as I saved it (or maybe I got the wrong command), how can I unlock those drives through cli and add now key cli or gui ?


      Thanks in advance
    • HI, this thread seems kind of alive still, so maybe someone can help me here.

      I'm unlocking my encrypted drive manually in the OMV(4) webgui, but on bootup all the mounts based on that drive already failed and are not re-triggered after manual unlock.

      That is: the drive itself is mounted, but not all the dependent mounts like shared folders etc.

      Is this supposed to work? Is either the plugin checking the mount unit hierarchy and re-triggers all dependent mounts or is systemd itself supposed to re-try when a previously unavailable dependency comes online? If both is not: How would I fix this? Is there some place where I could add custom scripts to be executed on manual unlock?

      Thanks in advance!
    • omv 4.1.13 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!