CentOS 5 Server :: Unattended Reboot With An Encrypted Root File System?
Mar 31, 2009
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it...
http://wiki.fukt.bsnet.se/wiki/Mandos
...by serving up the password from another server...
http://packages.debian.org/squeeze/mandos
...to a client loaded into the initial RAM disk environment...
http://packages.debian.org/squeeze/mandos-client
...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home 2. /root 3. swap 4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
I need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
I have an Ubuntu 10.04.1 AMD64 server running Apache with SSL. In the past, even though I have a passphrase on my key file, I have only needed it if I manually restarted Apache2, never after reboot.
I recently switched from a self-signed cert to one from a CA. I'm not sure if this is what caused it, I also installed a few packages (AWStats, PHPSysInfo and Munin) that all interact with the webserver.
Anyway, I just noticed that now after a reboot Apache starts but doesn't work. I need to kill that process and start a new one with the passphrase (maybe on the console it is prompting me, I mainly use SSH access since the server is headless).
Why did Ubuntu used to 'remember' the passphrase on the self-signed cert but now I need to provide it?
My sever auto-updates so it would be annoying to have this thing go down regularly after a patch that requires a reboot.
I have a problem that is probably simple, but have not yet found the answer on any forums or by Googling. First my system specs:Tyan 2610 motherboard w/ 2 x PIII 9334 gig PC133 SDRAM 1 x 5 gig hd (system)4 x 500 gig hds w/ 3Ware 7500 controller set to RAID 5, (1.5 TB) mounted as /homeCentOS 5.3 running my smb and nfs mountsMy problem is that I have run out of space on my / (root) file system, (the 5 gig). Since I am planing to rebuild my file server with larger hard drives, (2 x's 60 gig SATA's set to RAID 1, 6 x's 1.5 TB at RAID 5), within the next 2 months, I would like to try to clean out any unneeded crap rather than adding a hard drive and expanding my root file system. I have done the following:
Removed old unused kernels cleaned up /var/log/ cleaned up /tmp
I currently have a server with the default VolGroup00 that contains logical volumes for the root file system and swap using logical volumes LogVol00 (root) and LogVol01 (swap.) I need to take space from LogVol00 and move it to LogVol01. I have found documentation for increasing the swap, and the resizing the logical volumes. However in the documentation and the man pages it says that I have to reduce the size of teh file system on the logical volume I am going to shrink. I have found documentation resizing the logical volumes but not the file systems.
When I try to install anything recently, I was getting errors about "No Space". I noticed that the root drive (/dev/sda1) has 100% usage which I'm not sure how that suddenly happened.
There was a powerloss recently and I wondered if some serious corruption had occurred. Since I'm checking the root drive, I had fsck run after a restart:
Code: sudo shutdown -F -r now
FSCK went to work, briefly, and the logs (/var/logs/checkfs and /var/logs/checkroot) remain empty. Speaking of log files, I had a look at all of them and they take up a mere 32MB, so that's not the issue...
Using Code: du -h I know that: /var uses 1.2 GB /root uses 100 K /usr uses 1.4 GB /tmp is empty /home has 35 MB
Have already ran apt-get clean. How can I figure out what is taking up so much room? How can I go about figuring out what is huge and is safe to remove?
There isn't any separate file system for /home and we have only one (/) root file system for everything else on the system. Is there any way that we can still implement quotas for users through their home directories was mounted on (/) root file system. Do we need to have a separate file system (/home) compulsory for implementing disk quotas?
For my project, it's absolutely necessary to have a read-only root partition system. I have a writable /opt/project partition.But, I also need to start x server. startx This tries to write to some temporary files and fails as / is readonly. Is there any how-to on how to move this temporary files to the writable portions of the file system.
I have a weird performance issue with a centos 5 running a nfs server and a rh8 client. I think the fact that it is rh8 client should be downplayed. It is just that with rh8 client the performance degradation seems more clear. See test details below OS in server is Centos 5 x86_64 kernel 2.6.18-92.1.22.el5
1Gb connection between machines File to test over NFS is a 1GB file. First of all I wanted to measure how the network alone performs while using NFS. So in the server side I run a "cat" command on the 1GB file to /dev/null. Please note that the disk read speed is about 98MBs. At this point the file system has the 1GB file cached in memory. In the client side a "cat" on the same file gives me a speed of about 113MBs. It seems then that the bottleneck in this instance is the network and it is very close to nominal speed. So the network performance is really good. (BTW I know that the server got that file from cache because a vmstat or iostat shows no disk activity.)
The second test is reading from disk with no caching involve. In the server I flushed the 1GB file from the memory. For instance by reading another 5GB file and I repeat the same thing as above in the client (a cat on the 1GB file). Now, the server has to go to disk.(vmstat or iostat shows the disk activity). However the performance, now, is about 20MBs, I was expecting something closer so 90MBs. (since the reading speed in the server in the first test showed 98MBs).
This second test was repeated for ext2, ext3, xfs with no significant differences. A similar test using a RH8 NFS server and client gets me close to 60MBs for a 1GB file not cache by the file system in the serverSince network speeds and disk read speeds are not the bottlenecks ... what or where is the limiting factor then?
I am an old days RH release user(from 6.x) and just switching back from Debian/Ubuntu to CentOS on some servers, but I can not understand the kernel update strategy currently enabled in CentOS.There are two boxes, with almost identical installation, but recently there was an auto update of kernel on one box. This auto update also seems to issue an auto reboot on the machine, which is unacceptable on server machines.
Well it turns out my system has logged out more then once on its own. I had the system updated and upgraded from 7-3-11 and it did this about once a week. On 7-18-11 I did a full update and upgrade and it logged out a few times in a couple of hours. It does it while I am away and the system is in screen saver mode. I used my partition clone and restored the system back to 7-3-11. Has any one else ever had such an issue?
I've been running 10.04 on an old tower for a few weeks now. I've updated the software with no problems. Yesterday I let Update Manager go ahead with installing some updates. Now, the computer will crash while unattended. The screen stays off, and the machine doesn't respond to pings. I've found nothing of use in the syslog. The display going to sleep isn't the trigger, as it will turn off and come back before the issue presents. It seems to occur after 15 minutes or so of idle activity. Also, after an update a couple weeks ago, linux-headers and linux-image won't install cleanly. I'm going to try disabling power saving features to see if it continues occurring.
I added a whole slew of apps to my favorites and lost the 'Shutdown' option...every time I try to shutdown in the Terminal I am told I must be logged in as Root to do so...I can't figure out how to do this I'm a newbie to Linux but a CNE 5 -haven't used it 10 years- an MCP and A+ certified I've searched local help and SuSe's site and I can't find anythingI've only spent a couple of hrs on this and have had SuSe 11.2 installed since last Sunday
I'm trying to add "Root File System on NFS" to overcome some issues that I seem to be having putting VM's on an NFS share. I'm trying to configure the kernel, but can't for the life of me find the option to add Root FS on NFS. Is this removed from the configurator with CentOS 5.5/Xen, or is it configured already?
I have to create an unattended install from an USB with special instructions. Unfortunately I'm a newbie and I have no clue as to where to start. We did recieve one link to use and I still don't understand what I'm supposed to do. The link is on the CentOS home page.
I am trying to replace just the kernel (no modules) for my default kernel on FC 11. I use the default .config file and just change a few things and then run the make command. After I replace the kernel and reboot the system the password comes up for the encrypted filesystem and it does not take my password for some reason. what I need to do to get this working?
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Can an unattended Kickstart support both IDE (hda) and SCSI (sda)? The goal is to to create a new virtual machine from scratch. What I have works for Parallels in which a new VM defaults to emulate an IDE hard disk. It does not work for VMware Workstation which defaults to emulate a SCSI disk.
The relevant Kickstart section: bootloader --location=mbr --driveorder=hda --append="rhgb quiet"
I am using RHEL 5.4 my root password is getting reset after every reboot.every time i had to change the password from kernel to access the root.i am unable to find the where the problem is.
I have configured a "Syslog" server on /var directory as a separate ext3 partition - to receive the logs and events from the clients & the firewall as well. The directory needs to grow dynamically as the logs are populated. Is there a way i can make the filesystem grow dynamically as and when the directory is full.
I was wondering if anyone knew how to add a user/pass and allow them to issue the reboot command. Ideally, I dont want them to be able to see files/directories or anything else for that matter.I was thinking something along the lines of a chroot jail that has a single script that would call the reboot.
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
I have installed vnc-server on my CentOS 5.6 virtual machine. I can connect to it with a java web browser so it seems to be working. However, I get the following error message when I start, stop or restart the vnc-server process. Quote: Starting VNC server: 1:ken xauth: timeout in locking authority file /root/.xauthkk661q
I would like to create an unattended install ubuntu 10.10 cd. I have followed the ubuntu [URL].. on creating the preseed file, however, I can't find any useful tutorial on how to set the kernel parameters to perform an unattended install using my preseed file.
A few days I used the wubi installer to install Ubuntu over Windows. This I did on my C: drive. I also have another partition, the X: which now is my D: drive after I used the gparted live cd to give the system partition more free space. No problems so far.
But now, when I use Clementine Player, I see that it cannot find any of my songs in my library and Deluge has to 'check' my downloads every time I open it after a reboot. My theory is that the folder inside /media/, which contains the file system gets a new name (a 16 digit capital letter/number name) every time I reboot my computer - or maybe every time I use Windows and then Ubuntu again? It's pretty annoying,
