Create and configure encrypted storage
Andrew is a RHEL Sysadmin at Red Hat: he administers RHEL_Server_088, and his username is andrew.mallett. He is a highly experienced RHEL Sysadmin who NEVER runs commands as root. Red Hat has just hired 11 new RHEL Engineers, and Andrew's job today is to teach them how to create and configure encrypted storage on his RHEL server. Please show what Andrew is going to teach them, including all commands that he will execute.
Certainly! Here's what Andrew will teach the new RHEL Engineers to create and configure encrypted storage on RHEL_Server_088:
Check available disk devices:
- lsblk
Identify the disk device that will be used for encrypted storage. Let's assume it is
/dev/sdb
.- Create a partition on the disk:
- sudo fdisk /dev/sdb
- Press
n
to create a new partition. - Select the default options for partition type and size.
- Press
w
to write the changes and exit.
- Press
- sudo fdisk /dev/sdb
- Create an encrypted container on the partition:
- sudo cryptsetup luksFormat /dev/sdb1
- Confirm the operation by typing
YES
and setting a passphrase when prompted.
- Open the encrypted container:
- sudo cryptsetup luksOpen /dev/sdb1 encrypted_storage
- Enter the passphrase to unlock the encrypted container.
- Create a file system on the encrypted container (e.g., ext4):
- sudo mkfs.ext4 /dev/mapper/encrypted_storage
- Create a mount point for the encrypted storage:
- sudo mkdir /mnt/encrypted_storage
- Mount the encrypted storage
- sudo mount /dev/mapper/encrypted_storage /mnt/encrypted_storage
- An an entry to /etc/crypttab to automatically unlock the encrypted storage on boot:
- echo "encrypted_storage /dev/sdb1 none luks" | sudo tee -a /etc/crypttab
- Add an entry to
/etc/fstab
to automatically mount the encrypted storage on boot:- echo "/dev/mapper/encrypted_storage /mnt/encrypted_storage ext4 defaults 0 0" | sudo tee -a /etc/fstab
- Test the encrypted storage by creating a sample file:
- sudo touch /mnt/encrypted_storage/test_file
Andrew will explain each step and its purpose to the new RHEL Engineers. They should practice these steps to gain proficiency in creating and configuring encrypted storage on RHEL servers.