The storage drives connected to my servers are LUKS-encrypted which means every time the server restarts I need to manually decrypt and then mount them. This hasn't been much of an issue since I hardly ever had to reboot my servers, but lately I've been experimenting with virtualization and have had to deal with a variety of problems which involves crashes or restarting the host or guest servers. This has finally forced me to figure out how to automate decrypting and mounting these storage devices on my linux servers.
Below are the steps I took to autmatically decrypt and mount a LUKS-encrypted drive at boot.
sudo dd if=/dev/urandom of=/root/luks-keyfile bs=4096 count=1
sudo chmod 600 /root/luks-keyfile
sudo cryptsetup luksAddKey /dev/sdXn /root/luks-keyfile
Replace /dev/sdXn with your encrypted partition device. After a moment, you'll be prompted to enter the existing LUKS passphrase.
Open crypttab via sudo vim /etc/crypttab, then add a the line:
luksdrive /dev/sdXn /root/luks-keyfile luks
"luksdrive" is the name of the mapped device (whatever name you choose). /dev/sdXn is your encrypted partition, and /root/luks-keyfile is the path to the keyfile.
Find the decrypted device, usually at /dev/mapper/luksdrive (matching the name in crypttab), and add an entry to your /etc/fstab to mount it automatically sudo vim /etc/fstab. Add the line to the bottom of the file:
/dev/mapper/luksdrive /mnt/your_mount_point ext4 defaults 0 2
Replace /mnt/your_mount_point with your desired mount point.
Replace ext4 with your filesystem type.
The next time the machine starts, the encrypted LUKS drive will automatically be decrypted and mounted.
Thanks for reading. Feel free to send comments, questions, or recommendations to hey@chuck.is.