I have a notebook with CentOS 8.2 with an encrypted root and data partition. After the installation, I have continued working on it, and the current state should serve as a base for other notebooks, in order not to have to do the whole procedure again. Our past approach was to just copy and compress the whole hard drive image onto an external drive, which does not seem as straight-forward with an encrypted drive. Here's the output of lsblk:
Code: Select all
NAME FSTYPE LABEL MOUNTPOINT nvme0n1 ├─nvme0n1p1 vfat /boot/efi ├─nvme0n1p2 ext4 /boot └─nvme0n1p3 crypto_LUKS └─luks-378e7d72-a2bd-4553-9e3d-194b32607345 LVM2_member ├─cl_centos82-root xfs / ├─cl_centos82-swap swap [SWAP] └─cl_centos82-data xfs /data
- Just copy and compress the whole disk. The sectors which have not been written to (i.e. are zeroes) can be compressed very well, but the sectors which have had at least one write access are encrypted, and make compression inefficient. It is also discouraged by the cryptsetup FAQ. However, sharing the same master key is not an issue for our case.
- Copy the image of the boot partitions and the decrypted LUKS partition separately. The unwritten sectors on the LUKS partition are garbled this way and can not be compressed efficiently. I would like to avoid filling the free space of the encrypted drive with zeroes, as it seems like a waste of resources and can not be reversed easily.
- Copy the contents at file system level. Using rsync or xfs_copy or xfsdump/xfsrestore. This however would require to partition everything first. Either by copying the partition table with sfdisk, or doing everything manually. But for the manual process, I am not sure what Anaconda has done during the installation process, and the logs are very verbose. Furthermore, I would need to adjust the partition UUIDs everywhere, but I think this is manageable.
- Using Kickstart. I could write everything I have done afterwards into the post script, but I can't remember everything, and the bash history only reaches so far. Furthermore, I have not worked through the whole Kickstart documentation yet, so I don't know what is possible and what isn't.
Thanks in advance!