LUKs solution and questions about RHCSA exam pedantry. (x-post from /r/redhat/)

Hi all, I thought I should post my solution to a luks setup that I have been having trouble with... and ask some related questions about how the RHCSA exam is handled.

simple example setup: make a logical volume of 500MB, ext4, encrypted and automatically mounted on boot. Use UUID.

I love Jang's books but I have to say I found a point that might be a typo, just misleading, or just trouble due to the evolving shape of cryptsetup. In one his books he gives this example of a cryptsetup file:

shared /dev/mapper/test none shared UUID=uuidnumber none 

(use one or the other)

However from what I can tell, using the mapper is incorrect. Since I am using the UUID all over due to the vague demand, I tried to use the UUID of the mapper and that did not work, so instead I used the UUID of the encrypted device (say /dev/vda6) and that worked. This makes sense because the crypttab seems to be basically your luksOpen call and that has to refer to the encrypted device.

So here are my steps that worked:

#### prepare the disk and key # dd if=/dev/urandom of=/dev/vda6 # dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 # chmod 400 /root/keyfile # cryptsetup luksFormat /dev/vda6 -d /root/keyfile # cryptsetup luksOpen /dev/vda6 mapped-name -d /root/keyfile # mkfs.ext4 /dev/mapper/mapped-name #### test # mount /dev/mapper/mapped-name /my-mount # echo `date` >> /my-mount/testA # umount /my-mount #### setup fstab # dumpe2fs /dev/mapper/mapped-name | grep UUID | awk '{print $3}' >> mapperuuid # cp /etc/fstab ~/fstab.bak # echo -n UUID=`cat mapperuuid` >> /etc/fstab # echo -n " /my-mount ext4 defaults 0 0" >> /etc/fstab #### setup crypttab # blkid /dev/vda6 | awk '{print $2}' >> /etc/crypttab # vi /etc/crypttab # sed 's/"//g' -i /etc/crypttab # sed -i '1s;^;mapper-name ;' /etc/crypttab # sed -i 's/$/ \/root\/keyfile/ luks/' /etc/crypttab # cat /etc/crypttab mapper-name UUID=LOL-OMG-WTF-BBQ /root/keyfile luks #### reboot and verify # init 6 # wait # cat /my-mount/testA #### complete! 

And here are my questions about the exam:
1) The setup specifies that the volume should be 500MB. After encryption and ext4 the mounted volume is 497MB however you can still see that the partition is 500MB, is this OK? is it better to give a little more room to meet a 'minimum'?

2) the setup used the term 'logical volume' and I think that term is used for filesystems on extended partitions. Or should this be interpreted as 'USE LVM'? In this setup, LVM was not mentioned anywhere else in anyway.

3) ugh, does 'delete regular files' typically mean to also include directories?

Please let me know what you think :) my exam is on Monday and I am spending all weekend (except a little time for D&D) practicing.

edits: no I didn't only use sed to edit files but I thought that would be a nice touch for this... but seriously redirecting awk output is better than copy-paste ;)