Обсуждение: [ADMIN] Postgres Data Encryption Using LUKS with dm-crypt
We have encrypted volume using LUKS. *cryptsetup luksOpen /root/test1 volume1* and mounted on *mount /dev/mapper/volume1 /mnt/files* We created postgres data directory inside /mnt/files and able to start the postgres database. */usr/local/pgsql/bin/pg_ctl -D /mnt/files/postgres/ -l /var/logs/postgres/postgrs.log start* Even though we unmounted /mnt/files *sudo umount -l /mnt/files* When we try to close volume using LUKS. *sudo cryptsetup luksClose volume1* Getting following errors: *device-mapper: remove ioctl on volume1 failed: Device or resource busy* -- View this message in context: http://www.postgresql-archive.org/Postgres-Data-Encryption-Using-LUKS-with-dm-crypt-tp5961821.html Sent from the PostgreSQL - admin mailing list archive at Nabble.com.
On Tue, May 16, 2017 at 12:43:02AM -0700, rakesh-eltropy wrote:
> */usr/local/pgsql/bin/pg_ctl -D /mnt/files/postgres/ -l
> /var/logs/postgres/postgrs.log start*
> Even though we unmounted /mnt/files
>
> *sudo umount -l /mnt/files*
> When we try to close volume using LUKS.
>
> *sudo cryptsetup luksClose volume1*
> Getting following errors:
>
> *device-mapper: remove ioctl on volume1 failed: Device or resource busy*
Looks fair. You did a lazy unmount whilst postgres is still using it
(lsof -n will confirm) THEN you tried to tell it to stop the encryption
processing, which it wont let you do as the mount is still in use
(though detached from the filesystem tree).
--
"A search of his car uncovered pornography, a homemade sex aid, women's
stockings and a Jack Russell terrier."
- http://www.dailytelegraph.com.au/news/wacky/indeed/story-e6frev20-1111118083480
Thanks Cat for quick response. I understand this. Is there any way I can encrypt the data at rest in Postgres using LUKS. Kind find any documentation.
On Tue, 16 May 2017 at 1:36 PM, Cat <cat@zip.com.au> wrote:
On Tue, May 16, 2017 at 12:43:02AM -0700, rakesh-eltropy wrote:
> */usr/local/pgsql/bin/pg_ctl -D /mnt/files/postgres/ -l
> /var/logs/postgres/postgrs.log start*
> Even though we unmounted /mnt/files
>
> *sudo umount -l /mnt/files*
> When we try to close volume using LUKS.
>
> *sudo cryptsetup luksClose volume1*
> Getting following errors:
>
> *device-mapper: remove ioctl on volume1 failed: Device or resource busy*
Looks fair. You did a lazy unmount whilst postgres is still using it
(lsof -n will confirm) THEN you tried to tell it to stop the encryption
processing, which it wont let you do as the mount is still in use
(though detached from the filesystem tree).
--
"A search of his car uncovered pornography, a homemade sex aid, women's
stockings and a Jack Russell terrier."
- http://www.dailytelegraph.com.au/news/wacky/indeed/story-e6frev20-1111118083480
On Tue, May 16, 2017 at 08:12:19AM +0000, rakesh goyal wrote:
> Thanks Cat for quick response. I understand this. Is there any way I can
> encrypt the data at rest in Postgres using LUKS. Kind find any
> documentation.
As near as I can tell, you have.
Why are you trying to unmount the filesystem containing the data and closing
the luks encryption?
--
"A search of his car uncovered pornography, a homemade sex aid, women's
stockings and a Jack Russell terrier."
- http://www.dailytelegraph.com.au/news/wacky/indeed/story-e6frev20-1111118083480
I thought there will be a way to close the LUKS encryption volume. Its clear to me now , encryption volume has to be in the opened state. LUKS will help if somebody can hold of physical hard disk. It does not protect against copying data from Live environment.
On Tue, May 16, 2017 at 5:47 PM, Cat <cat@zip.com.au> wrote:
On Tue, May 16, 2017 at 08:12:19AM +0000, rakesh goyal wrote:
> Thanks Cat for quick response. I understand this. Is there any way I can
> encrypt the data at rest in Postgres using LUKS. Kind find any
> documentation.
As near as I can tell, you have.
Why are you trying to unmount the filesystem containing the data and closing
the luks encryption?
--
"A search of his car uncovered pornography, a homemade sex aid, women's
stockings and a Jack Russell terrier."
- http://www.dailytelegraph.com.au/news/wacky/indeed/story- e6frev20-1111118083480
On Tue, May 16, 2017 at 06:01:55PM +0530, rakesh goyal wrote:
> I thought there will be a way to close the LUKS encryption volume. Its
> clear to me now , encryption volume has to be in the opened state. LUKS
> will help if somebody can hold of physical hard disk. It does not protect
> against copying data from Live environment.
Correct. The latter is a far more complex problem.
--
"A search of his car uncovered pornography, a homemade sex aid, women's
stockings and a Jack Russell terrier."
- http://www.dailytelegraph.com.au/news/wacky/indeed/story-e6frev20-1111118083480