Converting from Device Names to UUIDs for Encrypted Devices
When configuring a Navigator Encrypt mount point, you can use either the device name (sample device name: /dev/sdb1) or the UUID (sample UUID: 3a602a15-11f7-46ac-ae98-0a51e1b25cf9) to configure the mount point. For more information, see Navigator Encrypt and Device UUIDs.
The UUID mount point configuration choice is preferable for Navigator Encrypt, because the device name can change when the system is rebooted or new disks are added, but the UUID never changes. You can only use the UUID (--use-uuid) configuration option during the initial mount point configuration. You cannot use the UUID mount point configuration option on existing mount points that were created in Navigator Encrypt 3.12.0 or earlier, or that were configured to use the device name instead of the UUID.
Preparing for UUID Conversion
# navencrypt-prepare -h ... --convert-uuid --all|--device=DEVICE Converts devices that are stored using the device name to instead use its uuid. '--all' will attempt to convert all device names in the navencrypt ztab file. '--device=DEVICE' will convert a single device. ...
- --device=DEVICE
Use this option to run the conversion against a single specified device.
- --all
Use this option to run the conversion against all mount points that are currently using the device name instead of the UUID as defined in the /etc/navencrypt/ztab file.
Converting a Single Device
Use the UUID conversion utility --device=DEVICE option to convert from a device name to UUID for a mount point on a single device. It is recommended that you test the conversion against at least one device before running it against all devices:
# navencrypt-prepare --convert-uuid --device=/dev/xvdd Backing up /etc/navencrypt to /tmp/navencrypt_bkup_20180917_135716 ... Stopping navencrypt-mount... Stopping navencrypt directories Umounting /dev/xvdd ... [ OK ] Umounting /dev/xvde ... [ OK ] Umounting /dev/xvdf ... [ OK ] * Unloading module ... [ OK ] Running conversion on /dev/xvdd ... ..
You must approve and finalize the conversion before it is complete.
Converting All Available Devices
Use the UUID conversion utility --all option to convert from the device name to the device UUID on all available devices. The conversion utility skips loop devices because they do not have a dedicated UUID:
# navencrypt-prepare --convert-uuid --all Backing up /etc/navencrypt to /tmp/navencrypt_bkup_20180917_135731 ... Stopping navencrypt-mount... Stopping navencrypt directories * Umounting /dev/xvdd ... [ OK ] * Umounting /dev/xvde ... [ OK ] * Umounting /dev/xvdf ... [ OK ] * Unloading module ... [ OK ] Running conversion on /dev/xvdd... Running conversion on /dev/xvde... Running conversion on /dev/xvdf... ...
You must approve and finalize the conversion before it is complete.
Finalizing the Conversion
Before the device name-to-UUID conversion is applied to the configuration files, you must review and approve the differences between the /etc/navencrypt/ztab and /etc/navencrypt/control by either accepting the changes ("y"), or rejecting them ("n").
# navencrypt-prepare --convert-uuid --all ... Running conversion on /dev/xvdd... Running conversion on /dev/xvde... Running conversion on /dev/xvdf... Showing diff of ztab and control files --------------------------------------------- ZTAB --------------------------------------------- 2,4c2,4 < /navencrypt_mount/block1 /dev/xvdd luks key=keytrustee < /navencrypt_mount/block2 /dev/xvde luks key=keytrustee < /navencrypt_mount/block3 /dev/xvdf luks key=keytrustee --- /navencrypt_mount/block1 /dev/disk/by-uuid/4206d6d5-6014-435a-b342-1d3dad5559a2 luks key=keytrustee > /navencrypt_mount/block2 /dev/disk/by-uuid/b84c4f38-bc74-40bc-87eb-2e857a996933 luks key=keytrustee > /navencrypt_mount/block3 /dev/disk/by-uuid/622312d0-0e6c-4e37-adeb-f6066a1df07d luks key=keytrustee --------------------------------------------- CONTROL --------------------------------------------- 8c8 < "name": "/dev/xvdd", --- > "name": "/dev/disk/by-uuid/4206d6d5-6014-435a-b342-1d3dad5559a2", 11c11 < "name": "/dev/xvde", --- > "name": "/dev/disk/by-uuid/b84c4f38-bc74-40bc-87eb-2e857a996933", 14c14 < "name": "/dev/xvdf", --- > "name": "/dev/disk/by-uuid/622312d0-0e6c-4e37-adeb-f6066a1df07d", Accept changes? [y/N] y Moving KeyTrustee deposit for /dev/xvdd... Moving KeyTrustee deposit for /dev/xvde... Moving KeyTrustee deposit for /dev/xvdf... Operation complete Overwriting old files... Starting navencrypt-mount... Starting navencrypt directories * Mounting '4206d6d5-6014-435a-b342-1d3dad5559a2' [ OK ] * Mounting 'b84c4f38-bc74-40bc-87eb-2e857a996933' [ OK ] * Mounting '622312d0-0e6c-4e37-adeb-f6066a1df07d' [ OK ]
# navencrypt-prepare --convert-uuid --all ... Accept changes? [y/N] n Changes will not be applied. Proposed changes are saved to /etc/navencrypt/ztab.new and /etc/navencrypt/control.new
Rolling Back the UUID Conversion
# service navencrypt-mount stop # rm /etc/navencrypt/keytrustee/deposits/dev.disk.by-uuid.* # cp -rp /tmp/navencrypt_bkup_date_time/* /etc/navencrypt/ # service navencrypt-mount start
<< Encrypting and Decrypting Data Using Cloudera Navigator Encrypt | ©2016 Cloudera, Inc. All rights reserved | Navigator Encrypt Access Control List >> |
Terms and Conditions Privacy Policy |