Ubuntu 20.04 autoinstallation LUKS

Question

Since I'll have to deal with Ubuntu clients mass deployments in the future, I was searching for methods to achieve an unattended setup. My current idea is to use something like kickstart or https://ubuntu.com/server/docs/install/autoinstall and to use ansible after the initial deployment.

One key requirement would be to encrypt the root partition during the setup.

Since autoinstallation seems to be the new standard for 20.04 and I didn't find anything concerning LUKS in the reference, I wanted to ask if someone knows whether LUKS can be used with autoinstallation?

If not: would kickstart be the way to go?

[https://askubuntu.com/questions/1235529/server-autoinstall-how-to-customise-storage-section/1255015#1255015] Agreed schema doc is not very specific on storage. Try manual setup select to encrypt partitions (if they exist). yaml is then available — Rob Raymond, Jul 02 '20 at 14:46
Great ! Can you post an update, I may incorporate into my builds and less foot work for me :-) — Rob Raymond, Jul 04 '20 at 03:24

score 3 · Accepted Answer · answered Aug 31 '20 at 18:38

Creating an answer - thanks @Kulfy for your remark.

Solved by going through the interactive installer. After that, the yaml was available under /var/log/installer:

As far as the storage section is concerned, the file contained the following lines:

storage:
    config:
    - {ptable: gpt, serial: LITEONIT_LCS-128M6S_2.5_7mm_128GB_TW032GYJ550854163694,
      path: /dev/sdb, wipe: superblock, preserve: false, name: '', grub_device: false,
      type: disk, id: disk-sdb}
    - {device: disk-sdb, size: 536870912, wipe: superblock, flag: boot, number: 1,
      preserve: false, grub_device: true, type: partition, id: partition-0}
    - {fstype: fat32, volume: partition-0, preserve: false, type: format, id: format-0}
    - {device: disk-sdb, size: 1073741824, wipe: superblock, flag: '', number: 2,
      preserve: false, type: partition, id: partition-1}
    - {fstype: ext4, volume: partition-1, preserve: false, type: format, id: format-1}
    - {device: disk-sdb, size: 126422614016, wipe: superblock, flag: '', number: 3,
      preserve: false, type: partition, id: partition-2}
    - {volume: partition-2, key: 'safekey', preserve: false, type: dm_crypt, id: dm_crypt-0}
    - name: ubuntu-vg
      devices: [dm_crypt-0]
      preserve: false
      type: lvm_volgroup
      id: lvm_volgroup-0
    - {name: ubuntu-lv, volgroup: lvm_volgroup-0, size: 4294967296B, preserve: false,
      type: lvm_partition, id: lvm_partition-0}
    - {fstype: ext4, volume: lvm_partition-0, preserve: false, type: format, id: format-2}
    - {device: format-2, path: /, type: mount, id: mount-2}
    - {device: format-1, path: /boot, type: mount, id: mount-1}
    - {device: format-0, path: /boot/efi, type: mount, id: mount-0}

I've also successfully used the generated lines in an unattended setup.

score 1 · Answer 2 · answered Apr 19 '23 at 01:13

The ability to specify the LUKS passphrase has been recently added to Subiquity: https://github.com/canonical/subiquity/pull/1579

It should work like that:

storage:
  layout:
    name: lvm
    password: passw0rd

This is not yet released, though; hope to be able to use it soon.

Ubuntu 20.04 autoinstallation LUKS

2 Answers2

Linked