request system filesystem encryption enable
语法
request system filesystem encryption enable <dry-run | re0 | re1>
先决条件
以下是启用文件系统加密的先决条件:
-
系统包含预配了 IDevID 的 TPM2.0。
-
支持具有单个或冗余磁盘的系统。
-
对配置和日志文件进行数据备份。
描述
在文件系统上启用加密过程时,转换过程从备份路由引擎开始,然后是活动路由引擎。对于冗余磁盘,转换从主磁盘开始,然后是辅助磁盘,以避免数据丢失。
启用后,将无法禁用加密,并且将删除所有不支持文件系统加密的软件映像版本。
选项
| none | 在所有路由引擎上启用文件系统加密。 |
||||||||||
| dry-run | (可选)显示文件系统加密消息而不运行加密过程。 |
||||||||||
| re0 | (可选)在 RE0 上启用文件系统加密。 |
||||||||||
| re1 | (可选)在 RE1 上启用文件系统加密。 |
||||||||||
| routing-engine | (可选)在指定的路由引擎上启用文件系统加密。使用以下选项之一指定路由引擎:
|
所需权限级别
维护
示例输出
请求启用系统文件系统加密
user@host> request system filesystem encryption enable
You are about to encrypt LVM partitions on "/dev/sda5 and /dev/sdb5"
LVM volumes currently on /dev/sda5
jvg_P-jlvmjunos
jvg_P-jlvmrootrw
jvg_P-jlvmspare
jvg_P-jlvmvm
The swap partition on /dev/sda6 will be deleted and added to VG jvg_P
LVM volumes currently on /dev/sdb5
jvg_S-jlvmjunos
jvg_S-jlvmrootrw
jvg_S-jlvmspare
jvg_S-jlvmvm
The swap partition on /dev/sdb6 will be deleted and added to VG jvg_S
Type YES to continue: ? YES
Preparing partition /dev/sda5 for encryption
Fixing PV device size
Physical volume "/dev/sda5" changed
1 physical volume(s) resized or updated / 0 physical volume(s) not resized
Logical volume "jlvmswap" created.
Setting up swapspace version 1, size = 108 MiB (113242112 bytes)
no label, UUID=72162649-0bdd-4827-bc83-0e18278f5aac
Preparing partition /dev/sdb5 for encryption
Fixing PV device size
Physical volume "/dev/sdb5" changed
1 physical volume(s) resized or updated / 0 physical volume(s) not resized
Logical volume "jlvmswap" created.
Setting up swapspace version 1, size = 108 MiB (113242112 bytes)
no label, UUID=d89d3741-feb7-4152-8883-de5a9a2d1e5d
在转换过程中,需要使用 vmhost 重新引导 request vmhost reboot 以启动文件系统加密并反映更改。
user@host> request vmhost reboot
error: no suitable video mode found.
Booting in blind mode
mount: /dev: none already mounted or mount point busy.
. . . . . . .
. . . . . . .
Encrypt Filesystem requested [y]...
Partition /dev/sda5 is lvm.
0 logical volume(s) in volume group "jvg_P" now active
Adding LUKS header to /dev/sda5 and initializing encryption
Starting encryption on Partition /dev/sda5
Progress: 100.0%, ETA 00:08, 188166 MiB written, speed 150.0 MiB/s
Finished, time 20:17.484, 186166 MiB written, speed 150.4 MiB/s
Partition /dev/sda5 is fully encrypted
Fixing PV size after adding LUKS2 header
WARNING: Device /dev/mapper/luks2-sda5 has size of 381268367 sectors which is smaller than corresponding PV size of 381286799 sectors. Was device resized?
WARNING: One or more devices used as PVs in VG jvg_P have changed sizes.
Physical volume "/dev/mapper/luks2-sda5" changed
1 physical volume(s) resized or updated / 0 physical volume(s) not resized
Successfully enrolled TPM2.0 key to keyslot: 0
Successfully added token to keyslot: 0
Attempting to Unlock LUKS volume using TPM2.0 key in keyslot: 0
Successfully unlocked LUKS2 partition /dev/sda5 using TPM 2.0 key. Removing Keyslot: 1
Partition /dev/sdb5 is lvm.
0 logical volume(s) in volume group "jvg_S" now active
Adding LUKS header to /dev/sdb5 and initializing encryption
Starting encryption on Partition /dev/sdb5
Progress: 100.0%, ETA 00:25, 188166 MiB written, speed 150.5 MiB/s
Finished, time 20:37.884, 186166 MiB written, speed 150.4 MiB/s
Partition /dev/sdb5 is fully encrypted
Fixing PV size after adding LUKS2 header
WARNING: Device /dev/mapper/luks2-sdb5 has size of 381268367 sectors which is smaller than corresponding PV size of 381286799 sectors. Was device resized?
WARNING: One or more devices used as PVs in VG jvg_S have changed sizes.
Physical volume "/dev/mapper/luks2-sdb5" changed
1 physical volume(s) resized or updated / 0 physical volume(s) not resized
Successfully enrolled TPM2.0 key to keyslot: 0
Successfully added token to keyslot: 0
Attempting to Unlock LUKS volume using TPM2.0 key in keyslot: 0
Successfully unlocked LUKS2 partition /dev/sdb5 using TPM 2.0 key. Removing Keyslot: 1
Rebooting in 5 seconds
发布信息
在 Junos OS 22.3R1 版中引入的命令。