request system filesystem encryption enable
语法
request system filesystem encryption enable <dry-run | re0 | re1>
先决条件
以下是启用文件系统加密的先决条件:
-
系统包含预配了 IDevID 的 TPM2.0。
-
支持具有单个或冗余磁盘的系统。
-
对配置和日志文件进行数据备份。
描述
在文件系统上启用加密过程时,转换过程从备份路由引擎开始,然后是活动路由引擎。对于冗余磁盘,转换从主磁盘开始,然后是辅助磁盘,以避免数据丢失。
启用后,将无法禁用加密,并且将删除所有不支持文件系统加密的软件映像版本。
选项
none | 在所有路由引擎上启用文件系统加密。 |
||||||||||
dry-run | (可选)显示文件系统加密消息而不运行加密过程。 |
||||||||||
re0 | (可选)在 RE0 上启用文件系统加密。 |
||||||||||
re1 | (可选)在 RE1 上启用文件系统加密。 |
||||||||||
routing-engine | (可选)在指定的路由引擎上启用文件系统加密。使用以下选项之一指定路由引擎:
|
所需权限级别
维护
示例输出
请求启用系统文件系统加密
user@host> request system filesystem encryption enable
You are about to encrypt LVM partitions on "/dev/sda5 and /dev/sdb5" LVM volumes currently on /dev/sda5 jvg_P-jlvmjunos jvg_P-jlvmrootrw jvg_P-jlvmspare jvg_P-jlvmvm The swap partition on /dev/sda6 will be deleted and added to VG jvg_P LVM volumes currently on /dev/sdb5 jvg_S-jlvmjunos jvg_S-jlvmrootrw jvg_S-jlvmspare jvg_S-jlvmvm The swap partition on /dev/sdb6 will be deleted and added to VG jvg_S Type YES to continue: ? YES Preparing partition /dev/sda5 for encryption Fixing PV device size Physical volume "/dev/sda5" changed 1 physical volume(s) resized or updated / 0 physical volume(s) not resized Logical volume "jlvmswap" created. Setting up swapspace version 1, size = 108 MiB (113242112 bytes) no label, UUID=72162649-0bdd-4827-bc83-0e18278f5aac Preparing partition /dev/sdb5 for encryption Fixing PV device size Physical volume "/dev/sdb5" changed 1 physical volume(s) resized or updated / 0 physical volume(s) not resized Logical volume "jlvmswap" created. Setting up swapspace version 1, size = 108 MiB (113242112 bytes) no label, UUID=d89d3741-feb7-4152-8883-de5a9a2d1e5d
在转换过程中,需要使用 vmhost 重新引导 request vmhost reboot
以启动文件系统加密并反映更改。
user@host> request vmhost reboot
error: no suitable video mode found. Booting in blind mode mount: /dev: none already mounted or mount point busy. . . . . . . . . . . . . . . Encrypt Filesystem requested [y]... Partition /dev/sda5 is lvm. 0 logical volume(s) in volume group "jvg_P" now active Adding LUKS header to /dev/sda5 and initializing encryption Starting encryption on Partition /dev/sda5 Progress: 100.0%, ETA 00:08, 188166 MiB written, speed 150.0 MiB/s Finished, time 20:17.484, 186166 MiB written, speed 150.4 MiB/s Partition /dev/sda5 is fully encrypted Fixing PV size after adding LUKS2 header WARNING: Device /dev/mapper/luks2-sda5 has size of 381268367 sectors which is smaller than corresponding PV size of 381286799 sectors. Was device resized? WARNING: One or more devices used as PVs in VG jvg_P have changed sizes. Physical volume "/dev/mapper/luks2-sda5" changed 1 physical volume(s) resized or updated / 0 physical volume(s) not resized Successfully enrolled TPM2.0 key to keyslot: 0 Successfully added token to keyslot: 0 Attempting to Unlock LUKS volume using TPM2.0 key in keyslot: 0 Successfully unlocked LUKS2 partition /dev/sda5 using TPM 2.0 key. Removing Keyslot: 1 Partition /dev/sdb5 is lvm. 0 logical volume(s) in volume group "jvg_S" now active Adding LUKS header to /dev/sdb5 and initializing encryption Starting encryption on Partition /dev/sdb5 Progress: 100.0%, ETA 00:25, 188166 MiB written, speed 150.5 MiB/s Finished, time 20:37.884, 186166 MiB written, speed 150.4 MiB/s Partition /dev/sdb5 is fully encrypted Fixing PV size after adding LUKS2 header WARNING: Device /dev/mapper/luks2-sdb5 has size of 381268367 sectors which is smaller than corresponding PV size of 381286799 sectors. Was device resized? WARNING: One or more devices used as PVs in VG jvg_S have changed sizes. Physical volume "/dev/mapper/luks2-sdb5" changed 1 physical volume(s) resized or updated / 0 physical volume(s) not resized Successfully enrolled TPM2.0 key to keyslot: 0 Successfully added token to keyslot: 0 Attempting to Unlock LUKS volume using TPM2.0 key in keyslot: 0 Successfully unlocked LUKS2 partition /dev/sdb5 using TPM 2.0 key. Removing Keyslot: 1 Rebooting in 5 seconds
发布信息
在 Junos OS 22.3R1 版中引入的命令。