Mounting a LUKS-encrypted filesystem that's part of a Xen domU with LVM-backed storage

the starting premises

Thank you CentOS folks for the helpful EncryptedFilesystem HOWTO.

the bullet list

the full procedure

# apply a partition mapping to the LV in question... [root@dom0 ~]# kpartx -a /dev/mapper/vg00-domU # what are our resulting partitions? [root@dom0 ~]# ls /dev/mapper/vg00-domUp* /dev/mapper/vg00-domUp1 /dev/mapper/vg00-domUp2 /dev/mapper/vg00-domUp3 # looks like partitions 2 and 3 are encrypted data... [root@dom0 ~]# file -s /dev/mapper/vg00-domUp* /dev/mapper/vg00-domUp1: Linux rev 1.0 ext3 filesystem data /dev/mapper/vg00-domUp2: data /dev/mapper/vg00-domUp3: data # and I happen to know that p3 is the one I want; # now, unlock the LUKS device... [root@dom0 ~]# cryptsetup luksOpen /dev/mapper/domUp3 p3unlocked Enter LUKS passphrase for /dev/mapper/domUp3: ************************ key slot 0 unlocked. Command successful. # note that "p3unlocked" is an arbitrary label I've picked # mount the filesystem somewhere sensible... [root@dom0 ~]# mount /dev/mapper/p3unlocked /mnt/tmp/ # et voila: [root@dom0 ~]# df -h /mnt/tmp/ Filesystem Size Used Avail Use% Mounted on /dev/mapper/p3unlocked 5.8G 5.1G 401M 93% /mnt/tmp # done? let's unmount... [root@dom0 ~]# umount /mnt/tmp/ # ...lock the partition... [root@dom0 ~]# cryptsetup luksClose p3unlocked # ...and release the partition table mapping: [root@dom0 ~]# kpartx -d /dev/mapper/vg00-domU # fin.