Next: Swap Space, Previous: Sistemas de archivos, Up: Configuración del sistema [Contents][Index]
The Linux kernel has a notion of device mapping: a block device, such
as a hard disk partition, can be mapped into another device, usually
in /dev/mapper/
, with additional processing over the data that flows
through it35. A typical example is encryption
device mapping: all writes to the mapped device are encrypted, and all reads
are deciphered, transparently. Guix extends this notion by considering any
device or set of devices that are transformed in some way to create a
new device; for instance, RAID devices are obtained by assembling
several other devices, such as hard disks or partitions, into a new one that
behaves as one partition.
Los dispositivos traducidos se declaran mediante el uso de la forma
mapped-device
, definida a continuación; ejemplos más adelante.
Objetos de este tipo representan traducciones de dispositivo que se llevarán a cabo cuando el sistema arranque.
source
This is either a string specifying the name of the block device to be
mapped, such as "/dev/sda3"
, or a list of such strings when several
devices need to be assembled for creating a new one. In case of LVM this is
a string specifying name of the volume group to be mapped.
target
This string specifies the name of the resulting mapped device. For kernel
mappers such as encrypted devices of type luks-device-mapping
,
specifying "my-partition"
leads to the creation of the
"/dev/mapper/my-partition"
device. For RAID devices of type
raid-device-mapping
, the full device name such as "/dev/md0"
needs to be given. LVM logical volumes of type lvm-device-mapping
need to be specified as "VGNAME-LVNAME"
.
targets
This list of strings specifies names of the resulting mapped devices in case there are several. The format is identical to target.
type
Debe ser un objeto mapped-device-kind
, que especifica cómo
source se traduce a target.
Define el cifrado de bloques LUKS mediante el uso de la orden
cryptsetup
del paquete del mismo nombre. Depende del módulo
dm-crypt
del núcleo Linux.
Return a luks-device-mapping
object, which defines LUKS block device
encryption using the cryptsetup
command from the package with the
same name. It relies on the dm-crypt
Linux kernel module.
If key-file
is provided, unlocking is first attempted using that key
file. This has an advantage of not requiring a password entry, so it can be
used (for example) to unlock RAID arrays automatically on boot. If key file
unlock fails, password unlock is attempted as well. Key file is not stored
in the store and needs to be available at the given location at the time of
the unlock attempt.
;; Following definition would be equivalent to running: ;; cryptsetup open --key-file /crypto.key /dev/sdb1 data (mapped-device (source "/dev/sdb1) (target "data) (type (luks-device-mapping-with-options #:key-file "/crypto.key")))
Define un dispositivo RAID, el cual se ensambla mediante el uso de la orden
mdadm
del paquete del mismo nombre. Requiere la carga del módulo del
núcleo Linux para el nivel RAID apropiado, como raid456
para RAID-4,
RAID-5 o RAID-6, o raid10
para RAID-10.
This defines one or more logical volumes for the Linux
Logical Volume Manager (LVM). The
volume group is activated by the vgchange
command from the
lvm2
package.
El siguiente ejemplo especifica una traducción de /dev/sda3 a
/dev/mapper/home mediante el uso de LUKS—la
configuración de claves
unificada de Linux, un mecanismo estándar para cifrado de disco. El
dispositivo /dev/mapper/home puede usarse entonces como el campo
device
de una declaración file-system
(see Sistemas de archivos).
(mapped-device
(source "/dev/sda3")
(target "home")
(type luks-device-mapping))
De manera alternativa, para independizarse de la numeración de dispositivos, puede obtenerse el UUID LUKS (identificador único) del dispositivo fuente con una orden así:
cryptsetup luksUUID /dev/sda3
y usarlo como sigue:
(mapped-device
(source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
(target "home")
(type luks-device-mapping))
It is also desirable to encrypt swap space, since swap space may contain sensitive data. One way to accomplish that is to use a swap file in a file system on a device mapped via LUKS encryption. In this way, the swap file is encrypted because the entire device is encrypted. See Swap Space, or See Disk Partitioning, for an example.
Un dispositivo RAID formado por las particiones /dev/sda1 y /dev/sdb1 puede declararse como se muestra a continuación:
(mapped-device
(source (list "/dev/sda1" "/dev/sdb1"))
(target "/dev/md0")
(type raid-device-mapping))
El dispositivo /dev/md0 puede usarse entonces como el campo
device
de una declaración file-system
(see Sistemas de archivos). Fíjese que no necesita proporcionar el nivel RAID; se selecciona
durante la creación inicial y formato del dispositivo RAID y después se
determina automáticamente.
LVM logical volumes “alpha” and “beta” from volume group “vg0” can be declared as follows:
(mapped-device
(source "vg0")
(targets (list "vg0-alpha" "vg0-beta"))
(type lvm-device-mapping))
Devices /dev/mapper/vg0-alpha and /dev/mapper/vg0-beta can
then be used as the device
of a file-system
declaration
(see Sistemas de archivos).
Note that the GNU Hurd makes no difference between the concept of a “mapped device” and that of a file system: both boil down to translating input/output operations made on a file to operations on its backing store. Thus, the Hurd implements mapped devices, like file systems, using the generic translator mechanism (see Translators in The GNU Hurd Reference Manual).
Next: Swap Space, Previous: Sistemas de archivos, Up: Configuración del sistema [Contents][Index]