Note: This is to create a new partition that is encrypted. Do not do this on an existing partion, because you will lose all the data on the partition.

Note: I added a summarization to the end of this post to provide a bit more clarity about the volume names, etc.

Add the disk to the system and identify it. I used the following:
See if it is there already:

# fdisk -l

If not, scan for it on all your buses:

# echo “- – -” > /sys/class/scsi_host/host0/scan
# echo “- – -” > /sys/class/scsi_host/host1/scan
# echo “- – -” > /sys/class/scsi_host/host2/scan

Check again:

# fdisk -l

Create a volume:
Add the physical disk:

# pvcreate /dev/sdb

Create a volume group;

# vgcreate centos_test /dev/sdb

Activate the volume group:

# vgchange -a y centos_test

Create the volume:

# lvcreate -l 100%FREE -n test centos_test

Write random data to the partition. This is important when reusing a volume.

# shred -v –iterations=1 /dev/centos_test/test

Install cryptsetup:

# yum install cryptsetup

Initialize the volume and set the passphrase:

# cryptsetup –verbose –verify-passphrase luksFormat /dev/centos_test/test

Open the volume and setup the mapping:

# cryptsetup luksOpen /dev/centos_test test

Create the filesystem:

# mkfs.ext3 /dev/mapper/centos_test-test

Mount it:

# mount /dev/mapper/centos_test-test /mnt

Add the volume to be mounted at boot to the crypttab file:
# vi /etc/crypttab

centos_test-test /dev/centos_test/test none

Add the mount to the fstab:

# vi /etc/fstab

/dev/mapper/centos_test-test /mnt ext3 defaults 1 2

Restore selinux context:

# /sbin/restorecon -v -R /mnt

I was not getting prompted for the passphrase at boot. So, I had to boot into single user mode. When I did, I was prompted for the passphrase and the partition mounted fine. I needed to do remove the rhgb parameter from the boot parameters to be prompted when booting into multi-user mode:

# cd /etc/default

Remove the rhgb parameter from kernel parameters.

# vi grub

I removed the rhgb parameter from this line:

GRUB_CMDLINE_LINUX=”rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 crashkernel=auto vconsole.keymap=us rd.lvm.lv=centos/root quiet”

Update grub with the new settings:

# grub2-mkconfig -o /boot/grub2/grub.cfg

When you reboot, you will be prompted for the passphrase you set when prompted in the cryptsetup.

# shutdown -r now

Here is a short summary. Pay particular attention to the luksOpen and mount command and the format of the crypttab and fstab files. Hopefully, these names will make it easier to keep straight.:

# fdisk -l
# fdisk /dev/sdb
# shred -v –iterations=1 /dev/sdb
# pvcreate /dev/sdb
# vgcreate vgtest /dev/sdb
# vgchange -a y vgtest
# lvcreate -l 100%FREE -n lvtest vgtest
# shred -v –iterations=1 /dev/vgtest/lvtest
# cryptsetup –verbose –verify-passphrase luksFormat /dev/vgtest/lvtest
# cryptsetup luksOpen /dev/mapper/vgtest-lvtest lvtest
# mkfs -t ext4 /dev/mapper/lvtest
# mount /dev/mapper/lvtest /mnt

# vi /etc/crypttab

lvtest /dev/mapper/vgtest-lvtest none

# vi /etc/fstab

/dev/mapper/lvtest /mnt ext4 defaults 1 2