Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[SOLVED] Software RAID 1 + LUKS - which order?

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
KingBongo
Posts: 56
Joined: 2010-10-14 13:39

[SOLVED] Software RAID 1 + LUKS - which order?

#1 Post by KingBongo »

Hi. I have been looking around for the following issue but could not find a satisfying answers anywhere.

The task is the following: I want to create an encrypted LUKS software RAID 1 (I don't trust hardware RAIDs) out of two physical disks. Which is the best order to do it? As I see it there are two options

1. RAID -> LUKS -> FS

2. LUKS (one disk first?) -> RAID (create with one disk missing and then add missing disk to raid to get same password?) -> FS

Am I wrong? I read somewhere that somebody thought that it is always advisable to encrypt individual disks to minimize problems in case of (for example) a disk failure, which would imply case 2. In other cases people say otherwise. What is correct?

I have a few more questions:
A. What happens when you try to mount the raid in either case? Will you get asked for a password automatically? Which situation is smoothest?
B. What happens in case of a disk failure in either case? Which situation is easier to deal with?

If someone would explain this to me I would be happy. A step-wise explanation of how I should do it would really be great.
Last edited by KingBongo on 2017-09-25 12:58, edited 1 time in total.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Software RAID 1 + LUKS - which order?

#2 Post by p.H »

RAID -> LUKS -> (LVM) -> filesystems

LVM allows to create multiple logical volumes in one single encrypted volume, ie with one passphrase to type.
KingBongo wrote:I read somewhere that somebody thought that it is always advisable to encrypt individual disks to minimize problems in case of (for example) a disk failure
Nonsense with RAID.
KingBongo wrote:A. What happens when you try to mount the raid in either case?
You do not mount the RAID. You assemble a RAID array. You mount a filesystem.
KingBongo wrote:B. What happens in case of a disk failure in either case? Which situation is easier to deal with?
RAID -> LUKS : you replace the failed disk and add it to the RAID array. The RAID rebuilds a mirror or the remaining disk regardless of the RAID array's contents.

LUKS -> RAID : you replace the failed disk, create a new LUKS volume on it and add it to the RAID array. The RAID rebuilds (and so on). One more step than above.

KingBongo
Posts: 56
Joined: 2010-10-14 13:39

Re: Software RAID 1 + LUKS - which order?

#3 Post by KingBongo »

p.H:
thank you, Thank You, THANK YOU! :)

Post Reply