Hi. I have been looking around for the following issue but could not find a satisfying answers anywhere.
The task is the following: I want to create an encrypted LUKS software RAID 1 (I don't trust hardware RAIDs) out of two physical disks. Which is the best order to do it? As I see it there are two options
1. RAID -> LUKS -> FS
2. LUKS (one disk first?) -> RAID (create with one disk missing and then add missing disk to raid to get same password?) -> FS
Am I wrong? I read somewhere that somebody thought that it is always advisable to encrypt individual disks to minimize problems in case of (for example) a disk failure, which would imply case 2. In other cases people say otherwise. What is correct?
I have a few more questions:
A. What happens when you try to mount the raid in either case? Will you get asked for a password automatically? Which situation is smoothest?
B. What happens in case of a disk failure in either case? Which situation is easier to deal with?
If someone would explain this to me I would be happy. A step-wise explanation of how I should do it would really be great.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[SOLVED] Software RAID 1 + LUKS - which order?
[SOLVED] Software RAID 1 + LUKS - which order?
Last edited by KingBongo on 2017-09-25 12:58, edited 1 time in total.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Software RAID 1 + LUKS - which order?
RAID -> LUKS -> (LVM) -> filesystems
LVM allows to create multiple logical volumes in one single encrypted volume, ie with one passphrase to type.
LUKS -> RAID : you replace the failed disk, create a new LUKS volume on it and add it to the RAID array. The RAID rebuilds (and so on). One more step than above.
LVM allows to create multiple logical volumes in one single encrypted volume, ie with one passphrase to type.
Nonsense with RAID.KingBongo wrote:I read somewhere that somebody thought that it is always advisable to encrypt individual disks to minimize problems in case of (for example) a disk failure
You do not mount the RAID. You assemble a RAID array. You mount a filesystem.KingBongo wrote:A. What happens when you try to mount the raid in either case?
RAID -> LUKS : you replace the failed disk and add it to the RAID array. The RAID rebuilds a mirror or the remaining disk regardless of the RAID array's contents.KingBongo wrote:B. What happens in case of a disk failure in either case? Which situation is easier to deal with?
LUKS -> RAID : you replace the failed disk, create a new LUKS volume on it and add it to the RAID array. The RAID rebuilds (and so on). One more step than above.