Mounting LUKS RAID 1 - passwords asked twice?

Kernels & Hardware, configuring network, installing services

Mounting LUKS RAID 1 - passwords asked twice?

Postby KingBongo » 2018-05-03 16:43

Hi. I have created a LUKS encrypted RAID 1 configuration containing data. I have a few questions regarding this setup:

1. When I mount it manually via GUI I am being asked to enter passwords twice, once for unlocking the encryption and once for mounting (I am guessing). However, as I recall it when I encrypted one disk only (no RAID) I was only asked to enter the password for unlocking and the drive would then mount after that. What is the difference? How to I configure the LUKS RAID 1 setup to behave like the non-RAID case?

2. What are the most important parts to make a backup of in case of a failure somewhere in the system, and how? Should I create a backup of the LUKS header and do I need to encrypt it for safety? What more? Is there something I should make a backup of regarding the RAID part? Please help me out here, I do not want to loose all my data in case something stupid like a header corruption occurs.
KingBongo
 
Posts: 54
Joined: 2010-10-14 13:39

Re: Mounting LUKS RAID 1 - passwords asked twice?

Postby sylvmarl » 2018-05-17 07:31

Hi,

Have you RAID the raw devices or the mapped devices ?
https://superuser.com/questions/1193290/best-order-of-raid-lvm-and-luks
There should be only one password for deciphering the one mapped device (raw devices RAID assembly). No password for mounting the mapped device.

For the LUKS part, you may create another key, add it to the header, encrypt the key and store it safely somewhere else. You may also backup the header. I don't think it is needed to encrypt it, since it is already a public chunk. It can't be used without your key anyway. If you chose RAID->LUKS, your header will already be on the 2 RAID disks, so a third copy may not be necessary.
https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/
For the RAID part, there is nothing to backup; in case of issue, you may get a message warning you that the disk was part of a RAID, but your 2 disks are accessible independently (at least the one which hasn't crashed) and without need of using RAID.

-Sylvain
sylvmarl
 
Posts: 4
Joined: 2008-05-08 12:23


Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable