Difference between revisions of "Rootfs over encrypted lvm over raid-1 on GPT"
From Funtoo Linux
(Anh em Ta cung nhau nhin di) |
(Updated link to rootfs wiki page) |
||
| (One intermediate revision by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT | |
| + | = Rootfs over encrypted lvm over raid-1 on GPT = | ||
| + | |||
| + | To start read [http://www.funtoo.org/wiki/Rootfs_over_encrypted_lvm Rootfs over encrypted lvm] | ||
| + | |||
| + | How to prepare the hard disk for GPT read [http://www.funtoo.org/en/funtoo/core/partition/ Funtoo GPT Partition and GRUB Boot Guide] | ||
| + | For example, installing a new system on /dev/sdb Be careful ;) I warned you! | ||
| + | |||
| + | <pre>[root@localhost ~]# gdisk -l /dev/sdb | ||
| + | GPT fdisk (gdisk) version 0.6.13 | ||
| + | |||
| + | Partition table scan: | ||
| + | MBR: protective | ||
| + | BSD: not present | ||
| + | APM: not present | ||
| + | GPT: present | ||
| + | |||
| + | Found valid GPT with protective MBR; using GPT. | ||
| + | Disk /dev/sdb: 625142448 sectors, 298.1 GiB | ||
| + | Logical sector size: 512 bytes | ||
| + | Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90 | ||
| + | Partition table holds up to 128 entries | ||
| + | First usable sector is 34, last usable sector is 625142414 | ||
| + | Partitions will be aligned on 2048-sector boundaries | ||
| + | Total free space is 3038 sectors (1.5 MiB) | ||
| + | |||
| + | Number Start (sector) End (sector) Size Code Name | ||
| + | 1 2048 206847 100.0 MiB 0700 Linux/Windows data | ||
| + | 2 206848 207871 512.0 KiB EF02 BIOS boot partition | ||
| + | 3 208896 625142414 298.0 GiB FD00 Linux RAID | ||
| + | </pre> | ||
| + | |||
| + | If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like: | ||
| + | |||
| + | <pre>mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3</pre> | ||
| + | |||
| + | If you prefer to add the two final destination devices to the array in the first place, issue something like: | ||
| + | |||
| + | <pre>mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3</pre> | ||
| + | |||
| + | If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by viewing at the content of /proc/mdstat : | ||
| + | |||
| + | <pre>root@golf576:~# cat /proc/mdstat | ||
| + | Personalities : [raid1] [raid0] [raid6] [raid5] [raid4] | ||
| + | md2 : active raid1 sdb5[1] sda5[0] | ||
| + | 581595328 blocks [2/2] [UU] | ||
| + | resync=DELAYED | ||
| + | |||
| + | md1 : active raid1 sdb4[1] sda4[0] | ||
| + | 41942976 blocks [2/2] [UU] | ||
| + | [>....................] resync = 1.6% (691456/41942976) finish=8.9min speed=76828K/sec | ||
| + | |||
| + | md0 : active raid1 sdb1[1] sda1[0] | ||
| + | 511936 blocks [2/2] [UU] | ||
| + | |||
| + | unused devices: <none> | ||
| + | root@golf576:~#</pre> | ||
| + | |||
| + | Now, that's awesome, isn't it? :) | ||
| + | Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to it's filesystem. | ||
| + | |||
| + | = Encrypting the raid-1 = | ||
| + | |||
| + | <pre>cryptsetup -c aes-xts-plain luksFormat /dev/md0 | ||
| + | cryptsetup luksOpen /dev/md0 dmcrypt_root</pre> | ||
| + | |||
| + | Further, all the same [http://docs.funtoo.org/Rootfs_over_encrypted_lvm as here]… The differences begin with the "Initramfs setup and configuration" | ||
| + | |||
| + | To activate the raid-1 during boot to perform: | ||
| + | <pre>echo "Activating RAID device." | ||
| + | if [ ! -e '/etc/mdadm.conf' ] | ||
| + | then | ||
| + | echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf | ||
| + | mdadm --examine --scan --config=/etc/mdadm.conf >> /etc/mdadm.conf | ||
| + | mdadm --assemble --scan | ||
| + | fi</pre> | ||
| + | |||
| + | Or use [https://github.com/slashbeast/better-initramfs better-initramfs with raid-1 mdadm support] | ||
| + | <pre>git clone https://github.com/slashbeast/better-initramfs.git</pre> | ||
| + | This script is well documented at it's GitHub overview site (which displays the documentation from README.rst). | ||
| + | |||
| + | = Grub2 configuration = | ||
| + | Importantly do not forget <pre>enc_root=/dev/md0</pre> | ||
| + | |||
| + | = Additional links = | ||
| + | * [http://en.gentoo-wiki.com/wiki/RAID/Software RAID/Software] | ||
| + | * [http://www.gentoo.org/doc/en/gentoo-x86+raid+lvm2-quickinstall.xml Gentoo Linux x86 with Software Raid and LVM2 Quick Install Guide] | ||
| + | |||
| + | [[Category:HOWTO]] | ||
Revision as of 06:38, 4 March 2013
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT
Contents |
Rootfs over encrypted lvm over raid-1 on GPT
To start read Rootfs over encrypted lvm
How to prepare the hard disk for GPT read Funtoo GPT Partition and GRUB Boot Guide For example, installing a new system on /dev/sdb Be careful ;) I warned you!
[root@localhost ~]# gdisk -l /dev/sdb GPT fdisk (gdisk) version 0.6.13 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Disk /dev/sdb: 625142448 sectors, 298.1 GiB Logical sector size: 512 bytes Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 625142414 Partitions will be aligned on 2048-sector boundaries Total free space is 3038 sectors (1.5 MiB) Number Start (sector) End (sector) Size Code Name 1 2048 206847 100.0 MiB 0700 Linux/Windows data 2 206848 207871 512.0 KiB EF02 BIOS boot partition 3 208896 625142414 298.0 GiB FD00 Linux RAID
If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like:
mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3
If you prefer to add the two final destination devices to the array in the first place, issue something like:
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3
If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by viewing at the content of /proc/mdstat :
root@golf576:~# cat /proc/mdstat
Personalities : [raid1] [raid0] [raid6] [raid5] [raid4]
md2 : active raid1 sdb5[1] sda5[0]
581595328 blocks [2/2] [UU]
resync=DELAYED
md1 : active raid1 sdb4[1] sda4[0]
41942976 blocks [2/2] [UU]
[>....................] resync = 1.6% (691456/41942976) finish=8.9min speed=76828K/sec
md0 : active raid1 sdb1[1] sda1[0]
511936 blocks [2/2] [UU]
unused devices: <none>
root@golf576:~#
Now, that's awesome, isn't it? :) Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to it's filesystem.
Encrypting the raid-1
cryptsetup -c aes-xts-plain luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 dmcrypt_root
Further, all the same as here… The differences begin with the "Initramfs setup and configuration"
To activate the raid-1 during boot to perform:
echo "Activating RAID device." if [ ! -e '/etc/mdadm.conf' ] then echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf mdadm --examine --scan --config=/etc/mdadm.conf >> /etc/mdadm.conf mdadm --assemble --scan fi
Or use better-initramfs with raid-1 mdadm support
git clone https://github.com/slashbeast/better-initramfs.git
This script is well documented at it's GitHub overview site (which displays the documentation from README.rst).
Grub2 configuration
Importantly do not forgetenc_root=/dev/md0
