Rootfs over encrypted lvm over raid-1 on GPT
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT
Contents |
Rootfs over encrypted lvm over raid-1 on GPT
To start read Rootfs over encrypted lvm
How to prepare the hard disk for GPT read Funtoo GPT Partition and GRUB Boot Guide For example, installing a new system on /dev/sdb Be careful ;) I warned you!
[root@localhost ~]# gdisk -l /dev/sdb GPT fdisk (gdisk) version 0.6.13 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Disk /dev/sdb: 625142448 sectors, 298.1 GiB Logical sector size: 512 bytes Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 625142414 Partitions will be aligned on 2048-sector boundaries Total free space is 3038 sectors (1.5 MiB) Number Start (sector) End (sector) Size Code Name 1 2048 206847 100.0 MiB 0700 Linux/Windows data 2 206848 207871 512.0 KiB EF02 BIOS boot partition 3 208896 625142414 298.0 GiB FD00 Linux RAID
If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like:
mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3
If you prefer to add the two final destination devices to the array in the first place, issue something like:
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3
Encrypting the raid-1
cryptsetup -c aes-xts-plain luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 dmcrypt_root
Further, all the same as here… The differences begin with the "Initramfs setup and configuration"
To activate the raid-1 during boot to perform:
echo "Activating RAID device." if [ ! -e '/etc/mdadm.conf' ] then echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf mdadm --examine --scan --config=/etc/mdadm.conf >> /etc/mdadm.conf mdadm --assemble --scan fi
Or use better-initramfs fork with raid-1 mdadm support
git clone git://github.com/init6/initramfs.git
Grub2 configuration
Importantly do not forgetenc_root=/dev/md0
