Difference between revisions of "Rootfs over encrypted lvm over raid-1 on GPT"
(*its) |
|||
(One intermediate revision by the same user not shown) | |||
Line 5: | Line 5: | ||
How to prepare the hard disk for GPT read [[Funtoo_Linux_Installation#GPT_Partitions|Funtoo Linux Installation on GPT_Partitions]]. | How to prepare the hard disk for GPT read [[Funtoo_Linux_Installation#GPT_Partitions|Funtoo Linux Installation on GPT_Partitions]]. | ||
For example, installing a new system on /dev/sdb | For example, installing a new system on <code>/dev/sdb</code> | ||
< | <console> | ||
###i## gdisk -l /dev/sdb | |||
GPT fdisk (gdisk) version 0.6.13 | GPT fdisk (gdisk) version 0.6.13 | ||
Line 29: | Line 30: | ||
2 206848 207871 512.0 KiB EF02 BIOS boot partition | 2 206848 207871 512.0 KiB EF02 BIOS boot partition | ||
3 208896 625142414 298.0 GiB FD00 Linux RAID | 3 208896 625142414 298.0 GiB FD00 Linux RAID | ||
</ | </console> | ||
If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like: | If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like: | ||
<console> | |||
< | ###i## mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3 | ||
</console> | |||
If you prefer to add the two final destination devices to the array in the first place, issue something like: | If you prefer to add the two final destination devices to the array in the first place, issue something like: | ||
<console> | |||
###i## mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3 | |||
</console> | |||
If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by looking at the contents of <code>/proc/mdstat</code>: | |||
If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by | |||
< | <console> | ||
###i## cat /proc/mdstat | |||
Personalities : [raid1] [raid0] [raid6] [raid5] [raid4] | Personalities : [raid1] [raid0] [raid6] [raid5] [raid4] | ||
md2 : active raid1 sdb5[1] sda5[0] | md2 : active raid1 sdb5[1] sda5[0] | ||
Line 55: | Line 59: | ||
unused devices: <none> | unused devices: <none> | ||
###i## | |||
</console> | |||
Now, that's awesome, isn't it? :) | Now, that's awesome, isn't it? :) | ||
Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to its filesystem. | Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to its filesystem. | ||
= Encrypting the raid-1 = | == Encrypting the raid-1 == | ||
<console> | |||
###i## cryptsetup -c aes-xts-plain luksFormat /dev/md0 | |||
###i## cryptsetup luksOpen /dev/md0 dmcrypt_root | |||
</console> | |||
To activate the raid-1 during boot | == Initramfs setup and configuration == | ||
=== No initramfs === | |||
To activate the raid-1 during boot without an initramfs, perform: | |||
<pre>echo "Activating RAID device." | <pre>echo "Activating RAID device." | ||
if [ ! -e '/etc/mdadm.conf' ] | if [ ! -e '/etc/mdadm.conf' ] | ||
Line 76: | Line 83: | ||
fi</pre> | fi</pre> | ||
=== Better-initramfs === | |||
Or use [https://bitbucket.org/piotrkarbowski/better-initramfs better-initramfs] with raid-1 mdadm support | Or use [https://bitbucket.org/piotrkarbowski/better-initramfs better-initramfs] with raid-1 mdadm support | ||
< | <console> | ||
###i## git clone git@bitbucket.org:piotrkarbowski/better-initramfs.git | |||
</console> | |||
This script is well documented at it's GitHub overview site (which displays the documentation from README.rst). | This script is well documented at it's GitHub overview site (which displays the documentation from README.rst). | ||
= Grub2 configuration = | == Grub2 configuration == | ||
Do not forget: | |||
<pre>enc_root=/dev/md0</pre> | |||
= Additional links = | = Additional links = |
Revision as of 17:02, August 3, 2014
This howto describes how to setup LVM and rootfs with cryptoLUKS-encrypted raid-1 over drive with GPT
Rootfs over encrypted lvm over raid-1 on GPT
To start read Rootfs over encrypted lvm
How to prepare the hard disk for GPT read Funtoo Linux Installation on GPT_Partitions.
For example, installing a new system on /dev/sdb
root # gdisk -l /dev/sdb GPT fdisk (gdisk) version 0.6.13 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Disk /dev/sdb: 625142448 sectors, 298.1 GiB Logical sector size: 512 bytes Disk identifier (GUID): 67AC0F92-E033-4B53-B6C5-D99DD8F49D90 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 625142414 Partitions will be aligned on 2048-sector boundaries Total free space is 3038 sectors (1.5 MiB) Number Start (sector) End (sector) Size Code Name 1 2048 206847 100.0 MiB 0700 Linux/Windows data 2 206848 207871 512.0 KiB EF02 BIOS boot partition 3 208896 625142414 298.0 GiB FD00 Linux RAID
If you plan to use a raid-1 for installing only one partition (/dev/sdb3 in example) and, if successful, later add more to the mirror, issue something like:
root # mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb3
If you prefer to add the two final destination devices to the array in the first place, issue something like:
root # mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda3 /dev/sdb3
If everything worked well, the arrays will start synchronising immediately. You can monitor this progress by looking at the contents of /proc/mdstat
:
root # cat /proc/mdstat Personalities : [raid1] [raid0] [raid6] [raid5] [raid4] md2 : active raid1 sdb5[1] sda5[0] 581595328 blocks [2/2] [UU] resync=DELAYED md1 : active raid1 sdb4[1] sda4[0] 41942976 blocks [2/2] [UU] [>....................] resync = 1.6% (691456/41942976) finish=8.9min speed=76828K/sec md0 : active raid1 sdb1[1] sda1[0] 511936 blocks [2/2] [UU] unused devices: <none> root #
Now, that's awesome, isn't it? :) Even more awesome is the fact that you can immediately start using your shiny new RAID. It will finish it's sync in the background while you do changes to its filesystem.
Encrypting the raid-1
root # cryptsetup -c aes-xts-plain luksFormat /dev/md0 root # cryptsetup luksOpen /dev/md0 dmcrypt_root
Initramfs setup and configuration
No initramfs
To activate the raid-1 during boot without an initramfs, perform:
echo "Activating RAID device." if [ ! -e '/etc/mdadm.conf' ] then echo "DEVICE /dev/sda[0-9] /dev/sdb[0-9] /dev/md[0-9]" > /etc/mdadm.conf mdadm --examine --scan --config=/etc/mdadm.conf >> /etc/mdadm.conf mdadm --assemble --scan fi
Better-initramfs
Or use better-initramfs with raid-1 mdadm support
root # git clone git@bitbucket.org:piotrkarbowski/better-initramfs.git
This script is well documented at it's GitHub overview site (which displays the documentation from README.rst).
Grub2 configuration
Do not forget:
enc_root=/dev/md0