Set Up A Fully Encrypted Raid1 LVM System (Lenny) - Page 5

Step 15: Setting up the encrypted devices

Back at the main partition screen, select now to configure the encrypted volumes

The changes made sofar must be written to the disk:

You will get a warning, just continue:

Then you are asked to earse the MD1 device:

Then you are asked to earse the MD2 device:

Then you are asked to earse the MD3 device:

Now you're asked to enter the password for MD2:

Confirm it:

Because it's just a "test" setup for me in the vm I just used "test" as password. Now I'm warned that it's weak. Consider, in a real setup you want to use a strong password. I recommend at least 15 charachters, small letter, capital letters, numbers:

Now you're asked to enter the password for MD3:

Confirm it:

Again the warning of a weak password:

 

Step 16: Setting up the encrypted root partition

Back at the main partition screen, select now md2_crypt partition to setup the encrypted root:

It is already marked as Ext3. If you want a different filesystem, select another one. If not, select the mount location:

Select it to be "/":

And you're done with this one:

 

Step 17: Setting up the encrypted data partition

Back at the main partition screen, select now md3_crypt partition to setup the encrypted data partition:

Select "Use as" to change the filesystem:

Select it to be LVM:

And you're done with this one:

Share this page:

7 Comment(s)

Add comment

Comments

From: Anonymous at: 2008-12-11 12:18:19

Isn't the order wrong?


1. 2 RAID (/boot and 1 for LVM)


2. LVM


3. encryption on LVM partitions

From: schrapp at: 2008-12-22 23:27:14

just today i set up a new server in a similar way. i did 2 things differently:


 1) install the second drive right away and add it to the raid during debian setup with partman. that way you don't have to add it manually later on.


 2) create just 2 raids. one for /boot and one that takes up the rest of the space. create a crypto device on top of that, that takes all of the available space as well. then add the resulting crypto mapper to a logical volume group and create your logical volumes with mount points (/, /home, /tmp, /var, ...). that way, you only have one encrypted device (therefore only one password). when using LVM imho there is no reason to create more than one underlying partition, unless you're adding a new physical device to an existing setup.

From: at: 2009-01-23 08:54:34

There are many ways to make a setup. I did think about it quite some time, did research on what file systems to use where... did consider whether to use encryption-->lvm or lvm-->encryption.


After carefull consideration I just came to the conclusion that I prefer this setup more. I do want to have independant root and only the actualy data on the lvm. Hence I chose that approach.


There's no right/wrong here. Just think of the consequences of your choices and what suits you the most.

From: ruipedroca at: 2009-03-08 14:51:29

Hi,


 I think your guide is great, good job!


Just a note: in the beggining fo this guide you say Ubuntu 8.04 and 8.10 wouldn't do the job, but at least the alternate 8.04.1 Desktop CD does, because I've already tried it (both RAID1 and encription, but not at the same time in the same OS installation) and it works.
However, you must perform some after installation steps (install GRUB boot-loader on second drive andupdate startup script to detect a failed drive).
I've followed this guide:
https://help.ubuntu.com/community/Installation/SoftwareRAID 


I'd like to thank you for the screenshots, that make your guide a breeze to follow! :)

From: Richard Williams at: 2010-03-19 15:35:41

I've just built a new Linux (Debian Lenny) server using a motherboard with hardware RAID.  Trouble is, it only has Windows RAID drivers, so I've had to use a software RAID.  I couldn't have done so easily without this article.

From: Shnifti at: 2011-12-26 16:36:57

I did both ways: creating raid right in the debian installer partman and also the other with adding second drive to a degraded raid after installation. (using debian squeeze)


So my setup is like


(I have md0 as a raid 5, doesnt matter for now) 


 /dev/md1 for /boot as ext2


/dev/md2  > crypt > vg_debian > lv_root, lv_home, lv_var > filesystems (ext4/xfs)


 In both ways I am the  getting the frequent kernel message:


bio too big device /dev/md2 (248 > 240)


 I have no clue what that might mean. Google doesnt show up so much results. But after reading trought some lists I am quite feared of facing data corruption.


I am using an compact flash card 8g on IDE port and an usb drive 8gb. Anyways they differ in size so I set up system with the USB drive (smaller) and later copied the partition table to the sd card. Maybe the problem is resulting from there.


Somebody might has an idea? What can I do? Is this kind of setup practical even setup, like everything nested (raid,crypt,lvm)?


best regards! Ben


From: tuxware at: 2014-09-29 15:10:53

Could you please post your /etc/fstab and your grub menu.lst? Would be a great help as I am having trouble booting my new raid system.