{"id":393,"date":"2018-08-23T14:20:12","date_gmt":"2018-08-23T12:20:12","guid":{"rendered":"https:\/\/www.gonscak.sk\/?p=393"},"modified":"2018-08-23T14:27:59","modified_gmt":"2018-08-23T12:27:59","slug":"encrypted-lvm-partition-on-software-raid-1-with-mdadm","status":"publish","type":"post","link":"https:\/\/www.gonscak.sk\/?p=393","title":{"rendered":"Encrypted LVM partition on software raid-1 with mdadm"},"content":{"rendered":"<p>At another post <a href=\"https:\/\/www.gonscak.sk\/?p=201\">https:\/\/www.gonscak.sk\/?p=201<\/a> I posted how to create raid1 software raid with mdadm in linux. Now I tried to add a crypted filesystem to this.<\/p>\n<p>First, check, that we have working software raid:<\/p>\n<pre>sudo mdadm --misc --detail \/dev\/md0\r\n\r\n\/dev\/md0:\r\n           Version : 1.2\r\n     Creation Time : Wed Aug 22 09:34:23 2018\r\n        Raid Level : raid1\r\n        Array Size : 1953381440 (1862.89 GiB 2000.26 GB)\r\n     Used Dev Size : 1953381440 (1862.89 GiB 2000.26 GB)\r\n      Raid Devices : 2\r\n     Total Devices : 2\r\n       Persistence : Superblock is persistent\r\n     Intent Bitmap : Internal\r\n       Update Time : Thu Aug 23 14:18:50 2018\r\n             State : active \r\n    Active Devices : 2\r\n   Working Devices : 2\r\n    Failed Devices : 0\r\n     Spare Devices : 0\r\nConsistency Policy : bitmap\r\n              Name : gw36:0  (local to host gw36)\r\n              UUID : ded4f30e:1cfb20cb:c10b843e:df19a8ff\r\n            Events : 3481\r\n    Number   Major   Minor   RaidDevice State\r\n       0       8       17        0      active sync   \/dev\/sdb1\r\n       1       8       33        1      active sync   \/dev\/sdc1<\/pre>\n<p>Now, we synced drives and clean. It is time to encrypt.\u00a0 If we have not loaded modules for encryption, load it:q<\/p>\n<pre><code class=\"sh\"><span class=\"line\">modprobe<\/span><\/code> dm-crypt<\/pre>\n<p>Now create the volume with passphrase:<\/p>\n<pre>sudo cryptsetup --cipher=aes-xts-plain --verify-passphrase --key-size=512 luksFormat \/dev\/md0<\/pre>\n<p>And we can open it:<\/p>\n<pre>sudo cryptsetup  luksOpen \/dev\/md0 cryptdisk<\/pre>\n<p>Now we can create as many times a physical volume, volume group and logical volume.<\/p>\n<pre>sudo pvcreate \/dev\/mapper\/cryptdisk\r\nsudo vgcreate raid1 \/dev\/mapper\/cryptdisk\r\nsudo lvcreate --size 500G --name lv-home raid1\r\n\r\nsudo pvs\r\n  PV                     VG        Fmt  Attr PSize    PFree\r\n  \/dev\/mapper\/cryptdisk  raid1     lvm2 a--    &lt;1,82t 1,33t\r\nsudo vgs\r\n  VG        #PV #LV #SN Attr   VSize    VFree\r\n  raid1       1   1   0 wz--n-   &lt;1,82t 1,33t\r\nsudo lvs\r\n  LV      VG        Attr       LSize\r\n  lv-home raid1     -wi-ao---- 500,00g           \u00a0\r\n<\/pre>\n<p>Next, we create a filesystem on this logical volume:<\/p>\n<pre>sudo mkfs.ext4 \/dev\/mapper\/raid1-lv--home<\/pre>\n<p>And we can mount it:<\/p>\n<pre>sudo mount \/dev\/mapper\/raid1-lv--home crypt-home\/<\/pre>\n<p>Now we have an encrypted partition (disk) for our home directory.<\/p>\n ","protected":false},"excerpt":{"rendered":"<p>At another post https:\/\/www.gonscak.sk\/?p=201 I posted how to create raid1 software raid with mdadm in linux. Now I tried to add a crypted filesystem to this. First, check, that we have working software raid: sudo mdadm &#8211;misc &#8211;detail \/dev\/md0 \/dev\/md0: Version : 1.2 Creation Time : Wed Aug 22 09:34:23 2018 Raid Level : raid1 &hellip; <a href=\"https:\/\/www.gonscak.sk\/?p=393\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Encrypted LVM partition on software raid-1 with mdadm<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,59],"tags":[98,97,51,44,46],"class_list":["post-393","post","type-post","status-publish","format-standard","hentry","category-centos","category-ubuntu","tag-crypt","tag-luks","tag-lvm","tag-mdadm","tag-raid1"],"_links":{"self":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=393"}],"version-history":[{"count":4,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/393\/revisions"}],"predecessor-version":[{"id":397,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/393\/revisions\/397"}],"wp:attachment":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}