2
2
We have a Debian X64 server which has the following config. One single 512GB SSD, which has our OS and two 2.0TB HDD's which have data like attachments, etc.
The two 2.0 TB drives are in RAID-1 configuration. For security purposes, I would like to encrypt this RAID-1 setup. The thing I don't understand is, even the encrypted drive will require a key to decrypt. These are the two problems I am having :
- How to setup an encrypted RAID-1. I found a lot of stuff for RAID with LVM.
- Where and how will the key be stored for decrypting the drive.
Here is my raid config :
mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Tue Feb 2 16:35:52 2016
Raid Level : raid1
Array Size : 1953382336 (1862.89 GiB 2000.26 GB)
Used Dev Size : 1953382336 (1862.89 GiB 2000.26 GB)
Raid Devices : 2
Total Devices : 2
Persistence : Superblock is persistent
Update Time : Thu Feb 11 10:00:37 2016
State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Name : domain:0 (local to host domain)
UUID : e3750654:c7e1a24c:3f0a15b6:46f26d0d
Events : 22
Number Major Minor RaidDevice State
0 8 1 0 active sync /dev/sda1
1 8 17 1 active sync /dev/sdb1
Any help would be nice. Thank you.
Cannot do a fresh-install myself, server is located in different geographical region. Also, the OS does not boot from the drive/FS which I am planning to encrpyt. LVM with RAID sounds nice, I agree with that. I have already taken backup of the HD, so I can erase it. Can you tell me how I can proceed with RAID1-LVM. Thank you. – We are Borg – 2016-02-11T09:35:48.403
Thank you very much for the detailed information, I will go through the setup after some research on LVM. Is there some reason I cannot add entry for it in fstab, as the password is already entered, so by the time boot is complete, the drive must be available. – We are Borg – 2016-02-11T09:54:36.500
Just one thing, command cryptsetup is throwing an error, with unknwon option -u. Is something wrong with the command you gave? – We are Borg – 2016-02-11T13:47:42.933
I just used this command instead of that : cryptsetup -v luksFormat <device> . It worked then. Thank you so much for the detailed answer. Can you please format the text of commands properly, so other user's will find it easier. Thank you. – We are Borg – 2016-02-11T14:09:07.497