This is an old revision of the document!
howto create a RAID array with LUKS encryption, madm RAID tools and LVM2
tested on debian squeeze
replace sdX and sdY with the hdd devices of your choice - choose careful!
run badblocks check or dd to overwrite all data with random bit patterns
badblocks -c 10240 -s -w -t random -v /dev/sdX badblocks -c 10240 -s -w -t random -v /dev/sdY
or slower and more secure:
dd if=/dev/urandom of=/dev/sdX dd if=/dev/urandom of=/dev/sdY
wait some hours or days..
some howtos suggest to run this step over the partitions, not the whole device.. unknown..
Create partitions on two devices
fdisk /dev/sdX .. fdisk /dev/sdY
Create the RAID array:
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdX1 /dev/sdY1
This creates a RAID 1. Choose a free device number for X in /dev/mdX
The device will be created and synchronization of the blocks starts. Check the sync progress and details of the array:
cat /proc/mdstat mdadm --detail /dev/md1
Encrypting the Block Devices
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/mdX
Unlocking the Block Devices
cryptsetup luksOpen /dev/mdX cryptname
the opened volume is available in /dev/mapper/cryptname after entering the correct passphrase
Create Logical Volume with Logical Volume Manager (LVM)
..if you like. read why, here: https://en.wikipedia.org/wiki/Logical_Volume_Manager_%28Linux%29#Common_uses
for example: you can combine two RAID arrays to appear as one drive:
pvcreate /dev/mapper/sharedstore ... vgcreate -v cryptvg /dev/mapper/cryptname
Check results:
pvscan vgdisplay
vgdisplay shows you the number of physical extents available in a volume group, e.g.: “Total PE 476931”. To use the complete volume group cryptvg for a logical volume, we tell lvcreate the number of extents to use.
lvcreate -l 476931 -n cryptvg cryptvg
This maps the new logical to device file: /dev/backup/cryptvg
Format the volume group:
mkfs.ext4 -L cryptvg /dev/cryptvg/cryptvg
Mount the volume group:
add a line to /etc/fstab to make it persistent:
/dev/backup/cryptvg /crypt xfs ikeep,noatime 0 0
References: