Encrypted partition on a Soft RAID device using mdadm and cryptsetup(LUKS)
Hello Everyone,
I have been meaning to setup my backup server with an encrypted partition on a mirrored RAID1 device.
Ill be giving you guys a quick walk through on how to set this up under Debian/Ubuntu. (Other distros will be similar)
First you need 2 same size disks, I have 2x 2TB Seagate ST2000DL003
Installing mdadm & cryptsetup:
sudo apt-get update
sudo apt-get install mdadm cryptsetup
Find which disks we will be using:
sudo fdisk -l
note which drives you will be using, for me it was /dev/sdd and /dev/sde
Creating the raid device:
sudo mdadm --create /dev/md0 --chunk=4 --level=1 --raid-devices=2 /dev/sdd /dev/sde
In my case I used a chunk size of 4 bytes, raid level 1(mirroring)
Creating the cryptFS
sudo cryptsetup luksFormat /dev/md0
sudo cryptsetup luksOpen /dev/md0 secure
Creating the filesystem within your LUKS disk:
sudo mkfs.ext4 /dev/mapper/secure
Now all that's left is to mount the newly created disk:
sudo mkdir /media/secure
sudo mount /dev/mapper/secure /media/secure
Everyday use:
Opening and mounting
sudo cryptsetup luksOpen /dev/md0 secure
sudo mount /dev/mapper/secure /media/secure
Unmounting and closing
sudo umount /media/secure
sudo cryptsetup luksClose secure
I have put both of these into scripts so i can ./open_sec and ./close_sec