Encrypted partition on a Soft RAID device using mdadm and cryptsetup(LUKS)

Hello Everyone,

I have been meaning to setup my backup server with an encrypted partition on a mirrored RAID1 device.
Ill be giving you guys a quick walk through on how to set this up under Debian/Ubuntu. (Other distros will be similar)

First you need 2 same size disks, I have 2x 2TB Seagate ST2000DL003

mdadm manpage

Installing mdadm & cryptsetup:

sudo apt-get update
sudo apt-get install mdadm cryptsetup

Find which disks we will be using:

sudo fdisk -l

note which drives you will be using, for me it was /dev/sdd and /dev/sde

Creating the raid device:

sudo mdadm --create /dev/md0 --chunk=4 --level=1 --raid-devices=2 /dev/sdd /dev/sde

In my case I used a chunk size of 4 bytes, raid level 1(mirroring)

Creating the cryptFS

sudo cryptsetup luksFormat /dev/md0
sudo cryptsetup luksOpen /dev/md0 secure

Creating the filesystem within your LUKS disk:

sudo mkfs.ext4 /dev/mapper/secure

Now all that's left is to mount the newly created disk:

sudo mkdir /media/secure
sudo mount /dev/mapper/secure /media/secure

Everyday use:

Opening and mounting

sudo cryptsetup luksOpen /dev/md0 secure
sudo mount /dev/mapper/secure /media/secure

Unmounting and closing

sudo umount /media/secure
sudo cryptsetup luksClose secure

I have put both of these into scripts so i can ./open_sec and ./close_sec