Re: Encrypted RAID1 for storage with Debian Jessie
On 19/04/2017 05:06, commentsabout@xxxxxxxxxx wrote:
Is there an easy way to attach several pair of RAID1 disks (with full
disk encryption) to a Debian Jessie system?
Here is a picture of what I'm trying to achieve: http://imgur.com/vF7IqX2
I am building a home backup system, I have different type of data to
backup (work, family, random stuff - hence the three pairs in the
picture). The system (Debian Jessie) will be on a USB key.
It's a backup system on a budget that I'd like to have up and running
within a couple of weeks, I know that ZFS (with FreeNAS for instance)
can achieve similar goals but it's out of budget ; I also know that work
is being done on BTRFS about encryption but it's not ready for prime
Always state the obvious so :
- the idea behind having the SYSTEM on a independent USB drive is to
have one independent piece to handle the boot and system operations
(that I can easily - and cheaply - mirror to have drop in replacement in
case of failure) and "DATA" drives are just "dumb" encrypted drives that
could be unplugged from the setup and mounted anywhere else ;
- the idea behind the RAID1 is to create redundancy, hence in case one
drive fails, be able to plug a new one in, would it be possible with
full disk encryption?
- this backup system will only be turned on when needed, I don't plan on
using it as some sort of server or a NAS.
Am I re-inventing the wheel here, is there a better, simpler solution to
achieve both redundancy and encryption ?
Thank you in advance for your help,
Hi, RAID1 and luks work well together, I have been using it for years.
I use luks on top of raid1, mdadm raid1 volumes get mounted first at
boot, then cryptsetup opens the luks containers. This way re-syncing or
replacing a failed disk never caused me trouble.
Performance-wise it's not the best solution, there is an overhead with
both raid1 (heavy writing can load up the system) and luks. With luks
encryption it depends on the cpu having acceleration for the cypher you
choose. Mine doesn't, but the overhead never disturbed normal operations
so I don't consider it a problem.
System on usb flash disks always caused me troubles, I use it only if
the system can be loaded in ram at boot time and the drive isn't used
for write operation. A low-end small SSD would be a far better option in
On my system all RAID1 are started at boot, then the luks volumes are
either opened at boot time, later when a user logs in via pam-mount, or
on-demand with scripts.
My BackupPC server runs with RAID1 + luks volumes too, no problems for
the past six years.
I use ext4 as my file-system. ext4 has built-in encryption capabilities
now, but I can't comment on it since I have no first hand experience.