how to LVM on RAID +encrypted /home partition

Asslamo 3likom wara7matt Allah ,

I was asked by spirula[www.spirulasystems.com] as the 1st task in my training program to finish these tasks

1-prepare a small p2/3 p.c  with 3 hard disks

2- make the 3 HDs as the following :

-The 1st one as the root system

– The other 2 hard disks are in raid0 {mirrored }

-Create a volume group on the raid

-create a /home partition encrypted logical volume

– add it to fstab to make it be mounted with the system start up

Now we will begin

Installing the system

-I used the Debian lenny net install cd .You can get it from here [http://www.debian.org/CD/netinst/]

-I will escape the installation part to make the topic more short but you can get the installation instructions from here [http://www.debian.org/releases/stable/i386/].For more short steps just use google and you will find many

RAID0 installation

-for more information about RAID .You can have a look at my post about it here [https://smartbasha.wordpress.com/2010/04/15/the-raid-technology/].It is totally quoted from its page on wikipedia

-Now the steps:

-apt-get update                                  #this will refresh the repositery

-apt-get upgrade                              #this will upgrade the installed packages

-apt-get install openssh-server  #I have to access the server remotely thats why i installed ssh

>Now I have hda formatted and have the / file system on it [including /home ].so I will begin working with hdb and hdc

-fdisk  /dev/hdb     #fdisk is the utitlity to edit the partition table for any H.D .Now I followed some steps and formatted the harddisk as 1 row partition{with no file system on it}

-fdisk /dev/hdc   #did the same with the 3rd H.D

>>Now I have to install mdadm .mdadm is the utitlity which we will use to initiate the raid array and create the raid0 .it has a previous name in old versions i dont remeber now

-apt-get install mdadm

>>now we have to create the raid0 array which contain hdb1 and hdc1 {the 2 partitions we got after fdisk the 2 H.Ds}

-mdadm -C /dev/md0 –level=raid0 –raid-devices=2 /dev/hdb1 /dev/hdc1

>>Lets check if it really worked and the system now has this array/no

-cat /proc/mdstat

>>we should have something like information about our raid array.Here we have successfully created the RAID part and have to go to the LVM part

LVM

pvcreate /dev/md0  #pvcreate initializes PhysicalVolume for later use by the Logical Volume
Manager (LVM).and told him to use md0

pvdisplay               #We should have here md0 listed

vgcreate vg0 /dev/md0

lvcreate –name homes –size 5G vg0  #now i have created a  logcial volume of 5 G.B using the vg0

Encryption

cryptsetup luksFormat /dev/vg0/homes                    #initializes a LUKS partition and sets the  initial  key,,we will be asked to enter a key to be used in the encryption
cryptsetup isLuks /dev/vg0/homes                   #this command for sorry I tried it with true and false arguments and in all times it give no answer .after search i found that the best way to make sure it was successed is to check its exit status

echo $?

>>it must give 0

cryptsetup luksOpen /dev/vg0/homes secureddev    #it creates a mapping to it as secureddev

dmsetup info secureddev             #get some info about

mkfs.ext3 /dev/mapper/secureddev     #format the encrypted volume with ext3 file system

mount -t ext3 /dev/mapper/secureddev /temp   #to mount it

>>ok,now i have to transfer all the /home to the new volume .

cp -rp /home/* /temp

>>final step is to make it be mounted with startup

>>After reading many articles about this I found this is the most simple here [http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile]

>>so ,I …………

cryptsetup luksAddKey /dev/vg0/[my_partition]    /etc/volume_key

>>now lets add this to the /etc/crypttab file

secureddev      /dev/vg0/homes  /etc/volume_key luks

>>then add this to /etc/fstab to make the system automatic mount it

/dev/mapper/secureddev  /home   ext3    defaults        0       2

>>now ,my task is done …rebooted ,tested ……every thinh is okay .thank you

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s