Ubuntu
cryptsetup package

Bug #908387
Comment #5

Comment 5 for bug 908387

Revision history for this message

xor (xor) wrote on 2012-03-19:

This also applies to encrypted root using the following configuration chosen during 11.10 setup:

- Partition disks - manual:
sda:
  new partition table: yes
  parititions sorted by position on disk:
   partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
   partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
   partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
sdb:
  new partition table: yes
  parititions sorted by position on disk:
   partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
   partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
   partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
sdc:
  new partition table: yes
  parititions sorted by position on disk:
   partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
   partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
   partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off

select "Configure software RAID":
Create MD device - RAID1, active devices: 3, spare devices: 0, using the 4GB disks: sda2, sdb2, sdc2
Create MD device - RAID5, active devices: 3, spare devices: 0, using the 3TB disks: sda3, sdb3, sdc3

back to partitioning menu, now configure the raid devices' usage:
under "RAID1 device #0 (4GB)" select part "#1 4.0GB":
use as: ext3, mount point: /boot, mount options: noatime, label: none, reserved block: 5%, typical usage: standard

RAID5 device #1, configure "#1 6.0TB":
use as: physical volume for encryption,

encryption parameters - leave those at default if you are no mathematician:
encryption method: device-mapper (dm-crypt), encryption: aes, key size: 256, iv algorithm: cbc-essiv:sha256, encryption key: passphrase, erasa data: NO if disks were randomized before, YES otherwise

select "Configure encrypted volumes:"
select "Create encrypted volumes" - devices to encrypt: /dev/md1
now select "Finish" and enter the passphrase when asked

back to the partitioning menu again:
NOW notice the follwing bug in the partitioner: the ext3 raid device for "/boot" is NOT marked as being used for "/boot" anymore!
- correct its parameters, now you must also set "Format the partition: yes" because it was formated before when we first configured it and we want it to be clean.

under "Enccrypted volume (md1_crypt)" select part "#1 6.0TB":
use as: xfs, mount point: /, mount options: noatime, label: none

finish partitioning and write changes to disk. boot the system when the raid becomes degraded: yes. return to the partitioning menu to create swap: no. write changes to disk: yes.

This also applies to encrypted root using the following configuration chosen during 11.10 setup:

- Partition disks - manual:
	sda:
		new partition table: yes
		parititions sorted by position on disk:
			partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
			partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
			partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
	sdb:
		new partition table: yes
		parititions sorted by position on disk:
			partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
			partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
			partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
	sdc:
		new partition table: yes
		parititions sorted by position on disk:
			partition 1 - 1GB, Name: <empty>, Use as: Reserved BIOS boot area, Bootable flag: off
			partition 2 - 4GB, Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off
			partition 3 - remaining space (3TB), Name: <empty>, Use as: Physical Volume for raid, Bootable flag: off

select "Configure software RAID":
		Create MD device - RAID1, active devices: 3, spare devices: 0, using the 4GB disks: sda2, sdb2, sdc2
		Create MD device - RAID5, active devices: 3, spare devices: 0, using the 3TB disks: sda3, sdb3, sdc3

back to partitioning menu, now configure the raid devices' usage:
		under "RAID1 device #0 (4GB)" select part "#1 4.0GB":
				use as: ext3, mount point: /boot, mount options: noatime, label: none, reserved block: 5%, typical usage: standard

RAID5 device #1, configure "#1 6.0TB":
				use as: physical volume for encryption,
				
				encryption parameters - leave those at default if you are no mathematician: 
					encryption method: device-mapper (dm-crypt), encryption: aes, key size: 256, iv algorithm: cbc-essiv:sha256, encryption key: passphrase, erasa data: NO if disks were randomized before, YES otherwise

select "Configure encrypted volumes:"
			select "Create encrypted volumes" - devices to encrypt: /dev/md1
			now select "Finish" and enter the passphrase when asked

back to the partitioning menu again:
		NOW notice the follwing bug in the partitioner: the ext3 raid device for "/boot" is NOT marked as being used for "/boot" anymore!
		- correct its parameters, now you must also set "Format the partition: yes" because it was formated before when we first configured it and we want it to be clean.

under "Enccrypted volume (md1_crypt)" select part "#1 6.0TB":
			use as: xfs, mount point: /, mount options: noatime, label: none

finish partitioning and write changes to disk. boot the system when the raid becomes degraded: yes. return to the partitioning menu to create swap: no. write changes to disk: yes.

Ubuntucryptsetup package

Comment 5 for bug 908387

Ubuntu
cryptsetup package