Discussion:
softraid+encryption+ubuntu = fail!
Steve Holdoway
2011-06-02 21:41:11 UTC
Permalink
This setup is for my favourite local charity, so input would be
gratefully received.

The idea is to have an unencrypted root partition so support people can
remote in via openvpn to get the rest of the systems ( KVM images on an
encrypted partition ) up and running in the event of a power, etc
failure, but still render the data useless in case of theft. To do this
we use a manually entered password to encrypt the partition.

For robustness, we're running this encrypted partition on a pair of raid
1 softraid disks.

Initial setup was done on 10.04 LTS and worked fine. Security upgrades
to 10.04.2 have made this a real mess, as the process requesting the
password no longer times out or actually talks to a physical device - so
it has to be killed off and manually started. I can probably get around
that with a noauto in the fstab, but that's not my real worry.

I'm trying to replicate the softraid/encryption configuration on another
server as a backup. It just will not install. I haven't any 10.04 alt
disks around, so used 10.04.2, and not 11.04. All fail. Manually
creating the encrypted disk works fine, but even with all of the
necessary bits in crypttab/fstab, the config is lost on reboot, and no
password is ever requested. I can find no answers, either in the logs or
google.

Does anyone have an idea as to what has changed / what is so terrible
about what I'm trying to do??

Cheers,


Steve
--
Steve Holdoway BSc(Hons) MNZCS <***@greengecko.co.nz>
http://www.greengecko.co.nz
MSN: ***@greengecko.co.nz
Skype: sholdowa
Bruce Kingsbury
2011-06-02 22:20:58 UTC
Permalink
I asked on #ubuntu about a similar setup, brand new ubuntu server 10.04.2
install with software raid1 on two drives, but it kept failing installing
grub on both. The usually helpful people on #ubuntu told me I should "go
back to windows", to which I said something that got me banned from the
channel for the rest of the week.

Ubuntu is borked. I've since set up that server and another similar one
using debian, which is probably what I should have done in the first place.
Post by Steve Holdoway
This setup is for my favourite local charity, so input would be
gratefully received.
The idea is to have an unencrypted root partition so support people can
remote in via openvpn to get the rest of the systems ( KVM images on an
encrypted partition ) up and running in the event of a power, etc
failure, but still render the data useless in case of theft. To do this
we use a manually entered password to encrypt the partition.
For robustness, we're running this encrypted partition on a pair of raid
1 softraid disks.
Initial setup was done on 10.04 LTS and worked fine. Security upgrades
to 10.04.2 have made this a real mess, as the process requesting the
password no longer times out or actually talks to a physical device - so
it has to be killed off and manually started. I can probably get around
that with a noauto in the fstab, but that's not my real worry.
I'm trying to replicate the softraid/encryption configuration on another
server as a backup. It just will not install. I haven't any 10.04 alt
disks around, so used 10.04.2, and not 11.04. All fail. Manually
creating the encrypted disk works fine, but even with all of the
necessary bits in crypttab/fstab, the config is lost on reboot, and no
password is ever requested. I can find no answers, either in the logs or
google.
Does anyone have an idea as to what has changed / what is so terrible
about what I'm trying to do??
Cheers,
Steve
--
http://www.greengecko.co.nz
Skype: sholdowa
_______________________________________________
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Robin Paulson
2011-06-02 22:49:57 UTC
Permalink
Post by Bruce Kingsbury
I asked on #ubuntu about a similar setup, brand new ubuntu server 10.04.2
install with software raid1 on two drives, but it kept failing
installing
grub on both. The usually helpful people on #ubuntu told me I should "go
back to windows", to which I said something that got me banned from the
channel for the rest of the week.
hmm, interesting. i had a similar problem with ubuntu failing (no raid
though) to install properly earlier this year - it would refuse to
install grub also, and not create an initrd file. i traced it to a
faulty CD drive in the end (thanks nevyn), although oddly the drive
worked fine for other purposes.

as an aside, it did mean i got to do a lot of problem-solving and
figured out how to create an initrd file manually, and how the scripts
for grub2 work. all useful i guess. that wouldn't happen with windows
--
robin

http://bumblepuppy.org/blog/?p=237 - government bill to remove basic
human rights in NZ

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Loading...