Re: raid1 with loop-aes | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Jan Klod wrote: > I created 2 equal sized partitions on separate disks: > > /dev/hda2 --aes--> /dev/loop1 > /dev/hdb4 --aes--> /dev/loop2 > > after copying some data to /dev/loop1, I used mdadm: > > mdadm --create /dev/md0 --level 1 --raid-devices=2 --auto=yes missing > /dev/loop1 > mkfs -t ext3 /dev/loop2 > mdadm --add /dev/md0 /dev/loop2 So, you had a file system on /dev/loop1 and then added that same device to /dev/md0, which overwrote part of your file system. I think you are setting up this the wrong way. 1) RAID1 /dev/md0 is smaller than its component devices. RAID1 superblock has to fit somewhere. 2) Your setup mirrors plaintext, and then encrypts both component devices separately. That is twice the encryption work compared to encrypt first, and then mirror ciphertext. Try something like this: mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hda2 /dev/hdb4 losetup -e AES128 -K /etc/foo.gpg /dev/loop1 /dev/md0 mkfs -t ext3 /dev/loop1 losetup -d /dev/loop1 mount -t ext3 /dev/md0 /mnt -o loop=/dev/loop1,encryption=AES128,gpgkey=/etc/foo.gpg umount /mnt -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/