On 08/30/17 04:28, commentsab...@riseup.net wrote:
...
Here is a picture of what I'm trying to achieve:
https://imgur.com/a/DAM8D (the "Today" column).
I am trying to build a home backup system. The system (Debian Stretch)
will be on a SSD. For the time being, I only have one pair of HDDs (the
"Today" column in the picture) ; in the future (the "Future" column), I
would like to add other pairs of HDD to store other kind of data.
This backup system will only be turned on when needed, I don't plan on
using it as some sort of server or a NAS.
We are talking about software RAID1.
I would like everything to be encrypted (FDE), from the system (/ and
/swap) to the RAID1 drives.
Debian will be installed via a USB stick.
If possible, I would like to have different encryption keys for the
system and the various RAID1 pairs (in the "Future" column in the
picture, one for the system, one for "work", one for "family", one for
"misc"). So that I can give the system encryption passphrase, "family"
and "misc" ones to my wife and keep the "work" one for myself.
As stated in another mail of the thread, I'm a complete noob when it
comes to this kind of operations so I'm looking for a step by step ELI5
explanation (I have tried to use the Debian graphical installer to
achieve this but have failed because I was just messing around with the
options trying to figure out what to do).
For the sake of the discussion: here is the complete archive of this
thread
https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8
You'll notice that Joshua Schaeffer provided what seems to be a complete
solution but I have no idea how to go from "I have my computer with all
the drives plugged in, Debian installer on USB stick and I launched the
graphical installer" to "enter these commands into a terminal to achieve
what you are trying to do" :
https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ
Note: I am not criticizing Joshua's answer in any way, I am grateful for
it, I am just underlying (once again) the fact that I am a noob on this
topic :)
Thank you in advance for your help :)
CA
PS: at the time of my first mail, Stretch wasn't the "stable" release
yet (I have now updated the title from "Jessie" to "Stretch")
STFW you might find step-by-step instructions for something similar to
what you want, but this is Linux and the whole point is to learn enough
to do it yourself.
The most common Linux encryption technology is variously called LUKS and
dm-crypt. The command-line administration tool is cryptsetup(8).
There are at least two ways to do software RAID on Linux:
1. MD arrays -- the administration tool is mdadm(8).
2. LVM RAID -- the administration tool is lvm(8).
Start by STFW the underlying technologies:
https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
https://en.wikipedia.org/wiki/Mdadm
https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)
Then RTFM the tools:
https://linux.die.net/man/
If you want to combine encryption and RAID 1, you're going to need to
choose between encrypting one RAID volume or RAID'ing two encrypted
volumes. There are trade-off's either way. A primary consideration
will be whether or not you have a processor with AES-NI:
https://en.wikipedia.org/wiki/AES_instruction_set
Read up the links above and then post when you're ready.
David
