Hello, Thank you for your answer.
On 2017-08-31 03:56, David Christensen wrote: > On 08/30/17 04:28, commentsab...@riseup.net wrote: > ... >> Here is a picture of what I'm trying to achieve: >> https://imgur.com/a/DAM8D (the "Today" column). >> >> I am trying to build a home backup system. The system (Debian Stretch) >> will be on a SSD. For the time being, I only have one pair of HDDs (the >> "Today" column in the picture) ; in the future (the "Future" column), I >> would like to add other pairs of HDD to store other kind of data. >> >> This backup system will only be turned on when needed, I don't plan on >> using it as some sort of server or a NAS. >> >> We are talking about software RAID1. >> >> I would like everything to be encrypted (FDE), from the system (/ and >> /swap) to the RAID1 drives. >> >> Debian will be installed via a USB stick. >> >> If possible, I would like to have different encryption keys for the >> system and the various RAID1 pairs (in the "Future" column in the >> picture, one for the system, one for "work", one for "family", one for >> "misc"). So that I can give the system encryption passphrase, "family" >> and "misc" ones to my wife and keep the "work" one for myself. >> >> As stated in another mail of the thread, I'm a complete noob when it >> comes to this kind of operations so I'm looking for a step by step ELI5 >> explanation (I have tried to use the Debian graphical installer to >> achieve this but have failed because I was just messing around with the >> options trying to figure out what to do). >> >> For the sake of the discussion: here is the complete archive of this >> thread >> https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8 >> >> You'll notice that Joshua Schaeffer provided what seems to be a complete >> solution but I have no idea how to go from "I have my computer with all >> the drives plugged in, Debian installer on USB stick and I launched the >> graphical installer" to "enter these commands into a terminal to achieve >> what you are trying to do" : >> https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ >> >> Note: I am not criticizing Joshua's answer in any way, I am grateful for >> it, I am just underlying (once again) the fact that I am a noob on this >> topic :) >> >> Thank you in advance for your help :) >> >> CA >> >> PS: at the time of my first mail, Stretch wasn't the "stable" release >> yet (I have now updated the title from "Jessie" to "Stretch") > > STFW you might find step-by-step instructions for something similar to > what you want, but this is Linux and the whole point is to learn > enough to do it yourself. I did, I couldn't find anything extensive enough. I'm not asking "just tell me what to do", I'm asking "people have undoubtedly already done that, please share your experience with me, tell we what to do and explain me what I'm doing". If I wanted to get something working out the box, or somebody doing the work for me, I just would have purchased a Synology or the likes. As you said, this is Linux, and part of the cake is its community. > The most common Linux encryption technology is variously called LUKS > and dm-crypt. The command-line administration tool is cryptsetup(8). > > There are at least two ways to do software RAID on Linux: > > 1. MD arrays -- the administration tool is mdadm(8). > 2. LVM RAID -- the administration tool is lvm(8). > > Start by STFW the underlying technologies: > > https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup > > https://en.wikipedia.org/wiki/Mdadm > > https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux) > > Then RTFM the tools: > > https://linux.die.net/man/ > > If you want to combine encryption and RAID 1, you're going to need to > choose between encrypting one RAID volume or RAID'ing two encrypted > volumes. There are trade-off's either way. A primary consideration > will be whether or not you have a processor with AES-NI: > > https://en.wikipedia.org/wiki/AES_instruction_set I don't : https://ark.intel.com/products/78867/Intel-Celeron-Processor-J1900-2M-Cache-up-to-2_42-GHz So, what would be the most efficient? I guess that encrypting one drive and having the other one blindly copying every bit is the proper method. Does it have any impact on the reliability of the setup? If the "system" ssd fails, would I be able to reinstall Debian on a new drive and plug the RAID drives in a plug-and-play fashion? Should I care about the "system" redundancy? Are the encryption keys stored on the "system" drive or on the RAID drives (one of them, both?) ? > Read up the links above and then post when you're ready. I am all for the RTFM approach nevertheless, this is like telling someone who is trapped in a nuclear facility with leaking hazardous material and asking for a way out : "here are the blueprints for the facility, the 1200 pages `The Art of Electronics` book, and a playlist of defcon talks about lockpicking, call us back when you're all set, if you prove you can hack the lock, we'll give you the code to get out". I have been juggling with bash scripts and USB keys in order to create some sort of backup on the cheap for my work documents. I do not want to risk to screw it up, I want to do it right on the first try and have something future proof in my hands and perhaps, more importantly, have it up and running before my juggling fails me. CA
