Re: Installing mdadm and C7 on new computer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Think he might have just missed the fact that you had EFI boot aswell. So then it would be:

/boot md0

/boot/EFI md1

/ md2 -> vg0 -> lvs

Otherwise it was more a suggestion on using encryption for more then just the /home partition since there is always a risk with SWAP etc to have information that you do not want to be read.

My current setup goes:

/dev/mapper/vg0-root               /
/dev/mapper/vg0-usr                /usr
/dev/nvme0n1p2                      /boot       <- this would be a md device in your case /dev/nvme0n1p1                       /boot/efi <- this would be a md device in your case
/dev/mapper/vg0-home             /home
/dev/mapper/vg0-var                 /var
/dev/mapper/vg0-tmp                 /tmp
/dev/mapper/vg0-var_tmp          /var/tmp
/dev/mapper/vg0-var_log            /var/log
/dev/mapper/vg0-var_log_audit  /var/log/audit

Note that we are most likely mixing data redundancy with data security a bit here. So as far as your plan to run a md device for each "partition" needed that is a sound and solid plan.

When it comes to encryption the point is that you might want to have more then just /home protected. But this is very dependent on your threat model. If you have a laptop encryption of all partitions is suggested.


On 2022-04-24 20:54, H wrote:
On 04/23/2022 09:19 PM, H wrote:
On 04/19/2022 09:57 AM, Roberto Ragusa wrote:
On 4/18/22 1:27 PM, H wrote:
I have a new computer with 2 x 2TB SSDs where I wanted to install C7 and use mdadm for RAID1 configuration and encrypting the /home partition. On the net I found which I adopted slightly with respect to partition sizes, using RAID1 for /boot and /root as well and added the /home partition with RAID1 and chose to have /home encrypted.
It may be a good idea to also have / and swap encrypted, since user data can go there easily
(logs, locatedb, swapped mem).

I would do:
- /boot as a separate RAID1 (md1=sda1+sdb1)
- then another RAID1 (md2=sda2+sdb2) using all the remaining disk
- luks on top of md2, giving you luks-xxxxx
- LVM with a PV on luks-xxxxx
- VG and LVs for swap, / and /home (do not assign all the available space now, especially if using xfs as filesystem)

Not sure if you can do this setup through the installer, you have to try (in a VM maybe).


Thank you. I will have time to get back to this system tomorrow to try this.

CentOS mailing list
Roberto, what would the advantage(s) be with your setup, ie one RAID1 array for everything but /boot compared to what I had done, ie three RAID1 arrays for /boot/efi RAID1, /boot RAID1 and one LVM-RAID1 for / and /home? As a naive user it would seem to me that the setup I did would be more resilient if a disk fails, or?

CentOS mailing list

Attachment: signature.asc
Description: OpenPGP digital signature

CentOS mailing list

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux