top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Best configuration for encrypted software RAID 1 on CentOS

0 votes
384 views

I'm setting up a computer with CentOS 6.4 and a mirrored software
RAID. I would like it to be encrypted so I was wondering what the best
configuration is. The only info I could find is
http://lists.centos.org/pipermail/centos-docs/2008-October/001912.html
but it appears to be a bit old and the info on the wiki (
http://wiki.centos.org/HowTos/EncryptTmpSwapHome ) doesn't seem to
address RAIDs.

My main question is will it be better to encrypt the RAID itself or
the two partitions used by the RAID? Any other things I should be
aware of?

posted May 15, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

This depends on your use-case. Personally, I want my servers to be able
to boot headless, so I leave /boot, and / unencrypted, RAID or
not. Then I encrypt the LV (or partition) I am going to put data I care
about on. I don't think there is any benefit to encrypting the
partitions behind the MD device as it won't be able to form until you
decrypt the devices. I'd keep crypt on the resulting /dev/mdX, at the
lowest.

answer May 15, 2013 by anonymous
Similar Questions
+1 vote

Can anyone point me to a good tutorial on Software Raid in Fedora? I want to use larger drive sizes than the hardware RAID will support!

+4 votes

For example, if I have RAID size of 10TB but my data is 12TB, then how can I make use of the RAID and if so how?

+1 vote

Please explain in simple language, if possible then in layman's terms. I want to understand only basics not in deep.

0 votes

I have a kvm host and I try to install a centos 6 guest with a static ip address.

When I do a manual install I eventually get to the network configuration and if I enter IP, gateway and DNS Server I can ping6 the guest from the host and I can ping6 the guest from outside.

I do not want to do manual installation, so I have to specify a url to a kickstart file, but to download it the network must be configured. I try some kernel options

noipv4 ipv6=... gateway=... dns=... ks=http…

This gets me so far that I can ping6 the guest from the host, but I can not reach it from outside. When I ping from outside I see the guest sending neighbor solicitation requests for the IP I ping from, but this IP is in another network. I think the guest does not get a gateway configured. At least the ipv6 option is working, because I can ping the guest from the host.

How do I achieve such a ipv6 only with static network configuration kickstart install? How to specify ipv6 gateway (and possibly dns)

...