* mdadm will only start root device degraded @ 2017-08-07 7:51 Felix Koop 2017-08-11 18:00 ` Wols Lists 0 siblings, 1 reply; 6+ messages in thread From: Felix Koop @ 2017-08-07 7:51 UTC (permalink / raw) To: linux-raid Hello, I have the following problem: /dev/md2 is my root device. This is a raid1 device consisting of 2 partitions (sdg1 and sdf1). Booting in this configuration worked fine. When I decided to encrypt those partitions, I started to encrypt one of them (sdg1). Now the array always starts degraded with the encrypted sdg1 (cryptorootg) missing. I am asked during boot process for the password and the encrypted device is unlocked successfully. But the raid is not set up correctly. I have to run after every boot mdadm /dev/md2 --add /dev/mapper/cryptorootg and then device is sync'ing and working fine until next reboot. An entry in /etc/crypttab was created. What do I have to configure differently to have mdadm recognising the raid device correctly during boot? -- Mit freundlichen Grüßen Felix Koop fkoop@fkoop.de ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: mdadm will only start root device degraded 2017-08-07 7:51 mdadm will only start root device degraded Felix Koop @ 2017-08-11 18:00 ` Wols Lists 2017-08-12 9:20 ` Felix Koop 0 siblings, 1 reply; 6+ messages in thread From: Wols Lists @ 2017-08-11 18:00 UTC (permalink / raw) To: Felix Koop, linux-raid On 07/08/17 08:51, Felix Koop wrote: > Hello, > > I have the following problem: /dev/md2 is my root device. This is a > raid1 device consisting of 2 partitions (sdg1 and sdf1). Booting in > this configuration worked fine. > > When I decided to encrypt those partitions, I started to encrypt one of > them (sdg1). Now the array always starts degraded with the encrypted > sdg1 (cryptorootg) missing. I am asked during boot process for the > password and the encrypted device is unlocked successfully. But the > raid is not set up correctly. I have to run after every boot > > mdadm /dev/md2 --add /dev/mapper/cryptorootg > > and then device is sync'ing and working fine until next reboot. An > entry in /etc/crypttab was created. > > What do I have to configure differently to have mdadm recognising the > raid device correctly during boot? > > > Start again? I'm guessing md2 is a mirror, which means the raid code expects sdg1 and sdf1 to be identical. But you've now encrypted one of them, so they are not identical, which is why the raid keeps breaking on boot. I'm out of my depth here, but if you want to encrypt your raid, you need to encrypt the raid device itself (md2), not the component devices. (Or encrypt both component devices, such that your boot sequence will need to unlock them before the raid can assemble them.) Cheers, Wol ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: mdadm will only start root device degraded 2017-08-11 18:00 ` Wols Lists @ 2017-08-12 9:20 ` Felix Koop 2017-08-12 14:17 ` Reindl Harald 2017-08-12 17:25 ` Anthony Youngman 0 siblings, 2 replies; 6+ messages in thread From: Felix Koop @ 2017-08-12 9:20 UTC (permalink / raw) To: Wols Lists, linux-raid Hello Wol, thanks for trying to help me. Yes, md2 is a mirror. Initially it was a mirror of sdf1 and sdg1. Then I broke that mirror and reassembled/recreated it as a mirror of sdf1 and cryptorootg (which is the encrypted device sdg1). After the reassembly this worked fine until next reboot. cryprotrootg is unlocked during boot, but md2 is not reassembled. Is it correct that mirroring (or raid in general) does not work on encrypted devices? If so, why? -- Mit freundlichen Grüßen Felix Koop Am Freitag, den 11.08.2017, 19:00 +0100 schrieb Wols Lists: > On 07/08/17 08:51, Felix Koop wrote: > > Hello, > > > > I have the following problem: /dev/md2 is my root device. This is a > > raid1 device consisting of 2 partitions (sdg1 and sdf1). Booting in > > this configuration worked fine. > > > > When I decided to encrypt those partitions, I started to encrypt > > one of > > them (sdg1). Now the array always starts degraded with the > > encrypted > > sdg1 (cryptorootg) missing. I am asked during boot process for the > > password and the encrypted device is unlocked successfully. But the > > raid is not set up correctly. I have to run after every boot > > > > mdadm /dev/md2 --add /dev/mapper/cryptorootg > > > > and then device is sync'ing and working fine until next reboot. An > > entry in /etc/crypttab was created. > > > > What do I have to configure differently to have mdadm recognising > > the > > raid device correctly during boot? > > > > > > > > Start again? I'm guessing md2 is a mirror, which means the raid code > expects sdg1 and sdf1 to be identical. But you've now encrypted one > of > them, so they are not identical, which is why the raid keeps breaking > on > boot. > > I'm out of my depth here, but if you want to encrypt your raid, you > need > to encrypt the raid device itself (md2), not the component devices. > > (Or encrypt both component devices, such that your boot sequence will > need to unlock them before the raid can assemble them.) > > Cheers, > Wol ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: mdadm will only start root device degraded 2017-08-12 9:20 ` Felix Koop @ 2017-08-12 14:17 ` Reindl Harald 2017-08-12 17:25 ` Anthony Youngman 1 sibling, 0 replies; 6+ messages in thread From: Reindl Harald @ 2017-08-12 14:17 UTC (permalink / raw) To: Felix Koop, Wols Lists, linux-raid Am 12.08.2017 um 11:20 schrieb Felix Koop: > Hello Wol, > > thanks for trying to help me. > > Yes, md2 is a mirror. Initially it was a mirror of sdf1 and sdg1. Then > I broke that mirror and reassembled/recreated it as a mirror of sdf1 > and cryptorootg (which is the encrypted device sdg1). After the > reassembly this worked fine until next reboot. cryprotrootg is unlocked > during boot, but md2 is not reassembled. > > Is it correct that mirroring (or raid in general) does not work on > encrypted devices? If so, why? as already said it makes no sense to encrypt the underlying device - frankly in case of a mirror even if it works what is the point to encrypt twice instead raid -> luks which first encrypts the data and then write the already encrypted data to both mirrors ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: mdadm will only start root device degraded 2017-08-12 9:20 ` Felix Koop 2017-08-12 14:17 ` Reindl Harald @ 2017-08-12 17:25 ` Anthony Youngman 2017-08-14 5:18 ` Felix Koop 1 sibling, 1 reply; 6+ messages in thread From: Anthony Youngman @ 2017-08-12 17:25 UTC (permalink / raw) To: Felix Koop, linux-raid On 12/08/17 10:20, Felix Koop wrote: > Hello Wol, > > thanks for trying to help me. > > Yes, md2 is a mirror. Initially it was a mirror of sdf1 and sdg1. Then > I broke that mirror and reassembled/recreated it as a mirror of sdf1 > and cryptorootg (which is the encrypted device sdg1). After the > reassembly this worked fine until next reboot. cryprotrootg is unlocked > during boot, but md2 is not reassembled. > > Is it correct that mirroring (or raid in general) does not work on > encrypted devices? If so, why? > The thing is, which happens first in the boot sequence? Unlocking the crypto, or assembling the mirror? Because if the boot attempts to assemble the mirror before it unlocks the crypto, this is going to cause exactly the scenario you describe. Cheers, Wol ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: mdadm will only start root device degraded 2017-08-12 17:25 ` Anthony Youngman @ 2017-08-14 5:18 ` Felix Koop 0 siblings, 0 replies; 6+ messages in thread From: Felix Koop @ 2017-08-14 5:18 UTC (permalink / raw) To: Anthony Youngman, linux-raid > The thing is, which happens first in the boot sequence? Unlocking > the > crypto, or assembling the mirror? Because if the boot attempts to > assemble the mirror before it unlocks the crypto, this is going to > cause > exactly the scenario you describe. > OK, I understand. But then: Where is the order of the boot sequence defined? How do I change the order of the boot sequence? How do I make sure that assembling the mirror is done after unlocking the crypto? -- Mit freundlichen Grüßen Felix Koop fkoop@fkoop.de ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-08-14 5:18 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-08-07 7:51 mdadm will only start root device degraded Felix Koop 2017-08-11 18:00 ` Wols Lists 2017-08-12 9:20 ` Felix Koop 2017-08-12 14:17 ` Reindl Harald 2017-08-12 17:25 ` Anthony Youngman 2017-08-14 5:18 ` Felix Koop
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.