Debian RAID 5 + Encryption
This is a little summary about what I did to create an encrypted RAID 5 device on my file server.
First of all I had to install mdadm and cryptsetup.
apt-get install mdadm cryptsetup
The next step is to create the RAID 5, this is an example of my configuration.
mdadm –-create /dev/md0 –-level=5 -–raid-disks=3 /dev/sdb /dev/sdc /dev/sdd
Now it’s time for the encryption, I’ll call my encrypted RAID 5 device raid1 because I will have 2 raids. You can name it as you like.
cryptsetup create -c twofish-cbc-essiv:sha256 raid1 /dev/md0
The filesystem is still missing. (If you have Debian Lenny, you have to use ext4dev for ext4. More information about it here.)
mke2fs -t ext4 /dev/mapper/raid1
That’s all, now mount it.
mount /dev/mapper/raid1 /media/raid1
If you need to close the container, use the following commands (remember, these are my settings, yours may be different).
umount /media/raid1 cryptsetup remove raid1 /dev/md0
You have to recreate the cryptodrive on every reboot. You have to use exact the same password! There is no message like “wrong password”.
I wrote a little shell script to make it easier. Content of mount_raid.sh:
cryptsetup create -c twofish-cbc-essiv:sha256 raid1 /dev/md0 mount /dev/mapper/raid1 /media/raid1
Just to mention, these two German blogs helped me a lot to get started: