[wplug] Help deciding a RAID+LVM+LUKS setup

Pat Barron pat at lectroid.com
Mon Jul 22 00:47:12 EDT 2013 

On 07/21/2013 11:30 PM, Justin Smith wrote:
> I also want to redo my disks with dm-crypt+LUKS to keep everything secure.
You should consider whether you really need dm-crypt/LUKS.  What it 
really protects you against is having someone gain physical possession 
of your machine (whether by theft, or inadvertent loss, or seizure by 
the authorities, or whatever....), and thereby getting access to your 
data.  We use it for Linux laptops at work, because laptops move around 
a lot and are sometimes lost or stolen.  But it doesn't help you much on 
a server type machine, unless you're concerned about losing possession 
of it; it doesn't offer you any protection against someone getting into 
the machine by exploiting a vulnerability or something, and accessing 
your data that way.  If you were to encrypt the OS drive (which I know 
you said you weren't planning on), one thing you need to consider with 
LUKS is that you lose the ability to reboot your machine remotely 
(unless you have some kind of remote console setup that is separate from 
your actual server).  Because you have to type the LUKS passphrase at 
the console whenever you reboot.  So that can get kind of annoying if 
you do much remote administration.  If you're just using it for data 
disks, in order to really benefit from it you'll need to make sure to 
unmount your encrypted filesystems and clear the keys out of memory 
while they're not in active use.

> But which level of RAID should I use? The horror stories about RAID 5 are
> unnerving; on the other hand, I probably don’t have enough drive slots to
> have a RAID 10 array of any appreciable capacity unless I remove the 2TB
> drive and buy a quartet of 3 or 4 TB drives. How shall I put this.../that’s
> expensive/.
I've never had any issues with RAID 5 myself; it's saved my bacon more 
than once.  I'm a big fan of hardware RAID, because it doesn't matter 
what OS you're running, and the controller just deals with managing the 
RAID itself - you can pull a failed drive and replace it, and the 
controller rebuilds the parity all by itself, the OS doesn't even know 
anything's happening.  But you're right, if you ever think you might 
want to swap out your disk controller with a different one, you get to 
dump/restore all your data, because one vendor's controller won't 
typically recognize the RAID structure created by some other vendor's 
controller.

I've run systems with RAID 10, though I have to admit I have kind of a 
moral issue with giving up half my disk space for the mirroring.

--Pat.

More information about the wplug mailing list