The officially official Devuan Forum!

You are not logged in.

#1 2018-08-19 19:36:29

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,500  

LVM and/or RAID with refractainstaller

The cli version of refractainstaller has a couple of characteristics that make it possible to use it in non-standard ways.
1. You have to type in the device name when choosing partitions.
2. The installer pauses before installing the bootloader. This allows you to chroot the installed system to make changes manually.

While lvm and raid are not explicitly supported by the installer, it is possible to do either or both. Here are some examples. These examples use /dev/sda and /dev/sdb. You must change that if you use different drives.

In all cases, I installed the grub bootloader to the mbr of /dev/sda.

Important note regarding encryption: If you encrypt a raid array or lvm and your root partition or home partition is contained within that volume, tell the installer "no" when it asks if you want to encrypt that partition.

INSTALL TO RAID1 (mirrored)

Partitioning
There are several ways to do this. You can create the array from whole disks (/dev/sda and /dev/sdb) or you can create it from two partitions (/dev/sda1 and /dev/sdb1). If you use whole disks, there will be no room at the beginning of the disk for grub, and you will need another disk for the bootloader. Also, if you use whole disks, you can then partition the array, and you will use partitions like /dev/md0p1, /dev/md0p2 during the installation.

For this example, partition two disks with at least one partition on each. Make them the same size. You can use either gpt or msdos partition tables. If you have uefi hardware, you need an efi partition somewhere. We'll install the whole system into one partition.

(Note: gpt with bios boot requires an unformatted partition, at least 1MB in size with bios_grub flag, or ef02)

(Note 2: refractainstaller can only recognize separate /boot, /home and / (root) partitions. There's a way to have more, but I haven't tested it with this. See /etc/refractainstaller.conf.)

(Note 3: refractainstaller asks for a partition and then tests to see that it ends in a non-zero digit. That means if you call your array /dev/md0 and try to use that as a single partition, it will fail. Call it /dev/md1 instead.

Create the raid (use the partitions, not the whole device.)

mdadm --create --verbose /dev/md1 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
cat /proc/mdstat   # this is just to let you see that it worked

Run refractainstaller (please use the -d option for a better error log)

refractainstaller -d

The installer will ask where to put the operating system. Enter /dev/md1
(Note: we only made one partition, so don't enter anything for /boot or /home)
The installer will ask if you want the partition encrypted. You can say yes if you want, and it will work. (You don't need a separate /boot partition. See the notes on full-disk encryption at the end of  this post.)
The installer will pause when the installed system is ready for chroot. That pause looks something like this:

The installed system is ready for chroot. (proc, sys, dev are mounted)
    If you want, you may work in another virtual terminal.
    Make a selection when you are ready to proceed.

    ${bios_boot_warning}

    Choices (enter number)
        1 or 2)  (Install bootloader or copy files and install bootloader)
        3) Continue without a bootloader.
        4) Abort the installation and exit.

Do not choose anything yet. Go to another console or another tab in your terminal and get root. Then run the following commands.

chroot /target
mdadm --detail --scan /dev/md1 >> /etc/mdadm/mdadm.conf
update-initramfs -u
exit

Return to the console or terminal where the installer is running, and make the appropriate choice. (usually, you want to install a bootloader.) Continue until the installer is finished. Reboot (remember to remove the live media).

References:
https://www.digitalocean.com/community/ … untu-16-04
https://dev1galaxy.org/viewtopic.php?pid=10954#p10954  (Thanks for trying it first, stroudmw.)
https://www.howtoforge.com/linux_lvm
https://wiki.archlinux.org/index.php/LVM
https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS

Next: LVM

Last edited by fsmithred (2018-08-20 12:42:32)

Offline

#2 2018-08-19 19:36:55

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,500  

Re: LVM and/or RAID with refractainstaller

INSTALL TO LVM

Partition
at least one disk with at least one partition. For this example, I'll use two disks with one partition and combine them into a single volume group.

Create the physical volume and volume group.

pvcreate /dev/sda1 /dev/sdb1
pvscan  # or pvdisplay  # This is just to see what you did.
vgcreate vol0 /dev/sda1 /dev/sdb1
vgscan # or vgdisplay

Create the logical volumes (the partition scheme for your filesystem).
WARNING: There's a test in refractainstaller that checks to make sure the partition you choose ends in a digit. The names you choose for your logical volumes must end in a digit. (or else comment out that test in the script.)

For this example, assume two disks of 4GB each. Since they are combined in a single volume group, we can make a partition that's bigger than 4GB. The next commands will create a 5G partition named lvroot1 and a second partition that uses the rest of the space, named lvhome2.

lvcreate -L 5G vol0 -n lvroot1
lvcreate -l +100%FREE vol0 -n lvhome2

Run refractainstaller.
Choose a partition for the operating system:  /dev/mapper/vol0-lvroot1
Choose a partition for /home: /dev/mapper/vol0-lvhome2

Note: When the installer asks if you want the partition encrypted, you could say yes, but you will have to enter a password for each encrypted partition. Also, the encrypted root and home partitions will be named /dev/mapper/root_fs and /dev/mapper/home_fs in /etc/fstab.

When the installer is finished, remove the live media and reboot.

NEXT: LVM on RAID1

Offline

#3 2018-08-19 20:03:02

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,500  

Re: LVM and/or RAID with refractainstaller

LVM on RAID1

Partition disks as in the first post.

mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
pvcreate /dev/md0
vgcreate vol0 /dev/md0
lvcreate -L 5G vol0 -n lvroot1
lvcreate -l +100%FREE vol0 -n lvhome2

Run refractainstaller
Choose a partition for the operating system:  /dev/mapper/vol0-lvroot1
Choose a partition for /home: /dev/mapper/vol0-lvhome2

At pause, before installing bootloader
go to another vt and run:

chroot /target
mdadm --detail --scan /dev/md0 >> /etc/mdadm/mdadm.conf
update-initramfs -u
exit

Proceed with installer. (install GRUB)

Offline

#4 2018-08-20 20:22:25

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,500  

Re: LVM and/or RAID with refractainstaller

RAID - LUKS - LVM

This method uses one encrypted raid array with lvm on top of it, so you only have to enter one password to unlock the encrypted volume.

Partition two disks, each with a small partition for boot and a large partition for the array.
If you use gpt with bios boot, add a third partition, greater than 1M, unformatted, with EF02 or bios_grub flag.
If you use uefi, add a third partition, 100-500M, fat32, EF00 or esp and boot flags.

This example uses the first partition for the boot array and the second partition for the system array.
(The second array for /boot is optional. See notes on full-disk encryption at the end of this post.)

Create the arrays.

Don't use names like /dev/md0, /dev/md1...  If you do, cryptsetup will complain during update-initramfs. Use names like /dev/md/mdroot1 and /dev/md/mdboot1. (Note: the digit at the end is for refractainstaller, and it's really only needed on the unencrypted /boot. Any logical partitions in the lvm will have mapper names, and you can end those with a digit.)

mdadm --create -v /dev/md/mdroot1 -l1 -n2 /dev/sda2 /dev/sdb2
mdadm --create -v /dev/md/mdboot1 -l1 -n2 /dev/sda1 /dev/sdb1

Encrypt the root array, /dev/md/mdroot1, then open it and give it a name, like crypt

cryptsetup luksFormat /dev/md/mdroot1
cryptsetup luksOpen /dev/md/mdroot1 crypt

Set up LVM on the encrypted volume. The lv name sould end in a digit to make the installer happy.

pvcreate /dev/mapper/crypt
vgcreate vol0 /dev/mapper/crypt
lvcreate -L 5G vol0 -n  lvroot1
lvcreate -l +100%FREE vol0 -n lvhome1

Run refractainstaller.

Enter the following devices when the installer asks for the locations of /boot, operating system and /home.

/boot      /dev/md/mdboot1
/            /dev/mapper/vol0-lvroot1
/home    /dev/mapper/vol0-lvhome1

At the pause, switch to another console or terminal and do the following:

# save md detail to /etc/mdadm/mdadm.conf
mdadm --detail --scan /dev/md/mdboot1 >> /target/etc/mdadm/mdadm.conf
mdadm --detail --scan /dev/md/mdroot1 >> /target/etc/mdadm/mdadm.conf

# edit /target/etc/crypttab to add the following line:
crypt	    /dev/md/mdroot1    none    luks

# edit /target/etc/cryptsetup-initramfs/conf-hook so it says:
CRYPTSETUP=y

# rebuild the initramfs:
chroot /target update-initramfs -u

Return to installer and proceed.

RAID1 - LUKS - LVM with FULL DISK ENCRYPTION (no separate unencrypted boot)

This is the same as the above,except for the following:
  - don't make a separate array for /boot
  - don't enter a partition for /boot in the installer
  - at the pause, edit /target/etc/default/grub and add the following line:

GRUB_ENABLE_CRYPTODISK=y

Run update-initramfs after you have edited all the files.

When you reboot, you should be asked for the password twice - once before you see the grub menu and once when the system is booting. Grub is slow to recognize the password. Be patient. Don't press ENTER a second time, or your boot menu will disappear too fast for you to select anything other than the default boot.

Slow Shutdown Fix
When you get tired of waiting for your encrypted system to shut down, see this post for a fix:
https://dev1galaxy.org/viewtopic.php?pid=8289#p8289

Offline

Board footer